From sharpe at ns.aus.com Wed Feb 14 00:59:31 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:34 2003 Subject: Printing in TNG In-Reply-To: <004f01bf76f5$a5624850$1ad120c1@pinacl.co.uk> Message-ID: <3.0.6.32.20010214105931.0096a8d0@203.16.214.248> At 01:17 AM 2/15/00 +1100, Alan Hourihane wrote: >I'm using multiple config files using the > >netbios aliases = .... and >include = smb.conf.%L I assume that the printer definitions are in the file included? This does not gell with your next message, which claims that the include line is being ignored. Rather, it seems more like Samba is pulling all the include lines into the one server, but clients should start new tcp connections for each virtual server, because the NetBIOS names are different. Could you try smbclient to a share on each NetBIOS name and then see what smbstatus shows? >yet if I go through the 'Add Printer' it shows me >a list of printers that's available on the primary >'netbios name'. > >Any clues ? > >Alan. > >Attachment Converted: "c:\eudora\attach\winmail25.dat" > Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Wed Feb 14 23:25:50 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:35 2003 Subject: Some questions and still having problems joining domain with TNG Message-ID: <3.0.6.32.20010215092550.009bc5c0@203.16.214.248> Hi, Well, I have TNG partially working, in that Win9X can access shares ... :-) However, things I don't understand are: 1. Do you have to add a root account or privileged account to the smbpasswd file before anything will work properly? For example, lsaquery would not work until I added root. 2. Which tools to I add trust accounts with? smbpasswd or rpcclient? 3. How do I add groups and which groups do I need? 4. How do I join my own domain as the PDC? There appears to be no joindom command in rpcclient, so I imagine I still have to use smbpasswd? Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Wed Feb 14 23:45:57 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:35 2003 Subject: rpcquery etc ... Message-ID: <3.0.6.32.20010215094557.009f4430@203.16.214.248> Hi, I noticed that when I do lsaquery I get back two SIDS, one for Domain Member and the other for Domain Controller, and they are the same. Does this mean that I have managed to join the domain, or not? Actually, what is the canonical sequence of actions when one is setting up Samba TNG? Can you use rpcclient before you have joined the domain? I have just deleted my server's trust account, hoping to use rpcclient to add the account and join the domain, but now lsaquery no longer works :-( What is the scoop? Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From sharpe at ns.aus.com Wed Feb 14 23:59:04 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:28:35 2003 Subject: Samba TNG Message-ID: <3.0.6.32.20010215095904.0099c210@203.16.214.248> As I wrote somewhere else, Samba TNG is a version of Samba where total rewrites are frequently done, often overnight :-) Regards ------- Richard Sharpe, sharpe@ns.aus.com, Master Linux Administrator :-), Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Co-author, SAMS Teach Yourself Samba in 24 Hours Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course From pilger at kahana.higp.hawaii.edu Thu Feb 1 00:44:30 2001 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:33:14 2003 Subject: simple sharing on an NT Domain References: Message-ID: <3A78B16E.9B94EB44@higp.hawaii.edu> > \\INTRANET\public > > the network name cannot be found. > > Like I said I have even tried to set it up user security and create accounts > for the NT usernames, but none of the passwords worked for the accounts. And > yes the public folder is created and located in the usr/home directory. Here > is my config file > > [global] > workgroup = VEGA > wins server = 192.168.1.11 > security = share > encrypt passwords = yes > preffered master = no > local master = no > guest = ok > [public] > path = usr/home/public Do you mean /usr/home/public? > > writeable = yes > public = yes > printable = no > -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From x-rogue at mermaid.org Thu Feb 1 00:53:19 2001 From: x-rogue at mermaid.org (X-Rogue) Date: Tue Dec 2 02:33:14 2003 Subject: multiple login prevention? Message-ID: Hi, does anyone know of a way to prevent users from loging into the file server multiple times from different workstations? Or a way to detect someone from idling from the server side? I notice I can't trust PID owners since most of the time smbd isnt spawn as the user, but as root. I'm currently running FreeBSD 4.0-stable and Samba 2.07 Thanks Lynda Leung From ttran at tekdigitel.com Thu Feb 1 02:44:49 2001 From: ttran at tekdigitel.com (Thanh Tran H) Date: Tue Dec 2 02:33:14 2003 Subject: SMB - NT Message-ID: <001801c08bf8$f222efa0$9901a8c0@thanh> hi all, I just hit into this list to seek for help. I don't know how to import the list of users and passwords from a NT domain controller server into Samba. I did use the "smbpasswd -j MYDOMAIN -r MYPDC" The fist time, smbpasswd says: joined MYDOMAIN, and I had the file *.mac on my directory (only 47 bytes) but I tried and Samba still did not have other user names and accounts from NT server. I tried that command again and this time it says Unable to join domain MYDOMAIN. Woudl anyone help me please? Thanks a lot. Thanh -------------- next part -------------- HTML attachment scrubbed and removed From s_colombo at iol.it Thu Feb 1 12:49:13 2001 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:33:14 2003 Subject: SWAT administration Message-ID: I'd like to enable only a defined , and restricted , group of user to connect the swat administration tool. How can I do that? I've also a strange problem at a customer's site . It happen that I can logon , on SWAT , with every unix user but the root. Has anyone had a similar problem ? Stefano Colombo System / Network Engineer CDM Tecnoconsulting SPA v. M.L.King 38/2 40132, Bologna Italy tel : +39 051 4132611 fax : +39 051 4132627 WEB : http://www.cdmtc.it Email: scolombo@cdmtc.it ################################ A good traveller has no fixed plans and is not intent on arriving Lao Tzu ################################ From e9125884 at student.tuwien.ac.at Thu Feb 1 13:30:39 2001 From: e9125884 at student.tuwien.ac.at (Gerhard Wiesinger) Date: Tue Dec 2 02:33:14 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open more than 1014 (or rlim_fd_max) files In-Reply-To: <20010124095643.J344@wnc0s00u.nortelnetworks.com> Message-ID: On Wed, 24 Jan 2001, Eric Boehm wrote: > I would like to submit the following patch to source/lib/util.c to allow > Samba under Solaris to open more than 1014 files -- or whatever the kernel > variable rlim_fd_max is set to. > The patch works fine for me. When will the patch be included into CVS? I've been working for a configure.in patch to include the sfio library into the standard distribution. If you have any ideas let me know. Regards, Gerhard Wiesinger From mafoe at sgi.com Thu Feb 1 14:14:32 2001 From: mafoe at sgi.com (Martin Foerster) Date: Tue Dec 2 02:33:14 2003 Subject: can't remove samba server from server manager Message-ID: <000c01c08c59$4c39d390$bbc5fd90@munich.sgi.com> Hi, I added a Samba Server to a NT Domain, although I added it as "workstation or server", it was shown as Backup Domain Controller. I did before with a different one and that didn't happen..!? Anyway, everything works fine, but some user couldn't successfully log on the NT domain then. The samba logs had entries for those machines saying "Workstation >machinename<$: no account in domain" It seems to me that they logged on the "Samba Backup domain controller", and that that one cannot resolve the machine account. But WINS Server is in smb.conf and it can resolve the name with nmblookup. So to prevent further problems, I wanted to remove the server in server manager, but it doesn't disappear from the list. I tried to force the sync. without success. It was still in after 24 hours. When I try to remove it again, there is only a popup message, saying "...is not a member of domain...will be removed from the list..at next update in approx. 15 minutes." Next time I do smbpasswd -j domain it is again active in Server manager. When does the samba server appear as workstation in server manager, and when as backup domain controller? any suggestions? Thanks Martin From rob.hutton at ecommsecurity.com Thu Feb 1 15:41:32 2001 From: rob.hutton at ecommsecurity.com (Rob Hutton) Date: Tue Dec 2 02:33:14 2003 Subject: Permissions problem Message-ID: <01020110413209.01516@rhutton.ecommsecurity.com> I am trying to smbmount and access an NT share from my Linux workstation. Everything seems to be working correctly except for permissions. Although the from the NT security it is set to world full access, I have to be root on my workstation to do anything but read the files. Also, if I try to do a chmod as root, it seems to have no effect. Any Ideas? Thanks, Rob -- Rob Hutton eCommSecurity, Inc. (770) 216-9990 www.ecommsecurity.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From pkoch at bgc-jena.mpg.de Thu Feb 1 16:14:54 2001 From: pkoch at bgc-jena.mpg.de (Dr.Peer-Joachim Koch) Date: Tue Dec 2 02:33:14 2003 Subject: Performance bad, any idea ? Message-ID: <3A798B7E.81FBD537@bgc-jena.mpg.de> Hi, we are using samba (2.07) in the moment only as fileserver on a HP L-class (2 HP8500, 1GB RAM, 1GB ethernet port). The performance as fileserver is very bad compared to linux. Even a linux pc mounting the same file systems over nfs is faster. W2k useres can wait minutes for a dir to complete. The same config-files are use on both computers. Any idea what's going on ? Which files and/or output would be helpfull ? Bye, Peer _________________________________________________________ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Carl-Zeiss-Promenade 10 Telefon: ++49 3641 6437-52 D-07745 Jena Telefax: ++49 3641 6437-10 From dl at tyfon.net Thu Feb 1 16:19:44 2001 From: dl at tyfon.net (Dan Larsson) Date: Tue Dec 2 02:33:14 2003 Subject: Performance bad, any idea ? In-Reply-To: <3A798B7E.81FBD537@bgc-jena.mpg.de> Message-ID: On Thu, 1 Feb 2001, Dr.Peer-Joachim Koch wrote: | we are using samba (2.07) in the moment only as fileserver | on a HP L-class (2 HP8500, 1GB RAM, 1GB ethernet port). | The performance as fileserver is very bad compared to linux. | Even a linux pc mounting the same file systems over nfs | is faster. W2k useres can wait minutes for a dir to complete. | The same config-files are use on both computers. | | Any idea what's going on ? | Which files and/or output would be helpfull ? It might help tweaking the `socket options' in smb.conf, it's just a tip however. | Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net From shaun.lipscombe at gasops.co.uk Thu Feb 1 17:06:41 2001 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:33:14 2003 Subject: Recieving Winpop Up Messages For Other Users Message-ID: Is it possible for win pop up messages for root to go to A) multiple people B) redirect to another person (on a normal account) The smbclient command allows a -U option but doesn't allow a 'reply to' option should any reply not be wanted to go back to the user specified in the -U command. Cheers, Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From gcarter at valinux.com Thu Feb 1 15:26:42 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:14 2003 Subject: Roaming Profiles References: Message-ID: <3A798032.CAF15B1C@valinux.com> Jonathon, Did you ever send Jeremy the level 10 debug log (or raw packet trace)? IIRC he needed the exact flags used in the NT create call. Cheers, jerry > I have worked and worked on this exact problem. Turns > out that Samba-TNG does not have this problem. > Jeremy is aware of the problem and assumably is working > on a solution... But he is pretty busy with Linux > World and other stuff right now. > > So, I am using TNG for now until Samba2.2 gets fixed. It > does not seem to have any problems for me, although, > we are only using it for a PDC and storing Roaming Profiles > and that's pretty much it. No advanced stuff like > printing or integrating with other NT servers or anything else. > > -jonathan > > >>> Peter Milburn 01/31/01 05:22PM >>> > When ever a new program is installed, and the user logs of , > it complains that the profile can not be saved to the samba pdc. > > When I look at permission on the folder, it has it only as > a directory no user permissions at all. > > d--------- > > can some please help me this problem. -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From shaun.lipscombe at gasops.co.uk Thu Feb 1 17:16:37 2001 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:33:14 2003 Subject: Permissions problem In-Reply-To: Rob Hutton's message of "Thu, 1 Feb 2001 10:41:32 -0500" References: <01020110413209.01516@rhutton.ecommsecurity.com> Message-ID: * "Rob" == Rob Hutton writes: > I am trying to smbmount and access an NT share from my Linux > workstation. Everything seems to be working correctly except for > permissions. Although the from the NT security it is set to world > full access, I have to be root on my workstation to do anything but > read the files. Also, if I try to do a chmod as root, it seems to > have no effect. Any Ideas? Chmod won't do you any good, unless you are changing the last octet in the permission, if the owner is incorrect. Check to see that the ownership as well as the permissions are correct. Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From tpot at linuxcare.com.au Thu Feb 1 17:20:56 2001 From: tpot at linuxcare.com.au (Tim Potter) Date: Tue Dec 2 02:33:14 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open more than 1014 (or rlim_fd_max) files In-Reply-To: References: <20010124095643.J344@wnc0s00u.nortelnetworks.com> Message-ID: <14969.39672.927267.346056@stamp-collection.linuxcare.com.au> Gerhard Wiesinger writes: > > I would like to submit the following patch to source/lib/util.c to allow > > Samba under Solaris to open more than 1014 files -- or whatever the kernel > > variable rlim_fd_max is set to. > > The patch works fine for me. When will the patch be included into CVS? OK - since there are multiple reports of it actually working, I can probably merge it in to HEAD. Hopefully Jeremy will pick it up for the next 2.2 release. Tim. From JBrown at db2000.com Thu Feb 1 17:26:52 2001 From: JBrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:14 2003 Subject: Roaming Profiles Message-ID: I sent him a partial file... When I created the level 10 log, it turned out to be about 12MB. This was after I cleared it out just prior to logging out and then made a copy of it immediately after the logoff process completed. I thought that might be too large, so I went in and deleted everything except the info right around where the problem directory was. - I hope this was ok. I assume he got it because it did not bounce back to me, but I did not receive a confirmation from him. Another person (Mu Wu) sent him one also. thanks, jonathan >>> Gerald Carter 02/01/01 10:26AM >>> Jonathon, Did you ever send Jeremy the level 10 debug log (or raw packet trace)? IIRC he needed the exact flags used in the NT create call. Cheers, jerry > I have worked and worked on this exact problem. Turns > out that Samba-TNG does not have this problem. > Jeremy is aware of the problem and assumably is working > on a solution... But he is pretty busy with Linux > World and other stuff right now. > > So, I am using TNG for now until Samba2.2 gets fixed. It > does not seem to have any problems for me, although, > we are only using it for a PDC and storing Roaming Profiles > and that's pretty much it. No advanced stuff like > printing or integrating with other NT servers or anything else. > > -jonathan > > >>> Peter Milburn 01/31/01 05:22PM >>> > When ever a new program is installed, and the user logs of , > it complains that the profile can not be saved to the samba pdc. > > When I look at permission on the folder, it has it only as > a directory no user permissions at all. > > d--------- > > can some please help me this problem. -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) -------------- next part -------------- HTML attachment scrubbed and removed From operator at amwaw.edu.pl Thu Feb 1 17:31:47 2001 From: operator at amwaw.edu.pl (Dyzurny Operator) Date: Tue Dec 2 02:33:14 2003 Subject: Please unsubscribe me!!!!! References: <01020110413209.01516@rhutton.ecommsecurity.com> Message-ID: <002201c08c74$da866670$8be95194@amwaw.edu.pl> your listar server dosn't work! Although unsubscribed more than month ago, I'm still keep receiving posts! W.Matysiak From rob.hutton at ecommsecurity.com Thu Feb 1 17:31:43 2001 From: rob.hutton at ecommsecurity.com (Rob Hutton) Date: Tue Dec 2 02:33:14 2003 Subject: Permissions problem In-Reply-To: References: <01020110413209.01516@rhutton.ecommsecurity.com> Message-ID: <0102011231430A.01516@rhutton.ecommsecurity.com> Ownership on every file on the WINNT server shows up as root:root. I was doing a chmod 777, and the permissions didn't change. On Thursday 01 February 2001 12:16, Shaun Lipscombe wrote: > * "Rob" == Rob Hutton writes: > > I am trying to smbmount and access an NT share from my Linux > > workstation. Everything seems to be working correctly except for > > permissions. Although the from the NT security it is set to world > > full access, I have to be root on my workstation to do anything but > > read the files. Also, if I try to do a chmod as root, it seems to > > have no effect. Any Ideas? > > Chmod won't do you any good, unless you are changing the last octet in > the permission, if the owner is incorrect. Check to see that the > ownership as well as the permissions are correct. > > Shaun -- Rob Hutton eCommSecurity, Inc. (770) 216-9990 www.ecommsecurity.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From MMcEldowney at deltaregional.com Thu Feb 1 18:07:55 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:33:14 2003 Subject: can't remove samba server from server manager Message-ID: <982DE519343BD41191CA00902786B5B902DE13@EMAIL> This should only happen when two options are set in the smb.conf file: allow domain logons=yes workgroup= If you have these options set this way, your samba server will "become" a BDC if there is an active NT PDC. -----Original Message----- From: Martin Foerster [mailto:mafoe@sgi.com] Sent: Thursday, February 01, 2001 8:15 AM To: samba-ntdom@us5.samba.org Subject: can't remove samba server from server manager Hi, I added a Samba Server to a NT Domain, although I added it as "workstation or server", it was shown as Backup Domain Controller. I did before with a different one and that didn't happen..!? Anyway, everything works fine, but some user couldn't successfully log on the NT domain then. The samba logs had entries for those machines saying "Workstation >machinename<$: no account in domain" It seems to me that they logged on the "Samba Backup domain controller", and that that one cannot resolve the machine account. But WINS Server is in smb.conf and it can resolve the name with nmblookup. So to prevent further problems, I wanted to remove the server in server manager, but it doesn't disappear from the list. I tried to force the sync. without success. It was still in after 24 hours. When I try to remove it again, there is only a popup message, saying "...is not a member of domain...will be removed from the list..at next update in approx. 15 minutes." Next time I do smbpasswd -j domain it is again active in Server manager. When does the samba server appear as workstation in server manager, and when as backup domain controller? any suggestions? Thanks Martin From MMcEldowney at deltaregional.com Thu Feb 1 18:22:36 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:33:14 2003 Subject: SMB - NT Message-ID: <982DE519343BD41191CA00902786B5B902DE16@EMAIL> Is you samba box going to authenticate, or are you going to authenticate against a PDC? ? If samba will auth, then you should look into the 'pwdump' utility.? Check the samba-tng faq for info on where to get it, or email me directly and I'll send you a binary of it. ? If another PDC will?auth, then you just need to set the "password server" option in smb.conf to point to the PDC. ? M -----Original Message----- From: Thanh Tran H [mailto:ttran@tekdigitel.com] Sent: Wednesday, January 31, 2001 8:45 PM To: samba-ntdom@lists.samba.org Subject: SMB - NT hi all, I just hit into this list to seek for help. I don't know how to import the list of users and passwords from a NT domain controller server into Samba. I did use the?"smbpasswd -j?MYDOMAIN -r MYPDC" The fist time, smbpasswd says: joined MYDOMAIN, and I had the file *.mac on my directory (only 47 bytes) but I tried and Samba still did not have other user names and accounts from NT server. I tried that command again and this time it says Unable to join domain MYDOMAIN. ? Woudl anyone help me please? ? Thanks a lot. ? Thanh From David.Bear at asu.edu Thu Feb 1 20:06:08 2001 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:33:14 2003 Subject: Recieving Winpop Up Messages For Other Users In-Reply-To: Message-ID: On Thu, 1 Feb 2001, Shaun Lipscombe wrote: > Is it possible for win pop up messages for root to go to > > A) multiple people yes.. > B) redirect to another person (on a normal account) yes. > > The smbclient command allows a -U option but doesn't allow a 'reply > to' option should any reply not be wanted to go back to the user > specified in the -U command. in the smb.conf you can choose what to do with a netbios message. I took them and used logger to send them to syslog. From there you can do anything -- including mailing them, forwarding them to other machines, etc. > > Cheers, > > Shaun > > -- > (o_ > (o_ (o_ //\ > (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk > > > David Bear College of Public Programs/ASU From vgill at technologist.com Thu Feb 1 23:44:43 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:33:14 2003 Subject: can't remove samba server from server manager Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C24@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> You might try this; On the PDC, stop the server and workstation services, then restart, then sync. I had to do something like this once too. (Can't remember the exact order, but it definitely involved stopping and restarting those 2 services) -----Original Message----- From: McEldowney, Michael [mailto:MMcEldowney@deltaregional.com] Sent: Thursday, February 01, 2001 10:08 AM To: 'mafoe@sgi.com'; samba-ntdom@us5.samba.org Subject: RE: can't remove samba server from server manager This should only happen when two options are set in the smb.conf file: allow domain logons=yes workgroup= If you have these options set this way, your samba server will "become" a BDC if there is an active NT PDC. -----Original Message----- From: Martin Foerster [mailto:mafoe@sgi.com] Sent: Thursday, February 01, 2001 8:15 AM To: samba-ntdom@us5.samba.org Subject: can't remove samba server from server manager Hi, I added a Samba Server to a NT Domain, although I added it as "workstation or server", it was shown as Backup Domain Controller. I did before with a different one and that didn't happen..!? Anyway, everything works fine, but some user couldn't successfully log on the NT domain then. The samba logs had entries for those machines saying "Workstation >machinename<$: no account in domain" It seems to me that they logged on the "Samba Backup domain controller", and that that one cannot resolve the machine account. But WINS Server is in smb.conf and it can resolve the name with nmblookup. So to prevent further problems, I wanted to remove the server in server manager, but it doesn't disappear from the list. I tried to force the sync. without success. It was still in after 24 hours. When I try to remove it again, there is only a popup message, saying "...is not a member of domain...will be removed from the list..at next update in approx. 15 minutes." Next time I do smbpasswd -j domain it is again active in Server manager. When does the samba server appear as workstation in server manager, and when as backup domain controller? any suggestions? Thanks Martin From peter.milburn at sofcom.com.au Fri Feb 2 03:13:42 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:14 2003 Subject: samba pdc Message-ID: Has anyone got a samba authenticating of a samba pdc, I have a samab 2.0.7 running, but when a user logs onto the samba client, it just lets it through as user nobody. Any ideas, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From dwcjr at inethouston.net Fri Feb 2 05:37:28 2001 From: dwcjr at inethouston.net (David W. Chapman Jr.) Date: Tue Dec 2 02:33:14 2003 Subject: User Manager Message-ID: <001701c08cda$3ad0de60$931576d8@inethouston.net> When I try to use server manager to view my samba accounts I get this error message [2001/02/01 23:17:15, 1] smbd/ipc.c:api_fd_reply(286) api_fd_reply: INVALID PIPE HANDLE: 0 [2001/02/01 23:17:15, 1] smbd/ipc.c:api_fd_reply(286) api_fd_reply: INVALID PIPE HANDLE: 0 [2001/02/01 23:17:15, 1] smbd/ipc.c:api_fd_reply(286) api_fd_reply: INVALID PIPE HANDLE: 0 [2001/02/01 23:17:15, 1] smbd/ipc.c:api_fd_reply(286) api_fd_reply: INVALID PIPE HANDLE: 0 [2001/02/01 23:17:17, 1] smbd/ipc.c:api_fd_reply(286) api_fd_reply: INVALID PIPE HANDLE: 0 [2001/02/01 23:17:17, 1] smbd/ipc.c:api_fd_reply(286) api_fd_reply: INVALID PIPE HANDLE: 0 [2001/02/01 23:17:17, 1] smbd/ipc.c:api_fd_reply(286) api_fd_reply: INVALID PIPE HANDLE: 0 From mei.lin.leong at ap.abnamro.com Fri Feb 2 08:03:46 2001 From: mei.lin.leong at ap.abnamro.com (mei.lin.leong@ap.abnamro.com) Date: Tue Dec 2 02:33:14 2003 Subject: Problems when joining samba server to NT Domain Message-ID: hi all, I am using Samba version 2.0.3. I am attempting to join the NT domain to the samba server I have the following error message. Please help if you can. The details are provided as follows : Domain : KRSELD011 PDC : KRSELD011PD1 samba is installed on a unix server called kplusrecovery netbios name = blank in smb.conf file workgroup = KRSELD011 On the NT Domain KRSELD011, kplusrecovery is already added Error Message Encountered : root@kplusrecovery:/opt/samba/bin> smbpasswd -j KRSELD011 -r KRSELD011PD1 cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine KRSELD011PD1.Error was : NT_STATUS_ACCESS_DENIED. 2001/01/31 17:45:17 : change_trust_account_password: Failed to change password for domain KRSELD011. Unable to join domain KRSELD011. Would appreciate your help if you could reply to mei.lin.leong@ap.abnamro.com Wondering what other parameters I need to correct. Please reply to the above address. Thank you very much for your help. Regards Leong Mei Lin _________________________________________________________________________ Disclaimer: "This message is confidential. It may also be privileged or otherwise protected by legal rules. If you have received it by mistake please let us know by reply and then delete it from your system." From e9125884 at student.tuwien.ac.at Fri Feb 2 09:35:21 2001 From: e9125884 at student.tuwien.ac.at (Gerhard Wiesinger) Date: Tue Dec 2 02:33:14 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open more than 1014 (or rlim_fd_max) files In-Reply-To: <14969.39672.927267.346056@stamp-collection.linuxcare.com.au> Message-ID: On Fri, 2 Feb 2001, Tim Potter wrote: > Gerhard Wiesinger writes: > > > > I would like to submit the following patch to source/lib/util.c to allow > > > Samba under Solaris to open more than 1014 files -- or whatever the kernel > > > variable rlim_fd_max is set to. > > > > The patch works fine for me. When will the patch be included into CVS? > > OK - since there are multiple reports of it actually working, I > can probably merge it in to HEAD. Hopefully Jeremy will pick it > up for the next 2.2 release. > Can you integrate it into the 2.0.7 source tree too? BTW: I tested it on Suse Linux 7.0 (Kernel 2.2.16) and had the following limitations with the patch. I did with bash: echo 16384 > /proc/sys/fs/file-max echo 30000 > /proc/sys/fs/inode-max works well. Setting the rlimit works until the following: rlp.rlim_max = 1048576; // Works on Linux 2.2.16 rlp.rlim_max = 1048577; // Operation not permitted on Linux 2.2.16 So rlp.rlim_max = RLIM_INFINITY; does not work on Linux 2.2.16. So we could try infinity and when it does not work try this limit. Regards, Gerhard Wiesinger From s_colombo at iol.it Fri Feb 2 11:43:17 2001 From: s_colombo at iol.it (Stefano Colombo) Date: Tue Dec 2 02:33:14 2003 Subject: SWAT administration Message-ID: I'd like to enable only a defined , and restricted , group of user to connect the swat administration tool. How can I do that? I've also a strange problem at a customer's site . It happen that I can logon , on SWAT , with every unix user but the root. Has anyone had a similar problem ? Stefano Colombo System / Network Engineer CDM Tecnoconsulting SPA v. M.L.King 38/2 40132, Bologna Italy tel : +39 051 4132611 fax : +39 051 4132627 WEB : http://www.cdmtc.it Email: scolombo@cdmtc.it ################################ A good traveller has no fixed plans and is not intent on arriving Lao Tzu ################################ From bgmilne at cae.co.za Fri Feb 2 12:06:49 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:14 2003 Subject: SMB - NT References: <982DE519343BD41191CA00902786B5B902DE16@EMAIL> Message-ID: <3A7AA2D9.95B8071D@cae.co.za> "McEldowney, Michael" wrote: > > Is you samba box going to authenticate, or are you going to authenticate > against a PDC? > > If samba will auth, then you should look into the 'pwdump' utility. > Check the samba-tng faq for info on where to get it, or email me > directly and I'll send you a binary of it. > > If another PDC will auth, then you just need to set the "password > server" option in smb.conf to point to the PDC. > Except that for user-based file permissions on the machine (ie none guest) , you will still entries in the unix passwd file! > M > > -----Original Message----- > From: Thanh Tran H [mailto:ttran@tekdigitel.com] > Sent: Wednesday, January 31, 2001 8:45 PM > To: samba-ntdom@lists.samba.org > Subject: SMB - NT > > hi all, > I just hit into this list to seek for help. > I don't know how to import the list of users and passwords from a NT > domain controller server into Samba. > I did use the "smbpasswd -j MYDOMAIN -r MYPDC" > The fist time, smbpasswd says: joined MYDOMAIN, and I had the file *.mac > on my directory (only 47 bytes) > but I tried and Samba still did not have other user names and accounts > from NT server. > I tried that command again and this time it says Unable to join domain > MYDOMAIN. > > Woudl anyone help me please? > > Thanks a lot. > > Thanh -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From hallvard at npk.no Fri Feb 2 14:30:50 2001 From: hallvard at npk.no (Hallvard=?ISO-8859-1?Q?_=AFstrem?=) Date: Tue Dec 2 02:33:14 2003 Subject: Unable to setup the PDC credentials to machine NTPDC Message-ID: I understand that winbind and Samba appliance is kind of left alone for the moment, but I still chose to install winbind in order to get a compiled binary version. I'm not very experienced when it comes to compiling on my own. Winbind seems to do what its supposed to do in a lot of ways on my system. I get all NT users and groups on my Windows NT4 PDC with getent, but winbindd still fails to authenticate users when they open restricted Samba shares. It seems that the problem is that Samba logs on to the NT PDC (NTPDC) without a password and is refused loging on to port 445: resolve_lmhosts: Attempting lmhosts lookup for name NTPDC<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost getlmhostsent: lmhost entry: 195.139.94.140 SAMBASERVER getlmhostsent: lmhost entry: 195.139.94.170 NTPDC cli_establish_connection: SAMBASERVER<00> connecting to NTPDC<20> (195.139.94.170) - [] with NTLMv1, nopw: Yes Connecting to 195.139.94.170 at port 445 error connecting to 195.139.94.170:445 (Oppkobling nektes) # Connection refused Connecting to 195.139.94.170 at port 139 Sent session request As a result the user (NT-user: asgeir) is treated as a guest user and the connection to the share (Public) is finally refused. (From the client log file:) cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed connect_to_domain_password_server: unable to setup the PDC credentials to machine NTPDC. Error was : NT_STATUS_ACCESS_DENIED. [...] domain_client_validate: Domain password server not available. getsmbfilepwent: returning passwd entry for user hallvard, uid 500 getsmbfilepwent: returning passwd entry for user root, uid 0 getsmbfilepwent: returning passwd entry for user gdm, uid 42 getsmbfilepwent: returning passwd entry for user mysql, uid 27 getsmbfilepwent: returning passwd entry for user nscd, uid 28 getsmbfilepwent: returning passwd entry for user pvm, uid 24 getsmbfilepwent: returning passwd entry for user NTDOMAIN+?, uid 10000 getsmbfilepwent: returning passwd entry for user NTDOMAIN+Administrator, uid 10001 getsmbfilepwent: returning passwd entry for user NTDOMAIN+anne, uid 10002 getsmbfilepwent: returning passwd entry for user NTDOMAIN+arneivar, uid 10003 getsmbfilepwent: returning passwd entry for user NTDOMAIN+asgeir, uid 10004 Checking SMB password for user NTDOMAIN+asgeir challenge received Checking LM MD4 password no password required for user NTDOMAIN+asgeir push_sec_ctx() : sec_ctx_stack_ndx = 1 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 uid 10004 registered to name NTDOMAIN+asgeir Clearing default real name User name: NTDOMAIN+asgeir Real name: Asgeir Olden Chained message [...] switch message SMBtconX (pid 17554) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 unbecome_user now uid=(0,0) gid=(0,0) Got device type ????? ACCEPTED: guest account and guest ok rejected invalid user nobody Invalid username/password for public [nobody] error packet at line 162 cmd=117 (SMBtconX) eclass=2 ecode=2 error string = Ingen slik fil eller filkatalog ---- I had no problem joining the domain with samedit (except a codepage error in the samedit logfile: missing codepage_000), but I can't find any file named DOMAIN.MACHINE.mac, only a MACHINE.SID-file. Is this the source of the problem? I was i little confused by the PAM configuration section in the winbindd man page when it comes to which PAM-files to change. I ended up changing passwd, samba and rlogin according to the man page. Any hints on where to go form here, would be appreciated. My smb.conf below. Hallvard ?strem [global] client code page = 850 workgroup = NOREG netbios name = SIVLE server string = Samba appliance %v security = DOMAIN encrypt passwords = Yes min passwd length = 7 password server = AASEN smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers.map unix password sync = Yes log level = 5 log file = /usr/local/samba/var/%m.log max log size = 50 name resolve order = lmhosts host wins bcast socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 0 preferred master = no local master = Yes domain master = no dns proxy = No wins server = 195.139.94.200 lock dir = /usr/local/samba/var/locks winbind uid = 10000-20000 winbind gid = 10000-20000 template homedir = /home/%D/%U template shell = /bin/false winbind separator = + winbind cache time = 15 guest account = nobody [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes [public] comment = Public Stuff path = /home/samba valid users = asgeir read only = No guest ok = Yes From tomae at sfi.ch Fri Feb 2 14:34:32 2001 From: tomae at sfi.ch (Tom Aeby) Date: Tue Dec 2 02:33:14 2003 Subject: NT 4.0 TSE and Samba PDC Message-ID: <3A7AC578.D329376E@sfi.ch> As far as I can see in the mailing list archive a number of samba users successfully use Windows TSE with Samba PDC. I am trying now for about half a year to move one installation from an NT PDC to a Samba PDC. More or less the same effect with Samba 2.0.6 and Samba 2.2.0 alpha2: Joining the domain is no problem, authentication basically works (I can share a resource on the TSE machine, then access this resource via a Samba user) BUT interactive logon persistently fails with the usual "... bad password ..." message. Logon via an NT 4.0 Workstation part of the Samba domain works as expected. The samba log / network traces show that when someone tries to log on from the NT WS the PDC gets a "SAM Logon" of type "Interactive" while the NT TSE requests one of type "Network" followed by a bunch of other pipe requests. The Samba PDC in the first case answers with a data block containing user information (such as profile/home paths ...) while in the second case only a very small answer is sent (normal?) The NT TSE machine is running Metaframe+UIS (X11), Service Pack 6. I've tried applying the "nttrans.c" patch from Andy with no effect. Are there any other hints? Any other known problems? If someone is interested I can provide you with network traces of a TSE logon trial and a successful NT WS logon and the respective samba logs. The config file I'm using is attached . Any hint appreciated, thanks a lot in advance! Kind regards, Tom -----------------snipp------------------------------------------------------ [global] workgroup = HEAVEN ; keep alive = 30 os level = 40 security = user encrypt passwords = yes log file = /var/log/samba.log debug level = 400 ; preserve case = yes domain logons = yes ; domain admin group = @root ; logon script = logon.bat guest ok = yes interfaces = 131.102.46.229/255.255.0.0 [netlogon] browseable = no read only = yes path = /tmp [homes] oplocks = False comment = Heimatverzeichnis browseable = no read only = no create mode = 0750 From mafoe at sgi.com Fri Feb 2 15:19:49 2001 From: mafoe at sgi.com (Martin Foerster) Date: Tue Dec 2 02:33:14 2003 Subject: Problems when joining samba server to NT Domain In-Reply-To: Message-ID: <000101c08d2b$95537a40$bbc5fd90@munich.sgi.com> you should at least have the following entries in smb.conf workgroup = KRSELD011 security = domain domain logins = yes if you wnat to authenticate over your PDC you should add password server = KRSELD011PD1 encrypted passwords = yes this way you don't need to specify the pdc in smbpasswd, just do >smbpasswd -j KRSELD011 if it doesn't work, remove the server from servermanager, add it again, stop/start samba and try it again. martin > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of > mei.lin.leong@ap.abnamro.com > Sent: Freitag, 2. Februar 2001 09:04 > To: samba-ntdom@us5.samba.org > Cc: nuwat.silapat@ap.abnamro.com > Subject: Problems when joining samba server to NT Domain > > > hi all, > > I am using Samba version 2.0.3. I am attempting to join the NT > domain to the samba server > I have the following error message. Please help if you can. > > The details are provided as follows : > > Domain : KRSELD011 > PDC : KRSELD011PD1 > samba is installed on a unix server called kplusrecovery > netbios name = blank in smb.conf file > workgroup = KRSELD011 > On the NT Domain KRSELD011, kplusrecovery is already added > > Error Message Encountered : > root@kplusrecovery:/opt/samba/bin> smbpasswd -j KRSELD011 -r KRSELD011PD1 > > cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to > machine KRSELD011PD1.Error was : NT_STATUS_ACCESS_DENIED. > 2001/01/31 17:45:17 : change_trust_account_password: Failed to > change password for domain KRSELD011. > Unable to join domain KRSELD011. > > > Would appreciate your help if you could reply to > mei.lin.leong@ap.abnamro.com > Wondering what other parameters I need to correct. > > Please reply to the above address. > Thank you very much for your help. > > Regards > Leong Mei Lin > > > _________________________________________________________________________ > > Disclaimer: > > "This message is confidential. It may also be privileged or > otherwise > protected by legal rules. If you have received it by mistake > please let us > know by reply and then delete it from your system." > > > From ach at availtec.com Fri Feb 2 15:47:02 2001 From: ach at availtec.com (Adam C. Hegedus) Date: Tue Dec 2 02:33:14 2003 Subject: local profiles Message-ID: <3A7AD676.7A2F4B56@availtec.com> Is there a way to have samba 2.2alpha1 use local profiles instead of roaming? Thanks AH From nathan at uky.edu Fri Feb 2 16:56:29 2001 From: nathan at uky.edu (nrvale0) Date: Tue Dec 2 02:33:14 2003 Subject: '$' in hostname in /etc/passwd Message-ID: <20010202115629.A14413@mammoth.netlab.uky.edu> Hoping you can help with something that I did not find in the Samba PDC FAQ nor in the mailing list archives for samba-ntdom... In regards to having a hostname entry in /etc/passwd for each host that will be connecting to the Samba PDC; what if it is just impossible to have the '$' in the hostname? Is there some work around? Our user management software checks usernames for special characters and will not allow a username/hostname with a '$'. In addition, if I were to hand edit /etc/passwd, the user management software will overwrite the exiting /etc/passwd periodically and I would thus lose my hand edits. Is the '$' only used so that someone cannot do a "net view \\hostname" on your PDC and get a list of workstation shares, or is it more complicated than that? Thanks. -- --- Nathan Valentine - nathan@uky.edu University of Kentucky Distributed Computing Systems Lab AIM: NRVesKY ICQ: 39023424 From jolt at nicholasofmyra.org Fri Feb 2 17:06:51 2001 From: jolt at nicholasofmyra.org (Joe Olt) Date: Tue Dec 2 02:33:15 2003 Subject: '$' in hostname in /etc/passwd In-Reply-To: <20010202115629.A14413@mammoth.netlab.uky.edu> Message-ID: <5.0.2.1.0.20010202120507.00a6f258@10.100.0.4> At 11:56 AM 2/2/2001, nrvale0 wrote: >In regards to having a hostname entry in /etc/passwd for each host that >will be connecting to the Samba PDC; what if it is just impossible to >have the '$' in the hostname? Is there some work around? I believe the work around is to hand edit the file. Someone else on the list (I don't remember who), said you could remove the $ from the /etc/passwd file after you have added the computer to the smbpasswd file. Which means, hand-edit the /etc/passwd file, use smbpasswd -a -m to add the computer to the smbpasswd file, then allow your management software to change it back. I haven't tried it myself, but it might work. >Our user management software checks usernames for special characters >and will not allow a username/hostname with a '$'. In addition, if I were to >hand edit /etc/passwd, the user management software will overwrite the >exiting /etc/passwd periodically and I would thus lose my hand edits. > >Is the '$' only used so that someone cannot do a "net view \\hostname" >on your PDC and get a list of workstation shares, or is it more >complicated than that? Windows adds the $ to its own name when authenticating. I do not believe it is avoidable. From nathan at uky.edu Fri Feb 2 18:07:25 2001 From: nathan at uky.edu (nrvale0) Date: Tue Dec 2 02:33:15 2003 Subject: '$' in hostname in /etc/passwd In-Reply-To: <5.0.2.1.0.20010202120507.00a6f258@10.100.0.4>; from jolt@nicholasofmyra.org on Fri, Feb 02, 2001 at 12:06:51PM -0500 References: <20010202115629.A14413@mammoth.netlab.uky.edu> <5.0.2.1.0.20010202120507.00a6f258@10.100.0.4> Message-ID: <20010202130725.C14413@mammoth.netlab.uky.edu> > I believe the work around is to hand edit the file. Someone else on the > list (I don't remember who), said you could remove the $ from the > /etc/passwd file after you have added the computer to the smbpasswd > file. Which means, hand-edit the /etc/passwd file, use smbpasswd -a > -m to Ah, I will give it a try. There is some hint given that the /etc/passwd entry is needed for something security-related here: http://bioserve.biochem.latrobe.edu.au/samba/adding.html I wonder hand-editing and allowing the user management software to later remove the hostname/account will open up some obscure security hole? -- --- Nathan Valentine - nathan@uky.edu University of Kentucky Distributed Computing Systems Lab AIM: NRVesKY ICQ: 39023424 From delphin at worldonline.dk Fri Feb 2 19:27:26 2001 From: delphin at worldonline.dk (Tonni Aagesen) Date: Tue Dec 2 02:33:15 2003 Subject: how to unsubscribe?? Message-ID: <011101c08d4e$2d63bad0$0a01a8c0@LOKALNET> -------------- next part -------------- HTML attachment scrubbed and removed From rob.hutton at ecommsecurity.com Fri Feb 2 18:52:14 2001 From: rob.hutton at ecommsecurity.com (Rob Hutton) Date: Tue Dec 2 02:33:15 2003 Subject: Fwd: Re: Permissions problem Message-ID: <01020213521400.02223@rhutton.ecommsecurity.com> I am still having this problem and have not been able to make any progress. To review, I am trying to access shares on my PDC. I can see the network from my Linux workstation, browse the network, and mount shares. I can do likewise from a windows workstation to my linux workstation. The problem comes when I try to modify or create anything on the PDC share. Everything on the PDC shows up as root:root with -rwxr-xr-x permissions. I have tried changing permissions, and get no errors, but nothing changes. But if I su to root, then I can do everything I want. From the NT side, permissions are set to full control/everyone. Any help would be greatly appreciated. Thanks, Rob ---------- Forwarded Message ---------- Subject: Re: Permissions problem Date: Thu, 1 Feb 2001 12:31:43 -0500 From: Rob Hutton To: Shaun Lipscombe , samba-ntdom@us5.samba.org Ownership on every file on the WINNT server shows up as root:root. I was doing a chmod 777, and the permissions didn't change. On Thursday 01 February 2001 12:16, Shaun Lipscombe wrote: > * "Rob" == Rob Hutton writes: > > I am trying to smbmount and access an NT share from my Linux > > workstation. Everything seems to be working correctly except for > > permissions. Although the from the NT security it is set to world > > full access, I have to be root on my workstation to do anything but > > read the files. Also, if I try to do a chmod as root, it seems to > > have no effect. Any Ideas? > > Chmod won't do you any good, unless you are changing the last octet in > the permission, if the owner is incorrect. Check to see that the > ownership as well as the permissions are correct. > > Shaun -- Rob Hutton eCommSecurity, Inc. (770) 216-9990 www.ecommsecurity.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ------------------------------------------------------- -- Rob Hutton eCommSecurity, Inc. (770) 216-9990 www.ecommsecurity.com ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** From urban at teststation.com Fri Feb 2 19:52:02 2001 From: urban at teststation.com (Urban Widmark) Date: Tue Dec 2 02:33:15 2003 Subject: Fwd: Re: Permissions problem In-Reply-To: <01020213521400.02223@rhutton.ecommsecurity.com> Message-ID: On Fri, 2 Feb 2001, Rob Hutton wrote: > I am still having this problem and have not been able to make any progress. > To review, I am trying to access shares on my PDC. I can see the network > from my Linux workstation, browse the network, and mount shares. I can do > likewise from a windows workstation to my linux workstation. The problem > comes when I try to modify or create anything on the PDC share. Everything > on the PDC shows up as root:root with -rwxr-xr-x permissions. I have tried > changing permissions, and get no errors, but nothing changes. But if I su to > root, then I can do everything I want. From the NT side, permissions are set > to full control/everyone. How do you mount this? You can change ownership that smbfs uses with the uid/gid parameters to smbmount, you can change the permissions using fmask/dmask. See the smbmount manpage for details. /Urban From teilo at cdt.luth.se Sat Feb 3 12:07:05 2001 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:33:15 2003 Subject: how to unsubscribe?? References: <011101c08d4e$2d63bad0$0a01a8c0@LOKALNET> Message-ID: <3A7BF469.1080006@cdt.luth.se> Tonni Aagesen wrote: > > Look at the headers in your email. /James X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: samba-ntdom-admin@us5.samba.org Errors-To: samba-ntdom-admin@us5.samba.org X-BeenThere: samba-ntdom@lists.samba.org X-Mailman-Version: 2.0beta6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Using Samba with Windows NT domains List-Unsubscribe: , List-Archive: http://lists.samba.org/pipermail/samba-ntdom/ -- -- Technology is a word that describes something that doesn't work yet. Douglas Adams From mhw at wittsend.com Sat Feb 3 18:11:46 2001 From: mhw at wittsend.com (Michael H. Warfield) Date: Tue Dec 2 02:33:15 2003 Subject: "Duplicate name exists on the network" help! In-Reply-To: <3A7763E0.CE0CCF99@firerun.net>; from slu@firerun.net on Tue, Jan 30, 2001 at 06:01:20PM -0700 References: <20010130155445.1642.qmail@web3404.mail.yahoo.com> <3A7763E0.CE0CCF99@firerun.net> Message-ID: <20010203131146.B2432@alcove.wittsend.com> On Tue, Jan 30, 2001 at 06:01:20PM -0700, Patrick wrote: > That message is usually associated with another windows/samba machine > having the same netbios name on the network. I also ran into that problem a while back and discovered that I can not have a computer have the same name as the workgroup/domain. That results in a conflict. I ended up having to change the name of the entire domain, since the computer in question had a well known name (like my web server) and it was easier to change the name of the workgroup. Seems like older versions of Samba let you get away with this. I don't know when it started recognizing the conflict and generating an error. > Patrick > > Albert Tsai wrote: > > > Can anyone help me with this? I'm having trouble > > connecting my Win2k machine to samba2.2.0alpha. I get > > the error message, "Duplicate name exists on the > > network" after I enter the domain name, and enter a > > username and password. I've followed the How-to > > exactly. Does anyone know what I'm doing wrong? As > > far as I know, there are no duplicate names on the > > network (my computer's name, server's name, workgroup, > > and the domain name are different). The only thing I > > do see is that the domain does exist as a seperate > > workgroup under Network Neighborhood, but I don't know > > if that's the problem. > > > > Thanks, > > Al Tsai > > > > __________________________________________________ > > Get personalized email addresses from Yahoo! Mail - only $35 > > a year! http://personal.mail.yahoo.com/ > -- Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! From barth at cck.uni-kl.de Sat Feb 3 19:08:49 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:15 2003 Subject: "Duplicate name exists on the network" help! In-Reply-To: <20010203131146.B2432@alcove.wittsend.com> References: <3A7763E0.CE0CCF99@firerun.net>; from slu@firerun.net on Tue, Jan 30, 2001 at 06:01:20PM -0700 Message-ID: <3A7C6551.3632.D9C6A2@localhost> > I also ran into that problem a while back and discovered that > I can not have a computer have the same name as the workgroup/domain. > That results in a conflict. I ended up having to change the name of > the entire domain, since the computer in question had a well known > name (like my web server) and it was easier to change the name of the > workgroup. Seems like older versions of Samba let you get away with > this. I don't know when it started recognizing the conflict and > generating an error. Roughly 2.5 year ago, when PDC support in samba started, domain and pdc could have the same name and there were roumors of this causing problems. And I can confirm that a couple of mysterious problems went away when I changed the name of the domain. Christian _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From D.Bannon at latrobe.edu.au Sat Feb 3 23:30:41 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:15 2003 Subject: '$' in hostname in /etc/passwd In-Reply-To: <20010202115629.A14413@mammoth.netlab.uky.edu> Message-ID: <3.0.6.32.20010204103041.007a2a30@bioserve.latrobe.edu.au> At 11:56 AM 2/2/2001 -0500, nrvale0 wrote: >Hoping you can help with something that I did not find in the Samba >PDC FAQ nor in the mailing list archives for samba-ntdom... > Samba 2.2 FAQ - under 'Establishing Connections' - 'I cannot include a '$' in a machine name'. >In regards to having a hostname entry in /etc/passwd for each host that >will be connecting to the Samba PDC; what if it is just impossible to >have the '$' in the hostname? Is there some work around? > >Our user management software checks usernames for special characters >and will not allow a username/hostname with a '$'. In addition, if I were to >hand edit /etc/passwd, the user management software will overwrite the >exiting /etc/passwd periodically and I would thus lose my hand edits. More info please ! By you 'user management software' what do you mean ? Something running on the unix box, something running to prevent the use of samba by the sound of it ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From jelmer at nl.linux.org Sun Feb 4 16:01:32 2001 From: jelmer at nl.linux.org (Jelmer Vernooij) Date: Tue Dec 2 02:33:15 2003 Subject: Profiles not synced back Message-ID: <20010204170131.A7466@nl.linux.org> Hi, Logging in on my NT domain works fine, profiles are correctly loaded. On login, Windows NT (4 SP3) copies the files from \\hydra\profiles\%U\* ( Desktop, Start Menu, etc) to C:\WINNT\Profiles\%U\* (Desktop, Start Menu, etc). The only problem I am having is that Windows doesn't put the changes made to the local files back later. It seems ntuser.dat is not written back either. What could've caused this? Maybe I should provide my smb.conf? Jelmer -- Jelmer Vernooij [2:07] Decoding of Rage Against The Machine - People Of The Sun.mp3 finished. Host: charis.vernstok, an i686 running Linux 2.2.12-20 4:58pm up 7:03, 6 users, load average: 0.16, 0.11, 0.09 From Jean-Francois.Micouleau at dalalu.fr Sun Feb 4 16:08:32 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:15 2003 Subject: Profiles not synced back In-Reply-To: <20010204170131.A7466@nl.linux.org> Message-ID: On Sun, 4 Feb 2001, Jelmer Vernooij wrote: > Logging in on my NT domain works fine, profiles are correctly loaded. > > On login, Windows NT (4 SP3) copies the files from \\hydra\profiles\%U\* > ( Desktop, Start Menu, etc) to C:\WINNT\Profiles\%U\* (Desktop, Start > Menu, etc). > > The only problem I am having is that Windows doesn't put the changes made to > the local files back later. what version of samba ? what are the access rights on the samba profiles directory ? > > It seems ntuser.dat is not written back either. > > What could've caused this? Maybe I should provide my smb.conf? > > Jelmer > -- > Jelmer Vernooij > [2:07] Decoding of Rage Against The Machine - People Of The Sun.mp3 finished. > Host: charis.vernstok, an i686 running Linux 2.2.12-20 > 4:58pm up 7:03, 6 users, load average: 0.16, 0.11, 0.09 > From Martin.Dreher at bmw.de Sun Feb 4 17:25:29 2001 From: Martin.Dreher at bmw.de (Martin Dreher) Date: Tue Dec 2 02:33:15 2003 Subject: Linux SMB as a printer server for NT CLient Message-ID: <3A7D9088.7318E026@bmw.de> Hi everybody, when a user is not a local admin. and he wants to acquire a printer residing on a smb-server on Linux, he get's an error message like "not sufficient permissions to install the local driver". When this driver is already installed at C:\WINNT\system32\spool\dirvers\w32x86\2 or the user is local admin., this job is no problem. Is there any workaround for the use of this directory beeing only readable for the user? Regards Martin Dreher -------------- next part -------------- A non-text attachment was scrubbed... Name: Martin.Dreher.vcf Type: text/x-vcard Size: 370 bytes Desc: Visitenkarte für Martin Dreher Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010204/f78bf31a/Martin.Dreher.vcf From jbrown at db2000.com Sun Feb 4 20:07:04 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:15 2003 Subject: Profiles not synced back Message-ID: Make sure your workstation time is syncronized with the server. If the time is off, this could possibly cause this. >>> Jelmer Vernooij 02/04/01 11:01AM >>> Hi, Logging in on my NT domain works fine, profiles are correctly loaded. On login, Windows NT (4 SP3) copies the files from \\hydra\profiles\%U\* ( Desktop, Start Menu, etc) to C:\WINNT\Profiles\%U\* (Desktop, Start Menu, etc). The only problem I am having is that Windows doesn't put the changes made to the local files back later. It seems ntuser.dat is not written back either. What could've caused this? Maybe I should provide my smb.conf? Jelmer -- Jelmer Vernooij [2:07] Decoding of Rage Against The Machine - People Of The Sun.mp3 finished. Host: charis.vernstok, an i686 running Linux 2.2.12-20 4:58pm up 7:03, 6 users, load average: 0.16, 0.11, 0.09 -------------- next part -------------- HTML attachment scrubbed and removed From simo.sorce at polimi.it Mon Feb 5 00:13:08 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:15 2003 Subject: Profiles not synced back In-Reply-To: <20010204170131.A7466@nl.linux.org> Message-ID: On Sun, 4 Feb 2001, Jelmer Vernooij wrote: > Hi, > > Logging in on my NT domain works fine, profiles are correctly loaded. > > On login, Windows NT (4 SP3) copies the files from \\hydra\profiles\%U\* ( > Desktop, Start Menu, etc) to C:\WINNT\Profiles\%U\* (Desktop, Start Menu, etc). > > The only problem I am having is that Windows doesn't put the changes made to > the local files back later. > > It seems ntuser.dat is not written back either. > > What could've caused this? Maybe I should provide my smb.conf? > > Jelmer > Are you sure users have write permission on the share (in smb.conf and as filesystem permission?) -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From peter.milburn at sofcom.com.au Mon Feb 5 06:04:00 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:15 2003 Subject: samba PDC and pam_smb Message-ID: I have what I think is a really good system now with samba and pdc, the one problem I am having, is this. LInux PDC File Server running SAMBA using pam_smb when a user does not have an account on the file server, it still lets them view the shares, but gives them a userid of nobody. IS there anyone of preventing someone of view the share, if they do not have a vaild account on the /etc/passwd Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From lepape at shom.fr Mon Feb 5 09:36:51 2001 From: lepape at shom.fr (Jean-Marc Le Pape) Date: Tue Dec 2 02:33:15 2003 Subject: printing drivers Message-ID: <3A7E7433.282B4801@shom.fr> Hi, I've a problem installing NT drivers. I follow instructions given in PRINTER_DRIVER2.txt (create a print$ share, etc..) I connect as root to the PDC. I try to add a driver to a printer, the file $SAMBA_HOME/var/locks/ntdrivers.tdb is modify, a directory W32X86/2 is created which contains the drivers but under NT i have the message "Impossible to modify the driver" and the driver's name is still "NO DRIVER AVAILABLE FOR THIS PRINTER". I use printing=SYSV and printcap name=lpstat. Everything seems allright in log's file. Thanks. JM From garin_alejandro at yahoo.com Mon Feb 5 14:02:39 2001 From: garin_alejandro at yahoo.com (Alejandro Garin) Date: Tue Dec 2 02:33:15 2003 Subject: nt users and group in smb.conf (winbindd installed) Message-ID: <20010205140239.79070.qmail@web9207.mail.yahoo.com> hello to all! I have not problems in the configuration of windbind, all is ok. But I dont know in smb.conf how to setup a valid users for NT/Groups... for example Domain Users this is my share: [www] comment = www path = /www valid users = @WSERVICES\Domain Users read only = No this no work.... I need the nt users in this group can access this share. how i can do this? thanks in advance ===== --- Ing. Alejandro Garín Telecom Internet __________________________________________________ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From niclas.tuominen at volvo.com Mon Feb 5 14:47:31 2001 From: niclas.tuominen at volvo.com (Tuominen Niclas) Date: Tue Dec 2 02:33:15 2003 Subject: nt users and group in smb.conf (winbindd installed) Message-ID: <23D62F4D4259D411913600508BDF6F19036AC8@vsegn354.it.volvo.se> Hello, Try to put in the [global] winbind separator = + and then in your share [www] comment = www path = /www valid users = @WSERVICES+"Domain Users" read only = No Works for me. _________________________________________________ Niclas E-mail: niclas.tuominen@volvo.com > -----Original Message----- > From: Alejandro Garin [mailto:garin_alejandro@yahoo.com] > Sent: 5. helmikuuta 2001 16:03 > To: samba-ntdom@lists.samba.org > Subject: nt users and group in smb.conf (winbindd installed) > > > hello to all! > > I have not problems in the configuration of windbind, > all is ok. > But I dont know in smb.conf how to setup a valid users > for NT/Groups... for example Domain Users > > this is my share: > > [www] > comment = www > path = /www > valid users = @WSERVICES\Domain Users > read only = No > > > this no work.... I need the nt users in this group > can access this share. > > how i can do this? > > thanks in advance > > > > > ===== > --- > Ing. Alejandro Gar?n > Telecom Internet > > __________________________________________________ > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ > From DMeszaros at Hellasystems.de Mon Feb 5 16:09:55 2001 From: DMeszaros at Hellasystems.de (Daniel Meszaros) Date: Tue Dec 2 02:33:15 2003 Subject: ot: such a list also 4 apache?... Message-ID: hi there! i'm glad to be in such a list. it's quite nice here ... seems nobody to be like in these 10000s of newsgroups, where everybody likes more fighting than finding answers. therefore i am searching for a mailing list dealing with the apache web server. maybe anyone can suggest one/some. i'd be glad getting some hints from y'all. cu, daniel m?sz?ros. From DMeszaros at Hellasystems.de Mon Feb 5 16:22:36 2001 From: DMeszaros at Hellasystems.de (Daniel Meszaros) Date: Tue Dec 2 02:33:15 2003 Subject: AW: such a list also 4 apache?... Message-ID: > You might want to try looking on www.apache.org > instead of samba sure. that was also my idea. but there is no public mailing list. seems that i have to "rumble" myself through the usenet... ;-) greetinx, daniel m?sz?ros. From ctooley at amoa.org Mon Feb 5 16:54:49 2001 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:33:15 2003 Subject: Printers get paused on some print jobs Message-ID: <862569EA.005C2842.00@amoa.org> I have Samba 2.0.7 installed and accepting Domain logins for my Win9x clients. There are approximately 40 clients logging into the machine so it is not an overworked installation. I also have 8 - 10 print ques set up in the /etc/printcap (depending on how many problems I'm having at the time) and unfortunately I'm having problems getting some print jobs to print out. Occasionally the print jobs don't print and the printers seem to go into a "paused" mode that won't clear up until I manually clean out the que and restart lpd. This is getting rather annoying. I'm not certain if this is a Samba problem, and lpd problem, or a problem with the printer. However, I am getting a lot of errors in the lpd logs that say that it has lost the connection to the printer and it is restarting that printer, which seems odd if it is still printing most of the time. If anyone has any ideas on this I would be greatful. I am also considering changing spooling mechanisms so if you have a suggestion that would be good too. Chris Tooley From barth at cck.uni-kl.de Mon Feb 5 17:21:30 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:15 2003 Subject: Printers get paused on some print jobs In-Reply-To: <862569EA.005C2842.00@amoa.org> Message-ID: <3A7EEF2A.10377.258D1F4@localhost> Is this on a RedHat-System? RH 5.x? We have / had the same problems there. They are not due to samba but because of the lpd RedHat ships. This lpd sometimes doesn't like the talk with other lpd, like the one in HP printers. It's not realy reproduceable. We changed the lpd versions and it got a bit more stable. Currently we are using lpd- 0.46-1. Havn't done it my self, but I know people that sware on lprng (www.lprng.org) Christian > > I have Samba 2.0.7 installed and accepting Domain logins for my Win9x clients. > There are approximately 40 clients logging into the machine so it is not an > overworked installation. I also have 8 - 10 print ques set up in the > /etc/printcap (depending on how many problems I'm having at the time) and > unfortunately I'm having problems getting some print jobs to print out. > Occasionally the print jobs don't print and the printers seem to go into a > "paused" mode that won't clear up until I manually clean out the que and restart > lpd. This is getting rather annoying. > > I'm not certain if this is a Samba problem, and lpd problem, or a problem with > the printer. However, I am getting a lot of errors in the lpd logs that say > that it has lost the connection to the printer and it is restarting that > printer, which seems odd if it is still printing most of the time. > > If anyone has any ideas on this I would be greatful. I am also considering > changing spooling mechanisms so if you have a suggestion that would be good too. > > Chris Tooley > > > > _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From garin_alejandro at yahoo.com Mon Feb 5 17:27:39 2001 From: garin_alejandro at yahoo.com (Alejandro Garin) Date: Tue Dec 2 02:33:15 2003 Subject: nt users and group in smb.conf (winbindd installed) In-Reply-To: <23D62F4D4259D411913600508BDF6F19036AC8@vsegn354.it.volvo.se> Message-ID: <20010205172739.55670.qmail@web9205.mail.yahoo.com> > Hello, > Try to put in the > [global] > winbind separator = + > > and then in your share > [www] > comment = www > path = /www > valid users = @WSERVICES+"Domain Users" > read only = No > thank you , work fine! regards ===== Ing. Alejandro Garín Telecom Internet __________________________________________________ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From ralf at is.rice.edu Mon Feb 5 18:18:21 2001 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain Message-ID: Greetings samba team! I have a question. Any help would be much appreciated. I want to be able to make a workstation (NT/2K) join a domain by using a perl script. My question is: What information and in what format does samba listen for when accepting requests from workstations to join the domain? Does it listen at port 139 and service netbios-ssn? Protocol tcp? If so. What information does the workstation send to the samba server when it requests to join the domain? Also how does samba respond? Is the string "Welcome to Whatever" included in the response? I've looked for this on NT books to no avail. I've also looked on the perl archives to see if there's already something similar. No luck. I would really appreciate any help I can get on this. Best regards; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- From aeby at graeff.com Mon Feb 5 18:59:39 2001 From: aeby at graeff.com (Thomas Aeby) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain In-Reply-To: Message-ID: On Mon, 5 Feb 2001, Alfredo Ramos wrote: > I want to be able to make a workstation (NT/2K) join a domain by using a > perl script. I am also *very* interested in seeing a solution here. I started trying the "NETDOM.EXE" command (resource kit). This works well when joining a domain run on a true NT box but fails with Samba. Has anyone succeeded in finding a way to non-interactively join a Samba-Domain? Many thanks in advance for any hint! Best regards, Tom ---------------------------------------------------------------------------- Thomas Aeby, Kirchweg 40, 1735 Giffers, Switzerland, Voice : (+41)26 4180040 Internet: aeby@graeff.com PGP public key available ---------------------------------------------------------------------------- A baby is an alimentary canal with a loud voice at one end and no responsibility at the other. From gcarter at valinux.com Mon Feb 5 19:19:49 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain References: Message-ID: <3A7EFCD5.9FBC21E7@valinux.com> Thomas Aeby wrote: > > I am also *very* interested in seeing a solution here. > I started trying the "NETDOM.EXE" command (resource > kit). This works well when joining a domain run on a true NT > box but fails with Samba. netdom should work. I used to use it all the time. What error message are you getting? Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ralf at is.rice.edu Mon Feb 5 19:37:08 2001 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain In-Reply-To: <3A7EFCD5.9FBC21E7@valinux.com> Message-ID: I'm still not getting any errors. I haven't tried yet. I wanted to know the format of the request to actually put it in the script. Is netdom a utility in the resource kit? Regards; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Mon, 5 Feb 2001, Gerald Carter wrote: > Thomas Aeby wrote: > > > > I am also *very* interested in seeing a solution here. > > I started trying the "NETDOM.EXE" command (resource > > kit). This works well when joining a domain run on a true NT > > box but fails with Samba. > > netdom should work. I used to use it all the time. > What error message are you getting? > > > > > > > > Cheers, jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com > http://www.samba.org/ SAMBA Team jerry@samba.org > http://www.plainjoe.org/ jerry@plainjoe.org > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From gcarter at valinux.com Mon Feb 5 20:07:50 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain References: Message-ID: <3A7F0816.7A2F4AD5@valinux.com> Alfredo Ramos wrote: > > I'm still not getting any errors. I haven't tried yet. I > wanted to know the format of the request to actually put > it in the script. > > Is netdom a utility in the resource kit? Yes. Netdom is a RK tool. Very handy. You should write your perl script as a wrapper around it. You really don't want to deal with the actual packets. Trust me. :-) cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From aeby at graeff.com Mon Feb 5 20:04:49 2001 From: aeby at graeff.com (Thomas Aeby) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain In-Reply-To: <3A7EFCD5.9FBC21E7@valinux.com> Message-ID: On Mon, 5 Feb 2001, Gerald Carter wrote: > netdom should work. I used to use it all the time. > What error message are you getting? The netdom ... member /joindomain allegedly works as one would expect (no error messages, everything looks ok). But after joining the domain - I cannot login as a domain user - netdom member /query says: ... Found PDC \\SUSIX Verifying secure channel on \\TESTNT The system cannot find the path specified - the workstation account's password is never changed This is with Samba 2.0.7. I tried 2.2.0alpha1 too but did not dive into extensive testing. Maybe I am using netdom the wrong way? Since netdom /domain:whatever member /joindomain keeps telling me that I have no access to the \\PDC I tried passing a user/password. This makes netdom work without an error message but without really joining the domain. Is this what I am doing wrong? I owe you a bottle of wine if you can give me a useful hint! Best regards, Tom ---------------------------------------------------------------------------- Thomas Aeby, Kirchweg 40, 1735 Giffers, Switzerland, Voice : (+41)26 4180040 Internet: aeby@graeff.com PGP public key available ---------------------------------------------------------------------------- P: Ich kann doch (theoretisch) auch Menschen gefangen halten und trotzdem wissen ob die dann freiwillig mit mir Sex haben oder nicht? M: Das nennt sich dann Heirat und Ehe! -- Martin Freiberg in d.t.l. From gcarter at valinux.com Mon Feb 5 20:13:17 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain References: Message-ID: <3A7F095D.5F40F153@valinux.com> Thomas Aeby wrote: > > The netdom ... member /joindomain allegedly works as > one would expect (no error messages, everything looks ok). > But after joining the domain > > - I cannot login as a domain user > - netdom member /query says: > ... > Found PDC \\SUSIX > Verifying secure channel on \\TESTNT > The system cannot find the path specified > > - the workstation account's password is never changed > > This is with Samba 2.0.7. I tried 2.2.0alpha1 too but did > not dive into extensive testing. > > Maybe I am using netdom the wrong way? Since > > netdom /domain:whatever member /joindomain > > keeps telling me that I have no access to the \\PDC > I tried passing a user/password. This makes netdom > work without an error message but without really > joining the domain. Is this what I am doing wrong? Hmmm...I thought the syntax was something like netdom /domain: member %COMPUTERNAME% /joindomain Of course, this assumes the initial machine trust account was created on Samba PDC already. > I owe you a bottle of wine if you can give me a useful hint! Change that to something non-alcoholic and your on :-) Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From ralf at is.rice.edu Mon Feb 5 20:11:02 2001 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain In-Reply-To: <3A7F0816.7A2F4AD5@valinux.com> Message-ID: Jerry; I'll take your word for it. Thanks I'll try the tool. Best regards; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Mon, 5 Feb 2001, Gerald Carter wrote: > Alfredo Ramos wrote: > > > > I'm still not getting any errors. I haven't tried yet. I > > wanted to know the format of the request to actually put > > it in the script. > > > > Is netdom a utility in the resource kit? > > Yes. Netdom is a RK tool. Very handy. You should write > your perl script as a wrapper around it. You really don't > want to deal with the actual packets. Trust me. :-) > > > > > > > > cheers, jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com > http://www.samba.org/ SAMBA Team jerry@samba.org > http://www.plainjoe.org/ jerry@plainjoe.org > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From ralf at is.rice.edu Mon Feb 5 20:40:19 2001 From: ralf at is.rice.edu (Alfredo Ramos) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain In-Reply-To: <3A7F0816.7A2F4AD5@valinux.com> Message-ID: ntdom works great! Thanks a lot. Best regards; Al. --------------------------------------------------------------------------------- | Alfredo Ramos This space available for rent. | New Media & Student Computing Get your product moving. Advertise here! | Rice University. | Email: ralf@is.rice.edu --------------------------------------------------------------------------------- On Mon, 5 Feb 2001, Gerald Carter wrote: > Alfredo Ramos wrote: > > > > I'm still not getting any errors. I haven't tried yet. I > > wanted to know the format of the request to actually put > > it in the script. > > > > Is netdom a utility in the resource kit? > > Yes. Netdom is a RK tool. Very handy. You should write > your perl script as a wrapper around it. You really don't > want to deal with the actual packets. Trust me. :-) > > > > > > > > cheers, jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com > http://www.samba.org/ SAMBA Team jerry@samba.org > http://www.plainjoe.org/ jerry@plainjoe.org > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From aeby at graeff.com Mon Feb 5 20:39:43 2001 From: aeby at graeff.com (Thomas Aeby) Date: Tue Dec 2 02:33:15 2003 Subject: Joining a domain In-Reply-To: <3A7F095D.5F40F153@valinux.com> Message-ID: On Mon, 5 Feb 2001, Gerald Carter wrote: > Hmmm...I thought the syntax was something like > > netdom /domain: member %COMPUTERNAME% /joindomain This is true in fact. Netdom determines %COMPUTERNAME% correctly if not passed on the command line though. Unfortunately if I do not give user/password netdom just says ... Found PDC \\SUSIX Querying domain information on PDC \\SUSIX ... Access is denied You do not have access to the PDC \\SUSIX > Of course, this assumes the initial machine trust account > was created on Samba PDC already. I created one with "smbpasswd -a -m testnt" (the machine is called "testnt" ...) joining succeeds when performed the interactive way ... > Change that to something non-alcoholic and your on :-) Whatever you like :-)) This problem is a nightmare for me ... Kind regards, Tom ---------------------------------------------------------------------------- A large number of installed systems work by fiat. That is, they work by being declared to work. -- Anatol Holt From gcarter at valinux.com Mon Feb 5 20:57:45 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:16 2003 Subject: Joining a domain References: Message-ID: <3A7F13C9.8A3C250E@valinux.com> Thomas Aeby wrote: > > Unfortunately if I do not give user/password netdom just says > > ... > Found PDC \\SUSIX > Querying domain information on PDC \\SUSIX ... > Access is denied > > You do not have access to the PDC \\SUSIX Ahhh...setup an anonymous connection to \\susix\ipc$ first. Then run netdom. net use \\susix\ipc$ /user:"" "" Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From aeby at graeff.com Mon Feb 5 21:51:01 2001 From: aeby at graeff.com (Thomas Aeby) Date: Tue Dec 2 02:33:16 2003 Subject: Joining a domain In-Reply-To: <3A7F13C9.8A3C250E@valinux.com> Message-ID: On Mon, 5 Feb 2001, Gerald Carter wrote: > Ahhh...setup an anonymous connection to \\susix\ipc$ first. > Then run netdom. > > net use \\susix\ipc$ /user:"" "" Oh yes! This solves part of the problem - I do not have to give user/password any more ... but still after "sucessfully" joining the domain the NT box refuses to change its workstation account password and keeps telling me that the "system's primary domain password is missing" - aaargh. BTW: The EventLog says The session setup to the Windows NT Domain Controller \\SUSIX for the domain HEAVEN failed because the computer TESTNT does not have a local security database account. A "local" security database account????!!! > while > Alfredo Ramos wrote: > > ntdom works great! Others seem to be more lucky than I. There must be something really silly I'm missing. Best regards, Tom ---------------------------------------------------------------------------- Thomas Aeby, Kirchweg 40, 1735 Giffers, Switzerland, Voice : (+41)26 4180040 Internet: aeby@graeff.com PGP public key available ---------------------------------------------------------------------------- A nuclear war can ruin your whole day. From hallvard at npk.no Mon Feb 5 22:45:16 2001 From: hallvard at npk.no (Hallvard=?ISO-8859-1?Q?_=AFstrem?=) Date: Tue Dec 2 02:33:16 2003 Subject: nt users and group in smb.conf (winbindd installed) In-Reply-To: <23D62F4D4259D411913600508BDF6F19036AC8@vsegn354.it.volvo.se> References: <23D62F4D4259D411913600508BDF6F19036AC8@vsegn354.it.volvo.se> Message-ID: Brilliant! This was the formula I've been waiting for, the missing link, so to speak. And now winbind works on my system too! Just want to say thank you for the tip. Hallvard niclas.tuominen@volvo.com skriver: >Hello, >Try to put in the >[global] >winbind separator = + > >and then in your share > [www] > comment = www > path = /www > valid users = @WSERVICES+"Domain Users" > read only = No > >Works for me. >_________________________________________________ >Niclas >E-mail: niclas.tuominen@volvo.com > > >> -----Original Message----- >> From: Alejandro Garin [mailto:garin_alejandro@yahoo.com] >> Sent: 5. helmikuuta 2001 16:03 >> To: samba-ntdom@lists.samba.org >> Subject: nt users and group in smb.conf (winbindd installed) >> >> >> hello to all! >> >> I have not problems in the configuration of windbind, >> all is ok. >> But I dont know in smb.conf how to setup a valid users >> for NT/Groups... for example Domain Users >> >> this is my share: >> >> [www] >> comment = www >> path = /www >> valid users = @WSERVICES\Domain Users >> read only = No >> >> >> this no work.... I need the nt users in this group >> can access this share. >> >> how i can do this? >> >> thanks in advance >> >> >> >> >> ===== >> --- >> Ing. Alejandro Gar?n >> Telecom Internet >> >> __________________________________________________ >> Get personalized email addresses from Yahoo! Mail - only $35 >> a year! http://personal.mail.yahoo.com/ >> > > From kuttan_f at yahoo.com Tue Feb 6 03:51:35 2001 From: kuttan_f at yahoo.com (nixon edward) Date: Tue Dec 2 02:33:16 2003 Subject: mailing list In-Reply-To: <3A7E7433.282B4801@shom.fr> Message-ID: <20010206035135.82152.qmail@web12105.mail.yahoo.com> could you please remove me from the mailing list __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices. http://auctions.yahoo.com/ From willy.coppens at eurostation.be Tue Feb 6 08:11:09 2001 From: willy.coppens at eurostation.be (Willy Coppens) Date: Tue Dec 2 02:33:16 2003 Subject: samba-ntdom digest, Vol 1 #265 - 4 msgs In-Reply-To: <20010204200118.9CEC4801A@lists.samba.org> Message-ID: Hi, You have to change the permissions of normal users so they can install printer drivers on their system. User manager, policies . >Hi everybody, >when a user is not a local admin. and he wants to acquire a printer >residing on a smb-server on Linux, he get's an error message like "not >sufficient permissions to install the local driver". >When this driver is already installed at >C:\WINNT\system32\spool\dirvers\w32x86\2 or the user is local admin., >this job is no problem. >Is there any workaround for the use of this directory beeing only >readable for the user? From bjoern.kreher at student.uni-tuebingen.de Tue Feb 6 17:21:30 2001 From: bjoern.kreher at student.uni-tuebingen.de (=?iso-8859-1?Q?Bj=F6rn?= W. Kreher) Date: Tue Dec 2 02:33:16 2003 Subject: profile destroyer Message-ID: <3A80329A.D76DD38C@student.uni-tuebingen.de> Hi, we are running samba 2.2.0 preAlpha1 as an NT domaincontroller. The clients are all NT 4.0 machines. Now we have the problem, waht sometimes the dat-file of the profile will be destroyed during login on on the NT-Clients. It seems that there is a connection if the people are login on different machies (but only serial not at the same time). It happens only sometimes of course. Additional i must say that the clients are not quit identical of the installed software. We don't know if this is a problem of samba or NT. If anybody had similar experience, i would be glad if he could give me some help. bye, bjoern From mhaney at info4cars.com Tue Feb 6 16:28:32 2001 From: mhaney at info4cars.com (Mark Haney) Date: Tue Dec 2 02:33:16 2003 Subject: profile destroyer In-Reply-To: <3A80329A.D76DD38C@student.uni-tuebingen.de> Message-ID: I have had that problem before as well. I am assuming you get an error and the default profile is displayed for the user with a .bak extension on the original profile? If it is, it's not related to Samba at all, but an issue with Windows NT. My only solution was to run REGCLEAN, remove the dead entries from the registry, and make sure the registry size is set for about double the size of what is posted in the porperties. Hope this helps. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Bj?rn W. Kreher Sent: Tuesday, February 06, 2001 12:22 PM To: samba-ntdom@us5.samba.org Subject: profile destroyer Hi, we are running samba 2.2.0 preAlpha1 as an NT domaincontroller. The clients are all NT 4.0 machines. Now we have the problem, waht sometimes the dat-file of the profile will be destroyed during login on on the NT-Clients. It seems that there is a connection if the people are login on different machies (but only serial not at the same time). It happens only sometimes of course. Additional i must say that the clients are not quit identical of the installed software. We don't know if this is a problem of samba or NT. If anybody had similar experience, i would be glad if he could give me some help. bye, bjoern From hulet at ittc.ukans.edu Tue Feb 6 16:46:15 2001 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:33:16 2003 Subject: profile destroyer In-Reply-To: <3A80329A.D76DD38C@student.uni-tuebingen.de> Message-ID: We have the same problems occasionally. My theory is, the profiles that = =20 are "destroyed" happen when the user logs into two machines. If this user logs out of both machines at the same time, both machines will try = =20 writing to the profile directory (locking problem?). If you load the "destroyed" NTUSER.DAT in regedt32, you'll notice the permissions for this registry are Administrators - Read and System - Full Control. The user is no longer the owner of the profile. I can't stop it so I tell users who login to 2 machines, they must be completely logged out of one machine before logging out of another. After losing their profiles a couple of=20 times, they learn. For me, logging out of two machines at the same time has been the only common factor when user's profiles are "destroyed".=20 Michael Hulet Senior Network System Administrator ITTC, University of Kansas On Tue, 6 Feb 2001, [iso-8859-1] Bj=F6rn W. Kreher wrote: > Hi, > we are running samba 2.2.0 preAlpha1 as an NT domaincontroller. The > clients are all NT 4.0 machines. Now we have the problem, waht sometimes > the dat-file of the profile will be destroyed during login on on the > NT-Clients.=20 >=20 > It seems that there is a connection if the people are login on different > machies (but only serial not at the same time). It happens only > sometimes of course. Additional i must say that the clients are not quit > identical of the installed software. >=20 > We don't know if this is a problem of samba or NT. If anybody had > similar experience, i would be glad if he could give me some help. >=20 > bye, >=20 > bjoern >=20 From jahall at nea.org Tue Feb 6 16:59:17 2001 From: jahall at nea.org (jahall@nea.org) Date: Tue Dec 2 02:33:16 2003 Subject: profile destroyer Message-ID: I have run into this problem on Windows NT Servers as well. It has ocurred for us when the registry almost reaches, or exceeds, the maximum size specified. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - Hi, we are running samba 2.2.0 preAlpha1 as an NT domaincontroller. The clients are all NT 4.0 machines. Now we have the problem, waht sometimes the dat-file of the profile will be destroyed during login on on the NT-Clients. It seems that there is a connection if the people are login on different machies (but only serial not at the same time). It happens only sometimes of course. Additional i must say that the clients are not quit identical of the installed software. We don't know if this is a problem of samba or NT. If anybody had similar experience, i would be glad if he could give me some help. bye, bjoern - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - ******************************************************************* Only the individual sender is responsible for the content of the message, and the message does not necessarily reflect the position or policy of the National Education Association or its affiliates. From mhaney at info4cars.com Tue Feb 6 17:12:27 2001 From: mhaney at info4cars.com (Mark Haney) Date: Tue Dec 2 02:33:16 2003 Subject: profile destroyer In-Reply-To: Message-ID: >> It has ocurred for us when the registry almost reaches, or exceeds, the maximum size specified. I agree, I doubt multiple logins is a problem, even with roaming profiles, which aren't specified as being the case in the original problem. According to all documentation from MS, a the registry size specified in the workstation properties DOES NOT include the NTUSER.DAT hive. This means if oyu have 2MB registry space reserved that is free and your profile is 2MB, you will see the profile 'blown away' and a default one used instead. Even with roaming profiles, a copy of the ntuser.dat file is sent to the workstation, not simply opened from the network location. Please check registry sizes and let us know. I have run standard and roaming profiles from NT and Samba DC's before and never had the problem _except_ when I don't reserve enough room for my user hive. Another cause I have seen is on a soft reboot and some extraneous data hangs around in RAM and causes corruption, especially if the total amount of RAM you have is pushed to the limit by NT just booting. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of jahall@nea.org Sent: Tuesday, February 06, 2001 11:59 AM To: samba-ntdom-admin@us5.samba.org; samba-ntdom@us5.samba.org Subject: re: profile destroyer I have run into this problem on Windows NT Servers as well. It has ocurred for us when the registry almost reaches, or exceeds, the maximum size specified. Jay - - - - - - - - - - - - - - Original Message - - - - - - - - - - - - - - Hi, we are running samba 2.2.0 preAlpha1 as an NT domaincontroller. The clients are all NT 4.0 machines. Now we have the problem, waht sometimes the dat-file of the profile will be destroyed during login on on the NT-Clients. It seems that there is a connection if the people are login on different machies (but only serial not at the same time). It happens only sometimes of course. Additional i must say that the clients are not quit identical of the installed software. We don't know if this is a problem of samba or NT. If anybody had similar experience, i would be glad if he could give me some help. bye, bjoern - - - - - - - - - - - - End of Original Message - - - - - - - - - - - - ******************************************************************* Only the individual sender is responsible for the content of the message, and the message does not necessarily reflect the position or policy of the National Education Association or its affiliates. From dl at tyfon.net Wed Feb 7 11:48:46 2001 From: dl at tyfon.net (Dan Larsson) Date: Tue Dec 2 02:33:16 2003 Subject: Permission issues with samba-2.0.7 Message-ID: We're experiencing permission issues when users create a folder on a share, noone else but the creator may store/change anything within that folder. I've set `create mask = 0775' on the share to no avail. How do I solve this? (If this has been dealt with earlier I apologize) Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net From dl at tyfon.net Wed Feb 7 11:56:13 2001 From: dl at tyfon.net (Dan Larsson) Date: Tue Dec 2 02:33:16 2003 Subject: Solved: Permission issues with samba-2.0.7 In-Reply-To: Message-ID: On Wed, 7 Feb 2001, Dan Larsson wrote: | We're experiencing permission issues when users create a folder on a | share, noone else but the creator may store/change anything within that | folder. I solved it by setting the `directory mask' to 0775. | Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net From thijs at abZurd.com Wed Feb 7 20:49:03 2001 From: thijs at abZurd.com (thijs) Date: Tue Dec 2 02:33:16 2003 Subject: smb in win2k domain problems Message-ID: <20010207204903.EF760D7ED@abzurd.student.utwente.nl> i'm trying to add a samba (Version 2.0.7) box into a win2k network , .. the domain controller has compatibility enabled and uses active directories. i read and reread all the faq's and howto's yet yielded no results : ( the pdc has a computer account for the server , ... are there any special requirements to the computer account on the pdc my results so far : (smb.conf is added at bottom) (FTP = samba server MDTHOST = pdc ) root@FTP /etc# smbpasswd -j MDTDOMAIN -r MDTHOST -D 4 resolve_hosts: Attempting host lookup for name MDTHOST<0x20> Connecting to 145.76.9.40 at port 139 cli_net_req_chal: LSA Request Challenge from MDTHOST to FTP: 14F654FD5E0507D0 cred_session_key cred_create cli_net_auth2: srv:\\MDTHOST acct:FTP$ sc:2 mc: FTP chal 1A9238EF7B7C58F1 neg: 1ff cli_net_auth2: Error NT_STATUS_INVALID_PARAMETER cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine MDTHOST. Error was : NT_STATUS_INVALID_PARAMETER. 2001/02/07 21:46:51 : change_trust_account_password: Failed to change password for domain MDTDOMAIN. Unable to join domain MDTDOMAIN. /etc/smb.conf (complete) [global] workgroup = MDTDOMAIN security = domain password server = MDTHOST encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 24 domain master = no preferred master = no domain logons = yes name resolve order = host bcast wins lmhosts [homes] comment = Home Directories browseable = no writable = yes guest ok = no regards thijs -- http://www.abzurd.org From jasonh at Osprey.InfotechFL.com Wed Feb 7 22:09:08 2001 From: jasonh at Osprey.InfotechFL.com (Jason Hamilton) Date: Tue Dec 2 02:33:16 2003 Subject: testing post Message-ID: <200102072209.RAA09496@Osprey.InfotechFL.com> Testing -- Jason Hamilton, System Administator | 5700 SW 34th St. Suite 1235 Info Tech, Inc. | Gainesville, FL 32608 Jason.Hamilton@InfoTechFl.com | (352)381-4400 From dwcjr at inethouston.net Wed Feb 7 22:13:14 2001 From: dwcjr at inethouston.net (David W. Chapman Jr.) Date: Tue Dec 2 02:33:16 2003 Subject: testing post References: <200102072209.RAA09496@Osprey.InfotechFL.com> Message-ID: <001201c09153$2a62b940$931576d8@inethouston.net> Just imagine if everyone did that... > Testing From ctooley at amoa.org Wed Feb 7 23:45:50 2001 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:33:16 2003 Subject: SMBD and NMBD sessions spawning as root Message-ID: <862569EC.0081C3FB.00@amoa.org> Is there any way to make the smbd and nmbd sessions for each user to get started as that user so it would be easier to tell which process is for which user? Chris Tooley BTW Mark VanderWeil, Jim Mcdonough, and company at IBM have been trying to help me with some really crazy lpr problems. Thanks to those guys and I'll post the synopsis and resolution to the various lists when we find one. This is on RedHat 6.2 with the default lpr package, printing to some JetDirect printers via Samba. It's an interesting mix and the only ones that are pointing around saying it's the other guy is IBM. Thanks to them and you guys who work on this project. I can't wait for 2.2. From ctooley at amoa.org Wed Feb 7 23:47:23 2001 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:33:16 2003 Subject: SMBD and NMBD sessions spawning as root Message-ID: <862569EC.0081E85E.00@amoa.org> Ooops sorry Mark, that should be VanderWiele not VanderWeil. Chris Tooley 02/07/2001 05:45 PM To: Samba Mailinglist cc: Subject: SMBD and NMBD sessions spawning as root (Document link: Chris Tooley) Is there any way to make the smbd and nmbd sessions for each user to get started as that user so it would be easier to tell which process is for which user? Chris Tooley BTW Mark VanderWeil, Jim Mcdonough, and company at IBM have been trying to help me with some really crazy lpr problems. Thanks to those guys and I'll post the synopsis and resolution to the various lists when we find one. This is on RedHat 6.2 with the default lpr package, printing to some JetDirect printers via Samba. It's an interesting mix and the only ones that are pointing around saying it's the other guy is IBM. Thanks to them and you guys who work on this project. I can't wait for 2.2. From thijs at abZurd.com Thu Feb 8 01:58:41 2001 From: thijs at abZurd.com (thijs) Date: Tue Dec 2 02:33:16 2003 Subject: Resolved :: smb in win2k domain problems Message-ID: <20010208015841.A39C0D7ED@abzurd.student.utwente.nl> kevinc wrote: >I'm really not sure what your problem is, but I did note that you have >"domain logons = yes". This, combined with your other settings and an >existing 2000 domain controller, should essentially mean "Configure >Samba as a BDC". I think it should still work, but I am not sure that >is what you meant to attempt. If you are trying to create a domain >member, turn "domain logons" off. thanx , i didn't know that , .. my problem however resolved itself another way I was using the standard rpm smbpasswd that came with my distro. using the compiled binary in /usr/local did the trick thnx for the support : ) regards thijs -- http://www.abzurd.org >I hope your join issue gets resolved soon. Best of luck. > > - Kevin Colby > kevinc@grainsystems.com From thomasa at wa.switch.aust.com Thu Feb 8 04:37:51 2001 From: thomasa at wa.switch.aust.com (Thomas, Andre) Date: Tue Dec 2 02:33:16 2003 Subject: testing post Message-ID: Or even better; if everyone made a comment. -----Original Message----- From: David W. Chapman Jr. [mailto:dwcjr@inethouston.net] Sent: Thursday, February 08, 2001 6:13 AM To: Jason Hamilton; samba-ntdom@us5.samba.org Subject: Re: testing post Just imagine if everyone did that... > Testing From mafoe at sgi.com Thu Feb 8 09:55:23 2001 From: mafoe at sgi.com (Martin Foerster) Date: Tue Dec 2 02:33:16 2003 Subject: samba server BDC or workstation ? Message-ID: <001001c091b5$40f43c30$bbc5fd90@munich.sgi.com> Hi, I added a samba server to our NT Domain with "security = Domain". Although I added it as "workstation", it appears as BDC in Servermanager. That's actually alright with me, but how 'should' it appear? It works fine for over a week, until now. The Problem now is, that without any changes some user (including me) get "No Domain Controller found..." when logging in with the NT client. I took a look in the samba logs, and found a log, for everybody who wasn't able to log in successfully. The log says the following.... [2001/02/08 09:57:39, 0] rpc_server/srv_netlog.c:(301) get_md4pw: Workstation DE-MAFOE$: no account in domain So my workstation chose the Samba server to authenticate. Does that work in general? It seems, that whether WINS on samba is not working properly, or it's because of the $ at the end of the machine name. There shouldn't be a $. I had the same problem when I first started the server, but it was gone, when I set the "os level" from 32 to 0. I would appreciate any help. Thanks. Martin From Axel.Thimm at physik.fu-berlin.de Thu Feb 8 10:52:12 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:16 2003 Subject: Point & Print & Permissions Message-ID: <20010208115212.B5758@oberon.physik.fu-berlin.de> What is the NT domain "clean" way to set up automatic printer driver download? I have successfully uploaded the drivers, and if I log on as DOMAIN\root I seem to have full control over the NT client. But I want to let my users install their own NT client, e.g. they log on as "Administrator" with their own password. Is it enough to make [print$] guest ok = yes (but the print services themselves are not guest ok, to avoid "nobody" printing)? Or do I have to set up printer admins etc.? Or make the print servises also guest ok, but disallow printing for "nobody" on the Unix level? Thanks, Axel. -- Axel.Thimm@physik.fu-berlin.de From ratzka at HRZ.Uni-Marburg.DE Thu Feb 8 12:21:13 2001 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:33:16 2003 Subject: Point & Print & Permissions References: <20010208115212.B5758@oberon.physik.fu-berlin.de> Message-ID: <3A828F39.4090703@hrz.uni-marburg.de> Axel Thimm wrote: > What is the NT domain "clean" way to set up automatic printer driver download? > I have successfully uploaded the drivers, and if I log on as DOMAIN\root I > seem to have full control over the NT client. But I want to let my users > install their own NT client, e.g. they log on as "Administrator" with their > own password. This may not be an answer to your original question. I just seem to detect a misconception here. With "point & print" printer connections are installed per user, so you need not do anything as "Administrator" (and it won't help). Just login as the user who wants to use the printer, and install the printer. -- Wolfgang Ratzka From Axel.Thimm at physik.fu-berlin.de Thu Feb 8 12:42:35 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:16 2003 Subject: Point & Print & Permissions In-Reply-To: <3A828F39.4090703@hrz.uni-marburg.de>; from ratzka@HRZ.Uni-Marburg.DE on Thu, Feb 08, 2001 at 01:21:13PM +0100 References: <20010208115212.B5758@oberon.physik.fu-berlin.de> <3A828F39.4090703@hrz.uni-marburg.de> Message-ID: <20010208134235.D5758@oberon.physik.fu-berlin.de> On Thu, Feb 08, 2001 at 01:21:13PM +0100, Wolfgang Ratzka wrote: > Axel Thimm wrote: > > What is the NT domain "clean" way to set up automatic printer driver > > download? I have successfully uploaded the drivers, and if I log on as > > DOMAIN\root I seem to have full control over the NT client. But I want to > > let my users install their own NT client, e.g. they log on as > > "Administrator" with their own password. > > This may not be an answer to your original question. I just seem to > detect a misconception here. Most likely ;) > With "point & print" printer connections are installed per user, so you need > not do anything as "Administrator" (and it won't help). > Just login as the user who wants to use the printer, and install the > printer. Doesn't this only work for users in the "Power Users" group? Our local NT admins wouldn't like to grant too much rights to unexperienced Windows users. Regards, Axel. -- Axel.Thimm@physik.fu-berlin.de From dwcjr at inethouston.net Thu Feb 8 13:22:58 2001 From: dwcjr at inethouston.net (David W. Chapman Jr.) Date: Tue Dec 2 02:33:16 2003 Subject: samba server BDC or workstation ? References: <001001c091b5$40f43c30$bbc5fd90@munich.sgi.com> Message-ID: <003e01c091d2$41118200$931576d8@inethouston.net> I think you have to set security = User to let the workstations join the domain. ----- Original Message ----- From: "Martin Foerster" To: Sent: Thursday, February 08, 2001 3:55 AM Subject: samba server BDC or workstation ? > Hi, > > I added a samba server to our NT Domain with "security = Domain". Although I > added it as "workstation", it appears as BDC in Servermanager. That's > actually alright with me, but how 'should' it appear? > It works fine for over a week, until now. > > The Problem now is, that without any changes some user (including me) get > "No Domain Controller found..." when logging in with the NT client. > I took a look in the samba logs, and found a log, for everybody who wasn't > able to log in successfully. > The log says the following.... > > [2001/02/08 09:57:39, 0] rpc_server/srv_netlog.c:(301) > get_md4pw: Workstation DE-MAFOE$: no account in domain > > So my workstation chose the Samba server to authenticate. Does that work in > general? > It seems, that whether WINS on samba is not working properly, or it's > because of the $ at the end of the machine name. There shouldn't be a $. > I had the same problem when I first started the server, but it was gone, > when I set the "os level" from 32 to 0. > > I would appreciate any help. > > Thanks. > Martin > > > > > > From Jean-Francois.Micouleau at dalalu.fr Thu Feb 8 13:37:10 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:16 2003 Subject: Point & Print & Permissions In-Reply-To: <20010208134235.D5758@oberon.physik.fu-berlin.de> Message-ID: On Thu, 8 Feb 2001, Axel Thimm wrote: > > With "point & print" printer connections are installed per user, so you need > > not do anything as "Administrator" (and it won't help). > > Just login as the user who wants to use the printer, and install the > > printer. > > Doesn't this only work for users in the "Power Users" group? Our local NT > admins wouldn't like to grant too much rights to unexperienced Windows users. The problem with point&print is that users can only read the %SystemRoot%\system32\spool\drivers directory. Only Administrators and powers users can coy drivers to the local workstations. So for point&print to work for users, you have 2 choice: either you log once as an administrator on the workstation and connected to all printer to download the drivers to the workstation, or you change the security permissions on the ...spool\drivers directory and grant the change and write rights to the users group. For the completeness of this thread, I should add that before SP4 or SP5 (don't remember exactly), any users had the rights to download drivers. As it's a potential security risk, Microsoft changed that. And in NT2000, Microsoft added some new RPC calls to allow the NT sysadmin to download remotely the drivers on the workstations. If one day I find the time, I could add those calls in rpcclient. J.F. From ratzka at HRZ.Uni-Marburg.DE Thu Feb 8 13:55:25 2001 From: ratzka at HRZ.Uni-Marburg.DE (Wolfgang Ratzka) Date: Tue Dec 2 02:33:16 2003 Subject: Point & Print & Permissions References: Message-ID: <3A82A54D.9070906@hrz.uni-marburg.de> Jean Francois Micouleau wrote: > For the completeness of this thread, I should add that before SP4 or SP5 > (don't remember exactly), any users had the rights to download drivers. As > it's a potential security risk, Microsoft changed that. It seems that I have too check, why this still works in our (NT 4.0 SP6a) setup... :-( -- Wolfgang Ratzka From Axel.Thimm at physik.fu-berlin.de Thu Feb 8 14:17:34 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:16 2003 Subject: Point & Print & Permissions In-Reply-To: ; from Jean-Francois.Micouleau@dalalu.fr on Thu, Feb 08, 2001 at 02:37:10PM +0100 References: <20010208134235.D5758@oberon.physik.fu-berlin.de> Message-ID: <20010208151734.A7757@oberon.physik.fu-berlin.de> On Thu, Feb 08, 2001 at 02:37:10PM +0100, Jean Francois Micouleau wrote: > On Thu, 8 Feb 2001, Axel Thimm wrote: > > > With "point & print" printer connections are installed per user, so you > > > need not do anything as "Administrator" (and it won't help). > > > Just login as the user who wants to use the printer, and install the > > > printer. > > Doesn't this only work for users in the "Power Users" group? Our local NT > > admins wouldn't like to grant too much rights to unexperienced Windows > > users. > > The problem with point&print is that users can only read the > %SystemRoot%\system32\spool\drivers directory. > > Only Administrators and powers users can coy drivers to the local > workstations. > > So for point&print to work for users, you have 2 choice: > either you log once as an administrator on the workstation and connected > to all printer to download the drivers to the workstation, > or you change the security permissions on the ...spool\drivers directory > and grant the change and write rights to the users group. I'd prefer the first solution, which means less changes to the local NT client installation. So I'd setup the [print$] share to be public, so that workstations administrators may connect to that share. But what about the printer shares themselves, which I do not want to be public? A printer driver installation usually ends with printing a test page, and I do not want to allow a guest print connection. So wouldn't the driver installation utlimatively have to fail? -- Axel.Thimm@physik.fu-berlin.de From gcarter at valinux.com Thu Feb 8 14:07:57 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:16 2003 Subject: Point & Print & Permissions References: Message-ID: <3A82A83D.512904C6@valinux.com> Jean Francois Micouleau wrote: > > For the completeness of this thread, I should add that > before SP4 or SP5 (don't remember exactly), any users > had the rights to download drivers. As it's a > potential security risk, Microsoft changed that. I think it was SP6 actually. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From shaun.lipscombe at gasops.co.uk Thu Feb 8 17:55:32 2001 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:33:16 2003 Subject: testing post In-Reply-To: "Thomas, Andre"'s message of "Thu, 8 Feb 2001 12:37:51 +0800" References: Message-ID: * "Thomas," == Thomas, Andre writes: > Or even better; if everyone made a comment. Thats why I didn't say anything... -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From nathan at uky.edu Thu Feb 8 20:31:27 2001 From: nathan at uky.edu (nrvale0) Date: Tue Dec 2 02:33:16 2003 Subject: some hardening tips/scripts Message-ID: <20010208153126.I11620@mammoth.netlab.uky.edu> Hoping that someone can give some advice on a few issues with a Samba PDC. First from the Samba side, is there a way to make Samba limit/deny null sessions? I think I remember reading that null sessions are needed to extract share information from IPC$, but is there something similar to the RestrictAnonymous registry key for Samba other than limiting hosts that can connect to a Samba PDC with the "hosts allow" options. From gcarter at valinux.com Thu Feb 8 20:40:06 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:16 2003 Subject: some hardening tips/scripts References: <20010208153126.I11620@mammoth.netlab.uky.edu> Message-ID: <3A830426.44324E44@valinux.com> nrvale0 wrote: > > ...but is there something similar to the > RestrictAnonymous registry key for Samba other than Check source/param/loadparm.c for 'restrict anonymous' Cheers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From nathan at uky.edu Thu Feb 8 20:54:01 2001 From: nathan at uky.edu (nrvale0) Date: Tue Dec 2 02:33:17 2003 Subject: some hardening tips/scripts In-Reply-To: <3A830426.44324E44@valinux.com>; from gcarter@valinux.com on Thu, Feb 08, 2001 at 02:40:06PM -0600 References: <20010208153126.I11620@mammoth.netlab.uky.edu> <3A830426.44324E44@valinux.com> Message-ID: <20010208155401.J11620@mammoth.netlab.uky.edu> > Check source/param/loadparm.c for 'restrict anonymous' Doh. It's in the man page for smbd also. :-\ Sorry about that one, but the question about the hardening script that doesn't interfere with PDC auth or roaming profiles still stands. Anybody? -- --- Nathan Valentine - nathan@uky.edu AIM: NRVesKY ICQ: 39023424 From martin at zamenhof.demon.co.uk Thu Feb 8 21:40:31 2001 From: martin at zamenhof.demon.co.uk (Martin Radford) Date: Tue Dec 2 02:33:17 2003 Subject: Point & Print & Permissions In-Reply-To: <20010208151734.A7757@oberon.physik.fu-berlin.de> from "Axel Thimm" at Feb 08, 2001 03:17:34 PM Message-ID: <200102082140.VAA18060@zamenhof.demon.co.uk> > But what about the printer shares themselves, which I do not want to be > public? A printer driver installation usually ends with printing a test page, > and I do not want to allow a guest print connection. So wouldn't the driver > installation utlimatively have to fail? There's a tool in the NT Zero Admin Kit (ZAK) called con2prt, which allows you to connect to a printer share from the command line. This looks after all the details for you (downloads the drivers, etc). It also allows you to disconnect the currently connected printers, and to set a printer as the default. This doesn't use the GUI, so you don't get any option to print a test page. Martin -- Martin Radford | "Only wimps use tape backup: _real_ martin@zamenhof.demon.co.uk | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V From fts_ces16 at yahoo.com Fri Feb 9 00:37:34 2001 From: fts_ces16 at yahoo.com (3DCAD) Date: Tue Dec 2 02:33:17 2003 Subject: Without dongle CAD software collection. Message-ID: <506833218.20010209033734@yahoo.com> Hello Dear, Without dongle CAD/CAM/CAE/GIS/3D/MAP software collection. Full working. Not demo. If You interested, please, see the list on www.vodka.at/cad/ -- Best regards, 3D P.S. Please not send emails back. This e-mail is unreal. From eirvine at tpgi.com.au Fri Feb 9 10:37:02 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:33:17 2003 Subject: Roving Profiles and web browser settings. Message-ID: <3A83C84E.113A0F3E@tpgi.com.au> Hi all, Is there anyone out there who is giving all their Staff/students a unique login AND using "roving profiles" with Windows NT? I'm looking for a way to automate some aspects of a new user's initial profile - MSIE settings in particular. I have been doing this with Win9x just fine for years, (by copying a standard USER.DAT file to their profile directory when they login) but I'd like to know what every one else is doing with NT before I get too serious. Eddie. From lepape at shom.fr Fri Feb 9 13:06:57 2001 From: lepape at shom.fr (Jean-Marc Le Pape) Date: Tue Dec 2 02:33:17 2003 Subject: Metaframe, NT Terminal Server on PDC Message-ID: <3A83EB71.B6037FC7@shom.fr> Hi, I have probleme with an NT terminal server with metaframe on a samba 2.2alpha2 PDC. The Terminal Server box can't find a Licence server on the PDC (normal ??). And i cannot use the published applications, i only have the desktop. I believed to understand that published applications in Metaframe are only initial applications. Is it possible or will it possible to define initial applications in samba 2.2 Thanks JM From jolt at nicholasofmyra.org Fri Feb 9 14:23:13 2001 From: jolt at nicholasofmyra.org (Joe Olt) Date: Tue Dec 2 02:33:17 2003 Subject: Roving Profiles and web browser settings. In-Reply-To: <3A83C84E.113A0F3E@tpgi.com.au> Message-ID: <5.0.2.1.0.20010209092046.00a6e658@10.100.0.4> I use to do this at a job I was at before. If you create a default profile and put it in your netlogon share, NT will use it for all new domain users on any machines. At 05:37 AM 2/9/2001, eirvine wrote: >Hi all, > >Is there anyone out there who is giving all their >Staff/students a unique login AND using "roving profiles" >with Windows NT? > >I'm looking for a way to automate some aspects of >a new user's initial profile - MSIE settings in >particular. I have been doing this with Win9x just >fine for years, (by copying a standard USER.DAT >file to their profile directory when they login) >but I'd like to know what every one else is doing >with NT before I get too serious. > >Eddie. From ctrlsoft at dds.nl Fri Feb 9 15:21:00 2001 From: ctrlsoft at dds.nl (ctrlsoft@dds.nl) Date: Tue Dec 2 02:33:17 2003 Subject: Profiles not synced back Message-ID: <242976833.981732060796.JavaMail.ctrlsoft@dds.nl> Hi, I tried the things that were suggested on this list; * sync the time of the client & server * check file permissions But none of these worked.. Maybe it's some setting in my policies file? Jelmer From jbcurry at hline.localhealth.net Fri Feb 9 15:51:00 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:17 2003 Subject: Without dongle CAD software collection. In-Reply-To: <506833218.20010209033734@yahoo.com> Message-ID: > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of 3DCAD > > Hello Dear, > ---SNIP--- > > Please not send emails back. > This e-mail is unreal. > Isn't that redundant? I mean, any e-mail that starts out "Hello Dear" is unreal. From philquinney at hotmail.com Fri Feb 9 18:43:37 2001 From: philquinney at hotmail.com (Philip Quinney) Date: Tue Dec 2 02:33:17 2003 Subject: Roving Profiles and web browser settings. Message-ID: Hi, I have just set up Samba TNG with a couple of NT/2000 machines. I have a standard profile that it copied to each of the users and then a very detailed Policy that sets everything from the proxy settings to the size of the Office Assistant. If you like I can send the template files for Poledit to you along with instrucitons. Good Luck, Phil Quinney. ----Original Message Follows---- From: eirvine To: nswcc@educate.net.au, samba-ntdom@samba.org Subject: Roving Profiles and web browser settings. Date: Fri, 09 Feb 2001 21:37:02 +1100 Hi all, Is there anyone out there who is giving all their Staff/students a unique login AND using "roving profiles" with Windows NT? I'm looking for a way to automate some aspects of a new user's initial profile - MSIE settings in particular. I have been doing this with Win9x just fine for years, (by copying a standard USER.DAT file to their profile directory when they login) but I'd like to know what every one else is doing with NT before I get too serious. Eddie. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From jelmer at nl.linux.org Fri Feb 9 20:20:53 2001 From: jelmer at nl.linux.org (Jelmer Vernooij) Date: Tue Dec 2 02:33:17 2003 Subject: Please send post again.. Message-ID: <20010209212052.A729@nl.linux.org> Hi, Someone reacted to my message about Profiles, but because of my own stupidity I threw it away... It was the change to be made to the registry to turn off local caching. Could you please resend your message? My excuses for my stupid behavior & thanks in advance. Jelmer From JasonH at KXTV.COM Fri Feb 9 20:29:02 2001 From: JasonH at KXTV.COM (Jason Hammond (Ex)) Date: Tue Dec 2 02:33:17 2003 Subject: FW: Roving Profiles and web browser settings. Message-ID: -----Original Message----- From: Jason Hammond (Ex) Sent: Friday, February 09, 2001 12:28 PM To: 'Philip Quinney' Subject: RE: Roving Profiles and web browser settings. I would love to see how your acomplishing this with NT. How are you copying the default profile for your new users. thanks. looks like you have a good grasp of policys and profiles. Jason -----Original Message----- From: Philip Quinney [mailto:philquinney@hotmail.com] Sent: Friday, February 09, 2001 10:44 AM To: eirvine@tpgi.com.au Cc: samba-ntdom@samba.org Subject: Re: Roving Profiles and web browser settings. Hi, I have just set up Samba TNG with a couple of NT/2000 machines. I have a standard profile that it copied to each of the users and then a very detailed Policy that sets everything from the proxy settings to the size of the Office Assistant. If you like I can send the template files for Poledit to you along with instrucitons. Good Luck, Phil Quinney. ----Original Message Follows---- From: eirvine To: nswcc@educate.net.au, samba-ntdom@samba.org Subject: Roving Profiles and web browser settings. Date: Fri, 09 Feb 2001 21:37:02 +1100 Hi all, Is there anyone out there who is giving all their Staff/students a unique login AND using "roving profiles" with Windows NT? I'm looking for a way to automate some aspects of a new user's initial profile - MSIE settings in particular. I have been doing this with Win9x just fine for years, (by copying a standard USER.DAT file to their profile directory when they login) but I'd like to know what every one else is doing with NT before I get too serious. Eddie. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. -------------- next part -------------- HTML attachment scrubbed and removed From Brecht.Samyn at kulak.ac.be Sat Feb 10 10:11:34 2001 From: Brecht.Samyn at kulak.ac.be (Brecht Samyn) Date: Tue Dec 2 02:33:17 2003 Subject: [Fwd: howto add static entries to WINS?] Message-ID: <3A8513D6.8CB88B9A@kulak.ac.be> Does anyone know how to do this with Samba? Thanks, Brecht -------- Original Message -------- From: werner maes Subject: HOWTO add static entries to WINS? To: samba@samba.org Newsgroups: comp.protocols.smb,linux.samba Hello, I've read the Netbios.txt documentation and it says: "The WINS server _can_ have static NetBIOS entries added to its database (usually for security reasons you might want to consider putting your domain controllers or other important servers as static entries,but you should not rely on this as your sole means of security),but for the most part, NetBIOS names are registered dynamically." How can you add static Netbios entries (f.e. for a logon server) to a Samba based WINS server? Any information would be appreciated, Werner Maes LUDIT-KULeuven From schumi-news at gmx.de Sat Feb 10 11:05:25 2001 From: schumi-news at gmx.de (Schumacher Christoph) Date: Tue Dec 2 02:33:17 2003 Subject: Joining SambaDomain with Win2k(german) Message-ID: <3A852075.AB7C35DB@gmx.de> Hello... I have tried to install Samba on FBSD 4.2. Installing is wonderfull. So I followed the PDC-HowTo and made my smb.conf, a root smb-account and all the other stuff. But alway I try to join domain with Win2k I get message: ( translated from german) ' The account you're using is a workstation-account. Use a standard local user account to access this server' ??? What's wrong with my samba installation. I tried HEAD and SAMBA_2_2 from 10.Feb. ~11:00 and got the same error message. my smb.conf global is: [global] workgroup = BLUENET netbios name = MERLIN server string = Samba 2.2.0-Logon Server interfaces = 192.168.100.2/24 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes map to guest = Bad User unix password sync = Yes log level = 30 time server = Yes max open files = 1000 socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT load printers = No character set = ISO8859-1 domain groups = users domain admin group = @domainadmin domain admin users = root add user script = /usr/sbin/adduser -noconfig -group users -d /dev/null -s /bin/false %m$ logon script = NETLOGON.BAT logon path = //%N/%U/NTprofile logon home = domain logons = Yes os level = 65 preferred master = True domain master = True remote announce = 192.168.100.255/BLUENET socket address = 192.168.100.2 guest account = ftp create mask = 0775 directory mask = 0775 Help would be fine. Thanks Christoph From eirvine at tpgi.com.au Sat Feb 10 13:11:15 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:33:17 2003 Subject: FW: Roving Profiles and web browser settings. References: Message-ID: <3A853DF3.BCC1947E@tpgi.com.au> Hi Jason, "Jason Hammond (Ex)" wrote: > > Part 1.1Type: Plain Text (text/plain) yes. I'd like a copy very much. Eddie From Jean-Francois.Micouleau at dalalu.fr Sat Feb 10 13:24:49 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:17 2003 Subject: Joining SambaDomain with Win2k(german) In-Reply-To: <3A852075.AB7C35DB@gmx.de> Message-ID: On Sat, 10 Feb 2001, Schumacher Christoph wrote: > What's wrong with my samba installation. I tried HEAD and SAMBA_2_2 from > 10.Feb. ~11:00 and got the same error message. > > my smb.conf global is: > [global] > add user script = /usr/sbin/adduser -noconfig -group users -d > /dev/null > -s /bin/false %m$ change your add user script to: /usr/sbin/adduser -noconfig -group users -d /dev/null -s /bin/false %u and that will work. That bug has been fixed in SAMBA_2_2 (cvs) last weekend. Samba HEAD (cvs) is not yet fixed. J.F. From schumi-news at gmx.de Sat Feb 10 13:49:36 2001 From: schumi-news at gmx.de (Schumacher Christoph) Date: Tue Dec 2 02:33:17 2003 Subject: Joining SambaDomain with Win2k(german) References: Message-ID: <3A8546F0.2325E4E4@gmx.de> > > What's wrong with my samba installation. I tried HEAD and SAMBA_2_2 from > > 10.Feb. ~11:00 and got the same error message. > > > > my smb.conf global is: > > [global] > > add user script = /usr/sbin/adduser -noconfig -group users -d > > /dev/null > > -s /bin/false %m$ > > change your add user script to: > > /usr/sbin/adduser -noconfig -group users -d /dev/null -s /bin/false %u > I did it. But it still doesnt work.... Christoph From mark at axeon.screaming.net Sat Feb 10 15:49:27 2001 From: mark at axeon.screaming.net (Mark) Date: Tue Dec 2 02:33:17 2003 Subject: Windows 9x Message-ID: <000e01c09379$0cca3c00$0b01a8c0@MARKSYSTEM> Does anyone know whether it is possible to set Directory Permissions on a Samba Server using Windows 9x (ie right clicking on directory, and changin permisions, like you can do with NT) many thanks mark -------------- next part -------------- HTML attachment scrubbed and removed From slu at firerun.net Sat Feb 10 17:42:02 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:17 2003 Subject: Joining SambaDomain with Win2k(german) References: <3A8546F0.2325E4E4@gmx.de> Message-ID: <3A857D6A.D4D9A108@firerun.net> You need to set the "unix password sync" to no when joining a workstation to the domain. After you join the domain you can change it back. Patrick Schumacher Christoph wrote: > > > What's wrong with my samba installation. I tried HEAD and SAMBA_2_2 from > > > 10.Feb. ~11:00 and got the same error message. > > > > > > my smb.conf global is: > > > [global] > > > add user script = /usr/sbin/adduser -noconfig -group users -d > > > /dev/null > > > -s /bin/false %m$ > > > > change your add user script to: > > > > /usr/sbin/adduser -noconfig -group users -d /dev/null -s /bin/false %u > > > > I did it. But it still doesnt work.... > > Christoph From Jean-Francois.Micouleau at dalalu.fr Sat Feb 10 18:03:38 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:17 2003 Subject: Joining SambaDomain with Win2k(german) In-Reply-To: <3A857D6A.D4D9A108@firerun.net> Message-ID: On Sat, 10 Feb 2001, Patrick wrote: > You need to set the "unix password sync" to no when joining a > workstation to the domain. After you join the domain you can change it > back. not anymore in SAMBA_2_2 cvs. I fixed that too last weekend. J.F. From marcus.smiley at ericsson.com Sat Feb 10 20:30:53 2001 From: marcus.smiley at ericsson.com (Marcus Smiley) Date: Tue Dec 2 02:33:17 2003 Subject: force password change Message-ID: <20010210133053.A28539@riptide.bo.us.am.ericsson.se> I saw some threads regarding this a few months back, but dunno if anything has changed. Just wondering if it's possible, using (latest stable samba, preferrably) as a PDC, to force folks to change their domain passwords at certain intervals (biweekly or monthly) yet. Any input is appeciated! -Marc From Joachim.Jaeckel at coffeebreak.de Sat Feb 10 22:37:36 2001 From: Joachim.Jaeckel at coffeebreak.de (www.coffeebreak.de user) Date: Tue Dec 2 02:33:17 2003 Subject: Giving administrator rights to a network-known user? Message-ID: <3A85C2B0.747518B4@coffeebreak.de> Hello, I?m using samba with the PDC functionality since last summer without any problems. But now, I have to add a user, which is only known by my samba-pdc to the rights, which has administrator-rights on the local NT-Clients. The problem is, that I want to use a Palm-Pilot on a NT-Client and the installation program want to have a user with administrator rights. To install the program as an administrator will not work, if I login afterwards as an ordinary network-user. Could you give me a tip, how I could handle my problem? Thanks in advance, Joachim. From jean-marc.richmann at reda.net Sun Feb 11 12:48:07 2001 From: jean-marc.richmann at reda.net (jean-marc richmann) Date: Tue Dec 2 02:33:17 2003 Subject: (no subject) Message-ID: <3a868a07.105.0@reda.net> I would like to join the list i am teacher in france and I want to install a samba server in my school yhank you ___ jean-marc richmann E-mail: jean-marc.richmann@reda.net From teilo at cdt.luth.se Sun Feb 11 12:47:40 2001 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:33:17 2003 Subject: Giving administrator rights to a network-known user? References: <3A85C2B0.747518B4@coffeebreak.de> Message-ID: <3A8689EC.90709@cdt.luth.se> www.coffeebreak.de user wrote: > Hello, > > I?m using samba with the PDC functionality since last summer without any > problems. But now, I have to add a user, which is only known by my > samba-pdc to the rights, which has administrator-rights on the local > NT-Clients. > > The problem is, that I want to use a Palm-Pilot on a NT-Client and the > installation program want to have a user with administrator rights. To > install the program as an administrator will not work, if I login > afterwards as an ordinary network-user. > > Could you give me a tip, how I could handle my problem? > > Thanks in advance, > Joachim. The following works with version 3.x, not sure about 4. 1) Install the desktop as an admin user. 2) as the user who want to run the desktop run "C:\Program Files\palm\palm.exe" -r /James -- -- Technology is a word that describes something that doesn't work yet. Douglas Adams From simo.sorce at polimi.it Sun Feb 11 13:07:19 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:17 2003 Subject: (no subject) In-Reply-To: <3a868a07.105.0@reda.net> Message-ID: On Sun, 11 Feb 2001, jean-marc richmann wrote: > I would like to join the list > i am teacher in france and I want to install a samba server in my school > > yhank you go to http://lists.samba.org/listinfo/ select the mailing list you want to subscribe to and follow instructions. -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From nicku at vtc.edu.hk Sun Feb 11 14:26:57 2001 From: nicku at vtc.edu.hk (Nick Urbanik) Date: Tue Dec 2 02:33:17 2003 Subject: Does alpha2 work or not? Message-ID: <3A86A130.7271953E@vtc.edu.hk> Dear team, Does alpha2 work as a PDC for Win2000 clients? To quote the 2.2 PDC FAQ: Please note it does not apply to Samba2.2alpha0, Samba2.2alpha1, Samba 2.0.7, TNG nor HEAD branch. To quote the WHATSNEW.txt file with alpha2: A known problem is this version of Samba will not act as a PDC for Win2k clients (although it works as a member server in a Win2k hosted domain). This is being actively worked on and it is intended this be fixed before 2.2.0 release. But alpha2 is a snapshot of CVS. I am very confused. 1. Is alpha2 or is it not able to work as a PDC for Win2k clients (aka 2.2 PDC FAQ and 2.2 PDC HOWTO)? 2. If not, then which dates did CVS actually work as mentioned in the 2.2 PDC FAQ? 3. How do I get the snapshots that work, since it seems that the snapshots that are provided don't work? -- Nick Urbanik, Dept. of Computing and Mathematics Hong Kong Institute of Vocational Education (Tsing Yi) email: nicku@vtc.edu.hk Tel: (852) 2436 8576, (852) 2436 8579 Fax: (852) 2435 1406 pgp ID: 7529555D fingerprint: 53 B6 6D 73 52 EE 1F EE EC F8 21 98 45 1C 23 7B From dariush at forouher.de Sun Feb 11 15:43:10 2001 From: dariush at forouher.de (Dariush Forouher) Date: Tue Dec 2 02:33:17 2003 Subject: Does alpha2 work or not? In-Reply-To: <3A86A130.7271953E@vtc.edu.hk> Message-ID: On Sun, 11 Feb 2001, Nick Urbanik wrote: > 1. Is alpha2 or is it not able to work as a PDC for Win2k clients (aka > 2.2 PDC FAQ and 2.2 PDC HOWTO)? All snapshots (including alpha2) have broken win2k pdc support. > 2. If not, then which dates did CVS actually work as mentioned in the > 2.2 PDC FAQ? IMHO it's fixed some days ago > 3. How do I get the snapshots that work, since it seems that the > snapshots that are provided don't work? via cvs, it's in the faq Dariush From chameio at yahoo.com Sun Feb 11 16:27:36 2001 From: chameio at yahoo.com (=?iso-8859-1?q?Andre=20Leonidas?=) Date: Tue Dec 2 02:33:17 2003 Subject: BIG PROBLEM Message-ID: <20010211162736.11218.qmail@web1106.mail.yahoo.com> I want to change a NT domain for samba domain. I got to include a win98. but when i try to change the domain for NT machines in the ip properties in Control panel according with the book "Using Samba" ... appears the message The domain controller for this domain cannot be located .. OBSs .. Samba version is 2.0.x.x,debian linux, I follow all the instrunctions to linux be PDC. the NTs machines works properly in NT domain. I did the machines counts in samba and all things in the tutorial. why just the win98 worked propperly and NT not ?? how can resolve this or know whats the problem? Andre __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From mharding at ecwebworks.com Sun Feb 11 17:08:25 2001 From: mharding at ecwebworks.com (Marc Harding) Date: Tue Dec 2 02:33:17 2003 Subject: NT type Permissions to Win2k machines. Message-ID: <5.0.2.1.2.20010211114900.00a653d8@mail.ecwebworks.com> I have a simple question. I have been working with the cvs versions of samba 2.2 for some time now and seem to have all the functionality I need to start using it. However the one major issue I am having is bring down permissions from the domain to a Windows 2000 Professional machine (which is part of the domain). For example if I try to add a user or a group from the domain to be part of the Administrators group, I see no users to pull from, and I only see the Domain Admins group. Is this normal at this point in development? If I choose the Domain Admins group, and click OK, in the 'Select user or group' Dialog box, followed by Apply in the 'Administrators Properties' Dialog box. I get the following error: The following error occurred while attempting to save properties for group Administrators on computer EC001: The trust relationship between this workstation and the primary domain failed. Is this what is currently normal, or can someone work out where I have made a mistake? Thanks, Marc Harding. From Jean-Francois.Micouleau at dalalu.fr Sun Feb 11 18:26:51 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:17 2003 Subject: NT type Permissions to Win2k machines. In-Reply-To: <5.0.2.1.2.20010211114900.00a653d8@mail.ecwebworks.com> Message-ID: On Sun, 11 Feb 2001, Marc Harding wrote: > I have a simple question. I have been working with the cvs versions of > samba 2.2 for some time now and seem to have all the functionality I need > to start using it. However the one major issue I am having is bring down > permissions from the domain to a Windows 2000 Professional machine (which > is part of the domain). For example if I try to add a user or a group from > the domain to be part of the Administrators group, I see no users to pull > from, and I only see the Domain Admins group. Is this normal at this point > in development? > > If I choose the Domain Admins group, and click OK, in the 'Select user or > group' Dialog box, followed by Apply in the 'Administrators Properties' > Dialog box. I get the following error: All of this is normal. I have a fairly large patch to implement correctly group mapping in samba. I hope to finish it soon. Once integrated, you will be able to add domain groups (from the samba PDC) in local group (on the NT client). The only thing not possible on a samba PDC or samba domain member will be to add domain groups in the local groups. J.F. From anders at cwd.no Sun Feb 11 20:15:32 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:33:17 2003 Subject: BIG PROBLEM In-Reply-To: <20010211162736.11218.qmail@web1106.mail.yahoo.com> Message-ID: <000001c09467$636d6570$6402a8c0@thorsen.dhs.org> "Domain Logons" for Win9x and WinNT is two wery different things. Look at your parameters / read David Bannon's samba FAQ. (www.samba.org) --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Andre Leonidas Sent: Sunday, February 11, 2001 5:28 PM To: samba-ntdom@samba.org Subject: BIG PROBLEM I want to change a NT domain for samba domain. I got to include a win98. but when i try to change the domain for NT machines in the ip properties in Control panel according with the book "Using Samba" ... appears the message The domain controller for this domain cannot be located .. OBSs .. Samba version is 2.0.x.x,debian linux, I follow all the instrunctions to linux be PDC. the NTs machines works properly in NT domain. I did the machines counts in samba and all things in the tutorial. why just the win98 worked propperly and NT not ?? how can resolve this or know whats the problem? Andre __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From heathertansg at yahoo.com.sg Mon Feb 12 03:38:30 2001 From: heathertansg at yahoo.com.sg (=?iso-8859-1?q?Heather=20Tan?=) Date: Tue Dec 2 02:33:17 2003 Subject: How do I sync NT,Unix and Samba password Message-ID: <20010212033830.3528.qmail@web12704.mail.yahoo.com> hello, My attempt to synchronise NT passwords with Unix and Samba passwords has failed. Can you help me ? I had set up Samba running on an unix server and had also joined Samba to NT domain. The content in my users.map file on unix are like this : sambausr = heathertan sambausr = roberttan sambauser = peterchan As the start, sambausr has the same password on NT,Unix and Samba. My understanding is that when I change NT password for sambauser, the Unix and Samba passwords for sambausr can be synchronised. But I don't seem to get that. My current configuration is as follows : security = Domain encrypt password = Yes null password = no unix password sync = yes Did I miss out any parameter ? Thanks __________________________________________________ Do You Yahoo!? Yahoo! Mail ? Free email you can access from anywhere! http://mail.yahoo.com.sg/ From heathertansg at yahoo.com.sg Mon Feb 12 03:44:03 2001 From: heathertansg at yahoo.com.sg (=?iso-8859-1?q?Heather=20Tan?=) Date: Tue Dec 2 02:33:17 2003 Subject: How do I sync NT,Unix and Samba Passwords ? Message-ID: <20010212034403.7381.qmail@web12707.mail.yahoo.com> hello, My attempt to synchronise NT passwords with Unix and Samba passwords has failed. Can you help me ? I had set up Samba running on an unix server and had also joined Samba to NT domain. The content in my users.map file on unix are like this : sambausr = heathertan sambausr = roberttan sambauser = peterchan As the start, sambausr has the same password on NT,Unix and Samba. My understanding is that when I change NT password for sambauser, the Unix and Samba passwords for sambausr can be synchronised automatically, without any manual intervention. Is this possible? I don't seem to get that. My current configuration is as follows : security = Domain encrypt password = Yes null password = no unix password sync = yes Did I miss out any parameter ? Thanks __________________________________________________ Do You Yahoo!? Yahoo! Mail ? Free email you can access from anywhere! http://mail.yahoo.com.sg/ From lkcl at samba-tng.org Mon Feb 12 11:22:20 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:17 2003 Subject: CVS update: tng/source/libsmb (fwd) Message-ID: anyone who has had difficulty with nt5 joining TNG domains, much appreciated if you could retry. i think SP1 may have done some security-rewrites, again. ----- Luke Kenneth Casson Leighton ----- "i want a world of dreams, run by near-sighted visionaries" "good. that's them sorted out. now, on _this_ world..." ---------- Forwarded message ---------- Date: Sun, 11 Feb 2001 18:02:00 +0100 (CET) From: Luke Kenneth Casson Leighton Reply-To: tng-cvs@lists.dcerpc.org To: tng-cvs@lists.dcerpc.org Subject: CVS update: tng/source/libsmb Date: Sunday February 11, 2001 @ 18:02 Author: lkcl Update of /home/cvsroot/dcerpc/tng/source/libsmb In directory angua:/tmp/cvs-serv23247/libsmb Modified Files: cliconnect.c clientgen.c Log Message: nt5 sp1 not-member-of-domain (wkgrp) CAP_EXTENDED_SECURITY wasn't working. disabled. From don_mccall at hp.com Mon Feb 12 14:28:58 2001 From: don_mccall at hp.com (MCCALL,DON (HP-USA,ex1)) Date: Tue Dec 2 02:33:17 2003 Subject: BIG PROBLEM Message-ID: <079FD72E42C9D311B854009027650E6F040507E8@xatl02.atl.hp.com> Hello Andre, The only version of Samba that includes functional PDC ability for NT clients is the 2.2.x version (the 'TNG') version; 2.2.0Alpha2 is the latest alpha release of this version. Try pulling that down and using it instead. Don -----Original Message----- From: Andre Leonidas [mailto:chameio@yahoo.com] Sent: Sunday, February 11, 2001 11:28 AM To: samba-ntdom@samba.org Subject: BIG PROBLEM I want to change a NT domain for samba domain. I got to include a win98. but when i try to change the domain for NT machines in the ip properties in Control panel according with the book "Using Samba" ... appears the message The domain controller for this domain cannot be located .. OBSs .. Samba version is 2.0.x.x,debian linux, I follow all the instrunctions to linux be PDC. the NTs machines works properly in NT domain. I did the machines counts in samba and all things in the tutorial. why just the win98 worked propperly and NT not ?? how can resolve this or know whats the problem? Andre __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From YackettaRJ at worldkitchen.com Mon Feb 12 14:44:02 2001 From: YackettaRJ at worldkitchen.com (Yacketta,Ronald J) Date: Tue Dec 2 02:33:17 2003 Subject: Joining SambaDomain with Win2k(german) Message-ID: <1237B4A605ECD4119C9B0002A50A58147FDC53@newman.worldkitchen.com> I had the same problem yesterday, I created the root and machine account as per the HowTo. When I went to join the domain I received the same exact error message. I did a bit of digging and finally removed the machine account from smbpasswd and tried to join the domain and would you know it worked *shrug* and this was from the 2_2 CVS downloaded on Sunday around ~8pm EST Ron =>-----Original Message----- =>From: Schumacher Christoph [mailto:schumi-news@gmx.de] =>Sent: Saturday, February 10, 2001 6:05 AM =>To: samba-ntdom@us5.samba.org =>Subject: Joining SambaDomain with Win2k(german) => => =>Hello... => =>I have tried to install Samba on FBSD 4.2. Installing is wonderfull. =>So I followed the PDC-HowTo and made my smb.conf, a root =>smb-account and =>all the other stuff. =>But alway I try to join domain with Win2k I get message: ( translated =>from german) =>' The account you're using is a workstation-account. Use a standard =>local user account to access this server' ??? =>What's wrong with my samba installation. I tried HEAD and =>SAMBA_2_2 from =>10.Feb. ~11:00 and got the same error message. => =>my smb.conf global is: =>[global] => workgroup = BLUENET => netbios name = MERLIN => server string = Samba 2.2.0-Logon Server => interfaces = 192.168.100.2/24 => bind interfaces only = Yes => security = DOMAIN => encrypt passwords = Yes => map to guest = Bad User => unix password sync = Yes => log level = 30 => time server = Yes => max open files = 1000 => socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT => load printers = No => character set = ISO8859-1 => domain groups = users => domain admin group = @domainadmin => domain admin users = root => add user script = /usr/sbin/adduser -noconfig -group users -d =>/dev/null =>-s /bin/false %m$ => logon script = NETLOGON.BAT => logon path = //%N/%U/NTprofile => logon home = => domain logons = Yes => os level = 65 => preferred master = True => domain master = True => remote announce = 192.168.100.255/BLUENET => socket address = 192.168.100.2 => guest account = ftp => create mask = 0775 => directory mask = 0775 => => =>Help would be fine. => =>Thanks => =>Christoph => => From grahamj at virtue.cx Mon Feb 12 15:24:16 2001 From: grahamj at virtue.cx (Jonathan Graham) Date: Tue Dec 2 02:33:17 2003 Subject: BIG PROBLEM In-Reply-To: <079FD72E42C9D311B854009027650E6F040507E8@xatl02.atl.hp.com> Message-ID: This of course depends on what you mean by "functional". I can tell you quite confidently that although TNG does have PDC ability for WinNT and Win2K. I can also say that Samba 2.0.7 can be set up to allow domain logons for WinNT 4.0 (I was using this up until last month when I upgraded one of my workstations to Win2K). The CVS version of Samba 2.2 seems to work (but not without some difficulty) in allowing both WinNT 4.0 and Win2K to join a domain. J. --- Look at it like this: It's a picnic, only there's no food and we're all going to die. On Mon, 12 Feb 2001, MCCALL,DON (HP-USA,ex1) wrote: > Hello Andre, > The only version of Samba that includes functional PDC ability > for NT clients is the 2.2.x version (the 'TNG') version; 2.2.0Alpha2 > is the latest alpha release of this version. > Try pulling that down and using it instead. > Don > > -----Original Message----- > From: Andre Leonidas [mailto:chameio@yahoo.com] > Sent: Sunday, February 11, 2001 11:28 AM > To: samba-ntdom@samba.org > Subject: BIG PROBLEM > > > > I want to change a NT domain for samba domain. > I got to include a win98. > but when i try to change the domain for NT machines > in the ip properties in Control panel according with > the book "Using Samba" ... appears the message > > The domain controller for this domain cannot be > located > > .. OBSs > .. Samba version is 2.0.x.x,debian linux, I follow > all the instrunctions to linux be PDC. > the NTs machines works properly in NT domain. I did > the machines counts in samba and all things in the > tutorial. > > why just the win98 worked propperly and NT not ?? > how can resolve this or know whats the problem? > > Andre > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ > > From schumi-news at gmx.de Mon Feb 12 15:35:08 2001 From: schumi-news at gmx.de (Christoph Schumacher) Date: Tue Dec 2 02:33:18 2003 Subject: Joining SambaDomain with Win2k(german) References: <1237B4A605ECD4119C9B0002A50A58147FDC53@newman.worldkitchen.com> Message-ID: <000c01c09509$616b7350$0364a8c0@bluenet.de> Hi Ron Hi solved the problem. The failure is, that the adduser programm of BSD is the wrong add user script. You have to use "/usr/sbin/pw", BUT: that doesnt work too, because w2k wants to add an account with the name of the win2k machine with a "$" in the name, e.g. merlin$ if the w2k machines name is merlin. Add the user "by hand" without "$",vipw the passwd file and add the $ sign, smbpasswd -a....and it will work. ----- Original Message ----- From: "Yacketta,Ronald J" To: "Schumacher Christoph" Cc: Sent: Monday, February 12, 2001 3:44 PM Subject: RE: Joining SambaDomain with Win2k(german) > I had the same problem yesterday, I created the root and machine account > as per the HowTo. When I went to join the domain I received the same exact > error > message. I did a bit of digging and finally removed the machine account from > smbpasswd > and tried to join the domain and would you know it worked *shrug* and this > was > >from the 2_2 CVS downloaded on Sunday around ~8pm EST > > From mjorda at berlitz.de Mon Feb 12 16:03:10 2001 From: mjorda at berlitz.de (mjorda@berlitz.de) Date: Tue Dec 2 02:33:18 2003 Subject: Novell Client and Samba PDC Message-ID: <3A88174E.12929.16BC5D2@localhost> I set up samba as pdc. I run NT4 (SP6) workstations with Novell Client for NT 4.8. If I try to logon to the domain, I got a blue screen. Not using the Novell client everything works fine. I tried to find the problem by using Novell client 4.1, 4.5, 4.7 instead of 4.8 but it doesn't work. I tried different hardware, the problem still accured. Iwhat I found out is: if I change the registry of the workstation i.e. replace the key [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] GinaDLL="MSGINA.DLL" instaead of GinaDLL="NWGINA.DLL" the blue screen will not appear. Has anybody any idea or had the problem and fixed it? thanks in advance Manfred From barth at cck.uni-kl.de Mon Feb 12 16:34:20 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:18 2003 Subject: Novell Client and Samba PDC In-Reply-To: <3A88174E.12929.16BC5D2@localhost> Message-ID: <3A881E9C.28974.22CBD5E@localhost> > the blue screen will not appear. Has anybody any idea or had the > problem and fixed it? No idea, no fix, but I remember this problem has allready been occured about 2 or 3 years ago. But I don't know if it has been fixed. (We "fixed" a coule of NT problmes when getting rid of Novell this years - Which isn't any judgement of Novell) Christian _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From dariush at forouher.de Mon Feb 12 17:04:37 2001 From: dariush at forouher.de (Dariush Forouher) Date: Tue Dec 2 02:33:18 2003 Subject: BIG PROBLEM In-Reply-To: <079FD72E42C9D311B854009027650E6F040507E8@xatl02.atl.hp.com> Message-ID: On Mon, 12 Feb 2001, MCCALL,DON (HP-USA,ex1) wrote: > The only version of Samba that includes functional PDC ability > for NT clients is the 2.2.x version (the 'TNG') version; 2.2.0Alpha2 That's wrong. Samba 2.0.7 can act as a PDC for NT4 workstations. It only failes with Win2K. Dariush From joe at bridgewater.edu Mon Feb 12 17:09:59 2001 From: joe at bridgewater.edu (Joe Meslovich) Date: Tue Dec 2 02:33:18 2003 Subject: Authenicating users on W2K WRKSTN Message-ID: I have a server running samba 2.2.0 downloaded from the cvs last thursday. The system is configured as a PDC per David Bannon's HowTo. I have a W2K workstation. I want to be able to authenticate users who are in the samba smbpasswd file but not set up as users on the W2K workstation. I can authenticate and log in as long as the user on the samba system is also a user on the workstation. I have a user base of roughly 1500, and I do not want to have to manually replicate all of those users to every public system on my campus. I can include a copy of my debugging log to show what happens when a user that is on the samba server but not workstation tries to log on to the domain from the workstation. The workstation is joined to the domain. The workstation returns an error stating that the netlogon service is not running on this system. Any help that can be rendered would be greatly appreciated, but I am starting to get the feeling that a user on the samba PDC also has to be a user on the workstation in order to log in. Thank you, Joe Meslovich ---------------------------------------------------------------------------- Joe Meslovich joe@bridgewater.edu Associate Network/Systems Engineer College Box 499 Tel: (540) 828 - 5343 From grahamj at virtue.cx Mon Feb 12 18:51:55 2001 From: grahamj at virtue.cx (Jonathan Graham) Date: Tue Dec 2 02:33:18 2003 Subject: BIG PROBLEM In-Reply-To: Message-ID: On Mon, 12 Feb 2001, Dariush Forouher wrote: > On Mon, 12 Feb 2001, MCCALL,DON (HP-USA,ex1) wrote: > > The only version of Samba that includes functional PDC ability > > for NT clients is the 2.2.x version (the 'TNG') version; 2.2.0Alpha2 > That's wrong. Samba 2.0.7 can act as a PDC for NT4 workstations. > It only failes with Win2K. > > Dariush Actually in a limited circumstance it even works with Win2K. A NT4.0 box that has sucessfully joined a 2.0.7 domain which is then upgraded (not a clean install) to Win2K will continue to allow you to logon to that same domain. J. From don_mccall at hp.com Mon Feb 12 20:41:40 2001 From: don_mccall at hp.com (MCCALL,DON (HP-USA,ex1)) Date: Tue Dec 2 02:33:18 2003 Subject: BIG PROBLEM Message-ID: <079FD72E42C9D311B854009027650E6F040507EE@xatl02.atl.hp.com> Thank you, everyone; I had made assumptions based on my 2.0.6 experience, and info from the "Using Samba" book, that indicated that the PDC functionality for NT was broken until 2.2.0... I have since tested against 2.0.7 on HP-UX and indeed it does work with the caveats mentioned. Thanks again, Don -----Original Message----- From: Jonathan Graham [mailto:grahamj@virtue.cx] Sent: Monday, February 12, 2001 1:52 PM To: Dariush Forouher Cc: MCCALL,DON (HP-USA,ex1); 'Andre Leonidas'; samba-ntdom@samba.org Subject: RE: BIG PROBLEM On Mon, 12 Feb 2001, Dariush Forouher wrote: > On Mon, 12 Feb 2001, MCCALL,DON (HP-USA,ex1) wrote: > > The only version of Samba that includes functional PDC ability > > for NT clients is the 2.2.x version (the 'TNG') version; 2.2.0Alpha2 > That's wrong. Samba 2.0.7 can act as a PDC for NT4 workstations. > It only failes with Win2K. > > Dariush Actually in a limited circumstance it even works with Win2K. A NT4.0 box that has sucessfully joined a 2.0.7 domain which is then upgraded (not a clean install) to Win2K will continue to allow you to logon to that same domain. J. From jbcurry at hline.localhealth.net Mon Feb 12 22:25:20 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:18 2003 Subject: read: policies not working. In-Reply-To: <005001c1b393$1f2705a0$0a6fa8c0@fatsamurai.org> Message-ID: > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Anton Bonifacio > Sent: Tuesday, February 12, 2002 2:02 AM > > good evening, > > i recently setup samba as a logon server for my LAN at home. my > problem is that i can't seem to get policies to work. i've put > the file Config.pol, NTconfig.pol, and created symbolic links as > config.pol, ntconfig.pol and different case combinations at the > netlogon directory. unfortunately, i haven't been succesful. Since you said your clients are Win98SE, the file would be named config.pol and placed in the [netlogon] share. The permissions for the file and directory have to allow users proper access. Please note that you must be using domain logons for this to work. Make sure that your smb.conf file has the settings appropriate for a Primary Domain Controller. (domain logons=true, encrypt passwords=true, smb passwd file=/wherever/your/smbpasswd/file/is, etc...) > the policy reads that "Default User" will get a restricted > desktop. not happening. Also make sure there are no other policies for the specific machine, user, etc... that may conflict with that policy. > > i disabled roaming profiles through the Win98 Workstation, by > going to passwords and clicking on "one profile for everybody". > will this affect system policies? That wouldn't cause you any problems with using system policies. > i created the policy through the Win98 Resource Kit's System > Policy Editor. i disabled roaming profiles because downloading > and uploading data everytime i log-off was getting annoying. > is there a way to disable this through smb.conf also? Don't know. Can't think of why you'd need to. You should be able to do this in the policy, once you have it working. By the way, you can reduce how long the transfer takes during logon/logoff by limiting what's stored in the user's local profile directory. For an example, I believe that Internet Explorer by default uses quite a bit of space in this directory, so just modify the settings to tell it not to. Hope all this helps! > i hope somebody can shed me some light here on how to make system > policies work. i am using Samba 2.0.7, with SuSE Linux 7.0, the > clients are Windows98SE boxes. > > thank you for your help. > > Anton Bonifacio > From ntl-linux at ntlworld.com Mon Feb 12 23:39:33 2001 From: ntl-linux at ntlworld.com (Jim Jarvie) Date: Tue Dec 2 02:33:18 2003 Subject: Policies (Again) GROUPPOL.DLL Message-ID: <20010212.23393356@jim.jarvie.org.uk> I have a network of around 1000 users, using Win98 logging onto a number of Samba [2.0.7] servers. I've checked the archives, read everything I can find, but *still* cannot get group policies to work. User policies are OK, default policies are OK, machine policies are OK. I have grouppol.dll installed and configured as per the instructions. I've checked the ms website and everything looks OK. However, group policies still do not work. My windows 98 media has 2 versions of grouppol.dll, BOTH of which I've tried. Ver.1 (Part Of Poledit (tools\reskit\net)) grouppol.dll, 11,776 bytes, 23 apr 1999 Ver.2 (Part of Win98 (\win98\win98_61.cab)) grouppol.dll, 32,768 bytes, 23 apr 1999 Can someone tell me which one is the correct ? all the previous postings simply say to get the working one ! Which is the working one ? (I've even used example configs, but these still give identical results) Regards Jim From johnny_5five at lycos.com Tue Feb 13 01:04:33 2001 From: johnny_5five at lycos.com (John Doe) Date: Tue Dec 2 02:33:18 2003 Subject: I cant get "server = domain" to work Message-ID: Ok, here is my situation, I have a Samba server (Sam) and an NT Domain controller(NewT) on a domain called Dominic. I am trying to be able to log into Sam using NewT to verify the passwords and usernames. I did have it working with the "security = server" option, but i eventually want to be able to dynamically add users to Sam, along with what groups they belong too (hopefully using the "add user script = " and the "delete user script = " options). This means that i need "security = domain". I stopped the smb daemons, added Sam to the domain on NewT(as a "Windows NT workstation or server"), then typed the following command on Sam to add him to the domain: smbpasswd -j Dominic -r NewT , edited the smb.conf file to this: ###################### SMB.CONF ###################### [global] netbios name = Sam encrypt passwords = yes security = domain domain logons = yes ##I have tried without this line #also workgroup = Dominic password server = NewT guest ok = yes ###################################################### #I have also played with many of these options #(i dont think most of 'em matter, but you nevr know #log file = directory/samba.log #max log file = 1000 #local master = no #dns proxy = no #guest account = ftp ###################################################### [share1] read only = yes write list = user1 ##(username is "user1") path = directory/share ################ END SMB.CONF ####################### and then i restarted the daemons. I tried to log in using a username (user1) that worked with "security = server" (ie, it is a valid unix account and a valid NT account). I have also tried many variations of the above and have came up with nothing. I know simular questions have been asked and i apologize, but i am kinda new to this game, and i have not been able to figure this one out, thankyou to anyone who can help, i really appreciate it :) Get your small business started at Lycos Small Business at http://www.lycos.com/business/mail.html From chameio at yahoo.com Tue Feb 13 03:46:08 2001 From: chameio at yahoo.com (=?iso-8859-1?q?Andre=20Leonidas?=) Date: Tue Dec 2 02:33:18 2003 Subject: BIG PROBLEM whith log Message-ID: <20010213034608.27001.qmail@web1101.mail.yahoo.com> My last message were that .. I want to change a NT domain for samba domain. I got to include a win98. but when i try to change the domain for NT machines in the ip properties in Control panel according with the book "Using Samba" ... appears the message The domain controller for this domain cannot be located .. OBSs .. Samba version is 2.0.x.x,debian linux, I follow all the instrunctions to linux be PDC. the NTs machines works properly in NT domain. I did the machines counts in samba and all things in the tutorial. why just the win98 worked propperly and NT not ?? how can resolve this or know whats the problem? After I looked at my log and i saw strange things [2001/02/13 03:46:37, 1] nmbd/nmbd.c:main(757) Netbios nameserver version 2.0.7 started. Copyright Andrew Tridgell 1994-1998 [2001/02/13 03:46:37, 0] nmbd/asyncdns.c:start_async_dns(150) started asyncdns process 194 WHAT MEANS THIS PART?? Is a reason to pdc fail??? ---> **************************************************** [2001/02/13 03:46:37, 0] nmbd/nmbd_nameregister.c:register_name_response(111) register_name_response: server at IP 200.19.148.245 rejected our name registration of DEBIAN<00> with error code 5. [2001/02/13 03:46:37, 0] nmbd/nmbd_workgroupdb.c:fail_register(222) fail_register: Failed to register name DEBIAN<00> on subnet UNICAST_SUBNET. [2001/02/13 03:46:37, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(294) standard_fail_register: Failed to register/refresh name DEBIAN<00> on subnet UNICAST_SUBNET **************************************************** [2001/02/13 03:46:37, 0] nmbd/nmbd_logonnames.c:add_logon_names(158) add_domain_logon_names: Attempting to become logon server for workgroup DEBIAN on subnet 200.x.x.x [2001/02/13 03:46:37, 0] nmbd/nmbd_logonnames.c:add_logon_names(158) add_domain_logon_names: Attempting to become logon server for workgroup DEBIAN on subnet UNICAST_SUBNET [2001/02/13 03:46:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup DEBIAN, subnet UNICAST_SUBNET. [2001/02/13 03:46:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(356) become_domain_master_browser_wins: querying WINS server at IP 200.x.x.x for domain master browser name DEBIAN<1b> on workgroup DEBIAN [2001/02/13 03:46:37, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(117) become_logon_server_success: Samba is now a logon server for workgroup DEBIAN on subnet UNICAST_SUBNET [2001/02/13 03:46:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(117) ***** Samba server DEBIAN is now a domain master browser for workgroup DEBIAN on subnet UNICAST_SUBNET ***** [2001/02/13 03:46:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(293) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup DEBIAN on subnet 200.x.x.x [2001/02/13 03:46:37, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(307) become_domain_master_browser_bcast: querying subnet 200.x.x.x for domain master browser on workgroup DEBIAN [2001/02/13 03:46:42, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(117) become_logon_server_success: Samba is now a logon server for workgroup DEBIAN on subnet 200.x.x.x [2001/02/13 03:46:47, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(117) ***** Samba server DEBIAN is now a domain master browser for workgroup DEBIAN on subnet 200.x.x.x ***** [2001/02/13 03:47:00, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(405) ***** Samba name server DEBIAN is now a local master browser for workgroup DEBIAN on subnet 200.x.x.x ***** __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From nicku at vtc.edu.hk Tue Feb 13 05:07:09 2001 From: nicku at vtc.edu.hk (Nick Urbanik) Date: Tue Dec 2 02:33:18 2003 Subject: Does alpha2 work or not? References: Message-ID: <3A88C0FC.2466B75B@vtc.edu.hk> Dear folks, Sorry, but I am still very confused. Dariush Forouher wrote: > On Sun, 11 Feb 2001, Nick Urbanik wrote: > > 1. Is alpha2 or is it not able to work as a PDC for Win2k clients (aka > > 2.2 PDC FAQ and 2.2 PDC HOWTO)? > All snapshots (including alpha2) have broken win2k pdc support. Is alpha2 a snapshot of CVS? But the FAQ existed a long time before alpha2. So is alpha2 a "crippled" version of a CVS snapshot? I am very puzzled. > > 2. If not, then which dates did CVS actually work as mentioned in the > > 2.2 PDC FAQ? > IMHO it's fixed some days ago But the FAQ has existed for a long time. Is what it said wrong before 29 January 2001? > > 3. How do I get the snapshots that work, since it seems that the > > snapshots that are provided don't work? > via cvs, it's in the faq I am still puzzled; alpha2 came out on 29 January 2001; the FAQ is clearly older. So if I download from CVS, then I have a snapshot of my own. What is the difference between a CVS snapshot that was downloaded on 29 Jan 2001 and alpha2? According to the FAQ, the CVS should work if it was downloaded on 29 Jan 2001, but alpha2 doesn't? I am sorry to be so thick, but I am investing a fair amount of energy here, and have built an RPM for alpha2. I want to make sure that I am at least starting off on the right foot. -- Nick Urbanik, Dept. of Computing and Mathematics Hong Kong Institute of Vocational Education (Tsing Yi) email: nicku@vtc.edu.hk Tel: (852) 2436 8576, (852) 2436 8579 Fax: (852) 2436 8526 pgp ID: 7529555D fingerprint: 53 B6 6D 73 52 EE 1F EE EC F8 21 98 45 1C 23 7B From morris at maynidea.com Tue Feb 13 05:35:15 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:18 2003 Subject: "No mapping was done..." error - still!! Message-ID: Running Samba pre-3.0.0 (CVS at 8:22 AM EST 11 Feb) on RH Linux 6.2 I read the FAQ and the PDC HOW-TO and followed them religiously. Samba compiles and runs fine. I can share shares and browse workgroups. But I can't convince my Windows 2000 workstation to join the domain. Like so many others, I get: "No mapping between account names and security IDs was done." I tried removing the machine from passwd and smbpasswd (with userdel and smbpasswd -x), then adding them in again. I tried removing them and then just running the network identification dialog - this successfully re-adds the machine accounts to both files, but still the same error. I perused the newsgroups and only found that sometimes the problem mysteriously goes away. I changed the domain name, tried odd and even numbers of characters - no help. Due to the prevalance of this problem, I can't help but feel that there is either a real bug or a serious useability "issue" here somewhere... From morris at maynidea.com Tue Feb 13 05:36:35 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:18 2003 Subject: "No mapping was done..." error - still!! Message-ID: Running Samba pre-3.0.0 (CVS at 8:22 AM EST 11 Feb) on RH Linux 6.2 I read the FAQ and the PDC HOW-TO and followed them religiously. Samba compiles and runs fine. I can share shares and browse workgroups. But I can't convince my Windows 2000 workstation to join the domain. Like so many others, I get: "No mapping between account names and security IDs was done." I tried removing the machine from passwd and smbpasswd (with userdel and smbpasswd -x), then adding them in again. I tried removing them and then just running the network identification dialog - this successfully re-adds the machine accounts to both files, but still the same error. I perused the newsgroups and only found that sometimes the problem mysteriously goes away. I changed the domain name, tried odd and even numbers of characters - no help. Due to the prevalance of this problem, I can't help but feel that there is either a real bug or a serious useability "issue" here somewhere... From morris at maynidea.com Tue Feb 13 05:49:20 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:18 2003 Subject: "No mapping was done..." error - still!! In-Reply-To: Message-ID: FWIW, my NT 4.0 SP6 WKS joined the domain with no problems! -----Original Message----- From: Morris Maynard [mailto:morris@maynidea.com] Sent: Tuesday, February 13, 2001 12:37 AM To: samba-ntdom@lists.samba.org Subject: "No mapping was done..." error - still!! Running Samba pre-3.0.0 (CVS at 8:22 AM EST 11 Feb) on RH Linux 6.2 I read the FAQ and the PDC HOW-TO and followed them religiously. Samba compiles and runs fine. I can share shares and browse workgroups. But I can't convince my Windows 2000 workstation to join the domain. Like so many others, I get: "No mapping between account names and security IDs was done." I tried removing the machine from passwd and smbpasswd (with userdel and smbpasswd -x), then adding them in again. I tried removing them and then just running the network identification dialog - this successfully re-adds the machine accounts to both files, but still the same error. I perused the newsgroups and only found that sometimes the problem mysteriously goes away. I changed the domain name, tried odd and even numbers of characters - no help. Due to the prevalance of this problem, I can't help but feel that there is either a real bug or a serious useability "issue" here somewhere... From morris at maynidea.com Tue Feb 13 05:55:06 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:18 2003 Subject: "No mapping was done..." error - still!! In-Reply-To: Message-ID: And just one more thing - although I start smbd and nmbd with "-d 9" arguments, I never get a peep in either log.smbd or log.nmbd or the system log... -----Original Message----- From: Morris Maynard [mailto:morris@maynidea.com] Sent: Tuesday, February 13, 2001 12:49 AM To: samba-ntdom@lists.samba.org Subject: RE: "No mapping was done..." error - still!! FWIW, my NT 4.0 SP6 WKS joined the domain with no problems! -----Original Message----- From: Morris Maynard [mailto:morris@maynidea.com] Sent: Tuesday, February 13, 2001 12:37 AM To: samba-ntdom@lists.samba.org Subject: "No mapping was done..." error - still!! Running Samba pre-3.0.0 (CVS at 8:22 AM EST 11 Feb) on RH Linux 6.2 I read the FAQ and the PDC HOW-TO and followed them religiously. Samba compiles and runs fine. I can share shares and browse workgroups. But I can't convince my Windows 2000 workstation to join the domain. Like so many others, I get: "No mapping between account names and security IDs was done." I tried removing the machine from passwd and smbpasswd (with userdel and smbpasswd -x), then adding them in again. I tried removing them and then just running the network identification dialog - this successfully re-adds the machine accounts to both files, but still the same error. I perused the newsgroups and only found that sometimes the problem mysteriously goes away. I changed the domain name, tried odd and even numbers of characters - no help. Due to the prevalance of this problem, I can't help but feel that there is either a real bug or a serious useability "issue" here somewhere... From armand at welshhome.org Tue Feb 13 06:12:30 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:18 2003 Subject: NT type Permissions to Win2k machines. References: <5.0.2.1.2.20010211114900.00a653d8@mail.ecwebworks.com> Message-ID: <001301c09583$f25fc170$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* this is normal. The trusts are not done yet. Maybe they will be ready by 3.0, but last I read, they will only be minimally implemented (as you have experienced) for the 2.2 release. ----- Original Message ----- From: "Marc Harding" To: Sent: Sunday, February 11, 2001 9:08 AM Subject: NT type Permissions to Win2k machines. > *This message was transferred with a trial version of CommuniGate(tm) Pro* > I have a simple question. I have been working with the cvs versions of > samba 2.2 for some time now and seem to have all the functionality I need > to start using it. However the one major issue I am having is bring down > permissions from the domain to a Windows 2000 Professional machine (which > is part of the domain). For example if I try to add a user or a group from > the domain to be part of the Administrators group, I see no users to pull > from, and I only see the Domain Admins group. Is this normal at this point > in development? > > If I choose the Domain Admins group, and click OK, in the 'Select user or > group' Dialog box, followed by Apply in the 'Administrators Properties' > Dialog box. I get the following error: > > The following error occurred while attempting to save properties for group > Administrators on computer EC001: > > The trust relationship between this workstation and the primary domain failed. > > > Is this what is currently normal, or can someone work out where I have made > a mistake? > > Thanks, > > Marc Harding. > > > From gcarter at valinux.com Mon Feb 12 21:44:47 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:18 2003 Subject: FW: Winbind and pam.conf on Solaris 2.6 References: <4DF700F51F8AD4119A930001FA6A2062166FEA@postman-pat.internal.thewinesociety.com> Message-ID: <3A88594F.B3CE33BD@valinux.com> Dean Ward wrote: > > Hi all, > > I have made the following changes to the pam.conf > installed on our test machine at the moment. As I said > before I don't have access to the machine (not currently > on site) until early Feb, so could somebody just confirm that > the following changes will work on Solaris 2.6, please? These look at as far as I can tell. Cheers, jerry-- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Tue Feb 13 07:59:49 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:18 2003 Subject: FW: Winbind and pam.conf on Solaris 2.6 In-Reply-To: <3A88594F.B3CE33BD@valinux.com> Message-ID: On Mon, 12 Feb 2001, Gerald Carter wrote: > Dean Ward wrote: > > > > Hi all, > > > > I have made the following changes to the pam.conf > > installed on our test machine at the moment. As I said > > before I don't have access to the machine (not currently > > on site) until early Feb, so could somebody just confirm that > > the following changes will work on Solaris 2.6, please? > > > These look at as far as I can tell. ^^ should be 'ok' as far as I can tell jerry ---------------------------------------------------------------------- / \ Gerald (Jerry) Carter gcarter@valinux.com / . \ VA Linux Systems / SAMBA Team jerry@samba.org \ . / \ / "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) ---------------------------------------------------------------------- From tab at basien.de Tue Feb 13 09:47:08 2001 From: tab at basien.de (Tillmann A. Basien) Date: Tue Dec 2 02:33:18 2003 Subject: W2000 Sever on PDCSamba2.2alpha2 Message-ID: <000e01c095a1$eec5fd40$6601a8c0@basien.de> Hallo, Is there an answer to the following situation: I connect from a W95 to an W2000 Server via RDP, the W2000 Server is connected to my Linux Samba 2.2Alpha2 PDC. I have several users configured in Samba. The authentification works as I expected. As soon as I want to start a programm "c:\WINNT\SYSTEM\calc.exe" instead of the W2000 Deskshell, this will no work. I allway get the deskshell. As I understand I need "domain logins = yes" an some other stuff. But how can I get rid of the mechanismen "roaming profile", or better waht is needed to launch a programm of RDP not using a login script. Tab -- Dipl.-Ing. Tillmann A. Basien Balinger Stra?e 37A D-70567 Stuttgart Fon: +49 (0) 711 71 68 631 Hy : +49 (0) 173 87 38 987 Fax: +49 (0) 711 45 70 899 eMail: tab@basien.de -------------- next part -------------- HTML attachment scrubbed and removed From dobos_s at IBCnet.hu Tue Feb 13 09:58:53 2001 From: dobos_s at IBCnet.hu (dobos_s@IBCnet.hu) Date: Tue Dec 2 02:33:18 2003 Subject: Novell Client and Samba PDC Message-ID: I met the problem, and suggested the registry dina key modification. The background of the problem is in ms's routines which dont check the result of some extended network login calls. Nwgina calls such routines, msgina dont. All of the above is written as I understand the output of drwatson. Cly From lawrence_morrison at dell.com Tue Feb 13 14:16:05 2001 From: lawrence_morrison at dell.com (lawrence_morrison) Date: Tue Dec 2 02:33:18 2003 Subject: samba-ntdom -- confirmation of subscription -- request 259683 References: <20010213140622.EDE7D7AA2@lists.samba.org> Message-ID: <3A8941A5.F807AE7F@dell.com> samba-ntdom-request@us5.samba.org wrote: > samba-ntdom -- confirmation of subscription -- request 259683 > > We have received a request from 143.166.82.240 for subscription of > your email address, , to the > samba-ntdom@lists.samba.org mailing list. To confirm the request, > please send a message to samba-ntdom-request@lists.samba.org, and > either: > > - maintain the subject line as is (the reply's additional "Re:" is > ok), > > - or include the following line - and only the following line - in the > message body: > > confirm 259683 > > (Simply sending a 'reply' to this message should work from most email > interfaces, since that usually leaves the subject line in the right > form.) > > If you do not wish to subscribe to this list, please simply disregard > this message. Send questions to samba-ntdom-admin@lists.samba.org. From jbcurry at hline.localhealth.net Tue Feb 13 14:42:26 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:18 2003 Subject: Policies (Again) GROUPPOL.DLL In-Reply-To: <20010212.23393356@jim.jarvie.org.uk> Message-ID: > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Jim Jarvie > > > I have a network of around 1000 users, using Win98 logging onto a number > of Samba [2.0.7] servers. > > I've checked the archives, read everything I can find, but *still* cannot > get group policies to work. User policies are OK, default policies are > OK, machine policies are OK. According to my book on System Policies (O'Reilly's "Windows System Policy Editor", pg. 43), if a specific user policy exists then the group policy will be ignored. I don't know if that's true or not, as I've never tried using both simultaneously. On a specific user, make sure there's no user or machine policies and see if the group policy begins to work for that user. > > I have grouppol.dll installed and configured as per the instructions. > I've checked the ms website and everything looks OK. > > However, group policies still do not work. > > My windows 98 media has 2 versions of grouppol.dll, BOTH of which I've > tried. I'm assuming you have assigned the users to groups in your Unix group file (i.e., /etc/group). If not, you can use the command "groupadd" to add the groups, then use "usermod -G" to specify the groups a user should belong to. In your config.pol file, (on the server in the /netlogon directory), the groups must match those listed in your Unix group file. > > Ver.1 (Part Of Poledit (tools\reskit\net)) > grouppol.dll, 11,776 bytes, 23 apr 1999 > > Ver.2 (Part of Win98 (\win98\win98_61.cab)) > grouppol.dll, 32,768 bytes, 23 apr 1999 > I've always used the reskit file. And that should be a recent enough version. > Can someone tell me which one is the correct ? all the previous postings > simply say to get the working one ! Which is the working one ? > > (I've even used example configs, but these still give identical results) > Hope I was of some help. > Regards > Jim > > > From luetz at serv.bibl.fh-koeln.de Tue Feb 13 15:39:07 2001 From: luetz at serv.bibl.fh-koeln.de (Stefan Luetz) Date: Tue Dec 2 02:33:18 2003 Subject: policies/ntconfig.pol Message-ID: <3A89632B.26668.1E30943@localhost> Hi, I'm running Samba 2.0.7 as a PDC. Everything works fine except policies. The NTconfig.pol file that I have put in the netlogon share seems only to work for members of the domain admin group. In the log file I can see that NTconfig.pol is opend by every user who logs into the domain. Any Idea? Thanks Stefan ******************************************************************* FACHHOCHSCHULE KOELN - HOCHSCHULBIBLIOTHEK UNIVERSITY OF APPLIED SCIENCE COLOGNE Dipl.-Ing. (FH) Stefan Luetz E-Mail: stefan.luetz@fh-koeln.de Betzdorferstr. 2 Phone : +49 221 8275-2711 D-50679 Koeln Fax : +49 221 8275-2993 ******************************************************************* From schumi-news at gmx.de Tue Feb 13 16:51:38 2001 From: schumi-news at gmx.de (Schumacher Christoph) Date: Tue Dec 2 02:33:18 2003 Subject: Speed & samba_2_2 Message-ID: <3A89661A.B415581@gmx.de> Hi... After I got my w2k machine logged on to my samab-machine, I recognized the speed of samba_2_2...it's cvs'd at the weekend. I use the same options as my samba 2.0.7 in smb.conf but the speed is not comparable. Samba2_2 reads/writes on samba-shares with max.50k/s @100MBit network. samba2.0.7 moves 3-4MB/s arround ! Does SAMBA2_2 need a bigger machine ? I got FBSD 4.2-STABLE on a P133 with 32Megs RAM and an IBM DJNA 20GB...is the proc. zo slow ? Or is it just the release state of 2.2 ? Christoph From vgill at technologist.com Tue Feb 13 17:42:06 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:33:18 2003 Subject: FW: Winbind and pam.conf on Solaris 2.6 Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C75@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> > These look at as far as I can tell. ^^ should be 'ok' as far as I can tell maybe you were going for otay.... From minh.dang-recalt at akazi.com Tue Feb 13 17:51:44 2001 From: minh.dang-recalt at akazi.com (Minh Dang-Recalt) Date: Tue Dec 2 02:33:18 2003 Subject: [Use a script with Samba] Message-ID: <002d01c095e5$a181ed70$0701a8c0@akazi.com> Hello, I wonder if i can create a script on my linux Box to copy a directory to another Linux Box via Samba client ? I'm thinking a script like that : ------------- # bash shell cd /home/test -> On the local Linux Machine smbclient \\\\Linux2\\Shared password cd /home/TOTO -> On the remote Linux box put recurse * . exit ------------- Of course, it doesn't work. Anyone has an idea to make it working ? Thanks ! Minh From YackettaRJ at worldkitchen.com Tue Feb 13 17:58:04 2001 From: YackettaRJ at worldkitchen.com (Yacketta,Ronald J) Date: Tue Dec 2 02:33:18 2003 Subject: [Use a script with Samba] Message-ID: <1237B4A605ECD4119C9B0002A50A58147FDE09@newman.worldkitchen.com> why would you want todo this? you could use rsync, ftp, ncftp or a mired of other utilities that would make life easier on your Ron =>-----Original Message----- =>From: Minh Dang-Recalt [mailto:minh.dang-recalt@akazi.com] =>Sent: Tuesday, February 13, 2001 12:52 PM =>To: samba-ntdom@us5.samba.org =>Subject: [Use a script with Samba] => => =>Hello, => =>I wonder if i can create a script on my linux Box to copy a =>directory to =>another Linux Box via Samba client ? =>I'm thinking a script like that : => =>------------- =># bash shell =>cd /home/test -> On the local =>Linux Machine =>smbclient \\\\Linux2\\Shared password =>cd /home/TOTO -> On the =>remote Linux box =>put recurse * . =>exit =>------------- =>Of course, it doesn't work. =>Anyone has an idea to make it working ? => =>Thanks ! => =>Minh => => From garcian002 at hawaii.rr.com Tue Feb 13 18:32:08 2001 From: garcian002 at hawaii.rr.com (Nelson Garcia) Date: Tue Dec 2 02:33:18 2003 Subject: [Use a script with Samba] References: <1237B4A605ECD4119C9B0002A50A58147FDE09@newman.worldkitchen.com> Message-ID: <001d01c095eb$4837bf00$8122050a@cpf.navy.mil> You could also use smbmount. If you just want to copy files and directories, use ftp. You can write an 'expect' script to do that. Here's a sample I stole from http://www.rtr.com/newrtr/tech.xprogramer.htm #! /usr/local/bin/expect -- #test on ftp set timeout 60 spawn ftp ftp.rtr.com expect "Name*:" send "anonymous\r" expect "Password:" send "test@rtr.com\r" expect "ftp>" send "cd ReadyPaks\r" expect "ftp>" send "bin\r" expect "ftp>" send "get SamplePak.SSol2.RTR\r" expect "ftp>" send "quit\r" expect "221 Goodbye.\r" close wait send_user "Your file is here\n" I have a script that uploads a webpage every 4 hours with my IP address (my IP is dynamic). I'm writing from work so I don't have the script with me. However the above example should get you started. I hope that helps. Nelson ----- Original Message ----- From: "Yacketta,Ronald J" To: ; Sent: Tuesday, February 13, 2001 07:58 AM Subject: RE: [Use a script with Samba] > why would you want todo this? > you could use rsync, ftp, ncftp or a mired of other utilities > that would make life easier on your > > Ron > > =>-----Original Message----- > =>From: Minh Dang-Recalt [mailto:minh.dang-recalt@akazi.com] > =>Sent: Tuesday, February 13, 2001 12:52 PM > =>To: samba-ntdom@us5.samba.org > =>Subject: [Use a script with Samba] > => > => > =>Hello, > => > =>I wonder if i can create a script on my linux Box to copy a > =>directory to > =>another Linux Box via Samba client ? > =>I'm thinking a script like that : > => > =>------------- > =># bash shell > =>cd /home/test -> On the local > =>Linux Machine > =>smbclient \\\\Linux2\\Shared password > =>cd /home/TOTO -> On the > =>remote Linux box > =>put recurse * . > =>exit > =>------------- > =>Of course, it doesn't work. > =>Anyone has an idea to make it working ? > => > =>Thanks ! > => > =>Minh > => > => > From johnny_5five at lycos.com Tue Feb 13 18:54:07 2001 From: johnny_5five at lycos.com (John Doe) Date: Tue Dec 2 02:33:18 2003 Subject: I cant get "server = domain" to work Message-ID: I also get this error message in my log file if i run "debug level = 1" "domain_client_validate: unable to open the machine account password for SAM in domain Dominic. -- On Mon, 12 Feb 2001 20:04:33 John Doe wrote: >Ok, here is my situation, > >I have a Samba server (Sam) and an NT Domain controller(NewT) on a domain called Dominic. I am trying to be able to log into Sam using NewT to verify the passwords and usernames. I did have it working with the "security = server" option, but i eventually want to be able to dynamically add users to Sam, along with what groups they belong too (hopefully using the "add user script = " and the "delete user script = " options). This means that i need "security = domain". I stopped the smb daemons, added Sam to the domain on NewT(as a "Windows NT workstation or server"), then typed the following command on Sam to add him to the domain: >smbpasswd -j Dominic -r NewT , >edited the smb.conf file to this: >###################### SMB.CONF ###################### >[global] >netbios name = Sam >encrypt passwords = yes >security = domain >domain logons = yes ##I have tried without this line >#also >workgroup = Dominic >password server = NewT >guest ok = yes > >###################################################### >#I have also played with many of these options >#(i dont think most of 'em matter, but you nevr know >#log file = directory/samba.log >#max log file = 1000 >#local master = no >#dns proxy = no >#guest account = ftp >###################################################### > >[share1] >read only = yes >write list = user1 ##(username is "user1") >path = directory/share > > >################ END SMB.CONF ####################### > >and then i restarted the daemons. > >I tried to log in using a username (user1) that worked with "security = server" (ie, it is a valid unix account and a valid NT account). > >I have also tried many variations of the above and have came up with nothing. > >I know simular questions have been asked and i apologize, but i am kinda new to this game, and i have not been able to figure this one out, thankyou to anyone who can help, i really appreciate it :) > > > > > > >Get your small business started at Lycos Small Business at http://www.lycos.com/business/mail.html > > Get your small business started at Lycos Small Business at http://www.lycos.com/business/mail.html From chameio at yahoo.com Tue Feb 13 19:15:30 2001 From: chameio at yahoo.com (=?iso-8859-1?q?Andre=20Leonidas?=) Date: Tue Dec 2 02:33:18 2003 Subject: Problem with NT client yet Message-ID: <20010213191530.20023.qmail@web1103.mail.yahoo.com> ..Hello Samba 2.0.7 in a linux debian 2.1 I have tried to put a NT4.0 in a samba domain PDC without susessfull. *I got to include a win98 ..I folowed all the instunctions of the book using samba, i did the count of NT machine. I did a workgroup called linux, follow the smb.conf [global] workgroup = linux ; printing = bsd ; printcap name = /etc/printcap load printers = yes guest account = visitante encrypt passwords = yes os level = 64 security = user domain master = yes domain logons = yes preferred master = yes logon home = \\N%\%U logon path = \\N%\%U\profiles logon script = %U.bat wins support = yes hosts allow = lau2000 passwd chat = *password* %n\n *sussessfull ; security = user ; wins server = 200.x.x.x ; This next option sets a separate log file for each client. Remove ; it if you want a combined log file. log file = /usr/local/samba/log.%m ; You will need a world readable lock directory and "share modes=yes" ; if you want to support the file sharing modes for multiple users ; of the same files ; lock directory = /usr/local/samba/var/locks ; share modes = yes [homes] comment = Home Directories browseable = no read only = no create mode = 0750 [visitante] comment = diretorio do visitante path = /home/visitante ;[printers] ; comment = All Printers ; browseable = no ; printable = yes ; public = no ; writable = no ; create mode = 0700 ; you might also want this one, notice that it is read only so as not to give ; people without an account write access. ; [tmp] comment = Temporary file space path = /tmp read only = yes public = yes ; ; Other examples. ; ; A private printer, usable only by fred. Spool data will be placed in fred's ; home directory. Note that fred must have write access to the spool directory, ; wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes ; ; A private directory, usable only by fred. Note that fred requires write ; access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no ; ; A publicly accessible directory, but read only, except for people in ; the staff group [public] comment = Diretorio Publico path = /Public public = yes writable = no printable = no ; write list = @staff ; ; a service which has a different directory for each machine that connects ; this allows you to tailor configurations to incoming machines. You could ; also use the %u option to tailor it by user name. ; The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writeable = yes ; ; ; A publicly accessible directory, read/write to all users. Note that all files ; created in the directory by users will be owned by the default user, so ; any user with access can delete any other user's files. Obviously this ; directory must be writable by the default user. Another user could of course ; be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no ; ; ; The following two entries demonstrate how to share a directory so that two ; users can place files there that will be owned by the specific users. In this ; setup, the directory should be writable by both users and should have the ; sticky bit set on it to prevent abuse. Obviously this could be extended to ; as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 When i try to include the NT machine lab02 in the domain linux this message appears The domain controller for this domain cannot be located and the log in /var/log/nmb show this when i try to include the machine with the false ip 200.x.y.z in the domain linux throw the Control Panel is : process_logon_packet: Logon from 200.x.y.z: code = 0x7 [2001/02/14 02:46:15, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 200.x.y.z: code = 0x7 [2001/02/14 02:46:41, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 200.x.y.z: code = 0x7 Anybody Can help me?? __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From dwcjr at inethouston.net Tue Feb 13 19:19:19 2001 From: dwcjr at inethouston.net (David W. Chapman Jr.) Date: Tue Dec 2 02:33:18 2003 Subject: Problem with NT client yet References: <20010213191530.20023.qmail@web1103.mail.yahoo.com> Message-ID: <022e01c095f1$dda1cf80$931576d8@inethouston.net> Did you add a machine user to your samba server like the instructions told you to? ----- Original Message ----- From: "Andre Leonidas" To: Sent: Tuesday, February 13, 2001 1:15 PM Subject: Problem with NT client yet > > ..Hello > > Samba 2.0.7 in a linux debian 2.1 > > I have tried to put a NT4.0 in a samba domain PDC > without susessfull. > > *I got to include a win98 > > ..I folowed all the instunctions of the book using > samba, i did the count of NT machine. From ig4812 at alunos.ipb.pt Tue Feb 13 19:43:38 2001 From: ig4812 at alunos.ipb.pt (Paulo Gomes) Date: Tue Dec 2 02:33:18 2003 Subject: problem with roaming profiles size Message-ID: <3A898E6A.E42A3A2A@alunos.ipb.pt> I have 50 users in a small network with one Samba 2.0.7 server and 8 NT wks. My problem is with roaming profiles size, since users use internet explorer and the cache files is saved to the profiles dir. Can i define a limit for the profile of the users? Can have a single profile for all users? With System Policies i make the ntconfig.pol andi used the option to exclude dirs in roaming profiles. I works fine for admin users, but for all other users just not works. From garcian002 at hawaii.rr.com Wed Feb 14 01:33:41 2001 From: garcian002 at hawaii.rr.com (Nelson Garcia) Date: Tue Dec 2 02:33:19 2003 Subject: [Use a script with Samba] References: <8D043DEA73DFD411958A00A0C90AB7607C78@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: <001401c09626$2bd77cc0$8122050a@cpf.navy.mil> Thanks, I use dyndns.org (http://nelsongarcia.dyndns.org). The expect script is because I'm paranoid that my server will go down or the IP posting script will not work, etc., etc. In other words, is just a backup. Sorry for getting OT, I was just trying to illustrate how expect is a handy tool that could be used to automate some tasks with samba. This list is great, keep doing the Samba. Nelson P.S. (OT): for a list of dynamic dns providers, try this link http://www.technopagan.org/dynamic/ (not sure how accurate it is anymore) ----- Original Message ----- From: "Gill, Vern" To: "'Nelson Garcia'" Sent: Tuesday, February 13, 2001 08:38 AM Subject: RE: [Use a script with Samba] > Slightly OT, but if you are uploading your IP so you can get to your > machine, or for others to be able to get to it, you should look into one > of the free dynamic dns services. I use yi.org, and it works great!! > Don't know what your needs are, but they are a great boost to my > "productivity" > > dns2go is also pretty good, but I have been with yi.org for over a year > now, and I really like it. You should check it out... > > -----Original Message----- > From: Nelson Garcia [mailto:garcian002@hawaii.rr.com] > Sent: Tuesday, February 13, 2001 10:32 AM > To: samba-ntdom@us5.samba.org > Subject: Re: [Use a script with Samba] > > > You could also use smbmount. > > If you just want to copy files and directories, use ftp. You can write > an > 'expect' script to do that. > Here's a sample I stole from > http://www.rtr.com/newrtr/tech.xprogramer.htm > > #! /usr/local/bin/expect -- > #test on ftp > set timeout 60 > spawn ftp ftp.rtr.com > expect "Name*:" > send "anonymous\r" > expect "Password:" > send "test@rtr.com\r" > expect "ftp>" > send "cd ReadyPaks\r" > expect "ftp>" > send "bin\r" > expect "ftp>" > send "get SamplePak.SSol2.RTR\r" > expect "ftp>" > send "quit\r" > expect "221 Goodbye.\r" > close > wait > send_user "Your file is here\n" > > I have a script that uploads a webpage every 4 hours with my IP address > (my > IP is dynamic). I'm writing from work so I don't have the script with > me. > However the above example should get you started. > > I hope that helps. > Nelson > > ----- Original Message ----- > From: "Yacketta,Ronald J" > To: ; > Sent: Tuesday, February 13, 2001 07:58 AM > Subject: RE: [Use a script with Samba] > > > > why would you want todo this? > > you could use rsync, ftp, ncftp or a mired of other utilities > > that would make life easier on your > > > > Ron > > > > =>-----Original Message----- > > =>From: Minh Dang-Recalt [mailto:minh.dang-recalt@akazi.com] > > =>Sent: Tuesday, February 13, 2001 12:52 PM > > =>To: samba-ntdom@us5.samba.org > > =>Subject: [Use a script with Samba] > > => > > => > > =>Hello, > > => > > =>I wonder if i can create a script on my linux Box to copy a > > =>directory to > > =>another Linux Box via Samba client ? > > =>I'm thinking a script like that : > > => > > =>------------- > > =># bash shell > > =>cd /home/test -> On the local > > =>Linux Machine > > =>smbclient \\\\Linux2\\Shared password > > =>cd /home/TOTO -> On the > > =>remote Linux box > > =>put recurse * . > > =>exit > > =>------------- > > =>Of course, it doesn't work. > > =>Anyone has an idea to make it working ? > > => > > =>Thanks ! > > => > > =>Minh > > => > > => > > > From R.Meyer at hoedtke.de Wed Feb 14 06:14:50 2001 From: R.Meyer at hoedtke.de (Heiko Kaschube) Date: Tue Dec 2 02:33:19 2003 Subject: Problem with NT client yet References: <20010213191530.20023.qmail@web1103.mail.yahoo.com> Message-ID: <3A8A225A.CA6894B4@hoedtke.de> Hello, you have to put the workstation's name into your passwd and smbpasswd file as follows: - create a linux user NTWS$ with user shell /bin/false (see: man useradd) - create a SMB workstation account: smbpasswd -a -m NTWS - join the domain with your workstation This really should work, it did here with Samba 2.0.6 without bigger problems. Note there is a Dollar sign after the linux user name. If it does not work, you could once set up NT for *WORKGROUP* "linux", then do the steps again and see if that will work. Perhaps try to write the workgroup name in smb.conf in upper case. That might be another hint, but it does not have to. Greetings, Heiko Andre Leonidas wrote: > > ..Hello > > Samba 2.0.7 in a linux debian 2.1 > > I have tried to put a NT4.0 in a samba domain PDC > without susessfull. > > *I got to include a win98 > > ..I folowed all the instunctions of the book using > samba, i did the count of NT machine. > --- Heiko Kaschube Hoedtke Blech- und Lasertechnik Tel: +49 4101 7099-0 FAX: +49 4101 76137 email: mailto:H.Kaschube@hoedtke.de Internet: http://www.hoedtke.de From simo.sorce at polimi.it Wed Feb 14 13:33:45 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:19 2003 Subject: [Use a script with Samba] In-Reply-To: <002d01c095e5$a181ed70$0701a8c0@akazi.com> Message-ID: On Tue, 13 Feb 2001, Minh Dang-Recalt wrote: > Hello, > > I wonder if i can create a script on my linux Box to copy a directory to > another Linux Box via Samba client ? > I'm thinking a script like that : > > ------------- > # bash shell > cd /home/test -> On the local Linux Machine > smbclient \\\\Linux2\\Shared password > cd /home/TOTO -> On the remote Linux box > put recurse * . > exit > ------------- > Of course, it doesn't work. > Anyone has an idea to make it working ? > > Thanks ! > > Minh Isn't it easier with scp using public key authentication (or rcp if you have a really trusted network) ? -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From lubo at ru.acad.bg Wed Feb 14 14:46:29 2001 From: lubo at ru.acad.bg (Lubomir) Date: Tue Dec 2 02:33:19 2003 Subject: problem with roaming profiles size References: <3A898E6A.E42A3A2A@alunos.ipb.pt> Message-ID: <3A8A9A45.30708@ru.acad.bg> I have similar network with same problems.I wrote to samba-ntdom and David Bannon recommended using only the default user profile and deleteing (with postexec option)saving profiles. I have prepared suitable Default profile ,but still can't configure my samba to delete new saved profiles after user logoff. If anybody can help...?! Paulo Gomes wrote: > I have 50 users in a small network with one Samba 2.0.7 server and 8 NT > wks. My problem is with roaming profiles size, since users use internet > explorer and the cache files is saved to the profiles dir. Can i define > a limit for the profile of the users? Can have a single profile for all > users? > With System Policies i make the ntconfig.pol andi used the option to > exclude dirs in roaming profiles. I works fine for admin users, but for > all other users just not works. From jbcurry at hline.localhealth.net Wed Feb 14 15:10:11 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:19 2003 Subject: problem with roaming profiles size In-Reply-To: <3A8A9A45.30708@ru.acad.bg> Message-ID: Umm, doesn't IE let you specify where to store the cache'd files? Why not store them somewhere different than the profile directory? (in Internet Explorer 5.5, this is found under Tools==>>InternetOptions==>>TemporaryInternetFileSettings==>>MoveFolder) Also, you can set a limit of how much is cache'd. Or is there something I'm missing? > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Lubomir > Sent: Wednesday, February 14, 2001 9:46 AM > To: samba-ntdom > Subject: Re: problem with roaming profiles size > > > I have similar network with same problems.I wrote to samba-ntdom > and David Bannon recommended using only the default user profile > and deleteing (with postexec option)saving profiles. > I have prepared suitable Default profile ,but still can't configure > my samba to delete new saved profiles after user logoff. > If anybody can help...?! > > > Paulo Gomes wrote: > > > I have 50 users in a small network with one Samba 2.0.7 server and 8 NT > > wks. My problem is with roaming profiles size, since users use internet > > explorer and the cache files is saved to the profiles dir. Can i define > > a limit for the profile of the users? Can have a single profile for all > > users? > > With System Policies i make the ntconfig.pol andi used the option to > > exclude dirs in roaming profiles. I works fine for admin users, but for > > all other users just not works. > > > From spinler.patrick at mayo.edu Wed Feb 14 16:30:31 2001 From: spinler.patrick at mayo.edu (Patrick Spinler) Date: Tue Dec 2 02:33:19 2003 Subject: Help configuring samba appliance Message-ID: <3A8AB2A7.558BFAC7@mayo.edu> Hi: I've been messing with the samba appliance package recently (the 0.5 rpm version built last aug 17), and am having difficulty getting logins working via the supplied pam modules. Here's my setup: My workstation is R0055620, a member of the domain RCHWKS My account is pjs11, a account in domain MC The RCHWKS domain trusts the MC domain (and the RCH domain, too) When I attempt to login using MC\pjs11, winbindd spits this tidbit of log: 006e id_auth[0] : 00 006f id_auth[1] : 00 0070 id_auth[2] : 00 0071 id_auth[3] : 00 0072 id_auth[4] : 00 0073 id_auth[5] : 05 0074 sub_auths : 00000015 7c0150b7 0fdc7252 030312ce 0084 status: 00000000 adding trusted domain MC adding trusted domain RCH (--- NOTE: here is end of winbind startup log, below is login attempt) accepted socket 8 [29305]: pam auth MC\pjs11 could not get trust password for domain MC I've attached my pam config file and nsswitch.conf, and the complete winbindd output is at http://spinler.dhs.org/~pspinler/winbindd.log. My system is a somewhat updated redhat 6.2, glibc 2.1.1. I've also just recompiled the various componants from cvs SAMBA_TNG and APPLIANCE_HEAD branches, and will be trying these new componants later today. -- Pat p.s. whenever I redirect winbind's output to a file, it hangs. Any ideas ? E.g. this command: $ winbindd -i -d 100 > /tmp/winbindd.log produces a hung winbindd, only killable by kill -9. Any clues ? -- This message does not represent the policies or positions of the Mayo Foundation or its subsidiaries. Patrick Spinler email: Spinler.Patrick@Mayo.EDU Mayo Foundation phone: 507/284-9485 -------------- next part -------------- # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the "db" in front of "files" for entries you want to be # looked up first in the databases # # Example: #passwd: db files nisplus nis #shadow: db files nisplus nis #group: db files nisplus nis passwd: files winbind shadow: files winbind group: files winbind #passwd: files nisplus nis winbind #shadow: files nisplus nis winbind #group: files nisplus nis winbind #hosts: db files nisplus nis dns hosts: files nisplus nis dns services: nisplus [NOTFOUND=return] files networks: nisplus [NOTFOUND=return] files protocols: nisplus [NOTFOUND=return] files rpc: nisplus [NOTFOUND=return] files ethers: nisplus [NOTFOUND=return] files netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files netgroup: nisplus publickey: nisplus automount: files nisplus aliases: files nisplus -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok #account required /lib/security/pam_pwdb.so account required /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok session required /lib/security/pam_pwdb.so session optional /lib/security/pam_console.so From martin.kleucker at esg-gmbh.de Wed Feb 14 16:51:58 2001 From: martin.kleucker at esg-gmbh.de (martin.kleucker@esg-gmbh.de) Date: Tue Dec 2 02:33:19 2003 Subject: Authentication Message-ID: <412569F3.005CC3A1.00@lns002ext.esg-gmbh.de> Hi, folks we're using our NT PDC for authentication when connecting via SAMBA. Which version of SAMBA do we have to use to authenticate with a W2k DC? Thanks a lot, Martin --------------------------------------------------------------------------- Martin Kleucker ESG GmbH Vox: (+49) 89 92 16 - 23 08 Martin.Kleucker@ESG-GmbH.de Einsteinstr. 174 Fax: (+49) 89 92 16 - 29 03 IR-2 / Raum 255 81675 Muenchen www: http://www.ESG-GmbH.de --------------------------------------------------------------------------- From thsd at thsd.k12.ca.us Wed Feb 14 17:21:32 2001 From: thsd at thsd.k12.ca.us (THSD Network Admin) Date: Tue Dec 2 02:33:19 2003 Subject: Policies (Again) GROUPPOL.DLL In-Reply-To: <3.0.5.32.20010213221340.009ced00@mail.mlode.com> Message-ID: <3.0.6.32.20010214092132.007a1100@mail.mlode.com> Jim. Yes, group policies do work, but not using the implementation used for NT. We tried at our school to make a single config.pol handle multiple groups within Samba with no success. We took a different approach with great success. We wanted different policies for students, teachers and admins using the group names "students", "teachers" and "wheel". Within the smb.conf file, we defined "netlogon" as follows: [netlogon] comment = Network Logon Service path = /home/netlogon/%g guest ok = yes writable = no share modes = no locking = no write list = @wheel Then within /home/netlogon we make 3 separate directories named students, teachers and wheel, and put a config.pol and login.bat file in each. When making the policy file, just use the default user. In this way, each user gets a policy appropriate for his/her group as well as a group- specific login batch file to map drives for that group. To aid maintenance, within the wheel directory we made symbolic links to the teachers and students directories. Therefore an admin could make policy changes from a Win9x workstation. This implementation has been in operation in 3 schools for 2 years. We are in the process of replacing our last remaining NT box with a Linux box. Overall we handle about 450+ accounts and have had no policy problems using Win95 and Win98 workstations. BTW, all our Linux boxes are RH 6.2 using Samba version 2.0.6. Mike Lamasney Network Admin Twain Harte-Long Barn USD thsd@thsd.k12.ca.us or lamasney@mlode.com >>Delivered-To: samba-ntdom@lists.samba.org >>From: "JBCurry" >>To: "Jim Jarvie" , >> >>Subject: RE: Policies (Again) GROUPPOL.DLL >>X-MSMail-Priority: Normal >>X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) >>X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 >>Importance: Normal >>Sender: samba-ntdom-admin@lists.samba.org >>X-BeenThere: samba-ntdom@lists.samba.org >>X-Mailman-Version: 2.0beta6 >>List-Help: >>List-Post: >>List-Subscribe: , > >>List-Id: Using Samba with Windows NT domains >>List-Unsubscribe: , > >>List-Archive: http://lists.samba.org/pipermail/samba-ntdom/ >>Date: Tue, 13 Feb 2001 09:42:26 -0500 >> >>> -----Original Message----- >>> From: samba-ntdom-admin@lists.samba.org >>> [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Jim Jarvie >>> >>> >>> I have a network of around 1000 users, using Win98 logging onto a number >>> of Samba [2.0.7] servers. >>> >>> I've checked the archives, read everything I can find, but *still* cannot >>> get group policies to work. User policies are OK, default policies are >>> OK, machine policies are OK. >> >>According to my book on System Policies (O'Reilly's "Windows System Policy >>Editor", pg. 43), if a specific user policy exists then the group policy >>will be ignored. I don't know if that's true or not, as I've never tried >>using both simultaneously. >> >>On a specific user, make sure there's no user or machine policies and see if >>the group policy begins to work for that user. >> >>> >>> I have grouppol.dll installed and configured as per the instructions. >>> I've checked the ms website and everything looks OK. >>> >>> However, group policies still do not work. >>> >>> My windows 98 media has 2 versions of grouppol.dll, BOTH of which I've >>> tried. >> >>I'm assuming you have assigned the users to groups in your Unix group file >>(i.e., /etc/group). If not, you can use the command "groupadd" to add the >>groups, then use "usermod -G" to specify the groups a user should belong to. >> >>In your config.pol file, (on the server in the /netlogon directory), the >>groups must match those listed in your Unix group file. >> >>> >>> Ver.1 (Part Of Poledit (tools\reskit\net)) >>> grouppol.dll, 11,776 bytes, 23 apr 1999 >>> >>> Ver.2 (Part of Win98 (\win98\win98_61.cab)) >>> grouppol.dll, 32,768 bytes, 23 apr 1999 >>> >> >>I've always used the reskit file. And that should be a recent enough >>version. >> >>> Can someone tell me which one is the correct ? all the previous postings >>> simply say to get the working one ! Which is the working one ? >>> >>> (I've even used example configs, but these still give identical results) >>> >> >>Hope I was of some help. >> >>> Regards >>> Jim >>> >>> >>> >> >> >> > > From yanqui at neokimia.com Wed Feb 14 18:07:02 2001 From: yanqui at neokimia.com (Yanick Quirion) Date: Tue Dec 2 02:33:19 2003 Subject: Options List In-Reply-To: <3.0.6.32.20010214092132.007a1100@mail.mlode.com> Message-ID: <000301c096b0$eee799e0$389ed284@neokimia.com> Hi all, where I can get all the possible options for Samba 2.2 NT domain? Thanks ========================================== Yanick Quirion Administrateur de R?seau / Network Manager N?okimia Inc. Institut de Pharmacologie - ?difice Z5 3001 12eme Avenue Fleurimont, Qu?bec CANADA J1H 5N4 Tel.: +1 819 820-6840 Tel.: +1 819 820-6855 Ligne Directe Fax.: +1 819 820-6841 e-mail: yanqui@neokimia.com ========================================== From MKrauss at hitchhiker.com Wed Feb 14 18:11:30 2001 From: MKrauss at hitchhiker.com (Matthias Krauss) Date: Tue Dec 2 02:33:19 2003 Subject: WG: Options List Message-ID: RTFM .... -----Urspr?ngliche Nachricht----- Von: Yanick Quirion [mailto:yanqui@neokimia.com] Gesendet: Mittwoch, 14. Februar 2001 19:07 An: samba-ntdom@lists.samba.org Betreff: Options List Hi all, where I can get all the possible options for Samba 2.2 NT domain? Thanks ========================================== Yanick Quirion Administrateur de R?seau / Network Manager N?okimia Inc. Institut de Pharmacologie - ?difice Z5 3001 12eme Avenue Fleurimont, Qu?bec CANADA J1H 5N4 Tel.: +1 819 820-6840 Tel.: +1 819 820-6855 Ligne Directe Fax.: +1 819 820-6841 e-mail: yanqui@neokimia.com ========================================== From jolt at nicholasofmyra.org Wed Feb 14 19:35:21 2001 From: jolt at nicholasofmyra.org (Joe Olt) Date: Tue Dec 2 02:33:19 2003 Subject: problem with roaming profiles size In-Reply-To: References: <3A8A9A45.30708@ru.acad.bg> Message-ID: <5.0.2.1.0.20010214143435.00b00b80@10.100.0.4> At 10:10 AM 2/14/2001, JBCurry wrote: >Umm, doesn't IE let you specify where to store the cache'd files? Why not >store them somewhere different than the profile directory? (in Internet >Explorer 5.5, this is found under >Tools==>>InternetOptions==>>TemporaryInternetFileSettings==>>MoveFolder) > >Also, you can set a limit of how much is cache'd. > >Or is there something I'm missing? You can also have the cached files deleted. Tools->Internet Options->Advanced->Security->Empty Temporary Internet files folder when browser is closed From filipi at em.pucrs.br Tue Feb 13 20:06:12 2001 From: filipi at em.pucrs.br (Filipi D. Vianna) Date: Tue Dec 2 02:33:19 2003 Subject: problem with roaming profiles size References: <3A8A9A45.30708@ru.acad.bg> <5.0.2.1.0.20010214143435.00b00b80@10.100.0.4> Message-ID: <3A8993B4.6CA54C7D@em.pucrs.br> Joe Olt wrote: > > At 10:10 AM 2/14/2001, JBCurry wrote: > >Umm, doesn't IE let you specify where to store the cache'd files? Why not > >store them somewhere different than the profile directory? (in Internet > >Explorer 5.5, this is found under > >Tools==>>InternetOptions==>>TemporaryInternetFileSettings==>>MoveFolder) > > > >Also, you can set a limit of how much is cache'd. > > > >Or is there something I'm missing? > > You can also have the cached files deleted. > > Tools->Internet Options->Advanced->Security->Empty Temporary Internet files > folder when browser is closed You can schedule in the cron to remove the files at night when, probably, nobody is using the roaming profiles, and no browser is open. Edit the root cron with the command: crontab -e And add the folow line: 30 06 * * * find /home/ -name "Temporary Internet Files" -exec rm -rfv {}/* \; | mail -s "IE cache cleaning" you@yourdomain This will schedule to, every day at 6:30 AM, the server look for any file named "Temporary Internet Files" inside the home dir, remove what it find and mail a report to you containing what was removed. I think this may works fine. Regards, Filipi Viana From kathee at mindiq.com Wed Feb 14 20:17:01 2001 From: kathee at mindiq.com (kat) Date: Tue Dec 2 02:33:19 2003 Subject: disabling profiles Message-ID: if you want profiles to be stored ONLY on the users system -- i.e. disable roaming profiles... Do you just take out the 'netlogon' share? thx From DWinslow at mcsIT.com Wed Feb 14 20:49:40 2001 From: DWinslow at mcsIT.com (Dan Winslow) Date: Tue Dec 2 02:33:19 2003 Subject: Connecting to a cross-subnet domain Message-ID: Hi folks. We have samba running on a small subnet. Its being used to mount a couple linux directories to some NT boxes on the same subnet. We have tried to become part of the domain ( whose PDC is on another subnet ), without success. I sent our local network ferret sniffing around, and he tells me this : *snip* 1) The WINS is working between networks as I can ping by name any server on the 192.168.0.0 network and it will resolve its name. This means the routing is working. 2) When you go to browse a network for resources you communicate with the WINS server who knows who the Domain Master Browser is. He also knows who the backup browsers are. I ran a sniffer trace while trying to browse the MCSOMA domain which would only produce the machines on the 192.168.10.0 network. What I found is that the Linux Collector box is announcing himself as the browser for the users on the 192.168.10.0 network to use when browsing for services. I disconnect the Linux Server and then all the Windows NT boxes are able to browse o.k. What we need to figure out is a couple of things on the Linux box. First is he able to use WINS services and is he pointing to the 192.168.0.0 network. Second is there a way to turn off the function of Linux being a browser. *end of snip* So, I can see that there are some announce-browser type settings in the conf file, but the explaination of what they do is unclear to me. Plus I don't know squat about NT domain issues and barely anything about samba excpt the most basic. Any clues that could be handed to me will be appreciated. Thanks Dan Winslow From nicku at vtc.edu.hk Wed Feb 14 21:43:05 2001 From: nicku at vtc.edu.hk (Nick Urbanik) Date: Tue Dec 2 02:33:19 2003 Subject: Is there a difference between alpha releases and CVS snapshots? Message-ID: <3A8AFBE6.149FB698@vtc.edu.hk> Dear people, Sorry to take so long to understand this, but I hope that someone can clarify it simply. The 2.2 PDC FAQ has existed for some months (as I recall), explaining how to use CVS snapshots as PDC for Win2k clients. The alpha2 snapshot states in WHATSNEW.txt: A known problem is this version of Samba will not act as a PDC for Win2k clients However, alpha2 was released on 29 January 2001, long after the FAQ was written. So is there a difference between alpha releases and CVS snapshots? -- Nick Urbanik, Dept. of Computing and Mathematics Hong Kong Institute of Vocational Education (Tsing Yi) email: nicku@vtc.edu.hk Tel: (852) 2436 8576, (852) 2436 8579 Fax: (852) 2435 1406 pgp ID: 7529555D fingerprint: 53 B6 6D 73 52 EE 1F EE EC F8 21 98 45 1C 23 7B From vgill at technologist.com Wed Feb 14 21:51:46 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:33:19 2003 Subject: Options List Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C8D@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Nice attitude... Yanick, If you are referring to the compile options, you can do "./configure --help" and it will list the various options for configuring the source prior to compilation. If you are referring to what options are used in the smb.conf for configuring the server and domain, etc., read the smb.conf man page, or man smb.conf, man 5 smb.conf, whatever works on your system. There are also documents in the /whateverdir/docs/* Try those and if that doesn't help, ask the question in a different way. I.E. Where can I get more information for setting X option for my domain using samba %version%? Good luck, and don't be discouraged by "RTFM" answers. -----Original Message----- From: Matthias Krauss [mailto:MKrauss@hitchhiker.com] Sent: Wednesday, February 14, 2001 10:12 AM To: Samba (E-Mail) Subject: WG: Options List RTFM .... -----Urspr?ngliche Nachricht----- Von: Yanick Quirion [mailto:yanqui@neokimia.com] Gesendet: Mittwoch, 14. Februar 2001 19:07 An: samba-ntdom@lists.samba.org Betreff: Options List Hi all, where I can get all the possible options for Samba 2.2 NT domain? Thanks ========================================== Yanick Quirion Administrateur de R?seau / Network Manager N?okimia Inc. Institut de Pharmacologie - ?difice Z5 3001 12eme Avenue Fleurimont, Qu?bec CANADA J1H 5N4 Tel.: +1 819 820-6840 Tel.: +1 819 820-6855 Ligne Directe Fax.: +1 819 820-6841 e-mail: yanqui@neokimia.com ========================================== From anders at cwd.no Wed Feb 14 22:22:48 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:33:19 2003 Subject: disabling profiles In-Reply-To: Message-ID: <000001c096d4$a9cd6fa0$3202a8c0@thorsen.dhs.org> try something like logon home = logon drive = --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of kat Sent: Wednesday, February 14, 2001 9:17 PM To: samba-ntdom@us5.samba.org Subject: disabling profiles if you want profiles to be stored ONLY on the users system -- i.e. disable roaming profiles... Do you just take out the 'netlogon' share? thx From chameio at yahoo.com Wed Feb 14 22:56:30 2001 From: chameio at yahoo.com (=?iso-8859-1?q?Andre=20Leonidas?=) Date: Tue Dec 2 02:33:19 2003 Subject: nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 200.x.y.z: code = 0x7 Message-ID: <20010214225630.21568.qmail@web1101.mail.yahoo.com> Anybody know the reasons to appear this message in the /var/log/nmb?? after i try to put a NT4.0 machine service pack1 in the SAMBA domain,receiving the eternal message "The domain Controller for this domain cannot be located" in the ContolPannel/Network???? -------> [2001/02/15 06:32:30, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 200.19.148.30: code = 0x7 OBSs I add the NT machine in SAMBA DOMAIN adduser --disabled-password rita i put in /etc/passwd: rita$ smbpasswd rita .. Here my smb.conf [global] workgroup = SAMBA printing = bsd printcap name = /etc/printcap load printers = yes guest account = visitante encrypt passwords = no os level = 65 security = user domain master = yes domain logons = yes preferred master = yes logon home = \\N%\%U logon path = \\N%\%U\profiles logon script = %U.bat wins support = yes hosts allow = lau2000 passwd chat = *password* %n\n *sussessfull ; security = user ; wins server = 200.x.x.x ; This next option sets a separate log file for each client. Remove ; it if you want a combined log file. log file = /usr/local/samba/log.%m ; You will need a world readable lock directory and "share modes=yes" ; if you want to support the file sharing modes for multiple users ; of the same files ; lock directory = /usr/local/samba/var/locks ; share modes = yes [netlogon] path = /home/netlogon writeable = no guest ok = no [homes] comment = Home Directories browseable = no read only = no create mode = 0750 [visitante] comment = diretorio do visitante path = /home/visitante ;[printers] ; comment = All Printers ; browseable = no ; printable = yes ; public = no ; writable = no ; create mode = 0700 ; you might also want this one, notice that it is read only so as not to give ; people without an account write access. ; [tmp] comment = Temporary file space path = /tmp read only = yes public = yes ; ; Other examples. ; ; A private printer, usable only by fred. Spool data will be placed in fred's ; home directory. Note that fred must have write access to the spool directory, ; wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; writable = no ; printable = yes ; ; A private directory, usable only by fred. Note that fred requires write ; access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no ; ; A publicly accessible directory, but read only, except for people in ; the staff group [public] comment = Diretorio Publico path = /Public public = yes writable = no printable = no ; write list = @staff ; ; a service which has a different directory for each machine that connects ; this allows you to tailor configurations to incoming machines. You could ; also use the %u option to tailor it by user name. ; The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writeable = yes ; ; ; A publicly accessible directory, read/write to all users. Note that all files ; created in the directory by users will be owned by the default user, so ; any user with access can delete any other user's files. Obviously this ; directory must be writable by the default user. Another user could of course ; be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no ; ; ; The following two entries demonstrate how to share a directory so that two ; users can place files there that will be owned by the specific users. In this ; setup, the directory should be writable by both users and should have the ; sticky bit set on it to prevent abuse. Obviously this could be extended to ; as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From d.kavadas at cclru.unsw.edu.au Thu Feb 15 01:45:30 2001 From: d.kavadas at cclru.unsw.edu.au (dennis) Date: Tue Dec 2 02:33:19 2003 Subject: pam_smb.usermap anyone ? Message-ID: Hi all... Anyone here have any experience with pam_smb, in particular pam_smb.usermap ? I need to know how the pam_smb.usermap file works. Dennis From armand at welshhome.org Thu Feb 15 04:02:30 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:19 2003 Subject: [Use a script with Samba] References: <002d01c095e5$a181ed70$0701a8c0@akazi.com> Message-ID: <003401c09704$1ea6dfd0$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* I haven't tested this, but in DOS systems I would the what you want by: let me know if it works... cd /home/test smbclient \\\\Linux2\\Shared password < control.file control file would have these lines cd /home/TOTO put recurse * . exit ----- Original Message ----- From: "Minh Dang-Recalt" To: Sent: Tuesday, February 13, 2001 9:51 AM Subject: [Use a script with Samba] > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hello, > > I wonder if i can create a script on my linux Box to copy a directory to > another Linux Box via Samba client ? > I'm thinking a script like that : > > ------------- > # bash shell > cd /home/test -> On the local Linux Machine > smbclient \\\\Linux2\\Shared password > cd /home/TOTO -> On the remote Linux box > put recurse * . > exit > ------------- > Of course, it doesn't work. > Anyone has an idea to make it working ? > > Thanks ! > > Minh > > > From armand at welshhome.org Thu Feb 15 04:21:51 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:19 2003 Subject: pam_smb.usermap anyone ? References: Message-ID: <004401c09706$d1d50350$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* Dennis, the file /etc/pam_smb.usermap is a simple file to create, that maps *nix users to nt users. The format is nix_user=domain_name\nt_username the domain is optional, and the "\" character is only used if the supply the domain. you don't need to escape the "\" character (i.e., the \\ is not interpreted as a \) If you don't supply the domain_name\ before the nt_username, then it will authenticate against the default domain. Also, you can authenticate all users against the default domain controller by removing the pam_smb.usermap file. Any other questions, just drop me line... > Anyone here have any experience with pam_smb, in particular pam_smb.usermap > ? > I need to know how the pam_smb.usermap file works. From slu at firerun.net Thu Feb 15 05:35:12 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:19 2003 Subject: Is there a difference between alpha releases and CVS snapshots? References: <3A8AFBE6.149FB698@vtc.edu.hk> Message-ID: <3A8B6A90.B4968FED@firerun.net> Nick Urbanik wrote: > Dear people, > > Sorry to take so long to understand this, but I hope that someone can > clarify it simply. > > The 2.2 PDC FAQ has existed for some months (as I recall), explaining > how to use CVS snapshots as PDC for Win2k clients. The alpha2 snapshot > states in WHATSNEW.txt: > > A known problem is this version of Samba will not act as a PDC > for Win2k clients > > However, alpha2 was released on 29 January 2001, long after the FAQ was > written. So is there a difference between alpha releases and CVS > snapshots? > Yes there is a difference! The alpha releases are a snapshot of the CVS on that given day. If you download samba from CVS (using the commands in the FAQ) then you will have the current state of the on going development of samba. So it is always better to get the CVS version since it will include any fixes since the last alpha release snapshot. And by the way, Samba 2.2 alpha2 will act as a PDC for win2k clients, but it only works in Legacy mode. So not all the features of a win2k PDC are cloned yet. Patrick From morris at maynidea.com Thu Feb 15 07:17:01 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:19 2003 Subject: small bug in util.c / proto.h Message-ID: If you compile with automount support, the linker exits with an error because automount_lookup is defined as static in lib/util.c. In the latest CVS I saw that it was defined without the static attribute in one #ifdef incarnation, and with it in another. I added a prototype in the appropriate place in proto.h as well. Morris Maynard Mayn Idea, Inc. Phone: +1(609)585-1029 Fax: +1(609)581-1389 Email: morris@maynidea.com http://www.maynidea.com From Peeter.Ulst at bico-leks.ee Thu Feb 15 11:02:43 2001 From: Peeter.Ulst at bico-leks.ee (Peeter Ulst) Date: Tue Dec 2 02:33:19 2003 Subject: trust relations Message-ID: Hello, The only thing that is missing on my samba servers is trusts relations. I've read everywhere thet trusts aint working, but I have come across success stories using TNG. Now in todays cvs TNG whatsnew.txt I read like smth like trusts are working, do I understand it right ? quote: " ... Inter-Domain Trust Relationships are at an early, but functional and very hands-on stage." & they are done via pam_ntdom and windbindd ? If not what are those things for ? If trusts are possible then can somebody tell me how severe are the Known Bugs listed in the same txt file: 1. MSRPC demons poping up & taking up process table place. I got probably like 20 machines hooked up to shares all the time, smbstatus is about 2 pages long, can this bug make things bad ? 2. Win9x style domain logons are reported not to work. Does this mean I can log in with 9x clients ? if so then it's too bad, cause I got lots of them. PezZ From dariush at forouher.de Thu Feb 15 13:20:42 2001 From: dariush at forouher.de (Dariush Forouher) Date: Tue Dec 2 02:33:19 2003 Subject: Is there a difference between alpha releases and CVS snapshots? In-Reply-To: <3A8AFBE6.149FB698@vtc.edu.hk> Message-ID: On Thu, 15 Feb 2001, Nick Urbanik wrote: > However, alpha2 was released on 29 January 2001, long after the FAQ was > written. So is there a difference between alpha releases and CVS > snapshots? Win2k pdc support should work with the current cvs. The bug has been fixed last week. Dariush From mthomas at rhrk.uni-kl.de Thu Feb 15 14:29:07 2001 From: mthomas at rhrk.uni-kl.de (Martin Thomas [A-RU-BI]) Date: Tue Dec 2 02:33:19 2003 Subject: Problem:proifle permissions samba 2.2/w2k Message-ID: Hello, I try to run a PDC for some Windows 2000 Workstations on a Debian 2.2 Box running Samba 2.2 CVS (last update/checkout 15.2.2001/14:30). Everything seems to work fine expect the profiles. When a W2K machine tries to write back the profiles to the Samba Share some directorys are created with permision 000 but should be 700 Time ist synct with 'net time', unix permissions are ok (only some directorys get wrong permissions others work ok). Browsing the mailing-list archives I found some messages from people who have (had?) the same problem. I asked some people and tried every(?) 'mode' and 'force mode' setting on the profile share - without result. It seems that mkdir in open.c or vfs_mkdir in vfs.c can not create all directory with the right permissions. Any suggestion? patches? workarounds? Thank you, Greetings, Martin --- Martin THOMAS SysAdmin Inst. of. Env. Eng., Univ. of Kaiserlautern, Germany From morris at maynidea.com Thu Feb 15 16:34:22 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:19 2003 Subject: I give up Message-ID: How much is your time worth? I know I could have bought all of my customers a copy of Windows 2000 Server and set it up for them in the time I have wasted playing around with Samba 2.2. After a whole lot of trying this and trying that (the this's and that's from HOW-TO, FAQ, newsgroup postings) I finally succeeded in getting a Win2K box to join the Samba PDC's domain. But of course I couldn't print. The previous printer definitions in smb.conf didn't work anymore: there was always an error when trying to connect from the Win2k client to the printer on the PDC. And when I started trying to implement printers via the [Printers] share, nothing would work until I uploaded the proper driver - and that operation failed for some mysterious reason ("Access denied") after all of the files had been copied to the proper place (via the Add Printer wizard). The last straw was when my local logon profiles "disappeared" - if I logged on as anyone other than "root" to my Win2k client, I had no roaming profile and I had no local profile - I was a ghost. No thanks. I went back to 2.0.7 just to be able to get some work done. Next week, I get a new hard drive and start to leave Linux behind. From spinler.patrick at mayo.edu Thu Feb 15 16:36:42 2001 From: spinler.patrick at mayo.edu (Patrick Spinler) Date: Tue Dec 2 02:33:19 2003 Subject: Help configuring samba appliance References: <3A8AB2A7.558BFAC7@mayo.edu> Message-ID: <3A8C059A.15DF0E1F@mayo.edu> I just tried a freshly compiled winbindd, compiled according the the instructions in the README in the samba-appliance directory. Unfortunately, my newly compiled winbindd doesn't appear to be able to contact the PDC. Same configuration as last time. Again - does anyone have any hints what the problem may be ? Where do I from here to attempt to debug this ? -- Pat $ sudo winbindd -i -d100 codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l->u = True) (u->l = True) (--snip--) Adding chars 0x9c 0x0 (l->u = False) (u->l = False) load_unicode_map: loading unicode map for codepage 850. load_unicode_map: filename /usr/local/samba/lib/codepages/unicode_map.850 does not exist. added interface ip=172.23.52.30 bcast=172.23.53.255 nmask=255.255.254.0 added interface ip=192.168.10.0 bcast=192.168.10.255 nmask=255.255.255.0 establishing connections server: dc=, pwdb_init=0, lsa_hnd=0 looking up dc name for domain RCHWKS resolve_lmhosts: Attempting lmhosts lookup for name RWKSRV00<0x20> startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory resolve_hosts: Attempting host lookup for name RWKSRV00<0x20> bind succeeded on port 0 Sending a packet of len 236 to (129.176.100.175) on port 138 [000] 10 1A 39 3E C0 A8 0A 00 0B 0D 00 EC 00 00 20 46 ..9>.... ...... F [010] 43 44 41 44 41 44 46 44 46 44 47 44 43 44 41 43 CDADADFD FDGDCDAC [020] 41 43 41 43 41 43 41 43 41 43 41 43 41 41 41 00 ACACACAC ACACAAA. [030] 20 46 43 45 44 45 49 46 48 45 4C 46 44 43 41 43 FCEDEIF HELFDCAC [040] 41 43 41 43 41 43 41 43 41 43 41 43 41 43 41 42 ACACACAC ACACACAB [050] 4C 00 FF 53 4D 42 25 00 00 00 00 00 00 00 00 00 L..SMB%. ........ [060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [070] 00 00 11 00 00 3E 00 00 00 00 00 00 00 00 00 00 .....>.. ........ [080] 00 00 00 00 00 00 00 00 00 3E 00 5C 00 03 00 01 ........ .>.\.... [090] 00 01 00 02 00 4F 00 5C 4D 41 49 4C 53 4C 4F 54 .....O.\ MAILSLOT [0A0] 5C 4E 45 54 5C 4E 45 54 4C 4F 47 4F 4E 00 07 00 \NET\NET LOGON... [0B0] 72 30 30 35 35 36 32 30 00 5C 4D 41 49 4C 53 4C r0055620 .\MAILSL [0C0] 4F 54 5C 4E 45 54 5C 47 45 54 44 43 31 34 36 35 OT\NET\G ETDC1465 [0D0] 34 00 72 00 30 00 30 00 35 00 35 00 36 00 32 00 4.r.0.0. 5.5.6.2. [0E0] 30 00 00 00 01 00 00 00 FF FF FF FF 0....... .... (--- repeated 3 times ---) unable to lookup pdc name for 129.176.100.175 in domain RCHWKS no domain controllers found for domain RCHWKS Patrick Spinler wrote: > > Hi: > > I've been messing with the samba appliance package recently (the 0.5 rpm > version built last aug 17), and am having difficulty getting logins > working via the supplied pam modules. Here's my setup: > > My workstation is R0055620, a member of the domain RCHWKS > My account is pjs11, a account in domain MC > The RCHWKS domain trusts the MC domain (and the RCH domain, too) > > When I attempt to login using MC\pjs11, winbindd spits this tidbit of > log: > > 006e id_auth[0] : 00 > 006f id_auth[1] : 00 > 0070 id_auth[2] : 00 > 0071 id_auth[3] : 00 > 0072 id_auth[4] : 00 > 0073 id_auth[5] : 05 > 0074 sub_auths : 00000015 7c0150b7 0fdc7252 030312ce > 0084 status: 00000000 > adding trusted domain MC > adding trusted domain RCH > (--- NOTE: here is end of winbind startup log, below is login attempt) > accepted socket 8 > [29305]: pam auth MC\pjs11 > could not get trust password for domain MC > > I've attached my pam config file and nsswitch.conf, and the complete > winbindd output is at http://spinler.dhs.org/~pspinler/winbindd.log. > My system is a somewhat updated redhat 6.2, glibc 2.1.1. > > I've also just recompiled the various componants from cvs SAMBA_TNG and > APPLIANCE_HEAD branches, and will be trying these new componants later > today. > > -- Pat > > p.s. whenever I redirect winbind's output to a file, it hangs. Any > ideas ? E.g. this command: > > $ winbindd -i -d 100 > /tmp/winbindd.log > > produces a hung winbindd, only killable by kill -9. Any clues ? > > -- > This message does not represent the policies or positions > of the Mayo Foundation or its subsidiaries. > Patrick Spinler email: Spinler.Patrick@Mayo.EDU > Mayo Foundation phone: 507/284-9485 > > ------------------------------------------------------------------------ > # > # /etc/nsswitch.conf > # > # An example Name Service Switch config file. This file should be > # sorted with the most-used services at the beginning. > # > # The entry '[NOTFOUND=return]' means that the search for an > # entry should stop if the search in the previous entry turned > # up nothing. Note that if the search failed due to some other reason > # (like no NIS server responding) then the search continues with the > # next entry. > # > # Legal entries are: > # > # nisplus or nis+ Use NIS+ (NIS version 3) > # nis or yp Use NIS (NIS version 2), also called YP > # dns Use DNS (Domain Name Service) > # files Use the local files > # db Use the local database (.db) files > # compat Use NIS on compat mode > # [NOTFOUND=return] Stop searching if not found so far > # > > # To use db, put the "db" in front of "files" for entries you want to be > # looked up first in the databases > # > # Example: > #passwd: db files nisplus nis > #shadow: db files nisplus nis > #group: db files nisplus nis > > passwd: files winbind > shadow: files winbind > group: files winbind > > #passwd: files nisplus nis winbind > #shadow: files nisplus nis winbind > #group: files nisplus nis winbind > > #hosts: db files nisplus nis dns > hosts: files nisplus nis dns > > services: nisplus [NOTFOUND=return] files > networks: nisplus [NOTFOUND=return] files > protocols: nisplus [NOTFOUND=return] files > rpc: nisplus [NOTFOUND=return] files > ethers: nisplus [NOTFOUND=return] files > netmasks: nisplus [NOTFOUND=return] files > bootparams: nisplus [NOTFOUND=return] files > > netgroup: nisplus > > publickey: nisplus > > automount: files nisplus > aliases: files nisplus > > ------------------------------------------------------------------------ > #%PAM-1.0 > auth required /lib/security/pam_securetty.so > auth required /lib/security/pam_nologin.so > auth sufficient /lib/security/pam_winbind.so > auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok > #account required /lib/security/pam_pwdb.so > account required /lib/security/pam_winbind.so > password required /lib/security/pam_cracklib.so > password required /lib/security/pam_pwdb.so shadow nullok use_authtok > session required /lib/security/pam_pwdb.so > session optional /lib/security/pam_console.so -- This message does not represent the policies or positions of the Mayo Foundation or its subsidiaries. Patrick Spinler email: Spinler.Patrick@Mayo.EDU Mayo Foundation phone: 507/284-9485 From dl at tyfon.net Thu Feb 15 16:40:45 2001 From: dl at tyfon.net (Dan Larsson) Date: Tue Dec 2 02:33:19 2003 Subject: Diskspace piechart query Message-ID: I have set a size quota on the users homecatalog. Is it possible to display the remaining space with regards to the quota left instead of the entire disk space left? This is with samba-2.0.7 on a FreeBSD box Regards +------ Dan Larsson | Tel: +46 8 550 120 21 Tyfon Svenska AB | Fax: +46 8 550 120 02 GPG and PGP keys | finger dl@hq1.tyfon.net From p.mayers at ic.ac.uk Thu Feb 15 16:43:57 2001 From: p.mayers at ic.ac.uk (Mayers, Philip J) Date: Tue Dec 2 02:33:19 2003 Subject: I give up Message-ID: Bye! Regards, Phil +----------------------------------+ | Phil Mayers, Network Support | | Centre for Computing Services | | Imperial College | +----------------------------------+ -----Original Message----- From: Morris Maynard [mailto:morris@maynidea.com] Sent: 15 February 2001 16:34 To: samba-ntdom@lists.samba.org Subject: I give up From kevinc at grainsystems.com Thu Feb 15 16:48:16 2001 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:33:19 2003 Subject: I give up References: Message-ID: <3A8C0850.AEF39F16@grainsystems.com> Morris Maynard wrote: > > No thanks. I went back to 2.0.7 just to be able to get some work done. I should point out that Samba 2.2 is in alpha release. It is not expected to work in production yet, although many people are using it successfully despite that. > Next week, I get a new hard drive and start to leave Linux behind. It sounds like you may have bigger issues to resolve than Samba. Best of luck. - Kevin Colby kevinc@grainsystems.com From Stefaan.Eeckels at ecc.lu Thu Feb 15 16:52:39 2001 From: Stefaan.Eeckels at ecc.lu (Stefaan A Eeckels) Date: Tue Dec 2 02:33:19 2003 Subject: I give up In-Reply-To: Message-ID: On 15-Feb-2001 Morris Maynard wrote: > How much is your time worth? I know I could have bought all of my customers > a copy of Windows 2000 Server and set it up for them in the time I have > wasted playing around with Samba 2.2. It's alpha code. Don't play if you don't have time. <-- Printing woes snipped --> > The last straw was when my local logon profiles "disappeared" - if I logged > on as anyone other than "root" to my Win2k client, I had no roaming profile > and I had no local profile - I was a ghost. > > No thanks. I went back to 2.0.7 just to be able to get some work done. You can thank MS for having nice, incompatible versions of a sucky undocumented network protocol. Seems like they convinced you that's a productive way of doing business. Your money, your decision. > Next week, I get a new hard drive and start to leave Linux behind. Jeezes, did you wear it out trying Samba 2.2? Stefaan -- How's it supposed to get the respect of management if you've got just one guy working on the project? It's much more impressive to have a battery of programmers slaving away. -- Jeffrey Hobbs (comp.lang.tcl) From mosborne at jacads.com Thu Feb 15 18:25:47 2001 From: mosborne at jacads.com (Michael E Osborne) Date: Tue Dec 2 02:33:20 2003 Subject: I give up Message-ID: <0A2569F4.005DDEB8.00@recmail.omc.johnston.af.mil> My time is worth a great deal, which is why I turned to Samba in the first place. I'm looking forward to 2.2, but it's not ready yet. We operate 24x7 and Samba "just works". One of my Samba servers has been running for 310 days with out a single glitch. That's what my users want, reliability. The time I've invested in learning Samba has been paid back many times over. Samba assists me in doing what I want to do where Windows tries to dictate how I should do it. Morris Maynard on 02/15/2001 06:34:22 AM To: samba-ntdom@us5.samba.org cc: (bcc: Michael E Osborne/JACADS/REC) Subject: I give up How much is your time worth? I know I could have bought all of my customers a copy of Windows 2000 Server and set it up for them in the time I have wasted playing around with Samba 2.2. After a whole lot of trying this and trying that (the this's and that's from HOW-TO, FAQ, newsgroup postings) I finally succeeded in getting a Win2K box to join the Samba PDC's domain. But of course I couldn't print. The previous printer definitions in smb.conf didn't work anymore: there was always an error when trying to connect from the Win2k client to the printer on the PDC. And when I started trying to implement printers via the [Printers] share, nothing would work until I uploaded the proper driver - and that operation failed for some mysterious reason ("Access denied") after all of the files had been copied to the proper place (via the Add Printer wizard). The last straw was when my local logon profiles "disappeared" - if I logged on as anyone other than "root" to my Win2k client, I had no roaming profile and I had no local profile - I was a ghost. No thanks. I went back to 2.0.7 just to be able to get some work done. Next week, I get a new hard drive and start to leave Linux behind. From mg at connection-net.de Thu Feb 15 18:39:20 2001 From: mg at connection-net.de (Michael Glauche) Date: Tue Dec 2 02:33:20 2003 Subject: I give up In-Reply-To: <0A2569F4.005DDEB8.00@recmail.omc.johnston.af.mil> Message-ID: <3013416521.982265960@[10.1.1.2]> --On Donnerstag, 15. Februar 2001 08:25 -1000 Michael E Osborne wrote: > My time is worth a great deal, which is why I turned to Samba in the first > place. I'm looking forward to 2.2, but it's not ready yet. We operate > 24x7 and Samba "just works". One of my Samba servers has been running for > 310 days with out a single glitch. That's what my users want, > reliability. The time I've invested in learning Samba has been paid back > many times over. > > Samba assists me in doing what I want to do where Windows tries to dictate > how I should do it. I can only second this. Samba is very good in the right places. PDC support for any NT clients (4.0 or 2k) has allways been alpha, so your either know that you are dealing with alpha software (i.e. do some test installation, see if it works for you, then stick with that version) or you just have to use a different solluotion. At our company we have one NT 4.0 PDC, who does NOTHING besides managing users and serving profiles ... the rest are asorted samba servers (as domain memebers). We are quite happy with this kind of sollution, as it works rock-stable. (of course some LDAP server together with a samba PDC would be REALLY perfect, or something else where sasl could store and sync its information .... :) regards, Michael -- Gewinn ein 66 GB Tape Drive ! http://www.ecrix.com/extreme/index.cfm?ref=39817 From ssande at sandia.gov Thu Feb 15 19:07:06 2001 From: ssande at sandia.gov (Stan Sander) Date: Tue Dec 2 02:33:20 2003 Subject: I give up References: <0A2569F4.005DDEB8.00@recmail.omc.johnston.af.mil> Message-ID: <3A8C28D9.FD9997EA@sandia.gov> My time is valuable as is everyone else's. Someone whose time is not valuable is most likely not doing anything worthwhile in the first place. I, too, am looking forward to 2.2. In fact, I just recently joined this mailing list so I could start to develop a picture of how 2.2 is going to work. However, right now 2.2 is bleeding edge, and if you want to use it, you can expect to "bleed" a little. Thank goodness for those who are willing to do that so the rest of the world can have a stable product. I've got samba servers that run for months with no trouble. I still get users who come to me with questions for which samba is the answer. In fact, I keep a copy of the source code for the latest stable release handy for just such occasions. I can compile and configure a samba server on almost any *nix platform and have it in production in under an hour, and then not have to worry about it anymore. It does what it's supposed to do and I take care of other things. Yes, it may take a while to figure it all out, but it is worthwhile. Maybe you should consider spending a few dollars on one of the books that has been published about samba and at the very least use it as a reference. Spending more money on MS software isn't going to get you any closer to *nix and MS connectivity and interoperability. Michael E Osborne wrote: > My time is worth a great deal, which is why I turned to Samba in the first > place. I'm looking forward to 2.2, but it's not ready yet. We operate 24x7 > and Samba "just works". One of my Samba servers has been running for 310 > days with out a single glitch. That's what my users want, reliability. The > time I've invested in learning Samba has been paid back many times over. > > Samba assists me in doing what I want to do where Windows tries to dictate > how I should do it. > > Morris Maynard on 02/15/2001 06:34:22 AM > > To: samba-ntdom@us5.samba.org > cc: (bcc: Michael E Osborne/JACADS/REC) > Subject: I give up > > How much is your time worth? I know I could have bought all of my customers > a copy of Windows 2000 Server and set it up for them in the time I have > wasted playing around with Samba 2.2. > > After a whole lot of trying this and trying that (the this's and that's > from > HOW-TO, FAQ, newsgroup postings) I finally succeeded in getting a Win2K box > to join the Samba PDC's domain. But of course I couldn't print. The > previous > printer definitions in smb.conf didn't work anymore: there was always an > error when trying to connect from the Win2k client to the printer on the > PDC. And when I started trying to implement printers via the [Printers] > share, nothing would work until I uploaded the proper driver - and that > operation failed for some mysterious reason ("Access denied") after all of > the files had been copied to the proper place (via the Add Printer wizard). > > The last straw was when my local logon profiles "disappeared" - if I logged > on as anyone other than "root" to my Win2k client, I had no roaming profile > and I had no local profile - I was a ghost. > > No thanks. I went back to 2.0.7 just to be able to get some work done. Next > week, I get a new hard drive and start to leave Linux behind. -- Stan Sander - CSU Special Projects Sandia National Laboratories (505) 284-4915 Mail Stop 0662 1515 Eubank Blvd. SE Albuquerque, NM 87123 From kathee at ezunx.com Thu Feb 15 19:17:20 2001 From: kathee at ezunx.com (Kat) Date: Tue Dec 2 02:33:20 2003 Subject: I give up In-Reply-To: Message-ID: Hmm, on my first try I removed Windows NT and 2000 Domain controllers, replaced with Samba 2.2, added all win2K and NT and 98 clients. Profiles worked beautifully. Printing works better and faster than before. (I use CUPs) I am using 2.2 as DC's and on all the other file servers, running 2.07 which works like a champ. Using with reiserFS/striped file systems and the speed is wonderful for my users. They asked after the conversion if we bought new 'super servers'. Funny thing is the new file servers have P2's and the only windows 2K boxes have P3's. The P3's are being converted to user desktops. I guess I can understand frustration levels, as I have felt it before, but "giving up" should never be an option. Unless someone says flat out that what you want to do can't be done. I have now converted 3 companies (largest has 75 users) to running a 100% samba/linux environment. CLients of course are W2K and NT.. The love the speed and the systems have been rock solid with no lockups or any problems, unlike W2K advanced server which locked up 3 times in the first week they went to it. Either do, or do not, there is no try. To 'try' assumes failure... Cheers Kathee -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Morris Maynard Sent: Thursday, February 15, 2001 11:34 AM To: samba-ntdom@lists.samba.org Subject: I give up How much is your time worth? I know I could have bought all of my customers a copy of Windows 2000 Server and set it up for them in the time I have wasted playing around with Samba 2.2. After a whole lot of trying this and trying that (the this's and that's from HOW-TO, FAQ, newsgroup postings) I finally succeeded in getting a Win2K box to join the Samba PDC's domain. But of course I couldn't print. The previous printer definitions in smb.conf didn't work anymore: there was always an error when trying to connect from the Win2k client to the printer on the PDC. And when I started trying to implement printers via the [Printers] share, nothing would work until I uploaded the proper driver - and that operation failed for some mysterious reason ("Access denied") after all of the files had been copied to the proper place (via the Add Printer wizard). The last straw was when my local logon profiles "disappeared" - if I logged on as anyone other than "root" to my Win2k client, I had no roaming profile and I had no local profile - I was a ghost. No thanks. I went back to 2.0.7 just to be able to get some work done. Next week, I get a new hard drive and start to leave Linux behind. From xwindowuser at discflo.com Thu Feb 15 19:38:57 2001 From: xwindowuser at discflo.com (Larry Clark) Date: Tue Dec 2 02:33:20 2003 Subject: I give up References: Message-ID: <3A8C3051.14B572B2@discflo.com> Kat wrote: and I questioned: Kat, I am getting ready to dp this: I have an existing PDC using NT. I want to replace it with SAMBA, which will get rid of a small, but significant licensing issue. any suggestions before I attempt this on my own? thanks. such as point all other server to it as passwd server. and will all other servers go to it for authentication? thanks. any suggestions before I dive in head first? thanks. > > Hmm, on my first try I removed Windows NT and 2000 Domain controllers, > replaced with Samba 2.2, added all win2K and NT and 98 clients. Profiles > worked beautifully. Printing works better and faster than before. (I use > CUPs) > > I am using 2.2 as DC's and on all the other file servers, running 2.07 > which works like a champ. Using with reiserFS/striped file systems and > the speed is wonderful for my users. They asked after the conversion > if we bought new 'super servers'. Funny thing is the new file servers > have P2's and the only windows 2K boxes have P3's. The P3's are being > converted to user desktops. > > I guess I can understand frustration levels, as I have felt it before, > but "giving up" should never be an option. Unless someone says flat > out that what you want to do can't be done. > > I have now converted 3 companies (largest has 75 users) to running a 100% > samba/linux environment. CLients of course are W2K and NT.. The love > the speed and the systems have been rock solid with no lockups or any > problems, unlike W2K advanced server which locked up 3 times in the > first week they went to it. > > Either do, or do not, there is no try. To 'try' assumes failure... > > Cheers > Kathee > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Morris Maynard > Sent: Thursday, February 15, 2001 11:34 AM > To: samba-ntdom@lists.samba.org > Subject: I give up > > How much is your time worth? I know I could have bought all of my customers > a copy of Windows 2000 Server and set it up for them in the time I have > wasted playing around with Samba 2.2. > > After a whole lot of trying this and trying that (the this's and that's from > HOW-TO, FAQ, newsgroup postings) I finally succeeded in getting a Win2K box > to join the Samba PDC's domain. But of course I couldn't print. The previous > printer definitions in smb.conf didn't work anymore: there was always an > error when trying to connect from the Win2k client to the printer on the > PDC. And when I started trying to implement printers via the [Printers] > share, nothing would work until I uploaded the proper driver - and that > operation failed for some mysterious reason ("Access denied") after all of > the files had been copied to the proper place (via the Add Printer wizard). > > The last straw was when my local logon profiles "disappeared" - if I logged > on as anyone other than "root" to my Win2k client, I had no roaming profile > and I had no local profile - I was a ghost. > > No thanks. I went back to 2.0.7 just to be able to get some work done. Next > week, I get a new hard drive and start to leave Linux behind. From markus at softwarerun.com Thu Feb 15 19:56:54 2001 From: markus at softwarerun.com (Markus Reimer) Date: Tue Dec 2 02:33:20 2003 Subject: Instabillity with samba 2.0.7 and Windows Terminal Server Message-ID: Hi! My setup is as follows: One Domaincontroller running Samba 2.0.7 and two fileservers running Samba 2.0.7 All running under AIX 4.3.3 (HACMP with mutual takeover) Roaming profiles and at login every user mount's one share from each fileserver. The problem is that at irregular intervals (allthou rather frequent) the drives cant be mapped due to user permisions... It usually works if the user tries to login once again. The network is not very loaded and the problem occurs even if I only have one user active in the net... Help! Another problem I have is when I tries to upgrade the domain controller to Samba 2.2, I cant get the WinTSE client's to use the initial program variable, they just get the destop, as noted by another user on this list earlier, any hint's??? Btw, anyone have an idea how I can mount two samba shares on a WinTSE at boot time and have them visible to all users, not only the system? Regards, //Markus Reimer CTO, SoftwareRun AB --- markus@softwarerun.com www.softwarerun.com Office:+46-(0)155-256 440 Fax: +46-(0)155-256 441 Cell: +46-(0)70-7106991 -------------- next part -------------- A non-text attachment was scrubbed... Name: Markus Reimer.vcf Type: text/x-vcard Size: 404 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010215/a275a607/MarkusReimer.vcf From jbcurry at hline.localhealth.net Thu Feb 15 20:33:30 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:20 2003 Subject: I give up In-Reply-To: Message-ID: > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Morris Maynard > Sent: Thursday, February 15, 2001 11:34 AM > > > How much is your time worth? I know I could have bought all of my > customers a copy of Windows 2000 Server and set it up for them in > the time I have wasted playing around with Samba 2.2. Yesiree! My time is worth quite a bit... and it's a good thing Microsoft is around to provide me with work so I get payed for my time! For example, I was fortunate enough yesterday to spend 4 hours reinstalling Office 2000 on a laptop because of repetitive system crashes with editing functions, and none of the 50 million versions of Office 2000 CD's we have seemed to be the one that was needed in order for the uninstall process to complete. I finally had to install Office 2000 Professional SR-1 on top of Office 2000 Standard so that it updated the installer, then I was finally able to uninstall (which I still had to do because Office 2000 Pro wasn't the proper license). Then I had fun reinstalling Windows 2000 Standard since it was an update version and demanded to see a license of a qualifying product, which had been removed almost a year ago just after the original installation of Office 2000 to make room on the hard drive. So I had to track down the original Lotus Smart Suite CD and install that simply for the purpose of reinstalling Office 2000. Fun, huh? Yep, with a comparable smelly old Open Source software package I would've been done in 15 minutes, and then how would I justify my paycheck? Not to mention I'd have missed the 30 service calls I've had this week of system lockups, fatal exception errors, flaky printing, and flaky startup errors that happen for no other reason than it's Windows 9x. Meanwhile, I don't think I've rebooted my Linux box for about 6 months, now. Man, if everybody here was using Linux, I could be out of a job. > > After a whole lot of trying this and trying that (the this's and > that's from HOW-TO, FAQ, newsgroup postings) I finally succeeded > in getting a Win2K box to join the Samba PDC's domain. But of course > I couldn't print. What brilliance!! Here, your company puts a Linux server in place, meaning you'll have very little justification for maintenance and support tasks, which will certainly put somebody's job at risk, and you have the stroke of genius to use the Alpha version of Samba AND throw in Win2K clients to boot!! Now, that's quick thinking to maintain job security!!! > The previous printer definitions in smb.conf didn't work anymore: > there was always an error when trying to connect from the Win2k client > to the printer on the PDC. And when I started trying to implement > printers via the [Printers] share, nothing would work until I uploaded > the proper driver - and that operation failed for some mysterious > reason ("Access denied") after all of the files had been copied to the > proper place (via the Add Printer wizard). > > The last straw was when my local logon profiles "disappeared" - > if I logged on as anyone other than "root" to my Win2k client, I had > no roaming profile and I had no local profile - I was a ghost. > > No thanks. I went back to 2.0.7 just to be able to get some work > done. Next week, I get a new hard drive and start to leave Linux > behind. Yep. 'Coz you gotta justify that paycheck. And what better way than to use Microsoft products! And, heck, you just pointed out one more good reason to use Microsoft - all the wasted hard drive space and inefficient code justifies the purchase of new hard drives, processors and memory!! Talk about a win-win situation!! Man, you must make out like a bandit in Information Technology!! I bet Microsoft would hire you in a nanosecond!!! <\sarcasm> From aeby at graeff.com Thu Feb 15 23:22:32 2001 From: aeby at graeff.com (Thomas Aeby) Date: Tue Dec 2 02:33:20 2003 Subject: Instabillity with samba 2.0.7 and Windows Terminal Server In-Reply-To: Message-ID: On Thu, 15 Feb 2001, Markus Reimer wrote: > Another problem I have is when I tries to upgrade the domain controller to > Samba 2.2, I cant get the WinTSE client's to use the initial program > variable, they just get the destop, as noted by another user on this list > earlier, any hint's??? You mean you are successfully run Windows TSE machines with a Samba domain controller. I would be really glad if my TSEs would go so far ... Have you done something special or "did it just work"? (My "success story" so far: [x] joined domain, [x] authentication works for shares, [x] interactive logins refused) > Btw, anyone have an idea how I can mount two samba shares on a WinTSE at > boot time and have them visible to all users, not only the system? Put "Net use" commands into the login script? Since this is "the Windows way" this will probably work with causing only the usual NT problems instead of some additional TSE troubles :-)) Provided you find a way to make a system "mounted" share available to all users wouldn't they all access the share via the same (system) account? Is this what you intend to do? Best regards, Tom ---------------------------------------------------------------------------- Thomas Aeby, Kirchweg 40, 1735 Giffers, Switzerland, Voice : (+41)26 4180040 Internet: aeby@graeff.com PGP public key available ---------------------------------------------------------------------------- Programmers never die - they just branch to a new address From jeremy at valinux.com Thu Feb 15 21:37:32 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:20 2003 Subject: Problem:proifle permissions samba 2.2/w2k References: Message-ID: <3A8C4C1C.54AC790@valinux.com> "Martin Thomas [A-RU-BI]" wrote: > > Hello, > > I try to run a PDC for some Windows 2000 Workstations on a Debian 2.2 Box > running Samba 2.2 CVS (last update/checkout 15.2.2001/14:30). > Everything seems to work fine expect the profiles. When > a W2K machine tries to write back the profiles to the Samba Share > some directorys are created with permision 000 but should be 700 > Time ist synct with 'net time', unix permissions are ok (only some > directorys get wrong permissions others work ok). > Browsing the mailing-list archives I found some messages from people who > have (had?) the same problem. > I asked some people and tried every(?) 'mode' and 'force mode' setting on > the profile share - without result. It seems that mkdir in open.c or > vfs_mkdir in vfs.c can not create all directory with the right > permissions. > > Any suggestion? patches? workarounds? Ok - now I've fixed the odd/even domain name problem with W2K clients joining a 2.2 PDC I'm trying to track down and fix this bug. The problem is I can't reproduce it on my system, my profile/ directory and all the directories within it get created fine, and with the correct permissions. Can you, and others experiancing this problem please check out the current Samba 2.2 CVS, delete the users profile directory and then login/out of the W2K client with Samba set to debug level 10, and then mail me the smb.conf, plus the *complete* log file (I don't care how big it is), plus the output from ls -lR on the UNIX system in the users profile directory. That is of course if the problem with zero permission directories is seen. Thanks, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From bwhitehd at earthlink.net Fri Feb 16 00:09:39 2001 From: bwhitehd at earthlink.net (Brian Whitehead) Date: Tue Dec 2 02:33:20 2003 Subject: logon script not running on Win9x Message-ID: <382924023.982282180723.JavaMail.root@web624-wrb.mail.com> Has anyone run into problems with the logon script not running on Win9x machines using Samba 2.0.7? The script runs just fine on NT but not 9x. I say fine, but for some reason the home drive doesn't map every time, just part of the time. I have checked the script and believe the smb.conf file is correct. If you have any ideas let me know. I don't have the smb.conf file with me right now or I would attach. Let me know if someone needs more information. Thanks, Brian W From garcian002 at hawaii.rr.com Fri Feb 16 00:25:12 2001 From: garcian002 at hawaii.rr.com (Nelson Garcia) Date: Tue Dec 2 02:33:20 2003 Subject: logon script not running on Win9x References: <382924023.982282180723.JavaMail.root@web624-wrb.mail.com> Message-ID: <008701c097ae$ed9eb9c0$8122050a@cpf.navy.mil> I had a similar problem that had to do with permissions, no problems since. Symptoms were the command shell window would flash on win 9x when logging in (so I knew that I was reaching the PDC every time) but nothing was done. I have samba 2.0.7 on Mandrake Linux 7.1, with Win NT 4.0 and Win 98 clients. Aloha, Nelson ----- Original Message ----- From: "Brian Whitehead" To: Sent: Thursday, February 15, 2001 02:09 PM Subject: logon script not running on Win9x > Has anyone run into problems with the logon script not running on Win9x machines using Samba 2.0.7? > > The script runs just fine on NT but not 9x. I say fine, but for some reason the home drive doesn't map every time, just part of the time. I have checked the script and believe the smb.conf file is correct. If you have any ideas let me know. I don't have the smb.conf file with me right now or I would attach. Let me know if someone needs more information. > > Thanks, > Brian W > > > > From jeremy at valinux.com Thu Feb 15 22:39:43 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:20 2003 Subject: Problem:proifle permissions samba 2.2/w2k References: <3A8C4C1C.54AC790@valinux.com> Message-ID: <3A8C5AAF.BC7B3281@valinux.com> Jeremy Allison wrote: > > The problem is I can't reproduce it on my system, my profile/ > directory and all the directories within it get created fine, > and with the correct permissions. > > Can you, and others experiancing this problem please check > out the current Samba 2.2 CVS, delete the users profile > directory and then login/out of the W2K client with Samba > set to debug level 10, and then mail me the smb.conf, plus > the *complete* log file (I don't care how big it is), plus > the output from ls -lR on the UNIX system in the users profile > directory. Ok - please ignore the previous email (especially about sending massive log files :-) :-). I've now found and fixed the bug in both 2.2 and HEAD. Please CVS update and test it out (remember to delete the profile directory with the bad permissions first), but it works fine here. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From bgjohnson at crosslink.net Fri Feb 16 03:48:39 2001 From: bgjohnson at crosslink.net (root) Date: Tue Dec 2 02:33:20 2003 Subject: Mapping W2K Share to RedHat Linux 6.2 Message-ID: <3A8CA317.63FA7CC4@crosslink.net> I am tying to map W2K shares to my RedHat Linux 6.2 machine. I am running Samba 2.0.7 and am able to browse the Linux partitions from the W2K machines. I can connect to the W2K shares from the Linux machine okay using the smbclient. Anyone help? Thanks, Byron Johnson -------------- next part -------------- A non-text attachment was scrubbed... Name: bgjohnson.vcf Type: text/x-vcard Size: 156 bytes Desc: Card for root Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010215/33a7fde9/bgjohnson.vcf From ryan.phillips at csus.edu Fri Feb 16 06:13:04 2001 From: ryan.phillips at csus.edu (Ryan Phillips) Date: Tue Dec 2 02:33:20 2003 Subject: PDC Problems Message-ID: <8681520400.20010215221304@csus.edu> Our network currently has an NT4 box that serves as a primary domain controller. All I want the Samba server to do is authenticate accounts upon login with the NT server (I have got this working). It seems that when the NT machine goes down for a backup the Samba Server takes control of the domain and doesn't give it back to the NT server. I've included the samba config file as an attachment. Any help would be appreciated. Best Regards, Ryan Phillips -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 8987 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010215/3b138522/smb.obj From lubo at ru.acad.bg Fri Feb 16 09:29:22 2001 From: lubo at ru.acad.bg (Lubomir) Date: Tue Dec 2 02:33:20 2003 Subject: samba & NT administration issues Message-ID: <3A8CF2F2.9000201@ru.acad.bg> I have samba 2.0.7 on RH7.0 Linux box acting as PDC for 40 NT4 SP6a workstations.I have some difficulties here and any help would be appreciated. 1. More than one users are allowed to logon at the same time. I want just one.No more. May be right samba option is missing? 2. I want to delete roaming profiles after user logoff and save them on samba server. I tried this: [profiles] ... root postexec = /bin/rm -rf /samba/profiles/%U but it didn't worked. Is there something I am missing? 3. There is "c:\temp" directory on WSs (name tells purpose) and "everyone" is given "RWXD RWXD" rights. The problem - a ordinary user is able to create directory there and he can remove all rights (for admins and system too) he wants on it. Then even with administrative user rights I am unable to delete dir or change the rights! I added "creator-owner" with RWXD RWXD rights on c:\temp but it didn't worked. It turned out the true owner of new directory is not "creator-owner" but "account unknown" who obviously has full rights. This user was authenticated by samba PDC but can't be determined by NT WS (it refuses to add this "account unknown" in directory permission list of c:\temp and it can't be given any rights). I want to disable changing rights and ownership for files and directories in c:\temp for ordinary users or just be able to easy delete them. Maybe there is some workaround (some policy key I don't know!) for this. 4. The same linux box is squid proxy which is cascaded on another proxy in separated network. I want all users to be able to browse sites in the other network but only autenticated users to have access to the internet. Can you recommend me solution? Thanks in advance! --- Lubomir Velkov University Of Rousse From Vincent.Morlot at netcourrier.com Fri Feb 16 09:45:34 2001 From: Vincent.Morlot at netcourrier.com (Vincent Morlot) Date: Tue Dec 2 02:33:20 2003 Subject: Samba and trust relationship Message-ID: <3A8CF6BE.222B9D22@netcourrier.com> Hello, We are using a samba 2.0.7 pdc with 150 nt 4.0 workstations with 400 users, on the other side we have a domain with a nt 4.0 server. In order to run a program that use com-dcom protocol with the NT server we have to make a trust relationship between our samba controller and the nt server. How to do that ? Would you please help us Thanks From PascalVial at compuserve.com Fri Feb 16 16:22:06 2001 From: PascalVial at compuserve.com (Pascal Vial) Date: Tue Dec 2 02:33:20 2003 Subject: samba & NT administration issues References: <3A8CF2F2.9000201@ru.acad.bg> Message-ID: <3A8D53AE.EBC02057@compuserve.com> to delete roaming profiles after user logoff from nt workstation use regedit and in HKLM/software/Microsoft/Windows NT/Current version/winlogon create a dword key DeleteRoamingCache=1 Lubomir a ?crit : > > I have samba 2.0.7 on RH7.0 Linux box acting as PDC for 40 NT4 SP6a > workstations.I have some difficulties here and any help would be > appreciated. > > 1. More than one users are allowed to logon at the same time. I want > just one.No more. May be right samba option is missing? > > 2. I want to delete roaming profiles after user logoff and save them on > samba server. I tried this: > > [profiles] > ... > root postexec = /bin/rm -rf /samba/profiles/%U > > but it didn't worked. Is there something I am missing? > > 3. There is "c:\temp" directory on WSs (name tells purpose) and > "everyone" is given "RWXD RWXD" rights. The problem - a ordinary user is > able to create directory there and he can remove all rights (for admins > and system too) he wants on it. Then even with administrative user > rights I am unable to delete dir or change the rights! > I added "creator-owner" with RWXD RWXD rights on c:\temp but it didn't > worked. It turned out the true owner of new directory is not > "creator-owner" but "account unknown" who obviously has full rights. > This user was authenticated by samba PDC but can't be determined by NT > WS (it refuses to add this "account unknown" in directory permission > list of c:\temp and it can't be given any rights). > I want to disable changing rights and ownership for files and > directories in c:\temp for ordinary users or just be able to easy delete > them. Maybe there is some workaround (some policy key I don't know!) for > this. > > 4. The same linux box is squid proxy which is cascaded on another proxy > in separated network. I want all users to be able to browse sites in the > other network but only autenticated users to have access to the > internet. Can you recommend me solution? > > Thanks in advance! > > --- > Lubomir Velkov > University Of Rousse From markus at softwarerun.com Fri Feb 16 10:48:47 2001 From: markus at softwarerun.com (Markus Reimer) Date: Tue Dec 2 02:33:20 2003 Subject: Instabillity with samba 2.0.7 and Windows Terminal Server In-Reply-To: Message-ID: > You mean you are successfully run Windows TSE machines with a Samba > domain controller. > I would be really glad if my TSEs would go so far ... > > Have you done something special or "did it just work"? > (My "success story" so far: [x] joined domain, [x] > authentication works > for shares, [x] interactive logins refused) Just to annoy you: It did just work ;) Accually, I have had severas setups with different versions of samba and TSE, and never had any problems specificly regarding the TSE, except for some really old bug's that resolved some years ago... > > Btw, anyone have an idea how I can mount two samba shares > on a WinTSE at > > boot time and have them visible to all users, not only the system? > > Put "Net use" commands into the login script? Since this is > "the Windows > way" this will probably work with causing only the usual NT > problems instead > of some additional TSE troubles :-)) > Provided you find a way to make a system "mounted" share > available to all > users wouldn't they all access the share via the same > (system) account? Is > this what you intend to do? Yes, the problem is to 'make a system "mounted" share available to all users'... I can get the share mounted at boot time, but only the system sees the share... :( Regards //Markus Reimer CTO, SoftwareRun AB --- markus@softwarerun.com www.softwarerun.com Office:+46-(0)155-256 440 Fax: +46-(0)155-256 441 Cell: +46-(0)70-7106991 From simo.sorce at polimi.it Fri Feb 16 11:15:23 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:20 2003 Subject: Samba and trust relationship In-Reply-To: <3A8CF6BE.222B9D22@netcourrier.com> Message-ID: Trust relationships are not supported by samba 2.0.7 and probably will not be supported neither by samba 2.2.0 Sorry. On Fri, 16 Feb 2001, Vincent Morlot wrote: > Hello, > > We are using a samba 2.0.7 pdc with 150 nt 4.0 > workstations with 400 users, on the other side we > have a domain with a nt 4.0 server. > In order to run a program that use com-dcom > protocol with the NT server we have to make a > trust relationship between our samba controller > and the nt server. > How to do that ? > > Would you please help us > > Thanks > > -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From yanqui at neokimia.com Fri Feb 16 14:20:49 2001 From: yanqui at neokimia.com (Yanick Quirion) Date: Tue Dec 2 02:33:20 2003 Subject: Problem Master Browser Message-ID: <000701c09823$a9e7ec40$389ed284@neokimia.com> Hi everybody! I got a little problem with my Samba 2.2 NT-DOMAIN. The problem is when I want to see the computers into my network (with Network Neighborhood in NT or Win98), I can't see anything... I juste have the domain group (NTDOMAIN) and there is no machines under the group. Why? I tried several options into smb.conf file and I'm not able to resolve this issue. My NT Domain is my linux server with Samba 2.2 NT-Domain. Could you please help me with this? I included my smb.conf file (in attachement) and the output of my ifconfig below. [dionysos]:/# ifconfig eth0 Link encap:Ethernet HWaddr 00:10:4B:8F:C5:A3 inet addr:107.253.166.194 Bcast:255.255.255.255 Mask:255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:69968 errors:0 dropped:0 overruns:0 frame:0 TX packets:42318 errors:0 dropped:0 overruns:0 carrier:0 collisions:52 txqueuelen:100 Interrupt:11 Base address:0x6000 eth1 Link encap:Ethernet HWaddr 00:A0:24:19:2C:70 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:215906 errors:0 dropped:0 overruns:0 frame:0 TX packets:214809 errors:0 dropped:0 overruns:0 carrier:0 collisions:949 txqueuelen:100 Interrupt:5 Base address:0x300 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:188 errors:0 dropped:0 overruns:0 frame:0 TX packets:188 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Thank you very much for your help, this will be very appreciated! :) ========================================== Yanick Quirion Administrateur de R?seau / Network Manager N?okimia Inc. Institut de Pharmacologie - ?difice Z5 3001 12eme Avenue Fleurimont, Qu?bec CANADA J1H 5N4 Tel.: +1 819 820-6840 Tel.: +1 819 820-6855 Ligne Directe Fax.: +1 819 820-6841 e-mail: yanqui@neokimia.com ========================================== From yanqui at neokimia.com Fri Feb 16 14:28:04 2001 From: yanqui at neokimia.com (Yanick Quirion) Date: Tue Dec 2 02:33:20 2003 Subject: Problem Master Browser (sorry forgot smb.conf) Message-ID: <000901c09824$ad14f3d0$389ed284@neokimia.com> Hi everybody! I got a little problem with my Samba 2.2 NT-DOMAIN. The problem is when I want to see the computers into my network (with Network Neighborhood in NT or Win98), I can't see anything... I juste have the domain group (NTDOMAIN) and there is no machines under the group. Why? I tried several options into smb.conf file and I'm not able to resolve this issue. My NT Domain is my linux server with Samba 2.2 NT-Domain. Could you please help me with this? I included my smb.conf file (in attachement) and the output of my ifconfig below. [dionysos]:/# ifconfig eth0 Link encap:Ethernet HWaddr 00:10:4B:8F:C5:A3 inet addr:107.253.166.194 Bcast:255.255.255.255 Mask:255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:69968 errors:0 dropped:0 overruns:0 frame:0 TX packets:42318 errors:0 dropped:0 overruns:0 carrier:0 collisions:52 txqueuelen:100 Interrupt:11 Base address:0x6000 eth1 Link encap:Ethernet HWaddr 00:A0:24:19:2C:70 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:215906 errors:0 dropped:0 overruns:0 frame:0 TX packets:214809 errors:0 dropped:0 overruns:0 carrier:0 collisions:949 txqueuelen:100 Interrupt:5 Base address:0x300 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:188 errors:0 dropped:0 overruns:0 frame:0 TX packets:188 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Thank you very much for your help, this will be very appreciated! :) ========================================== Yanick Quirion Administrateur de R?seau / Network Manager N?okimia Inc. Institut de Pharmacologie - ?difice Z5 3001 12eme Avenue Fleurimont, Qu?bec CANADA J1H 5N4 Tel.: +1 819 820-6840 Tel.: +1 819 820-6855 Ligne Directe Fax.: +1 819 820-6841 e-mail: yanqui@neokimia.com ========================================== -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 865 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010216/8cdd7112/smb.obj From mthomas at rhrk.uni-kl.de Fri Feb 16 14:36:33 2001 From: mthomas at rhrk.uni-kl.de (Martin Thomas) Date: Tue Dec 2 02:33:20 2003 Subject: Problem:proifle permissions samba 2.2/w2k References: <3A8C4C1C.54AC790@valinux.com> <3A8C5AAF.BC7B3281@valinux.com> Message-ID: <000d01c09825$db93ead0$16b9f683@fuchur> Unix permissions now work fine here too. Thank you *very* much for your quick help. Best regards, Martin > Jeremy Allison wrote: > > Ok - please ignore the previous email (especially about sending > massive log files :-) :-). > > I've now found and fixed the bug in both 2.2 and HEAD. > > Please CVS update and test it out (remember to delete > the profile directory with the bad permissions first), > but it works fine here. > > Regards, > > Jeremy Allison, > Samba Team. > > -- > -------------------------------------------------------- > Buying an operating system without source is like buying > a self-assembly Space Shuttle with no instructions. > -------------------------------------------------------- > From morris at maynidea.com Fri Feb 16 14:40:33 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:20 2003 Subject: I give up In-Reply-To: <3A8C28D9.FD9997EA@sandia.gov> Message-ID: Well, no question I've posted here ever got so much response. I don't mean to minimize what the Samba product accomplishes for a heterogeneous environment. That is a really good thing, and a testament to the possibilities of the whole open-source movement. I do get very frustrated with the variableness of the combination of info from newsgroups, how-tos, FAQs, etc. of varying ages and purposes. My personal experience is that a solution converges much more quickly (even if it's "we can't do that") in the MS world. When I've spent most of the night grappling with a set of problems like this, composing an aggravated email helps to vent. And the Send button is located right next to the Save button in my email client... Note that no one really addressed the question of why 2.2 wouldn't print (i.e., it won't here). That seems like not a small thing, no? From satkins at skilouise.com Fri Feb 16 14:43:34 2001 From: satkins at skilouise.com (Stephen Atkins) Date: Tue Dec 2 02:33:20 2003 Subject: Making a W2K PDC out of Samba Message-ID: Hello. Just wondering if anyone can point out the FAQ's/Howto's etc to setting up a PDC. I have a multi boot w98/wnt4/w2k box at home and would love it if my Linux/Samba box could be a PDC for them all. This is so we can replace our nt servers here at work at some time in the future (We definatly need to be able to have w2k join a domain). BTW I have both the Head cvs and 2.2 cvs. --------------------------------------------------------------------- // Stephen Atkins Information Systems // o satkins@skilouise.com //____ http://www.skilouise.com Resorts of the Canadian Rockies /_______ "I take all knowlegde to be my province." - Francis Bacon From Jean-Francois.Micouleau at dalalu.fr Fri Feb 16 14:52:38 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:21 2003 Subject: I give up In-Reply-To: Message-ID: On Fri, 16 Feb 2001, Morris Maynard wrote: > aggravated email helps to vent. And the Send button is located right > next to the Save button in my email client... Note that no one really > addressed the question of why 2.2 wouldn't print (i.e., it won't here). > That seems like not a small thing, no? Why ? You thought you would get an answer with a so much detailed report ? If I answer "your paper tray is empty" or "your printer is offline", do you think those are useful answers ? No. Okay then a report of "2.2 wouldn't print" is not really a useful report neither. J.F. From simona at uchicago.edu Fri Feb 16 14:54:58 2001 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:33:21 2003 Subject: I give up References: Message-ID: <3A8D3F42.CDB80D07@uchicago.edu> Morris Maynard wrote: > > Note that no one really addressed the question of why 2.2 > wouldn't print (i.e., it won't here). > That seems like not a small thing, no? In my experience of asking questions to development lists about certain features is that if no-one answers, chances are it's really obvious and they have it working. I'm no unix expert but I've had no problems with running all flavours of samba on all kinds of *nix's. If you're happy dealing with kernel compilation then samba is trivial in comparison. Just read...read more...and then read some more. Then do constructive trail and error. Don't change everything at once...and measure/test often. Simon -- Simon Allaway | University of Chicago | "It all makes sense now... Anthropology | ...banner comes with mount" 5-4390 Haskell Hall | - Lcoady From wilsong at sergievsky.cpmc.columbia.edu Fri Feb 16 15:04:43 2001 From: wilsong at sergievsky.cpmc.columbia.edu (Gary Wilson) Date: Tue Dec 2 02:33:21 2003 Subject: Samba 2.2.0alpha2 snapshot released References: <3A1C74A4.E9E7F9B6@valinux.com> <3A760496.B1DCE644@valinux.com> Message-ID: <002401c09829$cd128d00$0200a8c0@nyc.rr.com> Is there any documentation on using ACLs in the 2.2.0alpha2 snapshot on Linux? Gary From spinler.patrick at mayo.edu Fri Feb 16 15:06:45 2001 From: spinler.patrick at mayo.edu (Patrick Spinler) Date: Tue Dec 2 02:33:21 2003 Subject: samba-appliance: Where can I find help, please ? Was, Re: Help configuring samba appliance References: <3A8AB2A7.558BFAC7@mayo.edu> <3A8C059A.15DF0E1F@mayo.edu> Message-ID: <3A8D4205.F9DE6182@mayo.edu> From mharding at ecwebworks.com Fri Feb 16 15:13:31 2001 From: mharding at ecwebworks.com (Marc Harding) Date: Tue Dec 2 02:33:21 2003 Subject: Pulling user rights from samba to Windows NT servers. Message-ID: <5.0.2.1.2.20010216100539.00b1eef0@mail.ecwebworks.com> I have run into a fairly major problem here at work. We are running Samba 2.0.7 in our live environment, and it has been very stable. Our development shop has just written a web based application which uses NT users to authenticate. It is on a NT4.0 (currently, but they want to put it on Win2k) with IIS and SQL 2000. They are trying to pull off of the Samba box a list of users who should have access to the application. This has worked for them using an NT4.0 PDC, and now they are asking me for this functionality from our Samba 2.0.7 server (or 2.2 which I am currently testing from cvs). From the NT4.0 box they can pull down the users, but when they go back to the permissions, it then says unknown user for all the users they had previously granted permissions. This is causing permission denied messages on the application. Has anyone had to deal with such a situation? any ideas or solutions? Thanks, Marc Harding mharding@ecwebworks.com From simo.sorce at polimi.it Fri Feb 16 15:14:41 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:21 2003 Subject: I give up In-Reply-To: Message-ID: Well, as a development branch it has been reported that samba 2.2 sometimes have problem with printers. Ok, than just setup a samba2.0.7 and share printers from it, until 2.2 will be able to print. You may do it also on the same machine, just add an alias to your network interface to have a second ip and set 'bind interface only' parameter in each configuration to lock avery version of samba to its assigned ip. On Fri, 16 Feb 2001, Morris Maynard wrote: > Well, no question I've posted here ever got so much response. > I don't mean to minimize what the Samba product accomplishes for a heterogeneous environment. That is a really good thing, and a testament to the possibilities of the whole open-source movement. > I do get very frustrated with the variableness of the combination of info from newsgroups, how-tos, FAQs, etc. of varying ages and purposes. My personal experience is that a solution converges much more quickly (even if it's "we can't do that") in the MS world. When I've spent most of the night grappling with a set of problems like this, composing an aggravated email helps to vent. And the Send button is located right next to the Save button in my email client... > Note that no one really addressed the question of why 2.2 wouldn't print (i.e., it won't here). That seems like not a small thing, no? > > > > > -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From J.L.Gilmour at exeter.ac.uk Fri Feb 16 15:28:38 2001 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:33:21 2003 Subject: I give up In-Reply-To: from "Simo Sorce" at Feb 16, 2001 04:14:41 pm Message-ID: <1050661.200102161528@olib> > > Well, as a development branch it has been reported that samba 2.2 > sometimes have problem with printers. > Ok, than just setup a samba2.0.7 and share printers from it, until 2.2 > will be able to print. > That's what we did - a 2.2 machine runs the domain & authenictation/login, a 2.0 machine (which is a member of the domain) covers printing and some file sharing. Balances the load quite nicely actually. Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter Internet: "a network of computers which lots of people are inter" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From kevinc at grainsystems.com Fri Feb 16 15:43:12 2001 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:33:21 2003 Subject: Samba and trust relationship References: Message-ID: <3A8D4A90.1B39D354@grainsystems.com> Simo Sorce wrote: > > Trust relationships are not supported by samba 2.0.7 and > probably will not be supported neither by samba 2.2.0 Yes, you're in a tough spot looking for trust. I did hear that TNG may be supporting trust now, so you could try that. TNG has its own lists and site: http://www.samba-tng.org/ Best of luck! - Kevin Colby kevinc@grainsystems.com From Daniel.Varga at de.bosch.com Fri Feb 16 16:46:31 2001 From: Daniel.Varga at de.bosch.com (Varga Daniel (QI/RZS43) *) Date: Tue Dec 2 02:33:21 2003 Subject: samba wats to join w2k domain Message-ID: Hi, I read trhu the archives but couldn't find an exact answer to my question: - How do I join a samba into a w2k domain (active dir., native mode)? A computer account exists in the w2k-domain for me I just can't join... I run Debian 2.2 (potato) with samba-2.0.7 and kernel 2.2.17 I tried it with samba-2.2.0-alpha2, too. here's the error message: felinux:~# smbpasswd -j DE -D 4 resolve_hosts: Attempting host lookup for name SI21930<0x20> Connecting to IP_of_PDC at port 139 cli_net_req_chal: LSA Request Challenge from SI21930 to FELINUX: 51AEDE2BBDD665C5 cred_session_key cred_create cli_net_auth2: srv:\\SI21930 acct:FELINUX$ sc:2 mc: FELINUX chal 1FB52C464A2206D3 neg: 1ff cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine SI21930. Error was : NT_STATUS_ACCESS_DENIED. 2001/02/16 17:43:29 : change_trust_account_password: Failed to change password for domain DE. Unable to join domain DE. here's my config: security = domain domain logons = no password server = SI21930 netbios name = FELINUX workgroup = DE socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 encrypt passwords = yes os level = 24 local master = No What do I do wrong? thanx -- Daniel From sparhawk at beyond.dyndns.org Fri Feb 16 18:59:35 2001 From: sparhawk at beyond.dyndns.org (Mattias Larsson) Date: Tue Dec 2 02:33:21 2003 Subject: Samba shareing over multiple domains Message-ID: Hi all! I have a litte problem. The facts are, we have two domains of users which requires to use a sambashare on a server we have in dom1. They should authenticate with the PDC of their domain. Is it possible to make ONE samba server in domain security mode to enable the users to get to different PDC's in different domains. I have tried to use "include" with %L option for split personality behavior but it seems not to work as it requires a "workgroup" and takes the compile-time group if none is found in the config file. Can I solve this in any way and how? -- Mattias Larsson - sparhawk@beyond.dyndns.org http://beyond.dyndns.org - ICQ 4877007 From martinm at people-com.com Fri Feb 16 17:14:27 2001 From: martinm at people-com.com (Martin Mielke) Date: Tue Dec 2 02:33:21 2003 Subject: rw- for one user r-- for all Message-ID: <5F79E0406369D411986600508BDE784E1348D0@lisa.people-com.com> Dear all, it's been a long time since I last posted to this list, so sorry if this has been already discussed before. I need to create a share where a single user (call it 'user1' if you like) has read/write permissions and the rest only read permissions. Any hints will be welcomed. Thanks in advance! Martin From jbcurry at hline.localhealth.net Fri Feb 16 17:58:42 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:21 2003 Subject: I give up (almost) In-Reply-To: Message-ID: > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Morris Maynard > Sent: Friday, February 16, 2001 9:41 AM > > Well, no question I've posted here ever got so much response. You definitely get more attention if you yell "Hey, jerk, I'm talking to you!" than to ask politely "Excuse me, but maybe you can help me?" Although I'm sure the latter generally gets more useful results. > I don't mean to minimize what the Samba product accomplishes for > a heterogeneous environment. That is a really good thing, and a > testament to the possibilities of the whole open-source movement. > I do get very frustrated with the variableness of the combination > of info from newsgroups, how-tos, FAQs, etc. of varying ages and > purposes. > My personal experience is that a solution converges much more > quickly (even if it's "we can't do that") in the MS world. I look at it this way: I can go to McDonald's and determine faster what I'd have for lunch than I could at a new gourmet restaurant with a huge and diverse menu. Doesn't mean it will taste as good, be as good for me, or that I won't barf it back up again. If I have the time, I go to the gourmet restaurant and learn the menu and what's good to eat - or ask friends for their recommendation. If I can't afford the time, I'll grab McDonald's and suffer the gastrointestinal damage, but at least I got lunch - I've made a choice appropriate for the circumstances, but not necessarily in my best interests long-term. By the way, my experience with the MS world is that they're too quick to say "we can't do that". Ironically, I've learned more about what you can make MS products do from the Linux world than I ever did from the MS world. > When I've spent most of the night grappling with a set of > problems like this, composing an aggravated email helps to vent. > And the Send button is located right next to the Save button in > my email client... > Note that no one really addressed the question of why 2.2 > wouldn't print (i.e., it won't here). That seems like not a small > thing, no? > The people that participate on list servers generally have strong feelings for a topic. They want to help others enjoy the same experiences and successes. If they fail to do so for you, at least they're trying. Remember that they're not under a service contract to help you. They do it out of the kindess of their heart. Insulting their pride is not very good repayment, and is sure to generate flaming. In the Linux world there's endless options and places to turn to for help. But that does present it's own host of problems - you have to be patient to find the right source. By the way, in spite of your stabs at Linux and this list server, it looks as though some people are still offering their help, which I doubt I would have done if I knew the answer to your problem. There's something for both of us to learn about humility from that... From edmundo at moscow.com Fri Feb 16 18:15:57 2001 From: edmundo at moscow.com (Stokes) Date: Tue Dec 2 02:33:21 2003 Subject: rw- for one user r-- for all References: <5F79E0406369D411986600508BDE784E1348D0@lisa.people-com.com> Message-ID: <001d01c09844$833858c0$010aa8c0@shitepie> The best way I have found to do this is to put the users into different groups. Then, in the smb.conf, specify read list = @read_group and write list = @write_group for that share that you need the restricted access on (or you could just put the users' names there). I used to do this for the shares on my server, but then I found that it's even better to make the shares read only by everyone, and then create another share that is writeable, but only accessible by the admin user. In that share, simply have symlinks pointing to those folders that you need write access to. This way you can be sure that no one can write to the standard shares unless they have access to that admin folder with the symlinks. Remember that Unix file permissions apply no matter what! That is another way to let some read and others write. Let me know if you need more help. m stokes. ----- Original Message ----- From: "Martin Mielke" To: "'samba-ntdom@lists.samba.org'" Sent: Friday, February 16, 2001 9:14 AM Subject: rw- for one user r-- for all > Dear all, > > it's been a long time since I last posted to this list, so sorry if this has > been already discussed before. > > I need to create a share where a single user (call it 'user1' if you like) > has read/write permissions and the rest only read permissions. > > Any hints will be welcomed. Thanks in advance! > > > Martin > > > From sambastuff at jabba.glfc.com Fri Feb 16 17:42:07 2001 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:33:21 2003 Subject: Corrupt smbpasswd and joining a domain Message-ID: Is it a bug that if you delete a UNIX user without deleting the smbpasswd user, you cannot join a user to a domain? Basicly, everytime the smbpasswd file is "corrupt", no new machines can be joined to the domain (SAMBA 2_2 CVS today) brian g From mark at axeon.screaming.net Fri Feb 16 18:23:10 2001 From: mark at axeon.screaming.net (Mark) Date: Tue Dec 2 02:33:21 2003 Subject: Server power Message-ID: <003101c09845$85050d00$0b01a8c0@MARKSYSTEM> I intend to install a network of 110 Windows Workstations into an Educational establishment. The server would (naturaly!) be running linux & samba (2.2 if it is released as stable in time). I would like to store CD images for the workstations to access, as well as the server acting as a logon client. I understand that this would be quite a large demand on any server - so I am looking for suggestions of how powerful a server would need to be - or if I would need more than one. Many thanks Mark -------------- next part -------------- HTML attachment scrubbed and removed From MMcEldowney at deltaregional.com Fri Feb 16 18:56:18 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:33:21 2003 Subject: Server power Message-ID: <982DE519343BD41191CA00902786B5B902DE46@EMAIL> Mark, ? Here's what I have installed: ? 270 Windows Workstations, most Win98.? 1 Linux server that currently runs Samba for print services, logon services, file services, WINS service, Netbios service; DHCP; Squid for Internet Proxy of all my workstations; Apache for our intra and Internet server. ? The server is a Dell Optiplex GX1 _desktop_.? 400Mhz PIII processor, 30 GB IDE harddrive, 128MB of memory. ? I've been monitoring CPU load for over 3 weeks now to determine what else I can put on this server, and my load has rarely?been over 5%. ? HTH, ? Mike -----Original Message----- From: Mark [mailto:mark@axeon.screaming.net] Sent: Friday, February 16, 2001 12:23 PM To: samba-ntdom@lists.samba.org Subject: Server power ? I intend to install a network of 110 Windows Workstations into an Educational establishment.? The server would (naturaly!) be running linux & samba (2.2 if it is released as stable in time).? I would like to store CD images for the workstations to access, as well as the server acting as a logon client.? I understand that this would be quite a large demand on any server - so I am looking for suggestions of how powerful a server would need to be - or if I would need more than one. ? ? Many thanks ? ? Mark From mark at axeon.screaming.net Fri Feb 16 18:51:49 2001 From: mark at axeon.screaming.net (Mark) Date: Tue Dec 2 02:33:21 2003 Subject: Server power References: <982DE519343BD41191CA00902786B5B902DE46@EMAIL> Message-ID: <007101c09849$85a60b20$0b01a8c0@MARKSYSTEM> hi, and thanks for this - its not so much CPU load I am concered about but the ability to read files stored on the server. Any idea what kind of transfer rates you get when everyone tries to access the serveR? thanks mark ----- Original Message ----- From: "McEldowney, Michael" To: "'Mark'" ; Sent: Friday, February 16, 2001 6:56 PM Subject: RE: Server power Mark, Here's what I have installed: 270 Windows Workstations, most Win98. 1 Linux server that currently runs Samba for print services, logon services, file services, WINS service, Netbios service; DHCP; Squid for Internet Proxy of all my workstations; Apache for our intra and Internet server. The server is a Dell Optiplex GX1 _desktop_. 400Mhz PIII processor, 30 GB IDE harddrive, 128MB of memory. I've been monitoring CPU load for over 3 weeks now to determine what else I can put on this server, and my load has rarely been over 5%. HTH, Mike -----Original Message----- From: Mark [mailto:mark@axeon.screaming.net] Sent: Friday, February 16, 2001 12:23 PM To: samba-ntdom@lists.samba.org Subject: Server power I intend to install a network of 110 Windows Workstations into an Educational establishment. The server would (naturaly!) be running linux & samba (2.2 if it is released as stable in time). I would like to store CD images for the workstations to access, as well as the server acting as a logon client. I understand that this would be quite a large demand on any server - so I am looking for suggestions of how powerful a server would need to be - or if I would need more than one. Many thanks Mark From vgill at technologist.com Fri Feb 16 19:12:32 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:33:21 2003 Subject: Server power Message-ID: <8D043DEA73DFD411958A00A0C90AB7607CAE@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> I have most of that running on a 233/MMX w/ 96MB RAM. Only 70 wkstns, but still doing everything but squid on it. I am running TNG and HEAD... TNG CVS for PDC/file, 2.2 CVS for printer Also runs netatalk and nfs, does routing for my network (ipchains/ipmasqadm), does pptpd... I think thats pretty impressive. In fact, until last week, it was doing all that on a P100 w/ 32MB RAM... Course, it wasn't very fast, but it worked. This is not a recommendation, just a "success" story. I am quite happy with my setup... Enjoy. -----Original Message----- From: McEldowney, Michael [mailto:MMcEldowney@deltaregional.com] Sent: Friday, February 16, 2001 10:56 AM To: 'Mark'; samba-ntdom@us5.samba.org Subject: RE: Server power Mark, ? Here's what I have installed: ? 270 Windows Workstations, most Win98.? 1 Linux server that currently runs Samba for print services, logon services, file services, WINS service, Netbios service; DHCP; Squid for Internet Proxy of all my workstations; Apache for our intra and Internet server. ? The server is a Dell Optiplex GX1 _desktop_.? 400Mhz PIII processor, 30 GB IDE harddrive, 128MB of memory. ? I've been monitoring CPU load for over 3 weeks now to determine what else I can put on this server, and my load has rarely?been over 5%. ? HTH, ? Mike -----Original Message----- From: Mark [mailto:mark@axeon.screaming.net] Sent: Friday, February 16, 2001 12:23 PM To: samba-ntdom@lists.samba.org Subject: Server power ? I intend to install a network of 110 Windows Workstations into an Educational establishment.? The server would (naturaly!) be running linux & samba (2.2 if it is released as stable in time).? I would like to store CD images for the workstations to access, as well as the server acting as a logon client.? I understand that this would be quite a large demand on any server - so I am looking for suggestions of how powerful a server would need to be - or if I would need more than one. ? ? Many thanks ? ? Mark From MMcEldowney at deltaregional.com Fri Feb 16 19:22:14 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:33:21 2003 Subject: Server power Message-ID: <982DE519343BD41191CA00902786B5B902DE49@EMAIL> Nothing remarkably poor. The only measure that matters to me on transfer rates is the "bitchometer", and noboby's bitchin' so far. I have seen numerous posts on the list, however, about slow transfer rates for large files. As far as my situation I really haven't noticed any problems, even with serving multiuser apps. To be honest, a couple of the apps we migrated off of a more pysically robust NT server have actually shown better response times thru Samba. -----Original Message----- From: Mark [mailto:mark@axeon.screaming.net] Sent: Friday, February 16, 2001 12:52 PM To: McEldowney, Michael Cc: samba-ntdom@lists.samba.org Subject: Re: Server power hi, and thanks for this - its not so much CPU load I am concered about but the ability to read files stored on the server. Any idea what kind of transfer rates you get when everyone tries to access the serveR? thanks mark ----- Original Message ----- From: "McEldowney, Michael" To: "'Mark'" ; Sent: Friday, February 16, 2001 6:56 PM Subject: RE: Server power Mark, Here's what I have installed: 270 Windows Workstations, most Win98. 1 Linux server that currently runs Samba for print services, logon services, file services, WINS service, Netbios service; DHCP; Squid for Internet Proxy of all my workstations; Apache for our intra and Internet server. The server is a Dell Optiplex GX1 _desktop_. 400Mhz PIII processor, 30 GB IDE harddrive, 128MB of memory. I've been monitoring CPU load for over 3 weeks now to determine what else I can put on this server, and my load has rarely been over 5%. HTH, Mike -----Original Message----- From: Mark [mailto:mark@axeon.screaming.net] Sent: Friday, February 16, 2001 12:23 PM To: samba-ntdom@lists.samba.org Subject: Server power I intend to install a network of 110 Windows Workstations into an Educational establishment. The server would (naturaly!) be running linux & samba (2.2 if it is released as stable in time). I would like to store CD images for the workstations to access, as well as the server acting as a logon client. I understand that this would be quite a large demand on any server - so I am looking for suggestions of how powerful a server would need to be - or if I would need more than one. Many thanks Mark From morris at maynidea.com Fri Feb 16 19:25:40 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:21 2003 Subject: I give up In-Reply-To: Message-ID: Kat: Not a well considered answer on either point. It should be obvious that printing was working on my system with samba 2.07 and is not with samba 2.2 - so the culprit is almost certainly samba. And I have been in this business one year less than you, and am generally quite happy with the support and functionality I recieve from Microsoft. Sometimes customers ask for Linux, and there are a few hard cases who don't want to pay for NT server. For these and also to keep up-to-date I have been setting up Linux servers. In general, these are reliable and have more functionality than the AT&T SysV I used back in 1987; however, my comments concerning the documentation and information available stand and are illustrated by your response. -----Original Message----- From: Kat [mailto:kathee@ezunx.com] Sent: Friday, February 16, 2001 9:53 AM To: Morris Maynard Subject: RE: I give up printing is based on installed drivers and printer software you are running on linux/unix, not samba. Samba only provides the means for sharing the resource. I use CUPS and have not had a single problem. I did have some problems with LPRng. Also W2K as a print server was horribly slow and crashed often -- and it did not support (funny) all the drivers for all the printers and OS's we had -- go figure. You might try looking into the printing system itself and not fault samba. I think you are troubleshooting the wrong application. As for MS converging on a solution much more quickly? Sorry to say, are you nuts? I have been in this business since 1979.. Not sure how long you have, and have worked in the mainframe world as well as MS and Unix since day one... So I find your overall statement a bit of a stretch. Notice I kept this off the list too -- since it is silly to keep sending to everyone a bunch of personal opinions... cheers Kathee -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Morris Maynard Sent: Friday, February 16, 2001 9:41 AM To: samba-ntdom@us5.samba.org Subject: RE: I give up Well, no question I've posted here ever got so much response. I don't mean to minimize what the Samba product accomplishes for a heterogeneous environment. That is a really good thing, and a testament to the possibilities of the whole open-source movement. I do get very frustrated with the variableness of the combination of info from newsgroups, how-tos, FAQs, etc. of varying ages and purposes. My personal experience is that a solution converges much more quickly (even if it's "we can't do that") in the MS world. When I've spent most of the night grappling with a set of problems like this, composing an aggravated email helps to vent. And the Send button is located right next to the Save button in my email client... Note that no one really addressed the question of why 2.2 wouldn't print (i.e., it won't here). That seems like not a small thing, no? From morris at maynidea.com Fri Feb 16 19:28:23 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:21 2003 Subject: I give up In-Reply-To: Message-ID: Read the post: the details were in it. The main symptom is an error when trying to connect to the printer (That's literally what the dialog says) and the probably related error when uploading drivers ("Access denied"). -----Original Message----- From: Jean Francois Micouleau [mailto:Jean-Francois.Micouleau@dalalu.fr] Sent: Friday, February 16, 2001 9:53 AM To: Morris Maynard Cc: samba-ntdom@us5.samba.org Subject: RE: I give up On Fri, 16 Feb 2001, Morris Maynard wrote: > aggravated email helps to vent. And the Send button is located right > next to the Save button in my email client... Note that no one really > addressed the question of why 2.2 wouldn't print (i.e., it won't here). > That seems like not a small thing, no? Why ? You thought you would get an answer with a so much detailed report ? If I answer "your paper tray is empty" or "your printer is offline", do you think those are useful answers ? No. Okay then a report of "2.2 wouldn't print" is not really a useful report neither. J.F. From simona at uchicago.edu Fri Feb 16 19:33:38 2001 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:33:21 2003 Subject: Server power References: <8D043DEA73DFD411958A00A0C90AB7607CAE@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: <3A8D8092.FDC7C4B@uchicago.edu> "Gill, Vern" wrote: > > I understand that this would be quite a large > demand on any server - so I am looking for suggestions of how powerful a > server would need to be - or if I would need more than one. I'm lucky. I've got a P3 with half a gig of ram, and a big raid with hardware cache. With this setup there's so much headroom on the server it comes down to network bandwidth. We've got 100Mbit switched, so even NT clients can shift 7 or 8 Mb a second. But then saying that, of the 100 or so users in the building there are only ever 40-50 connected at once, and the server still doesn't get beaten up. http://acc.uchicago.edu/mrtg/acc.uchicago.edu_2.html Simon -- Simon Allaway | University of Chicago | "It all makes sense now... Anthropology | ...banner comes with mount" 5-4390 Haskell Hall | - Lcoady From kourosh at loop.com Fri Feb 16 19:37:24 2001 From: kourosh at loop.com (Kourosh Ghassemieh) Date: Tue Dec 2 02:33:21 2003 Subject: Server power In-Reply-To: <007101c09849$85a60b20$0b01a8c0@MARKSYSTEM> References: <982DE519343BD41191CA00902786B5B902DE46@EMAIL> Message-ID: <5.0.2.1.0.20010216113121.03014ff8@pop.loop.com> If you're worried about the disk subsystem then you could run a hardware based RAID system using SCSI disks. If price is a big concern another option is using a hardware based IDE RAID like ones sold by 3Ware. They perform pretty well and are much cheaper than SCSI. 3Ware provides Linux support for all their cards and a friend of mine sells a lot of them (www.tdl.com/~netex) At 06:51 PM 2/16/2001 +0000, Mark wrote: >hi, and thanks for this - its not so much CPU load I am concered about but >the ability to read files stored on the server. Any idea what kind of >transfer rates you get when everyone tries to access the serveR? > > >thanks > >mark >----- Original Message ----- >From: "McEldowney, Michael" >To: "'Mark'" ; >Sent: Friday, February 16, 2001 6:56 PM >Subject: RE: Server power > > >Mark, > >Here's what I have installed: > >270 Windows Workstations, most Win98. 1 Linux server that currently >runs Samba for print services, logon services, file services, WINS >service, Netbios service; DHCP; Squid for Internet Proxy of all my >workstations; Apache for our intra and Internet server. > >The server is a Dell Optiplex GX1 _desktop_. 400Mhz PIII processor, 30 >GB IDE harddrive, 128MB of memory. > >I've been monitoring CPU load for over 3 weeks now to determine what >else I can put on this server, and my load has rarely been over 5%. > >HTH, > >Mike > >-----Original Message----- >From: Mark [mailto:mark@axeon.screaming.net] >Sent: Friday, February 16, 2001 12:23 PM >To: samba-ntdom@lists.samba.org >Subject: Server power > > > > >I intend to install a network of 110 Windows Workstations into an >Educational establishment. The server would (naturaly!) be running >linux & samba (2.2 if it is released as stable in time). I would like >to store CD images for the workstations to access, as well as the server >acting as a logon client. I understand that this would be quite a large >demand on any server - so I am looking for suggestions of how powerful a >server would need to be - or if I would need more than one. > > >Many thanks > > >Mark - ------------------------------------------------------------------------ Kourosh Ghassemieh MindWare Information Systems & Technologies 9255 Sunset Blvd, Penthouse West Hollywood CA 90069 (310) 729-1784 kourosh@loop.com ++++Networking the Small Business++++ From jeremy at valinux.com Fri Feb 16 17:40:31 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:21 2003 Subject: Samba 2.2.0alpha2 snapshot released References: <3A1C74A4.E9E7F9B6@valinux.com> <3A760496.B1DCE644@valinux.com> <002401c09829$cd128d00$0200a8c0@nyc.rr.com> Message-ID: <3A8D660F.F9A6CE2F@valinux.com> Gary Wilson wrote: > > Is there any documentation on using ACLs in the 2.2.0alpha2 snapshot on > Linux? Not yet - you need the bestbits patch (search on google for Linux ACLs) and I'm planning to write a whitepaper on it. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From don_mccall at hp.com Fri Feb 16 19:48:56 2001 From: don_mccall at hp.com (MCCALL,DON (HP-USA,ex1)) Date: Tue Dec 2 02:33:21 2003 Subject: Samba shareing over multiple domains Message-ID: <079FD72E42C9D311B854009027650E6F04050814@xatl02.atl.hp.com> Hi Mattias, You might try establishing a trust between the two NT domains. That way if dom2/user tries to access a share on dom1/samba, samba will request user authentication from DC in dom1; dom1 will recoginze that the domainname part of the user authentication request is dom2, and check his list of trusts to see if he has a trust with dom2; when he finds that he DOES, he will request authentication across the trust, and dom2 should validate the user, and this will get passed back to the samba server that the user is validated. Hope this helps, Don -----Original Message----- From: Mattias Larsson [mailto:sparhawk@beyond.dyndns.org] Sent: Friday, February 16, 2001 2:00 PM To: Samba-NTdom Subject: Samba shareing over multiple domains Hi all! I have a litte problem. The facts are, we have two domains of users which requires to use a sambashare on a server we have in dom1. They should authenticate with the PDC of their domain. Is it possible to make ONE samba server in domain security mode to enable the users to get to different PDC's in different domains. I have tried to use "include" with %L option for split personality behavior but it seems not to work as it requires a "workgroup" and takes the compile-time group if none is found in the config file. Can I solve this in any way and how? -- Mattias Larsson - sparhawk@beyond.dyndns.org http://beyond.dyndns.org - ICQ 4877007 From Jean-Francois.Micouleau at dalalu.fr Fri Feb 16 19:54:46 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:21 2003 Subject: I give up In-Reply-To: Message-ID: On Fri, 16 Feb 2001, Morris Maynard wrote: > Read the post: the details were in it. The main symptom is an error when > trying to connect to the printer (That's literally what the dialog says) and > the probably related error when uploading drivers ("Access denied"). Which printer driver ? From morris at maynidea.com Fri Feb 16 20:39:50 2001 From: morris at maynidea.com (Morris Maynard) Date: Tue Dec 2 02:33:22 2003 Subject: Samba 2.2 and printing (was: I give up) In-Reply-To: Message-ID: Driver: HP Deskjet 660Cse Upload from: NT 4.0 WKS or Win2K WKS Logged in as: admin mapped to root, also as root with full control rights I don't have log files from the experience at present. -----Original Message----- From: Jean Francois Micouleau [mailto:Jean-Francois.Micouleau@dalalu.fr] Sent: Friday, February 16, 2001 2:55 PM To: Morris Maynard Cc: samba-ntdom@us5.samba.org Subject: RE: I give up On Fri, 16 Feb 2001, Morris Maynard wrote: > The main symptom is an error when > trying to connect to the printer (That's literally what the dialog says) and > the probably related error when uploading drivers ("Access denied"). Which printer driver ? >From which NT version did you upload the drivers ? NT4SP ? W2K ? SP1 ? Under which account ? domain account mapped to root ? which rights on the print$ share directory ? do you have a log level 10 of the workstation adding the driver ? From hibbert_craig at emc.com Fri Feb 16 20:46:27 2001 From: hibbert_craig at emc.com (hibbert, craig) Date: Tue Dec 2 02:33:22 2003 Subject: No Domain Controller Message-ID: <08B0EA17E377D41187410090273BEFD0EFE7E4@unitas.lss.emc.com> I have a standard config that allows for a Linux box to be a domain controller. I get the standard error message that "There is no available domain controller to authenticate the logon". The Doze boxes can browse the samba server once I click ok to this message. I have the domain logons = yes and this has worked before. Anyone have any ideas? Thanks Craig From simona at uchicago.edu Fri Feb 16 20:52:27 2001 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:33:22 2003 Subject: No Domain Controller References: <08B0EA17E377D41187410090273BEFD0EFE7E4@unitas.lss.emc.com> Message-ID: <3A8D930B.F5C16094@uchicago.edu> "hibbert, craig" wrote: > > I have a standard config that allows for a Linux box to be a domain > controller. I get the standard error message that "There is no available > domain controller to authenticate the logon". The Doze boxes can browse the > samba server once I click ok to this message. I have the domain logons = yes > and this has worked before. > Anyone have any ideas? I used to get this until I made the Samba server a WINS server too. Once the NT machines knew about the WINS server they've never failed to find the samba domain controller. Simon -- Simon Allaway | University of Chicago | "It all makes sense now... Anthropology | ...banner comes with mount" 5-4390 Haskell Hall | - Lcoady From don_mccall at hp.com Fri Feb 16 21:37:55 2001 From: don_mccall at hp.com (MCCALL,DON (HP-USA,ex1)) Date: Tue Dec 2 02:33:22 2003 Subject: samba wats to join w2k domain Message-ID: <079FD72E42C9D311B854009027650E6F04050815@xatl02.atl.hp.com> Hello Varga, I just did this myself, to verify that it works: 1. on your win2k pdc, run "Active Directory Users and Computers" 2. choose Actions/New/New Computer 3. type in the computer name that you specify in your smb.conf file 'netbios name= " parameter 4. make sure you check the "Allow pre-Windows 2000 computers to use this account" Then 5. On you Samba server, bring down samba 6. in your smb.conf file make sure that you have the following entries: - security = domain - workgroup = - password server = - encrypt passwords = yes - domain logons = no 7. run smbpasswd to join the domain: - smbpasswd -j -r Then 8. bring up samba, and test by doing the following command: - smbclient -L -U (make sure that the user you specify has an entry in your /etc/passwd file as well) This works for me. Don -----Original Message----- From: Varga Daniel (QI/RZS43) * [mailto:Daniel.Varga@de.bosch.com] Sent: Friday, February 16, 2001 11:47 AM To: Samba-Ntdom (E-Mail) Subject: samba wats to join w2k domain Hi, I read trhu the archives but couldn't find an exact answer to my question: - How do I join a samba into a w2k domain (active dir., native mode)? A computer account exists in the w2k-domain for me I just can't join... I run Debian 2.2 (potato) with samba-2.0.7 and kernel 2.2.17 I tried it with samba-2.2.0-alpha2, too. here's the error message: felinux:~# smbpasswd -j DE -D 4 resolve_hosts: Attempting host lookup for name SI21930<0x20> Connecting to IP_of_PDC at port 139 cli_net_req_chal: LSA Request Challenge from SI21930 to FELINUX: 51AEDE2BBDD665C5 cred_session_key cred_create cli_net_auth2: srv:\\SI21930 acct:FELINUX$ sc:2 mc: FELINUX chal 1FB52C464A2206D3 neg: 1ff cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine SI21930. Error was : NT_STATUS_ACCESS_DENIED. 2001/02/16 17:43:29 : change_trust_account_password: Failed to change password for domain DE. Unable to join domain DE. here's my config: security = domain domain logons = no password server = SI21930 netbios name = FELINUX workgroup = DE socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 encrypt passwords = yes os level = 24 local master = No What do I do wrong? thanx -- Daniel From don_mccall at hp.com Fri Feb 16 21:51:33 2001 From: don_mccall at hp.com (MCCALL,DON (HP-USA,ex1)) Date: Tue Dec 2 02:33:22 2003 Subject: samba wats to join w2k domain Message-ID: <079FD72E42C9D311B854009027650E6F04050816@xatl02.atl.hp.com> Varga, One other thing - make sure that before doing this, you REMOVE the account on the win2k server that you've been trying with, and recreate it using the steps below, to make sure the machine password is at the default that samba is expecting when it tries to join the domain. Don -----Original Message----- From: MCCALL,DON (HP-USA,ex1) [mailto:don_mccall@hp.com] Sent: Friday, February 16, 2001 4:38 PM To: 'Varga Daniel (QI/RZS43) *'; Samba-Ntdom (E-Mail) Subject: RE: samba wats to join w2k domain Hello Varga, I just did this myself, to verify that it works: 1. on your win2k pdc, run "Active Directory Users and Computers" 2. choose Actions/New/New Computer 3. type in the computer name that you specify in your smb.conf file 'netbios name= " parameter 4. make sure you check the "Allow pre-Windows 2000 computers to use this account" Then 5. On you Samba server, bring down samba 6. in your smb.conf file make sure that you have the following entries: - security = domain - workgroup = - password server = - encrypt passwords = yes - domain logons = no 7. run smbpasswd to join the domain: - smbpasswd -j -r Then 8. bring up samba, and test by doing the following command: - smbclient -L -U (make sure that the user you specify has an entry in your /etc/passwd file as well) This works for me. Don -----Original Message----- From: Varga Daniel (QI/RZS43) * [mailto:Daniel.Varga@de.bosch.com] Sent: Friday, February 16, 2001 11:47 AM To: Samba-Ntdom (E-Mail) Subject: samba wats to join w2k domain Hi, I read trhu the archives but couldn't find an exact answer to my question: - How do I join a samba into a w2k domain (active dir., native mode)? A computer account exists in the w2k-domain for me I just can't join... I run Debian 2.2 (potato) with samba-2.0.7 and kernel 2.2.17 I tried it with samba-2.2.0-alpha2, too. here's the error message: felinux:~# smbpasswd -j DE -D 4 resolve_hosts: Attempting host lookup for name SI21930<0x20> Connecting to IP_of_PDC at port 139 cli_net_req_chal: LSA Request Challenge from SI21930 to FELINUX: 51AEDE2BBDD665C5 cred_session_key cred_create cli_net_auth2: srv:\\SI21930 acct:FELINUX$ sc:2 mc: FELINUX chal 1FB52C464A2206D3 neg: 1ff cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine SI21930. Error was : NT_STATUS_ACCESS_DENIED. 2001/02/16 17:43:29 : change_trust_account_password: Failed to change password for domain DE. Unable to join domain DE. here's my config: security = domain domain logons = no password server = SI21930 netbios name = FELINUX workgroup = DE socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 encrypt passwords = yes os level = 24 local master = No What do I do wrong? thanx -- Daniel From simona at uchicago.edu Fri Feb 16 22:00:41 2001 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:33:22 2003 Subject: No Domain Controller References: <08B0EA17E377D41187410090273BEFD0EFE7E5@unitas.lss.emc.com> Message-ID: <3A8DA309.6A82DD06@uchicago.edu> "hibbert, craig" wrote: > > Thanks Simon, do I just set the wins server to the same ip as the samba > server? Yes, once you've got Samba running wins you just enter the samba server ip address into the WINS entry tab in the network properties. It also makes for easier browsing in the network neighbourhood if you should need that. Simon -- Simon Allaway | University of Chicago | "It all makes sense now... Anthropology | ...banner comes with mount" 5-4390 Haskell Hall | - Lcoady From xwindowuser at discflo.com Fri Feb 16 23:04:15 2001 From: xwindowuser at discflo.com (Larry Clark) Date: Tue Dec 2 02:33:22 2003 Subject: No Domain Controller References: <08B0EA17E377D41187410090273BEFD0EFE7E4@unitas.lss.emc.com> <3A8D930B.F5C16094@uchicago.edu> Message-ID: <3A8DB1EF.D5A8B86B@discflo.com> regarding this fix, what if the WINS server is a seperate linux box. also with the LInux box being PDC, I have 5 other NT 4.0 servers that will authenticate back to the linux box, will these NT boxes be able to use the user manager for domains and use the user list from the linux box as they do with an NT PDC? thanks Simon Allaway wrote: > > "hibbert, craig" wrote: > > > > I have a standard config that allows for a Linux box to be a domain > > controller. I get the standard error message that "There is no available > > domain controller to authenticate the logon". The Doze boxes can browse the > > samba server once I click ok to this message. I have the domain logons = yes > > and this has worked before. > > Anyone have any ideas? > > I used to get this until I made the Samba server a WINS server too. Once > the NT machines knew about the WINS server they've never failed to find > the samba domain controller. > > Simon > > -- > Simon Allaway | > University of Chicago | "It all makes sense now... > Anthropology | ...banner comes with mount" > 5-4390 Haskell Hall | - Lcoady From simo.sorce at polimi.it Sat Feb 17 08:42:07 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:22 2003 Subject: Server power In-Reply-To: <007101c09849$85a60b20$0b01a8c0@MARKSYSTEM> Message-ID: On Fri, 16 Feb 2001, Mark wrote: > hi, and thanks for this - its not so much CPU load I am concered about but > the ability to read files stored on the server. Any idea what kind of > transfer rates you get when everyone tries to access the serveR? Well, it really depends on what kind of network you will have 1Gb, 100Mb, 10Mb, switched? Generally a server that runs at 100Mb in a swithed network with client at 10Mb runs no bad (I've tested with 50+ clients). But If you think you will have really nuch trafic from the clients, thimk of putting 2/3 100Mb cards (or 1Gb?) and take care of disk speed (A scsi RAID5 for homes and RAID0 for the stored CDROMs will rock) IDE does not scale on multiple access, while scsi do and really well. > > Mark, > > Here's what I have installed: > > 270 Windows Workstations, most Win98. 1 Linux server that currently > runs Samba for print services, logon services, file services, WINS > service, Netbios service; DHCP; Squid for Internet Proxy of all my > workstations; Apache for our intra and Internet server. > > The server is a Dell Optiplex GX1 _desktop_. 400Mhz PIII processor, 30 > GB IDE harddrive, 128MB of memory. > > I've been monitoring CPU load for over 3 weeks now to determine what > else I can put on this server, and my load has rarely been over 5%. > > HTH, > > Mike > > -----Original Message----- > From: Mark [mailto:mark@axeon.screaming.net] > Sent: Friday, February 16, 2001 12:23 PM > To: samba-ntdom@lists.samba.org > Subject: Server power > > > > > I intend to install a network of 110 Windows Workstations into an > Educational establishment. The server would (naturaly!) be running > linux & samba (2.2 if it is released as stable in time). I would like > to store CD images for the workstations to access, as well as the server > acting as a logon client. I understand that this would be quite a large > demand on any server - so I am looking for suggestions of how powerful a > server would need to be - or if I would need more than one. > > > Many thanks > > > Mark > > > > > -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From mark at axeon.screaming.net Sat Feb 17 09:10:41 2001 From: mark at axeon.screaming.net (Mark) Date: Tue Dec 2 02:33:22 2003 Subject: Server power References: Message-ID: <000601c098c1$833fcb00$0b01a8c0@MARKSYSTEM> I am planning on a 100Mb Swtiched Network - 100Mb card both on the server and the workstations. If I go for the mutiple drives as you suggested, is it going to speed things up to have more than 1 network card, or was that just another suggestion? Thanks Mark ----- Original Message ----- From: "Simo Sorce" To: "Mark" Cc: "McEldowney, Michael" ; Sent: Saturday, February 17, 2001 8:42 AM Subject: Re: Server power > On Fri, 16 Feb 2001, Mark wrote: > > > hi, and thanks for this - its not so much CPU load I am concered about but > > the ability to read files stored on the server. Any idea what kind of > > transfer rates you get when everyone tries to access the serveR? > > Well, it really depends on what kind of network you will have > 1Gb, 100Mb, 10Mb, switched? > Generally a server that runs at 100Mb in a swithed network with client at > 10Mb runs no bad (I've tested with 50+ clients). > But If you think you will have really nuch trafic from the clients, thimk > of putting 2/3 100Mb cards (or 1Gb?) and take care of disk speed (A scsi > RAID5 for homes and RAID0 for the stored CDROMs will rock) IDE does not > scale on multiple access, while scsi do and really well. > > > > > Mark, > > > > Here's what I have installed: > > > > 270 Windows Workstations, most Win98. 1 Linux server that currently > > runs Samba for print services, logon services, file services, WINS > > service, Netbios service; DHCP; Squid for Internet Proxy of all my > > workstations; Apache for our intra and Internet server. > > > > The server is a Dell Optiplex GX1 _desktop_. 400Mhz PIII processor, 30 > > GB IDE harddrive, 128MB of memory. > > > > I've been monitoring CPU load for over 3 weeks now to determine what > > else I can put on this server, and my load has rarely been over 5%. > > > > HTH, > > > > Mike > > > > -----Original Message----- > > From: Mark [mailto:mark@axeon.screaming.net] > > Sent: Friday, February 16, 2001 12:23 PM > > To: samba-ntdom@lists.samba.org > > Subject: Server power > > > > > > > > > > I intend to install a network of 110 Windows Workstations into an > > Educational establishment. The server would (naturaly!) be running > > linux & samba (2.2 if it is released as stable in time). I would like > > to store CD images for the workstations to access, as well as the server > > acting as a logon client. I understand that this would be quite a large > > demand on any server - so I am looking for suggestions of how powerful a > > server would need to be - or if I would need more than one. > > > > > > Many thanks > > > > > > Mark > > > > > > > > > > > > -- > Simo Sorce - Linux Systems Consultant > E-mail: simo.sorce@polimi.it > Tel: +39 0348 7149179 - Fax: +39 02 700442399 > ----------------------------------------------------------------- > Be happy, use Linux! > > From simo.sorce at polimi.it Sat Feb 17 09:31:25 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:22 2003 Subject: Server power In-Reply-To: <000601c098c1$833fcb00$0b01a8c0@MARKSYSTEM> Message-ID: On Sat, 17 Feb 2001, Mark wrote: > I am planning on a 100Mb Swtiched Network - 100Mb card both on the server > and the workstations. If I go for the mutiple drives as you suggested, is > it going to speed things up to have more than 1 network card, or was that > just another suggestion? > Well having multiple cards coupled with a switch will increase your network transfer capacity. But you will have to load balance on the different adapters (multiple IP). I'm aware that with the latest kernel linux is also able to make a so called (by Cisco) etherchannel, that is using more cards as a single interface, but I've not tested it. > > > On Fri, 16 Feb 2001, Mark wrote: > > > > > hi, and thanks for this - its not so much CPU load I am concered about > but > > > the ability to read files stored on the server. Any idea what kind of > > > transfer rates you get when everyone tries to access the serveR? > > > > Well, it really depends on what kind of network you will have > > 1Gb, 100Mb, 10Mb, switched? > > Generally a server that runs at 100Mb in a swithed network with client at > > 10Mb runs no bad (I've tested with 50+ clients). > > But If you think you will have really nuch trafic from the clients, thimk > > of putting 2/3 100Mb cards (or 1Gb?) and take care of disk speed (A scsi > > RAID5 for homes and RAID0 for the stored CDROMs will rock) IDE does not > > scale on multiple access, while scsi do and really well. > > > > > > > > Mark, > > > > > > Here's what I have installed: > > > > > > 270 Windows Workstations, most Win98. 1 Linux server that currently > > > runs Samba for print services, logon services, file services, WINS > > > service, Netbios service; DHCP; Squid for Internet Proxy of all my > > > workstations; Apache for our intra and Internet server. > > > > > > The server is a Dell Optiplex GX1 _desktop_. 400Mhz PIII processor, 30 > > > GB IDE harddrive, 128MB of memory. > > > > > > I've been monitoring CPU load for over 3 weeks now to determine what > > > else I can put on this server, and my load has rarely been over 5%. > > > > > > HTH, > > > > > > Mike > > > > > > -----Original Message----- > > > From: Mark [mailto:mark@axeon.screaming.net] > > > Sent: Friday, February 16, 2001 12:23 PM > > > To: samba-ntdom@lists.samba.org > > > Subject: Server power > > > > > > > > > > > > > > > I intend to install a network of 110 Windows Workstations into an > > > Educational establishment. The server would (naturaly!) be running > > > linux & samba (2.2 if it is released as stable in time). I would like > > > to store CD images for the workstations to access, as well as the server > > > acting as a logon client. I understand that this would be quite a large > > > demand on any server - so I am looking for suggestions of how powerful a > > > server would need to be - or if I would need more than one. > > > > > > > > > Many thanks > > > > > > > > > Mark > > > > > > > > > > > > > > > > > > > -- > > Simo Sorce - Linux Systems Consultant > > E-mail: simo.sorce@polimi.it > > Tel: +39 0348 7149179 - Fax: +39 02 700442399 > > ----------------------------------------------------------------- > > Be happy, use Linux! > > > > > > -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From bmeyer67 at calvin.edu Sat Feb 17 21:36:40 2001 From: bmeyer67 at calvin.edu (Witness) Date: Tue Dec 2 02:33:23 2003 Subject: WinME won't login to Domain Message-ID: <000001c09929$b67c9260$0202a8c0@witness.chungin100.resnet.calvin.edu> I'm running Samba 2.0.7 on Slackware 7.1. I realize PDC support is not official, but would someone please help me. When I login I get the following message: "The logon server did not recognize your domain password, or access to the server has been denied. Make sure you typed your password in correctly, and then try again." [Ok] I added the user using adduser and smbpasswd. I would like to keep passwords encrypted if possible. Here's a copy of my smb.conf file. # Samba config file created using SWAT # from witness (192.168.2.2) # Date: 2001/02/17 16:24:35 # Global parameters [global] workgroup = WWORKSHOP netbios name = CHUNGIN server string = Samba 2.0.7 - Witness Workshop Inc, interfaces = eth0 eth1 encrypt passwords = Yes update encrypted = Yes allow trusted domains = No map to guest = Bad User unix password sync = Yes load printers = No domain groups = @users add user script = /usr/sbin/adduser -n -g users -d /dev/null -s /bin/false %m$ logon script = scripts\%U.bat domain logons = Yes preferred master = Yes domain master = Yes [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon share modes = No [Ben_upload] path = /home/Samba username = bmeyer read list = bmeyer write list = bmeyer force group = users writeable = Yes Thanks in advance, Benjamen R. Meyer From sharpe at ns.aus.com Sat Feb 17 23:10:46 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:33:23 2003 Subject: WinME won't login to Domain Message-ID: <3.0.6.32.20010218091046.01203520@203.16.214.248> At 04:36 PM 2/17/01 -0500, Witness wrote: >I'm running Samba 2.0.7 on Slackware 7.1. I realize PDC support is not >official, but would someone please help me. PDC support is not required for WinME, I believe, as WinME is simply an extension of Win9X ... >When I login I get the following message: > >"The logon server did not recognize your domain password, or access to >the server has been denied. Make sure you typed your password in >correctly, and then try again." > [Ok] OK, so the login failed. It might be for a number of reasons. It would be helpful if you could provide more information. This would include: 1. A tcpdump trace of the network traffic when you are trying to log in. This can be obtained with: tcpdump -i eth0 -s 1500 -w trace.cat 2. The contents of log.nmb around the time you tries to log in. Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From eirvine at tpgi.com.au Sun Feb 18 03:53:40 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:33:24 2003 Subject: Windows NT Domain login on OpenBSD References: Message-ID: <3A8F4744.A4E83DE8@tpgi.com.au> Hi Jamie, Jamie Dahl wrote: > > following the instructions in the O'reilly book, I am unable to create > dummy user account (Computer Trust Account), OpenBSD doesnt like $'s in > the username, > > Anyone here have a workaround to this? > > Jamie Dahl The way I do it is this: a) create the new user with your usual tool (pw, adduser, ?), omitting the "$" in the username. b) use vipw to add the "$" to the name. c) do the same thing to /etc/group Eddie. From simona at uchicago.edu Sun Feb 18 04:02:39 2001 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:33:24 2003 Subject: No Domain Controller References: <08B0EA17E377D41187410090273BEFD0EFE7E4@unitas.lss.emc.com> <3A8D930B.F5C16094@uchicago.edu> <3A8DB1EF.D5A8B86B@discflo.com> Message-ID: <3A8F495F.398AA207@uchicago.edu> Larry Clark wrote: > > will these NT boxes be able to > use the user manager for domains and use the user list from the linux > box as they do with an NT PDC? thanks Good question. I know that you can't use the user manager for domains (umd) with 2.0.7, I can't comment on 2.2-alpha* as I haven't tried it. There was/is a certain degree of support for umd in TNG. Simon -- Simon Allaway | University of Chicago | "It all makes sense now... Anthropology | ...banner comes with mount" 5-4390 Haskell Hall | - Lcoady From D.Bannon at latrobe.edu.au Sun Feb 18 07:19:26 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:24 2003 Subject: Is there a difference between alpha releases and CVS snapshots? In-Reply-To: <3A8AFBE6.149FB698@vtc.edu.hk> Message-ID: <3.0.6.32.20010218181926.007cf5a0@bioserve.latrobe.edu.au> At 05:43 AM 15/2/2001 +0800, Nick Urbanik wrote: >The 2.2 PDC FAQ has existed for some months (as I recall), explaining >how to use CVS snapshots as PDC for Win2k clients. The alpha2 snapshot >states in WHATSNEW.txt: > > A known problem is this version of Samba will not act as a PDC > for Win2k clients > >However, alpha2 was released on 29 January 2001, long after the FAQ was >written. So is there a difference between alpha releases and CVS >snapshots? The FAQ is updated from time to time, nominally when a significent change takes place. Mind you, with a new job and no access to a suitable test setup yet, those updates have been a bit thin since Christmas. The individual documents such as WHATSNEW.txt are very rarely updated as changes and inprovements are submitted. Better to rely on firstly the Mailing List, secondly the FAQ/HowTo. Alpha releases are 'snapshots' taken on a particular day, the current CVS will always be newer and in most cases better. The snapshots are really for people who cannot, for what evere reason, access cvs. The FAQ and Howto really ignore the snapshots. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Sun Feb 18 07:25:49 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:24 2003 Subject: How do I sync NT,Unix and Samba password In-Reply-To: <20010212033830.3528.qmail@web12704.mail.yahoo.com> Message-ID: <3.0.6.32.20010218182549.007fa340@bioserve.latrobe.edu.au> At 11:38 AM 12/2/2001 +0800, Heather Tan wrote: >hello, > >My attempt to synchronise NT passwords with Unix and >Samba passwords has failed. >Can you help me ? You may well have samba configured correctly, however the passwd sync involves a number of other steps. First of all, errors are not (and cannot) be reported correctly. You need to configure the password chat parameter to match the text that your system uses. Please see the FAQ. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From tom.myny at pandora.be Sun Feb 18 13:28:50 2001 From: tom.myny at pandora.be (Tom Myny) Date: Tue Dec 2 02:33:24 2003 Subject: Win2k domain logon problem Message-ID: <001601c099ae$bb295020$0200a8c0@PcTom> Samba 2.2.aplha2 running on redhat7 (clean install) Config file : [global] security = user status = yes workgroup = MYNY encrypt passwords = yes wins support = yes domain logons =yes logon script = scripts\%U.bat domain admin group = @root add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /$ guest account = ftp share modes=no os level=65 [homes] guest ok = no read only = no create mask = 0700 directory mask = 0700 oplocks = false locking = no [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no Problem : I can perfectly log on from a win98 computer to the domain, When i want to log on from a win2k it wont, !! When i see in linuxconf to the users it MAKES !!! a win 2k machine account, so logon did work !!!! But after 5 !! minutes waiting on win2k it gaves : The specified domain does not exist or can not be contacted. When i look in the log files : [2001/02/18 12:26:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.2: code = 0x12 [2001/02/18 12:26:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.2: code = 0x12 [2001/02/18 12:26:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.2: code = 0x12 [2001/02/18 12:26:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.2: code = 0x12 [2001/02/18 12:26:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.2: code = 0x12 [2001/02/18 12:26:43, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.2: code = 0x7 Samba really detects a logon but i wouldn't continue. Please help because i'm now so close to connect samba from a win2k pc. Tom -------------- next part -------------- HTML attachment scrubbed and removed From bmeyer67 at calvin.edu Sun Feb 18 17:31:04 2001 From: bmeyer67 at calvin.edu (Witness) Date: Tue Dec 2 02:33:24 2003 Subject: WinME won't login to Domain In-Reply-To: <3.0.6.32.20010218091046.01203520@203.16.214.248> Message-ID: <000001c099d0$91e00980$0202a8c0@witness.chungin100.resnet.calvin.edu> > At 04:36 PM 2/17/01 -0500, Witness wrote: > >I'm running Samba 2.0.7 on Slackware 7.1. I realize PDC > support is not > >official, but would someone please help me. > PDC support is not required for WinME, I believe, as WinME is > simply an extension of Win9X ... No it's not needed, but I do want to run one. Mainly for the experience. > >When I login I get the following message: > >"The logon server did not recognize your domain password, or > access to > >the server has been denied. Make sure you typed your password in > >correctly, and then try again." > > [Ok] > OK, so the login failed. It might be for a number of reasons. > It would be helpful if you could provide more information. > This would include: > 1. A tcpdump trace of the network traffic when you are trying > to log in. > This can be obtained with: tcpdump -I eth0 -s 1500 -w trace.cat > 2. The contents of log.nmb around the time you tries to log in. both logs (smb & nmb) as well as the trace are attached. > Looks to me like you should try adding > wins support = yes > I'm no expert on Windows networking, but that's what I have > and my users Win98 machines connect with no trouble. Will try this again. I don't need a wins server, and there isn't one on my public network which just does broadcasts. Thanks for the tips. Benjamen R. Meyer P.S. Used the trace command as you gave it. Don't know how to parse it. Thanks for the help. -------------- next part -------------- A non-text attachment was scrubbed... Name: log.nmb Type: application/octet-stream Size: 2645 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010218/2be73da1/log.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: log.smb Type: application/octet-stream Size: 1494 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010218/2be73da1/log-0001.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: smbtrace.cat Type: application/vnd.ms-pki.seccat Size: 8427 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010218/2be73da1/smbtrace.bin From Axel.Thimm at physik.fu-berlin.de Sun Feb 18 15:24:57 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:24 2003 Subject: Corrupt smbpasswd and joining a domain In-Reply-To: ; from sambastuff@jabba.glfc.com on Fri, Feb 16, 2001 at 11:42:07AM -0600 References: Message-ID: <20010218162457.A18616@pua.domain> On Fri, Feb 16, 2001 at 11:42:07AM -0600, sambastuff@jabba.glfc.com wrote: > Is it a bug that if you delete a UNIX user without deleting the smbpasswd > user, you cannot join a user to a domain? > > Basicly, everytime the smbpasswd file is "corrupt", no new machines can be > joined to the domain (SAMBA 2_2 CVS today) Yes, this hit me also. I'd say, that this is a reflection of a not correctly (aka automated) Unix-smbpasswd sync set up. OTOH, there will be lots of admins that will also fall into this pitfall, so maybe it would be worth examining before the actual release. Regards, Axel. -- Axel.Thimm@physik.fu-berlin.de From satkins at skilouise.com Mon Feb 19 21:13:41 2001 From: satkins at skilouise.com (Stephen Atkins) Date: Tue Dec 2 02:33:24 2003 Subject: Thanks Message-ID: Thanks to everyone who helped with my PDC problems. I know have a working PDC for my one w2k box. Even administrating the network isn't much of a problem. Now I just have to convince the bosses that open source doesn't mean bad source. Stephen Atkins From satkins at skilouise.com Mon Feb 19 21:19:13 2001 From: satkins at skilouise.com (Stephen Atkins) Date: Tue Dec 2 02:33:24 2003 Subject: Samba/W2K printing Message-ID: Hello all. I would like to set up my printers on my Linux/Samba box. I have read through the Using Samba pages and tried to make a share to download the drivers from my Linux box. The share works for Win9X boxes but not for W2K. I tried to make the printers.def file from the ntprint.inf file but make_printerdef gets a seg fault. Any one know whats up? Stephen Atkins satkins@skilouise.com From tom.myny at pandora.be Sun Feb 18 21:40:38 2001 From: tom.myny at pandora.be (Tom Myny) Date: Tue Dec 2 02:33:24 2003 Subject: Setting a domain for win2k clients Message-ID: <004c01c099f3$71cfa470$0200a8c0@PcTom> Must i then use Samba-NTG ? Or is samba.2.2.alpha2 allready good for domain logon ? Can anyone give me an explaination what is what ? -------------- next part -------------- HTML attachment scrubbed and removed From M.Huelsmann at web.de Mon Feb 19 02:26:58 2001 From: M.Huelsmann at web.de (=?iso-8859-1?Q?M._H=FClsmann?=) Date: Tue Dec 2 02:33:24 2003 Subject: (no subject) Message-ID: <000d01c09a1b$71358020$0b00a8c0@genesis> From d.kavadas at cclru.unsw.edu.au Mon Feb 19 03:48:59 2001 From: d.kavadas at cclru.unsw.edu.au (dennis) Date: Tue Dec 2 02:33:24 2003 Subject: pam_smb 1.9.8 - broken ?? Message-ID: Hi all... Anyone here use pam_smb-1.9.8 for authenticating against a NT4 PDC ? I'm having a lot of problems getting it to work.... Error... Feb 19 12:54:08 mail authpam: PAM unable to dlopen(/lib/security/pam_smb.auth.so) Feb 19 12:54:08 mail authpam: PAM [dlerror: /lib/security/pam_smb.auth.so: cannot open shared object file: No such file or directory] Feb 19 12:54:08 mail authpam: PAM adding faulty module: /lib/security/pam_smb.auth.so Feb 19 12:54:08 mail PAM_unix[1133]: authentication failure; (uid=0) -> dennis for system-auth service Tried it on both a RH6.2 and RH7.0 system without any luck. I'd like to hear from anyone that has successfully set it up and is using it in a production environment. Regards... Dennis From corrado at ieee.org Mon Feb 19 04:45:38 2001 From: corrado at ieee.org (Corrado Daly Scaletti) Date: Tue Dec 2 02:33:24 2003 Subject: Problem with Win2K logon Message-ID: <3A90A4F1.C486656B@ieee.org> Hello, I've installed a samba 2.0.7 in a RH6.2 as a PDC, following all the steps and some advices, after all the "can`t locate the domain" error messages, the last I received from the Win2k workstation is (translated) some like "the number of procedure is out of the permitted interval". I've retried a dozen of times but still the same message. Is something wrong in the Win2k wks? Perhaps the server (486 with 16MB) is too slow? I'm attaching my configuration file. The domain and machine account are both in uppercase. Thanks in advance for any hint and best regards, Corrado. -------------- next part -------------- [global] security = user status = yes workgroup = CORRADO netbios name = crippler #wins server = 169.254.0.1 encrypt passwords = yes domain logons =yes logon script = scripts\%U.bat domain master=yes #domain admin group = @CORRADO guest account = ftp share modes=no os level=65 #debug level=3 [homes] guest ok = no read only = no create mask = 0700 directory mask = 0700 oplocks = false locking = no [netlogon] path = /usr/local/netlogon writeable = no guest ok = no From sharpe at ns.aus.com Mon Feb 19 05:31:29 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:33:24 2003 Subject: Problem with Win2K logon In-Reply-To: <3A90A4F1.C486656B@ieee.org> Message-ID: <3.0.6.32.20010219153129.0083f680@203.16.214.248> Forget it. Win2K does not work against a Samba 2.0.7 PDC. You need Samba 2.2.0, at least. At 11:45 PM 2/18/01 -0500, Corrado Daly Scaletti wrote: > >Hello, > > I've installed a samba 2.0.7 in a RH6.2 as a PDC, following all the >steps and some advices, after all the "can`t locate the domain" error >messages, the last I received from the Win2k workstation is (translated) >some like "the number of procedure is out of the permitted interval". >I've retried a dozen of times but still the same message. Is something >wrong in the Win2k wks? Perhaps the server (486 with 16MB) is too slow? > > I'm attaching my configuration file. The domain and machine account >are both in uppercase. > >Thanks in advance for any hint and best regards, > >Corrado. >[global] >security = user >status = yes >workgroup = CORRADO >netbios name = crippler >#wins server = 169.254.0.1 >encrypt passwords = yes >domain logons =yes >logon script = scripts\%U.bat >domain master=yes >#domain admin group = @CORRADO >guest account = ftp >share modes=no >os level=65 >#debug level=3 >[homes] >guest ok = no >read only = no >create mask = 0700 >directory mask = 0700 >oplocks = false >locking = no >[netlogon] >path = /usr/local/netlogon >writeable = no >guest ok = no > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From D.Bannon at latrobe.edu.au Mon Feb 19 05:54:23 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:24 2003 Subject: pam_smb 1.9.8 - broken ?? In-Reply-To: Message-ID: <3.0.6.32.20010219165423.007bc630@bioserve.latrobe.edu.au> At 02:48 PM 19/2/2001 +1100, dennis wrote: >Feb 19 12:54:08 mail authpam: PAM unable to >dlopen(/lib/security/pam_smb.auth.so) >Feb 19 12:54:08 mail authpam: PAM [dlerror: /lib/security/pam_smb.auth.so: Seems a obvious question, but have you checked that the module is there ? These libraries are installed in different places on different systems. Have a look in the pam makefile and see where they were installed. >cannot open shared object file: No such file or directory] David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From simo.sorce at polimi.it Mon Feb 19 08:20:52 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:24 2003 Subject: Problem with Win2K logon In-Reply-To: <3A90A4F1.C486656B@ieee.org> Message-ID: Sorry, but samba 2.0.7 is unable to provide PDC functionality for win2k machines. It can only provide very limited functionality for NT4 cients. If you really need PDC support for w2k machine try out a CVS snapshot of the SAMBA_2_2 branch (or grab one of the packed snapshots). But be aware that samba 2.2 is alpha software and you should not use it yet in production environments (although someone does with success). Simo. On Sun, 18 Feb 2001, Corrado Daly Scaletti wrote: > > Hello, > > I've installed a samba 2.0.7 in a RH6.2 as a PDC, following all the > steps and some advices, after all the "can`t locate the domain" error > messages, the last I received from the Win2k workstation is (translated) > some like "the number of procedure is out of the permitted interval". > I've retried a dozen of times but still the same message. Is something > wrong in the Win2k wks? Perhaps the server (486 with 16MB) is too slow? > > I'm attaching my configuration file. The domain and machine account > are both in uppercase. > > Thanks in advance for any hint and best regards, > > Corrado. > -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From martin at austrocontrol.at Mon Feb 19 09:06:40 2001 From: martin at austrocontrol.at (Martin Kadlez) Date: Tue Dec 2 02:33:25 2003 Subject: rw- for one user r-- for all References: <5F79E0406369D411986600508BDE784E1348D0@lisa.people-com.com> Message-ID: <3A90E220.2F63153E@austrocontrol.at> Hi there, u can define the share as below: [SHARENAME] comment= read only 4 nearly everyone path= /usr1/public create mask = 0544 writeable = yes on UNIX, set the owner of the directory to user1 and the permissions to 544. bye Martin Mielke wrote: > > Dear all, > > it's been a long time since I last posted to this list, so sorry if this has > been already discussed before. > > I need to create a share where a single user (call it 'user1' if you like) > has read/write permissions and the rest only read permissions. > > Any hints will be welcomed. Thanks in advance! > > Martin -- _______________________________________________________________ | | | | MARTIN KADLEZ | phon: +43-79798-1414 | | ~~~~~~~~~~~~~~~~~~ | mailto:martin@austrocontrol.at | | Austro Control GmbH | http://www.austrocontrol.at | |_____________________________|_________________________________| From Jean-Eric.Cuendet at linkvest.com Mon Feb 19 10:30:32 2001 From: Jean-Eric.Cuendet at linkvest.com (Jean-Eric Cuendet) Date: Tue Dec 2 02:33:25 2003 Subject: Samba 2.0.7 lost connection to win2k PDC Message-ID: Hi, I made an account for my Samba machine in win2k AD but after some time (depends, 2hours to 2 days), it lost the connection to the PDC saying: resolve_lmhosts: Attempting lmhosts lookup for name OBELIX.LINKVEST.COM<0x20> resolve_hosts: Attempting host lookup for name OBELIX.LINKVEST.COM<0x20> Connecting to 10.2.6.1 at port 139 Connecting to 10.2.6.1 at port 139 cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed connect_to_domain_password_server: unable to setup the PDC credentials to machine OBELIX.LINKVEST.COM. Error was : NT_STATUS_ACCESS_DENIED. domain_client_validate: Domain password server not available. Some times it works. If I recreate the account on ADS, it works and then after a while, the message above is displayed. Any idea? Thanks -jec PS: I'm not in the list. PLease CC _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Jean-Eric Cuendet Linkvest SA Av des Baumettes 19, 1020 Renens Switzerland Tel +41 21 632 9043 Fax +41 21 632 9090 http://www.linkvest.com E-mail: jean-eric.cuendet@linkvest.com _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ From gcarter at valinux.com Mon Feb 19 14:11:24 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:25 2003 Subject: Corrupt smbpasswd and joining a domain References: <20010218162457.A18616@pua.domain> Message-ID: <3A91298C.59474970@valinux.com> Axel Thimm wrote: > > I'd say, that this is a reflection of a not correctly > (aka automated) Unix-smbpasswd sync set up. OTOH, there > will be lots of admins that will also fall into > this pitfall, so maybe it would be worth examining > before the actual release. I'll look at this. The problem would be caused by the smbpasswd lookup routines attempting a getpwuid for every smbpasswd user (not just the one you are looking for). This has been fixed in HEAD btw... CHeers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From magnus at hig.se Mon Feb 19 14:26:45 2001 From: magnus at hig.se (Magnus Larsson) Date: Tue Dec 2 02:33:25 2003 Subject: Win2000 Message-ID: Hi! Does anyone know how the Windows2000Server/Windows2000 Terminal Server announces itself? What do I need to name the specific conf file for these system? For example I have smb.conf.Win95 and smb.conf.WinNT but it doesnt care about anyone of these two config files. I use "include = /etc/samba/smb.conf.%a" in the global config file! //Regards Magnus Larsson From bmeyer67 at calvin.edu Mon Feb 19 14:42:55 2001 From: bmeyer67 at calvin.edu (Witness) Date: Tue Dec 2 02:33:25 2003 Subject: WinME won't login to Domain In-Reply-To: <3.0.6.32.20010219064655.009e9100@203.16.214.248> Message-ID: <000f01c09a82$3e8678c0$0202a8c0@witness.chungin100.resnet.calvin.edu> > Hi again, > The log.nmb file show no real problems ... > The smbtrace.cat file is truncated and I cannot look at it > too well ... > Can you try again without truncating it? You could try the following: > uuencode smbtrace.cat smbtrace.cat >& smbtrace.cat.uue Ok. Here it is uuencoded. Thanks for the help. Ben Meyer -------------- next part -------------- A non-text attachment was scrubbed... Name: smbtrace.uue Type: application/octet-stream Size: 11529 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010219/20b9d3fb/smbtrace.obj From Axel.Thimm at physik.fu-berlin.de Mon Feb 19 15:04:41 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:25 2003 Subject: Win2000 In-Reply-To: ; from magnus@hig.se on Mon, Feb 19, 2001 at 03:26:45PM +0100 References: Message-ID: <20010219160441.A5564@oberon.physik.fu-berlin.de> On Mon, Feb 19, 2001 at 03:26:45PM +0100, Magnus Larsson wrote: > Does anyone know how the Windows2000Server/Windows2000 Terminal Server > announces itself? > I use "include = /etc/samba/smb.conf.%a" in the global config file! try Win2K. If that fails, then try increasing the debug level, and have a look in the log files. That way I found out that recent cvs samba_2_2 does use Win2K for %a. Regards, Axel. -- Axel.Thimm@physik.fu-berlin.de From magnus at hig.se Mon Feb 19 15:19:04 2001 From: magnus at hig.se (Magnus Larsson) Date: Tue Dec 2 02:33:25 2003 Subject: Compiling probs. Message-ID: Hi! Have anyone gotten this problem while compiling the source? ************************************************************************* Compiling rpc_server/srv_pipe.c rpc_server/srv_pipe.c: In function `api_pipe_ntlmssp_verify': rpc_server/srv_pipe.c:471: warning: assignment makes pointer from integer without a cast rpc_server/srv_pipe.c: At top level: rpc_server/srv_pipe.c:490: `api_ntlsa_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:490: initializer element is not constant rpc_server/srv_pipe.c:490: (near initialization for `api_fd_commands[0].fn') rpc_server/srv_pipe.c:491: `api_samr_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:491: initializer element is not constant rpc_server/srv_pipe.c:491: (near initialization for `api_fd_commands[1].fn') rpc_server/srv_pipe.c:492: `api_srvsvc_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:492: initializer element is not constant rpc_server/srv_pipe.c:492: (near initialization for `api_fd_commands[2].fn') rpc_server/srv_pipe.c:493: `api_wkssvc_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:493: initializer element is not constant rpc_server/srv_pipe.c:493: (near initialization for `api_fd_commands[3].fn') rpc_server/srv_pipe.c:494: `api_netlog_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:494: initializer element is not constant rpc_server/srv_pipe.c:494: (near initialization for `api_fd_commands[4].fn') rpc_server/srv_pipe.c:495: `api_reg_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:495: initializer element is not constant rpc_server/srv_pipe.c:495: (near initialization for `api_fd_commands[5].fn') rpc_server/srv_pipe.c:496: `api_spoolss_rpc' undeclared here (not in a function)rpc_server/srv_pipe.c:496: initializer element is not constant rpc_server/srv_pipe.c:496: (near initialization for `api_fd_commands[6].fn') make: *** [rpc_server/srv_pipe.o] Error 1 ************************************************************************** I get this after I updated the CVS and I dont know how to fix it or get passed it! :) //Regards Magnus From kevinc at grainsystems.com Mon Feb 19 15:37:23 2001 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:33:25 2003 Subject: No Domain Controller References: <08B0EA17E377D41187410090273BEFD0EFE7E4@unitas.lss.emc.com> <3A8D930B.F5C16094@uchicago.edu> <3A8DB1EF.D5A8B86B@discflo.com> Message-ID: <3A913DB3.E09FB224@grainsystems.com> Larry Clark wrote: > > regarding this fix, what if the WINS server is a seperate linux box. > also with the LInux box being PDC, I have 5 other NT 4.0 servers that > will authenticate back to the linux box, will these NT boxes be able to > use the user manager for domains and use the user list from the linux > box as they do with an NT PDC? thanks IIRC, read-only support for many of these services currently exists. However, I know there have been problems from Win9x machines and, according to the development roadmap posted on the Samba site, true support may not exist until "3.0". - Kevin Colby kevinc@grainsystems.com From lhomsher at jjsheeran.com Mon Feb 19 09:52:28 2001 From: lhomsher at jjsheeran.com (Lori Homsher) Date: Tue Dec 2 02:33:25 2003 Subject: DNS change now browsing doesn't work Message-ID: <5.0.2.1.0.20010219095032.00a85180@pop.magpage.com> I've been using Samba successfully for 4 years with very few problems. It's a great product! However, I recently changed our DNS IP addresses and now I can't browse my samba servers from Windows. I have a hunch it's a Windows problem, not a Samba problem, but I've exhausted my troubleshooting options and I'm hoping for some new ideas. Here's the problem: After changing /etc/resolv.conf (and all PCs) to show the new DNS IPs, my 'network neighborhood' errors out with "jjsheeran is not accessible - the list of servers for this workgroup is not currently available." It's acting like my workgroup name has changed, but it hasn't. I deleted the browse.dat & wins.dat files and restarted samba. It recreated the files, but I still can't see my samba servers. All other tests (1-9) from the diagnosis.txt file pass with flying colors, so I'm pretty sure my samba server is running fine. I'd appreciate any ideas anyone out there may have. Thanks, Lori Homsher Vice President, Information Services | Phone: 302.324.0200 ext. 620 Sheeran Direct Marketing | Fax: 302.324.0213 http://www.jjsheeran.com -------------- next part -------------- HTML attachment scrubbed and removed From jeremy at valinux.com Mon Feb 19 15:55:59 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:25 2003 Subject: Compiling probs. In-Reply-To: ; from Magnus Larsson on Mon, Feb 19, 2001 at 04:19:04PM +0100 References: Message-ID: <20010219105559.D18568@legion.hdqt.valinux.com> On Mon, Feb 19, 2001 at 04:19:04PM +0100, Magnus Larsson wrote: > Hi! > > Have anyone gotten this problem while compiling the source? > > ************************************************************************* > Compiling rpc_server/srv_pipe.c > rpc_server/srv_pipe.c: In function `api_pipe_ntlmssp_verify': > rpc_server/srv_pipe.c:471: warning: assignment makes pointer from integer > without a cast > ************************************************************************** > > I get this after I updated the CVS and I dont know how to fix it or get > passed it! :) Yes, I'm in the process of restructuring the samr code at the moment (this *really* needs doing). The build may be broken for a day or so, sorry. Revert the files to a day or so ago and it will continue to build. I'll put an announcement out when it's fixed again. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From a.samardzic at matf.bg.ac.yu Mon Feb 19 20:51:27 2001 From: a.samardzic at matf.bg.ac.yu (Aleksandar B. Samardzic) Date: Tue Dec 2 02:33:25 2003 Subject: TNG 2.5 to 2.2.0alpha2 problem Message-ID: <20010219195127.A1995@pera.home> We have Linux machine with Samba TNG 2.5 installed working as PDC for our Windows 2000 machines. Today I've tried to replace it with Samba 2.2.0alpha2: I've compiled and installed the package, then applied smbpasswd and smb.conf files from previous installation. However, when trying to log on to domain, following error message appears: "The name of security id of the domain specified is incosistent with the trust information for that domain." Any help here? How about re-creating machine account in smbpasswd file? Thanks. From vgill at technologist.com Mon Feb 19 19:07:04 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:33:25 2003 Subject: pam_smb 1.9.8 - broken ?? Message-ID: <8D043DEA73DFD411958A00A0C90AB7607CB3@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> I have been using it for about 6 mos againt a samba DC... Works great. -----Original Message----- From: dennis [mailto:d.kavadas@cclru.unsw.edu.au] Sent: Sunday, February 18, 2001 7:49 PM To: samba-ntdom@us5.samba.org Subject: pam_smb 1.9.8 - broken ?? Hi all... Anyone here use pam_smb-1.9.8 for authenticating against a NT4 PDC ? I'm having a lot of problems getting it to work.... Error... Feb 19 12:54:08 mail authpam: PAM unable to dlopen(/lib/security/pam_smb.auth.so) Feb 19 12:54:08 mail authpam: PAM [dlerror: /lib/security/pam_smb.auth.so: cannot open shared object file: No such file or directory] Feb 19 12:54:08 mail authpam: PAM adding faulty module: /lib/security/pam_smb.auth.so Feb 19 12:54:08 mail PAM_unix[1133]: authentication failure; (uid=0) -> dennis for system-auth service Tried it on both a RH6.2 and RH7.0 system without any luck. I'd like to hear from anyone that has successfully set it up and is using it in a production environment. Regards... Dennis From barth at cck.uni-kl.de Mon Feb 19 20:17:28 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:25 2003 Subject: Problem with Win2K logon In-Reply-To: <3.0.6.32.20010219153129.0083f680@203.16.214.248> References: <3A90A4F1.C486656B@ieee.org> Message-ID: <3A918D68.28843.2428E7@localhost> Just as a note: There is one way to add a w2k workstation to a samba 2.0.7 PDC: install NT4.0, join the domain, upgrade to w2k (*not* install), network settings are keppt this way: at a first glace everything works fine. Christian (Sorry if this message comes twice, think I forget to answer to the list as well) > Forget it. > > Win2K does not work against a Samba 2.0.7 PDC. You need Samba 2.2.0, at least. > > At 11:45 PM 2/18/01 -0500, Corrado Daly Scaletti wrote: > > > >Hello, > > > > I've installed a samba 2.0.7 in a RH6.2 as a PDC, following all the > >steps and some advices, after all the "can`t locate the domain" error > >messages, the last I received from the Win2k workstation is (translated) > >some like "the number of procedure is out of the permitted interval". > >I've retried a dozen of times but still the same message. Is something > >wrong in the Win2k wks? Perhaps the server (486 with 16MB) is too slow? > > > > I'm attaching my configuration file. The domain and machine account > >are both in uppercase. > > > >Thanks in advance for any hint and best regards, > > > >Corrado. > >[global] > >security = user > >status = yes > >workgroup = CORRADO > >netbios name = crippler > >#wins server = 169.254.0.1 > >encrypt passwords = yes > >domain logons =yes > >logon script = scripts\%U.bat > >domain master=yes > >#domain admin group = @CORRADO > >guest account = ftp > >share modes=no > >os level=65 > >#debug level=3 > >[homes] > >guest ok = no > >read only = no > >create mask = 0700 > >directory mask = 0700 > >oplocks = false > >locking = no > >[netlogon] > >path = /usr/local/netlogon > >writeable = no > >guest ok = no > > > > Regards > ------- > Richard Sharpe, sharpe@ns.aus.com > Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com) > Contributing author, SAMS Teach Yourself Samba in 24 Hours > Author, Special Edition, Using Samba > > > > _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From oscaryan at infovia.com.ar Mon Feb 19 20:44:47 2001 From: oscaryan at infovia.com.ar (Oscar A. Yankelevich) Date: Tue Dec 2 02:33:25 2003 Subject: I can't get the domain usrs list since sambaPDC for a guindous box ! Message-ID: <000801c09ab4$cccdbd00$190a8180@Sistemas> I know that in samba 2.2.0 alplha0 the ability to offer the domain's users list when you try to share something in a guindous 9x box in access control --> users control access was not ready, but, is it working in 2.2.0 alpha 2 version ? How if it is ? I know is not sure to use a alpha version to work under production, but I did I'n it's working fine except for the "users control access". I don't have much time to hacking 'n surely I don't have enought knowledge to do it, but I try, even "lammeing" |:-) as I can. Can somebody help this lammer ? Thanks to every body since now Eduardo ecaillava@interlap.com.ar -------------- next part -------------- HTML attachment scrubbed and removed From mgeddes at xavier.sa.edu.au Mon Feb 19 21:55:21 2001 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:33:25 2003 Subject: TNG 2.5 to 2.2.0alpha2 problem References: <20010219195127.A1995@pera.home> Message-ID: <3A919649.3057FBA5@xavier.sa.edu.au> "Aleksandar B. Samardzic" wrote: > > We have Linux machine with Samba TNG 2.5 installed working as PDC for our > Windows 2000 machines. Today I've tried to replace it with Samba 2.2.0alpha2: > I've compiled and installed the package, then applied smbpasswd and smb.conf > files from previous installation. However, when trying to log on to domain, > following error message appears: > > "The name of security id of the domain specified is incosistent with the trust > information for that domain." > > Any help here? How about re-creating machine account in smbpasswd file? > > Thanks. Yes. try deleting the account and rejoining the domain Matt From peter.milburn at sofcom.com.au Mon Feb 19 22:31:00 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:33:25 2003 Subject: samba PDC Message-ID: Hi, I am running samba2.2alpha2 with no problems except for one. When a user installs something and then shuts down the computer, while the profile is being updated on the samba PDC, it creates an error. What is happening, if a new directory has to be created, it is creating the directory, but with no permissions.. d--------- is there any kind of work around for this, in the global section, I have create mask 0765 directory mask = 0765 any help would be create on this.. Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 1597 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010220/b53f2566/WINMAIL.bin From gcarter at valinux.com Mon Feb 19 22:38:05 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:25 2003 Subject: samba PDC References: Message-ID: <3A91A04D.563C893D@valinux.com> peter.milburn@sofcom.com.au wrote: > > Hi, I am running samba2.2alpha2 with no problems except for one. > > When a user installs something and then shuts down > the computer, while the profile is being updated on the > samba PDC, it creates an error. > > What is happening, if a new directory has to be created, it > is creating the directory, but with no permissions.. > > d--------- is there any kind of work around for this, in > the global section, I have > > create mask 0765 > directory mask = 0765 This has been fixed in the latest SAMBA_2_2 CVS tree. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From yanqui at neokimia.com Mon Feb 19 22:37:31 2001 From: yanqui at neokimia.com (Yanick Quirion) Date: Tue Dec 2 02:33:25 2003 Subject: Problem Master Browser Message-ID: <003901c09ac4$8c7cf1c0$389ed284@neokimia.com> Hi everybody! I got a little problem with my Samba 2.2 NT-DOMAIN. The problem is when I want to see the computers into my network (with Network Neighborhood in NT or Win98), I can't see anything... I juste have the domain group (NTDOMAIN) and there is no machines under the group. Why? I tried several options into smb.conf file and I'm not able to resolve this issue. My NT Domain is my linux server with Samba 2.2 NT-Domain. Could you please help me with this? I included my smb.conf file (in attachement) and the output of my ifconfig below. [dionysos]:/# ifconfig eth0 Link encap:Ethernet HWaddr 00:10:4B:8F:C5:A3 inet addr:107.253.166.194 Bcast:255.255.255.255 Mask:255.255.255.0 UP BROADCAST NOTRAILERS RUNNING MTU:1500 Metric:1 RX packets:69968 errors:0 dropped:0 overruns:0 frame:0 TX packets:42318 errors:0 dropped:0 overruns:0 carrier:0 collisions:52 txqueuelen:100 Interrupt:11 Base address:0x6000 eth1 Link encap:Ethernet HWaddr 00:A0:24:19:2C:70 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:215906 errors:0 dropped:0 overruns:0 frame:0 TX packets:214809 errors:0 dropped:0 overruns:0 carrier:0 collisions:949 txqueuelen:100 Interrupt:5 Base address:0x300 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:3924 Metric:1 RX packets:188 errors:0 dropped:0 overruns:0 frame:0 TX packets:188 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 Thank you very much for your help, this will be very appreciated! :) ========================================== Yanick Quirion Administrateur de R?seau / Network Manager N?okimia Inc. Institut de Pharmacologie - ?difice Z5 3001 12eme Avenue Fleurimont, Qu?bec CANADA J1H 5N4 Tel.: +1 819 820-6840 Tel.: +1 819 820-6855 Ligne Directe Fax.: +1 819 820-6841 e-mail: yanqui@neokimia.com ========================================== From peter.milburn at sofcom.com.au Mon Feb 19 22:47:52 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:33:25 2003 Subject: Latest CVS Message-ID: I have just a cvs update -d -P than tried to recompile samba using ./configure --with-pam --with-profile the configure works, I then type make. when compiling I get this error. rpc_server/srv_pipe_hnd.c: In function `get_rpc_pipe_p': rpc_server/srv_pipe_hnd.c:860: warning: return makes pointer from integer without a cast rpc_server/srv_pipe_hnd.c: At top level: rpc_server/srv_pipe_hnd.c:868: warning: type mismatch with previous implicit declaration rpc_server/srv_pipe_hnd.c:860: warning: previous implicit declaration of `get_rpc_pipe' rpc_server/srv_pipe_hnd.c:868: warning: `get_rpc_pipe' was previously implicitly declared to return `int' Compiling rpc_server/srv_reg.c Compiling rpc_server/srv_samr.c Compiling rpc_server/srv_srvsvc.c Compiling rpc_server/srv_util.c Compiling rpc_server/srv_wkssvc.c Compiling rpc_server/srv_pipe.c rpc_server/srv_pipe.c: In function `api_pipe_ntlmssp_verify': rpc_server/srv_pipe.c:470: warning: assignment makes pointer from integer without a cast rpc_server/srv_pipe.c: At top level: rpc_server/srv_pipe.c:489: `api_ntlsa_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:489: initializer element for `api_fd_commands[0].fn' is not constant rpc_server/srv_pipe.c:490: `api_samr_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:490: initializer element for `api_fd_commands[1].fn' is not constant rpc_server/srv_pipe.c:491: `api_srvsvc_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:491: initializer element for `api_fd_commands[2].fn' is not constant rpc_server/srv_pipe.c:492: `api_wkssvc_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:492: initializer element for `api_fd_commands[3].fn' is not constant rpc_server/srv_pipe.c:493: `api_netlog_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:493: initializer element for `api_fd_commands[4].fn' is not constant rpc_server/srv_pipe.c:494: `api_reg_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:494: initializer element for `api_fd_commands[5].fn' is not constant rpc_server/srv_pipe.c:495: `api_spoolss_rpc' undeclared here (not in a function) rpc_server/srv_pipe.c:495: initializer element for `api_fd_commands[6].fn' is not constant make: *** [rpc_server/srv_pipe.o] Error 1 any ideas.. or should I grab the entire cvs again ? Thanks, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 1598 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010220/e6ab67d7/WINMAIL.bin From jeremy at valinux.com Mon Feb 19 22:55:05 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:25 2003 Subject: Latest CVS In-Reply-To: ; from peter.milburn@sofcom.com.au on Tue, Feb 20, 2001 at 09:47:52AM +1100 References: Message-ID: <20010219145505.B5173@valinux.com> On Tue, Feb 20, 2001 at 09:47:52AM +1100, peter.milburn@sofcom.com.au wrote: > > I have just a cvs update -d -P > > than tried to recompile samba using ./configure --with-pam > --with-profile > > the configure works, I then type make. > > when compiling I get this error. Yes it'll be broken for a little while whilst I finish merging the SAMR stuff from tng. Sorry for the inconvenience, I'll put an announcement out when it's back in shape. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From mark at axeon.screaming.net Mon Feb 19 23:08:37 2001 From: mark at axeon.screaming.net (Mark) Date: Tue Dec 2 02:33:25 2003 Subject: Fw: I can't get the domain usrs list since sambaPDC for a guindous box ! Message-ID: <001a01c09ac8$e4bdbaf0$0b01a8c0@MARKSYSTEM> Could a samba developer please clarify current/planned Win9X support in 2.2? Are permission changes from a Win9x box going to be possible. Thanks in advance Mark ----- Original Message ----- From: Oscar A. Yankelevich To: samba-ntdom@lists.samba.org Sent: Monday, February 19, 2001 8:44 PM Subject: I can't get the domain usrs list since sambaPDC for a guindous box ! I know that in samba 2.2.0 alplha0 the ability to offer the domain's users list when you try to share something in a guindous 9x box in access control --> users control access was not ready, but, is it working in 2.2.0 alpha 2 version ? How if it is ? I know is not sure to use a alpha version to work under production, but I did I'n it's working fine except for the "users control access". I don't have much time to hacking 'n surely I don't have enought knowledge to do it, but I try, even "lammeing" |:-) as I can. Can somebody help this lammer ? Thanks to every body since now Eduardo ecaillava@interlap.com.ar From peter.milburn at sofcom.com.au Mon Feb 19 23:30:34 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:33:25 2003 Subject: samba_2_2 Message-ID: Hi, I have just found out the latest version of samab_2_2 is broken, thats kewl, I did a cvs -d -P -D date to get a earlier version, shoudl I be doing a checkout instead of a update ? Sorry if this sounds like a silly question -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 1597 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010220/ec871c53/WINMAIL.bin From gcarter at valinux.com Tue Feb 20 00:04:39 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:25 2003 Subject: Fw: I can't get the domain usrs list since sambaPDC for a guindous box ! References: <001a01c09ac8$e4bdbaf0$0b01a8c0@MARKSYSTEM> Message-ID: <3A91B497.6BC960ED@valinux.com> Mark wrote: > > Could a samba developer please clarify current/planned > Win9X support in 2.2? Are permission changes from a > Win9x box going to be possible. > > Thanks in advance > > Mark I'm assuming you mean user lists when operating a Windows 9x "file server". These will be supported out the door with 2.2.0. Jeremy is working on it now. CHeers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From mark at axeon.screaming.net Mon Feb 19 23:58:33 2001 From: mark at axeon.screaming.net (Mark) Date: Tue Dec 2 02:33:25 2003 Subject: Fw: I can't get the domain usrs list since sambaPDC for a guindous box ! References: <001a01c09ac8$e4bdbaf0$0b01a8c0@MARKSYSTEM> <3A91B497.6BC960ED@valinux.com> Message-ID: <000e01c09acf$dea384e0$0b01a8c0@MARKSYSTEM> Im not sure if were talking bout the same thing or not - im reffering to right clicking on the file on a samba server, clicking on the security tab and changing permissions from there. thanks mark ----- Original Message ----- From: "Gerald Carter" To: "Mark" Cc: Sent: Tuesday, February 20, 2001 12:04 AM Subject: Re: Fw: I can't get the domain usrs list since sambaPDC for a guindous box ! > Mark wrote: > > > > Could a samba developer please clarify current/planned > > Win9X support in 2.2? Are permission changes from a > > Win9x box going to be possible. > > > > Thanks in advance > > > > Mark > > I'm assuming you mean user lists when operating a Windows > 9x "file server". These will be supported out the door with > 2.2.0. Jeremy is working on it now. > > > > > > > CHeers, jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com > http://www.samba.org/ SAMBA Team jerry@samba.org > http://www.plainjoe.org/ jerry@plainjoe.org > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) > From gcarter at valinux.com Tue Feb 20 03:29:44 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:25 2003 Subject: Fw: I can't get the domain usrs list since sambaPDC for a guindous box ! References: <001a01c09ac8$e4bdbaf0$0b01a8c0@MARKSYSTEM> <3A91B497.6BC960ED@valinux.com> <000e01c09acf$dea384e0$0b01a8c0@MARKSYSTEM> Message-ID: <3A91E4A8.EFA5925C@valinux.com> Mark wrote: > > Im not sure if were talking bout the same thing or not > - im reffering to right clicking on the file on a > samba server, clicking on the security tab and > changing permissions from there. No. You mean changing share permissions on a Samba server right? No. That is not on the plate. However file system ACL support will be in 2.2 so this can give you the same effect (assuming you server's fs supports POSIX ACLs and there is an appropriate backend for it). Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From PCMAGICX at t-online.de Tue Feb 20 07:29:32 2001 From: PCMAGICX at t-online.de (Christian Augustat) Date: Tue Dec 2 02:33:25 2003 Subject: need an win2k compatible WINS Server Message-ID: Hi all! I want to set an linux machine to handle WINS-Requests of all the windows clients. Is it correct, that when there is an WIN2K Server within the network, that this server will take over the WINS - Server status. Please help me. With best regards, Christian Augustat --- Christian Augustat Christian.Augustat@gmx.de From ashamril at aurallix.com Tue Feb 20 09:24:20 2001 From: ashamril at aurallix.com (Ami Shamril) Date: Tue Dec 2 02:33:25 2003 Subject: FW: samba authentication Message-ID: <002f01c09b1e$e8924c80$ce0aa8c0@axishost> It worked now. Just put all ur workstations in /etc/hosts and the problem went away. Anybody with the same problem please tries this. TQ > > -----Original Message----- >From: Chris Fischer [mailto:praxis@eskimo.com] >Sent: Tuesday, January 16, 2001 12:36 PM >To: Ami Shamril >Subject: samba authentication > >Hi, > >I saw your post on samba-ntdom regarding samba authentication. While >perusing >the thread you started it appears that the latest Samba 2.0.7 CVS release >solves the problem. However, I'm willing to bet that the problem is a >reverse >DNS lookup problem. That being the case, I'm also willing to bet that if you >entered the IP addresses of the Win 9x clients into your '/etc/hosts' file, >the authentication problems will automagically disappear. I too had this >problem, which went away after doing what I've suggested. > >If that works for you, maybe you could post the fix to the list, as I'm not >subscribed to the ntdom list. > >Regards, > >Chris ----- Original Message ----- From: "Ami Shamril" > To: "Samba-Ntdom (E-mail)" > Sent: Tuesday, January 02, 2001 11:50 PM Subject: samba authentication > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Hi... > I've successfully configured samba 2.0.6 (RH6.2) as a PDC. > All my users (Win9X) can log into the server. > But there is one problem... sometimes we must enter at least 3 times the > password b4 the server authenticated it. > 1st & 2nd time the error is password not correct.... Even we key in the > correct password. For the 3rd time normally ok... > Anybody have the same problem... > Please advise > TQ in advance. > > > From bgmilne at cae.co.za Tue Feb 20 09:45:17 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:25 2003 Subject: samba & NT administration issues Message-ID: <3A923CAD.C9D104A@cae.co.za> >3. There is "c:\temp" directory on WSs (name tells purpose) and >"everyone" is given "RWXD RWXD" rights. The problem - a ordinary user is >able to create directory there and he can remove all rights (for admins >and system too) he wants on it. Then even with administrative user >rights I am unable to delete dir or change the rights! > I added "creator-owner" with RWXD RWXD rights on c:\temp but it didn't >worked. It turned out the true owner of new directory is not >"creator-owner" but "account unknown" who obviously has full rights. >This user was authenticated by samba PDC but can't be determined by NT >WS (it refuses to add this "account unknown" in directory permission >list of c:\temp and it can't be given any rights). >I want to disable changing rights and ownership for files and >directories in c:\temp for ordinary users or just be able to easy delete >them. Maybe there is some workaround (some policy key I don't know!) for >this. This is a problem in understanding the difference between unix and NT permissions. Administrator isn't like root. You need to give yourself permissions on the files, by "taking onership" of them. >4. The same linux box is squid proxy which is cascaded on another proxy >in separated network. I want all users to be able to browse sites in the >other network but only autenticated users to have access to the >internet. Can you recommend me solution? Look into auth_smb for squid authentication off a PDC (samba or NT), and normal acls for squid ... Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From fehers at freemail.hu Tue Feb 20 08:42:57 2001 From: fehers at freemail.hu (Feher Sandor) Date: Tue Dec 2 02:33:25 2003 Subject: %U problem Message-ID: <3A922E11.375DBA29@freemail.hu> Hi folks! I'd like to fire up a PDC and some roaming profile for my NT4.0 workstations. I've got the samba-2.2.0-alpha1 package and compiled it successfully. Almost everything is working now except the name of the user profile directory. Here are the relevant parts of my config: logon script = %U.bat logon path = \\%L\Profiles\%U [Profiles] comment = Roaming profiles for Windows path = /home/Bs3/Profiles read only = no create mask = 0600 directory mask = 0700 browseable = yes volume = profile [netlogon] comment = Domain Controller logon directory path = /home/Bs3/netlogon writeable = no printable = no guest ok = yes browsable = yes So. I've successfully registered my workstation into my domain and my user's profile has created too. I've checked the profiles' names and I've found this: [root@bs3 lib]# ls /home/Bs3/* -l /home/Bs3/Netlogon: total 6 -rwxr--r-- 1 root root 55 Feb 16 14:36 sanyi.bat /home/Bs3/Profiles: total 2 drwx------ 15 sanyi root 1024 Feb 19 09:55 %u ^^^^^^m it has been created by my nt box. drwx------ 16 sanyi root 1024 Feb 16 14:51 Sanyi ^^^^^^ I've copied it from my local profile to get used it as a roving profile. As I know the variable %U means the user requested by the nt box. But it seems that it was not replaced with the name of the user. I'm wondering your opinion. Should I try a newer version ? tia and bye.,Sanya -- ... Sandor Feher... mailto:fehers@freemail.hu http://w3.swi.hu/sfeher From michael at laserle.fi Tue Feb 20 10:54:29 2001 From: michael at laserle.fi (Michael Holopainen) Date: Tue Dec 2 02:33:25 2003 Subject: samba 2.0.7 problem References: <3A91A04D.563C893D@valinux.com> Message-ID: <3A924CE5.EF80E18B@laserle.fi> We have one Linux-samba server set as PDC and another Linux-samba set as normal win_client, but for some reasons that win_client samba never shows on Network Neighbourhood lists, but on dos-prompt "net view \\" lists all the resources OK. This is not a real problem, but annoying feature (very MS like) Any suggestion on where to start searching the problem. -michael Gerald Carter wrote: > peter.milburn@sofcom.com.au wrote: > > > > Hi, I am running samba2.2alpha2 with no problems except for one. > > > > When a user installs something and then shuts down > > the computer, while the profile is being updated on the > > samba PDC, it creates an error. > > > > What is happening, if a new directory has to be created, it > > is creating the directory, but with no permissions.. > > > > d--------- is there any kind of work around for this, in > > the global section, I have > > > > create mask 0765 > > directory mask = 0765 > > This has been fixed in the latest SAMBA_2_2 CVS tree. > > Cheers, jerry > ---------------------------------------------------------------------- > /\ Gerald (Jerry) Carter Professional Services > \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com > http://www.samba.org/ SAMBA Team jerry@samba.org > http://www.plainjoe.org/ jerry@plainjoe.org > > "...a hundred billion castaways looking for a home." > - Sting "Message in a Bottle" ( 1979 ) -- --"Would you fly on airplane controlled by MS Windows ?"-- -------------------------------------------------------------------- | Michael Holopainen | Valuraudantie 25 | Tel: +358-(0)9-35093827 | | | 00700 Helsinki | Fax : +358-(0)9-35093850 | | Laserle Oy | Finland | email: michael@laserle.fi| -------------------------------------------------------------------- From fhuet at ocare.com Tue Feb 20 10:57:45 2001 From: fhuet at ocare.com (Franck Huet) Date: Tue Dec 2 02:33:25 2003 Subject: Samba PDC and W2K Message-ID: <3A924DA9.6090300@ocare.com> Hi all, I have a samba PDC installed on a sun (solaris 2.8) and some stations on W2K. Smbpasswd and smbconf are ok (.. to my mind.. :) ), the W2K are known., the samba has his domain , and the 2K is in a workgoup (with the same name of the domain) I can use all shared, homes directories on the sun . ALL is ok for that . I testet samba 2.0.7 , 2.2 alpha 1, TNG , cvs. I tried to integrate the 2K in the samba domain, with the admin login and then i ve this kind of error: - unable to logon from this computer (from the W2K to the sun) - procedure call out of the authorized intervall (in french ; numero de procedure hors de l'intervalle admis) - can't contact the PDC I ve a nt workstation too and all is ok for it ... So I read all the news, it seems to work for some people here (with 2.2) , but not for me . I begin to feel angry :) . I test some of the solution but nothing changes. How does it work when it works? Do i ve to change something in the windows's registry ? Samba can't be a pdc for W2k ( so i stop there )? From mafoe at munich.sgi.com Tue Feb 20 13:21:19 2001 From: mafoe at munich.sgi.com (Martin Foerster) Date: Tue Dec 2 02:33:26 2003 Subject: NT-roaming profiles problem /password sync. Message-ID: <001a01c09b40$02b85160$bbc5fd90@munich.sgi.com> Hi there, two short questions.... 1. I'm about to change the fileserving from NT to samba. Right now users got their roaming profile path set to the NT- Fileserver, which works fine. When I switch the roaming profile path to samba server, I get an error message, saying: "A slow Network connection has been detected, do you want to download your profile or use the locally stored one?......" If I switch back to NT it works again. The network speed is definitely alright, and it appears only after a reboot, not when I logoff/login. Any suggestions? 2. Is it possible to sync the NT password with the NIS password with samba, if the password authentication is done from the NT-PDC/BDC? As I understood it's not, but would be nice if. Thanks for any input Martin From giardi at unisi.it Tue Feb 20 16:10:33 2001 From: giardi at unisi.it (Antonio Giardi) Date: Tue Dec 2 02:33:26 2003 Subject: problems with windows 2000 server Message-ID: <4.2.0.58.20010220170954.00a65090@pop3.norton.antivirus> Hello, I have a little problem, and I would like to know if you can help me. I use a PC with Windows 2000 server as O.S. In our laboratory we have a file-server with linux and Samba as O.S. I know which registry I should edit (using regedit) under Windows NT4 to connect my PC to the server, but under windows 2000 server is different. Please, do you know which registry I should edit to connect my PC to the Server? Thans Antonio From jbeauchamp at gesinc.com Tue Feb 20 19:14:12 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:33:26 2003 Subject: problems with windows 2000 server References: <4.2.0.58.20010220170954.00a65090@pop3.norton.antivirus> Message-ID: <005b01c09b71$52309820$1d01a8c0@gesinc.com> Antonio: I'm not quite sure what you mean by editing the registry. Registry edits are not necessary to us Samba unless you are trying to use plain text passwords (I think this is correct). First of all, which version of Samba are you running? If it is 2.0.7 and is the domain controller, Win2K will not join the domain, it is not supported. It will serve files fine though. If you have a Samba PDC then you will need to upgrade to 2.2.0 (still developmental at this point, but many people seem to be using it already in production environments - beware! :)) to support a Win2K login. Provide more information and others will chime in with help. James ----- Original Message ----- From: "Antonio Giardi" To: Sent: Tuesday, February 20, 2001 8:10 AM Subject: problems with windows 2000 server > Hello, > > I have a little problem, and I would like to know if you can help me. > I use a PC with Windows 2000 server as O.S. > In our laboratory we have a file-server with linux and Samba as O.S. > I know which registry I should edit (using regedit) under Windows NT4 to > connect my PC to the server, but under windows 2000 server is different. > > Please, do you know which registry I should edit to connect my PC to the > Server? > > Thans > > > > Antonio > > From jbeauchamp at gesinc.com Tue Feb 20 20:05:05 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:33:26 2003 Subject: problems with windows 2000 server References: <4.2.0.58.20010220170954.00a65090@pop3.norton.antivirus> <4.2.0.58.20010220172006.00a4d270@pop3.norton.antivirus> Message-ID: <007801c09b78$6e34aaa0$1d01a8c0@gesinc.com> Antonio: I found it under Samba/Docs: REGEDIT4 ;Contributor: Herb Lewis (herb@sgi.com) ;Updated: 16 July 1999 ;Status: Current ; ;Subject: Registry file to enable plain text passwords in Windows 2000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Para meters] "EnablePlainTextPassword"=dword:00000001 HTH, James P.S. You should really consider switching to encrypted passwords for security reasons. ----- Original Message ----- From: "Antonio Giardi" To: "James W. Beauchamp" Sent: Tuesday, February 20, 2001 8:27 AM Subject: Re: problems with windows 2000 server > At 11.14 20/02/2001 -0800, you wrote: > >Antonio: > >I'm not quite sure what you mean by editing the registry. Registry edits > >are not necessary to us Samba unless you are trying to use plain text > >passwords (I think this is correct). First of all, which version of Samba > >are you running? If it is 2.0.7 and is the domain controller, Win2K will > >not join the domain, it is not supported. It will serve files fine though. > >If you have a Samba PDC then you will need to upgrade to 2.2.0 (still > >developmental at this point, but many people seem to be using it already in > >production environments - beware! :)) to support a Win2K login. > > > >Provide more information and others will chime in with help. > > > >James > > Hello again, > > under windows NT4 I use the regedit.exe file to edit this registry > > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters] > "EnablePlainTextPassword"=dword:00000001 > > but under windows 2000 don't exist. > The problem is in my PC, I should enable the password. > Where I can enable the plain text password? Because this path > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters] > don't exist > > Thanks so much > > > --------------------------------------------------- > Dott. Antonio Giardi > Responsabile tecnico per le attivita' di supporto alla Didattica > Multimedia Communication Laboratory > University of Siena > Via dei Termini 6, 53100 Siena, Italy > http://www.media.unisi.it > Tel: +39 0577 47734 Fax: +39 0577 49148 > e_mail: giardi@unisi.it > --------------------------------------------------- > From sp at globespan.net Tue Feb 20 19:41:27 2001 From: sp at globespan.net (Shailesh Parekh) Date: Tue Dec 2 02:33:26 2003 Subject: Win2K Native Mode with Samba 2.0.7 -- Authentication Failed.. Message-ID: <09005DB08CF23F4988C3F8684BE4904F015C73@GSMAIL1.globespan.net> Hi! All, We are using Solaris 7 and Samba 2.0.7 We changed our Win2K domain from Mixed mode to Native mode. I followed following steps after this change. On Unix Server: 1. Shutdown Samba Service. On Win2K Server: 1. Removed 'netbios name" Replicate site 2. Added 'netbios name' --> Replicated Site. Now on Unix Server: 1. smbpasswd -j 'DOMAINNAME' -r 'PASSWORD SERVER' -- Added to the network. While checking with win2k client. We are prompted for username and password. While providing both it is repetitively asking. IN Samba log file we noticed error for "Authentication Failed" I will appreciate if some one will help or share your views. Thanks in Advance. - S P -------------------------------------------- Shailesh Parekh GlobeSpan Inc. Tel (732)345-7618 100 Schultz Drive Fax (732)345-7598 Red Bank, NJ 07701 Email sp@globespan.net From don_mccall at hp.com Tue Feb 20 20:05:24 2001 From: don_mccall at hp.com (MCCALL,DON (HP-USA,ex1)) Date: Tue Dec 2 02:33:26 2003 Subject: Win2K Native Mode with Samba 2.0.7 -- Authentication Failed. . Message-ID: <079FD72E42C9D311B854009027650E6F0405081C@xatl02.atl.hp.com> Shailesh, Did you make sure to check the box "Allow pre-win2000 machines to use this account" when you created the machine account on your Win2k server for Samba? Don -----Original Message----- From: Shailesh Parekh [mailto:sp@globespan.net] Sent: Tuesday, February 20, 2001 2:41 PM To: 'samba-ntdom@lists.samba.org' Subject: Win2K Native Mode with Samba 2.0.7 -- Authentication Failed.. Importance: High Hi! All, We are using Solaris 7 and Samba 2.0.7 We changed our Win2K domain from Mixed mode to Native mode. I followed following steps after this change. On Unix Server: 1. Shutdown Samba Service. On Win2K Server: 1. Removed 'netbios name" Replicate site 2. Added 'netbios name' --> Replicated Site. Now on Unix Server: 1. smbpasswd -j 'DOMAINNAME' -r 'PASSWORD SERVER' -- Added to the network. While checking with win2k client. We are prompted for username and password. While providing both it is repetitively asking. IN Samba log file we noticed error for "Authentication Failed" I will appreciate if some one will help or share your views. Thanks in Advance. - S P -------------------------------------------- Shailesh Parekh GlobeSpan Inc. Tel (732)345-7618 100 Schultz Drive Fax (732)345-7598 Red Bank, NJ 07701 Email sp@globespan.net From t98pth at student.hk-r.se Tue Feb 20 21:26:21 2001 From: t98pth at student.hk-r.se (=?ISO-8859-1?Q?P=E4r_Thoren?=) Date: Tue Dec 2 02:33:26 2003 Subject: Win2k, joining domain Message-ID: Hi! I have problem with making win2k joining a domain. My configuration is: win2k with service pack 1 Samba latest cvs 2_2 on FreeBSD 4.2 My smb.conf file: [global] security = user status = yes workgroup = testing encrypt passwords = yes domain logons = yes logon script = scripts\netlogon.bat domain admin group = @wheel # add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ guest account = smbguest share modes=no os level=65 preferred master = yes domain master = yes [homes] guest ok = no read only = no create mask = 0700 directory mask = 0700 # oplocks = false locking = no [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no I?ve comment out the "oplocks = false" becouse testparm didn?t like it. And I?ve also comment out the "add user script" since i add my domain users manually. Except that the configuration is as exactly the same as in the FAQ. I add a user manually on the unix system then: "smbpasswd -a user" and added the root account to smbpasswd with "smbpasswd -a root" But when I as administrator on the win2k box tries to join the domain, loging in as root, I get something like "The account you are using is a workstation-account. Use a standard local user account to access this server" Is this a known problem? Is there anything I can do to make it work? regards P?r From rwilson at isd.co.san-bernardino.ca.us Tue Feb 20 21:58:49 2001 From: rwilson at isd.co.san-bernardino.ca.us (Wilson, Robert) Date: Tue Dec 2 02:33:26 2003 Subject: printing Message-ID: <33A1752F02AED311AA70009027145CEC01E2CFF7@sbc-msg-002.co.san-bernardino.ca.us> I setup samba-2.2.0alpha2 and I can't seem to use the printers on NT workstations. I followed the PRINTER_DRIVER2.txt file and got the drivers loaded OK. The strange thing is I can click on the printer have it load the driver like it should. I can then print a test page OK, but I can't print from anything else. I get some kind of error about writing to the printer. To sum it up I can print test pages all day but nothing else. Any ideas? Thank you. From music1256 at earthlink.net Tue Feb 20 22:27:46 2001 From: music1256 at earthlink.net (Jeff Alstadt) Date: Tue Dec 2 02:33:26 2003 Subject: Windows 2000 and Linux Message-ID: Is there a way to allow a Red Hat Linux Server communicate to a Windows 2000 server through the current domain? Does Samba yet support the Keberos and Active Directory on Linux? I was just wondering because I wanted to join our Windows network with our Linux network under one domain. If anyone has any information, please reply. Thanks. -Jeff From m_marmaridis at email.com Tue Feb 20 22:38:51 2001 From: m_marmaridis at email.com (m_marmaridis@email.com) Date: Tue Dec 2 02:33:26 2003 Subject: Windows 2000 and Linux In-Reply-To: Message-ID: <000501c09b8d$e6ac4f00$ef3c0a0a@htc.com> The current version of Samba only supports mixed mode domains at this stage (domains controlled by NT 4.0). There is however work underway to build support for AD in Samba so that it will be able to participate in a Native Win2K domain. This might take a little while still (expected in Samba v3.x) but stay tuned... Cheers, Makis. -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Jeff Alstadt Sent: Wednesday, February 21, 2001 9:28 AM To: samba-ntdom@us5.samba.org Subject: Windows 2000 and Linux Is there a way to allow a Red Hat Linux Server communicate to a Windows 2000 server through the current domain? Does Samba yet support the Keberos and Active Directory on Linux? I was just wondering because I wanted to join our Windows network with our Linux network under one domain. If anyone has any information, please reply. Thanks. -Jeff From peter.milburn at sofcom.com.au Tue Feb 20 22:50:04 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:33:26 2003 Subject: samba 2.2 PDC Message-ID: Does anyone know if there is a version out that fixes the permission problmes when saving a users profile at all.. Thanks, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 1605 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010221/20774f78/WINMAIL.bin From peter.milburn at sofcom.com.au Tue Feb 20 23:02:21 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:33:26 2003 Subject: samba PDC 2.2 Message-ID: when I login as root, and log out as root it comes and saves ok with permissions, but when I login as a user, it stuffs up not creating the correct permissions.. Any ideas. thansk, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 1605 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010221/e20e8835/WINMAIL.bin From matthew at arts.usyd.edu.au Tue Feb 20 23:43:21 2001 From: matthew at arts.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:33:26 2003 Subject: Win2k, joining domain References: Message-ID: <3A930119.DCFDCC97@arts.usyd.edu.au> P?r Thoren wrote: > > > But when I as administrator on the win2k box tries to join the domain, > loging in as root, I get something like "The account you are using is a > workstation-account. Use a standard local user account to access this > server" I get exactly the same message, if the accounts are pre-created or not. I followed the FAQ step by step. And older NT4 machine is in the 'domain' fine. I can't see at all where the key settings in my smb.conf differ from the FAQ. Its also the CVS download of 2.2 from about 2 days ago. -- Matthew Geier matthew@arts.usyd.edu.au Arts IT Unit +61 2 9351 4713 Sydney University -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2020 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010221/0a30d88b/smime.bin From Jean-Francois.Micouleau at dalalu.fr Wed Feb 21 00:12:11 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:26 2003 Subject: Win2k, joining domain In-Reply-To: <3A930119.DCFDCC97@arts.usyd.edu.au> Message-ID: On Wed, 21 Feb 2001, Matthew Geier wrote: > P?r Thoren wrote: > > > > > > But when I as administrator on the win2k box tries to join the domain, > > loging in as root, I get something like "The account you are using is a > > workstation-account. Use a standard local user account to access this > > server" > > I get exactly the same message, if the accounts are pre-created or not. > I followed the FAQ step by step. And older NT4 machine is in the > 'domain' fine. > I can't see at all where the key settings in my smb.conf differ from > the FAQ. > Its also the CVS download of 2.2 from about 2 days ago. check if you have accounts in smbpasswd that are not in /etc/passwd. J.F. From kathee at ezunx.com Wed Feb 21 01:21:41 2001 From: kathee at ezunx.com (Kat) Date: Tue Dec 2 02:33:26 2003 Subject: Win2k, joining domain In-Reply-To: Message-ID: I am starting to see a pattern and not sure if this will help but.... I have been playing with W2K and samba 2.2 for a little while as some may have seen my posts. The more I hear I problems the more I started experimenting and today I think I have proven this... I hope. Any W2K system with SP1 (or any of the hot fixes) seems to have random errors joining samba domains. I have NEVER had a problem with a vanilla w2k INSTALL and having it join the domain during the install. The only machines I have problems with, and it varies, are those with service packs (recent) or hot-fixes -- (still trying to narrow down exactly which hot fix). I just spent the last 12 hours playing with 4 W2K machines, installing, re-installing updating, and joining the domain at different times and have come to the same conclusion. Remove any SP's or hot-fixes, join the domain, then re-apply the fixes. The thing is too, once the hot fixes/SPs are applied AFTER the machine is in the domain, not a single problem since... If I can narrow this down more, I will let you know. Bottom line, I can dup every error message that has been posted here pretty easily and with predicted results. cheers Kathee From jeremy at valinux.com Wed Feb 21 02:04:57 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:26 2003 Subject: Large checkin on 2.2 branch. Message-ID: <20010220180457.A15004@valinux.com> Hi all, I just did a large checkin of code on the 2.2 CVS branch. This integrates a large chunk of the TNG code to provide SAMR services (PDC Stuff). It will also help Tim Potter greatly in moving the winbindd code into 2.2. It got done as a side effect when I was adding the capability for 2.2 to serve out user lists to a Win9x server - something we promised for 2.2. The code we had in there had gotten too ugly to live, and needed replacing with something that is a more robust framework for future work. This will delay 2.2 by a bit, but I hope people are more interested in getting a stable release with all the needed functionality than something out there "fast". Having said that, the tree may be a little unstable as I need to go through and re-run memory leak/overrun checkers on the new code, and some of the functionality previously supported by the old crufty code may have been broken a bit in the merge. But it should be a lot easier to fix. I'm sending this message as I know some people have been living off the 2.2 CVS tree for a while, and wanted to warn people about the large changes. But this was the last significant functionality add before 2.2, so now it's stability, not features - then on to ship (finally - hurrah :-). Thanks for your patience, Cheers, Jeremy Allison, Samba TEam. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From magnus at hig.se Wed Feb 21 07:51:34 2001 From: magnus at hig.se (Magnus Larsson) Date: Tue Dec 2 02:33:26 2003 Subject: Licensing! Message-ID: Hi! Does anyone know if its possible to run a "Terminal Licensing Server" with a Samba PDC? //Regards Magnus Larsson From tom.myny at pandora.be Wed Feb 21 08:06:30 2001 From: tom.myny at pandora.be (Tom Myny) Date: Tue Dec 2 02:33:26 2003 Subject: downloading 2.2 at cvs Message-ID: <003901c09bdd$32c653f0$0200a8c0@MYNY> Can anyone tell me in wich dir i can find damba 2.2 ? cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co samba That wil download 2.0.* at the site i saw :( -------------- next part -------------- HTML attachment scrubbed and removed From t98pth at student.hk-r.se Wed Feb 21 09:15:40 2001 From: t98pth at student.hk-r.se (=?ISO-8859-1?Q?P=E4r_Thoren?=) Date: Tue Dec 2 02:33:26 2003 Subject: Win2k, joining domain In-Reply-To: Message-ID: Hi! After deinstalling Service pack 1, hotfix Q253934 and hotfix Q259728 I still get the same error when I am trying to join the domain. /P?r On Tue, 20 Feb 2001, Kat wrote: > I am starting to see a pattern and not sure if this will > help but.... > > I have been playing with W2K and samba 2.2 for a little while > as some may have seen my posts. The more I hear I problems > the more I started experimenting and today I think I have > proven this... I hope. > > Any W2K system with SP1 (or any of the hot fixes) seems to have > random errors joining samba domains. I have NEVER had a problem > with a vanilla w2k INSTALL and having it join the domain during > the install. The only machines I have problems with, and it varies, > are those with service packs (recent) or hot-fixes -- (still trying > to narrow down exactly which hot fix). > > I just spent the last 12 hours playing with 4 W2K machines, installing, > re-installing updating, and joining the domain at different times > and have come to the same conclusion. Remove any SP's or hot-fixes, > join the domain, then re-apply the fixes. The thing is too, once the hot > fixes/SPs are applied AFTER the machine is in the domain, not a single > problem since... > > If I can narrow this down more, I will let you know. Bottom line, I can dup > every error message that has been posted here pretty easily and > with predicted results. > > cheers > Kathee > > From tom.myny at pandora.be Wed Feb 21 12:34:41 2001 From: tom.myny at pandora.be (Tom Myny) Date: Tue Dec 2 02:33:26 2003 Subject: downloading 2.2 at cvs References: <003901c09bdd$32c653f0$0200a8c0@MYNY> Message-ID: <001701c09c02$a9e022c0$0200a8c0@MYNY> Please help this newbie :) ----- Original Message ----- From: Tom Myny To: samba-ntdom@samba.org Sent: Wednesday, February 21, 2001 9:06 AM Subject: downloading 2.2 at cvs Can anyone tell me in wich dir i can find damba 2.2 ? cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co samba That wil download 2.0.* at the site i saw :( -------------- next part -------------- HTML attachment scrubbed and removed From sanders_p at univerahealthcare.org Wed Feb 21 13:24:55 2001 From: sanders_p at univerahealthcare.org (Paul Sanders) Date: Tue Dec 2 02:33:26 2003 Subject: downloading 2.2 at cvs Message-ID: I've been using the following: cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co -r MODULE samba where MODULE can be : HEAD SAMBA_2_2 APPLIANCE_HEAD APPLIANCE_TNG ...[there are others but I have never used them...] Good luck and enjoy! Paul Sanders >>> Tom Myny 02/21 7:34 AM >>> Please help this newbie :) ----- Original Message ----- From: Tom Myny To: samba-ntdom@samba.org Sent: Wednesday, February 21, 2001 9:06 AM Subject: downloading 2.2 at cvs Can anyone tell me in wich dir i can find damba 2.2 ? cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co samba That wil download 2.0.* at the site i saw :( From Axel.Thimm at physik.fu-berlin.de Wed Feb 21 13:32:07 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:26 2003 Subject: W2K profile creation in samba_2_2 Message-ID: <20010221143207.E17146@pua.domain> against better advise, I am using profiles in the user's home, but this seems not to be the problem [1]. When profiles are created at logoff time, the created directories have the execute permissions removed for everyone! How can this come? A previous admin had set in the home share create mode = 0640 directory mask = 0750 which I do not find wrong and took over. Perhaps the order samba is executing those settings is mismatched? Or some other ugly setting? This is samba_2_2 cvs from before the samr changes. [1] Just for the curious: NT/2000 seems to cache connections to shares and if two users log in and off right after each other on the same machine, and if the profile path was pointing to the same \\machine\share like \\samba\homes\profile, then NT/2000 would take that cached connection and retrieve the wrong profile. But if the profile path is set to \\%N\%U\profile, then why should that be a problem (as mentioned in the 2.2 faq)? The two paths do differ in their share name, don't they? Anyway for the problem descibed above, there is only one user ever logging on the W2K, so this is not a problem there. Regards, Axel. -- Axel.Thimm@physik.fu-berlin.de From don_mccall at hp.com Wed Feb 21 14:17:14 2001 From: don_mccall at hp.com (MCCALL,DON (HP-USA,ex1)) Date: Tue Dec 2 02:33:26 2003 Subject: W2K profile creation in samba_2_2 Message-ID: <079FD72E42C9D311B854009027650E6F0405081F@xatl02.atl.hp.com> Hi Axel, Perhaps I misunderstand: With create mode =640 and directory mask = 0750 I would expect the created files to have permissions of -rw-r-----, and the directories to have permissions drwxr-x---. Is this what you are seeing, or did you mean that the permissions for the directories end up looking like drw-r-----???? If you mean the last, then it is possible that what you are seeing is that the umask on the UNIX side is set to do this. directory mask = will set the permissions at MOST to what you specify; but the Unix umask will override this; if you want to FORCE these permissions you will need to specify "force directory mode = 0750" I hope I have understood your problem correctly.... Hope this helps, Don -----Original Message----- From: Axel Thimm [mailto:Axel.Thimm@physik.fu-berlin.de] Sent: Wednesday, February 21, 2001 8:32 AM To: samba-ntdom@samba.org Subject: W2K profile creation in samba_2_2 against better advise, I am using profiles in the user's home, but this seems not to be the problem [1]. When profiles are created at logoff time, the created directories have the execute permissions removed for everyone! How can this come? A previous admin had set in the home share create mode = 0640 directory mask = 0750 which I do not find wrong and took over. Perhaps the order samba is executing those settings is mismatched? Or some other ugly setting? This is samba_2_2 cvs from before the samr changes. [1] Just for the curious: NT/2000 seems to cache connections to shares and if two users log in and off right after each other on the same machine, and if the profile path was pointing to the same \\machine\share like \\samba\homes\profile, then NT/2000 would take that cached connection and retrieve the wrong profile. But if the profile path is set to \\%N\%U\profile, then why should that be a problem (as mentioned in the 2.2 faq)? The two paths do differ in their share name, don't they? Anyway for the problem descibed above, there is only one user ever logging on the W2K, so this is not a problem there. Regards, Axel. -- Axel.Thimm@physik.fu-berlin.de From jojowil at hvcc.edu Wed Feb 21 14:40:18 2001 From: jojowil at hvcc.edu (William Jojo) Date: Tue Dec 2 02:33:26 2003 Subject: SAMBA_2_2 and Profiles... Message-ID: <3A93D352.EEBA6AA4@hvcc.edu> Sorry, not sure which list this should've gone to, but, I didn't notice any further info on the profile directories with 000 for permissions with Win2k SP1 and Samba_2_2 tree since Jeremy last asked for a log level 10. Was going to get him one of those with the current CVS tree code. Thought you'd like to know that yesterday's CVS snapshot I downloaded had profiles being created properly again at least on AIX 4.3.3. I've moved off of alpha 1 to this snapshot for now since it seems to be doing what I need it to do for our development purposes. Just my little bit of feedback... Thanks to everyone...keep up the great work! Bill -------------- next part -------------- A non-text attachment was scrubbed... Name: jojowil.vcf Type: text/x-vcard Size: 500 bytes Desc: Card for William Jojo Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010221/69547b84/jojowil.vcf From tom.myny at pandora.be Wed Feb 21 15:31:54 2001 From: tom.myny at pandora.be (Tom Myny) Date: Tue Dec 2 02:33:26 2003 Subject: How do i logon with win2k in legancy mode ? Message-ID: <002101c09c1b$6b784cb0$0200a8c0@MYNY> I didn't found information in the man files, just asking here .... Stil some questions : 1) Does support samba 2.2.alpha2 DOMAIN logons from win2k ? 2) If not , tell me where i can download those stuff that does :) 3) Whit samba 2.2.alpha running i get this (was already in mailing faq ) : I can perfectly log on from a win98 computer to the domain, When i want to log on from a win2k it wont, !! When i see in linuxconf to the users it MAKES !!! a win 2k machine account, so logon did work !!!! But after 5 !! minutes waiting it gaves : The specified domain does not exist or can not be contacted. When i look in the log files : [2001/02/18 12:26:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.2: code = 0x12 [2001/02/18 12:26:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.2: code = 0x12 [2001/02/18 12:26:42, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.2: code = 0x12 4) I think this is the problem i dont log on in legancy mode (what that may be, dont understand it) form win2k Please please help me -------------- next part -------------- HTML attachment scrubbed and removed From gcarter at valinux.com Wed Feb 21 13:50:10 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:26 2003 Subject: downloading 2.2 at cvs References: <003901c09bdd$32c653f0$0200a8c0@MYNY> Message-ID: <3A93C792.E4AD7036@valinux.com> > Tom Myny wrote: > > Can anyone tell me in wich dir i can find damba 2.2 ? > > cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co samba > That wil download 2.0.* at the site i saw :( That downloads the HEAD branch code. ... co -r SAMBA_2_2 samba will get 2.2. But are you sure you want to be playing with CVS code? You seem a little new at this. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From shaun.lipscombe at gasops.co.uk Wed Feb 21 15:41:29 2001 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:33:26 2003 Subject: Changing IP address and WORKGROUP Message-ID: Folks, I wish to change the ip address and workgroup of my samba file/print and windows '95 logon box (its going onto a subnet with a switch for better throughput). Can I simply modify the ip address outside of samba, modify the interfaces line and workgroup line of the smb.conf and reboot? Any help/tips/pointers appreciated. Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From andrew_perrin at unc.edu Wed Feb 21 15:51:50 2001 From: andrew_perrin at unc.edu (Andrew Perrin) Date: Tue Dec 2 02:33:26 2003 Subject: Changing IP address and WORKGROUP References: Message-ID: <3A93E416.E856A9D@unc.edu> No need to reboot for the samba side - just restart (or probably even just kill -HUP) the smbd and nmbd services. Win95 will certainly require a reboot, if not several. ap Shaun Lipscombe wrote: > > Folks, > > I wish to change the ip address and workgroup of my samba file/print > and windows '95 logon box (its going onto a subnet with a switch for > better throughput). Can I simply modify the ip address outside of > samba, modify the interfaces line and workgroup line of the smb.conf > and reboot? > > Any help/tips/pointers appreciated. > > Shaun > > -- > (o_ > (o_ (o_ //\ > (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk -- -------------------------------------------------------------- Andrew J. Perrin - Programmer/Analyst, Desktop Support Children's Primary Care Research Group, UNC - Chapel Hill (919)966-9394 * andrew_perrin@unc.edu From eiben at busitec.de Wed Feb 21 16:05:08 2001 From: eiben at busitec.de (Henning Eiben) Date: Tue Dec 2 02:33:26 2003 Subject: 2.0.7 <-> TNG Message-ID: Hi, I evaluated TNG on my server ... so I installed it alright and copied my config-files from my existing 2.0.7 setup. I could logon to TNG just fine using my username/password from my 2.0.7 setup, but for some strange reason I got a new local profile on my NT workstation. Does anyone have some clue why? And how am I to solve this? -- Henning Eiben eiben@busitec.de busitec GmbH business information technology http://www.busitec.de --> Besuchen Sie uns auf der CeBIT 2001. Halle 5 Stand G26. From lkcl at samba-tng.org Wed Feb 21 16:01:08 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:26 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) Message-ID: raoul, i am fascinated. did you set any debug log levels? remember: if you set log level to 100 on TNG, expect a performance hit of about a factor of ten or 20! did you compile TNG with dynamic libraries or static? (it's a ./configure option, the default is dynamic. it affects the binary size - vastly smaller: smbd is... urr... 417k in TNG latest cvs instead of.... urr... 2meg? - but has an overhead of 15% roughly on the actual function calls etc. and also on the libaries all being PIC - position independent code) another recommended test: how long does a domain logon take? important things to do: reboot the client in between tests. wait for the dialog box to come up. wait for the client disk to stop spinning. wait another 20 seconds. _then_ log in, starting the timer from then. include downloading your user-profile, if you have one. do not modify the desktop as you log out. run this twice (each machine) to make sure. many thanks raoul, luke -----Original Message----- From: tng-users-bounce@lists.dcerpc.org [mailto:tng-users-bounce@lists.dcerpc.org]On Behalf Of Raoul Schroeder Sent: 21 February 2001 15:54 To: users tng Subject: Speed comp. TNG & 2.2.alpha Just in case anyone was interested, I compared the speed of TNG and 2.2.alpha... This was the setup: FreeBSD Release 4.1 TNG 2.6 good vs. 2.2.alpha from CVS Pentium III 750 with 128MB and 2 Ultra-2LD SCSI Harddisks (18 GB each) Three shares are set browseable. Domain logons are enabled. (Win2K and WinNT) Initial browsing in Windows Explorer (finding drives R:, S:, V:): TNG: 0.4 - 0.5 s (is slightly difficult to measure, dunno how much is Windows, how much is TNG related) 2.2.alpha: around 2 s Copying of 100 MB (mixture of small and big files) from the server: This was unfortunately mainly limited by the fact that I am sitting on a 10 MBit half duplex network, partially switched. TNG: 6 minutes 2.2.alpha: 9 minutes From jbeauchamp at gesinc.com Wed Feb 21 19:21:10 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:33:26 2003 Subject: 2.0.7 <-> TNG References: Message-ID: <007e01c09c3b$75e7c160$1d01a8c0@gesinc.com> You might want to join the samba-tng mailing list (see www.samba-tng.com) because I don't know how many TNG folks are following this list anymore (since the code fork) HTH James ----- Original Message ----- From: "Henning Eiben" To: Sent: Wednesday, February 21, 2001 8:05 AM Subject: 2.0.7 <-> TNG > Hi, > > I evaluated TNG on my server ... so I installed it alright and copied my > config-files from my existing 2.0.7 setup. I could logon to TNG just fine > using my username/password from my 2.0.7 setup, but for some strange reason > I got a new local profile on my NT workstation. > > Does anyone have some clue why? And how am I to solve this? > > > > -- > Henning Eiben > eiben@busitec.de busitec GmbH > business information technology > http://www.busitec.de > > --> Besuchen Sie uns auf der CeBIT 2001. Halle 5 Stand G26. > > > From gree3776 at rowan.edu Wed Feb 21 16:33:01 2001 From: gree3776 at rowan.edu (Samuel Greenfeld) Date: Tue Dec 2 02:33:27 2003 Subject: W2K profile creation in samba_2_2 Message-ID: I've seen this as well. Does anyone have a good workaround? --- SJG >>> Axel Thimm 02/21/01 08:32AM >>> [1] Just for the curious: NT/2000 seems to cache connections to shares and if two users log in and off right after each other on the same machine, and if the profile path was pointing to the same \\machine\share like \\samba\homes\profile, then NT/2000 would take that cached connection and retrieve the wrong profile. But if the profile path is set to \\%N\%U\profile, then why should that be a problem (as mentioned in the 2.2 faq)? The two paths do differ in their share name, don't they? Anyway for the problem descibed above, there is only one user ever logging on the W2K, so this is not a problem there. From javadi at syred.com Wed Feb 21 16:01:48 2001 From: javadi at syred.com (Yeganeh Javadi) Date: Tue Dec 2 02:33:27 2003 Subject: Group of a Windows User coming from PDC Message-ID: <00b601c09c1f$b1b32200$0201a8c0@yeganeh.idt.net> Hi, My Samba server 2.0.7 is synchronized with a Windows NT4 PDC. Whenever a user connects to Samba, the user name is retreived in %u parameter but %g (and also %G) has no value and does not indicate the group name of the connected user. Is there any special changes to do? Thanks for your help. -------------- next part -------------- HTML attachment scrubbed and removed From Axel.Thimm at physik.fu-berlin.de Wed Feb 21 17:02:45 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:27 2003 Subject: W2K profile creation in samba_2_2 In-Reply-To: <079FD72E42C9D311B854009027650E6F0405081F@xatl02.atl.hp.com>; from don_mccall@hp.com on Wed, Feb 21, 2001 at 06:17:14AM -0800 References: <079FD72E42C9D311B854009027650E6F0405081F@xatl02.atl.hp.com> Message-ID: <20010221180245.B18807@pua.domain> On Wed, Feb 21, 2001 at 06:17:14AM -0800, MCCALL,DON (HP-USA,ex1) wrote: > Perhaps I misunderstand: With create mode =640 and directory mask = 0750 I > would expect the created files to have permissions of -rw-r-----, and the > directories to have permissions drwxr-x---. Is this what you are seeing, or > did you mean that the permissions for the directories end up looking like > drw-r-----???? This is how it looks like: oberon(9):~/profile> ls -ltr total 538 -rw-r----- 1 thimm ag-linke 180256 Feb 6 05:20 USER.DAT -rw-r----- 1 thimm ag-linke 192 Feb 15 21:08 ntuser.ini drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:45 Vorlagen/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:45 SendTo/ drw-r--r-- 3 thimm ag-linke 8192 Feb 19 14:45 Startmen?/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:46 Recent/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:46 Netzwerkumgebung/ -rw-r----- 1 thimm ag-linke 262144 Feb 19 14:46 NTUSER.DAT drw-r--r-- 3 thimm ag-linke 8192 Feb 19 14:46 His6/ -rw-r----- 1 thimm ag-linke 1024 Feb 19 14:46 ntuser.dat.LOG drw-r--r-- 4 thimm ag-linke 8192 Feb 19 14:46 Favoriten/ drw-r--r-- 4 thimm ag-linke 8192 Feb 19 14:46 Desktop/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:46 Druckumgebung/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:46 Cookies/ drw-r--r-- 3 thimm ag-linke 8192 Feb 19 14:46 Eigene Dateien/ drw-r--r-- 4 thimm ag-linke 8192 Feb 19 14:46 Anwendungsdaten/ I also do not understand, why there are at all permissions set for "other", when both masks do not permit it. The directory itself and its parent (my home) have permissions oberon(10):~/profile> ls -ld . .. drwxr-x--x 14 thimm ag-linke 8192 Feb 19 14:46 ./ drwxr-x--x 70 thimm ag-linke 8192 Feb 21 17:53 ../ where the permissions of profile were set by smbd, as smbd created it in the first place (but might have inherited permissions). > If you mean the last, then it is possible that what you are seeing > is that the umask on the UNIX side is set to do this. No, my umask ist "standard" 022 (bits stripped off). And I can observe smbd creating the dirs with sensefull permissions and then stripping the execute bits away. Thanks, Axel. -- Axel.Thimm@physik.fu-berlin.de From shaun.lipscombe at gasops.co.uk Wed Feb 21 17:03:17 2001 From: shaun.lipscombe at gasops.co.uk (Shaun Lipscombe) Date: Tue Dec 2 02:33:27 2003 Subject: Changing IP address and WORKGROUP In-Reply-To: Andrew Perrin's message of "Wed, 21 Feb 2001 10:51:50 -0500" References: <3A93E416.E856A9D@unc.edu> Message-ID: * "Andrew" == Andrew Perrin writes: > No need to reboot for the samba side - just restart (or probably > even just kill -HUP) the smbd and nmbd services. > Win95 will certainly require a reboot, if not several. Thanks, Shaun -- (o_ (o_ (o_ //\ (/)_ (/)_ V_/_ shaun.lipscombe@gasops.co.uk From memphis_ms at gmx.net Wed Feb 21 17:34:50 2001 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:33:27 2003 Subject: 2.0.7 <-> TNG References: <007e01c09c3b$75e7c160$1d01a8c0@gesinc.com> Message-ID: <3A93FC3A.219C868A@gmx.net> It's not a TNG "problem" If you do not enable roaming profiles, then it is stored locally. Even if you have roaming ones, they are temp. stored on your harddisk. There is one profile for every user, and for all that Windows is concerned, user Henning local and user Henning on TNG is NOT the same user. Same holds true even for the administrator. So, this is really a windows prob. > ----- Original Message ----- > From: "Henning Eiben" > To: > Sent: Wednesday, February 21, 2001 8:05 AM > Subject: 2.0.7 <-> TNG > > > Hi, > > > > I evaluated TNG on my server ... so I installed it alright and copied my > > config-files from my existing 2.0.7 setup. I could logon to TNG just fine > > using my username/password from my 2.0.7 setup, but for some strange > reason > > I got a new local profile on my NT workstation. > > > > Does anyone have some clue why? And how am I to solve this? > > > > > > > > -- > > Henning Eiben > > eiben@busitec.de busitec GmbH > > business information technology > > http://www.busitec.de > > > > --> Besuchen Sie uns auf der CeBIT 2001. Halle 5 Stand G26. > > > > > > From sven at sven-siemsen.de Wed Feb 21 18:29:26 2001 From: sven at sven-siemsen.de (Sven Siemsen) Date: Tue Dec 2 02:33:27 2003 Subject: Again: Win2k, joining domain In-Reply-To: Message-ID: Hi, While trying to join a w2k box to my samba-2.2-controlled domain (cvs from today), the logfile told me: [...] [2001/02/21 18:17:25, 0] rpc_parse/parse_prs.c:prs_grow(217) prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. [2001/02/21 18:17:25, 0] rpc_server/srv_samr.c:api_samr_lookup_domain(577) api_samr_lookup_domain: Unable to unmarshall SAMR_Q_LOOKUP_DOMAIN. [2001/02/21 18:17:25, 0] rpc_server/srv_pipe.c:api_rpcTNP(1199) api_rpcTNP: api_samr_rpc: SAMR_LOOKUP_DOMAIN failed. And the (fresh installed) windows box told me (in German): "Die Prozeduranzahl liegt au?erhalb des erlaubten Bereichs." which means to me that something that has to to with procedures is out of range :-| Any idea? Thanks Sven Siemsen From kathee at ezunx.com Wed Feb 21 18:54:08 2001 From: kathee at ezunx.com (Kat) Date: Tue Dec 2 02:33:27 2003 Subject: Again: Win2k, joining domain In-Reply-To: Message-ID: I got the exact same message the other day. I went to the samba PDC, deleted all references the the machine account name that had been created. I then went back to the W2K machine and shut it down, then rebooted and re-added to the domain. It worked. Funny thing was, as in your case, it would not do it the first time and yet I did not change a thing other than delete the account and try again. Go figure.. Kathee -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Sven Siemsen Sent: Wednesday, February 21, 2001 1:29 PM To: samba-ntdom@samba.org Subject: Again: Win2k, joining domain Hi, While trying to join a w2k box to my samba-2.2-controlled domain (cvs from today), the logfile told me: [...] [2001/02/21 18:17:25, 0] rpc_parse/parse_prs.c:prs_grow(217) prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. [2001/02/21 18:17:25, 0] rpc_server/srv_samr.c:api_samr_lookup_domain(577) api_samr_lookup_domain: Unable to unmarshall SAMR_Q_LOOKUP_DOMAIN. [2001/02/21 18:17:25, 0] rpc_server/srv_pipe.c:api_rpcTNP(1199) api_rpcTNP: api_samr_rpc: SAMR_LOOKUP_DOMAIN failed. And the (fresh installed) windows box told me (in German): "Die Prozeduranzahl liegt au?erhalb des erlaubten Bereichs." which means to me that something that has to to with procedures is out of range :-| Any idea? Thanks Sven Siemsen From don_mccall at hp.com Wed Feb 21 19:12:23 2001 From: don_mccall at hp.com (MCCALL,DON (HP-USA,ex1)) Date: Tue Dec 2 02:33:27 2003 Subject: W2K profile creation in samba_2_2 Message-ID: <079FD72E42C9D311B854009027650E6F04050826@xatl02.atl.hp.com> Hi Axel; I don't get this behaviour, using the same create mode and directory mask that I mentioned. And how you end up getting r permission for OTHER on your directories is a complete mystery! The only other thing I can think of that modifies the execute bits are the map archive, map system and map hidden parameters - can I take a look at your full smb.conf file to see if I can spot anything else? Don -----Original Message----- From: Axel Thimm [mailto:Axel.Thimm@physik.fu-berlin.de] Sent: Wednesday, February 21, 2001 12:03 PM To: MCCALL,DON (HP-USA,ex1) Cc: samba-ntdom@samba.org Subject: Re: W2K profile creation in samba_2_2 On Wed, Feb 21, 2001 at 06:17:14AM -0800, MCCALL,DON (HP-USA,ex1) wrote: > Perhaps I misunderstand: With create mode =640 and directory mask = 0750 I > would expect the created files to have permissions of -rw-r-----, and the > directories to have permissions drwxr-x---. Is this what you are seeing, or > did you mean that the permissions for the directories end up looking like > drw-r-----???? This is how it looks like: oberon(9):~/profile> ls -ltr total 538 -rw-r----- 1 thimm ag-linke 180256 Feb 6 05:20 USER.DAT -rw-r----- 1 thimm ag-linke 192 Feb 15 21:08 ntuser.ini drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:45 Vorlagen/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:45 SendTo/ drw-r--r-- 3 thimm ag-linke 8192 Feb 19 14:45 Startmen?/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:46 Recent/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:46 Netzwerkumgebung/ -rw-r----- 1 thimm ag-linke 262144 Feb 19 14:46 NTUSER.DAT drw-r--r-- 3 thimm ag-linke 8192 Feb 19 14:46 His6/ -rw-r----- 1 thimm ag-linke 1024 Feb 19 14:46 ntuser.dat.LOG drw-r--r-- 4 thimm ag-linke 8192 Feb 19 14:46 Favoriten/ drw-r--r-- 4 thimm ag-linke 8192 Feb 19 14:46 Desktop/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:46 Druckumgebung/ drw-r--r-- 2 thimm ag-linke 8192 Feb 19 14:46 Cookies/ drw-r--r-- 3 thimm ag-linke 8192 Feb 19 14:46 Eigene Dateien/ drw-r--r-- 4 thimm ag-linke 8192 Feb 19 14:46 Anwendungsdaten/ I also do not understand, why there are at all permissions set for "other", when both masks do not permit it. The directory itself and its parent (my home) have permissions oberon(10):~/profile> ls -ld . .. drwxr-x--x 14 thimm ag-linke 8192 Feb 19 14:46 ./ drwxr-x--x 70 thimm ag-linke 8192 Feb 21 17:53 ../ where the permissions of profile were set by smbd, as smbd created it in the first place (but might have inherited permissions). > If you mean the last, then it is possible that what you are seeing > is that the umask on the UNIX side is set to do this. No, my umask ist "standard" 022 (bits stripped off). And I can observe smbd creating the dirs with sensefull permissions and then stripping the execute bits away. Thanks, Axel. -- Axel.Thimm@physik.fu-berlin.de From bayazit_cengiz at jpmorgan.com Wed Feb 21 19:30:13 2001 From: bayazit_cengiz at jpmorgan.com (Cengiz X Bayazit) Date: Tue Dec 2 02:33:27 2003 Subject: rookie questions Message-ID: <852569FA.006B21CE.00@nyc-ntgw-n01.ny.jpmorgan.com> Hello all, I'm just starting to work with samba, so here goes my first rookie question: -Can I setup samba as a PDC so that it would understand NDS authentication.?? - I know I can use an NT PDC with NDS for NT installed to translate the authentication to an NDS tree into an NT authentication, and then point that to SAMBA, but it's kinda hard to get an NT server around here. And if I set it up the other way, (no domain controllers) people will have to change their passwords everywhere. Thanks in advance Cengiz Bayazit This communication is for informational purposes only. It is not intended as an offer or solicitation for the purchase or sale of any financial instrument or as an official confirmation of any transaction. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Any comments or statements made herein do not necessarily reflect those of J.P. Morgan Chase & Co. Incorporated, its subsidiaries and affiliates. From martin at zamenhof.demon.co.uk Wed Feb 21 21:34:15 2001 From: martin at zamenhof.demon.co.uk (Martin Radford) Date: Tue Dec 2 02:33:27 2003 Subject: Windows 2000 and Linux In-Reply-To: <000501c09b8d$e6ac4f00$ef3c0a0a@htc.com> from "m_marmaridis@email.com" at Feb 21, 2001 09:38:51 AM Message-ID: <200102212134.VAA27288@zamenhof.demon.co.uk> > The current version of Samba only supports mixed mode domains at this stage > (domains controlled by NT 4.0). There is however work underway to build > support for AD in Samba so that it will be able to participate in a Native > Win2K domain. This might take a little while still (expected in Samba v3.x) > but stay tuned... This is incorrect. Samba servers can be added to a native mode Win2k domain, where they act as downlevel NT4 servers (i.e. using Win2k's backwards compatibility NetBIOS layer). On the other hand, Samba cannot behave as a domain controller in a native mode domain, and doesn't have AD support per se. Martin -- Martin Radford | "Only wimps use tape backup: _real_ martin@zamenhof.demon.co.uk | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V From peter.milburn at sofcom.com.au Wed Feb 21 23:05:53 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:33:27 2003 Subject: SAMBA PDC Message-ID: Hey all, I am using the latest .tar.gz that is available for download from the FTP, all is working fine, the problem I am having is I am trying to get a linux machine to join the domain. I had it working before. I use the command smbpasswd -j domain This is the error I am getting cli_net_req_chal: Error NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT cli_nt_setup_creds: request challenge failed modify_trust_password: unable to setup the PDC credentials to machine TUX.SOFCOM.COM.AU. Error was : NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. 2001/02/22 10:23:10 : change_trust_account_password: Failed to change password for domain SOFCOM_MELB. Unable to join domain SOFCOM_MELB. Any help would be appreciated. Thanks, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 1597 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010222/3bd59a79/WINMAIL.bin From sp at globespan.net Wed Feb 21 23:40:35 2001 From: sp at globespan.net (Shailesh Parekh) Date: Tue Dec 2 02:33:27 2003 Subject: SAMBA PDC Message-ID: <09005DB08CF23F4988C3F8684BE4904F015C88@GSMAIL1.globespan.net> Hi! Peter, Add your Linux Computer to NT Domain. I am not sure you are using Active Directory or PDC/BDC. If it is already their than remove it first and replicate on all your site. Just check machine is not on domain than add it and use command smbpasswd -j domain It should work. -- SP -----Original Message----- From: peter.milburn@sofcom.com.au [mailto:peter.milburn@sofcom.com.au] Sent: Wednesday, February 21, 2001 6:06 PM To: samba-ntdom@us5.samba.org Subject: SAMBA PDC Hey all, I am using the latest .tar.gz that is available for download from the FTP, all is working fine, the problem I am having is I am trying to get a linux machine to join the domain. I had it working before. I use the command smbpasswd -j domain This is the error I am getting cli_net_req_chal: Error NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT cli_nt_setup_creds: request challenge failed modify_trust_password: unable to setup the PDC credentials to machine TUX.SOFCOM.COM.AU. Error was : NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. 2001/02/22 10:23:10 : change_trust_account_password: Failed to change password for domain SOFCOM_MELB. Unable to join domain SOFCOM_MELB. Any help would be appreciated. Thanks, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From m_marmaridis at email.com Thu Feb 22 01:43:49 2001 From: m_marmaridis at email.com (makis email (E-mail)) Date: Tue Dec 2 02:33:27 2003 Subject: Windows 2000 and Linux In-Reply-To: <200102212134.VAA27288@zamenhof.demon.co.uk> Message-ID: <002401c09c70$e83d5e20$ef3c0a0a@htc.com> >> The current version of Samba only supports mixed mode domains at this stage >> (domains controlled by NT 4.0). There is however work underway to build >> support for AD in Samba so that it will be able to participate in a Native >> Win2K domain. This might take a little while still (expected in Samba v3.x) >> but stay tuned... >Samba servers can be added to a native mode Win2k >domain, where they act as downlevel NT4 servers (i.e. using Win2k's >backwards compatibility NetBIOS layer). For file, print sharing etc they will do a great job, but they will not have a concept of the domain being Win2K controlled. So features like getting them to authenticate against the domain user list etc that can be done in WinNT 4.0 controlled domains will not be there. In any case, in my previous response, I was referring to Samba participating in a Native Win2K domain as a DC; and Samba can not do that at the moment because it does not have AD support (yet!). Provided you don't want to use the samba server as a domain controller, then the existance or not of a Win2K domain is irrelevant anyway. Regards, Makis. From s.cloherty at gsbme.unsw.edu.au Thu Feb 22 08:27:37 2001 From: s.cloherty at gsbme.unsw.edu.au (Shaun Cloherty) Date: Tue Dec 2 02:33:27 2003 Subject: RH 7.0 and Winbind in an NT4.0 domain Message-ID: <3A94CD79.F93FDA87@gsbme.unsw.edu.au> Forgive me if this is not the appropriate list - please direct me to a more appropriate forum. I have a number of client machines running Linux (RH7.0) which I need to make available to existing users of our NT4.0 domain. Winbind seem to be the ticket I am looking for, so I downloaded and installed the samba-appliance-0.5-1 rpm. I have been following the directions in the winbindd man page, but havn't managed to get it working. I have made the suggested changes to /etc/nsswitch.conf, but havn't yet tackled the PAM issues. There are existing accounts on the NT server for these machines - they dual boot Win2k - which I have confirmed using samedit included in the samba-appliance rpm. I have created a /etc/samba/smb.conf file based on the winbindd man page. When I start the smbd and nmbd daemons (via /etc/rc.d/init.d/smb start) I see this; Starting SMB services: execvp: No such file or directory [FAILED] Starting NMB services: execvp: No such file or directory [FAILED] I don't think this is a Samba issue, since I can start the daemons by hand (smbd -D; nmbd -D) without any problem... but if anyone has any suggestions on how to fix it, please let me know. I'm not sure how I am supposed to start the winbind daemon, but simply typing 'winbindd' at the prompt seems to do it... let me know if there is more to it than that. Now, when I run 'getent passwd' as suggested in the man page, I see only the users listed in the /etc/passwd file... no NT domain users. Am I correct in assuming that at this point, if all is well, I should be seeing a list of NT domain users in addition to the local unix users (from /etc/passwd)? It is my understanding that simply listing the users via 'getent passwd' is a name service issue, so I expected it to work even though I have not dealt with the PAM configuration yet.... am I wrong? If so, which services under /etc/pam.d do I have to tweak to make 'getent passwd' to work? An 'strace' of 'getent passwd' indicates that it reads /etc/nsswitch.conf (as expected), then reads the /etc/passwd file, echoing the entries to stdout, then goes looking for libnss_winbind.so.2, presumably to do the winbind magic so as to list the NT domain users. The winbindd man page said to put libnss_winbind.so.2 in /lib, yet no libnss_switch.so.2 came in the samba-appliance rpm, it installs /lib/libnss_winbind.so. Simply renaming libnss_winbind.so to libnss_winbind.so.2 seems ok, in that an strace indicates that it finds the library, does its thing, but times out writing/reading from /tmp/.winbindd/pipe. I don't know how to proceed from here? Any assistance would be greatly appreciated, Shaun -- Shaun Cloherty Graduate School of Biomedical Engineering University of New South Wales From dobos_s at IBCnet.hu Thu Feb 22 08:38:52 2001 From: dobos_s at IBCnet.hu (dobos_s@IBCnet.hu) Date: Tue Dec 2 02:33:27 2003 Subject: Where to find the final features-list of 2.2? Message-ID: So where to find it? Cly From noelk at bc.edu Thu Feb 22 12:48:22 2001 From: noelk at bc.edu (Kenneth Noel) Date: Tue Dec 2 02:33:27 2003 Subject: Windows 2000 and Linux References: <200102212134.VAA27288@zamenhof.demon.co.uk> Message-ID: <3A950A96.2942AD43@bc.edu> Martin Radford wrote: > > The current version of Samba only supports mixed mode domains at this stage > > (domains controlled by NT 4.0). There is however work underway to build > > support for AD in Samba so that it will be able to participate in a Native > > Win2K domain. This might take a little while still (expected in Samba v3.x) > > but stay tuned... > > This is incorrect. Samba servers can be added to a native mode Win2k > domain, where they act as downlevel NT4 servers (i.e. using Win2k's > backwards compatibility NetBIOS layer). > > On the other hand, Samba cannot behave as a domain controller in a > native mode domain, and doesn't have AD support per se. > > Martin > -- > Martin Radford | "Only wimps use tape backup: _real_ > martin@zamenhof.demon.co.uk | men just upload their important stuff -o) > Registered Linux user #9257 | on ftp and let the rest of the world /\\ > - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V I don't thing thats right... I was told that a native mode domain cannot have any win9x, NT, or Samba systems in the native mode domain unless they are running the active directory client. Since samba does not have a active directory client nor native to active directory I dont think it will work. You can have NT 4.0 domain with trust to a native mode domain and have members of the nt 4.0 domain login to the Win2k/active directory domain, that will work. That is how our domain structure is or will be setup. Ken -------------- next part -------------- A non-text attachment was scrubbed... Name: noelk.vcf Type: text/x-vcard Size: 290 bytes Desc: Card for Kenneth Noel Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010222/4267d501/noelk.vcf From bgjohnson at tasc.com Thu Feb 22 12:51:29 2001 From: bgjohnson at tasc.com (Johnson, Byron G.) Date: Tue Dec 2 02:33:27 2003 Subject: Mounting W2K Shares Message-ID: I am running Samba 2.0.7 on a W2K domain. The W2K Server is the PDC. I can browse the Linux shares from the W2K machines and can read and write to the Linux partitions. From the Linux machine, I can connect the W2K shares using smbclient, however, I have not been able to mount the W2K shares. Can anyone help? -- Byron G. Johnson Business Development Manager, Enterprise Security Litton TASC 4801 Stonecroft Blvd Chantilly, VA 20151-3822 Voice: (703) 633-8478 Fax: (703) 449-1087 Cellular: (703) 819-6423 Pager: (888) 751-4116 Home: (703) 753-0204 E-Mail: bgjohnson@tasc.com From gcarter at valinux.com Thu Feb 22 13:05:06 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:27 2003 Subject: Windows 2000 and Linux References: <200102212134.VAA27288@zamenhof.demon.co.uk> <3A950A96.2942AD43@bc.edu> Message-ID: <3A950E82.2100D074@valinux.com> Kenneth Noel wrote: > > I don't thing thats right... I was told that a native > mode domain cannot have any win9x, NT, or Samba systems > in the native mode domain unless they are running > the active directory client. Since samba does not have > a active directory client nor native to active directory > I dont think it will work. Martin is correct. Trust us on this one ok. > You can have NT 4.0 domain with trust to a native > mode domain and have members of the nt 4.0 domain login > to the Win2k/active directory domain, that will > work. That is how our domain structure is or will be setup. Ken, You only need a mixed mode DC in WIn2k if you have WinNT4 BDC's. By default, a native mode Win2k DC still provides NetBIOS and NTLMv1 support. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From abartlet at pcug.org.au Thu Feb 22 13:10:28 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:33:27 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: Message-ID: <3A950FC4.68E766BA@bartlett.house> For some reason I implemented TNG in a production environment (I needed user-level security for Win9X shares), and noticed an immediate slowdown for logons and I had reports that logons where timing out, with users unable to login before the timeout - even pressing retry for 45min! These logins are from NT4, with a logon applet that sends 2 incorrect passwords (local user, new user with no password) before the final password from the user. When the system is not in use a logon (with the applet) took 30secs with TNG compared with immediate on 2.2 Other logons are from Win9X, as standard domain logons. I ended up having to move back to 2.2, but I should note the mitigating factors: I enabled and used utmp, syslog and quotas (all of which I am sure are entirely untested). My system in RedHat 6.2 on a p166, on a separate subnet from the clients, with a firewall in between. Just another data-point, Andrew Bartlett Luke Kenneth Casson Leighton wrote: > > raoul, > > i am fascinated. > > did you set any debug log levels? remember: if you set log level to 100 > on TNG, expect a performance hit of about a factor of ten or 20! > > did you compile TNG with dynamic libraries or static? (it's a ./configure > option, the default is dynamic. it affects the binary size - vastly > smaller: smbd is... urr... 417k in TNG latest cvs instead of.... urr... > 2meg? - but has an overhead of 15% roughly on the actual function calls > etc. and also on the libaries all being PIC - position independent code) > > another recommended test: > > how long does a domain logon take? > > important things to do: > > reboot the client in between tests. wait for the dialog box to come up. > wait for the client disk to stop spinning. wait another 20 seconds. > _then_ log in, starting the timer from then. > > include downloading your user-profile, if you have one. do not modify the > desktop as you log out. > > run this twice (each machine) to make sure. > > many thanks raoul, > > luke > > -----Original Message----- > From: tng-users-bounce@lists.dcerpc.org > [mailto:tng-users-bounce@lists.dcerpc.org]On Behalf Of Raoul Schroeder > Sent: 21 February 2001 15:54 > To: users tng > Subject: Speed comp. TNG & 2.2.alpha > > Just in case anyone was interested, I compared the speed of TNG and > 2.2.alpha... > This was the setup: > FreeBSD Release 4.1 > TNG 2.6 good vs. 2.2.alpha from CVS > Pentium III 750 with 128MB and 2 Ultra-2LD SCSI Harddisks (18 GB each) > Three shares are set browseable. > Domain logons are enabled. (Win2K and WinNT) > > Initial browsing in Windows Explorer (finding drives R:, S:, V:): > TNG: 0.4 - 0.5 s (is slightly difficult to measure, dunno how much is > Windows, how much is TNG related) > 2.2.alpha: around 2 s > > Copying of 100 MB (mixture of small and big files) from the server: > This was unfortunately mainly limited by the fact that I am sitting on a > 10 MBit half duplex network, partially switched. > TNG: 6 minutes > 2.2.alpha: 9 minutes -- Andrew Bartlett abartlet@pcug.org.au From fhuet at ocare.com Thu Feb 22 13:20:02 2001 From: fhuet at ocare.com (fhuet) Date: Tue Dec 2 02:33:27 2003 Subject: Samba PDC and W2000 Message-ID: <3A951202.6070804@ocare.com> Hi all, Stil the same problem , can't get access to my solaris samba pdc with w2000( with and without SP1, acpi or apm(?) , user root on solaris or root en w2000, machine account or not in smbpasswd) ...feel tired .... Last test which is ok : i ve installed a nt4 , i integrated it to my domain, then an upgrade in w2000 then it's ok ..my new2000 belongs to my pdc domain ...not a quiet soltion ..and not very stable ... so why w2000 native can't get access ? ... i can't do an upgrade of all my nt workstations .. help ..... -------------- next part -------------- HTML attachment scrubbed and removed From philippe.letrait at epitech.net Thu Feb 22 14:47:34 2001 From: philippe.letrait at epitech.net (philippe letrait) Date: Tue Dec 2 02:33:27 2003 Subject: Error: Unknown error (109,49152) for samba 2.0.7 as NT PDC Message-ID: <200102221447.OAA10425@hermes.epita.fr> Hello, I've got a Windows NT 4.0 SP 5, and i want to log on a 2.0.7 samba server witch is set as a PDC. The domain is PMEZED The Windows NT machine name is PMEZED_WIN But the Windows Machine cannot reach the PDC. I have a logging level of 3, in 'smb.conf' configuration file. You can see an 'unknown' error (the ONLY error in the file) bellow ------my logfile (without the head) .... [2020/03/14 02:47:31, 3] smbd/reply.c:reply_sesssetup_and_X(809) sesssetupX:name=[PMEZED_WIN$] [2020/03/14 02:47:31, 3] smbd/error.c:error_packet(127) 32 bit error packet at line 490 cmd=115 (SMBsesssetupX) eclass=c000006d [Error: Unknown error (109,49152)] [2020/03/14 02:47:31, 3] smbd/process.c:timeout_processing(856) end of file from client [2020/03/14 02:47:31, 2] smbd/server.c:exit_server(408) Closing connections [2020/03/14 02:47:31, 3] smbd/server.c:exit_server(435) Server exit (normal exit) -------End of my logfile---- -------Here is my smb.conf file [global] netbios name = PhilZ-BSD workgroup = PMEZED comment = PhilZ Sharing Under NetBSD status = yes browseable = yes printing = bsd guest account = nobody admin users = root invalid users = @wheel, mail, deamon, adt locking = yes security = user encrypt passwords = yes os level = 100 local master = yes preferred master = yes domain master = yes domain logons = yes logon script = scripts\%U.bat log level = 3 log file = /usr/local/samba/var/samba_log.%m [netlogon] comment = "Domain Logon Services" path = /usr/local/samba/netlogon public = no writable = no browseable = no [homes] comment = "Home Directory for %u " path = /home/%u guest ok = no read only = no create mode = 644 writable = yes browsable = no [vrac] path = /usr/vrac comment = Vrac Things writeable = false browseable = yes guest ok = yes -------End of my smb.conf file Any help or explanations would be appreciated ! Thanks Best Regards, Phil From eiben at busitec.de Thu Feb 22 14:36:28 2001 From: eiben at busitec.de (Henning Eiben) Date: Tue Dec 2 02:33:27 2003 Subject: 2.0.7 <-> TNG In-Reply-To: <3A93FC3A.219C868A@gmx.net> Message-ID: > -----Original Message----- > From: Raoul Schroeder [mailto:memphis_ms@gmx.net] > Sent: Wednesday, February 21, 2001 6:35 PM > To: James W. Beauchamp > Cc: Henning Eiben; samba-ntdom@samba.org > Subject: Re: 2.0.7 <-> TNG > > > It's not a TNG "problem" > > If you do not enable roaming profiles, then it is stored locally. I know that, because I want local profiles, I disabled roaming profiles (on purpose!). > Even if you have roaming ones, they are temp. stored on your harddisk. > There is one profile for every user, and for all that Windows is > concerned, > user Henning local and user Henning on TNG is NOT the same user. Why? Well ... there is no local user Henning. There is a Samba-User (2.0.7) Henning, and now I want to continue work with Samba-TNG ... still as a samba-user Henning. -- Henning Eiben eiben@busitec.de busitec GmbH business information technology http://www.busitec.de --> Besuchen Sie uns auf der CeBIT 2001. Halle 5 Stand G26. From simo.sorce at polimi.it Thu Feb 22 15:09:33 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:27 2003 Subject: 2.0.7 <-> TNG In-Reply-To: Message-ID: On Thu, 22 Feb 2001, Henning Eiben wrote: > > -----Original Message----- > > From: Raoul Schroeder [mailto:memphis_ms@gmx.net] > > Sent: Wednesday, February 21, 2001 6:35 PM > > To: James W. Beauchamp > > Cc: Henning Eiben; samba-ntdom@samba.org > > Subject: Re: 2.0.7 <-> TNG > > > > > > It's not a TNG "problem" > > > > If you do not enable roaming profiles, then it is stored locally. > > I know that, because I want local profiles, I disabled roaming profiles (on > purpose!). > > > Even if you have roaming ones, they are temp. stored on your harddisk. > > There is one profile for every user, and for all that Windows is > > concerned, > > user Henning local and user Henning on TNG is NOT the same user. > > Why? Well ... there is no local user Henning. There is a Samba-User (2.0.7) > Henning, and now I want to continue work with Samba-TNG ... still as a > samba-user Henning. > The way samba TNG make SIDS is different from 2.0.7 So having different SIDS result in NT believing they are different users, and building a new profile for what it thinks is a new user! -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From lkcl at samba-tng.org Thu Feb 22 16:18:44 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:27 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: <3A950FC4.68E766BA@bartlett.house> Message-ID: andrew, appreciate your rewsponse. do you, by chance, have a large number of unix groups and large numbers of users in those groups? luke On Fri, 23 Feb 2001, Andrew Bartlett wrote: > For some reason I implemented TNG in a production environment (I needed > user-level security for Win9X shares), and noticed an immediate slowdown > for logons and I had reports that logons where timing out, with users > unable to login before the timeout - even pressing retry for 45min! > > These logins are from NT4, with a logon applet that sends 2 incorrect > passwords (local user, new user with no password) before the final > password from the user. When the system is not in use a logon (with the > applet) took 30secs with TNG compared with immediate on 2.2 > > Other logons are from Win9X, as standard domain logons. > > I ended up having to move back to 2.2, but I should note the mitigating > factors: > I enabled and used utmp, syslog and quotas (all of which I am sure are > entirely untested). > > My system in RedHat 6.2 on a p166, on a separate subnet from the > clients, with a firewall in between. > > Just another data-point, > Andrew Bartlett > > Luke Kenneth Casson Leighton wrote: > > > > raoul, > > > > i am fascinated. > > > > did you set any debug log levels? remember: if you set log level to 100 > > on TNG, expect a performance hit of about a factor of ten or 20! > > > > did you compile TNG with dynamic libraries or static? (it's a ./configure > > option, the default is dynamic. it affects the binary size - vastly > > smaller: smbd is... urr... 417k in TNG latest cvs instead of.... urr... > > 2meg? - but has an overhead of 15% roughly on the actual function calls > > etc. and also on the libaries all being PIC - position independent code) > > > > another recommended test: > > > > how long does a domain logon take? > > > > important things to do: > > > > reboot the client in between tests. wait for the dialog box to come up. > > wait for the client disk to stop spinning. wait another 20 seconds. > > _then_ log in, starting the timer from then. > > > > include downloading your user-profile, if you have one. do not modify the > > desktop as you log out. > > > > run this twice (each machine) to make sure. > > > > many thanks raoul, > > > > luke > > > > -----Original Message----- > > From: tng-users-bounce@lists.dcerpc.org > > [mailto:tng-users-bounce@lists.dcerpc.org]On Behalf Of Raoul Schroeder > > Sent: 21 February 2001 15:54 > > To: users tng > > Subject: Speed comp. TNG & 2.2.alpha > > > > Just in case anyone was interested, I compared the speed of TNG and > > 2.2.alpha... > > This was the setup: > > FreeBSD Release 4.1 > > TNG 2.6 good vs. 2.2.alpha from CVS > > Pentium III 750 with 128MB and 2 Ultra-2LD SCSI Harddisks (18 GB each) > > Three shares are set browseable. > > Domain logons are enabled. (Win2K and WinNT) > > > > Initial browsing in Windows Explorer (finding drives R:, S:, V:): > > TNG: 0.4 - 0.5 s (is slightly difficult to measure, dunno how much is > > Windows, how much is TNG related) > > 2.2.alpha: around 2 s > > > > Copying of 100 MB (mixture of small and big files) from the server: > > This was unfortunately mainly limited by the fact that I am sitting on a > > 10 MBit half duplex network, partially switched. > > TNG: 6 minutes > > 2.2.alpha: 9 minutes > > -- > Andrew Bartlett > abartlet@pcug.org.au > ----- Luke Kenneth Casson Leighton ----- "i want a world of dreams, run by near-sighted visionaries" "good. that's them sorted out. now, on _this_ world..." From eiben at busitec.de Thu Feb 22 16:45:38 2001 From: eiben at busitec.de (Henning Eiben) Date: Tue Dec 2 02:33:27 2003 Subject: 2.0.7 <-> TNG In-Reply-To: Message-ID: <002401c09cee$e27546a0$6800a8c0@busitec.de> > -----Original Message----- > From: Simo Sorce [mailto:simo.sorce@polimi.it] > Sent: Thursday, February 22, 2001 4:10 PM > To: Henning Eiben > Cc: Raoul Schroeder; Samba > Subject: RE: 2.0.7 <-> TNG > > > > > It's not a TNG "problem" > > > > > > If you do not enable roaming profiles, then it is stored locally. > > > > I know that, because I want local profiles, I disabled roaming > profiles (on > > purpose!). > > > > > Even if you have roaming ones, they are temp. stored on your harddisk. > > > There is one profile for every user, and for all that Windows is > > > concerned, > > > user Henning local and user Henning on TNG is NOT the same user. > > > > Why? Well ... there is no local user Henning. There is a > Samba-User (2.0.7) > > Henning, and now I want to continue work with Samba-TNG ... still as a > > samba-user Henning. > > > The way samba TNG make SIDS is different from 2.0.7 > So having different SIDS result in NT believing they are different users, > and building a new profile for what it thinks is a new user! Well, sounds reasonable ... that's what I already thought ... Is there any way to workaround? -- Henning Eiben eiben@busitec.de busitec GmbH business information technology http://www.busitec.de --> Besuchen Sie uns auf der CeBIT 2001. Halle 5 Stand G26. From Don_Rogers at brown.edu Thu Feb 22 18:21:13 2001 From: Don_Rogers at brown.edu (Don S. Rogers) Date: Tue Dec 2 02:33:27 2003 Subject: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, Win2K client) Message-ID: <3A955899.F692C8C6@brown.edu> Howdy, Samba folks. I am currently testing an installation of yesterday's CVS Samba 2.2 on a Solaris 7 Sparc box to eventually replace our Samba 2.0.6/Linux setup. Our test clients are Win2K Pro, base install. So far, all is fairly happy and healthy on PDC support and file serving. Haven't tested print services yet. However, we are having a problem with Samba passwords: All works fine if the Samba password is 8 characters long or less. If it's any longer, though, then Win 2K does not accept the login. If I try to use the long password, it gives me this error: The system cannot log you on due to the following error: The stub received bad data. Please try again... If I manually truncate the password to only the first 8 characters, then I can authenticate normally. Further, when testing the Samba shares with smbclient, I find that it only cares about the first 8 characters in the login password. If the actual password I set with smbpasswd is 14 characters, for example, then I can authenticate via smbclient using the first (valid) 8 characters of the password plus any quantity of gibberish after. We hope to retain passwords up to 14 characters for compatibility with other campus network services. Any ideas? I thought there might be a compile-time configuration option that would help, but I can't determine which one. Also, I couldn't find any related notes in the archives. I should mention that Solaris on this box exhibits the same behavior -- only the first 8 characters in the Unix password matter for authentication. Is this actually an OS issue that impacts Samba, or does Samba have its own limitation? Thanks! Don -- Don S. Rogers . Department Computing Coordinator Brown University . Sociology . Population Studies Social Science Research Lab . http://www.ssrl.brown.edu phone 401.863.2550 . fax 401.863.3213 From donj at dndjordan.com Thu Feb 22 21:48:51 2001 From: donj at dndjordan.com (D&D Jordan) Date: Tue Dec 2 02:33:27 2003 Subject: smb kernel and SSL Message-ID: <01aa01c09d19$3e53dac0$0501a8c0@dndjordan.com> I hope that someone can help with this. Running 2.0.7-21 Feb 22 12:42:41 server1 kernel: smb_trans2_request: result=-32, setting invalid Feb 22 12:42:41 server1 kernel: smb_retry: sucessful, new pid=32561, generation=4 I have removed the system from the domain, erased the SID's, reset the computer account, rejoined the domain and still get this error. Also, running smbclient -L server I am getting this error: SSL: Error error setting CA cert locations: error: 00000000::lib(0) :func(0) :reason(0) trying default locations. I wasn't even aware that I was requesting SSL. This has been going on for weeks and I cannot find a single reference to aid me. Thank you, Don Jordan -------------- next part -------------- HTML attachment scrubbed and removed From abartlet at pcug.org.au Thu Feb 22 22:22:29 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:33:27 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: Message-ID: <3A959125.3269376D@bartlett.house> I have around 300 users, most of who are in a 'students' primary group. There are a few groups (54 including system groups), all of which don't have very many (non-primary) members. Hope this helps, Andrew Bartlett Luke Kenneth Casson Leighton wrote: > > andrew, > > appreciate your rewsponse. > > do you, by chance, have a large number of unix groups and large numbers of > users in those groups? > > luke > > On Fri, 23 Feb 2001, Andrew Bartlett wrote: > > > For some reason I implemented TNG in a production environment (I needed > > user-level security for Win9X shares), and noticed an immediate slowdown > > for logons and I had reports that logons where timing out, with users > > unable to login before the timeout - even pressing retry for 45min! > > > > These logins are from NT4, with a logon applet that sends 2 incorrect > > passwords (local user, new user with no password) before the final > > password from the user. When the system is not in use a logon (with the > > applet) took 30secs with TNG compared with immediate on 2.2 > > > > Other logons are from Win9X, as standard domain logons. > > > > I ended up having to move back to 2.2, but I should note the mitigating > > factors: > > I enabled and used utmp, syslog and quotas (all of which I am sure are > > entirely untested). > > > > My system in RedHat 6.2 on a p166, on a separate subnet from the > > clients, with a firewall in between. > > > > Just another data-point, > > Andrew Bartlett > > > > Luke Kenneth Casson Leighton wrote: > > > > > > raoul, > > > > > > i am fascinated. > > > > > > did you set any debug log levels? remember: if you set log level to 100 > > > on TNG, expect a performance hit of about a factor of ten or 20! > > > > > > did you compile TNG with dynamic libraries or static? (it's a ./configure > > > option, the default is dynamic. it affects the binary size - vastly > > > smaller: smbd is... urr... 417k in TNG latest cvs instead of.... urr... > > > 2meg? - but has an overhead of 15% roughly on the actual function calls > > > etc. and also on the libaries all being PIC - position independent code) > > > > > > another recommended test: > > > > > > how long does a domain logon take? > > > > > > important things to do: > > > > > > reboot the client in between tests. wait for the dialog box to come up. > > > wait for the client disk to stop spinning. wait another 20 seconds. > > > _then_ log in, starting the timer from then. > > > > > > include downloading your user-profile, if you have one. do not modify the > > > desktop as you log out. > > > > > > run this twice (each machine) to make sure. > > > > > > many thanks raoul, > > > > > > luke > > > > > > -----Original Message----- > > > From: tng-users-bounce@lists.dcerpc.org > > > [mailto:tng-users-bounce@lists.dcerpc.org]On Behalf Of Raoul Schroeder > > > Sent: 21 February 2001 15:54 > > > To: users tng > > > Subject: Speed comp. TNG & 2.2.alpha > > > > > > Just in case anyone was interested, I compared the speed of TNG and > > > 2.2.alpha... > > > This was the setup: > > > FreeBSD Release 4.1 > > > TNG 2.6 good vs. 2.2.alpha from CVS > > > Pentium III 750 with 128MB and 2 Ultra-2LD SCSI Harddisks (18 GB each) > > > Three shares are set browseable. > > > Domain logons are enabled. (Win2K and WinNT) > > > > > > Initial browsing in Windows Explorer (finding drives R:, S:, V:): > > > TNG: 0.4 - 0.5 s (is slightly difficult to measure, dunno how much is > > > Windows, how much is TNG related) > > > 2.2.alpha: around 2 s > > > > > > Copying of 100 MB (mixture of small and big files) from the server: > > > This was unfortunately mainly limited by the fact that I am sitting on a > > > 10 MBit half duplex network, partially switched. > > > TNG: 6 minutes > > > 2.2.alpha: 9 minutes > > > > -- > > Andrew Bartlett > > abartlet@pcug.org.au > > > > ----- Luke Kenneth Casson Leighton ----- > > "i want a world of dreams, run by near-sighted visionaries" > "good. that's them sorted out. now, on _this_ world..." -- Andrew Bartlett abartlet@pcug.org.au From chameio at yahoo.com Thu Feb 22 22:51:11 2001 From: chameio at yahoo.com (=?iso-8859-1?q?Andre=20Leonidas?=) Date: Tue Dec 2 02:33:27 2003 Subject: A slow network access is detected Message-ID: <20010222225111.23562.qmail@web1101.mail.yahoo.com> I have used a a samba 2.0.7 server as pdc for NT4 clients. It has worked, but always when a NT client try to login, This message appears A slow network connection is detected. Would you like to download your profile or log you on with your local profile? Anyone knows how can i remove this message from login? or solve this? Andre __________________________________________________ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/ From stephenc at panavision.com.au Fri Feb 23 06:08:03 2001 From: stephenc at panavision.com.au (Stephen Collier) Date: Tue Dec 2 02:33:27 2003 Subject: RH 7.0 and Winbind in an NT4.0 domain Message-ID: <41D73350AF35D311889E00A0C9042F2133D2DC@ntmail.panavision.com.au> I found the samba-appliance rpm didn't work on RH6.2. I recompiled from scratch and it did! There may be a trouble with the RPM. I can send you the compiled RPM if you want. regards Stephen Collier > -----Original Message----- > From: Shaun Cloherty [mailto:s.cloherty@gsbme.unsw.edu.au] > Sent: Thursday, 22 February 2001 19:28 > To: samba-ntdom@us5.samba.org > Subject: RH 7.0 and Winbind in an NT4.0 domain > > > Forgive me if this is not the appropriate list - please direct me to a > more appropriate forum. > > I have a number of client machines running Linux (RH7.0) > which I need to > make available to existing users of our NT4.0 domain. Winbind > seem to be > the ticket I am looking for, so I downloaded and installed the > samba-appliance-0.5-1 rpm. I have been following the directions in the > winbindd man page, but havn't managed to get it working. > > I have made the suggested changes to /etc/nsswitch.conf, but > havn't yet > tackled the PAM issues. There are existing accounts on the NT > server for > these machines - they dual boot Win2k - which I have confirmed using > samedit included in the samba-appliance rpm. > > I have created a /etc/samba/smb.conf file based on the winbindd man > page. > > When I start the smbd and nmbd daemons (via > /etc/rc.d/init.d/smb start) > I see this; > > Starting SMB services: execvp: No such file or directory [FAILED] > > Starting NMB services: execvp: No such file or directory [FAILED] > > I don't think this is a Samba issue, since I can start the daemons by > hand (smbd -D; nmbd -D) without any problem... but if anyone has any > suggestions on how to fix it, please let me know. > > I'm not sure how I am supposed to start the winbind daemon, but simply > typing 'winbindd' at the prompt seems to do it... let me know if there > is more to it than that. > > Now, when I run 'getent passwd' as suggested in the man page, > I see only > the users listed in the /etc/passwd file... no NT domain users. Am I > correct in assuming that at this point, if all is well, I should be > seeing a list of NT domain users in addition to the local unix users > (from /etc/passwd)? It is my understanding that simply listing the > users via 'getent passwd' is a name service issue, so I expected it to > work even though I have not dealt with the PAM configuration > yet.... am > I wrong? If so, which services under /etc/pam.d do I have to tweak to > make 'getent passwd' to work? > > An 'strace' of 'getent passwd' indicates that it reads > /etc/nsswitch.conf (as expected), then reads the /etc/passwd file, > echoing the entries to stdout, then goes looking for > libnss_winbind.so.2, presumably to do the winbind magic so as to list > the NT domain users. The winbindd man page said to put > libnss_winbind.so.2 in /lib, yet no libnss_switch.so.2 came in the > samba-appliance rpm, it installs /lib/libnss_winbind.so. Simply > renaming libnss_winbind.so to libnss_winbind.so.2 seems ok, in that an > strace indicates that it finds the library, does its thing, but times > out writing/reading from /tmp/.winbindd/pipe. I don't know how to > proceed from here? > > > Any assistance would be greatly appreciated, > > > Shaun > -- > Shaun Cloherty > Graduate School of Biomedical Engineering > University of New South Wales > > > > From J.L.Gilmour at exeter.ac.uk Fri Feb 23 08:30:06 2001 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:33:27 2003 Subject: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, Win2K client) In-Reply-To: <3A955899.F692C8C6@brown.edu> from "Don S. Rogers" at Feb 22, 2001 01:21:13 pm Message-ID: <1217952.200102230830@olib> > > All works fine if the Samba password is 8 characters long or less. If > it's any longer, though, then Win 2K does not accept the login. If I try > to use the long password, it gives me this error: We have exactly the same problem. We just advised users that passwords now need to be 8 chars or less. They diodn't mind too much as it came at the same time as combined unix/nt passwords. Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter Internet: "a network of computers which lots of people are inter" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From t.gildersleeve at bilk.ac.uk Fri Feb 23 09:09:49 2001 From: t.gildersleeve at bilk.ac.uk (Tim Gildersleeve) Date: Tue Dec 2 02:33:27 2003 Subject: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, Win 2K client) Message-ID: Hmm Ive seen a few people having this problem. I am running Samba2.2-alpha2 (CVS) updated on my system every couple of days actually. I have Win2000 Pro clients (and Win95). Some passwords are 12 characters or more and I have no problem. My guess that the problem is somewhere else. Tim Gildersleeve tim@otcs-online.net > -----Original Message----- > From: Don S. Rogers [SMTP:Don_Rogers@brown.edu] > Sent: Thursday, February 22, 2001 6:21 PM > To: samba-ntdom@us5.samba.org > Subject: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, > Win2K client) > > Howdy, Samba folks. > > I am currently testing an installation of yesterday's CVS Samba 2.2 on a > Solaris 7 Sparc box to eventually replace our Samba 2.0.6/Linux setup. > Our test clients are Win2K Pro, base install. > > So far, all is fairly happy and healthy on PDC support and file serving. > Haven't tested print services yet. However, we are having a problem with > Samba passwords: > > All works fine if the Samba password is 8 characters long or less. If > it's any longer, though, then Win 2K does not accept the login. If I try > to use the long password, it gives me this error: > > The system cannot log you on due to the following error: > The stub received bad data. > Please try again... > > If I manually truncate the password to only the first 8 characters, then > I can authenticate normally. > > Further, when testing the Samba shares with smbclient, I find that it > only cares about the first 8 characters in the login password. If the > actual password I set with smbpasswd is 14 characters, for example, then > I can authenticate via smbclient using the first (valid) 8 characters of > the password plus any quantity of gibberish after. > > We hope to retain passwords up to 14 characters for compatibility with > other campus network services. > > Any ideas? I thought there might be a compile-time configuration option > that would help, but I can't determine which one. Also, I couldn't find > any related notes in the archives. > > I should mention that Solaris on this box exhibits the same behavior -- > only the first 8 characters in the Unix password matter for > authentication. Is this actually an OS issue that impacts Samba, or does > Samba have its own limitation? > > Thanks! > > Don > > -- > Don S. Rogers . Department Computing Coordinator > Brown University . Sociology . Population Studies > Social Science Research Lab . http://www.ssrl.brown.edu > phone 401.863.2550 . fax 401.863.3213 From eschernau at defendnet.com Fri Feb 23 13:53:54 2001 From: eschernau at defendnet.com (Ed Schernau) Date: Tue Dec 2 02:33:27 2003 Subject: Windows-style name resolution on Solaris Message-ID: Is there any way, perhaps with winbind, to have a Solaris 2.6 server do netbios name resolution? I'm trying to reverse-lookup a number of internet hosts, which have no DNS. From my laptop I can use "ping -a" which queries the remote machine name, but Solaris won't do this "out of the box" obviously. Is there a way to use Samba (or anything) to add this functionality? Ed Schernau Network Security Engineer eschernau@defendnet.com From Kevin.Colagio at usa.xerox.com Fri Feb 23 15:57:13 2001 From: Kevin.Colagio at usa.xerox.com (Colagio, Kevin) Date: Tue Dec 2 02:33:28 2003 Subject: Network name cannot be found errors Message-ID: We have Samba up and running with NT PDC or BDC doing the authorization. Some people receive an error much like this one when trying to map to their home directories: \\servername\kdc is not accessible. The network name cannot be found. The Unix and NT usernames are the same. This only happens with some people, sometimes. The client systems are running Windows NT 4.0 and the Samba server is a Solaris 8 box. The version of Samba is 2.0.7 . Has anyone else run into this? Does anyone have a solution? If you need more info, feel free to ask. Thanks in advance. Kevin Colagio kevin.colagio@usa.xerox.com System Administrator and Perpetual Student From geoffrey at ticom.com Fri Feb 23 16:02:35 2001 From: geoffrey at ticom.com (geoffrey@ticom.com) Date: Tue Dec 2 02:33:28 2003 Subject: Whatever happened to gnomba? In-Reply-To: ; from Kevin.Colagio@usa.xerox.com on Fri, Feb 23, 2001 at 10:57:13AM -0500 References: Message-ID: <20010223100235.B10899@mongo.austin.ticom.com> Having no luck locating the author, I thought that I might ask here. Whatever became of gnomba? I have several users that I am trying to ease off the BEAST platform, and they cannot handle cli for accessing the remaining MS boxes. So, I tried building gnomba - to no avail. Can anyone give me a hand, or put me in contact with the developer? Thanks. geoffrey -- +++++++++++++++++++++++++++++++++++ Santa Claus, the Tooth Fairy, Windows 2000 ... Some things you just outgrow. ++++++++++++++++++++++++++++++++++ Key fingerprint ===> B83C C6E1 68F8 CEC9 8636 86B5 1F0E 9D33 E749 1BA6 Public key available upon request. From mhaney at info4cars.com Fri Feb 23 16:04:20 2001 From: mhaney at info4cars.com (Mark Haney) Date: Tue Dec 2 02:33:28 2003 Subject: Network name cannot be found errors In-Reply-To: Message-ID: Okay, stupid question but one I ask every time I see this or get asked about it. Can you ping it? Lots of times, if you get this message you can't ping it by name. This points to either a WINS issue (corrupt DB or incorrect mapping) or DNS or some kind of name resolution problem. Sometimes, what I do to just to keep from having to deal with it, is stick the name in the HOSTS file and be done with it. That always depends on the number of clients you are supporting, but it is almost guaranteed to work. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Colagio, Kevin Sent: Friday, February 23, 2001 10:57 AM To: 'samba-ntdom@lists.samba.org' Subject: Network name cannot be found errors We have Samba up and running with NT PDC or BDC doing the authorization. Some people receive an error much like this one when trying to map to their home directories: \\servername\kdc is not accessible. The network name cannot be found. The Unix and NT usernames are the same. This only happens with some people, sometimes. The client systems are running Windows NT 4.0 and the Samba server is a Solaris 8 box. The version of Samba is 2.0.7 . Has anyone else run into this? Does anyone have a solution? If you need more info, feel free to ask. Thanks in advance. Kevin Colagio kevin.colagio@usa.xerox.com System Administrator and Perpetual Student From Kevin.Colagio at usa.xerox.com Fri Feb 23 16:13:27 2001 From: Kevin.Colagio at usa.xerox.com (Colagio, Kevin) Date: Tue Dec 2 02:33:28 2003 Subject: Network name cannot be found errors Message-ID: Heh...understandable question. I can ping it and I currently have mappings to it on another client. Additionally, it can be browsed to through the network neighborhood. Shares can be seen, but when the user tries to map into their home directory, they get that error. (Since their home directory is where they need to go, we haven't bothered with the other shares....) Thanks... Kevin Colagio kevin.colagio@usa.xerox.com System Administrator and Perpetual Student -----Original Message----- From: Mark Haney [mailto:mhaney@info4cars.com] Sent: Friday, February 23, 2001 11:04 AM To: Colagio, Kevin; 'samba-ntdom@lists.samba.org' Subject: RE: Network name cannot be found errors Okay, stupid question but one I ask every time I see this or get asked about it. Can you ping it? Lots of times, if you get this message you can't ping it by name. This points to either a WINS issue (corrupt DB or incorrect mapping) or DNS or some kind of name resolution problem. Sometimes, what I do to just to keep from having to deal with it, is stick the name in the HOSTS file and be done with it. That always depends on the number of clients you are supporting, but it is almost guaranteed to work. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Colagio, Kevin Sent: Friday, February 23, 2001 10:57 AM To: 'samba-ntdom@lists.samba.org' Subject: Network name cannot be found errors We have Samba up and running with NT PDC or BDC doing the authorization. Some people receive an error much like this one when trying to map to their home directories: \\servername\kdc is not accessible. The network name cannot be found. The Unix and NT usernames are the same. This only happens with some people, sometimes. The client systems are running Windows NT 4.0 and the Samba server is a Solaris 8 box. The version of Samba is 2.0.7 . Has anyone else run into this? Does anyone have a solution? If you need more info, feel free to ask. Thanks in advance. Kevin Colagio kevin.colagio@usa.xerox.com System Administrator and Perpetual Student From mhaney at info4cars.com Fri Feb 23 16:25:39 2001 From: mhaney at info4cars.com (Mark Haney) Date: Tue Dec 2 02:33:28 2003 Subject: Network name cannot be found errors In-Reply-To: Message-ID: Okay, are the home directories shared? or are they a subdirectory of a directory? Such as HOME? If they are shared individually, make sure of 2 things, that in WINS they names are listed with the proper hexcode on the end of the share name. That they are less than 16 characters and that the permissions are right. If this doesn't help, give me as much info as you can and I am sure we can work this out off-list. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Colagio, Kevin Sent: Friday, February 23, 2001 11:13 AM To: 'Mark Haney'; Colagio, Kevin; 'samba-ntdom@lists.samba.org' Subject: RE: Network name cannot be found errors Heh...understandable question. I can ping it and I currently have mappings to it on another client. Additionally, it can be browsed to through the network neighborhood. Shares can be seen, but when the user tries to map into their home directory, they get that error. (Since their home directory is where they need to go, we haven't bothered with the other shares....) Thanks... Kevin Colagio kevin.colagio@usa.xerox.com System Administrator and Perpetual Student -----Original Message----- From: Mark Haney [mailto:mhaney@info4cars.com] Sent: Friday, February 23, 2001 11:04 AM To: Colagio, Kevin; 'samba-ntdom@lists.samba.org' Subject: RE: Network name cannot be found errors Okay, stupid question but one I ask every time I see this or get asked about it. Can you ping it? Lots of times, if you get this message you can't ping it by name. This points to either a WINS issue (corrupt DB or incorrect mapping) or DNS or some kind of name resolution problem. Sometimes, what I do to just to keep from having to deal with it, is stick the name in the HOSTS file and be done with it. That always depends on the number of clients you are supporting, but it is almost guaranteed to work. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Colagio, Kevin Sent: Friday, February 23, 2001 10:57 AM To: 'samba-ntdom@lists.samba.org' Subject: Network name cannot be found errors We have Samba up and running with NT PDC or BDC doing the authorization. Some people receive an error much like this one when trying to map to their home directories: \\servername\kdc is not accessible. The network name cannot be found. The Unix and NT usernames are the same. This only happens with some people, sometimes. The client systems are running Windows NT 4.0 and the Samba server is a Solaris 8 box. The version of Samba is 2.0.7 . Has anyone else run into this? Does anyone have a solution? If you need more info, feel free to ask. Thanks in advance. Kevin Colagio kevin.colagio@usa.xerox.com System Administrator and Perpetual Student From gcarter at valinux.com Fri Feb 23 16:53:32 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:28 2003 Subject: printing References: <33A1752F02AED311AA70009027145CEC01E2CFF7@sbc-msg-002.co.san-bernardino.ca.us> Message-ID: <3A96958C.D1891BD1@valinux.com> "Wilson, Robert" wrote: > > I setup samba-2.2.0alpha2 and I can't seem to use the > printers on NT workstations. I followed > the PRINTER_DRIVER2.txt file and got the drivers loaded > OK. The strange thing is I can click on the printer > have it load the driver like it should. I can then print > a test page OK, but I can't print from anything else. I > get some kind of error about writing to the printer. Need more details. What driver you are using? What is the error message? Can you reproduce this against the SAMBA_2_2 CVS tree. > To sum it up I can print test pages all day but nothing > else. Any ideas? Thank you. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From memphis_ms at gmx.net Fri Feb 23 17:42:09 2001 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:33:28 2003 Subject: 2.0.7 <-> TNG References: <002401c09cee$e27546a0$6800a8c0@busitec.de> Message-ID: <3A96A0F1.CF1980B3@gmx.net> > > > Why? Well ... there is no local user Henning. There is a > > Samba-User (2.0.7) > > > Henning, and now I want to continue work with Samba-TNG ... still as a > > > samba-user Henning. Okay, now I see what you mean. Still - same problem, as Simo outlined > Well, sounds reasonable ... that's what I already thought ... Is there any > way to workaround? It's a Windows problem, and I check in W2k, there is no way to get around this. You can of course overwrite your "new" TNG profile with the 2.0.7 profile, but that smells like manual work. From elrond at samba-tng.org Fri Feb 23 18:10:35 2001 From: elrond at samba-tng.org (Elrond) Date: Tue Dec 2 02:33:28 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: <3A959125.3269376D@bartlett.house>; from abartlet@pcug.org.au on Fri, Feb 23, 2001 at 09:22:29AM +1100 References: <3A959125.3269376D@bartlett.house> Message-ID: <20010223191034.A23210@baerbel.mug.maschinenbau.tu-darmstadt.de> On Fri, Feb 23, 2001 at 09:22:29AM +1100, Andrew Bartlett wrote: > I have around 300 users, most of who are in a 'students' primary group. 300 users in smbpasswd... TNGs use of smbpasswd is quite "suboptimal"... We actualy want and need to switch to a new format, which supports our view of things much better. You might trying to switch to ldap as a backend, which should be somewhat faster... Elrond > There are a few groups (54 including system groups), all of which don't > have very many (non-primary) members. > > Hope this helps, > Andrew Bartlett > > Luke Kenneth Casson Leighton wrote: > > > > andrew, > > > > appreciate your rewsponse. > > > > do you, by chance, have a large number of unix groups and large numbers of > > users in those groups? > > > > luke > > > > On Fri, 23 Feb 2001, Andrew Bartlett wrote: > > > > > For some reason I implemented TNG in a production environment (I needed > > > user-level security for Win9X shares), and noticed an immediate slowdown > > > for logons and I had reports that logons where timing out, with users > > > unable to login before the timeout - even pressing retry for 45min! > > > > > > These logins are from NT4, with a logon applet that sends 2 incorrect > > > passwords (local user, new user with no password) before the final > > > password from the user. When the system is not in use a logon (with the > > > applet) took 30secs with TNG compared with immediate on 2.2 > > > > > > Other logons are from Win9X, as standard domain logons. > > > > > > I ended up having to move back to 2.2, but I should note the mitigating > > > factors: > > > I enabled and used utmp, syslog and quotas (all of which I am sure are > > > entirely untested). > > > > > > My system in RedHat 6.2 on a p166, on a separate subnet from the > > > clients, with a firewall in between. > > > > > > Just another data-point, > > > Andrew Bartlett > > > > > > Luke Kenneth Casson Leighton wrote: > > > > > > > > raoul, > > > > > > > > i am fascinated. > > > > > > > > did you set any debug log levels? remember: if you set log level to 100 > > > > on TNG, expect a performance hit of about a factor of ten or 20! > > > > > > > > did you compile TNG with dynamic libraries or static? (it's a ./configure > > > > option, the default is dynamic. it affects the binary size - vastly > > > > smaller: smbd is... urr... 417k in TNG latest cvs instead of.... urr... > > > > 2meg? - but has an overhead of 15% roughly on the actual function calls > > > > etc. and also on the libaries all being PIC - position independent code) > > > > > > > > another recommended test: > > > > > > > > how long does a domain logon take? > > > > > > > > important things to do: > > > > > > > > reboot the client in between tests. wait for the dialog box to come up. > > > > wait for the client disk to stop spinning. wait another 20 seconds. > > > > _then_ log in, starting the timer from then. > > > > > > > > include downloading your user-profile, if you have one. do not modify the > > > > desktop as you log out. > > > > > > > > run this twice (each machine) to make sure. > > > > > > > > many thanks raoul, > > > > > > > > luke > > > > > > > > -----Original Message----- > > > > From: tng-users-bounce@lists.dcerpc.org > > > > [mailto:tng-users-bounce@lists.dcerpc.org]On Behalf Of Raoul Schroeder > > > > Sent: 21 February 2001 15:54 > > > > To: users tng > > > > Subject: Speed comp. TNG & 2.2.alpha > > > > > > > > Just in case anyone was interested, I compared the speed of TNG and > > > > 2.2.alpha... > > > > This was the setup: > > > > FreeBSD Release 4.1 > > > > TNG 2.6 good vs. 2.2.alpha from CVS > > > > Pentium III 750 with 128MB and 2 Ultra-2LD SCSI Harddisks (18 GB each) > > > > Three shares are set browseable. > > > > Domain logons are enabled. (Win2K and WinNT) > > > > > > > > Initial browsing in Windows Explorer (finding drives R:, S:, V:): > > > > TNG: 0.4 - 0.5 s (is slightly difficult to measure, dunno how much is > > > > Windows, how much is TNG related) > > > > 2.2.alpha: around 2 s > > > > > > > > Copying of 100 MB (mixture of small and big files) from the server: > > > > This was unfortunately mainly limited by the fact that I am sitting on a > > > > 10 MBit half duplex network, partially switched. > > > > TNG: 6 minutes > > > > 2.2.alpha: 9 minutes > > > > > > -- > > > Andrew Bartlett > > > abartlet@pcug.org.au > > > > > > > ----- Luke Kenneth Casson Leighton ----- > > > > "i want a world of dreams, run by near-sighted visionaries" > > "good. that's them sorted out. now, on _this_ world..." > > -- > Andrew Bartlett > abartlet@pcug.org.au > From mark at axeon.screaming.net Fri Feb 23 18:52:20 2001 From: mark at axeon.screaming.net (Mark) Date: Tue Dec 2 02:33:28 2003 Subject: Whatever happened to gnomba? References: <20010223100235.B10899@mongo.austin.ticom.com> Message-ID: <001501c09dc9$c1304f90$0b01a8c0@MARKSYSTEM> ----- Original Message ----- From: To: Sent: Friday, February 23, 2001 4:02 PM Subject: Whatever happened to gnomba? > Having no luck locating the author, I thought that I might ask > here. Whatever became of gnomba? I have several users that I am trying to > ease off the BEAST platform, and they cannot handle cli for accessing the > remaining MS boxes. So, I tried building gnomba - to no avail. Can anyone > give me a hand, or put me in contact with the developer? Thanks. > > geoffrey A quick search on google revaled - Chris Rogers (gandalf@pobox.com) Brian Nigito (bnigito@stevens-tech.edu) as developers cheers mark From don_mccall at hp.com Fri Feb 23 19:52:31 2001 From: don_mccall at hp.com (MCCALL,DON (HP-USA,ex1)) Date: Tue Dec 2 02:33:28 2003 Subject: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, Win 2K client) Message-ID: <079FD72E42C9D311B854009027650E6F04050839@xatl02.atl.hp.com> Tim, If you are using userlevel security, and encrypt passwords = no, then your password length, etc is going to be governed by your underlying UX os, as samba will be calling standard system routines to authenticate your users against the /etc/passwd or nis files... Otherwise, I don't know of a coded 8char limitation in Samba for ENCRYPTED passwords that get hashed into the smbpasswd file. Don -----Original Message----- From: Tim Gildersleeve [mailto:t.gildersleeve@bilk.ac.uk] Sent: Friday, February 23, 2001 4:10 AM To: 'Don S. Rogers'; samba-ntdom@us5.samba.org Subject: RE: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, Win 2K client) Hmm Ive seen a few people having this problem. I am running Samba2.2-alpha2 (CVS) updated on my system every couple of days actually. I have Win2000 Pro clients (and Win95). Some passwords are 12 characters or more and I have no problem. My guess that the problem is somewhere else. Tim Gildersleeve tim@otcs-online.net > -----Original Message----- > From: Don S. Rogers [SMTP:Don_Rogers@brown.edu] > Sent: Thursday, February 22, 2001 6:21 PM > To: samba-ntdom@us5.samba.org > Subject: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, > Win2K client) > > Howdy, Samba folks. > > I am currently testing an installation of yesterday's CVS Samba 2.2 on a > Solaris 7 Sparc box to eventually replace our Samba 2.0.6/Linux setup. > Our test clients are Win2K Pro, base install. > > So far, all is fairly happy and healthy on PDC support and file serving. > Haven't tested print services yet. However, we are having a problem with > Samba passwords: > > All works fine if the Samba password is 8 characters long or less. If > it's any longer, though, then Win 2K does not accept the login. If I try > to use the long password, it gives me this error: > > The system cannot log you on due to the following error: > The stub received bad data. > Please try again... > > If I manually truncate the password to only the first 8 characters, then > I can authenticate normally. > > Further, when testing the Samba shares with smbclient, I find that it > only cares about the first 8 characters in the login password. If the > actual password I set with smbpasswd is 14 characters, for example, then > I can authenticate via smbclient using the first (valid) 8 characters of > the password plus any quantity of gibberish after. > > We hope to retain passwords up to 14 characters for compatibility with > other campus network services. > > Any ideas? I thought there might be a compile-time configuration option > that would help, but I can't determine which one. Also, I couldn't find > any related notes in the archives. > > I should mention that Solaris on this box exhibits the same behavior -- > only the first 8 characters in the Unix password matter for > authentication. Is this actually an OS issue that impacts Samba, or does > Samba have its own limitation? > > Thanks! > > Don > > -- > Don S. Rogers . Department Computing Coordinator > Brown University . Sociology . Population Studies > Social Science Research Lab . http://www.ssrl.brown.edu > phone 401.863.2550 . fax 401.863.3213 From digitalfrontier at home.com Sat Feb 24 01:46:55 2001 From: digitalfrontier at home.com (digitalfrontier) Date: Tue Dec 2 02:33:28 2003 Subject: smbpasswd Message-ID: how do i add samba to my domain for windows 2000 server which is a DC? smbpasswd -j DOM -r PDC?? isn't this only for winnt 4.0..?? my domain name for win2k server is digitalconsiousness.com and my FQDN is digicon.digitalconsciousness.com how would i use smbpasswd to join the domain ?? An optimist believes we live in the best of all possible worlds. A pessimist is sure of it! --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/2001 From pmgeahan at home.com Sat Feb 24 18:13:09 2001 From: pmgeahan at home.com (pmgeahan@home.com) Date: Tue Dec 2 02:33:28 2003 Subject: SMB 2.0.7, Netlogon, and Windows logon Message-ID: I have a RH6.1 box running SMB 2.0.7. Currently, it's acting as a PDC for a Win98 box on the same subnet. The authentication part works fine - correct passwords are allowed in, incorrect ones are not. However, after a correct login, the Win98 box still asks for a Windows login. I deleted *.pwl, so now instead of asking for a login, it asks me to give it a Windows password. I've talked to friends who are NT admins, and they admit this is very odd. They seem to think it's a PDC thing, not a Win98 thing. Has anyone seen this before? Any idea how to fix? Thanks. -------Patrick M Geahan------pmgeahan@home.com-------ICQ:3784715------ Quote of the Week: "Where in the bible does it say `God so loved the world that he congested bandwidth by forwarding email to everyone in his address book?'" - Tom Sevart in alt.folklore.urban From garzalin at worldonline.es Sat Feb 24 18:33:51 2001 From: garzalin at worldonline.es (GarZa) Date: Tue Dec 2 02:33:28 2003 Subject: Policies and samba-2.2-alpha Message-ID: <3A97FE8F.20AEB95D@worldonline.es> I am proving the policies ones with samba-2.2-alpha y Windows NT 4.0, and do they only work if the user that is connected is administrating of PDC. Because? The netlogon permits and file ntconfig.pol are correct.-- -- Documentaci?n sobre Linux: internet, apache, ipchains, squid, diald,samba-PDC, frame-buffer, seguridad, firewall, autofs, fetchmail, leafnode,RAS, htdig, shell-scripts, callback, MySQL+ODBC,DNS, Dynamic DNS, DHCP, NIS, y mucho m?s. Vis?tame en http://yi.org/linuxgarza ? en http://teleline.terra.es/personal/garzones/garzalin.html From chrisleavoy at home.com Sat Feb 24 18:59:13 2001 From: chrisleavoy at home.com (Chris Leavoy) Date: Tue Dec 2 02:33:28 2003 Subject: How do i disable roaming profiles? Message-ID: <000f01c09e93$e435dc10$1401a8c0@untitled> I have network logins working perfectly, roaming profiles too... But I would like to disable roaming profiles. Is there a way I can disable them on my samba 2.0.7 server? Without breaking network logons and what not. Thanks, Chris Leavoy From slu at firerun.net Sat Feb 24 19:30:17 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:28 2003 Subject: SMB 2.0.7, Netlogon, and Windows logon References: Message-ID: <3A980BC9.5479D9AE@firerun.net> If you want it to just login to the PDC and not enter a windows password here is what you will need to do if I can remember correctly seems how I use Win2k now. Go to you network properties in the contorl panel. double-click on the Client for microsoft networks that is in the list above the drop down box. Make sure that it is check to logon to a windows domain (and I think it also asks for the domain). Then in the drop down box in network properties select windows logon as the login client. Exit out of the network properties. Now if you use the password tool to change your windows password, and leave the password blank then it should not ask you for a windows password. It will ask for the domain password on login, unless you tell it to save the password, which then it will do a autoloign. Patrick Gunerud pmgeahan@home.com wrote: > I have a RH6.1 box running SMB 2.0.7. Currently, it's acting as a PDC for > a Win98 box on the same subnet. > > The authentication part works fine - correct passwords are allowed in, > incorrect ones are not. However, after a correct login, the Win98 box > still asks for a Windows login. I deleted *.pwl, so now instead of asking > for a login, it asks me to give it a Windows password. > > I've talked to friends who are NT admins, and they admit this is very odd. > They seem to think it's a PDC thing, not a Win98 thing. > > Has anyone seen this before? Any idea how to fix? > > Thanks. > > -------Patrick M Geahan------pmgeahan@home.com-------ICQ:3784715------ > Quote of the Week: "Where in the bible does it say `God so loved the > world that he congested bandwidth by forwarding email to everyone in > his address book?'" - Tom Sevart in alt.folklore.urban From mark at axeon.screaming.net Sat Feb 24 21:49:33 2001 From: mark at axeon.screaming.net (Mark) Date: Tue Dec 2 02:33:28 2003 Subject: How do i disable roaming profiles? References: <000f01c09e93$e435dc10$1401a8c0@untitled> Message-ID: <001201c09eab$ad515a40$0b01a8c0@MARKSYSTEM> apparently: logon home = (ie blank) logon drive = (ie blank) never tried it myself though mark ----- Original Message ----- From: "Chris Leavoy" To: Sent: Saturday, February 24, 2001 6:59 PM Subject: How do i disable roaming profiles? > I have network logins working perfectly, roaming profiles too... But I would > like to disable roaming profiles. Is there a way I can disable them on my > samba 2.0.7 server? Without breaking network logons and what not. > > Thanks, > Chris Leavoy > > From peter.milburn at sofcom.com.au Sun Feb 25 21:54:17 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:33:28 2003 Subject: samab 2.2 aplha2 Message-ID: Hi all I have upgarded to 2.2 aplha2, I am having a prob now, with trying to get a machine to join the domain. I am getting an error from the windows machine which is. your computer could not be joined to the domain because of the following error has accured: The procedure number is out of range. Any ideas or fixes ? Thanks, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- A non-text attachment was scrubbed... Name: WINMAIL.DAT Type: application/ms-tnef Size: 1612 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010226/af9de42c/WINMAIL.bin From chameio at yahoo.com Mon Feb 26 00:41:05 2001 From: chameio at yahoo.com (=?iso-8859-1?q?Andre=20Leonidas?=) Date: Tue Dec 2 02:33:28 2003 Subject: A VERY boring problem!!! Message-ID: <20010226004105.11769.qmail@web1105.mail.yahoo.com> I have used a a samba 2.0.7 server as pdc for NT4 clients. It has worked, but always when a NT client try to login, This message appears A slow network connection is detected. Would you like to download your profile or log you on with your local profile? Anyone knows how can i remove this message from login? or solve this? Andre __________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ From mg at connection-net.de Mon Feb 26 01:16:07 2001 From: mg at connection-net.de (Michael Glauche) Date: Tue Dec 2 02:33:29 2003 Subject: A VERY boring problem!!! In-Reply-To: <20010226004105.11769.qmail@web1105.mail.yahoo.com> Message-ID: <3901224384.983153767@[10.1.1.2]> --On Sonntag, 25. Februar 2001 16:41 -0800 Andre Leonidas wrote: > I have used a a samba 2.0.7 server as pdc for NT4 > clients. > > It has worked, but always when a NT client try to > login, This message appears > > A slow network connection is detected. > Would you like to download your profile or log > you on with your local profile? > > > Anyone knows how can i remove this message from > login? > or solve this? Ok .. I'm bored : use poledit and unselect the slow network detection ;) there's also a reg key for hklm, but i don't find it right now ;) regards, Michael -- Win a free 66 GB tape drive ! http://www.ecrix.com/extreme/index.cfm?ref=39817 From armand at welshhome.org Mon Feb 26 06:13:29 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:29 2003 Subject: I give up References: Message-ID: <002901c09fbb$3d399ae0$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* Linux is not for everyone. Learn it, and you know a lot about *nix systems in general. Try to use it, w/o learning what it's doing, and you can spend a long time trying to figure out why it's doing what it's doing. Samba is not a PDC or BDC yet. It can do some functions well, in some environments, but it's alpha code. Consider yourself lucky that you can even get access to the alpha code. If it were Microsoft's code, the public wouldn't even see the code until it entered it's late beta stages (actually, they still wouldn't see the code, just the results of the code). It's never a good idea to run anything Alpha, Beta, or any other "non-official production" software. I have a heavy tendancy to reliability. And I can not confidently install alpha or beta code on customer systems, so I dont. If you are dealing with a customer, you shouldn't put anything newer than 2.0.7 (current stable production release) on their system. If 2.0.7 doesn't do what you want, then find another solution, but you can't very well claim that samba is a waste of time, when you are dealing with code that is still in the embryo stage.... you should at least wait till it's in a final beta release before trying to merit it's use in a production environment. Armand Welsh BTW: I don't see the relevence of a new hard drive to leave linux... Just convert your partitions over from ext2 to ntfs (or fat32). It's not as easy as a walk in the park, but for anyone that understands linux, it's still a simple process. ----- Original Message ----- From: "Morris Maynard" To: Sent: Thursday, February 15, 2001 8:34 AM Subject: I give up > How much is your time worth? I know I could have bought all of my customers > a copy of Windows 2000 Server and set it up for them in the time I have > wasted playing around with Samba 2.2. > > After a whole lot of trying this and trying that (the this's and that's from > HOW-TO, FAQ, newsgroup postings) I finally succeeded in getting a Win2K box > to join the Samba PDC's domain. But of course I couldn't print. The previous > printer definitions in smb.conf didn't work anymore: there was always an > error when trying to connect from the Win2k client to the printer on the > PDC. And when I started trying to implement printers via the [Printers] > share, nothing would work until I uploaded the proper driver - and that > operation failed for some mysterious reason ("Access denied") after all of > the files had been copied to the proper place (via the Add Printer wizard). > > The last straw was when my local logon profiles "disappeared" - if I logged > on as anyone other than "root" to my Win2k client, I had no roaming profile > and I had no local profile - I was a ghost. > > No thanks. I went back to 2.0.7 just to be able to get some work done. Next > week, I get a new hard drive and start to leave Linux behind. > > > From J.L.Gilmour at exeter.ac.uk Mon Feb 26 08:24:38 2001 From: J.L.Gilmour at exeter.ac.uk (J.L.Gilmour@exeter.ac.uk) Date: Tue Dec 2 02:33:29 2003 Subject: How do i disable roaming profiles? In-Reply-To: <000f01c09e93$e435dc10$1401a8c0@untitled> from "Chris Leavoy" at Feb 24, 2001 01:59:13 pm Message-ID: <983961.200102260824@olib> > > I have network logins working perfectly, roaming profiles too... But I would > like to disable roaming profiles. Is there a way I can disable them on my > samba 2.0.7 server? Without breaking network logons and what not. > I run 3.0, but presumably removing the 'PROFILES' share and the 'logon path' entry from your server would do it? That being the reverse of enabling roaming profiles. Jayne. -- +----+----+----+----+----+----+----+----+----+----+----+----+----+ Jayne Gilmour, BSc. MSc. Unix & Network Administrator Department of Computer Science, University of Exeter Internet: "a network of computers which lots of people are inter" +----+----+----+----+----+----+----+----+----+----+----+----+----+ From t.gildersleeve at bilk.ac.uk Mon Feb 26 08:45:00 2001 From: t.gildersleeve at bilk.ac.uk (Tim Gildersleeve) Date: Tue Dec 2 02:33:29 2003 Subject: How do i disable roaming profiles? Message-ID: Not sure about NT4, but with Win2000, this doesnt help - at least with 2.2.x - may do with 2.0.7. What I had to do was change the profile type stored on the client from roaming to local. Right click on Your Computer, properties, user profiles, and select the profiles and change them > -----Original Message----- > From: J.L.Gilmour@exeter.ac.uk [SMTP:J.L.Gilmour@exeter.ac.uk] > Sent: Monday, February 26, 2001 8:25 AM > To: chrisleavoy@home.com > Cc: samba-ntdom@lists.samba.org > Subject: Re: How do i disable roaming profiles? > > > > > I have network logins working perfectly, roaming profiles too... But I > would > > like to disable roaming profiles. Is there a way I can disable them on > my > > samba 2.0.7 server? Without breaking network logons and what not. > > > > I run 3.0, but presumably removing the 'PROFILES' share and the 'logon > path' > entry from your server would do it? That being the reverse of enabling > roaming profiles. > > > Jayne. > -- > +----+----+----+----+----+----+----+----+----+----+----+----+----+ > Jayne Gilmour, BSc. MSc. Unix & Network Administrator > Department of Computer Science, University of Exeter > > Internet: "a network of computers which lots of people are inter" > +----+----+----+----+----+----+----+----+----+----+----+----+----+ From t.gildersleeve at bilk.ac.uk Mon Feb 26 08:55:40 2001 From: t.gildersleeve at bilk.ac.uk (Tim Gildersleeve) Date: Tue Dec 2 02:33:29 2003 Subject: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, Win 2K client) Message-ID: Well, I do have user level security, but definately not encrypted passwords = no. I have always set this to yes. Speaking just for myself, I cant see no reason why someone would want to turn this off. It doesnt matter what other security you add to your system, if you have unencrypted text passwords floating around your system you are asking for trouble. Its a bit like logging in remotely to a unix box with telnet. Always use ssh. Just my 2 pence worth :) > -----Original Message----- > From: MCCALL,DON (HP-USA,ex1) [SMTP:don_mccall@hp.com] > Sent: Friday, February 23, 2001 7:53 PM > To: 'Tim Gildersleeve'; 'Don S. Rogers'; samba-ntdom@us5.samba.org > Subject: RE: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris > 7, Win 2K client) > > Tim, > If you are using userlevel security, and encrypt passwords = no, > then your password length, etc is going to be governed by your > underlying UX os, as samba will be calling standard system routines > to authenticate your users against the /etc/passwd or nis files... > Otherwise, I don't know of a coded 8char limitation in Samba for > ENCRYPTED passwords that get hashed into the smbpasswd file. > Don > > -----Original Message----- > From: Tim Gildersleeve [mailto:t.gildersleeve@bilk.ac.uk] > Sent: Friday, February 23, 2001 4:10 AM > To: 'Don S. Rogers'; samba-ntdom@us5.samba.org > Subject: RE: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, > Win 2K client) > > > Hmm > > Ive seen a few people having this problem. I am running Samba2.2-alpha2 > (CVS) updated on my system every couple of days actually. I have Win2000 > Pro clients (and Win95). Some passwords are 12 characters or more and I > have no problem. My guess that the problem is somewhere else. > > Tim Gildersleeve > tim@otcs-online.net > > > -----Original Message----- > > From: Don S. Rogers [SMTP:Don_Rogers@brown.edu] > > Sent: Thursday, February 22, 2001 6:21 PM > > To: samba-ntdom@us5.samba.org > > Subject: Samba Passwords >8 characters? (Samba 2.2 CVS, Solaris 7, > > Win2K client) > > > > Howdy, Samba folks. > > > > I am currently testing an installation of yesterday's CVS Samba 2.2 on a > > Solaris 7 Sparc box to eventually replace our Samba 2.0.6/Linux setup. > > Our test clients are Win2K Pro, base install. > > > > So far, all is fairly happy and healthy on PDC support and file serving. > > Haven't tested print services yet. However, we are having a problem with > > Samba passwords: > > > > All works fine if the Samba password is 8 characters long or less. If > > it's any longer, though, then Win 2K does not accept the login. If I try > > to use the long password, it gives me this error: > > > > The system cannot log you on due to the following error: > > The stub received bad data. > > Please try again... > > > > If I manually truncate the password to only the first 8 characters, then > > I can authenticate normally. > > > > Further, when testing the Samba shares with smbclient, I find that it > > only cares about the first 8 characters in the login password. If the > > actual password I set with smbpasswd is 14 characters, for example, then > > I can authenticate via smbclient using the first (valid) 8 characters of > > the password plus any quantity of gibberish after. > > > > We hope to retain passwords up to 14 characters for compatibility with > > other campus network services. > > > > Any ideas? I thought there might be a compile-time configuration option > > that would help, but I can't determine which one. Also, I couldn't find > > any related notes in the archives. > > > > I should mention that Solaris on this box exhibits the same behavior -- > > only the first 8 characters in the Unix password matter for > > authentication. Is this actually an OS issue that impacts Samba, or does > > Samba have its own limitation? > > > > Thanks! > > > > Don > > > > -- > > Don S. Rogers . Department Computing Coordinator > > Brown University . Sociology . Population Studies > > Social Science Research Lab . http://www.ssrl.brown.edu > > phone 401.863.2550 . fax 401.863.3213 From gary at netin.com Mon Feb 26 10:31:06 2001 From: gary at netin.com (GL Fournerat) Date: Tue Dec 2 02:33:29 2003 Subject: xinetd Message-ID: <3A9A3069.6E862A7B@netin.com> Hello list: In a nutshell, I'm trying to locate a HOWTO (or whatever is available) for installing Samba 2.0.7-21ssl on a system that employs xinetd, rather than inetd... such as Red Hat 7.0. I have several manuals on how this is done with inetd, but the changes needed to accomplish an install on an xinetd box are nowhere to be found... so far. Thanks in advance, Gary Fournerat From karlheinz at khschulz.com Mon Feb 26 10:35:46 2001 From: karlheinz at khschulz.com (Karl-Heinz Schulz) Date: Tue Dec 2 02:33:29 2003 Subject: xinetd In-Reply-To: <3A9A3069.6E862A7B@netin.com> Message-ID: <000801c09fdf$e1556f90$6e320180@charlielabtop> www.xinetd.org -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of GL Fournerat Sent: Monday, February 26, 2001 5:31 AM To: samba-ntdom@us5.samba.org Subject: xinetd Hello list: In a nutshell, I'm trying to locate a HOWTO (or whatever is available) for installing Samba 2.0.7-21ssl on a system that employs xinetd, rather than inetd... such as Red Hat 7.0. I have several manuals on how this is done with inetd, but the changes needed to accomplish an install on an xinetd box are nowhere to be found... so far. Thanks in advance, Gary Fournerat From teilo at cdt.luth.se Mon Feb 26 12:36:01 2001 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:33:29 2003 Subject: xinetd References: <3A9A3069.6E862A7B@netin.com> Message-ID: <3A9A4DB1.9070000@cdt.luth.se> Sorry I cant help out on this but maybe someone can either confirm or deny me on the following. Wouldn't samba have to create some random data and key generation wach time it starts up if using SSL. Hence it would be a big performance hit to start an SSLised deamon from (x)inetd? /James GL Fournerat wrote: > Hello list: > > In a nutshell, I'm trying to locate a HOWTO (or whatever is > available) for installing Samba 2.0.7-21ssl on a system that > employs xinetd, rather than inetd... such as Red Hat 7.0. > > I have several manuals on how this is done with inetd, but > the changes needed to accomplish an install on an xinetd box > are nowhere to be found... so far. > > Thanks in advance, > Gary Fournerat > -- Technology is a word that describes something that doesn't work yet. Douglas Adams From sysadmin at subexgroup.com Mon Feb 26 13:24:17 2001 From: sysadmin at subexgroup.com (Manjunatha Rao P R) Date: Tue Dec 2 02:33:29 2003 Subject: File sharing Message-ID: <000001c09ff7$6bd82600$030210ac@subexblr> Hai, I am running Samba2.2.0Alpha2 (As Domain Controller) on Redhat Linux 6.2 .I am facing problem whie sharing a folder in a Windows 2000.it liste user from domain while adding it says "No Trust Relation",but I lcan log into this domain.Same problem while giving permission for a user in Domain as Local Admin group of windows 2000. Regards Sys Admin Subex From ascutt at bizonline.net Mon Feb 26 14:43:10 2001 From: ascutt at bizonline.net (Andrew Scutt) Date: Tue Dec 2 02:33:29 2003 Subject: NT Profiles Message-ID: <025001c0a002$752c9a50$7400000a@bizonline.net> Hi, I'm new at this game so forgive me if this has been asked before but I haven't found it mentioned in the docs anywhere. I'm playing with a Linux PDC based on Samba 2.0.7, how do I get users to have local profiles rather than roaming ones? Regards Scutty -- Andrew Scutt Network Operations Business Online Group plc == Inventors of Free Internet & Unmetered Access == http://www.bizonline.net http://www.publiconline.net http://www.thefreeinternet.net Opinions expressed in this email are those of the author and are not binding upon Business Online Group plc. From mhaney at info4cars.com Mon Feb 26 14:55:18 2001 From: mhaney at info4cars.com (Mark Haney) Date: Tue Dec 2 02:33:29 2003 Subject: NT Profiles In-Reply-To: <025001c0a002$752c9a50$7400000a@bizonline.net> Message-ID: Nothing. you don't have to do anything. Nt defaults to local profiles. You have to go to User Manager and specify profile location and type of profile. You can even change the profile type in My Computer Properties, under User Profiles and the Change Type option. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Andrew Scutt Sent: Monday, February 26, 2001 9:43 AM To: samba-ntdom@us5.samba.org Subject: NT Profiles Hi, I'm new at this game so forgive me if this has been asked before but I haven't found it mentioned in the docs anywhere. I'm playing with a Linux PDC based on Samba 2.0.7, how do I get users to have local profiles rather than roaming ones? Regards Scutty -- Andrew Scutt Network Operations Business Online Group plc == Inventors of Free Internet & Unmetered Access == http://www.bizonline.net http://www.publiconline.net http://www.thefreeinternet.net Opinions expressed in this email are those of the author and are not binding upon Business Online Group plc. From waynestout at hantover.com Mon Feb 26 09:03:55 2001 From: waynestout at hantover.com (Wayne Stout) Date: Tue Dec 2 02:33:29 2003 Subject: Problems with access outside domain Message-ID: <3A9A1BFB.71EB8620@hantover.com> Greetings, everyone. I've got a RH 6.2 / Samba 2.0.7 file server with which I am having difficulties. Our network consists of the following: 1 NT4 domain (Hantkc), 1 PDC (APS02) and 1 BDC (APS01). All pc's that validate to the domain are NT4 Workstation. 8 Workgroups that do *not* validate to the Hantkc domain. These are mainly Win95 machines, with a few NT machines scattered in for good measure. These are workgroups, not actual domains. Samba is set up with "security = domain", which is probably part of the problem. PC's that validate to the domain can view the Samba shares with no trouble. NT machines that are not in the domain can see the shares only if I specify the "no-password" option on their smbuser account. (I use Webmin for this) However, I can't get the 95 machines to see all of the shares. If I log into a Win95 machine as myself, I can see files in 3 out of the 5 shares, cannot access my personal share, and can see folders in the Public share, but no files appear and I cannot copy a file to the share. In the logs, I get the following errors: [2001/02/22 15:57:20, 1] smbd/service.c:close_cnum(583) creative (128.2.1.50) closed connection to service public [2001/02/22 15:58:01, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(391) cli_net_sam_logon: NT_STATUS_NO_SUCH_USER [2001/02/22 15:58:01, 0] smbd/password.c:domain_client_validate(1470) domain_client_validate: unable to validate password for user wayne in domain M ARKETING to Domain controller APS02. Error was NT_STATUS_NO_SUCH_USER. [2001/02/22 15:58:01, 1] smbd/service.c:make_connection(550) creative (128.2.1.50) connect to service public as user wayne (uid=819, gid=10 1) (pid 23270) My /etc/smb.conf looks like this: [global] workgroup = HANTKC netbios name = CPQ350 server string = Samba Server hosts allow = 128.2. 127. printcap name = /etc/printcap load printers = no log file = /var/log/samba/log.%m max log size = 50 security = domain password server = APS02,APS01 domain master = no local master = no preferred master = no os level = 0 encrypt passwords = yes smb passwd file = /etc/smbpasswd root preexec = /usr/local/bin/smblog.sh %u socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 remote browse sync = 128.2.0.0 remote announce = 128.2.255.255 name resolve order = hosts lmhosts bcast dns proxy = no [homes] comment = Home Directories path = /s2/%m browseable = no writable = yes [public] printable = no comment = Public Stuff case sensitive = yes short preserve case = yes preserve case = yes writable = yes path = /s1/public public = yes directory mask = 0777 [vsiweb] comment = VSI Fax webserver directory path = /usr/vsifax3/webserver valid users = wayne,doug public = no writable = yes printable = no [mis] comment = MIS share path = /s1/mis valid users = @mis public = no writable = yes printable = no [rpt] comment = Reports path = /s1/rpt [sales] path = /s1/sales I don't understand why I can see the Mis, Rpt, and vsiweb shares fine, but cannot see the Public and home share. Anyone have any ideas? I was hoping to use Domain security, but I am beginning to think I won't be able to. Thanks in advance. Wayne From ascutt at bizonline.net Mon Feb 26 15:13:58 2001 From: ascutt at bizonline.net (Andrew Scutt) Date: Tue Dec 2 02:33:29 2003 Subject: NT Profiles References: Message-ID: <025d01c0a006$ca009e60$7400000a@bizonline.net> But from what I had read the User Manager program didn't work with a Linux PDC. Scutty ----- Original Message ----- From: "Mark Haney" To: "Andrew Scutt" ; Sent: Monday, February 26, 2001 2:55 PM Subject: RE: NT Profiles > Nothing. you don't have to do anything. Nt defaults to local profiles. > You have to go to User Manager and specify profile location and type of > profile. You can even change the profile type in My Computer Properties, > under User Profiles and the Change Type option. > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Andrew Scutt > Sent: Monday, February 26, 2001 9:43 AM > To: samba-ntdom@us5.samba.org > Subject: NT Profiles > > > Hi, > > I'm new at this game so forgive me if this has been asked before but I > haven't found it mentioned in the docs anywhere. > > I'm playing with a Linux PDC based on Samba 2.0.7, how do I get users to > have local profiles rather than roaming ones? > > Regards > Scutty > > -- > Andrew Scutt > Network Operations > > Business Online Group plc > == Inventors of Free Internet & Unmetered Access == > http://www.bizonline.net > http://www.publiconline.net > http://www.thefreeinternet.net > > Opinions expressed in this email are those of the author > and are not binding upon Business Online Group plc. > > > > > From barth at cck.uni-kl.de Mon Feb 26 15:21:17 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:29 2003 Subject: NT Profiles In-Reply-To: References: <025001c0a002$752c9a50$7400000a@bizonline.net> Message-ID: <3A9A827D.17662.1F27FA6@localhost> > Nothing. you don't have to do anything. Nt defaults to local > profiles. You have to go to User Manager and specify profile location > and type of profile. You can even change the profile type in My > Computer Properties, under User Profiles and the Change Type option. Yes, but as far as I can see, this only works for local acount on the NT-PC and not for never logined domain acounts. And there are a lot in a domain. Christian > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Andrew Scutt > Sent: Monday, February 26, 2001 9:43 AM To: samba-ntdom@us5.samba.org > Subject: NT Profiles > > > Hi, > > I'm new at this game so forgive me if this has been asked before but I > haven't found it mentioned in the docs anywhere. > > I'm playing with a Linux PDC based on Samba 2.0.7, how do I get users > to have local profiles rather than roaming ones? > > Regards > Scutty > > -- > Andrew Scutt > Network Operations > > Business Online Group plc > == Inventors of Free Internet & Unmetered Access == > http://www.bizonline.net > http://www.publiconline.net > http://www.thefreeinternet.net > > Opinions expressed in this email are those of the author > and are not binding upon Business Online Group plc. > > > > > > _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From mhaney at info4cars.com Mon Feb 26 15:27:27 2001 From: mhaney at info4cars.com (Mark Haney) Date: Tue Dec 2 02:33:29 2003 Subject: NT Profiles In-Reply-To: <3A9A827D.17662.1F27FA6@localhost> Message-ID: True to a point, you can alter a Domain Profile from the Change type option. I have done it on a couple of occasions. However this is really a moot point as he didn't want roaming profiles to begin with. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Christian Barth Sent: Monday, February 26, 2001 10:21 AM To: Andrew Scutt; samba-ntdom@us5.samba.org; Mark Haney Subject: RE: NT Profiles > Nothing. you don't have to do anything. Nt defaults to local > profiles. You have to go to User Manager and specify profile location > and type of profile. You can even change the profile type in My > Computer Properties, under User Profiles and the Change Type option. Yes, but as far as I can see, this only works for local acount on the NT-PC and not for never logined domain acounts. And there are a lot in a domain. Christian > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Andrew Scutt > Sent: Monday, February 26, 2001 9:43 AM To: samba-ntdom@us5.samba.org > Subject: NT Profiles > > > Hi, > > I'm new at this game so forgive me if this has been asked before but I > haven't found it mentioned in the docs anywhere. > > I'm playing with a Linux PDC based on Samba 2.0.7, how do I get users > to have local profiles rather than roaming ones? > > Regards > Scutty > > -- > Andrew Scutt > Network Operations > > Business Online Group plc > == Inventors of Free Internet & Unmetered Access == > http://www.bizonline.net > http://www.publiconline.net > http://www.thefreeinternet.net > > Opinions expressed in this email are those of the author > and are not binding upon Business Online Group plc. > > > > > > _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From peterl at update.uu.se Mon Feb 26 15:54:49 2001 From: peterl at update.uu.se (Peter Lundqvist) Date: Tue Dec 2 02:33:29 2003 Subject: Mounting shares before logging in Message-ID: Hi, This is not the best of places to ask this, but since I've had no response elsewhere and the people here usually knows a lot about the evil side... I have the need to mount shares before any normal user logs on to our NT server. I've tried to convert a script that mounts the desired shares into a service. The script executes fine, according to the logs the shares are mounted. But when a user logs in, the mounted shares are not visible. If I *now* try to mount the shares on the NT-box, it says that the share is already in use. If I run the script when the user logs in (and the service-script is removed), it works like a charm. Does anyone have clue? ........................................................................... Peter Lundqvist web: http://www.update.uu.se/~peterl Studentv. 32:22B e-mail: peterl@update.uu.se 752 34 Uppsala cellular: +46 (0)70 45 66 347 Sweden work: +46 (0)155 256 440 "The trouble with being punctual is that people think you have nothing more important to do." From smerrill at svfc.org Mon Feb 26 15:56:40 2001 From: smerrill at svfc.org (Scott Merrill) Date: Tue Dec 2 02:33:29 2003 Subject: Win2K: An Error with No Description Occurred Message-ID: <000901c0a00c$b5d8a620$4e0a0a0a@svfc.org> Hiya! I downloaded and compiled the CVS snapshot of Samba 2.2 on Friday, 02-23-2001. I upgraded my Samba domain to this new version from 2.0.6. Everything's working fine for my Windows 98 user workstations. Now, I'm trying to get a freshly installed Windows 2000 server to join my Samba controlled domain. When I enter the domain "svfc" on the Windows 2000 server, I am prompted for credentials. I supply the username "root" and the proper password. About two minutes pass, and then I receive a pop-up error message stating: An error with no description has occurred. I click OK, and then immediately try to join the domain again. This produces the same error message. Originally I had the 'passwd sync' option set to Yes. I've set it to No, and commented out the 'passwd program' and 'passwd chat' lines in smb.conf (and restarted the daemons). I've tried deleting the MACHINE.SID file, and deleting and re-adding the Windows 2000 server name from both /etc/passwd and /etc/smbpasswd. I've not seen anyone else report this specific error on the list yet; so I'm hoping it's an easy fix! Any suggestions? Thanks in advance, Scott From vorlon at netexpress.net Mon Feb 26 16:08:36 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:33:29 2003 Subject: xinetd In-Reply-To: <3A9A4DB1.9070000@cdt.luth.se> Message-ID: On Mon, 26 Feb 2001, James Nord wrote: > Sorry I cant help out on this but maybe someone can either confirm or > deny me on the following. > Wouldn't samba have to create some random data and key generation wach > time it starts up if using SSL. > Hence it would be a big performance hit to start an SSLised deamon from > (x)inetd? I don't believe Samba's SSL support includes code to generate SSL keys on the fly... this is something that should be done once for each install of Samba. The rest of the grabbing of random data needs to be done for each SSL connection anyway, so running Samba out of inetd doesn't give a performance hit for /this/ reason. There are lots of /other/ reasons why running Samba out of inetd is a bad idea, however, starting with the fact that smbd is a big process and will take a while to start up when spawned from inetd. Unless there's a compelling reason not to, you should always run smbd and nmbd as daemons. Steve Langasek postmodern programmer From spinler.patrick at mayo.edu Mon Feb 26 16:38:57 2001 From: spinler.patrick at mayo.edu (Patrick Spinler) Date: Tue Dec 2 02:33:29 2003 Subject: RH 7.0 and Winbind in an NT4.0 domain References: <3A94CD79.F93FDA87@gsbme.unsw.edu.au> Message-ID: <3A9A86A1.FFCC820B@mayo.edu> Shaun: I'm trying to get a very similar configuration working (rh 6.2 instead of 7.0, though). First, it sounds like you may have a basic samba configuration issue. smbd and nmbd not starting is the first thing I'd look into. Do you have samba installed where the init.d/smb script expects ? It sounds like that script isn't finding smbd/nmbd. Second, I don't think that your domain membership for these machines is going to do you any good. Specifically, the dual boot is going to muck you up. Both half's of the machine can't be members in the nt domain under the same machine account unless you have a magic way for both sides to share the same machine password entry (in winnt registry and linux /etc/.../DOMAIN.MACHINE.mac file) Third, it looks like your getent command is hanging on input from winbindd. To help debug what's going on with winbindd, check out running winbindd interactively with "-i" and the debug option "-d100". Someone suggested to me that I dump the precompiled winbindd and recompile from the APPLIANCE_TNG cvs branch. I'm going to give that a try today or tomorrow. -- Pat Shaun Cloherty wrote: > > Forgive me if this is not the appropriate list - please direct me to a > more appropriate forum. > > I have a number of client machines running Linux (RH7.0) which I need to > make available to existing users of our NT4.0 domain. Winbind seem to be > the ticket I am looking for, so I downloaded and installed the > samba-appliance-0.5-1 rpm. I have been following the directions in the > winbindd man page, but havn't managed to get it working. > > I have made the suggested changes to /etc/nsswitch.conf, but havn't yet > tackled the PAM issues. There are existing accounts on the NT server for > these machines - they dual boot Win2k - which I have confirmed using > samedit included in the samba-appliance rpm. > > I have created a /etc/samba/smb.conf file based on the winbindd man > page. > > When I start the smbd and nmbd daemons (via /etc/rc.d/init.d/smb start) > I see this; > > Starting SMB services: execvp: No such file or directory [FAILED] > > Starting NMB services: execvp: No such file or directory [FAILED] > > I don't think this is a Samba issue, since I can start the daemons by > hand (smbd -D; nmbd -D) without any problem... but if anyone has any > suggestions on how to fix it, please let me know. > > I'm not sure how I am supposed to start the winbind daemon, but simply > typing 'winbindd' at the prompt seems to do it... let me know if there > is more to it than that. > > Now, when I run 'getent passwd' as suggested in the man page, I see only > the users listed in the /etc/passwd file... no NT domain users. Am I > correct in assuming that at this point, if all is well, I should be > seeing a list of NT domain users in addition to the local unix users > (from /etc/passwd)? It is my understanding that simply listing the > users via 'getent passwd' is a name service issue, so I expected it to > work even though I have not dealt with the PAM configuration yet.... am > I wrong? If so, which services under /etc/pam.d do I have to tweak to > make 'getent passwd' to work? > > An 'strace' of 'getent passwd' indicates that it reads > /etc/nsswitch.conf (as expected), then reads the /etc/passwd file, > echoing the entries to stdout, then goes looking for > libnss_winbind.so.2, presumably to do the winbind magic so as to list > the NT domain users. The winbindd man page said to put > libnss_winbind.so.2 in /lib, yet no libnss_switch.so.2 came in the > samba-appliance rpm, it installs /lib/libnss_winbind.so. Simply > renaming libnss_winbind.so to libnss_winbind.so.2 seems ok, in that an > strace indicates that it finds the library, does its thing, but times > out writing/reading from /tmp/.winbindd/pipe. I don't know how to > proceed from here? > > Any assistance would be greatly appreciated, > > Shaun > -- > Shaun Cloherty > Graduate School of Biomedical Engineering > University of New South Wales -- This message does not represent the policies or positions of the Mayo Foundation or its subsidiaries. Patrick Spinler email: Spinler.Patrick@Mayo.EDU Mayo Foundation phone: 507/284-9485 From ascutt at bizonline.net Mon Feb 26 16:50:17 2001 From: ascutt at bizonline.net (Andrew Scutt) Date: Tue Dec 2 02:33:29 2003 Subject: NT Profiles References: Message-ID: <002101c0a014$3687bf70$7400000a@bizonline.net> Let me clear this up. We have an N domain network with an NT PDC. I want to convert this to a Linux PDC, some users have roaming profiles and some have local ones. How do I tell Samba which users have which? Regards Scutty -- Andrew Scutt Network Operations Business Online Group plc == Inventors of Free Internet & Unmetered Access == http://www.bizonline.net http://www.publiconline.net http://www.thefreeinternet.net Opinions expressed in this email are those of the author and are not binding upon Business Online Group plc. ----- Original Message ----- From: "Mark Haney" To: "Christian Barth" ; "Andrew Scutt" ; Sent: Monday, February 26, 2001 3:27 PM Subject: RE: NT Profiles > True to a point, you can alter a Domain Profile from the Change type option. > I have done it on a couple of occasions. However this is really a moot > point as he didn't want roaming profiles to begin with. > > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Christian Barth > Sent: Monday, February 26, 2001 10:21 AM > To: Andrew Scutt; samba-ntdom@us5.samba.org; Mark Haney > Subject: RE: NT Profiles > > > > > > Nothing. you don't have to do anything. Nt defaults to local > > profiles. You have to go to User Manager and specify profile location > > and type of profile. You can even change the profile type in My > > Computer Properties, under User Profiles and the Change Type option. > > Yes, but as far as I can see, this only works for local acount on the > NT-PC and not for never logined domain acounts. And there are a lot > in a domain. > > Christian > > > > > -----Original Message----- > > From: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Andrew Scutt > > Sent: Monday, February 26, 2001 9:43 AM To: samba-ntdom@us5.samba.org > > Subject: NT Profiles > > > > > > Hi, > > > > I'm new at this game so forgive me if this has been asked before but I > > haven't found it mentioned in the docs anywhere. > > > > I'm playing with a Linux PDC based on Samba 2.0.7, how do I get users > > to have local profiles rather than roaming ones? > > > > Regards > > Scutty > > > > -- > > Andrew Scutt > > Network Operations > > > > Business Online Group plc > > == Inventors of Free Internet & Unmetered Access == > > http://www.bizonline.net > > http://www.publiconline.net > > http://www.thefreeinternet.net > > > > Opinions expressed in this email are those of the author > > and are not binding upon Business Online Group plc. > > > > > > > > > > > > > > > _______________________________________________________________________ > In a world without walls and fences, who needs windows and gates? (SUN) > > > From bernie at red-post.co.uk Mon Feb 26 18:01:39 2001 From: bernie at red-post.co.uk (bernie doyle) Date: Tue Dec 2 02:33:29 2003 Subject: All Users equivilant? Message-ID: <3A9A9A03.8FAE27F7@red-post.co.uk> Hi All, I am in the process of trying to set up a Linux based PDC running 2.2. Is it possible to create the equivalent of the "ALL USERS" user as found with NT SERVER. Allowing all users to have certain desktop, shortcuts and drive mappings to be set based on a single central user profile. Many thanks bernie doyle From anders at cwd.no Mon Feb 26 19:12:04 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:33:29 2003 Subject: Mounting shares before logging in In-Reply-To: Message-ID: <000401c0a028$05976dc0$3202a8c0@elmiront> I tink Richard sharpe asked about something similar earlier. He might have some more tested ideas on the subject BTW: Did you make the service "interact.." or not? Also: I know that logged on users get the sharings the service has. There's also something about "null session" digging trough the knowledgebase on microsoft.com: http://support.microsoft.com/support/kb/articles/Q132/6/79.ASP (NT 3.51 +) http://support.microsoft.com/support/kb/articles/Q124/1/84.asp (NT 3.51) a knowledgebase is what samba.org needs.. which I suggested a while back. Linking to external resources as the above, and utilizing some of the great stuff at kt.linuxcare.com + the samba FAQ's ofcourse.. speaking of documentation: Is David Bannon still around..? --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Peter Lundqvist Sent: 26. februar 2001 16:55 To: samba-ntdom@us5.samba.org Subject: Mounting shares before logging in Hi, This is not the best of places to ask this, but since I've had no response elsewhere and the people here usually knows a lot about the evil side... I have the need to mount shares before any normal user logs on to our NT server. I've tried to convert a script that mounts the desired shares into a service. The script executes fine, according to the logs the shares are mounted. But when a user logs in, the mounted shares are not visible. If I *now* try to mount the shares on the NT-box, it says that the share is already in use. If I run the script when the user logs in (and the service-script is removed), it works like a charm. Does anyone have clue? ........................................................................... Peter Lundqvist web: http://www.update.uu.se/~peterl Studentv. 32:22B e-mail: peterl@update.uu.se 752 34 Uppsala cellular: +46 (0)70 45 66 347 Sweden work: +46 (0)155 256 440 "The trouble with being punctual is that people think you have nothing more important to do." From tom.myny at pandora.be Mon Feb 26 19:58:53 2001 From: tom.myny at pandora.be (Tom Myny) Date: Tue Dec 2 02:33:29 2003 Subject: To the samba crew Message-ID: <000e01c0a02e$8b9bb0b0$0200a8c0@MYNY> Now i finally solved my problem i can logon to the domain. ( Due the stupist bug i have ever seen in my life, the domain name bust be uneven !!!!! ) BUT SAMBA, I CAN'T SMELL WERE THERE IS A BUG :) There are to many damn bugs in samba, and the manual is to short for newbies (like me :) So keep on working samba and it will be great product :) -------------- next part -------------- HTML attachment scrubbed and removed From anders at cwd.no Mon Feb 26 20:07:45 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:33:29 2003 Subject: To the samba crew In-Reply-To: <000e01c0a02e$8b9bb0b0$0200a8c0@MYNY> Message-ID: <000801c0a02f$c90292b0$3202a8c0@elmiront> Tom, samba 2.2 is alpha quality software (which is even less stable then beta quality). the even / uneven bug is well-known and is probably documented in the Samba FAQ on samba.org if you need a good product use samba 2.0.7 which is well documented, and works fine for file / print sharing, altough it lacks many of the fancy features (which currently are buggy) which are beeing developed in samba 2.2. --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Tom Myny Sent: 26. februar 2001 20:59 To: samba-ntdom@samba.org Subject: To the samba crew Now i finally solved my problem i can logon to the domain. ( Due the stupist bug i have ever seen in my life, the domain name bust be uneven !!!!! ) BUT SAMBA, I CAN'T SMELL WERE THERE IS A BUG :) There are to many damn bugs in samba, and the manual is to short for newbies (like me :) So keep on working samba and it will be great product :) From smerrill at svfc.org Mon Feb 26 20:45:44 2001 From: smerrill at svfc.org (Scott Merrill) Date: Tue Dec 2 02:33:29 2003 Subject: Domain Name Requirements Message-ID: <000001c0a035$17e57b40$4e0a0a0a@svfc.org> I thought I read somewhere that the bug regarding domain name length (ie: an odd number of characters) had been resolved. I've just perused the ntdom and technical archives, but can't seem to find any mention of it. It's quite possible that my recollection is completely wrong. I'd like some confirmation of this. =) My domain name is four characters long; so I've been waiting to deploy Samba 2.2 Alpha until the above has been resolved. Was it fixed, and then subsequently broken again after Jeremy Allison's large CVS checkin on 02-20-2001? If so, can someone please provide me with the skinny on how to use CVS to get the version prior to that update? [Samba is currently the only product I have a need to obtain via CVS, so I'm not really motivated to learn the cvs commands! =)] Thanks, Scott From jeremy at valinux.com Mon Feb 26 18:55:17 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:29 2003 Subject: Domain Name Requirements References: <000001c0a035$17e57b40$4e0a0a0a@svfc.org> Message-ID: <3A9AA695.D470EE1B@valinux.com> Scott Merrill wrote: > > I thought I read somewhere that the bug regarding domain name length (ie: an > odd number of characters) had been resolved. I've just perused the ntdom > and technical archives, but can't seem to find any mention of it. > > It's quite possible that my recollection is completely wrong. I'd like some > confirmation of this. =) > > My domain name is four characters long; so I've been waiting to deploy Samba > 2.2 Alpha until the above has been resolved. Was it fixed, and then > subsequently broken again after Jeremy Allison's large CVS checkin on > 02-20-2001? If so, can someone please provide me with the skinny on how to > use CVS to get the version prior to that update? [Samba is currently the > only product I have a need to obtain via CVS, so I'm not really motivated to > learn the cvs commands! =)] It is currently fixed in the CVS code (I JF and I fixed the breakage in the large CVS checkin). I am intending to do another alpha snapshot this week, but I strongly recommend learning the CVS commands if you want to track progress :-) :-). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Chris_Blessing at elementk.com Mon Feb 26 21:14:51 2001 From: Chris_Blessing at elementk.com (Chris_Blessing@elementk.com) Date: Tue Dec 2 02:33:29 2003 Subject: question about win2k and samba Message-ID: Hi there- I'm hoping I can gather some additional information about Samba and Win2k, so let me start off by asking a question. =) I have a severe performance problem with my Win2k Professional box and my Linux box. The Linux box is running Samba 2.0.5a to (obviously) enable shares to the client Win95/98/NT machines across our network. Access is relatively peppy for those machines, however my (currently the only) Win2k box suffers heavily whenever I try to do anything other than list a directory's contents. Copying files takes FOREVER, seriously, it took me about 8 minutes to copy 300+ files totalling no more than 5mb. Even directory listings are slow (but standable). I'm wondering if anyone else has encountered this type of behavior between Win2k and Samba on Linux, and if so, if you have been able to help things out a bit with a fix of some sorts. Thanks in advance, Chris Blessing Web Developer - Element K Journals, LLC chris_blessing@elementk.com From cbriggs at nauticusnet.com Mon Feb 26 21:46:58 2001 From: cbriggs at nauticusnet.com (Chris Briggs) Date: Tue Dec 2 02:33:29 2003 Subject: samba-appliance problem: winbindd overwrites secrets.tdb Message-ID: I'm trying to use the samba-appliance stuff on a Redhat 7.0 system, on a network with NT servers (with an NT server as the PDC). I want to make the Linux system use the NT domain for authentication of everything. I followed the instructions in the whitepaper "Unified Logons between Windows NT and Unix using Winbind" and the winbindd man page. So I started by installing samba-2.2.0alpha2 and configuring it for domain authentication. I made an account for the Linux box in the NT domain, set its password, and defined a sample share. This worked great. I could access the share from my win2k client using my domain password, and I could get the status of the Linux box from Server Manager on the PDC. Then I made the necessary changes to smb.conf, nsswitch.conf and the appropriate (I think) /etc/pam.d/* files and started winbindd. It didn't seem to work--I couldn't login to the Linux box using my domain account (DOMAIN\username). Further, the domain authentication for (plain) Samba doesn't work anymore. If I try looking at the properties of the Linux box from Server Manager on the PDC, it says "Connection refused" and I get errors in my nt1.log file (nt1 is my pdc). The file is attached, but I think the main error is this: [2001/02/22 10:37:19, 0] smbd/password.c:domain_client_validate(1503) domain_client_validate: could not fetch trust account password for domain BREAKWATER Also, I noticed that while my /usr/local/samba/private/secrets.tdb file was exactly 8KB before I ran winbindd, it was only 676 bytes after. I'm guessing that this is the crux of my problem. Is it? I've tried these installs: 1. installing samba-appliance-0.5-1.i386.rpm 2. building from samba-appliance-0.5-1.src.rpm 3. "make nsswitch" on samba-tng acquired via cvs last week (using Samba 2.2.0alpha2 for the main Samba daemons) They all have the same result, as described above. Now my questions are these: 1. Has anyone gotten Samba with domain security and winbind working on a RH 7.0 system? (Question 1.a. From the mailing list archive for February, it looks like someone has gotten it to run on a Solaris 2.6 system? Is this true, and if so, will it work on Solaris 2.8?) 2. How do I get winbindd not to clobber my secrets.tdb file? (Or is this not important?) 3. Is this the right place for samba-appliance questions? (If not, where is?) Thank you much. My smb.conf is also attached. -cb -- Chris Briggs Nauticus Networks (formerly Breakwater Communications) cbriggs@nauticusnet.com 508-270-0500 x225 <> <> -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 818 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010226/769949fb/smb.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: nt1.log Type: application/octet-stream Size: 12153 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010226/769949fb/nt1.obj From kevinc at grainsystems.com Mon Feb 26 22:10:39 2001 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:33:29 2003 Subject: samba-appliance problem: winbindd overwrites secrets.tdb References: Message-ID: <3A9AD45F.F7F5D2F8@grainsystems.com> > 1. Has anyone gotten Samba with domain security and winbind working on a > RH 7.0 system? RH 6.2, yes. I'm fairly familiar with 7 too, and I don't see that being an issue. I will say though that we did so also using 2.2 alpha2 as a domain member, but that we used winbindd compiled from the CVS's branch "APPLIANCE_TNG". I do think that is important. - Kevin Colby kevinc@grainsystems.com From greg at kwikfind.com Mon Feb 26 23:58:01 2001 From: greg at kwikfind.com (Greg J. Zartman) Date: Tue Dec 2 02:33:30 2003 Subject: Problem when tring to rejoin a SAMBA PDC domain Message-ID: <002201c0a04f$f49e00b0$2800a8c0@leinet> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: Greg J. Zartman.vcf Type: text/x-vcard Size: 369 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010226/0fd8a417/GregJ.Zartman.vcf From memphis_ms at gmx.net Tue Feb 27 00:23:17 2001 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:33:30 2003 Subject: Problem when tring to rejoin a SAMBA PDC domain References: <002201c0a04f$f49e00b0$2800a8c0@leinet> Message-ID: <21534.983233397@www27.gmx.net> If I am not mistaken, the machine password needs to be reset. Per default, any PDC makes the password same as the machine name - and is then changed by Windows and Samba together. Resetting the password in smbpasswd, or deleting and recreating the machine account should solve your problem. It worked fine for me, that is. Raoul -- Sent through GMX FreeMail - http://www.gmx.net From spinler.patrick at mayo.edu Tue Feb 27 00:48:07 2001 From: spinler.patrick at mayo.edu (Patrick Spinler) Date: Tue Dec 2 02:33:30 2003 Subject: RH 7.0 and Winbind in an NT4.0 domain References: <3A94CD79.F93FDA87@gsbme.unsw.edu.au> <3A9A86A1.FFCC820B@mayo.edu> <3A9AE805.83F73A6B@gsbme.unsw.edu.au> Message-ID: <3A9AF947.6B8477FA@mayo.edu> Just FYI: I am still unable to get a working system, running the latest winbindd out of cvs branch APPLIANCE_TNG today. From the error "winbindd -d100" spits at me, I guess that it's a domain trust issue (since my workstation is in one domain 'RCHWKS', and my test domain id is in a second domain 'MC', which 'RCHWKS' trusts). It's only a wild ass guess, though. (winbind log info here from a pam login attempt here) adding trusted domain MC adding trusted domain RCH server: dc=RWKSRV00, pwdb_init=1, lsa_hnd=1 RCH: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0 MC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0 RCHWKS: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0 accepted socket 10 [ 1220]: pam auth mc/pjs11 could not get trust password for domain MC I can see some intregeing stuff with the wbinfo command, but getent passwd (or group) shows nothing beyond my local passwd/group database. I just did a little tracing through the code. The "could not get trust account password" error is being generated because the trust password is not in the secrets database nsswitch/winbindd_misc.c:_get_trust_account_passwd() calling secrets/secrets.c:secrets_fetch() but I'm unclear where in the code path, if anywhere, the domain trust account is supposed to be obtained and stored in the secrets database. More investigation as time permits. If anyone has any clues, please help. -- Pat Shaun Cloherty wrote: > > Patrick Spinler wrote: > > > Shaun: > > > > I'm trying to get a very similar configuration working (rh 6.2 instead > > of 7.0, though). > > > > First, it sounds like you may have a basic samba configuration issue. > > smbd and nmbd not starting is the first thing I'd look into. Do you > > have samba installed where the init.d/smb script expects ? It sounds > > like that script isn't finding smbd/nmbd. > > Correct, I added the path to the top of the init.d/smb script, and smbd and > nmbd now start without a problem. I also modified the script to launch the > winbindd daemon... very nice. > > > Second, I don't think that your domain membership for these machines is > > going to do you any good. Specifically, the dual boot is going to muck > > you up. Both half's of the machine can't be members in the nt domain > > under the same machine account unless you have a magic way for both > > sides to share the same machine password entry (in winnt registry and > > linux /etc/.../DOMAIN.MACHINE.mac file) > > Humm... I'm not sure what happens on the NT side, I'm not much of an NT user. > Perhaps you are right, but I now have 'getent passwd' spewing out a list of > local users and a list of NT domain users... which is what I wanted. Actually > authenticating the NT users to login is another matter... is that where this > .mac file becomes an issue? > > > Third, it looks like your getent command is hanging on input from > > winbindd. > > Correct again, it turns out that a defunct winbindd process was still hanging > around tying up the pipe... killed it and the problem vanished. > > My next challenge is to force authentication via winbindd against the NT > server. I've been struggling with the PAM documentation all weekend, and > still don't really know what I'm doing... > > > Someone suggested to me that I dump the precompiled winbindd and > > recompile from the APPLIANCE_TNG cvs branch. I'm going to give that a > > try today or tomorrow. > > Let me know how you get on, I attempted to compile from the .tar.gz appliance > source, but never had much success, in desperation I installed the > precompiled package. > > Shaun > > -- > Shaun Cloherty > Graduate School of Biomedical Engineering > University of New South Wales -- This message does not represent the policies or positions of the Mayo Foundation or its subsidiaries. Patrick Spinler email: Spinler.Patrick@Mayo.EDU Mayo Foundation phone: 507/284-9485 From spinler.patrick at mayo.edu Tue Feb 27 00:53:02 2001 From: spinler.patrick at mayo.edu (Patrick Spinler) Date: Tue Dec 2 02:33:30 2003 Subject: RH 7.0 and Winbind in an NT4.0 domain References: <3A94CD79.F93FDA87@gsbme.unsw.edu.au> <3A9A86A1.FFCC820B@mayo.edu> <3A9AE805.83F73A6B@gsbme.unsw.edu.au> <3A9AF947.6B8477FA@mayo.edu> Message-ID: <3A9AFA6E.E3ECC3F9@mayo.edu> Question: Is there an easy way to dump the contents of the secrets database and see what _is_ there ? Thanks, -- Pat Patrick Spinler wrote: > > Just FYI: > > I am still unable to get a working system, running the latest winbindd > out of cvs branch APPLIANCE_TNG today. From the error "winbindd -d100" > spits at me, I guess that it's a domain trust issue (since my > workstation is in one domain 'RCHWKS', and my test domain id is in a > second domain 'MC', which 'RCHWKS' trusts). It's only a wild ass guess, > though. > > (winbind log info here from a pam login attempt here) > adding trusted domain MC > adding trusted domain RCH > server: dc=RWKSRV00, pwdb_init=1, lsa_hnd=1 > RCH: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0 > MC: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0 > RCHWKS: dc=, got_sid=0, sam_hnd=0 sam_dom_hnd=0 > accepted socket 10 > [ 1220]: pam auth mc/pjs11 > could not get trust password for domain MC > > I can see some intregeing stuff with the wbinfo command, but getent > passwd (or group) shows nothing beyond my local passwd/group database. > > I just did a little tracing through the code. The "could not get trust > account password" error is being generated because the trust password is > not in the secrets database > > nsswitch/winbindd_misc.c:_get_trust_account_passwd() > calling > secrets/secrets.c:secrets_fetch() > > but I'm unclear where in the code path, if anywhere, the domain trust > account is supposed to be obtained and stored in the secrets database. > > More investigation as time permits. If anyone has any clues, please > help. > > -- Pat > > Shaun Cloherty wrote: > > > > Patrick Spinler wrote: > > > > > Shaun: > > > > > > I'm trying to get a very similar configuration working (rh 6.2 instead > > > of 7.0, though). > > > > > > First, it sounds like you may have a basic samba configuration issue. > > > smbd and nmbd not starting is the first thing I'd look into. Do you > > > have samba installed where the init.d/smb script expects ? It sounds > > > like that script isn't finding smbd/nmbd. > > > > Correct, I added the path to the top of the init.d/smb script, and smbd and > > nmbd now start without a problem. I also modified the script to launch the > > winbindd daemon... very nice. > > > > > Second, I don't think that your domain membership for these machines is > > > going to do you any good. Specifically, the dual boot is going to muck > > > you up. Both half's of the machine can't be members in the nt domain > > > under the same machine account unless you have a magic way for both > > > sides to share the same machine password entry (in winnt registry and > > > linux /etc/.../DOMAIN.MACHINE.mac file) > > > > Humm... I'm not sure what happens on the NT side, I'm not much of an NT user. > > Perhaps you are right, but I now have 'getent passwd' spewing out a list of > > local users and a list of NT domain users... which is what I wanted. Actually > > authenticating the NT users to login is another matter... is that where this > > .mac file becomes an issue? > > > > > Third, it looks like your getent command is hanging on input from > > > winbindd. > > > > Correct again, it turns out that a defunct winbindd process was still hanging > > around tying up the pipe... killed it and the problem vanished. > > > > My next challenge is to force authentication via winbindd against the NT > > server. I've been struggling with the PAM documentation all weekend, and > > still don't really know what I'm doing... > > > > > Someone suggested to me that I dump the precompiled winbindd and > > > recompile from the APPLIANCE_TNG cvs branch. I'm going to give that a > > > try today or tomorrow. > > > > Let me know how you get on, I attempted to compile from the .tar.gz appliance > > source, but never had much success, in desperation I installed the > > precompiled package. > > > > Shaun > > > > -- > > Shaun Cloherty > > Graduate School of Biomedical Engineering > > University of New South Wales > > -- > This message does not represent the policies or positions > of the Mayo Foundation or its subsidiaries. > Patrick Spinler email: Spinler.Patrick@Mayo.EDU > Mayo Foundation phone: 507/284-9485 -- This message does not represent the policies or positions of the Mayo Foundation or its subsidiaries. Patrick Spinler email: Spinler.Patrick@Mayo.EDU Mayo Foundation phone: 507/284-9485 From greg at leiinc.com Tue Feb 27 01:29:14 2001 From: greg at leiinc.com (Greg J. Zartman, P.E.) Date: Tue Dec 2 02:33:30 2003 Subject: Local Profiles Message-ID: <006401c0a05c$b2817d80$2800a8c0@leinet> I've been scouring the mailing lists for a method disable roaming profiles when using Samba 2.2 alpha 2 as the PDC. Samba seems to default to roaming profiles, which seem silly to me as I don't want to sit and wait for a my windows profile to transfer to my local machine. Unless one likes to play musical computers, it seems more likely that one would want their profile to be stored locally. The solutions that I've seen so far say to set logon drive and logon home to blank. I'm not having any luck with this. Is there some other settings that need to be made in smb.conf to force Samba to use local profiles? Thank you. Greg J. Zartman, P.E. -------------- next part -------------- A non-text attachment was scrubbed... Name: Greg J. Zartman.vcf Type: text/x-vcard Size: 369 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010226/232ec78b/GregJ.Zartman.vcf From philipp at hug.cx Tue Feb 27 01:23:33 2001 From: philipp at hug.cx (Philipp Hug) Date: Tue Dec 2 02:33:30 2003 Subject: Again: Win2k, joining domain Message-ID: <003401c0a05b$e63e3b00$1f0110ac@orca> Hi, I got exactly the same error on my english SP1 Win2k installation when I tried to join the samba domain. "The procedure number is out of range." Even the error message in the log file looks similar [2001/02/27 02:13:53, 0] smbd/service.c:make_connection(375) root logged in as admin user (root privileges) [2001/02/27 02:13:54, 0] rpc_parse/parse_prs.c:prs_mem_get(437) prs_mem_get: reading data of size 2 would overrun buffer. [2001/02/27 02:13:54, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(672) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. [2001/02/27 02:13:54, 0] rpc_server/srv_pipe.c:api_rpcTNP(1199) api_rpcTNP: api_samr_rpc: SAMR_SET_USERINFO failed. I'm using the CVS version of SAMBA_2_2 (from 26/02/2001). # Samba config file created using SWAT # from 172.16.1.31 (172.16.1.31) # Date: 2001/02/27 02:20:00 # Global parameters [global] workgroup = LINUXDOMAIN encrypt passwords = Yes domain admin group = @root domain logons = Yes wins support = Yes admin users = root, philipp [netlogon] path = /usr/local/samba/netlogon admin users = Any ideas? Thanks Philipp From philipp at hug.cx Tue Feb 27 01:46:30 2001 From: philipp at hug.cx (Philipp Hug) Date: Tue Dec 2 02:33:30 2003 Subject: Again: Win2k, joining domain Message-ID: <007a01c0a05f$1b430c10$1f0110ac@orca> I can join the domain now. (Thanks to Raoul) is it true, that the machine-account in smbpasswd MUST NOT exist? philipp From mjs at digitalconscious.com Tue Feb 27 02:11:18 2001 From: mjs at digitalconscious.com (mjs) Date: Tue Dec 2 02:33:30 2003 Subject: really FRUSTRATED! Message-ID: i would like to thank first the people tha been trying to help,..but unfortunetely i haven't seem to get this working... let me explain this again,...I want to join a win2k DC to samba...i first added the computer account on the win2k server .. second i stared the smb daemons,..which seems fine,..now when i run smbpasswd -j digicon (domain) -r digicon (netbios name) i run into problems..... now so you know when i go to properties of my computer and click on network identification tab to find out my netbios name....this is where i run into problems... my FQDN is digicon.digitalconsciousness.com domain --> digitalconsciousness.com so -j would be digicon (domain) right?? and -r digcon also...or digitalconsciouness.com please help with this ,..im loosing whats left of my mind... ____________________________________________ An optimist believes we live in the best of all possible worlds. A pessimist is sure of it! --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/2001 From mgeddes at xavier.sa.edu.au Tue Feb 27 02:16:59 2001 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:33:30 2003 Subject: really FRUSTRATED! References: Message-ID: <3A9B0E1B.69D3842F@xavier.sa.edu.au> mjs wrote: > > i would like to thank first the people tha been trying to help,..but > unfortunetely i haven't seem to get this working... > > let me explain this again,...I want to join a win2k DC to samba...i first > added the computer account on the win2k server .. As a BDC? I'm not sure if Samba supports Backup Domain Controllers. > second i stared the smb daemons,..which seems fine,..now when i run > > smbpasswd -j digicon (domain) -r digicon (netbios name) > > i run into problems..... Which are? > now so you know when i go to properties of my computer and click on network > identification tab to find out my netbios name....this is where i run into > problems... > > my FQDN is digicon.digitalconsciousness.com > domain --> digitalconsciousness.com > > so -j would be digicon (domain) right?? > and -r digcon also...or digitalconsciouness.com Yes. > please help with this ,..im loosing whats left of my mind... Well, when you find it again, post the error messages reported back when you tried to join the domain. ;-) hope it helps, Matt From Chris.Odgers at sausage.com Tue Feb 27 02:18:27 2001 From: Chris.Odgers at sausage.com (Chris Odgers) Date: Tue Dec 2 02:33:30 2003 Subject: really FRUSTRATED! Message-ID: <9A0F63A07282D4119C4100D0B72017AA7E2AB6@fatboy.sausage.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't think he's trying to set up a BDC<->PDC relationship, just wants to join the domain with his samba server (as samba has allowed since either late 1.9 or early 2.0 releases.) Things to check: 1. 2k PDC is running in mixed/compatibility mode. Samba doesnt, as far as I know, support joining an AD only domain. 2. workstation account exists in SAM of PDC 3. smb.conf has 'security=domain' set, and 'password server=pdc bdc1 bdc2 bdc3 etc' line 4. your smbpasswd program is reading the right config files and is part of the same distribution of samba as smbd, etc 5. [sn]mbd is not running when you try to do the smbpasswd -j bit. > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Tuesday, February 27, 2001 1:17 PM > To: mjs > Cc: samba_domain pdc > Subject: Re: really FRUSTRATED! > > > mjs wrote: > > > > i would like to thank first the people tha been trying to > help,..but > > unfortunetely i haven't seem to get this working... > > > > let me explain this again,...I want to join a win2k DC to > samba...i first > > added the computer account on the win2k server .. > > As a BDC? I'm not sure if Samba supports Backup Domain Controllers. > > > second i stared the smb daemons,..which seems fine,..now when i > > run > > > > smbpasswd -j digicon (domain) -r digicon (netbios name) > > > > i run into problems..... > > Which are? > > > now so you know when i go to properties of my computer and > click on network > > identification tab to find out my netbios name....this is > where i run into > > problems... > > > > my FQDN is digicon.digitalconsciousness.com > > domain --> digitalconsciousness.com > > > > so -j would be digicon (domain) right?? > > and -r digcon also...or digitalconsciouness.com > > Yes. > > > please help with this ,..im loosing whats left of my mind... > > Well, when you find it again, post the error messages > reported back when > you tried to join the domain. ;-) > > hope it helps, > Matt > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBOpqBu65S0FuupP0+EQKQ0ACgxYzaMYSaaHs5YJ4Vsje8aXlb9q0AoP4f keVyRzKmCi4oCwG4IMOBWIYd =oHLI -----END PGP SIGNATURE----- CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error, please notify the sender immediately. From mgeddes at xavier.sa.edu.au Tue Feb 27 02:29:37 2001 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:33:30 2003 Subject: really FRUSTRATED! References: <9A0F63A07282D4119C4100D0B72017AA7E2AB6@fatboy.sausage.com.au> Message-ID: <3A9B1111.C07E8470@xavier.sa.edu.au> Chris Odgers wrote: > I don't think he's trying to set up a BDC<->PDC relationship, just > wants to join the domain with his samba server (as samba has allowed > since either late 1.9 or early 2.0 releases.) I realise that Samba can act as a DC. But it does sound like he is trying to join a BDC to a domain > > > let me explain this again,...I want to join a win2k DC to > > samba...i first > > > added the computer account on the win2k server .. Also, you won't need to have a computer account for your Samba PDC on your Windows 2000 machine. The domain trust goes the other way. To join a computer to a Samba Controlled Domain, you must have an account for the client machine on the Samba Domain Controller. Hope it helps, Matt From cperras at watchguard.com Tue Feb 27 03:16:13 2001 From: cperras at watchguard.com (Craig Perras) Date: Tue Dec 2 02:33:30 2003 Subject: samba in embedded devices Message-ID: Hello - I'm considering using samba for authenticating users in embedded devices. It only needs to support NT domain authentication. Has anyone looked into how much effort would be required to strip out all the extraneous functionality, or actually started on such a project? TIA! --craig #include From Chris.Odgers at sausage.com Tue Feb 27 03:17:23 2001 From: Chris.Odgers at sausage.com (Chris Odgers) Date: Tue Dec 2 02:33:30 2003 Subject: really FRUSTRATED! Message-ID: <9A0F63A07282D4119C4100D0B72017AA7E2AB7@fatboy.sausage.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Matthew Geddes [mailto:mgeddes@xavier.sa.edu.au] > Sent: Tuesday, February 27, 2001 1:30 PM > To: Chris Odgers > Cc: 'samba-ntdom@samba.org' > Subject: Re: really FRUSTRATED! > > > Chris Odgers wrote: > > > I don't think he's trying to set up a BDC<->PDC relationship, > > just wants to join the domain with his samba server (as samba has > > allowed since either late 1.9 or early 2.0 releases.) > > I realise that Samba can act as a DC. But it does sound like he is > trying to join a BDC to a domain > > > > > let me explain this again,...I want to join a win2k DC to > > > samba...i first > > > > added the computer account on the win2k server .. > > Also, you won't need to have a computer account for your Samba PDC > on your Windows 2000 machine. The domain trust goes the other > way. To join > a computer to a Samba Controlled Domain, you must have an account > for the client machine on the Samba Domain Controller. > > Hope it helps, > Matt > I don't think he's trying to set up a PDC at all, just trying to get a samba machine to join an NT controlled domain.... Correct me if I'm wrong. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBOpqPi65S0FuupP0+EQKUswCg/R0KBJoft2gyU3cbnyAVzJ5SgawAoKgZ h4EVmUXzNPFc9rpoEQUS2hV+ =kPw0 -----END PGP SIGNATURE----- CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error, please notify the sender immediately. From jouni.kyla-nikkila at cybersoft.fi Tue Feb 27 07:00:54 2001 From: jouni.kyla-nikkila at cybersoft.fi (=?iso-8859-1?Q?Jouni_Kyl=E4-Nikkil=E4?=) Date: Tue Dec 2 02:33:30 2003 Subject: Win2K & Samba & PDC Message-ID: Hi! I have a problemn with Win2K and joining in domain. I have Redhat 7.0 (guinness) installed it runs my samba(2.2.0 alpha 2)-server. Everything worked fine with worgroup otions on but when I chagned my samba-server to be my master domain server Win2K did not could log in. I have added my username & password to smbpasswd -file + mine computer with dollar sign. My computer sees domain. When windows ask for password & username for joining to domain it takes few seconds and after that comes error 'the procedure number is out of range' or 'the remote procedure call failed'. When i looked my smb.log file it says: --- [2001/02/27 08:55:19, 0] passdb/smbpass.c:startsmbfilepwent_internal(87) startsmbfilepwent_internal: unable to open file /usr/local/samba/private/smbpasswd. Error was Permission denied [2001/02/27 08:55:19, 0] passdb/passdb.c:iterate_getsam21pwrid(325) unable to open sam password database. --- Why? I have set all permission to my smbpasswd file. It has 'a+wrx'. I noticed that after windows asked me for password somehow smbpasswd rights went back to 'u+rx'. What changes this ? Does samba do it itself? Windows version is Windows 2000 professional, 5.0.2195 build 2195. Does anyone know what could help me ? ---- my smb.conf ---- [global] domain logons = Yes domain master = Yes workgroup = WORK log level = 1 security = user socket options = TCP_NODELAY netbios name = MINE status = Yes os level = 65 encrypt passwords = Yes preferred master = Yes interfaces = eth0 share modes = Yes name resolve order = bcast host lmhost wins nt smb support = Yes nt pipe support = Yes nt acl support = Yes announce as = NT announce version = 4.2 lm announce = True lm interval = 60 keepalive = 300 log file = /usr/local/samba/smb.log [homes] comment = Home dirs browseable = No read only = No write only = No [samba] comment = Server path = /files public = Yes read only = no [netlogon] path = /etc/samba/netlogons writable = no guest ok = no -------------------------------- Thanks in advance Jouni From lkcl at samba-tng.org Tue Feb 27 08:22:51 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:30 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: <3A959125.3269376D@bartlett.house> Message-ID: On Fri, 23 Feb 2001, Andrew Bartlett wrote: > I have around 300 users, most of who are in a 'students' primary group. > There are a few groups (54 including system groups), all of which don't > have very many (non-primary) members. okay. all those names are unique, yes? none of the users have the same name as any of the groups, is this correct? > > appreciate your rewsponse. > > > > do you, by chance, have a large number of unix groups and large numbers of > > users in those groups? > > > > luke > > > > On Fri, 23 Feb 2001, Andrew Bartlett wrote: > > > > > For some reason I implemented TNG in a production environment (I needed > > > user-level security for Win9X shares), and noticed an immediate slowdown > > > for logons and I had reports that logons where timing out, with users > > > unable to login before the timeout - even pressing retry for 45min! From lajbi at lajli.gau.hu Tue Feb 27 08:48:12 2001 From: lajbi at lajli.gau.hu (Lajber Zoltan) Date: Tue Dec 2 02:33:30 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: Message-ID: On Tue, 27 Feb 2001, Luke Kenneth Casson Leighton wrote: > none of the users have the same name as any of the groups, is this > correct? Is this a problem? If yes, why, how, etc... I have about 100 users on a 2.0.7, and 2-3 username and groupnames are same. I going to convert it to 2.2. Thanx && Bye, -=Lajbi=---------------------------------------------------------------- LAJBER Zoltan, Szent Istvan Egyetem, Godollo, IKKP-Informatika Osztaly http://mlf.linux.rulez.org http://pecalista.rulez.org From abartlet at pcug.org.au Tue Feb 27 09:32:31 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:33:30 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: Message-ID: <3A9B742F.232C8666@bartlett.house> Luke Kenneth Casson Leighton wrote: > > On Fri, 23 Feb 2001, Andrew Bartlett wrote: > > > I have around 300 users, most of who are in a 'students' primary group. > > There are a few groups (54 including system groups), all of which don't > > have very many (non-primary) members. > > okay. all those names are unique, yes? > > none of the users have the same name as any of the groups, is this > correct? > A small number are, all RedHat private user groups. Some are system groups (ie, root.root, named.named and the like). Most users are just students, staff or admins. It should'nt be that hard to add an exception into the code that just ignores private groups should it? Also ignoring sytem users and groups shouldn't be that hard. > > > appreciate your rewsponse. > > > > > > do you, by chance, have a large number of unix groups and large numbers of > > > users in those groups? > > > > > > luke > > > > > > On Fri, 23 Feb 2001, Andrew Bartlett wrote: > > > > > > > For some reason I implemented TNG in a production environment (I needed > > > > user-level security for Win9X shares), and noticed an immediate slowdown > > > > for logons and I had reports that logons where timing out, with users > > > > unable to login before the timeout - even pressing retry for 45min! -- Andrew Bartlett abartlet@pcug.org.au From lkcl at samba-tng.org Tue Feb 27 10:06:04 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:30 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: <3A9B742F.232C8666@bartlett.house> Message-ID: On Tue, 27 Feb 2001, Andrew Bartlett wrote: > Luke Kenneth Casson Leighton wrote: > > > > On Fri, 23 Feb 2001, Andrew Bartlett wrote: > > > > > I have around 300 users, most of who are in a 'students' primary group. > > > There are a few groups (54 including system groups), all of which don't > > > have very many (non-primary) members. > > > > okay. all those names are unique, yes? > > > > none of the users have the same name as any of the groups, is this > > correct? > > > > A small number are, all RedHat private user groups. Some are system > groups (ie, root.root, named.named and the like). Most users are just > students, staff or admins. It should'nt be that hard to add an > exception into the code that just ignores private groups should it? > Also ignoring sytem users and groups shouldn't be that hard. private groups? what do you mean, private groups. we added code two years ago to allow admins to map certain users and certain groups to different nt names. see, what i did was, if it's a user, use that. else: if you are a PDC, BDC or member-of-domain, if it's not in the alias-map-file, it's a group. if you are a stand-alone workstation: if it's not in the group-map-file, it's an alias. this allows a unix /etc/group file to be "presented" to the NT world. i did not add a mechanism to "disallow" certain users/groups from this view. the search algorithm, which must resolve a name in *all* spaces - users, groups and aliases - is known to be O(N^3). i.e. horrible. esp. when it comes to looking up a user's NT group RIDs, that's particularly when you get hammered badly, as people are finding out. we added some code that allowed unix user lookups to be cached for short periods of time, as this gave a speed-up in performance of a factor of about 100 on certain unix systems. it is disabled by default, or i may have even removed it altogether. the entire codebase basically needs to be trashed and rewritten, as all existing implementations (all versions of samba) are major headache hacks from which the correct approach has been learned but not yet implemented. luke ----- Luke Kenneth Casson Leighton ----- "i want a world of dreams, run by near-sighted visionaries" "good. that's them sorted out. now, on _this_ world..." From abartlet at pcug.org.au Tue Feb 27 10:56:37 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:33:30 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: Message-ID: <3A9B87E5.8B7D73C7@bartlett.house> Luke Kenneth Casson Leighton wrote: > > On Tue, 27 Feb 2001, Andrew Bartlett wrote: > > > Luke Kenneth Casson Leighton wrote: > > > > > > On Fri, 23 Feb 2001, Andrew Bartlett wrote: > > > > > > > I have around 300 users, most of who are in a 'students' primary group. > > > > There are a few groups (54 including system groups), all of which don't > > > > have very many (non-primary) members. > > > > > > okay. all those names are unique, yes? > > > > > > none of the users have the same name as any of the groups, is this > > > correct? > > > > > > > A small number are, all RedHat private user groups. Some are system > > groups (ie, root.root, named.named and the like). Most users are just > > students, staff or admins. It should'nt be that hard to add an > > exception into the code that just ignores private groups should it? > > Also ignoring sytem users and groups shouldn't be that hard. > > private groups? what do you mean, private groups. RedHat has this 'feature' whereby all users are automatically made members of a private group - eg I (abartlet) have a primary group of 'abartlet', of which nobody else is a member. This means that all files I create are owned by 'abartlet.abartlet'. On a 'standard' RedHat setup, this would have been 300 users and 300 groups - I only used the 'normal' setup because I wanted group quotas. > > we added code two years ago to allow admins to map certain users and > certain groups to different nt names. > > see, what i did was, if it's a user, use that. > > else: > > if you are a PDC, BDC or member-of-domain, > > if it's not in the alias-map-file, it's a group. > > if you are a stand-alone workstation: > > if it's not in the group-map-file, it's an alias. > > this allows a unix /etc/group file to be "presented" to the NT world. i > did not add a mechanism to "disallow" certain users/groups from this view. > the search algorithm, which must resolve a name in *all* spaces - users, > groups and aliases - is known to be O(N^3). i.e. horrible. esp. when it > comes to looking up a user's NT group RIDs, that's particularly when you > get hammered badly, as people are finding out. > > we added some code that allowed unix user lookups to be cached for short > periods of time, as this gave a speed-up in performance of a factor of > about 100 on certain unix systems. it is disabled by default, or i may > have even removed it altogether. > > the entire codebase basically needs to be trashed and rewritten, as all > existing implementations (all versions of samba) are major headache hacks > from which the correct approach has been learned but not yet implemented. > > luke > > ----- Luke Kenneth Casson Leighton ----- > > "i want a world of dreams, run by near-sighted visionaries" > "good. that's them sorted out. now, on _this_ world..." -- Andrew Bartlett abartlet@pcug.org.au From sharpe at ns.aus.com Tue Feb 27 00:15:09 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:33:30 2003 Subject: Mounting shares before logging in In-Reply-To: <000401c0a028$05976dc0$3202a8c0@elmiront> References: Message-ID: <3.0.6.32.20010227101509.0126b210@203.16.214.248> At 08:12 PM 2/26/01 +0100, Anders C. Thorsen wrote: >I tink Richard sharpe asked about something similar earlier. >He might have some more tested ideas on the subject I did ask, and got some suggestions, and the MSDN web site has some advice on this. At the end of the day, I did not really need to do this, and simply allowed the Windows NT box to access the share by ensuring that it could log on. The application could be told what account to use to access the server. >BTW: Did you make the service "interact.." or not? > >Also: I know that logged on users get the sharings >the service has. There's also something about "null session" > >digging trough the knowledgebase on microsoft.com: > > http://support.microsoft.com/support/kb/articles/Q132/6/79.ASP (NT 3.51 +) > http://support.microsoft.com/support/kb/articles/Q124/1/84.asp (NT 3.51) > > > >a knowledgebase is what samba.org needs.. which I suggested a while back. >Linking >to external resources as the above, and utilizing some of the great stuff at >kt.linuxcare.com >+ the samba FAQ's ofcourse.. > > >speaking of documentation: Is David Bannon still around..? > >--Anders > >-----Original Message----- >From: samba-ntdom-admin@us5.samba.org >[mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Peter Lundqvist >Sent: 26. februar 2001 16:55 >To: samba-ntdom@us5.samba.org >Subject: Mounting shares before logging in > > >Hi, > >This is not the best of places to ask this, but since I've had no response >elsewhere and the people here usually knows a lot about the evil side... > >I have the need to mount shares before any normal user logs on to our >NT server. >I've tried to convert a script that mounts the desired shares into a >service. The script executes fine, according to the logs the shares are >mounted. But when a user logs in, the mounted shares are not visible. >If I *now* try to mount the shares on the NT-box, it says that the share >is already in use. > >If I run the script when the user logs in (and the service-script is >removed), it works like a charm. > >Does anyone have clue? > >........................................................................... >Peter Lundqvist web: http://www.update.uu.se/~peterl >Studentv. 32:22B e-mail: peterl@update.uu.se >752 34 Uppsala cellular: +46 (0)70 45 66 347 >Sweden work: +46 (0)155 256 440 > >"The trouble with being punctual is that people >think you have nothing more important to do." > > > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From gary at netin.com Tue Feb 27 11:55:22 2001 From: gary at netin.com (GL Fournerat) Date: Tue Dec 2 02:33:30 2003 Subject: HOWTO Samba on RH 7.0 Message-ID: <3A9B95AA.1F8BC28D@netin.com> Hello all: While I'm recovering from gall bladder surgery, I thought I'd do something useful (since sitting up is about the only comfortable position I can find)... like create a HOWTO Samba (-2.0.7-21ssl) on RH7 (w/ xinetd-2.1.8.9pre14). I have already sent off the request to the HOWTO coordinator at linuxdoc.org (has anyone noticed that the listed email address for the coordinator is inop?). I'm hopeful linuxdoc will write back and say this document has already been created; that I have just failed to locate it. If so, wonderful!! If this HOWTO has not been created, I'd like to enlist the help of anyone that has some familiarity with Samba-2.0. Please email me off-list at gary@netin.com if you're interested in participating. I might add that my home LAN consists of the following: NT 4 (SP5) PDC, a Win 98 SE workstation, a Win 95 workstation, and a RH 7.0 server (with kernel-2.2.17-14)... so we can experiment on all these platforms. Sincerely, Gary Fournerat From core at mistyvortex.lnet.lut.fi Tue Feb 27 12:16:58 2001 From: core at mistyvortex.lnet.lut.fi (=?ISO-8859-1?Q?Mikko_'Kore'_R=F6nkk=F6nen?=) Date: Tue Dec 2 02:33:30 2003 Subject: Samba joining W2K server PDC problematic Message-ID: connection linux-samba to domain. (Samba-TNG) # /usr/local/samba/bin/smbpasswd -j KOVA-INVEST -r IDEFIX cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine IDEFIX. Error was : NT_STATUS_ACCESS_DENIED. 2001/02/27 14:10:40 : change_trust_account_password: Failed to change password for domain KOVA-INVEST. Unable to join domain KOVA-INVEST. # So what can i do in other way with samba? I have very limited possibilities in configuring PDC side. Any help apreciated. :) Mikko R?nkk?nen Finland From t.gildersleeve at bilk.ac.uk Tue Feb 27 13:53:27 2001 From: t.gildersleeve at bilk.ac.uk (Tim Gildersleeve) Date: Tue Dec 2 02:33:30 2003 Subject: samba in embedded devices Message-ID: I dont know if this is what you are talking about but you may want to look at pam_ntdom. Allows NT Domain authentication plugin to PAM. I dont know much about it though. I think it just allows UNIX authentication against an *existing* NT Domain. Tim Gildersleeve tim@otcs-online.net Oak Tree Computer Services > -----Original Message----- > From: Craig Perras [SMTP:cperras@watchguard.com] > Sent: Tuesday, February 27, 2001 3:16 AM > To: samba-ntdom@us5.samba.org > Subject: samba in embedded devices > > Hello - > > I'm considering using samba for authenticating users in embedded devices. > It only needs to support NT domain authentication. Has anyone looked into > how much effort would be required to strip out all the extraneous > functionality, or actually started on such a project? > > TIA! > --craig > > #include > > > From peter at cadcamlab.org Tue Feb 27 14:04:06 2001 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:33:30 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: <3A9B87E5.8B7D73C7@bartlett.house> Message-ID: <15003.46038.228930.275112@wire.cadcamlab.org> [Andrew Bartlett] > RedHat has this 'feature' whereby all users are automatically made > members of a private group - eg I (abartlet) have a primary group of > 'abartlet', of which nobody else is a member. Yes, useful feature; Debian does this by default as well. However, I believe at the moment it is incompatible with Samba including Samba-TNG. In the NT world, users and groups (and aliases) all share the same namespace, so you can't have name collisions. Samba does not yet deal with this situation gracefully -- although the issue has come up before (usual suggestion: groups that collide with users can be mangled with a fixed prefix or suffix that is assumed not to occur in usernames). Peter From lkcl at samba-tng.org Tue Feb 27 14:08:27 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:30 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: <15003.46038.228930.275112@wire.cadcamlab.org> Message-ID: better to specify the mangling explicitly in domaingroups.map, domainaliases.map and domainusers.map. the syntax can be extended to include wildcard matching, if necessary, although it would be better to auto-generate the .map files with scripting (perl, whatever). On Tue, 27 Feb 2001, Peter Samuelson wrote: > > [Andrew Bartlett] > > RedHat has this 'feature' whereby all users are automatically made > > members of a private group - eg I (abartlet) have a primary group of > > 'abartlet', of which nobody else is a member. > > Yes, useful feature; Debian does this by default as well. > > However, I believe at the moment it is incompatible with Samba > including Samba-TNG. In the NT world, users and groups (and aliases) > all share the same namespace, so you can't have name collisions. Samba > does not yet deal with this situation gracefully -- although the issue > has come up before (usual suggestion: groups that collide with users > can be mangled with a fixed prefix or suffix that is assumed not to > occur in usernames). > > Peter > ----- Luke Kenneth Casson Leighton ----- "i want a world of dreams, run by near-sighted visionaries" "good. that's them sorted out. now, on _this_ world..." From greg at kwikfind.com Tue Feb 27 15:55:14 2001 From: greg at kwikfind.com (Greg J. Zartman) Date: Tue Dec 2 02:33:30 2003 Subject: Again: Win2k, joining domain References: <007a01c0a05f$1b430c10$1f0110ac@orca> Message-ID: <007701c0a0d5$ad0d92c0$2800a8c0@leinet> Phillipp, Yes, Raoul fixed me up as well. It always seems that the little things hang you up the worst. Greg ----- Original Message ----- From: "Philipp Hug" To: Sent: Monday, February 26, 2001 5:46 PM Subject: Again: Win2k, joining domain > I can join the domain now. (Thanks to Raoul) > > is it true, that the machine-account in smbpasswd MUST NOT exist? > > philipp > > > > > From cp at uni-wh.de Tue Feb 27 16:34:54 2001 From: cp at uni-wh.de (cp@uni-wh.de) Date: Tue Dec 2 02:33:30 2003 Subject: mashine accounts: 2.0.7 -> TNG? Message-ID: Hi everbody, is it possible somehow to switch from samba 2.0.7 to TNG without leaving and rejoining the domain with every NT Workstation? Is there thomething like a migration tool, that converts old smbpasswd machine accounts to TNG style? This would help us *a lot*. Thanks in advance! Regards Christoph From luisrocha at mac.com Tue Feb 27 19:51:20 2001 From: luisrocha at mac.com (Luis Rocha) Date: Tue Dec 2 02:33:31 2003 Subject: Samba 2.0.7 for OS X Server In-Reply-To: <20010226200104.2AAD5813F@lists.samba.org> Message-ID: Hi All, I have installed Samba 2.0.5 on my OS X Server, but I'd like to find 2.0.7 somewhere. I've looked all around and cannot seem to find a workable version. I downloaded a file but it won't work. I've also tried it on Mac OS X PB, seed 4k33, and it doesn't work. Seems to, but doesn't quite do so. Can anyone help me? Treat this as two requests, since I'd be happy with either one working, though I'd prefer the OS X Server. Luis Fernando Rocha Mission, TX From WardD at TheWineSociety.com Tue Feb 27 20:12:53 2001 From: WardD at TheWineSociety.com (Dean Ward) Date: Tue Dec 2 02:33:31 2003 Subject: samba-appliance problem: winbindd overwrites secrets.tdb Message-ID: <4DF700F51F8AD4119A930001FA6A2062167037@postman-pat.internal.thewinesociety.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 From: Chris Briggs To: "'samba-ntdom@lists.samba.org'" Subject: samba-appliance problem: winbindd overwrites secrets.tdb Date: Mon, 26 Feb 2001 16:46:58 -0500 Now my questions are these: 1. Has anyone gotten Samba with domain security and winbind working on a RH 7.0 system? (Question 1.a. From the mailing list archive for February, it looks like someone has gotten it to run on a Solaris 2.6 system? Is this true, and if so, will it work on Solaris 2.8?) 2. How do I get winbindd not to clobber my secrets.tdb file? (Or is this not important?) 3. Is this the right place for samba-appliance questions? (If not, where is?) - -- Chris, Unfortunately, despite getting the source compiled on Solaris 2.6, I could not authenticate our NT users on the machine, so I'm quite content with waiting for 2.2 which supports (?) this. Regards, Dean Ward Info Systems The Wine Society -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use iQA/AwUBOpwKOVfIoGsXDuONEQJU3wCg1sZRWH8uwkZkO6vysbakmJ3IWZsAoIE7 WOXxap18LR6vroyjY9pKsYkH =1ZB5 -----END PGP SIGNATURE----- From tom.myny at pandora.be Tue Feb 27 20:14:29 2001 From: tom.myny at pandora.be (Tom Myny) Date: Tue Dec 2 02:33:31 2003 Subject: Win2k problem with saving profiles Message-ID: <004301c0a0fa$dda77020$0200a8c0@pctom> Now i can join the domain it create a map profile in my home directory of my users. But the following problem is now: some of these maps created in the map profiles have NO write/exexcuteble/read permissions for the user himself. (so i get this: (d---------) . When i close my session in win2k and win2k wants to save my profile on my linux samba pc it gives and error he can't write the profile (because the file permissions i just gave). Now i set manually set these maps read/write/executable but win2k always create new maps, and the same problem comes back because win2k cannot write again. Someone now how to solve this problem ? -------------- next part -------------- HTML attachment scrubbed and removed From donj at dndjordan.com Tue Feb 27 21:20:09 2001 From: donj at dndjordan.com (D&D Jordan) Date: Tue Dec 2 02:33:31 2003 Subject: SMB Kernel error Message-ID: <010701c0a103$107a53c0$0501a8c0@dndjordan.com> I'll try posting this again. Running 2.0.7-21 Feb 22 12:42:41 server1 kernel: smb_trans2_request: result=-32, setting invalid Feb 22 12:42:41 server1 kernel: smb_retry: sucessful, new pid=32561, generation=4 Is this a bug? I have removed the system from the domain, erased the SID's, reset the computer account, rejoined the domain and still get this error. Also, running smbclient -L server I am getting this error: SSL: Error error setting CA cert locations: error: 00000000::lib(0) :func(0) :reason(0) trying default locations. I wasn't even aware that I was requesting SSL. If this is a bug or not, some kind of response would be appreciated. This has been going on for weeks and I cannot find a single reference to aid me. TIA -------------- next part -------------- HTML attachment scrubbed and removed From Pieter.VanDijk at dialogic.com Tue Feb 27 21:45:16 2001 From: Pieter.VanDijk at dialogic.com (Van Dijk, Pieter) Date: Tue Dec 2 02:33:31 2003 Subject: NTLM Authentication Message-ID: Hi everyone, I have a Linux Client which needs to get NTLM authentication for a user X who is in group Y from a Windows 2000 Server. Has anyone had the same problem or know where I could get a library which would allow me to do this? Or a place where I could start? Someone directed me to this group as they thought it could be done by using SMB calls. Pieter From abartlet at pcug.org.au Tue Feb 27 21:47:10 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: <3A9B87E5.8B7D73C7@bartlett.house> <15003.46038.228930.275112@wire.cadcamlab.org> Message-ID: <3A9C205E.CC777FB9@bartlett.house> Peter Samuelson wrote: > > [Andrew Bartlett] > > RedHat has this 'feature' whereby all users are automatically made > > members of a private group - eg I (abartlet) have a primary group of > > 'abartlet', of which nobody else is a member. > > Yes, useful feature; Debian does this by default as well. > > However, I believe at the moment it is incompatible with Samba > including Samba-TNG. In the NT world, users and groups (and aliases) > all share the same namespace, so you can't have name collisions. Samba > does not yet deal with this situation gracefully -- although the issue > has come up before (usual suggestion: groups that collide with users > can be mangled with a fixed prefix or suffix that is assumed not to > occur in usernames). > > Peter Well if the case of private groups could be simply exculded (they exist only to make unix admin easier, they dont benifit NT), and system groups excluded, this problem would just 'go away' in the vast majority of installations. It shouldn't be that hard to do, is it? Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au From Pieter.VanDijk at dialogic.com Tue Feb 27 21:51:58 2001 From: Pieter.VanDijk at dialogic.com (Van Dijk, Pieter) Date: Tue Dec 2 02:33:31 2003 Subject: NTLM Authentication Message-ID: Hi everyone, I have a Linux Client which needs to get NTLM authentication for a user X who is in group Y from a Windows 2000 Server. Has anyone had the same problem or know where I could get a library which would allow me to do this? Or a place where I could start? Someone directed me to this group as they thought it could be done by using SMB calls. Pieter From peter at cadcamlab.org Tue Feb 27 22:15:29 2001 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: <3A9B87E5.8B7D73C7@bartlett.house> <15003.46038.228930.275112@wire.cadcamlab.org> <3A9C205E.CC777FB9@bartlett.house> Message-ID: <15004.9985.822714.154961@wire.cadcamlab.org> [Andrew Bartlett] > Well if the case of private groups could be simply exculded (they > exist only to make unix admin easier, they dont benifit NT), and > system groups excluded, this problem would just 'go away' in the vast > majority of installations. So when a file belongs to one of these excluded groups, and NT asks for the security descriptor, what do you tell it -- "no group"? Peter From abartlet at pcug.org.au Tue Feb 27 22:27:51 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: <3A9B87E5.8B7D73C7@bartlett.house> <15003.46038.228930.275112@wire.cadcamlab.org> <3A9C205E.CC777FB9@bartlett.house> <15004.9985.822714.154961@wire.cadcamlab.org> Message-ID: <3A9C29E7.28763667@bartlett.house> Peter Samuelson wrote: > > [Andrew Bartlett] > > Well if the case of private groups could be simply exculded (they > > exist only to make unix admin easier, they dont benifit NT), and > > system groups excluded, this problem would just 'go away' in the vast > > majority of installations. > > So when a file belongs to one of these excluded groups, and NT asks for > the security descriptor, what do you tell it -- "no group"? > > Peter I don't know the internals of NT as well as I should, but I didn't think that files under NT needed to be owned by both a group and a user, ie a file can be owned by just a user. If this is the case, then samba should just not mention the private group involved, and simply say the file is owned by the user. If sombody is playing games, and files are owned by a different user/private group combination (ie not matching), then we have a problem - but that shouldn't occur in the natural course of things, and would require root permissions to setup anyway. Just my two bobs worth, Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au From rajeeva at research.bell-labs.com Tue Feb 27 22:52:03 2001 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:33:31 2003 Subject: hpdj990c and samba Message-ID: <3A9C2F93.5C3CE8D2@research.bell-labs.com> Hi, I am using samba code from the head branch. When I install drivers for hpdj990c on a samba server and try to use the printer from a NT machine I get following error message, when I try to display the document defaults or properties "Function address 0x58426a3 caused a protection fault. (exception code 0xc0000005)" However if I install the same drivers on a NT server and use them from another NT machine, I can use the printer just fine. Could you please help/guide me to fix the problem. TIA, rajeev From Pieter.VanDijk at dialogic.com Tue Feb 27 23:01:32 2001 From: Pieter.VanDijk at dialogic.com (Van Dijk, Pieter) Date: Tue Dec 2 02:33:31 2003 Subject: NTLM Authentication Message-ID: You can enable NTLM authentication in Win2k Server, as the following link shows: http://www.microsoft.com/windows2000/en/advanced/help/default.asp?url=/WINDO WS2000/en/advanced/help/sag_SEconceptsUnAuthNTLM.htm -----Original Message----- From: digitalfrontier [mailto:digitalfrontier@home.com] Sent: Wednesday, February 28, 2001 11:42 AM To: Van Dijk, Pieter Subject: RE: NTLM Authentication alright,..i thought it was just kerberos for win2k and NTLM for windows NT 4.0,..but win2k in native mode only supports kerberos right??..correct me if I'm wrong.... -----Original Message----- From: Van Dijk, Pieter [mailto:Pieter.VanDijk@dialogic.com] Sent: Tuesday, February 27, 2001 5:35 PM To: 'digitalfrontier' Subject: RE: NTLM Authentication It supports Kerberos and NTLM. -----Original Message----- From: digitalfrontier [mailto:digitalfrontier@home.com] Sent: Wednesday, February 28, 2001 11:36 AM To: Van Dijk, Pieter Subject: RE: NTLM Authentication doesn't win2k use kerberos for authentification now???...not NTLM -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Van Dijk, Pieter Sent: Tuesday, February 27, 2001 4:52 PM To: 'samba-ntdom@samba.org' Subject: NTLM Authentication Hi everyone, I have a Linux Client which needs to get NTLM authentication for a user X who is in group Y from a Windows 2000 Server. Has anyone had the same problem or know where I could get a library which would allow me to do this? Or a place where I could start? Someone directed me to this group as they thought it could be done by using SMB calls. Pieter --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/2001 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/2001 --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/2001 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.231 / Virus Database: 112 - Release Date: 2/12/2001 From f.w.j.wiegerinck at student.utwente.nl Tue Feb 27 23:10:42 2001 From: f.w.j.wiegerinck at student.utwente.nl (F.W.J.Wiegerinck) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) Message-ID: <002501c0a112$8243f970$4800a8c0@personalpower2> Andrew Barlett wrote: > Peter Samuelson wrote: > > > > [Andrew Bartlett] > > > Well if the case of private groups could be simply exculded (they > > > exist only to make unix admin easier, they dont benifit NT), and > > > system groups excluded, this problem would just 'go away' in the vast > > > majority of installations. > > > > So when a file belongs to one of these excluded groups, and NT asks for > > the security descriptor, what do you tell it -- "no group"? > > > > Peter > > I don't know the internals of NT as well as I should, but I didn't think > that files under NT needed to be owned by both a group and a user, ie a > file can be owned by just a user. > > If this is the case, then samba should just not mention the private > group involved, and simply say the file is owned by the user. If > sombody is playing games, and files are owned by a different > user/private group combination (ie not matching), then we have a problem > - but that shouldn't occur in the natural course of things, and would > require root permissions to setup anyway. If we just look to the requirements for users and/or groups for the platforms windows and unix systems, we can determine (correct me if I am wrong) Unix: - each user has one or more groups - each group has zero or more users Windows: - each user has zero or more groups - each group has zero or more users Conclusion: * converting unix groups to windows groups will never be a problem. windows groups have the same restrictions as unix groups for the relation group to user * converting windows groups to unix groups will never be a problem. unix groups have the same restrictions as windows groups for the relation group to user * converting unix users to windows users will never be a problem. a 1 to many relation can always be inserted into a 0 to many relation * converting windows users can be a problem. a 0 to many relation can't be insert automatically into a 1 to many relation This problem ( 0 to many converting to a 1 to many relation) can be solved by always inserting a relation into the 0 to many relation. if "n" is the number of groups before converting, then it can be expressed like: n(start) = 0..m; when we adapt this relation by inserting 1 relation we can expresse it like: n(adapted) = n(start) + 1 = (0..m)+1 = 1..(m+1) = 1..m When we have adapted the relation is won't be a problem any more. But how can we adapte the relation.There will be enough ways to do this. Here are 2 examples: * Each user has his own group with the same name. Problems will occure if an other user will use that group to. If a group has the same name as it user it will not be passed throw to the windows system. * Each user has his "dummy" group. By example: this group could have the name "nobody". This could be specified into the config-file. This groupname will not be passed throw to the windows system. Both solutions require a filter for all relations to adjust any information to the specs. Sorry for my poor english and the way of expression. Frank Wiegerinck From vorlon at netexpress.net Tue Feb 27 23:11:26 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: <15003.46038.228930.275112@wire.cadcamlab.org> Message-ID: On Tue, 27 Feb 2001, Peter Samuelson wrote: > [Andrew Bartlett] > > RedHat has this 'feature' whereby all users are automatically made > > members of a private group - eg I (abartlet) have a primary group of > > 'abartlet', of which nobody else is a member. > Yes, useful feature; Debian does this by default as well. > However, I believe at the moment it is incompatible with Samba > including Samba-TNG. In the NT world, users and groups (and aliases) > all share the same namespace, so you can't have name collisions. Samba > does not yet deal with this situation gracefully -- although the issue > has come up before (usual suggestion: groups that collide with users > can be mangled with a fixed prefix or suffix that is assumed not to > occur in usernames). Just a thought (one with no experimental backing), but would it be possible by default to find namespace collisions (resolve the rid to a gid, getgrgid(gid), get the name, getpwnam(group_name), tag as a collision) and mangle them by appending a non-printable character to the group name returned? If we append a character that can't be displayed, but which would be /preserved/ by NT, we can effectively display both the user and the group with that name in all of the relevant lists without worrying about complex mangling maps. The only limitation would be if you ever needed to type out the group name -- is this an issue that comes up? I've typed in usernames, but in my experience group names have only ever come up in contexts where I have a listbox available to me. Steve Langasek postmodern programmer From memphis_ms at gmx.net Tue Feb 27 23:19:24 2001 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:33:31 2003 Subject: Win2k problem with saving profiles References: <004301c0a0fa$dda77020$0200a8c0@pctom> Message-ID: <3A9C35FC.77724E4@gmx.net> add to your [profiles] section two force commands force create mode 660 (makes it r/w for the user and everyone in his group) force user "username" force group "groupname" (one should be enough, but oh well) and if you create new directories directory mask 770 (rwx for user and his group) in case you are not familiar with the masks in *nix: 4 is read, 2 is write, 1 is execute. add them up to combine them. First is the user, second is the group, third is all the other guys in the world. For directories: if x is set, then you can enter the dir. If r is set, you can read the directory contents (just for reading files, this is not essential). If w is set, you can create new files. For reading / writing to existing files for which you know the name, you only need an x for the dir. HTH Raoul > But the following problem is now:some of these maps created in the map > profiles have NO write/exexcuteble/read permissions for the user > himself. (so i get this: (d---------) . When i close my session in From greg at leiinc.com Wed Feb 28 00:09:53 2001 From: greg at leiinc.com (Greg J. Zartman, P.E.) Date: Tue Dec 2 02:33:31 2003 Subject: Editing the smbpasswd file Message-ID: <005301c0a11a$c6f54bc0$2800a8c0@leinet> I'm sure the question that I am about to ask has to do with my lack of familiarity with Unix based editors, but what is the best editor to use to make manual changes to the smbpasswd file? I am using the KDE kedit editor and it seems to be fouling up my smbpasswd file. After I make changes in kedit, I get the error malformed password entry (uid not number!) when I use the smbpasswd applet to do just about anything. Along these lines, I thought Samba 2.2 alpha 2 allowed win users to change their smbpasswd passwords remotely from the windows client. Is this true? If so, how do you do it (I would have thought it could be down by pressing CTRL-ALT-DEL and selecting the change password option). thank you. Greg J. Zartman, P.E. -------------- next part -------------- A non-text attachment was scrubbed... Name: Greg J. Zartman.vcf Type: text/x-vcard Size: 369 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010227/93b5867a/GregJ.Zartman.vcf From jbeauchamp7 at mindspring.com Wed Feb 28 01:26:12 2001 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:33:31 2003 Subject: Editing the smbpasswd file References: <005301c0a11a$c6f54bc0$2800a8c0@leinet> Message-ID: <005e01c0a125$70436220$1501a8c0@easypea.com> ----- Original Message ----- From: "Greg J. Zartman, P.E." To: "Samba Mailing List" Sent: Tuesday, February 27, 2001 7:09 PM Subject: Editing the smbpasswd file > I'm sure the question that I am about to ask has to do with my lack of > familiarity with Unix based editors, but what is the best editor to use to > make manual changes to the smbpasswd file? I am using the KDE kedit editor > and it seems to be fouling up my smbpasswd file. After I make changes in > kedit, I get the error malformed password entry (uid not number!) when I use > the smbpasswd applet to do just about anything. I use vi, but that is my personal choice. As a first timer, you may find pico easier to use. There are many others. I'm sure others will chime in here. > > Along these lines, I thought Samba 2.2 alpha 2 allowed win users to change > their smbpasswd passwords remotely from the windows client. Is this true? > If so, how do you do it (I would have thought it could be down by pressing > CTRL-ALT-DEL and selecting the change password option). > For Samba to change passwords, you need to edit your smb.conf file, specifically in the 'password chat' section. This area let's you configure samba for the conversation that takes place when a user changes their password. See the man page on smb.conf for an explanation of the parameters associated with unix/windoze password synch HTH James > > thank you. > Greg J. Zartman, P.E. > > From wilsong at sergievsky.cpmc.columbia.edu Wed Feb 28 01:32:37 2001 From: wilsong at sergievsky.cpmc.columbia.edu (Gary Wilson) Date: Tue Dec 2 02:33:31 2003 Subject: Editing the smbpasswd file References: <005301c0a11a$c6f54bc0$2800a8c0@leinet> <005e01c0a125$70436220$1501a8c0@easypea.com> Message-ID: <00e701c0a126$554cce60$0200a8c0@nyc.rr.com> If you want to replace Kedit with a graphical editor and you are working in something like KDE or GNOME, I'd recommend nedit. You can get a copy at www.nedit.org. It's the best editor available on Linux (in my opinion anyway :-)) Gary ----- Original Message ----- From: "James W. Beauchamp" To: "Greg J. Zartman, P.E." ; Sent: Tuesday, February 27, 2001 8:26 PM Subject: Re: Editing the smbpasswd file ----- Original Message ----- From: "Greg J. Zartman, P.E." To: "Samba Mailing List" Sent: Tuesday, February 27, 2001 7:09 PM Subject: Editing the smbpasswd file > I'm sure the question that I am about to ask has to do with my lack of > familiarity with Unix based editors, but what is the best editor to use to > make manual changes to the smbpasswd file? I am using the KDE kedit editor > and it seems to be fouling up my smbpasswd file. After I make changes in > kedit, I get the error malformed password entry (uid not number!) when I use > the smbpasswd applet to do just about anything. I use vi, but that is my personal choice. As a first timer, you may find pico easier to use. There are many others. I'm sure others will chime in here. > > Along these lines, I thought Samba 2.2 alpha 2 allowed win users to change > their smbpasswd passwords remotely from the windows client. Is this true? > If so, how do you do it (I would have thought it could be down by pressing > CTRL-ALT-DEL and selecting the change password option). > For Samba to change passwords, you need to edit your smb.conf file, specifically in the 'password chat' section. This area let's you configure samba for the conversation that takes place when a user changes their password. See the man page on smb.conf for an explanation of the parameters associated with unix/windoze password synch HTH James > > thank you. > Greg J. Zartman, P.E. > > From peter at cadcamlab.org Wed Feb 28 02:16:11 2001 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: <15003.46038.228930.275112@wire.cadcamlab.org> Message-ID: <15004.24427.755690.579389@wire.cadcamlab.org> [Steve Langasek] > Just a thought (one with no experimental backing), but would it be > possible by default to find namespace collisions (resolve the rid to > a gid, getgrgid(gid), get the name, getpwnam(group_name), tag as a > collision) This whole thing needs caching -- the above sounds like a lot of overhead. > and mangle them by appending a non-printable character to the group > name returned? Hmmm, interesting thought. The above is a way of "tricking" the NT end-user into thinking the user and group are equivalent, while not tricking the system -- and as such its efficacy depends on the like-named user and group actually being semantically equivalent, for human purposes. I think I sort of like Andrew's proposal better -- ignore the duplicate group names entirely w/r/t sending and receiving security descriptor information. (NT doesn't require it, since unlike Unix it doesn't assume that every file has a group.) If the client wants to change the ACL of a file to have no groups in it, you can use the default nobody-group ('nogroup' on my Linux box). Peter From greg at kwikfind.com Wed Feb 28 02:19:31 2001 From: greg at kwikfind.com (Greg J. Zartman) Date: Tue Dec 2 02:33:31 2003 Subject: Editing the smbpasswd file References: <005301c0a11a$c6f54bc0$2800a8c0@leinet> <005e01c0a125$70436220$1501a8c0@easypea.com> Message-ID: <007901c0a12c$e2d9ee60$2800a8c0@leinet> I thought the password sync functionality of Samba was to synchronize the passwords in smbpasswd file with those in the passwd file???? The Samba FAQs seem to indicate that the ability to change the password in the smbpasswd file remotely from a windows machine is there, but I can't get it to work. I get really strange error message on the windows side (something I'm sure only the "coders" can figure out) and a message in my samba log file that says the function is not yet implemented. I'm running Samba 2.2 alpha 2, which was released after the FAQs came out, so it would appear that the function is/was working. Is there something I am missing in my smb.conf file??? Thank you. Greg J. Zartman ----- Original Message ----- From: "James W. Beauchamp" To: "Greg J. Zartman, P.E." ; Sent: Tuesday, February 27, 2001 5:26 PM Subject: Re: Editing the smbpasswd file > > ----- Original Message ----- > From: "Greg J. Zartman, P.E." > To: "Samba Mailing List" > Sent: Tuesday, February 27, 2001 7:09 PM > Subject: Editing the smbpasswd file > > > > I'm sure the question that I am about to ask has to do with my lack of > > familiarity with Unix based editors, but what is the best editor to use to > > make manual changes to the smbpasswd file? I am using the KDE kedit > editor > > and it seems to be fouling up my smbpasswd file. After I make changes in > > kedit, I get the error malformed password entry (uid not number!) when I > use > > the smbpasswd applet to do just about anything. > > I use vi, but that is my personal choice. As a first timer, you may find > pico easier to use. There are many others. I'm sure others will chime in > here. > > > > > > Along these lines, I thought Samba 2.2 alpha 2 allowed win users to change > > their smbpasswd passwords remotely from the windows client. Is this true? > > If so, how do you do it (I would have thought it could be down by pressing > > CTRL-ALT-DEL and selecting the change password option). > > > > For Samba to change passwords, you need to edit your smb.conf file, > specifically in the 'password chat' section. This area let's you configure > samba for the conversation that takes place when a user changes their > password. See the man page on smb.conf for an explanation of the parameters > associated with unix/windoze password synch > > HTH > > James > > > > > > > thank you. > > Greg J. Zartman, P.E. > > > > > > > > > From massey at rmci.net Wed Feb 28 03:50:42 2001 From: massey at rmci.net (Mike) Date: Tue Dec 2 02:33:31 2003 Subject: Latest Samba Message-ID: Hi All Running RH 7.0, after downloading the source and runing the ./configure then going to the RH Package to sh makerpms.sh it errors say unkown RPM Version 4.0. Next question is on the 6.2 RH I have. I had it setup to be able to map a drive from my NT PDC but for some reason it just quit. I tested my NIC and I can ping and run it on my DSL but nothing seems to be wrong..Just for stupity sake I installed a new nic and redid all of the networking and the samba.conf file..I can see the Linux box in nethood but I can no longer logon and map a drive.. I read the manual and I am in no hurry but if a guru has a thought or two I would love to hear. IMHO: As an NT guy I like SAMBA, Was not to hard to setup the basics and get it going..mind you I do mean basic..just being able to open the Linux Homes and root so I can map a drive from NT. Cheers Mike /'^'\ ( o o ) -------------------------------------------------------oOOO--(_)--OOOo------ Mike Benzel --------------- To err is human, to really foul things up requires a computer. .oooO ( ) Oooo. ---------------------------------------------------------\ (----( )------- \_) ) / (_/ From Lothar.Belle at tqs.de Wed Feb 28 05:59:16 2001 From: Lothar.Belle at tqs.de (Lothar Belle) Date: Tue Dec 2 02:33:31 2003 Subject: pwdump Message-ID: <61011756BBA2D111A6B10000C03782E0B92453@TQS-MAILSERVER> Dir Sir`s, We want use your program "pwdump" unfortunatly we got the error message after start the program: get_sid: LookupAccountName for size on name Administrators failed. Error was Zuordnungen von Kontennamen und Sicherheits-IDs wurden nicht durchgef?hrt Pleas can you help me. Wy doesn?t it work. ( I am connected at the PDC as Administrator) Kind Regards Lothar Belle TQ- Systems GmbH Gut Delling, M?hlstr. 2 82229 Seefeld Tel: 08153/9308-139 Fax:08153/4223 From barth at cck.uni-kl.de Wed Feb 28 06:58:09 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:31 2003 Subject: Editing the smbpasswd file In-Reply-To: <007901c0a12c$e2d9ee60$2800a8c0@leinet> Message-ID: <3A9CAF91.12615.2EC7A8@localhost> > I thought the password sync functionality of Samba was to synchronize > the passwords in smbpasswd file with those in the passwd file???? Yes, the password sync functionality is to sync the passwd-file if the smbpasswd is changed. > The > Samba FAQs seem to indicate that the ability to change the password in > the smbpasswd file remotely from a windows machine is there, but I > can't get it to work. I get really strange error message on the > windows side (something I'm sure only the "coders" can figure out) and > a message in my samba log file that says the function is not yet > implemented. > > I'm running Samba 2.2 alpha 2, which was released after the FAQs came > out, so it would appear that the function is/was working. Is there > something I am missing in my smb.conf file??? As far as I know, you don't need any special paramters in smb.conf to allow smbpasswd changes from the client. For testing I would recomend to turn passwd sync off, try the smbpasswd comand, try differnt clients (NT, W2k, (Workstation, server)) and different samba- Versions. Christian _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From sven at sven-siemsen.de Wed Feb 28 07:09:28 2001 From: sven at sven-siemsen.de (Sven Siemsen) Date: Tue Dec 2 02:33:31 2003 Subject: Again: Win2k, joining domain In-Reply-To: <007701c0a0d5$ad0d92c0$2800a8c0@leinet> Message-ID: Hi, I also receive this error, but there is neither a machine account for my w2k box in smbpasswd+/etc/passwd nor it is being created when trying to join the 2.2-dom. My config looks like the 2.2 CVS PDC HOWTO example. Sven am 27.02.2001 16:55 Uhr schrieb Greg J. Zartman unter greg@kwikfind.com: > Phillipp, > > Yes, Raoul fixed me up as well. It always seems that the little things hang > you up the worst. > > Greg > > ----- Original Message ----- > From: "Philipp Hug" > To: > Sent: Monday, February 26, 2001 5:46 PM > Subject: Again: Win2k, joining domain > > >> I can join the domain now. (Thanks to Raoul) >> >> is it true, that the machine-account in smbpasswd MUST NOT exist? >> >> philipp From lkcl at samba-tng.org Wed Feb 28 12:17:39 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: <3A9C29E7.28763667@bartlett.house> Message-ID: On Wed, 28 Feb 2001, Andrew Bartlett wrote: > Peter Samuelson wrote: > > > > [Andrew Bartlett] > > > Well if the case of private groups could be simply exculded (they > > > exist only to make unix admin easier, they dont benifit NT), and > > > system groups excluded, this problem would just 'go away' in the vast > > > majority of installations. > > > > So when a file belongs to one of these excluded groups, and NT asks for > > the security descriptor, what do you tell it -- "no group"? > > > > Peter > > I don't know the internals of NT as well as I should, but I didn't think > that files under NT needed to be owned by both a group and a user, ie a > file can be owned by just a user. files are owned by SIDs. SIDs are of any type: the type is totally irrelevant, to NT. which causes headaches for people on samba systems who try to make a goup take ownership of a file. From lkcl at samba-tng.org Wed Feb 28 12:18:42 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: Message-ID: > an issue that comes up? I've typed in usernames, but in my experience group > names have only ever come up in contexts where I have a listbox available to > me. CACLS.EXE ----- Luke Kenneth Casson Leighton ----- "i want a world of dreams, run by near-sighted visionaries" "good. that's them sorted out. now, on _this_ world..." From lkcl at samba-tng.org Wed Feb 28 12:19:12 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: <15004.24427.755690.579389@wire.cadcamlab.org> Message-ID: On Tue, 27 Feb 2001, Peter Samuelson wrote: > > [Steve Langasek] > > Just a thought (one with no experimental backing), but would it be > > possible by default to find namespace collisions (resolve the rid to > > a gid, getgrgid(gid), get the name, getpwnam(group_name), tag as a > > collision) > > This whole thing needs caching -- the above sounds like a lot of > overhead. that's why hashed_getpwnam() was added, two years ago. ----- Luke Kenneth Casson Leighton ----- "i want a world of dreams, run by near-sighted visionaries" "good. that's them sorted out. now, on _this_ world..." From pries at informatik.uni-wuerzburg.de Wed Feb 28 14:05:23 2001 From: pries at informatik.uni-wuerzburg.de (Rastin Pries) Date: Tue Dec 2 02:33:31 2003 Subject: using samba as a pdc Message-ID: <000801c0a18f$7ed1ae40$906abb84@hercules> Hello, i want to use samba as a pdc. I tested it with win nt4 as clients. There was no problem. When I used Win 2000 clients, the clients are not able to "get into" the domain. Is there any possibility to run win 2000 clients with a samba pdc? Rastin Pries pries@informatik.uni-wuerzburg.de -------------- next part -------------- HTML attachment scrubbed and removed From tom.myny at pandora.be Wed Feb 28 14:29:59 2001 From: tom.myny at pandora.be (Tom Myny) Date: Tue Dec 2 02:33:31 2003 Subject: Win2k problem with saving profiles References: <004301c0a0fa$dda77020$0200a8c0@pctom> <3A9C35FC.77724E4@gmx.net> Message-ID: <002101c0a192$ee951a20$0200a8c0@pctom> I applied these modes with no luck, win2k is stil creating maps with d--------- Result: problems with loading problem. Nobody has ever had these problems? , strange ... ----- Original Message ----- From: "Raoul Schroeder" To: "Tom Myny" Cc: Sent: Wednesday, February 28, 2001 12:19 AM Subject: Re: Win2k problem with saving profiles > add to your [profiles] section two force commands > > force create mode 660 (makes it r/w for the user and everyone in his > group) > force user "username" > force group "groupname" > (one should be enough, but oh well) > > and if you create new directories > directory mask 770 (rwx for user and his group) > > in case you are not familiar with the masks in *nix: > > 4 is read, 2 is write, 1 is execute. add them up to combine them. First > is the user, second is the group, third is all the other guys in the > world. > > For directories: if x is set, then you can enter the dir. If r is set, > you can read the directory contents (just for reading files, this is not > essential). If w is set, you can create new files. For reading / writing > to existing files for which you know the name, you only need an x for > the dir. > > HTH > > Raoul > > > But the following problem is now:some of these maps created in the map > > profiles have NO write/exexcuteble/read permissions for the user > > himself. (so i get this: (d---------) . When i close my session in > > > From Michael.Keightley at quadstone.com Wed Feb 28 15:15:44 2001 From: Michael.Keightley at quadstone.com (Michael.Keightley@quadstone.com) Date: Tue Dec 2 02:33:31 2003 Subject: Profiles being sharesdd by NT and Win2k Message-ID: <200102281515.f1SFFiv11566@quadstone.com> I just tried out Samba 2.2.2-alpha2. One problem, if you have NT and W2K machines in the same Samba domain, then they use the same roaming profile. When I logged into W2K first with a new user, then NT, all the start menus in NT looked like W2K! Is it possible to store profiles separately for each OS? Michael -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From everling at comnitel.com Wed Feb 28 15:30:52 2001 From: everling at comnitel.com (Eoin Verling) Date: Tue Dec 2 02:33:31 2003 Subject: Question re: win2k, samba 2.2 and many machines ... In-Reply-To: <200102281515.f1SFFiv11566@quadstone.com> Message-ID: Hi, Just a quick question ... Consider a setup of 200-300 (98, NT and win2k) users, can samba 2.2 handle that many users, depending on the machine spec. Is it better paractice to split the users into DOMAINs and have a seperate samba server controlling each domain (ie groups of 50 users, say). Is it possible to have multiple samba PDC on the same IP network? Generally, the best way to control 200/300 users is what I@m looking for. cheers E From timothy_d_cole at md.northgrum.com Wed Feb 28 15:39:22 2001 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F4721F@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Peter Samuelson [SMTP:peter@cadcamlab.org] > Sent: Tuesday, February 27, 2001 21:16 > To: Steve Langasek > Cc: Andrew Bartlett; Luke Kenneth Casson Leighton; Multiple recipients > of list; Samba NT Domains Mailing List; tng-users@lists.dcerpc.org > Subject: Re: FW: Speed comp. TNG & 2.2.alpha (fwd) > > > [Steve Langasek] > > and mangle them by appending a non-printable character to the group > > name returned? > > Hmmm, interesting thought. The above is a way of "tricking" the NT > end-user into thinking the user and group are equivalent, while not > tricking the system -- and as such its efficacy depends on the > like-named user and group actually being semantically equivalent, for > human purposes. > > I think I sort of like Andrew's proposal better -- ignore the duplicate > group names entirely w/r/t sending and receiving security descriptor > information. (NT doesn't require it, since unlike Unix it doesn't > assume that every file has a group.) If the client wants to change the > ACL of a file to have no groups in it, you can use the default > nobody-group ('nogroup' on my Linux box). > I think a more practicable approach (as NT, lacking a terminal metaphor, doesn't really have the notion of 'non-printable' characters (you'll get boxes/blibbets), unless you want to play some Unicode-only games) would be to consistently prefix all unix group names with '@' by default. It's simple, it's consistent, and I think it works. From A.Boswell at uea.ac.uk Wed Feb 28 15:52:25 2001 From: A.Boswell at uea.ac.uk (Boswell Andrew Dr (ITCS)) Date: Tue Dec 2 02:33:31 2003 Subject: Samba authentication against W2K Active Directory Message-ID: <113C356D4411D411B454009027908AB216616F@itcsexchange1.uea.ac.uk> Please could a Samba developer or user answer these questions. Background: We use Samba for serving files, and it has worked extremely well in this simple mode for 20,000 plus users in this university for the previous 3/4 years. Thanks to all those involved for this excellent software. We are soon to implement Windows 2K and Active Directory as the university's primary authentication mechanism. We will still want to serve files from the existing Samba servers. Currently, our Samba servers authenticate against existing NIS services running on Unix which will become redundant once W2K/AD is up and running. 1. Will the LDAP support being developed in Samba be sufficient to authenticate requests for Samba shares against Active Directory running under a w2k server? 2. Will other software be required in such a configuration (OpenLDAP)?. 3. When will the LDAP support become product, both product baseline and expected date? Is there any product LDAP support in 2.2.0? 4. Can Samba do this sort of LDAP authentication as a stand-alone fileserver or does it need to be configured as a DC? I would be very grateful for any feedback from anyone who has already trialled this sort of configuration. Andrew ====================================================================== Dr Andrew Boswell email : A.Boswell@uea.ac.uk School Liaison Consultant phone : +44-1603-593856 IT and Computing Services fax : +44-1603-593467 University of East Anglia Room : ITCS 0.09A Norwich, NR4 7TJ, UK From vorlon at netexpress.net Wed Feb 28 15:55:48 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:33:31 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: Message-ID: On Wed, 28 Feb 2001, Luke Kenneth Casson Leighton wrote: >> an issue that comes up? I've typed in usernames, but in my experience group >> names have only ever come up in contexts where I have a listbox available to >> me. > CACLS.EXE Ah, so that's a 'no' to my idea then. :D Well, it was just a thought. :) Steve Langasek postmodern programmer From ssande at sandia.gov Wed Feb 28 16:12:07 2001 From: ssande at sandia.gov (Stan Sander) Date: Tue Dec 2 02:33:31 2003 Subject: Win2k problem with saving profiles References: <004301c0a0fa$dda77020$0200a8c0@pctom> <3A9C35FC.77724E4@gmx.net> <002101c0a192$ee951a20$0200a8c0@pctom> Message-ID: <3A9D2357.51381867@sandia.gov> Tom Myny wrote: > I applied these modes with no luck, win2k is stil creating maps with > d--------- > > Result: problems with loading problem. > > Nobody has ever had these problems? , strange ... > ----- Original Message ----- > From: "Raoul Schroeder" > To: "Tom Myny" > Cc: > Sent: Wednesday, February 28, 2001 12:19 AM > Subject: Re: Win2k problem with saving profiles > > > add to your [profiles] section two force commands > > > > force create mode 660 (makes it r/w for the user and everyone in his > > group) > > force user "username" > > force group "groupname" > > (one should be enough, but oh well) > > > > and if you create new directories > > directory mask 770 (rwx for user and his group) > > > > in case you are not familiar with the masks in *nix: > > > > 4 is read, 2 is write, 1 is execute. add them up to combine them. First > > is the user, second is the group, third is all the other guys in the > > world. > > > > For directories: if x is set, then you can enter the dir. If r is set, > > you can read the directory contents (just for reading files, this is not > > essential). If w is set, you can create new files. For reading / writing > > to existing files for which you know the name, you only need an x for > > the dir. > > > > HTH > > > > Raoul > > > > > But the following problem is now:some of these maps created in the map > > > profiles have NO write/exexcuteble/read permissions for the user > > > himself. (so i get this: (d---------) . When i close my session in > > > > > > I think this was some kind of bug that was fixed in the CVS tree about a week ago. -- Stan Sander - CSU Special Projects Sandia National Laboratories (505) 284-4915 Mail Stop 0662 1515 Eubank Blvd. SE Albuquerque, NM 87123 From greg at kwikfind.com Wed Feb 28 16:25:48 2001 From: greg at kwikfind.com (Greg J. Zartman) Date: Tue Dec 2 02:33:31 2003 Subject: Again: Win2k, joining domain References: Message-ID: <00c001c0a1a3$1ece4670$2800a8c0@leinet> Sven, My Samba PDC didn't "work" the first time I tried it either. I'm not as experience with Samba as I'm sure many of the others here are, but I think the best way to get Samba going is to start simply. Put only the minimal configuration information in smb.conf file, fire it up and check the logs. Use the smbclient and smbstatus utilities to test run samba on the machine itself. What I looked for is the following: nmbd log: Make sure that the log reports that nmbd knows which machine it is and declares itself the master domain browser. The first time ran the daemons, I spent an hour or so trying to figure out what was wrong only to find that the log.nmbd was reporting that nmbd didn't couldn't resolve it's NETBIOS name. Come to find out, the problem was with my DNS. smbd log: Verify that it is reading in all of your shares with no errors. samba.log(the log that you specify in the smb.conf file): This one seems to be a little more difficult to read, for me, that the other two. I think alot of what is reported here only really makes sense to a person that knows that the samba code says. But, if samba has a problem performing a function (e.g., joining a machine to a domain), it will report some kind of error here. If you can't figure out what it means, post it on the mailing list and maybe someone else will. Most of the time though, I've been able to figure out what the errors mean. smbclient: make sure you can connect to local host with no errors using smbclient -U% -L localhost. This should give you a list of the current shares, tell you the workgroup(or domain) name, and tell you that your samba machine is the master. If you get an error, then go back and look at you smb.conf file again. smbstatus: I think this may be a redundant check, but if you get an error when executing smbstatus, then you have a problem with your configuration. Once you get positive results from the above, then try to join a machine to the domain. I recommend adding the machine manually the first time around. Again, this is to keep the smb.conf file as simply as possible until you get it working. Once you've successfully joined a machine to your domain, then you can add all of the security stuff and "bells and whistles". Good luck. Regards, Greg J. Zartman ----- Original Message ----- From: "Sven Siemsen" To: "Samba Mailing List" Sent: Tuesday, February 27, 2001 11:09 PM Subject: Re: Again: Win2k, joining domain > Hi, > > I also receive this error, but there is neither a machine account for my w2k > box in smbpasswd+/etc/passwd nor it is being created when trying to join the > 2.2-dom. > My config looks like the 2.2 CVS PDC HOWTO example. > > Sven > > am 27.02.2001 16:55 Uhr schrieb Greg J. Zartman unter greg@kwikfind.com: > > > Phillipp, > > > > Yes, Raoul fixed me up as well. It always seems that the little things hang > > you up the worst. > > > > Greg > > > > ----- Original Message ----- > > From: "Philipp Hug" > > To: > > Sent: Monday, February 26, 2001 5:46 PM > > Subject: Again: Win2k, joining domain > > > > > >> I can join the domain now. (Thanks to Raoul) > >> > >> is it true, that the machine-account in smbpasswd MUST NOT exist? > >> > >> philipp > > > > From lkcl at samba-tng.org Wed Feb 28 16:15:35 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:32 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: Message-ID: On Wed, 28 Feb 2001, Steve Langasek wrote: > On Wed, 28 Feb 2001, Luke Kenneth Casson Leighton wrote: > > >> an issue that comes up? I've typed in usernames, but in my experience group > >> names have only ever come up in contexts where I have a listbox available to > >> me. > > > CACLS.EXE > > Ah, so that's a 'no' to my idea then. :D t's not a no, it's something to consider. the other one is the smbntacls program. From barth at cck.uni-kl.de Wed Feb 28 16:32:59 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:32 2003 Subject: Profiles being sharesdd by NT and Win2k In-Reply-To: <200102281515.f1SFFiv11566@quadstone.com> Message-ID: <3A9D364B.4999.23D103B@localhost> > I just tried out Samba 2.2.2-alpha2. One problem, if you have NT and > W2K machines in the same Samba domain, then they use the same roaming > profile. When I logged into W2K first with a new user, then NT, all > the start menus in NT looked like W2K! Is it possible to store > profiles separately for each OS? Yes, it is possible, and in my opinion you have to do it: I looked into NT first, and then the W2K-Explorer crashed! My solution: [profiles] comment = Share for OS depend Profiles. path = %H/profile.%a browsable = yes writeable = yes map hidden = yes map system = yes And in the Home-Direktories (I like profiles thier because of the quota) I created profile.WinNT and profile.Win2K Christian _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From vorlon at netexpress.net Wed Feb 28 16:49:44 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:33:32 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) In-Reply-To: <15004.24427.755690.579389@wire.cadcamlab.org> Message-ID: On Tue, 27 Feb 2001, Peter Samuelson wrote: > [Steve Langasek] > > Just a thought (one with no experimental backing), but would it be > > possible by default to find namespace collisions (resolve the rid to > > a gid, getgrgid(gid), get the name, getpwnam(group_name), tag as a > > collision) > This whole thing needs caching -- the above sounds like a lot of > overhead. That sounds like over-engineering to me. This is little more than the work done on a Unix system for every file you look at with ls -l, or when you extract it from a tarball. There are already quite good systems available to speed up the getpwnam(), getgrgid(), etc. calls. So I can see benefits to caching these results internally, but I don't think the system would be unusable without it. Still, the fact that Luke thinks it would be necessary to be able to type in the names of groups that are the same as users makes the whole idea rather untenable. > > and mangle them by appending a non-printable character to the group > > name returned? > Hmmm, interesting thought. The above is a way of "tricking" the NT > end-user into thinking the user and group are equivalent, while not > tricking the system -- and as such its efficacy depends on the > like-named user and group actually being semantically equivalent, for > human purposes. I don't think it really tricks the end-user; for the most part in NT, aren't the user and group names displayed with icons next to them that indicate the type of RID they represent? So if I pull up the 'file permissions' dialog box and see that FOO\vorlon (with a single face next to it) has Full Control (All) over the file, and FOO\vorlon (with a globe and two faces) only has Read (RX) access to it, no information has been lost in the translation. The only place we have difficulty is if we need to textually disambiguate between the group FOO\vorlon and the user FOO\vorlon. > I think I sort of like Andrew's proposal better -- ignore the duplicate > group names entirely w/r/t sending and receiving security descriptor > information. (NT doesn't require it, since unlike Unix it doesn't > assume that every file has a group.) If the client wants to change the > ACL of a file to have no groups in it, you can use the default > nobody-group ('nogroup' on my Linux box). How do you decide generally which group names should be ignored? I can certainly think of cases where I might have a file whose gid maps to a group that conflicts with a username and I /do/ want to show the group in the file permissions... Steve Langasek postmodern programmer From greg at leiinc.com Wed Feb 28 17:18:36 2001 From: greg at leiinc.com (Greg J. Zartman, P.E.) Date: Tue Dec 2 02:33:32 2003 Subject: Changing your samba password from windows Message-ID: <012101c0a1aa$893ccf70$2800a8c0@leinet> I apologize for reposting this question, but it's driving me nuts. I'm running samba 2.2 alpha2 as a PDC for Win 2k and win 98 clients. I can join machines to the domain and log in with different user accounts with no problem. What I can't seem to get working is users to change their domain passwords from the client machines. In Win 2k, and Win NT, this is done by pressing CTRL-ALT-DEL and then selecting change password. When I try to do this on a Win2k client, I get the error message "on Win2k, I get this error on the client "1783: The stub received bad data.". My samba log for this action says "rpc_server/srv_samr_nt.c:_samr_get_dom_pwinfo(2435) _samr_get_dom_pwinfo: Not yet implemented." The Samba FAQ seem to indicate that this functionality is possible, but the log seems to indicate that it is not. Does anyone have any suggestions? Thank you. Greg J. Zartman, P.E. -------------- next part -------------- A non-text attachment was scrubbed... Name: Greg J. Zartman.vcf Type: text/x-vcard Size: 369 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010228/41c4e48f/GregJ.Zartman.vcf From bmeyer67 at calvin.edu Wed Feb 28 19:04:20 2001 From: bmeyer67 at calvin.edu (Witness) Date: Tue Dec 2 02:33:32 2003 Subject: smbpasswd problem Message-ID: <000001c0a1b9$41b24e00$0202a8c0@witness.chungin100.resnet.calvin.edu> I have a domain set up using Samba 2.0.7. However, none of the users can login because of the smbpasswd file. Even after running the 'smbpasswd' for each user when I added them to the system, it did not add them to the file. So I just generated one, as described in ENCRYPTION.txt, from a copy of the /etc/passwd file that had only the users I wanted added in it. It generated one, but the passwords don't match and I have no idea what the passwords are. I believe that I have the shadow passwords option enabled on the Linux system. What can I do to get the users to login? The only issue according to log.smb is that it is not finding the password or the correct password in the smbpasswd file. Thanks in advance, Benjamen R. Meyer Witness In response to M$-Windows: "A bug port! I knew it!" - Skuld, "Oh My Goddess" From barth at cck.uni-kl.de Wed Feb 28 19:39:46 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:32 2003 Subject: smbpasswd problem In-Reply-To: <000001c0a1b9$41b24e00$0202a8c0@witness.chungin100.resnet.calvin.edu> Message-ID: <3A9D6212.1595.2E81115@localhost> May be you have a samba from your distribution and a self compailed on your system and the files and programms are mixed. Also: first generate the smbpasswd-file form /etc/passwd, then enable the user by setting his password with the smbpasswd-command. Make sure you are using .../samba/bin/smbpasswd and .../samba/private/smbpasswd OR the distributions files (may be /usr/sbin/smbpasswd and /etc/smbpasswd). Also: Leave the domain beside first, try just to connect to a samba- share from an NT PC. If this works, try the domain stuff. Christian > I have a domain set up using Samba 2.0.7. However, none of the users > can login because of the smbpasswd file. Even after running the > 'smbpasswd' for each user when I added them to the system, it did not > add them to the file. So I just generated one, as described in > ENCRYPTION.txt, from a copy of the /etc/passwd file that had only the > users I wanted added in it. It generated one, but the passwords don't > match and I have no idea what the passwords are. I believe that I > have the shadow passwords option enabled on the Linux system. What can > I do to get the users to login? The only issue according to log.smb is > that it is not finding the password or the correct password in the > smbpasswd file. _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From jeremy at valinux.com Wed Feb 28 17:46:10 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:32 2003 Subject: Win2k problem with saving profiles References: <004301c0a0fa$dda77020$0200a8c0@pctom> <3A9C35FC.77724E4@gmx.net> <002101c0a192$ee951a20$0200a8c0@pctom> <3A9D2357.51381867@sandia.gov> Message-ID: <3A9D3962.98BFEB13@valinux.com> Stan Sander wrote: > > Tom Myny wrote: > > > I applied these modes with no luck, win2k is stil creating maps with > > d--------- > > > > Result: problems with loading problem. > > I think this was some kind of bug that was fixed in the CVS tree about a week > ago. Yes, this will be fixed in the next alpha snapshot - due when I've finished the spoolss restructuring. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From Christian.Duclou at eeigm.inpl-nancy.fr Wed Feb 28 20:17:35 2001 From: Christian.Duclou at eeigm.inpl-nancy.fr (Christian Duclou) Date: Tue Dec 2 02:33:32 2003 Subject: Diskspace piechart query References: Message-ID: <3A9D5CDF.847B7C8B@eeigm.inpl-nancy.fr> Does anyone have the answer ? C.D. Dan Larsson wrote: > I have set a size quota on the users homecatalog. Is it possible to > display the remaining space with regards to the quota left instead of the > entire disk space left? > > This is with samba-2.0.7 on a FreeBSD box > > Regards > +------ > Dan Larsson | Tel: +46 8 550 120 21 > Tyfon Svenska AB | Fax: +46 8 550 120 02 > GPG and PGP keys | finger dl@hq1.tyfon.net -- _____________ EEIGM - Service Informatique _____________ 6, rue Bastien LEPAGE / F-54010 NANCY - CEDEX - France Phone: +33 383.3683.27 / Fax: +33 383.3683.36 _______________ http://eeigm.inpl-nancy.fr _____________ From Luis at paycom.net Wed Feb 28 20:46:54 2001 From: Luis at paycom.net (Luis) Date: Tue Dec 2 02:33:32 2003 Subject: smbpasswd problem References: <000001c0a1b9$41b24e00$0202a8c0@witness.chungin100.resnet.calvin.edu> Message-ID: <3A9D63BE.70F2411E@paycom.net> Witness wrote: > I have a domain set up using Samba 2.0.7. However, none of the users can > login because of the smbpasswd file. Even after running the 'smbpasswd' > for each user when I added them to the system, it did not add them to > the file. So I just generated one, as described in ENCRYPTION.txt, from > a copy of the /etc/passwd file that had only the users I wanted added in > it. It generated one, but the passwords don't match and I have no idea > what the passwords are. I believe that I have the shadow passwords > option enabled on the Linux system. What can I do to get the users to > login? The only issue according to log.smb is that it is not finding the > password or the correct password in the smbpasswd file. > > Thanks in advance, > > Benjamen R. Meyer > Witness > > In response to M$-Windows: > "A bug port! I knew it!" > - Skuld, "Oh My Goddess" > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba Have you tried to check that the id are the same. Sometimes what happen is that the id will be off but one number. Also your user from what os are they connecting from win95 win98 nt or win2000. Plus when there trying to access or login , does the the computer ask them for a user name plus password or does it just ask for the password. I have samba 7 running fine. My users connect from all the box but I'm having trouble with some nt .. Plus the machine that there connecting from is just asking for a password. Let me know if that help you out if not you could email your smb.conf to me so I could look at it . bye Luis From peter at cadcamlab.org Wed Feb 28 21:03:33 2001 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:33:32 2003 Subject: FW: Speed comp. TNG & 2.2.alpha (fwd) References: <15004.24427.755690.579389@wire.cadcamlab.org> Message-ID: <15005.26533.9809.364516@wire.cadcamlab.org> [me] > > This whole thing needs caching -- the above sounds like a lot of > > overhead. [Steve Langasek] > That sounds like over-engineering to me. True. If the caching needs to be done it can be done at the libc level, which I think already happens on many Unices. > How do you decide generally which group names should be ignored? I > can certainly think of cases where I might have a file whose gid maps > to a group that conflicts with a username and I /do/ want to show the > group in the file permissions... That's a very good point. Peter From timrenzi at bellatlantic.net Wed Feb 28 21:10:18 2001 From: timrenzi at bellatlantic.net (Timothy Renzi) Date: Tue Dec 2 02:33:32 2003 Subject: Samba 2.2.0-alpha2 Domain Logon Problem Message-ID: <385386696.983394618245.JavaMail.root@web313-wrb> After much begging, pleading, tiny adjustments, etc,etc. I managed to make a Win2k pro client join my Samba controlled domain. However, once I reset the client, and tried to logon to the domain it told me this "The system cannot log you onto the domain specified, because the computers account in the domain can not be found, or the password does not match" The machine has an account in /etc/passwd (Created by me, with no password) and one in /usr/local/samba/private/smbpasswd (created when i joined the machine to the domain.. does this set a password?). Has anyone else seen this happen? Any ideas on how I could make it work? Thanks a million -Timothy Renzi From aalang at rutgersinsurance.com Wed Feb 28 21:23:29 2001 From: aalang at rutgersinsurance.com (Adam Lang) Date: Tue Dec 2 02:33:32 2003 Subject: Samba as Domain Controller References: <385386696.983394618245.JavaMail.root@web313-wrb> Message-ID: <021601c0a1cc$b1fe3080$330a0a0a@rutgersinsurance.com> I'm looking into using Samba as the domain controller for my network (about 75 users on windows 9x). How stable and effective would it be for my environment? Would I be better served just using NT for the PDC? Adam Lang Systems Engineer Rutgers Casualty Insurance Company http://www.rutgersinsurance.com From mthomas at rhrk.uni-kl.de Wed Feb 28 21:27:18 2001 From: mthomas at rhrk.uni-kl.de (Martin Thomas) Date: Tue Dec 2 02:33:32 2003 Subject: problem: browse list, two subnets, samba 2.0.7, windows 2000 Message-ID: <001e01c0a1cd$3a2c18f0$16b9f683@fuchur> Hallo, I've installed a samba server (2.0.7) in a subnet xxx.xxx.100.xxx Samba acts as a wins server (wins support=yes, domain master=yes) Two Windows 2000 prof. sp1 workstations are in subnet xxx.xxx.99.xxx All machines are in the same workgroup, on the w2k workstations the ip-number of the samba-box is added to the wins-server list. The ip-numbers of the w2k boxes are mentioned in the hosts allow list in smb.conf Doing smbclient -L "samba-computer" I get the samba server as master for the workgroup, doing smbclient -L "w2k-computer" I get a w2k machine as master. nmbd-log says samba ist local and domain master browser for the workgroup (but only for subnet xxx.xxx.100.xxx of couse). the problem: the samba server is not listed in the 'computers near me' list on the w2k computers and the w2k computers are not listed in the browse-list of the samba machine - I thought the wins server should be able to manage the browse list for the workgroup accross different subnets. It might be a problem with authentification because when I try to get the list of shares from the w2k (smbclient -L "w2k-computer" as user root) the "Error returning browse list: ERRDOS - ERRnoaccess (Access denied.)" appears (is some kind of guest account needed in w2k?). Accessing the Samba-Server via 'search computer' or \\sambabox\share is o.k., users in the smbpasswd-database can access shares folders and printers without problems. Any ideas how to join the machines from different subnets into one workgroup-list? Is there a know problem with windows 2000 in this case? Is there a tool to trace the browse list synchronistation? Thanks, Martin --- Martin THOMAS, SysAdmin Inst. of Env. Eng., Univ. of Kaiserslautern, Germany From tony at uickarate.com Wed Feb 28 20:38:52 2001 From: tony at uickarate.com (tony) Date: Tue Dec 2 02:33:32 2003 Subject: smbpasswd problem References: <000001c0a1b9$41b24e00$0202a8c0@witness.chungin100.resnet.calvin.edu> Message-ID: <013b01c0a1c6$76e29050$32fea8c0@tonydesktop> I have sort of a similar problem... In my case, it was the "case" problem. I was able to use smbclient and map the drive from NT only for root. It happens to be that all of the rest of the users had capital letters in it, and the samba converted the user names to lower case and verify it. So I had 'testUser' as a Unix user, and samba was trying to find 'testuser' to verify. I haven't had a chance to find a fix, but I was able to log in by making all user names lower case. This may or may not be the problem, but it's worth a shot. Did you try the debugging mode? Try the debugging mode and look at the log files. Tony Nakamura ----- Original Message ----- From: "Witness" To: "Samba (General)" Cc: "Samba-NT DOM" Sent: Wednesday, February 28, 2001 2:04 PM Subject: smbpasswd problem > I have a domain set up using Samba 2.0.7. However, none of the users can > login because of the smbpasswd file. Even after running the 'smbpasswd' > for each user when I added them to the system, it did not add them to > the file. So I just generated one, as described in ENCRYPTION.txt, from > a copy of the /etc/passwd file that had only the users I wanted added in > it. It generated one, but the passwords don't match and I have no idea > what the passwords are. I believe that I have the shadow passwords > option enabled on the Linux system. What can I do to get the users to > login? The only issue according to log.smb is that it is not finding the > password or the correct password in the smbpasswd file. > > Thanks in advance, > > Benjamen R. Meyer > Witness > > In response to M$-Windows: > "A bug port! I knew it!" > - Skuld, "Oh My Goddess" > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > From greg at kwikfind.com Wed Feb 28 21:49:46 2001 From: greg at kwikfind.com (Greg J. Zartman) Date: Tue Dec 2 02:33:32 2003 Subject: Samba as Domain Controller References: <385386696.983394618245.JavaMail.root@web313-wrb> <021601c0a1cc$b1fe3080$330a0a0a@rutgersinsurance.com> Message-ID: <003101c0a1d0$5ed6d160$2800a8c0@leinet> Adam, I'm sure you are going to get alot of feedback on this one. I think Samba is definitely the way to go. I started with a Win 2000 PDC and then switched to Samba. My network is much more stable now. I used to have to reboot my main NT box at least once a day. It was almost like windows had a memory leak or something. I've had the routing functions moved to Linux for about a month now and am just getting going with Samba as the PDC. The server plugs away, with the CPU usage never getting above about 40%. This same hardware was maxed out when it had win 2k server on it. Here is an article that convinced me: www.programmers.net/mirrors/lg/issue29/coldiron.html Greg ----- Original Message ----- From: "Adam Lang" To: Sent: Wednesday, February 28, 2001 1:23 PM Subject: Samba as Domain Controller > I'm looking into using Samba as the domain controller for my network (about > 75 users on windows 9x). > > How stable and effective would it be for my environment? Would I be better > served just using NT for the PDC? > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > http://www.rutgersinsurance.com > > > > > From hibbert_craig at emc.com Wed Feb 28 21:53:48 2001 From: hibbert_craig at emc.com (hibbert, craig) Date: Tue Dec 2 02:33:32 2003 Subject: Samba as Domain Controller Message-ID: <08B0EA17E377D41187410090273BEFD0EFE823@unitas.lss.emc.com> I agree. I am a newbie to this environment and I have got samba running as a PDC, logon scripts, printing etc. I too replaced WIN2000 in favor of Linux/Samba duo. You will not regret it... Craig. -----Original Message----- From: Greg J. Zartman [mailto:greg@kwikfind.com] Sent: Wednesday, February 28, 2001 4:50 PM To: Adam Lang Cc: samba-ntdom@us5.samba.org Subject: Re: Samba as Domain Controller Adam, I'm sure you are going to get alot of feedback on this one. I think Samba is definitely the way to go. I started with a Win 2000 PDC and then switched to Samba. My network is much more stable now. I used to have to reboot my main NT box at least once a day. It was almost like windows had a memory leak or something. I've had the routing functions moved to Linux for about a month now and am just getting going with Samba as the PDC. The server plugs away, with the CPU usage never getting above about 40%. This same hardware was maxed out when it had win 2k server on it. Here is an article that convinced me: www.programmers.net/mirrors/lg/issue29/coldiron.html Greg ----- Original Message ----- From: "Adam Lang" To: Sent: Wednesday, February 28, 2001 1:23 PM Subject: Samba as Domain Controller > I'm looking into using Samba as the domain controller for my network (about > 75 users on windows 9x). > > How stable and effective would it be for my environment? Would I be better > served just using NT for the PDC? > > Adam Lang > Systems Engineer > Rutgers Casualty Insurance Company > http://www.rutgersinsurance.com > > > > > From mgeddes at xavier.sa.edu.au Wed Feb 28 22:11:53 2001 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:33:32 2003 Subject: HOWTO Samba on RH 7.0 References: <3A9B95AA.1F8BC28D@netin.com> Message-ID: <3A9D77A9.B9AA9249@xavier.sa.edu.au> GL Fournerat wrote: > > Hello all: > > While I'm recovering from gall bladder surgery, Sorry to hear about that. I guess, though, that it wouldn't have been performed without due cause, so I hope you enjoy a speedy recovery. > I thought > I'd do something useful (since sitting up is about the only > comfortable position I can find)... like create a HOWTO > Samba (-2.0.7-21ssl) on RH7 (w/ xinetd-2.1.8.9pre14). Would it be better to make it less specific than just RedHat 7? Good luck, Matt From akopps at CSUA.Berkeley.EDU Wed Feb 28 22:35:02 2001 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:33:32 2003 Subject: "One password for all" Message-ID: Is there away to get windows and unix users to use the same password database for authentication? So far, I have found two Solutions: 1. Use pam_ntdom module on the unix hosts, all password/user data lives on a windows NT PDC. This is not a good solution for us at all because this is too much hassle just to get a few windows clients going (our network is mostly unix based). 2. Use Novel NDS with their account management software (a bunch of windows utilities and unix pam modules that make all clients, windows and unix, authenticate from the same database in NDS). 3(?) iPlanet directory server can "synchronize" the passwords with a windows NT PDC and I don't know how well that works. Is there a solution, probably samba based that makes uses a single password database or does password synchronization completely transparently, that doesn't involve Windows based PDCs and preferably other proprietary software? Right now, I am thinking of using Samba 2.2.x with a wrapper "passwd" script that would take a password from user and update the unix and windows password data but that just sounds ugly, but certainly doable (right now our "passwd" command is already a wrapper script because we need to change the unix password and the secure RPC password simultaneously, those who use NIS+ would know what I am talking about ..) -akop From sharpe at ns.aus.com Wed Feb 28 17:08:14 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:33:32 2003 Subject: Samba as Domain Controller In-Reply-To: <021601c0a1cc$b1fe3080$330a0a0a@rutgersinsurance.com> References: <385386696.983394618245.JavaMail.root@web313-wrb> Message-ID: <3.0.6.32.20010301030814.00b326f0@203.16.214.248> At 04:23 PM 2/28/01 -0500, Adam Lang wrote: >I'm looking into using Samba as the domain controller for my network (about >75 users on windows 9x). For Win9X machines you do not need a PDC. Samba 2.0.7 will do fine for these machines. >How stable and effective would it be for my environment? Would I be better >served just using NT for the PDC? Very effective, lots of people use Samba for this. >Adam Lang >Systems Engineer >Rutgers Casualty Insurance Company >http://www.rutgersinsurance.com > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.ethereal.com) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba