From dleffler at alaska.com Mon Jan 1 01:15:31 2001 From: dleffler at alaska.com (Dave Leffler) Date: Tue Dec 2 02:32:55 2003 Subject: Win9x sharing printer & disk In-Reply-To: <5.0.2.1.0.20001230121404.00a2bc80@mail.cgocable.net> Message-ID: <000001c07390$55b53e00$c40aa8c0@anchorageak.net> What version of SAMBA will allow the LINUX machine to act as a PDC and still allow the Win9x clients to share their own printer and disk? I have only been able to share from the Win9x client under share mode, not with Linux as the PDC. Then it won't let me pull up a user list on the Win9x client to share the printer/disk. Dave From malyprogservices at flashmail.com Mon Jan 1 19:51:14 2001 From: malyprogservices at flashmail.com (Tomas Maly) Date: Tue Dec 2 02:32:55 2003 Subject: Samba-TNG + SASL + LDAP Message-ID: <3A50DFB2.26B9F11B@flashmail.com> I was wondering if Samba-TNG has support for SASL such that I can authenticate changes to LDAP via gssapi (Krb5). If there is support (I don't think so, but perhaps), then how would I go about setting it up? Thanks. From lobo at mental.com Mon Jan 1 23:29:30 2001 From: lobo at mental.com (Alexander Lobodzinski) Date: Tue Dec 2 02:32:55 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: David Bannon's message of Thu, 07 Dec 2000 15:55:41 +1100 <3.0.6.32.20001207155541.008d29f0@bioserve.latrobe.edu.au> Message-ID: <29003.978391770@mental.com> David, () With so many people having problems joining a W2K to samba 2.2 domain () recently, I feel a bit mean that that mine works. So I thought I'd try and () get it to stop working. Here is how I managed to get some of the error () messages that other people are experiencing... [...] () () [Message D] () "No mapping between account names and security ID was done." in your recipe how to deliberately provoke various error messages the last one [D] was not listed. So what did you do to get it? I'm asking because this is what I always get with the CVS snapshot of one hour ago (the domain name is odd-numbered just to be sure). Ciao, Lobo From marshallj at switch.aust.com Tue Jan 2 07:04:33 2001 From: marshallj at switch.aust.com (Marshall, Joshua) Date: Tue Dec 2 02:32:55 2003 Subject: Samba 2.2 CVS 02 Jan 2001 Message-ID: <3A517D81.D0A94316@switch.aust.com> I have just checked out the SAMBA_2_2 branch and found that to run the configure script I had to remove the space between the #! and the /bin/sh (RH6.2) After managing to get the configure script working, I am unable to make. I get the following: [marshallj@ussmbox source]$ make Makefile:101: *** missing separator. Stop. Can anyone point me in the right direction? Regards, Josh Marshall From sharpe at ns.aus.com Tue Jan 2 07:37:43 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:55 2003 Subject: Samba 2.2 CVS 02 Jan 2001 In-Reply-To: <3A517D81.D0A94316@switch.aust.com> Message-ID: <3.0.6.32.20010102173743.011e6790@203.16.214.248> At 05:04 PM 1/2/01 +1000, Marshall, Joshua wrote: >I have just checked out the SAMBA_2_2 branch and found that to run the >configure script I had to remove the space between the #! and the >/bin/sh (RH6.2) Hmmm, I am on RH7.0 (Damn Red Hat for a sloppy release!) and used RH6.2 before now, and have never had to do that. A quick look at my configure script, albeit from the head and Samba 2.2 branches shows a space afer #!. >After managing to get the configure script working, I am unable to make. >I get the following: > >[marshallj@ussmbox source]$ make >Makefile:101: *** missing separator. Stop. Hmmm, looks like missing tabs ... Are you sure you did not run some of the files through an editor that replaces tabs with spaces? Very old versions of Ludwig used to do that and played merry hell with Makefiles. >Can anyone point me in the right direction? You are from Union Signal and Switch and you can't find your way :-) ? >Regards, >Josh Marshall > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From D.Bannon at latrobe.edu.au Tue Jan 2 11:24:59 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:55 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: <29003.978391770@mental.com> References: Message-ID: <3.0.6.32.20010102222459.007c1ce0@bioserve.latrobe.edu.au> At 12:29 AM 2/1/2001 +0100, Alexander Lobodzinski wrote: >David, > >() With so many people having problems joining a W2K to samba 2.2 domain >() >() [Message D] >() "No mapping between account names and security ID was done." > >in your recipe how to deliberately provoke various error messages the >last one [D] was not listed. So what did you do to get it? There have been so many changes to the cvs since then, I'm not sure my post about those error is still valid. Are you using W2k SP1 ? If so, it don't work ! (see the FAQ). I don't have access to my test setup any more, have changed jobs and have not set up anything at the new one yet. Sorry, cannot help for at least 3 or 4 weeks. Right now I'm struggling with True64 on a Compaq super computer. Its fun ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From whtdrgn at mail.cannet.com Tue Jan 2 15:55:19 2001 From: whtdrgn at mail.cannet.com (Timothy A. DeWees) Date: Tue Dec 2 02:32:55 2003 Subject: Windows 2000 two way password sync. Message-ID: <00ad01c074d4$68bd5060$7930000a@hcd.net> Hello, Is there anyway to get Linux (via samab) to sync passowrd with a Windows 2000 PDC, in a two-way mannor? -- Kind Regards, Timothy A. DeWees From ntdom at hotmail.com Tue Jan 2 17:20:44 2001 From: ntdom at hotmail.com (Souheang Yao) Date: Tue Dec 2 02:32:55 2003 Subject: Compile error with pam_smb and pam_ntdom Message-ID: I keep getting compile error when I try to compile pam_smb or pam_ntdom. I'm using samba-tng-alpha.2.6 for pam_ntdom and pam_smb 1.9.8. I just need either one of them to work. For pam_smb I get the following error. make: Fatal error in reader: Makefile, line 51: Unexpected end of line seen For pam_ntdom i get the following: Linking bin/pam_ntdom_auth.so /usr/ccs/bin/ld: illegal option -- x *** Error code 1 make: Fatal error: Command failed for target `bin/pam_ntdom_auth.so' can anyone help. -Souheang _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com From hazen at potentia.ca Tue Jan 2 18:46:14 2001 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:55 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: <3.0.6.32.20010102222459.007c1ce0@bioserve.latrobe.edu.au> Message-ID: Hello: Hey I'm using w2k sp1 with a cvs'd version of 2.2.0-prealpha and its working fine now. The only thing that i've noticed is that a lot of people either aren't creating root accounts, or don't read all the documentation. (Myself included!) This is not mentioned anywhere in the FAQ's or HOW-To's 1. After following the PDC faq's and How-to's all the other mounds of doc's (Readme's INSTALL'S etc. etc.) 2. Now create your test accounts (test, Blah, Joe shmoe, Foobar) whatever your prefrence is then Do the following CREATE A ROOT ACCOUNT!!! (#smbpasswd -a root) followed by the root password and you may want to keep them the same for admin purposes, and sanity too. 3. Test your local W2K logon using the same test accounts on both the w2k box and the nix box (makes administration much easier) 4. OK so your Windoze box works now when you attempt a domian logon in w2k use THE ROOT Account, you should be prompted for an account with permissions to logon to the domain, use the ROOT account, then grab yourself a coffe or sanck and wait (takes about 2 or 3 minutes usually) if you end up waiting any longer than five minutes then if i where you i'd go back to step 3 and verify. Here are some notes The domain logon aspect of 2.2.0 emulates "trust relations" there is not any plans now or in the near future to do so, however from what i have seen you can use a work around (I'm still testing this one) by modifying the group (users and ADMIN or admin)in conjunction with domain admin = @admin -> smb.conf, However this is not how microsoft implements the same idea, Trust relation on any ms box mean that even your file creation and permissions are the same across each machiene (if you are an administrator then you have admin previalages across all machines within that domain. ) however i figure the samba team will be working on this hopefully. The user manager only aceses the moment? Good one If anyone could enlighten me as to the "proper" function of the user manager with samba is it the moment or what? and on that note, Does anyone know How or if it is possible to map local passwords to the domain controller? ie: a change on a local workstation to the profile local password would be mapped to the domain controller.?? Thanks again all Hazen -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of David Bannon Sent: Tuesday, January 02, 2001 6:25 AM To: Alexander Lobodzinski Cc: samba-ntdom@us5.samba.org Subject: Re: Thoughts on problems with W2K joining ... At 12:29 AM 2/1/2001 +0100, Alexander Lobodzinski wrote: >David, > >() With so many people having problems joining a W2K to samba 2.2 domain >() >() [Message D] >() "No mapping between account names and security ID was done." > >in your recipe how to deliberately provoke various error messages the >last one [D] was not listed. So what did you do to get it? There have been so many changes to the cvs since then, I'm not sure my post about those error is still valid. Are you using W2k SP1 ? If so, it don't work ! (see the FAQ). I don't have access to my test setup any more, have changed jobs and have not set up anything at the new one yet. Sorry, cannot help for at least 3 or 4 weeks. Right now I'm struggling with True64 on a Compaq super computer. Its fun ! David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From BWestmoreland at poiusa.com Tue Jan 2 18:52:48 2001 From: BWestmoreland at poiusa.com (Westmoreland, Brent) Date: Tue Dec 2 02:32:55 2003 Subject: Anyone having problems with swat? Message-ID: <4991D79F34ECD2119D5600A0C9F4478E01887C07@andsvr05.poiusa.com> I can't get swat to work via redhat 7.0. Am able to make changes via smb.conf, but I would like some type of gui interface. Checke the /etc/services file for the tcp port and it was fine. Any ideas? Thank You, Brent Westmoreland (864) 622-3148 [mailto:bwestmoreland@poiusa.com] From delphin at worldonline.dk Tue Jan 2 18:57:40 2001 From: delphin at worldonline.dk (Tonni Aagesen) Date: Tue Dec 2 02:32:55 2003 Subject: Just a test Message-ID: <01f601c074ed$e1fb7c40$0a01a8c0@ws1> -------------- next part -------------- HTML attachment scrubbed and removed From anders at cwd.no Tue Jan 2 19:22:22 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:32:55 2003 Subject: Anyone having problems with swat? In-Reply-To: <4991D79F34ECD2119D5600A0C9F4478E01887C07@andsvr05.poiusa.com> Message-ID: <000401c074f2$399ea5e0$3202a8c0@thorsen.dhs.org> You might want to check that swat exists. do something like "locate swat". secondly, you'd make sure that the locate output lists it as beeing in your web servers cgi-bin directory, or if you want it standalone check /etc/inetd.conf. It might also not exist. It's not beeing built by default these days. Warning: SWAT hasn't been worked on for a long time, and I'd recommend not using it. (It has security issues as well as other issues.) PS: This is a issue for samba@samba.org, not samba-ntdom or samba-technical. --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Westmoreland, Brent Sent: Tuesday, January 02, 2001 7:53 PM To: 'samba-ntdom@lists.samba.org' Subject: Anyone having problems with swat? I can't get swat to work via redhat 7.0. Am able to make changes via smb.conf, but I would like some type of gui interface. Checke the /etc/services file for the tcp port and it was fine. Any ideas? Thank You, Brent Westmoreland (864) 622-3148 [mailto:bwestmoreland@poiusa.com] From anders at cwd.no Tue Jan 2 19:18:38 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:32:55 2003 Subject: Windows 2000 two way password sync. In-Reply-To: <00ad01c074d4$68bd5060$7930000a@hcd.net> Message-ID: <000301c074f2$382ffab0$3202a8c0@thorsen.dhs.org> No, and probably won't happend in a wery long long time. --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Timothy A. DeWees Sent: Tuesday, January 02, 2001 4:55 PM To: Samba-NTDOM Subject: Windows 2000 two way password sync. Hello, Is there anyway to get Linux (via samab) to sync passowrd with a Windows 2000 PDC, in a two-way mannor? -- Kind Regards, Timothy A. DeWees From rlillard at prosysmeg.com Tue Jan 2 19:48:31 2001 From: rlillard at prosysmeg.com (Raymond Lillard) Date: Tue Dec 2 02:32:55 2003 Subject: Anyone having problems with swat? In-Reply-To: <4991D79F34ECD2119D5600A0C9F4478E01887C07@andsvr05.poiusa.com> Message-ID: Brent wrote: > I can't get swat to work via redhat 7.0. Am able to make changes via > smb.conf, but I would like some type of gui interface. Checke the > /etc/services file for the tcp port and it was fine. Any ideas? Just a longshot but, does http://localhost work? If not, have you been using linuxconf to admin Apache? I don't remember the exact details, but I struggled on RH6.2 few months back to get Apache working (so I could use swat) and had to hand edit httpd.conf to fix a few parameters that linuxconf mangled. Good Luck, Ray From ajudge1 at bellsouth.net Tue Jan 2 21:06:05 2001 From: ajudge1 at bellsouth.net (Andrew Judge) Date: Tue Dec 2 02:32:55 2003 Subject: win ME and 2000 w/ Linux as pdc Message-ID: Is anyone successfully using Linux w/ samba 2.0.7 as a PDC with win2000 and ME clients? I run a network w/ 98 and it runs fine, but haven't had the chance to try with 2000 or ME. If so, what browse master number should I assign the Linux box in such an environment? Is samba 2.0.7 solid enough to be used as a PDC and file server in a small network or say 50 or less workstations with the above MS clients or is it best to go with 2000 server? Andy Judge From armand at welshhome.org Tue Jan 2 22:37:54 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:55 2003 Subject: mk References: <005c01c0714e$76da9c40$02006b83@rob> Message-ID: <005001c0750c$b11d03e0$12324d90@pimco.com> if you are thinking that swat is a proxy, it's not. If you have a proxy, and you are trying to access swat, while using the proxy, turn the proxy off, or exclude your computer's address from being proxied. Then, use the url http://127.0.0.1:901/ to access your swat config manager. Note: I have not been able to get swat to work on the latest release of samba (prior to christmas vacation), I will try again with the latest cvs soon... ----- Original Message ----- From: Rob Marsiglia To: samba-ntdom@lists.samba.org Sent: Thursday, December 28, 2000 8:18 PM Subject: mk I installed samba and cant get netscape to log into my own computer. I dont have a direct connection to the internet and when I try to access my proxy server, it just sits there and looks dumb......any thoughts? I am trying to use port 901 to activate swat and I added my new user account to my user list in the proxy. -------------- next part -------------- HTML attachment scrubbed and removed From David.Bear at asu.edu Tue Jan 2 22:38:33 2001 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:32:55 2003 Subject: using kerberos Message-ID: If I configure samba to use kerberose for authentication do I need to have kerberos hold a nt/lm password hash as part of the extended information? David Bear College of Public Programs/ASU From armand at welshhome.org Tue Jan 2 23:15:05 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:55 2003 Subject: win ME and 2000 w/ Linux as pdc References: Message-ID: <006401c07511$e19bc5b0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* only the cvs version of samba_HEAD works with win2K. Win Me, works fine on all versions that suppport encrypted passwords. ----- Original Message ----- From: "Andrew Judge" To: "Samba-Ntdom" Sent: Tuesday, January 02, 2001 1:06 PM Subject: win ME and 2000 w/ Linux as pdc > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Is anyone successfully using Linux w/ samba 2.0.7 as a PDC with win2000 and > ME clients? I run a network w/ 98 and it runs fine, but haven't had the > chance to try with 2000 or ME. If so, what browse master number should I > assign the Linux box in such an environment? Is samba 2.0.7 solid enough to > be used as a PDC and file server in a small network or say 50 or less > workstations with the above MS clients or is it best to go with 2000 server? > > Andy Judge > > > > From armand at welshhome.org Tue Jan 2 23:17:59 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:55 2003 Subject: Anyone having problems with swat? References: Message-ID: <006801c07512$436ad5b0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* hmmm... I have never used apache with swat. Swat is self contained. doesn't use swat. Perhaps it can be configured to use though... The problem I have seen is that if localhost is not listed in /etc/hosts, or if you use squid proxy, then localhost won't work, and the ip address must be used instead. squid tries to resolve localhost as a FQDN, but it's not. It's just a host name. So squid returns an error. Solution is to not proxy request destined to localhost and 127.0.0.1 ----- Original Message ----- From: "Raymond Lillard" To: "Westmoreland, Brent" ; "'samba-ntdom@lists.samba.org'" Sent: Tuesday, January 02, 2001 11:48 AM Subject: RE: Anyone having problems with swat? > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Brent wrote: > > I can't get swat to work via redhat 7.0. Am able to make changes via > > smb.conf, but I would like some type of gui interface. Checke the > > /etc/services file for the tcp port and it was fine. Any ideas? > > Just a longshot but, does http://localhost work? > > If not, have you been using linuxconf to admin Apache? > I don't remember the exact details, but I struggled on > RH6.2 few months back to get Apache working (so I could > use swat) and had to hand edit httpd.conf to fix a few > parameters that linuxconf mangled. > > Good Luck, > Ray > > > From armand at welshhome.org Wed Jan 3 00:04:13 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:55 2003 Subject: Thoughts on problems with W2K joining ... References: <3.0.6.32.20010102222459.007c1ce0@bioserve.latrobe.edu.au> Message-ID: <008701c07518$bed79c00$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* I know the FAQ claims win2K sp1 doesn't work, but I ignored this, and my win2k client IS sp1, and it joined the domain, and it's working fine. In fact, it works perfectly. ----- Original Message ----- From: "David Bannon" To: "Alexander Lobodzinski" Cc: Sent: Tuesday, January 02, 2001 3:24 AM Subject: Re: Thoughts on problems with W2K joining ... > *This message was transferred with a trial version of CommuniGate(tm) Pro* > At 12:29 AM 2/1/2001 +0100, Alexander Lobodzinski wrote: > >David, > > > >() With so many people having problems joining a W2K to samba 2.2 domain > >() > >() [Message D] > >() "No mapping between account names and security ID was done." > > > >in your recipe how to deliberately provoke various error messages the > >last one [D] was not listed. So what did you do to get it? > > There have been so many changes to the cvs since then, I'm not sure my post > about those error is still valid. Are you using W2k SP1 ? If so, it don't > work ! (see the FAQ). > > I don't have access to my test setup any more, have changed jobs and have > not set up anything at the new one yet. Sorry, cannot help for at least 3 > or 4 weeks. Right now I'm struggling with True64 on a Compaq super > computer. Its fun ! > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 479 2197 > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > Bundoora, Vic, Australia, 3083 > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! > > From litlrob at home.com Wed Jan 3 01:43:53 2001 From: litlrob at home.com (Rob Marsiglia) Date: Tue Dec 2 02:32:55 2003 Subject: USING WIN NT SERVER WITH PROXY SERVER Message-ID: <001b01c07526$a1a18ca0$02006b83@rob> I have a Nt server running proxy server and need to setup redhat to use the internet through the NT proxy server, I know samba doesnt do it, but what will? I havent found a resource to do it yet...anyone run into this problem and have a resolution? -------------- next part -------------- HTML attachment scrubbed and removed From greg at discreet.com Wed Jan 3 02:35:12 2001 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:32:55 2003 Subject: USING WIN NT SERVER WITH PROXY SERVER In-Reply-To: <001b01c07526$a1a18ca0$02006b83@rob> Message-ID: I'm guessing that squid may have a way to do this. Greg On Tue, 2 Jan 2001, Rob Marsiglia wrote: > Date: Tue, 2 Jan 2001 20:43:53 -0500 > From: Rob Marsiglia > To: samba-ntdom@us5.samba.org > Subject: USING WIN NT SERVER WITH PROXY SERVER > > I have a Nt server running proxy server and need to setup redhat to use the internet through the NT proxy server, I know samba doesnt do it, but what will? I havent found a resource to do it yet...anyone run into this problem and have a resolution? > --------------------------------------------------------------------- Greg Dickie just a guy greg@discreet.com From delphin at worldonline.dk Wed Jan 3 02:57:38 2001 From: delphin at worldonline.dk (Tonni Aagesen) Date: Tue Dec 2 02:32:55 2003 Subject: Strange behaviour in Samba/NT Message-ID: <027501c07530$eeb1e5d0$0a01a8c0@ws1> (this message is postet for fourth time, can'Hi list, I am having some trouble running Samba (2.0.7 on debian-potatoe) as PDC for two NT-workstations (4.0 with SP6) at my home-network. At first glance it seems to work allright; domain-logons, roaming profiles etc. is working as it should. However, if I leave one or both of the workstations on e.g. during the night multiple network-drives has been connected in the morning. When I logon to the PDC the drive - tonni on 'fileserver' (Z:) - connects containing my profile, but when leaving the computer untouched for some time, the Z drive seems to copy itself so that I also have: tonni on 'fileserver' (G:), tonni on 'fileserver' (H:) and so on. To me it looks like the connections between the PDC and workstations are somehow lost and therefor it reconnects. It should be noted that I can access all the drives and they all contain my profile. It should also be noted that the applies to both workstations. Please have in mind that I am new to this mailing-list and samba. Best regards Tonni Aagesen, Denmark t see my own messages) -------------- next part -------------- HTML attachment scrubbed and removed From D.Bannon at latrobe.edu.au Wed Jan 3 06:18:16 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:55 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: References: <3.0.6.32.20010102222459.007c1ce0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20010103171816.008bdaf0@bioserve.latrobe.edu.au> At 01:46 PM 1/2/01 -0500, Hazen Valliant-Saunders wrote: > 2. Now create your test accounts (test, Blah, Joe shmoe, Foobar) whatever >your prefrence is then Do the following CREATE A ROOT ACCOUNT!!! Yeah, from the HowTo : Now enter a user name and password for a Domain Admin (Who must be root until a pre-release bug is fixed) and press 'OK'. But maybe you are right, I don't actually say "Create a root account", I'll have a go at it if I get a chance. >sanck and wait (takes about 2 or 3 minutes usually) if you end up waiting No, thats got to be somethig wrong ! I've never waited that long and my test server was a P166 ! > Does anyone know How or if it is possible to map local passwords to the >domain controller? No, generally speaking once the domain is working correctly, you'll only need a local passwd for administrator for when something goes badley wrong. Othe local passwds and a pain. Thanks for your input. Usefull. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From marsaro at suse.com Wed Jan 3 06:30:07 2001 From: marsaro at suse.com (Jon Doyle) Date: Tue Dec 2 02:32:55 2003 Subject: USING WIN NT SERVER WITH PROXY SERVER In-Reply-To: Message-ID: Hi; From Chris.Odgers at sausage.com Wed Jan 3 06:33:38 2001 From: Chris.Odgers at sausage.com (Chris Odgers) Date: Tue Dec 2 02:32:56 2003 Subject: USING WIN NT SERVER WITH PROXY SERVER Message-ID: <9A0F63A07282D4119C4100D0B72017AA7E28BB@fatboy.sausage.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think the problem is the fact that in most environments, MS proxy is set up to require NTLM authentication for the web side of things. Obviously, in a standard unix environment this isn't going to work too well, unless somebody wrote a meta-proxy which understood the NTLM stuff and spoke basic authentication to the unix clients. I can't comment on the socks proxy or winsock proxy parts, as I haven't had much exposure to them. Chris > -----Original Message----- > From: Jon Doyle [mailto:marsaro@suse.com] > Sent: Wednesday, January 03, 2001 5:30 PM > To: Greg Dickie > Cc: Rob Marsiglia; samba-ntdom@us5.samba.org > Subject: Re: USING WIN NT SERVER WITH PROXY SERVER > > > > > Hi; > > From my experiences with MS Proxy the only way that piece of > code works > well is with the MS Proxy Client. Yes, it is supposed to be SOCKS > compliant, but the ability to NAT was only introduced into their > new product ISC2k or ISA2k, something like that. it is true that > Squid can do > the HTTP Accelaration and access control that you may need > (in the case of > MS Proxy) and the Linux server will allow more flexibility to > add unix and > MAC clients behind it (MASQ), I do not even want to start a war on > the list over security avantages with Linux over MS, but you may > conclude I > would recommend the use of SAMBA/Squid/and Firewall/MASQ over > an MS Proxy. > > Regards, > > > Jon > > > > On Tue, 2 Jan 2001, Greg Dickie wrote: > > > > > I'm guessing that squid may have a way to do this. > > > > Greg > > > > > > On Tue, 2 Jan 2001, Rob Marsiglia wrote: > > > > > Date: Tue, 2 Jan 2001 20:43:53 -0500 > > > From: Rob Marsiglia > > > To: samba-ntdom@us5.samba.org > > > Subject: USING WIN NT SERVER WITH PROXY SERVER > > > > > > I have a Nt server running proxy server and need to setup > redhat to use the internet through the NT proxy server, I > know samba doesnt do it, but what will? I havent found a > resource to do it yet...anyone run into this problem and have > a resolution? > > > > > > > > -------------------------------------------------------------------- > - > > Greg Dickie > > just a guy > > greg@discreet.com > > > > > > > > > ______________________________________________________________ > _________________ > Jon R. Doyle > Professional Services Director > SuSE Linux Inc. > 510-628-3380 ext 5068 > ______________________________________________________________ > _________________ > "a commitee is twelve men doing the work of one" > --John F. Kennedy > > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBOlI7Iq5S0FuupP0+EQKCTgCg2Rf20rtkDnmwS/DjcLotu+tN+1UAoLlm CGH6hqAzALmVssvTD5bOMOCn =ZWGM -----END PGP SIGNATURE----- From ashamril at aurallix.com Wed Jan 3 07:50:39 2001 From: ashamril at aurallix.com (Ami Shamril) Date: Tue Dec 2 02:32:56 2003 Subject: samba authentication Message-ID: <000201c07559$de06ca60$ce0aa8c0@axishost> Hi... I've successfully configured samba 2.0.6 (RH6.2) as a PDC. All my users (Win9X) can log into the server. But there is one problem... sometimes we must enter at least 3 times the password b4 the server authenticated it. 1st & 2nd time the error is password not correct.... Even we key in the correct password. For the 3rd time normally ok... Anybody have the same problem... Please advise TQ in advance. From it-samba at computerbild.de Wed Jan 3 08:51:52 2001 From: it-samba at computerbild.de (Ingo T. Storm) Date: Tue Dec 2 02:32:56 2003 Subject: Anyone having problems with swat? References: <4991D79F34ECD2119D5600A0C9F4478E01887C07@andsvr05.poiusa.com> Message-ID: <006a01c07562$a3330ad0$2e2ca8c0@combi.de> - swat installs itself for inetd. - Redhat 7 uses xinetd, not inetd. Sorry, I am not familiar with xinetd, so I can only point out the problem but not solve it. Ingo ----- Original Message ----- From: "Westmoreland, Brent" To: Sent: Tuesday, January 02, 2001 7:52 PM Subject: Anyone having problems with swat? > I can't get swat to work via redhat 7.0. Am able to make changes via > smb.conf, but I would like some type of gui interface. Checke the > /etc/services file for the tcp port and it was fine. Any ideas? > > Thank You, > > Brent Westmoreland > (864) 622-3148 > [mailto:bwestmoreland@poiusa.com] > > > From MILE at ccssu.crimea.ua Wed Jan 3 07:23:05 2001 From: MILE at ccssu.crimea.ua (Milyukov Vadim V.) Date: Tue Dec 2 02:32:56 2003 Subject: Again NT PDC and Samba-TNG BDC Message-ID: <200101030923.LAA21944@ccssu.crimea.ua> hello all Here is the story: I need to move all NT acounts to Samba-TNG i think there are only one good way: TNG BDC -> samsync -> TNG PDC. Some info: dont - NT domain name ant - NT4.0 PDC merlin - NT4.0 BDC (don't used) demon - Samba-TNG-alpha2.6 I do it as described in previous lists: ========================================================== # rpcclient -S . -U root [root@.]$ createuser root -p 123 [root@.]$ quit # rpcclient -S ant -U admin%xxxxxx -W dont ... OK [dont\admin@ANT]$ use \\demon -Uroot%123 -Wdemon [demon\root@ANT]$ createuser demon$ -s -j dont ... Create Domain User: OK Join DEMON to Domain DONT LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED ^^^^^^^^^^^^^^^^^^^^^^^^^ what's this ??? Set $MACHINE.ACC: OK ===================================================== after it in NT Server Manager [Access Denyed.] to demon and i cant samsync !!! Could anyone explain me why. Somethings wrong or miss? thanks bye, Vadim --------- mile_0x10 [demons Team] [Registrated Linux User #199303] [Tavrida National Univercity] From ronin at mail2.udc.es Wed Jan 3 09:45:52 2001 From: ronin at mail2.udc.es (Jose Antonio Becerra Permuy) Date: Tue Dec 2 02:32:56 2003 Subject: Thoughts on problems with W2K joining ... In-Reply-To: <008701c07518$bed79c00$12324d90@pimco.com> References: <3.0.6.32.20010102222459.007c1ce0@bioserve.latrobe.edu.au> <008701c07518$bed79c00$12324d90@pimco.com> Message-ID: <01010310455200.14501@gsa9.eps.cdf.udc.es> El Mi? 03 Ene 2001 01:04, escribiste: > I know the FAQ claims win2K sp1 doesn't work, but I ignored this, and my > win2k client IS sp1, and it joined the domain, and it's working fine. > > In fact, it works perfectly. It doesn't work to me. As I said to Hazen, the problem may be in a later patch (I have installed all post-SP1 security patches) or may depend on the language of W2K (mine is Spanish revision). This needs more research... From goly at oumail.openu.ac.il Wed Jan 3 14:52:07 2001 From: goly at oumail.openu.ac.il (Goly Shakarov) Date: Tue Dec 2 02:32:56 2003 Subject: user authentication Message-ID: <400335551EF6D3118E8200805FC72CE7019FB1FE@ogi.openu.ac.il> HI good people I am running a samba server 2.0.5 under solaris 2.7 which askes some other server for authenticating users. Is there any possibility to define ONE user to not authenticate with the password server? but may be locally with samba? this is part of my smb.conf TIA # Global parameters [global] workgroup = XXXX netbios name = AAA security = SERVER encrypt passwords = Yes password server = the.password.server ?????. ????. ???. From goly at oumail.openu.ac.il Wed Jan 3 14:58:48 2001 From: goly at oumail.openu.ac.il (Goly Shakarov) Date: Tue Dec 2 02:32:56 2003 Subject: users ability to delete Message-ID: <400335551EF6D3118E8200805FC72CE7019FB1FF@ogi.openu.ac.il> HI I want to restrict users in my domain NOTallowing them to delete unix folders they browse into there windows machines by map-network-drive. they should have the ability to read-write-execute but not delete. please suggest. (samba 2.0.5,solaris7, win nt 4.0, win2k) TIA From jbcurry at hline.localhealth.net Wed Jan 3 17:10:03 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:56 2003 Subject: samba authentication In-Reply-To: <000201c07559$de06ca60$ce0aa8c0@axishost> Message-ID: Ami - I have experienced this once on my network, and I am aware of at least eight other users that have experienced it, ranging from "occasionally" to "all the time": Users report sporadic "Domain password not correct or access to domain server has been denied" messages at logon. This problem may or may not go away after xx minutes. This problem may go away after repeated attempts at logging on. This problem happens for both Win9x and WinNTWS users. For some sites, this problem always goes away immediately after changing ANY user password in smbpasswd. When the problem is occurring, other services on the server (such as file access and printing for users already logged on) seem to be fine. My current "guess" is that domain logons on Samba are exceptionally sensitive to network communication problems, which can hang up the process that authenticates users against smbpasswd. It seems to eventually clear itself. In my case, I found that simply editing the smbpasswd file made the problem go away immediately. I had at least one other user confirm that this also worked for him. The users experiencing this problem frequently admitted to having possible network communication problems. If I were you, I'd try to rule out network communication problems first. I have not seen anyone offer an explanation or solution to this problem since my first posting back in November. Gerald Carter and Richard Sharpe had both offered to help diagnose the problem, but I have been unable to get it to repeat on our network. I don't know if anybody else experiencing the problems followed up with them, but I haven't seen anything on this list server. Good luck! If you find out why it's happening, I'd be interested in hearing about it. > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Ami Shamril > Sent: Wednesday, January 03, 2001 2:51 AM > To: Samba-Ntdom (E-mail) > Subject: samba authentication > > > > Hi... > I've successfully configured samba 2.0.6 (RH6.2) as a PDC. > All my users (Win9X) can log into the server. > But there is one problem... sometimes we must enter at least 3 times the > password b4 the server authenticated it. > 1st & 2nd time the error is password not correct.... Even we key in the > correct password. For the 3rd time normally ok... > Anybody have the same problem... > Please advise > TQ in advance. > > > From mac at dgp.toronto.edu Wed Jan 3 18:13:58 2001 From: mac at dgp.toronto.edu (Maciej Kalisiak) Date: Tue Dec 2 02:32:56 2003 Subject: [OT] UNIX admin looking for intros (URLs?) on Windows admin topics Message-ID: <20010103131358.A5693@khazad-dum> I've "inherited" the maintenance of a very broken SAMBA server, and being almost exclusively a UNIX guy, this has sort of left me with a lot of questions. As I see it, the first step is to get up to date on all this lingo, so I was wondering if there are any resources online I could go to that would ease me into the world of Windows administration (well, at least from a SAMBA point of view). What I'm looking for is something that would explain what constitutes a share (I can guess, but want something more concrete), a policy, a SID, funky paths I keep running across like "foo\\bar\baz", Windows domains, etc, as well as how these things work together. -- Maciej Kalisiak mac@dgp.toronto.edu www.dgp.toronto.edu/~mac From mac at dgp.toronto.edu Wed Jan 3 18:17:39 2001 From: mac at dgp.toronto.edu (Maciej Kalisiak) Date: Tue Dec 2 02:32:56 2003 Subject: newbie Q: why need to readd machine to smbpasswd when rejoining domain? Message-ID: <20010103131739.B5693@khazad-dum> I've noticed that I must delete and then re-add a Win* machine to private/smbpasswd any time I leave a given domain and then rejoin it. I guess this has something to do with the regeneration of the SID, but I would like to know why this is (and perhaps a way to avoid having to do this). I'm using 2.2 from cvs, last synched somewhere in the middle of December. -- Maciej Kalisiak mac@dgp.toronto.edu www.dgp.toronto.edu/~mac From KeHall at exchange.ml.com Wed Jan 3 18:21:04 2001 From: KeHall at exchange.ml.com (Hall, Ken (ECSS)) Date: Tue Dec 2 02:32:56 2003 Subject: [OT] UNIX admin looking for intros (URLs?) on Windows admin t opics Message-ID: <59523CAF2AA3D111A8AB00805FE67F2E0264B5FB@ewst03.exchange.ml.com> May I recommend "Samba: Integrating UNIX and WIndows", by John D. Blair, Published by SSC. It might be a little out of date (1998), but it covers the Windows networking structure reasonably well without getting bogged down, and covers the important Samba issues. > -----Original Message----- > From: Maciej Kalisiak [SMTP:mac@dgp.toronto.edu] > Sent: Wednesday, January 03, 2001 1:14 PM > To: samba-ntdom@samba.org > Subject: [OT] UNIX admin looking for intros (URLs?) on Windows admin topics > > I've "inherited" the maintenance of a very broken SAMBA server, and being > almost exclusively a UNIX guy, this has sort of left me with a lot of > questions. As I see it, the first step is to get up to date on all this > lingo, so I was wondering if there are any resources online I could go to > that would ease me into the world of Windows administration (well, at least > from a SAMBA point of view). What I'm looking for is something that would > explain what constitutes a share (I can guess, but want something more > concrete), a policy, a SID, funky paths I keep running across like > "foo\\bar\baz", Windows domains, etc, as well as how these things work > together. > > -- > Maciej Kalisiak mac@dgp.toronto.edu www.dgp.toronto.edu/~mac > From jbcurry at hline.localhealth.net Wed Jan 3 18:22:52 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:56 2003 Subject: [OT] UNIX admin looking for intros (URLs?) on Windows admin topics In-Reply-To: <20010103131358.A5693@khazad-dum> Message-ID: There's a list of Samba mirror sites at http://www.samba.org These mirror sites contain documentation, general info, downloads, book references, (even t-shirts!) all pertaining to Samba. Also, you may find the books "Using Samba" (O'Reilly), "SAMS Teach Yourself Samba in 24 Hours" (MacMillan), and "Special Editition: Using Samba" (Que/MacMillan) handy references. At least one, "Using Samba", is available on-line (http://www.oreilly.com/catalog/samba/index.html) If you decide to use floating policies, there's a good book out by O'Reilly called "Windows System Policy Editor". Hope that'll get you started... > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Maciej Kalisiak > Sent: Wednesday, January 03, 2001 1:14 PM > To: samba-ntdom@samba.org > Subject: [OT] UNIX admin looking for intros (URLs?) on Windows admin > topics > > > I've "inherited" the maintenance of a very broken SAMBA server, and being > almost exclusively a UNIX guy, this has sort of left me with a lot of > questions. As I see it, the first step is to get up to date on all this > lingo, so I was wondering if there are any resources online I could go to > that would ease me into the world of Windows administration > (well, at least > from a SAMBA point of view). What I'm looking for is something that would > explain what constitutes a share (I can guess, but want something more > concrete), a policy, a SID, funky paths I keep running across like > "foo\\bar\baz", Windows domains, etc, as well as how these things work > together. > > -- > Maciej Kalisiak mac@dgp.toronto.edu > www.dgp.toronto.edu/~mac > > From joeoltusa at netscape.net Wed Jan 3 18:50:13 2001 From: joeoltusa at netscape.net (Joe Olt) Date: Tue Dec 2 02:32:56 2003 Subject: [newbie Q: why need to readd machine to smbpasswd when rejoining domain?] Message-ID: <20010103185013.12950.qmail@www0n.netaddress.usa.net> I don't think you can avoid it. The machine password gets changed every so often for security. The SID remains the same. Once trust relationships work, you shouldn't have to change domains. Maciej Kalisiak wrote: >I've noticed that I must delete and then re-add a Win* machine to >private/smbpasswd any time I leave a given domain and then rejoin it. I guess >this has something to do with the regeneration of the SID, but I would like to >know why this is (and perhaps a way to avoid having to do this). >I'm using 2.2 from cvs, last synched somewhere in the middle of December. ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail From slu at firerun.net Wed Jan 3 18:27:04 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:32:56 2003 Subject: Again NT PDC and Samba-TNG BDC References: <200101030923.LAA21944@ccssu.crimea.ua> Message-ID: <3A536EF8.1C95A506@firerun.net> Samba-TNG is not covered in this list. "Milyukov Vadim V." wrote: > hello all > Here is the story: > I need to move all NT acounts to Samba-TNG > i think there are only one good way: TNG BDC -> samsync -> TNG PDC. > > Some info: > dont - NT domain name > ant - NT4.0 PDC > merlin - NT4.0 BDC (don't used) > demon - Samba-TNG-alpha2.6 > > I do it as described in previous lists: > > ========================================================== > # rpcclient -S . -U root > [root@.]$ createuser root -p 123 > [root@.]$ quit > # rpcclient -S ant -U admin%xxxxxx -W dont > ... > OK > [dont\admin@ANT]$ use \\demon -Uroot%123 -Wdemon > [demon\root@ANT]$ createuser demon$ -s -j dont > ... > Create Domain User: OK > Join DEMON to Domain DONT > LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED > ^^^^^^^^^^^^^^^^^^^^^^^^^ > what's this ??? > Set $MACHINE.ACC: OK > ===================================================== > > after it in NT Server Manager [Access Denyed.] to demon > and i cant samsync !!! > Could anyone explain me why. Somethings wrong or miss? > thanks > > bye, > Vadim > > --------- > > mile_0x10 [demons Team] [Registrated Linux User #199303] > [Tavrida National Univercity] From jgarber at eng.utoledo.edu Wed Jan 3 18:58:20 2001 From: jgarber at eng.utoledo.edu (jeremy garber) Date: Tue Dec 2 02:32:56 2003 Subject: newbie Q: why need to readd machine to smbpasswd when rejoining domain? Message-ID: <200101031858.NAA16714@strange.eng.utoledo.edu> > I've noticed that I must delete and then re-add a Win* machine to > private/smbpasswd any time I leave a given domain and then rejoin it. I guess > this has something to do with the regeneration of the SID, but I would like to > know why this is (and perhaps a way to avoid having to do this). At least for WinNT 4.0 clients, the clients' netlogon service requests a change of the machine's password entry (from the well known default password) upon joining a domain (ok, after a reboot if you use the gui or without a reboot if you use netdom... when the netlogon service starts) with which samba complies. When an NT client attempts to join a domain, it always expects it's well known password (which no longer exists in smbpasswd after the first time the machine joins the domain). To stop this behavior, see http://support.microsoft.com/support/kb/articles/Q154/5/01.asp (i.e. change the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DisablePasswordChange registry entry from 0 to 1) Note the security warnings/implications. > > I'm using 2.2 from cvs, last synched somewhere in the middle of December. We are currently testing 2.0.7, but I presume that the functionality would be the same from samba's side since this is what an NT server would do (but you can disable from the server side too with NT -- I haven't investigated the 2.2 cvs conf options, but I haven't found a "refuse machine password change" like option in 2.0.7). Corrections to any of the above is welcome. Jeremy Garber Computer Engineer Engineering College Computing The University of Toledo jgarber@eng.utoledo.edu > > -- > Maciej Kalisiak mac@dgp.toronto.edu www.dgp.toronto.edu/~mac > From armand at welshhome.org Wed Jan 3 19:22:38 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:56 2003 Subject: USING WIN NT SERVER WITH PROXY SERVER References: <001b01c07526$a1a18ca0$02006b83@rob> Message-ID: <003301c075ba$8c5966d0$12324d90@pimco.com> just the redhat machine, or client via the redhat machine. The redhat machine, can access the internet through the microsoft proxy, as a client. But you have to either use anonymous proxy (on the proxy server), or the redhat client must support proxying. If you don't use anonymous proxy, the web client on redhat, if it support proxying, will ask you for a login. The login is in the form of: username: ntdomain/ntuser password: ntpassword ----- Original Message ----- From: Rob Marsiglia To: samba-ntdom@lists.samba.org Sent: Tuesday, January 02, 2001 5:43 PM Subject: USING WIN NT SERVER WITH PROXY SERVER I have a Nt server running proxy server and need to setup redhat to use the internet through the NT proxy server, I know samba doesnt do it, but what will? I havent found a resource to do it yet...anyone run into this problem and have a resolution? -------------- next part -------------- HTML attachment scrubbed and removed From hazen at potentia.ca Wed Jan 3 20:34:27 2001 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:56 2003 Subject: newbie Q: why need to readd machine to smbpasswd when rejoining domain? In-Reply-To: <200101031858.NAA16714@strange.eng.utoledo.edu> Message-ID: Hello I've had to do the same a few times (and my clients are NT4 SP5 w/security) as newbie Q, delete and re-add (At's how i also got the w2k clients on as well) Just mentioning it. -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of jeremy garber Sent: Wednesday, January 03, 2001 1:58 PM To: samba-ntdom@samba.org; mac@dgp.toronto.edu Subject: Re: newbie Q: why need to readd machine to smbpasswd when rejoining domain? > I've noticed that I must delete and then re-add a Win* machine to > private/smbpasswd any time I leave a given domain and then rejoin it. I guess > this has something to do with the regeneration of the SID, but I would like to > know why this is (and perhaps a way to avoid having to do this). At least for WinNT 4.0 clients, the clients' netlogon service requests a change of the machine's password entry (from the well known default password) upon joining a domain (ok, after a reboot if you use the gui or without a reboot if you use netdom... when the netlogon service starts) with which samba complies. When an NT client attempts to join a domain, it always expects it's well known password (which no longer exists in smbpasswd after the first time the machine joins the domain). To stop this behavior, see http://support.microsoft.com/support/kb/articles/Q154/5/01.asp (i.e. change the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\Dis ablePasswordChange registry entry from 0 to 1) Note the security warnings/implications. > > I'm using 2.2 from cvs, last synched somewhere in the middle of December. We are currently testing 2.0.7, but I presume that the functionality would be the same from samba's side since this is what an NT server would do (but you can disable from the server side too with NT -- I haven't investigated the 2.2 cvs conf options, but I haven't found a "refuse machine password change" like option in 2.0.7). Corrections to any of the above is welcome. Jeremy Garber Computer Engineer Engineering College Computing The University of Toledo jgarber@eng.utoledo.edu > > -- > Maciej Kalisiak mac@dgp.toronto.edu www.dgp.toronto.edu/~mac > From sharpe at ns.aus.com Wed Jan 3 21:57:08 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:32:56 2003 Subject: [OT] UNIX admin looking for intros (URLs?) on Windows admin t opics In-Reply-To: <59523CAF2AA3D111A8AB00805FE67F2E0264B5FB@ewst03.exchange.m l.com> Message-ID: <3.0.6.32.20010104075708.00b472f0@203.16.214.248> At 01:21 PM 1/3/01 -0500, Hall, Ken (ECSS) wrote: >May I recommend "Samba: Integrating UNIX and WIndows", by John D. Blair, >Published by SSC. > >It might be a little out of date (1998), but it covers the Windows networking >structure reasonably well without getting bogged down, and covers the >important Samba issues. While John's book was the first Samba book out, it is far too out of date to be used these days. Please check the Samba web site. There is a list of books on it that you can look at. >> -----Original Message----- >> From: Maciej Kalisiak [SMTP:mac@dgp.toronto.edu] >> Sent: Wednesday, January 03, 2001 1:14 PM >> To: samba-ntdom@samba.org >> Subject: [OT] UNIX admin looking for intros (URLs?) on Windows admin topics >> >> I've "inherited" the maintenance of a very broken SAMBA server, and being >> almost exclusively a UNIX guy, this has sort of left me with a lot of >> questions. As I see it, the first step is to get up to date on all this >> lingo, so I was wondering if there are any resources online I could go to >> that would ease me into the world of Windows administration (well, at least >> from a SAMBA point of view). What I'm looking for is something that would >> explain what constitutes a share (I can guess, but want something more >> concrete), a policy, a SID, funky paths I keep running across like >> "foo\\bar\baz", Windows domains, etc, as well as how these things work >> together. >> >> -- >> Maciej Kalisiak mac@dgp.toronto.edu www.dgp.toronto.edu/~mac >> > > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From armand at welshhome.org Wed Jan 3 21:56:42 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:56 2003 Subject: USING WIN NT SERVER WITH PROXY SERVER References: <9A0F63A07282D4119C4100D0B72017AA7E28BB@fatboy.sausage.com.au> Message-ID: <006901c075d0$1334f920$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* winsocks proxy, works only with the winsock wrapper, that encapsulates packets, and sends them to the proxy server, to be de-encapsulated, and transmitted out, as if the server was the client. This is a very powerfull function, as this method supports tcp, and udp, w/o special helper apps, and will even work on ipx networks, since it a winsock replacement/wrapper. Anything that uses winsock on windows, can work with winsock proxy. This is a microsoft only service, so don't try to get it working on unix, unless you know how the winsock proxy client works. Socks proxy, is a fully functional, non-authenticating socks 4 proxy server, that only supports ftp, telnet, http, and (i think) gopher. So as you can see, it's not going to work with real-audio, or other apps of the non-web client nature. This proxy service, does allow for an ACL to determine what ip addresses may use the socks proxy. it's simillar to any other firewall acl for authorization. WebProxy, is an authenticating (by optional config option) http proxy server. It can authenticate against the windows accounts, via either NT Challenge/Response method, or Clear Text method, depending on the IIS authentication settings. So long as the IIS service allow clear text authentication, then you can use a non-Internet Explorer Browser, and authenticate against the proxy server. If anonymous access is allowed in IIS, and the Web Proxy service does not require authentication, or rather, permits the everyone group access to the web proxy service, then any application that supports proxy servers will work, as the proxy server won't ask for authentication. Using applications designed to use an authenticating http proxy server doesn't usually work, as the authentication is not very standard. It works by letting the proxy server request a username/password, or passing as part of the proxy server parameter. Where the proxy settings of your web prowser ask for the address, enter in http://user:password@proxy.server.address and set the port to port 80 Also, set the socks server to address to: proxy.server.address, and the port to port 1080. the socks server will work for all you web client functions, if the client supports socks/proxy features. but it will not work for command line ftp, or telnet, etc.... for these, you need the winsock proxy, or a special utility to encapsulate your socks requests and send them to the socks proxy on port 1080. But again, you are limited to only telnet, ftp, http, etc... ----- Original Message ----- From: "Chris Odgers" To: "'Jon Doyle'" ; "Greg Dickie" Cc: "Rob Marsiglia" ; Sent: Tuesday, January 02, 2001 10:33 PM Subject: RE: USING WIN NT SERVER WITH PROXY SERVER > *This message was transferred with a trial version of CommuniGate(tm) Pro* > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I think the problem is the fact that in most environments, MS proxy > is set up to require NTLM authentication for the web side of things. > Obviously, in a standard unix environment this isn't going to work > too well, unless somebody wrote a meta-proxy which understood the > NTLM stuff and spoke basic authentication to the unix clients. > > I can't comment on the socks proxy or winsock proxy parts, as I > haven't had much exposure to them. > > Chris > > > -----Original Message----- > > From: Jon Doyle [mailto:marsaro@suse.com] > > Sent: Wednesday, January 03, 2001 5:30 PM > > To: Greg Dickie > > Cc: Rob Marsiglia; samba-ntdom@us5.samba.org > > Subject: Re: USING WIN NT SERVER WITH PROXY SERVER > > > > > > > > > > Hi; > > > > From my experiences with MS Proxy the only way that piece of > > code works > > well is with the MS Proxy Client. Yes, it is supposed to be SOCKS > > compliant, but the ability to NAT was only introduced into their > > new product ISC2k or ISA2k, something like that. it is true that > > Squid can do > > the HTTP Accelaration and access control that you may need > > (in the case of > > MS Proxy) and the Linux server will allow more flexibility to > > add unix and > > MAC clients behind it (MASQ), I do not even want to start a war on > > the list over security avantages with Linux over MS, but you may > > conclude I > > would recommend the use of SAMBA/Squid/and Firewall/MASQ over > > an MS Proxy. > > > > Regards, > > > > > > Jon > > > > > > > > On Tue, 2 Jan 2001, Greg Dickie wrote: > > > > > > > > I'm guessing that squid may have a way to do this. > > > > > > Greg > > > > > > > > > On Tue, 2 Jan 2001, Rob Marsiglia wrote: > > > > > > > Date: Tue, 2 Jan 2001 20:43:53 -0500 > > > > From: Rob Marsiglia > > > > To: samba-ntdom@us5.samba.org > > > > Subject: USING WIN NT SERVER WITH PROXY SERVER > > > > > > > > I have a Nt server running proxy server and need to setup > > redhat to use the internet through the NT proxy server, I > > know samba doesnt do it, but what will? I havent found a > > resource to do it yet...anyone run into this problem and have > > a resolution? > > > > > > > > > > > > -------------------------------------------------------------------- > > - > > > Greg Dickie > > > just a guy > > > greg@discreet.com > > > > > > > > > > > > > > > ______________________________________________________________ > > _________________ > > Jon R. Doyle > > Professional Services Director > > SuSE Linux Inc. > > 510-628-3380 ext 5068 > > ______________________________________________________________ > > _________________ > > "a commitee is twelve men doing the work of one" > > --John F. Kennedy > > > > > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 6.5.3 for non-commercial use > > iQA/AwUBOlI7Iq5S0FuupP0+EQKCTgCg2Rf20rtkDnmwS/DjcLotu+tN+1UAoLlm > CGH6hqAzALmVssvTD5bOMOCn > =ZWGM > -----END PGP SIGNATURE----- > > From armand at welshhome.org Wed Jan 3 21:57:33 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:56 2003 Subject: samba authentication References: <000201c07559$de06ca60$ce0aa8c0@axishost> Message-ID: <006f01c075d0$3305a830$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* I had this problem too, with 2.0.6, and 2.0.7, I use the HEAD cvs and it work Perfect for authentication... ----- Original Message ----- From: "Ami Shamril" To: "Samba-Ntdom (E-mail)" Sent: Tuesday, January 02, 2001 11:50 PM Subject: samba authentication > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Hi... > I've successfully configured samba 2.0.6 (RH6.2) as a PDC. > All my users (Win9X) can log into the server. > But there is one problem... sometimes we must enter at least 3 times the > password b4 the server authenticated it. > 1st & 2nd time the error is password not correct.... Even we key in the > correct password. For the 3rd time normally ok... > Anybody have the same problem... > Please advise > TQ in advance. > > > From ggage at mmm.com Wed Jan 3 22:00:32 2001 From: ggage at mmm.com (ggage@mmm.com) Date: Tue Dec 2 02:32:56 2003 Subject: NT_STATUS_NO_TRUST_SAM_ACCOUNT - Multi Domains Message-ID: <862569C9.0078E840.00@em-stpmta-01.mmm.com> Before I ask you to read too much, I think that my question boils down to: Is it OK to join my samba server (cadbert) to a domain (ITNT) as a member and authenticate passwords off of a server (winsaccts046) in another domain (WINS)? I have successfully joined the ITNT domain with smbpasswd -j ITNT -r adam (adam is PDC of ITNT) after the NT admin added cadbert to ITNT. When mapping a share from an NT client or using smbclient, I get the following error. BTW, I have read the postings in the Oct 2000 archives and have tried their suggestions about removing and re-adding the samba server to the domain. share: \\cadbert\it user: usren006 ( also tried with DOM: wins\usren006 ) [2001/01/03 15:52:10, 0] rpc_client/cli_netlogon.c:(159) cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT [2001/01/03 15:52:10, 0] rpc_client/cli_login.c:(72) cli_nt_setup_creds: auth2 challenge failed [2001/01/03 15:52:10, 0] smbd/password.c:(1261) connect_to_domain_password_server: unable to setup the PDC credentials to mach ine WINSACCTS046. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. [2001/01/03 15:52:10, 0] smbd/password.c:(1454) domain_client_validate: Domain password server not available. <------ WHY NOT? [2001/01/03 15:52:10, 0] passdb/smbpass.c:(87) startsmbfilepwent_internal: unable to open file /etc/opt/samba/private/smbpass wd. Error was No such file or directory [2001/01/03 15:52:10, 0] passdb/passdb.c:(149) unable to open smb password database. [2001/01/03 15:52:10, 1] smbd/password.c:(500) Couldn't find user 'usren006' in smb_passwd file. [2001/01/03 15:52:10, 2] smbd/reply.c:(914) NT Password did not match for user 'usren006' ! Defaulting to Lanman [2001/01/03 15:52:10, 0] passdb/smbpass.c:(87) startsmbfilepwent_internal: unable to open file /etc/opt/samba/private/smbpass wd. Error was No such file or directory [2001/01/03 15:52:10, 0] passdb/passdb.c:(149) unable to open smb password database. [2001/01/03 15:52:10, 1] smbd/password.c:(500) Couldn't find user 'usren006' in smb_passwd file. [2001/01/03 15:52:10, 1] smbd/reply.c:(933) Rejecting user 'usren006': bad password sbm.conf: # Global parameters [global] workgroup = ITNT netbios name = CADBERT server string = Samba Server 2.0.7 security = DOMAIN encrypt passwords = Yes min password length = 3 map to guest = Bad User password server = winsaccts046 debug level = 2 syslog = 0 log file = /var/opt/samba/log.%m max log size = 1000 local master = No guest account = samba writeable = Yes hosts allow = 169.14. short preserve case = No dos filetime resolution = Yes domain logons = No [it] path = /it valid users = +it From armand at welshhome.org Wed Jan 3 23:02:58 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:56 2003 Subject: Thoughts on problems with W2K joining ... References: <3.0.6.32.20010102222459.007c1ce0@bioserve.latrobe.edu.au> <008701c07518$bed79c00$12324d90@pimco.com> <01010310455200.14501@gsa9.eps.cdf.udc.es> Message-ID: <008101c075d9$57d05d00$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* ah! I have Domestic/English version.. Perhaps that is the case... I too have all the latest and greatest updates on my machine... I follow the security alerts, and update my system on a weekly/bi-weekly process. But it was about 3 weeks ago when I joined into the domain. ----- Original Message ----- From: "Jose Antonio Becerra Permuy" To: Sent: Wednesday, January 03, 2001 1:45 AM Subject: Re: Thoughts on problems with W2K joining ... > *This message was transferred with a trial version of CommuniGate(tm) Pro* > El Mi? 03 Ene 2001 01:04, escribiste: > > I know the FAQ claims win2K sp1 doesn't work, but I ignored this, and my > > win2k client IS sp1, and it joined the domain, and it's working fine. > > > > In fact, it works perfectly. > > It doesn't work to me. As I said to Hazen, the problem may be in a later > patch (I have installed all post-SP1 security patches) or may depend on the > language of W2K (mine is Spanish revision). This needs more research... > > From litlrob at home.com Wed Jan 3 23:48:40 2001 From: litlrob at home.com (Rob Marsiglia) Date: Tue Dec 2 02:32:56 2003 Subject: nt proxy server Message-ID: <002a01c075df$b37dd960$02006b83@rob> well thank you to you all for the help, I got it working by disabling nt's chalenge responce and switching it to text mode. If anyone has a way of letting me switch back to the nt chalenge responce im all ears, but it works for now..! Thanks again!~ -------------- next part -------------- HTML attachment scrubbed and removed From slu at firerun.net Thu Jan 4 00:47:34 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:32:56 2003 Subject: win2k joining samba 2.2 controlled domain Message-ID: <3A53C826.35670579@firerun.net> I would like to share my success of joining a win2k sp1 machine to a samba 2.2 controlled domain I grabbed today's CVS of samba 2.2 and have successfully joined a win2k machine with sp1 to the domain. I tried a Even number of characters for the domain name "TEST". I followed the PDC how-to to the tee. and when I joined the machine to the domain I got the message "Welcome to the TEST domain" and I then rebooted the machine. When I tried to login using the test account I created on the domain I received the following message: "The system cannot log you onto this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." I then checked to see if the add user script had created the machine account like it should have, and sure enough it was there. So I then deiced to try an odd number of characters for the domain and I still received the same message. So I then decided to delete any reference to the machine account in the password files, and then create the account manually. I then also changed the domain name back to "TEST" and joined the machine again. This time upon reboot I was able to logon to the TEST domain without a problem, it all works beautifully. I would like to thank all of the people who have helped create samba, because it is a great piece of work! Patrick From slu at firerun.net Thu Jan 4 02:08:22 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:32:57 2003 Subject: samba 2.2 domain admin users Message-ID: <3A53DB16.10B5EFC9@firerun.net> After getting my win2k sp1 machine to join a samba 2.2 controlled domain I found out that the users listed under Domain Admin users = user1 user2 in the smb.conf file do not have Administrator rights on the win2k machine. Is there something else I have to set in the smb.conf file? Patrick From D.Bannon at latrobe.edu.au Thu Jan 4 02:20:22 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:57 2003 Subject: samba 2.2 domain admin users In-Reply-To: <3A53DB16.10B5EFC9@firerun.net> Message-ID: <3.0.6.32.20010104132022.008bd7b0@bioserve.latrobe.edu.au> At 07:08 PM 1/3/01 -0700, Patrick wrote: >After getting my win2k sp1 machine to join a samba 2.2 controlled domain >I found out that the users listed under Domain Admin users = user1 >user2 in the smb.conf file do not have Administrator rights on the >win2k machine. Is there something else I have to set in the smb.conf >file? Know Bug #3 from the FAQ : NTs (and possibly W2K ?) are not told the logged on user is a domain admin if the parameter "domain admin users = user" is used. The alternative, "domain admin group" does work. See the HowTo. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From armand at welshhome.org Thu Jan 4 02:51:45 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:57 2003 Subject: win2k joining samba 2.2 controlled domain References: <3A53C826.35670579@firerun.net> Message-ID: <000d01c075f9$468a7740$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* for some reason 2.2 doesn't always authenticate... if you try 3 or so times, it probably would have worked. The HEAD cvs doesn't seem to have this problem, maybe you might want to switch to the HEAD version, if the problem comes back. ----- Original Message ----- From: "Patrick" To: Sent: Wednesday, January 03, 2001 4:47 PM Subject: win2k joining samba 2.2 controlled domain > *This message was transferred with a trial version of CommuniGate(tm) Pro* > I would like to share my success of joining a win2k sp1 machine to a > samba 2.2 controlled domain > > I grabbed today's CVS of samba 2.2 and have successfully joined a win2k > machine with sp1 to the domain. I tried a Even number of characters for > the domain name "TEST". I followed the PDC how-to to the tee. and when > I joined the machine to the domain I got the message "Welcome to the > TEST domain" and I then rebooted the machine. When I tried to login > using the test account I created on the domain I received the following > message: > > "The system cannot log you onto this domain because the system's > computer account in its primary domain is missing > or the password on that account is incorrect." > > I then checked to see if the add user script had created the machine > account like it should have, and sure enough it was there. So I then > deiced to try an odd number of characters for the domain and I still > received the same message. So I then decided to delete any reference to > the machine account in the password files, and then create the account > manually. I then also changed the domain name back to "TEST" and joined > the machine again. This time upon reboot I was able to logon to the > TEST domain without a problem, it all works beautifully. > > I would like to thank all of the people who have helped create samba, > because it is a great piece of work! > > Patrick > > > From awilliam at whitemice.org Thu Jan 4 03:02:44 2001 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Tue Dec 2 02:32:57 2003 Subject: samba 2.2 domain admin users In-Reply-To: <3.0.6.32.20010104132022.008bd7b0@bioserve.latrobe.edu.au> References: <3A53DB16.10B5EFC9@firerun.net> <3.0.6.32.20010104132022.008bd7b0@bioserve.latrobe.edu.au> Message-ID: <20010103220244.7652eadc.awilliam@whitemice.org> >>After getting my win2k sp1 machine to join a samba 2.2 controlled domain >>I found out that the users listed under Domain Admin users = user1 >>user2 in the smb.conf file do not have Administrator rights on the >>win2k machine. Is there something else I have to set in the smb.conf >>file? >Know Bug #3 from the FAQ : >NTs (and possibly W2K ?) are not told the logged on user is a domain admin >if the parameter "domain admin users = user" is used. The >alternative, "domain admin group" does work. See the HowTo. "domain admin group = " does seem to work pretty much. However on my Citrix Winframe 1.7 box attempting to use "application configuration" results in a "You do not have domain administration privilages", and doesn't let me setup any applications for domain users. Anyone know of a work-around for this? Does WinY2k-TSE work with Alpha1? Enumerating users for setting file permission does not work, is this normal? (I think it is, I just want to confirm). Occasionally, as a domain user, attempts to delete a file result in "remote system does not support extended attributes" (approx message). This seems to be a UNIX permissions issue. Samba Server is Redhat Linux 6.2 security = user status = yes workgroup = BACKBONE server string = NT v6 Domain Controller encrypt passwords = Yes printer driver file=/usr/local/samba/lib/printers.def socket options = TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 SO_KEEPALIVE time server = Yes lpq cache time = 30 domain logons = Yes os level = 250 preferred master = Yes logon script = %G.bat domain master = Yes domain admin group = @cis wins support = Yes guest account = pcnet wins hook = /usr/local/samba/bin/dns_update From zzeta at ciudad.com.ar Thu Jan 4 04:09:11 2001 From: zzeta at ciudad.com.ar (=?iso-8859-1?Q?Nicol=E1s_Zeitlin?=) Date: Tue Dec 2 02:32:57 2003 Subject: Win ME clients Message-ID: <00b601c07604$210fbc40$57982bc8@natasha> Please excuse my ignorance.... I'm just entering the Samba/PDC world. Is it possible to work with Windows ME as the client computer, in a domain where Samba is the PDC? Will Win ME respect my share permissions (i.e. not allowing the guest user to access /etc/passwd)?? I know these are broad topics, so if you coud just send me to the right URL, or anything alike where I could get more information, I'll be just as grateful. Thanks in advance, Nicolas Zeitlin -------------- next part -------------- HTML attachment scrubbed and removed From Chris.Odgers at sausage.com Thu Jan 4 04:28:46 2001 From: Chris.Odgers at sausage.com (Chris Odgers) Date: Tue Dec 2 02:32:57 2003 Subject: Win ME clients Message-ID: <9A0F63A07282D4119C4100D0B72017AA7E28C5@fatboy.sausage.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yeah, as far as samba is concerned, an ME client is identical to a 98 client (and not doing a 'domain logon' in the NT/2000 sense anyway.) The permissions are imposed by the server and can be as loose or granular as you want. You probably shouldn't be sharing your /etc directory anyhow ;) The documentation that comes with the samba source code is probably a more authorative source than I am. - -----Original Message----- From: Nicol?s Zeitlin [mailto:zzeta@ciudad.com.ar] Sent: Thursday, January 04, 2001 3:09 PM To: samba-ntdom@lists.samba.org Subject: Win ME clients Please excuse my ignorance.... I'm just entering the Samba/PDC world. Is it possible to work with Windows ME as the client computer, in a domain where Samba is the PDC? Will Win ME respect my share permissions (i.e. not allowing the guest user to access /etc/passwd)?? I know these are broad topics, so if you coud just send me to the right URL, or anything alike where I could get more information, I'll be just as grateful. Thanks in advance, Nicolas Zeitlin -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBOlNvWq5S0FuupP0+EQKXXwCfZWNoAwCZUXZ8G05FnRFNH5/npo4AoK58 hoGNLGU4Ns2feAEDslizv7dB =wGbT -----END PGP SIGNATURE----- -------------- next part -------------- HTML attachment scrubbed and removed From schapiro at clerk.pi.huji.ac.il Thu Jan 4 06:12:31 2001 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:32:57 2003 Subject: smbmount Q Message-ID: Hi, I am trying to mount a windows share with smbmount (it works bascially) but I would like to specify the password on the command line (like I can do with smbclient) and not to have to enter it manually. I need this to mount Windows shares in order to back them up (I am aware of the drawbacks involved). Can anybody point out to me how to do this ? Do I have to update my mount/smbmount commands (where from) ? I saw that samba 2.0.7 comes with smbmnt/smbmount, but they seem to be the same as with 2.0.5 (what I currently use). Thanks for your help, Schlomo -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 Fax: 65-27349 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From Daniel.Moeller at de.bosch.com Thu Jan 4 06:29:32 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/AST10) *) Date: Tue Dec 2 02:32:57 2003 Subject: AW: NT_STATUS_NO_TRUST_SAM_ACCOUNT - Multi Domains Message-ID: <9015FB0BD980D411BFBC00508BAE6AF74E0F96@simail5.server.bosch.com> Hi, the domain which winsaccts046 is in must have a trust relation to your ITNT domain. Kind regards, Daniel -----Urspr?ngliche Nachricht----- Von: ggage@mmm.com [mailto:ggage@mmm.com] Gesendet: Mittwoch, 3. Januar 2001 23:01 An: samba-ntdom@us5.samba.org Betreff: NT_STATUS_NO_TRUST_SAM_ACCOUNT - Multi Domains Before I ask you to read too much, I think that my question boils down to: Is it OK to join my samba server (cadbert) to a domain (ITNT) as a member and authenticate passwords off of a server (winsaccts046) in another domain (WINS)? I have successfully joined the ITNT domain with smbpasswd -j ITNT -r adam (adam is PDC of ITNT) after the NT admin added cadbert to ITNT. When mapping a share from an NT client or using smbclient, I get the following error. BTW, I have read the postings in the Oct 2000 archives and have tried their suggestions about removing and re-adding the samba server to the domain. share: \\cadbert\it user: usren006 ( also tried with DOM: wins\usren006 ) [2001/01/03 15:52:10, 0] rpc_client/cli_netlogon.c:(159) cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT [2001/01/03 15:52:10, 0] rpc_client/cli_login.c:(72) cli_nt_setup_creds: auth2 challenge failed [2001/01/03 15:52:10, 0] smbd/password.c:(1261) connect_to_domain_password_server: unable to setup the PDC credentials to mach ine WINSACCTS046. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. [2001/01/03 15:52:10, 0] smbd/password.c:(1454) domain_client_validate: Domain password server not available. <------ WHY NOT? [2001/01/03 15:52:10, 0] passdb/smbpass.c:(87) startsmbfilepwent_internal: unable to open file /etc/opt/samba/private/smbpass wd. Error was No such file or directory [2001/01/03 15:52:10, 0] passdb/passdb.c:(149) unable to open smb password database. [2001/01/03 15:52:10, 1] smbd/password.c:(500) Couldn't find user 'usren006' in smb_passwd file. [2001/01/03 15:52:10, 2] smbd/reply.c:(914) NT Password did not match for user 'usren006' ! Defaulting to Lanman [2001/01/03 15:52:10, 0] passdb/smbpass.c:(87) startsmbfilepwent_internal: unable to open file /etc/opt/samba/private/smbpass wd. Error was No such file or directory [2001/01/03 15:52:10, 0] passdb/passdb.c:(149) unable to open smb password database. [2001/01/03 15:52:10, 1] smbd/password.c:(500) Couldn't find user 'usren006' in smb_passwd file. [2001/01/03 15:52:10, 1] smbd/reply.c:(933) Rejecting user 'usren006': bad password sbm.conf: # Global parameters [global] workgroup = ITNT netbios name = CADBERT server string = Samba Server 2.0.7 security = DOMAIN encrypt passwords = Yes min password length = 3 map to guest = Bad User password server = winsaccts046 debug level = 2 syslog = 0 log file = /var/opt/samba/log.%m max log size = 1000 local master = No guest account = samba writeable = Yes hosts allow = 169.14. short preserve case = No dos filetime resolution = Yes domain logons = No [it] path = /it valid users = +it From armand at welshhome.org Thu Jan 4 07:26:12 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:57 2003 Subject: smbmount Q References: Message-ID: <000f01c0761f$9da2f4a0$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* from the linux prompt, if you have the kernel compiled to support smbmount (most are) then use: # mount //computer/share /mountpoint -t smbfs -o username=me -o password=mypassword -o workgroup=NTdomain where: me = your windows username mypassword = your windows password NTdomain = the domain is the domain to login to, or use the name of the windows machine, if you are using a local windows account on the machine. i.e., to login to an NT workstation named nelson, as the administrator, with a password of pass, and mount the C$ hidden share to the /net directory on your linux box the command would be: # mount //nelson/c$ /net -t smbfs -o username=administrator -o password=pass -o workgroup=nelson ----- Original Message ----- From: "Schlomo Schapiro" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Wednesday, January 03, 2001 10:12 PM Subject: smbmount Q > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hi, > > I am trying to mount a windows share with smbmount (it works > bascially) but I would like to specify the password on the command line > (like I can do with smbclient) and not to have to enter it manually. I > need this to mount Windows shares in order to back them up (I am aware of > the drawbacks involved). > > Can anybody point out to me how to do this ? Do I have to update my > mount/smbmount commands (where from) ? > > I saw that samba 2.0.7 comes with smbmnt/smbmount, but they seem to be the > same as with 2.0.5 (what I currently use). > > Thanks for your help, > > Schlomo > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-84404 > Fax: 65-27349 > email: schapiro@clerk.pi.huji.ac.il > WWW: http://shum.cc.huji.ac.il/~schapiro > > > From armand at welshhome.org Thu Jan 4 07:30:09 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:57 2003 Subject: Win ME clients References: <00b601c07604$210fbc40$57982bc8@natasha> Message-ID: <002901c07620$2aba3010$6602a8c0@nelson> Yes it is possible, it's as simple as specifing a domain to authenticat on, on windows ME (it's identical to win95/98). Yes, win ME will respect your share permissions. Actually, winME has not part in the share permissions. It will try to access whatever you tell it to, and it assumes it has rights. Samba is what will handle rejecting the permission to your shares. So what I am saying, is its a server issue, not a client issue. hth Armand ----- Original Message ----- From: Nicol?s Zeitlin To: samba-ntdom@lists.samba.org Sent: Wednesday, January 03, 2001 8:09 PM Subject: Win ME clients Please excuse my ignorance.... I'm just entering the Samba/PDC world. Is it possible to work with Windows ME as the client computer, in a domain where Samba is the PDC? Will Win ME respect my share permissions (i.e. not allowing the guest user to access /etc/passwd)?? I know these are broad topics, so if you coud just send me to the right URL, or anything alike where I could get more information, I'll be just as grateful. Thanks in advance, Nicolas Zeitlin -------------- next part -------------- HTML attachment scrubbed and removed From goly at oumail.openu.ac.il Thu Jan 4 07:37:40 2001 From: goly at oumail.openu.ac.il (Goly Shakarov) Date: Tue Dec 2 02:32:57 2003 Subject: answer to mounting WIN from Unix Message-ID: <400335551EF6D3118E8200805FC72CE7019FB20D@ogi.openu.ac.il> Hi I installed a software on solaris platform which unables me to pull the browse list from the wins machines and mount all kinds of win2k/winnt4 with GUi or command line.(different from smbclient-ftp-like). it works fine. http://www.obdev.at/Products/Sharity.html Sharity is a client for the CIFS (Common Internet FileSystem) protocol, formerly known as SMB (Server Message Block) protocol. This protocol is currently used by WindowsNT, Windows95, Windows for Workgroups, OS/2, samba and many others. Sharity allows you to mount directories exported by those systems as if they were NFS exported. ?????. ????. ???. From emccoy at hamilton.edu Thu Jan 4 10:43:41 2001 From: emccoy at hamilton.edu (Eric P. McCoy) Date: Tue Dec 2 02:32:57 2003 Subject: Win2K and Samba Message-ID: <4.3.2.7.2.20010104053030.00c773a8@mail.enfld1.ct.home.com> I've been poring through the archives for a couple hours now, and I just can't get this damn thing to work. I've tried both pre3.0 (accidentally) and 2.2.0-alpha1. I'm somewhat confused about what versions, exactly, will work. The HOWTO rather clearly says that 2.2.0-alpha1 will not work, but it also rather clearly gives instructions on how to fetch just that version. That's also the version a lot of people on this list seem to be using. So maybe I'm using the wrong version; if so, please give me precise instructions on how to fetch via CVS the proper version. The problem is that when I try to join the domain, Windows responds in almost exactly 3 seconds: "The following error occurred validating the name "grpkp". The specified domain either does not exist or could not be contacted." "grpkp" is not the name I plan to keep, but someone reported that it worked for him, so I figured I'd give it a shot. I have tried 589,578 different domain names, all with an odd number of letters. \win2k\debug\netsetup.log reads: 01/04 05:15:04 NetpValidateName: checking to see if 'grpkp' is valid as type 3 name 01/04 05:15:07 NetpCheckDomainNameIsValid for grpkp returned 0x54b 01/04 05:15:07 NetpCheckDomainNameIsValid [ Exists ] for 'grpkp' returned 0x54b Monitoring log.smbd and log.nmbd using tail -f while this is going on produces no noteworthy data. -- Eric P. McCoy "Jamaican? I thought you were some sort of outer-space potato man!" From emccoy at hamilton.edu Thu Jan 4 10:57:44 2001 From: emccoy at hamilton.edu (Eric P. McCoy) Date: Tue Dec 2 02:32:57 2003 Subject: Win2K and Samba Message-ID: <4.3.2.7.2.20010104054406.00c944e0@mail.enfld1.ct.home.com> ...and continuing my previous email message (curse Eudora mapping Ctrl+E to "send" instead of "end of line!"), all nmbd dumps to the log are messages about (in order): workgroup search on subnet 24.18.138.161: found workgroup search on subnet 192.168.1.1: found announce_myself_to_domain_master: t (978605063) - last(978604993) < 900 dump workgroup on subnet 24.18.138.161 GRPKP(1) current master browser = LACHESIS LACHESIS 400c9b0b (lachesis.moerae.net) dump workgroup on subnet 192.168.1.1 [same as above] dump workgroup on subnet UNICAST_SUBNET GRPKP(1) current master browser = UNKNOWN [otherwise same] workgroup search on subnet UNICAST_SUBNET: found workgroup search on subnet UNICAST_SUBNET: found This is repeated every ten seconds. The last() number is always the same, the t() number increments by ten each time. I _am_ running Win2K Server SP1, which, I understand, may or may not be a problem. But I'm not getting an error message like anyone else has reported. I can browse the GRPKP "domain" and even connect to shares on the Samba server (by manually entering a valid username) just fine. Via "NET USE" I can specify a domain with the usernames just fine. This is driving me crazy. I'd like to point out that the "Configure Your Server" program refused to let me set the Win2K box up as a standalone server, claiming that there was at least one other domain controller on the network. (The firewall doesn't pass SMB traffic, and the Linux box is the only other computer on the same side of the firewall.) Please help! -- Eric P. McCoy "Jamaican? I thought you were some sort of outer-space potato man!" From PCH at schilling.dk Thu Jan 4 13:55:16 2001 From: PCH at schilling.dk (Peter Chr. Hansen) Date: Tue Dec 2 02:32:57 2003 Subject: SV: Win2K and Samba Message-ID: <71E0EA147E64D411947700010213C616329FAA@cirkeline> You should use the latest cvs. version tag samba_2_2 is works. I have just as you, tried to get it to work but no luck. Then I decided to retrieve the latest cvs code and bum it work the first time !!!! Med venlig hilsen/Yours Sincerely :-) Peter Chr. Hansen, mailto:pch@schilling.dk Schilling Data A/S, http://www.schilling.dk Tlf.: 4399 7500, Fax.: 4399 7186 -----Oprindelig meddelelse----- Fra: Eric P. McCoy [mailto:emccoy@hamilton.edu] Sendt: 4. januar 2001 11:58 Til: samba-ntdom@lists.samba.org Emne: Re: Win2K and Samba ...and continuing my previous email message (curse Eudora mapping Ctrl+E to "send" instead of "end of line!"), all nmbd dumps to the log are messages about (in order): workgroup search on subnet 24.18.138.161: found workgroup search on subnet 192.168.1.1: found announce_myself_to_domain_master: t (978605063) - last(978604993) < 900 dump workgroup on subnet 24.18.138.161 GRPKP(1) current master browser = LACHESIS LACHESIS 400c9b0b (lachesis.moerae.net) dump workgroup on subnet 192.168.1.1 [same as above] dump workgroup on subnet UNICAST_SUBNET GRPKP(1) current master browser = UNKNOWN [otherwise same] workgroup search on subnet UNICAST_SUBNET: found workgroup search on subnet UNICAST_SUBNET: found This is repeated every ten seconds. The last() number is always the same, the t() number increments by ten each time. I _am_ running Win2K Server SP1, which, I understand, may or may not be a problem. But I'm not getting an error message like anyone else has reported. I can browse the GRPKP "domain" and even connect to shares on the Samba server (by manually entering a valid username) just fine. Via "NET USE" I can specify a domain with the usernames just fine. This is driving me crazy. I'd like to point out that the "Configure Your Server" program refused to let me set the Win2K box up as a standalone server, claiming that there was at least one other domain controller on the network. (The firewall doesn't pass SMB traffic, and the Linux box is the only other computer on the same side of the firewall.) Please help! -- Eric P. McCoy "Jamaican? I thought you were some sort of outer-space potato man!" -------------- next part -------------- HTML attachment scrubbed and removed From olivier.wegria at novactiongroup.com Thu Jan 4 15:18:24 2001 From: olivier.wegria at novactiongroup.com (Olivier Wegria) Date: Tue Dec 2 02:32:57 2003 Subject: WinNT and Samba-TNG Message-ID: <500C66C7BF87D311A7F400A0C907E8D87C7FAD@NSA4> Hi there, I have a RH 7.0 box with Samba-TNG collected yesterday on CVS. I installed samba and set it up as a PDC. Using samedit, I can connect to the domain ("TERRAIN"). I am now trying to join the domain from NT4 (I have the same problem from NT2000). 1. I created the TLONDRE$ account on linux (adduser -g machines TLONDRE$) 2. I added the TLONDRE$ account to samba # samedit -S . -U root # createuser TLONDRE$ -j TERRAIN But then , I get this message: Got a positive response from 192.9.200.169 (the nt4 box) Creation Domain User OK Join TLONDRE to Domain TERRAIN LSA_CREATESECRET: NT_STATUS_ACCESS_DENIED LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED SET $Machines.ACC: failed 3. I go on my nt4 box and try to join the domain and it is succesfull 4. I try to log on as a domain user but I can't. It asks for the user & pwd In log.TLONDRE, I have LSA_OPENSECRET NT_STATUS_OBJECT_NAME_NOT_FOUND SMB LM/NT Password did not match Rejecting user 'root': authentication failed I launched all deamons in /usr/local/samba/sbin Is there an order to launch them? Does anyone has a little script to automatically load samba-TNG? Thanks for any help Olivier From emccoy at hamilton.edu Thu Jan 4 17:16:42 2001 From: emccoy at hamilton.edu (Eric P. McCoy) Date: Tue Dec 2 02:32:57 2003 Subject: SV: Win2K and Samba In-Reply-To: <71E0EA147E64D411947700010213C616329FAA@cirkeline> Message-ID: <4.3.2.7.2.20010104121544.00c946d8@mail.enfld1.ct.home.com> At 02:55 PM 1/4/2001 +0100, Peter Chr. Hansen wrote: >You should use the latest cvs. version tag samba_2_2 is works. That was how I got 2.2.0alpha1. I got it via CVS earlier this morning (about 2am EST). -- Eric P. McCoy "Jamaican? I thought you were some sort of outer-space potato man!" From MMcEldowney at deltaregional.com Thu Jan 4 18:12:46 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:32:57 2003 Subject: WinNT and Samba-TNG Message-ID: <982DE519343BD41191CA00902786B5B902DDAB@EMAIL> Did you create your account as a machine account? I don't have TNG, but with vanilla Samba's smbpasswd you have to use the "-m" option to declare the TLONDRE$ account as a machine account. Hope that helps, Thanks, Mike McEldowney Information Systems Director Delta Regional Medical Center v. 662-334-2075 p. 662-379-2498 e. mmceldowney@deltaregional.com -----Original Message----- From: Olivier Wegria [mailto:olivier.wegria@novactiongroup.com] Sent: Thursday, January 04, 2001 9:18 AM To: samba-ntdom@us5.samba.org Subject: WinNT and Samba-TNG Hi there, I have a RH 7.0 box with Samba-TNG collected yesterday on CVS. I installed samba and set it up as a PDC. Using samedit, I can connect to the domain ("TERRAIN"). I am now trying to join the domain from NT4 (I have the same problem from NT2000). 1. I created the TLONDRE$ account on linux (adduser -g machines TLONDRE$) 2. I added the TLONDRE$ account to samba # samedit -S . -U root # createuser TLONDRE$ -j TERRAIN But then , I get this message: Got a positive response from 192.9.200.169 (the nt4 box) Creation Domain User OK Join TLONDRE to Domain TERRAIN LSA_CREATESECRET: NT_STATUS_ACCESS_DENIED LSA_OPENSECRET: NT_STATUS_ACCESS_DENIED SET $Machines.ACC: failed 3. I go on my nt4 box and try to join the domain and it is succesfull 4. I try to log on as a domain user but I can't. It asks for the user & pwd In log.TLONDRE, I have LSA_OPENSECRET NT_STATUS_OBJECT_NAME_NOT_FOUND SMB LM/NT Password did not match Rejecting user 'root': authentication failed I launched all deamons in /usr/local/samba/sbin Is there an order to launch them? Does anyone has a little script to automatically load samba-TNG? Thanks for any help Olivier From ggage at mmm.com Thu Jan 4 18:09:28 2001 From: ggage at mmm.com (ggage@mmm.com) Date: Tue Dec 2 02:32:57 2003 Subject: AW: NT_STATUS_NO_TRUST_SAM_ACCOUNT - Multi Domains Message-ID: <862569CA.0063BF19.00@em-stpmta-01.mmm.com> Thanks for the response, Daniel. There is a trust between the domains. We have many NT ws's and servers in this configuration. I want the samba box to work the same way (ie. reside in the ITNTdomain but logon to the WINS domain). The error msg states " domain_client_validate: Domain password server not available". Does this mean that samba doesn't know how to find winsaccts046 in the WINS domain? Nowhere in the smb.conf is there any reference to WINS. Just password server = winsacct046. I'm lost... Thanks, George ------------------------------------------------------------------------------------------------------------------------------------------------ -------------- next part -------------- Hi, the domain which winsaccts046 is in must have a trust relation to your ITNT domain. Kind regards, Daniel -----Urspr?ngliche Nachricht----- Von: ggage@mmm.com [mailto:ggage@mmm.com] Gesendet: Mittwoch, 3. Januar 2001 23:01 An: samba-ntdom@us5.samba.org Betreff: NT_STATUS_NO_TRUST_SAM_ACCOUNT - Multi Domains ------------------------------------------------------------------------- Before I ask you to read too much, I think that my question boils down to: Is it OK to join my samba server (cadbert) to a domain (ITNT) as a member and authenticate passwords off of a server (winsaccts046) in another domain (WINS)? I have successfully joined the ITNT domain with smbpasswd -j ITNT -r adam (adam is PDC of ITNT) after the NT admin added cadbert to ITNT. When mapping a share from an NT client or using smbclient, I get the following error. BTW, I have read the postings in the Oct 2000 archives and have tried their suggestions about removing and re-adding the samba server to the domain. share: \\cadbert\it user: usren006 ( also tried with DOM: wins\usren006 ) [2001/01/03 15:52:10, 0] rpc_client/cli_netlogon.c:(159) cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT [2001/01/03 15:52:10, 0] rpc_client/cli_login.c:(72) cli_nt_setup_creds: auth2 challenge failed [2001/01/03 15:52:10, 0] smbd/password.c:(1261) connect_to_domain_password_server: unable to setup the PDC credentials to mach ine WINSACCTS046. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. [2001/01/03 15:52:10, 0] smbd/password.c:(1454) domain_client_validate: Domain password server not available. <------ WHY NOT? [2001/01/03 15:52:10, 0] passdb/smbpass.c:(87) startsmbfilepwent_internal: unable to open file /etc/opt/samba/private/smbpass wd. Error was No such file or directory [2001/01/03 15:52:10, 0] passdb/passdb.c:(149) unable to open smb password database. [2001/01/03 15:52:10, 1] smbd/password.c:(500) Couldn't find user 'usren006' in smb_passwd file. [2001/01/03 15:52:10, 2] smbd/reply.c:(914) NT Password did not match for user 'usren006' ! Defaulting to Lanman [2001/01/03 15:52:10, 0] passdb/smbpass.c:(87) startsmbfilepwent_internal: unable to open file /etc/opt/samba/private/smbpass wd. Error was No such file or directory [2001/01/03 15:52:10, 0] passdb/passdb.c:(149) unable to open smb password database. [2001/01/03 15:52:10, 1] smbd/password.c:(500) Couldn't find user 'usren006' in smb_passwd file. [2001/01/03 15:52:10, 1] smbd/reply.c:(933) Rejecting user 'usren006': bad password sbm.conf: # Global parameters [global] workgroup = ITNT netbios name = CADBERT server string = Samba Server 2.0.7 security = DOMAIN encrypt passwords = Yes min password length = 3 map to guest = Bad User password server = winsaccts046 debug level = 2 syslog = 0 log file = /var/opt/samba/log.%m max log size = 1000 local master = No guest account = samba writeable = Yes hosts allow = 169.14. short preserve case = No dos filetime resolution = Yes domain logons = No [it] path = /it valid users = +it From p.grimmerink at home.nl Thu Jan 4 18:33:44 2001 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:32:57 2003 Subject: Please unsubscribe me!!! Message-ID: Anyone who can help me; Can please someone unsubscribe me from this list? I tried several ways, nothing worked. Best regards, Pieter From armand at welshhome.org Thu Jan 4 19:00:33 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:57 2003 Subject: Win2K and Samba References: <71E0EA147E64D411947700010213C616329FAA@cirkeline> Message-ID: <003601c07680$a65cb980$12324d90@pimco.com> SV: Win2K and Sambaas was the case for me... the lastest cvs HEAD works great. ----- Original Message ----- From: Peter Chr. Hansen To: 'Eric P. McCoy' Cc: Samba-Ntdom (E-mail) Sent: Thursday, January 04, 2001 5:55 AM Subject: SV: Win2K and Samba You should use the latest cvs. version tag samba_2_2 is works. I have just as you, tried to get it to work but no luck. Then I decided to retrieve the latest cvs code and bum it work the first time !!!! Med venlig hilsen/Yours Sincerely :-) Peter Chr. Hansen, mailto:pch@schilling.dk Schilling Data A/S, http://www.schilling.dk Tlf.: 4399 7500, Fax.: 4399 7186 -----Oprindelig meddelelse----- Fra: Eric P. McCoy [mailto:emccoy@hamilton.edu] Sendt: 4. januar 2001 11:58 Til: samba-ntdom@lists.samba.org Emne: Re: Win2K and Samba ...and continuing my previous email message (curse Eudora mapping Ctrl+E to "send" instead of "end of line!"), all nmbd dumps to the log are messages about (in order): workgroup search on subnet 24.18.138.161: found workgroup search on subnet 192.168.1.1: found announce_myself_to_domain_master: t (978605063) - last(978604993) < 900 dump workgroup on subnet 24.18.138.161 GRPKP(1) current master browser = LACHESIS LACHESIS 400c9b0b (lachesis.moerae.net) dump workgroup on subnet 192.168.1.1 [same as above] dump workgroup on subnet UNICAST_SUBNET GRPKP(1) current master browser = UNKNOWN [otherwise same] workgroup search on subnet UNICAST_SUBNET: found workgroup search on subnet UNICAST_SUBNET: found This is repeated every ten seconds. The last() number is always the same, the t() number increments by ten each time. I _am_ running Win2K Server SP1, which, I understand, may or may not be a problem. But I'm not getting an error message like anyone else has reported. I can browse the GRPKP "domain" and even connect to shares on the Samba server (by manually entering a valid username) just fine. Via "NET USE" I can specify a domain with the usernames just fine. This is driving me crazy. I'd like to point out that the "Configure Your Server" program refused to let me set the Win2K box up as a standalone server, claiming that there was at least one other domain controller on the network. (The firewall doesn't pass SMB traffic, and the Linux box is the only other computer on the same side of the firewall.) Please help! -- Eric P. McCoy "Jamaican? I thought you were some sort of outer-space potato man!" -------------- next part -------------- HTML attachment scrubbed and removed From armand at welshhome.org Thu Jan 4 19:02:25 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:57 2003 Subject: SV: Win2K and Samba References: <4.3.2.7.2.20010104121544.00c946d8@mail.enfld1.ct.home.com> Message-ID: <003e01c07680$e3b957c0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* get the latest HEAD (3.0 pre) ----- Original Message ----- From: "Eric P. McCoy" To: "Peter Chr. Hansen" Cc: "Samba-Ntdom (E-mail)" Sent: Thursday, January 04, 2001 9:16 AM Subject: Re: SV: Win2K and Samba > *This message was transferred with a trial version of CommuniGate(tm) Pro* > At 02:55 PM 1/4/2001 +0100, Peter Chr. Hansen wrote: > >You should use the latest cvs. version tag samba_2_2 is works. > > That was how I got 2.2.0alpha1. I got it via CVS earlier this morning > (about 2am EST). > > > -- > Eric P. McCoy > > "Jamaican? I thought you were some sort of outer-space potato man!" > > > From artur at cgen.com Thu Jan 4 19:11:22 2001 From: artur at cgen.com (Artur Shnayder) Date: Tue Dec 2 02:32:57 2003 Subject: customizing printing services Message-ID: <978635482.3a54cada2bf44@mail.cgen.com> Hi gurus, I joined samba-2.2.0-cvs (on Solaris sparc) to NT domain. This computer is a printer server. I defined all the printers in printcap file. Now I can print from NT clients, but the problem is, that when I add new printer on the clients, it asks me about a driver. Can this procedure be somehow optimized? For example, when NT is a printer server, it doesn't require any driver on the clients. When I tried to add "printer driver = HP LaserJet 4000 Series PS" line to smb.conf file, the "add printer" procedure didn't show me the printers menu, but asked me about the driver for HP LaserJet 4000. Is it possible in samba specify path to this drive? I guess "printer driver file=/usr/local/samba/lib/printers.def" line in the smb.conf should do this stuff, but I can't find any information about the printers.def file. Any help will be very appreciate. Thanks. ~*-,._.,-*~`^`~*-,._.,-*~`^`~*-,._.,-*~`^`~*-,._.,-*~`^`~*-,._. Artur Shnayder Voice: (609)655-5105 x12 System Manager Fax: (609)655-5114 Email: artur@cgen.com Compugen Inc URL: http://www.cgen.com ~*-,._.,-*~`^`~*-,._.,-*~`^`~*-,._.,-*~`^`~*-,._.,-*~`^`~*-,._. From smtc at monroe.net Thu Jan 4 04:32:35 2001 From: smtc at monroe.net (Robert) Date: Tue Dec 2 02:32:57 2003 Subject: Please unsubscribe me!!! References: Message-ID: <3A53FCE3.89148881@monroe.net> Pieter Grimmerink wrote: > Anyone who can help me; > > Can please someone unsubscribe me from this list? > > I tried several ways, nothing worked. > > Best regards, > > Pieter Me Too it as great but please no more From MMcEldowney at deltaregional.com Thu Jan 4 20:03:03 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:32:58 2003 Subject: Please unsubscribe me!!! Message-ID: <982DE519343BD41191CA00902786B5B902DDAC@EMAIL> You really should read the welcome email from the listserver when you subscribe. To unsubscribe you need to go to: http://lists.samba.org/mailman/options// Example: Robert would unsubscribe from the Samba-NTDom list by going to: http://lists.samba.org/mailman/options/samba-ntdom/smtc@monroe.net Once at the site just put your password in the appropriate box and submit the form. -----Original Message----- From: Robert [mailto:smtc@monroe.net] Sent: Wednesday, January 03, 2001 10:33 PM To: Pieter Grimmerink Cc: Samba-Ntdom-Admin; Samba-Ntdom; samba - tng 2 Subject: Re: Please unsubscribe me!!! Pieter Grimmerink wrote: > Anyone who can help me; > > Can please someone unsubscribe me from this list? > > I tried several ways, nothing worked. > > Best regards, > > Pieter Me Too it as great but please no more From gcarter at valinux.com Thu Jan 4 19:20:38 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:32:58 2003 Subject: customizing printing services References: <978635482.3a54cada2bf44@mail.cgen.com> Message-ID: <3A54CD06.5EA85826@valinux.com> Artur Shnayder wrote: > > Hi gurus, > > I joined samba-2.2.0-cvs (on Solaris sparc) to NT > domain. This computer is a printer server. Have you read PRINTER_DRIVER2.txt? Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From D.Bannon at latrobe.edu.au Fri Jan 5 01:03:32 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:58 2003 Subject: Win2K and Samba In-Reply-To: <4.3.2.7.2.20010104053030.00c773a8@mail.enfld1.ct.home.com> Message-ID: <3.0.6.32.20010105120332.008d58e0@bioserve.latrobe.edu.au> At 05:43 AM 1/4/01 -0500, Eric P. McCoy wrote: >....I'm somewhat confused about what versions, exactly, will >work. The HOWTO rather clearly says that 2.2.0-alpha1 will not work, but >it also rather clearly gives instructions on how to fetch just that Well, I can understand your confusion. Actually, the FAQ says that the 2.2.0-alpha1 snapshot wont work. Thats a frozen picture of the cvs from a month or so ago and available via ftp. If you get the cvs (using the commands on the FAQ), you'll get the incrementally updated version, still called alpha1, but its got all the additional stuff. >...... I have tried 589,578 different >domain names, all with an odd number of letters. The rule about domain names is that it must bave an odd number of characters. No other magic. I've not got a working test setup at present, wont have for a couple of weeks so I ca help you no more. david ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From weehawk at weehawk.de Fri Jan 5 04:40:41 2001 From: weehawk at weehawk.de (Christian Hergl) Date: Tue Dec 2 02:32:58 2003 Subject: Automatic machine account setup Message-ID: <3A555049.4000904@weehawk.de> Greetings, people. I played the last week or so with the new cvs, which finally seem to work asa PDC. (though I only played with joining a domain so far...) Great thanks to all who made that little miracle grow =) Well, a recent posting gave me the idea, that something is missing in the smb.conf of the PDC-How-to of the 2.2.0. It only sets up the passwd machine account, and forgets to set the smbpasswd machine account. There seem to be some differences with the command "adduser" too. So I altered the following line of the smb.conf: "add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$" into this: "add user script = /usr/sbin/useradd -g machines -c NTMachine -d /dev/null -s /bin/false %m$ && /usr/local/samba/bin/smbpasswd -a -m %m$" I verified it on a SuSe7.0 distribution, the command "useradd" works there without the -n flag. The group "machine" must exist, or you get one of those "Error in remote procedure" thing when you're trying to join the domain on the Win2k puter. I simply suggest to try that command line (without the "add user script =" ) manually on the Linux puter first, and then check the passwd and smbpasswd files. If the according lines have been added, you can go and write it in your smb.conf. Hope I eased up someone's day, Christian PS: About the comment of localized Win2k versions: The german Win2k with SP1 works fine with the latest CVS so far.... further testing to go, though =) From marshallj at switch.aust.com Fri Jan 5 04:51:22 2001 From: marshallj at switch.aust.com (Marshall, Joshua) Date: Tue Dec 2 02:32:58 2003 Subject: Changing machine IP address. Message-ID: <3A5552CA.9550F3DD@switch.aust.com> I set up a PDC (Samba2_2 branch, recent checkout) and it all worked great, authenticating and sharing folders. When I changed the machine's IP address from 10.10.10.52 (DHCP) to 10.10.10.11 (Static) it now wont authenticate or share. No error messages appear in the log.smbd or log.nmbd, in fact they look the same as before except references to 10.10.10.52 are now 10.10.10.11 When I changed the machine back to DHCP, all is now working again. I tried setting the machine to be static 10.10.10.52 and it also works. I want it to be 10.10.10.11 - how can I do this? Regards, Josh. From D.Bannon at latrobe.edu.au Fri Jan 5 05:01:37 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:32:58 2003 Subject: Automatic machine account setup In-Reply-To: <3A555049.4000904@weehawk.de> Message-ID: <3.0.6.32.20010105160137.008c3250@bioserve.latrobe.edu.au> At 05:40 AM 1/5/01 +0100, Christian Hergl wrote: >.... >So I altered the following line of the smb.conf: > >"add user script = /usr/sbin/adduser -n -g machines -c Machine -d >/dev/null -s /bin/false %m$" > >into this: > >"add user script = /usr/sbin/useradd -g machines -c NTMachine -d >/dev/null -s /bin/false %m$ && /usr/local/samba/bin/smbpasswd -a -m %m$" > Hmm... Cute. smbd acutally does the adding to smbpasswd stuff itself, although that is a part that a lot of installs have had trouble. I'm sure JFM did not intend it to work that way but, gee, if it works it might keep things going for a while. The -n flag is to stop the RedHat silly idea a creating a group for every user. I don't thing too may other systems need it. >there without the -n flag. The group "machine" must exist, or you get David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Daniel.Moeller at de.bosch.com Fri Jan 5 09:56:54 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/AST10) *) Date: Tue Dec 2 02:32:58 2003 Subject: AW: AW: NT_STATUS_NO_TRUST_SAM_ACCOUNT - Multi Domains Message-ID: <9015FB0BD980D411BFBC00508BAE6AF74E0FAC@simail5.server.bosch.com> Hi George, you are right, I think. There is a parameter (name resolve order) to control which name services should be consulted for name resolving. You can try to add winsacct046 and its IP address to samba/lib/lmhosts or/and to /etc/hosts. Kind regards, Daniel -----Urspr?ngliche Nachricht----- Von: ggage@mmm.com [mailto:ggage@mmm.com] Gesendet: Donnerstag, 4. Januar 2001 19:09 An: Moeller Daniel (QI/AST10) * Cc: samba-ntdom@us5.samba.org Betreff: Re: AW: NT_STATUS_NO_TRUST_SAM_ACCOUNT - Multi Domains Thanks for the response, Daniel. There is a trust between the domains. We have many NT ws's and servers in this configuration. I want the samba box to work the same way (ie. reside in the ITNTdomain but logon to the WINS domain). The error msg states " domain_client_validate: Domain password server not available". Does this mean that samba doesn't know how to find winsaccts046 in the WINS domain? Nowhere in the smb.conf is there any reference to WINS. Just password server = winsacct046. I'm lost... Thanks, George ---------------------------------------------------------------------------- -------------------------------------------------------------------- From Graeme.Vetterlein at ntl.com Fri Jan 5 11:00:08 2001 From: Graeme.Vetterlein at ntl.com (Graeme.Vetterlein@ntl.com) Date: Tue Dec 2 02:32:58 2003 Subject: samba-ntdom digest, Vol 1 #233 - 29 msgs Message-ID: <5DD689222800D411B26100508B5E9584361546@mast-hk0-se02.private.ntl.com> Nt running a proxy server for what service? My guess is you mean a HTTPD proxy. This means you DO NOT HAVE ACCESS TO THE INTENET you only have access to one protocol (maybe two or three if it supports say FTP etc) A better way around to do it would be have the Linux box run ipchains and have the NT box go out via that. This would give you full access. (this is what I do .. acts as firewall) As to what you want to do with your current setup: - Do you want to run a browser on the Linux box that uses the NT box to 'get to' the internet. In this case just set the linux proxy values to point at the NT proxy - Do you want to run another proxy (httpd) on Linux? In this case configure httpd to point at the NT proxy. If you want to do much else: - Direct e-mail (ie not using MS-exchange) - samba - NFS - ping - telnet ... You can't do it, unless you run a proxy for that protocol on the NT box. > Message: 8 > From: "Rob Marsiglia" > To: > Subject: USING WIN NT SERVER WITH PROXY SERVER > Date: Tue, 2 Jan 2001 20:43:53 -0500 > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0018_01C074FC.B83D9C80 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > I have a Nt server running proxy server and need to setup > redhat to use = > the internet through the NT proxy server, I know samba doesnt > do it, but = > what will? I havent found a resource to do it yet...anyone run into = > this problem and have a resolution? > From edmundo at moscow.com Fri Jan 5 11:26:26 2001 From: edmundo at moscow.com (Stokes) Date: Tue Dec 2 02:32:58 2003 Subject: "No mapping between account names and security IDs was done." Message-ID: <002101c0770a$58b10b70$010aa8c0@shitepie> All, I installed samba 2.2 from cvs download 2 days ago, and I can't seem to get a win2k machine to join the domain. I have an odd number of letters in the domain name, and I have created the machine account using both vipw (freeBSD) and smbpasswd -a -m. When I try to join the domain windows says: "No mapping between account names and security IDs was done." I am positive that the password for root was correct (I tried this many times, rebooted and everything). Also I have nuked and recreated the machine account many times now, and it always says the same thing. If anyone knows what causes this error please let me know, I really need to get win2k machines on the domain asap... Thanks, Stokes From M.Puchta at fscodes.cz Fri Jan 5 11:50:11 2001 From: M.Puchta at fscodes.cz (Puchta, Milos) Date: Tue Dec 2 02:32:58 2003 Subject: Samba vs. WSFU Message-ID: <41ED6A8C8BE7D21194610008C724FD0A09899B@ANNA> I am playing with Samba now - and have problems with W2K Prof on client side. There is an alternative for access to file, namely Windows Services for Unix ver. 2. If we do not take into account that this is not free package, what are Pros and Cons, when comparing with Samba? Regards, Milos From hazen at potentia.ca Fri Jan 5 18:00:44 2001 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:32:58 2003 Subject: samba-ntdom digest, Vol 1 #233 - 29 msgs In-Reply-To: <5DD689222800D411B26100508B5E9584361546@mast-hk0-se02.private.ntl.com> Message-ID: Helo evryone <-Remember telneting to 25 to write nice little msg's? Puns aside, Why use a proxy when you have a linux box. Here is probably the best guide i've ever seen on the topic of firewalling and security (that is if you are using red hat) but the firewall in there can be applied to anywhere or any form of linux (ipchains and ipfwadm dependant) but makes so close to bullet proof (won't even reply to pings ie: unauthorized icmp is filtered udp is completly filtered, tcp is rock solid) this in conjunction with a hardner or two (nice scripts ) make for a pretty damn near impossible to hack or "bullet proof" box here is the link (hope you have brodband!) http://www.linuxdoc.org/LDP/gawlso/Securing-Optimizing-Linux-RH-Edition-1_3. pdf (5.3 Mb in size) full of useful information in conjunction with a couple of security howto's (insecure.org, bugtraq.org, syssecurity.org etc etc etc) you will have a dream gateway that nat's and hides your entire network behind what appears to be a keyhole that only allwos light to go in one direction (you can look out but no one can look in!) The reason behind all this is i find a lot of people don't put effort into securing their boxes and get hacked as a result. -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Graeme.Vetterlein@ntl.com Sent: Friday, January 05, 2001 6:00 AM To: samba-ntdom@us5.samba.org Subject: RE: samba-ntdom digest, Vol 1 #233 - 29 msgs Nt running a proxy server for what service? My guess is you mean a HTTPD proxy. This means you DO NOT HAVE ACCESS TO THE INTENET you only have access to one protocol (maybe two or three if it supports say FTP etc) A better way around to do it would be have the Linux box run ipchains and have the NT box go out via that. This would give you full access. (this is what I do .. acts as firewall) As to what you want to do with your current setup: - Do you want to run a browser on the Linux box that uses the NT box to 'get to' the internet. In this case just set the linux proxy values to point at the NT proxy - Do you want to run another proxy (httpd) on Linux? In this case configure httpd to point at the NT proxy. If you want to do much else: - Direct e-mail (ie not using MS-exchange) - samba - NFS - ping - telnet ... You can't do it, unless you run a proxy for that protocol on the NT box. > Message: 8 > From: "Rob Marsiglia" > To: > Subject: USING WIN NT SERVER WITH PROXY SERVER > Date: Tue, 2 Jan 2001 20:43:53 -0500 > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0018_01C074FC.B83D9C80 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > I have a Nt server running proxy server and need to setup > redhat to use = > the internet through the NT proxy server, I know samba doesnt > do it, but = > what will? I havent found a resource to do it yet...anyone run into = > this problem and have a resolution? > From edmundo at moscow.com Fri Jan 5 19:50:43 2001 From: edmundo at moscow.com (Stokes) Date: Tue Dec 2 02:32:58 2003 Subject: "No mapping between account names and security IDs was done." References: Message-ID: <001301c07750$ca5dfc60$010aa8c0@shitepie> Yes, I certainly did make the root account. It was the first thing I did after installing samba. And, like I said, I am sure that the password is correct, because I tested an incorrect password and it told me the account info was incorrect. ----- Original Message ----- From: "Hazen Valliant-Saunders" To: "Stokes" Sent: Friday, January 05, 2001 9:30 AM Subject: RE: "No mapping between account names and security IDs was done." > Ok > have you made a root account? > (smbpasswd -a root?) > you'll have to because the first time W2K logson to the domain you must use > the root account and password, and when you add the root account use the > same password (better safe than sorry), afterwards you may use the > Administrator account or which ever you created. > > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Stokes > Sent: Friday, January 05, 2001 6:26 AM > To: samba-ntdom > Subject: "No mapping between account names and security IDs was done." > > > All, > > I installed samba 2.2 from cvs download 2 days ago, and I can't seem to get > a win2k machine to join the domain. I have an odd number of letters in the > domain name, and I have created the machine account using both vipw > (freeBSD) and smbpasswd -a -m. When I try to join the domain windows says: > "No mapping between account names and security IDs was done." > > I am positive that the password for root was correct (I tried this many > times, rebooted and everything). Also I have nuked and recreated the > machine account many times now, and it always says the same thing. > > If anyone knows what causes this error please let me know, I really need to > get win2k machines on the domain asap... > > Thanks, > Stokes > > > > From armand at welshhome.org Fri Jan 5 21:38:37 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:58 2003 Subject: Win2K domain member can't share resources References: <001301c07750$ca5dfc60$010aa8c0@shitepie> Message-ID: <003601c0775f$e1658860$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* Ok, here is one for you all. I have win2k, and the latest HEAD cvs of samba. I had joined the domain just fine, did so way back... I can log ino the domain, I can browse the shares on my samba pdc, and a winMe client, but the winMe client can't browse my shares. In fact, the only way to access my shares on my win2K box, is to force authentication against my win2K machines, using a win2K local account. What's up with this. I tried enabling the guest account, so that the trusts shouldn't come into play, but it's still trying not browsing. I suspect it's because the trusts are done yet in the samba pdc code. Is this correct? From armand at welshhome.org Fri Jan 5 21:46:22 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:58 2003 Subject: "No mapping between account names and security IDs was done." References: <001301c07750$ca5dfc60$010aa8c0@shitepie> Message-ID: <003c01c07760$f74f50b0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* I received this too, then I download the latest HEAD cvs, compiled, and it worked fine. Oh, btw, I did stumble a little, because after compiling, d/l, compiling, d/ling again, etc.. I finally discovered.. I forgot to delete my old files. I have the RPM version of samba which installed executables in /usr/sbin and I had my custom configured samba, that places the files /usr/bin, /usr/man, /usr/lib, etc.... Only I did change smbpasswd and smb.conf to be located in /etc, instead of /usr/etc... so now that I located all my old samba stuff... (find / -name smb) and (find / -name nmb) I deleted the files, and re-installed my cvs builds, and all worked fine. ----- Original Message ----- From: "Stokes" To: "samba-ntdom" ; "Hazen Valliant-Saunders" Sent: Friday, January 05, 2001 11:50 AM Subject: Re: "No mapping between account names and security IDs was done." > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Yes, I certainly did make the root account. It was the first thing I did > after installing samba. And, like I said, I am sure that the password is > correct, because I tested an incorrect password and it told me the account > info was incorrect. > > ----- Original Message ----- > From: "Hazen Valliant-Saunders" > To: "Stokes" > Sent: Friday, January 05, 2001 9:30 AM > Subject: RE: "No mapping between account names and security IDs was done." > > > > Ok > > have you made a root account? > > (smbpasswd -a root?) > > you'll have to because the first time W2K logson to the domain you must > use > > the root account and password, and when you add the root account use the > > same password (better safe than sorry), afterwards you may use the > > Administrator account or which ever you created. > > > > -----Original Message----- > > From: samba-ntdom-admin@us5.samba.org > > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Stokes > > Sent: Friday, January 05, 2001 6:26 AM > > To: samba-ntdom > > Subject: "No mapping between account names and security IDs was done." > > > > > > All, > > > > I installed samba 2.2 from cvs download 2 days ago, and I can't seem to > get > > a win2k machine to join the domain. I have an odd number of letters in > the > > domain name, and I have created the machine account using both vipw > > (freeBSD) and smbpasswd -a -m. When I try to join the domain windows > says: > > "No mapping between account names and security IDs was done." > > > > I am positive that the password for root was correct (I tried this many > > times, rebooted and everything). Also I have nuked and recreated the > > machine account many times now, and it always says the same thing. > > > > If anyone knows what causes this error please let me know, I really need > to > > get win2k machines on the domain asap... > > > > Thanks, > > Stokes > > > > > > > > > > > From armand at welshhome.org Fri Jan 5 21:49:27 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:58 2003 Subject: Samba vs. WSFU References: <41ED6A8C8BE7D21194610008C724FD0A09899B@ANNA> Message-ID: <004201c07761$6c4a8510$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* NFS access which WSFU uses, doesn't authenticate against NT machines. It allows you to connect to NFS shares, and it allows you to synchronize password with unix, but it is not the same. I like how samba exports shares to windows clients, so that they are natively support by windows. Also, I understand that NFS is not very secure. though this is through the grape vine, as I have not used it yet. ----- Original Message ----- From: "Puchta, Milos" To: Sent: Friday, January 05, 2001 3:50 AM Subject: Samba vs. WSFU > *This message was transferred with a trial version of CommuniGate(tm) Pro* > I am playing with Samba now - and have problems with W2K Prof > on client side. > There is an alternative for access to file, namely Windows > Services for Unix ver. 2. If we do not take into account that > this is not free package, what are Pros and Cons, when > comparing with Samba? > > Regards, > Milos > > From Jean-Francois.Micouleau at dalalu.fr Fri Jan 5 23:01:55 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:32:58 2003 Subject: Win2K domain member can't share resources In-Reply-To: <003601c0775f$e1658860$12324d90@pimco.com> Message-ID: On Fri, 5 Jan 2001, Armand Welsh wrote: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Ok, here is one for you all. I have win2k, and the latest HEAD cvs of > samba. I had joined the domain just fine, did so way back... I can log ino > the domain, I can browse the shares on my samba pdc, and a winMe client, but > the winMe client can't browse my shares. In fact, the only way to access my > shares on my win2K box, is to force authentication against my win2K > machines, using a win2K local account. > > What's up with this. I tried enabling the guest account, so that the trusts > shouldn't come into play, but it's still trying not browsing. I suspect > it's because the trusts are done yet in the samba pdc code. Is this > correct? no it's not a trust problem. It's a old bug in samba's code. I can duplicate here as well. I just never got time to fix it. J.F. From armand at welshhome.org Fri Jan 5 23:13:26 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:58 2003 Subject: Win2K domain member can't share resources References: Message-ID: <007001c0776d$27117510$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* so what IS the bug exactly? ----- Original Message ----- From: "Jean Francois Micouleau" To: "Armand Welsh" Cc: "samba-ntdom" Sent: Friday, January 05, 2001 3:01 PM Subject: Re: Win2K domain member can't share resources > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > On Fri, 5 Jan 2001, Armand Welsh wrote: > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Ok, here is one for you all. I have win2k, and the latest HEAD cvs of > > samba. I had joined the domain just fine, did so way back... I can log ino > > the domain, I can browse the shares on my samba pdc, and a winMe client, but > > the winMe client can't browse my shares. In fact, the only way to access my > > shares on my win2K box, is to force authentication against my win2K > > machines, using a win2K local account. > > > > What's up with this. I tried enabling the guest account, so that the trusts > > shouldn't come into play, but it's still trying not browsing. I suspect > > it's because the trusts are done yet in the samba pdc code. Is this > > correct? > > no it's not a trust problem. It's a old bug in samba's code. I can > duplicate here as well. I just never got time to fix it. > > J.F. > > > From emccoy at hamilton.edu Fri Jan 5 23:16:56 2001 From: emccoy at hamilton.edu (Eric P. McCoy) Date: Tue Dec 2 02:32:58 2003 Subject: RPC failed/No mapping... Message-ID: <4.3.2.7.2.20010105180639.00c80438@mail.enfld1.ct.home.com> I upgraded to the HEAD version in the hopes that it would solve other problems. Now I think I'm completely where everyone else is. Immediately after install, I tried again, and got the "No mapping..." error that someone else has just mentioned. I tried changing the machine name to all capitals, which produced the "RPC failed" error. I put it back and got the "No mapping..." error again. Then I regenerated smbpasswd from scratch. I noticed that the "W" flag was now set for the machine. I tried unsetting it to see what would happen, and then it caused the "RPC failed" error. I turned it on again, got back to "No mapping..." and set "W" for "root," and got the "RPC failed" error. I tried enabling or disabling W for all combinations of both the machine and root, and whenever W was set on both or neither, it'd cause "RPC failed." When it was only set for one but not the other, it'd cause "No mapping..." Now, when everything is back just the way it was before, I _usually_ get the "RPC failed" error, but only _sometimes_ get the "No mapping..." error. Bear in mind that this occurs randomly, and with no change. (e.g., I can try joining the domain 15 times in a row, and 3 times I will randomly get "No mapping...", but all others I will get "RPC failed.") Are some variables not being initialized properly? Lastly, there was a bug in the CVS code as of when I got it this afternoon. Trivial to fix, but also trivial to detect - compilation died. -- Eric P. McCoy "Jamaican? I thought you were some sort of outer-space potato man!" From slu at firerun.net Fri Jan 5 23:43:16 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:32:58 2003 Subject: FYI Message-ID: <3A565C14.378C13E4@firerun.net> Even though this may have nothing to do with this list but for your information the 2.4.0 Linux kernel was released today! Patrick From simona at uchicago.edu Fri Jan 5 23:57:30 2001 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:32:58 2003 Subject: FYI In-Reply-To: <3A565C14.378C13E4@firerun.net> Message-ID: On Fri, 5 Jan 2001, Patrick wrote: > Even though this may have nothing to do with this list but for your > information the 2.4.0 Linux kernel was released today! Yup. It was released sometime last night. I just got it compiled on this old PC. Now I'm going to try a Samba 2.0.7 compile. Simon -- -- Simon Allaway | "Computer games don't affect kids, if Pac Man University of Chicago | affected us as kids, we'd all be running Anthropology | around in darkened rooms, munching pills 5-4390 Haskell Hall | and listening to repetitive music." From armand at welshhome.org Sat Jan 6 00:43:33 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:58 2003 Subject: RPC failed/No mapping... References: <4.3.2.7.2.20010105180639.00c80438@mail.enfld1.ct.home.com> Message-ID: <008601c07779$b86ec830$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* # Samba SMB password file apwelsh:502:numbers:numbers:[U ]:LCT-3A53E2B9: craig:503:numbers:numbers:[U ]:LCT-39C6AC93: valerie:505:numbers:numbers:[U ]:LCT-39C6ACA3: root:0:numbers:numbers:[U ]:LCT-3A3876AE: NELSON$:506:numbers:numbers:[W ]:LCT-3A387A97: nrfan:507:numbers:numbers:[U ]:LCT-3A47951C: also, passwd: root:x:0:0:root:/root:/bin/bash apwelsh:x:502:506::/home/apwelsh:/bin/bash craig:x:503:507::/dev/null:/bin/false justin:x:504:508::/dev/null:/bin/false valerie:x:505:509::/dev/null:/bin/false NELSON$:x:506:500:NTMachine:/dev/null:/bin/false nrfan:x:507:511::/home/nrfan:/bin/bash and, group: root:x:0:root apwelsh:x:506: craig:x:507: justin:x:508: valerie:x:509: machines:x:500: NTadmins:x:510:root,apwelsh nrfan:x:511: (filtered to protect my system :) ) now, what I do, is I delete the machine entry from smbpasswd, and the I add it manually, as the FAQ states. After creating the entry manually, I also delete the root user entry from smbpasswd. Then I create a new root user entry, "smbpasswd -a root", then just to be safe, I use "smbpasswd -e root", and lastly I set a password for root with "smbpasswd root". Creating the machine trust account, is as simple as "smbpasswd -a -m NELSON$" (from the FAQ). Then I reboot the win2K machine, log in locally as administrator, join the computer onto the domain, when it asks for the domain, I enter the domain, in all upper case, when it asks for authentication, I enter root for user name, and the password I created with smbpasswd for root. Sometimes it doesn't work 1st try. If it failed, then I just try again. After a few tries, it joins me into the domain. ----- Original Message ----- From: "Eric P. McCoy" To: Sent: Friday, January 05, 2001 3:16 PM Subject: RPC failed/No mapping... > *This message was transferred with a trial version of CommuniGate(tm) Pro* > I upgraded to the HEAD version in the hopes that it would solve other > problems. Now I think I'm completely where everyone else is. > > Immediately after install, I tried again, and got the "No mapping..." error > that someone else has just mentioned. I tried changing the machine name to > all capitals, which produced the "RPC failed" error. I put it back and got > the "No mapping..." error again. > > Then I regenerated smbpasswd from scratch. I noticed that the "W" flag was > now set for the machine. I tried unsetting it to see what would happen, > and then it caused the "RPC failed" error. I turned it on again, got back > to "No mapping..." and set "W" for "root," and got the "RPC failed" > error. I tried enabling or disabling W for all combinations of both the > machine and root, and whenever W was set on both or neither, it'd cause > "RPC failed." When it was only set for one but not the other, it'd cause > "No mapping..." > > Now, when everything is back just the way it was before, I _usually_ get > the "RPC failed" error, but only _sometimes_ get the "No mapping..." > error. Bear in mind that this occurs randomly, and with no change. (e.g., > I can try joining the domain 15 times in a row, and 3 times I will randomly > get "No mapping...", but all others I will get "RPC failed.") Are some > variables not being initialized properly? > > Lastly, there was a bug in the CVS code as of when I got it this > afternoon. Trivial to fix, but also trivial to detect - compilation died. > > -- > Eric P. McCoy > > "Jamaican? I thought you were some sort of outer-space potato man!" > > > From armand at welshhome.org Sat Jan 6 00:44:28 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:32:58 2003 Subject: FYI References: Message-ID: <009201c07779$df4a71c0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* COOL! I must get, and implement new firewall.... :) ----- Original Message ----- From: "Simon Allaway" To: Cc: Sent: Friday, January 05, 2001 3:57 PM Subject: Re: FYI > *This message was transferred with a trial version of CommuniGate(tm) Pro* > On Fri, 5 Jan 2001, Patrick wrote: > > > Even though this may have nothing to do with this list but for your > > information the 2.4.0 Linux kernel was released today! > > Yup. It was released sometime last night. I just got it compiled on this > old PC. Now I'm going to try a Samba 2.0.7 compile. > > Simon > > -- > -- > Simon Allaway | "Computer games don't affect kids, if Pac Man > University of Chicago | affected us as kids, we'd all be running > Anthropology | around in darkened rooms, munching pills > 5-4390 Haskell Hall | and listening to repetitive music." > > > > From slu at firerun.net Sat Jan 6 08:07:13 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:32:58 2003 Subject: win2k and samba PDC stuff -- bugs? Message-ID: <3A56D231.6771A934@firerun.net> Hi all, With the success of getting a win2k sp1 machine to join a samba 2.2 PDC I decided to try and build a rpm of samba so I could distribute it to my other servers with ease. I immediately ran into problems as soon as I got the custom rpm installed and configured for my PDC machine. When I first tried to join the machine to the domain I got a message of "the credential supplied conflict with a existing set of credentials" which it happened that the workgroup name I was using was the same as the domain I was trying to join. So I changed the workgroup name rebooted and tried again, which did solve the credentials problem. The next time I got a message of "The following error occurred attempting to join the domain 'MY_DOM': The procedure number is out of range". I recompiled the rpms several times and each time changing the configure options until I had the same options the first time I got it to work. Needless to say after several hours I could not get that message to go away. I then decided to look over the smb.conf file, which this is where I struck pay dirt. When I first started I had included the option "unix password sync = yes" so I could sync my unix passwords with my smb passwords. Well when I disabled that option I was able to join the domain just like before, without the procedure out of range message. So apparently if you include the "unix password sync = yes" then you will receive the procedure out of range message when trying to join the machine to the domain. If anyone is interested I have samba 2.2 "1/3/2001 cvs" version rpms and the source rpm on my home machines. They are compiled against redhat 7.0. Here is the location < http://www.firerun.net/pub/i386/samba > Patrick From Philip.Andrew at InChip.com Sat Jan 6 15:03:29 2001 From: Philip.Andrew at InChip.com (Philip Andrew) Date: Tue Dec 2 02:32:58 2003 Subject: subscribe Message-ID: <010b01c077f1$d50d0d80$27395140@inchip.com> subscribe samba-ntdom Philip.Andrew@InChip.com -------------- next part -------------- HTML attachment scrubbed and removed From ajudge1 at bellsouth.net Sat Jan 6 17:04:17 2001 From: ajudge1 at bellsouth.net (Andrew Judge) Date: Tue Dec 2 02:32:58 2003 Subject: logon scripts for virus updates Message-ID: Does anyone have a good netlogon script to update mcafee virus definitions? I am currently using a kixtart32 script, but it isn't very good. Could someone lead me in the right direction? Andy From ajudge1 at bellsouth.net Sat Jan 6 17:07:00 2001 From: ajudge1 at bellsouth.net (Andrew Judge) Date: Tue Dec 2 02:32:58 2003 Subject: Virus scanner for samba file server Message-ID: Does anyone have any suggestions for a virus scanner for a samba file server? I know there is antivir - but are there any others? Andy From a9700671 at sp4.macarthur.uws.EDU.AU Sat Jan 6 23:38:30 2001 From: a9700671 at sp4.macarthur.uws.EDU.AU (Makis Marmaridis) Date: Tue Dec 2 02:32:58 2003 Subject: Virus scanner for samba file server In-Reply-To: Message-ID: <001601c07839$c70311b0$15559a89@zeus> Hi Andy, Since I have been using Mcafee (their version for Unix) and it works like a marvel. In fact, I have done it so that the update (.dat) files for the antivirus residen in a location that is accessible to both the Mcafee version running on the server and to all the workstations via a Samba share. I haven't done too much research about what other alternatives are around but I have found that Mcafee works without any problems for us so I would recommend it. Also, to answer your previous email about netlogon scripts and mcafee updates... If you mean update virus definitions on the local machine (client), you don't need it, since all that is required is to setup the mcafee scheduler to do a .dat update every whenever you decide - which is probably a better idea anyway since it will happen periodically and not each and every time a user logs on! If you mean updating the .dat files on the server, you could have a simple bash scripts running through cron that connects to the Mcafee FTP site and downloads the update file periodically. HTH, Regards, Makis. > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Andrew Judge > Sent: Sunday, 7 January 2001 4:07 AM > To: Samba; Samba-Ntdom > Subject: Virus scanner for samba file server > > > Does anyone have any suggestions for a virus scanner for a samba file > server? I know there is antivir - but are there any others? > > Andy > > From martin at zamenhof.demon.co.uk Sun Jan 7 00:09:06 2001 From: martin at zamenhof.demon.co.uk (Martin Radford) Date: Tue Dec 2 02:32:58 2003 Subject: Virus scanner for samba file server In-Reply-To: <001601c07839$c70311b0$15559a89@zeus> from "Makis Marmaridis" at Jan 07, 2001 10:38:30 AM Message-ID: <200101070009.AAA11283@zamenhof.demon.co.uk> > > If you mean update virus definitions on the local machine (client), you > don't need it, since all that is required is to setup the mcafee scheduler > to do a .dat update every whenever you decide - which is probably a better > idea anyway since it will happen periodically and not each and every time a > user logs on! > > If you mean updating the .dat files on the server, you could have a simple > bash scripts running through cron that connects to the Mcafee FTP site and > downloads the update file periodically. Where I work, we use GNU wget to mirror the appropriate directories from McAfee's FTP server to a local server, and point the clients at the local copy. It's much quicker, and it saves us the trans-atlantic traffic charges. To move back on topic, we also use those files to update the .dat files on our samba servers - we have no guarantee that all the clients have up-to-date anti-virus software installed (one of the problems of working in a university where much of the IT support is devolved to the departments). The only issue is that the Unix-based scanning is not on-access (as it would be on Windows), but instead is a job that has to be scheduled. Martin -- Martin Radford | "Only wimps use tape backup: _real_ martin@zamenhof.demon.co.uk | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V From moose at riven.net Sun Jan 7 02:04:46 2001 From: moose at riven.net (Jade E. Deane) Date: Tue Dec 2 02:32:58 2003 Subject: 2.2alpha1 - Using as login server for Windows 2000 machine(s) Message-ID: Greetings! I have the following simple setup: A Linux (2.2.16-22) RedHat (7) machine running 2.2alpha1, as the "PDC" and a OpenBSD (4.2) machine acting as a server only. The other machine is a Windows 2000 Pro. After reading http://bioserve.latrobe.edu.au/samba/samba-pdc-howto.html in great detail, I have setup an appropriate config almost verbatim to the examples in Mr. Bannon's document. When attempting to assign a Windows 2000 Pro workstation to the domain (i.e. System Properties/Identification Changes) I received the following error: "The credentials supplied conflict with an existing set of credentials." The user "root", who is in the adm group specified in the config, was used as the "account with permission to join the domain". Also, there is a $ account created in /etc/passwd and /private/smbpassword. Ideas and suggestions are most appreciated. Jade From slu at firerun.net Sun Jan 7 03:36:44 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:32:58 2003 Subject: 2.2alpha1 - Using as login server for Windows 2000 machine(s)] Message-ID: <3A57E44C.78DDDE81@firerun.net> -------- Original Message -------- Subject: Re: 2.2alpha1 - Using as login server for Windows 2000 machine(s) Date: Sat, 06 Jan 2001 20:35:32 -0700 From: Patrick Reply-To: critter@rmci.net To: "Jade E. Deane" References: Make sure that no drives are mapped when trying to join the domain as that will cause that message. If that is not the case, then in my instance the workgroup name was the same as the domain I was trying to join, So I changed the workgroup name rebooted and tried to join the domain agian, that time with success. Patrick "Jade E. Deane" wrote: > Greetings! > > I have the following simple setup: > > A Linux (2.2.16-22) RedHat (7) machine running 2.2alpha1, as the "PDC" and a > OpenBSD (4.2) machine acting as a server only. The other machine is a > Windows 2000 Pro. > > After reading http://bioserve.latrobe.edu.au/samba/samba-pdc-howto.html in > great detail, I have setup an appropriate config almost verbatim to the > examples in Mr. Bannon's document. > > When attempting to assign a Windows 2000 Pro workstation to the domain (i.e. > System Properties/Identification Changes) I received the following error: > "The credentials supplied conflict with an existing set of credentials." > > The user "root", who is in the adm group specified in the config, was used > as the "account with permission to join the domain". > > Also, there is a $ account created in /etc/passwd and > /private/smbpassword. > > Ideas and suggestions are most appreciated. > > Jade From edmundo at moscow.com Sun Jan 7 03:51:12 2001 From: edmundo at moscow.com (Stokes) Date: Tue Dec 2 02:32:58 2003 Subject: "No mapping between account names and security IDs was done." References: <001301c07750$ca5dfc60$010aa8c0@shitepie> <003c01c07760$f74f50b0$12324d90@pimco.com> Message-ID: <001d01c0785d$1485ab50$010aa8c0@shitepie> Well, I tried the suggestion below and I still get the same error. I *know* the root account info is correct, and before each attempt I removed the machine account entry from my smbpasswd file and re-added it (smbpasswd -a -m MACHINE). Then I wiped everything again and reinstalled using today's CVS code, and tried adding a Win2k box using the default smb.conf file from the PDC HowTo. Still, same error message. Also tried same procedure with a different win2k box, same error. Here's my question, since nobody seems to be familiar with this error message: What should the entry for the machine account look like in the private/smbpasswd file? In the past I was able to add win2k machine using a FreeBSD server (like, a month ago), but then my server crashed and I had to reinstall the OS and everything... any suggestions? Anyone? I really need to get this worked out and get these win2k boxes to join the domain. thanks, Stokes > *This message was transferred with a trial version of CommuniGate(tm) Pro* > I received this too, then I download the latest HEAD cvs, compiled, and it > worked fine. > > Oh, btw, I did stumble a little, because after compiling, d/l, compiling, > d/ling again, etc.. I finally discovered.. I forgot to delete my old files. > I have the RPM version of samba which installed executables in /usr/sbin and > I had my custom configured samba, that places the files /usr/bin, /usr/man, > /usr/lib, etc.... Only I did change smbpasswd and smb.conf to be located in > /etc, instead of /usr/etc... so now that I located all my old samba stuff... > (find / -name smb) and (find / -name nmb) I deleted the files, and > re-installed my cvs builds, and all worked fine. > > > ----- Original Message ----- > From: "Stokes" > To: "samba-ntdom" ; "Hazen Valliant-Saunders" > > Sent: Friday, January 05, 2001 11:50 AM > Subject: Re: "No mapping between account names and security IDs was done." > > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Yes, I certainly did make the root account. It was the first thing I did > > after installing samba. And, like I said, I am sure that the password is > > correct, because I tested an incorrect password and it told me the account > > info was incorrect. > > > > ----- Original Message ----- > > From: "Hazen Valliant-Saunders" > > To: "Stokes" > > Sent: Friday, January 05, 2001 9:30 AM > > Subject: RE: "No mapping between account names and security IDs was done." > > > > > > > Ok > > > have you made a root account? > > > (smbpasswd -a root?) > > > you'll have to because the first time W2K logson to the domain you must > > use > > > the root account and password, and when you add the root account use the > > > same password (better safe than sorry), afterwards you may use the > > > Administrator account or which ever you created. > > > > > > -----Original Message----- > > > From: samba-ntdom-admin@us5.samba.org > > > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Stokes > > > Sent: Friday, January 05, 2001 6:26 AM > > > To: samba-ntdom > > > Subject: "No mapping between account names and security IDs was done." > > > > > > > > > All, > > > > > > I installed samba 2.2 from cvs download 2 days ago, and I can't seem to > > get > > > a win2k machine to join the domain. I have an odd number of letters in > > the > > > domain name, and I have created the machine account using both vipw > > > (freeBSD) and smbpasswd -a -m. When I try to join the domain windows > > says: > > > "No mapping between account names and security IDs was done." > > > > > > I am positive that the password for root was correct (I tried this many > > > times, rebooted and everything). Also I have nuked and recreated the > > > machine account many times now, and it always says the same thing. > > > > > > If anyone knows what causes this error please let me know, I really need > > to > > > get win2k machines on the domain asap... > > > > > > Thanks, > > > Stokes > > > > > > > > > > > > > > > > > > > > > From edmundo at moscow.com Sun Jan 7 04:09:55 2001 From: edmundo at moscow.com (Stokes) Date: Tue Dec 2 02:32:58 2003 Subject: "No mapping between account names and security IDs was done." References: <001301c07750$ca5dfc60$010aa8c0@shitepie> <003c01c07760$f74f50b0$12324d90@pimco.com> <001d01c0785d$1485ab50$010aa8c0@shitepie> Message-ID: <000701c0785f$b1945b10$010aa8c0@shitepie> Well I'll be damned, I got it to work. I don't know what was causing that error, but I changed the name of the workgroup the win2k box was in (it was the same as the samba domain before) and then tried and it worked. Good luck to the rest of you! Stokes ----- Original Message ----- From: "Stokes" To: "samba-ntdom" ; "Armand Welsh" Sent: Saturday, January 06, 2001 7:51 PM Subject: Re: "No mapping between account names and security IDs was done." > Well, I tried the suggestion below and I still get the same error. I *know* > the root account info is correct, and before each attempt I removed the > machine account entry from my smbpasswd file and re-added it > (smbpasswd -a -m MACHINE). Then I wiped everything again and reinstalled > using today's CVS code, and tried adding a Win2k box using the default > smb.conf file from the PDC HowTo. Still, same error message. Also tried > same procedure with a different win2k box, same error. > > Here's my question, since nobody seems to be familiar with this error > message: What should the entry for the machine account look like in the > private/smbpasswd file? In the past I was able to add win2k machine using a > FreeBSD server (like, a month ago), but then my server crashed and I had to > reinstall the OS and everything... > > any suggestions? Anyone? I really need to get this worked out and get > these win2k boxes to join the domain. > > thanks, > Stokes > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > I received this too, then I download the latest HEAD cvs, compiled, and it > > worked fine. > > > > Oh, btw, I did stumble a little, because after compiling, d/l, compiling, > > d/ling again, etc.. I finally discovered.. I forgot to delete my old > files. > > I have the RPM version of samba which installed executables in /usr/sbin > and > > I had my custom configured samba, that places the files /usr/bin, > /usr/man, > > /usr/lib, etc.... Only I did change smbpasswd and smb.conf to be located > in > > /etc, instead of /usr/etc... so now that I located all my old samba > stuff... > > (find / -name smb) and (find / -name nmb) I deleted the files, and > > re-installed my cvs builds, and all worked fine. > > > > > > ----- Original Message ----- > > From: "Stokes" > > To: "samba-ntdom" ; "Hazen Valliant-Saunders" > > > > Sent: Friday, January 05, 2001 11:50 AM > > Subject: Re: "No mapping between account names and security IDs was done." > > > > > > > *This message was transferred with a trial version of CommuniGate(tm) > Pro* > > > Yes, I certainly did make the root account. It was the first thing I > did > > > after installing samba. And, like I said, I am sure that the password > is > > > correct, because I tested an incorrect password and it told me the > account > > > info was incorrect. > > > > > > ----- Original Message ----- > > > From: "Hazen Valliant-Saunders" > > > To: "Stokes" > > > Sent: Friday, January 05, 2001 9:30 AM > > > Subject: RE: "No mapping between account names and security IDs was > done." > > > > > > > > > > Ok > > > > have you made a root account? > > > > (smbpasswd -a root?) > > > > you'll have to because the first time W2K logson to the domain you > must > > > use > > > > the root account and password, and when you add the root account use > the > > > > same password (better safe than sorry), afterwards you may use the > > > > Administrator account or which ever you created. > > > > > > > > -----Original Message----- > > > > From: samba-ntdom-admin@us5.samba.org > > > > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Stokes > > > > Sent: Friday, January 05, 2001 6:26 AM > > > > To: samba-ntdom > > > > Subject: "No mapping between account names and security IDs was done." > > > > > > > > > > > > All, > > > > > > > > I installed samba 2.2 from cvs download 2 days ago, and I can't seem > to > > > get > > > > a win2k machine to join the domain. I have an odd number of letters > in > > > the > > > > domain name, and I have created the machine account using both vipw > > > > (freeBSD) and smbpasswd -a -m. When I try to join the domain windows > > > says: > > > > "No mapping between account names and security IDs was done." > > > > > > > > I am positive that the password for root was correct (I tried this > many > > > > times, rebooted and everything). Also I have nuked and recreated the > > > > machine account many times now, and it always says the same thing. > > > > > > > > If anyone knows what causes this error please let me know, I really > need > > > to > > > > get win2k machines on the domain asap... > > > > > > > > Thanks, > > > > Stokes > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From moose at riven.net Sun Jan 7 04:27:04 2001 From: moose at riven.net (Jade E. Deane) Date: Tue Dec 2 02:32:59 2003 Subject: "No mapping between account names and security IDs was done." In-Reply-To: <000701c0785f$b1945b10$010aa8c0@shitepie> Message-ID: Perhaps the list has read my previous email regarding an win2k issue I'm having. I'm at the point now when I try and add the machine to the domain, I either receive "No mapping between account names and security IDs was done" or "The remote procedure call failed". Ideas? Jade -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Stokes Sent: Saturday, January 06, 2001 8:10 PM To: samba-ntdom Subject: Re: "No mapping between account names and security IDs was done." Well I'll be damned, I got it to work. I don't know what was causing that error, but I changed the name of the workgroup the win2k box was in (it was the same as the samba domain before) and then tried and it worked. Good luck to the rest of you! Stokes ----- Original Message ----- From: "Stokes" To: "samba-ntdom" ; "Armand Welsh" Sent: Saturday, January 06, 2001 7:51 PM Subject: Re: "No mapping between account names and security IDs was done." > Well, I tried the suggestion below and I still get the same error. I *know* > the root account info is correct, and before each attempt I removed the > machine account entry from my smbpasswd file and re-added it > (smbpasswd -a -m MACHINE). Then I wiped everything again and reinstalled > using today's CVS code, and tried adding a Win2k box using the default > smb.conf file from the PDC HowTo. Still, same error message. Also tried > same procedure with a different win2k box, same error. > > Here's my question, since nobody seems to be familiar with this error > message: What should the entry for the machine account look like in the > private/smbpasswd file? In the past I was able to add win2k machine using a > FreeBSD server (like, a month ago), but then my server crashed and I had to > reinstall the OS and everything... > > any suggestions? Anyone? I really need to get this worked out and get > these win2k boxes to join the domain. > > thanks, > Stokes > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > I received this too, then I download the latest HEAD cvs, compiled, and it > > worked fine. > > > > Oh, btw, I did stumble a little, because after compiling, d/l, compiling, > > d/ling again, etc.. I finally discovered.. I forgot to delete my old > files. > > I have the RPM version of samba which installed executables in /usr/sbin > and > > I had my custom configured samba, that places the files /usr/bin, > /usr/man, > > /usr/lib, etc.... Only I did change smbpasswd and smb.conf to be located > in > > /etc, instead of /usr/etc... so now that I located all my old samba > stuff... > > (find / -name smb) and (find / -name nmb) I deleted the files, and > > re-installed my cvs builds, and all worked fine. > > > > > > ----- Original Message ----- > > From: "Stokes" > > To: "samba-ntdom" ; "Hazen Valliant-Saunders" > > > > Sent: Friday, January 05, 2001 11:50 AM > > Subject: Re: "No mapping between account names and security IDs was done." > > > > > > > *This message was transferred with a trial version of CommuniGate(tm) > Pro* > > > Yes, I certainly did make the root account. It was the first thing I > did > > > after installing samba. And, like I said, I am sure that the password > is > > > correct, because I tested an incorrect password and it told me the > account > > > info was incorrect. > > > > > > ----- Original Message ----- > > > From: "Hazen Valliant-Saunders" > > > To: "Stokes" > > > Sent: Friday, January 05, 2001 9:30 AM > > > Subject: RE: "No mapping between account names and security IDs was > done." > > > > > > > > > > Ok > > > > have you made a root account? > > > > (smbpasswd -a root?) > > > > you'll have to because the first time W2K logson to the domain you > must > > > use > > > > the root account and password, and when you add the root account use > the > > > > same password (better safe than sorry), afterwards you may use the > > > > Administrator account or which ever you created. > > > > > > > > -----Original Message----- > > > > From: samba-ntdom-admin@us5.samba.org > > > > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Stokes > > > > Sent: Friday, January 05, 2001 6:26 AM > > > > To: samba-ntdom > > > > Subject: "No mapping between account names and security IDs was done." > > > > > > > > > > > > All, > > > > > > > > I installed samba 2.2 from cvs download 2 days ago, and I can't seem > to > > > get > > > > a win2k machine to join the domain. I have an odd number of letters > in > > > the > > > > domain name, and I have created the machine account using both vipw > > > > (freeBSD) and smbpasswd -a -m. When I try to join the domain windows > > > says: > > > > "No mapping between account names and security IDs was done." > > > > > > > > I am positive that the password for root was correct (I tried this > many > > > > times, rebooted and everything). Also I have nuked and recreated the > > > > machine account many times now, and it always says the same thing. > > > > > > > > If anyone knows what causes this error please let me know, I really > need > > > to > > > > get win2k machines on the domain asap... > > > > > > > > Thanks, > > > > Stokes > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From david_hemingway at lineone.net Sun Jan 7 09:15:51 2001 From: david_hemingway at lineone.net (David Hemingway) Date: Tue Dec 2 02:32:59 2003 Subject: win2K and RH6.2 Message-ID: I have just set up my RH6.2 box to login to my win2K box(pdc) and I can mount a directory in linux. But, I have a couplet of question. Is it possible to have my linux box appear in the network neigbourhood in windows? Can I mount the windows directory automatically at boot time? currently I use the following command 'smbmount //2000server/dir /mnt/dir -U admin -P passwd' then I get prompted for the password again. Can I mount a linux partion under windows? I would be grateful for any assistance. Regards David It's crazy enough it just might work. From anders at cwd.no Sun Jan 7 10:35:41 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:32:59 2003 Subject: win2K and RH6.2 In-Reply-To: Message-ID: <000101c07895$95fa6850$3202a8c0@thorsen.dhs.org> well, you can use "mount", Options 1) add the drive to /etc/fstab with options username=admin,password=password - This is stupid, as _everyone_ with access to your linux box will get to see the password 2) Create a boot time script or login script only readable to root or the user which will benefit from it with something like mount /mnt/dir //2000server/dir -ousername=admin,password=password Since I don't have a Linux box here at this time I haven't tested the syntax.. check the manpages if needed. --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of David Hemingway Sent: Sunday, January 07, 2001 10:16 AM To: samba-ntdom@us5.samba.org Subject: win2K and RH6.2 I have just set up my RH6.2 box to login to my win2K box(pdc) and I can mount a directory in linux. But, I have a couplet of question. Is it possible to have my linux box appear in the network neigbourhood in windows? Can I mount the windows directory automatically at boot time? currently I use the following command 'smbmount //2000server/dir /mnt/dir -U admin -P passwd' then I get prompted for the password again. Can I mount a linux partion under windows? I would be grateful for any assistance. Regards David It's crazy enough it just might work. From a9700671 at sp4.macarthur.uws.EDU.AU Sun Jan 7 11:56:26 2001 From: a9700671 at sp4.macarthur.uws.EDU.AU (Makis Marmaridis) Date: Tue Dec 2 02:32:59 2003 Subject: Virus scanner for samba file server In-Reply-To: <200101070009.AAA11283@zamenhof.demon.co.uk> Message-ID: <001201c078a0$de3a5840$15559a89@zeus> > Where I work, we use GNU wget to mirror the appropriate directories > from McAfee's FTP server to a local server, This sounds like a good idea especially if you have a lot of clients that rely on those updates. > > To move back on topic, we also use those files to update the .dat > files on our samba servers - we have no guarantee that all the clients > have up-to-date anti-virus software installed (one of the problems of > working in a university where much of the IT support is devolved to > the departments). I can relate to that! I work at a university as well... The situation I was referring to though in my original email was with respect to a tight lab environment where one can make sure that all the clients run the same version of the antivirus program. > > The only issue is that the Unix-based scanning is not on-access (as it > would be on Windows), but instead is a job that has to be scheduled. > Very true, this is where the antivirus program on the client machines proves useful! Cheers, Makis. From fratotec at terra.com.br Sun Jan 7 13:31:08 2001 From: fratotec at terra.com.br (Franz Baumgartner) Date: Tue Dec 2 02:32:59 2003 Subject: Message-ID: <001c01c078ae$399124f0$0c01a8c0@p266> confirm 873067 -------------- next part -------------- HTML attachment scrubbed and removed From kim.bjoern at mail.dk Sun Jan 7 23:18:09 2001 From: kim.bjoern at mail.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:32:59 2003 Subject: Samba 2.2.0a1 as PDC for Exchange Message-ID: Hi, I'm experimenting to setup a Samba 2.2.0a1 as PDC for an Exchange environment. I have tried to setup both a NT Server & a NT Workstation. Both was accepted as systems in the domain by the Samba server, and I can log on to the systems. But, when I run a smbclient query to the NT systems, they dont seem to accept the Samba as domain contoller. ftp 133# /usr/samba/bin/smbclient -L INTR-2SV -U root%XXXX added interface ip=192.168.206.203 bcast=192.168.206.255 nmask=255.255.255.0 Got a positive name query response from 192.168.206.103 ( 192.168.206.103 ) Domain=[FNIS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] Sharename Type Comment --------- ---- ------- ADMIN$ Disk Remote Admin IPC$ IPC Remote IPC C$ Disk Default share D$ Disk Default share E$ Disk Default share Server Comment --------- ------- Workgroup Master --------- ------- ftp 134# Any ideas? - Kim From schapiro at clerk.pi.huji.ac.il Mon Jan 8 06:02:21 2001 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:32:59 2003 Subject: Samba 2.2.0a1 as PDC for Exchange In-Reply-To: Message-ID: Hi, I tried once to set up Exchange on a Samba controlled domain (2.0.7) and already the setup program failed utterly (It complained about needing a Domain Controller ...) It really would be great if Samba would support this kind of things, too. Schlomo On Mon, 8 Jan 2001, Kim Bjoern Nielsen wrote: > Hi, > > I'm experimenting to setup a Samba 2.2.0a1 as PDC for an Exchange > environment. > > I have tried to setup both a NT Server & a NT Workstation. Both was accepted > as systems in the domain by the Samba server, and I can log on to the > systems. > > But, when I run a smbclient query to the NT systems, they dont seem to > accept the Samba as domain contoller. > > ftp 133# /usr/samba/bin/smbclient -L INTR-2SV -U root%XXXX > added interface ip=192.168.206.203 bcast=192.168.206.255 nmask=255.255.255.0 > Got a positive name query response from 192.168.206.103 ( 192.168.206.103 ) > Domain=[FNIS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] > > Sharename Type Comment > --------- ---- ------- > ADMIN$ Disk Remote Admin > IPC$ IPC Remote IPC > C$ Disk Default share > D$ Disk Default share > E$ Disk Default share > > Server Comment > --------- ------- > > Workgroup Master > --------- ------- > ftp 134# > > Any ideas? - Kim > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 Fax: 65-27349 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From cp at uni-wh.de Mon Jan 8 10:24:45 2001 From: cp at uni-wh.de (cp@uni-wh.de) Date: Tue Dec 2 02:32:59 2003 Subject: Can Samba 2.2 mount an administrative share from a local administrators account? Message-ID: Hi all, we have a serious problem with a samba 2.2 PDC installation which could force us to switch over to a W2K-Server :-((( and therefore I would like to know wether we misconfigured something or if this happens due to general limitations of the PDC-simulation capabilities of samba 2.2: When we login to the local administrator account of a NT4 Workstation which is member of a samba 2.2 controlled domain and try to access the administrative share of another NT4 Workstation in this domain, we shouldn?t be prompted for a password when the local administrator accounts passwords are the same on both machines. But we *are* prompted for the password which makes it impossible for our new "distribute software over the network automaticaly to all machines" system to do its job. Using the domain administrator account instead doesn?t work too. Is it possible to get this running somehow with an actual or upcoming (when?) version of samba 2.2??? Thanks in advance! Regards Christoph -------------------------------------------------------------------------------------------------------- Christoph Peus Tel: 02302 669212 Universitaet Witten/Herdecke Fax: 02302 669388 Bereich Informationstechnologie (BIT) E-Mail: cp@uni-wh.de -------------------------------------------------------------------------------------------------------- From jbcurry at hline.localhealth.net Mon Jan 8 14:20:49 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:32:59 2003 Subject: logon scripts for virus updates In-Reply-To: Message-ID: I just slapped one together not long ago for our network. We're using VirusScan version 4.x I pick up a new SDAT file from McAfee either monthly or whenever there's a virus scare, rename it to UPDATE.EXE and place it in the /netlogon directory. The following script is part of our logon.bat: if not exist c:\progra~1\networ~1\mcafee~1\avconsol.ini goto end update.exe /silent /logfile update.log :end The first line checks to see if McAfee is installed on the PC, and skips the SDAT update if it isn't. The second line runs the SDAT update without prompting or displaying the progress, but instead writes the results to a log file. I have the following cron entry rename the log file each night (ex. update.Mon, update.Tue, etc...) so that it doesn't grow too large, but that I can still look over the past week's update results if I need to: mv /home/netlogon/update.log /home/netlogon/update.`date +%a` If a computer has already been updated, it does not hurt to run the same SDAT again, but you'll see an error in your log file: "Product(s) already running latest version of engine and DAT files. Update process failed." Hope this is what you were looking for. > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Andrew Judge > Sent: Saturday, January 06, 2001 12:04 PM > To: Samba-Ntdom; Samba > Subject: logon scripts for virus updates > > > Does anyone have a good netlogon script to update mcafee virus > definitions? > I am currently using a kixtart32 script, but it isn't very good. Could > someone lead me in the right direction? > > Andy > > > From xpuech at laligue.org Mon Jan 8 15:26:45 2001 From: xpuech at laligue.org (Xavier Puech) Date: Tue Dec 2 02:32:59 2003 Subject: ntuser.dat Message-ID: <008001c07987$6965d0c0$800110ac@laligue.org> Hello, I get a template profile on netlogon directory to set up new NT users account. ( Clients runs under Windows Nt 4.0 Workstation ) When I create a new account, I copy the template profile ( Desktop Directory, ntuser.dat, etc... ) in user netlogon directory to have a new Profile ( Desktop and registry ) for the user. And I get this error : The user can't modify the registry base ( Desktop, and so on ). And of course I have no save copy for this user template profile. How can I get a new default user profile for NT ??? Thanks for your reply to xpuech@laligue.org Xavier Puech Responsable Syst?mes et R?seaux Ligue de l'enseignement 3 rue r?camier 75007 Paris T?l : 01 43 58 96 40 Port : 06 86 95 60 01 Fax : 01 43 58 97 34 E-mail : xpuech@laligue.org Web : http://www.laligue.org -------------- next part -------------- HTML attachment scrubbed and removed From anders at cwd.no Mon Jan 8 16:34:37 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:32:59 2003 Subject: ntuser.dat In-Reply-To: <008001c07987$6965d0c0$800110ac@laligue.org> Message-ID: <000301c07990$e4b0fdf0$3202a8c0@thorsen.dhs.org> Because the profile is registred to a user (not only file permissions). Got to My Computer, right click, select properties go to profiles, and use "Copy Profile" to do stuff like that. Should be on the FAQ! --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Xavier Puech Sent: Monday, January 08, 2001 4:27 PM To: samba-ntdom@us5.samba.org Subject: ntuser.dat Hello, I get a template profile on netlogon directory to set up new NT users account. ( Clients runs under Windows Nt 4.0 Workstation ) When I create a new account, I copy the template profile ( Desktop Directory, ntuser.dat, etc... ) in user netlogon directory to have a new Profile ( Desktop and registry ) for the user. And I get this error : The user can't modify the registry base ( Desktop, and so on ). And of course I have no save copy for this user template profile. How can I get a new default user profile for NT ??? Thanks for your reply to xpuech@laligue.org Xavier Puech Responsable Syst?mes et R?seaux Ligue de l'enseignement 3 rue r?camier 75007 Paris T?l : 01 43 58 96 40 Port : 06 86 95 60 01 Fax : 01 43 58 97 34 E-mail : xpuech@laligue.org Web : http://www.laligue.org -------------- next part -------------- HTML attachment scrubbed and removed From david_hemingway at lineone.net Mon Jan 8 19:00:32 2001 From: david_hemingway at lineone.net (David Hemingway) Date: Tue Dec 2 02:32:59 2003 Subject: win2K and RH6.2 In-Reply-To: Message-ID: Hi from the smbclient list I get this output sharename type comment --------- ----- -------- IPC$ IPC Remote IPC D$ Disk Default share print$ Disk Printer Drivers EpsonSty Printer Epson Stylus Color C Disk ...etc Server Comment -------- ------- 2000SERVER Workgroup Master --------- ------- PLUTOPROIGRAMMER 2000SERVER From peter.lai at efi.com Mon Jan 8 19:19:34 2001 From: peter.lai at efi.com (Peter Lai) Date: Tue Dec 2 02:32:59 2003 Subject: NT point and print system Message-ID: > Hi: > > I am working on a project that uses samba's point and print support for > NT. > I have some questions for you and I hope you can help me : > > I understand that the way pnp for NT works is to upload the driver from NT > to Linux first, and then > install it from Linux. Is there anyway I can just add drivers to Linux > without uploading from NT? > > I've tried to put the driver files into my print$ path and paste > ntdrivers.tdb in var/locks and it seems to > work, but I have a lot of different products that has upgrade driver files > on a regular bases, so I thought > it would be a good idea to know how the tdb works. Can you tell me which > function(s) put the driver file > names in ntdrivers.tdb beside tdb_update and tdb_store? (I've tried > tdb_update and tdb_store, but it > only put the key value in ntdrivers.tdb, not the data itself. Somehow > someway, the driver file names > magically appear in the ntdriver.tdb without calling tdb_update again...) > > Thanks a whole lots in advance! > > -Peter > From emccoy at hamilton.edu Tue Jan 9 00:28:37 2001 From: emccoy at hamilton.edu (Eric P. McCoy) Date: Tue Dec 2 02:32:59 2003 Subject: Failure to save/load roaming profiles Message-ID: <4.3.2.7.2.20010108192654.00c7df18@mail.enfld1.ct.home.com> After a certain length of execution, Windows 2000 reports that it can't save part of the roaming profile; from that point on, all attempts to load roaming profiles also fail. Stopping and restarting Samba solved it. There were no messages displayed in the log (but I only had it at level 4). This is Samba "HEAD." Hardly a hugely pressing concern, but I wanted to make you all aware of it, if you weren't already. -- Eric P. McCoy "Jamaican? I thought you were some sort of outer-space potato man!" From vgill at technologist.com Tue Jan 9 04:07:21 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:32:59 2003 Subject: Samba 2.2.0a1 as PDC for Exchange Message-ID: <8D043DEA73DFD411958A00A0C90AB7607B98@pptp.gillnet.org> I don't know about the latest samba head branch, but the latest TNG branch is workin great for me to do this very thing... -----Original Message----- From: Schlomo Schapiro [mailto:schapiro@clerk.pi.huji.ac.il] Sent: Sunday, January 07, 2001 10:02 PM To: Kim Bjoern Nielsen Cc: samba-ntdom@us5.samba.org Subject: Re: Samba 2.2.0a1 as PDC for Exchange Hi, I tried once to set up Exchange on a Samba controlled domain (2.0.7) and already the setup program failed utterly (It complained about needing a Domain Controller ...) It really would be great if Samba would support this kind of things, too. Schlomo On Mon, 8 Jan 2001, Kim Bjoern Nielsen wrote: > Hi, > > I'm experimenting to setup a Samba 2.2.0a1 as PDC for an Exchange > environment. > > I have tried to setup both a NT Server & a NT Workstation. Both was accepted > as systems in the domain by the Samba server, and I can log on to the > systems. > > But, when I run a smbclient query to the NT systems, they dont seem to > accept the Samba as domain contoller. > > ftp 133# /usr/samba/bin/smbclient -L INTR-2SV -U root%XXXX > added interface ip=192.168.206.203 bcast=192.168.206.255 nmask=255.255.255.0 > Got a positive name query response from 192.168.206.103 ( 192.168.206.103 ) > Domain=[FNIS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] > > Sharename Type Comment > --------- ---- ------- > ADMIN$ Disk Remote Admin > IPC$ IPC Remote IPC > C$ Disk Default share > D$ Disk Default share > E$ Disk Default share > > Server Comment > --------- ------- > > Workgroup Master > --------- ------- > ftp 134# > > Any ideas? - Kim > > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 Fax: 65-27349 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From ctrlsoft at dds.nl Tue Jan 9 12:19:10 2001 From: ctrlsoft at dds.nl (ctrlsoft@dds.nl) Date: Tue Dec 2 02:32:59 2003 Subject: Profiles, roaming and roving profiles Message-ID: <243076630.979042750460.JavaMail.ctrlsoft@dds.nl> Hi, I have been reading the samba site and the docs. Everything works fine here, except I get the message 'Couldn't load your profile' when trying to log in. What is the difference between 'profiles','roaming profiles' and 'roving profiles' and which are supported by samba? Jelmer From volk at fh-koblenz.de Tue Jan 9 13:16:38 2001 From: volk at fh-koblenz.de (Alfred Volk) Date: Tue Dec 2 02:32:59 2003 Subject: 2.2a1 and Printing Message-ID: <3A5B0F36.80796F6A@fh-koblenz.de> Hi, I have problems installing printer drivers on the NT-Workstation. After selecting New Printer in the ControlPanel I and giving the name \\rzaltbau\lj5si the following message appears: The connection to the printer can not be made. The printer name is not valid. A bad translation from the german message. On the Unix-side (Solaris 8) the printer works fine. Here is my smb.conf: [Global] workgroup = FHALTBAU netbios name = rzaltbau interfaces = 143.93.144.5/255.255.252.0 os level = 65 domain logons = yes security = user browseable = no wide links = yes domain master = yes preferred master = yes local master = yes passwordlevel = 4 encrypt passwords = yes server string = %h Samba Server %v character set = iso8859-1 client codepage = 850 log file = /usr/local/samba/var/log.%M.%a debuglevel = 10 load printers = no logon path = \\%L\Profiles\%U logon drive = z: domain admin group = volk wins server = 143.93.145.200 [Homes] ... [Profiles] ... [Netlogon] ... [LjColor] comment = LaserJet Color 5MP im Maschinensaal path = /var/spool/lp/samba guest ok = yes printable = yes postscript = yes printer = ljc browseable = yes [Lj5si] comment = LaserJet 5SiMX im Maschinensaal path = /var/spool/lp/samba guest ok = yes printable = yes postscript = yes printer = lj5 browseable = yes Who can help me? Regards Alfred Volk volk@fh-koblenz.de FH Koblenz / Rechenzentrum Finkenherd 4 56075 Koblenz Tel: +49 261 9528133 Fax: +49 261 9528131 From jroman6 at ford.com Tue Jan 9 19:55:26 2001 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:32:59 2003 Subject: samba authentication Message-ID: <200101091955.f09JtVs14399@dymwsm12.mailwatch.com> Possibly a shot in the dark, but see if you have restrict anonymous = true, if so try setting it to false and see if that fixes the problem. -----Original Message----- From: Armand Welsh [mailto:armand@welshhome.org] Sent: Wednesday, January 03, 2001 4:58 PM To: ashamril@aurallix.com; Samba-Ntdom (E-mail) Subject: Re: samba authentication *This message was transferred with a trial version of CommuniGate(tm) Pro* I had this problem too, with 2.0.6, and 2.0.7, I use the HEAD cvs and it work Perfect for authentication... ----- Original Message ----- From: "Ami Shamril" To: "Samba-Ntdom (E-mail)" Sent: Tuesday, January 02, 2001 11:50 PM Subject: samba authentication > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Hi... > I've successfully configured samba 2.0.6 (RH6.2) as a PDC. > All my users (Win9X) can log into the server. > But there is one problem... sometimes we must enter at least 3 times the > password b4 the server authenticated it. > 1st & 2nd time the error is password not correct.... Even we key in the > correct password. For the 3rd time normally ok... > Anybody have the same problem... > Please advise > TQ in advance. > > > From malyprogservices at flashmail.com Tue Jan 9 20:16:06 2001 From: malyprogservices at flashmail.com (Tomas Maly) Date: Tue Dec 2 02:32:59 2003 Subject: Samba as a 2000 Server Message-ID: <3A5B7186.515A43D8@flashmail.com> What exactly would be needed to implement Samba (head or TNG) to act as a native NT 5 (2000) Server? I was just wondering what the status of the work on that, as well as what would need to be implemented (and how to make sure the 2000 machines know the Samba server is a 2000 server versus an NT server) to make that work. Not that I think it's gonna happen, I'm just wondering what would be needed. I know at least that there is DFS, LDAP, and Kerberos 5 in 2000 versus NT....And I know MS has add some proprietary code/implementation with Krb5 and LDAP as well....I was just wondering if it's intended to be implemented, that's all. -- Tomas Maly "IT Freak" MontaVista Software (408) 328-8429 tmaly@mvista.com From Petter.Abrahamsson at mobilenews.ch Wed Jan 10 08:54:53 2001 From: Petter.Abrahamsson at mobilenews.ch (Petter Abrahamsson) Date: Tue Dec 2 02:32:59 2003 Subject: samba authentication In-Reply-To: <200101091955.f09JtVs14399@dymwsm12.mailwatch.com> Message-ID: <20010110085446.35290D0AC@insideout.mobilenews.ch> Hi, I'm having the same kind of problem with our office system. I just recently switched over to Samba 2.0.7 from having been using NT Server 4.0. The NT machine was setup to be PDC at installation and since (correct me if I'm wrong) it can't be set to be a backup domain controller without reinstalling NT, it was set to a new domain and the Samba server was setup to be PDC, using the old domain name from the NT server. All users are using Windows 98 to login and they too, usually have to try several times before they are logged in. Is it possible that there is some sort of conflict between the NT server and the Samba server? Or maybe I've missed some important step in the configuration. Here's the smb.conf [global] workgroup = MNC server string = Samba Server %v hosts allow = 192.168.0. 127. printcap name = lpstat load printers = yes printing = cups log file = /var/log/samba/log.%m max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/samba/private/smbpasswd os level = 65 domain logons = yes logon script = scripts\%U.bat wins support = yes name resolve order = wins lmhosts bcast dns proxy = no domain master = yes domain admin group = @smbadmin status = yes I skipped the shares and the printers here. Thankful for any help I can get. I would prefer to solve this problem rather than switching back to using NT. Thanks in advance /petter On 09 Jan 2001 14:55:26 -0500, Roman, James (J.D.) wrote: > Possibly a shot in the dark, but see if you have restrict anonymous = true, > if so try setting it to false and see if that fixes the problem. > > -----Original Message----- > From: Armand Welsh [mailto:armand@welshhome.org] > Sent: Wednesday, January 03, 2001 4:58 PM > To: ashamril@aurallix.com; Samba-Ntdom (E-mail) > Subject: Re: samba authentication > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > I had this problem too, with 2.0.6, and 2.0.7, I use the HEAD cvs and it > work Perfect for authentication... > > ----- Original Message ----- > From: "Ami Shamril" > To: "Samba-Ntdom (E-mail)" > Sent: Tuesday, January 02, 2001 11:50 PM > Subject: samba authentication > > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > > > Hi... > > I've successfully configured samba 2.0.6 (RH6.2) as a PDC. > > All my users (Win9X) can log into the server. > > But there is one problem... sometimes we must enter at least 3 times the > > password b4 the server authenticated it. > > 1st & 2nd time the error is password not correct.... Even we key in the > > correct password. For the 3rd time normally ok... > > Anybody have the same problem... > > Please advise > > TQ in advance. > > > > > > > > > -- \|/ (* *) ----------oo0--(_)--0oo--------------------------------- Petter Abrahamsson Petter.Abrahamsson@mobilenews.ch Mobile News Channel http://www.mobilenews.ch -------------------------------------------------------- From hansjoerg.maurer at itsd.de Wed Jan 10 17:23:44 2001 From: hansjoerg.maurer at itsd.de (Dr. Hansjoerg Maurer) Date: Tue Dec 2 02:32:59 2003 Subject: Samba2.2, W2000 and WindowsME Message-ID: <3A5C9AA0.BDBD5AAF@itsd.de> Hi, I have installed samba2.2 as a PDC for W2K and everything works fine. But we have some WindowsME clients and I am unable to connect to a share of the samba server with them. (just for fileserving) I set encrypt password to yes, otherwise W2k won't connect . I have tried to set the registry entry in Windows ME (Plainpasswd... ) to 0 but it doesn't help. Is it possible to connect to samba2.2 with WindowsME and how. Thanks for your great work Hansjoerg -- Dr. Hansj?rg Maurer itsystems Deutschland AG Linprunstr. 10 D-80335 Muenchen Ph/Fax +49 89 52 04 68-41/-59 From trunks at libero.it Wed Jan 10 18:29:13 2001 From: trunks at libero.it (trunks@libero.it) Date: Tue Dec 2 02:32:59 2003 Subject: User rights Message-ID: Hi to everyone and happy new year. I have a little problem: how can I allow a user to set system time? I have a script with "net time " command, but every time it gives me error. I think rights leak is the reasons. From hulet at ittc.ukans.edu Wed Jan 10 18:32:22 2001 From: hulet at ittc.ukans.edu (Michael S. Hulet) Date: Tue Dec 2 02:32:59 2003 Subject: User rights In-Reply-To: Message-ID: If you are talking about Windows NT: Open up User Manager Policies User Rights Change the system time Grant to: Everyone If you don't grant to everyone, you'll have to grant to each individual who uses the machine. Michael Hulet Network System Administrator ITTC, University of Kansas On Wed, 10 Jan 2001, trunks@libero.it wrote: > Hi to everyone and happy new year. > I have a little problem: how can I allow a user to set system time? > I have a script with "net time " command, but every time it gives me > error. I think rights leak is the reasons. > > From colby at atlantes.com Wed Jan 10 20:08:48 2001 From: colby at atlantes.com (Colby Voorhees) Date: Tue Dec 2 02:32:59 2003 Subject: can't find service Message-ID: <002f01c07b41$25984240$8033a8c0@Atlantes.com> I've got Samba 2.0.6 running on FreeBSD 4.0. Samba runs great except for one share point. While browsing with Windows Explorer or mapping the file share "open" directly, I get an error that says the "network name can't be found." The error in my samba log is: [2001/01/10 12:02:35, 2] smbd/server.c:main(735) Changed root to / [2001/01/10 12:02:35, 2] smbd/reply.c:reply_special(97) netbios connect: name1=SMBSERVER name2=MYMACHINENAME [2001/01/10 12:02:35, 0] smbd/service.c:make_connection(209) tule (172.17.3.4) couldn't find service public_folder [2001/01/10 12:02:35, 0] smbd/service.c:make_connection(209) tule (172.17.3.4) couldn't find service public_folder [2001/01/10 12:02:36, 0] smbd/service.c:make_connection(209) tule (172.17.3.4) couldn't find service public_folder [2001/01/10 12:02:36, 2] smbd/server.c:exit_server(408) Closing connections I've got a number of other points mapped in the same configuration that connect just fine. Below is my smb.conf file: -------------------------------------------------------------------------- # FYI: samba log /var/log/smblogs # debug level = 1 # Global parameters [global] workgroup = *nameofNTdomain* security = domain password server = *nameofmypasswordserver* server string = FreeBSD Samba 2.0.5 map to guest = Bad Password encrypt passwords = yes smb passwd file = /etc/smbpasswd log file = /var/log/smblogs log level = 2 ; Max log size in KB max log size = 5000 [%U] comment = Home directory for %U path = %H writable = yes # use the %U hack above instead.... ;[homes] ;comment = Home Directories ;writable = yes ;public = yes ;browseable = yes [Home dirs] path = /usr/home public = no writable = yes [Atlantes] path = /usr/local/samba/Atlantes public = yes only guest = yes writable = yes printable = no [public_folder] path = /usr/local/samba/public_folder public = yes only guest = yes writable = yes printable = no create mask = 777 directory mask = 777 Thanks in advance for any help. Colby Voorhees colby@atlantes.com Operations Engineer From WoodJ at metatec.com Wed Jan 10 20:28:31 2001 From: WoodJ at metatec.com (Wood, Jeremy) Date: Tue Dec 2 02:32:59 2003 Subject: Passwd problems Message-ID: <2942C1A0B909B24CB7330E4FC6B7D2AE2AB6@exchange01.dublin.metatec.com> Hello all, I am in a bit if a dilemma here. At my company, which is mostly M$ based, I have been able to talk them into putting a few Linux machines into place running Samba as file servers. Some people in the company check to see when files have arrived on this machine by "browsing" (Network Nieghborhood) to the Samba Server. We have recently implemented a password policy that will be aging the domain logons every 90 days. Here's my problem, I need to have the samba server update the smbpasswd file somehow with the users new domain password. Most of the people that check this server for files are barely smart enough to run windows so I can't even get into having them SSH to the file server and fix the problem themselves. Basically my question is: When someone changes thier NT doamin password (say thru Ctl+Alt+Del on NT), how do I automate it so the smbpasswd on the Samba machine is also updated? Jeremy Wood Server Technologist Metatec International, Inc 614.761.2000 ext 4511 woodj@metatec.com "[quote removed because of complaints... yes really]" From colby at atlantes.com Wed Jan 10 20:33:54 2001 From: colby at atlantes.com (Colby Voorhees) Date: Tue Dec 2 02:32:59 2003 Subject: can't find service In-Reply-To: <002f01c07b41$25984240$8033a8c0@Atlantes.com> Message-ID: <003001c07b44$a7146c60$8033a8c0@Atlantes.com> My apologies friends, I am trying to get to the share "public_folder" not 'open'. Sorry for the confusion. Again, thanks for your help. -cv -----Original Message----- From: samba-ntdom-admin@us5.samba.org Sent: Wednesday, January 10, 2001 12:09 PM Subject: can't find service I've got Samba 2.0.6 running on FreeBSD 4.0. Samba runs great except for one share point. While browsing with Windows Explorer or mapping the file share "open" directly, I get an error that says the "network name can't be found." The error in my samba log is: [2001/01/10 12:02:35, 2] smbd/server.c:main(735) Changed root to / [2001/01/10 12:02:35, 2] smbd/reply.c:reply_special(97) netbios connect: name1=SMBSERVER name2=MYMACHINENAME [2001/01/10 12:02:35, 0] smbd/service.c:make_connection(209) tule (172.17.3.4) couldn't find service public_folder [2001/01/10 12:02:35, 0] smbd/service.c:make_connection(209) tule (172.17.3.4) couldn't find service public_folder [2001/01/10 12:02:36, 0] smbd/service.c:make_connection(209) tule (172.17.3.4) couldn't find service public_folder [2001/01/10 12:02:36, 2] smbd/server.c:exit_server(408) Closing connections I've got a number of other points mapped in the same configuration that connect just fine. Below is my smb.conf file: -------------------------------------------------------------------------- # FYI: samba log /var/log/smblogs # debug level = 1 # Global parameters [global] workgroup = *nameofNTdomain* security = domain password server = *nameofmypasswordserver* server string = FreeBSD Samba 2.0.5 map to guest = Bad Password encrypt passwords = yes smb passwd file = /etc/smbpasswd log file = /var/log/smblogs log level = 2 ; Max log size in KB max log size = 5000 [%U] comment = Home directory for %U path = %H writable = yes # use the %U hack above instead.... ;[homes] ;comment = Home Directories ;writable = yes ;public = yes ;browseable = yes [Home dirs] path = /usr/home public = no writable = yes [Atlantes] path = /usr/local/samba/Atlantes public = yes only guest = yes writable = yes printable = no [public_folder] path = /usr/local/samba/public_folder public = yes only guest = yes writable = yes printable = no create mask = 777 directory mask = 777 Thanks in advance for any help. Colby Voorhees colby@atlantes.com Operations Engineer From danch at str.com Wed Jan 10 20:43:59 2001 From: danch at str.com (Dan Christopherson) Date: Tue Dec 2 02:32:59 2003 Subject: Passwd problems In-Reply-To: <2942C1A0B909B24CB7330E4FC6B7D2AE2AB6@exchange01.dublin.metatec.com> Message-ID: Look into setting security=server and pointing it at one of your domain controllers. I've been running a few Solaris and Linux boxes that way for years now. This way you don't need the local smbpasswd file at all ('though you _do_ still need a local Linux account) At a higher end, you could look at running samba as a domain member. On Wed, 10 Jan 2001, Wood, Jeremy wrote: > Hello all, > I am in a bit if a dilemma here. At my company, which is mostly M$ > based, I have been able to talk them into putting a few Linux machines into > place running Samba as file servers. Some people in the company check to > see when files have arrived on this machine by "browsing" (Network > Nieghborhood) to the Samba Server. We have recently implemented a password > policy that will be aging the domain logons every 90 days. Here's my > problem, I need to have the samba server update the smbpasswd file somehow > with the users new domain password. Most of the people that check this > server for files are barely smart enough to run windows so I can't even get > into having them SSH to the file server and fix the problem themselves. > Basically my question is: When someone changes thier NT doamin > password (say thru Ctl+Alt+Del on NT), how do I automate it so the smbpasswd > on the Samba machine is also updated? > > Jeremy Wood > Server Technologist > Metatec International, Inc > 614.761.2000 ext 4511 > woodj@metatec.com > > "[quote removed because of complaints... yes really]" > > -- Dan Christopherson (danch) nVisia Technical Architect (www.nvisia.com) Opinions expressed are mine and do not neccessarily reflect any position or opinion of nVisia, Inc. --------------------------------------------------------------------------- If you're a capitalist and you have the best goods and they're free, you don't have to proselytize, you just have to wait. -Eben Moglen From john_cap at lycos.com Wed Jan 10 21:04:04 2001 From: john_cap at lycos.com (john m vr) Date: Tue Dec 2 02:32:59 2003 Subject: Office 2000 documents and Samba Message-ID: Greetings. I am have a little problem here. I am trying to view MS office documents under Win NT, that are stored on an NFS drive that is mounted to a samba machine, which shares them to NT. This method seems to work fine for all other documents, except office ones. When I try to view them I get an error message that I do not have the rights to do this operation. My smbuser ID numbers are the same as the ID's for the documents owners on the NFS drive. I am using samba 2.0.7 Any help would be appreciated John Get FREE Email/Voicemail with 15MB at Lycos Communications at http://comm.lycos.com From garcian002 at hawaii.rr.com Wed Jan 10 21:21:18 2001 From: garcian002 at hawaii.rr.com (Nelson Garcia) Date: Tue Dec 2 02:32:59 2003 Subject: Office 2000 documents and Samba References: Message-ID: <007d01c07b4b$45bd2040$8122050a@cpf.navy.mil> I'm only guessing but, could this be a permissions problem? I know that MS Office tries to create a temporary working copy of the file when you open a document. However, in my setup at home the files open without any problem as when a user does not have write permission. I'm also using 2.0.7. Aloha, Nelson ----- Original Message ----- From: "john m vr" To: Sent: Wednesday, January 10, 2001 11:04 AM Subject: Office 2000 documents and Samba > Greetings. > I am have a little problem here. > I am trying to view MS office documents under Win NT, that are stored on an NFS drive that is mounted to a samba machine, which shares them to NT. > This method seems to work fine for all other documents, except office ones. When I try to view them I get an error message that I do not have the rights to do this operation. > My smbuser ID numbers are the same as the ID's for the documents owners on the NFS drive. > I am using samba 2.0.7 > Any help would be appreciated > John > > > Get FREE Email/Voicemail with 15MB at Lycos Communications at http://comm.lycos.com > From ganze at eng.buffalo.edu Wed Jan 10 21:46:28 2001 From: ganze at eng.buffalo.edu (Phillip E. Ganze) Date: Tue Dec 2 02:32:59 2003 Subject: Couldn't find Message-ID: <3A5CD834.F948399F@eng.buffalo.edu> I am using samba 2.2 alpha1 and have gotten it to work properly with DCE/DFS. I can get into the folders shares but I get an error message when trying to access the printers. When I start up smbd & nmbd with '-d A' for debugging I get the message 'Couldn't find ' I get this for each printer. Below is how I have my printing configured in smb.conf [global] load printers = yes printcap name = lpstat printing = sysv [printers] comment = All Printers path = /var/spool/samba/tmp browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes Any help would be greatly appreciated. Phil... -- Phillip E. Ganze Senior Systems Integrator University at Buffalo, SENS 108 Bell Hall Buffalo, NY 14260 Phone: (716) 645-3797 x2175 Fax: (716) 645-3704 E-mail: ganze@eng.buffalo.edu http://www.eng.buffalo.edu/~ganze From jim at jmorris.dynip.com Wed Jan 10 22:23:32 2001 From: jim at jmorris.dynip.com (Jim Morris) Date: Tue Dec 2 02:32:59 2003 Subject: Passwd problems In-Reply-To: <2942C1A0B909B24CB7330E4FC6B7D2AE2AB6@exchange01.dublin.metatec.com> References: <2942C1A0B909B24CB7330E4FC6B7D2AE2AB6@exchange01.dublin.metatec.com> Message-ID: <1836689958.20010110162332@jmorris.dynip.com> Hello Jeremy, Wednesday, January 10, 2001, 2:28:31 PM, you wrote: WJ> Basically my question is: When someone changes thier NT doamin WJ> password (say thru Ctl+Alt+Del on NT), how do I automate it so the smbpasswd WJ> on the Samba machine is also updated? Why don't you configure the Samba server(s) to authenticate the users against the NT domain controller? I.e. make Samba participate as a domain member. This is done by: 1. Create a trust (machine) account on the NT PDC for the Samba machine. Do this with the Server Manager application on NT. 2. Run smbpasswd on the Samba server to join the domain. Ex: smbpasswd -j domain -r servername where domain is the name of the domain to join, and servername is the NETBIOS name of the PDC. 3. Modify smb.conf so that users are authenticated against the NT PDC: workgroup = NTDOM security = domain password server = servername encrypt passwords = true Where NTDOM is the name of the domain, and servername is the name of the NT PDC. Hope this helps! -- Best regards, Jim Morris mailto:Jim@Morris.net From simo.sorce at polimi.it Thu Jan 11 00:26:24 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:32:59 2003 Subject: Passwd problems In-Reply-To: <2942C1A0B909B24CB7330E4FC6B7D2AE2AB6@exchange01.dublin.metatec.com> Message-ID: If you do not need these users to use their system account on linux, make samba resolve passwords against the PDC. see password server option (man smb.conf) On Wed, 10 Jan 2001, Wood, Jeremy wrote: > Hello all, > I am in a bit if a dilemma here. At my company, which is mostly M$ > based, I have been able to talk them into putting a few Linux machines into > place running Samba as file servers. Some people in the company check to > see when files have arrived on this machine by "browsing" (Network > Nieghborhood) to the Samba Server. We have recently implemented a password > policy that will be aging the domain logons every 90 days. Here's my > problem, I need to have the samba server update the smbpasswd file somehow > with the users new domain password. Most of the people that check this > server for files are barely smart enough to run windows so I can't even get > into having them SSH to the file server and fix the problem themselves. > Basically my question is: When someone changes thier NT doamin > password (say thru Ctl+Alt+Del on NT), how do I automate it so the smbpasswd > on the Samba machine is also updated? > > Jeremy Wood > Server Technologist > Metatec International, Inc > 614.761.2000 ext 4511 > woodj@metatec.com > > "[quote removed because of complaints... yes really]" > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From ejackson at flashmail.com Thu Jan 11 00:30:04 2001 From: ejackson at flashmail.com (Ed Jackson) Date: Tue Dec 2 02:33:00 2003 Subject: The procedure number is out of range error Message-ID: Pak (and group), Was the issue of receiving the error "the procedure number is out of range" get resolved? (see link for original posting). http://samba.cadcamlab.org/lists/samba-ntdom/Nov2000/00340.html I'm hitting the same error with 2.0.7 samba PDC and win2k workstation. I thought I follwed all of the FAQs/README's Thanks for any help provided - Ed From slu at firerun.net Thu Jan 11 00:41:59 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:00 2003 Subject: The procedure number is out of range error References: Message-ID: <3A5D0157.78AE68B4@firerun.net> samba 2.0.7 cannot be a PDC for win2k machine. You will need to download the cvs of 2.2 to be able to have win2k join a samba controlled domain. Patrick Ed Jackson wrote: > Pak (and group), Was the issue of receiving the error "the procedure number > is out of range" get resolved? (see link for original posting). > > http://samba.cadcamlab.org/lists/samba-ntdom/Nov2000/00340.html > > I'm hitting the same error with 2.0.7 samba PDC and win2k workstation. > > I thought I follwed all of the FAQs/README's > > Thanks for any help provided - Ed From armand at welshhome.org Thu Jan 11 03:18:03 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:00 2003 Subject: "No mapping between account names and security IDs was done." References: Message-ID: <003401c07b7d$4a7ba700$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* hehehehe... see the archives? :) This is a non-stop issue.. everyday almost, someone asks this... If you have the latest cvs, and follow the instructions to the letter, it should work. First thing I would check is what version of smbd you have, then I would do a ( find / -name smbd 2> /dev/null ) to locate all occurances of the darned thing. Don't rely on locate since there is not guarantee that it's database is up to date, unless you issue an ( locate -u ) as root. Of course don't type in the ( ) characters... If you know that you only have one copy of samba, and it's the latest version, then and only then would I proceed with trouble shooting. Remember that if certain joining attempts to the domain may require you to delete the machine account from smbpasswd and re-create it. And of course, don't forget to add root to the smbpasswd file either. Armand. ----- Original Message ----- From: "Jade E. Deane" To: "Stokes" ; "samba-ntdom" Sent: Saturday, January 06, 2001 8:27 PM Subject: RE: "No mapping between account names and security IDs was done." > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Perhaps the list has read my previous email regarding an win2k issue I'm > having. > I'm at the point now when I try and add the machine to the domain, I either > receive "No mapping between account names and security IDs was done" or "The > remote procedure call failed". > > Ideas? > > Jade > > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Stokes > Sent: Saturday, January 06, 2001 8:10 PM > To: samba-ntdom > Subject: Re: "No mapping between account names and security IDs was > done." > > > Well I'll be damned, I got it to work. I don't know what was causing that > error, but I changed the name of the workgroup the win2k box was in (it was > the same as the samba domain before) and then tried and it worked. > > Good luck to the rest of you! > > Stokes > > ----- Original Message ----- > From: "Stokes" > To: "samba-ntdom" ; "Armand Welsh" > > Sent: Saturday, January 06, 2001 7:51 PM > Subject: Re: "No mapping between account names and security IDs was done." > > > > Well, I tried the suggestion below and I still get the same error. I > *know* > > the root account info is correct, and before each attempt I removed the > > machine account entry from my smbpasswd file and re-added it > > (smbpasswd -a -m MACHINE). Then I wiped everything again and reinstalled > > using today's CVS code, and tried adding a Win2k box using the default > > smb.conf file from the PDC HowTo. Still, same error message. Also tried > > same procedure with a different win2k box, same error. > > > > Here's my question, since nobody seems to be familiar with this error > > message: What should the entry for the machine account look like in the > > private/smbpasswd file? In the past I was able to add win2k machine using > a > > FreeBSD server (like, a month ago), but then my server crashed and I had > to > > reinstall the OS and everything... > > > > any suggestions? Anyone? I really need to get this worked out and get > > these win2k boxes to join the domain. > > > > thanks, > > Stokes > > > > > *This message was transferred with a trial version of CommuniGate(tm) > Pro* > > > I received this too, then I download the latest HEAD cvs, compiled, and > it > > > worked fine. > > > > > > Oh, btw, I did stumble a little, because after compiling, d/l, > compiling, > > > d/ling again, etc.. I finally discovered.. I forgot to delete my old > > files. > > > I have the RPM version of samba which installed executables in /usr/sbin > > and > > > I had my custom configured samba, that places the files /usr/bin, > > /usr/man, > > > /usr/lib, etc.... Only I did change smbpasswd and smb.conf to be located > > in > > > /etc, instead of /usr/etc... so now that I located all my old samba > > stuff... > > > (find / -name smb) and (find / -name nmb) I deleted the files, and > > > re-installed my cvs builds, and all worked fine. > > > > > > > > > ----- Original Message ----- > > > From: "Stokes" > > > To: "samba-ntdom" ; "Hazen Valliant-Saunders" > > > > > > Sent: Friday, January 05, 2001 11:50 AM > > > Subject: Re: "No mapping between account names and security IDs was > done." > > > > > > > > > > *This message was transferred with a trial version of CommuniGate(tm) > > Pro* > > > > Yes, I certainly did make the root account. It was the first thing I > > did > > > > after installing samba. And, like I said, I am sure that the password > > is > > > > correct, because I tested an incorrect password and it told me the > > account > > > > info was incorrect. > > > > > > > > ----- Original Message ----- > > > > From: "Hazen Valliant-Saunders" > > > > To: "Stokes" > > > > Sent: Friday, January 05, 2001 9:30 AM > > > > Subject: RE: "No mapping between account names and security IDs was > > done." > > > > > > > > > > > > > Ok > > > > > have you made a root account? > > > > > (smbpasswd -a root?) > > > > > you'll have to because the first time W2K logson to the domain you > > must > > > > use > > > > > the root account and password, and when you add the root account use > > the > > > > > same password (better safe than sorry), afterwards you may use the > > > > > Administrator account or which ever you created. > > > > > > > > > > -----Original Message----- > > > > > From: samba-ntdom-admin@us5.samba.org > > > > > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Stokes > > > > > Sent: Friday, January 05, 2001 6:26 AM > > > > > To: samba-ntdom > > > > > Subject: "No mapping between account names and security IDs was > done." > > > > > > > > > > > > > > > All, > > > > > > > > > > I installed samba 2.2 from cvs download 2 days ago, and I can't seem > > to > > > > get > > > > > a win2k machine to join the domain. I have an odd number of letters > > in > > > > the > > > > > domain name, and I have created the machine account using both vipw > > > > > (freeBSD) and smbpasswd -a -m. When I try to join the domain > windows > > > > says: > > > > > "No mapping between account names and security IDs was done." > > > > > > > > > > I am positive that the password for root was correct (I tried this > > many > > > > > times, rebooted and everything). Also I have nuked and recreated > the > > > > > machine account many times now, and it always says the same thing. > > > > > > > > > > If anyone knows what causes this error please let me know, I really > > need > > > > to > > > > > get win2k machines on the domain asap... > > > > > > > > > > Thanks, > > > > > Stokes > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From armand at welshhome.org Thu Jan 11 03:20:09 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:00 2003 Subject: Virus scanner for samba file server References: <001201c078a0$de3a5840$15559a89@zeus> Message-ID: <003901c07b7d$732aff20$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* well, you can have samba execute your virus scan against files when read/written to disk. This is a more advanced feature, but it can be done. ----- Original Message ----- From: "Makis Marmaridis" To: "'Martin Radford'" Cc: Sent: Sunday, January 07, 2001 3:56 AM Subject: RE: Virus scanner for samba file server > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > > > Where I work, we use GNU wget to mirror the appropriate directories > > from McAfee's FTP server to a local server, > > This sounds like a good idea especially if you have a lot of clients that > rely on those updates. > > > > > To move back on topic, we also use those files to update the .dat > > files on our samba servers - we have no guarantee that all the clients > > have up-to-date anti-virus software installed (one of the problems of > > working in a university where much of the IT support is devolved to > > the departments). > > I can relate to that! I work at a university as well... > The situation I was referring to though in my original email was with > respect to a tight lab environment where one can make sure that all the > clients run the same version of the antivirus program. > > > > > The only issue is that the Unix-based scanning is not on-access (as it > > would be on Windows), but instead is a job that has to be scheduled. > > > > Very true, this is where the antivirus program on the client machines proves > useful! > > Cheers, > Makis. > > > From armand at welshhome.org Thu Jan 11 03:22:58 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:00 2003 Subject: The procedure number is out of range error References: Message-ID: <004501c07b7d$d38b3ce0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* hehe, except the psychic part, where your supposed to download the latest cvs. :) Check out the samba docs on downloading cvs source, and try again. ----- Original Message ----- From: "Ed Jackson" To: ; Sent: Wednesday, January 10, 2001 4:30 PM Subject: The procedure number is out of range error > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Pak (and group), Was the issue of receiving the error "the procedure number > is out of range" get resolved? (see link for original posting). > > http://samba.cadcamlab.org/lists/samba-ntdom/Nov2000/00340.html > > I'm hitting the same error with 2.0.7 samba PDC and win2k workstation. > > I thought I follwed all of the FAQs/README's > > Thanks for any help provided - Ed > > > From slu at firerun.net Thu Jan 11 04:52:17 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:00 2003 Subject: Dos/win3.11 with samba 2.2 Message-ID: <3A5D3C01.17C0DD56@firerun.net> Hello all, I was wondering if something has happened with support for dos clients in samba 2.2? I have a samba 2.2 PDC setup on my network providing authentication to other samba 2.2 servers. I have a floppy setup for disk imaging which is using dos tcp/ip and win3.11 network drivers to map a drive to my Linux raid machine. When the floppy is fully booted and logged onto the network I do a directory listing and no files or directory's show up, even though while in the shared path on the linux box there are several files/dir's there. I checked to see if the map hidden was set in the smb.conf file and it was not. So needless to say I am stumped on this one. Also when I am in the imaging program I can create a directory with the same name as the one that exits, and the files in that directory will become visible, until I change to the parent directory in which case the newly created directory disappears. Any Ideas on this one? Patrick From gcarter at valinux.com Thu Jan 11 04:21:15 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:00 2003 Subject: Couldn't find References: <3A5CD834.F948399F@eng.buffalo.edu> Message-ID: <3A5D34BB.77E44ED8@valinux.com> "Phillip E. Ganze" wrote: > > 'Couldn't find ' > I get this for each printer. Below is how I > have my printing configured in smb.conf > > [global] > load printers = yes > printcap name = lpstat > printing = sysv > [printers] > comment = All Printers > path = /var/spool/samba/tmp > browseable = no > # Set public = yes to allow user 'guest account' to print > guest ok = no > writable = no > printable = yes Hmmm...That string doesn't show up exactly in the SAMBA_2_2 source code. However, I'll take a blind guess. 'load printers' says to create shares from all the printers in /etc/printcap (since you also have a [printers] defined. Now you do not have a 'printer name' parameter defined for the [printers] share so each dynamically created share assigns that value of the service to the 'printer name' parameter for you. Perhaps you could follow up on this line of thinking and pinpoint the exact root of the message. CHeers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Thu Jan 11 04:44:33 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:00 2003 Subject: Profiles, roaming and roving profiles References: <243076630.979042750460.JavaMail.ctrlsoft@dds.nl> Message-ID: <3A5D3A31.6E798FB4@valinux.com> ctrlsoft@dds.nl wrote: > > Hi, > > I have been reading the samba site and the docs. Everything > works fine here, except I get the message 'Couldn't load > your profile' when trying to log in. > > What is the difference between 'profiles','roaming > profiles' and 'roving profiles' and which are supported by > samba? a profile is a collection of user settings, such as HKCU, desktop icons, foldes, etc... A roaming (or roving profile) is one which is stored centrally on a network server for a domain user and downloaded to a desktop client upon logon. Samba can be used to store roaming profiles. -- Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From barth at cck.uni-kl.de Thu Jan 11 08:07:59 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:00 2003 Subject: Office 2000 documents and Samba In-Reply-To: <007d01c07b4b$45bd2040$8122050a@cpf.navy.mil> Message-ID: <3A5D77EF.21629.4AEBF6@localhost> > I'm only guessing but, could this be a permissions problem? It may also be a locking-problem. MS-Error messages are not that good ... Christian _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From barth at cck.uni-kl.de Thu Jan 11 08:14:59 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:33:00 2003 Subject: Dos/win3.11 with samba 2.2 In-Reply-To: <3A5D3C01.17C0DD56@firerun.net> Message-ID: <3A5D7993.26458.5152B9@localhost> > Any Ideas on this one? No ideas, but similar problems. Reported to samba@samba.org at 27.11.00: Subject: Samba 2.2.0 and MS-Client 3.0: Bug in Directory-Listing? From: Christian Barth Date: 2000-11-27 19:32:44 Hello! We are currently doing some tests with samba 2.2.0 using the cvs of 10.11.00 (I know that's not really current, but all w2K-stuff seams to work and I havn't read reports like this before): Wenn connecting form samba 2.2.0 (on Redhat 6.2) to a DOS 6.1 PC running MS-Client 3.0 the connection works fine. But doing a "dir" on the dos box only some of the files and not alle are displayed. In one case only 6 of about 40. I can't see any system behind the files being displayed. This set-up works with samba 2.0.7 and basicly the same smb.conf. As MS-Client 3.0 seems to be a summary of drivers, here are the Version recorded during startup: MS NE2000 NDIS Driver 2.0 Microsoft DOS TCP/IP Protocol Driver 1.0a Microsoft DOS TCP/IP NEMM Driver 1.0 MS-DOS LAN Manager v2.1 Netbind Christian _______________________________________________________________________ In a world without walls and fences, who needs windows and gates? (SUN) From ctrlsoft at dds.nl Thu Jan 11 09:03:16 2001 From: ctrlsoft at dds.nl (ctrlsoft@dds.nl) Date: Tue Dec 2 02:33:00 2003 Subject: Profiles Message-ID: <243030419.979203796915.JavaMail.ctrlsoft@dds.nl> >> I have been reading the samba site and the docs. Everything >> works fine here, except I get the message 'Couldn't load >> your profile' when trying to log in. >> >> What is the difference between 'profiles','roaming >> profiles' and 'roving profiles' and which are supported by >> samba? > >a profile is a collection of user settings, such as >HKCU, desktop icons, foldes, etc... A roaming (or roving >profile) is one which is stored centrally on a network >server for a domain user and downloaded to a desktop >client upon logon. > >Samba can be used to store roaming profiles. I now have got my MySQL authorization add-on working perfectly, I only get the message 'Can't load your profile' after I am authorized and my logon script is executed. I already read the profiles.TXT file, but it's not very clear and didn't gave me any solution. Jelmer From rodolphe.kapouyan at wanadoo.fr Thu Jan 11 14:57:59 2001 From: rodolphe.kapouyan at wanadoo.fr (Rodolphe Kapouyan) Date: Tue Dec 2 02:33:00 2003 Subject: user access control Message-ID: <005e01c07bde$e37f2290$3266a8c0@cref.fr> Hello , i m' seting up a pdc with samba 2.0.7 , i known that this release isn't able to provide the user list which for the user acces control under W95 , but i can't find if The 2.2.x (alpha) is able to do this. if someone known something about this .... Perhaps TNG is able to do this , but I can't find anything more ,then ..... thanks a lot have fun -------------- next part -------------- HTML attachment scrubbed and removed From WoodJ at metatec.com Thu Jan 11 15:24:47 2001 From: WoodJ at metatec.com (Wood, Jeremy) Date: Tue Dec 2 02:33:00 2003 Subject: Passwd Problem Solved Message-ID: <2942C1A0B909B24CB7330E4FC6B7D2AE2AB9@exchange01.dublin.metatec.com> It is working correctly now. Thanks to all who helped! I really appreciate it! Jeremy Wood Server Technologist Metatec International, Inc 614.761.2000 ext 4511 woodj@metatec.com "[quote removed because of complaints... yes really]" From smerrill at svfc.org Thu Jan 11 15:38:41 2001 From: smerrill at svfc.org (Scott Merrill) Date: Tue Dec 2 02:33:00 2003 Subject: Current Development Updates? Message-ID: <002a01c07be4$94083660$4e0a0a0a@svfc.org> I'm dealing with a software vendor who makes a Windows application that requires NT domain authentication. They're a little dodgy about our use of Samba for domain controllers, and I'd like to be able to provide some specific information to them about where things stand. This software vendor wants us to use Windows 2000 for their application server. As I understand it, Samba can't adequately support a Windows 2000 member server in the domain yet. We don't need full group enumeration, or trust relationships, or any of that. All I need is for a Windows 2000 member server to be able to integrate into our domain (which has an even number of characters in its name!). http://us4.samba.org/samba/development.html suggests that Windows 2000 domain integration won't happen until Samba 3.0. But all the traffic on this list involves people getting the 2.2 CVS version to integrate with Windows 2000 servers. Are we all jumping the gun with 2.2, or are the Samba web pages slightly out of date in regards to proposed features for 2.2? I know there was a big brouhaha awhile back about getting more specific timelines. I'm not after anything of the sort - I can patiently wait until it's done. I'm just looking to provide _correct_ development information to my software vendor so that they can be a little more comfortable with our use of Samba. Thanks very much! Scott From armand at welshhome.org Thu Jan 11 15:58:54 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:00 2003 Subject: Dos/win3.11 with samba 2.2 References: <3A5D3C01.17C0DD56@firerun.net> Message-ID: <005101c07be7$6a3e8d40$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* Sounds more like a permissions problem. Does the directory have execute permissions as well as read permissions? I know it sounds kind of basic, but it's always worth double checking your filesystem permissions, and also verify if you use the force user or force group option. This may also cause an issue. If all is set correctly, from the parent directory, try a ( DIR /AH ) to view all hidden files, this will verify if the directory is hidden, you might also want to try (DIR /AD) to list all directories, regardless of the other attributes. It's possible the problem could have to do with some code page issues, but I doubt it, since you can get in the directory, you just can't SEE the directory. Did you try to CD into the directory, even though you can't see it? If you can, then it's definately hidden... ----- Original Message ----- From: "Patrick" To: Sent: Wednesday, January 10, 2001 8:52 PM Subject: Dos/win3.11 with samba 2.2 > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hello all, > > I was wondering if something has happened with support for dos > clients in samba 2.2? I have a samba 2.2 PDC setup on my network > providing authentication to other samba 2.2 servers. I have a floppy > setup for disk imaging which is using dos tcp/ip and win3.11 network > drivers to map a drive to my Linux raid machine. When the floppy is > fully booted and logged onto the network I do a directory listing and no > > files or directory's show up, even though while in the shared path on > the linux box there are several files/dir's there. I checked to see if > the map hidden was set in the smb.conf file and it was not. So needless > > to say I am stumped on this one. Also when I am in the imaging program > > I can create a directory with the same name as the one that exits, and > the files in that directory will become visible, until I change to the > parent directory in which case the newly created directory disappears. > > Any Ideas on this one? > > Patrick > > > > > From Christian_Kremer at KirchGruppe.DE Thu Jan 11 16:13:13 2001 From: Christian_Kremer at KirchGruppe.DE (Kremer, Christian) Date: Tue Dec 2 02:33:00 2003 Subject: AW: Dos/win3.11 with samba 2.2 Message-ID: Hi to all - Hi Patrick, I?m wondering for a long time how I?m getting my DOS-Client into my Samba-PDC network. As I can read, you?ve done this successfully. Could you give me some hints? My Network has a Samba 2.0.7 PDC. When I do manage it to work, I could also try it in my testing-enviroment (wich has a Samab 2.2.0 alpha1 PDC). Thanks for your help. Christian -----Urspr?ngliche Nachricht----- Von: Patrick [mailto:slu@firerun.net] Gesendet: Donnerstag, 11. Januar 2001 05:52 An: samba-ntdom@us5.samba.org Betreff: Dos/win3.11 with samba 2.2 Hello all, I was wondering if something has happened with support for dos clients in samba 2.2? I have a samba 2.2 PDC setup on my network providing authentication to other samba 2.2 servers. I have a floppy setup for disk imaging which is using dos tcp/ip and win3.11 network drivers to map a drive to my Linux raid machine. When the floppy is fully booted and logged onto the network I do a directory listing and no files or directory's show up, even though while in the shared path on the linux box there are several files/dir's there. I checked to see if the map hidden was set in the smb.conf file and it was not. So needless to say I am stumped on this one. Also when I am in the imaging program I can create a directory with the same name as the one that exits, and the files in that directory will become visible, until I change to the parent directory in which case the newly created directory disappears. Any Ideas on this one? Patrick -------------- next part -------------- HTML attachment scrubbed and removed From armand at welshhome.org Thu Jan 11 16:17:26 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:00 2003 Subject: Profiles, roaming and roving profiles References: <243076630.979042750460.JavaMail.ctrlsoft@dds.nl> Message-ID: <006b01c07bea$0c2c7de0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* there are essentially three types of profiles for NT Local, Roaming, & Mandatory Microsoft defines them as: (see Microsoft KnowledgeBase articles Q161334, Q185587, Q185588, Q185589, Q158590,Q185591 - Guide To Windows NT 4.0 Profiles and Policies (Parts 1-6) ) Local Profile A local profile is specific to a computer. A user who has a local profile on a particular computer can gain access to that profile only while logged on to that computer. Roaming Profile A roaming profile is stored on a network share and can be accessed from any computer. A user who has a roaming profile can log on to any computer for which that profile is valid and access the profile. (Note that a profile is only valid on the platform for which it was created-for example, a Windows NT 4.0 profile cannot be used on a Windows 95 computer.) Mandatory Profile A mandatory profile is a preconfigured roaming profile that the user cannot change. In most cases, these are assigned to a person or a group of people for whom a common interface and standard configuration is required. A Roaving profile doesn't exist. So I can't tell you what samba defines it as. ----- Original Message ----- From: To: Sent: Tuesday, January 09, 2001 4:19 AM Subject: Profiles, roaming and roving profiles > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Hi, > > I have been reading the samba site and the docs. Everything > works fine here, except I get the message 'Couldn't load > your profile' when trying to log in. > > What is the difference between 'profiles','roaming > profiles' and 'roving profiles' and which are supported by > samba? > > Jelmer > > > From alex at fatal.cz Thu Jan 11 16:39:39 2001 From: alex at fatal.cz (Alexandr Falta) Date: Tue Dec 2 02:33:00 2003 Subject: Profiles, roaming and roving profiles References: <243076630.979042750460.JavaMail.ctrlsoft@dds.nl> <3A5D3A31.6E798FB4@valinux.com> Message-ID: <3A5DE1CB.8214DA43@fatal.cz> Gerald Carter wrote: > > ctrlsoft@dds.nl wrote: > > > > Hi, > > > > I have been reading the samba site and the docs. Everything > > works fine here, except I get the message 'Couldn't load > > your profile' when trying to log in. > > mee too :-( > a profile is a collection of user settings, such as > HKCU, desktop icons, foldes, etc... A roaming (or roving > profile) is one which is stored centrally on a network > server for a domain user and downloaded to a desktop > client upon logon. > > Samba can be used to store roaming profiles. so, what about storing and retreiving roaming profiles to/from samba server? I'm using samba 2.0.7, everything works fine except roaming profiles. My samba server is connected at 100Mbps ethernet, has fast UW SCSI disk, etc., but it's slow to deliver profile to workstation (NT4). Logons are slow as unusable, many times I can see on workstation something like "Cannot load your roaming profile, trying to login with cached local copy" I've tried to move PDC to old PC running as NT4 server (133MHz Pentium, old slow IDE disk, 10Mbps ethernet), there was no problem, everything works. I think the problem is in my samba, could anybody help me how to optimize SMB to use for profiles? many thanks alex FYI: My test network is small LAN with 16 workstations. From armand at welshhome.org Thu Jan 11 16:54:15 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:00 2003 Subject: win2K and RH6.2 References: Message-ID: <007701c07bef$511b55c0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* Share logon, only needs a password by definition, to access a shared resource, where domain logon, verfies users against a domain controller. Essentially, in a share logon state, the username is trusted. When a user logs into a network, the network trusts that the user is valid, not requiring a password check to authenticate the user. Any authentication that exists is handled only by the client, if any. Only when a share is accessed is there a need for password checks. The user is considered trusted, so the only thing needed is the password for the share, which is almost always, NOT THE SAME as the user's password. but rather dependant on the share or the server hosting the share. If that is a windows machine, then username/password authentication is used on the share. If it's win9x/win3.11 then it's a single password assigned to the share, and if it's samba it's handled however samba wants to handle it. from smb.conf man page: When clients connect to a share level security server then need not log onto the server with a valid username and password before attempting to connect to a shared resource (although modern clients such as Windows 95/98 and Windows NT will send a logon request with a username but no pass? word when talking to a security=share server). Instead, the clients send authentication informa? tion (passwords) on a per-share basis, at the time they attempt to connect to that share. Note that smbd *ALWAYS* uses a valid UNIX user to act on behalf of the client, even in "secu? rity=share" level security. As clients are not required to send a username to the server in share level security, smbd uses sev? eral techniques to determine the correct UNIX user to use on behalf of the client. A list of possible UNIX usernames to match with the given client password is constructed using the fol? lowing methods : o If the "guest only" parameter is set, then all the other stages are missed and only the "guest account" username is checked. o Is a username is sent with the share connection request, then this username (after mapping - see "username map"), is added as a potential username. o If the client did a previous "logon" request (the SessionSetup SMB call) then the username sent in this SMB will be added as a potential username. o The name of the service the client requested is added as a potential username. o The NetBIOS name of the client is added to the list as a potential username. o Any users on the "user" list are added as potential usernames. If the "guest only" parameter is not set, then this list is then tried with the supplied password. The first user for whom the password matches will be used as the UNIX user. If the "guest only" parameter is set, or no user? name can be determined then if the share is marked as available to the "guest account", then this guest user will be used, otherwise access is denied. Note that it can be *very* confusing in share-level security as to which UNIX username will eventually be used in granting access. ----- Original Message ----- From: "David Hemingway" To: "Hazen Valliant-Saunders" ; Sent: Monday, January 08, 2001 11:00 AM Subject: RE: win2K and RH6.2 > >From this I gather that my win2k server (2000SERVER) is the pdc. > > The diference between domain and share logon - I'm not sure but i use the > follow to access a directory on the 2000Server. > smbmount //2000server/dir /mnt/dir -U admin -P passwd > From armand at welshhome.org Thu Jan 11 16:59:41 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:00 2003 Subject: Can Samba 2.2 mount an administrative share from a local administrators account? References: Message-ID: <007b01c07bef$e6619950$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* the problem is two fold I beleive. First there is a bug in samba, that won't allow winnt/2k machines to share resources to other machines, when they obtain their security info from a samba pdc. Second, the trusts aren't finished yet. the work around, is to do the following in your script: net use x: \\server\c$ password /USER:server\localadmin this should work. ----- Original Message ----- From: To: Cc: Sent: Monday, January 08, 2001 2:24 AM Subject: Can Samba 2.2 mount an administrative share from a local administrators account? *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi all, we have a serious problem with a samba 2.2 PDC installation which could force us to switch over to a W2K-Server :-((( and therefore I would like to know wether we misconfigured something or if this happens due to general limitations of the PDC-simulation capabilities of samba 2.2: When we login to the local administrator account of a NT4 Workstation which is member of a samba 2.2 controlled domain and try to access the administrative share of another NT4 Workstation in this domain, we shouldn?t be prompted for a password when the local administrator accounts passwords are the same on both machines. But we *are* prompted for the password which makes it impossible for our new "distribute software over the network automaticaly to all machines" system to do its job. Using the domain administrator account instead doesn?t work too. Is it possible to get this running somehow with an actual or upcoming (when?) version of samba 2.2??? Thanks in advance! Regards Christoph ---------------------------------------------------------------------------- ---------------------------- Christoph Peus Tel: 02302 669212 Universitaet Witten/Herdecke Fax: 02302 669388 Bereich Informationstechnologie (BIT) E-Mail: cp@uni-wh.de ---------------------------------------------------------------------------- ---------------------------- From armand at welshhome.org Thu Jan 11 17:02:41 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:00 2003 Subject: Samba as a 2000 Server References: <3A5B7186.515A43D8@flashmail.com> Message-ID: <008f01c07bf0$51da91a0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* you mean as an active directory server? ----- Original Message ----- From: "Tomas Maly" To: ; Sent: Tuesday, January 09, 2001 12:16 PM Subject: Samba as a 2000 Server > *This message was transferred with a trial version of CommuniGate(tm) Pro* > What exactly would be needed to implement Samba (head or TNG) to act as > a native NT 5 (2000) Server? I was just wondering what the status of the > work on that, as well as what would need to be implemented (and how to > make sure the 2000 machines know the Samba server is a 2000 server > versus an NT server) to make that work. Not that I think it's gonna > happen, I'm just wondering what would be needed. I know at least that > there is DFS, LDAP, and Kerberos 5 in 2000 versus NT....And I know MS > has add some proprietary code/implementation with Krb5 and LDAP as > well....I was just wondering if it's intended to be implemented, that's > all. > > -- > Tomas Maly > "IT Freak" > MontaVista Software > (408) 328-8429 > tmaly@mvista.com > > From martin at zamenhof.demon.co.uk Thu Jan 11 17:03:57 2001 From: martin at zamenhof.demon.co.uk (Martin Radford) Date: Tue Dec 2 02:33:00 2003 Subject: Profiles, roaming and roving profiles In-Reply-To: <006b01c07bea$0c2c7de0$12324d90@pimco.com> from "Armand Welsh" at Jan 11, 2001 08:17:26 AM Message-ID: <200101111703.RAA32482@zamenhof.demon.co.uk> > > What is the difference between 'profiles','roaming > > profiles' and 'roving profiles' and which are supported by > > samba? > > A Roaving profile doesn't exist. So I can't tell you what samba defines it > as. An altavista search for: +roving +host:support.microsoft.com reveals that "roving profiles" do indeed exist. However, it seems that Microsoft only use the term when referring to Windows 95. The terms "roving profiles" and "roaming profiles" are synonymous (but "roving" tends to be used for Win95 only). Martin -- Martin Radford | "Only wimps use tape backup: _real_ martin@zamenhof.demon.co.uk | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V From armand at welshhome.org Thu Jan 11 17:10:02 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:00 2003 Subject: Samba as a 2000 Server References: <3A5B7186.515A43D8@flashmail.com> Message-ID: <009301c07bf1$5c49d050$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* TNG is where to look. Samba is not likely to implement Active Directory support for a while. ----- Original Message ----- From: "Tomas Maly" To: ; Sent: Tuesday, January 09, 2001 12:16 PM Subject: Samba as a 2000 Server > *This message was transferred with a trial version of CommuniGate(tm) Pro* > What exactly would be needed to implement Samba (head or TNG) to act as > a native NT 5 (2000) Server? I was just wondering what the status of the > work on that, as well as what would need to be implemented (and how to > make sure the 2000 machines know the Samba server is a 2000 server > versus an NT server) to make that work. Not that I think it's gonna > happen, I'm just wondering what would be needed. I know at least that > there is DFS, LDAP, and Kerberos 5 in 2000 versus NT....And I know MS > has add some proprietary code/implementation with Krb5 and LDAP as > well....I was just wondering if it's intended to be implemented, that's > all. > > -- > Tomas Maly > "IT Freak" > MontaVista Software > (408) 328-8429 > tmaly@mvista.com > > From bgmilne at cae.co.za Thu Jan 11 17:26:56 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:00 2003 Subject: Profiles, roaming and roving profiles References: <243076630.979042750460.JavaMail.ctrlsoft@dds.nl> <3A5D3A31.6E798FB4@valinux.com> <3A5DE1CB.8214DA43@fatal.cz> Message-ID: <3A5DECE0.F7E74510@cae.co.za> > so, what about storing and retreiving roaming profiles to/from samba > server? > > I'm using samba 2.0.7, everything works fine except roaming profiles. My > samba server is connected at 100Mbps ethernet, has fast UW SCSI disk, > etc., but it's slow to deliver profile to workstation (NT4). Logons are > slow as unusable, many times I can see on workstation something like > "Cannot load your roaming profile, trying to login with cached local > copy" > > I've tried to move PDC to old PC running as NT4 server (133MHz Pentium, > old slow IDE disk, 10Mbps ethernet), there was no problem, everything > works. > I think the problem is in my samba, could anybody help me how to > optimize SMB to use for profiles? > How big are the profiles ? If you have users running Outlook and IE (mozilla is also at fault here), and don't take specific actions to ensure that the profile remains small (like moving the outlook.pst to a local place and setting NT to ignore Temp Internet Files) profiles can get very large. Also relating to profiles, we seem to have our profiles not updating. If I have removed icons etc from my desktop, and then log into another machine, I get the old items back (even if removing them from the copy in the netlogon share while I am logged out). Also, has someone got a solution to the localized shortcuts problem (where shortcuts made on another machine don't work)? Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From simo.sorce at polimi.it Thu Jan 11 17:29:34 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:00 2003 Subject: Profiles, roaming and roving profiles In-Reply-To: <3A5DECE0.F7E74510@cae.co.za> Message-ID: Configure your machines to not cache roaming profiles, it is the better choice. On Thu, 11 Jan 2001, Buchan Milne wrote: > > > > > so, what about storing and retreiving roaming profiles to/from samba > > server? > > > > I'm using samba 2.0.7, everything works fine except roaming profiles. My > > samba server is connected at 100Mbps ethernet, has fast UW SCSI disk, > > etc., but it's slow to deliver profile to workstation (NT4). Logons are > > slow as unusable, many times I can see on workstation something like > > "Cannot load your roaming profile, trying to login with cached local > > copy" > > > > I've tried to move PDC to old PC running as NT4 server (133MHz Pentium, > > old slow IDE disk, 10Mbps ethernet), there was no problem, everything > > works. > > I think the problem is in my samba, could anybody help me how to > > optimize SMB to use for profiles? > > > > How big are the profiles ? If you have users running Outlook and IE > (mozilla is also at fault here), and don't take specific actions to > ensure that the profile remains small (like moving the outlook.pst to a > local place and setting NT to ignore Temp Internet Files) profiles can > get very large. > > Also relating to profiles, we seem to have our profiles not updating. If > I have removed icons etc from my desktop, and then log into another > machine, I get the old items back (even if removing them from the copy > in the netlogon share while I am logged out). > > Also, has someone got a solution to the localized shortcuts problem > (where shortcuts made on another machine don't work)? > > Buchan > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From armand at welshhome.org Thu Jan 11 18:11:20 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: samba authentication References: <20010110085446.35290D0AC@insideout.mobilenews.ch> Message-ID: <009d01c07bf9$f87452e0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* upgrade to the latest CVS. this is a known problem, that has been resolved in the CVS. ----- Original Message ----- From: "Petter Abrahamsson" To: "Roman, James (J.D.)" Cc: "'Armand Welsh'" ; ; "Samba-Ntdom (E-mail)" Sent: Wednesday, January 10, 2001 12:54 AM Subject: RE: samba authentication > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hi, > > I'm having the same kind of problem with our office system. I just > recently switched over to Samba 2.0.7 from having been using NT Server > 4.0. The NT machine was setup to be PDC at installation and since > (correct me if I'm wrong) it can't be set to be a backup domain > controller without reinstalling NT, it was set to a new domain and the > Samba server was setup to be PDC, using the old domain name from the NT > server. All users are using Windows 98 to login and they too, usually > have to try several times before they are logged in. > Is it possible that there is some sort of conflict between the NT server > and the Samba server? > Or maybe I've missed some important step in the configuration. Here's > the smb.conf > > [global] > workgroup = MNC > server string = Samba Server %v > hosts allow = 192.168.0. 127. > printcap name = lpstat > load printers = yes > printing = cups > log file = /var/log/samba/log.%m > max log size = 50 > security = user > encrypt passwords = yes > smb passwd file = /etc/samba/private/smbpasswd > os level = 65 > domain logons = yes > logon script = scripts\%U.bat > wins support = yes > name resolve order = wins lmhosts bcast > dns proxy = no > domain master = yes > domain admin group = @smbadmin > status = yes > > I skipped the shares and the printers here. > > Thankful for any help I can get. I would prefer to solve this problem > rather than switching back to using NT. > Thanks in advance > > /petter > > On 09 Jan 2001 14:55:26 -0500, Roman, James (J.D.) wrote: > > > Possibly a shot in the dark, but see if you have restrict anonymous = true, > > if so try setting it to false and see if that fixes the problem. > > > > -----Original Message----- > > From: Armand Welsh [mailto:armand@welshhome.org] > > Sent: Wednesday, January 03, 2001 4:58 PM > > To: ashamril@aurallix.com; Samba-Ntdom (E-mail) > > Subject: Re: samba authentication > > > > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > I had this problem too, with 2.0.6, and 2.0.7, I use the HEAD cvs and it > > work Perfect for authentication... > > > > ----- Original Message ----- > > From: "Ami Shamril" > > To: "Samba-Ntdom (E-mail)" > > Sent: Tuesday, January 02, 2001 11:50 PM > > Subject: samba authentication > > > > > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > > > > > Hi... > > > I've successfully configured samba 2.0.6 (RH6.2) as a PDC. > > > All my users (Win9X) can log into the server. > > > But there is one problem... sometimes we must enter at least 3 times the > > > password b4 the server authenticated it. > > > 1st & 2nd time the error is password not correct.... Even we key in the > > > correct password. For the 3rd time normally ok... > > > Anybody have the same problem... > > > Please advise > > > TQ in advance. > > > > > > > > > > > > > > > > > > > -- > \|/ > (* *) > ----------oo0--(_)--0oo--------------------------------- > Petter Abrahamsson Petter.Abrahamsson@mobilenews.ch > Mobile News Channel http://www.mobilenews.ch > -------------------------------------------------------- > > From armand at welshhome.org Thu Jan 11 18:15:24 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Samba2.2, W2000 and WindowsME References: <3A5C9AA0.BDBD5AAF@itsd.de> Message-ID: <00a301c07bfa$7d6d4f10$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* I use Windows ME at home, with samba as my PDC, and it was identical to setting up Win9x clients. No special case here. It should all work perfectly. Make sure that, if the PDC code is working correctly, that you have the workgroup, and domain set to the same values on your winMe machines, and that you can browse the PDC. if you can, then connecting to the share should work, unless you have a security problem. What you won't be able to do is to connect to your win2k box from your windows Me clients, because of a bug, that has not been resolved yet. ----- Original Message ----- From: "Dr. Hansjoerg Maurer" To: Sent: Wednesday, January 10, 2001 9:23 AM Subject: Samba2.2, W2000 and WindowsME > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hi, > > I have installed samba2.2 as a PDC for W2K and everything works fine. > But we have some WindowsME clients and I am unable to connect to a share > of the samba server with them. (just for fileserving) > I set encrypt password to yes, otherwise W2k won't connect . > I have tried to set the registry entry in Windows ME (Plainpasswd... ) > to 0 but it doesn't help. > > Is it possible to connect to samba2.2 with WindowsME and how. > > Thanks for your great work > > > Hansjoerg > > > > -- > Dr. Hansj?rg Maurer > itsystems Deutschland AG > Linprunstr. 10 > D-80335 Muenchen > Ph/Fax +49 89 52 04 68-41/-59 > > > > > From armand at welshhome.org Thu Jan 11 18:36:31 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Passwd problems References: <2942C1A0B909B24CB7330E4FC6B7D2AE2AB6@exchange01.dublin.metatec.com> Message-ID: <00c101c07bfd$745677a0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* Set samba server to authenticate users against the domain. Set security = domain, and password server = * after changing the smb.conf file, restart smbd so that changes will take effect. Then join the domain with 'smbpasswd -j domainname -r pdc' you may need to supply the -U username, but it should not be necessary, as the machine account doesn't need to be created, and I can't remember ever doing it in the past. Setting password server = * tells samba to authenticate using ANY domain controller (PDC or BDC) that is available within the domain. setting security = domain tells samba to participate in a domain. ----- Original Message ----- From: "Wood, Jeremy" To: Sent: Wednesday, January 10, 2001 12:28 PM Subject: Passwd problems > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Hello all, > I am in a bit if a dilemma here. At my company, which is mostly M$ > based, I have been able to talk them into putting a few Linux machines into > place running Samba as file servers. Some people in the company check to > see when files have arrived on this machine by "browsing" (Network > Nieghborhood) to the Samba Server. We have recently implemented a password > policy that will be aging the domain logons every 90 days. Here's my > problem, I need to have the samba server update the smbpasswd file somehow > with the users new domain password. Most of the people that check this > server for files are barely smart enough to run windows so I can't even get > into having them SSH to the file server and fix the problem themselves. > Basically my question is: When someone changes thier NT doamin > password (say thru Ctl+Alt+Del on NT), how do I automate it so the smbpasswd > on the Samba machine is also updated? > > Jeremy Wood > Server Technologist > Metatec International, Inc > 614.761.2000 ext 4511 > woodj@metatec.com > > "[quote removed because of complaints... yes really]" > > > From ctooley at amoa.org Thu Jan 11 19:00:37 2001 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:33:01 2003 Subject: Guest Access Message-ID: <862569D1.0067EACD.00@amoa.org> I am proud to say that in this respect I know how to do something in Samba that I can't seem to make NT do. I want to give Guest access to a share. Guest meaning someone who does not have a user account and therefore is a guest of the machine. I can do this with Samba, but have not had any luck doing it in NT Server 4.0 SP6a. I realize that this is a little off topic but would like the help if anyone knows how to make this happen. I think I am doing everything the way I should but would like to see how someone else is doing to reference their approach. Thank you, Chris Tooley From mbreuer at siac.com Thu Jan 11 18:56:32 2001 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:33:01 2003 Subject: Profiles, roaming and roving profiles (longish) References: <243076630.979042750460.JavaMail.ctrlsoft@dds.nl> <006b01c07bea$0c2c7de0$12324d90@pimco.com> Message-ID: <3A5E01DC.F6DC3DE8@siac.com> Some observations about profiles... from painful experience. On W2K (perhaps NT4 as well), the nature of "local" and "roaming" differ slightly depending on whether the computer is part of a domain or workgroup, and seem to depend on proper security settings to function. FYI: These observations were made on W2K Professional... they probably apply to NT, but I can't say for sure. Workgroup: Local is the locally cached user profile, whether or not roaming is set. Roaming is a reference to a user's profile to be loaded at login, and saved at logout. The profile is cached at login to the "local" location. On W2K, that is by default c:\Documents and Settings\[.[.]]. The "roaming" location is specified in the "profile" section of the user account info, and can be a directory on the local machine. In order to function correctly, the roaming directory must provide the user "full control." By default, the roaming profile is owned by the user (problematic if copied by an administrator, but can be repaired on NT using "subinacl.exe"), with "Creator/Owner" having full control of subdirectories & files only. Additionally, and extremely important, the 'ntuser.dat' registry hive MUST have internal permissions for the user set to "full control" and also the user should be the owner of the registry. This can be done using regedt32->load hive & security options. When the default location for the profile is used, W2K will assume that the directory is a local profile for the user (cache or otherwise) if the above noted permissions are set. If they're not set, W2K creates the .... profile. If that too is existing, then a new profile is created with a sequence number extension. In the event that the roaming profile's permissions are not correct, it is possible to create the local cache, but not be able to properly access it, or save when logging off. Many weird things can happen when the permissions are not properly set. If local profiles are not cached, then it seems that a "TEMP" directory is created... although that doesn't seem to me to be consistent. Domain: Most of the domain rules seem similar to workgroup. The major exception is that all machines accessing the roaming profile MUST have the same SID for the user across the domain. A local account with the same name may or may not exist... where things get screwy is that the local account can reference the same roaming profile. Most likely with insufficient permissions. This can happen if you first log into the W2K box on the domain, and then create a local account with the same username. The first time you log in locally, an attempt will be made to use the locally cached profile of the domain login... assuming it was created without the "domain" suffix. Conversly, if you first log in locally and then log into the domain, the reverse is true. Either way, things are not necessarily good. As far as I can tell, the best way to deal with this is either turn off local caching (bad for laptops & dial-up), or make certain that the profile without the suffix is properly permissioned and not accessible at all to the other logon. Note, if you're talking about the domain administrator account, this seems rather difficult to accomplish. Alternatively, when logged in with a different administrative account, you can create a dummy entry for the user's local profile before the first login. Then deny all access to the folder for that user. To do this for administrator, you have to create a second administrative account. I suspect that using the "subinacl.exe" utility this process could be automated. Note that by expanding permissions, it is possible to share a local and domain (roaming) profile between the two SID's (both must have full control of the profile directory and registry contained within). I can't say this is a good idea, but it does work. Lastly, the roaming profile can reside on ANY machine to which the account (and machine) have access... including the local machine. This "feature" can be used to repair damaged profiles. Just copy the cached (damaged) profile to some other place on the machine... I use c:\documents and settings\.old. Then, fix up the profile... subinacl, regedt32, whatever. Delete the locally cached profile, and set the roaming profile to the fixed profile. A new local profile will be cached (created) from the repaired version. You can then reset the roaming profile settings to the PDC (samba server?), or any other place... or you can change to a local profile. Armand Welsh wrote: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > there are essentially three types of profiles for NT > > Local, Roaming, & Mandatory > > Microsoft defines them as: > (see Microsoft KnowledgeBase articles Q161334, Q185587, Q185588, Q185589, > Q158590,Q185591 - Guide To Windows NT 4.0 Profiles and Policies (Parts > 1-6) ) > > Local Profile > A local profile is specific to a computer. A user who has a local profile > on a particular computer can gain access to that profile only while logged > on to that computer. > > Roaming Profile > A roaming profile is stored on a network share and can be accessed from > any computer. A user who has a roaming profile can log on to any computer > for which that profile is valid and access the profile. (Note that a > profile is only valid on the platform for which it was created-for > example, a Windows NT 4.0 profile cannot be used on a Windows 95 > computer.) > > Mandatory Profile > A mandatory profile is a preconfigured roaming profile that the user > cannot change. In most cases, these are assigned to a person or a group of > people for whom a common interface and standard configuration is required. > > A Roaving profile doesn't exist. So I can't tell you what samba defines it > as. > ----- Original Message ----- > From: > To: > Sent: Tuesday, January 09, 2001 4:19 AM > Subject: Profiles, roaming and roving profiles > > > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > > > Hi, > > > > I have been reading the samba site and the docs. Everything > > works fine here, except I get the message 'Couldn't load > > your profile' when trying to log in. > > > > What is the difference between 'profiles','roaming > > profiles' and 'roving profiles' and which are supported by > > samba? > > > > Jelmer > > > > > > From armand at welshhome.org Thu Jan 11 19:12:30 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: can't find service References: <003001c07b44$a7146c60$8033a8c0@Atlantes.com> Message-ID: <00cd01c07c02$78417b30$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* shouldn't the map to guest = Bad Password, be changed to map to guest = Bad User? Otherwise, any invalid login, even for known users will be considered guests. this can really screw with you if you simply mistyped your password.... set 'guest account = nobody' or other user with restricted access, so that you can manage sercurity on the file system, OR use the 'force user = username' option and 'force group = groupname' option to access the file system as the specified user and group (this second option, I usually use, to control user/group ownership in my public directories making public directories truely public). guest only (S) If this parameter is ?yes? for a service, then only guest connections to the service are permitted. This parameter will have no affect if "guest ok" or "public" is not set for the service. This tell me that, if you use 'public = yes' or 'guest ok = yes' (synonymous commands) then non-authenticated users can access the share. Therefore, the line 'guest only = yes' and the description from the man file, leaves me to deduce that only guest users are valid. non-guest users are not allowed access. This behavior is optional, as you don't need this paramater. It would be equivalent to assigning an nt share as "Everyone , domain users " ----how I would adddress this---- # chmod 0777 /usr/local/samba/public_folder edit /etc/smb.conf to look like this: [global] workgroup = MY_DOMAIN security = domain password server = * server string = Samba SMB file server map to guest = Bad User encrypt passwords = yes smb passwd file = /etc/smbpasswd [public_folder] path = /usr/local/samba/public_folder guest ok = yes force user = ftp force group = ftp writable = yes browsable = yes printable = no create mask = 777 directory mask = 777 > > # FYI: samba log /var/log/smblogs > # > > debug level = 1 > > # Global parameters > [global] > workgroup = *nameofNTdomain* > security = domain > password server = *nameofmypasswordserver* > server string = FreeBSD Samba 2.0.5 > map to guest = Bad Password > > encrypt passwords = yes > smb passwd file = /etc/smbpasswd > log file = /var/log/smblogs > log level = 2 > ; Max log size in KB > max log size = 5000 > [public_folder] > path = /usr/local/samba/public_folder > public = yes > only guest = yes > writable = yes > printable = no > create mask = 777 > directory mask = 777 From armand at welshhome.org Thu Jan 11 19:14:25 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: user access control References: <005e01c07bde$e37f2290$3266a8c0@cref.fr> Message-ID: <00db01c07c02$bd483a20$12324d90@pimco.com> from my experience, I can not get samba to provide the user list to windows clients. It will work in the future. ----- Original Message ----- From: Rodolphe Kapouyan To: samba-ntdom@lists.samba.org Sent: Thursday, January 11, 2001 6:57 AM Subject: user access control Hello , i m' seting up a pdc with samba 2.0.7 , i known that this release isn't able to provide the user list which for the user acces control under W95 , but i can't find if The 2.2.x (alpha) is able to do this. if someone known something about this .... Perhaps TNG is able to do this , but I can't find anything more ,then ..... thanks a lot have fun -------------- next part -------------- HTML attachment scrubbed and removed From anders at cwd.no Thu Jan 11 19:16:29 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:33:01 2003 Subject: Guest Access In-Reply-To: <862569D1.0067EACD.00@amoa.org> Message-ID: <000c01c07c03$0082eba0$3202a8c0@thorsen.dhs.org> I belive this is implemented on WinNT by enabling the guest account, which the user will be logged in with *if* the username supplied does not exist. same as map to guest = bad user. --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of ctooley@amoa.org Sent: Thursday, January 11, 2001 8:01 PM To: samba-ntdom@samba.org Subject: Guest Access I am proud to say that in this respect I know how to do something in Samba that I can't seem to make NT do. I want to give Guest access to a share. Guest meaning someone who does not have a user account and therefore is a guest of the machine. I can do this with Samba, but have not had any luck doing it in NT Server 4.0 SP6a. I realize that this is a little off topic but would like the help if anyone knows how to make this happen. I think I am doing everything the way I should but would like to see how someone else is doing to reference their approach. Thank you, Chris Tooley From ctooley at amoa.org Thu Jan 11 19:24:16 2001 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:33:01 2003 Subject: Guest Access Message-ID: <862569D1.006A1518.00@amoa.org> Except that with this enabled I still get the IPC$ prompt when I try to connect to \\SERVERNAME. ChrisTooley "Anders C. Thorsen" on 01/11/2001 01:16:29 PM Please respond to anders@cwd.no To: Chris Tooley/AMOA@AMOA, samba-ntdom@samba.org cc: Subject: RE: Guest Access I belive this is implemented on WinNT by enabling the guest account, which the user will be logged in with *if* the username supplied does not exist. same as map to guest = bad user. --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of ctooley@amoa.org Sent: Thursday, January 11, 2001 8:01 PM To: samba-ntdom@samba.org Subject: Guest Access I am proud to say that in this respect I know how to do something in Samba that I can't seem to make NT do. I want to give Guest access to a share. Guest meaning someone who does not have a user account and therefore is a guest of the machine. I can do this with Samba, but have not had any luck doing it in NT Server 4.0 SP6a. I realize that this is a little off topic but would like the help if anyone knows how to make this happen. I think I am doing everything the way I should but would like to see how someone else is doing to reference their approach. Thank you, Chris Tooley From armand at welshhome.org Thu Jan 11 20:43:40 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Current Development Updates? References: <002a01c07be4$94083660$4e0a0a0a@svfc.org> Message-ID: <00e101c07c0f$40953d90$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* vendors usually freak out when you are doing something they know nothing about. I can't begin to tell you how many vendors insisted they had to have windows NT4.0 or 2K for the application server. After jumping though all the hoops, it turned out they didn't have the terminology right. They often used the windows box a file server, from which the clients launch the client application, which in turn, usually talked to a database back end, that, more often than not, was either an MS-Access file, also stored on the server, or an SQL type database server (usually Oracle, or MS-SQL, but most any SQL server would work). We would usually, replace the SQL server with what we liked best, and move the files over to the samba server, after they left, and all worked fine, for obvious reasons. I know what you are talking about, in regards to full support, officially, I believe they are shooting for full support in 3.0, by this, I mean, the trusts should would. 2.2, will probably continue to function as it does now, but you can't do sever trusted opperations that will be available in 3.0. Perhaps we will get an OFFICIAL answer though.. :) ----- Original Message ----- From: "Scott Merrill" To: Sent: Thursday, January 11, 2001 7:38 AM Subject: Current Development Updates? > *This message was transferred with a trial version of CommuniGate(tm) Pro* > I'm dealing with a software vendor who makes a Windows application that > requires NT domain authentication. They're a little dodgy about our use of > Samba for domain controllers, and I'd like to be able to provide some > specific information to them about where things stand. > > This software vendor wants us to use Windows 2000 for their application > server. As I understand it, Samba can't adequately support a Windows 2000 > member server in the domain yet. We don't need full group enumeration, or > trust relationships, or any of that. All I need is for a Windows 2000 > member server to be able to integrate into our domain (which has an even > number of characters in its name!). > > http://us4.samba.org/samba/development.html suggests that Windows 2000 > domain integration won't happen until Samba 3.0. But all the traffic on > this list involves people getting the 2.2 CVS version to integrate with > Windows 2000 servers. Are we all jumping the gun with 2.2, or are the Samba > web pages slightly out of date in regards to proposed features for 2.2? > > I know there was a big brouhaha awhile back about getting more specific > timelines. I'm not after anything of the sort - I can patiently wait until > it's done. I'm just looking to provide _correct_ development information to > my software vendor so that they can be a little more comfortable with our > use of Samba. > > Thanks very much! > Scott > > > From armand at welshhome.org Thu Jan 11 20:57:11 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Dos/win3.11 with samba 2.2 References: Message-ID: <00f501c07c11$2b126d10$12324d90@pimco.com> AW: Dos/win3.11 with samba 2.2Take it one step at a time. 1st. get tcp/ip working. Make sure you can ping, and all those other fun things... 2nd get netbios name resoultion working, i.e., you should be able to do a ping hostname, and have it resolve to an ip address, w/o the host existing in dns. 3rd get non-domain functions working, such as browsing the network (net view) 4th now, setup your workgroup and domain, and try logging in with a domain user account. all should work. p.s., for username, you may need to specify it in the format of domain\username or domain/username 5th try browsing the servers (net view \\server) if all steps 1-5 work, your done. :) ----- Original Message ----- From: Kremer, Christian To: 'critter@rmci.net' Cc: Samba-NT4Dom (E-Mail) Sent: Thursday, January 11, 2001 8:13 AM Subject: AW: Dos/win3.11 with samba 2.2 Hi to all - Hi Patrick, I?m wondering for a long time how I?m getting my DOS-Client into my Samba-PDC network. As I can read, you?ve done this successfully. Could you give me some hints? My Network has a Samba 2.0.7 PDC. When I do manage it to work, I could also try it in my testing-enviroment (wich has a Samab 2.2.0 alpha1 PDC). Thanks for your help. Christian -----Urspr?ngliche Nachricht----- Von: Patrick [mailto:slu@firerun.net] Gesendet: Donnerstag, 11. Januar 2001 05:52 An: samba-ntdom@us5.samba.org Betreff: Dos/win3.11 with samba 2.2 Hello all, I was wondering if something has happened with support for dos clients in samba 2.2? I have a samba 2.2 PDC setup on my network providing authentication to other samba 2.2 servers. I have a floppy setup for disk imaging which is using dos tcp/ip and win3.11 network drivers to map a drive to my Linux raid machine. When the floppy is fully booted and logged onto the network I do a directory listing and no files or directory's show up, even though while in the shared path on the linux box there are several files/dir's there. I checked to see if the map hidden was set in the smb.conf file and it was not. So needless to say I am stumped on this one. Also when I am in the imaging program I can create a directory with the same name as the one that exits, and the files in that directory will become visible, until I change to the parent directory in which case the newly created directory disappears. Any Ideas on this one? Patrick -------------- next part -------------- HTML attachment scrubbed and removed From kevinc at grainsystems.com Thu Jan 11 20:57:15 2001 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:33:01 2003 Subject: Current Development Updates? References: <002a01c07be4$94083660$4e0a0a0a@svfc.org> Message-ID: <3A5E1E2B.15F774EE@grainsystems.com> Scott Merrill wrote: > > http://us4.samba.org/samba/development.html suggests that Windows 2000 > domain integration won't happen until Samba 3.0. But all the traffic on > this list involves people getting the 2.2 CVS version to integrate with > Windows 2000 servers. Are we all jumping the gun with 2.2, or are the Samba > web pages slightly out of date in regards to proposed features for 2.2? Due to overwhelming demand, supporting Win2000 domain members is/was a high priority, I think. Thus, 2.2 is being tested a lot for this feature. I doubt full trust support will appear before 3.0, but if you just need to join an existing domain with a Win2000 client and don't share anything locally from it, you might be able to squeak by with the latest 2.2 on CVS. It boils down to the fact that "Win2000 support" is not an all-or-none proposition. 2.2 has "some". If this app doesn't delve into the authentication itself too much, and you can get the Win2000 machine to join the Samba domain, there shouldn't be an issue. Try getting a Win2000 client in the domain first, and then you can evaluate whether this vendor's app requires anything beyond that. - Kevin Colby kevinc@grainsystems.com From armand at welshhome.org Thu Jan 11 20:57:15 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Dos/win3.11 with samba 2.2 References: Message-ID: <00f801c07c11$58b79b50$12324d90@pimco.com> AW: Dos/win3.11 with samba 2.2Take it one step at a time. 1st. get tcp/ip working. Make sure you can ping, and all those other fun things... 2nd get netbios name resoultion working, i.e., you should be able to do a ping hostname, and have it resolve to an ip address, w/o the host existing in dns. 3rd get non-domain functions working, such as browsing the network (net view) 4th now, setup your workgroup and domain, and try logging in with a domain user account. all should work. p.s., for username, you may need to specify it in the format of domain\username or domain/username 5th try browsing the servers (net view \\server) if all steps 1-5 work, your done. :) ----- Original Message ----- From: Kremer, Christian To: 'critter@rmci.net' Cc: Samba-NT4Dom (E-Mail) Sent: Thursday, January 11, 2001 8:13 AM Subject: AW: Dos/win3.11 with samba 2.2 Hi to all - Hi Patrick, I?m wondering for a long time how I?m getting my DOS-Client into my Samba-PDC network. As I can read, you?ve done this successfully. Could you give me some hints? My Network has a Samba 2.0.7 PDC. When I do manage it to work, I could also try it in my testing-enviroment (wich has a Samab 2.2.0 alpha1 PDC). Thanks for your help. Christian -----Urspr?ngliche Nachricht----- Von: Patrick [mailto:slu@firerun.net] Gesendet: Donnerstag, 11. Januar 2001 05:52 An: samba-ntdom@us5.samba.org Betreff: Dos/win3.11 with samba 2.2 Hello all, I was wondering if something has happened with support for dos clients in samba 2.2? I have a samba 2.2 PDC setup on my network providing authentication to other samba 2.2 servers. I have a floppy setup for disk imaging which is using dos tcp/ip and win3.11 network drivers to map a drive to my Linux raid machine. When the floppy is fully booted and logged onto the network I do a directory listing and no files or directory's show up, even though while in the shared path on the linux box there are several files/dir's there. I checked to see if the map hidden was set in the smb.conf file and it was not. So needless to say I am stumped on this one. Also when I am in the imaging program I can create a directory with the same name as the one that exits, and the files in that directory will become visible, until I change to the parent directory in which case the newly created directory disappears. Any Ideas on this one? Patrick -------------- next part -------------- HTML attachment scrubbed and removed From armand at welshhome.org Thu Jan 11 20:57:17 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Dos/win3.11 with samba 2.2 References: Message-ID: <00f901c07c11$5e39fa00$12324d90@pimco.com> AW: Dos/win3.11 with samba 2.2Take it one step at a time. 1st. get tcp/ip working. Make sure you can ping, and all those other fun things... 2nd get netbios name resoultion working, i.e., you should be able to do a ping hostname, and have it resolve to an ip address, w/o the host existing in dns. 3rd get non-domain functions working, such as browsing the network (net view) 4th now, setup your workgroup and domain, and try logging in with a domain user account. all should work. p.s., for username, you may need to specify it in the format of domain\username or domain/username 5th try browsing the servers (net view \\server) if all steps 1-5 work, your done. :) ----- Original Message ----- From: Kremer, Christian To: 'critter@rmci.net' Cc: Samba-NT4Dom (E-Mail) Sent: Thursday, January 11, 2001 8:13 AM Subject: AW: Dos/win3.11 with samba 2.2 Hi to all - Hi Patrick, I?m wondering for a long time how I?m getting my DOS-Client into my Samba-PDC network. As I can read, you?ve done this successfully. Could you give me some hints? My Network has a Samba 2.0.7 PDC. When I do manage it to work, I could also try it in my testing-enviroment (wich has a Samab 2.2.0 alpha1 PDC). Thanks for your help. Christian -----Urspr?ngliche Nachricht----- Von: Patrick [mailto:slu@firerun.net] Gesendet: Donnerstag, 11. Januar 2001 05:52 An: samba-ntdom@us5.samba.org Betreff: Dos/win3.11 with samba 2.2 Hello all, I was wondering if something has happened with support for dos clients in samba 2.2? I have a samba 2.2 PDC setup on my network providing authentication to other samba 2.2 servers. I have a floppy setup for disk imaging which is using dos tcp/ip and win3.11 network drivers to map a drive to my Linux raid machine. When the floppy is fully booted and logged onto the network I do a directory listing and no files or directory's show up, even though while in the shared path on the linux box there are several files/dir's there. I checked to see if the map hidden was set in the smb.conf file and it was not. So needless to say I am stumped on this one. Also when I am in the imaging program I can create a directory with the same name as the one that exits, and the files in that directory will become visible, until I change to the parent directory in which case the newly created directory disappears. Any Ideas on this one? Patrick -------------- next part -------------- HTML attachment scrubbed and removed From armand at welshhome.org Thu Jan 11 21:02:07 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Profiles, roaming and roving profiles References: <243076630.979042750460.JavaMail.ctrlsoft@dds.nl> <3A5D3A31.6E798FB4@valinux.com> <3A5DE1CB.8214DA43@fatal.cz> Message-ID: <00fd01c07c11$c53902f0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* fyi: I had a simillar problem with thing not running as fast on my fast 100mb systems, as they did on my 10mbit slower systems. It turned out to be a timing issue with the nics (certain brands) and switches. I resolved it eventually by replacing everything with the same 3com nic, but temporary solution was to speed up to specific problem workstations to 100mbits as well. ----- Original Message ----- From: "Alexandr Falta" To: "samba-ntdom list" Sent: Thursday, January 11, 2001 8:39 AM Subject: Re: Profiles, roaming and roving profiles > *This message was transferred with a trial version of CommuniGate(tm) Pro* > Gerald Carter wrote: > > > > ctrlsoft@dds.nl wrote: > > > > > > Hi, > > > > > > I have been reading the samba site and the docs. Everything > > > works fine here, except I get the message 'Couldn't load > > > your profile' when trying to log in. > > > > > mee too :-( > > > a profile is a collection of user settings, such as > > HKCU, desktop icons, foldes, etc... A roaming (or roving > > profile) is one which is stored centrally on a network > > server for a domain user and downloaded to a desktop > > client upon logon. > > > > Samba can be used to store roaming profiles. > > so, what about storing and retreiving roaming profiles to/from samba > server? > > I'm using samba 2.0.7, everything works fine except roaming profiles. My > samba server is connected at 100Mbps ethernet, has fast UW SCSI disk, > etc., but it's slow to deliver profile to workstation (NT4). Logons are > slow as unusable, many times I can see on workstation something like > "Cannot load your roaming profile, trying to login with cached local > copy" > > I've tried to move PDC to old PC running as NT4 server (133MHz Pentium, > old slow IDE disk, 10Mbps ethernet), there was no problem, everything > works. > I think the problem is in my samba, could anybody help me how to > optimize SMB to use for profiles? > > many thanks > alex > > FYI: My test network is small LAN with 16 workstations. > > From armand at welshhome.org Thu Jan 11 21:03:28 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Profiles, roaming and roving profiles References: <200101111703.RAA32482@zamenhof.demon.co.uk> Message-ID: <010501c07c11$f8c6f2d0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* probably an older term the win95 team used, before discovering that it was actually called roamining... :) ----- Original Message ----- From: "Martin Radford" To: "Armand Welsh" Cc: ; Sent: Thursday, January 11, 2001 9:03 AM Subject: Re: Profiles, roaming and roving profiles > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > > What is the difference between 'profiles','roaming > > > profiles' and 'roving profiles' and which are supported by > > > samba? > > > > A Roaving profile doesn't exist. So I can't tell you what samba defines it > > as. > > An altavista search for: > +roving +host:support.microsoft.com > > reveals that "roving profiles" do indeed exist. However, it seems > that Microsoft only use the term when referring to Windows 95. The > terms "roving profiles" and "roaming profiles" are synonymous (but > "roving" tends to be used for Win95 only). > > Martin > -- > Martin Radford | "Only wimps use tape backup: _real_ > martin@zamenhof.demon.co.uk | men just upload their important stuff -o) > Registered Linux user #9257 | on ftp and let the rest of the world /\\ > - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V > From armand at welshhome.org Thu Jan 11 21:07:07 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Profiles, roaming and roving profiles References: <243076630.979042750460.JavaMail.ctrlsoft@dds.nl> <3A5D3A31.6E798FB4@valinux.com> <3A5DE1CB.8214DA43@fatal.cz> <3A5DECE0.F7E74510@cae.co.za> Message-ID: <010d01c07c12$7cba8cf0$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* roaming profiles are only updated on the server durring a logout process. So you you make a change to a logged in system, then login on antoher system you will get the same, original profile the previous machine had. now if you log out on both, your roaming profile will be whatever the last logout commited to the server. Aside from that simple fact, I have not had problems on my system. You might want to also look into poledit to create a network policy file. This policy will allow you to ensure that the profiles are located where you want them, as well as manage other settings. ----- Original Message ----- From: "Buchan Milne" To: "Multiple recipients of list SAMBA-NTDOM" Sent: Thursday, January 11, 2001 9:26 AM Subject: Re: Profiles, roaming and roving profiles > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > > > > so, what about storing and retreiving roaming profiles to/from samba > > server? > > > > I'm using samba 2.0.7, everything works fine except roaming profiles. My > > samba server is connected at 100Mbps ethernet, has fast UW SCSI disk, > > etc., but it's slow to deliver profile to workstation (NT4). Logons are > > slow as unusable, many times I can see on workstation something like > > "Cannot load your roaming profile, trying to login with cached local > > copy" > > > > I've tried to move PDC to old PC running as NT4 server (133MHz Pentium, > > old slow IDE disk, 10Mbps ethernet), there was no problem, everything > > works. > > I think the problem is in my samba, could anybody help me how to > > optimize SMB to use for profiles? > > > > How big are the profiles ? If you have users running Outlook and IE > (mozilla is also at fault here), and don't take specific actions to > ensure that the profile remains small (like moving the outlook.pst to a > local place and setting NT to ignore Temp Internet Files) profiles can > get very large. > > Also relating to profiles, we seem to have our profiles not updating. If > I have removed icons etc from my desktop, and then log into another > machine, I get the old items back (even if removing them from the copy > in the netlogon share while I am logged out). > > Also, has someone got a solution to the localized shortcuts problem > (where shortcuts made on another machine don't work)? > > Buchan > -- > |----------------Registered Linux User #182071-----------------| > Buchan Milne Mechanical Engineer, Network Manager > Cellphone * Work +27 82 472 2231 * +27 21 808 2497 > Stellenbosch Automotive Engineering http://www.cae.co.za > > From armand at welshhome.org Thu Jan 11 21:18:27 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Guest Access References: <862569D1.0067EACD.00@amoa.org> Message-ID: <011901c07c14$0f035280$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* for NT/2K, you must enable the Guest account (disabled by default) in user manager. Then you can use the guest user for assigning file/share permissions, or the everyone group for this. Remember that the everyone group overridesothe permissions defined, and a most restricting order. So if you say that everyone has no acess, then everyone will have no access. the easiest way to set this up, though not the most secure, is create a share, assign the share permissions with only everyone < full control >, and then set perminssions on the shared directory (and all child object/subdirectories/files) to everyone . From here you can start playing with security to get the system setup the way you want. realize that this does not allow anyone to log into the network, as those are not guest users, but rather, this will allow users of other network domain, or workgroups to access the share w/o having to pass new credentials. ----- Original Message ----- From: To: Sent: Thursday, January 11, 2001 11:00 AM Subject: Guest Access > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > > I am proud to say that in this respect I know how to do something in Samba that > I can't seem to make NT do. I want to give Guest access to a share. Guest > meaning someone who does not have a user account and therefore is a guest of the > machine. I can do this with Samba, but have not had any luck doing it in NT > Server 4.0 SP6a. I realize that this is a little off topic but would like the > help if anyone knows how to make this happen. I think I am doing everything the > way I should but would like to see how someone else is doing to reference their > approach. > > Thank you, > > Chris Tooley > > > > From armand at welshhome.org Thu Jan 11 21:31:08 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:01 2003 Subject: Viruses... References: <002a01c07be4$94083660$4e0a0a0a@svfc.org> <3A5E1E2B.15F774EE@grainsystems.com> Message-ID: <015101c07c15$d9867900$12324d90@pimco.com> *This message was transferred with a trial version of CommuniGate(tm) Pro* did someone on this list receive the snowhite virus? I just got it delivered to me, and this is the only place I can think of, that I would have received it from... oh well... I know better.... I just feel sorry for the person that openned it up... hehe... From jelmer at nl.linux.org Thu Jan 11 22:28:08 2001 From: jelmer at nl.linux.org (Jelmer Vernooij) Date: Tue Dec 2 02:33:01 2003 Subject: [ctrlsoft@dds.nl: Re: Profiles] Message-ID: <20010111232808.A725@nl.linux.org> An embedded message was scrubbed... From: ctrlsoft@dds.nl Subject: Re: Profiles Date: Thu, 11 Jan 2001 12:33:16 +0330 (GMT+03:30) Size: 1596 Url: http://lists.samba.org/archive/samba-ntdom/attachments/20010111/93d7b1cf/attachment.eml From HZhou at Asera.com Thu Jan 11 22:56:45 2001 From: HZhou at Asera.com (Howard Zhou) Date: Tue Dec 2 02:33:01 2003 Subject: Wrong ownership -2 Message-ID: <07CFA3458AF6914BA74AC1CDA5E2B28517F007@rwscamis003.asera.com> We are using Samba on Solaris Server in a NT domain. Occasionally, we see the ownership of files on the Samba server becomes -2. We checked that the user has a consistent username and group name on both NT and Unix. What else could be wrong? Howard From anders at cwd.no Thu Jan 11 23:01:38 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:33:01 2003 Subject: Current Development Updates? In-Reply-To: <3A5E1E2B.15F774EE@grainsystems.com> Message-ID: <001401c07c22$74b27a80$3202a8c0@thorsen.dhs.org> 2.2 aims at WinNT domain support (limited), while 3.0 Aims at Windows 2000 supportd (i.e. active domain support.) --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Kevin Colby Sent: Thursday, January 11, 2001 9:57 PM To: Scott Merrill Cc: samba-ntdom@us5.samba.org Subject: Re: Current Development Updates? Scott Merrill wrote: > > http://us4.samba.org/samba/development.html suggests that Windows 2000 > domain integration won't happen until Samba 3.0. But all the traffic on > this list involves people getting the 2.2 CVS version to integrate with > Windows 2000 servers. Are we all jumping the gun with 2.2, or are the Samba > web pages slightly out of date in regards to proposed features for 2.2? Due to overwhelming demand, supporting Win2000 domain members is/was a high priority, I think. Thus, 2.2 is being tested a lot for this feature. I doubt full trust support will appear before 3.0, but if you just need to join an existing domain with a Win2000 client and don't share anything locally from it, you might be able to squeak by with the latest 2.2 on CVS. It boils down to the fact that "Win2000 support" is not an all-or-none proposition. 2.2 has "some". If this app doesn't delve into the authentication itself too much, and you can get the Win2000 machine to join the Samba domain, there shouldn't be an issue. Try getting a Win2000 client in the domain first, and then you can evaluate whether this vendor's app requires anything beyond that. - Kevin Colby kevinc@grainsystems.com From anders at cwd.no Thu Jan 11 23:02:44 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:33:01 2003 Subject: Current Development Updates? Message-ID: <001501c07c22$9b98d270$3202a8c0@thorsen.dhs.org> woups! meant to write "Active Directory", not "active domain". sorry. ---Anders -----Original Message----- From: Anders C. Thorsen [mailto:anders@cwd.no] Sent: Friday, January 12, 2001 12:02 AM To: 'Kevin Colby'; 'Scott Merrill' Cc: 'samba-ntdom@us5.samba.org' Subject: RE: Current Development Updates? 2.2 aims at WinNT domain support (limited), while 3.0 Aims at Windows 2000 supportd (i.e. active domain support.) --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Kevin Colby Sent: Thursday, January 11, 2001 9:57 PM To: Scott Merrill Cc: samba-ntdom@us5.samba.org Subject: Re: Current Development Updates? Scott Merrill wrote: > > http://us4.samba.org/samba/development.html suggests that Windows 2000 > domain integration won't happen until Samba 3.0. But all the traffic on > this list involves people getting the 2.2 CVS version to integrate with > Windows 2000 servers. Are we all jumping the gun with 2.2, or are the Samba > web pages slightly out of date in regards to proposed features for 2.2? Due to overwhelming demand, supporting Win2000 domain members is/was a high priority, I think. Thus, 2.2 is being tested a lot for this feature. I doubt full trust support will appear before 3.0, but if you just need to join an existing domain with a Win2000 client and don't share anything locally from it, you might be able to squeak by with the latest 2.2 on CVS. It boils down to the fact that "Win2000 support" is not an all-or-none proposition. 2.2 has "some". If this app doesn't delve into the authentication itself too much, and you can get the Win2000 machine to join the Samba domain, there shouldn't be an issue. Try getting a Win2000 client in the domain first, and then you can evaluate whether this vendor's app requires anything beyond that. - Kevin Colby kevinc@grainsystems.com From gunelawr at isu.edu Thu Jan 11 23:04:08 2001 From: gunelawr at isu.edu (gunelawr) Date: Tue Dec 2 02:33:01 2003 Subject: Viruses... References: <002a01c07be4$94083660$4e0a0a0a@svfc.org> <3A5E1E2B.15F774EE@grainsystems.com> <015101c07c15$d9867900$12324d90@pimco.com> Message-ID: <3A5E3BE8.23D6883C@isu.edu> I received that virus as well. So maybe someone is using the list to send out viruses? Patrick Armand Welsh wrote: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > did someone on this list receive the snowhite virus? I just got it > delivered to me, and this is the only place I can think of, that I would > have received it from... oh well... I know better.... I just feel sorry for > the person that openned it up... hehe... From I.Marmaridis at uws.edu.au Thu Jan 11 23:29:12 2001 From: I.Marmaridis at uws.edu.au (Makis Marmaridis) Date: Tue Dec 2 02:33:01 2003 Subject: Virus scanner for samba file server In-Reply-To: <003901c07b7d$732aff20$12324d90@pimco.com> Message-ID: >well, you can have samba execute your virus scan against files when >read/written to disk. This is a more advanced feature, but it can be done. With the current setup I have, this is not a necessity however it would be interesting to know how you do this in your system. Could you pass along any details about implementing this. Cheers, Makis. From ken at hudat.com Fri Jan 12 00:17:52 2001 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:33:01 2003 Subject: Current Development Updates? In-Reply-To: <001501c07c22$9b98d270$3202a8c0@thorsen.dhs.org> Message-ID: On Fri, 12 Jan 2001, Anders C. Thorsen wrote: > woups! meant to write "Active Directory", not "active domain". whatever it is, samba will allways remain the "active ingredient" ;-) -peace --- BEGIN GEEK CODE BLOCK ----------+---------- GAT d- s:+ !a C++$ UL/S/I/B++++$ P+ | "In the ongoing battle between objects L++ E- W+(+++) N K- w(---) O-- M@ | made of aluminum going hundreds of V(--) PS+++ PE Y+ PGP@ t++ 5 X+ R- | miles per hour and the ground going tv+ b- DI++++ D+(+++) G e>++ h--- | zero, the ground has yet to lose." r++ z+>+++ - END GEEK CODE BLOCK ---+ From earnshawm at wa.switch.aust.com Fri Jan 12 02:37:22 2001 From: earnshawm at wa.switch.aust.com (Earnshaw, Mike) Date: Tue Dec 2 02:33:01 2003 Subject: Linux --> NT mount problem Message-ID: <41B710421A32D411A9AE004005353FE12DA866@exchange.wa> G'day I am trying to connect to an NT server that is in a different network to mine. I can do this via native NT if I supply the correct credentials. The aim is to allow access to this NT resource from a Linux mount point to people who do not have NT on their desktops but Win9x. I have permission to access the NT share and using Linux permissions I want to give select users access also. I have Samba 2.0.5a. I added the following to my /etc/fstab ... /// /mnt/projects smbfs auto,suid,uid=500,gid=500,workgroup=***,username=***,password=*** 0 0 (where *** is replaced with relevant details). Then ... [root@datasrv /root]# mount /mnt/projects [root@datasrv /root]# Unknown parameter encountered: "domain controller" Ignoring unknown parameter "domain controller" Added interface ip=10.0.1.6 bcast=10.0.1.255 nmask=255.255.255.0 session request to PROJECTS. failed session request to *SMBSERVER failed smbmount: login failed Could not umount /mnt/projects: Device or resource busy smbmount: exit Yet if I try the same syntax of /etc/fstab with a local NT server I get a lot closer to a solution. I thought this may have been a broadcast kind of issue across routers, but it worked OK from within NT and the two NT domains are *not* trusted, but have separate user accounts in each. Any guidance appreciated. Thanks. ------------------------------------------------------------------------ ----- Mike Earnshaw | Tech support is a fine art | e-mail in header Computer Systems | which once mastered, virtually | Tel : +61 8 9256 0023 Support | ensures loss of sanity. | Fax : +61 8 9256 1199 ------------------------------------------------------------------------ ----- ,-._|\ Union Switch & signal / \ 24 Bannick Court *_.--._/ Canning Vale, WA 6155, Western Australia v ------------------------------------------------------------------------ ----- From Chris.Odgers at sausage.com Fri Jan 12 02:37:57 2001 From: Chris.Odgers at sausage.com (Chris Odgers) Date: Tue Dec 2 02:33:01 2003 Subject: Linux --> NT mount problem Message-ID: <9A0F63A07282D4119C4100D0B72017AA7E2907@fatboy.sausage.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NT servers usually don't respond to session requests when queried via their fqdn (which isn't usually the same as their netbios name.) I don't know how you'd do it via fstab, but I have success connecting to offsite NT servers using the syntax: smbclient //netbios-target-name/sharename -U user%password -I dest.ip.add.ress i'm 99% sure that smbmount, at least in some revisions, supports this syntax. > -----Original Message----- > From: Earnshaw, Mike [mailto:earnshawm@wa.switch.aust.com] > Sent: Friday, January 12, 2001 1:37 PM > To: Samba (E-mail) > Subject: Linux --> NT mount problem > > > G'day > > I am trying to connect to an NT server that is in a different > network to > mine. I can do this via native NT if I supply the correct > credentials. The aim is to allow access to this NT resource from a > Linux > mount point > to people who do not have NT on their desktops but Win9x. I have > permission to access the NT share and using Linux permissions > I want to > give select users access also. > > I have Samba 2.0.5a. I added the following to my /etc/fstab ... > > /// /mnt/projects smbfs > auto,suid,uid=500,gid=500,workgroup=***,username=***,password=*** 0 > 0 > > (where *** is replaced with relevant details). Then ... > > [root@datasrv /root]# mount /mnt/projects > [root@datasrv /root]# Unknown parameter encountered: "domain > controller" > Ignoring unknown parameter "domain controller" > Added interface ip=10.0.1.6 bcast=10.0.1.255 nmask=255.255.255.0 > session request to PROJECTS. failed > session request to *SMBSERVER failed > smbmount: login failed > Could not umount /mnt/projects: Device or resource busy > smbmount: exit > > Yet if I try the same syntax of /etc/fstab with a local NT > server I get > a lot closer to a solution. I thought this may have been a > broadcast kind of issue across routers, but it worked OK from > within NT and the two NT domains are *not* trusted, but have > separate user accounts in each. > > Any guidance appreciated. Thanks. > > -------------------------------------------------------------- > ---------- > ----- > Mike Earnshaw | Tech support is a fine art | e-mail > in header > Computer Systems | which once mastered, virtually | Tel : > +61 8 9256 > 0023 > Support | ensures loss of sanity. | Fax : > +61 8 9256 > 1199 > -------------------------------------------------------------- > ---------- > ----- > ,-._|\ Union Switch & signal > / \ 24 Bannick Court > *_.--._/ Canning Vale, WA 6155, Western Australia > v > -------------------------------------------------------------- > ---------- > ----- > -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBOl3hZa5S0FuupP0+EQKrjACg9YMRWO0v4nSdhej4CtcSgjpTv9cAn1fE GpUjFwq2xJWOuOqn21nhFb9T =oeAy -----END PGP SIGNATURE----- From Chris.Odgers at sausage.com Fri Jan 12 03:27:18 2001 From: Chris.Odgers at sausage.com (Chris Odgers) Date: Tue Dec 2 02:33:02 2003 Subject: Linux --> NT mount problem Message-ID: <9A0F63A07282D4119C4100D0B72017AA7E290A@fatboy.sausage.com.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 the 'unknown parameter' informational message refers to your smb.conf file, i'm not sure but i don't think there's a 'domain controller' parameter in smb.conf. that's being ignored though. sometimes I find that I've got to specify the DOMAIN\ bit of the login name as well, otherwise it thinks youre trying to log into the local SAM. For troubleshooting purposes, as well, it might be worth trying that (as long as the machine in question isn't a BDC and you actually know a local login). Hope this helps, Chris > -----Original Message----- > From: Earnshaw, Mike [mailto:earnshawm@wa.switch.aust.com] > Sent: Friday, January 12, 2001 2:25 PM > To: 'Chris Odgers' > Subject: RE: Linux --> NT mount problem > > > Chris, > > Thanks for the info. The results I get using the *correct* > credentials are ... > > Unknown parameter encountered: "domain controller" > Ignoring unknown parameter "domain controller" > Added interface ip=10.0.1.6 bcast=10.0.1.255 nmask=255.255.255.0 > session setup failed: ERRDOS - ERRnoaccess (Access denied.) > > I tried using the -N option immediately after //server/service in > my smbclient command as per the man page with no change in > results. I also > tried dropping the -N and removing the password from > 'user%password' and > at the password prompt entered the correct details, again no change > in results. > > Read the man pages for both smbmount and smbclient and there does > not appear any more switches I can include to try and force the > issue. > > Thanks > > Mike > > > #-----Original Message----- > #From: Chris Odgers [mailto:Chris.Odgers@sausage.com] > #Sent: Friday, 12 January 2001 10:38 AM > #To: 'Earnshaw, Mike' > #Cc: 'samba-ntdom@samba.org' > #Subject: RE: Linux --> NT mount problem > # > # > #-----BEGIN PGP SIGNED MESSAGE----- > #Hash: SHA1 > # > #NT servers usually don't respond to session requests when queried > via #their fqdn (which isn't usually the same as their netbios > name.) > # > #I don't know how you'd do it via fstab, but I have success > connecting #to offsite NT servers using the syntax: > # > #smbclient //netbios-target-name/sharename -U user%password -I > #dest.ip.add.ress > # > #i'm 99% sure that smbmount, at least in some revisions, supports > this #syntax. > # > #> -----Original Message----- > #> From: Earnshaw, Mike [mailto:earnshawm@wa.switch.aust.com] > #> Sent: Friday, January 12, 2001 1:37 PM > #> To: Samba (E-mail) > #> Subject: Linux --> NT mount problem > #> > #> > #> G'day > #> > #> I am trying to connect to an NT server that is in a different > #> network to > #> mine. I can do this via native NT if I supply the correct > #> credentials. The aim is to allow access to this NT resource from > a #> Linux > #> mount point > #> to people who do not have NT on their desktops but Win9x. I have > #> permission to access the NT share and using Linux permissions > #> I want to > #> give select users access also. > #> > #> I have Samba 2.0.5a. I added the following to my /etc/fstab ... > #> > #> /// /mnt/projects smbfs > #> > auto,suid,uid=500,gid=500,workgroup=***,username=***,password=*** 0 > #> 0 > #> > #> (where *** is replaced with relevant details). Then ... > #> > #> [root@datasrv /root]# mount /mnt/projects > #> [root@datasrv /root]# Unknown parameter encountered: "domain > #> controller" > #> Ignoring unknown parameter "domain controller" > #> Added interface ip=10.0.1.6 bcast=10.0.1.255 nmask=255.255.255.0 > #> session request to PROJECTS. failed > #> session request to *SMBSERVER failed > #> smbmount: login failed > #> Could not umount /mnt/projects: Device or resource busy > #> smbmount: exit > #> > #> Yet if I try the same syntax of /etc/fstab with a local NT > #> server I get > #> a lot closer to a solution. I thought this may have been a > #> broadcast kind of issue across routers, but it worked OK from > #> within NT and the two NT domains are *not* trusted, but have > #> separate user accounts in each. > #> > #> Any guidance appreciated. Thanks. > #> > #> -------------------------------------------------------------- > #> ---------- > #> ----- > #> Mike Earnshaw | Tech support is a fine art | e-mail > #> in header > #> Computer Systems | which once mastered, virtually | Tel : > #> +61 8 9256 > #> 0023 > #> Support | ensures loss of sanity. | Fax : > #> +61 8 9256 > #> 1199 > #> -------------------------------------------------------------- > #> ---------- > #> ----- > #> ,-._|\ Union Switch & signal > #> / \ 24 Bannick Court > #> *_.--._/ Canning Vale, WA 6155, Western Australia > #> v > #> -------------------------------------------------------------- > #> ---------- > #> ----- > #> > # > #-----BEGIN PGP SIGNATURE----- > #Version: PGPfreeware 6.5.3 for non-commercial use # #iQA/AwUBOl3hZa5S0FuupP0+EQKrjACg9YMRWO0v4nSdhej4CtcSgjpTv9cAn1fE #GpUjFwq2xJWOuOqn21nhFb9T #=oeAy #-----END PGP SIGNATURE----- # -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use iQA/AwUBOl3s9q5S0FuupP0+EQK9gQCgwSg6VMiGcgy1jneIU04qnr6HJ/8AoOPC wvNmd0AojOLXjTuJK2yxxrIq =IOW0 -----END PGP SIGNATURE----- From serg at tv2.tomsk.su Fri Jan 12 03:59:37 2001 From: serg at tv2.tomsk.su (Serg Alexandrov) Date: Tue Dec 2 02:33:02 2003 Subject: Dos/win3.11 with samba 2.2 In-Reply-To: <3A5D3C01.17C0DD56@firerun.net> Message-ID: <200101120359.KAA84201@tv2.tomsk.su> Patrick said: > Hello all, > > I was wondering if something has happened with support for dos > clients in samba 2.2? I have a samba 2.2 PDC setup on my network > providing authentication to other samba 2.2 servers. I have a floppy > setup for disk imaging which is using dos tcp/ip and win3.11 network > drivers to map a drive to my Linux raid machine. When the floppy is > fully booted and logged onto the network I do a directory listing and no > > files or directory's show up, even though while in the shared path on > the linux box there are several files/dir's there. I checked to see if > the map hidden was set in the smb.conf file and it was not. So needless > > to say I am stumped on this one. Also when I am in the imaging program > > I can create a directory with the same name as the one that exits, and > the files in that directory will become visible, until I change to the > parent directory in which case the newly created directory disappears. > > Any Ideas on this one? > > Patrick > So, I have the same problem. Long time I try get help from samba guys, but no answer... ( I resolve this problem. I think so. Edit file /source/smbd/dir.c Find function: BOOL get_dir_entry(connection_struct *conn,char *mask,int dirtype,char *fname, SMB_OFF_T *size,int *mode,time_t *date,BOOL check_descend) { ... skipped ..... if (!conn->dirptr) return(False); /* INSERT THIS TWO LINES !!! */ if (strequal(mask, "????????.???")) pstrcpy(mask, "*"); while (!found) { ..... Try this... -- Best, Serg From horde at promax.com.mx Fri Jan 12 04:39:26 2001 From: horde at promax.com.mx (Francisco Villagrana) Date: Tue Dec 2 02:33:02 2003 Subject: How setup a Good PDC Message-ID: <006001c07c51$a48a34d0$32bdf494@promax.com.mx> I like setup a Good PDC with Active Profiles, i Have RedHat Linux 7.0 if you can send me a good config of smb, and instructions to setup Thanks.. Regards -------------- next part -------------- HTML attachment scrubbed and removed From wildman at mediaone.net Fri Jan 12 06:02:00 2001 From: wildman at mediaone.net (Art Wildman) Date: Tue Dec 2 02:33:02 2003 Subject: Virus scanner for samba file server Message-ID: <3A5E9DD8.1BAF327C@mediaone.net> NAI/Mcafee.com has a linux virus scanner/inserter, but I don't like the way it behaves on winblows, so I've never had the guts to try it on a perfectly good linux server ;) This most elegant solution appeals to me.... -- Art Wildman - wildman@mediaone.net - http:/network-this.net ------------< From Mailhelp List >-------------- On Tue, 26 Dec 2000, Charles Galpin spewed into the bitstream: CG>This site has everything you need to set up a *general* mechanism to CG>thwart scripting or exe viruses. The basic approach is to rename CG>attachment, and modify scripts to prevent them from running without you CG>manualy renaming them (or modifying the scripts). When I hear the name CG>John Hardin, I cannot help but smile :) CG> CG>ftp://ftp.rubyriver.com/pub/jhardin/antispam/procmail-security.html CG> CG>ho ho ho CG>charles CG> CG>On Sat, 23 Dec 2000, scott.list wrote: CG> CG>> Happy Holidays guys! CG>> CG>> Here as of late I've been getting worn out with a virus. It's attached in CG>> various forms to a message that says HaHa or Smow WHite and the Seven CG>> Dwarfs.... Here is what I do: :0 *^Content-type: (multipart/mixed|application/octet-stream) { :0 HB *^Content-Disposition: attachment; *filename=".*\.(vbs|shs|wsf|vbe|wsh|hta|pif|exe)" { :0 fhbw |/bin/sed -e 's/\([nN][aA][mM][eE]=".*\....\)"/\1.txt"/' :0 c /tmp/vbs } } It seems to work okay... :-) -- Chuck Mead -- This mail is from the MailHelp mailing list. Send "unsubscribe mailhelp" in the subject line to listar@moongroup.com to be removed. The archives are located at http://www.moongroup.com/old/archives.php. Have a nice day! -------- Original Message -------- Subject: RE: Virus scanner for samba file server Date: Fri, 12 Jan 2001 10:29:12 +1100 From: "Makis Marmaridis" To: "Armand Welsh" CC: >well, you can have samba execute your virus scan against files when >read/written to disk. This is a more advanced feature, but it can be done. With the current setup I have, this is not a necessity however it would be interesting to know how you do this in your system. Could you pass along any details about implementing this. Cheers, Makis. From Graeme.Vetterlein at ntl.com Fri Jan 12 11:19:01 2001 From: Graeme.Vetterlein at ntl.com (Graeme.Vetterlein@ntl.com) Date: Tue Dec 2 02:33:02 2003 Subject: Passwd problems Message-ID: <5DD689222800D411B26100508B5E958436155A@mast-hk0-se02.private.ntl.com> > From: "Wood, Jeremy" > ... > Hello all, > I am in a bit if a dilemma here. At my company, which > is mostly M$ > ... > Most of the people that > check this > server for files are barely smart enough to run windows so I > can't even get > into having them SSH to the file server and fix the problem > themselves. > Basically my question is: When someone changes their NT domain > password (say thru Ctl+Alt+Del on NT), how do I automate it > so the smbpasswd > on the Samba machine is also updated? > "[quote removed because of complaints... yes really]" Yep we have a similar set of problems^H^H^H^H^ opportunities :-) I opted to do it 'the other way around' set the smb.conf to use server mode. This means the NT box acts as the source-of-authority for the passwds. This means you don't have an smbpasswd file to worry about. It does however have it's own set of problems, I was thinking of switching to your model :-) -- Graeme From johan.ostensson at orebro.lantmen.se Fri Jan 12 12:03:31 2001 From: johan.ostensson at orebro.lantmen.se (=?Iso-8859-1?Q?Johan_=D6stensson?=) Date: Tue Dec 2 02:33:02 2003 Subject: Virus scanner for samba file server Message-ID: <20010112115721.625CB659843@au2.samba.org> > NAI/Mcafee.com has a linux virus scanner/inserter, but I > don't like the way it behaves on winblows, so I've never > had the guts to try it on a perfectly good linux server ;) NAI's Manegement Edition sucks rocks! And VirusScan 4.5 (win) is a memory hog. Avoid NAI :) /johan ---------------------------------------------------------------------- Johan ?stensson johan.ostensson@orebro.lantmen.se Dataavdelningen Tfn: 019-21 77 05 ?rebro Lantm?n Mobil: 073-654 82 83 Box 1743, 701 17 ?rebro Fax: 019-21 77 54 ---------------------------------------------------------------------- From H.Kaschube at hoedtke.de Fri Jan 12 12:21:41 2001 From: H.Kaschube at hoedtke.de (Heiko Kaschube) Date: Tue Dec 2 02:33:02 2003 Subject: NT, 2.0.6 PDC and User Groups Message-ID: <3A5EF6D5.A813EE4A@hoedtke.de> Hello, Folks! We have got Samba 2.0.6 (S.u.S.E. 6.4) as a PDC for Win95 and WinNT4 SP5 boxes. Everything works fine except one thing: When I log on to an NT box as a normal user, not a member of "domain admin group" (see parameter in global section of smb.conf), I am not able to change any of registry entries, not even those belonging to normal users. To get around this, I set domain admin group to @users. [global] workgroup = PINNEBERG netbios name = GONZO netbios aliases = PDCPI TIMESRVPI3 server string = Gonzo Samba %v interfaces = eth0 encrypt passwords = Yes update encrypted = Yes map to guest = Bad User passwd program = /usr/bin/passwd %u && (cd /var/yp; make) passwd chat = *ew*assword* %n\n *ew*assword* %n\n *changed* unix password sync = Yes time server = Yes keepalive = 30 socket options = TCP_NODELAY SO_KEEPALIVE=1 SO_SNDBUF=2048 domain admin group = @users logon script = %U.bat logon path = \\%L\%U\profildaten logon drive = P: logon home = \\%L\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes kernel oplocks = No So how do I maintain at least one normal "domain user group"? Greetings, Heiko --- Heiko Kaschube Hoedtke Blech- und Lasertechnik Phone: +49 4101 7099-0 FAX: +49 4101 76137 email: mailto:H.Kaschube@hoedtke.de Internet: http://www.hoedtke.de From noelk at bc.edu Fri Jan 12 12:48:27 2001 From: noelk at bc.edu (Ken Noel) Date: Tue Dec 2 02:33:02 2003 Subject: Linux --> NT mount problem Message-ID: <3A64D238@netfin6.bc.edu> I am also experiencing the same problem I think. When I try to mount and NT server fs by not using a local account on the server smbclient and mount cannot resolve domain\username syntax. If mount PDC's and BDC's using local admin accounts that works fine. If I try to mount member servers or workstations by using domain account information I cannot mount the fs. I don't know if this is the same problem but it sounds like it. I hope I see someone post a response that makes it work. Ken >===== Original Message From Chris Odgers ===== >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >the 'unknown parameter' informational message refers to your smb.conf >file, i'm not sure but i don't think there's a 'domain controller' >parameter in smb.conf. that's being ignored though. > >sometimes I find that I've got to specify the DOMAIN\ bit of the >login name as well, otherwise it thinks youre trying to log into the >local SAM. For troubleshooting purposes, as well, it might be worth >trying that (as long as the machine in question isn't a BDC and you >actually know a local login). > >Hope this helps, > >Chris > >> -----Original Message----- >> From: Earnshaw, Mike [mailto:earnshawm@wa.switch.aust.com] >> Sent: Friday, January 12, 2001 2:25 PM >> To: 'Chris Odgers' >> Subject: RE: Linux --> NT mount problem >> >> >> Chris, >> >> Thanks for the info. The results I get using the *correct* >> credentials are ... >> >> Unknown parameter encountered: "domain controller" >> Ignoring unknown parameter "domain controller" >> Added interface ip=10.0.1.6 bcast=10.0.1.255 nmask=255.255.255.0 >> session setup failed: ERRDOS - ERRnoaccess (Access denied.) >> >> I tried using the -N option immediately after //server/service in >> my smbclient command as per the man page with no change in >> results. I also >> tried dropping the -N and removing the password from >> 'user%password' and >> at the password prompt entered the correct details, again no change >> in results. >> >> Read the man pages for both smbmount and smbclient and there does >> not appear any more switches I can include to try and force the >> issue. >> >> Thanks >> >> Mike >> >> >> #-----Original Message----- >> #From: Chris Odgers [mailto:Chris.Odgers@sausage.com] >> #Sent: Friday, 12 January 2001 10:38 AM >> #To: 'Earnshaw, Mike' >> #Cc: 'samba-ntdom@samba.org' >> #Subject: RE: Linux --> NT mount problem >> # >> # >> #-----BEGIN PGP SIGNED MESSAGE----- >> #Hash: SHA1 >> # >> #NT servers usually don't respond to session requests when queried >> via #their fqdn (which isn't usually the same as their netbios >> name.) >> # >> #I don't know how you'd do it via fstab, but I have success >> connecting #to offsite NT servers using the syntax: >> # >> #smbclient //netbios-target-name/sharename -U user%password -I >> #dest.ip.add.ress >> # >> #i'm 99% sure that smbmount, at least in some revisions, supports >> this #syntax. >> # >> #> -----Original Message----- >> #> From: Earnshaw, Mike [mailto:earnshawm@wa.switch.aust.com] >> #> Sent: Friday, January 12, 2001 1:37 PM >> #> To: Samba (E-mail) >> #> Subject: Linux --> NT mount problem >> #> >> #> >> #> G'day >> #> >> #> I am trying to connect to an NT server that is in a different >> #> network to >> #> mine. I can do this via native NT if I supply the correct >> #> credentials. The aim is to allow access to this NT resource from >> a #> Linux >> #> mount point >> #> to people who do not have NT on their desktops but Win9x. I have >> #> permission to access the NT share and using Linux permissions >> #> I want to >> #> give select users access also. >> #> >> #> I have Samba 2.0.5a. I added the following to my /etc/fstab ... >> #> >> #> /// /mnt/projects smbfs >> #> >> auto,suid,uid=500,gid=500,workgroup=***,username=***,password=*** 0 >> #> 0 >> #> >> #> (where *** is replaced with relevant details). Then ... >> #> >> #> [root@datasrv /root]# mount /mnt/projects >> #> [root@datasrv /root]# Unknown parameter encountered: "domain >> #> controller" >> #> Ignoring unknown parameter "domain controller" >> #> Added interface ip=10.0.1.6 bcast=10.0.1.255 nmask=255.255.255.0 >> #> session request to PROJECTS. failed >> #> session request to *SMBSERVER failed >> #> smbmount: login failed >> #> Could not umount /mnt/projects: Device or resource busy >> #> smbmount: exit >> #> >> #> Yet if I try the same syntax of /etc/fstab with a local NT >> #> server I get >> #> a lot closer to a solution. I thought this may have been a >> #> broadcast kind of issue across routers, but it worked OK from >> #> within NT and the two NT domains are *not* trusted, but have >> #> separate user accounts in each. >> #> >> #> Any guidance appreciated. Thanks. >> #> >> #> -------------------------------------------------------------- >> #> ---------- >> #> ----- >> #> Mike Earnshaw | Tech support is a fine art | e-mail >> #> in header >> #> Computer Systems | which once mastered, virtually | Tel : >> #> +61 8 9256 >> #> 0023 >> #> Support | ensures loss of sanity. | Fax : >> #> +61 8 9256 >> #> 1199 >> #> -------------------------------------------------------------- >> #> ---------- >> #> ----- >> #> ,-._|\ Union Switch & signal >> #> / \ 24 Bannick Court >> #> *_.--._/ Canning Vale, WA 6155, Western Australia >> #> v >> #> -------------------------------------------------------------- >> #> ---------- >> #> ----- >> #> >> # >> #-----BEGIN PGP SIGNATURE----- >> #Version: PGPfreeware 6.5.3 for non-commercial use > ># >#iQA/AwUBOl3hZa5S0FuupP0+EQKrjACg9YMRWO0v4nSdhej4CtcSgjpTv9cAn1fE >#GpUjFwq2xJWOuOqn21nhFb9T >#=oeAy >#-----END PGP SIGNATURE----- ># > >-----BEGIN PGP SIGNATURE----- >Version: PGPfreeware 6.5.3 for non-commercial use > >iQA/AwUBOl3s9q5S0FuupP0+EQK9gQCgwSg6VMiGcgy1jneIU04qnr6HJ/8AoOPC >wvNmd0AojOLXjTuJK2yxxrIq >=IOW0 >-----END PGP SIGNATURE----- Kenneth Noel Boston College Information Technology Systems Programmer 617 552-8511 From pwlczk at ifrance.com Fri Jan 12 13:06:07 2001 From: pwlczk at ifrance.com (Franck) Date: Tue Dec 2 02:33:02 2003 Subject: NT, 2.0.6 PDC and User Groups References: <3A5EF6D5.A813EE4A@hoedtke.de> Message-ID: <3A5F013E.A4AF2B84@ifrance.com> Policies can be used to enable/disable registry access. You may create a ntconfig.pol via poledit.exe. To do that, you need a licensed copy of NTServer and may install 'Server tools' on your admin Wks. ntconfig.pol must resides on a readable samba share. It works fine with NT (I don't use win9x). Franck Heiko Kaschube a ?crit : > When I log on to an NT box as a normal user, not a member of "domain > admin group" (see parameter in global section of smb.conf), I am not > able to change any of registry entries, not even those belonging to > normal users. > So how do I maintain at least one normal "domain user group"? > > Greetings, Heiko > > --- > Heiko Kaschube > Hoedtke Blech- und Lasertechnik > Phone: +49 4101 7099-0 > FAX: +49 4101 76137 > email: mailto:H.Kaschube@hoedtke.de > Internet: http://www.hoedtke.de ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif From pwlczk at ifrance.com Fri Jan 12 13:10:01 2001 From: pwlczk at ifrance.com (Franck) Date: Tue Dec 2 02:33:02 2003 Subject: Distinguished hosts list for VLANs Message-ID: <3A5F0229.485EFE57@ifrance.com> Hi, I've a Samba server acting as a PDC for 3 VLAN. Netcard 1 : 172.16.1.1/255.255.255.0 Netcard 2 : 172.16.2.1/255.255.255.0 Netcard 3 : 172.16.3.1/255.255.255.0 Here's my pb : hosts on each network may see only Nt Wks that reside on the same network via neighborhood but the server gives them the entire list (In fact, domain master is set to yes). Thanks for answers... Franck ______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif From ctooley at amoa.org Fri Jan 12 13:37:11 2001 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:33:02 2003 Subject: Guest Access Message-ID: <862569D2.004A4C90.00@amoa.org> This would be great, except it doesn't work for me, for some reason. I've decided to chuck it and just add the accounts to the machine until I can figure out a better way. Chris "Armand Welsh" on 01/11/2001 03:18:27 PM To: Chris Tooley/AMOA@AMOA, samba-ntdom@samba.org cc: Subject: Re: Guest Access *This message was transferred with a trial version of CommuniGate(tm) Pro* for NT/2K, you must enable the Guest account (disabled by default) in user manager. Then you can use the guest user for assigning file/share permissions, or the everyone group for this. Remember that the everyone group overridesothe permissions defined, and a most restricting order. So if you say that everyone has no acess, then everyone will have no access. the easiest way to set this up, though not the most secure, is create a share, assign the share permissions with only everyone < full control >, and then set perminssions on the shared directory (and all child object/subdirectories/files) to everyone . From here you can start playing with security to get the system setup the way you want. realize that this does not allow anyone to log into the network, as those are not guest users, but rather, this will allow users of other network domain, or workgroups to access the share w/o having to pass new credentials. ----- Original Message ----- From: To: Sent: Thursday, January 11, 2001 11:00 AM Subject: Guest Access > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > > I am proud to say that in this respect I know how to do something in Samba that > I can't seem to make NT do. I want to give Guest access to a share. Guest > meaning someone who does not have a user account and therefore is a guest of the > machine. I can do this with Samba, but have not had any luck doing it in NT > Server 4.0 SP6a. I realize that this is a little off topic but would like the > help if anyone knows how to make this happen. I think I am doing everything the > way I should but would like to see how someone else is doing to reference their > approach. > > Thank you, > > Chris Tooley > > > > From joakim.tjernlund at lumentis.se Fri Jan 12 15:14:19 2001 From: joakim.tjernlund at lumentis.se (Joakim Tjernlund) Date: Tue Dec 2 02:33:02 2003 Subject: W2K and PDC, adding users from the PDC(samba 2.2) Message-ID: <002501c07caa$56c66120$0a01a8c0@Win1> Hi all I am trying to set up samba 2.2(on Redhat 7.0) PDC&file server for W2K professional Workstation clients. I managed to join the domain from a W2K client and I can see the shares offered by the samba server, but when I try to add a new user(which is already defined in the samba server) I get this error message: "The user could not be added because .... The trust relationship between this workstation an the primary domin failed" Am I doing something wrong or is the not supported yet? I can define local users(in the advanced menu) and then add a profile path to the server(it works fine) but I want to define my users on the samba server and have the W2K client use this central user/password database. Jocke From olivier.wegria at novactiongroup.com Fri Jan 12 15:51:24 2001 From: olivier.wegria at novactiongroup.com (Olivier Wegria) Date: Tue Dec 2 02:33:02 2003 Subject: Japanese Message-ID: <500C66C7BF87D311A7F400A0C907E8D87FF0BB@NSA4> Hi there, Does anyone knows if samba 2.0.7 works with Japanese characters? By the way, does linux support Japanese characters for file names? I would like to install an english linux box with samba 2.0.7 to provide some shared drives to some Japanese Windows clients. Does anyone has any experience with it? Cheers Olivier From virgo at azcher.kharkov.ua Fri Jan 12 16:17:38 2001 From: virgo at azcher.kharkov.ua (Dolgopolov Sergey) Date: Tue Dec 2 02:33:02 2003 Subject: samba-ntdom digest, Vol 1 #241 - 43 msgs References: <20010111200127.210C58638@lists.samba.org> Message-ID: <3A5F2E22.62D1B9FE@azcher.kharkov.ua> > ----- Original Message ----- > From: "Armand Welsh" > To: , , > > Subject: Re: The procedure number is out of range error > Date: Wed, 10 Jan 2001 19:22:58 -0800 > *This message was transferred with a trial version of CommuniGate(tm) Pro* > hehe, except the psychic part, where your supposed to download the latest > cvs. :) > > Check out the samba docs on downloading cvs source, and try again. > In my case this problem was with 2.0.7 and now exists with 2.2.0alpha1. And it is a pity. From slu at firerun.net Fri Jan 12 16:47:35 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:02 2003 Subject: Distinguished hosts list for VLANs References: <3A5F0229.485EFE57@ifrance.com> Message-ID: <3A5F3527.DC9AE72B@firerun.net> You need to set "wins support = yes", and set the wins server on each workstation to the apropriate IP of your Linux PDC. That should do the trick. Franck wrote: > Hi, > > I've a Samba server acting as a PDC for 3 VLAN. > Netcard 1 : 172.16.1.1/255.255.255.0 > Netcard 2 : 172.16.2.1/255.255.255.0 > Netcard 3 : 172.16.3.1/255.255.255.0 > > Here's my pb : > hosts on each network may see only Nt Wks that reside on the same > network via neighborhood but the server gives them the entire list (In > fact, domain master is set to yes). > > Thanks for answers... > > Franck > > > ______________________________________________________________________________ > ifrance.com, l'email gratuit le plus complet de l'Internet ! > vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... > http://www.ifrance.com/_reloc/email.emailif From joakim.tjernlund at lumentis.se Fri Jan 12 17:46:00 2001 From: joakim.tjernlund at lumentis.se (Joakim Tjernlund) Date: Tue Dec 2 02:33:02 2003 Subject: disable trust relationship? Message-ID: <003001c07cbf$8754e720$0a01a8c0@Win1> Hi again Is it possible to disable trust relationships in W2K clients? if yes, how do I do that? Jocke From r_huelsmann at ish.de Fri Jan 12 18:05:00 2001 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:33:02 2003 Subject: 2.2 download / status Message-ID: <00e001c07cc2$2e40eb40$3401a8c0@workstation_1a.ish.de> hello ! i?m still interested in 2.2 (maybe 3.0 ??) there soulb be a beta end of 2000... but i don?t read much about it. is there another place talking about 2.2 issues ? and: how/wehere to get ? there is a aplha1... there should be cvs... but ?m not expirienced using cvs... with "cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co samba" i get the HEAD-branch... how do i get "2.2.0: (CVS tag SAMBA_2_2)" ? greetings ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.de/ r_huelsmann@ish.de phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 -------------- next part -------------- A non-text attachment was scrubbed... Name: =?iso-8859-1?Q?Ralf_H=FClsmann.vcf?= Type: application/octet-stream Size: 637 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010112/29283326/iso-8859-1QRalf_HFClsmann.obj From miksa at lysya.kajaani.fi Fri Jan 12 19:12:32 2001 From: miksa at lysya.kajaani.fi (Mikko Hurskainen) Date: Tue Dec 2 02:33:02 2003 Subject: MySQL & Samba Message-ID: Is there any way to make Samba PDC authentication via MySQL database ? Or PDC authentication via PAM ? I'm intrested developing web user management tools for Samba, so MySQL authentication wouldn't be bad. -- - Miksa Root of lysya.kajaani.fi From sanders_p at univerahealthcare.org Fri Jan 12 19:54:54 2001 From: sanders_p at univerahealthcare.org (Paul Sanders) Date: Tue Dec 2 02:33:02 2003 Subject: 2.2 download / status Message-ID: Try this: cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co SAMBA_2_2 samba ...that should grab SAMBA_2_2 and place it in a directory named 'samba' in you current directory. Leaving out the 'SAMBA_2_2' part defaults to HEAD... Keep in mind that winbindd is not functional under 2.2 [if that is what you are looking for...] but the new NT print driver autodownload definetely rocks [ we've been able to get this working under HEAD as well] - a real improvement over the old system and much of the NT ACL control is now there, too! Enjoy! Paul Sanders >>> Ralf Huelsmann 01/12 1:05 PM >>> hello ! i?m still interested in 2.2 (maybe 3.0 ??) there soulb be a beta end of 2000... but i don?t read much about it. is there another place talking about 2.2 issues ? and: how/wehere to get ? there is a aplha1... there should be cvs... but ?m not expirienced using cvs... with "cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co samba" i get the HEAD-branch... how do i get "2.2.0: (CVS tag SAMBA_2_2)" ? greetings ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.de/ r_huelsmann@ish.de phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 From A.Hupfau at IT-Concept.at Fri Jan 12 20:44:46 2001 From: A.Hupfau at IT-Concept.at (Andreas Hupfau) Date: Tue Dec 2 02:33:02 2003 Subject: printer drivers Message-ID: hi all, I always read about how wonderful the printer download for nt works, but I can't get it to run ... but I tried it now for a few times but I always get the following error when connecting to the printers share on the pdc: INTERNAL ERROR: Signal 11 in pid 30889 (2.2.0-alpha1) Please read the file BUGS.txt in the distribution [2001/01/12 21:30:48, 0] lib/fault.c:fault_report(43) =============================================================== [2001/01/12 21:30:48, 0] lib/util.c:smb_panic(1139) PANIC: internal error [2001/01/12 21:30:48, 0] smbd/service.c:make_connection(341) gipsy logged in as admin user (root privileges) [2001/01/12 21:30:48, 1] smbd/ipc.c:api_fd_reply(286) api_fd_reply: INVALID PIPE HANDLE: 7022 and I can't see the add printer thingie (it's enabled in smb.conf ...) I'm running the newest cvs-version of 2.2 on a suse based system with kernel 2.2.16 btw ... w2k is running perfectly as a domain member (a few profile errors ... ) and almost any other things I wanted seem to work ... greez Andreas Hupfau LINUX @work IT-Concept EDV-Dienstleistungs GmbH homepage: http://www.it-concept.at email: A.Hupfau@IT-Concept.at From sanders_p at univerahealthcare.org Fri Jan 12 21:49:55 2001 From: sanders_p at univerahealthcare.org (Paul Sanders) Date: Tue Dec 2 02:33:02 2003 Subject: 2.2 download / status Message-ID: My apologies - I left out a switch. I just tried this to verify and I get the error as well unless there is a '-r' switch as such: cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_2_2 samba This info is in the Samba 2.2 PDC FAQ along with more useful goodies. Hope this helps. Paul Sanders >>> Ralf Huelsmann 01/12 3:32 PM >>> > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Paul Sanders > Sent: Friday, January 12, 2001 8:55 PM > To: samba-ntdom@us5.samba.org > Subject: Re: 2.2 download / status > > > Try this: > > cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co SAMBA_2_2 samba > > ...that should grab SAMBA_2_2 and place it in a directory named > 'samba' in you current directory. Leaving out the 'SAMBA_2_2' > part defaults to HEAD... that doesn?t seem to work... "cvs server: cannot find module `SAMBA_2_2' - ignored" > > Keep in mind that winbindd is not functional under 2.2 [if that > is what you are looking for...] what means, taht the WINS-service is not supported ? any info if there will be wins-support in the near future ? nothing i need now for the site i want to do the test (only 10 clients...) but the new NT print driver > autodownload definetely rocks [ we've been able to get this > working under HEAD as well] - a real improvement over the old > system and much of the NT ACL control is now there, too! > > Enjoy! > > Paul Sanders > > > > > > >>> Ralf Huelsmann 01/12 1:05 PM >>> > hello ! > > i?m still interested in 2.2 (maybe 3.0 ??) there soulb be a beta end of > 2000... but i don?t read much about it. is there another place talking > about 2.2 issues ? > > and: > how/wehere to get ? > there is a aplha1... there should be cvs... but ?m not expirienced using > cvs... > > with "cvs -z5 -d :pserver:cvs@pserver.samba.org:/cvsroot co > samba" i get the > HEAD-branch... how do i get "2.2.0: (CVS tag SAMBA_2_2)" ? > > greetings > ralf > > --- > Ralf Huelsmann Kempen Germany > Office: http://www.ish.de/ r_huelsmann@ish.de > phone +49 2152 962010 fax +49 2152 962009 > Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 > > From sam at quadlink.com.au Sat Jan 13 00:55:00 2001 From: sam at quadlink.com.au (Sam Silvester) Date: Tue Dec 2 02:33:02 2003 Subject: Group policies for Win98 Message-ID: Hi Everyone! I'm working on a Samba server for a small (~600 students) school, in which we want to have individual accounts for each user. We also use system policies to maintain some level of control over the workstations, but I can't work out how to get group policies working. I've installed support for group policies on the workstations and created the policy file with the groups 'students', 'teachers' and 'admins' Provided all of the individual accounts are entered into the smbpasswd file, how do I then specify which group they are in, and then make the workstations pick this up??? thanks in advance, Sam! -- Programming is an art form that fights back. Sam Silvester Ph: 0408 492 205 Fax: (08) 8849 2376 http://www.quadlink.com.au From eirvine at tpgi.com.au Sat Jan 13 09:40:04 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:33:02 2003 Subject: Group policies for Win98 References: Message-ID: <3A602274.4A4AC7C@tpgi.com.au> Hi Sam, I use samba in a school too. I have about 1650 individual accounts. When giving students and staff accounts I give them a uid in a particular range (man pw) depending on who they are. This is all done via a perl script I wrote which calls pw. eg: o teachers have uid's between 1000 and 2000, o office staff are between 2000 and 3000, o year 7's of this year will be between 13000 and 14000 o year 7's of last year will be between 12000 and 13000, etc... Based on the UID, a root preexec perl script figures out what config.pol file they should have when they log in, and copies the appropriate config.pol file to their profile directory. This UID scheme also has other uses, particularly wrt setting quotas and end-of-year rollover. BTW- where is your school? Eddie. Sam Silvester wrote: > > Hi Everyone! > > I'm working on a Samba server for a small (~600 students) school, in which > we want to have individual accounts for each user. > > We also use system policies to maintain some level of control over the > workstations, but I can't work out how to get group policies working. I've > installed support for group policies on the workstations and created the > policy file with the groups 'students', 'teachers' and 'admins' > > Provided all of the individual accounts are entered into the smbpasswd > file, how do I then specify which group they are in, and then make the > workstations pick this up??? > > thanks in advance, > > Sam! > > -- > Programming is an art form that fights back. > > Sam Silvester > > > Ph: 0408 492 205 > Fax: (08) 8849 2376 > > http://www.quadlink.com.au From simo.sorce at polimi.it Sat Jan 13 10:13:47 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:02 2003 Subject: MySQL & Samba In-Reply-To: Message-ID: Jelmer Vernooij has a working mysql backend for samba 2.0.7, and a port to 2.2/head will be probably made with his help. jelmer have you put your patches available anywhere? On Fri, 12 Jan 2001, Mikko Hurskainen wrote: > Is there any way to make Samba PDC authentication via MySQL database ? > Or PDC authentication via PAM ? > > I'm intrested developing web user management tools for Samba, so MySQL > authentication wouldn't be bad. > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From I.Marmaridis at uws.edu.au Sat Jan 13 10:34:20 2001 From: I.Marmaridis at uws.edu.au (Makis Marmaridis) Date: Tue Dec 2 02:33:02 2003 Subject: disable trust relationship? In-Reply-To: <003001c07cbf$8754e720$0a01a8c0@Win1> Message-ID: Your question does not help too much I am afraid... Trust relationships are used with Windows NT 4.0 based domains to allow interdomain authentication. Windows 2000 uses a whole new (for windows) concept of trees etc. Could you give us some more information... what is the problem you are facing, what is the setup etc. Regards, Makis. -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Joakim Tjernlund Sent: Saturday, 13 January 2001 4:46 AM To: samba-ntdom@samba.org Subject: disable trust relationship? Hi again Is it possible to disable trust relationships in W2K clients? if yes, how do I do that? Jocke From joakim.holmback at bredband.net Sat Jan 13 12:27:13 2001 From: joakim.holmback at bredband.net (=?iso-8859-1?Q?Joakim_Holmb=E4ck?=) Date: Tue Dec 2 02:33:02 2003 Subject: Input/output error Message-ID: Hi there fellas, I have a peculiar error, when i boot my linux system i mount a share on my win2k professional machine using smbmount (which is included in my RH7 install). This works great and is very reliable. However, if someone tries to access the mounted share while the Win2k machine is down it gets an Input/output error, and it can't list anything in the mounted share. It is also impossible to either unmount/remount/chmod/ delete or do anything else with the mounted share. So to the question: is there a way to reset this mounted share somehow without actually rebooting the linux machine? If not, is there some other program similar to the smbmount which doesn't have this _serious_ bug and is free? Since I'm using the Windows2000 professional edition I am not sure if there is a NFS server for it, but I did hear that a NFS mount had a timeout setting which would stay clear of this bug. Regards, Joakim System Developer http://www.framfab.com/ From kim.bjoern at mail.dk Sat Jan 13 13:47:52 2001 From: kim.bjoern at mail.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:33:02 2003 Subject: Compile errors - Samba 2.2 - IRIX 6.5 - gcc 2.95.2 Message-ID: Hi, I get these warnings (a lot) when compiling as subj. ld32: WARNING 84: /usr/lib32/libgen.so is not used for resolving any symbol. ld32: WARNING 84: /usr/lib32/libdl.so is not used for resolving any symbol. any worries? any ideas? Thanks - Kim From Joakim.Tjernlund at lumentis.se Sat Jan 13 22:31:56 2001 From: Joakim.Tjernlund at lumentis.se (Joakim Tjernlund) Date: Tue Dec 2 02:33:02 2003 Subject: disable trust relationship? References: Message-ID: <002901c07db0$a358dd40$6896143e@jocke> Sorry for not being more specific... I want to connect W2K professional workstations to a linux samba server. The W2K clients should have their profile(My Documents, Outlook mail etc) stored in the server. Also I want to define my users in the samba server and have W2K clients automatically authenticate agaist the samba server when they login. I have managed to create and join a domain(samba server is PDC) and the users profiles gets stored at the server at logout and copied back at login, so far so good, but here comes my problem: I have to create all users locally on the W2K client and manually set their profile to point to the server( This I do in the advanced user managers menu) If I try to add user in the default user manager menu OR at login select my samba servers domain I get an error: "The user could not be added because .... The trust relationship between this workstation an the primary domain failed" Is there a solution to my problem? I am using samba 2.2.x CVS (from last week) Jocke PS. I am at home so I can't give you my setup now. If needed you could have it on Monday DS. ----- Original Message ----- From: "Makis Marmaridis" To: Cc: Sent: den 13 januari 2001 11:34 Subject: RE: disable trust relationship? > > Your question does not help too much I am afraid... > > Trust relationships are used with Windows NT 4.0 based domains to allow > interdomain authentication. Windows 2000 uses a whole new (for windows) > concept of trees etc. > > Could you give us some more information... what is the problem you are > facing, what is the setup etc. > > Regards, > Makis. > > > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Joakim Tjernlund > Sent: Saturday, 13 January 2001 4:46 AM > To: samba-ntdom@samba.org > Subject: disable trust relationship? > > > Hi again > > Is it possible to disable trust relationships in W2K clients? if yes, how do > I do that? > > Jocke > > From kim.bjoern at mail.dk Sat Jan 13 22:35:23 2001 From: kim.bjoern at mail.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:33:03 2003 Subject: Samba 2.2.0a1 as PDC for Exchange Message-ID: OK Gill, How did you do this? Which Samba(-TNG) ver.? - any special order of row? - any hints? Thanks - Kim > -----Original Message----- > From: Gill, Vern [mailto:vgill@technologist.com] > Sent: 9. januar 2001 05:07 > To: 'Schlomo Schapiro'; Kim Bjoern Nielsen > Cc: samba-ntdom@us5.samba.org > Subject: RE: Samba 2.2.0a1 as PDC for Exchange > > > I don't know about the latest samba head branch, but the latest TNG > branch is workin great for me to do this very thing... > > -----Original Message----- > From: Schlomo Schapiro [mailto:schapiro@clerk.pi.huji.ac.il] > Sent: Sunday, January 07, 2001 10:02 PM > To: Kim Bjoern Nielsen > Cc: samba-ntdom@us5.samba.org > Subject: Re: Samba 2.2.0a1 as PDC for Exchange > > > Hi, > > I tried once to set up Exchange on a Samba controlled domain > (2.0.7) and > already the setup program failed utterly (It complained about > needing a > Domain Controller ...) > > It really would be great if Samba would support this kind of things, > too. > > Schlomo > > On Mon, 8 Jan 2001, Kim Bjoern Nielsen wrote: > > > Hi, > > > > I'm experimenting to setup a Samba 2.2.0a1 as PDC for an Exchange > > environment. > > > > I have tried to setup both a NT Server & a NT Workstation. Both was > accepted > > as systems in the domain by the Samba server, and I can log > on to the > > systems. > > > > But, when I run a smbclient query to the NT systems, they > dont seem to > > accept the Samba as domain contoller. > > > > ftp 133# /usr/samba/bin/smbclient -L INTR-2SV -U root%XXXX > > added interface ip=192.168.206.203 bcast=192.168.206.255 > nmask=255.255.255.0 > > Got a positive name query response from 192.168.206.103 ( > 192.168.206.103 ) > > Domain=[FNIS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] > > > > Sharename Type Comment > > --------- ---- ------- > > ADMIN$ Disk Remote Admin > > IPC$ IPC Remote IPC > > C$ Disk Default share > > D$ Disk Default share > > E$ Disk Default share > > > > Server Comment > > --------- ------- > > > > Workgroup Master > > --------- ------- > > ftp 134# > > > > Any ideas? - Kim > > > > > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-84404 > Fax: 65-27349 > email: schapiro@clerk.pi.huji.ac.il > WWW: http://shum.cc.huji.ac.il/~schapiro > > From moose at riven.net Sun Jan 14 00:00:56 2001 From: moose at riven.net (Jade E. Deane) Date: Tue Dec 2 02:33:03 2003 Subject: 2.2alpha1 - Using as login server for Windows 2000 machine(s) In-Reply-To: Message-ID: In follow up to my previous email, how about this... when pulling down 2.2 via CVS (as suggested in the 2.2 PDC howto) I use the following CVS command: cvs -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_2_2 samba Is this vaild? I'm asking because when I run "smbstatus" I see: Samba version 2.2.0-alpha1 Jade -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Jade E. Deane Sent: Saturday, January 06, 2001 6:05 PM To: samba-ntdom@us5.samba.org Subject: 2.2alpha1 - Using as login server for Windows 2000 machine(s) Greetings! I have the following simple setup: A Linux (2.2.16-22) RedHat (7) machine running 2.2alpha1, as the "PDC" and a OpenBSD (4.2) machine acting as a server only. The other machine is a Windows 2000 Pro. After reading http://bioserve.latrobe.edu.au/samba/samba-pdc-howto.html in great detail, I have setup an appropriate config almost verbatim to the examples in Mr. Bannon's document. When attempting to assign a Windows 2000 Pro workstation to the domain (i.e. System Properties/Identification Changes) I received the following error: "The credentials supplied conflict with an existing set of credentials." The user "root", who is in the adm group specified in the config, was used as the "account with permission to join the domain". Also, there is a $ account created in /etc/passwd and /private/smbpassword. Ideas and suggestions are most appreciated. Jade From kim.bjoern at mail.dk Sun Jan 14 00:05:39 2001 From: kim.bjoern at mail.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:33:03 2003 Subject: 2.2alpha1 - Using as login server for Windows 2000 machine(s) Message-ID: > cvs -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_2_2 samba > > Is this vaild? I'm asking because when I run "smbstatus" I see: > > Samba version 2.2.0-alpha1 Just listening in - I have the exact same worry!? From vgill at technologist.com Sun Jan 14 07:55:17 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:33:03 2003 Subject: Samba 2.2.0a1 as PDC for Exchange Message-ID: <8D043DEA73DFD411958A00A0C90AB7607BAE@pptp.gillnet.org> Just grabbed the latest CVS for TNG, I think about 3-5 weeks ago. Installed it, setup the init script, started it. Then on NT 4 box, which was a standalone server, after adding the machine account, I added it to domain. Then, install Exchange. Works great. Been goin since then with no problems. -----Original Message----- From: Kim Bjoern Nielsen [mailto:kim.bjoern@mail.dk] Sent: Saturday, January 13, 2001 2:35 PM To: Gill, Vern Cc: samba-ntdom@samba.org Subject: RE: Samba 2.2.0a1 as PDC for Exchange OK Gill, How did you do this? Which Samba(-TNG) ver.? - any special order of row? - any hints? Thanks - Kim > -----Original Message----- > From: Gill, Vern [mailto:vgill@technologist.com] > Sent: 9. januar 2001 05:07 > To: 'Schlomo Schapiro'; Kim Bjoern Nielsen > Cc: samba-ntdom@us5.samba.org > Subject: RE: Samba 2.2.0a1 as PDC for Exchange > > > I don't know about the latest samba head branch, but the latest TNG > branch is workin great for me to do this very thing... > > -----Original Message----- > From: Schlomo Schapiro [mailto:schapiro@clerk.pi.huji.ac.il] > Sent: Sunday, January 07, 2001 10:02 PM > To: Kim Bjoern Nielsen > Cc: samba-ntdom@us5.samba.org > Subject: Re: Samba 2.2.0a1 as PDC for Exchange > > > Hi, > > I tried once to set up Exchange on a Samba controlled domain > (2.0.7) and > already the setup program failed utterly (It complained about > needing a > Domain Controller ...) > > It really would be great if Samba would support this kind of things, > too. > > Schlomo > > On Mon, 8 Jan 2001, Kim Bjoern Nielsen wrote: > > > Hi, > > > > I'm experimenting to setup a Samba 2.2.0a1 as PDC for an Exchange > > environment. > > > > I have tried to setup both a NT Server & a NT Workstation. Both was > accepted > > as systems in the domain by the Samba server, and I can log > on to the > > systems. > > > > But, when I run a smbclient query to the NT systems, they > dont seem to > > accept the Samba as domain contoller. > > > > ftp 133# /usr/samba/bin/smbclient -L INTR-2SV -U root%XXXX > > added interface ip=192.168.206.203 bcast=192.168.206.255 > nmask=255.255.255.0 > > Got a positive name query response from 192.168.206.103 ( > 192.168.206.103 ) > > Domain=[FNIS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] > > > > Sharename Type Comment > > --------- ---- ------- > > ADMIN$ Disk Remote Admin > > IPC$ IPC Remote IPC > > C$ Disk Default share > > D$ Disk Default share > > E$ Disk Default share > > > > Server Comment > > --------- ------- > > > > Workgroup Master > > --------- ------- > > ftp 134# > > > > Any ideas? - Kim > > > > > > -- > Schlomo Schapiro > Computation Authority > Hebrew University of Jerusalem > > Tel: ++972 / 2 / 65-84404 > Fax: 65-27349 > email: schapiro@clerk.pi.huji.ac.il > WWW: http://shum.cc.huji.ac.il/~schapiro > > From sam at quadlink.com.au Sun Jan 14 10:32:25 2001 From: sam at quadlink.com.au (Sam Silvester) Date: Tue Dec 2 02:33:03 2003 Subject: security = server Message-ID: Hi everyone. In using the security = server option, does the specified server have to be in the same domain? eg Two domains, room20 & room22 on two different physical servers. Can I make all user/group authentication run off one of them? Cheers, Sam! -- Programming is an art form that fights back. Sam Silvester Ph: 0408 492 205 Fax: (08) 8849 2376 http://www.quadlink.com.au From Jim at Morris.net Sun Jan 14 15:52:40 2001 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:33:03 2003 Subject: security = server In-Reply-To: References: Message-ID: <40179730241.20010114095240@Morris.net> Hello Sam, Sunday, January 14, 2001, 4:32:25 AM, you wrote: SS> In using the security = server option, does the specified server have to SS> be in the same domain? Yes - they MUST be in the same domain. Thats why its a "domain logon" for Windows. If you want to logon to another domain, you have to log out, and then log back into Windows specifying the other domain in the domain portion of the Windows Networking logon dialog. SS> eg Two domains, room20 & room22 on two different physical servers. Can I SS> make all user/group authentication run off one of them? Again, the domain authenticaion is done PER DOMAIN. If you want all the users to authenticate against one server, then ALL of the users must be members of that domain. Now, here's the question: why do the users need to be in different domains? If you think one server should do, then maybe you want to just put the users all in one domain as well - would be easier. Alternatively, you COULD run two "virtual" Samba servers on the same system - with them acting as domain controllers for their own domains. In such a setup, you could probably have one smbpasswd file used for ALL users. Of course, then, they could log on to both domains - so never mind! ;-) Best regards, Jim mailto:Jim@Morris.net From kim.bjoern at mail.dk Sun Jan 14 16:18:35 2001 From: kim.bjoern at mail.dk (Kim Bjoern Nielsen) Date: Tue Dec 2 02:33:03 2003 Subject: Samba 2.2.0a1 as PDC for Exchange Message-ID: Hey Gill, I'm really excited to learn a bit more of how you did this. I can't get mine to work! I grabbed the latest CSV yesterday, compiled to IRIX 6.5.10m w. gmake and gcc 2.95.2 I installed a WinNT 4.0 server system, and added SP6. I successfully (apparently) joined the domain from the NT box BUT! I can't login as domain admin on the NT BOX, and when I try to install Exchange (logged in as local admin), the GUI tells me that the system needs to belong to a domain!! Any ideas? - Kim > -----Original Message----- > From: Gill, Vern [mailto:vgill@technologist.com] > Sent: 14. januar 2001 08:55 > To: 'Kim Bjoern Nielsen' > Cc: samba-ntdom@samba.org > Subject: RE: Samba 2.2.0a1 as PDC for Exchange > > > Just grabbed the latest CVS for TNG, I think about 3-5 weeks ago. > Installed it, setup the init script, started it. Then on NT 4 > box, which > was a standalone server, after adding the machine account, I > added it to > domain. Then, install Exchange. Works great. Been goin since then with > no problems. > > -----Original Message----- > From: Kim Bjoern Nielsen [mailto:kim.bjoern@mail.dk] > Sent: Saturday, January 13, 2001 2:35 PM > To: Gill, Vern > Cc: samba-ntdom@samba.org > Subject: RE: Samba 2.2.0a1 as PDC for Exchange > > > OK Gill, > > How did you do this? Which Samba(-TNG) ver.? > > - any special order of row? > - any hints? > > Thanks - Kim > > > -----Original Message----- > > From: Gill, Vern [mailto:vgill@technologist.com] > > Sent: 9. januar 2001 05:07 > > To: 'Schlomo Schapiro'; Kim Bjoern Nielsen > > Cc: samba-ntdom@us5.samba.org > > Subject: RE: Samba 2.2.0a1 as PDC for Exchange > > > > > > I don't know about the latest samba head branch, but the latest TNG > > branch is workin great for me to do this very thing... > > > > -----Original Message----- > > From: Schlomo Schapiro [mailto:schapiro@clerk.pi.huji.ac.il] > > Sent: Sunday, January 07, 2001 10:02 PM > > To: Kim Bjoern Nielsen > > Cc: samba-ntdom@us5.samba.org > > Subject: Re: Samba 2.2.0a1 as PDC for Exchange > > > > > > Hi, > > > > I tried once to set up Exchange on a Samba controlled domain > > (2.0.7) and > > already the setup program failed utterly (It complained about > > needing a > > Domain Controller ...) > > > > It really would be great if Samba would support this kind of things, > > too. > > > > Schlomo > > > > On Mon, 8 Jan 2001, Kim Bjoern Nielsen wrote: > > > > > Hi, > > > > > > I'm experimenting to setup a Samba 2.2.0a1 as PDC for an Exchange > > > environment. > > > > > > I have tried to setup both a NT Server & a NT > Workstation. Both was > > accepted > > > as systems in the domain by the Samba server, and I can log > > on to the > > > systems. > > > > > > But, when I run a smbclient query to the NT systems, they > > dont seem to > > > accept the Samba as domain contoller. > > > > > > ftp 133# /usr/samba/bin/smbclient -L INTR-2SV -U root%XXXX > > > added interface ip=192.168.206.203 bcast=192.168.206.255 > > nmask=255.255.255.0 > > > Got a positive name query response from 192.168.206.103 ( > > 192.168.206.103 ) > > > Domain=[FNIS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] > > > > > > Sharename Type Comment > > > --------- ---- ------- > > > ADMIN$ Disk Remote Admin > > > IPC$ IPC Remote IPC > > > C$ Disk Default share > > > D$ Disk Default share > > > E$ Disk Default share > > > > > > Server Comment > > > --------- ------- > > > > > > Workgroup Master > > > --------- ------- > > > ftp 134# > > > > > > Any ideas? - Kim > > > > > > > > > > -- > > Schlomo Schapiro > > Computation Authority > > Hebrew University of Jerusalem > > > > Tel: ++972 / 2 / 65-84404 > > Fax: 65-27349 > > email: schapiro@clerk.pi.huji.ac.il > > WWW: http://shum.cc.huji.ac.il/~schapiro > > > > > -------------- next part -------------- fwl 72# bin/testparm Load smb config files from /usr/local/samba/lib/smb.conf Processing section "[homes]" Processing section "[netlogon]" Processing section "[profile]" Processing section "[public]" Loaded services file OK. Press enter to see a dump of your service definitions # Global parameters [global] # Base Options coding system = client code page = 850 code page directory = /usr/local/samba/lib/codepages workgroup = FNIS netbios name = INTR-FWL netbios aliases = netbios scope = server string = Samba TNG-alpha interfaces = bind interfaces only = No # Security Options security = USER encrypt passwords = Yes update encrypted = No server schannel = False client schannel = False server ntlmv2 = False client ntlmv2 = False use rhosts = No hosts equiv = min passwd length = 5 password expire time = 0 map to guest = Never null passwords = No password server = smb passwd file = /usr/local/samba/private/smbpasswd sam directory = /usr/local/samba/sam root directory = / passwd program = /bin/passwd passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = No use rhosts = No # Logging Options log level = 2 syslog = 1 syslog only = No log file = max log size = 5000 timestamp logs = No debug hires timestamp = No debug pid = No debug uid = No # Protocol Options protocol = NT1 read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes nt acl support = Yes announce version = 4.0 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes # Tuning Options change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max disk size = 0 max open files = 10000 read size = 16384 socket options = TCP_NODELAY stat cache size = 50 # Printing Options load printers = Yes printcap name = lpstat printer driver file = /usr/local/samba/lib/printers.def enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes nt forms file = /usr/local/samba/lib/ntforms.def nt printer driver = /usr/local/samba/lib # Filename Handling strip dot = No character set = mangled stack = 50 stat cache = Yes # Domain Options trusted domains = trusting domains = local group map = /usr/local/samba/private/localgroup.map domain group map = /usr/local/samba/private/domaingroup.map builtin group map = builtin rid file = domain user map = machine password timeout = 604800 # Logon Options add user script = delete user script = logon script = login.bat logon path = \\INTR-FWL\profile\%U logon drive = U: logon home = \\INTR-FWL\%U domain logons = Yes # Browse Options os level = 65 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes # WINS Options dns proxy = Yes wins proxy = No wins server = wins support = Yes wins hook = # Locking Options kernel oplocks = Yes oplock break wait time = 10 # Miscellaneous Options smbrun = /usr/local/samba/bin/smbrun config file = preload = lock dir = /usr/local/samba/var/locks default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = time offset = 0 unix realname = Yes NIS homedir = No source environment = panic action = # VFS options host msdfs = No # Winbind options winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes comment = path = alternate permissions = No username = guest account = nobody invalid users = valid users = admin users = read list = write list = printer admin = force user = force group = read only = Yes create mask = 0744 force create mode = 00 security mask = -1 force security mode = -1 directory mask = 0755 force directory mode = 00 directory security mask = -1 force directory security mode = -1 inherit permissions = No guest only = No guest ok = No only user = No hosts allow = hosts deny = status = Yes max connections = 0 min print space = 0 strict sync = No sync always = No write cache size = 0 max print jobs = 1000 printable = No postscript = No printing = sysv print command = lp -c -d%p %s; rm %s lpq command = lpstat -o%p lprm command = cancel %p-%j lppause command = lp -i %p-%j -H hold lpresume command = lp -i %p-%j -H resume queuepause command = disable %p queueresume command = enable %p printer name = printer driver = NULL printer driver file = /usr/local/samba/lib/printers.def printer driver location = default case = lower case sensitive = No preserve case = Yes short preserve case = Yes mangle case = No mangling char = ~ hide dot files = Yes delete veto files = No veto files = hide files = veto oplock files = map system = No map hidden = No map archive = Yes mangled names = Yes mangled map = browseable = Yes blocking locks = Yes fake oplocks = No locking = Yes oplocks = Yes level2 oplocks = Yes oplock contention limit = 2 posix locking = Yes strict locking = No share modes = Yes copy = include = exec = preexec close = No postexec = root preexec = root preexec close = No root postexec = available = Yes volume = fstype = NTFS set directory = No wide links = Yes follow symlinks = Yes dont descend = magic script = magic output = delete readonly = No dos filetimes = No dos filetime resolution = No fake directory create times = No vfs object = vfs options = msdfs root = No [homes] comment = Users' home directories read only = No browseable = No [netlogon] comment = PDC netlogon share path = /usr/local/samba/netlogon [profile] path = /usr/local/samba/profile read only = No [public] comment = Public share path = /usr/dist guest ok = Yes fwl 73# From chris at cr-engineering.co.uk Sun Jan 14 17:32:25 2001 From: chris at cr-engineering.co.uk (Chris Rogers) Date: Tue Dec 2 02:33:03 2003 Subject: samba-ntdom -- confirmation of subscription -- request 717873 In-Reply-To: <20010112161432.3483F7B8B@lists.samba.org> Message-ID: <000201c07e4f$f69a5700$1e0a0ac0@crea-sys3.highpeak> -- ==+==+==+==+==+==+[ http://www.cr-engineering.co.uk ]+==+==+==+==+==+==+== Eur Ing Chris Rogers - Managing Director CREA Consultants Limited Engineering Solution Providers cr-ea@cr-engineering.co.uk Committed To Excellence > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of > samba-ntdom-request@us5.samba.org > Sent: 12 January 2001 16:15 > To: chris@cr-engineering.co.uk > Subject: samba-ntdom -- confirmation of subscription -- request 717873 > > > samba-ntdom -- confirmation of subscription -- request 717873 > > We have received a request from 212.159.1.3 for subscription of your > email address, , to the > samba-ntdom@lists.samba.org mailing list. To confirm the request, > please send a message to samba-ntdom-request@lists.samba.org, and > either: > > - maintain the subject line as is (the reply's additional "Re:" is > ok), > > - or include the following line - and only the following line - in the > message body: > > confirm 717873 > > (Simply sending a 'reply' to this message should work from most email > interfaces, since that usually leaves the subject line in the right > form.) > > If you do not wish to subscribe to this list, please simply disregard > this message. Send questions to samba-ntdom-admin@lists.samba.org. > From vorlon at netexpress.net Sun Jan 14 20:05:52 2001 From: vorlon at netexpress.net (Stephen Langasek) Date: Tue Dec 2 02:33:03 2003 Subject: security = server In-Reply-To: <40179730241.20010114095240@Morris.net> Message-ID: Jim, > SS> In using the security = server option, does the specified server have to > SS> be in the same domain? > Yes - they MUST be in the same domain. Thats why its a "domain logon" > for Windows. If you want to logon to another domain, you have to log > out, and then log back into Windows specifying the other domain in the > domain portion of the Windows Networking logon dialog. If you're only using 'security = server', then your samba server does *not* have to be in the same domain as the machine it's authenticating against. Indeed, if you're using 'security = server', your Samba server isn't in a domain at all. This is different than the behavior of 'security = domain', where you'll always be authenticating against the PDC for the domain you're in. > SS> eg Two domains, room20 & room22 on two different physical servers. Can I > SS> make all user/group authentication run off one of them? > Again, the domain authenticaion is done PER DOMAIN. If you want all > the users to authenticate against one server, then ALL of the users > must be members of that domain. ... modulo the use of inter-domain trust relationships. With trust relationships, each PDC would be able to authenticate users for all of the trusted domains. Steve Langasek postmodern programmer From Jim at Morris.net Sun Jan 14 20:23:33 2001 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:33:03 2003 Subject: security = server In-Reply-To: References: Message-ID: <15195985136.20010114142333@Morris.net> Hello Stephen, Sunday, January 14, 2001, 2:05:52 PM, you wrote: SL> If you're only using 'security = server', then your samba server does *not* SL> have to be in the same domain as the machine it's authenticating against. SL> Indeed, if you're using 'security = server', your Samba server isn't in a SL> domain at all. This is different than the behavior of 'security = domain', SL> where you'll always be authenticating against the PDC for the domain you're SL> in. Hmmm. It looks like I need to go review the differences between "server" and "domain" security with Samba. It's been a while since I've authenticated Samba logons against an NT PDC - more recently, I've been going the other way - authenticating NT workstation logons against a Samba PDC. SL> ... modulo the use of inter-domain trust relationships. With trust SL> relationships, each PDC would be able to authenticate users for all of the SL> trusted domains. Well, I guess I'm confused as to how to make that happen in an NT PDC environment. I know with Samba, I could have several Samba servers, with all of them set to use the same logon server. However, how do I logon from an NT workstation using one domain, and gain access to another domains resources? Typically in NT, when you browse a share on a domain that you did not logon to, you are prompted for the username and password for that share - not the domain. I am guessing that you can administer relationships between the PDC and multiple domains using the NT server manager or user manager for domains? Guess I need to crank up VMWare, and play with my "virtual" install of NT Server 4.0.... Best regards, Jim mailto:Jim@Morris.net From vorlon at netexpress.net Sun Jan 14 21:49:24 2001 From: vorlon at netexpress.net (Stephen Langasek) Date: Tue Dec 2 02:33:03 2003 Subject: security = server In-Reply-To: <15195985136.20010114142333@Morris.net> Message-ID: Hi Jim, On Sun, 14 Jan 2001, Jim Morris wrote: > SL> ... modulo the use of inter-domain trust relationships. With trust > SL> relationships, each PDC would be able to authenticate users for all of the > SL> trusted domains. > Well, I guess I'm confused as to how to make that happen in an NT PDC > environment. I know with Samba, I could have several Samba servers, > with all of them set to use the same logon server. However, how do I > logon from an NT workstation using one domain, and gain access to > another domains resources? Typically in NT, when you browse a share > on a domain that you did not logon to, you are prompted for the > username and password for that share - not the domain. > I am guessing that you can administer relationships between the PDC > and multiple domains using the NT server manager or user manager for > domains? Guess I need to crank up VMWare, and play with my "virtual" > install of NT Server 4.0.... Honestly, I've never worked with inter-domain relationships between NT servers, so I couldn't tell you how to go about setting it up on your PDC; but by all accounts, if you need to share resources between multiple NT domains, this is the way to do it. Steve Langasek postmodern programmer From grant at conprojan.com.au Sun Jan 14 22:20:35 2001 From: grant at conprojan.com.au (Grant) Date: Tue Dec 2 02:33:03 2003 Subject: Input/output error In-Reply-To: Message-ID: > I have a peculiar error, when i boot my linux system i mount > a share on my win2k professional machine using smbmount > (which is included in my RH7 install). This works great and > is very reliable. However, if someone tries to access the > mounted share while the Win2k machine is down it gets an > Input/output error, and it can't list anything in the mounted > share. It is also impossible to either unmount/remount/chmod/ > delete or do anything else with the mounted share. That's right, because the Windows machine is down. > So to the question: is there a way to reset this mounted share > somehow without actually rebooting the linux machine? If not, > is there some other program similar to the smbmount which > doesn't have this _serious_ bug and is free? Since I'm using > the Windows2000 professional edition I am not sure if there > is a NFS server for it, but I did hear that a NFS mount had a > timeout setting which would stay clear of this bug. This is not a bug. Obviously if the Windows machine is down you can't access the share... 1. You need to kill the process id of smbmount (kill -9 PID of mount.smbfs). 2. You then need to un mount the Windows share. (umount //Win2k/Share). 3. You then need to remount the Windows share. Rebooting is only required when you update the kernel. You can "fix" problems in Linux without ever needing to reboot. From gcarter at valinux.com Mon Jan 15 00:49:42 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:03 2003 Subject: 2.2alpha1 - Using as login server for Windows 2000 machine(s) References: Message-ID: <3A624926.B5C3615F@valinux.com> Kim Bjoern Nielsen wrote: > > > cvs -d :pserver:cvs@pserver.samba.org:/cvsroot co > > -r SAMBA_2_2 samba > > > > Is this vaild? I'm asking because when I run "smbstatus" I see: > > > > Samba version 2.2.0-alpha1 > > Just listening in - I have the exact same worry!? SAMBA_2_2 is tagged as 2.2.0-alpha1 until the next release. That's the correct branch :-) CHeers, jerry -- ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From d.kavadas at cclru.unsw.edu.au Mon Jan 15 01:33:05 2001 From: d.kavadas at cclru.unsw.edu.au (dennis) Date: Tue Dec 2 02:33:03 2003 Subject: (no subject) Message-ID: <00a701c07e93$1b6c7980$a7bf5e81@cclrudkav> Hi all... Is anyone using winbind for NT dom authing ? Or has everyone settled on something else ? Dennis From read_a at univerahealthcare.org Mon Jan 15 02:55:16 2001 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:33:03 2003 Subject: (no subject) Message-ID: Yep, we are using winbind, but have found that it does not like too many groups, nor spaces inthese groups(sometimes). I can, by only giving it that GID space, get 58 groups. If I give it more space, like 10000-20000, I get a segmentation fault on 'getent group'. The users will show fine. YMMV, so Good Luck, and if you find a solution or if the CVS of 2.2 gets corrected(ie: can 'make nsswitch') I will very happy. Thanks, Adam >>> dennis 01/14 8:33 PM >>> Hi all... Is anyone using winbind for NT dom authing ? Or has everyone settled on something else ? Dennis From gernot at pik.com.my Mon Jan 15 09:18:22 2001 From: gernot at pik.com.my (Gernot Janscaewski (PIK, office)) Date: Tue Dec 2 02:33:03 2003 Subject: NT_STATUS_NO_TRUST_SAM_ACCOUNT Message-ID: <3A62C05D.293592D8@pik.com.my> I had the same problem, add in your smb.conf "netbios name = ", start both services smbd and nmbd ( in /usr/bin/), then try again to join with smbdpasswd -j -r I hope that helps Gernot From schalch at mol.biol.ethz.ch Mon Jan 15 09:38:28 2001 From: schalch at mol.biol.ethz.ch (Thomas Schalch) Date: Tue Dec 2 02:33:03 2003 Subject: Samba problems with windows explorer on Win2k Clients Message-ID: Hi all, I have got a server running Samba 2.0.7 on a Redhat 6.1 Linux box and Windows 2000 Pro Clients. All of them are joined to a Win2k domain. The problem is the following: At first glance, everything seems to work fine, but lately some users had frequent crashes of Windows explorer and if you delete a file you get an error message even if the deletion worked. I checked the log files and found that they are full of messages like this (mainly occuring when a network drive is mounted). [2001/01/11 15:51:40, 3] smbd/reply.c:reply_sesssetup_and_X(805) Domain=[] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2001/01/11 15:51:40, 3] smbd/reply.c:reply_sesssetup_and_X(809) sesssetupX:name=[] [2001/01/11 15:51:40, 3] smbd/reply.c:reply_sesssetup_and_X(952) No such user - using guest account [2001/01/11 15:51:40, 1] smbd/reply.c:reply_sesssetup_and_X(988) Username is invalid on this system There seems to bee something wrong with the communication between Win2k and Samba in therms of username and domain name. It doesn't happen with Win95 clients. The following is the smb.conf (replaced sensitive information with xxx) file I'm using. # Global parameters [global] workgroup = XXX server string = file server security = DOMAIN encrypt passwords = Yes password server = * log file = /var/log/samba/log.%m max log size = 50 local master = No guest account = hosts allow = xxx [homes] comment = %U's Home Directory writeable = Yes inherit permissions = Yes browseable = No [share] path = /home/share writeable = Yes inherit permissions = Yes I hope somebody can help me. Thanks. Yours, Thomas Schalch From alika at proteo.cj.edu.ro Mon Jan 15 13:12:13 2001 From: alika at proteo.cj.edu.ro (=?iso-8859-1?B?QWxw4XIgTmFneQ==?=) Date: Tue Dec 2 02:33:03 2003 Subject: Connecting w2k wses to a Linux server with Samba Message-ID: <021001c07ef4$d02e7740$6e2aa8c0@proteo.cj.edu.ro> Sorry to bother, but I am new in this stuff, and I would like to ask you wether there is a documentation or a step by step description on how to connect w2000 workstations to a samba domain. If someone could help me, I would greatly appreciate. It is enough to send me a link, where to find these kind of docs, but it would be much better if you could send them attached in a mail to: alika@proteo.cj.edu.ro Yours truly, Alika -------------- next part -------------- HTML attachment scrubbed and removed From KarstenMeier at web.de Mon Jan 15 13:21:07 2001 From: KarstenMeier at web.de (Karsten Meier) Date: Tue Dec 2 02:33:03 2003 Subject: Message-ID: <200101151321.f0FDL7u01535@mailgate3.cinetic.de> confirm 307682 _______________________________________________________________________________ Alles unter einem Dach: Informationen, Fun, E-Mails. Bei WEB.DE: http://web.de Die gro?e Welt der Kommunikation: E-Mail, Fax, SMS, WAP: http://freemail.web.de From read_a at univerahealthcare.org Mon Jan 15 13:23:29 2001 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:33:03 2003 Subject: (no subject) Message-ID: The best way to describe this is to say: in the smb.conf you put a line: winbind gid = 10000-20000 These are the groups ID's that winbind can use when automatically adding them to your linux box. If you need more info, check the winbind whitepaper at www.samba.org, or the winbind man page. Of course, getting winbind and getting it to work is another story. CVS of HEAD nor 2.2 work, and I had to grab it by making it from the TNG CVS(Please fix this, its a make problem). Good Luck, Adam >>> dennis 01/14 10:04 PM >>> >I can, by only giving it that GID space Space ? ----- Original Message ----- From: "Adam Read" To: Sent: Monday, January 15, 2001 1:55 PM Subject: Re: (no subject) > Yep, we are using winbind, but have found that it does not like too many groups, > nor spaces inthese groups(sometimes). I can, by only giving it that GID space, > get 58 groups. If I give it more space, like 10000-20000, I get a segmentation > fault on 'getent group'. The users will show fine. YMMV, so Good Luck, and if > you find a solution or if the CVS of 2.2 gets corrected(ie: can 'make nsswitch') > I will very happy. > Thanks, > Adam > > >>> dennis 01/14 8:33 PM >>> > Hi all... > > Is anyone using winbind for NT dom authing ? > Or has everyone settled on something else ? > > Dennis > > > From Jean-Francois.Micouleau at dalalu.fr Mon Jan 15 13:36:50 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:03 2003 Subject: (no subject) In-Reply-To: Message-ID: On Mon, 15 Jan 2001, Adam Read wrote: > Of course, getting winbind and getting it to work is another story. CVS > of HEAD nor 2.2 work, and I had to grab it by making it from the TNG > CVS(Please fix this, its a make problem). no it's not a makefile problem. The winbind code included in HEAD and 2.2 is way outdated. If you want winbind grab the APPLIANCE_TNG branch. Merging winbind to HEAD or 2.2 is a rather complex and boring task. Tim are you still on it ? J.F. From Vignes at ulysse.cea.fr Mon Jan 15 13:45:36 2001 From: Vignes at ulysse.cea.fr (VIGNES Romain CS-SI) Date: Tue Dec 2 02:33:03 2003 Subject: Samba for W2000 Message-ID: <54A84BA4D091D211A0260090271F8AC201075C0E@apollon.saclay.cea.fr> Hello, I get same problem than Alika about how to connect a W2000 pc to a server unix. When the file systeme is protect by a passwd acces, with a NT PC, you have to change the registry as following: 1. Run Registry Editor (REGEDT32.EXE). 2. From the HKEY_LOCAL_MACHINE subtree, go to the following key: \system\currentcontrolset\services\rdr\parameters 3. From the Edit menu, select Add Value. 4. Add the following: Value Name: EnablePlainTextPassword Data Type: REG_DWORD Data: 1 5. Choose OK and quit Registry Editor. 6. Shutdown and restart Windows NT. But for W2000 it's different. I know that the registry key in W2000 which as the same uses is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\p arameters\EnablePlainTextPassword But, even with a key value of "1", it don't work !! Please help ! Thanks a lot, sincerly yours > -----Message d'origine----- > De: Alp?r Nagy [SMTP:alika@proteo.cj.edu.ro] > Date: lundi 15 janvier 2001 14:12 > ?: samba-ntdom@us5.samba.org > Objet: Connecting w2k wses to a Linux server with Samba > > Sorry to bother, but I am new in this stuff, and I would like to ask you > wether there is a documentation or a step by step description on how to > connect w2000 workstations to a samba domain. > > If someone could help me, I would greatly appreciate. > > It is enough to send me a link, where to find these kind of docs, but it > would be much better if you could send them attached in a mail to: > alika@proteo.cj.edu.ro > > Yours truly, > > Alika From Vignes at ulysse.cea.fr Mon Jan 15 13:45:36 2001 From: Vignes at ulysse.cea.fr (VIGNES Romain CS-SI) Date: Tue Dec 2 02:33:03 2003 Subject: Samba for W2000 Message-ID: <54A84BA4D091D211A0260090271F8AC201075C0E@apollon.saclay.cea.fr> Hello, I get same problem than Alika about how to connect a W2000 pc to a server unix. When the file systeme is protect by a passwd acces, with a NT PC, you have to change the registry as following: 1. Run Registry Editor (REGEDT32.EXE). 2. From the HKEY_LOCAL_MACHINE subtree, go to the following key: \system\currentcontrolset\services\rdr\parameters 3. From the Edit menu, select Add Value. 4. Add the following: Value Name: EnablePlainTextPassword Data Type: REG_DWORD Data: 1 5. Choose OK and quit Registry Editor. 6. Shutdown and restart Windows NT. But for W2000 it's different. I know that the registry key in W2000 which as the same uses is: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\p arameters\EnablePlainTextPassword But, even with a key value of "1", it don't work !! Please help ! Thanks a lot, sincerly yours > -----Message d'origine----- > De: Alp?r Nagy [SMTP:alika@proteo.cj.edu.ro] > Date: lundi 15 janvier 2001 14:12 > ?: samba-ntdom@us5.samba.org > Objet: Connecting w2k wses to a Linux server with Samba > > Sorry to bother, but I am new in this stuff, and I would like to ask you > wether there is a documentation or a step by step description on how to > connect w2000 workstations to a samba domain. > > If someone could help me, I would greatly appreciate. > > It is enough to send me a link, where to find these kind of docs, but it > would be much better if you could send them attached in a mail to: > alika@proteo.cj.edu.ro > > Yours truly, > > Alika From read_a at univerahealthcare.org Mon Jan 15 13:58:00 2001 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:33:03 2003 Subject: Document Defaults Message-ID: I am running the newest(well, a few days old) CVS of 2.2 and I am very happy with the NT printing support, but I cannot get the document defaults to change. For instance, I change the default out bin on a 8100 to bin1, it seems to work, and when I close the window, it gives me no error. When I reopen it, it is back to the top bin. The device settings save and are correct for this to be valid. I was wondering if anyone has gotten this to work and if so, how. I am hoping it is a permission thing(I login to the box and am mapped to the root user). I really need this for these high capacity printers. Thank you in advance for a quick solution, Adam From Jim at Morris.net Mon Jan 15 14:34:33 2001 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:33:03 2003 Subject: security = server In-Reply-To: References: Message-ID: <75261454711.20010115083433@Morris.net> Hello Stephen, Sunday, January 14, 2001, 3:49:24 PM, you wrote: SL> Honestly, I've never worked with inter-domain relationships between NT SL> servers, so I couldn't tell you how to go about setting it up on your PDC; SL> but by all accounts, if you need to share resources between multiple NT SL> domains, this is the way to do it. Well honestly - I am more involved in administration of Samba servers than I am NT. I just want to make sure I understand how NT handles something, as I do have the need to make NT and Samba interact on occasion. Best regards, Jim Morris mailto:Jim@Morris.net From jbcurry at hline.localhealth.net Mon Jan 15 15:49:00 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:03 2003 Subject: Group policies for Win98 In-Reply-To: <3A602274.4A4AC7C@tpgi.com.au> Message-ID: Sam - If your environment is configured properly so that individual user policies are working, then group policies will also work. (Your e-mail suggests you are successfully using policies on a small scale, either machine or user.) The standard Unix groups will resolve group membership. You define group names and membership in /etc/group. You can use the command "groupadd" to add the groups, then use "usermod -G" to specify the groups a user should belong to. In your config.pol file, (on the server in the /netlogon directory), you would add the groups that you wish to configure policies for. (Note that policies can get tricky when a user is a member of several groups, or if you have a combination of machine, user and group policies.) Sounds like you've already installed the group policy handler on your Win9x machines. This is required for Win9x to be able to pick up group policies. On the Win98 CD, this would be in \tools\reskit\netadmin\poledit. Once the PC is configured, you should log off and on again a couple of times to make sure Win98 picks up the group policies. You need to do this on every Win9x machine that uses group policies. If your group policies still don't seem to work, make sure you have the most recent version of grouppol.dll for your Win9x clients. I understand that some older version(s) don't work properly. If you need to throw NT into the mix, there are some parameters for mapping group names between Unix and Windows NT. These parameters are "domain group map", "domain user map", and "local group map". Check out Samba FAQ's/HOWTO's or pick up a copy of something like Richard Sharpe's "Special Edition: Using Samba" for more info on these parameters. > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of eirvine > Sent: Saturday, January 13, 2001 4:40 AM > Subject: Re: Group policies for Win98 > > > Hi Sam, > > I use samba in a school too. I have about 1650 individual > accounts. > > When giving students and staff accounts I give them a uid > in a particular range (man pw) depending on who they are. > This is all done via a perl script I wrote which calls pw. > > > eg: > o teachers have uid's between 1000 and 2000, > o office staff are between 2000 and 3000, > o year 7's of this year will be between 13000 and 14000 > o year 7's of last year will be between 12000 and 13000, etc... > > Based on the UID, a root preexec perl script figures out > what config.pol file they should have when they log in, and copies > the appropriate config.pol file to their profile directory. > > This UID scheme also has other uses, particularly wrt setting quotas > and end-of-year rollover. > > BTW- where is your school? > > Eddie. > > Sam Silvester wrote: > > > > Hi Everyone! > > > > I'm working on a Samba server for a small (~600 students) > school, in which > > we want to have individual accounts for each user. > > > > We also use system policies to maintain some level of control over the > > workstations, but I can't work out how to get group policies > working. I've > > installed support for group policies on the workstations and created the > > policy file with the groups 'students', 'teachers' and 'admins' > > > > Provided all of the individual accounts are entered into the smbpasswd > > file, how do I then specify which group they are in, and then make the > > workstations pick this up??? > > > > thanks in advance, > > > > Sam! > > > > -- > > Programming is an art form that fights back. > > > > Sam Silvester > > > > > > Ph: 0408 492 205 > > Fax: (08) 8849 2376 > > > > http://www.quadlink.com.au > > From gerrym at futuremetals.com Mon Jan 15 16:43:19 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:33:03 2003 Subject: winpopup Message-ID: <3A6328A7.83555692@futuremetals.com> Does anyone know what port winpopup actually uses? From vorlon at netexpress.net Mon Jan 15 16:46:37 2001 From: vorlon at netexpress.net (Steve Langasek) Date: Tue Dec 2 02:33:03 2003 Subject: winpopup In-Reply-To: <3A6328A7.83555692@futuremetals.com> Message-ID: On Mon, 15 Jan 2001, Gerry Maddock wrote: > Does anyone know what port winpopup actually uses? Winpopup uses SMB as the transport, which means the messages are delivered over port tcp/139 just like the rest of the SMB traffic. If you're looking for the mailslot it uses, though, I couldn't tell you. :) Steve Langasek postmodern programmer From js at ic-bremen.de Mon Jan 15 16:54:38 2001 From: js at ic-bremen.de (Jens Schwepe) Date: Tue Dec 2 02:33:03 2003 Subject: samba and nt, nt box vs. pdc change machine passwords ? Message-ID: <01C07F1C.3B0A0C60.js@ic-bremen.de> hi, i've successively set up a network with 10 nt boxes and 2 samba servers. first is file server, second is pdc and login server with the machine/user passwords file. to minimize admin work i've made a snapshot of every client's hard disk partition with ( dd if=/dev/hda1 | gzip -c --best > client.disk.gz ) to the file-server, which is read back to the client's disk every night. Thus feigning the nt boxes would be freshly installed every morning :-) cool thing i guess, but every now and then one or more of the server-side stored machine passwords seem to change, resulting in users not able to login on that particular machine anymore ( --> nt box says something like "machine not member of domain"). could it be that during normal login/logoff work the nt boxes and the pdc internally change/modify the machine's password ??? thnx in advance Jens Schwepe js@ic-bremen.de www.ic-bremen.de From MMcEldowney at deltaregional.com Mon Jan 15 17:35:03 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:33:03 2003 Subject: samba and nt, nt box vs. pdc change machine passwords ? Message-ID: <982DE519343BD41191CA00902786B5B902DDD0@EMAIL> Yes, the machines do change passwords periodically, but I'm not sure of the interval... -----Original Message----- From: Jens Schwepe [mailto:js@ic-bremen.de] Sent: Monday, January 15, 2001 10:55 AM To: samba nt domain mailinglist (E-Mail) Subject: samba and nt, nt box vs. pdc change machine passwords ? hi, i've successively set up a network with 10 nt boxes and 2 samba servers. first is file server, second is pdc and login server with the machine/user passwords file. to minimize admin work i've made a snapshot of every client's hard disk partition with ( dd if=/dev/hda1 | gzip -c --best > client.disk.gz ) to the file-server, which is read back to the client's disk every night. Thus feigning the nt boxes would be freshly installed every morning :-) cool thing i guess, but every now and then one or more of the server-side stored machine passwords seem to change, resulting in users not able to login on that particular machine anymore ( --> nt box says something like "machine not member of domain"). could it be that during normal login/logoff work the nt boxes and the pdc internally change/modify the machine's password ??? thnx in advance Jens Schwepe js@ic-bremen.de www.ic-bremen.de From anders at cwd.no Mon Jan 15 18:39:04 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:33:03 2003 Subject: winpopup In-Reply-To: <3A6328A7.83555692@futuremetals.com> Message-ID: <000201c07f22$707ba1a0$3202a8c0@thorsen.dhs.org> Look at the linpopup implementation. --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Gerry Maddock Sent: Monday, January 15, 2001 5:43 PM To: NTSAMBA Subject: winpopup Does anyone know what port winpopup actually uses? From MKrauss at hitchhiker.com Mon Jan 15 20:13:26 2001 From: MKrauss at hitchhiker.com (Matthias Krauss) Date: Tue Dec 2 02:33:03 2003 Subject: Samba with Policies Message-ID: since a while we've password policies running, now more and more Users Accounts are Locked by the PDC, log.smb shows [2001/01/11 16:32:18, 1] smbd/password.c:pass_check_smb(504) Couldn't find user 'joe' in smb_passwd file. [2001/01/11 16:32:24, 1] smbd/password.c:server_validate(1131) password server JUPITER rejected the password followed mostly by: [2001/01/14 19:39:18, 0] lib/util_sock.c:write_socket_data(570) write_socket_data: write failure. Error = Broken pipe I suspect that our P and BDC are not synchronice properly, ist there a workaroud within samba ?? From mark at axeon.screaming.net Mon Jan 15 21:14:11 2001 From: mark at axeon.screaming.net (Mark Westcott) Date: Tue Dec 2 02:33:03 2003 Subject: Customed Start Menus for Win9X users Message-ID: <3A636823.9060105@axeon.screaming.net> Hi all. I have a school network with a samba server acting as PDC etc, but I would like users in different groups to receive different start menus. Is this at all possible, if so how? Many thanks Mark From pfleury at microsoft.com Mon Jan 15 16:10:10 2001 From: pfleury at microsoft.com (Philippe Fleury) Date: Tue Dec 2 02:33:04 2003 Subject: Samba for W2000 Message-ID: Bonjour, Veuillez vérifier que la valeur est bien au format Dword et si cela est le cas veuillez ouvrir un incident en ayant effectué au préalable une trace réseau avec netmon afin de pouvoir diagnostiquer le problème plus précisément. Cordialement, > -----Original Message----- > From: VIGNES Romain CS-SI [mailto:Vignes@ulysse.cea.fr] > Sent: lundi 15 janvier 2001 14:46 > To: Alpár Nagy; samba-ntdom@us5.samba.org; > samba-ntdom@lists.samba.org > Cc: Gerance UNIX Saclay; Philippe Fleury > Subject: Samba for W2000 > > Hello, > I get same problem than Alika about how to connect a W2000 pc to a > server unix. > When the file systeme is protect by a passwd acces, with a NT PC, you > have to change the registry as following: > 1. Run Registry Editor (REGEDT32.EXE). > > 2. From the HKEY_LOCAL_MACHINE > subtree, go to the following key: > > > \system\currentcontrolset\services\rdr\parameters > > 3. From the Edit menu, select Add > Value. > > 4. Add the following: > > Value Name: EnablePlainTextPassword > > > Data Type: REG_DWORD > > Data: 1 > > 5. Choose OK and quit Registry > Editor. > > 6. Shutdown and restart Windows NT. > But for W2000 it's different. > I know that the registry key in W2000 which as the same uses is: > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation > \p > arameters\EnablePlainTextPassword > But, even with a key value of "1", it don't work !! > Please help ! > Thanks a lot, sincerly yours > > -----Message d'origine----- > De: Alpár Nagy [SMTP:alika@proteo.cj.edu.ro] > Date: lundi 15 janvier 2001 14:12 > À: samba-ntdom@us5.samba.org > Objet: Connecting w2k wses to a Linux server with Samba > > Sorry to bother, but I am new in this stuff, and I would like to > ask you wether there is a documentation or a step by step description > on how to connect w2000 workstations to a samba domain. > > If someone could help me, I would greatly appreciate. > > It is enough to send me a link, where to find these kind of > docs, but it would be much better if you could send them attached in a > mail to: alika@proteo.cj.edu.ro > > Yours truly, > > Alika From pfleury at microsoft.com Mon Jan 15 16:10:10 2001 From: pfleury at microsoft.com (Philippe Fleury) Date: Tue Dec 2 02:33:04 2003 Subject: Samba for W2000 Message-ID: Bonjour, Veuillez vérifier que la valeur est bien au format Dword et si cela est le cas veuillez ouvrir un incident en ayant effectué au préalable une trace réseau avec netmon afin de pouvoir diagnostiquer le problème plus précisément. Cordialement, > -----Original Message----- > From: VIGNES Romain CS-SI [mailto:Vignes@ulysse.cea.fr] > Sent: lundi 15 janvier 2001 14:46 > To: Alpár Nagy; samba-ntdom@us5.samba.org; > samba-ntdom@lists.samba.org > Cc: Gerance UNIX Saclay; Philippe Fleury > Subject: Samba for W2000 > > Hello, > I get same problem than Alika about how to connect a W2000 pc to a > server unix. > When the file systeme is protect by a passwd acces, with a NT PC, you > have to change the registry as following: > 1. Run Registry Editor (REGEDT32.EXE). > > 2. From the HKEY_LOCAL_MACHINE > subtree, go to the following key: > > > \system\currentcontrolset\services\rdr\parameters > > 3. From the Edit menu, select Add > Value. > > 4. Add the following: > > Value Name: EnablePlainTextPassword > > > Data Type: REG_DWORD > > Data: 1 > > 5. Choose OK and quit Registry > Editor. > > 6. Shutdown and restart Windows NT. > But for W2000 it's different. > I know that the registry key in W2000 which as the same uses is: > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation > \p > arameters\EnablePlainTextPassword > But, even with a key value of "1", it don't work !! > Please help ! > Thanks a lot, sincerly yours > > -----Message d'origine----- > De: Alpár Nagy [SMTP:alika@proteo.cj.edu.ro] > Date: lundi 15 janvier 2001 14:12 > À: samba-ntdom@us5.samba.org > Objet: Connecting w2k wses to a Linux server with Samba > > Sorry to bother, but I am new in this stuff, and I would like to > ask you wether there is a documentation or a step by step description > on how to connect w2000 workstations to a samba domain. > > If someone could help me, I would greatly appreciate. > > It is enough to send me a link, where to find these kind of > docs, but it would be much better if you could send them attached in a > mail to: alika@proteo.cj.edu.ro > > Yours truly, > > Alika From mgeddes at xavier.sa.edu.au Mon Jan 15 22:28:14 2001 From: mgeddes at xavier.sa.edu.au (Matthew Geddes) Date: Tue Dec 2 02:33:04 2003 Subject: Customed Start Menus for Win9X users References: <3A636823.9060105@axeon.screaming.net> Message-ID: <3A63797E.602E9821@xavier.sa.edu.au> Mark Westcott wrote: > > Hi all. I have a school network with a samba server acting as PDC etc, > but I would like users in different groups to receive different start > menus. Is this at all possible, if so how? > > Many thanks > > Mark Yes. Check the Resource kit and other documentation for your Windows distribution. In particular, the sections on Policies and Profiles. Matt From jbcurry at hline.localhealth.net Mon Jan 15 22:28:03 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:04 2003 Subject: Customed Start Menus for Win9X users In-Reply-To: <3A636823.9060105@axeon.screaming.net> Message-ID: > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Mark Westcott > Sent: Monday, January 15, 2001 4:14 PM > > Hi all. I have a school network with a samba server acting as PDC etc, > but I would like users in different groups to receive different start > menus. Is this at all possible, if so how? > Mark - The solution may depend on whether you wish to control just the functions of the Start Menu (such as disabling the run command), or whether you also wish to control exactly what folders and applications appear. If it's simply to help make the Start Menu secure, you can handle many issues by just using System Policies. There's a wonderful book out from O'Reilly entitled "Windows System Policy Editor" that will help you to understand the abilities and limits of System Policies, and books such as "SAMS Teach Yourself Samba in 24 Hours" or "Special Edition: Using Samba" will help you to understand how to implement them on a Samba server. If you wish to customize the folders and programs based on the user logon, you'll need to use Roaming Profiles. This is a little bit more work in support and maintenance, but there's a lot of neat stuff (!!!) you can customize in addition to the Start Menu. I would suggest the same books as mentioned above for info on this approach. It's not too difficult to do either, but I think you'll want to read up on "System Policies" and "Roaming Profiles" to see which is more appropriate for you. Then you'll have questions specific to what you want to do as you're working to implement them. From number9 at net-connect.net Tue Jan 16 03:31:42 2001 From: number9 at net-connect.net (number9) Date: Tue Dec 2 02:33:04 2003 Subject: help, samba/nt/pdc domain passwd server not available? Message-ID: <3A63C09E.A3DCD21D@net-connect.net> Hello, I have a problem with samba, and the FAQs do not seem to have the answer to this: I have a linux proxy server connected to a public IP network and a private IP network. On the public side is a NT server (don't ask) and on the private side are the workstation that we wish to have log into the NT server to map drives, etc. After first installing samba, it seemed to work. They logged on, saw the network, saw the NT server. The workstations are running win2K. That is where the problem started. They can not change thier passwords. If they do so they can not log back on and must revert to the old ones. After restarting samba, they can now no longer log onto the domain, however, they can ping the NT server (the NT server can not ping them) and now samba gives errors after trying smbpasswd -j -r #the names have been changed to protect the innocent. Here is my smb.conf file: [global] client code page = 950 workgroup = workgroup netbios name = cache server string = e-smith samba server hosts allow = 127.0.0.1 /255.255.255.255 192.168.2.0/255.255.255.0 interfaces = 127.0.0.1 eth* log file = /var/log/samba/log.%m max log size = 50 security = server password server = guest ok = yes guest account = public map to guest = bad user encrypt passwords = yes smb passwd file = /etc/smbpasswd bind interfaces only = yes remote browse sync = remote announce = 192.168.2.0 local master = no os level = 33 domain master = no preferred master = no browseable = yes name resolve order = wins lmhosts bcast wins server = wins proxy = yes dns proxy = no preserve case = yes short preserve case = yes case sensitive = no domain logons = yes logon script = netlogon.bat This is a log.workstation log file: [2001/01/15 10:44:19, 0] smbd/password.c:connect_to_domain_password_server(1262) connect_to_domain_password_server: unable to setup the PDC credentials to machine . Error was : NT_STATUS_INVALID_COMPUTER_NAME. [2001/01/15 10:44:19, 0] smbd/password.c:domain_client_validate(1454) domain_client_validate: Domain password server not available. [2001/01/15 10:44:19, 1] smbd/password.c:pass_check_smb(492) Couldn't find user 'joyce' in UNIX password database. [2001/01/15 10:44:19, 1] smbd/password.c:pass_check_smb(492) Couldn't find user 'joyce' in UNIX password database. [2001/01/15 10:44:25, 0] smbd/service.c:make_connection(502) Can't change directory to /home/netlogon (No such file or directory) [2001/01/15 10:44:25, 0] smbd/service.c:make_connection(502) Can't change directory to /home/netlogon (No such file or directory) [2001/01/15 10:44:27, 1] smbd/service.c:make_connection(550) banyo (192.168.2.17) connect to service Primary as user public (uid=101, gid=103) (pid 4156) [2001/01/15 10:45:42, 1] smbd/service.c:close_cnum(583) banyo (192.168.2.17) closed connection to service Primary log.nmb is merely full of 100s of these: process_name_refresh_request: unicast name registration request received for name DURBAN<00> from IP 192.168.2.11 on subnet UNICAST_SUBNET. [2001/01/15 16:10:41, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server Any ideas or suggestions would be greatly appreciated. Thanks. From marshallj at switch.aust.com Tue Jan 16 04:20:50 2001 From: marshallj at switch.aust.com (Marshall, Joshua) Date: Tue Dec 2 02:33:04 2003 Subject: logins not working through a router Message-ID: <3A63CC22.E04B822E@switch.aust.com> I have a Samba 2.2 PDC I am wanting to log into from a machine which is not on the immediate lan. The machine is connected via a dialin session to one of our remote login machines (a linux machine) Presently I am able to log into our NT Domain through this method however logins to the Samba Domain are not working. The IP address assigned to the remote connection is within the same subnet as the Samba PDC. The ppp session is proxyarp'd and the remote computer has no firewall between itself and the lan. What do I need to get the logins to work via the router? Regards, Josh. From breshear at eoni.com Tue Jan 16 04:28:01 2001 From: breshear at eoni.com (Doug Breshears) Date: Tue Dec 2 02:33:04 2003 Subject: samba and nt, nt box vs. pdc change machine passwords ? References: <01C07F1C.3B0A0C60.js@ic-bremen.de> Message-ID: <002801c07f74$b8321e00$03c7e4d8@jbug> I believe that the machine accounts get changed after a period of being on the network. You might do well to install and wait a week or two, then image the HD, this I believe would give you the stable machine SID. I am not sure of this completely accurate just my 2 cents. Doug. ----- Original Message ----- From: Jens Schwepe To: samba nt domain mailinglist (E-Mail) Sent: Monday, January 15, 2001 8:54 AM Subject: samba and nt, nt box vs. pdc change machine passwords ? > hi, > > i've successively set up a network with 10 nt boxes and 2 samba servers. > first is file server, second is pdc and login server with the > machine/user passwords file. > > to minimize admin work i've made a snapshot of every client's hard disk > partition with ( dd if=/dev/hda1 | gzip -c --best > client.disk.gz ) to > the file-server, which is read back to the client's disk every night. > Thus feigning the nt boxes would be freshly installed every morning :-) > > cool thing i guess, but every now and then one or more of the > server-side stored machine passwords seem to change, resulting in users > not able to login on that particular machine anymore ( --> nt box says > something like "machine not member of domain"). > > could it be that during normal login/logoff work the nt boxes and the > pdc internally change/modify the machine's password ??? > > > thnx in advance > > Jens Schwepe > js@ic-bremen.de > www.ic-bremen.de > > > > From kathee at ezunx.com Tue Jan 16 05:57:45 2001 From: kathee at ezunx.com (kat) Date: Tue Dec 2 02:33:04 2003 Subject: Windows 2000 joining 2.2.alpha1 Message-ID: I know it has probably been asked, but I am desperate right now (entire domain is down - dead NT box) and trying to convert to samba pdc... have a couple hours left. NT boxes join just fine, as do 98, BUT, the WIndows 2K boxes keep telling me that they are joining with a global "machine" account -- try using a normal account. It does not make sense. The useradd script works fine, and the account (nb1$) is added to both passwd and smbpasswd, but the stupid thing won't join the domain.... I am at my wits end... Can anyone give me some pointers? thanks Kathee From kathee at ezunx.com Tue Jan 16 06:00:14 2001 From: kathee at ezunx.com (kat) Date: Tue Dec 2 02:33:04 2003 Subject: windows 2000 joinin... just some additional info Message-ID: This may also help: ==> log.nmbd <== [2001/01/16 00:44:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.87: code = 0x12 [2001/01/16 00:44:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.87: code = 0x12 [2001/01/16 00:44:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.87: code = 0x12 [2001/01/16 00:44:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.87: code = 0x12 [2001/01/16 00:44:25, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.0.87: code = 0x7 ==> log.smbd <== Copyright Andrew Tridgell 1992-1998 [2001/01/15 23:49:42, 1] smbd/server.c:main(654) smbd version 2.2.0-alpha1 started. Copyright Andrew Tridgell 1992-1998 [2001/01/16 00:14:10, 1] smbd/server.c:main(654) smbd version 2.2.0-alpha1 started. Copyright Andrew Tridgell 1992-1998 [2001/01/16 00:36:22, 1] smbd/server.c:main(654) smbd version 2.2.0-alpha1 started. Copyright Andrew Tridgell 1992-1998 [ From lubo at ru.acad.bg Tue Jan 16 06:40:00 2001 From: lubo at ru.acad.bg (Lubomir) Date: Tue Dec 2 02:33:04 2003 Subject: Windows 2000 joining 2.2.alpha1 References: Message-ID: <3A63ECC0.5020001@ru.acad.bg> Try creating machine account with UPPER CASE ( W2KTEST$ - for example) I am using RH7.0 , samba 2.2.alpha1-snapshot , 2K -Pro with SP1 It works for me! From kathee at ezunx.com Tue Jan 16 06:52:35 2001 From: kathee at ezunx.com (kat) Date: Tue Dec 2 02:33:04 2003 Subject: Windows 2000 joining 2.2.alpha1 In-Reply-To: <3A63ECC0.5020001@ru.acad.bg> Message-ID: Well, I answered my question --- *sigh* got 3 other W2K machines in the domain to join... Thanks to our friends at M$ -- HOTFIXES!!!!! *argh* -- do NOT install them!! This was the only machine with 3 security hofixes installed and it was the only one which refused to join. I backed them out, and it now works... Hmm, I have been here since 7am this morning... 1:52 am the next morning now.. What a fun day. Hmm... I wonder if I can bill M$... Kathee -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Lubomir Sent: Tuesday, January 16, 2001 1:40 AM To: samba-ntdom@us5.samba.org Subject: Re: Windows 2000 joining 2.2.alpha1 Try creating machine account with UPPER CASE ( W2KTEST$ - for example) I am using RH7.0 , samba 2.2.alpha1-snapshot , 2K -Pro with SP1 It works for me! From I.Marmaridis at uws.edu.au Tue Jan 16 07:18:08 2001 From: I.Marmaridis at uws.edu.au (Makis Marmaridis) Date: Tue Dec 2 02:33:04 2003 Subject: samba and nt, nt box vs. pdc change machine passwords ? In-Reply-To: <002801c07f74$b8321e00$03c7e4d8@jbug> Message-ID: Actually, this is not quite accurate. The machine accounts on an NT domain are changed automatically on a weekly basis. Therefore, it doesn't matter how much you wait until you do the imaging, you are still bound to run into the same problem. Microsoft suggests the following work-around http://support.microsoft.com/support/kb/articles/Q154/5/01.ASP that basically says that by modifying a particular registry key, you can stop this behaviour (which also means that other people might then be able to easier impersonate one of your trusted machines on the domain by guessing its password (however until today I haven't heard of anybody doing so... yet!) :-) HTH, Cheers, Makis. -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Doug Breshears Sent: Tuesday, 16 January 2001 3:28 PM To: Jens Schwepe; samba nt domain mailinglist (E-Mail) Subject: Re: samba and nt, nt box vs. pdc change machine passwords ? I believe that the machine accounts get changed after a period of being on the network. You might do well to install and wait a week or two, then image the HD, this I believe would give you the stable machine SID. I am not sure of this completely accurate just my 2 cents. Doug. ----- Original Message ----- From: Jens Schwepe To: samba nt domain mailinglist (E-Mail) Sent: Monday, January 15, 2001 8:54 AM Subject: samba and nt, nt box vs. pdc change machine passwords ? > hi, > > i've successively set up a network with 10 nt boxes and 2 samba servers. > first is file server, second is pdc and login server with the > machine/user passwords file. > > to minimize admin work i've made a snapshot of every client's hard disk > partition with ( dd if=/dev/hda1 | gzip -c --best > client.disk.gz ) to > the file-server, which is read back to the client's disk every night. > Thus feigning the nt boxes would be freshly installed every morning :-) > > cool thing i guess, but every now and then one or more of the > server-side stored machine passwords seem to change, resulting in users > not able to login on that particular machine anymore ( --> nt box says > something like "machine not member of domain"). > > could it be that during normal login/logoff work the nt boxes and the > pdc internally change/modify the machine's password ??? > > > thnx in advance > > Jens Schwepe > js@ic-bremen.de > www.ic-bremen.de > > > > From t.schneider at newellwf-de.com Tue Jan 16 07:59:25 2001 From: t.schneider at newellwf-de.com (Thorsten Schneider) Date: Tue Dec 2 02:33:04 2003 Subject: Problem with smb_auth Message-ID: <01C07F9A.A100F6E0@SCHNEIDER> Hi, I want to check my squid users with a second linux box that is running Samba 2.07. This box is already used as a PDC and a fileserver. I tried smb_auth for this and this works fine if I submit a valid user id and the related password. If I submit a valid user id and an invalid password it returns "ERR". This is ok. But: If I submit an invalid user id it returns also "OK" instead of "ERR". I talked to the author of smb_auth and he mentioned that this could be a configuration problem of samba. Here is a piece of my log file. The server that wants to check the user id is called LINUX01: [2001/01/15 09:48:02, 2] lib/access.c:check_access(258) Allowed connection from linux01 (10.108.47.11) [2001/01/15 09:48:02, 2] smbd/reply.c:reply_special(97) netbios connect: name1=FILESRV01 name2=LINUX01 [2001/01/15 09:48:02, 1] smbd/password.c:pass_check_smb(492) Couldn't find user 'sdkfjsdk' in UNIX password database. [2001/01/15 09:48:02, 2] smbd/reply.c:reply_sesssetup_and_X(914) NT Password did not match for user 'sdkfjsdk' ! Defaulting to Lanman [2001/01/15 09:48:02, 1] smbd/password.c:pass_check_smb(492) Couldn't find user 'sdkfjsdk' in UNIX password database. [2001/01/15 09:48:02, 2] lib/access.c:check_access(258) Allowed connection from linux01 (10.108.47.11) [2001/01/15 09:48:02, 1] smbd/service.c:make_connection(550) linux01 (10.108.47.11) connect to service netlogon as user ftp (uid=40, gid=2) (pid 13774) [2001/01/15 09:48:02, 2] smbd/open.c:open_file(602) sdkfjsdk opened file proxyauth read=Yes write=No (numopen=1) [2001/01/15 09:48:02, 2] smbd/close.c:close_normal_file(159) ftp closed file proxyauth (numopen=0) [2001/01/15 09:48:02, 2] smbd/server.c:exit_server(408) Closing connections Thank you for your help Thorsten - Newell Window Fashions Germany GmbH EDV / Dept. IT Neutrauchburger Str. 20 D-88316 Isny Thorsten Schneider Tel.: (+49) 7562 / 985-112 Fax: - 100 t.schneider@newellwf-de.com www.newellwf-de.com From bgmilne at cae.co.za Tue Jan 16 10:04:13 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:04 2003 Subject: [Fwd: Re: Problem with smb_auth] Message-ID: <3A641C9D.2DE6D05B@cae.co.za> You need to make sure that only your domain users can read the file \\YOUR_PDC\netlogon\proxyauth Since the netlogon service must be guest accessible (I think), just change the permissions of the proxy_auth file. Mine are [vyfster15:/home/bgmilne]# ll /home/samba/netlogon/proxyauth -rwxr----- 1 bgmilne domusers 5 Nov 21 16:32 /home/samba/netlogon/proxyauth* Thus all the members of domusers can also use the proxy. Buchan Thorsten Schneider wrote: > > Hi, > > I want to check my squid users with a second linux box that is running Samba 2.07. This box is already used as a PDC and a fileserver. I tried smb_auth for this and this works fine if I submit a valid user id and the related password. If I submit a valid user id and an invalid password it returns "ERR". This is ok. > But: If I submit an invalid user id it returns also "OK" instead of "ERR". > I talked to the author of smb_auth and he mentioned that this could be a configuration problem of samba. > > Here is a piece of my log file. The server that wants to check the user id is called LINUX01: > > [2001/01/15 09:48:02, 2] lib/access.c:check_access(258) > Allowed connection from linux01 (10.108.47.11) > [2001/01/15 09:48:02, 2] smbd/reply.c:reply_special(97) > netbios connect: name1=FILESRV01 name2=LINUX01 > [2001/01/15 09:48:02, 1] smbd/password.c:pass_check_smb(492) > Couldn't find user 'sdkfjsdk' in UNIX password database. > [2001/01/15 09:48:02, 2] smbd/reply.c:reply_sesssetup_and_X(914) > NT Password did not match for user 'sdkfjsdk' ! Defaulting to Lanman > [2001/01/15 09:48:02, 1] smbd/password.c:pass_check_smb(492) > Couldn't find user 'sdkfjsdk' in UNIX password database. > [2001/01/15 09:48:02, 2] lib/access.c:check_access(258) > Allowed connection from linux01 (10.108.47.11) > [2001/01/15 09:48:02, 1] smbd/service.c:make_connection(550) > linux01 (10.108.47.11) connect to service netlogon as user ftp (uid=40, gid=2) > (pid 13774) > [2001/01/15 09:48:02, 2] smbd/open.c:open_file(602) > sdkfjsdk opened file proxyauth read=Yes write=No (numopen=1) > [2001/01/15 09:48:02, 2] smbd/close.c:close_normal_file(159) > ftp closed file proxyauth (numopen=0) > [2001/01/15 09:48:02, 2] smbd/server.c:exit_server(408) > Closing connections > > Thank you for your help > Thorsten > > - > Newell Window Fashions Germany GmbH > EDV / Dept. IT > Neutrauchburger Str. 20 > D-88316 Isny > > Thorsten Schneider > Tel.: (+49) 7562 / 985-112 Fax: - 100 > t.schneider@newellwf-de.com > www.newellwf-de.com -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From newman at engebras.com.br Tue Jan 16 12:25:44 2001 From: newman at engebras.com.br (Newman) Date: Tue Dec 2 02:33:04 2003 Subject: Windows 2000 joining 2.2.alpha1 References: Message-ID: <3A643DC7.201B1EF1@engebras.com.br> Are you using alpha1.tar.gz or the cvs tag samba_22? To join w2k you need the cvs version. Did you created the root account on you pdc? it is necessary to add a w2k to server. if all this is ok, send me directly a log level 2 or 3 gziped of a failed workstation logon. Good Luck. Newman kat wrote: > I know it has probably been asked, but I am desperate > right now (entire domain is down - dead NT box) and trying > to convert to samba pdc... have a couple hours left. > > NT boxes join just fine, as do 98, BUT, the WIndows 2K > boxes keep telling me that they are joining with a > global "machine" account -- try using a normal account. > > It does not make sense. The useradd script works fine, and the > account (nb1$) is added to both passwd and smbpasswd, but > the stupid thing won't join the domain.... I am at my > wits end... Can anyone give me some pointers? > > thanks > Kathee From bgmilne at cae.co.za Tue Jan 16 10:50:15 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:04 2003 Subject: Problems with pam_smb Message-ID: <3A642767.56BF6C3@cae.co.za> Hi, I am trying to get authentication of our samba-pdc users by our imap server (wu-imap). I have tried getting samba-appliance and samba-2.2.0 cvs to work using winbind, but had lots of problems. I have now resorted to pam_smb. It compiled fine, and I am sure I have all the right files in the right places, but have no idea whether it is working or not. Using the debug option (which is supposed to log to syslog) does nothing (which makes me wonder if pam_smb_auth is being called at all). I have read the pam-doc files, but must admit that I haven't done any configuration of pam before. Here is my /etc/pam_smb.conf # cat /etc/pam_smb.conf CAE CAEPDC CAEPDC (I don't know what the point of the 2nd entry is for a samba-based domain currently anyway) Here is my /etc/pam.d/imap: # cat /etc/pam.d/imap #%PAM-1.0 #auth required /lib/security/pam_smb_auth.so debug auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_smb_auth.so debug use_first_pass account required /lib/security/pam_pwdb.so Originally, the file just had the first (uncommented) auth and the account entry, but have tried the pam_smb_auth before and after the pwdb, with various compinations of required and sufficient. Running Linux Mandrake 7.1, samba 2.0.7, wu-imap 4.7b This is the last thing I need to set up before I can get back to my real work: my thesis !! (also, the last step before I migrate all our users from the University's Netware server) Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From bgmilne at cae.co.za Tue Jan 16 11:29:02 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:04 2003 Subject: 2.2 download / status References: Message-ID: <3A64307E.7822550D@cae.co.za> Paul Sanders wrote: > > Keep in mind that winbindd is not functional under 2.2 [if that is what you are looking for...] but the new NT print driver autodownload definetely rocks [ we've been able to get this working under HEAD as well] - a real improvement over the old system and much of the NT ACL control is now there, too! > OK, so what should we be running for winbindd support ? samba-appliance ? samba 2.2.0aplha1 ? Is it feasible to run current CVS for win2k logins, acls (ie linux with posix-acl patch). -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From bgmilne at cae.co.za Tue Jan 16 11:33:55 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:04 2003 Subject: Input/output error References: Message-ID: <3A6431A3.D6D40405@cae.co.za> Grant wrote: > > > I have a peculiar error, when i boot my linux system i mount > > a share on my win2k professional machine using smbmount > > (which is included in my RH7 install). This works great and > > is very reliable. However, if someone tries to access the > > mounted share while the Win2k machine is down it gets an > > Input/output error, and it can't list anything in the mounted > > share. It is also impossible to either unmount/remount/chmod/ > > delete or do anything else with the mounted share. > > That's right, because the Windows machine is down. > > > So to the question: is there a way to reset this mounted share > > somehow without actually rebooting the linux machine? If not, > > is there some other program similar to the smbmount which > > doesn't have this _serious_ bug and is free? Since I'm using > > the Windows2000 professional edition I am not sure if there > > is a NFS server for it, but I did hear that a NFS mount had a > > timeout setting which would stay clear of this bug. > > This is not a bug. Obviously if the Windows machine is down you can't access the share... > > 1. You need to kill the process id of smbmount (kill -9 PID of mount.smbfs). > 2. You then need to un mount the Windows share. (umount //Win2k/Share). > 3. You then need to remount the Windows share. This can normally also be accomplished by root umount'ing the mount point. > Rebooting is only required when you update the kernel. You can "fix" problems in Linux without ever needing to reboot. Other reason to reboot linux is when adding hardware. -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From Axel.Thimm at physik.fu-berlin.de Tue Jan 16 12:13:53 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:04 2003 Subject: Different workgroup= in the same domain with domain logons? Message-ID: <20010116131353.A3077@pua.domain> Hello, we are trying to upgrade our simple Samba (2.0.7) Network from security=user to security=domain with a centralized encrypted authentification, NIS automount, netlogons (perhaps profile roaming) and a wins server. Attached to this network are lots of Windows-machines, Win 9x/NT/2000. As there are a lot of Samba servers and PC arround here (of the order of 1000), the groups have called their workgroups according to their name for browsing purposes. Is this compatible to having a central authorization? Or do all security=domain Sambas need to carry the same workgroup= setting as the password server? Would this mean, that only one Samba server per domain may be set to "domain login=yes", making this server act as a PDC? I suspect that login servers would claim a special netbios name, just as domain browsers do, so having multiple domain logon servers in one domain would break thinks, or not? And a last question: How far can I come with 2.0.7? I have contradicting informations ranging from "only Win9x netlogons/profiles" to "also NT, but partly 2000". Thanks, Axel. -- Axel.Thimm@physik.fu-berlin.de From john_cap at lycos.com Tue Jan 16 13:32:33 2001 From: john_cap at lycos.com (john m vr) Date: Tue Dec 2 02:33:04 2003 Subject: Policies and Profiles Message-ID: Hello, I am having another problem here. Samba 2.0.7 was working fine, when I let NT create a user on it. When I tried to copy a user over from NT server though, the profile worked, but the policy quit working. Has anyone else encountered this problem, and have a fix for it? Thanks John Get your small business started at Lycos Small Business at http://www.lycos.com/business/mail.html From simo.sorce at polimi.it Tue Jan 16 14:00:08 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:04 2003 Subject: Customed Start Menus for Win9X users In-Reply-To: <3A636823.9060105@axeon.screaming.net> Message-ID: On Mon, 15 Jan 2001, Mark Westcott wrote: > Hi all. I have a school network with a samba server acting as PDC etc, > but I would like users in different groups to receive different start > menus. Is this at all possible, if so how? > > > Many thanks > > > Mark > > We have the same profile for every group of users. To server the correct profile I've put the variabile %G in the logon path config entry. eg: logon path = \\%N\profiles\%G so having a share of name profiles and a directory inside it the same name of unix group where the profile is stored. This way user of group grp1 will search for profile in ../profiles/grp1/ -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From simo.sorce at polimi.it Tue Jan 16 14:09:31 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:04 2003 Subject: samba and nt, nt box vs. pdc change machine passwords ? In-Reply-To: Message-ID: Another way to avoid this problem is to backup machine password while taking machine image and restore it while restoring machine image. This lead to security issues but should work. On Tue, 16 Jan 2001, Makis Marmaridis wrote: > > Actually, this is not quite accurate. The machine accounts on an NT domain > are changed automatically on a weekly basis. Therefore, it doesn't matter > how much you wait until you do the imaging, you are still bound to run into > the same problem. > > Microsoft suggests the following work-around > > http://support.microsoft.com/support/kb/articles/Q154/5/01.ASP > > that basically says that by modifying a particular registry key, you can > stop this behaviour (which also means that other people might then be able > to easier impersonate one of your trusted machines on the domain by guessing > its password (however until today I haven't heard of anybody doing so... > yet!) :-) > > HTH, > > Cheers, > Makis. > > > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Doug Breshears > Sent: Tuesday, 16 January 2001 3:28 PM > To: Jens Schwepe; samba nt domain mailinglist (E-Mail) > Subject: Re: samba and nt, nt box vs. pdc change machine passwords ? > > > I believe that the machine accounts get changed after a > period of being > on the network. You might do well to install and wait a week > or two, then > image the HD, this I believe would give you the stable > machine SID. I am > not sure of this completely accurate just my 2 cents. > Doug. > > ----- Original Message ----- > From: Jens Schwepe > To: samba nt domain mailinglist (E-Mail) > > Sent: Monday, January 15, 2001 8:54 AM > Subject: samba and nt, nt box vs. pdc change machine > passwords ? > > > > hi, > > > > i've successively set up a network with 10 nt boxes and 2 > samba servers. > > first is file server, second is pdc and login server with > the > > machine/user passwords file. > > > > to minimize admin work i've made a snapshot of every > client's hard disk > > partition with ( dd if=/dev/hda1 | gzip -c --best > > client.disk.gz ) to > > the file-server, which is read back to the client's disk > every night. > > Thus feigning the nt boxes would be freshly installed > every morning :-) > > > > cool thing i guess, but every now and then one or more of > the > > server-side stored machine passwords seem to change, > resulting in users > > not able to login on that particular machine anymore ( --> > nt box says > > something like "machine not member of domain"). > > > > could it be that during normal login/logoff work the nt > boxes and the > > pdc internally change/modify the machine's password ??? > > > > > > thnx in advance > > > > Jens Schwepe > > js@ic-bremen.de > > www.ic-bremen.de > > > > > > > > > > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From sanders_p at univerahealthcare.org Tue Jan 16 14:51:10 2001 From: sanders_p at univerahealthcare.org (Paul Sanders) Date: Tue Dec 2 02:33:04 2003 Subject: 2.2 download / status Message-ID: >>> Buchan Milne 01/16 6:29 AM >>> >OK, so what should we be running for winbindd support ? samba-appliance >? samba 2.2.0aplha1 ? We have not been able to compile winbind from HEAD or 2.2 - I have been told that the winbind code that is in those versions is outdated and was included only to test the overall compilation - it is not functional. I have tried many times and still get makefile error that kills the compile. I hope someone is looking into that issue since I have seen several others report this problem. I have been using the appliance 0.5 that I compiled using current CVS of HEAD and TNG sources [i just replaced the respective source directories and run the appliance build script. This is the only way i've been able to get winbind to compile. Any other attempt with any other version results in makefile errors. Today i'm going to try just APPLIANCE_HEAD - I'll post the results later this afternoon. Can someone on the Team please address this issue? It appears to me that there is work being done on nsswitch/winbind [the CVS updates show this] but people keep reporting the same problem with the winbind compile. Just to clarify: has someone on the team done a fresh compile of samba with a functioning winbind on a fresh linux [not updating a box with a functional samba/winbind aleady running...]. >Is it feasible to run current CVS for win2k logins, acls (ie linux with >posix-acl patch). I have not looked into this but others are apparently running 2.2 for win2k [with some minor problems...] and acl support is coming along. Other are better able to answer this one... Paul Sanders From kathee at ezunx.com Tue Jan 16 17:14:49 2001 From: kathee at ezunx.com (kat) Date: Tue Dec 2 02:33:04 2003 Subject: slightly off topic, but if anyone knows... Message-ID: Hi again, Related to the fun of last night -- and the hot fixes with W2K -- (I will summarize later), I have a related minor issue. I thought if anyone would know, you people would. When the machines moved from one domain to the other, the profiles for lost. Most importantly, the OUTLOOK account info. We only use outlook as smtp/pop, not exchange. Now I know all the folders are still there for the old users (same username, different domain now), but where does MS keep it? Is there a way to bring the old mail back into the outlook folders? Also, is there a way to bring the user profiles/desktop back? thanks again, Kathee From mbreuer at siac.com Tue Jan 16 17:31:02 2001 From: mbreuer at siac.com (Michael Breuer) Date: Tue Dec 2 02:33:04 2003 Subject: slightly off topic, but if anyone knows... References: Message-ID: <3A648556.B1D2EB3E@siac.com> Microsoft has a domain migration tool as part of the resource kit... the instructions say to use before the move. kat wrote: > Hi again, > > Related to the fun of last night -- and the hot fixes > with W2K -- (I will summarize later), I have a related > minor issue. > > I thought if anyone would know, you people would. When > the machines moved from one domain to the other, the > profiles for lost. Most importantly, the OUTLOOK account > info. We only use outlook as smtp/pop, not exchange. > Now I know all the folders are still there for the old > users (same username, different domain now), but where > does MS keep it? Is there a way to bring the old mail > back into the outlook folders? > > Also, is there a way to bring the user profiles/desktop > back? > > thanks again, > Kathee From mark at axeon.screaming.net Tue Jan 16 17:29:58 2001 From: mark at axeon.screaming.net (Mark Westcott) Date: Tue Dec 2 02:33:04 2003 Subject: Customed Start Menus for Win9X users Message-ID: <3A648516.1060505@axeon.screaming.net> Hi, and thanks for this. I've been looking in the Win98 resource kit, and cant find anything saying how to have different groups of users having different start menus. Could you give me an exact pointer to where in the res kit? Thanks Mark From MMcEldowney at deltaregional.com Tue Jan 16 18:15:56 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:33:04 2003 Subject: slightly off topic, but if anyone knows... Message-ID: <982DE519343BD41191CA00902786B5B902DDDC@EMAIL> Kathee, Migrating the profile information is a pain in the #@%, and after following all the steps, it still didn't work well for me. I tried to migrate my own NTWS and have not gotten it to work. Basically (or so the documentation would lead you to believe), you copy the profile info from the WS drive( usually c:\winnt\profiles\%USERNAME% ) to the profiles dir on your SAMBA box for the same user. I did that, and all seemed to work, until I clicked on the Start button. Then: Right click on desktop icon: GPF Click Start, Click Programs: GPF Right click "My computer" icon, click "Open" or "Explore": GPF If I rejoin my old domain, the problem goes away... To work around it I logged into my WS as Administrator, created a local account for my username, and then logged in locally to the WS as myself. That allows me access to both domains. I intend to fdisk and reinstall my WS sometime in the future... Good Luck, Mike -----Original Message----- From: Michael Breuer [mailto:mbreuer@siac.com] Sent: Tuesday, January 16, 2001 11:31 AM To: kat Cc: samba-ntdom@us5.samba.org Subject: Re: slightly off topic, but if anyone knows... Microsoft has a domain migration tool as part of the resource kit... the instructions say to use before the move. kat wrote: > Hi again, > > Related to the fun of last night -- and the hot fixes > with W2K -- (I will summarize later), I have a related > minor issue. > > I thought if anyone would know, you people would. When > the machines moved from one domain to the other, the > profiles for lost. Most importantly, the OUTLOOK account > info. We only use outlook as smtp/pop, not exchange. > Now I know all the folders are still there for the old > users (same username, different domain now), but where > does MS keep it? Is there a way to bring the old mail > back into the outlook folders? > > Also, is there a way to bring the user profiles/desktop > back? > > thanks again, > Kathee From noelk at bc.edu Tue Jan 16 18:11:59 2001 From: noelk at bc.edu (Ken Noel) Date: Tue Dec 2 02:33:04 2003 Subject: Customed Start Menus for Win9X users Message-ID: <3A6FA746@netfin6.bc.edu> Poledit is a tool that allows you to create a policy. You can assign a policy by using global groups. Ken >===== Original Message From Mark Westcott ===== >Hi, and thanks for this. I've been looking in the Win98 resource kit, >and cant find anything saying how to have different groups of users >having different start menus. Could you give me an exact pointer to >where in the res kit? > > >Thanks > > >Mark Kenneth Noel Boston College Information Technology Systems Programmer 617 552-8511 From KMunsterman at tricord.com Tue Jan 16 18:18:42 2001 From: KMunsterman at tricord.com (Munsterman, Kevin) Date: Tue Dec 2 02:33:04 2003 Subject: file size limitations Message-ID: <6DEE94132593D41182D200508BDCA590020F01@mail.tricord.com> does anyone know if there is a file size limit on samba as i'm having problems with files over 2gb any suggestions woulg be great From kevinc at grainsystems.com Tue Jan 16 18:57:47 2001 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:33:04 2003 Subject: file size limitations References: <6DEE94132593D41182D200508BDCA590020F01@mail.tricord.com> Message-ID: <3A6499AB.33A441C0@grainsystems.com> "Munsterman, Kevin" wrote: > > does anyone know if there is a file size limit on samba as i'm having > problems with files over 2gb any suggestions woulg be great I'm not sure about a Samba limit, but that just so happens to be the Linux ext2 max file size limit without the large file patch. Are you running Linux? a stock kernel? - Kevin Colby kevinc@grainsystems.com From mark at axeon.screaming.net Tue Jan 16 18:59:08 2001 From: mark at axeon.screaming.net (Mark Westcott) Date: Tue Dec 2 02:33:04 2003 Subject: Customed Start Menus for Win9X users References: <3A6FA746@netfin6.bc.edu> Message-ID: <3A6499FC.9030901@axeon.screaming.net> Yep, but policies dont allow you to change the contents of the start menu - ie what appears inside the programs section Ken Noel wrote: > Poledit is a tool that allows you to create a policy. You can assign a policy > by using global groups. > > Ken > >> ===== Original Message From Mark Westcott ===== >> Hi, and thanks for this. I've been looking in the Win98 resource kit, >> and cant find anything saying how to have different groups of users >> having different start menus. Could you give me an exact pointer to >> where in the res kit? >> >> >> Thanks >> >> >> Mark > > > Kenneth Noel > Boston College > Information Technology > Systems Programmer > 617 552-8511 > > > From noelk at bc.edu Tue Jan 16 19:24:05 2001 From: noelk at bc.edu (Ken Noel) Date: Tue Dec 2 02:33:04 2003 Subject: Customed Start Menus for Win9X users Message-ID: <3A7030CD@netfin6.bc.edu> If you run poledit then choose default computer to edit. Then choose Window NT shell next Custom Shared Folders. In there are shared Program Folders, Desktop Icons Startmenu... You can created startmenu's or Program Folders for different computers to use. Maybe I'm wrong but I believe thats the way we do it here. Ken >===== Original Message From Mark Westcott ===== >Yep, but policies dont allow you to change the contents of the start >menu - ie what appears inside the programs section > >Ken Noel wrote: > >> Poledit is a tool that allows you to create a policy. You can assign a policy >> by using global groups. >> >> Ken >> >>> ===== Original Message From Mark Westcott ===== >>> Hi, and thanks for this. I've been looking in the Win98 resource kit, >>> and cant find anything saying how to have different groups of users >>> having different start menus. Could you give me an exact pointer to >>> where in the res kit? >>> >>> >>> Thanks >>> >>> >>> Mark >> >> >> Kenneth Noel >> Boston College >> Information Technology >> Systems Programmer >> 617 552-8511 >> >> >> Kenneth Noel Boston College Information Technology Systems Programmer 617 552-8511 From mark at axeon.screaming.net Tue Jan 16 19:44:18 2001 From: mark at axeon.screaming.net (Mark Westcott) Date: Tue Dec 2 02:33:05 2003 Subject: Customed Start Menus for Win9X users References: Message-ID: <3A64A492.7040507@axeon.screaming.net> Hi. I already have my start menu secure (using policies). I am using roaming profiles - each user has there own profile at the moment. Will I need to change this? Mark JBCurry wrote: >> -----Original Message----- >> From: samba-ntdom-admin@lists.samba.org >> [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Mark Westcott >> Sent: Monday, January 15, 2001 4:14 PM >> >> Hi all. I have a school network with a samba server acting as PDC etc, >> but I would like users in different groups to receive different start >> menus. Is this at all possible, if so how? >> > > Mark - > > The solution may depend on whether you wish to control just the functions of > the Start Menu (such as disabling the run command), or whether you also wish > to control exactly what folders and applications appear. > > If it's simply to help make the Start Menu secure, you can handle many > issues by just using System Policies. There's a wonderful book out from > O'Reilly entitled "Windows System Policy Editor" that will help you to > understand the abilities and limits of System Policies, and books such as > "SAMS Teach Yourself Samba in 24 Hours" or "Special Edition: Using Samba" > will help you to understand how to implement them on a Samba server. > > If you wish to customize the folders and programs based on the user logon, > you'll need to use Roaming Profiles. This is a little bit more work in > support and maintenance, but there's a lot of neat stuff (!!!) you can > customize in addition to the Start Menu. I would suggest the same books as > mentioned above for info on this approach. > > It's not too difficult to do either, but I think you'll want to read up on > "System Policies" and "Roaming Profiles" to see which is more appropriate > for you. Then you'll have questions specific to what you want to do as > you're working to implement them. > > > > From mark at axeon.screaming.net Tue Jan 16 19:46:03 2001 From: mark at axeon.screaming.net (Mark Westcott) Date: Tue Dec 2 02:33:05 2003 Subject: Customed Start Menus for Win9X users References: <3A7030CD@netfin6.bc.edu> Message-ID: <3A64A4FB.8030703@axeon.screaming.net> oh okay, but my systems are windows 98 systems, I'm just checking if this is the case still Ken Noel wrote: > If you run poledit then choose default computer to edit. Then choose Window > NT shell next Custom Shared Folders. In there are shared Program Folders, > Desktop Icons Startmenu... You can created startmenu's or Program Folders for > different computers to use. > > > Maybe I'm wrong but I believe thats the way we do it here. > > Ken > > > >> ===== Original Message From Mark Westcott ===== >> Yep, but policies dont allow you to change the contents of the start >> menu - ie what appears inside the programs section >> >> Ken Noel wrote: >> >>> Poledit is a tool that allows you to create a policy. You can assign a >> > policy > >>> by using global groups. >>> >>> Ken >>> >>>> ===== Original Message From Mark Westcott ===== >>>> Hi, and thanks for this. I've been looking in the Win98 resource kit, >>>> and cant find anything saying how to have different groups of users >>>> having different start menus. Could you give me an exact pointer to >>>> where in the res kit? >>>> >>>> >>>> Thanks >>>> >>>> >>>> Mark >>> >>> >>> Kenneth Noel >>> Boston College >>> Information Technology >>> Systems Programmer >>> 617 552-8511 >>> >>> >>> > > Kenneth Noel > Boston College > Information Technology > Systems Programmer > 617 552-8511 > > > From boehm at nortelnetworks.com Tue Jan 16 18:42:15 2001 From: boehm at nortelnetworks.com (Eric Boehm) Date: Tue Dec 2 02:33:05 2003 Subject: NetBIOS name reg/resolution problem -- multiple net interfaces, Samba 2.0.7, Solaris 7, ClearCase Message-ID: <20010116134215.L17674@wnc0s00u.nortelnetworks.com> I am having problems with Samba 2.0.7 running under Solaris 8. We are using Samba to use ClearCase on NT clients with UNIX servers. The machines it is running on have multiple network interfaces. I've tried several approaches, none of them seem to work. System Hostname and IP addresses. Hostname is zrtps078. Hostname IP address Netmask zrtps078 47.111.70.82 255.255.240.0 zrtps079 47.140.7.213 255.255.240.0 zrtps07a 47.202.32.217 255.255.240.0 1. Run Samba as a single daemon, bind to all interfaces Files: smb.conf, smb.conf.global.zrtps078, smb.conf.share.zrtps078 (see end of message for file contents) Samba only registers the machines primary hostname, zrtps078. Clients are often unable to bind to the share using one of the alternate interfaces. For example: net use * \\zrtps078\export net use * \\zrtps079\export net use * \\zrtps07a\export 2. Run separate smbd/nmbd for each interface. Files: smb.conf.zrtps078, smb.conf.global.zrtps078 smb.conf.zrtps079, smb.conf.global.zrtps079 smb.conf.zrtps07a, smb.conf.global.zrtps07a smb.conf.shares.zrtps078 This ends up generating lots of errors in log.nmb about being unable to register/refresh names. Apparently, nmbd attempts to register the primary hostname with each instance even though "interfaces" and "bind interfaces only" are specified. Again, the net use commands above don't always work. 3. Run single smbd/nmbd but specify the alternate interfaces with "netbios aliases". Files: smb.conf, smb.conf.global.zrtps078.new, smb.conf.shares.zrtps078 I'm still getting messages about being unable to register/refresh names and the net use command still don't work. We've also made sure that "Enable DNS for Windows Resolution" is turned on. This is having a significant effect on our environment. Any suggestions would be welcome. -- Eric M. Boehm boehm@nortelnetworks.com SMB.CONF # Global parameters client code page = 437 # Samba requests 10000 but Solaris has only 1014 to spare max open files = 1014 comment = "Samba %v server" share modes = yes getwd cache = yes browseable = yes load printers = no local master = no username map = /usr/local/samba/lib/username.map dead time = 30 debug pid = yes #debug level = 10 log file = /usr/local/samba/var/log.%m socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768 include = /usr/local/samba/lib/smb.conf.global.%h include = /usr/local/samba/lib/smb.conf.shares.%h SMB.CONF.ZRTPS078 # Global parameters client code page = 437 # Samba requests 10000 but Solaris has only 1014 to spare max open files = 1014 comment = "Samba %v server" share modes = yes getwd cache = yes browseable = yes load printers = no local master = no username map = /usr/local/samba/lib/username.map dead time = 30 debug pid = yes #debug level = 10 log file = /usr/local/samba/var/log.%m socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768 include = /usr/local/samba/lib/smb.conf.global.zrtps078 include = /usr/local/samba/lib/smb.conf.shares.%h SMB.CONF.ZRTPS079 # Global parameters client code page = 437 # Samba requests 10000 but Solaris has only 1014 to spare max open files = 1014 comment = "Samba %v server" share modes = yes getwd cache = yes browseable = yes load printers = no local master = no username map = /usr/local/samba/lib/username.map dead time = 30 debug pid = yes #debug level = 10 log file = /usr/local/samba/var/log.%m socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768 include = /usr/local/samba/lib/smb.conf.global.zrtps079 include = /usr/local/samba/lib/smb.conf.shares.%h SMB.CONF.ZRTPS07A # Global parameters client code page = 437 # Samba requests 10000 but Solaris has only 1014 to spare max open files = 1014 comment = "Samba %v server" share modes = yes getwd cache = yes browseable = yes load printers = no local master = no username map = /usr/local/samba/lib/username.map dead time = 30 debug pid = yes #debug level = 10 log file = /usr/local/samba/var/log.%m socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768 include = /usr/local/samba/lib/smb.conf.global.zrtps07a include = /usr/local/samba/lib/smb.conf.shares.%h SMB.CONF.GLOBAL.ZRTPS078 [global] workgroup = PCNTRTP security = domain password server = * #workgroup = AMERICASE #security = server #password server = ZRTPD01T, NRTPDE11, NRTPDE10, NRTPI915, PCNTRTP01, PCNTRTP02 encrypt passwords = yes wins server = 47.156.160.179 server string = "UAS/PTM/SNM ClearCase VOB Server %h (%L), Samba" interfaces = "47.202.34.217/20 47.140.7.213/20 47.111.70.82/20" #interfaces = "47.111.70.82/20 127.0.0.1/8" #bind interfaces only = yes #lock directory = /usr/local/samba/var/zrtps078 netbios aliases = UAS_PTM_SNM02 SMB.CONF.GLOBAL.ZRTPS079 [global] workgroup = PCNTRTP security = domain password server = * #workgroup = AMERICASE #security = server #password server = ZRTPD01T, NRTPDE11, NRTPDE10, NRTPI915, PCNTRTP01, PCNTRTP02 encrypt passwords = yes wins server = 47.156.160.179 server string = "UAS/PTM/SNM ClearCase VOB Server %h (%L), Samba" interfaces = "47.140.7.213/20" bind interfaces only = yes lock directory = /usr/local/samba/var/zrtps079 netbios aliases = ZRTPS079 SMB.CONF.GLOBAL.ZRTPS07A [global] workgroup = PCNTRTP security = domain password server = * #workgroup = AMERICASE #security = server #password server = ZRTPD01T, NRTPDE11, NRTPDE10, NRTPI915, PCNTRTP01, PCNTRTP02 encrypt passwords = yes wins server = 47.156.160.179 server string = "UAS/PTM/SNM ClearCase VOB Server %h (%L), Samba" interfaces = "47.140.7.213/20" bind interfaces only = yes lock directory = /usr/local/samba/var/zrtps079 netbios aliases = ZRTPS079 SMB.CONF.GLOBAL.ZRTPS07A [global] workgroup = PCNTRTP security = domain password server = * #workgroup = AMERICASE #security = server #password server = ZRTPD01T, NRTPDE11, NRTPDE10, NRTPI915, PCNTRTP01, PCNTRTP02 encrypt passwords = yes wins server = 47.156.160.179 server string = "UAS/PTM/SNM ClearCase VOB Server %h (%L), Samba" interfaces = "47.202.34.217/20" bind interfaces only = yes lock directory = /usr/local/samba/var/zrtps07a netbios aliases = ZRTPS07A SMB.CONF.SHARES.ZRTPS07* [export] comment = UAS/PTM/SNM VOB storage path = /export # admin users = #hosts allow = 47.111., 47.140., 47.141., 47.142., 47.143., 47.174., 47.192., 47.202., 47.232., 47.39., @SPM_ADM_HOSTS, @IP_SERVICES_HOSTS, @UAS_PTM_SNM_HOSTS hosts allow = @SPM_ADM_HOSTS, @IP_SERVICES_HOSTS, @UAS_PTM_SNM_HOSTS valid users = @SPM_ADM_USERS, @IP_SERVICES_USERS, @UAS_PTM_SNM_USERS oplocks = No guest ok = no directory mask = 0775 map archive = No writeable = yes SMB.CONF # Global parameters client code page = 437 # Samba requests 10000 but Solaris has only 1014 to spare max open files = 1014 comment = "Samba %v server" share modes = yes getwd cache = yes browseable = yes load printers = no local master = no username map = /usr/local/samba/lib/username.map dead time = 30 debug pid = yes #debug level = 10 log file = /usr/local/samba/var/log.%m socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=32768 SO_RCVBUF=32768 include = /usr/local/samba/lib/smb.conf.global.%h include = /usr/local/samba/lib/smb.conf.shares.%h SMB.CONF.GLOBAL.ZRTPS078 [global] workgroup = PCNTRTP security = domain password server = * #workgroup = AMERICASE #security = server #password server = ZRTPD01T, NRTPDE11, NRTPDE10, NRTPI915, PCNTRTP01, PCNTRTP02 encrypt passwords = yes wins server = 47.156.160.179 server string = "UAS/PTM/SNM ClearCase VOB Server %h (%L), Samba" interfaces = "47.202.34.217/20 47.140.7.213/20 47.111.70.82/20" #interfaces = "47.111.70.82/20 127.0.0.1/8" #bind interfaces only = yes #lock directory = /usr/local/samba/var/zrtps078 netbios aliases = UAS_PTM_SNM02 ZRTPS079 ZRTPS07A From r_huelsmann at ish.de Tue Jan 16 22:06:56 2001 From: r_huelsmann at ish.de (Ralf Huelsmann) Date: Tue Dec 2 02:33:05 2003 Subject: recylcer on shares Message-ID: <000001c08008$a3ff5fd0$3401a8c0@workstation_1a.ish.de> hi ! on a win nt-server / netwrok i have a recylcer on every network-drive / share. how can i set up this on samba shares ? (we?re using 2.0.7 / TNG and 2_2_CVS) greetings ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.de/ r_huelsmann@ish.de phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 From rajeeva at research.bell-labs.com Tue Jan 16 23:02:59 2001 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:33:05 2003 Subject: head branch and overwriting files Message-ID: <3A64D323.95F0D7F7@research.bell-labs.com> I am using the todays CVS from head branch. From the client (NT4) I am connected as a user which is mapped to root on the Samba server. I can create new files in the share, but I cannot overwrite the files. I get access denied. The file permissions are 744 and owned by root on the server. When I look at the file permissions from client side, I see root has create read and write permissions. I cannot chnage the permissions to Full control from client side. What do I need to do to fix this, Thanks, rajeev From jbcurry at hline.localhealth.net Tue Jan 16 23:19:30 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:05 2003 Subject: Customed Start Menus for Win9X users In-Reply-To: <3A64A492.7040507@axeon.screaming.net> Message-ID: > -----Original Message----- > From: Mark Westcott [mailto:mark@axeon.screaming.net] > Sent: Tuesday, January 16, 2001 2:44 PM > > > Hi. I already have my start menu secure (using policies). > I am using roaming profiles - each user has there own profile at the > moment. Will I need to change this? > I don't think you would. In the directory where the user's profile is stored you should find a "Start Menu" folder. You can customize what programs appear on the Start Menu by placing shortcuts in this folder or in the "Programs" subfolder. This includes the "Startup" folder, which controls which applications load automatically during startup. If memory serves me correct, the roaming profile is stored in the directory defined by the "logon home" variable in smb.conf. There is another variable in smb.conf called "logon path" that can be set, but Windows 9x ignores this variable. I understand, however, that there is a key in the registry call ProfileImagePath that may be used as an alternative to define where the user profile is stored. I think Sam Silvester's idea of using a preexec script seems most reasonable, but I don't know that you'd have to use the same method of resolving which group they belong to. Basically, just have a preexec script test the variable %u against a list containing the username and which "Start Menu" folder would be appropriate for that user. Then copy the specified "Start Menu" folder to the profile stored in their home directory. I believe this would work. Everybody feel free to correct me if I'm wrong. (As if I'd ever have to ask... :-P ) From gcarter at valinux.com Wed Jan 17 02:48:08 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:05 2003 Subject: NetBIOS name reg/resolution problem -- multiple net interfaces, Samba 2.0.7, Solaris 7, ClearCase References: <20010116134215.L17674@wnc0s00u.nortelnetworks.com> Message-ID: <3A6507E8.D75358FA@valinux.com> Eric Boehm wrote: > > I am having problems with Samba 2.0.7 running under > Solaris 8. We are using Samba to use ClearCase on > NT clients with UNIX servers. The machines it > is running on have multiple network interfaces. > > I've tried several approaches, none of them seem to work. > > System Hostname and IP addresses. Hostname is zrtps078. > Hostname IP address Netmask > zrtps078 47.111.70.82 255.255.240.0 > zrtps079 47.140.7.213 255.255.240.0 > zrtps07a 47.202.32.217 255.255.240.0 > You config files don't seem to make a lot of sense to me. Here's a couple of points o if you wish to bind separate Samba daemons to different interfaces, you should use the 'interfaces' and and 'socket address' parameters in conjunction. Oh, and an individual lock directory like you had. o If using a global file, IIRC %h is only expanded to the hostname of the primary network interface. Not all interface DNS hostnames. Use something like netbios name = FOO netbios aliases = FOO2 FOO3 Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From bgmilne at cae.co.za Wed Jan 17 09:27:48 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:05 2003 Subject: slightly off topic, but if anyone knows... References: Message-ID: <3A656594.36B492@cae.co.za> If one were adding machines to a domain, one would copy the profile to the PDC using the "User Profiles" tab in the System Control Panel applet. I would think (but not having ever really used an NT server) that you could do this from the existing PDC (before the move of course). I hope you have backed up all the profiles ... Outlook usually stores all it's info in \Application Data\Microsoft\Outlook\outlook.pst If you start up Outlook and it doesn't find the file in that location, it will ask you where it is. That is what I have done (moved outlook.pst out of the profile, it's just way too big to copy over the network at login). You can also (depending what options you installed with) choose File->Open->Personal Folders File. Buchan kat wrote: > > Hi again, > > Related to the fun of last night -- and the hot fixes > with W2K -- (I will summarize later), I have a related > minor issue. > > I thought if anyone would know, you people would. When > the machines moved from one domain to the other, the > profiles for lost. Most importantly, the OUTLOOK account > info. We only use outlook as smtp/pop, not exchange. > Now I know all the folders are still there for the old > users (same username, different domain now), but where > does MS keep it? Is there a way to bring the old mail > back into the outlook folders? > > Also, is there a way to bring the user profiles/desktop > back? > > thanks again, > Kathee -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From simo.sorce at polimi.it Wed Jan 17 10:47:02 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:05 2003 Subject: file size limitations In-Reply-To: <6DEE94132593D41182D200508BDCA590020F01@mail.tricord.com> Message-ID: It depends on the underling system. On standard linux installations for example the filesize is limited to 2GB (limited to 32bit signed). With the new kernel the limit is now 64bit (and any new distribution that will come out in a month or two based on the new kernel will surely not have this limit). On Tue, 16 Jan 2001, Munsterman, Kevin wrote: > does anyone know if there is a file size limit on samba as i'm having > problems with files over 2gb any suggestions woulg be great > > > -- Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano E-mail: simo.sorce@polimi.it Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451 ----------------------------------------------------------------- Be happy, use Linux! From MarkS at crvinc.com Wed Jan 17 11:11:17 2001 From: MarkS at crvinc.com (MarkS@crvinc.com) Date: Tue Dec 2 02:33:05 2003 Subject: Subscribe to list Message-ID: From Peeter.Ulst at bico-leks.ee Wed Jan 17 12:47:31 2001 From: Peeter.Ulst at bico-leks.ee (Peeter Ulst) Date: Tue Dec 2 02:33:05 2003 Subject: this is happening every 30 sec twice, the log files are huge. Message-ID: This is what is written to a samba log file log.ypsilon that is a "central" PDC (NT, I have no juristicion over it) of another domain that obviously wants to establish a trust relationship with my PDC. [2001/01/17 11:20:08, 0] passdb/smbpassfile.c:get_trust_account_password(202) get_trust_account_password: Malformed trust password file (wrong length - was 0, should be 45). [2001/01/17 11:20:08, 0] passdb/smbpassfile.c:trust_get_passwd(294) domain_client_validate: unable to read the machine account password for machine S_KURESSAARE in domain KURESSAARE. [2001/01/17 11:20:08, 1] smbd/password.c:pass_check_smb(506) Account for user 'Administrator' was disabled. [2001/01/17 11:20:08, 1] smbd/password.c:pass_check_smb(506) Account for user 'Administrator' was disabled. [2001/01/17 11:20:08, 1] smbd/reply.c:reply_sesssetup_and_X(925) Rejecting user 'Administrator': authentication failed Trust is what we actually need here but we manage without it ... everything works but I gotta do smth about the spam in logfile . The central PDC is Ypsilon and S_Kuressaare is my PDC, what I cant get exactly is why is samba crying about not having an account for a local machine in local domain, it'd be understandable if it'd say smth like: unable to read the machine account password for machine YPSILON in domain KURESSAARE... I did adduser -n -g machines -c Machine -d /dev/null -s /bin/false S_KURESSAARE$ but that didnt help .. maybe I should restart samba ? but I'm a bit afraid to do that as its a remote machine & smbstatus reads about 50 rows of locked stuff like this: 30615 DENY_NONE RDWR EXCLUSIVE+BATCH /home/smbshares/liiklus/MAKSEMAA.DBF Wed Jan 17 11:43:32 2001 3254 DENY_NONE RDWR NONE /home/smbshares//andmebaasid/andmed/vara.mdb Wed Jan 17 10:29:59 2001 3864 DENY_WRITE RDONLY EXCLUSIVE+BATCH /hom ... & thus my second question, can I restart samba with smbstatus like this ? Peeter From boehm at nortelnetworks.com Wed Jan 17 12:40:41 2001 From: boehm at nortelnetworks.com (Eric Boehm) Date: Tue Dec 2 02:33:05 2003 Subject: NetBIOS name reg/resolution problem -- multiple net interfaces, Samba 2.0.7, Solaris 7, ClearCase In-Reply-To: <3A6507E8.D75358FA@valinux.com>; from gcarter@valinux.com on Tue, Jan 16, 2001 at 08:48:08PM -0600 References: <20010116134215.L17674@wnc0s00u.nortelnetworks.com> <3A6507E8.D75358FA@valinux.com> Message-ID: <20010117074040.T17674@wnc0s00u.nortelnetworks.com> On Tue, Jan 16, 2001 at 08:48:08PM -0600, Gerald Carter wrote: >>>>> "Jerry" == Gerald Carter writes: Eric> I am having problems with Samba 2.0.7 running Eric> under Solaris 8. We are using Samba to use ClearCase on NT clients Eric> with UNIX servers. The machines it is running on have multiple Eric> network interfaces. Eric> I've tried several approaches, none of them seem to work. Eric> System Hostname and IP addresses. Hostname is zrtps078. Hostname Eric> IP address Netmask zrtps078 47.111.70.82 255.255.240.0 zrtps079 Eric> 47.140.7.213 255.255.240.0 zrtps07a 47.202.32.217 255.255.240.0 Jerry> You config files don't seem to make a lot of sense to me. Here's a Jerry> couple of points What was it that didn't make sense? I had to guess at what the files should like look. Any suggestions for improvement would be welcome. How would you do it? I have tried searching the mailing list archives for guidance on running smbd/nmbd on separate interfaces. I didn't have any success. Jerry> o if you wish to bind separate Samba daemons to different Jerry> interfaces, you should use the 'interfaces' and and 'socket Jerry> address' parameters in conjunction. Oh, and an individual lock Jerry> directory like you had. I was using 'interfaces' and 'bind interfaces only'. I thought that 'socket address' was no longer needed or superseded by 'interfaces'. Are you saying that I need all three? Jerry> o If using a global file, IIRC %h is only expanded to the Jerry> hostname of the primary network interface. Not all interface DNS Jerry> hostnames. Use something like I understand that %h is the hostname of the primary interface. I didn't need a interface-specific file for the shares so I let that use %h. Jerry> netbios name = FOO netbios aliases = FOO2 FOO3 I missed 'netbios name'. -- Eric M. Boehm boehm@nortelnetworks.com From sam at quadlink.com.au Wed Jan 17 13:24:14 2001 From: sam at quadlink.com.au (Sam Silvester) Date: Tue Dec 2 02:33:05 2003 Subject: Different workgroup= in the same domain with domain logons? In-Reply-To: <20010116131353.A3077@pua.domain> Message-ID: On Tue, 16 Jan 2001, Axel Thimm wrote: > Hello, > Is this compatible to having a central authorization? Or do all > security=domain Sambas need to carry the same workgroup= setting as the > password server? I think what you are looking for is the security=server setting - as I understand it, using this doesn't mean the server has to be on the same workgroup. I believe you also need a WINS server to be set up in order for this to work though. All samba servers should point to the same wins server. Also, set domain master = yes only on the PDC, and local master = yes on the samba server in each workgroup (I'm not sure of this. Might be worth checking elsewhere) > Would this mean, that only one Samba server per domain may be set to "domain > login=yes", making this server act as a PDC? I suspect that login servers > would claim a special netbios name, just as domain browsers do, so having > multiple domain logon servers in one domain would break thinks, or not? Assuming that you are going to keep your multiple workgroups and have a single domain, you would set domain login = yes only on the PDC - ie the machine that you want to do all authentication through. Hope this helps, Sam! -- Programming is an art form that fights back. Sam Silvester Ph: 0408 492 205 Fax: (08) 8849 2376 http://www.quadlink.com.au From Wolf.Bergenheim at adcore.com Wed Jan 17 14:53:42 2001 From: Wolf.Bergenheim at adcore.com (Wolf Bergenheim) Date: Tue Dec 2 02:33:05 2003 Subject: NTLMv2 Message-ID: <3A65B1F6.DAD234AF@adcore.com> Hi! we tried to start using the NTLM v2 as the passwdhash, but were unsuccessful. Everything worked fine until we tried to get the profie data and the users' home dir from the Linux box (Debian Potato running samba 2.0.7). we have the samba set up with security = DOMAIN and encrypt passwords = Yes settings. What happened was that the logon authentication went painlessly, but we had no roaming profile. It seems to me that NTLMv2 isn't implemented in samba. (Everything works now that we use NTLM (v1)). So my question to you is that will NTLMv2 be _Ever_ implemented to samba? --Wolf Here is some dump from the logfiles: [2001/01/17 15:22:15, 1] smbd/password.c:pass_check_smb(500) Couldn't find user 'username' in smb_passwd file. [2001/01/17 15:22:15, 1] smbd/reply.c:reply_sesssetup_and_X(925) Rejecting user 'username': authentication failed [2001/01/17 15:22:15, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon(391) cli_net_sam_logon: NT_STATUS_WRONG_PASSWORD [2001/01/17 15:22:15, 0] smbd/password.c:domain_client_validate(1470) domain_client_validate: unable to validate password for user username in domai n MYDOMAIN to Domain controller PDC. Error was NT_STATUS_WRONG_PASSWO RD. -- Systems Specialist Adcore wolf.bergenheim@adcore.com http://www.adcore.com/ From cmanz at netscape.net Wed Jan 17 15:29:34 2001 From: cmanz at netscape.net (Roman Manz) Date: Tue Dec 2 02:33:05 2003 Subject: access rights Message-ID: <60921871.541D5807.00013305@netscape.net> Hi all, I try to set up a shared samba drive for several users on NT4 clients. What I would like to have is a file mask of 0755 and a directory mask of 1775. Q1: Samba does not set the sticky bit, any ideas?! Q2: When I try to change the permissions for a single file via Explorer to make it group writeable nothing happens, why? Samba Version: 2.0.7 Here the definition: [shareit] path = /homeX/shareit -> mask: 775 create mode = 0755 directory mode = 1775 writable = yes guest account = guest valid users = guest, user1, .... force group = guest Thank's in advance for a hint. Regards, Roman __________________________________________________________________ Get your own FREE, personal Netscape Webmail account today at http://webmail.netscape.com/ From mac at dgp.toronto.edu Wed Jan 17 15:46:22 2001 From: mac at dgp.toronto.edu (Maciej Kalisiak) Date: Tue Dec 2 02:33:05 2003 Subject: smbpasswd file compatible between versions? Message-ID: <20010117104622.A1816@khazad-dum> Is the private/smbpasswd format compatible between versions? I was running an old 2.1 prealpha version of SAMBA, and now am trying 2.2 from cvs. Can I just use the old smbpasswd file? I've actually re-added all the machine trust accounts to it (foo$), but I don't want to readd users as I want to keep the users' old passwords. -- Maciej Kalisiak | | http://www.dgp.toronto.edu/~mac [McQ] PGP->finger|www; (0x39AC36F5) 9F BB 9E 11 F0 1E 5D 20 0B 31 3D 37 47 D0 67 C7 GE/CS d- s++:+ a- C++(+++) ULAI++ P+++ L+++ E+++ W++ N- o? K? !w--- O- M- V-- PS PE+ Y+ PGP+ t+ 5 !X-- R+ tv-- b+>++++ DI+ G+ e>+++>++++(*) h--- r+++ y? From dave.kimberley at marconi-pensions.co.uk Wed Jan 17 15:51:50 2001 From: dave.kimberley at marconi-pensions.co.uk (Dave Kimberley) Date: Tue Dec 2 02:33:05 2003 Subject: access rights References: <60921871.541D5807.00013305@netscape.net> Message-ID: <3A65BF96.21233E76@marconi-pensions.co.uk> Roman Manz wrote: > > Hi all, > I try to set up a shared samba drive for several users on NT4 clients. > What I would like to have is a file mask of 0755 and a directory mask of 1775. > Q1: Samba does not set the sticky bit, any ideas?! > Q2: When I try to change the permissions for a single file via Explorer to make it group writeable nothing happens, why? > Samba Version: 2.0.7 > Here the definition: > [shareit] > path = /homeX/shareit -> mask: 775 > create mode = 0755 > directory mode = 1775 > writable = yes > guest account = guest > valid users = guest, user1, .... > force group = guest > > Thank's in advance for a hint. > Regards, > Roman > __________________________________________________________________ > Get your own FREE, personal Netscape Webmail account today at http://webmail.netscape.com/ We use the following setup and it seems to work, the help explains what the mask statements do: create mask = 0664 security mask = 0777 force security mode = 00 directory mask = 0775 force directory mode = 02000 directory security mask = 0777 force directory security mode = 00 Dave ------------------------------------------------------------- Dave Kimberley System Administrator Marconi Pensions Office http://www.marconi-pensions.co.uk ------------------------------------------------------------- From peterc at brosystems.com Wed Jan 17 15:59:56 2001 From: peterc at brosystems.com (peterc) Date: Tue Dec 2 02:33:05 2003 Subject: 2.0.7 PDC to NT workstation 4 connection problem Message-ID: Hi I am currently trying to configure samba to be a PDC for my NT network. I have followed the HOW-TO and created an smb.conf file [global security = user status = yes workgroup = idcorp encrypt password = yes domain logons = yes logon script = U%bat domain admin group = @peterc guest account = nobody local master = yes domain master = yes prefered master = yes log level = 3 [homes] guest ok = no read only = no create mask = 770 directory mask = 770 oplocks = true [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no public = no browseable = no [users] path = /users/home browseable = yes writeable = yes guest ok = no I have created the machine account and joined the domain ok. I have created a user and password however when I attempt to log in I am told that I cannot login to the domain as the system account for the computer does not exist or the password is wrong however if I log in to the local machine I can then go to my PDC and browse the files by typing in the passwd that is refused by the PDC as a network login. has anyone else seem this problem before ? From M.Puchta at fscodes.cz Wed Jan 17 15:59:01 2001 From: M.Puchta at fscodes.cz (Puchta, Milos) Date: Tue Dec 2 02:33:05 2003 Subject: Security Message-ID: <41ED6A8C8BE7D21194610008C724FD0A098A51@ANNA> What type of security should I set for the smbclient will not ask for password? TIA Milos From paul at slaterandson.com Wed Jan 17 16:31:38 2001 From: paul at slaterandson.com (Paul Williams) Date: Tue Dec 2 02:33:05 2003 Subject: NT Security behavior using Samba Message-ID: <005a01c080a2$f7774520$c82210ac@chad.office.slaterandson.com> I've noticed since installing Samba as a PDC that I can no longer share resources between peers. I can access workstation shares (both file and printer) from the samba server, but not from other NT workstations. Also if I try to set file permissions on the NT Workstations it seems to allow me to do that, but after logging out and logging back in the file whose permissions have been set comes up as "Unknown User". I theorize that this is because Samba doesn't yet keep consitant SID values for each user. Is this expected behavior? From MMcEldowney at deltaregional.com Wed Jan 17 17:43:02 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:33:05 2003 Subject: 2.0.7 PDC to NT workstation 4 connection problem Message-ID: <982DE519343BD41191CA00902786B5B902DDE3@EMAIL> I had the same problem with a Win2K box. The only thing that worked for me was to manually edit the smbpasswd entry for the machine. (I copied the entry to another line, commented out the old one, and edited the copied line.) I then replaced all of the letters in the password fields (the 3rd and 4th fields) with astericks, paying attention to match the number of asterisks with the number of characters. Once I did that I was able to log in without a problem. In all fairness, it may have been a coincidence and the machine may have updated itself, as the WS and 2K machines do weekly. I haven't had an opportunity to test this on another one yet. Let me know if it works! M -----Original Message----- From: peterc [mailto:peterc@brosystems.com] Sent: Wednesday, January 17, 2001 10:00 AM To: samba-ntdom@lists.samba.org Subject: 2.0.7 PDC to NT workstation 4 connection problem Hi I am currently trying to configure samba to be a PDC for my NT network. I have followed the HOW-TO and created an smb.conf file [global security = user status = yes workgroup = idcorp encrypt password = yes domain logons = yes logon script = U%bat domain admin group = @peterc guest account = nobody local master = yes domain master = yes prefered master = yes log level = 3 [homes] guest ok = no read only = no create mask = 770 directory mask = 770 oplocks = true [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no public = no browseable = no [users] path = /users/home browseable = yes writeable = yes guest ok = no I have created the machine account and joined the domain ok. I have created a user and password however when I attempt to log in I am told that I cannot login to the domain as the system account for the computer does not exist or the password is wrong however if I log in to the local machine I can then go to my PDC and browse the files by typing in the passwd that is refused by the PDC as a network login. has anyone else seem this problem before ? From sambastuff at jabba.glfc.com Wed Jan 17 17:36:10 2001 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:33:05 2003 Subject: SAMBA 2_2 Branch Message-ID: This may sound like a dumb question.. but there are no dumb questions.. just dumb people.. =) Anyway.. I'm setting up a PDC Server with the SAMBA2_2 branch.. and roaming profiles are turned on by default from what i can tell.. I ran testparm to see what params i could use to turn it off... but from what I can tell the only options are: logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U If i explicitly say login path = logon home = in my smb.conf, will that turn roaming profiles off? brian From ybeever at tsl.state.tx.us Wed Jan 17 20:00:50 2001 From: ybeever at tsl.state.tx.us (Yvonne Beever) Date: Tue Dec 2 02:33:05 2003 Subject: Samba/NT password problem Message-ID: <15EE7D2CFB19D311835600805F9A9056C30520@Exchange.tsl.state.tx.us> Sorry if this question has come up before--I've looked through the archives, & didn't find quite the same problem. We are running Red Hat 6.0 on our Apache web servers, with our NT 4.0 network, using Samba so that our users can connect to the web servers through Network neighborhood. Every once in awhile, a random user will not be able to access the web server through Network neighborhood. This has happened to me twice now. I don't recall getting this same message before, but today I got the message "Server service is not started." Others can access the server thru NN, just not me. In the past, when someone has lost access, the unix admin would have them re-enter their password in both the passwd and smbpasswd files, and this seemed to correct the problem. Usually this doesn't happen to the same user twice, and there doesn't seem to be any pattern as to whom this happens. Thank you, Yvonne From mac at dgp.toronto.edu Wed Jan 17 20:22:45 2001 From: mac at dgp.toronto.edu (Maciej Kalisiak) Date: Tue Dec 2 02:33:05 2003 Subject: failure == succes in log? Message-ID: <20010117152245.A2770@khazad-dum> I'm trying to figure out why I'm unable to write back my profiles on logout, and I came across the following in the log.smbd (I'm using 2.2 from CVS, checked out today): chmod of mac/ntuser.dat.LOG failed (Success) Is this natural? Seems wrong... -- Maciej Kalisiak | | http://www.dgp.toronto.edu/~mac [McQ] PGP->finger|www; (0x39AC36F5) 9F BB 9E 11 F0 1E 5D 20 0B 31 3D 37 47 D0 67 C7 GE/CS d- s++:+ a- C++(+++) ULAI++ P+++ L+++ E+++ W++ N- o? K? !w--- O- M- V-- PS PE+ Y+ PGP+ t+ 5 !X-- R+ tv-- b+>++++ DI+ G+ e>+++>++++(*) h--- r+++ y? From hazen at potentia.ca Wed Jan 17 22:20:51 2001 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:33:05 2003 Subject: Problems with the lates CVS Message-ID: Hi Again All OK 1. Updated a working copy yesterday (fresh 2.2 cvs yum) 2. Backed up all config files, blew away the /usr/local/samba dir 3. Made clean and recompiled all of samba from the cvs (./config ; make ; make install form the source sub-dir) 4. Replaced all config files And then i ran into these errors, oddly enough smbd won't run and this is why. load_unicode_map: loading unicode map for codepage 850. [2001/01/17 17:47:43, 3] smbd/server.c:main(704) loaded services [2001/01/17 17:47:43, 3] smbd/server.c:main(712) Becoming a daemon. [2001/01/17 17:47:43, 8] lib/util.c:fcntl_lock(1349) fcntl_lock 5 6 0 1 1 [2001/01/17 17:47:43, 8] lib/util.c:fcntl_lock(1389) fcntl_lock: Lock call successful [2001/01/17 17:47:43, 5] smbd/connection.c:claim_connection(91) claiming 100000 [2001/01/17 17:47:43, 0] lib/util_sock.c:open_socket_in(858) bind failed on port 139 socket_addr=0.0.0.0 (Address already in use) [2001/01/17 17:47:43, 3] smbd/sec_ctx.c:set_sec_ctx(311) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/01/17 17:47:43, 5] smbd/uid.c:unbecome_user(212) unbecome_user now uid=(0,0) gid=(0,0) <-- Becomes God [2001/01/17 17:47:43, 2] smbd/server.c:exit_server(425) Closing connections [2001/01/17 17:47:43, 3] smbd/connection.c:yield_connection(54) Yielding connection to [2001/01/17 17:47:43, 3] smbd/server.c:exit_server(457) Server exit (caught signal) <-- Dies?? oh this is the last line Now SMBD does not start (even though there weren't any compileing errors) however i was using CPAN and installing a couple of PERL mods during the compile (I figure 50% here 30% there is still only 70% threshold!) Now on top of that not functioning nmbd has a horrible memory leak (i start nmbd at the command line with the options -d 10 -D) and wham 8 or nine hours later i have a few thousand processes farting around chewing up ram like it were cud & cows. Do I need to recompile? (does anyone have any better ideas?) I probably will now but I'm just checking to see if anyone is having the same issues my current setup is i586 128MB Ram 2.2.14 stable (RedHat) Any Help is appreciated. Hazen Valliant-Saunders Potentia Telecom Power (613) 592-0027 x107 (613) 592-1686 (facimile) "Peace can only come as a natural consequence of universal enlightenment...'' --Nikola Tesla, "My Inventions: the autobiography of Nikola Tesla", Hart Bros., 1982-- From rajeeva at research.bell-labs.com Wed Jan 17 22:36:49 2001 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:33:05 2003 Subject: nt printing Message-ID: <3A661E81.DFB10567@research.bell-labs.com> I am using HEAD Branch from cvs. I am installing print drivers for NT. I am having a few problems. I am connecting to the samba server as a user which maps to root on samba server. I can install certain print drivers but not all. I installed a HP laserjet 5 si/mx PS driver on samba server and I can access the driver from other NT machine connecting to samba as a guest. I tried to install some other printer drivers like HP laserjet 4M/MP Postscript and Xerox N24/N32 PS2, the drivers got installed (atleast that's what I belive). I can see the drivers in the drop down list of drivers. But from the clients, when I try to connect to those printers, I get a message that the server does not have a suitable driver installed and I need to install the driver locally. Also from the machine from where, I am installing the drivers, If I try to see the properties of that printer, I get that driver for that printer are not installed only, spool properties will be shown. And the properties window pops up without the device setting tab. The property window shows the correct driver name however. Please let me know, what is it that I am doing wrong? Thanks, rajeev From pilger at kahana.higp.hawaii.edu Thu Jan 18 02:52:34 2001 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:33:05 2003 Subject: The Account Used is a Computer Account. Message-ID: <3A665A72.F2D80C29@higp.hawaii.edu> What the heck does this mean. I posted this once before, but got no response. I figured it was just my setup, but now someone else has posted the same problem, so I know it's not just me. I removed all the old stuff, downloaded the latest SAMBA_2_2 from CVS last week, recompiled and reinstalled. Still no luck. I have now tried on Solaris 8 and Redhat 6.2. From a hotpatched Win2K and a pristine Win2K. I have tried 4 character domains and 5 character domains. Always it is the same. Go to join domain. Enter "root" and appropriate password. Wait a bit, get the following response: "The Account Used is a Computer Account. Use Your Global User Account or Local User Account to Access the Server." Try again and get: "Procedure Number Out of Range." Try again and get: "The Account ..." and so on, ad infinitum. It also edits the smbpasswd file for me and disables the machine entry. What the heck is the difference between a computer account, a global user account and a local computer account? What is generating this message? -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From magnus.pettersson at driftbolaget.com Thu Jan 18 04:49:48 2001 From: magnus.pettersson at driftbolaget.com (Pettersson, Magnus) Date: Tue Dec 2 02:33:05 2003 Subject: The Account Used is a Computer Account. Message-ID: <216F0557F54BFA43A0DF62156BAE18A27981F3@intmail001.driftdom.com> TRy changing the character maps in samba, and comment out the password sync, if you are using it. I had the same problem, trying to join a w2k with a samba_2_2, and after I hacked around, commenting out bit by bit It worked... /magnus > -----Original Message----- > From: Eric Pilger [mailto:pilger@kahana.higp.hawaii.edu] > Sent: den 18 januari 2001 03:53 > To: samba-ntdom > Subject: The Account Used is a Computer Account. > > > What the heck does this mean. I posted this once before, but got no > response. I figured it was just my setup, but now someone else has > posted the same problem, so I know it's not just me. > > I removed all the old stuff, downloaded the latest SAMBA_2_2 from CVS > last week, recompiled and reinstalled. Still no luck. > > I have now tried on Solaris 8 and Redhat 6.2. From a hotpatched Win2K > and a pristine Win2K. I have tried 4 character domains and 5 character > domains. Always it is the same. > > Go to join domain. > Enter "root" and appropriate password. > Wait a bit, get the following response: > > "The Account Used is a Computer Account. Use Your Global User > Account or > Local User Account to Access the Server." > > Try again and get: > > "Procedure Number Out of Range." > > Try again and get: > > "The Account ..." > > and so on, ad infinitum. It also edits the smbpasswd file for me and > disables the machine entry. > > What the heck is the difference between a computer account, a global > user account and a local computer account? What is generating this > message? > > > > > -- > Eric J. Pilger > > Systems Administrator > > Hawaii Institute of Geophysics and Planetology/SOEST > > pilger@pgd.hawaii.edu > > (808)956-6321 > > > From bgmilne at cae.co.za Thu Jan 18 06:42:49 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:06 2003 Subject: Samba/NT password problem References: <15EE7D2CFB19D311835600805F9A9056C30520@Exchange.tsl.state.tx.us> Message-ID: <3A669069.5DD02B71@cae.co.za> Had you tried logging out of the Windows machine and back in ? I have never had to change passwords or similar to get a share working agai after windows has problems with. Remember Windows needs a reboot everyday ;-) Buchan Yvonne Beever wrote: > > Sorry if this question has come up before--I've looked through the archives, > & didn't find quite the same problem. > > We are running Red Hat 6.0 on our Apache web servers, with our NT 4.0 > network, using Samba so that our users can connect to the web servers > through Network neighborhood. Every once in awhile, a random user will not > be able to access the web server through Network neighborhood. This has > happened to me twice now. I don't recall getting this same message before, > but today I got the message "Server service is not started." Others can > access the server thru NN, just not me. In the past, when someone has lost > access, the unix admin would have them re-enter their password in both the > passwd and smbpasswd files, and this seemed to correct the problem. Usually > this doesn't happen to the same user twice, and there doesn't seem to be any > pattern as to whom this happens. > > Thank you, > Yvonne -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From Wolf.Bergenheim at adcore.com Thu Jan 18 10:24:45 2001 From: Wolf.Bergenheim at adcore.com (Wolf Bergenheim) Date: Tue Dec 2 02:33:06 2003 Subject: [Fwd: Re: Samba/NT password problem] Message-ID: <3A66C46D.F4277ED2@adcore.com> Hi, Yvonne Beever wrote: > > but today I got the message "Server service is not started." Others can > access the server thru NN, just not me. In the past, when someone has lost This seems to be a Windows problem. I've had it on several machines with NT4sp4. I fixed it by reinstalling the sp. Now that we use sp6a, the problerm seems to have disapeared. --Wolf -- Systems Specialist Adcore wolf.bergenheim@adcore.com http://www.adcore.com/ From slu at firerun.net Thu Jan 18 12:47:49 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:06 2003 Subject: The Account Used is a Computer Account. References: <216F0557F54BFA43A0DF62156BAE18A27981F3@intmail001.driftdom.com> Message-ID: <3A66E5F5.AB786C1A@firerun.net> I had the same problem. And what I found out as magnus was the password sync was enabled. Patrick "Pettersson, Magnus" wrote: > TRy changing the character maps in samba, and comment out the password sync, > if you are using it. > I had the same problem, trying to join a w2k with a samba_2_2, and after I > hacked around, commenting out bit by bit It worked... > > /magnus > > > -----Original Message----- > > From: Eric Pilger [mailto:pilger@kahana.higp.hawaii.edu] > > Sent: den 18 januari 2001 03:53 > > To: samba-ntdom > > Subject: The Account Used is a Computer Account. > > > > > > What the heck does this mean. I posted this once before, but got no > > response. I figured it was just my setup, but now someone else has > > posted the same problem, so I know it's not just me. > > > > I removed all the old stuff, downloaded the latest SAMBA_2_2 from CVS > > last week, recompiled and reinstalled. Still no luck. > > > > I have now tried on Solaris 8 and Redhat 6.2. From a hotpatched Win2K > > and a pristine Win2K. I have tried 4 character domains and 5 character > > domains. Always it is the same. > > > > Go to join domain. > > Enter "root" and appropriate password. > > Wait a bit, get the following response: > > > > "The Account Used is a Computer Account. Use Your Global User > > Account or > > Local User Account to Access the Server." > > > > Try again and get: > > > > "Procedure Number Out of Range." > > > > Try again and get: > > > > "The Account ..." > > > > and so on, ad infinitum. It also edits the smbpasswd file for me and > > disables the machine entry. > > > > What the heck is the difference between a computer account, a global > > user account and a local computer account? What is generating this > > message? > > > > > > > > > > -- > > Eric J. Pilger > > > > Systems Administrator > > > > Hawaii Institute of Geophysics and Planetology/SOEST > > > > pilger@pgd.hawaii.edu > > > > (808)956-6321 > > > > > > From mac at dgp.toronto.edu Thu Jan 18 13:44:34 2001 From: mac at dgp.toronto.edu (Maciej Kalisiak) Date: Tue Dec 2 02:33:06 2003 Subject: The Account Used is a Computer Account. In-Reply-To: <3A665A72.F2D80C29@higp.hawaii.edu>; from pilger@kahana.higp.hawaii.edu on Wed, Jan 17, 2001 at 09:52:34PM -0500 References: <3A665A72.F2D80C29@higp.hawaii.edu> Message-ID: <20010118084434.A782@khazad-dum> On Wed, Jan 17, 2001 at 09:52:34PM -0500, Eric Pilger wrote: > Go to join domain. > Enter "root" and appropriate password. > Wait a bit, get the following response: > > "The Account Used is a Computer Account. Use Your Global User Account or > Local User Account to Access the Server." > > Try again and get: > > "Procedure Number Out of Range." > > Try again and get: > > "The Account ..." > > and so on, ad infinitum. It also edits the smbpasswd file for me and > disables the machine entry. I had the exact same thing happen to me yesterday as I was setting up 2.2 CVS. I found that this behaviour went away once I left the trust account ("foobar$") entries in /etc/passwd (I always deleted them after running "smbpasswd -a -m" since for SAMBA with WinNT you don't have to have them there, and they really fill up your /etc/passwd). Incidentally, when these entries were removed from /etc/passwd, log.smbd contained a whole bunch of lines complaining about "foobar$" being unknown, and that the "smbpasswd" file was corrupt... As I see from others' posts, perhaps my sync password option is on. Wierd, I don't have that on in my smb.conf; perhaps it's on by default now... -- Maciej Kalisiak | | http://www.dgp.toronto.edu/~mac [McQ] PGP->finger|www; (0x39AC36F5) 9F BB 9E 11 F0 1E 5D 20 0B 31 3D 37 47 D0 67 C7 GE/CS d- s++:+ a- C++(+++) ULAI++ P+++ L+++ E+++ W++ N- o? K? !w--- O- M- V-- PS PE+ Y+ PGP+ t+ 5 !X-- R+ tv-- b+>++++ DI+ G+ e>+++>++++(*) h--- r+++ y? From truls.l.bergli at cc.uit.no Thu Jan 18 14:04:31 2001 From: truls.l.bergli at cc.uit.no (Truls L. Bergli) Date: Tue Dec 2 02:33:06 2003 Subject: Multiple netlogon shares? Message-ID: <3A66F7EF.38209786@cc.uit.no> Hi! I am wondering if this is possible: I want to have different policies on different machines in the same domain. How do i do that ? Ideas: - Multiple netlogon shares depending on which machine that connects - Mulitple policy files regarding which machine, (I cant see this solution) - Mulitple NIC in the samba-PDC machine with mulitple smbd too serve machines and the router directs clients too the right NIC - ???? Or am i missing something realy easy? Sincerly Truls L Bergli -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Truls L. Bergli # "The man who makes no mistakes # # truls.l.bergli@cc.uit.no # does not usually make anything"# # Tlf/Phn 7764 4124 # William Connor Magee # v2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From jbcurry at hline.localhealth.net Thu Jan 18 14:44:16 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:06 2003 Subject: Multiple netlogon shares? In-Reply-To: <3A66F7EF.38209786@cc.uit.no> Message-ID: Yep, you're missing something really easy. In your the config.pol file, you can create policies for individual users, individual machines, or groups. Use poledit to edit the config.pol file, and choose "Add Computer" to create a policy for a specific machine. The name used to identify the machine is the "Computer Name" as shown under the Identification Tab in the Network Control Panel of the machine you are identifying. > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Truls L. Bergli > Sent: Thursday, January 18, 2001 9:05 AM > To: samba-ntdom@samba.org > Subject: Multiple netlogon shares? > > > Hi! > > I am wondering if this is possible: > > I want to have different policies on different machines in the same > domain. How do i do that ? > > Ideas: > - Multiple netlogon shares depending on which machine that connects > - Mulitple policy files regarding which machine, (I cant see this > solution) > - Mulitple NIC in the samba-PDC machine with mulitple smbd too serve > machines and the router directs clients too the right NIC > - ???? > > Or am i missing something realy easy? > > Sincerly > Truls L Bergli > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > # Truls L. Bergli # "The man who makes no mistakes # > # truls.l.bergli@cc.uit.no # does not usually make anything"# > # Tlf/Phn 7764 4124 # William Connor Magee # > v2 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > > From hazen at potentia.ca Thu Jan 18 15:08:53 2001 From: hazen at potentia.ca (Hazen Valliant-Saunders) Date: Tue Dec 2 02:33:06 2003 Subject: Problems with the lates CVS In-Reply-To: <002301c0748a$9c37def0$426e7ec2@sax> Message-ID: Thx: Goit working oddly enough, the smb script does not function properly. i had already killed the processes manually or by using the following. (sometimes there were a few hundred daemons running). However i re-cvssed a newer version, and installed right on top of the old one and everything seems fine now. psline=`/bin/ps x | grep mbd | grep -v grep` kill -9 $psline Very Messy but very effictive for those run away memory leakes. If anyone modified the code between mon and wed could they send me the modifacation? or explain? Thanks again -----Original Message----- From: Erki Simson [mailto:sax@kodu.net] Sent: Tuesday, January 02, 2001 2:07 AM To: Hazen Valliant-Saunders Subject: Re: Problems with the lates CVS Hi! > And then i ran into these errors, oddly enough smbd won't run and this is > why. > [2001/01/17 17:47:43, 0] lib/util_sock.c:open_socket_in(858) > bind failed on port 139 socket_addr=0.0.0.0 (Address already in use) You might want to kill old smbd and nmbd processes first. Binding failure indicates that something is still running on port 139(netbios) --- Erki Simson network admin Reaalaja O? erki@realtime.ee tel: +372 6990685 gsm: +372 50 17646 -- The box said "Requires Win95, NT, -- -- or better," and so I installed Linux. -- From joeoltusa at juno.com Thu Jan 18 15:13:39 2001 From: joeoltusa at juno.com (Joe Olt) Date: Tue Dec 2 02:33:06 2003 Subject: smbpasswd file compatible between versions? Message-ID: <380675293.979830819047.JavaMail.root@web694-wra.mail.com> I have tried copying the smbpasswd file from a 2.2alpha1 to a 2.0.7, and it worked fine. ------Original Message------ From: Maciej Kalisiak Is the private/smbpasswd format compatible between versions? I was running an old 2.1 prealpha version of SAMBA, and now am trying 2.2 from cvs. Can I just use the old smbpasswd file? I've actually re-added all the machine trust accounts to it (foo$), but I don't want to readd users as I want to keep the users' old passwords. From gerrym at futuremetals.com Thu Jan 18 15:50:49 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:33:06 2003 Subject: smbclient question Message-ID: <3A6710D9.4F4545CE@futuremetals.com> Are you able to run commands a windows client with smbclient? (Would you be able to run a batch file on a windows box with smbclient) From paul at slaterandson.com Thu Jan 18 16:16:43 2001 From: paul at slaterandson.com (Paul Williams) Date: Tue Dec 2 02:33:06 2003 Subject: [Me too!] Re: nt printing Message-ID: <001e01c0816a$0c3573c0$c82210ac@chad.office.slaterandson.com> I'm having similar issues with an Epson inkjet printer. Please keep me in the loop on this one. -----Original Message----- From: Rajeev Agrawala To: samba-ntdom@samba.org Date: Wednesday, January 17, 2001 2:39 PM Subject: nt printing >I am using HEAD Branch from cvs. I am installing print drivers for NT. I >am having a few problems. > >I am connecting to the samba server as a user which maps to root on >samba server. > >I can install certain print drivers but not all. > >I installed a HP laserjet 5 si/mx PS driver on samba server and I can >access the driver from other NT machine connecting to samba as a guest. > >I tried to install some other printer drivers like HP laserjet 4M/MP >Postscript and Xerox N24/N32 PS2, the drivers got installed (atleast >that's what I belive). I can see the drivers in the drop down list of >drivers. But from the clients, when I try to connect to those printers, >I get a message that the server does not have a suitable driver >installed and I need to install the driver locally. Also from the >machine from where, I am installing the drivers, If I try to see the >properties of that printer, I get that driver for that printer are not >installed only, spool properties will be shown. And the properties >window pops up without the device setting tab. The property window shows >the correct driver name however. > >Please let me know, what is it that I am doing wrong? > >Thanks, > >rajeev > > From jeremy at valinux.com Thu Jan 18 17:12:42 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:06 2003 Subject: head branch and overwriting files References: <3A64D323.95F0D7F7@research.bell-labs.com> Message-ID: <3A67240A.F051158C@valinux.com> Rajeev Agrawala wrote: > > I am using the todays CVS from head branch. From the client (NT4) I am > connected as a user which is mapped to root on the Samba server. I can > create new files in the share, but I cannot overwrite the files. I get > access denied. The file permissions are 744 and owned by root on the > server. When I look at the file permissions from client side, I see root > has create read and write permissions. I cannot chnage the permissions > to Full control from client side. > > What do I need to do to fix this, Checkout again. I just fixed a bug in this area (thanks to SGI for their help in tracking this down). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From bgmilne at cae.co.za Mon Jan 15 18:14:43 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:06 2003 Subject: Windbind frustration Message-ID: <3A633E13.31E3355B@cae.co.za> I am hoping to do email authentication using winbind. Since I will be wanting to do point&click printing (on another machine) and W2k domain logins on the pdc (which is another samba box), I decided to try samba CVS. After compiling samba, I try "make nsswitch" and receive the following error message: make: *** No rule to make target `nsswitch/winbind.po' needed by `nsswitch/libnss_winbind.so Looking in the directory nsswitch I can't find a file -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From pmorin at lbi-group.com Fri Jan 19 13:58:35 2001 From: pmorin at lbi-group.com (Patrick Morin) Date: Tue Dec 2 02:33:06 2003 Subject: Problem W2K and Samba 2.0.7 Message-ID: <004001c0821f$eaed6f40$6e608bcf@lbigroup.com> Hy, First sorry for my very very bad english. I'm a "newbie" with Samba and I got a problem with Windows 2000 and Samba 2.0.7 I got a share on a AIX 4.2.1 machine, I can connect to the share on all my station NT and 98 but I got a new W2K machine and I see the share but I got a error message when I try to acess the share (The remote procedure call failed and did not execute) I change a registry key for the "cleartextpassword" and nothing append. Did you have a idee ????? Thanks !!!! Patrick Morin Sp?cialiste soutien technique Laporte et Blanchette Inc. 5125 Du Trianon, suite 440 Montr?al, Qu?bec, H1M 2S5 pmorin@lbi-group.com -------------- next part -------------- HTML attachment scrubbed and removed From peterc at brosystems.com Fri Jan 19 16:14:30 2001 From: peterc at brosystems.com (peterc) Date: Tue Dec 2 02:33:06 2003 Subject: NT4 Workstations failing to connect to the samba pdc FIX ! Message-ID: Hi, This is a fix for anyone else that might come across the above problem. I did get some help / suggestions from some of the people on this list (thank you all that tried to help me). Here is the final fix to my problem. situation was (to recap...) 1) Get the latest samba code and buildit as standard 2) Read the the PDC howto and follow it to the letter ! 3) create the machine in the /etc/passwd & smbpasswd files 4) create a user in the above files 5) join the domain all looks good so far .... 6) try to login and get the ERROR: The system was unable to log you on as the account for the computer does not exist or the password is wrong !) not word for word but thats the jist of it. The answer: The account names for my Client-Computers were too long! I shortened them down to 5 letters and they worked. How Strange ! Regards, Peter From jelmer at nl.linux.org Fri Jan 19 18:17:41 2001 From: jelmer at nl.linux.org (Jelmer Vernooij) Date: Tue Dec 2 02:33:06 2003 Subject: Problems with profiles Message-ID: <20010119191741.A925@nl.linux.org> Hi, I have finally found out why I got the errors I couldn't load a profile: I didn't have a correct 'ntuser.dat' in the directory of the user in the profiles share. Here's my next problem - and my last (I hope...): With NT Policy Editor, I can set the path of the Desktop, Start Menu, etc. These dirs are all set as subdirectories of %USERPROFILE%. However, my system is using some local directory! All other settings from the ntconfig.pol file are used properly. Some other things that don't work, but don't cause any problems, are these: using the /HOME mapping doesn't work and the users' full name seems to be "". Maybe this is caused by some bug in my own MySQL module? jelmer -- Jelmer Vernooij Host: charis.vernstok, an i686 running Linux 2.2.12-20 7:10pm up 51 min, 6 users, load average: 0.09, 0.09, 0.03 From sambastuff at jabba.glfc.com Fri Jan 19 18:24:09 2001 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:33:06 2003 Subject: Roaming Profiles Permission Problems CVS Branch2_2 today Message-ID: It seems when roaming profiles are writing out new directories in today's branch, it seems to give the permission 0000 to new files instead of 0700. Anyone else having this problem? brian From mac at dgp.toronto.edu Fri Jan 19 19:05:24 2001 From: mac at dgp.toronto.edu (Maciej Kalisiak) Date: Tue Dec 2 02:33:06 2003 Subject: Roaming Profiles Permission Problems CVS Branch2_2 today In-Reply-To: ; from sambastuff@jabba.glfc.com on Fri, Jan 19, 2001 at 01:24:09PM -0500 References: Message-ID: <20010119140524.A1746@khazad-dum> On Fri, Jan 19, 2001 at 01:24:09PM -0500, sambastuff@jabba.glfc.com wrote: > It seems when roaming profiles are writing out new directories in today's > branch, it seems to give the permission 0000 to new files instead of 0700. > > Anyone else having this problem? Same here! I'm using samba built from source last 'cvs updated' on Wednesday. I notice this only on Win2K boxes, not on NT4s. Perhaps in a related note, SAMBA seems to have trouble with 'chmod'ing the files when connected from Win2K boxes. I get a lot of these: [2001/01/17 21:07:12, 2] smbd/trans2.c:call_trans2setfilepathinfo(1962) chmod of anab/SendTo/(F) Zip 100 .LNK failed (Success) for a lot of files. Seems it's confused too: failed == success??? -- Maciej Kalisiak | | http://www.dgp.toronto.edu/~mac [McQ] PGP->finger|www; (0x39AC36F5) 9F BB 9E 11 F0 1E 5D 20 0B 31 3D 37 47 D0 67 C7 GE/CS d- s++:+ a- C++(+++) ULAI++ P+++ L+++ E+++ W++ N- o? K? !w--- O- M- V-- PS PE+ Y+ PGP+ t+ 5 !X-- R+ tv-- b+>++++ DI+ G+ e>+++>++++(*) h--- r+++ y? From jeremy at valinux.com Fri Jan 19 17:16:25 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:06 2003 Subject: Roaming Profiles Permission Problems CVS Branch2_2 today References: Message-ID: <3A687669.38FD9866@valinux.com> sambastuff@jabba.glfc.com wrote: > > It seems when roaming profiles are writing out new directories in today's > branch, it seems to give the permission 0000 to new files instead of 0700. > Can you send me a debug level 10 trace of the file creation part of the log please ? Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jeremy at valinux.com Fri Jan 19 17:17:00 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:06 2003 Subject: Roaming Profiles Permission Problems CVS Branch2_2 today References: <20010119140524.A1746@khazad-dum> Message-ID: <3A68768C.2AA2E2B0@valinux.com> Maciej Kalisiak wrote: > > Perhaps in a related note, SAMBA seems to have trouble with 'chmod'ing the > files when connected from Win2K boxes. I get a lot of these: > > [2001/01/17 21:07:12, 2] smbd/trans2.c:call_trans2setfilepathinfo(1962) > chmod of anab/SendTo/(F) Zip 100 .LNK failed (Success) > > for a lot of files. Seems it's confused too: failed == success??? This was a bug I fixed on Wed. CVS update. Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From timothy_d_cole at md.northgrum.com Fri Jan 19 19:24:05 2001 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:33:06 2003 Subject: Roaming Profiles Permission Problems CVS Branch2_2 today Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F471EC@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Maciej Kalisiak [SMTP:mac@dgp.toronto.edu] > Sent: Friday, January 19, 2001 14:05 > To: sambastuff@jabba.glfc.com > Cc: samba-ntdom@us5.samba.org > Subject: Re: Roaming Profiles Permission Problems CVS Branch2_2 today > > On Fri, Jan 19, 2001 at 01:24:09PM -0500, sambastuff@jabba.glfc.com wrote: > > It seems when roaming profiles are writing out new directories in > today's > > branch, it seems to give the permission 0000 to new files instead of > 0700. > > > > Anyone else having this problem? > > Same here! I'm using samba built from source last 'cvs updated' on > Wednesday. > I notice this only on Win2K boxes, not on NT4s. > > Perhaps in a related note, SAMBA seems to have trouble with 'chmod'ing the > files when connected from Win2K boxes. I get a lot of these: > > [2001/01/17 21:07:12, 2] smbd/trans2.c:call_trans2setfilepathinfo(1962) > chmod of anab/SendTo/(F) Zip 100 .LNK failed (Success) > > for a lot of files. Seems it's confused too: failed == success??? > Sounds like something may be mangling errno before the debug message is output, perhaps by calling another function that sets errno. strerror(0) is "Success" on most systems. From Charles.Curley-1 at ksc.nasa.gov Fri Jan 19 21:52:58 2001 From: Charles.Curley-1 at ksc.nasa.gov (Charles Curley) Date: Tue Dec 2 02:33:06 2003 Subject: help Message-ID: <000001c08262$30276d30$dd4dd980@ksc.nasa.gov> -------------- next part -------------- HTML attachment scrubbed and removed From rajeeva at research.bell-labs.com Fri Jan 19 22:34:52 2001 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:33:06 2003 Subject: sending message to printer running windows Message-ID: <3A68C10C.6CB1FFE0@research.bell-labs.com> Hi, Is it possible to send a message to a PC running windows from a Linux machine running samba? Thanks, rajeev From timothy_d_cole at md.northgrum.com Fri Jan 19 22:40:57 2001 From: timothy_d_cole at md.northgrum.com (Cole, Timothy D.) Date: Tue Dec 2 02:33:06 2003 Subject: sending message to printer running windows Message-ID: <51FBD4A8EFD9D111BA7300A0C927DADB03F471EE@xcgmd008.md.essd.northgrum.com> > -----Original Message----- > From: Rajeev Agrawala [SMTP:rajeeva@research.bell-labs.com] > Sent: Friday, January 19, 2001 17:35 > To: samba-ntdom@samba.org > Subject: sending message to printer running windows > > Hi, > > Is it possible to send a message to a PC running windows from a Linux > machine running samba? > > Thanks, > > rajeev > try: echo "message" | smbclient -M PC_NETBIOS_NAME_HERE -U "from" -I "to" The limit on message length is 1600 characters. -U and -I are optional and purely cosmetic. From kallsen at e101.com Fri Jan 19 22:40:58 2001 From: kallsen at e101.com (Kevin Kallsen @ E101.com) Date: Tue Dec 2 02:33:06 2003 Subject: SAMBA 2.2 Message-ID: I downloaded samba 2.2 via cvs and followed the howto step by step for ./confige and make. But it did not take. I run mandrake 7.2 and it says I am still running samba 2.0.7. Where did I goof? Don' let my simple question fool you -- I am a newbie . Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1472 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010119/131fd6b9/winmail.bin From willy.coppens at eurostation.be Fri Jan 19 23:38:31 2001 From: willy.coppens at eurostation.be (Willy Coppens) Date: Tue Dec 2 02:33:06 2003 Subject: Uploading printer drivers samba2_2 Message-ID: Hi, Startingpoint is samba2_2 CVS from 19.12.2000 I read the PRINTER_DRIVER2.TXT, created the share print$ with is sub directory W32X86. We then created a printer HPLJ8000DN_1_2 on our linuxbox and his share in samba. Samba is also PDC. When i am right we can use the NT add printer wizard to upload the printerdrivers in samba. Untill now it doesn't work. When we want to add the printer with the NT APW, this is what we get. In the NT APW select network print server whe see the printer LIN\\LIN\HPLJ8000DN_1_2 NO DRIVER AVAILABLE FOR THIS PRINTER (seems right) When we select the printer We get "The server on which the printer resides does not have a suitable NO DRIVER AVAILABLE FOR THIS PRINTER printer driver installed. Click on OK if you wish to install the driver on your local machine" select OK we than have "File Needed : Printer driver INF for NO DRIVER AVAILABLE FOR TH" "the file '*.INF on (unknown) is needed" "Type the path where the file is located and click ok" "Copy files from" I select hp8000ps so I get in the window I:\winnt\english\oemsetup select OK Here after we get the message "Printer driver setup error. the printer driver is unknown" Yes I am logged in as root. What can be the problem, or better how can we resolve the upload problem. Is there more to do than there is explained in PRINTER_DRIVER2.TXT Best Regards Willy Coppens IT NV EUROSTATION From armand at welshhome.org Fri Jan 19 17:21:52 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:06 2003 Subject: smbclient question References: <3A6710D9.4F4545CE@futuremetals.com> Message-ID: <002001c0823c$50794f70$6602a8c0@nelson> *This message was transferred with a trial version of CommuniGate(tm) Pro* no, not possible. if rpc for NT is working, in theory, a command could be sent to an nt box, to do so, but non NT(2K) windows machines don't support this, and smbclient doesn't support this.... ----- Original Message ----- From: "Gerry Maddock" To: "NTSAMBA" Sent: Thursday, January 18, 2001 7:50 AM Subject: smbclient question > Are you able to run commands a windows client with smbclient? > (Would you be able to run a batch file on a windows box with smbclient) > > > From simo.sorce at polimi.it Sat Jan 20 07:47:30 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:06 2003 Subject: sending message to printer running windows In-Reply-To: <3A68C10C.6CB1FFE0@research.bell-labs.com> Message-ID: On Fri, 19 Jan 2001, Rajeev Agrawala wrote: > Hi, > > Is it possible to send a message to a PC running windows from a Linux > machine running samba? > see smbclient (on win9x you must have winpopup activated) -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From pbocek at iol.cz Sat Jan 20 08:42:54 2001 From: pbocek at iol.cz (Pavel Bocek) Date: Tue Dec 2 02:33:06 2003 Subject: SAMBA 2.2 References: Message-ID: <004201c082bc$fda845e0$0500a8c0@kayak> Hi! You have probably SAMBA installed with your Linux distribution. Official samba use other file locations - /usr/local/samba. You have to uninstall the old one.... Pavel ----- Original Message ----- From: "Kevin Kallsen @ E101.com" To: Sent: Friday, January 19, 2001 11:40 PM Subject: SAMBA 2.2 > I downloaded samba 2.2 via cvs and followed the howto step by step for > ./confige and make. But it did not take. I run mandrake 7.2 and it says I > am still running samba 2.0.7. Where did I goof? Don' let my simple > question fool you -- I am a newbie . > > Kevin > From acthorsen at students.wisc.edu Fri Jan 19 20:48:19 2001 From: acthorsen at students.wisc.edu (Anders C. Thorsen) Date: Tue Dec 2 02:33:06 2003 Subject: recylcer on shares In-Reply-To: <000001c08008$a3ff5fd0$3401a8c0@workstation_1a.ish.de> Message-ID: <000d01c082c5$dffb9930$3202a8c0@thorsen.dhs.org> Samba has no such feature, altoug you should look at the HEAD branch's VFS, where it could be implemented. (it was designed for smb access to tapes :) [begin out of topic part] Just a curious question regarding Recycler on shares / network-drive. Ho do you get this on NT Machines? (3rd party software?) [end out of topic part] --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Ralf Huelsmann Sent: Tuesday, January 16, 2001 11:07 PM To: Samba - Ntdom Mailingliste Subject: recylcer on shares hi ! on a win nt-server / netwrok i have a recylcer on every network-drive / share. how can i set up this on samba shares ? (we?re using 2.0.7 / TNG and 2_2_CVS) greetings ralf --- Ralf Huelsmann Kempen Germany Office: http://www.ish.de/ r_huelsmann@ish.de phone +49 2152 962010 fax +49 2152 962009 Mobile: r_huelsmann@bigfoot.com phone +49 171 2170401 From I.Marmaridis at uws.edu.au Sat Jan 20 14:16:54 2001 From: I.Marmaridis at uws.edu.au (Makis Marmaridis) Date: Tue Dec 2 02:33:06 2003 Subject: SAMBA 2.2 In-Reply-To: <004201c082bc$fda845e0$0500a8c0@kayak> Message-ID: <013901c082eb$a514c0a0$23499a89@pclan2> Alternatively, you can just go into /usr/sbin and delete smbd and nmbd (which are the old versions of samba that most likely came bundled with your distritution (you can use ./smbd -V to verify the version of those files). Then just make a soft symbolic link (check man ls for the exact syntax) to the new set of binaries (the new smbd and nmbd) that by default should reside in /usr/local/samba/bin/ directory. Of course uninstalling the older version is the proper way of doing things (but there is more than one way to skin a cat). HTH, Cheers, Makis. > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Pavel Bocek > Sent: Saturday, 20 January 2001 7:43 PM > To: samba-ntdom@us5.samba.org > Subject: Re: SAMBA 2.2 > > > Hi! > > You have probably SAMBA installed with your Linux distribution. > Official samba use other file locations - /usr/local/samba. > > You have to uninstall the old one.... > > > Pavel > > ----- Original Message ----- > From: "Kevin Kallsen @ E101.com" > To: > Sent: Friday, January 19, 2001 11:40 PM > Subject: SAMBA 2.2 > > > > I downloaded samba 2.2 via cvs and followed the howto step > by step for > > ./confige and make. But it did not take. I run mandrake > 7.2 and it says I > > am still running samba 2.0.7. Where did I goof? Don' let my simple > > question fool you -- I am a newbie . > > > > Kevin > > > > From vmurty at i2.com Sun Jan 21 01:10:41 2001 From: vmurty at i2.com (Venkat Murty) Date: Tue Dec 2 02:33:06 2003 Subject: Joining the domain - help Message-ID: <200101210110.TAA14145@sun4k7.i2.com> CVS Branch: SAMBA_2_2 (today afternoon). When i am trying to join/add a w2k machine (SHIV) to a Samba PDC (PDC), a linux m/c. I get the following error: The following error occured attempting to join the domain NET The account used is a computer account. Use a global user account or a local user account to access this server. This is what I did on the w2k m/c: Network and Dialup Connections ->Advanced -> Network Identification -> Properties: Selected Domain and entered domain name NET. When promted for the user name & password, entered username: root password: root password in the unix machine. When I expand "Entire Network" I am able to see the domain NET and the server PDC. When expanded further it asks for username & password. If i enter username: root password: root' password I am able to see the shares on my Linux (PDC) box, root's home directory and tmp directory. I am following the instructions in "The samba 2.2 PDC HowTo" & "The Samba 2.2 PDC FAQ". I have created a machine account: # adduser -g machines -c "Machine" -d /dev/null -n SHIV$ # smbpasswd -a -m SHIV$ Added the root user using smbpasswd # smbpasswd -a root The smb.conf is the almost the same as the smb.conf.default with the PDC as the master (local & domain master = yes & os level = 64) and the following line: domain admin group = @root i.e. adding root (belonging to the group root) to admin group. What am i doing wrong? Any help will be appreciated, thanks. From praxis at eskimo.com Sun Jan 21 01:51:15 2001 From: praxis at eskimo.com (Chris Fischer) Date: Tue Dec 2 02:33:06 2003 Subject: Joining Domain with W2K Fails with 'wins server =' Option Set Message-ID: <01012017511502.03597@chrisf.protek.cc> Hi, It took the longest time, but I finally figured out why I could not get W2K to join a domain. Turns out the culprit is the 'wins server =' option. If I set this to the IP of the Samba server I get the following error: "The specified domain either does not exist or could not be contacted". Commenting out 'wins server =' then restarting Samba allowed me to finally join a domain. Problem is that I need Wins support. Of interst may be an excerpt from log.nmbd when 'wins server = 192.168.67.10' is turned on: ***** Samba name server CHRISF is now a local master browser for workgroup C21 on subnet 192.168.67.10 ***** [2001/01/20 17:30:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.67.46: code = 0x12 [2001/01/20 17:30:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.67.46: code = 0x12 [2001/01/20 17:30:15, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name ^A^B__MSBROWSE__^B<01> from IP 192.168.67.46 on subnet UNICAST_SUBNET. [2001/01/20 17:30:15, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server So, is there a way for me to have my cake and eat it too? :-) Regards, Chris From anders at cwd.no Sun Jan 21 03:51:56 2001 From: anders at cwd.no (Anders C. Thorsen) Date: Tue Dec 2 02:33:06 2003 Subject: Joining Domain with W2K Fails with 'wins server =' Option Set In-Reply-To: <01012017511502.03597@chrisf.protek.cc> Message-ID: <000401c0835d$804b4e70$3202a8c0@thorsen.dhs.org> don't point wins server = at the server itself! (PS: The documentation warns against this.. ) --Anders -----Original Message----- From: samba-ntdom-admin@us5.samba.org [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Chris Fischer Sent: Sunday, January 21, 2001 2:51 AM To: samba-ntdom Subject: Joining Domain with W2K Fails with 'wins server =' Option Set Hi, It took the longest time, but I finally figured out why I could not get W2K to join a domain. Turns out the culprit is the 'wins server =' option. If I set this to the IP of the Samba server I get the following error: "The specified domain either does not exist or could not be contacted". Commenting out 'wins server =' then restarting Samba allowed me to finally join a domain. Problem is that I need Wins support. Of interst may be an excerpt from log.nmbd when 'wins server = 192.168.67.10' is turned on: ***** Samba name server CHRISF is now a local master browser for workgroup C21 on subnet 192.168.67.10 ***** [2001/01/20 17:30:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.67.46: code = 0x12 [2001/01/20 17:30:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) process_logon_packet: Logon from 192.168.67.46: code = 0x12 [2001/01/20 17:30:15, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) process_name_refresh_request: unicast name registration request received for name ^A^B__MSBROWSE__^B<01> from IP 192.168.67.46 on subnet UNICAST_SUBNET. [2001/01/20 17:30:15, 0] nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) Error - should be sent to WINS server So, is there a way for me to have my cake and eat it too? :-) Regards, Chris From praxis at eskimo.com Sun Jan 21 04:09:36 2001 From: praxis at eskimo.com (Chris Fischer) Date: Tue Dec 2 02:33:06 2003 Subject: Joining Domain with W2K Fails with 'wins server =' Option Set In-Reply-To: <000401c0835d$804b4e70$3202a8c0@thorsen.dhs.org> References: <000401c0835d$804b4e70$3202a8c0@thorsen.dhs.org> Message-ID: <01012020093602.04423@chrisf.protek.cc> Well, don't I feel silly now. :-) I didn't notice in the docs, but now that you mention it, it's rather obvious. Isn't hindsight great. Thanks, Chris On Saturday 20 January 2001 19:51, Anders C. Thorsen wrote: > don't point wins server = > at the server itself! (PS: The documentation warns against this.. ) > > --Anders > > -----Original Message----- > From: samba-ntdom-admin@us5.samba.org > [mailto:samba-ntdom-admin@us5.samba.org]On Behalf Of Chris Fischer > Sent: Sunday, January 21, 2001 2:51 AM > To: samba-ntdom > Subject: Joining Domain with W2K Fails with 'wins server =' Option Set > > > Hi, > > It took the longest time, but I finally figured out why I could not get W2K > to join a domain. Turns out the culprit is the 'wins server =' option. If I > set this to the IP of the Samba server I get the following error: > > "The specified domain either does not exist or could not be contacted". > Commenting out 'wins server =' then restarting Samba allowed me to finally > join a domain. Problem is that I need Wins support. > > Of interst may be an excerpt from log.nmbd when 'wins server = > 192.168.67.10' > is turned on: > > ***** > > Samba name server CHRISF is now a local master browser for workgroup C21 > on > subnet 192.168.67.10 > > ***** > [2001/01/20 17:30:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 192.168.67.46: code = 0x12 > [2001/01/20 17:30:13, 1] nmbd/nmbd_processlogon.c:process_logon_packet(70) > process_logon_packet: Logon from 192.168.67.46: code = 0x12 > [2001/01/20 17:30:15, 0] > nmbd/nmbd_incomingrequests.c:process_name_refresh_request(180) > process_name_refresh_request: unicast name registration request received > for name ^A^B__MSBROWSE__^B<01> from IP 192.168.67.46 on subnet > UNICAST_SUBNET. > [2001/01/20 17:30:15, 0] > nmbd/nmbd_incomingrequests.c:process_name_refresh_request(181) > Error - should be sent to WINS server > > > So, is there a way for me to have my cake and eat it too? :-) > > Regards, > > Chris From D.Bannon at latrobe.edu.au Sun Jan 21 06:52:47 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:06 2003 Subject: NT4 Workstations failing to connect to the samba pdc FIX ! In-Reply-To: Message-ID: <3.0.6.32.20010121175247.007b4ab0@bioserve.latrobe.edu.au> At 04:14 PM 19/1/2001 -0000, peterc wrote: >Hi, > 6) try to login and get the ERROR: > The system was unable to log you on as the account for the computer > .... > The account names for my Client-Computers were too long! > I shortened them down to 5 letters and they worked. How Strange ! Peter, have you gone back and forwards to confirm this ? All my testing was done with quite short names .... I don't have access to a testing setup at the moment, just changed jobs and don't have anything set up yet. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From peter.milburn at sofcom.com.au Mon Jan 22 06:13:42 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:06 2003 Subject: samba 2.2 Message-ID: Has anyone had any success in using 2.2 alpha ? I am configuring as per the doco from samba.org, On the windows 2000 machine, when trying to join the domain, I get the following error. Your computer could not join the domain becuase of the following error: The credentials supplied conflict with an existing set of credentials Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From jbrown at db2000.com Mon Jan 22 09:01:55 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:06 2003 Subject: Profile Permission Problems from Win2k Message-ID: Greetings, I have Samba 2.2 alpha-1 - got it from cvs last week. Then saw where there might be some bugs fixed and updated it this morning. Still having same problem though... When win2k copies the profile to the server, some of the directories are being assigned permissions of 0000 instead of 0700. I noticed that a couple of other people seem to be having the same problem. I have tried many different things, some with random success, some with no success - too many things to explain now.... Does anyone have any ideas on this? I am under a deadline, and about to loose my mind!! thanks, Jonathan Brown -------------- next part -------------- HTML attachment scrubbed and removed From simo.sorce at polimi.it Mon Jan 22 09:28:25 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:06 2003 Subject: samba 2.2 In-Reply-To: Message-ID: On Mon, 22 Jan 2001, Peter Milburn wrote: > > Has anyone had any success in using 2.2 alpha ? I am configuring as per the > doco from samba.org, On the windows 2000 machine, when trying to join the > domain, I get the following error. > > Your computer could not join the domain becuase of the following error: > > The credentials supplied conflict with an existing set of > credentials Yes, people succeded. Your error is common (and seen also under NT4). The errror means that before joining the domain you have made a connection to the domain controller (browsed/mapped a share ....). Reboot your windows machine just before joining and after the boot immediately join the domain without connecting anywhere. After you joined, you may connect where you want. hope this helps, Simo. -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From pdeliot at ocare.com Mon Jan 22 10:09:28 2001 From: pdeliot at ocare.com (Pascal Deliot) Date: Tue Dec 2 02:33:06 2003 Subject: samba 2.2 References: Message-ID: <3A6C06D8.9000209@ocare.com> I have a similar problem. I have solved credential conflicts but i still have a problem about a "function number out of range". I making tests on a 2.8 Solaris on sparc and the last cvs of Samba 2.2. The client machine is under french W2K Pro. Thanks Simo Sorce wrote: > On Mon, 22 Jan 2001, Peter Milburn wrote: > > >> Has anyone had any success in using 2.2 alpha ? I am configuring as per the >> doco from samba.org, On the windows 2000 machine, when trying to join the >> domain, I get the following error. >> >> Your computer could not join the domain becuase of the following error: >> >> The credentials supplied conflict with an existing set of >> credentials > > > Yes, people succeded. > Your error is common (and seen also under NT4). > The errror means that before joining the domain you have made a connection > to the domain controller (browsed/mapped a share ....). > Reboot your windows machine just before joining and after the boot > immediately join the domain without connecting anywhere. > After you joined, you may connect where you want. > > hope this helps, > Simo. From D.Bannon at latrobe.edu.au Mon Jan 22 10:39:09 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:06 2003 Subject: samba 2.2 In-Reply-To: Message-ID: <3.0.6.32.20010122213909.007bed20@bioserve.latrobe.edu.au> At 05:13 PM 22/1/2001 +1100, Peter Milburn wrote: > >Has anyone had any success in using 2.2 alpha ? I am configuring as per the >doco from samba.org, On the windows 2000 machine, when trying to join the >domain, I get the following error. > >Your computer could not join the domain becuase of the following error: > > The credentials supplied conflict with an existing set of >credentials That usually happens when you already have a connection to the server using another name. Typically, if you already were connected to a workgroup of the same name as the domain you are using... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From dbarnes at mania.physics.swin.edu.au Mon Jan 22 11:40:22 2001 From: dbarnes at mania.physics.swin.edu.au (David Barnes) Date: Tue Dec 2 02:33:07 2003 Subject: Roaming profiles flakey. Message-ID: <200101221140.f0MBeMm00660@mania.physics.swin.edu.au> I hope someone can help me out here... I have a Linux box running Samba 2.0.6 set up as what I think is an NT PDC. I am moving users over to its domain (eg "DOMAIN2") from an older machine (eg "DOMAIN1"). For a completely new user, who was not known to DOMAIN1, everything works fine. Her NT profile is stored, updated, and correctly read from ~username/.ntprofiles for all NT boxes in DOMAIN2, as I have the following in smb.conf: logon path = \\tin\%U\.ntprofile For me, I spent about a day trying to work out why my profile wasn't being updated on ~me/.ntprofiles, after I changed my NT box's domain to DOMAIN2. It turned out after much lost time that I needed to log in to the NT box as Admin., delete all profiles other than Admin's using the Control Panel->System->User Profiles tab, delete my .ntprofile directory completely, and then try logging in again. After all this was done, my profile now stores, updates and is correctly read from ~me/.ntprofile for all NT boxes in DOMAIN2. However, I have repeated this procedure till I am blue in the face for a third user who was known to DOMAIN1, and have had no luck. Every log in to DOMAIN2 (and now also DOMAIN1) he gets the "Welcome To Windows" window, and if the trashcan is moved on the Desktop for example, the Desktop folder in ~him/.ntprofile appears to be updated (looking at the date/time) but next login the trashcan is back where it was, and nothing has changed. What could it be? What do I have to do? The only thing left which has not been done for this user is reentry of a new password on the PDC running DOMAIN2. ie. I copied the smbpasswd file from the PDC of DOMAIN1 to the PDC of DOMAIN2, and probably made myself a new entry with smbpasswd -a me, but haven't done so for him. Could this possibly be it? I guess I'll try tomorrow morning, but does anyone have any other ideas? Desperate! thanks - David Barnes, Centre for Astrophysics & Supercomputing Swinburne University of Technology. From ctooley at amoa.org Mon Jan 22 15:18:46 2001 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:33:07 2003 Subject: Mac OS X Message-ID: <862569DC.00538030.00@amoa.org> I'm in the position of having to integrate a Mac into an all Windows network. I'm tempted to ask them to hold off on the integration (and run standalone for a couple monthes) until the release of OS X. At that time I'd at least know something about the OS and how to use it. What I'm wondering is if there is a release of Samba for OS X and if so how well is integrated into the system. I'm just feeling out the waters to see where it sets before I commit to where I want to take my stand on the Mac in the first place. Thanks Chris Tooley From steeve at eps.mcgill.ca Mon Jan 22 15:25:58 2001 From: steeve at eps.mcgill.ca (Steeve) Date: Tue Dec 2 02:33:07 2003 Subject: Mac OS X References: <862569DC.00538030.00@amoa.org> Message-ID: <3A6C5106.523804BC@eps.mcgill.ca> ctooley@amoa.org wrote: > > I'm in the position of having to integrate a Mac into an all Windows network. > I'm tempted to ask them to hold off on the integration (and run standalone for a > couple monthes) until the release of OS X. At that time I'd at least know > something about the OS and how to use it. What I'm wondering is if there is a > release of Samba for OS X and if so how well is integrated into the system. > > I'm just feeling out the waters to see where it sets before I commit to where I > want to take my stand on the Mac in the first place. There's a shareware client for Mac called 'Dave', AFAIR. -- steeve SysAdmin EPS McGill University Mtl Qc :wq From ken at hudat.com Mon Jan 22 15:36:56 2001 From: ken at hudat.com (Kendrick Vargas) Date: Tue Dec 2 02:33:07 2003 Subject: Mac OS X In-Reply-To: <862569DC.00538030.00@amoa.org> Message-ID: On Mon, 22 Jan 2001 ctooley@amoa.org wrote: > I'm in the position of having to integrate a Mac into an all Windows > network. I'm tempted to ask them to hold off on the integration (and > run standalone for a couple monthes) until the release of OS X. At > that time I'd at least know something about the OS and how to use it. > What I'm wondering is if there is a release of Samba for OS X and if > so how well is integrated into the system. > > I'm just feeling out the waters to see where it sets before I commit > to where I want to take my stand on the Mac in the first place. Are you gonna stick a Samba server on this mac? Somehow I doubt this :-) MacOS X is based on BSD, and it can do NFS natively. I think this would be your best bet. If you need to share from unix boxes to MacOS X, just use NFS. -peace --- BEGIN GEEK CODE BLOCK ----------+---------- GAT d- s:+ !a C++$ UL/S/I/B++++$ P+ | "In the ongoing battle between objects L++ E- W+(+++) N K- w(---) O-- M@ | made of aluminum going hundreds of V(--) PS+++ PE Y+ PGP@ t++ 5 X+ R- | miles per hour and the ground going tv+ b- DI++++ D+(+++) G e>++ h--- | zero, the ground has yet to lose." r++ z+>+++ - END GEEK CODE BLOCK ---+ From greg at discreet.com Mon Jan 22 15:40:17 2001 From: greg at discreet.com (Greg Dickie) Date: Tue Dec 2 02:33:07 2003 Subject: Mac OS X In-Reply-To: <3A6C5106.523804BC@eps.mcgill.ca> Message-ID: It's not shareware. What you can do is run netatalk on the server that you are running samba on (if it's linux) and ypu'll be able to share shares,printer,etc. HTH, Greg On 22-Jan-01 Steeve wrote: > > > ctooley@amoa.org wrote: >> >> I'm in the position of having to integrate a Mac into an all Windows >> network. >> I'm tempted to ask them to hold off on the integration (and run standalone >> for a >> couple monthes) until the release of OS X. At that time I'd at least know >> something about the OS and how to use it. What I'm wondering is if there is >> a >> release of Samba for OS X and if so how well is integrated into the system. >> >> I'm just feeling out the waters to see where it sets before I commit to >> where I >> want to take my stand on the Mac in the first place. > > There's a shareware client for Mac called 'Dave', AFAIR. > > -- > steeve SysAdmin EPS McGill University Mtl Qc >:wq --------------------------------------------------------------------- Greg Dickie just a guy greg@discreet.com From rajeeva at research.bell-labs.com Mon Jan 22 16:33:11 2001 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:33:07 2003 Subject: nt printing References: <3A661E81.DFB10567@research.bell-labs.com> Message-ID: <3A6C60C7.E14B9BA@research.bell-labs.com> Hi, I did not get any reply to this earlier so I am posting this again. I have updated samba installation to latest from CVS. When I add a new printer driver for NT, files are copied to the samba server print$/W32X86 share, but after file copying is done, I get the message, "Unable to change to the specified driver, original settings will be restored". This does not happen with all printer drivers, but for more than 50% printers, I am having this problem. TIA, rajeev Rajeev Agrawala wrote: > > I am using HEAD Branch from cvs. I am installing print drivers for NT. I > am having a few problems. > > I am connecting to the samba server as a user which maps to root on > samba server. > > I can install certain print drivers but not all. > > I installed a HP laserjet 5 si/mx PS driver on samba server and I can > access the driver from other NT machine connecting to samba as a guest. > > I tried to install some other printer drivers like HP laserjet 4M/MP > Postscript and Xerox N24/N32 PS2, the drivers got installed (atleast > that's what I belive). I can see the drivers in the drop down list of > drivers. But from the clients, when I try to connect to those printers, > I get a message that the server does not have a suitable driver > installed and I need to install the driver locally. Also from the > machine from where, I am installing the drivers, If I try to see the > properties of that printer, I get that driver for that printer are not > installed only, spool properties will be shown. And the properties > window pops up without the device setting tab. The property window shows > the correct driver name however. > > Please let me know, what is it that I am doing wrong? > > Thanks, > > rajeev From ctooley at amoa.org Mon Jan 22 17:30:28 2001 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:33:07 2003 Subject: Mac OS X Message-ID: <862569DC.005F8EAA.00@amoa.org> Do you know if this is able to become a member of a Samba controlled domain? Chris Tooley "Robert Jonsson" on 01/22/2001 11:54:48 AM To: Chris Tooley/AMOA@AMOA cc: Subject: Re: Mac OS X >-------- ORIGINAL MESSAGE BELOW -------- > > >I'm in the position of having to integrate a Mac into an all Windows network. >I'm tempted to ask them to hold off on the integration (and run standalone for a >couple monthes) until the release of OS X. At that time I'd at least know >something about the OS and how to use it. What I'm wondering is if there is a >release of Samba for OS X and if so how well is integrated into the system. > >I'm just feeling out the waters to see where it sets before I commit to where I >want to take my stand on the Mac in the first place. > There is a port of Samba for OS X. I can't remember where I got it, but it was on one of the large OSX-sites. I have it up and running and it works fine. You should be able to find it with a quick search on Google. /R From jeremy at valinux.com Mon Jan 22 15:55:49 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:07 2003 Subject: Mac OS X References: Message-ID: <3A6C5805.1822582E@valinux.com> > ctooley@amoa.org wrote: > > I'm in the position of having to integrate a Mac into an all Windows > network. > I'm tempted to ask them to hold off on the integration (and run standalone > for a > couple monthes) until the release of OS X. At that time I'd at least know > something about the OS and how to use it. What I'm wondering is if there is > a > release of Samba for OS X and if so how well is integrated into the system. > > I'm just feeling out the waters to see where it sets before I commit to > where I > want to take my stand on the Mac in the first place. You might want to ask Apple this question. You might be very interested in their reply. Regards, Jeremy Allison, Samba Team. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From JasonH at KXTV.COM Mon Jan 22 19:22:45 2001 From: JasonH at KXTV.COM (Jason Hammond (Ex)) Date: Tue Dec 2 02:33:07 2003 Subject: pc drive mapping Message-ID: I have a standalone linux box that is running samba. I am trying to map a drive to the server with the username that I have created for that share. what is the syntax for mapping to a samba share from a pc. I am of course a linux newbe. any info is appreciated. Jason -------------- next part -------------- HTML attachment scrubbed and removed From garcian002 at hawaii.rr.com Mon Jan 22 19:49:21 2001 From: garcian002 at hawaii.rr.com (Nelson Garcia) Date: Tue Dec 2 02:33:07 2003 Subject: pc drive mapping References: Message-ID: <002b01c084ac$6c146090$8122050a@cpf.navy.mil> pc drive mappingI have a share setup in my smb.conf like this: [personal] comment = Personal Folder path = /home/samba/personal/%U public = no directory mask = 0700 create mask = 0700 The %U is the user name. Then I make sure that I have a folder '/home/samba/personal/ for each samba user. I'm writing this from memory, so I'm not sure if that's exactly how mine reads, but you get the picture. Aloha, Nelson ----- Original Message ----- From: Jason Hammond (Ex) To: samba-ntdom@samba.org Sent: Monday, January 22, 2001 09:22 AM Subject: pc drive mapping I have a standalone linux box that is running samba. I am trying to map a drive to the server with the username that I have created for that share. what is the syntax for mapping to a samba share from a pc. I am of course a linux newbe. any info is appreciated. Jason -------------- next part -------------- HTML attachment scrubbed and removed From D.Bannon at latrobe.edu.au Mon Jan 22 21:33:43 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:07 2003 Subject: Mac OS X In-Reply-To: <862569DC.005F8EAA.00@amoa.org> Message-ID: <3.0.6.32.20010123083343.008cc730@bioserve.latrobe.edu.au> At 11:30 AM 22-01-01 -0600, ctooley@amoa.org wrote: > > >Do you know if this is able to become a member of a Samba controlled domain? > >.. [Dave] Not in an NT sense. It offers no local security although I've seen some scripts that try to address that. It works more like a w95 and its certainly a bit clumsy. I've used it for a couple of Mac users but they never really came to grips with it, just muddled along. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From peter.milburn at sofcom.com.au Mon Jan 22 21:39:23 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:07 2003 Subject: samba 2.2 Message-ID: I have fixed the error with the creditials, when I reboot, and try to join the domain, I now get the following error. no mapping between account names and security ID's was done. Also does 2.07 support being a PDC or is it only 2.2 Thanks -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From kevinc at grainsystems.com Mon Jan 22 21:38:08 2001 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:33:07 2003 Subject: (no subject) References: Message-ID: <3A6CA840.BE90E76A@grainsystems.com> Jean Francois Micouleau wrote: > On Mon, 15 Jan 2001, Adam Read wrote: > > > > Of course, getting winbind and getting it to work is another story. CVS > > of HEAD nor 2.2 work, and I had to grab it by making it from the TNG > > CVS(Please fix this, its a make problem). > > no it's not a makefile problem. The winbind code included in HEAD and 2.2 > is way outdated. If you want winbind grab the APPLIANCE_TNG branch. > Merging winbind to HEAD or 2.2 is a rather complex and boring task. We are trying to implement winbind currently, and are having no luck even finding it. There is an RPM built for RH that we have tried to no avail (passwords never seem to be valid), but I have seen posts that say to not use anything other than CVS. Okay. However, they refer to either "APPLIANCE_TNG" or "APPLIANCE_HEAD", neither of which seem to exist on pserver.samba.org's /cvsroot. We are currently trying, as Adam did, to use TNG's version. Will the real winbind please stand up? - Kevin Colby kevinc@grainsystems.com From D.Bannon at latrobe.edu.au Mon Jan 22 22:00:26 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:07 2003 Subject: samba 2.2 In-Reply-To: Message-ID: <3.0.6.32.20010123090026.008cfd30@bioserve.latrobe.edu.au> At 08:39 AM 23-01-01 +1100, Peter Milburn wrote: > > >Also does 2.07 support being a PDC or is it only 2.2 > 207 will not do PDC for W2000, does reasonable job with NT4. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From Michael.Homsey at tip.csiro.au Mon Jan 22 22:05:22 2001 From: Michael.Homsey at tip.csiro.au (Homsey, Michael (TIP, Epping)) Date: Tue Dec 2 02:33:07 2003 Subject: samba in a win2k ad domain Message-ID: This may have been answered already but ... I attempting to have a solaris samba server appear in a windows 2000 active directory domain. Configuring to have samba authenticate against the domain. win2k ad can talk ntlm to down level servers (normally goes the kerberos route), but how ... pointers v welcome regards, Michael Homsey From samba at grayassociates.net Mon Jan 22 22:25:16 2001 From: samba at grayassociates.net (Rich Forman) Date: Tue Dec 2 02:33:07 2003 Subject: Samba PDC Message-ID: <000001c084c2$32ebf420$0a01a8c0@forman> I am going to be setting up a PDC using samba (one flavor or the other, haven't decided yet) and have some questions ahead of time. I have been reviewing the mail list archives and on-line documentation and have a couple of questions. 1. Has 2.2's issue with w2k sp1 been resolved? Input from anyone who has had success or failure recently would be appreciated. 2. Is 2.2 the way to go or should I research TNG more? I would appreciate input from anyone who has had experience with both. I am very hesitant about TNG given the lack of decent documentation I have found. Thanks ahead of time. From horde at promax.com.mx Mon Jan 22 23:57:22 2001 From: horde at promax.com.mx (Francisco Villagrana) Date: Tue Dec 2 02:33:07 2003 Subject: From where download Samba 2.2 Message-ID: <003901c084cf$0fbbb370$32bdf494@promax.com.mx> From slu at firerun.net Tue Jan 23 00:31:28 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:07 2003 Subject: From where download Samba 2.2 References: <003901c084cf$0fbbb370$32bdf494@promax.com.mx> Message-ID: <3A6CD0E0.495C3A14@firerun.net> check out the PDC FAQ on the samba site under documentation. Look in the section cvs commands. Patrick Francisco Villagrana wrote: > From where download Samba 2.2 > > > > I like intall this version, from where download. > > > > Regards.. -------------- next part -------------- HTML attachment scrubbed and removed From kallsen at e101.com Tue Jan 23 00:38:10 2001 From: kallsen at e101.com (Kevin Kallsen @ E101.com) Date: Tue Dec 2 02:33:08 2003 Subject: Procedures Message-ID: Okay, now I am really revealling how much of a newbie I am. With help from this list I was been able to remove my current rpm of samba207. I was also able to download the latest 2.2 version using CVS. I even found some old documentation in a samba book that told me to go the source directory and type ./configure But now I am stumped! As a newbie -- what do I do after that. Be specific or point me in the right direction. I know it has something to do with make or make install or something. If their is a how to for this I would love to read it! Your help is greatly appreciated. As I am setting up a server for a poor inner city school that was donated a bunch of win2000 machines, but no server. Kevin -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1820 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010122/f25e142d/winmail.bin From awilliam at whitemice.org Tue Jan 23 01:13:29 2001 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Tue Dec 2 02:33:08 2003 Subject: Samba PDC In-Reply-To: <000001c084c2$32ebf420$0a01a8c0@forman> References: <000001c084c2$32ebf420$0a01a8c0@forman> Message-ID: <20010122201329.47a86036.awilliam@whitemice.org> >2. Is 2.2 the way to go or should I research TNG more? I would appreciate >input from anyone who has had experience with both. I am very hesitant >about TNG given the lack of decent documentation I have found. 2.2 works great for PDCing NT for me. But things like Winframe and Exchange don't work. It's reported that such things DO work with TNG, but I haven't switched yet, so that's second hand. From peter.milburn at sofcom.com.au Tue Jan 23 02:07:10 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:08 2003 Subject: samba PDC Message-ID: Running 2.2.0.alpha1 I am using the default smb.conf file from the pdc howto, when I take out the line with adduser in it I get the following error. the remote procedure call failed. Any help would be good, or someone with a smb.conf that is working :) Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From read_a at univerahealthcare.org Tue Jan 23 02:37:53 2001 From: read_a at univerahealthcare.org (Adam Read) Date: Tue Dec 2 02:33:08 2003 Subject: Procedures Message-ID: Ahh, newbians! Ok, first, I suggest reading some of the new documentation available from the samba.org website. Second, you need to type: make make install Both from the same directory as ./configure also, type ./configure --help and see what options are available, as you may need them, such as PAM support. To enable PAM, you would do the following: ./configure --with-pam make make install This should get you started, and if these commands finish without errors, that samba should be installed in the usr/local/samba directory. Good luck and feel free to ask any questions you may have, Adam >>> Kevin Kallsen @ E101.com 01/22 7:38 PM >>> Okay, now I am really revealling how much of a newbie I am. With help from this list I was been able to remove my current rpm of samba207. I was also able to download the latest 2.2 version using CVS. I even found some old documentation in a samba book that told me to go the source directory and type ./configure But now I am stumped! As a newbie -- what do I do after that. Be specific or point me in the right direction. I know it has something to do with make or make install or something. If their is a how to for this I would love to read it! Your help is greatly appreciated. As I am setting up a server for a poor inner city school that was donated a bunch of win2000 machines, but no server. Kevin From peter.milburn at sofcom.com.au Tue Jan 23 04:14:31 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:08 2003 Subject: samba 2.2.0alpha PDC Message-ID: Does anyone get this error message when trying to connect a windows 2000 machine to the linux pdc ? te remote procedure call failed Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From slu at firerun.net Tue Jan 23 04:33:42 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:08 2003 Subject: Dos/win3.11 with samba 2.2 References: <200101120359.KAA84201@tv2.tomsk.su> Message-ID: <3A6D09A6.19D04798@firerun.net> I finally had some time to try this patch and it works great! It does not effect another machines. I have included this patch in my newest rpms at http://www.firerun.net/pub/i386/samba . Patrick Serg Alexandrov wrote: > Patrick said: > > > Hello all, > > > > I was wondering if something has happened with support for dos > > clients in samba 2.2? I have a samba 2.2 PDC setup on my network > > providing authentication to other samba 2.2 servers. I have a floppy > > setup for disk imaging which is using dos tcp/ip and win3.11 network > > drivers to map a drive to my Linux raid machine. When the floppy is > > fully booted and logged onto the network I do a directory listing and no > > > > files or directory's show up, even though while in the shared path on > > the linux box there are several files/dir's there. I checked to see if > > the map hidden was set in the smb.conf file and it was not. So needless > > > > to say I am stumped on this one. Also when I am in the imaging program > > > > I can create a directory with the same name as the one that exits, and > > the files in that directory will become visible, until I change to the > > parent directory in which case the newly created directory disappears. > > > > Any Ideas on this one? > > > > Patrick > > > > So, I have the same problem. Long time I try get help from samba guys, > but no answer... ( > > I resolve this problem. I think so. > > Edit file /source/smbd/dir.c > Find function: > > BOOL get_dir_entry(connection_struct *conn,char *mask,int dirtype,char *fname, > SMB_OFF_T *size,int *mode,time_t *date,BOOL check_descend) > { > ... skipped ..... > > if (!conn->dirptr) > return(False); > > > /* INSERT THIS TWO LINES !!! */ > if (strequal(mask, "????????.???")) > pstrcpy(mask, "*"); > > > while (!found) > { > > ..... > > Try this... > > -- > Best, Serg From vgill at technologist.com Tue Jan 23 07:36:29 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:33:08 2003 Subject: Samba PDC Message-ID: <8D043DEA73DFD411958A00A0C90AB7607BF3@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> I have been using TNG as a PDC for an Exchange system for over a month now. Works like a champ. -----Original Message----- From: Adam Tauno Williams [mailto:awilliam@whitemice.org] Sent: Monday, January 22, 2001 5:13 PM To: samba-ntdom@samba.org Subject: Re: Samba PDC >2. Is 2.2 the way to go or should I research TNG more? I would appreciate >input from anyone who has had experience with both. I am very hesitant >about TNG given the lack of decent documentation I have found. 2.2 works great for PDCing NT for me. But things like Winframe and Exchange don't work. It's reported that such things DO work with TNG, but I haven't switched yet, so that's second hand. From jbquirk at tpg.com.au Tue Jan 23 12:19:03 2001 From: jbquirk at tpg.com.au (John Quirk) Date: Tue Dec 2 02:33:08 2003 Subject: Japanese References: <500C66C7BF87D311A7F400A0C907E8D87FF0BB@NSA4> Message-ID: <3A6D76B6.474185C1@tpg.com.au> Olivier Wegria wrote > > Does anyone knows if samba 2.0.7 works with Japanese characters? By the way, > does linux support Japanese characters for file names? > There is a very active Japanese arm of Samba they a 2.0.7 version located ftp://ftp.samba.gr.jp/pub/samba-jp/samba-2.0.7-ja/ They also have done work on make SWAT multi lingual info can be found http://www.samba.gr.jp/project/samba-ja/index.html.en > Hope this helps John Quirk From Niklas.Adlerberth at baf.bonnier.se Tue Jan 23 14:03:07 2001 From: Niklas.Adlerberth at baf.bonnier.se (Adlerberth Niklas (BAF Teknikgruppen)) Date: Tue Dec 2 02:33:08 2003 Subject: (no subject) Message-ID: <2FCE529C21C2D4118EC10002A508E37803588D@bafex.baf.bonnier.se> Hi... I have a problem whith my samba (Sun box). Its configured to allow two diffrent nets (193.12.151 and 194.22.140) to connect to the server. The smaba box is placed on the 193 net. Its ok to connect from my computer (NT workstation) from the 194... net, but when clients try to connect from the 193 net they cant find the samba server ??. Could it be that they are running win95 or is it som netconfiguration ?? PLEASE PLEASE PLEASE help me out with this one, and excuse my bad english /NIklas Adlerberth BAF - Tkn. grp. niklas.adlerberth@baf.bonnier.se +46 8 736 5848 From ctooley at amoa.org Tue Jan 23 14:57:34 2001 From: ctooley at amoa.org (ctooley@amoa.org) Date: Tue Dec 2 02:33:08 2003 Subject: Mac OS X Message-ID: <862569DD.00518CD4.00@amoa.org> You used DAVE for a couple of users or you've used this mysterous port of Samba for a couple of users? I'm ok with it only working as well as Win 9x as we run Windows 98 on most everything here anyway, but I'm just wanting to not have to learn another product. Chris Tooley David Bannon on 01/22/2001 03:33:43 PM To: Chris Tooley/AMOA@AMOA, "Robert Jonsson" cc: samba-ntdom@samba.org Subject: Re: Mac OS X At 11:30 AM 22-01-01 -0600, ctooley@amoa.org wrote: > > >Do you know if this is able to become a member of a Samba controlled domain? > >.. [Dave] Not in an NT sense. It offers no local security although I've seen some scripts that try to address that. It works more like a w95 and its certainly a bit clumsy. I've used it for a couple of Mac users but they never really came to grips with it, just muddled along. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From vgill at technologist.com Tue Jan 23 15:01:32 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:33:08 2003 Subject: Mac OS X Message-ID: <8D043DEA73DFD411958A00A0C90AB7607BF6@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> One thing you could do; If you just want the Macintrash users to be able to access the file/printer shares on your samba box, you could try this. I used this for a little while when I had to suffer a Mac on my 'net. This of course requires access to an NT box (server). On an NT box, make sure that the Mac stuff is loaded (can't think of what it's called). Therer should be an automatically created UAM share on your drive somewhere. Use file manager instead of Explorer to find it... In that dir, you will find a .UAM file. Copy that to a share on your Samba box, using the same naming scheme that NT has/had. Then, on your Mac, connect to that share using basic auth. and install the UAM file to your System Folder. You can then connect to NT style samba shares with "high" security. And it will consider your samba box a true NT DC... Or, you could try something else... Just an idea... -----Original Message----- From: ctooley@amoa.org [mailto:ctooley@amoa.org] Sent: Tuesday, January 23, 2001 6:58 AM To: samba-ntdom@samba.org Subject: Re: Mac OS X You used DAVE for a couple of users or you've used this mysterous port of Samba for a couple of users? I'm ok with it only working as well as Win 9x as we run Windows 98 on most everything here anyway, but I'm just wanting to not have to learn another product. Chris Tooley David Bannon on 01/22/2001 03:33:43 PM To: Chris Tooley/AMOA@AMOA, "Robert Jonsson" cc: samba-ntdom@samba.org Subject: Re: Mac OS X At 11:30 AM 22-01-01 -0600, ctooley@amoa.org wrote: > > >Do you know if this is able to become a member of a Samba controlled domain? > >.. [Dave] Not in an NT sense. It offers no local security although I've seen some scripts that try to address that. It works more like a w95 and its certainly a bit clumsy. I've used it for a couple of Mac users but they never really came to grips with it, just muddled along. ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From gcarter at valinux.com Tue Jan 23 15:40:20 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:08 2003 Subject: samba in a win2k ad domain References: Message-ID: <3A6DA5E4.30F655A9@valinux.com> "Homsey, Michael (TIP, Epping)" wrote: > > This may have been answered already but ... > I attempting to have a solaris samba server appear in a > windows 2000 active directory domain. Configuring to have > samba authenticate against the domain. win2k ad can > talk ntlm to down level servers (normally goes the > kerberos route), but how ... > pointers v welcome Michael, Samba currently requires a mixed mode DC in the Win2k domain to provide the SAMR interface to the domain accounts. Other than that, it works just like a normal Windows NT 4 domain. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From roque at matra-automobile.fr Tue Jan 23 15:58:09 2001 From: roque at matra-automobile.fr (olivier roque) Date: Tue Dec 2 02:33:08 2003 Subject: Pb samba sur sun solaris avec client 2000 server Message-ID: <000d01c08555$489e6b70$1f1e0080@matraautomobile> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 2354 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010123/ab98f197/smb.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: log.smb.23012001 Type: application/octet-stream Size: 7263 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010123/ab98f197/log.smb.obj From kevinc at grainsystems.com Tue Jan 23 16:15:50 2001 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:33:08 2003 Subject: (no subject) References: <3A6CA840.BE90E76A@grainsystems.com> Message-ID: <3A6DAE36.1EB6AD6B@grainsystems.com> [crossposted to -technical] Update: We have been able to make winbind's libs from TNG work with a regularly joined 2.2 CVS server. This is the only working combination we have yet found. Which branch is the current development of winbind? - Kevin Colby kevinc@grainsystems.com Kevin Colby wrote: > > Jean Francois Micouleau wrote: > > On Mon, 15 Jan 2001, Adam Read wrote: > > > > > > Of course, getting winbind and getting it to work is another story. CVS > > > of HEAD nor 2.2 work, and I had to grab it by making it from the TNG > > > CVS(Please fix this, its a make problem). > > > > no it's not a makefile problem. The winbind code included in HEAD and 2.2 > > is way outdated. If you want winbind grab the APPLIANCE_TNG branch. > > Merging winbind to HEAD or 2.2 is a rather complex and boring task. > > We are trying to implement winbind currently, and are having no luck > even finding it. There is an RPM built for RH that we have tried to > no avail (passwords never seem to be valid), but I have seen posts that > say to not use anything other than CVS. Okay. However, they refer to > either "APPLIANCE_TNG" or "APPLIANCE_HEAD", neither of which seem to > exist on pserver.samba.org's /cvsroot. We are currently trying, as > Adam did, to use TNG's version. > > Will the real winbind please stand up? > > - Kevin Colby > kevinc@grainsystems.com From roque at matra-automobile.fr Tue Jan 23 17:00:55 2001 From: roque at matra-automobile.fr (olivier roque) Date: Tue Dec 2 02:33:08 2003 Subject: Problem samba on Sun solaris server and client 2000 server Message-ID: <001b01c0855e$0d2fcb70$1f1e0080@matraautomobile> Hello, sorry for my english ! I've got functionning problem with samba 2.0.7 installed on a sun server model : SunOs 5.6 Generic sun4u sparc SUNW,Ultra-2. Clients are 2 windows 2000 servers with metaframe 1.8 layer, Every server have 20 users, then the unix server can have 40 connections of the 2 clients on the same sharing ressource ( at the exemple : Hbouzy5 ) At the moment we have 10 connections on samba, and we have the random problem. We use the command "net use" on server windows for mount the share ressource, and it is not always accessible and it dissapered sometimes, you load the files and you can't record it after your work. Add to the mail files smb.conf and the last lines of the files log.smb. Thanks for your help ! Best regards ! Olivier Roque -------------- next part -------------- HTML attachment scrubbed and removed From jeremy at valinux.com Tue Jan 23 17:26:53 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:08 2003 Subject: New %D parameter. Message-ID: <3A6DBEDD.4B4D5077@valinux.com> Ok - I've added the %D parameter to Samba 2.2 and HEAD CVS trees that represents the incoming domain from the connecting user. It's needed for winbindd auto-generated home directories where you want to set the [homes] path to something that includes the %D parameter so you can distinguish between the home directories for users with the same username, but different domains (the auto-generated share name for both users will be the same, just the username). Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From sambastuff at jabba.glfc.com Tue Jan 23 19:31:55 2001 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:33:08 2003 Subject: SAMBA 2_2 NOW ... INTERNAL ERROR: Message-ID: When trying to join someone into the domain today I get this error: =============================================================== [2001/01/23 13:30:20, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 2791 (2.2.0-alpha1) Please read the file BUGS.txt in the distribution [2001/01/23 13:30:20, 0] lib/fault.c:fault_report(43) =============================================================== [2001/01/23 13:30:20, 0] lib/util.c:smb_panic(1139) PANIC: internal error The error message in windows "Specified Network Name is no longer available" Any clues? From paul at slaterandson.com Tue Jan 23 19:55:05 2001 From: paul at slaterandson.com (Paul Williams) Date: Tue Dec 2 02:33:08 2003 Subject: Procedures Message-ID: <002a01c08576$618894f0$c82210ac@chad.office.slaterandson.com> I had issues if I didn't use --with-pam... if you get linking errors that have "PAM" somewhere in it try making sure to include this option. -----Original Message----- From: Adam Read To: samba-ntdom@us5.samba.org Date: Monday, January 22, 2001 6:38 PM Subject: Re: Procedures >Ahh, newbians! Ok, first, I suggest reading some of the new documentation >available from the samba.org website. Second, you need to type: >make >make install >Both from the same directory as ./configure >also, type ./configure --help and see what options are available, as you may >need them, such as PAM support. To enable PAM, you would do the following: >./configure --with-pam >make >make install >This should get you started, and if these commands finish without errors, that >samba should be installed in the usr/local/samba directory. > >Good luck and feel free to ask any questions you may have, >Adam > >>>> Kevin Kallsen @ E101.com 01/22 7:38 PM >>> >Okay, now I am really revealling how much of a newbie I am. With help from >this list I was been able to remove my current rpm of samba207. I was also able >to download the latest 2.2 version using CVS. > >I even found some old documentation in a samba book that told me to go the >source directory and type ./configure > >But now I am stumped! As a newbie -- what do I do after that. Be specific or >point me in the right direction. I know it has something to do with make or >make install or something. If their is a how to for this I would love to read >it! > >Your help is greatly appreciated. As I am setting up a server for a poor inner >city school that was donated a bunch of win2000 machines, but no server. > >Kevin > > From jeremy at valinux.com Tue Jan 23 18:04:07 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:08 2003 Subject: SAMBA 2_2 NOW ... INTERNAL ERROR: References: Message-ID: <3A6DC797.14DFAE67@valinux.com> sambastuff@jabba.glfc.com wrote: > > When trying to join someone into the domain today > I get this error: > > =============================================================== > [2001/01/23 13:30:20, 0] lib/fault.c:fault_report(41) > INTERNAL ERROR: Signal 11 in pid 2791 (2.2.0-alpha1) > Please read the file BUGS.txt in the distribution > [2001/01/23 13:30:20, 0] lib/fault.c:fault_report(43) > =============================================================== > [2001/01/23 13:30:20, 0] lib/util.c:smb_panic(1139) > PANIC: internal error > > The error message in windows "Specified Network Name is no longer > available" Add the following line to smb.conf [global] section. panic action = /bin/sleep 200000 then restart. Cause smbd to crash again and you'll find a "sleep" process with a crashed parent smbd process. Use gdb to attach to this process (you did compile with -g didn't you :-) and then type "bt" to get a stack backtrace of where it failed. This is what I do to track down crashes (on boxes where I can't get an xterm pop up directly with gdb). Then mail it to the list. Thanks, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From simona at uchicago.edu Tue Jan 23 20:14:28 2001 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:33:08 2003 Subject: Mac OS X References: <8D043DEA73DFD411958A00A0C90AB7607BF6@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: <3A6DE624.D3CB68B0@uchicago.edu> Well, I asked the Apple tech guy a whole pile of questions about Samba and it's potential presence in OSX. Sadly, he had no real idea. His words were "oh yeah, the current version works." He had no idea what that curretn version was, nor did he know what CVS meant. So, not a useful meeting. He did however hint that LDAP was going to be in there as well as a 'plugin' for Active Directory. Simon From philquinney at hotmail.com Tue Jan 23 21:55:13 2001 From: philquinney at hotmail.com (Phil Quinney) Date: Tue Dec 2 02:33:08 2003 Subject: Mac OS X In-Reply-To: <3A6DE624.D3CB68B0@uchicago.edu> Message-ID: Hi all, Just thought you would like to know that I have two Macs at home and have tested them with samba. I can tell you for definite, that in the publicly available version of Mac OS X, Samba 2.7 _does_ work. It will do all the things such as joining to a domain controlled by Samba server and offering file shares to Windows clients. However, I was unable to compile TNG on OS X at all. I can't remember the exact problem as I did this a while ago and have slept since then. This could have been down to the fact that a lot of necessary developer tools / libraries were not present in OS X. As for Dave, I have only used version 2.1. To put things bluntly it was horrible. Although it would authenticate against the Samba Server it was (1) very unreliable and (2) would not see the contents of any samba share. I used it also to share a Mac printer that communicated with the AppleTalk data diagram protocol with my Linux machine as I didn't have the time to set up Netatalk to do it. Dave would, nine times out of ten, refuse to find the printer and not pose so much as a message to say that this had happened. Enough of a grumble, but I thought this information may be of use to some of you, Phil Quinney on 1/23/01 8:14 PM, Simon Allaway at simona@uchicago.edu wrote: > Well, I asked the Apple tech guy a whole pile of questions about Samba > and it's potential presence in OSX. Sadly, he had no real idea. His > words were "oh yeah, the current version works." > > He had no idea what that curretn version was, nor did he know what CVS > meant. > > So, not a useful meeting. He did however hint that LDAP was going to be > in there as well as a 'plugin' for Active Directory. > > Simon > > From spatel at itctx.com Tue Jan 23 21:42:00 2001 From: spatel at itctx.com (Shailen Patel) Date: Tue Dec 2 02:33:08 2003 Subject: setting up samba WITHOUT security Message-ID: <104B43AAE1D2D111B27600A024CF0E2801277302@keg.itctx.com> I would like to set up samba without any security...where i can find documentation on HOW to do this. or does anyone have a sample smb.conf file which will show me how to do this... i want anyone to be able to get to any pc logged onto the network and access the samba shares on this server thanks Shailen Shailen Patel Systems & Network Administrator Intelligent Technologies Corporation (512) 231-2836 Phone (512) 343-1608 FAX From wum at lorex.com Tue Jan 23 22:39:18 2001 From: wum at lorex.com (Mu Wu) Date: Tue Dec 2 02:33:08 2003 Subject: samba 2.2.0alpha PDC Message-ID: <000001c0858d$533ccb70$3c00a8c0@lorex.com> Yes, I got the same thing. CVS version 2.2.0. Jan 23, 2001. > Does anyone get this error message when trying to connect a windows 2000 > machine to the linux pdc ? > te remote procedure call failed > Cheers, >-- Peter Milburn > Systems Manager > Software Communication Group Ltd From peter.milburn at sofcom.com.au Wed Jan 24 01:15:43 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:08 2003 Subject: Samba PDC Message-ID: I have a PDC running using samba, I am now trying to get it so ti will allow the user the change their passwd from the w2kws. This is the error I am seeing : 001/01/24 12:09:20, 2] smbd/chgpasswd.c:expect(267) expect: Input/output error Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From David.Bear at asu.edu Wed Jan 24 01:15:34 2001 From: David.Bear at asu.edu (iddwb) Date: Tue Dec 2 02:33:08 2003 Subject: password server behavior Message-ID: using securty = server one may select the pdc to authenticate a user. The using samba book says multiple servers may be listed, but the first negative auth will be used. I would like to change that behavior so that the first positive auth will be used -- then I could list multiple pdc that I trust (which may have different sets of users) and grab everyone I anticipate would be using my server. Anyone know if this can be done and how? David Bear College of Public Programs/ASU From peter.milburn at sofcom.com.au Wed Jan 24 03:28:21 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:08 2003 Subject: samba 2.2alpha and roaming profiles Message-ID: I have got samba as a PDC for w2kws, works fine for the first person who logs into the machine, but when a second person trys to log in, says it can not get a profile from the sever \\machine\username\profile.psd. any help cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From jbrown at db2000.com Wed Jan 24 03:32:23 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:09 2003 Subject: samba 2.2alpha and roaming profiles Message-ID: What is the exact error that you are getting? There may be 2 error message windows that come up... -jonathan >>> Peter Milburn 01/23/01 10:28PM >>> I have got samba as a PDC for w2kws, works fine for the first person who logs into the machine, but when a second person trys to log in, says it can not get a profile from the sever \\machine\username\profile.psd. any help cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- HTML attachment scrubbed and removed From jbrown at db2000.com Wed Jan 24 04:03:30 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:09 2003 Subject: samba 2.2alpha and roaming profiles Message-ID: I would put the [home] back in.... Where are you pointing the "Logon Path" to? That is important too. >>> Peter Milburn 01/23/01 10:53PM >>> OK the error goes like this.. Windows cannot create a profile for \\tux\test.test\profile.psd. You will be loggeson with a local profile only. Changes to the profile will not be propergated to the server. COntact your network administrator. Also I have take the folder [home] out of the smb.conf. I am wodering if that might be the cause of it. Cause it was there when I logged on with the first user. Not sure. thanks -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -----Original Message----- From: Jonathan Brown [mailto:jbrown@db2000.com] Sent: Wednesday, 24 January 2001 2:43 PM To: peter.milburn@sofcom.com.au Subject: RE: samba 2.2alpha and roaming profiles If it's what I'm thinking, the first message is very important. I know it's probably long, but it would really help to know the exact message. -jonathan >>> Peter Milburn 01/23/01 10:37PM >>> OK, I am getting both of them from the windows machine. Let me know if you want me to type it, but both of them give you 20 secs or something like that Thanks, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -----Original Message----- From: Jonathan Brown [mailto:jbrown@db2000.com] Sent: Wednesday, 24 January 2001 2:32 PM To: samba-ntdom@lists.samba.org; peter.milburn@sofcom.com.au Subject: Re: samba 2.2alpha and roaming profiles What is the exact error that you are getting? There may be 2 error message windows that come up... -jonathan >>> Peter Milburn 01/23/01 10:28PM >>> I have got samba as a PDC for w2kws, works fine for the first person who logs into the machine, but when a second person trys to log in, says it can not get a profile from the sever \\machine\username\profile.psd. any help cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- HTML attachment scrubbed and removed From armand at welshhome.org Wed Jan 24 04:57:02 2001 From: armand at welshhome.org (Armand Welsh) Date: Tue Dec 2 02:33:09 2003 Subject: samba 2.2alpha and roaming profiles References: Message-ID: <000c01c085c2$175a7e10$6602a8c0@nelson> does a share exist for the user, and does the user have full access to the share? ----- Original Message ----- From: Jonathan Brown To: samba-ntdom@lists.samba.org ; peter.milburn@sofcom.com.au Sent: Tuesday, January 23, 2001 7:32 PM Subject: Re: samba 2.2alpha and roaming profiles What is the exact error that you are getting? There may be 2 error message windows that come up... -jonathan >>> Peter Milburn 01/23/01 10:28PM >>> I have got samba as a PDC for w2kws, works fine for the first person who logs into the machine, but when a second person trys to log in, says it can not get a profile from the sever \\machine\username\profile.psd. any help cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- HTML attachment scrubbed and removed From jbrown at db2000.com Wed Jan 24 06:35:47 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:09 2003 Subject: Windows 2000 and Samba2.2 - Roaming Profiles Message-ID: Does anyone out there have Samba 2.2 actually working with Windows 2000 Pro clients, and specifically, using Roaming Profiles? Samba is acting as a PDC and works great for Win98. And as far as I can tell, everything seems to work with Win2000 EXCEPT the Roaming Profiles. I can access all the shares, read and write files, even the login script works!!! (which I won't need if the profiles would work) I have to believe that I am not the only person in the world who is trying to do this... I have worked with Samba for many years, and never had too much trouble. An occasional glitch here and there, but have always been able to figure it out. But this problem does not appear to have a solution. Maybe since Win2000 sets the local user profile directory as a "System Folder", Samba reacts differently to it. Any suggestions? thanks. jonathan -------------- next part -------------- HTML attachment scrubbed and removed From philquinney at hotmail.com Wed Jan 24 07:54:45 2001 From: philquinney at hotmail.com (Phil Quinney) Date: Tue Dec 2 02:33:09 2003 Subject: Mac OS X In-Reply-To: <3A6E440B.8FB34689@uchicago.edu> Message-ID: Hi Simon, As soon as I get the time I shall do some more work on Samba and Mac OS X, possibly looking at using TNG as well as 2.0.7. It maybe a while though, I'm only 17 and have a large amount of college work right now. Phil. on 1/24/01 2:55 AM, Simon Allaway at simona@uchicago.edu wrote: > Phil Quinney wrote: >> >> I can tell you for definite, that in the publicly available version of Mac >> OS X, Samba 2.7 _does_ work. It will do all the things such as joining to a >> domain controlled by Samba server and offering file shares to Windows >> clients. > > That's useful knowledge. > > However I was more intrigued by the possibility of OSX as samba clients. > I'd be so very happy to not have to run netatalk as well as samba. It > would also reduce complexity if I can have everything authenticate with > LDAP (which has been proved in those recently posted HOWTOs). > > Simon > From Volker.Lendecke at SerNet.DE Wed Jan 24 10:57:44 2001 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:33:09 2003 Subject: setting up samba WITHOUT security In-Reply-To: <104B43AAE1D2D111B27600A024CF0E2801277302@keg.itctx.com>; from spatel@itctx.com on Tue, Jan 23, 2001 at 03:42:00PM -0600 References: <104B43AAE1D2D111B27600A024CF0E2801277302@keg.itctx.com> Message-ID: On Tue, Jan 23, 2001 at 03:42:00PM -0600, Shailen Patel wrote: > I would like to set up samba without any security...where i can find > documentation on HOW to do this. Simply use security = share encrypt passwords = yes guest ok = yes and everyone can connect. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 289 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010124/8a207771/attachment.bin From Graeme.Vetterlein at ntl.com Wed Jan 24 11:34:33 2001 From: Graeme.Vetterlein at ntl.com (Graeme.Vetterlein@ntl.com) Date: Tue Dec 2 02:33:09 2003 Subject: smbclient and win2000 Message-ID: <5DD689222800D411B26100508B5E9584361579@mast-hk0-se02.private.ntl.com> I'll apologise in advance that this question MUST have come up already but I can't find any reference to it in my archives or on the web. I suspect that's because of the nine billions names of windows: W2K, WIN2k, WIN2000, 2000 NT/2000 ... I've recently moved to a little cubby hole (small office) and have a small laser jet printer (oh lucky me) However I want to do all my printing from various SOLARIS boxes. Now I'm pretty familiar with setting up the smbprint stuff with sysV printing ... that's not my problem. The problem is the printer is DIRECTLY attached to the LPT port of a WIN2000 PC. I've shared it out and other WIN2000 PCs can access it fine. If I do smclient -L (many different choices of options) I get one of two possible results: If I get the passwd wrong I get: session setup failed: ERRDOS - ERRnoaccess (Access denied.) If I get it right or use -U% I get: (BTW I've used many userid/passwd combinations NT ones, WIN2000 ones and local ones) Domain=[UKI] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] Sharename Type Comment --------- ---- ------- Server Comment --------- ------- Workgroup Master --------- ------- That is I see no ships (shares). If I do the same thing and point it at NT4 boxes all looks dandy and I've got a number of printers working this way. I not convinced this is SAMBA problem per-se as I also can't use the WIN2000 printer from an NT box. Has this already come up? -- Graeme From slu at firerun.net Wed Jan 24 13:49:43 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:09 2003 Subject: smbclient and win2000 References: <5DD689222800D411B26100508B5E9584361579@mast-hk0-se02.private.ntl.com> Message-ID: <3A6EDD77.FCD970F0@firerun.net> You do have a username setup on the win2k machine don't you? Graeme.Vetterlein@ntl.com wrote: > I'll apologise in advance that this question MUST have > come up already but I can't find any reference to it in my archives > or on the web. I suspect that's because of the nine billions names of > windows: > W2K, WIN2k, WIN2000, 2000 NT/2000 ... > > I've recently moved to a little cubby hole (small office) and have > a small laser jet printer (oh lucky me) > > However I want to do all my printing from various SOLARIS boxes. Now I'm > pretty > familiar with setting up the smbprint stuff with sysV printing ... that's > not > my problem. > > The problem is the printer is DIRECTLY attached to the LPT port of a WIN2000 > PC. I've shared it out and other WIN2000 PCs can access it fine. > > If I do smclient -L (many different choices of options) I get one of two > possible results: > > If I get the passwd wrong I get: > session setup failed: ERRDOS - ERRnoaccess (Access denied.) > > If I get it right or use -U% I get: (BTW I've used many userid/passwd > combinations > NT ones, WIN2000 ones and local ones) > > Domain=[UKI] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] > > Sharename Type Comment > --------- ---- ------- > > Server Comment > --------- ------- > > Workgroup Master > --------- ------- > > That is I see no ships (shares). If I do the same thing and point it at NT4 > boxes > all looks dandy and I've got a number of printers working this way. > > I not convinced this is SAMBA problem per-se as I also can't use the WIN2000 > printer from an NT box. > > Has this already come up? > > -- > Graeme From lee.taylor at aeroton.scania.co.za Wed Jan 24 14:07:09 2001 From: lee.taylor at aeroton.scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:33:09 2003 Subject: Authentication .... References: <5DD689222800D411B26100508B5E9584361579@mast-hk0-se02.private.ntl.com> Message-ID: <014601c0860e$f0e3d0e0$6201010a@CLeeTaylor> Greetings ... First, I would like to thank every reguarding Samba, both programmers and users alike on both Samba and Samba-TNG ... I believe you guys have made a great project excellent ... Thanks Guys !! Second, I appoligise for the cross post, but would like everybodys ideas, and information. I have a setup which I would like to complete, but I don't seem to understand the differences between M$-LM password storage and Unix Hash password storage ... I have read though the archives but don't seem to quite get the difference. I think it has to do with the encryted password stored differently so as not to keep a copy of the password on the system which is used to authenticate a user without transmitting the password of over the network ... Now I am a user of the Mars-NWE system which explains that the Novell stored password has the same incompatiblity ... Even though I think I understand why the stored entry for the password is different, I still don't get why the password can't be used between systems ... Okay, maybe I should try and explain why this is an issue and what I think I might be able to do ... hopfully, all your input will help create something I will be able to manage ... here goes ... I have finally be able to move all the server functions onto Linux Serve except for two servers, of which one runs M$-SQL and M$-Terminal Server on NT 4 ... On the Linux Server I have mail, file serving and other things which means I have the flexiblity I want ( need ) to controll my networks, but I have to duplicate all the users details and groupings and so on, on the TermServer which means that, I as a human, make mistakes and often forget to do something for new users on the TermServer which would be better controlled by a Linux Server in one place ... I have seen chat about winbind, which is not what I am looking for, if I understand how it works ... but what I have thought of though, is if I keep one server to run Samba-TNG as a PDC to sync user data to the two NT boxs and Samba 2.0.7 ( I would like to have Samba 2.2 with LDAP ) as my file servers for the Branches ... I am little worried about using none production ready software in production, but having to recaption everything for users is not an options ... using Samba-TNG would give me flexilbity for user data back-end ... which I think I will like to use LDAP for this ... I hope this makes more sence than mud, but I would like to hear what other people think ... any other ideas are welcome ... One more thing ... sorry this is so long ... but I would like to give a full picture ... Mailed C.Lee Taylor From simona at uchicago.edu Wed Jan 24 14:42:51 2001 From: simona at uchicago.edu (Simon Allaway) Date: Tue Dec 2 02:33:09 2003 Subject: Mac OS X In-Reply-To: Message-ID: On Wed, 24 Jan 2001, Phil Quinney wrote: > > As soon as I get the time I shall do some more work on Samba and Mac OS X, > possibly looking at using TNG as well as 2.0.7. Likewise, OSX is on the list of things I need to address as it's release is so imminent. But it's not too near the top of my list. Simon -- -- Simon Allaway | "We had an edict of "thou shalt program in University of Chicago | The One True Language"... Anthropology | It's sorta like insisting that all lawn 5-4390 Haskell Hall | mowers be built with jet engines." /BAH From boehm at nortelnetworks.com Wed Jan 24 14:56:43 2001 From: boehm at nortelnetworks.com (Eric Boehm) Date: Tue Dec 2 02:33:09 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open more than 1014 (or rlim_fd_max) files Message-ID: <20010124095643.J344@wnc0s00u.nortelnetworks.com> I would like to submit the following patch to source/lib/util.c to allow Samba under Solaris to open more than 1014 files -- or whatever the kernel variable rlim_fd_max is set to. A little background: We use Samba to provide Windows clients a way to access ClearCase VOBs (versioned object bases) hosted by Solaris servers. One limitation has been that smbd could only open (rlim_fd_max - 10) files. It isn't a good idea to set rlim_fd_max above 1024 because a higher value will break any system that uses the select() system call. Solaris 7 and 8 provide a way around this but it requires that the affected application(s) be recompiled as a 64-bit application. However, it isn't always possible to get applications recompiled as 64 bit. This presents a problems because ClearCase will often want to open more than 1014 files. You can change a setting in ClearCase to reduce the number of files that can be opened at once but this doesn't always solve the problem. util.c calls setrlimit to raise the soft limit (rlim_fd_cur) to the hard limit (rlim_fd_max). setrlimit can also raise the hard limit provided the effective userid is root. smbd and nmbd usually run as root. This avoids the need to change rlim_fd_max and break programs that use select(). It only changes hard limit for smbd/nmbd processes. This change would allow you to specify any value for "max open files =". To get the full benefit, you will also need to either a) compile with sfio (which requires some additional changes to source/include/smb.h and source/include/config.h -- from David Boyce 256 files but < 1014 (rlim_fd_max) files open it can still fail to open the machine account file. If this patch is acceptable, I can probably provide changes for configure to handle the changes to source/include/smb.h and source/include/config.h. The fix for smb.h is not necessary in the Samba 2.2 stream. --- samba-2.0.7/source/lib/util.c.~1~ Tue Apr 25 19:06:53 2000 +++ samba-2.0.7/source/lib/util.c Tue Jan 23 08:00:48 2001 @@ -3012,6 +3012,18 @@ * which always returns RLIM_INFINITY for rlp.rlim_max. */ + if ( geteuid() == 0 ) { + + if ( rlp.rlim_max < requested_max ) { + rlp.rlim_max = requested_max; + } + + if(setrlimit(RLIMIT_NOFILE, &rlp)) { + DEBUG(0,("set_maxfiles: setrlimit for RLIMIT_NOFILE for %d max files failed with error %s\n", + (int)rlp.rlim_max, strerror(errno) )); + } + } + saved_current_limit = rlp.rlim_cur = MIN(requested_max,rlp.rlim_max); if(setrlimit(RLIMIT_NOFILE, &rlp)) { -- Eric M. Boehm boehm@nortelnetworks.com From peter at cadcamlab.org Wed Jan 24 15:30:29 2001 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:33:09 2003 Subject: Authentication .... References: <5DD689222800D411B26100508B5E9584361579@mast-hk0-se02.private.ntl.com> <014601c0860e$f0e3d0e0$6201010a@CLeeTaylor> Message-ID: <14958.62741.371713.172471@wire.cadcamlab.org> [Lee Taylor] > I don't seem to understand the differences between M$-LM password > storage and Unix Hash password storage ... I have read though the > archives but don't seem to quite get the difference. Different hash functions, and incompatible. /hashfunctionexplanation ( The Unix password encryption function goes like this: take the first 8 characters of the password (pad with '\0' if necessary) and convert to a 56-bit number by using the low 7 bits of each. This is your key. Generate a random 16-bit value; this is your salt. Next, take a known string and mutate it using the salt. Encrypt the result with your 56-bit key. Finally, convert the salt, followed the encrypted string, to printable ASCII using a base-64-like function. The LanManager hash is also based on DES. Start with the password, cut it off at 14 characters and convert to uppercase. Use all 8 bits of each character to derive two 56-bit keys. DES-encrypt two known strings with the two keys.[1] Store the 128-bit result as a 32-byte string of hex digits (in ASCII). [1] I'm not entirely sure about this step; corrections are welcome. Then there's the NT hash. Take the password, cut it off at 128 characters and convert to 16-bit Unicode. Run this through the MD4 digest function. Store the 128-bit result the same way as LanManager. None of the three algorithms are reversible, i.e. you can't derive plaintext passwords from them without brute-forcing DES or MD4, and likewise you can't convert any of them to either of the other two. For all three functions, the way to check a user's password is to encrypt it and verify that the encrypted versions match. ) def I have no idea what is used by Netware/Mars-NWE, but I assume it's yet another variation on the above theme........ Now. For your problem. The thing you need to do is keep all your passwords in sync. Basically that means updating all passwords whenever one of them is changed, and this can be accomplished with a combination of smb.conf options (for changing the Unix password whenever a client changes the LM/NT ones) and a PAM module such as pam_smbpass (don't remember the download site) which does the converse. Alternative schemes exist, such as keeping everything in LDAP, but you still have to set things up to change all your password hashes at once. Read the docs, and the archives. Peter From lkcl at samba.org Wed Jan 24 15:25:24 2001 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:09 2003 Subject: Authentication .... In-Reply-To: <14958.62741.371713.172471@wire.cadcamlab.org> Message-ID: > The LanManager hash is also based on DES. Start with the password, > cut it off at 14 characters and convert to uppercase. Use all 8 bits > of each character to derive two 56-bit keys. DES-encrypt two known > strings with the two keys.[1] Store the 128-bit result as a 32-byte > string of hex digits (in ASCII). take first 7 upper-case ascii chars, use as key to DES-encrypt the string "!"?$%KGS". take 2nd 7 upper-case, do same. concatenate results to produce 128-bit result. > None of the three algorithms are reversible, i.e. you can't derive > plaintext passwords from them without brute-forcing DES or MD4, and > likewise you can't convert any of them to either of the other two. > For all three functions, the way to check a user's password is to > encrypt it and verify that the encrypted versions match. significant diff. between nt-auth and unix auth is that the nt-auth uses the hashes as cleartext-equivalent. i.e. they might as _well_ have stored the plaintext password in the SAM db, and used that in their authentication algorithms. From peter at cadcamlab.org Wed Jan 24 16:15:14 2001 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:33:09 2003 Subject: Authentication .... References: <14958.62741.371713.172471@wire.cadcamlab.org> Message-ID: <14958.65426.339902.236926@wire.cadcamlab.org> [Peter Samuelson] > > Use all 8 bits of each character to derive two 56-bit keys. > > DES-encrypt two known strings with the two keys. [lkcl] > take first 7 upper-case ascii chars, use as key to DES-encrypt the > string "!"?$%KGS". take 2nd 7 upper-case, do same. concatenate > results to produce 128-bit result. OK, s/two known strings/one string used twice/ . I was close. (: > significant diff. between nt-auth and unix auth is that the nt-auth > uses the hashes as cleartext-equivalent. Yes, that is true. That's the problem with challenge-response, it's trivial to implement if you have a plaintext-equivalent stored, and much more complex if you don't. Then again, it's not like this is a new problem -- algorithms *do* exist in the literature (Diffie-Hellman, etc) and Microsoft could have used them. Maybe it had something to do with US export licensing. Or was it just the old security-by-obscurity ("nobody will ever reverse-engineer this stuff") sloppiness? Peter From gcarter at valinux.com Wed Jan 24 16:34:50 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:09 2003 Subject: NTLMv2 References: <3A65B1F6.DAD234AF@adcore.com> Message-ID: <3A6F042A.948CB636@valinux.com> Wolf Bergenheim wrote: > > It seems to me that NTLMv2 isn't implemented in > samba. (Everything works now that we use NTLM (v1)). So > my question to you is that will NTLMv2 be _Ever_ implemented > to samba? Yes, we need to. Basic code exists for ntlmv2 in SAMBA_TNG. We just need to allocate resources for porting it back. This is non-trivial however as Luke was the main one playing with ntlmv2. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From lkcl at samba.org Wed Jan 24 16:24:36 2001 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:09 2003 Subject: Authentication .... In-Reply-To: <14958.65426.339902.236926@wire.cadcamlab.org> Message-ID: > Yes, that is true. That's the problem with challenge-response, it's > trivial to implement if you have a plaintext-equivalent stored, and > much more complex if you don't. Then again, it's not like this is a > new problem -- algorithms *do* exist in the literature (Diffie-Hellman, > etc) and Microsoft could have used them. Maybe it had something to do > with US export licensing. Or was it just the old security-by-obscurity > ("nobody will ever reverse-engineer this stuff") sloppiness? i really don't exactly know. the Lanman hash is IBM's job (iirc) not ms [dating back to at least the original X-open spec published 1983(?).] definitely, somewhere, _someone_ got sloppy, dat for sure. they're getting better. _if_ you keep an eye on them and track them like a hawk. e.g. they fixed the SamrSetUserInfo(info level = 0x17 and 0x18) security bug - these contain user passwords - but haven't told anyone how they've done it. i have better hopes that they've got it right, this time, but from past experience i remain skeptical. this time, i have some rumour/evidence that they consulted some proper security experts in-house about this one. lukes From gcarter at valinux.com Wed Jan 24 16:44:50 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:09 2003 Subject: Authentication .... References: Message-ID: <3A6F0682.4A3938B@valinux.com> Luke Kenneth Casson Leighton wrote: > > e.g. they fixed the SamrSetUserInfo(info level = 0x17 > and 0x18) security bug - they contain user passwords - > but haven't told anyone how they've done it. i have > better hopes that they've got it right, this time, but > from past experience i remain skeptical. this time, i > have some rumour/evidence that they consulted some > proper security experts in-house about this one. > > lukes Given that I've played with the call a good bit lately :) I'm curious what the exact security hole is. Other than the fact that I don't see any 2 way verification that the new password is valid. i.e. you decrypt the 516 byte password buffer, but how do you know that the password at the end (minus the length) is actually what the client sent. Am I being dense here? Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Wed Jan 24 17:48:57 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:09 2003 Subject: [FIX] Clarifcation on Win2k domain client support Message-ID: <3A6F1589.22F927E2@valinux.com> Folks, We need to clarify Samba's ability to operate as a member of native Win2k domains. In the past I have made the statement that "Samba requires a mixed mode Win2k DC just like any NT 4 clients" This is partially correct. Current release and HEAD CVS versions of Samba requires NetBIOS support and ntlmv1 support on the DC's. You do not need a mixed mode DC's for this. The only circumstance (as I understand it currently) for which you will require a mixed mode DC is if you are still running NT4 BDC's. Many thanks to Martin Radford for bring the following URL to my attention (it has been wrapped for readability). http://www.microsoft.com/windows2000/library/ planning/incremental/upgradent.asp Samba's ability to join a Win2k domain with native mode DCs has been verified against both the vanilla install of Win2k and SP1. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From sambastuff at jabba.glfc.com Wed Jan 24 17:43:55 2001 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:33:09 2003 Subject: SAMBA_2_2 CVS Bringing Win2k into the domain Message-ID: So far I've loved Samba2_2... ... I have an issue that I've been working on for a few days and I wanted to know if anyone had this problem.. I've brought over 30 Win2k boxes into the domain already.. but now, I can't bring any into the domain.. I go through the process, putting in a domain user's username/password to bring them in.. and then it times out a minute later... I've tried going back to the smbd/nmbd (December 18th or so) binaries I used to bring the others in with no avail...... I tail the logs when it's doing this and everything looks right... Is there anyway to tell win2k to use the old way (like NT4.0) in a reg hack? i'm pretty much up the creek right now.. brian From lkcl at samba.org Wed Jan 24 17:57:32 2001 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:09 2003 Subject: Authentication .... In-Reply-To: <3A6F0682.4A3938B@valinux.com> Message-ID: On Wed, 24 Jan 2001, Gerald Carter wrote: > Luke Kenneth Casson Leighton wrote: > > > > e.g. they fixed the SamrSetUserInfo(info level = 0x17 > > and 0x18) security bug - they contain user passwords - > > but haven't told anyone how they've done it. i have > > better hopes that they've got it right, this time, but > > from past experience i remain skeptical. this time, i > > have some rumour/evidence that they consulted some > > proper security experts in-house about this one. > > > > lukes > > Given that I've played with the call a good bit lately :) > I'm curious what the exact security hole is. Other than > the fact that I don't see any 2 way verification that > the new password is valid. i.e. you decrypt the 516 byte > password buffer, but how do you know that the password > at the end (minus the length) is actually what the client > sent. > Am I being dense here? no, you're not. the user session key [the use of which is part of the security problem] is used as the RC4 key. that's all there is to it. it is "assumed" that the RC4 key - the user session key - cannot be spoofed. which it utterly STUPID because on ntlm v1 it's just MD4(nt password hash). so, in answer to your question, you don't know!!!!!!! except if you enable [mandate] SMB signing. which will cause w95 to fail (unless you install the DFS 4.1 client. hello? hellooo? anybody home when that one was decided?), and all versions of samba as well, because we haven't worked out SMB signing yet. luke From wolf.bergenheim at adcore.com Wed Jan 24 18:55:03 2001 From: wolf.bergenheim at adcore.com (Wolf Bergenheim) Date: Tue Dec 2 02:33:09 2003 Subject: NTLMv2 In-Reply-To: <3A6F042A.948CB636@valinux.com> References: <3A65B1F6.DAD234AF@adcore.com> <3A6F042A.948CB636@valinux.com> Message-ID: <980362503.3a6f2507aba8f@heluwait.hel.adcore.com> Quoting Gerald Carter : > > Yes, we need to. Basic code exists for ntlmv2 in SAMBA_TNG. > We just need to allocate resources for porting it back. > This is non-trivial however as Luke was the main one playing > with ntlmv2. > > Yes I looked into the code... Whow! talk about informationoverload! I don't have ennough time at hand to do it myself, but would be more than happy to help when you find some resources to this. --Wolf -- Systems Specialist Adcore wolf.bergenheim@adcore.com http://www.adcore.com/ From j.k.bijl at its.tudelft.nl Wed Jan 24 19:06:13 2001 From: j.k.bijl at its.tudelft.nl (Joost Bijl) Date: Tue Dec 2 02:33:09 2003 Subject: smbclient and win2000 References: <5DD689222800D411B26100508B5E9584361579@mast-hk0-se02.private.ntl.com> Message-ID: <008701c08638$b873c7e0$032ea8c0@thor> > I'll apologise in advance that this question MUST have > come up already but I can't find any reference to it in my archives > or on the web. I suspect that's because of the nine billions names of > windows: > W2K, WIN2k, WIN2000, 2000 NT/2000 ... :) > I've recently moved to a little cubby hole (small office) and have > a small laser jet printer (oh lucky me) > > However I want to do all my printing from various SOLARIS boxes. Now I'm > pretty > familiar with setting up the smbprint stuff with sysV printing ... that's > not > my problem. > > The problem is the printer is DIRECTLY attached to the LPT port of a WIN2000 > PC. I've shared it out and other WIN2000 PCs can access it fine. > > If I do smclient -L (many different choices of options) I get one of two > possible results: > > > If I get the passwd wrong I get: > session setup failed: ERRDOS - ERRnoaccess (Access denied.) > > > If I get it right or use -U% I get: (BTW I've used many userid/passwd > combinations > NT ones, WIN2000 ones and local ones) > > Domain=[UKI] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] > > Sharename Type Comment > --------- ---- ------- > > Server Comment > --------- ------- > > Workgroup Master > --------- ------- > > That is I see no ships (shares). If I do the same thing and point it at NT4 > boxes > all looks dandy and I've got a number of printers working this way. > > I not convinced this is SAMBA problem per-se as I also can't use the WIN2000 > printer from an NT box. > > Has this already come up? > It looks like you forgot to enable the guest account or to create a user account. In the control panel under users -> advanced -> advanced -> advanced. (!?@) you can enable it. regards Joost From Jean-Francois.Micouleau at dalalu.fr Wed Jan 24 19:26:16 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:33:09 2003 Subject: Authentication .... In-Reply-To: Message-ID: On Thu, 25 Jan 2001, Luke Kenneth Casson Leighton wrote: > On Wed, 24 Jan 2001, Gerald Carter wrote: > > > Luke Kenneth Casson Leighton wrote: > > > > > > e.g. they fixed the SamrSetUserInfo(info level = 0x17 > > > and 0x18) security bug - they contain user passwords - > > > but haven't told anyone how they've done it. i have > > > better hopes that they've got it right, this time, but > > > from past experience i remain skeptical. this time, i > > > have some rumour/evidence that they consulted some > > > proper security experts in-house about this one. > > > > > > lukes > > > > Given that I've played with the call a good bit lately :) > > I'm curious what the exact security hole is. Other than > > the fact that I don't see any 2 way verification that > > the new password is valid. i.e. you decrypt the 516 byte > > password buffer, but how do you know that the password > > at the end (minus the length) is actually what the client > > sent. > > > Am I being dense here? > > no, you're not. > > the user session key [the use of which is part of the security problem] is > used as the RC4 key. > > that's all there is to it. > > it is "assumed" that the RC4 key - the user session key - cannot be > spoofed. > > which it utterly STUPID because on ntlm v1 it's just MD4(nt password > hash). I agree with you Luke, it's a bit light on the security side. But on NT, in which calls can the RC4 key be spoofed ? Unless you have also spoofed the machine password, it's pretty hard and long. And brute forcing the NT hash doesn't give you anything in that case. J.F. From David.Collier-Brown at canada.sun.com Wed Jan 24 20:10:29 2001 From: David.Collier-Brown at canada.sun.com (David Collier-Brown) Date: Tue Dec 2 02:33:09 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open more than 1014 (or rlim_fd_max) files References: <20010124095643.J344@wnc0s00u.nortelnetworks.com> Message-ID: <3A6F36B5.D32EEB98@canada.sun.com> Eric Boehm wrote: > I would like to submit the following patch to source/lib/util.c to allow > Samba under Solaris to open more than 1014 files -- or whatever the kernel > variable rlim_fd_max is set to. > The reason for this is that smbd uses fopen to open the machine account (mac) > file. fopen without sfio or in a 32-bit compilation environment is limited to > 256 file descriptors. Fopen is used numerous times, via sys_fopen, or I'd suggest we just not use fopen at all... --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering Team | some people and astonish the rest. Americas Customer Engineering | -- Mark Twain (905) 415-2849 | davecb@canada.sun.com From philquinney at hotmail.com Wed Jan 24 20:50:12 2001 From: philquinney at hotmail.com (Phil Quinney) Date: Tue Dec 2 02:33:09 2003 Subject: Mac OS X In-Reply-To: Message-ID: Yeah, although there is little point doing too much as the release date is two months away (march 24th), and won't come preinstalled on machines until June time. Besides, they have and are changing a lot for the final version compared to the Public beta that I have. Phil. on 1/24/01 2:42 PM, Simon Allaway at simona@uchicago.edu wrote: > On Wed, 24 Jan 2001, Phil Quinney wrote: > >> >> As soon as I get the time I shall do some more work on Samba and Mac OS X, >> possibly looking at using TNG as well as 2.0.7. > > Likewise, OSX is on the list of things I need to address as it's release > is so imminent. But it's not too near the top of my list. > > Simon > > > -- > -- > Simon Allaway | "We had an edict of "thou shalt program in > University of Chicago | The One True Language"... > Anthropology | It's sorta like insisting that all lawn > 5-4390 Haskell Hall | mowers be built with jet engines." /BAH > > > > From philippedespres at hotmail.com Wed Jan 24 21:45:49 2001 From: philippedespres at hotmail.com (Philippe Després) Date: Tue Dec 2 02:33:09 2003 Subject: Problem with libreadline.so.3 when passing from 2.0.6 to 2.0.7 Message-ID: Hello, samba was working all right until I upgraded to 2.0.7. Then, every call to one of Samba exec gives me: smbclient: error in loading shared libraries: /lib/libreadline.so.3: undefined symbol: BC Any idea? thanks, Phil _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. From D.Bannon at latrobe.edu.au Wed Jan 24 21:47:54 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:09 2003 Subject: [FIX] Clarifcation on Win2k domain client support In-Reply-To: <3A6F1589.22F927E2@valinux.com> Message-ID: <3.0.6.32.20010125084754.008b9a50@bioserve.latrobe.edu.au> At 11:48 AM 24-01-01 -0600, Gerald Carter wrote: >We need to clarify Samba's ability to operate as a member of >native Win2k domains. In the past I have made the statement >that > ... Current release and HEAD CVS >versions of Samba requires NetBIOS support and ntlmv1 >support on the DC's. Hi Gerry, Just to be perfectly clear about this before I hack away at the FAQ : Current Release : 2.0.7 ? Samba 2.2 pre-whatever ? Head ? I cannot do any testing my self, still don't have any samba DC set up at my new job, working on it though.... David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From wum at lorex.com Wed Jan 24 21:58:16 2001 From: wum at lorex.com (Mu Wu) Date: Tue Dec 2 02:33:09 2003 Subject: samba 2.2.0alpha PDC and w2k Message-ID: <000001c08650$c24659f0$3c00a8c0@lorex.com> In today's version of samba 2.2.0 alpha, domain logon works. However, I ran into a new problem. As the user creates a new profile, some of the permission of the profile directory, such as "My Docoments", are d---------. The user's profile directory cannot be read or write to by the user. Anyone has similar problems? Mu Wu From Stanley.Skidmore at PSS.Boeing.com Wed Jan 24 22:25:09 2001 From: Stanley.Skidmore at PSS.Boeing.com (Skidmore, Stanley G) Date: Tue Dec 2 02:33:09 2003 Subject: CVS question Message-ID: Good afternoon, Currently we are using Samba version 2.0.7 with great success. Now, however, we have had groups that are bringing in W2k workstations and servers. Where do I need to go to get the latest version of Samba 2.2? I suppose I would need to use cvs... Thanks in advance for your help Regards Stan From D.Bannon at latrobe.edu.au Wed Jan 24 22:35:04 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:09 2003 Subject: CVS question In-Reply-To: Message-ID: <3.0.6.32.20010125093504.008c4870@bioserve.latrobe.edu.au> At 02:25 PM 24-01-01 -0800, Skidmore, Stanley G wrote: >Good afternoon, >Currently we are using Samba version 2.0.7 with great success. Now, however, we have had groups that are bringing in W2k workstations and servers. Where do I need to go to get the latest version of Samba 2.2? >I suppose I would need to use cvs... > Please read the Howto and FAQ for 2.2 on the Documentation page of the Samba site. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From peter.milburn at sofcom.com.au Wed Jan 24 22:35:52 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:09 2003 Subject: Authentication Message-ID: I have 2.2 running as a PDC with roaming profiles, with no problems. The only issue I have now, is it is not allowing a user to change their passwd from the windows machine. Any help.. cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From sambastuff at jabba.glfc.com Wed Jan 24 22:40:55 2001 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:33:09 2003 Subject: SAMBA2_2 Today.. EVEN domains don't work.. ODD's do Message-ID: I've been doing some testing why I can't join domains today.. Even domains do not work.. Odd's do.. For example in my testing today: GLFC - Not work DEV - works GLFC1 - works CHEESE - Not work CHEESEA - works CHEESEB - works EVEN - Not work ODD - works When i try to join an even domain, it asks for the username/password of a domain user... after finishing that dialog.. it pauses for 3 minutes, and then says "The specified domain either does not exist or cannot be contacted" the odd goes it perfect.. clients are win2k.. Brian From sambastuff at jabba.glfc.com Wed Jan 24 22:19:46 2001 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:33:09 2003 Subject: SAMBA_2_2 Even Domain names FAIL.. odds ok Message-ID: Looks like today we have the opposite problem... The Even domain names fail to join the Domain while the odds succeed.. GLFC - Fail DEV - succeed GLFC1 - Succeed CHEESE - Fail CHEESEA - Succeed CHEESEAB - Fail The even's just time out and say "The specified domain either does not exist or could not be contacted" after waiting 3 minutes after entering the root username/password for joining the domain. the odds work perfect. ?Anyone else? Brian From Hugh.Fisher at act.cmis.CSIRO.AU Wed Jan 24 22:47:45 2001 From: Hugh.Fisher at act.cmis.CSIRO.AU (Hugh Fisher) Date: Tue Dec 2 02:33:09 2003 Subject: samba 2.2.0alpha PDC References: <20010124200119.B49F58218@lists.samba.org> Message-ID: <3A6F5B91.5DB6A05C@act.cmis.csiro.au> > > Reply-To: > From: "Mu Wu" > To: > Subject: Re: samba 2.2.0alpha PDC > Date: Tue, 23 Jan 2001 17:39:18 -0500 > > Yes, I got the same thing. CVS version 2.2.0. Jan 23, 2001. > > > Does anyone get this error message when trying to connect a windows > 2000 > > machine to the linux pdc ? > > te remote procedure call failed I got that error with the same version of Samba as the primary domain controller for Win2K clients. Cause in my case was that the machine NetBios name was not entered in the Samba password file. (To be on the safe side I set up dummy Unix accounts for all the machines in the domain as well - is that really necessary?) Hugh Fisher DCS, ANU From D.Bannon at latrobe.edu.au Wed Jan 24 22:51:47 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:10 2003 Subject: Authentication In-Reply-To: Message-ID: <3.0.6.32.20010125095147.008d0190@bioserve.latrobe.edu.au> At 09:35 AM 25-01-01 +1100, Peter Milburn wrote: >I have 2.2 running as a PDC with roaming profiles, with no problems. The >only issue I have now, is it is not allowing a user to change their passwd >from the windows machine. > Try doing it without unix sync turned on. Lots of things go wrong at that stage. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Wed Jan 24 22:53:31 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:10 2003 Subject: SAMBA2_2 Today.. EVEN domains don't work.. ODD's do In-Reply-To: Message-ID: <3.0.6.32.20010125095331.008d1ba0@bioserve.latrobe.edu.au> At 04:40 PM 24-01-01 -0600, sambastuff@jabba.glfc.com wrote: >I've been doing some testing why I can't join domains today.. >Even domains do not work.. Odd's do.. Brian, are you using a CVS download or one of the FTP tarballs ? This problem was fixed before xmas but only in the ftp download. You will certainly see it in a tarball. Please read the FAQ. David >For example in my testing today: > >GLFC - Not work >DEV - works >GLFC1 - works >CHEESE - Not work >CHEESEA - works >CHEESEB - works >EVEN - Not work >ODD - works > >When i try to join an even domain, it asks for the username/password of a >domain user... after finishing that dialog.. it pauses for 3 minutes, and >then says "The specified domain either does not exist or cannot be >contacted" > >the odd goes it perfect.. > >clients are win2k.. > >Brian > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From horde at promax.com.mx Wed Jan 24 22:57:19 2001 From: horde at promax.com.mx (Francisco Villagrana) Date: Tue Dec 2 02:33:10 2003 Subject: How setup Scripts Message-ID: <002201c08659$01489840$32bdf494@promax.com.mx> After install Samba , i need make scripts to clients, but i need tool to make this... i have windows 95 Machines windows 98 Machines Windows ME Machines Windows 2000 Server Windows Nt Server 4.0 Will i need scripts Regards. -------------- next part -------------- HTML attachment scrubbed and removed From nelson.gamazo at cigb.edu.cu Wed Jan 24 22:52:02 2001 From: nelson.gamazo at cigb.edu.cu (Nelson Gamazo Sanchez) Date: Tue Dec 2 02:33:10 2003 Subject: Whe a computer with Windows 2000 Message-ID: Whe a computer with Windows 2000 is added to a domain, is added the "Domain Admins" group to the Administrator group in this computer. This is maked for default How i can disable this? From Hugh.Fisher at act.cmis.CSIRO.AU Wed Jan 24 22:59:43 2001 From: Hugh.Fisher at act.cmis.CSIRO.AU (Hugh Fisher) Date: Tue Dec 2 02:33:10 2003 Subject: Windows 2000 and Samba2.2 - Roaming Profiles References: <20010124200119.B49F58218@lists.samba.org> Message-ID: <3A6F5E5F.EDEB86C@act.cmis.csiro.au> > Does anyone out there have Samba 2.2 actually working with Windows 2000 > Pro clients, and specifically, using Roaming Profiles? > Samba is acting as a PDC and works great for Win98. And as far as I can > tell, everything seems to work with Win2000 EXCEPT the Roaming > Profiles. > > I can access all the shares, read and write files, even the login script > works!!! (which I won't need if the profiles would work) I have Samba 2.2 with Windows 200 clients and roaming profiles almost work. In my setup the profiles are stored in the user home directory. I'm aware of the possible user logs off & next user loads wrong profile possible bug, but setting up the directory is tricky and too many apps store stuff in the users profile instead of their home :-( Control panel settings, ntuser.dat, etc all get stored just fine whether in the home directory or in [Profiles]. The one glitch is that Win200 tries to create a directory profiles\Application Data\Microsoft\My\Keys\ and this fails according to the Samba debugging output. Frankly, I'm not worried about it. Things to check: If you are using a separate [Profiles] share in the samba config file, have you set writable = yes ? If not, you'll have to set up mandatory profiles yourself. And also with the [Profiles] share, are the Unix permissions also set to be writable by the client? Windows 2000 wants to create a whole directory, not just a file. Hope this helps. Hugh Fisher DCS, ANU From sambastuff at jabba.glfc.com Wed Jan 24 22:52:46 2001 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:33:10 2003 Subject: sorry for the repeat In-Reply-To: Message-ID: sendmail lost the mail earlier and decided to send it back out From sambastuff at jabba.glfc.com Wed Jan 24 23:02:33 2001 From: sambastuff at jabba.glfc.com (sambastuff@jabba.glfc.com) Date: Tue Dec 2 02:33:10 2003 Subject: SAMBA2_2 Today.. EVEN domains don't work.. ODD's do In-Reply-To: <3.0.6.32.20010125095331.008d1ba0@bioserve.latrobe.edu.au> Message-ID: CVS Today... but i thought that only affected ODD domains that wouldn't work brian On Thu, 25 Jan 2001, David Bannon wrote: > At 04:40 PM 24-01-01 -0600, sambastuff@jabba.glfc.com wrote: > >I've been doing some testing why I can't join domains today.. > >Even domains do not work.. Odd's do.. > > Brian, are you using a CVS download or one of the FTP tarballs ? This > problem was fixed before xmas but only in the ftp download. You will > certainly see it in a tarball. Please read the FAQ. > > David > > > > >For example in my testing today: > > > >GLFC - Not work > >DEV - works > >GLFC1 - works > >CHEESE - Not work > >CHEESEA - works > >CHEESEB - works > >EVEN - Not work > >ODD - works > > > >When i try to join an even domain, it asks for the username/password of a > >domain user... after finishing that dialog.. it pauses for 3 minutes, and > >then says "The specified domain either does not exist or cannot be > >contacted" > > > >the odd goes it perfect.. > > > >clients are win2k.. > > > >Brian > > > > > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 9479 2197 > La Trobe University, Plenty Rd, Fax 61 03 9479 2467 > Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! > From gcarter at valinux.com Wed Jan 24 23:18:46 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:10 2003 Subject: [FIX] Clarifcation on Win2k domain client support References: <3.0.6.32.20010125084754.008b9a50@bioserve.latrobe.edu.au> Message-ID: <3A6F62D6.FD5431CF@valinux.com> David Bannon wrote: > > >... Current release and HEAD CVS > >versions of Samba requires NetBIOS support and ntlmv1 > >support on the DC's. > > Hi Gerry, > Just to be perfectly clear about this before I hack > away at the FAQ : > > Current Release : 2.0.7 ? > Samba 2.2 pre-whatever ? > Head ? David, 2.0.7, SAMBA_2_2 & HEAD all can act as domain file/print servers for a native Win2k domain as long as NetBIOS and NTLMv1 is enabled on the DC. A mixed mode Win2k DC is only needed if NT4 BDC exists in the domain. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From jbrown at db2000.com Wed Jan 24 23:35:37 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:10 2003 Subject: Windows 2000 and Samba2.2 - Roaming Profiles Message-ID: >Things to check: > >If you are using a separate [Profiles] share in the samba config >file, have you set writable = yes ? If not, you'll have to set >up mandatory profiles yourself. > >And also with the [Profiles] share, are the Unix permissions >also set to be writable by the client? Windows 2000 wants to >create a whole directory, not just a file. ********************************************************************* Thanks, I checked those things and I do have a separate "Profiles" share and it is set up as follows: [Profiles] comment = User Profiles Share path = /home/profiles read only = No create mask = 0700 force create mode = 0700 security mask = 0700 force security mode = 0700 directory mask = 0700 force directory mode = 0700 directory security mask = 0700 force directory security mode = 0700 Does this look like it should work? To be honest, I am not sure what you mean about the Unix permisions set to be writeable by the client... What's confusing is that it does create most of the directories correctly - only a few of them fail. I have found that once the dir structure is created (by the client), if I do a chmod -R 0700 on the user's profile directory, it works fine until it needs to create a new directory somewhere in there. thanks, jonathan >>> Hugh Fisher 01/24/01 05:59PM >>> > Does anyone out there have Samba 2.2 actually working with Windows 2000 > Pro clients, and specifically, using Roaming Profiles? > Samba is acting as a PDC and works great for Win98. And as far as I can > tell, everything seems to work with Win2000 EXCEPT the Roaming > Profiles. > > I can access all the shares, read and write files, even the login script > works!!! (which I won't need if the profiles would work) I have Samba 2.2 with Windows 200 clients and roaming profiles almost work. In my setup the profiles are stored in the user home directory. I'm aware of the possible user logs off & next user loads wrong profile possible bug, but setting up the directory is tricky and too many apps store stuff in the users profile instead of their home :-( Control panel settings, ntuser.dat, etc all get stored just fine whether in the home directory or in [Profiles]. The one glitch is that Win200 tries to create a directory profiles\Application Data\Microsoft\My\Keys\ and this fails according to the Samba debugging output. Frankly, I'm not worried about it. From jbrown at db2000.com Wed Jan 24 23:48:30 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:10 2003 Subject: samba 2.2.0alpha PDC and w2k Message-ID: I have the exact same problem. Most other things seem to work great! I have been struggling with this for the last 4 days. And have really no "good" solutions. One way to make it work (at least for me) is to add "CREATOR-OWNER" to each particular user's profie folder on the Win2k workstation. I have not "thoroughly" tested that, but I know it at least seems to work fine. This is not good because you have to do that for each user that logs onto that workstation. I have not found a way to make win2k do this automatically, as it will not let that permission/acl propogate or inherit or whatever they call it. If you figure this out before I do, please, please let me know..... thanks, jonathan >>> "Mu Wu" 01/24/01 04:58PM >>> In today's version of samba 2.2.0 alpha, domain logon works. However, I ran into a new problem. As the user creates a new profile, some of the permission of the profile directory, such as "My Docoments", are d---------. The user's profile directory cannot be read or write to by the user. Anyone has similar problems? Mu Wu From jeremy at valinux.com Wed Jan 24 22:24:19 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:10 2003 Subject: samba 2.2.0alpha PDC and w2k References: <000001c08650$c24659f0$3c00a8c0@lorex.com> Message-ID: <3A6F5613.4D1B000C@valinux.com> Mu Wu wrote: > > In today's version of samba 2.2.0 alpha, domain logon works. However, I ran > into a new problem. As the user creates a new profile, some of the > permission > of the profile directory, such as "My Docoments", are d---------. The user's > profile directory cannot be read or write to by the user. Anyone has similar > problems? > Mu Wu Can you recreate this with a debug level 10 log please ? I need to see the create flags the NT client is sending the smbd. Thanks, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From jbrown at db2000.com Thu Jan 25 00:59:15 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:10 2003 Subject: samba 2.2.0alpha PDC and w2k Message-ID: I can sure recreate the problem, but how do you do a debug level 10 log? -jonathan >>> Jeremy Allison 01/24/01 05:24PM >>> Mu Wu wrote: > > In today's version of samba 2.2.0 alpha, domain logon works. However, I ran > into a new problem. As the user creates a new profile, some of the > permission > of the profile directory, such as "My Docoments", are d---------. The user's > profile directory cannot be read or write to by the user. Anyone has similar > problems? > Mu Wu Can you recreate this with a debug level 10 log please ? I need to see the create flags the NT client is sending the smbd. Thanks, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From peter.milburn at sofcom.com.au Thu Jan 25 01:14:28 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:10 2003 Subject: samba 2.2 Message-ID: Hi, I have a sambapdc running ok with no probs, I have one machine that has been able to join the domain, I changed the feild workgroup this morning, and retstarted samba, I could get another machine to join the domain, so I changed the work group feild back to what it was. The machine that has already joined the domain, still will authenicate and use roaming profiles. Ijust can not get another computer to join the domain. This is from the log.nmbd nmb packet from 203.7.146.57(137) header: id=32854 opcode=Query(0) response=No header: flags: bcast=Yes rec_avail=No rec_des=Yes trunc=No auth=No header: rcode=0 qdcount=1 ancount=0 nscount=0 arcount=0 question: q_name=PIRO<20> q_type=32 q_class=1 Any help would be apreciated Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From peter.milburn at sofcom.com.au Thu Jan 25 03:43:13 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:10 2003 Subject: Samba2.2alpha1 Message-ID: Hi all.. As I have stated before, I have samba 2.2alpha1 running as a pdc with 1 win2kws joined to the domain. I am trying to get another machine to join the domain. I am getting 2 errors... The account used is a computer account. USe your global user account or local user account to access this server. When I try to join the domain again, I get this error.. The remote procedure call failed. If anyone can help me with this it would be appreciated. Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From dwcjr at inethouston.net Thu Jan 25 04:23:26 2001 From: dwcjr at inethouston.net (David W. Chapman Jr.) Date: Tue Dec 2 02:33:10 2003 Subject: Setup Question Message-ID: <003b01c08686$8fd03320$931576d8@inethouston.net> I have a samba(2.0.7) server and an nt member server. I'd like to have my nt server use the samba server for its passwords. I know I will probably have to set it up as a BDC, but does samba-2.0.7 support that? If not, which of the two branches will support it? From dsb at world.std.com Thu Jan 25 04:41:14 2001 From: dsb at world.std.com (David Boyce) Date: Tue Dec 2 02:33:10 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open more than 1014 (or rlim_fd_max) files In-Reply-To: <3A6F36B5.D32EEB98@canada.sun.com> References: <20010124095643.J344@wnc0s00u.nortelnetworks.com> Message-ID: <4.3.2.7.2.20010124230952.00d6e6c0@world.std.com> At 03:10 PM 1/24/01 -0500, David Collier-Brown wrote: >Eric Boehm wrote: > > I would like to submit the following patch to source/lib/util.c to allow > > Samba under Solaris to open more than 1014 files -- or whatever the kernel > > variable rlim_fd_max is set to. > > > The reason for this is that smbd uses fopen to open the machine account > (mac) > > file. fopen without sfio or in a 32-bit compilation environment is > limited to > > 256 file descriptors. > > Fopen is used numerous times, via sys_fopen, > or I'd suggest we just not use fopen at all... Yes, when I last checked two years ago sys_fopen() was used in ~56 places. Which is unfortunate as it leads to a subtle bug but I don't think any Samba developer is so bored as to rewrite all of Samba to use low-level IO. It's easier to link with sfio or build in 64-bit mode and solve the problem that way, as Eric says. BUT! The point of his message was orthogonal to fopen(), sys_fopen(), and sfio. He mentioned them only in passing and I'd hate to see his thread get sidetracked on that topic. The point of the patch is to allow Samba to raise the hard fd limit on systems which allow it and when appropriate privileges are held. This gives a new degree of freedom to the administrator and allows for a significant performance enhancement in some uses (specifically with ClearCase). I don't see any downside to it; if the OS refuses to allow the hard limit to be raised it just falls back to existing behavior. The default behavior remains unchanged but now, if you explicitly ask for a feature and the underlying OS supports it, you're no longer artificially prevented from getting at it - and that seems good. -David Boyce From lee.taylor at aeroton.scania.co.za Thu Jan 25 09:52:33 2001 From: lee.taylor at aeroton.scania.co.za (C.Lee Taylor) Date: Tue Dec 2 02:33:10 2003 Subject: Authentication .... References: Message-ID: <009801c086b4$8ac9f360$6201010a@CLeeTaylor> > significant diff. between nt-auth and unix auth is that the nt-auth uses > the hashes as cleartext-equivalent. i.e. they might as _well_ have stored > the plaintext password in the SAM db, and used that in their > authentication algorithms. Okay, so the stored hash is so different they can't be shared ... just as I suspected, but this does not help with my little problem ... as I remember somebody saying once, that what I am trying to achieve is the Holy Grail on Linux/M$ interpolation ... I have no plan to have to recapture user data between Linux and M$ Servers ... as I said, I have looked at winbind, but if I understand that gives Linux the ability to auth against a PDC, which is not as secure ( from the discussion ) or create more overhead on the network/server ... not what I am looking for ... I have thought that maybe I could setup a Samba-TNG server on a root like server which has LDAP as backend ... then have M$-TermServer and M$-SQL server as member servers using Samba-TNG PDC auth the system ... But I would like to see what other people have come across ... and another things is that I know the LDAP is broken in Samab 2.2 ( which might be fix in future ) and not sure about how stable LDAP is in Samba 2.0.7 ... Thanks again for all the input ... Mailed C.Lee Taylor From pdeliot at ocare.com Thu Jan 25 10:07:43 2001 From: pdeliot at ocare.com (Pascal Deliot) Date: Tue Dec 2 02:33:10 2003 Subject: Samba 2.2.0alpha CVS PDC and w2k References: Message-ID: <3A6FFAEF.1010106@ocare.com> I'm using a recent CVS of the 2.2.0 as a PDC. I have been able to add NT 4.0 machines to the domain and to log some Win98 machines. But when i try to add WIN2K machines to the domain i have the following message: "The procedure number is out of range". Nothing appear in the log files, even with a high log level. Is anyone have a idear about the source of the problem. Thaks From lkcl at samba.org Thu Jan 25 10:49:52 2001 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:10 2003 Subject: Authentication .... In-Reply-To: Message-ID: > > the user session key [the use of which is part of the security problem] is > > used as the RC4 key. > > > > that's all there is to it. > > > > it is "assumed" that the RC4 key - the user session key - cannot be > > spoofed. > > > > which it utterly STUPID because on ntlm v1 it's just MD4(nt password > > hash). > > I agree with you Luke, it's a bit light on the security side. But on NT, > in which calls can the RC4 key be spoofed ? see below. > Unless you have also spoofed the machine password, it's pretty hard and > long. the workstation trust account is not involved with the SamrSetInformationUser and SamrGetInfoUser calls, or the LsaSetSecret, or the LsaQuerySecret (the latter now only works on NT4 SP3 and below, AS/U and all ports, and Samba TNG). > And brute forcing the NT hash doesn't give you anything in that case. correct. however, as i said, the wksta trust is not involved, here. i have outlined in detail how to security attacks against SamrGet/SetInfoUser, on NTBUGTRAQ. approx april/may 2000. basically you look for two SamrSetInfoUser calls and XOR them together. standard RC4 crypto attack. From harrietr at mailstreet.nl Thu Jan 25 11:50:40 2001 From: harrietr at mailstreet.nl (Harrie ter Rele) Date: Tue Dec 2 02:33:10 2003 Subject: Samba & NT Message-ID: <01C086CD.6CEF1780.harrietr@mailstreet.nl> Hi, I have a question; i'm having an older version of samba (1.9.18p10) which is configured as a domain controller. And there is also a workgroup configured. I have a lot of W95 clients which are working without problems. Now i'm trying to connect a Windows NT Workstation (SP6) to the samba server but it didn't work! I didn't see the workgroup name i provided on the logon screen the only two thing there are username/passwd What do i do wrong ? Or isn't this possible at all (i know i have to upgrade samba) Harrie ter Rele harrietr@mailstreet.nl From esexauer at neuearbeit.de Thu Jan 25 12:32:24 2001 From: esexauer at neuearbeit.de (Ernst Sexauer) Date: Tue Dec 2 02:33:10 2003 Subject: Samba & NT References: <01C086CD.6CEF1780.harrietr@mailstreet.nl> Message-ID: <3A701CD8.32D58026@neuearbeit.de> Harrie ter Rele schrieb: > Hi, > I have a question; i'm having an older version of samba (1.9.18p10) which > is configured as a domain controller. And there is also a workgroup > configured. You should use version 2.07. A lot auf domain-related problems have been fixed since 1.9. Regards E.R. Sexauer From pbocek at iol.cz Thu Jan 25 12:38:25 2001 From: pbocek at iol.cz (Pavel Bocek) Date: Tue Dec 2 02:33:10 2003 Subject: [FIX] Clarifcation on Win2k domain client support References: <3.0.6.32.20010125084754.008b9a50@bioserve.latrobe.edu.au> <3A6F62D6.FD5431CF@valinux.com> Message-ID: <007901c086cb$b9168dc0$0500a8c0@kayak> > David, > > 2.0.7, SAMBA_2_2 & HEAD all can act as domain file/print > servers for a native Win2k domain as long as NetBIOS and > NTLMv1 is enabled on the DC. > > A mixed mode Win2k DC is only needed if NT4 BDC exists > in the domain. Hi, Is the ability to assign permission on shares created on client's PCs already supported in SAMBA_2_2? Is it planned? thanks, pavel From David.Collier-Brown at canada.sun.com Thu Jan 25 13:40:04 2001 From: David.Collier-Brown at canada.sun.com (David Collier-Brown) Date: Tue Dec 2 02:33:10 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open morethan 1014 (or rlim_fd_max) files References: <20010124095643.J344@wnc0s00u.nortelnetworks.com> <4.3.2.7.2.20010124230952.00d6e6c0@world.std.com> Message-ID: <3A702CB4.61C262B6@canada.sun.com> David Boyce wrote: > The point of the patch is to allow Samba to raise the hard fd limit on > systems which allow it [...] The default behavior > remains unchanged but now, if you explicitly ask for a feature and the > underlying OS supports it, you're no longer artificially prevented from > getting at it - and that seems good. I quite agree! --dave -- David Collier-Brown, | Always do right. This will gratify Performance & Engineering Team | some people and astonish the rest. Americas Customer Engineering | -- Mark Twain (905) 415-2849 | davecb@canada.sun.com From bgmilne at cae.co.za Thu Jan 25 13:58:25 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:10 2003 Subject: [Fwd: PAM question] Message-ID: <3A703101.86384ED8@cae.co.za> Sorry about this, it's a bit off-topic, but the list I have psted this to seems to be down at the moment, and I think I might find someone who can help me here ... -------- Original Message -------- Subject: PAM question Date: Wed, 24 Jan 2001 22:42:26 +0200 From: Buchan Milne Organization: Stellenbosch Automotive Engineering To: Expert Linux List I am currently trying to get authentication of wu-imap from a samba PDC using the pam_smb module. I have managed to be able to login on the console with my windows password, and have even managed to log in via ssh using my windows password. However, following the same principles, I haven't managed to connect to the imap server. I have compiled wu-imap from source, with "make lnp" which is supposed to compile with pam support. Entries in the file /var/log/security indicate the the imap server is indeed using PAM. Here are the 2 working pam config files: /etc/pam.d/login: #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_smb_auth.so debug auth sufficient /lib/security/pam_pwdb.so shadow nullok use_first_pass auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so nullok use_authtok shadow md5 session required /lib/security/pam_pwdb.so session optional /lib/security/pam_console.so /etc/pam.d/sshd: #%PAM-1.0 auth sufficient /lib/security/pam_pwdb.so shadow nodelay auth sufficient /lib/security/pam_smb_auth.so debug use_first_pass auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok session required /lib/security/pam_pwdb.so session required /lib/security/pam_limits.so Here is my current file for imap: /etc/pam.d/imap: #%PAM-1.0 auth sufficient /lib/security/pam_pwdb.so shadow nullok auth sufficient /lib/security/pam_smb_auth.so debug use_first_pass account required /lib/security/pam_pwdb.so As you will see, in each case I simply changed the auth required line for pam_pwdb to auth sufficient and added an auth sufficient line for pam_smb, adding use_first_pass with the 2nd of the 2. Here is a tail of /var/log/security following a successful ssh login and failed imap connection: Jan 24 23:00:07 www imapd[12758]: pam_smb: Local UNIX username/password check incorrect. Jan 24 23:00:07 www imapd[12758]: pam_smb: Configuration Data, Primary CAEPDC, Backup CAEPDC, Domain CAE. Jan 24 23:01:53 www imapd[12768]: connect from 146.232.146.2 Jan 24 23:01:59 www sshd[12769]: pam_smb: Local UNIX username/password check incorrect. Jan 24 23:01:59 www sshd[12769]: pam_smb: Configuration Data, Primary CAEPDC, Backup CAEPDC, Domain CAE. Jan 24 23:02:07 www imapd[12806]: connect from 146.232.146.2 Jan 24 23:02:07 www imapd[12806]: pam_smb: Local UNIX username/password check incorrect. Jan 24 23:02:07 www imapd[12806]: pam_smb: Configuration Data, Primary CAEPDC, Backup CAEPDC, Domain CAE. Jan 24 23:02:08 www imapd[12768]: pam_smb: Local UNIX username/password check incorrect. Jan 24 23:02:08 www imapd[12768]: pam_smb: Configuration Data, Primary CAEPDC, Backup CAEPDC, Domain CAE. Does anyone have any advice for me ... the idea here is to let all the windows lusers read email on the imap/pop server without them having to keep 2 passwords sync'ed, not for me to be able to log into the machines with passwords that might have been sniffed ;-) Buchan (P.S. This machine is Linux-Mandrake 7.1 with samba 2.0.7, pdc is more or less the same) -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From Axel.Thimm at physik.fu-berlin.de Thu Jan 25 15:02:43 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:10 2003 Subject: tdb status? Message-ID: <20010125160243.A2950@pua.domain> I am trying to setup 2.2.0-alpha1. What is the status of tdb therein? If I configure --with-tdbpwd then smbpasswd is a tdb file and not smbpasswd.tdb. What is the concept? Shouldn't there remain a text based smbpasswd for compatibility reasons, or shouldn't there be a way to convert from text to tdb and backwards? I'd like to periodically check syncronization of unix and Samba users. Other than reading the source, is the new tdb philosophy documented somewhere (which files etc.)? Thanks, Axel. -- Axel.Thimm@physik.fu-berlin.de From gcarter at valinux.com Thu Jan 25 15:09:00 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:10 2003 Subject: tdb status? References: <20010125160243.A2950@pua.domain> Message-ID: <3A70418C.5884CD24@valinux.com> Axel Thimm wrote: > > I am trying to setup 2.2.0-alpha1. What is the status > of tdb therein? If I configure --with-tdbpwd then smbpasswd is > a tdb file and not smbpasswd.tdb. > > What is the concept? Shouldn't there remain a text > based smbpasswd for compatibility reasons, or shouldn't there > be a way to convert from text to tdb and backwards? I'd > like to periodically check syncronization of unix and Samba > users. > > Other than reading the source, is the new tdb > philosophy documented somewhere (which files etc.)? The main samtdb development has gone into HEAD. The code is 2.2 is probably (almost assuradly insufficient for production). Any the only docs so far is the pdb_tdb.c file in HEAD and the various passdb threads in the samba-technical mailing list archives. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From joakim.tjernlund at lumentis.se Thu Jan 25 15:09:53 2001 From: joakim.tjernlund at lumentis.se (Joakim Tjernlund) Date: Tue Dec 2 02:33:10 2003 Subject: Samba 2.2 Domains & RedHat 7.0 problems[FIXED] Message-ID: Hi All I have been trying to join a W2K workstion to a samba 2.2.x PDC for weeks now.I was getting all sorts of error messages and internal errors too. I then remembered something about Redhat 7.0 gcc beeing unstable. I switched to kgcc(included in RH 7.0 also) and suddenly it was possible to join the samba PDC domain!! Conclusion: Do not use gcc in RH 7.0! Use kgcc instead. Jocke From pilger at higp.hawaii.edu Thu Jan 25 16:25:39 2001 From: pilger at higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:33:10 2003 Subject: Samba2.2alpha1 References: Message-ID: <3A705383.4F2E215@higp.hawaii.edu> This is the exact problem that has been stopping me cold for months. I have tried from a range of Win2K installations (old, new, patched, not). I have tried smb.conf files ranging from my standard file to one taken directly from the FAQ. I have treid a constant stream of updates and original installations from CVS. What does this message mean? Is the "computer account" the machine name with a $? I certainly am not using that account. I get this message using either my own account, or root (which I have added to the smbpasswd file). Peter Milburn wrote: > Hi all.. As I have stated before, I have samba 2.2alpha1 running as a pdc > with 1 win2kws joined to the domain. > > I am trying to get another machine to join the domain. I am getting 2 > errors... > > The account used is a computer account. USe your global user account or > local user account to access this server. > > When I try to join the domain again, I get this error.. > > The remote procedure call failed. > > If anyone can help me with this it would be appreciated. > > Cheers, > > -- > Peter Milburn > Systems Manager > Software Communication Group Ltd > > peter.milburn@sofcom.com.au > > Ph: +613 9826 8300 Fax: +613 9826 8336 > > Level 16, 644 Chapel St > South Yarra, Vic 3141 > > www.sofcom.com.au > > ******************************************** > This message contains privileged and confidential information intended only > for the use of the addressee named above. If you are not the intended > recipient of this message you must not disseminate, copy or take any action > in reliance on it. If you have received this message in error, please > notify Software Communication Group immediately. > > Any views expressed in this message are those of the individual sender > except where the sender specifically states them to be the views of Software > Communication Group. > > ******************************************** -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 (Voice/FAX) From jbcurry at hline.localhealth.net Thu Jan 25 17:36:34 2001 From: jbcurry at hline.localhealth.net (JBCurry) Date: Tue Dec 2 02:33:10 2003 Subject: Authentication In-Reply-To: Message-ID: > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Peter Milburn > Sent: Wednesday, January 24, 2001 5:36 PM > > > I have 2.2 running as a PDC with roaming profiles, with no problems. The > only issue I have now, is it is not allowing a user to change their passwd > from the windows machine. > Are these Win9x, NT or 2000? Which password are you saying isn't getting changed - the smbpasswd, or the Unix password? What is the error that you get? A common problem with Win9x clients is how the "Change Password" control panel item is used. Make sure that both the Windows Password and the Microsoft Network password are both being changed, or you may have problems next time you change the password or log on. If your smbpasswd is being changed o.k., but not your Unix password, make sure that password sync is turned on and your password chat parameter is set up properly. From ghvetter at state.nd.us Thu Jan 25 18:41:58 2001 From: ghvetter at state.nd.us (Vetter, Gary H.) Date: Tue Dec 2 02:33:10 2003 Subject: [FIX] Clarifcation on Win2k domain client support Message-ID: We still can't access the Microsoft site (to read the link) after their DNS problems; can Samba be a member server in a native W2K domain using Active Directory? -----Original Message----- From: Gerald Carter [mailto:gcarter@valinux.com] Sent: Wednesday, January 24, 2001 11:49 AM To: samba-ntdom@samba.org Cc: Martin Radford; David Bannon Subject: [FIX] Clarifcation on Win2k domain client support Folks, We need to clarify Samba's ability to operate as a member of native Win2k domains. In the past I have made the statement that "Samba requires a mixed mode Win2k DC just like any NT 4 clients" This is partially correct. Current release and HEAD CVS versions of Samba requires NetBIOS support and ntlmv1 support on the DC's. You do not need a mixed mode DC's for this. The only circumstance (as I understand it currently) for which you will require a mixed mode DC is if you are still running NT4 BDC's. Many thanks to Martin Radford for bring the following URL to my attention (it has been wrapped for readability). http://www.microsoft.com/windows2000/library/ planning/incremental/upgradent.asp Samba's ability to join a Win2k domain with native mode DCs has been verified against both the vanilla install of Win2k and SP1. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Thu Jan 25 18:48:27 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:10 2003 Subject: [FIX] Clarifcation on Win2k domain client support References: Message-ID: <3A7074FB.C29DEBF3@valinux.com> "Vetter, Gary H." wrote: > > We still can't access the Microsoft site (to read the > link) after their DNS problems; can Samba be a member server > in a native W2K domain using Active Directory? No. Not AD. Samba requires NetBIOS and NTLMv1 as I stated below. The correction was that Win2k DC's provide and legacy interface to the account database via the SAMR RPCs. All Win2k DC can provide this interface, not just a mixed mode DC. > -----Original Message----- > From: Gerald Carter [mailto:gcarter@valinux.com] > Sent: Wednesday, January 24, 2001 11:49 AM > To: samba-ntdom@samba.org ... > ...Current release and HEAD CVS > versions of Samba requires NetBIOS support and ntlmv1 > support on the DC's. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From simo.sorce at polimi.it Wed Jan 24 12:03:55 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:10 2003 Subject: tdb status? In-Reply-To: <20010125160243.A2950@pua.domain> Message-ID: On Thu, 25 Jan 2001, Axel Thimm wrote: > I am trying to setup 2.2.0-alpha1. What is the status of tdb therein? If I > configure --with-tdbpwd then smbpasswd is a tdb file and not smbpasswd.tdb. > Please first of all get the latest CVS version. this is still experimental, anyway there's not smpasswd text file anymore when you compile with --with-tdbsam option but if you want to import a previous text file or to print the contents of the tdb passwd file you should use the pdbedit utility I've made. This command will import a text smbpasswd file. # pdbedit -i /path/to/smbpasswd This command will print the tdb contents in the smbpasswd format. # pdbedit -l -w > What is the concept? Shouldn't there remain a text based smbpasswd for > compatibility reasons, or shouldn't there be a way to convert from text to tdb > and backwards? I'd like to periodically check syncronization of unix and Samba > users. > > Other than reading the source, is the new tdb philosophy documented somewhere > (which files etc.)? Basically tdb is meant to control more user parameters than the old smbpasswd file as in user manager for winnt and also speed up data lookup with the tdb database. Unfortunately no documentation is still available. > Thanks, Axel. > -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From jbrown at db2000.com Thu Jan 25 21:50:40 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:10 2003 Subject: Samba 2.2 Domains & RedHat 7.0 problems[FIXED] Message-ID: Hi, I had seen this somewhere before and tried it, and it worked, but didn't realize how important it is... and I need to do that again, but now I can't find the instructions on how to do it. Can you tell me how to do it? From Joakim.Tjernlund at lumentis.se Thu Jan 25 22:28:11 2001 From: Joakim.Tjernlund at lumentis.se (Joakim Tjernlund) Date: Tue Dec 2 02:33:10 2003 Subject: Samba 2.2 Domains & RedHat 7.0 problems[FIXED] Message-ID: <001501c0871e$1a1c3a00$4a97143e@jocke> Hi Jonathan I did: make CC=kgcc and make CC=kgcc install Don't forget to do "make clean" first. Jocke PS. This(use kgcc instead of gcc in RH 7) should be stated in the FAQ/HOWTO. ---------------------------------------------------------------------------- ---- Hi, I had seen this somewhere before and tried it, and it worked, but didn't = realize how important it is... and I need to do that again, but now I can't find the instructions on how = to do it. Can you tell me how to do it? >From what I remember, it was something like this: CC=3D"kgcc" ./configure then do make and make install Is that correct? thanks, jonathan >>> "Joakim Tjernlund" 01/25/01 10:09AM >>> Hi All I have been trying to join a W2K workstion to a samba 2.2.x PDC for weeks now.I was getting all sorts of error messages and internal errors too. I then remembered something about Redhat 7.0 gcc beeing unstable. I = switched to kgcc(included in RH 7.0 also) and suddenly it was possible to join the samba PDC domain!! Conclusion: Do not use gcc in RH 7.0! Use kgcc instead. Jocke From appro at fy.chalmers.se Thu Jan 25 22:56:35 2001 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:33:11 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open more than 1014 (or rlim_fd_max) files References: <20010124095643.J344@wnc0s00u.nortelnetworks.com> Message-ID: <3A70AF23.A3C1E825@fy.chalmers.se> > To get the full benefit, you will also need to either > > a) compile with sfio (which requires some additional changes to > source/include/smb.h and source/include/config.h -- from David Boyce > The reason for this is that smbd uses fopen to open the machine account (mac) > file. fopen without sfio or in a 32-bit compilation environment is limited to > 256 file descriptors. If an smbd process has > 256 files but < 1014 > (rlim_fd_max) files open it can still fail to open the machine account file. This is not 100% correct. It breaks when open(2) returns number larger than 255, not when you have more than 256 files opened. See my http://lists.samba.org/pipermail/samba-ntdom/1999-August/019940.html for further information and a possible workaround. > If this patch is acceptable, I should also recommend -DUSE_POLL and -DFD_SETSIZE=2400 (or something), -DUSE_POLL effectively prevents SAMBA from using select (which is btw very similar front-end to poll anyway) and FD_SETSIZE scales up structures used by SAMBA itself. BTW, USE_POLL code read "struct pollfd pfd[256];" 256? Well, it means that we won't poll more that 256 descriptors at the same time, not that we can't have more files opened... But it might feel better to declare FD_SETSIZE large... Or alloca maxfd structures Cheers. Andy. From dsb at world.std.com Fri Jan 26 01:03:47 2001 From: dsb at world.std.com (David Boyce) Date: Tue Dec 2 02:33:11 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open more than 1014 (or rlim_fd_max) files In-Reply-To: <3A70AF23.A3C1E825@fy.chalmers.se> References: <20010124095643.J344@wnc0s00u.nortelnetworks.com> Message-ID: <4.3.2.7.2.20010125193619.00d73be0@world.std.com> At 11:56 PM 1/25/01 +0100, Andy Polyakov wrote: >Compiling with sfio doesn't solve all the problems. The remaining >problem is that we don't know if library functions called by SAMBA call >fopen and company. Linking with binary compatibility shim doesn't help >as it would presumably suffer from the very same deficiency (or won't be >binary compatible). Please remember, as mentioned before, that this whole stdio/sfio/MAX_OPEN thing is a sidetrack from the real (setrlimit) discussion. > > The reason for this is that smbd uses fopen to open the machine account > (mac) > > file. fopen without sfio or in a 32-bit compilation environment is > limited to > > 256 file descriptors. If an smbd process has > 256 files but < 1014 > > (rlim_fd_max) files open it can still fail to open the machine account > file. > >This is not 100% correct. It breaks when open(2) returns number larger >than 255, not when you have more than 256 files opened. Since open(2) is guaranteed to always return the lowest available file descriptor, this is a distinction without a difference IMHO (aside from the 255/256 off-by-one error). >See my >http://lists.samba.org/pipermail/samba-ntdom/1999-August/019940.html for >further information and a possible workaround. This is a cute hack ... any idea why it didn't get rolled in? Was it just overlooked or did someone have a problem with it? I wish it was in there now. > > If this patch is acceptable, > >I should also recommend -DUSE_POLL and -DFD_SETSIZE=2400 (or something), >-DUSE_POLL effectively prevents SAMBA from using select (which is btw >very similar front-end to poll anyway) and FD_SETSIZE scales up >structures used by SAMBA itself. BTW, USE_POLL code read "struct pollfd >pfd[256];" 256? Well, it means that we won't poll more that 256 >descriptors at the same time, not that we can't have more files >opened... But it might feel better to declare FD_SETSIZE large... Or >alloca maxfd structures Do you mean HAVE_POLL? I don't see USE_POLL anywhere. HAVE_POLL is set by default on systems that have it; unfortunately I see no place where Samba looks at HAVE_POLL or uses poll(). The sys_select() function would be the obvious candidate but it doesn't, unless I'm missing some subtle macro. This is in current CVS 2.2. -David Boyce From vgill at technologist.com Fri Jan 26 01:28:51 2001 From: vgill at technologist.com (Gill, Vern) Date: Tue Dec 2 02:33:11 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) Message-ID: <8D043DEA73DFD411958A00A0C90AB7607C06@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> I need some help here, and some info. First, what is SURS tdb, and is it similiar to tdbsam? Should I be using it for TNG. Now to the real question. I am considering running both trees on my server. TNG for the DC, and HEAD for the File/Print. First, is this a good/bad idea? Second, what are the main things I need to do to allow them both to run? (Aside from seperate interfaces, already aliased eth0 for that and put the interfaces = in each smb.conf) Can the HEAD samba be a BDC or Member server of TNG? Should it/Should it NOT be? Can all auth go thru TNG, as this is already working for me? Do I need them on different ports, or just different ip's? Various other questions I am SURE will arise as I implement this... If anyone is doing this, some pointers would be great. Thanks. From peter at cadcamlab.org Fri Jan 26 02:15:09 2001 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:33:11 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) References: <8D043DEA73DFD411958A00A0C90AB7607C06@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: <14960.56749.97045.843474@wire.cadcamlab.org> [Vern Gill] > First, what is SURS tdb, and is it similiar to tdbsam? Should I be > using it for TNG. SURS is a confused set of concepts, confused because it's been talked to death. The idea is to provide a translation table between UID numbers (Unix) and RID numbers (NT) -- but the specific mechanism is sort of up for grabs. I don't know how the things you mention are implemented. > I am considering running both trees on my server. TNG for the DC, and > HEAD for the File/Print. First, is this a good/bad idea? Good idea. As long as you can keep the two straight in your head. > Second, what are the main things I need to do to allow them both to > run? (Aside from seperate interfaces, already aliased eth0 for that > and put the interfaces = in each smb.conf) Not only 'interfaces=', because that is only a hint in case Samba can't detect the right interfaces on its own (some Unices make this difficult). Also use 'bind interfaces only = true' to enforce your choices, as it were. ...And that's about it. The one big problem some people have with dueling Sambas (I like that phrase) is that they fight for control of the .pid and lock files. To avoid that, just make sure the compile-time defaults are set to different directories. > Can the HEAD samba be a BDC or Member server of TNG? Should it/Should > it NOT be? Make it a member server. The two will share the /etc/passwd file, and thus the usernames. HEAD does not need a smbpasswd file, naturally, since it is in 'security = domain' mode. > Do I need them on different ports, or just different ip's? Just different IPs. > If anyone is doing this, some pointers would be great. I've never done it before but I intend to test it soon. We are getting a new server in for which this would be helpful. Peter From appro at fy.chalmers.se Fri Jan 26 09:08:33 2001 From: appro at fy.chalmers.se (Andy Polyakov) Date: Tue Dec 2 02:33:11 2003 Subject: Proposed patch for Samba-2.0.7 to allow Solaris open more than 1014 (or rlim_fd_max) files References: <20010124095643.J344@wnc0s00u.nortelnetworks.com> <4.3.2.7.2.20010125193619.00d73be0@world.std.com> Message-ID: <3A713E91.3353E05E@fy.chalmers.se> > >Compiling with sfio doesn't solve all the problems. The remaining > >problem is that we don't know if library functions called by SAMBA call > >fopen and company. Linking with binary compatibility shim doesn't help > >as it would presumably suffer from the very same deficiency (or won't be > >binary compatible). > > Please remember, as mentioned before, that this whole stdio/sfio/MAX_OPEN > thing is a sidetrack from the real (setrlimit) discussion. Sure we remember that, but it was the author of the original post who brought the issue up:-) > > > The reason for this is that smbd uses fopen > > > If an smbd process has > 256 files but < 1014 > > > (rlim_fd_max) files open it can still fail to open > > > >This is not 100% correct. It breaks when open(2) returns number larger > >than 255, not when you have more than 256 files opened. > > Since open(2) is guaranteed to always return the lowest available file > descriptor, this is a distinction without a difference IMHO (aside from the > 255/256 off-by-one error). There is no off-by-one error. If you don't shuffle file descriptors, open(2) returns 255 when you open 256th file, doesn't it? And there's a distinction as you yourself realized when you examined the URL. > >http://lists.samba.org/pipermail/samba-ntdom/1999-August/019940.html for > >further information and a possible workaround. > > ... any idea why it didn't get rolled in? No. Probably because it was brought up as a side comment, just like this time:-) > Was it just > overlooked or did someone have a problem with it? Rather nobody (but me at that time) experienced a problem without it... Indeed, it takes a site running Solaris (in some specific configuration as it's most likely nss_*.so modules that use stdio and therefore would suffer), pushing SAMBA hard on it and sticking to Solaris when a problem arises. And there aren't many enough to care about... > >I should also recommend -DUSE_POLL and -DFD_SETSIZE=2400 (or something), > >-DUSE_POLL effectively prevents SAMBA from using select (which is btw > >very similar front-end to poll anyway) and FD_SETSIZE scales up > >structures used by SAMBA itself. > > Do you mean HAVE_POLL? No, I ment USE_POLL ... but in 2.0.x (that's what subject suggests as well). See source/lib/system.c there. > I don't see USE_POLL anywhere. This is in current CVS 2.2. It probably should be put back then, preferably with properly scaled pfd array:-) Andy. From lkcl at samba.org Fri Jan 26 11:19:13 2001 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:11 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) In-Reply-To: <8D043DEA73DFD411958A00A0C90AB7607C06@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: On Thu, 25 Jan 2001, Gill, Vern wrote: > I need some help here, and some info. > > First, what is SURS tdb, and is it similiar to tdbsam? Should I be using > it for TNG. SURS tdb is, i presume a means to store SID to UID Resolution System mappings in a tdb database. SURS is a trivial system that stores one-to-one mappings of uid + SID tuples and one-to-one mappings of gid + SID tuples. the SIDS in each of the two tables can be unique, depending on whether your underlying POSIX system supports the concept of gids owning files or not, which can be emulated [if your POSIX system doesn't support this] by allowing a SID to be mapped in one table to a uid and in the other table to a gid. see http://cb1.com/~lkcl/cifs/draft-lkcl-sidtouidmap-00.txt From lkcl at samba.org Fri Jan 26 12:18:24 2001 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:11 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) In-Reply-To: <14960.56749.97045.843474@wire.cadcamlab.org> Message-ID: > numbers (Unix) and RID numbers (NT) -- but the specific mechanism is > sort of up for grabs. I don't know how the things you mention are > implemented. the specific mechanism is not defined: SURS is a concept, not a protocol or an implementation-specific method. From olivier.wegria at novactiongroup.com Fri Jan 26 13:11:04 2001 From: olivier.wegria at novactiongroup.com (Olivier Wegria) Date: Tue Dec 2 02:33:11 2003 Subject: samba unicode?? Message-ID: <500C66C7BF87D311A7F400A0C907E8D8822C29@NSA4> Hi there, I have some japanese & korean files on my windows2000 uk workstation. When I copy them to a winNT 4 server shared drive, I can still see the Japanese characters. When I copy them to my linux share drive, the files are renamed with ascii codes. Is samba able to handle unicode filenames? The Linux server is RH 6.1 running samba 2.0.7 Thanks for any help Olivier From doverbey at att.com Fri Jan 26 13:08:59 2001 From: doverbey at att.com (Overbey, Alfred D (Dudley), ALCOO) Date: Tue Dec 2 02:33:11 2003 Subject: How to disconnect individual users Message-ID: How do I disconnect individual users from services. doverbey -------------- next part -------------- HTML attachment scrubbed and removed From simo.sorce at polimi.it Fri Jan 26 14:08:41 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:11 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) In-Reply-To: <8D043DEA73DFD411958A00A0C90AB7607C06@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: On Thu, 25 Jan 2001, Gill, Vern wrote: > I need some help here, and some info. > > First, what is SURS tdb, and is it similiar to tdbsam? Should I be using > it for TNG. No tsbsam is different. SURS is also concerned to admit mapping of trusted domains users to posix uids. tdbsam is only a backend that replaces the smbpasswd files for faster lookup of data and better handling of users entries and also to enruch the number customizable of per user parameters (all the per user parameters that you find in user manager of winnt). > > Now to the real question. > > I am considering running both trees on my server. TNG for the DC, and > HEAD for the File/Print. First, is this a good/bad idea? Second, what > are the main things I need to do to allow them both to run? (Aside from > seperate interfaces, already aliased eth0 for that and put the > interfaces = in each smb.conf) > > Can the HEAD samba be a BDC or Member server of TNG? Should it/Should it > NOT be? > Can all auth go thru TNG, as this is already working for me? > Do I need them on different ports, or just different ip's? > Various other questions I am SURE will arise as I implement this... > > > If anyone is doing this, some pointers would be great. > > Thanks. > Well if you need something in TNG that is not on SAMBA HEAD this is not a bad idea, only remember to use the "bind interface only = True" parameter. -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From lkcl at samba.org Fri Jan 26 14:13:09 2001 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:11 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) In-Reply-To: Message-ID: On Fri, 26 Jan 2001, Simo Sorce wrote: > On Thu, 25 Jan 2001, Gill, Vern wrote: > > > I need some help here, and some info. > > > > First, what is SURS tdb, and is it similiar to tdbsam? Should I be using > > it for TNG. > > SURS is also concerned to admit mapping of trusted domains users to posix > uids. wrong. it is not just trusted domain users. it is ALL users, ALL groups, ALL aliases: ANYTHING that has a SID. [which then can be mapped SID <->uid and SID <-> gid] please do not forget this. read draft-lkcl-sidtouidmap-00.txt. if something is not clear in it, please let me know and i will update it. thanks. From simo.sorce at polimi.it Fri Jan 26 14:54:04 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:11 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) In-Reply-To: Message-ID: On Sat, 27 Jan 2001, Luke Kenneth Casson Leighton wrote: > On Fri, 26 Jan 2001, Simo Sorce wrote: > > > On Thu, 25 Jan 2001, Gill, Vern wrote: > > > > > I need some help here, and some info. > > > > > > First, what is SURS tdb, and is it similiar to tdbsam? Should I be using > > > it for TNG. > > > > SURS is also concerned to admit mapping of trusted domains users to posix > > uids. > > wrong. it is not just trusted domain users. it is ALL users, ALL groups, > ALL aliases: ANYTHING that has a SID. > > [which then can be mapped SID <->uid and SID <-> gid] > > please do not forget this. > > read draft-lkcl-sidtouidmap-00.txt. > > if something is not clear in it, please let me know and i will update it. > > thanks. > > may be I expressed badly, but I said "_also_ concerned", not _only_. I wanted to put in evidence the fact that TNG is caple to accept users from trusted domains while samba head still not. I've studied surs in deep at the time and i know how it works and what it do. Regards, Simo. -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From tcameron at three-sixteen.com Fri Jan 26 15:01:10 2001 From: tcameron at three-sixteen.com (Thomas Cameron) Date: Tue Dec 2 02:33:11 2003 Subject: How to disconnect individual users References: Message-ID: <3A719136.6446B24E@three-sixteen.com> I know it can be done through the "Status" page in SWAT. Is that helpful? > "Overbey, Alfred D (Dudley), ALCOO" wrote: > > How do I disconnect individual users from services. > > doverbey From lkcl at samba.org Fri Jan 26 15:21:30 2001 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:11 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) In-Reply-To: Message-ID: On Fri, 26 Jan 2001, Simo Sorce wrote: > > > SURS is also concerned to admit mapping of trusted domains users to posix > > > uids. > may be I expressed badly, but I said "_also_ concerned", not _only_. sorry simo, didn't read clearly. From doverbey at att.com Fri Jan 26 13:49:36 2001 From: doverbey at att.com (Overbey, Alfred D (Dudley), ALCOO) Date: Tue Dec 2 02:33:11 2003 Subject: (no subject) Message-ID: How do I disconnect individual users from services. doverbey From joakim.tjernlund at lumentis.se Fri Jan 26 15:46:04 2001 From: joakim.tjernlund at lumentis.se (Joakim Tjernlund) Date: Tue Dec 2 02:33:11 2003 Subject: Policies & w2k Message-ID: I am running an Samba PDC with W2K clients. Problem: The files in c:\Doument and settings\%USER\Local Settings are not stored to the Profile in the PDC(samba 2.2.x) There is c:\Doument and settings\%USER\ntuser.ini file which contain: [General] ExclusionList=Local Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook; This indicates that the Local Settings directory is not save on purpose. I tried to edit this file manually(removed Local Settings) but as soon I had logged out and in again it was there again(the Local Settings) The reason I want to have Local Settings stored on the PDC is that Outlook and Outlook Express store their mail there and I want to have a copy on the samba server in case of hard disc crash or similar on the w2k work station. Joakim From M.Puchta at fscodes.cz Fri Jan 26 16:14:58 2001 From: M.Puchta at fscodes.cz (Puchta, Milos) Date: Tue Dec 2 02:33:11 2003 Subject: Expiration Message-ID: <41ED6A8C8BE7D21194610008C724FD0A098AD3@ANNA> I have created Samba session between Linux and W2k prof boxes. After some time I have not been able to access resources on the Linux box. Is there any time expiration and if it is the case, how can I control the expitration time? TIA Milos From teilo at cdt.luth.se Fri Jan 26 16:43:49 2001 From: teilo at cdt.luth.se (James Nord) Date: Tue Dec 2 02:33:11 2003 Subject: Policies & w2k References: Message-ID: <3A71A945.2010206@cdt.luth.se> Joakim Tjernlund wrote: > I am running an Samba PDC with W2K clients. > > Problem: > The files in c:\Doument and settings\%USER\Local Settings are not stored > to > the Profile in the PDC(samba 2.2.x) > > There is c:\Doument and settings\%USER\ntuser.ini file which contain: > [General] > ExclusionList=Local Settings;Temporary Internet Files;History;Temp;Local > Settings\Application Data\Microsoft\Outlook; > > This indicates that the Local Settings directory is not save on purpose. I > tried to edit > this file manually(removed Local Settings) but as soon I had logged out and > in again > it was there again(the Local Settings) > > The reason I want to have Local Settings stored on the PDC is that Outlook > and > Outlook Express store their mail there and I want to have a copy on the > samba server > in case of hard disc crash or similar on the w2k work station. > > Joakim > Take a look in HKCU\software\microsoft\Windows MT\CurrentVersion\Winlogon\ExcludeProfileDirs /James -- -- Technology is a word that describes something that doesn't work yet. Douglas Adams From grahamj at virtue.cx Fri Jan 26 17:11:17 2001 From: grahamj at virtue.cx (Jonathan Graham) Date: Tue Dec 2 02:33:11 2003 Subject: Samba2.2alpha1 In-Reply-To: <3A705383.4F2E215@higp.hawaii.edu> Message-ID: This usually means that you are having problems with the "adduser" parameter. Try running what ever you have "adduser" set to from the command line and see if it fails. J. --- Look at it like this: It's a picnic, only there's no food and we're all going to die. On Thu, 25 Jan 2001, Eric Pilger wrote: > This is the exact problem that has been stopping me cold for months. I have > tried from a range of Win2K installations (old, new, patched, not). I have tried > smb.conf files ranging from my standard file to one taken directly from the FAQ. > I have treid a constant stream of updates and original installations from CVS. > > What does this message mean? Is the "computer account" the machine name with a > $? I certainly am not using that account. I get this message using either my own > account, or root (which I have added to the smbpasswd file). > > Peter Milburn wrote: > > > Hi all.. As I have stated before, I have samba 2.2alpha1 running as a pdc > > with 1 win2kws joined to the domain. > > > > I am trying to get another machine to join the domain. I am getting 2 > > errors... > > > > The account used is a computer account. USe your global user account or > > local user account to access this server. > > > > When I try to join the domain again, I get this error.. > > > > The remote procedure call failed. > > > > If anyone can help me with this it would be appreciated. > > > > Cheers, > > > > -- > > Peter Milburn > > Systems Manager > > Software Communication Group Ltd > > > > peter.milburn@sofcom.com.au > > > > Ph: +613 9826 8300 Fax: +613 9826 8336 > > > > Level 16, 644 Chapel St > > South Yarra, Vic 3141 > > > > www.sofcom.com.au > > > > ******************************************** > > This message contains privileged and confidential information intended only > > for the use of the addressee named above. If you are not the intended > > recipient of this message you must not disseminate, copy or take any action > > in reliance on it. If you have received this message in error, please > > notify Software Communication Group immediately. > > > > Any views expressed in this message are those of the individual sender > > except where the sender specifically states them to be the views of Software > > Communication Group. > > > > ******************************************** > > -- > Eric J. Pilger > Systems Administrator > Hawaii Institute of Geophysics and Planetology/SOEST > pilger@pgd.hawaii.edu > (808)956-6321 (Voice/FAX) > > > > From pilger at kahana.higp.hawaii.edu Fri Jan 26 18:49:51 2001 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:33:11 2003 Subject: Samba2.2alpha1 References: Message-ID: <3A71C6CF.CB3ABE49@higp.hawaii.edu> This is another interesting point. I had ignored the "adduser" parameter altogether because I shouldn't be adding any users at this point in the game. They are supposedly there already. I added it in on someones suggestion, and then noted it failing in the log file. I checked it from the command line and discovered that it is failing because the user which it is trying to add (the machine account), already exists. Why is it trying to add the machine account when it already exists? I tried leaving the machine account out, and it fails because the machine isn't present. I'm damned if I do and damned if I don't. Is it possible that things are getting confused between the local password file and NIS+? I was keeping everything in the local password file to keep things clean, but maybe this won't work. Jonathan Graham wrote: > This usually means that you are having problems with the "adduser" > parameter. Try running what ever you have "adduser" set to from the > command line and see if it fails. > > J. > > -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From grahamj at virtue.cx Fri Jan 26 19:22:03 2001 From: grahamj at virtue.cx (Jonathan Graham) Date: Tue Dec 2 02:33:11 2003 Subject: Samba2.2alpha1 In-Reply-To: <3A71C6CF.CB3ABE49@higp.hawaii.edu> Message-ID: > This is another interesting point. I had ignored the "adduser" parameter altogether > because I shouldn't be adding any users at this point in the game. They are supposedly > there already. I added it in on someones suggestion, and then noted it failing in the > log file. I checked it from the command line and discovered that it is failing because > the user which it is trying to add (the machine account), already exists. Why is it > trying to add the machine account when it already exists? I'm assuming here that when one joins the domain the assumption for W2K machines is that no Machine account exists. > I tried leaving the machine > account out, and it fails because the machine isn't present. I'm damned if I do and > damned if I don't. Did you take the machine account out of /etc/passwd /etc/shadow and smbpassd? I was having problems similar to yours up until last night when I got Samba 2_2 to add the machine account from scratch. Now I'm having different problems ;) (For some reason after joining the domain and restarting the system is claiming that the Machine account password is incorrect. This happens both with NT4.0 and W2K). > Is it possible that things are getting confused between the local password file and > NIS+? I was keeping everything in the local password file to keep things clean, but > maybe this won't work. Got me on that one. I'm not using NIS at all here. > > Jonathan Graham wrote: > > > This usually means that you are having problems with the "adduser" > > parameter. Try running what ever you have "adduser" set to from the > > command line and see if it fails. > > > > J. > > > > > > -- > Eric J. Pilger > > Systems Administrator > > Hawaii Institute of Geophysics and Planetology/SOEST > > pilger@pgd.hawaii.edu > > (808)956-6321 > > > > From pilger at kahana.higp.hawaii.edu Fri Jan 26 20:46:53 2001 From: pilger at kahana.higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:33:11 2003 Subject: Samba2.2alpha1 References: Message-ID: <3A71E23D.ED7B9821@higp.hawaii.edu> Jonathan Graham wrote: > > This is another interesting point. I had ignored the "adduser" parameter altogether > > because I shouldn't be adding any users at this point in the game. They are supposedly > > there already. I added it in on someones suggestion, and then noted it failing in the > > log file. I checked it from the command line and discovered that it is failing because > > the user which it is trying to add (the machine account), already exists. Why is it > > trying to add the machine account when it already exists? > > I'm assuming here that when one joins the domain the assumption for W2K > machines is that no Machine account exists. > The FAQ used to very clearly indicate that you had to create the machine account BEFORE trying to join the domain. It presently is less clear and I am unsure which you're supposed to do. I have now tried it without the machine name in /etc/passwd. It now fails because I can't add a username that ends with $. I try replacing "useradd" with "usermod". This succeeds, but the join still fails. The log file tells me: [2001/01/26 10:41:03, 0] rpc_server/srv_netlog.c:get_md4pw(299) get_md4pw: Workstation FMISPC$: no account in domain Well, I'm making some small progress, but not nearly enough...sigh -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 From chytil at fas.harvard.edu Sat Jan 27 02:13:50 2001 From: chytil at fas.harvard.edu (Milan Chytil) Date: Tue Dec 2 02:33:11 2003 Subject: Samba 2.0.7 PDC HowTo (fwd) Message-ID: To whom it may concern, I would like to set up a Primary Domain Controller using samba 2.0.7 running on Linux Mandrake 7.2. I've been trying to access the Samba 2.0.7 PDC HowTo page (from http://us1.samba.org/samba/docs) but have been repeatedly getting an error message indicating that the server bioserve.latrobe.edu.au is not available (Error message from Netscape: Netscape is unable to locate the server bioserve.latrobe.au.edu). Could you please provide an alternative address where I could obtain the HowTo's or possibly email me the appropriate set of documents. Thanks in advance for your help. Milan Milan Chytil, Ph.D. Harvard University Department of Chemistry and Chemical Biology 12 Oxford Street, Mailbox #45 Cambridge, MA 02138-2902 U.S.A. Phone: +1-617-496-1836 Work +1-617-529-1066 Home e-mail: chytil@fas.harvard.edu From WardD at TheWineSociety.com Sun Jan 28 04:32:53 2001 From: WardD at TheWineSociety.com (Dean Ward) Date: Tue Dec 2 02:33:11 2003 Subject: Winbind and pam.conf on Solaris 2.6 Message-ID: <4DF700F51F8AD4119A930001FA6A2062166FD7@postman-pat.internal.thewinesociety.com> Hi, I looking into implementing Winbind on a Solaris 2.6 system to authenticate against our NT domain. However I have a couple of questions regarding its setup and configuration. Firstly, could somebody please give a complete example of how the /etc/pam.conf should look on Solaris 2.6 - I'm a little troubled by the account line that the man page gives, i.e. that the only account line required is that for Winbind - surely this would disable Unix account management? Also, does Winbind provide password management too, so that our users can change their NT passwords from a Unix shell? Finally, when logging on would a user have to specify the domain (e.g. DOMAIN\Dean) or could they just use their user name (i.e. Dean)? I apologise for all the questions, it's just I don't have access to the box until early February and I'd like to get it clear in my head what needs doing before I do it. Regards, Dean Ward -- \\\___/// \\ - - // ( @ @ ) +---------------oOOo-(_)-oOOo-------------+ | Dean Ward | | Info Systems | | The Wine Society | | | | E-Mail: wardd@thewinesociety.com | | Phone: 01438 761294 | +------------------------Oooo-------------+ oooO ( ) ( ) ) / \ ( (_/ \_) "There are two major products to come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson. From D.Bannon at latrobe.edu.au Sun Jan 28 06:29:51 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:11 2003 Subject: Samba 2.2 Domains & RedHat 7.0 problems[FIXED] In-Reply-To: <001501c0871e$1a1c3a00$4a97143e@jocke> Message-ID: <3.0.6.32.20010128172951.007bcb10@bioserve.latrobe.edu.au> At 11:28 PM 25/1/2001 +0100, Joakim Tjernlund wrote: > This(use kgcc instead of gcc in RH 7) should be stated in the >FAQ/HOWTO. Yep, you may be right. If you dont mind I'll wait a bit and see if other people can confirm it. I've strictly avoided RH7.0 because of the gcc problems.. So folks, if you find that kgcc works better, don't keep it a secret, tell the world (or at least me at dbannon@samba.org). David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Sun Jan 28 07:16:45 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:12 2003 Subject: Samba2.2alpha1 In-Reply-To: <3A71E23D.ED7B9821@higp.hawaii.edu> References: Message-ID: <3.0.6.32.20010128181645.007e67e0@bioserve.latrobe.edu.au> At 10:46 AM 26/1/2001 -1000, Eric Pilger wrote: > >The FAQ used to very clearly indicate that you had to create the machine account BEFORE True, but 2.2 now includes code to add the machine account 'on the fly'. That does not exclude you from makeing the account before hand, and certainly it can make your set up simpler. >I have now tried it without the machine name in /etc/passwd. It now fails >because I can't add a username that ends with $. This is dealt with in the FAQ. See the question 'I cannot include a '$' in a machine name.' David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From D.Bannon at latrobe.edu.au Sun Jan 28 07:19:51 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:12 2003 Subject: Samba 2.0.7 PDC HowTo (fwd) In-Reply-To: Message-ID: <3.0.6.32.20010128181951.007c3510@bioserve.latrobe.edu.au> At 09:13 PM 26/1/2001 -0500, Milan Chytil wrote: > ....I've been trying to access the Samba 2.0.7 >PDC HowTo page (from http://us1.samba.org/samba/docs) I suspect that there may have been a power failure there over the Australian long weekend (Fri, Sat, Sun). Its certainly working now. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 479 2197 La Trobe University, Plenty Rd, Fax 61 03 479 2467 Bundoora, Vic, Australia, 3083 ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From slu at firerun.net Sun Jan 28 08:04:39 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:12 2003 Subject: Samba 2.2 Domains & RedHat 7.0 problems[FIXED] References: <3.0.6.32.20010128172951.007bcb10@bioserve.latrobe.edu.au> Message-ID: <3A73D296.315CD59C@firerun.net> I'm running redhat 7.0 and gcc works just fine for me, but I also have installed all of the updates which includes a newer gcc. Patrick David Bannon wrote: > At 11:28 PM 25/1/2001 +0100, Joakim Tjernlund wrote: > > > This(use kgcc instead of gcc in RH 7) should be stated in the > >FAQ/HOWTO. > > Yep, you may be right. If you dont mind I'll wait a bit and see if other > people can confirm it. I've strictly avoided RH7.0 because of the gcc > problems.. > > So folks, if you find that kgcc works better, don't keep it a secret, tell > the world (or at least me at dbannon@samba.org). > > David > ------------------------------------------------------------ > David Bannon D.Bannon@latrobe.edu.au > School of Biochemistry Phone 61 03 479 2197 > La Trobe University, Plenty Rd, Fax 61 03 479 2467 > Bundoora, Vic, Australia, 3083 > ------------------------------------------------------------ > ..... Humpty Dumpty was pushed ! From abartlet at pcug.org.au Sun Jan 28 08:22:41 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:33:12 2003 Subject: How to disconnect individual users References: <3A719136.6446B24E@three-sixteen.com> Message-ID: <3A73D6D1.378DED88@pcug.org.au> Except that nothing stops them coming back, and windows will automaticly reconnect to a disconnected share as soon as it needs to (It caches the username and password for exactly this purpose). So killing users in swat is like a 'kick' in IRC, what you want is like a 'kick-ban', but then you have to decide for how long to disable them and other non-trivial matters. Hope this helps Andrew Bartlett Thomas Cameron wrote: > > I know it can be done through the "Status" page in SWAT. Is that > helpful? > > > "Overbey, Alfred D (Dudley), ALCOO" wrote: > > > > How do I disconnect individual users from services. > > > > doverbey -- Andrew Bartlett abartlet@pcug.org.au From Axel.Thimm at physik.fu-berlin.de Sun Jan 28 09:35:09 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:12 2003 Subject: 2.2.0-alpha1 and smbpasswd -j Message-ID: <20010128103509.A4795@pua.domain> I cannot join a Samba PDC with a Samba member both running 2.2.0-alpha1: root@oberon ~ # smbpasswd -j physik cli_pipe: return critical error. Error was code 0 cli_pipe: return critical error. Error was code 0 modify_trust_password: unable to obtain domain sid from PASSWD. Error was : code 0. 2001/01/27 08:46:08 : change_trust_account_password: Failed to change password for domain PHYSIK. Unable to join domain PHYSIK. On the other hand it has been reported to me that NT4 could successfully join the domain (W9x anyway). Any ideas, what might be the problem? Could it we tcp-wrappers? Do I have to open up additional services (which?) for the Samba rpc mechanisms? Thanks, Axel. -- Axel.Thimm@physik.fu-berlin.de From Axel.Thimm at physik.fu-berlin.de Sun Jan 28 14:27:07 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:12 2003 Subject: 2.2.0-alpha1 and smbpasswd -j In-Reply-To: <20010128103509.A4795@pua.domain>; from Axel.Thimm@physik.fu-berlin.de on Sun, Jan 28, 2001 at 10:35:09AM +0100 References: <20010128103509.A4795@pua.domain> Message-ID: <20010128152707.A30949@pua.domain> On Sun, Jan 28, 2001 at 10:35:09AM +0100, Axel Thimm wrote: > I cannot join a Samba PDC with a Samba member both running 2.2.0-alpha1: > [...] > On the other hand it has been reported to me that NT4 could successfully join > the domain (W9x anyway). I managed to narrow down the problem: It seems that 2.2 clients cannot register to 2.2 PDCs, while a 2.0.7 client can. E.g., if the PDC is running 2.2.0-alpha1, then a client calling smbpasswd from 2.2.0-alpha1 yields: > [root@puariko samba]# /usr/beta/bin/smbpasswd -j physik -D3 > resolve_wins: Attempting wins lookup for name PASSWD<0x20> > resolve_wins: WINS server == <160.45.33.106> > bind succeeded on port 0 > Got a positive name query response from 160.45.33.106 ( 160.45.33.106 ) > Connecting to 160.45.33.106 at port 139 > socket option SO_KEEPALIVE = 0 > socket option SO_REUSEADDR = 0 > socket option SO_BROADCAST = 0 > socket option TCP_NODELAY = 1 > socket option IPTOS_LOWDELAY = 0 > socket option IPTOS_THROUGHPUT = 0 > socket option SO_SNDBUF = 65535 > socket option SO_RCVBUF = 65535 > socket option SO_SNDLOWAT = 1 > socket option SO_RCVLOWAT = 1 > socket option SO_SNDTIMEO = 0 > socket option SO_RCVTIMEO = 0 > cli_pipe: return critical error. Error was code 0 > cli_pipe: return critical error. Error was code 0 > modify_trust_password: unable to obtain domain sid from PASSWD. Error was : > code 0. > 2001/01/28 15:14:09 : change_trust_account_password: Failed to change password > for domain PHYSIK. > Unable to join domain PHYSIK. while the 2.0.7 smbpasswd does the job right (no other changes, client's smbd/nmbd not running in both cases): > [root@puariko samba]# smbpasswd -j physik -D3 > Unknown parameter encountered: "utmp" > Ignoring unknown parameter "utmp" > Unknown parameter encountered: "utmp" > Ignoring unknown parameter "utmp" > resolve_wins: Attempting wins lookup for name PASSWD<0x20> > bind succeeded on port 0 > Got a positive name query response from 160.45.33.106 ( 160.45.33.106 ) > Connecting to 160.45.33.106 at port 139 > 2001/01/28 15:14:25 : change_trust_account_password: Changed password for > domain PHYSIK. > Joined domain PHYSIK. -- Axel.Thimm@physik.fu-berlin.de From slu at firerun.net Sun Jan 28 17:17:08 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:12 2003 Subject: 2.2.0-alpha1 and smbpasswd -j References: <20010128103509.A4795@pua.domain> <20010128152707.A30949@pua.domain> Message-ID: <3A745414.E3343A30@firerun.net> I know this may sound stupid but did you add the machine account for the samba member machine? If so did you delete it in all occurrences and try adding the account again? Patrick Axel Thimm wrote: > On Sun, Jan 28, 2001 at 10:35:09AM +0100, Axel Thimm wrote: > > I cannot join a Samba PDC with a Samba member both running 2.2.0-alpha1: > > [...] > > On the other hand it has been reported to me that NT4 could successfully join > > the domain (W9x anyway). > > I managed to narrow down the problem: It seems that 2.2 clients cannot > register to 2.2 PDCs, while a 2.0.7 client can. E.g., if the PDC is running > 2.2.0-alpha1, then a client calling smbpasswd from 2.2.0-alpha1 yields: > > > [root@puariko samba]# /usr/beta/bin/smbpasswd -j physik -D3 > > resolve_wins: Attempting wins lookup for name PASSWD<0x20> > > resolve_wins: WINS server == <160.45.33.106> > > bind succeeded on port 0 > > Got a positive name query response from 160.45.33.106 ( 160.45.33.106 ) > > Connecting to 160.45.33.106 at port 139 > > socket option SO_KEEPALIVE = 0 > > socket option SO_REUSEADDR = 0 > > socket option SO_BROADCAST = 0 > > socket option TCP_NODELAY = 1 > > socket option IPTOS_LOWDELAY = 0 > > socket option IPTOS_THROUGHPUT = 0 > > socket option SO_SNDBUF = 65535 > > socket option SO_RCVBUF = 65535 > > socket option SO_SNDLOWAT = 1 > > socket option SO_RCVLOWAT = 1 > > socket option SO_SNDTIMEO = 0 > > socket option SO_RCVTIMEO = 0 > > cli_pipe: return critical error. Error was code 0 > > cli_pipe: return critical error. Error was code 0 > > modify_trust_password: unable to obtain domain sid from PASSWD. Error was : > > code 0. > > 2001/01/28 15:14:09 : change_trust_account_password: Failed to change password > > for domain PHYSIK. > > Unable to join domain PHYSIK. > > while the 2.0.7 smbpasswd does the job right (no other changes, client's > smbd/nmbd not running in both cases): > > > [root@puariko samba]# smbpasswd -j physik -D3 > > Unknown parameter encountered: "utmp" > > Ignoring unknown parameter "utmp" > > Unknown parameter encountered: "utmp" > > Ignoring unknown parameter "utmp" > > resolve_wins: Attempting wins lookup for name PASSWD<0x20> > > bind succeeded on port 0 > > Got a positive name query response from 160.45.33.106 ( 160.45.33.106 ) > > Connecting to 160.45.33.106 at port 139 > > 2001/01/28 15:14:25 : change_trust_account_password: Changed password for > > domain PHYSIK. > > Joined domain PHYSIK. > -- > Axel.Thimm@physik.fu-berlin.de From soeren.grimm at d2mail.de Sun Jan 28 17:27:13 2001 From: soeren.grimm at d2mail.de (Soeren Grimm) Date: Tue Dec 2 02:33:12 2003 Subject: Problems with Printer installation Message-ID: Hi, Running: SAMBA 2.2 preAlpha Win NT (SP 6a) We are running Samba as Domain Controller. We are unable to install a network printer. The installation fails with the following ERROR-message: Error in the printer installation program. The printer driver is unknown. It must be a problem of Samba, because we had no problem with a previous Samba Version. regards, -sg -- D2-eMail - die kostenlose D2-Mailadresse mit SMS-Benachrichtigung - jetzt anmelden unter (0172) 229001 From soeren.grimm at d2mail.de Sun Jan 28 17:30:35 2001 From: soeren.grimm at d2mail.de (Soeren Grimm) Date: Tue Dec 2 02:33:12 2003 Subject: Problems with Printer installation Message-ID: <20BF8485839CF3A95F703AE610F6D756@webmail.d2-net.de> Hi, Running: SAMBA 2.2 preAlpha Win NT (SP 6a) We are running Samba as Domain Controller. We are unable to install a network printer. The installation fails with the following ERROR-message: Error in the printer installation program. The printer driver is unknown. It must be a problem of Samba, because we had no problem with a previous Samba Version. regards, -sg -- D2-eMail - die kostenlose D2-Mailadresse mit SMS-Benachrichtigung - jetzt anmelden unter (0172) 229001 From peter.milburn at sofcom.com.au Sun Jan 28 22:35:03 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:12 2003 Subject: Permissions Message-ID: I am sure this is a simple one I have default.bat script that runs, and inside itI am using the net time command. The only problem is that , a user can not change the time, says they do not have permission to change it. Any suggestions.. ? Thanks Peter From Axel.Thimm at physik.fu-berlin.de Sun Jan 28 21:47:06 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:12 2003 Subject: 2.2.0-alpha1 and smbpasswd -j In-Reply-To: <3A745414.E3343A30@firerun.net>; from slu@firerun.net on Sun, Jan 28, 2001 at 10:17:08AM -0700 References: <20010128103509.A4795@pua.domain> <20010128152707.A30949@pua.domain> <3A745414.E3343A30@firerun.net> Message-ID: <20010128224706.A2286@pua.domain> On Sun, Jan 28, 2001 at 10:17:08AM -0700, Patrick wrote: > Axel Thimm wrote: > > On Sun, Jan 28, 2001 at 10:35:09AM +0100, Axel Thimm wrote: > > > I cannot join a Samba PDC with a Samba member both running 2.2.0-alpha1: > > > [...] > > > On the other hand it has been reported to me that NT4 could successfully > > > join the domain (W9x anyway). > > I managed to narrow down the problem: It seems that 2.2 clients cannot > > register to 2.2 PDCs, while a 2.0.7 client can. E.g., if the PDC is > > running 2.2.0-alpha1, then a client calling smbpasswd from 2.2.0-alpha1 > > yields: > > > [root@puariko samba]# /usr/beta/bin/smbpasswd -j physik -D3 > [...] > > > cli_pipe: return critical error. Error was code 0 > > > cli_pipe: return critical error. Error was code 0 > > > modify_trust_password: unable to obtain domain sid from PASSWD. Error was : > > > code 0. > > > 2001/01/28 15:14:09 : change_trust_account_password: Failed to change password > > > for domain PHYSIK. > > > Unable to join domain PHYSIK. > > while the 2.0.7 smbpasswd does the job right (no other changes, client's > > smbd/nmbd not running in both cases): > > > [root@puariko samba]# smbpasswd -j physik -D3 > [...] > > > 2001/01/28 15:14:25 : change_trust_account_password: Changed password for > > > domain PHYSIK. > > > Joined domain PHYSIK. > I know this may sound stupid but did you add the machine account for the samba > member machine? If so did you delete it in all occurrences and try adding the > account again? Yes, I did and checked that I did. And in the example above, I first try to join (and thus change the password) with the unsuccessfull 2.2.0-alpha1 and then with the successfull 2.0.7. So at all times the passwd/smbpasswd was in the right state. Has anyone joined 2.2.0-alpha1 domains from 2.2.0-alpha1 clients (under OSF1 or Linux)? -- Axel.Thimm@physik.fu-berlin.de From sharpe at ns.aus.com Sun Jan 28 23:14:22 2001 From: sharpe at ns.aus.com (Richard Sharpe) Date: Tue Dec 2 02:33:12 2003 Subject: Permissions In-Reply-To: Message-ID: <3.0.6.32.20010129091422.00dfcc60@203.16.214.248> At 09:35 AM 1/29/01 +1100, Peter Milburn wrote: > >I am sure this is a simple one I have default.bat script that runs, and >inside itI am using the net time command. The only problem is that , a user >can not change the time, says they do not have permission to change it. > >Any suggestions.. ? Ummmm, is the client Windows NT? If so, you have to give them the privilege to change the time ... I think it is in user manager some where, can't remember where ... >Thanks > > >Peter > > Regards ------- Richard Sharpe, sharpe@ns.aus.com Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org) Contributing author, SAMS Teach Yourself Samba in 24 Hours Author, Special Edition, Using Samba From simo.sorce at polimi.it Sun Jan 28 22:49:54 2001 From: simo.sorce at polimi.it (Simo Sorce) Date: Tue Dec 2 02:33:12 2003 Subject: Permissions In-Reply-To: Message-ID: On Mon, 29 Jan 2001, Peter Milburn wrote: > > I am sure this is a simple one I have default.bat script that runs, and > inside itI am using the net time command. The only problem is that , a user > can not change the time, says they do not have permission to change it. > > Any suggestions.. ? > > Thanks Give everyone the permission to change time (in user domain utility). Or better install a time sync daemon that uses ntp or other network time protocols. > > > Peter > > -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From peter.milburn at sofcom.com.au Mon Jan 29 00:18:48 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:12 2003 Subject: samba authenticatiing from samba PDC Message-ID: I have a working samba PDC , I am now trying to get another samba server, running 2.07 to authenticate from the samba PDC When I goto to the samba 2.0.7 it does not ask for a username or passwd, just puts in straight in. When checking with smbstats, it gives the permissions or user being nobody. Any help Thanks, From D.Bannon at latrobe.edu.au Mon Jan 29 00:36:53 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:12 2003 Subject: Permissions In-Reply-To: Message-ID: <3.0.6.32.20010129113653.008cbc60@bioserve.latrobe.edu.au> At 09:35 AM 29-01-01 +1100, Peter Milburn wrote: > >I am sure this is a simple one I have default.bat script that runs, and >inside itI am using the net time command. The only problem is that , a user >can not change the time, says they do not have permission to change it. > Its in the samba 2.2 faq, need to give 'everyone' permission to change system time from user manager. David ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From pilger at higp.hawaii.edu Mon Jan 29 04:47:22 2001 From: pilger at higp.hawaii.edu (Eric Pilger) Date: Tue Dec 2 02:33:12 2003 Subject: Samba2.2alpha1 References: <3.0.6.32.20010128181645.007e67e0@bioserve.latrobe.edu.au> Message-ID: <3A74F5DA.DBD212FD@higp.hawaii.edu> David Bannon wrote: > At 10:46 AM 26/1/2001 -1000, Eric Pilger wrote: > > > >The FAQ used to very clearly indicate that you had to create the machine > account BEFORE > > True, but 2.2 now includes code to add the machine account 'on the fly'. > That does not exclude you from makeing the account before hand, and > certainly it can make your set up simpler. > > >I have now tried it without the machine name in /etc/passwd. It now fails > >because I can't add a username that ends with $. > > This is dealt with in the FAQ. See the question 'I cannot include a '$' in > a machine name.' > > The workaround is to do it by hand. However, I can't do it by hand because 2.2 does it 'on the fly'. A true bind is developing. I'm beginning to wonder though wether this is really any of the problem. So many people have commented on the vagaries of making Win2K work itself. It's unclear wether anything but an upgraded NT will work reliably. Too much black magic involved for me. -- Eric J. Pilger Systems Administrator Hawaii Institute of Geophysics and Planetology/SOEST pilger@pgd.hawaii.edu (808)956-6321 (Voice/FAX) From gcarter at valinux.com Tue Jan 23 16:50:28 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:12 2003 Subject: (no subject) References: <3A6CA840.BE90E76A@grainsystems.com> <3A6DAE36.1EB6AD6B@grainsystems.com> Message-ID: <3A6DB654.5C201075@valinux.com> Kevin Colby wrote: > > [crossposted to -technical] > > Update: > > We have been able to make winbind's libs from TNG work > with a regularly joined 2.2 CVS server. This is the > only working combination we have yet found. Which branch > is the current development of winbind? As far as I know, winbind development is going into APPLIANCE_TNG, but Tim P. is working pretty hard to get the foundation in HEAD to move it back over. APPLIANCE_TNG is available via anonymous CVS contrary to some of the rumors :-) Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From peter at cadcamlab.org Fri Jan 26 02:15:09 2001 From: peter at cadcamlab.org (Peter Samuelson) Date: Tue Dec 2 02:33:12 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) References: <8D043DEA73DFD411958A00A0C90AB7607C06@sally.gillnet.org.5.168.192.IN-ADDR.ARPA> Message-ID: <14960.56749.97045.843474@wire.cadcamlab.org> [Vern Gill] > First, what is SURS tdb, and is it similiar to tdbsam? Should I be > using it for TNG. SURS is a confused set of concepts, confused because it's been talked to death. The idea is to provide a translation table between UID numbers (Unix) and RID numbers (NT) -- but the specific mechanism is sort of up for grabs. I don't know how the things you mention are implemented. > I am considering running both trees on my server. TNG for the DC, and > HEAD for the File/Print. First, is this a good/bad idea? Good idea. As long as you can keep the two straight in your head. > Second, what are the main things I need to do to allow them both to > run? (Aside from seperate interfaces, already aliased eth0 for that > and put the interfaces = in each smb.conf) Not only 'interfaces=', because that is only a hint in case Samba can't detect the right interfaces on its own (some Unices make this difficult). Also use 'bind interfaces only = true' to enforce your choices, as it were. ...And that's about it. The one big problem some people have with dueling Sambas (I like that phrase) is that they fight for control of the .pid and lock files. To avoid that, just make sure the compile-time defaults are set to different directories. > Can the HEAD samba be a BDC or Member server of TNG? Should it/Should > it NOT be? Make it a member server. The two will share the /etc/passwd file, and thus the usernames. HEAD does not need a smbpasswd file, naturally, since it is in 'security = domain' mode. > Do I need them on different ports, or just different ip's? Just different IPs. > If anyone is doing this, some pointers would be great. I've never done it before but I intend to test it soon. We are getting a new server in for which this would be helpful. Peter From lkcl at samba.org Fri Jan 26 12:18:24 2001 From: lkcl at samba.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:33:12 2003 Subject: Dualing Sambas (Or dueling Sambas, depending on how you want to l ook at it) In-Reply-To: <14960.56749.97045.843474@wire.cadcamlab.org> Message-ID: > numbers (Unix) and RID numbers (NT) -- but the specific mechanism is > sort of up for grabs. I don't know how the things you mention are > implemented. the specific mechanism is not defined: SURS is a concept, not a protocol or an implementation-specific method. From D.Bannon at latrobe.edu.au Mon Jan 29 05:13:50 2001 From: D.Bannon at latrobe.edu.au (David Bannon) Date: Tue Dec 2 02:33:12 2003 Subject: Samba2.2alpha1 In-Reply-To: <3A74F5DA.DBD212FD@higp.hawaii.edu> References: <3.0.6.32.20010128181645.007e67e0@bioserve.latrobe.edu.au> Message-ID: <3.0.6.32.20010129161350.008c5a90@bioserve.latrobe.edu.au> At 06:47 PM 28-01-01 -1000, Eric Pilger wrote: >...... >The workaround is to do it by hand. However, I can't do it by hand because 2.2 >does it 'on the fly'. A true bind is developing. Hm... From what I can remember from my tests before xmas, if the machine account already exists, its treated as if it was being changed. Quite legal. Create with 'smbpasswd -a -m machine'. You still need a working administrator account of course. > >I'm beginning to wonder though wether this is really any of the problem. So >many people have commented on the vagaries of making Win2K work itself. It's >unclear wether anything but an upgraded NT will work reliably. Too much black >magic involved for me. > >-- >Eric J. Pilger >Systems Administrator >Hawaii Institute of Geophysics and Planetology/SOEST >pilger@pgd.hawaii.edu >(808)956-6321 (Voice/FAX) > > > ------------------------------------------------------------ David Bannon D.Bannon@latrobe.edu.au School of Biochemistry Phone 61 03 9479 2197 La Trobe University, Plenty Rd, Fax 61 03 9479 2467 Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au ------------------------------------------------------------ ..... Humpty Dumpty was pushed ! From jminer at mcfly.sanders.lmco.com Mon Jan 29 13:06:37 2001 From: jminer at mcfly.sanders.lmco.com (Jonathan W Miner) Date: Tue Dec 2 02:33:12 2003 Subject: Permissions References: Message-ID: <3A756ADD.E0011DC0@mailhost.sanders.lmco.com> I use "Dimension 4", which still requires uses to have permission to set the clock. Works on Windows 95/98/NT. http://www.thinkman.com/dimension4/index.html My Samba 2.0.7 server is setup to be the NTP server. Simo Sorce wrote: > > On Mon, 29 Jan 2001, Peter Milburn wrote: > > > > > I am sure this is a simple one I have default.bat script that runs, and > > inside itI am using the net time command. The only problem is that , a user > > can not change the time, says they do not have permission to change it. > > > > Any suggestions.. ? > > > > Thanks > > Give everyone the permission to change time (in user domain utility). > Or better install a time sync daemon that uses ntp or other network time > protocols. > > > > > > > Peter > > > > > > -- > Simo Sorce - Linux Systems Consultant > E-mail: simo.sorce@polimi.it > Tel: +39 0348 7149179 - Fax: +39 02 700442399 > ----------------------------------------------------------------- > Be happy, use Linux! -- Jonathan Miner LM-Xpress: jonathan.w.miner@lmco.com Phone: 603 885 UNIX - Fax: 603 885 3850 USmail: PO Box 868, NCA01-3719, Nashua, NH 03061-0868 From samba at grayassociates.net Mon Jan 29 13:43:41 2001 From: samba at grayassociates.net (Rich Forman) Date: Tue Dec 2 02:33:12 2003 Subject: Permissions In-Reply-To: Message-ID: <000001c089f9$7e4afec0$0a01a8c0@forman> I am currently running an entirely homogeneous NT4 network and have this exact problem. In user manager for domains I have given everybody the permission to change system time but on the workstation end it makes no difference, nobody can change the system time unless they have admin. privileges. There may be a patch out there but I don't know of one. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Simo Sorce Sent: Sunday, January 28, 2001 2:50 PM To: Peter Milburn Cc: Samba (E-mail) Subject: Re: Permissions On Mon, 29 Jan 2001, Peter Milburn wrote: > > I am sure this is a simple one I have default.bat script that runs, and > inside itI am using the net time command. The only problem is that , a user > can not change the time, says they do not have permission to change it. > > Any suggestions.. ? > > Thanks Give everyone the permission to change time (in user domain utility). Or better install a time sync daemon that uses ntp or other network time protocols. > > > Peter > > -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From roque at matra-automobile.fr Mon Jan 29 15:00:58 2001 From: roque at matra-automobile.fr (olivier roque) Date: Tue Dec 2 02:33:12 2003 Subject: Problem samba between Sunsolaris server and clients 2000 server. Message-ID: <001b01c08a04$4a467e50$1f1e0080@matraautomobile> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 2354 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010129/6840b98a/smb.obj -------------- next part -------------- A non-text attachment was scrubbed... Name: log.smb.23012001 Type: application/octet-stream Size: 7263 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010129/6840b98a/log.smb.obj From SRuth at LANDAM.com Mon Jan 29 15:17:01 2001 From: SRuth at LANDAM.com (SRuth@LANDAM.com) Date: Tue Dec 2 02:33:12 2003 Subject: Permissions Message-ID: <6768A16CA846D3119104009027998CC30853F383@lande04.landam.com> You have to give permissions using the local User Manager. User Manager for Domains only applies to the domain controllers in that instance. Sven -----Original Message----- From: Rich Forman [mailto:samba@grayassociates.net] Sent: Monday, January 29, 2001 7:44 AM To: samba-ntdom@lists.samba.org Subject: RE: Permissions I am currently running an entirely homogeneous NT4 network and have this exact problem. In user manager for domains I have given everybody the permission to change system time but on the workstation end it makes no difference, nobody can change the system time unless they have admin. privileges. There may be a patch out there but I don't know of one. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Simo Sorce Sent: Sunday, January 28, 2001 2:50 PM To: Peter Milburn Cc: Samba (E-mail) Subject: Re: Permissions On Mon, 29 Jan 2001, Peter Milburn wrote: > > I am sure this is a simple one I have default.bat script that runs, and > inside itI am using the net time command. The only problem is that , a user > can not change the time, says they do not have permission to change it. > > Any suggestions.. ? > > Thanks Give everyone the permission to change time (in user domain utility). Or better install a time sync daemon that uses ntp or other network time protocols. > > > Peter > > -- Simo Sorce - Linux Systems Consultant E-mail: simo.sorce@polimi.it Tel: +39 0348 7149179 - Fax: +39 02 700442399 ----------------------------------------------------------------- Be happy, use Linux! From lepape at shom.fr Mon Jan 29 16:16:31 2001 From: lepape at shom.fr (Jean-Marc Le Pape) Date: Tue Dec 2 02:33:12 2003 Subject: samba 2.2 as PDC and NT as BDC Message-ID: <3A75975F.A4CB295A@shom.fr> Hello, Is it possible with samba 2.2 to make that work ? (samba as PDC and NT as BDC). Does LDAP works in 2.2 CVS ? Thanks JM From DMeszaros at Hellasystems.de Mon Jan 29 16:34:57 2001 From: DMeszaros at Hellasystems.de (Daniel Meszaros) Date: Tue Dec 2 02:33:12 2003 Subject: cannot write @ share... Message-ID: hi! i'm quite new in linux terms and samba, so i need your help with my smb.conf script. i want a linux server (rh7) to be part in a win2k-domain (which works well), but i can only write on the home-shares. what must i change to make the share writeable? thx in advance, daniel m?sz?ros. [global] workgroup = hellasystems guest account = nobody keep alive = 30 os Level = 2 server string = Samba-Server encrypt passwords = yes interfaces = 192.168.0.59/255.255.255.0 [homes] comment = Home-Verzeichnis browseable = yes public = yes read only = no guest OK = no [public] path = /public read only = no comment = Oeffentlicher Plattenplatz valid users = @hellasystems guest OK = no From jbrown at db2000.com Mon Jan 29 17:01:20 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:12 2003 Subject: samba 2.2.0alpha PDC and w2k Message-ID: Hi, In trying to resolve this problem, I downloaded the most recent cvs for Samba-TNG. Once I finally got it installed and running, that seems to have fixed the problem (at least the profile permission problem). I was starting to think that it was an issue with the win2k workstation, but now it appears to definately be a samba problem. How different is TNG from Samba2.2? Is TNG a wise solution, or are there other problems with TNG at this time? (I can't make swat work for example) thanks, jonathan >>> Jeremy Allison 01/24/01 05:24PM >>> Mu Wu wrote: > > In today's version of samba 2.2.0 alpha, domain logon works. However, I ran > into a new problem. As the user creates a new profile, some of the > permission > of the profile directory, such as "My Docoments", are d---------. The user's > profile directory cannot be read or write to by the user. Anyone has similar > problems? > Mu Wu Can you recreate this with a debug level 10 log please ? I need to see the create flags the NT client is sending the smbd. Thanks, Jeremy. -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From gcarter at valinux.com Mon Jan 29 17:16:58 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:12 2003 Subject: Problems with Printer installation References: <20BF8485839CF3A95F703AE610F6D756@webmail.d2-net.de> Message-ID: <3A75A58A.B258F79E@valinux.com> Soeren Grimm wrote: > > Hi, > > Running: > SAMBA 2.2 preAlpha > Win NT (SP 6a) > > We are running Samba as Domain Controller. > We are unable to install a network printer. > The installation fails with the following ERROR-message: > Error in the printer installation program. The printer driver > is unknown. > It must be a problem of Samba, because we had no problem with > a previous Samba Version. Have you read PRINTER_DRIVER2.txt and followed the instructions there? Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From Axel.Thimm at physik.fu-berlin.de Tue Jan 30 01:13:46 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:12 2003 Subject: 2.2.0-alpha1: Samba member cannot join PDC In-Reply-To: <20010128224706.A2286@pua.domain>; from Axel.Thimm@physik.fu-berlin.de on Sun, Jan 28, 2001 at 10:47:06PM +0100 References: <20010128103509.A4795@pua.domain> <20010128152707.A30949@pua.domain> <3A745414.E3343A30@firerun.net> <20010128224706.A2286@pua.domain> Message-ID: <20010130021346.A5952@pua.domain> On Sun, Jan 28, 2001 at 10:47:06PM +0100, Axel Thimm wrote: > > Axel Thimm wrote: > > > On Sun, Jan 28, 2001 at 10:35:09AM +0100, Axel Thimm wrote: > > > > I cannot join a Samba PDC with a Samba member both running > > > > 2.2.0-alpha1: [...] > > > > On the other hand it has been reported to me that NT4 could > > > > successfully join the domain (W9x anyway). > > > I managed to narrow down the problem: It seems that 2.2 clients cannot > > > register to 2.2 PDCs, while a 2.0.7 client can > [...] > Has anyone joined 2.2.0-alpha1 domains from 2.2.0-alpha1 clients [...] Please, has anyone managed to create a domain from Samba 2.2.0-alpha1 boxes controlled by one of them? I tried several different OSes and configuration files. Samba 2.2.0-alpha1 seems not to be able to join Samba 2.2.0-alpha1 PDC. Can someone confirm or reject? Thanks, Axel. -- Axel.Thimm@physik.fu-berlin.de From Axel.Thimm at physik.fu-berlin.de Tue Jan 30 01:22:49 2001 From: Axel.Thimm at physik.fu-berlin.de (Axel Thimm) Date: Tue Dec 2 02:33:12 2003 Subject: Samba 2.2.0-alpha1: W2Ksp1 and "prs_grow: Buffer overflow" Message-ID: <20010130022249.B5952@pua.domain> Following the 2.2 PDC Howto/FAQ I tried to join a W2Ksp1 to a 2.2.0-alpha1 PDC. I did enable the root account and mentioned its group to domain admin group etc. When W2K asks for the User/Passwort to access the domain it fails and the Samba logs seem to indicate that there was a buffer overflow. Obviously other people have been successful in joining W2K to 2.2. Is it maybe sp1? Or the fact that this is a german W2K? [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] param/loadparm.c:handle_include(2352) Can't find include file /usr/local/samba/smb-alias/axp1.conf [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] lib/interface.c:add_interface(83) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] lib/interface.c:add_interface(83) added interface ip=160.45.32.130 bcast=160.45.35.255 nmask=255.255.252.0 [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] lib/access.c:check_access(258) Allowed connection from pcli1.physik.fu-berlin.de (160.45.33.89) [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] smbd/connection.c:utmp_claim_tdb(270) utmp_claim_tdb: entered [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] smbd/connection.c:utmp_claim_tdb(301) utmp_claim_tdb: leaving with 0 [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] smbd/connection.c:utmp_claim(850) utmp_claim: conn: user:root cnum:1 i:0 (utmp_count:0) [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] smbd/connection.c:utmp_claim(852) utmp_claim: crec: pid:21741, cnum:1 name:IPC$ [2001/01/30 01:59:56, 1, pid=21741, effective(0, 0), real(0, 0)] smbd/connection.c:utmp_update(706) utmp_update: have utmpx.h but no getutmpx() function [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] smbd/connection.c:utmp_nox_update(645) utmp_nox_update: uname:/var/adm/utmp [2001/01/30 01:59:56, 2, pid=21741, effective(0, 0), real(0, 0)] smbd/connection.c:utmp_nox_update(673) utmp_nox_update: wname:/var/adm/wtmp [2001/01/30 01:59:57, 0, pid=21741, effective(0, 1), real(0, 0)] rpc_parse/parse_prs.c:prs_grow(217) prs_grow: Buffer overflow - unable to expand buffer by 2 bytes. [2001/01/30 02:05:29, 2, pid=21741, effective(0, 0), real(0, 0)] smbd/process.c:timeout_processing(946) Closing idle connection 2. -- Axel.Thimm@physik.fu-berlin.de From jeremy at valinux.com Tue Jan 30 00:02:30 2001 From: jeremy at valinux.com (Jeremy Allison) Date: Tue Dec 2 02:33:12 2003 Subject: Samba 2.2.0alpha2 snapshot released References: <3A1C74A4.E9E7F9B6@valinux.com> Message-ID: <3A760496.B1DCE644@valinux.com> Hi all, I have just released the third alpha snapshot of what will become Samba 2.2.0. It's available from the usual ftp sites, in the alpha directory as : :/pub/samba/alpha/samba-2.2.0-alpha2.tar.gz If people could test this snapshot out and provide feedback about what is broken and let the lists know that would help. I know about the problem acting as a PDC for Win2k clients - this is being worked on (by JF and myself). The Team will be monitoring the feedback and this will help for the next alpha. The POSIX ACL mapping feature has been implemented on Linux only at the moment and many bugs in the point and print code have been fixed. The documentation is not currently up to date, but this code has been running under memory overrun/leak detectors for weeks now without problems. Having said that - *please* don't use this on a production system (yet - although it's closer now.... :-). I know there are still some patches missing, I will try and get to these as soon as I return from the Linuxworld conferences and the Brussels Open Source conference (Feb 8th). Please kick the tires again and let us know what you think ! The release notes follow : Regards, Jeremy Allison, Samba Team. ===================================================================== WHATS NEW IN Samba 2.2.0alpha2 ============================== This is the third alpha release of the new 2.2.0 codebase for Samba. This version must not be run in production. This code will almost certainly have some bugs and is intended to help the Samba Team prepare an official 2.2.0 release. The documentation in this alpha snapshot is not up to date, there are many new parameters since 2.0.7 and some defaults have changed. This will be corrected in a later alpha release. A known problem is this version of Samba will not act as a PDC for Win2k clients (although it works as a member server in a Win2k hosted domain). This is being actively worked on and it is intended this be fixed before 2.2.0 release. Several significant bugs have been fixed between alpha2 and alpha2, these include : Inclusion of mapping of NT ACLs to Linux ACLs, using the patch found at http://acl.bestbits.at. This is being done via an abstract interface that needs porting to the following UNIXes - IRIX, Solaris, HPUX, AIX - as many as can be done will be supported at 2.2.0 release. Please look at the code in lib/sysacls.c for the needed work. Addition of tdb spinlock code for tdb speed. Addition of user list lookup from Win2k (thanks to the Samba TNG branch code for this). Addition of generic to specific mapping of security descriptors in printer code. Addition of code page 857 (Turkish). Addition of "%D" substitution for incoming Domain of user. getpwnam/getpwuid cache. Many codepage fixes when dealing with printers with extended characters (thanks to HP for this fix). Inherited security descriptors for printing. Creation of internal NT "token" for smbd access checks. Addition of NT trans code for client. Fix for inheritance of blocked signals (thanks to HP). Addition of "total print jobs" parameter. Fix for NT not being able to save properties changes on PCL drivers. Fixes to speed up enumeration of print jobs. Cleanup printer spool files on client disconnect. Byteswap fixes for printing code (thanks JF). New parameter "dos filemode" to allow a user who can write to a file to change permissions on it. Subtle statcache bugfix. Fix for Office2000 print to file bug. Fix for MS Access multi-user open problem. Valid users now in linked list rather than array. SMB lookup now table driven rather than linear search (doh!). TDB locking fixes for multiple openers. Several significant bugs have been fixed between alpha0 and alpha1, these include : Fix for level II oplock bug. Support for detecting version 2/3 printer drivers (from HP). Samba profiling support (from SGI). Winbind integration fixes. Preliminary Win2K PDC support in compatibility mode for Win2K clients (from JF). VFS interface updates. Failover finding of BDC's now works again. lpq race condition fixes. utmp fixes. SWAT username detection fix. Bugfix for WinNT and Win2K point and print feature. The upcoming 2.2.0 Samba release will include the following new features: Integration with the winbind daemon that provides a single sign on facility for UNIX servers in Windows NT4/2000 networks driven by a Windows NT4/2000 PDC. Support for native Windows NT4/2000 printing RPCs. This includes support for automatic printer driver download. It is currently believed this functionality is working in alpha2. Rewritten internal locking semantics for more robustness. This alpha supports full 64 bit locking semantics on all (even 32 bit) platforms. SMB locks are mapped onto POSIX locks (32 bit or 64 bit) as the underlying system allows. Conversion of various internal flat data structures to use database records for increased performance and flexibility. Support for acting as a MS-DFS server Compile time option for enabling a VFS layer Support for server supported Access Control Lists (ACLs). This support will require a specific pluggable backend to be written for each filesystem ACL implementation to be supported. The stable 2.2.0 release should contain support for the following filesystems: Solaris 2.6+ HPUX SGI Irix Linux Kernel 2.2 with German ACL patch Currently in this alpha snapshot (alpha1) this feature is not enabled - the VFS layer has been modified to allow it, but the code is still under development and should be in a later alpha snapshot. Other platforms will be supported as resources are available to test and implement the encessary modules. If you are interested in writing the support for a particular ACL filesystem, please join the samba-technical mailing list and coordinate your efforts. Support for collection of profile information. A shared memory area has been created which contains counters for the number of calls to and the amount of time spent in various system calls and smb transactions. See the file profile.h for a complete listing of the information collected. Sample code for a samba pmda (collection agent for Performance Co-Pilot) has been included in the pcp directory. To enable the profile data collection code in samba, you must compile samba with profile support (run configure with the --with-profile option). On startup, collection of data is disabled. To begin collecting data use the smbcontrol program to turn on profiling (see the smbcontrol man page). Profile information collection can be enabled for all smbd processes or one or more selected processes. The profiling data collected is the aggragate for all processes that have profiling enabled. With samba compiled for profile data collection, you may see a very slight degradation in performance even with profiling collection turned off. On initial tests with NetBench on an SGI Origin 200 server, this degradation was not measureable with profile collection off compared to no profile collection compiled into samba. With count profile collection enabled on all clients, the degradation was less than 2%. With full profile collection enabled on all clients, the degradation was about 8.5%. ----------------------------------------------------------- If you think you have found a bug please email a report to : samba@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. ===================================================================== -- -------------------------------------------------------- Buying an operating system without source is like buying a self-assembly Space Shuttle with no instructions. -------------------------------------------------------- From gcarter at valinux.com Tue Jan 30 03:38:48 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:12 2003 Subject: samba 2.2.0alpha PDC and w2k References: Message-ID: <3A763748.CBC5304F@valinux.com> Jonathan Brown wrote: > > How different is TNG from Samba2.2? Is TNG a wise > solution, or are there other problems with TNG at > this time? (I can't make swat work for example) The two are vastly different in architecture. As far as the stability of the TNG project, better to as the TNG developers. :-) CHeers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From gcarter at valinux.com Tue Jan 30 03:43:56 2001 From: gcarter at valinux.com (Gerald Carter) Date: Tue Dec 2 02:33:12 2003 Subject: samba 2.2 as PDC and NT as BDC References: <3A75975F.A4CB295A@shom.fr> Message-ID: <3A76387C.1E72809@valinux.com> Jean-Marc Le Pape wrote: > > Hello, > > Is it possible with samba 2.2 to make that work ? > (samba as PDC and NT as BDC). Nope. > Does LDAP works in 2.2 CVS ? Not currently. CHeers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com http://www.samba.org/ SAMBA Team jerry@samba.org http://www.plainjoe.org/ jerry@plainjoe.org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 ) From bchin at mdimension.com Tue Jan 30 04:30:47 2001 From: bchin at mdimension.com (Bill Chin) Date: Tue Dec 2 02:33:12 2003 Subject: Mac OS X Message-ID: <200101300431.XAA18699@mail.richmond.net> On Monday, January 22, 2001, at 10:18 AM, ctooley@amoa.org wrote: > I'm in the position of having to integrate a Mac into an all Windows network. > I'm tempted to ask them to hold off on the integration (and run standalone for a > couple monthes) until the release of OS X. At that time I'd at least know > something about the OS and how to use it. You should take a look at http://www.apple.com/macosx, http://www.stepwise.com/, and a series of articles on Mac OS X on http://www.arstechnica.com/. That should get you started. You can also visit the various traditional Mac OS news and support websites all over the place, most of which have some coverage of Mac OS X. For the server version of Mac OS X, also look at http://www.apple.com/macosx/server/. > What I'm wondering is if there is a > release of Samba for OS X and if so how well is integrated into the system. Samba 2.0.7 works "out of the box" for Mac OS X Public Beta. I have an binary installer for the earlier version of Mac OS X Server 1.x at http://www.mdimension.com/Samba/. My version includes the ability to look up printers from NetInfo (a distributed directory service that is a native part of Mac OS X). The integration at this point with public releases of Mac OS X and Mac OS X Server is much like any other *BSD operating system. Samba can serve up both from UFS and HFS+ filesystems. The server version of Mac OS X will have CIFS/SMB support. Unfortunately, since this is a closed source project with NDA's surrounding it, there hasn't been much news. MacWEEK among others are reporting that it will integrate Samba for it's CIFS/SMB server functionality. As for a SMB client, there isn't a port of libsmb yet. There are commercial alternatives, including Sharity and DAVE. Sharity is available for Mac OS X Server 1.x and Mac OS X Public Beta now. DAVE is available for Mac OS < X, and Thursby has announced that they will have a Mac OS X version coming. I am personally interested in working on a SMB client, but time constraints have pushed it to the back burner. It also depends on how reasonably priced the commercial alternatives end up. Another way of integrating Mac OS X is to use more traditional UNIX services, including NIS and NFS. LDAP is another way to go. Microsoft has some UNIX services products that you may be able to utilize. YMMV. ..Bill Chin M Dimension Technology From peter.milburn at sofcom.com.au Tue Jan 30 06:16:42 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:12 2003 Subject: samba 2.2.0alpha permissions Message-ID: When a new user installs a program on the win2k machine, and logs of, it does not have permission to write the new data to the profile, the directory is created, but only as a directory, not even the user has permission to write to it, How can I over come this. Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From DMeszaros at Hellasystems.de Tue Jan 30 09:47:28 2001 From: DMeszaros at Hellasystems.de (Daniel Meszaros) Date: Tue Dec 2 02:33:12 2003 Subject: WG: write permissions / unix rights (was: cannot write @ share...) Message-ID: Eric, I'm really sorry for my sending not to the mailing list but directly to you. It was my fault (that dumb strg+r isn't the right solution everytime ;->) ... excuse me. Here the message for everyone to read (and maybe answer) ... somewhat changed because I found some answers myself. >Do the users have permission on the UNIX side to write to /public? *g* _that_ was the mistake. much thx! i chown'ed /public to @hellasystems with 770 and everything works fine. 1st i didn't know how to share /var/www to our webdesigner but now i found a solution ... maybe somebody knows a better one ... then please write into that list to make it everyone know ... even me (that tiny linux newbie trying to understand the new old world of UNIX *g*)... for security reasons i made the folder /testweb into /public and simply created a symlink to /var/www/html ... i found that i might be better than sharing the /var/www to the whole network. is there a better way? then please tell me. :-) cu, Daniel. From schapiro at clerk.pi.huji.ac.il Tue Jan 30 09:40:46 2001 From: schapiro at clerk.pi.huji.ac.il (Schlomo Schapiro) Date: Tue Dec 2 02:33:12 2003 Subject: WG: write permissions / unix rights (was: cannot write @ share...) In-Reply-To: Message-ID: Hi, for webdesigners maybe DAV (Apache/ModDAV) may be better because of Windows' bad habits of changing file names (with regards to upper/lower case). Also then you can incorporate it with the web server and give people access to the real data "in-situ". Schlomo On Tue, 30 Jan 2001, Daniel Meszaros wrote: > Eric, I'm really sorry for my sending not to the mailing list but > directly to you. It was my fault (that dumb strg+r isn't the right > solution everytime ;->) ... excuse me. > > Here the message for everyone to read (and maybe answer) ... somewhat > changed because I found some answers myself. > > > >Do the users have permission on the UNIX side to write to /public? > > *g* _that_ was the mistake. much thx! i chown'ed /public to > @hellasystems with 770 and everything works fine. > > 1st i didn't know how to share /var/www to our webdesigner but now i > found a solution ... maybe somebody knows a better one ... then please > write into that list to make it everyone know ... even me (that tiny > linux newbie trying to understand the new old world of UNIX *g*)... > > for security reasons i made the folder /testweb into /public and simply > created a symlink to /var/www/html ... i found that i might be better > than sharing the /var/www to the whole network. is there a better way? > then please tell me. :-) > > > cu, > Daniel. > -- Schlomo Schapiro Computation Authority Hebrew University of Jerusalem Tel: ++972 / 2 / 65-84404 Fax: 65-27349 email: schapiro@clerk.pi.huji.ac.il WWW: http://shum.cc.huji.ac.il/~schapiro From noelk at bc.edu Tue Jan 30 12:51:04 2001 From: noelk at bc.edu (Kenneth Noel) Date: Tue Dec 2 02:33:13 2003 Subject: Linux --> NT mount problem References: <3A64D238@netfin6.bc.edu> Message-ID: <3A76B8B8.CB38DB@bc.edu> A colleague of mine found the answer to my post through trial and error. I thought I had tried the same. mount -t smbfs -o username=username/domain //server/share /mnt/point NOTE: username/domain is backwards from the way you do it on nt. For those who care... Ken > I am also experiencing the same problem I think. When I try to mount and NT > server fs by not using a local account on the server smbclient and mount > cannot resolve domain\username syntax. If mount PDC's and BDC's using local > admin accounts that works fine. If I try to mount member servers or > workstations by using domain account information I cannot mount the fs. > > I don't know if this is the same problem but it sounds like it. I hope I see > someone post a response that makes it work. > > Ken > > >===== Original Message From Chris Odgers ===== > >-----BEGIN PGP SIGNED MESSAGE----- > >Hash: SHA1 > > > >the 'unknown parameter' informational message refers to your smb.conf > >file, i'm not sure but i don't think there's a 'domain controller' > >parameter in smb.conf. that's being ignored though. > > > >sometimes I find that I've got to specify the DOMAIN\ bit of the > >login name as well, otherwise it thinks youre trying to log into the > >local SAM. For troubleshooting purposes, as well, it might be worth > >trying that (as long as the machine in question isn't a BDC and you > >actually know a local login). > > > >Hope this helps, > > > >Chris > > > >> -----Original Message----- > >> From: Earnshaw, Mike [mailto:earnshawm@wa.switch.aust.com] > >> Sent: Friday, January 12, 2001 2:25 PM > >> To: 'Chris Odgers' > >> Subject: RE: Linux --> NT mount problem > >> > >> > >> Chris, > >> > >> Thanks for the info. The results I get using the *correct* > >> credentials are ... > >> > >> Unknown parameter encountered: "domain controller" > >> Ignoring unknown parameter "domain controller" > >> Added interface ip=10.0.1.6 bcast=10.0.1.255 nmask=255.255.255.0 > >> session setup failed: ERRDOS - ERRnoaccess (Access denied.) > >> > >> I tried using the -N option immediately after //server/service in > >> my smbclient command as per the man page with no change in > >> results. I also > >> tried dropping the -N and removing the password from > >> 'user%password' and > >> at the password prompt entered the correct details, again no change > >> in results. > >> > >> Read the man pages for both smbmount and smbclient and there does > >> not appear any more switches I can include to try and force the > >> issue. > >> > >> Thanks > >> > >> Mike > >> > >> > >> #-----Original Message----- > >> #From: Chris Odgers [mailto:Chris.Odgers@sausage.com] > >> #Sent: Friday, 12 January 2001 10:38 AM > >> #To: 'Earnshaw, Mike' > >> #Cc: 'samba-ntdom@samba.org' > >> #Subject: RE: Linux --> NT mount problem > >> # > >> # > >> #-----BEGIN PGP SIGNED MESSAGE----- > >> #Hash: SHA1 > >> # > >> #NT servers usually don't respond to session requests when queried > >> via #their fqdn (which isn't usually the same as their netbios > >> name.) > >> # > >> #I don't know how you'd do it via fstab, but I have success > >> connecting #to offsite NT servers using the syntax: > >> # > >> #smbclient //netbios-target-name/sharename -U user%password -I > >> #dest.ip.add.ress > >> # > >> #i'm 99% sure that smbmount, at least in some revisions, supports > >> this #syntax. > >> # > >> #> -----Original Message----- > >> #> From: Earnshaw, Mike [mailto:earnshawm@wa.switch.aust.com] > >> #> Sent: Friday, January 12, 2001 1:37 PM > >> #> To: Samba (E-mail) > >> #> Subject: Linux --> NT mount problem > >> #> > >> #> > >> #> G'day > >> #> > >> #> I am trying to connect to an NT server that is in a different > >> #> network to > >> #> mine. I can do this via native NT if I supply the correct > >> #> credentials. The aim is to allow access to this NT resource from > >> a #> Linux > >> #> mount point > >> #> to people who do not have NT on their desktops but Win9x. I have > >> #> permission to access the NT share and using Linux permissions > >> #> I want to > >> #> give select users access also. > >> #> > >> #> I have Samba 2.0.5a. I added the following to my /etc/fstab ... > >> #> > >> #> /// /mnt/projects smbfs > >> #> > >> auto,suid,uid=500,gid=500,workgroup=***,username=***,password=*** 0 > >> #> 0 > >> #> > >> #> (where *** is replaced with relevant details). Then ... > >> #> > >> #> [root@datasrv /root]# mount /mnt/projects > >> #> [root@datasrv /root]# Unknown parameter encountered: "domain > >> #> controller" > >> #> Ignoring unknown parameter "domain controller" > >> #> Added interface ip=10.0.1.6 bcast=10.0.1.255 nmask=255.255.255.0 > >> #> session request to PROJECTS. failed > >> #> session request to *SMBSERVER failed > >> #> smbmount: login failed > >> #> Could not umount /mnt/projects: Device or resource busy > >> #> smbmount: exit > >> #> > >> #> Yet if I try the same syntax of /etc/fstab with a local NT > >> #> server I get > >> #> a lot closer to a solution. I thought this may have been a > >> #> broadcast kind of issue across routers, but it worked OK from > >> #> within NT and the two NT domains are *not* trusted, but have > >> #> separate user accounts in each. > >> #> > >> #> Any guidance appreciated. Thanks. > >> #> > >> #> -------------------------------------------------------------- > >> #> ---------- > >> #> ----- > >> #> Mike Earnshaw | Tech support is a fine art | e-mail > >> #> in header > >> #> Computer Systems | which once mastered, virtually | Tel : > >> #> +61 8 9256 > >> #> 0023 > >> #> Support | ensures loss of sanity. | Fax : > >> #> +61 8 9256 > >> #> 1199 > >> #> -------------------------------------------------------------- > >> #> ---------- > >> #> ----- > >> #> ,-._|\ Union Switch & signal > >> #> / \ 24 Bannick Court > >> #> *_.--._/ Canning Vale, WA 6155, Western Australia > >> #> v > >> #> -------------------------------------------------------------- > >> #> ---------- > >> #> ----- > >> #> > >> # > >> #-----BEGIN PGP SIGNATURE----- > >> #Version: PGPfreeware 6.5.3 for non-commercial use > > > ># > >#iQA/AwUBOl3hZa5S0FuupP0+EQKrjACg9YMRWO0v4nSdhej4CtcSgjpTv9cAn1fE > >#GpUjFwq2xJWOuOqn21nhFb9T > >#=oeAy > >#-----END PGP SIGNATURE----- > ># > > > >-----BEGIN PGP SIGNATURE----- > >Version: PGPfreeware 6.5.3 for non-commercial use > > > >iQA/AwUBOl3s9q5S0FuupP0+EQK9gQCgwSg6VMiGcgy1jneIU04qnr6HJ/8AoOPC > >wvNmd0AojOLXjTuJK2yxxrIq > >=IOW0 > >-----END PGP SIGNATURE----- > > Kenneth Noel > Boston College > Information Technology > Systems Programmer > 617 552-8511 -------------- next part -------------- A non-text attachment was scrubbed... Name: noelk.vcf Type: text/x-vcard Size: 290 bytes Desc: Card for Kenneth Noel Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010130/338da0ff/noelk.vcf From gglick at txc.com Tue Jan 30 15:11:36 2001 From: gglick at txc.com (gene s glick) Date: Tue Dec 2 02:33:13 2003 Subject: NT question Message-ID: <3A76D9A8.5AB41068@txc.com> I'm pretty new to this subject, so please bear with me - Our IT group has a Samba server that is used by all of us Win98 and WinNT clients. I have discovered 2 instances of 'unexplainable' behavior. First is the use of the windows application Excel. We share a copy of a spreadsheet amongst many users. This file gets opened from various people, sometimes simultaneously. It seems that when an NT client opens the file, and subsequently closes it, that no other users can access the file. In fact, I have actually seen the file renamed with a name that bares a striking resemblance to a hex addresss. Not sure if that's related or not. As long as Win98 systems access the file, things seem to be ok. The second problem revolves around an Orcad file (this is a schematic package used by EE's). Within the file (binary) are 2 data bases. As long as a Win98 client accesses the file, all is well. But, when the NT client opens the file, the internal databases get corrupted, sort of, such that the program uses the wrong database. Interestingly, if the same file is simply copied from the samba serva to a local drive, or any networked FAT or NTFS drive, all is well. Can anyone shed light on this problem? gene -- Gene S. Glick Senior Applications Engineer TranSwitch Corporation 203-929-8810 ext. 2473 gglick@txc.com From lepape at shom.fr Tue Jan 30 15:32:10 2001 From: lepape at shom.fr (Jean-Marc Le Pape) Date: Tue Dec 2 02:33:13 2003 Subject: Samba 2.2.0alpha2 snapshot released References: <3A1C74A4.E9E7F9B6@valinux.com> <3A760496.B1DCE644@valinux.com> Message-ID: <3A76DE79.D75A1E16@shom.fr> Hi, I've got a problem compiling 2.2-alpha2 i do ./configure --prefix=/usr/local/data/samba --bindir=/soft/samba/bin then make and i get: Linking bin/smbd Undefined first referenced symbol in file inet_aton smbd/password.o ld: fatal: Symbol referencing errors. No output written to bin/smbd collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 It doesn't work neither under Solaris 2.6 nor under solaris 2.8 JM From atlcrei at yahoo.com Tue Jan 30 15:54:45 2001 From: atlcrei at yahoo.com (Albert Tsai) Date: Tue Dec 2 02:33:13 2003 Subject: "Duplicate name exists on the network" help! Message-ID: <20010130155445.1642.qmail@web3404.mail.yahoo.com> Can anyone help me with this? I'm having trouble connecting my Win2k machine to samba2.2.0alpha. I get the error message, "Duplicate name exists on the network" after I enter the domain name, and enter a username and password. I've followed the How-to exactly. Does anyone know what I'm doing wrong? As far as I know, there are no duplicate names on the network (my computer's name, server's name, workgroup, and the domain name are different). The only thing I do see is that the domain does exist as a seperate workgroup under Network Neighborhood, but I don't know if that's the problem. Thanks, Al Tsai __________________________________________________ Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ From grunstra at grunstra.nl Tue Jan 30 15:34:36 2001 From: grunstra at grunstra.nl (Grunstra Architecten Groep bna) Date: Tue Dec 2 02:33:13 2003 Subject: failure in console Message-ID: <3A76DF0C.FB15DF46@grunstra.nl> Having a Solaris 2.7 with Samba 2.0.7 with 2 W2k stations. Why do I keep getting this message below in the servers-console? Jan 25 15:21:16 grunstra3 inetd[157]: netbios-ns/udp server failing (looping), service terminated TIA, Wim Benes (newbe in Samba) -------------- next part -------------- A non-text attachment was scrubbed... Name: grunstra.vcf Type: text/x-vcard Size: 774 bytes Desc: Kaart voor Grunstra Architecten Groep bna Url : http://lists.samba.org/archive/samba-ntdom/attachments/20010130/03f322a3/grunstra.vcf From Agustin.Lopez at uv.es Tue Jan 30 20:34:25 2001 From: Agustin.Lopez at uv.es (Jose Agustin Lopez Bueno) Date: Tue Dec 2 02:33:13 2003 Subject: Problem with samba 2.2, PAM, LDAP and PDC Message-ID: Hello, all! I am playing with Samba 2.2, got from the CVS and the doc 'The Samba 2.2 PDC HowTo'. My samba now is the PDC . I am validating with one OpenLDAP and pam on Linux box. Works Ok when I am entering the W2k in the domain. But, once in the domain, I am getting the next error when I try to enter with one user from W2k: Unable to log you on because the netlogon service is not running on this machine. In that case, I tried with pam and without pam with the same result. Curiously, trying with smbclient validate Ok (with pam). I need some help! Regards, Agustin ============================================================ | Jose Agustin Lopez Bueno | | E-Mail: Agustin.Lopez@uv.es | http://www.uv.es/~lopezj/ | | Tel: +34-6-3864310 | Fax: +34-6-3864200 | | Servicio de Informatica, Universidad de Valencia, Spain | ============================================================ From osabmt00 at fht-esslingen.de Wed Jan 31 00:19:56 2001 From: osabmt00 at fht-esslingen.de (Osama Abu-Aish) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure Message-ID: <3A77683C.15239.24A6AF9@localhost> Hi out there, this is somehow OT, but I thought to find the most competent people my idea here: Background: Since NT-UNIX password / account synchronization is a never ending story with many traps I had an idea and wonder if anybody has tried this before and could probably help me by sharing his/her knowledge. Since NT and UNIX use different security models, it is impossible to integrate both into one central security database. Samba is to a certain degree able to provide authentication to NT, but it can't resolve the problem of having two password databases. Idea: All current implementations try to adapt the UNIX-side to match the requirements given by NT. Now I wonder if it shouldn't be possible to change the NT-side. What I'm dreaming of is all our NT WKS authenticating against a LDAP-Server. This _must_ somehow be possible since novell manages it with their NDS directory. What I understand from MS documentation is that custom authentication is supported and that two dll's must be created: a graphical user interface (GINA) and a authentication package. Questions: 1.) Does this make sense at all or is it only YASI (Yet another stupid idea :-)? 2.) Has anybody tried something like this and could provide me with any information? 3.) Would someone be interested in following this track? Greetings, Osama --- Fachhochschule f?r Technik Esslingen Au?enstelle Goeppingen From slu at firerun.net Wed Jan 31 01:01:20 2001 From: slu at firerun.net (Patrick) Date: Tue Dec 2 02:33:13 2003 Subject: "Duplicate name exists on the network" help! References: <20010130155445.1642.qmail@web3404.mail.yahoo.com> Message-ID: <3A7763E0.CE0CCF99@firerun.net> That message is usually associated with another windows/samba machine having the same netbios name on the network. Patrick Albert Tsai wrote: > Can anyone help me with this? I'm having trouble > connecting my Win2k machine to samba2.2.0alpha. I get > the error message, "Duplicate name exists on the > network" after I enter the domain name, and enter a > username and password. I've followed the How-to > exactly. Does anyone know what I'm doing wrong? As > far as I know, there are no duplicate names on the > network (my computer's name, server's name, workgroup, > and the domain name are different). The only thing I > do see is that the domain does exist as a seperate > workgroup under Network Neighborhood, but I don't know > if that's the problem. > > Thanks, > Al Tsai > > __________________________________________________ > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ From lukexzx at hotmail.com Wed Jan 31 03:44:49 2001 From: lukexzx at hotmail.com (Luke Dyson) Date: Tue Dec 2 02:33:13 2003 Subject: simple sharing on an NT Domain Message-ID: Ok I am a newbie I guess. I have set up a few samba config files in the past and they worked. Now this time I am setting up what I thought was simple, but it's turning out to be keeping me up late at night reading samba man pages. I have a NT Domain network with a NT4 PDC (named NTserver4) and a few 95 clients. All on a single subnet network 192.168.1.0 . The PDC has WINS running and I mapped the new linux machine manually. I added a Linux machine to use as a local intranet web server and I want a way to move files to it like web pages and pictures. I named the linux machine "intranet" All I want is a single public folder to be shared either without a password (prefferably) or with a password for a few users. I have tried many different configurations and cannot get into the public folder. I can see the Linux machine and the public share, but when I try to get into it gives me the message \\INTRANET\public the network name cannot be found. Like I said I have even tried to set it up user security and create accounts for the NT usernames, but none of the passwords worked for the accounts. And yes the public folder is created and located in the usr/home directory. Here is my config file [global] workgroup = VEGA wins server = 192.168.1.11 security = share encrypt passwords = yes preffered master = no local master = no guest = ok [public] path = usr/home/public writeable = yes public = yes printable = no Any advice or help would be greatly appreciated. Thanks Luke Dyson _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com From tsoome at ut.ee Wed Jan 31 07:23:14 2001 From: tsoome at ut.ee (Toomas Soome) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure References: <3A77683C.15239.24A6AF9@localhost> Message-ID: <3A77BD62.D404C10B@ut.ee> Osama Abu-Aish wrote: > > Hi out there, > > this is somehow OT, but I thought to find the most competent > people my idea here: > > Background: > > Since NT-UNIX password / account synchronization is a never > ending story with many traps I had an idea and wonder if anybody > has tried this before and could probably help me by sharing > his/her knowledge. > Since NT and UNIX use different security models, it is impossible > to integrate both into one central security database. Samba is > to a certain degree able to provide authentication to NT, but > it can't resolve the problem of having two password databases. > > Idea: > > All current implementations try to adapt the UNIX-side to match > the requirements given by NT. Now I wonder if it shouldn't be > possible to change the NT-side. What I'm dreaming of is all > our NT WKS authenticating against a LDAP-Server. > This _must_ somehow be possible since novell manages it > with their NDS directory. > What I understand from MS documentation is that custom > authentication is supported and that two dll's must be created: > a graphical user interface (GINA) and a authentication package. > > Questions: > 1.) Does this make sense at all or is it only YASI (Yet another > stupid idea :-)? > 2.) Has anybody tried something like this and could provide me > with any information? > 3.) Would someone be interested in following this track? > I have implemented 1-way just now, but 2 way sync is planned and is waiting implementation. we have currently blocked passwd change from windows and all passwords are changed from unix (Solaris). I have written PAM module for this task, stacked below pam_unix. pam_unix will take care of unix passwords and pam_smb will write password into smbpasswd NIS+ table. this is unix -> windows direction. this works well in our case. windows-> unix is a problem, because we do not get cleartext old password from windows client (am I wrong?). if so, we must save plaintext passwords into the safe place (crypted with some internal key). it is generally bad idea to have plaintext passwords around, but in university environment it is not totally unacceptable. I mean, such database must be protected with some sort of encryption and if someone wants passwords, well it is possible to use sniffers from pc classes, one can do dictionary attack against password hashes etc. so, if safe sorage for old (or current) passwords is implemented, next task is to rewrite current samba interface for password change to use standard pam interface (with old password from internal storage and new password from client) and it's done. nice and clean. of course, there are but's. how to handle username maps, what happens if we are going to have domain trust or kerberos environment etc... toomas -- GRASSHOPPOTAMUS: A creature that can leap to tremendous heights... once. From bgmilne at cae.co.za Wed Jan 31 08:44:29 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:13 2003 Subject: samba authenticatiing from samba PDC References: Message-ID: <3A77D06D.74B57DA0@cae.co.za> Does the user who's connecting have a unix account on the machine ? Does it have a samba account on the PDC. Have you joined the samba machine to the domain. Peter Milburn wrote: > > I have a working samba PDC , I am now trying to get another samba server, > running 2.07 to authenticate from the samba PDC > > When I goto to the samba 2.0.7 it does not ask for a username or passwd, > just puts in straight in. > > When checking with smbstats, it gives the permissions or user being nobody. You've connected as a guest for some reason. What is "map to guest" set to in the smb.conf on the machine you are trying to connect to ? > > Any help > > Thanks, -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From bgmilne at cae.co.za Wed Jan 31 08:57:11 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:13 2003 Subject: [Fwd: Re: Problem with samba 2.2, PAM, LDAP and PDC] Message-ID: <3A77D367.32395743@cae.co.za> Doesn't the list maintainer want to set the reply-to to samba-ntdom@samba.org ? Otherwise I'm going to continue sending duplicates to the people I'm answering .... -------- Original Message -------- Subject: Re: Problem with samba 2.2, PAM, LDAP and PDC Date: Wed, 31 Jan 2001 10:25:02 +0200 From: Buchan Milne Organization: Stellenbosch Automotive Engineering To: Jose Agustin Lopez Bueno References: Have you got a netlogon share defined which the user can access ? It needs to be accessible as \\logonserver\netlogon Buchan Jose Agustin Lopez Bueno wrote: > > Hello, all! > > I am playing with Samba 2.2, got from the CVS and the > doc 'The Samba 2.2 PDC HowTo'. My samba now is the PDC > . I am validating with one OpenLDAP and pam on Linux box. > Works Ok when I am entering the W2k in the domain. But, > once in the domain, I am getting the next error when I > try to enter with one user from W2k: > > Unable to log you on because the netlogon service > is not running on this machine. > > In that case, I tried with pam and without pam with > the same result. Curiously, trying with smbclient > validate Ok (with pam). > > I need some help! > > Regards, > Agustin > > ============================================================ > | Jose Agustin Lopez Bueno | > | E-Mail: Agustin.Lopez@uv.es | http://www.uv.es/~lopezj/ | > | Tel: +34-6-3864310 | Fax: +34-6-3864200 | > | Servicio de Informatica, Universidad de Valencia, Spain | > ============================================================ -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From bgmilne at cae.co.za Wed Jan 31 08:57:49 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:13 2003 Subject: [Fwd: Re: OT: change NT login procedure] Message-ID: <3A77D38D.6B8F4796@cae.co.za> Doesn't the list maintainer want to set the reply-to to samba-ntdom@samba.org ? Otherwise I'm going to continue sending duplicates to the people I'm answering .... -------- Original Message -------- Subject: Re: OT: change NT login procedure Date: Wed, 31 Jan 2001 10:17:56 +0200 From: Buchan Milne Organization: Stellenbosch Automotive Engineering To: osabmt00@fht-esslingen.de References: <3A77683C.15239.24A6AF9@localhost> I have seen some implementation of a nisgina.dll or similar (I'm winging it here, I have no knowledge of the components involved in Windows NT login, but have read of this dll) which authenticates off NIS, replacing the standard windows dll. Sorry, don't have a link for you ... Buchan Osama Abu-Aish wrote: > > Hi out there, > > this is somehow OT, but I thought to find the most competent > people my idea here: > > Background: > > Since NT-UNIX password / account synchronization is a never > ending story with many traps I had an idea and wonder if anybody > has tried this before and could probably help me by sharing > his/her knowledge. > Since NT and UNIX use different security models, it is impossible > to integrate both into one central security database. Samba is > to a certain degree able to provide authentication to NT, but > it can't resolve the problem of having two password databases. > > Idea: > > All current implementations try to adapt the UNIX-side to match > the requirements given by NT. Now I wonder if it shouldn't be > possible to change the NT-side. What I'm dreaming of is all > our NT WKS authenticating against a LDAP-Server. > This _must_ somehow be possible since novell manages it > with their NDS directory. > What I understand from MS documentation is that custom > authentication is supported and that two dll's must be created: > a graphical user interface (GINA) and a authentication package. > > Questions: > 1.) Does this make sense at all or is it only YASI (Yet another > stupid idea :-)? > 2.) Has anybody tried something like this and could provide me > with any information? > 3.) Would someone be interested in following this track? > > Greetings, Osama > > --- > Fachhochschule f?r Technik Esslingen > Au?enstelle Goeppingen -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From bgmilne at cae.co.za Wed Jan 31 08:56:58 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:13 2003 Subject: [Fwd: Re: simple sharing on an NT Domain] Message-ID: <3A77D35A.87CFC066@cae.co.za> Doesn't the list maintainer want to set the reply-to to samba-ntdom@samba.org ? Otherwise I'm going to continue sending duplicates to the people I'm answering .... -------- Original Message -------- Subject: Re: simple sharing on an NT Domain Date: Wed, 31 Jan 2001 10:22:51 +0200 From: Buchan Milne Organization: Stellenbosch Automotive Engineering To: Luke Dyson References: Luke Dyson wrote: > [snip] > \\INTRANET\public > > the network name cannot be found. > > Like I said I have even tried to set it up user security and create accounts > for the NT usernames, but none of the passwords worked for the accounts. And > yes the public folder is created and located in the usr/home directory. Here > is my config file > > [global] > workgroup = VEGA > wins server = 192.168.1.11 > security = share > encrypt passwords = yes > preffered master = no > local master = no > guest = ok This probably needs to be "guest ok = yes" or so. You probably also want to have a "guest user = " and "map to guest = bad user" You might want to try "man smb.conf" and then type "\guest" (which will seach for guest in the man page) and then press "n" until you get to one that looks useful ... Buchan > [public] > path = usr/home/public > writeable = yes > public = yes > printable = no > > Any advice or help would be greatly appreciated. Thanks > > Luke Dyson > > _________________________________________________________________ > Get your FREE download of MSN Explorer at http://explorer.msn.com -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From bgmilne at cae.co.za Wed Jan 31 08:55:59 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:33:13 2003 Subject: [Fwd: Re: Problem with samba 2.2, PAM, LDAP and PDC] Message-ID: <3A77D31F.78688AE3@cae.co.za> Doesn't the list maintainer want to set the reply-to to samba-ntdom@samba.org ? Otherwise I'm going to continue sending duplicates to the people I'm answering .... -------- Original Message -------- Subject: Re: Problem with samba 2.2, PAM, LDAP and PDC Date: Wed, 31 Jan 2001 10:25:02 +0200 From: Buchan Milne Organization: Stellenbosch Automotive Engineering To: Jose Agustin Lopez Bueno References: Have you got a netlogon share defined which the user can access ? It needs to be accessible as \\logonserver\netlogon Buchan Jose Agustin Lopez Bueno wrote: > > Hello, all! > > I am playing with Samba 2.2, got from the CVS and the > doc 'The Samba 2.2 PDC HowTo'. My samba now is the PDC > . I am validating with one OpenLDAP and pam on Linux box. > Works Ok when I am entering the W2k in the domain. But, > once in the domain, I am getting the next error when I > try to enter with one user from W2k: > > Unable to log you on because the netlogon service > is not running on this machine. > > In that case, I tried with pam and without pam with > the same result. Curiously, trying with smbclient > validate Ok (with pam). > > I need some help! > > Regards, > Agustin > > ============================================================ > | Jose Agustin Lopez Bueno | > | E-Mail: Agustin.Lopez@uv.es | http://www.uv.es/~lopezj/ | > | Tel: +34-6-3864310 | Fax: +34-6-3864200 | > | Servicio de Informatica, Universidad de Valencia, Spain | > ============================================================ -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 Stellenbosch Automotive Engineering http://www.cae.co.za From jas88 at cam.ac.uk Wed Jan 31 09:13:14 2001 From: jas88 at cam.ac.uk (James Sutherland) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure In-Reply-To: <3A77683C.15239.24A6AF9@localhost> Message-ID: On Wed, 31 Jan 2001, Osama Abu-Aish wrote: > Hi out there, > > this is somehow OT, but I thought to find the most competent > people my idea here: > > Background: > > Since NT-UNIX password / account synchronization is a never > ending story with many traps I had an idea and wonder if anybody > has tried this before and could probably help me by sharing > his/her knowledge. > Since NT and UNIX use different security models, it is impossible > to integrate both into one central security database. Samba is > to a certain degree able to provide authentication to NT, but > it can't resolve the problem of having two password databases. > > Idea: > > All current implementations try to adapt the UNIX-side to match > the requirements given by NT. Now I wonder if it shouldn't be > possible to change the NT-side. What I'm dreaming of is all > our NT WKS authenticating against a LDAP-Server. > This _must_ somehow be possible since novell manages it > with their NDS directory. > What I understand from MS documentation is that custom > authentication is supported and that two dll's must be created: > a graphical user interface (GINA) and a authentication package. > > Questions: > 1.) Does this make sense at all or is it only YASI (Yet another > stupid idea :-)? > 2.) Has anybody tried something like this and could provide me > with any information? > 3.) Would someone be interested in following this track? > > Greetings, Osama Try NISGINA, here: ftp://ftp.eng.auburn.edu/pub/cartegw/nisgina/bauer/bauer.html James. From jas88 at cam.ac.uk Wed Jan 31 09:34:33 2001 From: jas88 at cam.ac.uk (James Sutherland) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure In-Reply-To: <3A77BD62.D404C10B@ut.ee> Message-ID: On Wed, 31 Jan 2001, Toomas Soome wrote: > Osama Abu-Aish wrote: > > > > Hi out there, > > > > this is somehow OT, but I thought to find the most competent > > people my idea here: > > > > Background: > > > > Since NT-UNIX password / account synchronization is a never > > ending story with many traps I had an idea and wonder if anybody > > has tried this before and could probably help me by sharing > > his/her knowledge. > > Since NT and UNIX use different security models, it is impossible > > to integrate both into one central security database. Samba is > > to a certain degree able to provide authentication to NT, but > > it can't resolve the problem of having two password databases. > > > > Idea: > > > > All current implementations try to adapt the UNIX-side to match > > the requirements given by NT. Now I wonder if it shouldn't be > > possible to change the NT-side. What I'm dreaming of is all > > our NT WKS authenticating against a LDAP-Server. > > This _must_ somehow be possible since novell manages it > > with their NDS directory. > > What I understand from MS documentation is that custom > > authentication is supported and that two dll's must be created: > > a graphical user interface (GINA) and a authentication package. > > > > Questions: > > 1.) Does this make sense at all or is it only YASI (Yet another > > stupid idea :-)? > > 2.) Has anybody tried something like this and could provide me > > with any information? > > 3.) Would someone be interested in following this track? > > > > I have implemented 1-way just now, but 2 way sync is planned and is > waiting implementation. > > we have currently blocked passwd change from windows and all passwords > are changed from unix (Solaris). I have written PAM module for this > task, stacked below pam_unix. pam_unix will take care of unix passwords > and pam_smb will write password into smbpasswd NIS+ table. this is unix > -> windows direction. this works well in our case. > > windows-> unix is a problem, because we do not get cleartext old > password from windows client (am I wrong?). if so, we must save > plaintext passwords into the safe place (crypted with some internal > key). it is generally bad idea to have plaintext passwords around, but > in university environment it is not totally unacceptable. I mean, such > database must be protected with some sort of encryption and if someone > wants passwords, well it is possible to use sniffers from pc classes, > one can do dictionary attack against password hashes etc. Against NT's "encryption", dictionary attacks are trivial (a few minutes to run a large wordlist); even brute force on an ordinary desktop PC isn't hard. > so, if safe sorage for old (or current) passwords is implemented, next > task is to rewrite current samba interface for password change to use > standard pam interface (with old password from internal storage and new > password from client) and it's done. nice and clean. > > of course, there are but's. how to handle username maps, what happens if > we are going to have domain trust or kerberos environment etc... Two possibilities: 1. There is a pair of DLLs Novell replace in NDS for NT, which diverts all NT auth stuff (including password changes) onto the NDS tree. 2. You can provide a "password filter" DLL to implement password checking when the user changes password (e.g. check the new password is over X characters, mixed case and numbers) - obviously, this DLL *IS* passed the plaintext password - and username, I think. Actually, if the NT machine tries to change the password on the Samba machine, it should be synchronised back to Unix anyway, shouldn't it? In which case, with Samba as your PDC, you should be OK. The question is, can you get NT servers to authenticate against a Samba PDC now??? James. From tsoome at ut.ee Wed Jan 31 09:54:21 2001 From: tsoome at ut.ee (Toomas Soome) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure References: Message-ID: <3A77E0CD.C0DEEE50@ut.ee> James Sutherland wrote: > > windows-> unix is a problem, because we do not get cleartext old > > password from windows client (am I wrong?). if so, we must save > > plaintext passwords into the safe place (crypted with some internal > > key). it is generally bad idea to have plaintext passwords around, but > > in university environment it is not totally unacceptable. I mean, such > > database must be protected with some sort of encryption and if someone > > wants passwords, well it is possible to use sniffers from pc classes, > > one can do dictionary attack against password hashes etc. > > Against NT's "encryption", dictionary attacks are trivial (a few minutes > to run a large wordlist); even brute force on an ordinary desktop PC isn't > hard. exactly. > > > so, if safe sorage for old (or current) passwords is implemented, next > > task is to rewrite current samba interface for password change to use > > standard pam interface (with old password from internal storage and new > > password from client) and it's done. nice and clean. > > > > of course, there are but's. how to handle username maps, what happens if > > we are going to have domain trust or kerberos environment etc... > > Two possibilities: > > 1. There is a pair of DLLs Novell replace in NDS for NT, which diverts all > NT auth stuff (including password changes) onto the NDS tree. > > 2. You can provide a "password filter" DLL to implement password checking > when the user changes password (e.g. check the new password is over X > characters, mixed case and numbers) - obviously, this DLL *IS* passed the > plaintext password - and username, I think. yes, and implementing protocol to send these password securely to unix box is relatively an easy task as well. > > Actually, if the NT machine tries to change the password on the Samba > machine, it should be synchronised back to Unix anyway, shouldn't it? In > which case, with Samba as your PDC, you should be OK. > > The question is, can you get NT servers to authenticate against a Samba > PDC now??? I'm doing this every day:) we do have here 4 NT classes authenticating against samba pdc (2.0.7) and lots of staff workstations. also I'm working currently with samba 2.2.0 and w2k (w2k is joined to samba domain). sure, there are problems, but I can live with them and 2.2.0 looks very good - there is lots of work done, to implement missing functionality. toomas -- Oh, I don't blame Congress. If I had $600 billion at my disposal, I'd be irresponsible, too. -- Lichty & Wagner From Graeme.Vetterlein at ntl.com Wed Jan 31 10:52:33 2001 From: Graeme.Vetterlein at ntl.com (Graeme.Vetterlein@ntl.com) Date: Tue Dec 2 02:33:13 2003 Subject: One up for the home team Message-ID: <5DD689222800D411B26100508B5E9584361593@mast-hk0-se02.private.ntl.com> Thought the readers of this mailing-lust might find this ammusing. I got a phone call fom our Virus 'department' (big companies :-) seems my (w2k) PC had a virus !! Clean-up and checkers update .... It's back (funlove) ... what's going on... Oh dear it's on a SAMBA share (/rtmp public tempory space) So I poke around on log.smb and find a whole buch of machines, two use guest one is our virus department user ... the other is the bad guy!! So since it was a SAMBA share we could trace the logs. --- Life don't talk to me about life! Graeme From abartlet at pcug.org.au Wed Jan 31 12:47:14 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure References: <3A77683C.15239.24A6AF9@localhost> <3A77BD62.D404C10B@ut.ee> Message-ID: <3A780951.AA498B72@pcug.org.au> Toomas Soome wrote: > > Osama Abu-Aish wrote: > > > > Hi out there, > > > > this is somehow OT, but I thought to find the most competent > > people my idea here: > > > > Background: > > > > Since NT-UNIX password / account synchronization is a never > > ending story with many traps I had an idea and wonder if anybody > > has tried this before and could probably help me by sharing > > his/her knowledge. > > Since NT and UNIX use different security models, it is impossible > > to integrate both into one central security database. Samba is > > to a certain degree able to provide authentication to NT, but > > it can't resolve the problem of having two password databases. > > > > Idea: > > > > All current implementations try to adapt the UNIX-side to match > > the requirements given by NT. Now I wonder if it shouldn't be > > possible to change the NT-side. What I'm dreaming of is all > > our NT WKS authenticating against a LDAP-Server. > > This _must_ somehow be possible since novell manages it > > with their NDS directory. > > What I understand from MS documentation is that custom > > authentication is supported and that two dll's must be created: > > a graphical user interface (GINA) and a authentication package. > > > > Questions: > > 1.) Does this make sense at all or is it only YASI (Yet another > > stupid idea :-)? > > 2.) Has anybody tried something like this and could provide me > > with any information? > > 3.) Would someone be interested in following this track? > > > > I have implemented 1-way just now, but 2 way sync is planned and is > waiting implementation. > > we have currently blocked passwd change from windows and all passwords > are changed from unix (Solaris). I have written PAM module for this > task, stacked below pam_unix. pam_unix will take care of unix passwords > and pam_smb will write password into smbpasswd NIS+ table. this is unix > -> windows direction. this works well in our case. This works for me as well, (I use pam_smbpasswd). > > windows-> unix is a problem, because we do not get cleartext old > password from windows client (am I wrong?). Why do we need the plaintext? We run as root, we can do what we want. > if so, we must save > plaintext passwords into the safe place (crypted with some internal > key). it is generally bad idea to have plaintext passwords around, but > in university environment it is not totally unacceptable. I mean, such > database must be protected with some sort of encryption and if someone > wants passwords, well it is possible to use sniffers from pc classes, > one can do dictionary attack against password hashes etc. > > so, if safe sorage for old (or current) passwords is implemented, next > task is to rewrite current samba interface for password change to use > standard pam interface (with old password from internal storage and new > password from client) and it's done. nice and clean. Using pam is the way to do it, I have been considering what would be required to get samba to use samba rather that 'passwd'. I don't think pam actualy needs the old password. As far as I can tell, all you would need is some twidiling of real and effective uids during the process to make pam think you are root (no old password) but also a normal user (pam_cracklib and friends). > > of course, there are but's. how to handle username maps, what happens if > we are going to have domain trust or kerberos environment etc... > > toomas > -- > GRASSHOPPOTAMUS: > A creature that can leap to tremendous heights... once. -- Andrew Bartlett abartlet@pcug.org.au From tsoome at ut.ee Wed Jan 31 15:41:02 2001 From: tsoome at ut.ee (Toomas Soome) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure In-Reply-To: <3A780951.AA498B72@pcug.org.au> Message-ID: On Wed, 31 Jan 2001, Andrew Bartlett wrote: > > windows-> unix is a problem, because we do not get cleartext old > > password from windows client (am I wrong?). > > Why do we need the plaintext? We run as root, we can do what we want. yes, with plain /etc/passwd. but not with kerberos, NIS+, ... with some cases you can drop old authentication token, with other cases, it's needed to reencrypt some other keys or data. > > task is to rewrite current samba interface for password change to use > > standard pam interface (with old password from internal storage and new > > password from client) and it's done. nice and clean. > > Using pam is the way to do it, I have been considering what would be > required to get samba to use samba rather that 'passwd'. I don't think > pam actualy needs the old password. As far as I can tell, all you would > need is some twidiling of real and effective uids during the process to > make pam think you are root (no old password) but also a normal user > (pam_cracklib and friends). yes, this is exactly the thing I'm talking about. the problem is - you need old password to use pam interface. and since it is not available as plaintext, samba is useing /bin/passwd as root just now. the main problem with this is, that it's not good idea to have cleartext passwords stored in system. this is the reason, why unix is useing (one way) crypt(). You can encrypt cleartext passwords, but as encryption key must be available for samba daemon, this is not the same level protection as one-way hash. toomas -- Once a word has been allowed to escape, it cannot be recalled. -- Quintus Horatius Flaccus (Horace) From WardD at TheWineSociety.com Wed Jan 31 16:14:03 2001 From: WardD at TheWineSociety.com (Dean Ward) Date: Tue Dec 2 02:33:13 2003 Subject: FW: Winbind and pam.conf on Solaris 2.6 Message-ID: <4DF700F51F8AD4119A930001FA6A2062166FEA@postman-pat.internal.thewinesociety.com> Hi all, I have made the following changes to the pam.conf installed on our test machine at the moment. As I said before I don't have access to the machine (not currently on site) until early Feb, so could somebody just confirm that the following changes will work on Solaris 2.6, please? -- START /etc/pam.conf -- #ident "@(#)pam.conf 1.19 95/11/30 SMI" # # PAM configuration # # Authentication management # NT authorisation is sufficient to logon to this machine # login auth sufficient /usr/lib/security/pam_winbind.so login auth required /usr/lib/security/pam_unix.so.1 try_first_pass login auth required /usr/lib/security/pam_dial_auth.so.1 try_first_pass # rlogin auth sufficient /usr/lib/security/pam_rhosts_auth.so.1 rlogin auth sufficient /usr/lib/security/pam_winbind.so rlogin auth required /usr/lib/security/pam_unix.so.1 try_first_pass # dtlogin auth sufficient /usr/lib/security/pam_winbind.so dtlogin auth required /usr/lib/security/pam_unix.so.1 try_first_pass # rsh auth required /usr/lib/security/pam_rhosts_auth.so.1 other auth sufficient /usr/lib/security/pam_winbind.so other auth required /usr/lib/security/pam_unix.so.1 try_first_pass # # Account management # login account sufficient /usr/lib/security/pam_winbind.so login account required /usr/lib/security/pam_unix.so.1 dtlogin account sufficient /usr/lib/security/pam_winbind.so dtlogin account required /usr/lib/security/pam_unix.so.1 # other account sufficient /usr/lib/security/pam_winbind.so other account required /usr/lib/security/pam_unix.so.1 # # Session management # other session required /usr/lib/security/pam_unix.so.1 # # Password management # other password sufficient /usr/lib/security/pam_winbind.so other password required /usr/lib/security/pam_unix.so.1 -- END pam.conf -- Regards, Dean Ward > -----Original Message----- > From: Dean Ward > Sent: 28 January 2001 04:33 > To: 'samba-ntdom@lists.samba.org' > Subject: Winbind and pam.conf on Solaris 2.6 > > Hi, > > I looking into implementing Winbind on a Solaris 2.6 system to authenticate against our NT domain. However I have a couple of questions regarding its setup and configuration. Firstly, could somebody please give a complete example of how the /etc/pam.conf should look on Solaris 2.6 - I'm a little troubled by the account line that the man page gives, i.e. that the only account line required is that for Winbind - surely this would disable Unix account management? Also, does Winbind provide password management too, so that our users can change their NT passwords from a Unix shell? Finally, when logging on would a user have to specify the domain (e.g. DOMAIN\Dean) or could they just use their user name (i.e. Dean)? > > I apologise for all the questions, it's just I don't have access to the box until early February and I'd like to get it clear in my head what needs doing before I do it. > > Regards, > > Dean Ward > > -- > \\\___/// > \\ - - // > ( @ @ ) > +---------------oOOo-(_)-oOOo-------------+ > | Dean Ward | > | Info Systems | > | The Wine Society | > | | > | E-Mail: wardd@thewinesociety.com | > | Phone: 01438 761294 | > +------------------------Oooo-------------+ > oooO ( ) > ( ) ) / > \ ( (_/ > \_) > > "There are two major products to come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence." - Jeremy S. Anderson. > From gerrym at futuremetals.com Wed Jan 31 18:45:05 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:33:13 2003 Subject: SMBCLIENT QUESTION Message-ID: <3A785D30.241D392C@futuremetals.com> I have 2 data bases on 2 servers (1 here and 1 @ out London branch). One of the servers is a Samba server, and the other is NT. Every night I want to first download a file from the NT server to the Samba server, after that is finished I want to send a file from the Samba server to the NT server. I can do this manually with smbclient, but I don't want to do this manually. Is there a way I can run smbclient in conjunction w/Expect? From mami at arena.sci.univr.it Wed Jan 31 18:27:37 2001 From: mami at arena.sci.univr.it (Manea Mirko) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure In-Reply-To: <3A77683C.15239.24A6AF9@localhost>; from osabmt00@fht-esslingen.de on Wed, Jan 31, 2001 at 01:19:56AM +0100 References: <3A77683C.15239.24A6AF9@localhost> Message-ID: <20010131192737.F24516@arena.sci.univr.it> On Wed, Jan 31, 2001 at 01:19:56AM +0100, Osama Abu-Aish wrote: > Hi out there, > > this is somehow OT, but I thought to find the most competent > people my idea here: > > Background: > > Since NT-UNIX password / account synchronization is a never > ending story with many traps I had an idea and wonder if anybody > has tried this before and could probably help me by sharing > his/her knowledge. > Since NT and UNIX use different security models, it is impossible > to integrate both into one central security database. Samba is > to a certain degree able to provide authentication to NT, but > it can't resolve the problem of having two password databases. > > Idea: > > All current implementations try to adapt the UNIX-side to match > the requirements given by NT. IMHO administration on large networks is easier with unix than nt. So if you can install a fresh copy of nt and start using it without the need of patches, you get a lower TCO. >Now I wonder if it shouldn't be > possible to change the NT-side. What I'm dreaming of is all > our NT WKS authenticating against a LDAP-Server. I am using a LDAP approach both with linux and windows 2000/nt (with samba-tng). A user is an entry in the LDAP database which stores crypt and nt/lm passwords. Try http://arena.sci.univr.it/~mami/tng-ldap/howto/howto.html > This _must_ somehow be possible since novell manages it > with their NDS directory. > What I understand from MS documentation is that custom > authentication is supported and that two dll's must be created: > a graphical user interface (GINA) and a authentication package. > > Questions: > 1.) Does this make sense at all or is it only YASI (Yet another > stupid idea :-)? > 2.) Has anybody tried something like this and could provide me > with any information? > 3.) Would someone be interested in following this track? > > Greetings, Osama > > --- > Fachhochschule f?r Technik Esslingen > Au?enstelle Goeppingen -- Best Regards, Mirko Manea URL: http://www.mami.net From gerrym at futuremetals.com Wed Jan 31 20:14:02 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:33:13 2003 Subject: SMBCLIENT QUESTION References: <3A785D30.241D392C@futuremetals.com> Message-ID: <3A787208.58C81B0E@futuremetals.com> I got it. This is the cronjob to get a file from the NT Server smbclient //ntservername/directoryIwant -U username%password "get filename" Heres is the cronjob to put a file on the NT Server smbclient //ntservername/directoryIwant -U username%password "put filename" Gerry Maddock wrote: > I have 2 data bases on 2 servers (1 here and 1 @ out London branch). One > of the servers is a Samba server, and the other is NT. > Every night I want to first download a file from the NT server to the > Samba server, after that is finished I want to send a file from the > Samba server to the NT server. I can do this manually with smbclient, > but I don't want to do this manually. Is there a way I can run smbclient > in conjunction w/Expect? From geoff at uslinux.net Wed Jan 31 19:50:37 2001 From: geoff at uslinux.net (Geoff Silver) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure In-Reply-To: <3A77683C.15239.24A6AF9@localhost> Message-ID: We ran into the same problem at my job. The company uses an NT domain, and we were trying to integrate Samba file servers. In order to manage user accounts without having to maintain dozens of passwd and gorup files, we went to NIS. Winbind is the ultimate answer, because it will be able to obtain user and group info at the filesystem level (something which Samba doesn't do), but it's still alpha code - not a good idea for production. What I ended up doing is writing something to synchronize NIS to NT. NT dumps all the user and group info for the domain to a SMB share on an NIS master. The master then checks for changes, and automatically updates the NIS domain. You get global groups, and you still have local groups on NIS clients, but you just can't put global groups into local groups. In general, it works pretty well if you already have an established NT domain. You can try it, if you'd like. http://uslinux.net/software/autosync/ To answer your question, however: Yes, it is possible to use LDAP as an authentication mechanism for both Linux, NT, and Samba. I'm not sure what state the Samba code is in, but you can do it easily on the Unix side if you version of Unix supports the name service switch. I don't know what it takes to do it under NT, but I can say that Netscape runs their entire operations doing LDAP authentication (NT, Unix, Mail, etc), so some web searching might be in order. I also know an OpenLDAP developer who has spoken with one of the other developers who has done this successfully using OpenLDAP. You might want to mail their lists (openldap.org) and see what turns up. If you have success, I'd be very interested in duplicating it. -- Geoff Silver "Note To Self: Remember to put something witty here later..." From martin at zamenhof.demon.co.uk Wed Jan 31 20:10:51 2001 From: martin at zamenhof.demon.co.uk (Martin Radford) Date: Tue Dec 2 02:33:13 2003 Subject: Reply-to header (was:Re: [Fwd: Re: OT: change NT login procedure]) In-Reply-To: <3A77D38D.6B8F4796@cae.co.za> from "Buchan Milne" at Jan 31, 2001 10:57:49 AM Message-ID: <200101312010.UAA19833@zamenhof.demon.co.uk> > > Doesn't the list maintainer want to set the reply-to to > samba-ntdom@samba.org ? Otherwise I'm going to continue sending > duplicates to the people I'm answering .... Before the inevitable arguments over this begin, please see: http://www.unicom.com/pw/reply-to-harmful.html http://www.metasystema.org/essays/reply-to-useful.mhtml for two differing views on this issue. Martin -- Martin Radford | "Only wimps use tape backup: _real_ martin@zamenhof.demon.co.uk | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V From kevinc at grainsystems.com Wed Jan 31 20:42:35 2001 From: kevinc at grainsystems.com (Kevin Colby) Date: Tue Dec 2 02:33:13 2003 Subject: OT: change NT login procedure References: Message-ID: <3A7878BB.8B432841@grainsystems.com> Geoff Silver wrote: > > [...] Winbind is the ultimate answer, because it will be able to obtain > user and group info at the filesystem level (something which Samba doesn't > do), but it's still alpha code - not a good idea for production. I wanted to comment that we are using winbind, in production, for authentication of dial-in PPP users against the NT domain from Linux. The system has not been in operation long, but it seems to be working flawlessly thusfar. A big thanks to winbind's developers (and of course the Samba developers on whose work it relies). - Kevin Colby kevinc@grainsystems.com From peter.milburn at sofcom.com.au Wed Jan 31 22:22:35 2001 From: peter.milburn at sofcom.com.au (Peter Milburn) Date: Tue Dec 2 02:33:14 2003 Subject: Roaming Profiles Message-ID: When ever a new program is installed, and the user logs of , it complains that the profile can not be saved to the samba pdc. When I look at permission on the folder, it has it only as a directory no user permissions at all. d--------- can some please help me this problem. Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From rajeeva at research.bell-labs.com Wed Jan 31 22:37:19 2001 From: rajeeva at research.bell-labs.com (Rajeev Agrawala) Date: Tue Dec 2 02:33:14 2003 Subject: NT printing question Message-ID: <3A78939F.C5C6BC47@research.bell-labs.com> I am running HEAD Branch code from CVS. I have installed the NT printer driver on samba machine. I have then added the printer as Network printer to a client machine running NT4. Now when I double click on the printer from client machine, the printer status window pops up with the message 'printer on server . It takes roughly 20-25 seconds before that message ( part) goes away and and the job in print queue are shown. On the logs, I notice that samba server is trying to connect to the client machine and it is timing out. Here is what I see on the samba server logs [2001/01/31 17:14:22, 1] lib/util_sock.c:open_socket_out(917) timeout connecting to 135.104.54.44:139 [2001/01/31 17:14:22, 0] rpc_client/cli_spoolss_notify.c:spoolss_connect_to_client(69) connect_to_client: unable to connect to SMB server on machine VKARMA. Error was : code 0. [2001/01/31 17:14:43, 1] lib/util_sock.c:open_socket_out(917) timeout connecting to 135.104.54.44:139 There is another observation. I have the same printer served through a PC running NT4 and this samba server. On the client machine, when I connect to the printer served through NT4 server, on the client machine, two pipes (in and out) are opened from the NT4 server. Whereas, In case where I map the printer from samba machine, I have only one pipe (type out), opened from client machine. This information collected through 'nbtstat -s' command on the NT client. TIA, rajeev From ink at inconnu.isu.edu Wed Jan 31 22:41:13 2001 From: ink at inconnu.isu.edu (Craig Kelley) Date: Tue Dec 2 02:33:14 2003 Subject: One up for the home team In-Reply-To: <5DD689222800D411B26100508B5E9584361593@mast-hk0-se02.private.ntl.com> Message-ID: On Wed, 31 Jan 2001 Graeme.Vetterlein@ntl.com wrote: > Thought the readers of this mailing-lust might find this ammusing. > > I got a phone call fom our Virus 'department' (big companies :-) seems my > (w2k) PC had > a virus !! > > Clean-up and checkers update .... > > It's back (funlove) ... what's going on... Oh dear it's on a SAMBA share > (/rtmp public tempory > space) > > > So I poke around on log.smb and find a whole buch of machines, two use guest > one is our virus > department user ... the other is the bad guy!! > > So since it was a SAMBA share we could trace the logs. Another cool virus story: We have our server run uvscan (Mcafee Anti-Virus for Linux) on the samba shares periodically, if it finds a virus it will e-mail the owner of the file notifying them. Then, the user is able to click on a hyperlink to take them to a web interface that allows them to clean the file from the webserver (running a perl script which calls uvscan). Pretty cool stuff that's pretty much impossible to do under Windows. -- The wheel is turning but the hamster is dead. Craig Kelley -- kellcrai@isu.edu http://www.isu.edu/~kellcrai finger ink@inconnu.isu.edu for PGP block From jbrown at db2000.com Wed Jan 31 22:42:49 2001 From: jbrown at db2000.com (Jonathan Brown) Date: Tue Dec 2 02:33:14 2003 Subject: Roaming Profiles Message-ID: I have worked and worked on this exact problem. Turns out that Samba-TNG does not have this problem. Jeremy is aware of the problem and assumably is working on a solution... But he is pretty busy with Linux World and other stuff right now. So, I am using TNG for now until Samba2.2 gets fixed. It does not seem to have any problems for me, although, we are only using it for a PDC and storing Roaming Profiles and that's pretty much it. No advanced stuff like printing or integrating with other NT servers or anything else. -jonathan >>> Peter Milburn 01/31/01 05:22PM >>> When ever a new program is installed, and the user logs of , it complains that the profile can not be saved to the samba pdc. When I look at permission on the folder, it has it only as a directory no user permissions at all. d--------- can some please help me this problem. Cheers, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -------------- next part -------------- HTML attachment scrubbed and removed From chris.williams at wrestpoint.com.au Wed Jan 31 22:48:30 2001 From: chris.williams at wrestpoint.com.au (chris.williams@wrestpoint.com.au) Date: Tue Dec 2 02:33:14 2003 Subject: Samba 2.2.0 & Win2K Message-ID: <7ECA2B65E056D411AD2B00508B73270E09AA11@EXCH_SERVER> Hi, I have samba 2.2.0 running as PDC with win2K clients it works fine. Except user home directory mapping. If one user logs on straight after the win2k box has been booted it works fine. But if you log that user off an log another user on it will not map the home directories until you reboot. Has anyone else encountered this problem? Thanks Chris Williams Computer Support Officer Wrest Point Hotel Casino Email: chris.williams@wrestpoint.com.au Phone: 03 6221 1706 (Work) 04 0738 2979 (Mob) From satkins at skilouise.com Sat Jan 20 03:55:58 2001 From: satkins at skilouise.com (Stephen Atkins) Date: Tue Dec 2 02:33:22 2003 Subject: Problem joining domain. Message-ID: <01011920590300.07942@athena.inetdesign.org> Well I followed the PDC how-to and FAQ, and I am very close here. This is the error I'm getting from my Win 2K box. "The account used is a computer account. Use your global user account or local user account to access this server." At least w2k is sees the samba server. If you know the smb.conf that is in the pdc how to then you also have know how mine is set up. Also I'm running the HEAD version (ver 3) so far. Should I switch to 2.2? Thanks in advance. Stephen Atkins From satkins at skilouise.com Sat Jan 20 04:40:19 2001 From: satkins at skilouise.com (Stephen Atkins) Date: Tue Dec 2 02:33:22 2003 Subject: Problem joining domain con't Message-ID: <3A6916B2.CA44607D@skilouise.com> Hello. Here's an update. It looks like samba is creating the computer name in both /etc/passwd and /samba/passwd. Now the w2k box it returning a "The remote procedure call failed" error. Stephen Atkins From satkins at skilouise.com Sat Jan 20 15:20:07 2001 From: satkins at skilouise.com (Stephen Atkins) Date: Tue Dec 2 02:33:22 2003 Subject: The battle continues Message-ID: Hello all. Well after playing with this thing untill late last night. I'm up early to start all over again. Any way. I have my samba server creating the machine accounts in both passwd and smbpasswd. Problem is Windows returns this error. "No mapping between account names and Security IDs was done." And it won't join the domain. Any ideas? Stephen Atkins