From icoupeau at unav.es Mon Oct 1 01:12:11 2001 From: icoupeau at unav.es (Ignacio Coupeau) Date: Tue Dec 2 02:36:03 2003 Subject: Samba_2.2 + --with-ldapsam References: <20010929152816.A17407@exocore.com> <20011001095350.A9685@exocore.com> Message-ID: <3BB825A1.D71CE323@unav.es> Shanker Balan wrote: > > Hello: > > Gerald (Jerry) Carter wrote, > > You need to add the password for the "ldap admin dn" using > > > > root# smbpasswd -w > > Hmm... something funny happening here! In the code I found WITH_LDAP and WITH_LDAP_SAM. I think that in the utils/smbpasswd.c WITH_LDAP should be replaced by WITH_LDAP_SAM... -- [root@arcos source-SAMBA_2_2-010929]# rgrep -x c WITH_LDAP ../source-SAMBA_2_2-011001/* ../source-SAMBA_2_2-011001/param/loadparm.c:#ifdef WITH_LDAP_SAM ../source-SAMBA_2_2-011001/param/loadparm.c:#ifdef WITH_LDAP_SAM ../source-SAMBA_2_2-011001/param/loadparm.c:#endif /* WITH_LDAP_SAM */ ../source-SAMBA_2_2-011001/param/loadparm.c:#ifdef WITH_LDAP_SAM ../source-SAMBA_2_2-011001/param/loadparm.c:#endif /* WITH_LDAP_SAM */ ../source-SAMBA_2_2-011001/param/loadparm.c:#ifdef WITH_LDAP_SAM ../source-SAMBA_2_2-011001/param/loadparm.c:#endif /* WITH_LDAP_SAM */ ../source-SAMBA_2_2-011001/passdb/passgrp.c:#elif defined(WITH_LDAP) ../source-SAMBA_2_2-011001/passdb/pdb_ldap.c:#ifdef WITH_LDAP_SAM ../source-SAMBA_2_2-011001/utils/smbpasswd.c:#ifdef WITH_LDAP ../source-SAMBA_2_2-011001/utils/smbpasswd.c:#ifdef WITH_LDAP ../source-SAMBA_2_2-011001/utils/smbpasswd.c:#ifdef WITH_LDAP ../source-SAMBA_2_2-011001/utils/smbpasswd.c:#ifdef WITH_LDAP ../source-SAMBA_2_2-011001/utils/smbpasswd.c:#ifdef WITH_LDAP -- Also, I don't know if this is correct or useless at this moment: ../source-SAMBA_2_2-011001/groupdb/aliasdb.c:#elif defined(WITH_LDAP) ../source-SAMBA_2_2-011001/groupdb/groupdb.c:#elif defined(WITH_LDAP) Ignacio ____________________________________________________ Ignacio Coupeau, Ph.D. e-mail: icoupeau@unav.es CTI, Director fax: 948 425619 University of Navarra voice: 948 425600 Pamplona, SPAIN http://www.unav.es/cti/ From shanu at exocore.com Mon Oct 1 02:29:01 2001 From: shanu at exocore.com (Shanker Balan) Date: Tue Dec 2 02:36:03 2003 Subject: Samba_2.2 + --with-ldapsam In-Reply-To: <3BB825A1.D71CE323@unav.es>; from icoupeau@unav.es on Mon, Oct 01, 2001 at 10:13:21AM +0200 References: <20010929152816.A17407@exocore.com> <20011001095350.A9685@exocore.com> <3BB825A1.D71CE323@unav.es> Message-ID: <20011001150122.A15196@exocore.com> Hello: Ignacio Coupeau wrote, > In the code I found WITH_LDAP and WITH_LDAP_SAM. I think that in the > utils/smbpasswd.c WITH_LDAP should be replaced by WITH_LDAP_SAM... Yep, that was it! Thanx for the hint. I just successfully authentication myself. Guess someone should make the changes in CVS. Should i mention the same in samba-technical or will one of the samba coders take it from here? -- Darth Vader: Luke, help me take this mask off. Luke Skywalker: But you'll die. Darth Vader: Nothing can stop that now. Just for once, let me look upon you with my own eyes. From jerry at samba.org Mon Oct 1 04:47:01 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:03 2003 Subject: Samba_2.2 + --with-ldapsam In-Reply-To: <3BB825A1.D71CE323@unav.es> Message-ID: On Mon, 1 Oct 2001, Ignacio Coupeau wrote: > In the code I found WITH_LDAP and WITH_LDAP_SAM. I think that in the > utils/smbpasswd.c WITH_LDAP should be replaced by WITH_LDAP_SAM... Argh! You right. Fixing it now. cheers, jerry From abo at netlands.de Mon Oct 1 05:32:02 2001 From: abo at netlands.de (Andreas Boeckler) Date: Tue Dec 2 02:36:03 2003 Subject: Samba and Win2k AD authentication In-Reply-To: <1001901544.1369.2.camel@estate1.whitemice.org> References: <731E36372B5FD248AF790189519A32C12084D5@mailhub.cgtime.com> <20010929214527.A984@netlands.de> <1001901544.1369.2.camel@estate1.whitemice.org> Message-ID: <20011001143337.A1499@netlands.de> On Sun, Sep 30, 2001 at 09:59:03PM -0400, Adam Williams wrote: > >>>I need to all Linux File servers to my network. We are using Win2k with > >>>AD for Exchange2k (the one system my management will not let go of). > >>>How can I keep a single point of authentication for all users, Linux or > >>>windows based workstations? > >>pam_ldap and nss_ldap claim to support AD > >yes .. but you need the > >Services for Unix to be installed on the Windows2000 ADS > >see doc/README.SFU in the libnss_ldap-source > >I'm trying to get libnss_winbind and libnss_ldap together. I hope that it will work. > > How about - > http://www.css-solutions.ca/ad4unix/index.html > which looks like an alternative to the UNIX services package from M$. > Yes, the should make my day, if it works! Btw, is this site mentioned anywhere on samba-related webpages? Thx Andy -- Andreas B?ckler netlands edv consulting GbR mailto:abo@netlands.de BOFH excuse #205: Quantum dynamics are affecting the transistors From zolki at haldjas.folklore.ee Mon Oct 1 06:21:06 2001 From: zolki at haldjas.folklore.ee (Indrek Zolk) Date: Tue Dec 2 02:36:03 2003 Subject: Could not connect to a Win3.1 share Message-ID: Hello! A problem: Samba can log in to a Win31 share (I get a prompt), but after that I obtain smb: \> ls Error: Looping in FIND_NEXT?? ERRSRV - ERRerror (Non-specific error code.) listing \* 51250 blocks of size 8192. 26860 blocks available If I try to get some file that exists, I obtain smb: \> get Anu.doc Error opening local file Anu.doc What could be the solution? Indrek Zolk, Tartu Univ., Estonia From pierre at globeall.de Mon Oct 1 06:27:03 2001 From: pierre at globeall.de (Pierre Burri) Date: Tue Dec 2 02:36:03 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) Message-ID: <01100114335701.02961@SIRIUS> Hi, I'm trying to upload a printer driver (HP Laserjet 2100M) from a windows2000 professional with the "Add Printer Wizard" to my Samba Server 2.2.1a. I have create the necessary share [print$] as well as the subdirectories W32X86 and WIN40. Actualy it almost works, the driver files get copied to the subdirectory, W32X86, but the Wizard stops with the message: Printer could not be installed, Access denied. Access denied to wich directory or file? Of course Windows doesn't tell this kind of details.... Can anyone help me to get further? Thanks al lot, Pierre From simon_p at allsecurenet.com Mon Oct 1 06:56:04 2001 From: simon_p at allsecurenet.com (Simon Pither) Date: Tue Dec 2 02:36:03 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) In-Reply-To: <01100114335701.02961@SIRIUS> Message-ID: On Mon, 1 Oct 2001, Pierre Burri wrote: > I'm trying to upload a printer driver (HP Laserjet 2100M) from a windows2000 > professional with the "Add Printer Wizard" to my Samba Server 2.2.1a. I have > create the necessary share [print$] as well as the subdirectories W32X86 and > WIN40. > Actualy it almost works, the driver files get copied to the subdirectory, > W32X86, but the Wizard stops with the message: > Printer could not be installed, Access denied. > Access denied to wich directory or file? Of course Windows > doesn't tell this kind of details.... I'm afraid I can't help answer this, however I found that it didn't matter... > Can anyone help me to get further? ...Assuming that you already have the samba printer share created. If you ignore the error message and Cancel out of the wizard. Then select the properties of the printer that is already shared by samba, on the advanced tab you should be able to select your newly uploaded driver from the 'Driver:' list. This will associate the driver with this printer. Once you've made the association, you can also add additional OS drivers via the Sharing (tab), Additional Drivers method. Simon All Secure Networks Visit www.allsecuredomain.com for low cost web hosting and domain registration From jmcd at us.ibm.com Mon Oct 1 06:59:05 2001 From: jmcd at us.ibm.com (Jim McDonough) Date: Tue Dec 2 02:36:04 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) Message-ID: Pierre Burri wrote: >I'm trying to upload a printer driver (HP Laserjet 2100M) from a windows2000 >professional with the "Add Printer Wizard" to my Samba Server 2.2.1a. I have >create the necessary share [print$] as well as the subdirectories W32X86 and >WIN40. >Actualy it almost works, the driver files get copied to the subdirectory, >W32X86, but the Wizard stops with the message: >Printer could not be installed, Access denied. >Access denied to wich directory or file? Of course Windows >doesn't tell this kind of details.... Looks like you've got access to the directories within the print$ share, or the files wouldn't have copied...but just to make sure, does the user with which you are installing these drivers have access? The log file might give you a clue as to the directory to which access is being denied. I've seen that, with /var/spool/samba, I think... what is the path setting in smb.conf for this printer (or the printers share for autoloading)? ---------------------------- Jim McDonough IBM Linux Technology Center 6 Minuteman Drive Scarborough, ME 04074 USA jmcd@us.ibm.com Phone: (207) 885-5565 IBM tie-line: 776-9984 From jerry at samba.org Mon Oct 1 07:33:05 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:04 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) In-Reply-To: Message-ID: On Mon, 1 Oct 2001, Jim McDonough wrote: > The log file might give you a clue as to the directory to which access > is being denied. I've seen that, with /var/spool/samba, I think... > what is the path setting in smb.conf for this printer (or the printers > share for autoloading)? Nah....10 to 1 there's no "addprinter command" defined. The APW only works to create new printers IFF you have an "add printer command". See the man page for details. cheers, jerry From jmcd at us.ibm.com Mon Oct 1 10:03:02 2001 From: jmcd at us.ibm.com (Jim McDonough) Date: Tue Dec 2 02:36:04 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) Message-ID: Jerry Carter wrote: >Nah....10 to 1 there's no "addprinter command" defined. >The APW only works to create new printers IFF you have an >"add printer command". See the man page for details. Ah, so that's why it worked for me without "add printer command"...I was just installing a new driver for an existing printer. (smack...ouch!) ---------------------------- Jim McDonough IBM Linux Technology Center 6 Minuteman Drive Scarborough, ME 04074 USA jmcd@us.ibm.com Phone: (207) 885-5565 IBM tie-line: 776-9984 From dennis at evers.2y.net Mon Oct 1 10:04:02 2001 From: dennis at evers.2y.net (Dennis Evers) Date: Tue Dec 2 02:36:04 2003 Subject: Samba and Windows XP Message-ID: <000b01c14a9b$84e39c20$110aa8c0@pc00017> Hi, I have a Samba 2.2.1a Domain controller running. It's working perfectly with win2000 clients. Windows Xp is able to join the domain without any problems. But when I trie to logon to the domain it fails. It tells me that either the domain isn't available or the machine account for the pc isn't available. There's nothing to see in the smbd logfile. The client logfile has the following in it. *************************************************** [2001/10/01 13:01:39, 0] rpc_server/srv_samr_nt.c:_samr_query_useraliases(2454) _samr_query_useraliases: Not yet implemented. *************************************************** Does anybody have an idea? thnx on behalf Dennis Evers -------------- next part -------------- HTML attachment scrubbed and removed From jan-pieter at piozum.com Mon Oct 1 10:53:02 2001 From: jan-pieter at piozum.com (Jan-Pieter van den Heuvel) Date: Tue Dec 2 02:36:04 2003 Subject: Security question Message-ID: Hi, I was thinking about the security of PDC's and came up with the following scenario: There is a Windows NT server running as PDC for Domain1. Next a Samba server is installed on the same domain and also as PDC (with a higher OS level than WinNT). All users would login to the Samba server, right? But, if this is possible, it would be discovered immediately because no user can login with their original password. Is it possible to configure Samba to be a PDC (for executing logon scripts) and 'relay' the authentication to the original WinNT PDC (with security=server or domain). If that is possible a domain can be 'taken over' without the users noticing it! I don't know if what I described above is possible but if it is, it would be a security hazard when the administrator can not check all the pcs connected to a network! Regards, Jan-Pieter van den Heuvel -------------- next part -------------- HTML attachment scrubbed and removed From conlan.adams at countryfresh.com Mon Oct 1 12:12:15 2001 From: conlan.adams at countryfresh.com (Conlan Adams) Date: Tue Dec 2 02:36:04 2003 Subject: Security question In-Reply-To: Message-ID: <000401c14aad$04fbe820$505305c7@suizafoods.com> I was thinking about this, I dont think it would make to large of a difference in authentication. True it would "take over" the domain, but since the authentication tokens are still being built off of the NT servers data, I doubt you could hijack the domain for any access changes.... Please correct me if I'm wrong, I have not tried it -Conlan -----Original Message----- From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On Behalf Of Jan-Pieter van den Heuvel Sent: Monday, October 01, 2001 1:52 PM To: NT-DOM Samba; Samba - General Subject: Security question Hi, I was thinking about the security of PDC's and came up with the following scenario: There is a Windows NT server running as PDC for Domain1. Next a Samba server is installed on the same domain and also as PDC (with a higher OS level than WinNT). All users would login to the Samba server, right? But, if this is possible, it would be discovered immediately because no user can login with their original password. Is it possible to configure Samba to be a PDC (for executing logon scripts) and 'relay' the authentication to the original WinNT PDC (with security=server or domain). If that is possible a domain can be 'taken over' without the users noticing it! I don't know if what I described above is possible but if it is, it would be a security hazard when the administrator can not check all the pcs connected to a network! Regards, Jan-Pieter van den Heuvel -------------- next part -------------- HTML attachment scrubbed and removed From csnyder at mvpsoft.com Mon Oct 1 14:33:04 2001 From: csnyder at mvpsoft.com (Chris Snyder) Date: Tue Dec 2 02:36:04 2003 Subject: Clients can't get user list Message-ID: <1828921.1001971650.viking@server.mvpsoft.com> I have my Linux Samba box set up as a PDC, using the Linux password database, and using the registry hack on the clients to disable password encryption. I'm currently trying to configure my client boxes to use user-level authentication instead of share-level, but they give an error message saying that they can't obtain the user list. Any ideas what's going on with this? Everything else seems to be working great. From jan-pieter at piozum.com Mon Oct 1 14:54:01 2001 From: jan-pieter at piozum.com (Jan-Pieter van den Heuvel) Date: Tue Dec 2 02:36:04 2003 Subject: Security question In-Reply-To: <000401c14aad$04fbe820$505305c7@suizafoods.com> Message-ID: Well, when users log on 'through' the Samba server the person owning the server can write the login script. Then a file, a virus for example, can be copied to and executed on every workstation in the domain. This is a rare situation, because almost every network administrator can check every pc connected to the LAN. But there are some situations where the administrator can't check every pc. For example a student who connects his laptop to the local network at his school/university. Regards, Jan-Pieter van den Heuvel -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Conlan Adams Verzonden: maandag 1 oktober 2001 21:13 Aan: Jan-Pieter van den Heuvel; NT-DOM Samba; Samba - General Onderwerp: RE: Security question I was thinking about this, I dont think it would make to large of a difference in authentication. True it would "take over" the domain, but since the authentication tokens are still being built off of the NT servers data, I doubt you could hijack the domain for any access changes.... Please correct me if I'm wrong, I have not tried it -Conlan -----Original Message----- From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On Behalf Of Jan-Pieter van den Heuvel Sent: Monday, October 01, 2001 1:52 PM To: NT-DOM Samba; Samba - General Subject: Security question Hi, I was thinking about the security of PDC's and came up with the following scenario: There is a Windows NT server running as PDC for Domain1. Next a Samba server is installed on the same domain and also as PDC (with a higher OS level than WinNT). All users would login to the Samba server, right? But, if this is possible, it would be discovered immediately because no user can login with their original password. Is it possible to configure Samba to be a PDC (for executing logon scripts) and 'relay' the authentication to the original WinNT PDC (with security=server or domain). If that is possible a domain can be 'taken over' without the users noticing it! I don't know if what I described above is possible but if it is, it would be a security hazard when the administrator can not check all the pcs connected to a network! Regards, Jan-Pieter van den Heuvel -------------- next part -------------- HTML attachment scrubbed and removed From ninerfan at sbmed.com Mon Oct 1 15:15:02 2001 From: ninerfan at sbmed.com (J. Lucha) Date: Tue Dec 2 02:36:04 2003 Subject: 2.2.1a user/group issues Message-ID: <3BB8EB8A.1000101@sbmed.com> Inspired by Jerry's talk at LinuxWorld, when my co-worker was having difficulty transitioning our PDC to Windows 2000, I jumped in and suggested Samba. Well..we replaced our NT4 PDC with RH 7.1 running Samba 2.2.1a. So far it's going well..but I do want to mention a couple of issues. Most of these issues, I've seen mention of in the mailing list, but didn't see any concrete replies for solutions or status for future fix. 1.) On a Win98 client, when you create a share, the list of domain users is not complete. I've seen various posts with the wide ranges of numbers for the count of users. I can only see the first 97 + Domain Admins + Domain Users + Everyone for a total of 100. The other posts I saw had a lot fewer, so I guess I should feel lucky. I suspect it's a character count thing, and since most of my accounts are pseudo accounts that are about 3 characters I can get a lot more of them. 2.) Jerry, on page 430 of your book, you mention the domain group map parameter, but as I see on some other mailing list posts (plus the error logs) that parameter is no longer there. As is the one for local group map. I understand that Samba now auto looks at the local /etc/group file and treats those as local NT groups..but the problem I have with that, Is I really need NT Domain Groups, so that I can set a permission on another Windows machine by a group instead of individually selecting each user (which I can't even do on a Win9x machine anyway because of issue #1 above). Is this a feature that is going to be re-implemented? (By the way Jerry, good intro book. I look forward to a more up-to-date version) 3.) When you add a Windows2000 machine to the domain, and it prompts for a username/password pair that is authorized to add to the domain, it only accepts root/root's password. Not a big deal, just on a real NT domain, that prompt usually accepts any username/password pair for a domain admin. Samba doesn't make use of the domain admin group parameter in this case, which caused a little confusion. Thanks, and keep up the great work! -Jim -- James Lucha San Bernardino Medical Group E-Mail: ninerfan@sbmed.com "Linux: Because rebooting is for adding new hardware" From ssaitman at laschools.org Mon Oct 1 16:27:03 2001 From: ssaitman at laschools.org (Steve Saitman) Date: Tue Dec 2 02:36:04 2003 Subject: file permission Message-ID: <1001967170.3bb8ce4259671@mail.laschools.org> Hello all I am running samba 2.2.1a on a Redhat 7.1 with the 2.4.7 kernel box. the problem that I am running into is that file permissions are not set according to the smb.conf file. Any help would be very welcome thanks ************************************************************************************************************************** Steve Saitman Network Technician Facilities Services Division Los Angeles Unified School District Office 213-366-7648 Fax 213-633-8462 From greg at kwikfind.com Mon Oct 1 16:37:03 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:04 2003 Subject: file permission In-Reply-To: <1001967170.3bb8ce4259671@mail.laschools.org> References: <1001967170.3bb8ce4259671@mail.laschools.org> Message-ID: <100197954801@jupiter.hosting4u.net> > I am running samba 2.2.1a on a Redhat 7.1 with the 2.4.7 kernel box. > the problem that I am running into is that file permissions are not set > according to the smb.conf file. Steve, can you be a little more specific? What smb.conf parameters are you using for your shares? What are the current unix permissions for the directories that the shares are pointing at? The more info you can provide the quicker you'll get help. Greg From bj at it.uts.edu.au Mon Oct 1 16:55:03 2001 From: bj at it.uts.edu.au (Benjamin Kuit) Date: Tue Dec 2 02:36:04 2003 Subject: Perl module Crypt::SmbHash released Message-ID: <20011002095736.A10104@thing.it.uts.edu.au.> I've released my perl port of lib/md4.c and libsmb/smbdes.c to CPAN as a single module Crypt::SmbHash, so Samba administrators can now generate LM/NT password hashes for smbpasswd style entries within perl scripts without calling external programs. It's entirely in perl, so its a bit slow, but the upside is that it's portable. You can speed it up by having Digest::MD4 installed as well. Figured it would be useful to others. We now return you to your regular scheduled programming. Bj -- +-------------------------------+--------------------------------------+ | Benjamin (Bj) Kuit | Building 4, 447 | | Systems Programmer | Faculty of Information Technology | | Phone: 02 9514 1841 | University of Technology, Sydney | | Mobile: 0416 184 972 | Email: bj@it.uts.edu.au | +-------------------------------+--------------------------------------+ From npande at bajajauto.co.in Mon Oct 1 21:09:02 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:04 2003 Subject: Security question Message-ID: <3BB93E47.F94C3FA8@bajajauto.co.in> If both are PDC, then NT would make a hue and cry about Samba. Samba should continue it's work, but may have probs in authentication from NT. It also depends on what type of services are being offered by DC. Simple file sharing may not cause not much prob in net. It could messy if NT had WINS or Proxy thingy on it (the word that comes to my mind is WAR!). hehehehe.. I'm only guessing this situation. Maybe, I can do some experimentation. Ciao, Nitin Pande Conlan Adams wrote: > I was thinking about this, I dont think it would make to large of a > difference in authentication. True it would "take over" the domain, > but since the authentication tokens are still being built off of the > NT servers data, I doubt you could hijack the domain for any access > changes.... Please correct me if I'm wrong, I have not tried > it-Conlan > > -----Original Message----- > From: samba-admin@lists.samba.org > [mailto:samba-admin@lists.samba.org]On Behalf Of Jan-Pieter > van den Heuvel > Sent: Monday, October 01, 2001 1:52 PM > To: NT-DOM Samba; Samba - General > Subject: Security question > > Hi,I was thinking about the security of PDC's and came up > with the following scenario:There is a Windows NT server > running as PDC for Domain1. Next a Samba server is installed > on the same domain and also as PDC (with a higher OS level > than WinNT). All users would login to the Samba server, > right? But, if this is possible, it would be discovered > immediately because no user can login with their original > password.Is it possible to configure Samba to be a PDC (for > executing logon scripts) and 'relay' the authentication to > the original WinNT PDC (with security=server or domain). If > that is possible a domain can be 'taken over' without the > users noticing it!I don't know if what I described above is > possible but if it is, it would be a security hazard when > the administrator can not check all the pcs connected to a > network!Regards,Jan-Pieter van den Heuvel > From pierre at globeall.de Tue Oct 2 00:33:04 2001 From: pierre at globeall.de (Pierre Burri) Date: Tue Dec 2 02:36:04 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) In-Reply-To: References: Message-ID: <01100209403202.00990@SIRIUS> Hi Jim all my directories are set to 775 owner: root, group: ntadmin and I'm using the user Administrator who is in the group ntadmin. My share [print$] has read only = yes but has a write list = Administrator,root. Actually I tried with putting the directories to 777, but that didn't help either. I didn't find any directory access problem in the log file log.smbd. Thanks anyway, Pierre > > Looks like you've got access to the directories within the print$ share, or > the files wouldn't have copied...but just to make sure, does the user with > which you are installing these drivers have access? > > The log file might give you a clue as to the directory to which access is > being denied. I've seen that, with /var/spool/samba, I think... what is > the path setting in smb.conf for this printer (or the printers share for > autoloading)? > > ---------------------------- > Jim McDonough > IBM Linux Technology Center > 6 Minuteman Drive > Scarborough, ME 04074 > USA > > jmcd@us.ibm.com > > Phone: (207) 885-5565 > IBM tie-line: 776-9984 From pierre at globeall.de Tue Oct 2 00:33:31 2001 From: pierre at globeall.de (Pierre Burri) Date: Tue Dec 2 02:36:04 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) In-Reply-To: References: Message-ID: <01100209203500.00990@SIRIUS> Hi Simon, thanks for your tip. Unfortunately this morning I even can't see any drivers in the drivers list. Yesterday I could actually see the right drivers, but I still got an error message as soon as I clicked on OK. In the samba log file log.smbd, I got the message "can't connect to (or couldn't find) service Administrator" (Administrator is the account I'm using to make all these tests) I'm searching further, thanks anyway, at least I understand now what was meant in the last samba howto paragraph 6.2.2. "Setting Drivers for Existing Printers" > ...Assuming that you already have the samba printer share created. > > If you ignore the error message and Cancel out of the wizard. > > Then select the properties of the printer that is already shared by samba, > on the advanced tab you should be able to select your newly uploaded > driver from the 'Driver:' list. This will associate the driver with this > printer. > > Once you've made the association, you can also add additional OS > drivers via the Sharing (tab), Additional Drivers method. > > Simon > All Secure Networks > > Visit www.allsecuredomain.com for low cost > web hosting and domain registration From pierre at globeall.de Tue Oct 2 00:33:49 2001 From: pierre at globeall.de (Pierre Burri) Date: Tue Dec 2 02:36:04 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) In-Reply-To: References: Message-ID: <01100209353001.00990@SIRIUS> Hi Jerry, yes your right I didn't have an "addprinter command" defined. So I wrote a little script to add a cups printer with lpadmin. It still doesn't work. The last message I get in the log file log.smbd is: .... Administrator opened file W32X86/PSCRIPT.HLP read=Yes write=No (numopen=1) [2001/10/02 09:28:36, 2] smbd/close.c:close_normal_file(205) Administrator closed file W32X86/PSCRIPT.HLP (numopen=0) [2001/10/02 09:28:36, 1] smbd/service.c:close_cnum(646) sun (192.168.10.14) closed connection to service print$ Level not implemented Thank you anyway, Pierre On Monday 01 October 2001 16:37, you wrote: > On Mon, 1 Oct 2001, Jim McDonough wrote: > > The log file might give you a clue as to the directory to which access > > is being denied. I've seen that, with /var/spool/samba, I think... > > what is the path setting in smb.conf for this printer (or the printers > > share for autoloading)? > > Nah....10 to 1 there's no "addprinter command" defined. > The APW only works to create new printers IFF you have an > "add printer command". See the man page for details. > > > cheers, jerry From tsoome at ut.ee Tue Oct 2 00:59:57 2001 From: tsoome at ut.ee (Toomas Soome) Date: Tue Dec 2 02:36:04 2003 Subject: Perl module Crypt::SmbHash released References: <20011002095736.A10104@thing.it.uts.edu.au.> Message-ID: <3BB97450.4597D481@ut.ee> Benjamin Kuit wrote: > > I've released my perl port of lib/md4.c and libsmb/smbdes.c to CPAN > as a single module Crypt::SmbHash, so Samba administrators can now > generate LM/NT password hashes for smbpasswd style entries within > perl scripts without calling external programs. > > It's entirely in perl, so its a bit slow, but the upside is that it's > portable. > > You can speed it up by having Digest::MD4 installed as well. > > Figured it would be useful to others. > > We now return you to your regular scheduled programming. > hm. [107] root@madli:build/Crypt-SmbHash-0.01> make test cp SmbHash.pm blib/lib/Crypt/SmbHash.pm PERL_DL_NONLAZY=1 /bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.1/sun4-solaris -I/usr/local/lib/perl5/5.6.1 test.pl 1..1 ok 1 Can't call method "hexdigest" on an undefined value at blib/lib/Crypt/SmbHash.pm line 65. *** Error code 255 make: Fatal error: Command failed for target `test_dynamic' so I fixed it:) sub nthash($) { my ( $pass ) = @_; my ( $hex ); my ( $context ); $pass = substr($pass||"",0,128); $pass =~ s/(.)/$1\000/sg; if ( $HaveDigestMD4 ) { $context = new Digest::MD4; $context->add($pass); $hex = $context->hexdigest; $hex =~ tr/a-z/A-Z/; } else { $hex = sprintf("%02X"x16,mdfour($pass)); } return $hex; } and now all tests will be passed. perl 5.6.1. toomas -- Falling in love is a lot like dying. You never get to do it enough to become good at it. From udippel at uniten.edu.my Tue Oct 2 01:16:03 2001 From: udippel at uniten.edu.my (Uwe Dippel) Date: Tue Dec 2 02:36:04 2003 Subject: Linux does not join NT-Domain Message-ID: <3BB979EE.1070104@uniten.edu.my> I am sure, that it is my mistake. - I am trying to join an NT-Domain without success: smbpasswd -j DOMNAME gives the following result: "cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine LIB-DOMAIP-01. Error was : NT_STATUS_ACCESS_DENIED. 2001/10/02 13:08:06 : change_trust_account_password: Failed to change password for domain DOMNAME." The account for the NetBIOS-Name has been created; I tried with Security = Server and Security = Domain. Any hints? Uwe ---------------------------------------------------- udippel@uniten.edu.my http://coe.utn.edu.my/uwe From gms_mouse at mail.ru Tue Oct 2 04:16:02 2001 From: gms_mouse at mail.ru (GMS) Date: Tue Dec 2 02:36:04 2003 Subject: Clients can't get user list In-Reply-To: <1828921.1001971650.viking@server.mvpsoft.com> References: <1828921.1001971650.viking@server.mvpsoft.com> Message-ID: <135407283.20011002152307@mail.ru> Check carefully the smbpasswd file! I had the same problem. The names in smbpasswd must correspond the names in /etc/passwd GMS mailto:gms_mouse@mail.ru From lists at aussie.nu Tue Oct 2 04:56:02 2001 From: lists at aussie.nu (Bob Purdon - Lists) Date: Tue Dec 2 02:36:05 2003 Subject: NT into Samba domain? In-Reply-To: Message-ID: Following up my own post: > [ cut ] > > Since then I've brought my NT box home from work, but I'll be stuffed > if I can make it work. I've changed the domain name to match what I > use here, but if I click OK in the "Identification Changes" box I get > the error "The domain controller for this domain cannot be located" > (when I did this on the first NT box, it worked fine). > > [ cut ] > > The relevant parts of my smb.conf are below: > > [global] > security = user > status = yes > workgroup = PURDON > encrypt passwords = yes > domain logons = yes > logon script = scripts\login.bat > domain admin group = @adm > add user script = /bin/false > guest account = fuckifiknow Bingo. Despite the error messages from NT, it seems that having a guest account that doesn't really exist breaks browsing, which breaks the PDC functionality, which broke everything I was trying to do. I could have sworn that has been set that way for months, but changing it fixed the problem... From epn.neustadt at t-online.de Tue Oct 2 05:40:15 2001 From: epn.neustadt at t-online.de (epn) Date: Tue Dec 2 02:36:05 2003 Subject: Problem with W2K -Login References: <15o1tZ-0blTRhC@fwd04.sul.t-online.com> <3BB8773E.E37074CC@gmp.iut-tlse3.fr> <15oLQu-23i7HsC@fwd02.sul.t-online.com> <3BB99F4B.EDCA081@gmp.iut-tlse3.fr> Message-ID: <15oOsN-0jRk9YC@fwd03.sul.t-online.com> Hi all, my PDC under Samba works fine (with Win9X). Now I try to login with W2K. Sorry, but I don't understand this. First adding the account to the UNIX-password-file # adduser -d /dev/null -s /bin/false Second adding the smbpassword # smbpasswd -a -m It doesn`t work !!! I Have Samba 2.2.0-15 and W2K sp1 ! The error message from Windows is: "To many procedure calls" I can't see the Domain-PDC in the neighborhood. Ping to the PDC is successful. I think I forget something ??? Thanks Sebastian Wern From idra at samba.org Tue Oct 2 07:02:02 2001 From: idra at samba.org (Simo Sorce) Date: Tue Dec 2 02:36:05 2003 Subject: 2.2.1a user/group issues In-Reply-To: <3BB8EB8A.1000101@sbmed.com>; from ninerfan@sbmed.com on Mon, Oct 01, 2001 at 03:17:46PM -0700 References: <3BB8EB8A.1000101@sbmed.com> Message-ID: <20011002070100.A11238@va.samba.org> On Mon, Oct 01, 2001 at 03:17:46PM -0700, J. Lucha wrote: > Inspired by Jerry's talk at LinuxWorld, when my co-worker > was having difficulty transitioning our PDC to Windows 2000, > I jumped in and suggested Samba. > > Well..we replaced our NT4 PDC with RH 7.1 running Samba 2.2.1a. > > So far it's going well..but I do want to mention a couple of issues. > Most of these issues, I've seen mention of in the mailing list, > but didn't see any concrete replies for solutions or status for future fix. > > 1.) On a Win98 client, when you create a share, the list > of domain users is not complete. I've seen various posts with > the wide ranges of numbers for the count of users. I can only see > the first 97 + Domain Admins + Domain Users + Everyone for a total of > 100. The other posts I saw had a lot fewer, so I guess I should feel > lucky. I suspect it's a character count thing, and since most of my > accounts are pseudo accounts that are about 3 characters I can get a lot > more of them. I think we have a fix for that in the CVS so it should be fixed for 2.2.2 > > 2.) Jerry, on page 430 of your book, you mention the domain group map > parameter, but as I see on some other mailing list posts (plus the error > logs) that parameter is no longer there. As is the one for local group > map. I understand that Samba now auto looks at the local /etc/group > file and treats those as local NT groups..but the problem I have with > that, Is I really need NT Domain Groups, so that I can set a permission > on another Windows machine by a group instead of individually selecting > each user (which I can't even do on a Win9x machine anyway because of > issue #1 above). Is this a feature that is going to be re-implemented? > (By the way Jerry, good intro book. I look forward to a more up-to-date > version) yes the management of groups is limited at the time, we are looking to rewrite a better support for it. > > 3.) When you add a Windows2000 machine to the domain, and it > prompts for a username/password pair that is authorized to add to the > domain, it only accepts root/root's password. Not a big deal, just on > a real NT domain, that prompt usually accepts any username/password > pair for a domain admin. Samba doesn't make use of the domain admin > group parameter in this case, which caused a little confusion. As a consequence of group code not beeing yet ok, we do not have domain admin group so you have to use root account to join w2k machines. Anyway we generally suggest to use a different password than the system one. Stay tuned we are working on the problems you pointed out. And thanks for the feedback, simo. -- Simo Sorce idra@samba.org ------------------------------- Samba Team http://www.samba.org From idra at samba.org Tue Oct 2 07:25:06 2001 From: idra at samba.org (Simo Sorce) Date: Tue Dec 2 02:36:05 2003 Subject: Problem with W2K -Login In-Reply-To: <15oOsN-0jRk9YC@fwd03.sul.t-online.com>; from epn.neustadt@t-online.de on Tue, Oct 02, 2001 at 02:42:19PM +0200 References: <15o1tZ-0blTRhC@fwd04.sul.t-online.com> <3BB8773E.E37074CC@gmp.iut-tlse3.fr> <15oLQu-23i7HsC@fwd02.sul.t-online.com> <3BB99F4B.EDCA081@gmp.iut-tlse3.fr> <15oOsN-0jRk9YC@fwd03.sul.t-online.com> Message-ID: <20011002072422.C11238@va.samba.org> On Tue, Oct 02, 2001 at 02:42:19PM +0200, epn wrote: > Hi all, > my PDC under Samba works fine (with Win9X). > Now I try to login with W2K. > > Sorry, but I don't understand this. > First adding the account to the UNIX-password-file > # adduser -d /dev/null -s /bin/false > Second adding the smbpassword > # smbpasswd -a -m You have to use the an add user script and join the domain from w2k with the root account (use a different password than the system one when you add root user to smbpasswd) > > It doesn`t work !!! > I Have Samba 2.2.0-15 and W2K sp1 ! > The error message from Windows is: > "To many procedure calls" 2.2.0 has some problems, please upgrade to 2.2.1a or wait a week and try 2.2.2 it will solve other problems with sp2 too. > > I can't see the Domain-PDC in the neighborhood. > Ping to the PDC is successful. > > I think I forget something ??? > > Thanks > Sebastian Wern > > > -- Simo Sorce idra@samba.org ------------------------------- Samba Team http://www.samba.org From po26 at ulfhild.cornell.edu Tue Oct 2 07:30:03 2001 From: po26 at ulfhild.cornell.edu (Petter T. Olsson) Date: Tue Dec 2 02:36:05 2003 Subject: Windows XP and Samba Message-ID: Hi all, Are there any known Issue with Samba (2.2.1a) and Windows XP I should be aware of before Upgrading my users Desktop computers? Thank You P --- Petter T. Olsson Consultant/Advisor II Cornell University Veterinary College CPPS/DCS Ithaca, NY 14853-6401 (607) 253-3411 From atsyber at ifrance.com Tue Oct 2 07:50:02 2001 From: atsyber at ifrance.com (AtSyber) Date: Tue Dec 2 02:36:05 2003 Subject: Printers and permissions Message-ID: <1002034597.3633.6.camel@zebulon> Hello I've done a samba2.2.1a server, all is right. However, when I build a printer share and want set some permission like valid users = toto @mygroup have no effect. But when I use a W2ksp2 with a admin login to set permission on this printer share, that's work and stored ! So where are stored groups and users permissions ? And how do it with the samba config file ? Thank you for your help Sylvain From kirk_morrow at hotmail.com Tue Oct 2 08:07:02 2001 From: kirk_morrow at hotmail.com (root) Date: Tue Dec 2 02:36:05 2003 Subject: Can not add printer drivers from Windows 2000. Message-ID: <3BB9D8A8.A0D2F1BD@hotmail.com> I've set up a samba server on a Linux box with Samba 2.2.1a-4. I can see the printers fine for an NT box. When logged in as Administator on the NT box I access the samba server using the root account. I've set up the print$ share and the directory structure for the printer drivers. The [print$] share has "write list = root @ntadmin". However, when I try to use the Add Printer Wizard to add drivers I get: Unable to install the Intel, Windows 2000 driver. Operation could not be completed. The only information I can find in the logs on the samba server is: [2001/10/02 09:34:16, 0] rpc_server/srv_spoolss_nt.c:_spoolss_fcpn(4663) _spoolss_fcpn: Invalid handle (OTHER) [2001/10/02 09:34:16, 0] rpc_server/srv_spoolss_nt.c:close_printer_handle(257) close_printer_handle: Invalid handle (OTHER) I've been searching high and low on mailing lists, FAQs and web site but have yet to find anything helpful. Please help. Thanks in advance. From Saitman at laschools.org Tue Oct 2 08:10:02 2001 From: Saitman at laschools.org (Steve) Date: Tue Dec 2 02:36:05 2003 Subject: File permissions Message-ID: <5456.209.232.0.87.1002023720.squirrel@mail.laschools.org> I am running samba 2.2.1a on a Redhat 7.1 with the 2.4.7 kernel.(rosat2) The root directory is /export. It resides on a nas box. The nas controler is running redhat 7.1 with the 2.4.7 kernel. /export is nfs mounted on rosat2. The problem that I am running into is that file permissions are not set according to the smb.conf file. When a new directory is created in the group share the directory will be created with the permissions of 750 instead of 770, and likewise with the file permissions. On a newly created files in the group share the permissions will be 640 instead of 660. In the homes share the directory will be 755 as it should be but the file is 644 instead of 755. This is a copy of the smb.conf file that is currently running. # $Id: smb.conf,v 1.11 2000/09/22 09:12:31 root Exp $ # # Initial Samba smb.conf file for Windows 98 domain controller # Written by Gerald Carter # Modified by Jean-Michel Dault [global] debug timestamp = no log level = 1 ; server name settings netbios name = ROSAT2 workgroup = LAUSD-SAMBA ; security settings security = user invalid users = root bin daemon adm sync shutdown halt news mail uucp games \ gopher ftp xfs gdm piranha squid hosts allow = 192.168. ; password settings encrypt passwords = no update encrypted = yes smb passwd file = /usr/samba/private/smbpasswd password level = 8 ; printing parameters ;printer driver file=/export/samba/printers/printers.def ;load printers = yes ; domain and browsing settings domain logons = yes logon script = logon.bat preferred master = yes domain master = yes local master = yes os level = 255 wins support = yes ; case settings case sensitive = no default case = lower short preserve case = yes preserve case = yes map archive = no ; default service parameters read only = yes guest ok = no browseable = yes admin users = @sysadmin default service = othergroup domain admin group = root @root ; ; NETLOGON service required for domain logon support ; [netlogon] comment = NETLOGON service path = /export/samba/netlogon create mask = 0664 force create mode = 0664 directory mode = 775 force directory mode = 775 write list = @sysadmin guest ok = yes browseable = no [users] comment = Administrative user preferences root preexec = /usr/samba/bin/create_userdir %U %G path =/export/samba/users/%U create mask = 0600 force create mode = 0600 directory mask = 0700 force directory mode = 0700 browseable = no [export] comment = Export Directory path = /export public = no writable = yes printable = no valid users = @sysadmin browseable = yes [test] comment = Run testparm path = /tmp/testparm preexec = mkdir -p /tmp/testparm;/usr/bin/testparm > /tmp/testparm/testparm.txt;todos /tmp/testparm/testparm.txt postexec = /bin/rm -f /tmp/testparm/testparm.txt public = yes writable = no printable = no browseable = no [homes] comment = Home directory for [%U] path = /export/home/%U browseable = no read only = no create mask = 0755 directory mask = 0755 only user = yes users = %S [group] comment = %g group share on %L [%U] path = /export/samba/group/%g create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 read only = no browseable = yes force group = %g users = @%g admin users = @admgroup [nettools] comment = Global share for sysadmin users path = /export/nettools create mask = 0660 force create mode = 0660 write list = ssaitman jholzing directory mask = 0755 force directory mode = 0755 read only = no admin users = @sysadmin [othergroup] comment = Additional group share on %L (%U/%g) path = /export/samba/group/%S create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 read only = no browseable = yes force group = %S users = @%S [public] comment = Global share for authenticated users path = /export/public create mask = 0644 force create mode = 0644 directory mask = 1777 force directory mode = 1777 read only = no admin users = @sysadmin [printers] comment = %S printer on %h path = /var/spool/samba printable = yes browseable = no print command = /usr/bin/lpr -P%p -r %s lprm command = /usr/bin/lpr -P%p %j [interchk] comment = Sophos InterCheck client path = /export/samba/intercheck public = yes writable = yes printable = no [global] debug timestamp = no log level = 1 ; server name settings netbios name = ROSAT2 workgroup = LAUSD-SAMBA ; security settings security = user invalid users = root bin daemon adm sync shutdown halt news mail uucp games \ gopher ftp xfs gdm piranha squid hosts allow = 192.168. ; password settings encrypt passwords = no update encrypted = yes smb passwd file = /usr/samba/private/smbpasswd password level = 8 ; printing parameters ;printer driver file=/export/samba/printers/printers.def ;load printers = yes ; domain and browsing settings domain logons = yes logon script = logon.bat preferred master = yes domain master = yes local master = yes os level = 255 wins support = yes ; case settings case sensitive = no default case = lower short preserve case = yes preserve case = yes map archive = no ; default service parameters read only = yes guest ok = no browseable = yes admin users = @sysadmin default service = othergroup domain admin group = root @root ; ; NETLOGON service required for domain logon support ; [netlogon] comment = NETLOGON service path = /export/samba/netlogon create mask = 0664 force create mode = 0664 directory mode = 775 force directory mode = 775 write list = @sysadmin guest ok = yes browseable = no [users] comment = Administrative user preferences root preexec = /usr/samba/bin/create_userdir %U %G path =/export/samba/users/%U create mask = 0600 force create mode = 0600 directory mask = 0700 force directory mode = 0700 browseable = no [export] comment = Export Directory path = /export public = no writable = yes printable = no valid users = @sysadmin browseable = yes [test] comment = Run testparm path = /tmp/testparm preexec = mkdir -p /tmp/testparm;/usr/bin/testparm > /tmp/testparm/testparm.txt;todos /tmp/testparm/testparm.txt postexec = /bin/rm -f /tmp/testparm/testparm.txt public = yes writable = no printable = no browseable = no [homes] comment = Home directory for [%U] path = /export/home/%U browseable = no read only = no create mask = 0755 directory mask = 0755 only user = yes users = %S [group] comment = %g group share on %L [%U] path = /export/samba/group/%g create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 read only = no browseable = yes force group = %g users = @%g admin users = @admgroup [nettools] comment = Global share for sysadmin users path = /export/nettools create mask = 0660 force create mode = 0660 write list = ssaitman jholzing directory mask = 0755 force directory mode = 0755 read only = no admin users = @sysadmin [othergroup] comment = Additional group share on %L (%U/%g) path = /export/samba/group/%S create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 read only = no browseable = yes force group = %S users = @%S [public] comment = Global share for authenticated users path = /export/public create mask = 0644 force create mode = 0644 directory mask = 1777 force directory mode = 1777 read only = no admin users = @sysadmin [printers] comment = %S printer on %h path = /var/spool/samba printable = yes browseable = no print command = /usr/bin/lpr -P%p -r %s lprm command = /usr/bin/lpr -P%p %j [interchk] comment = Sophos InterCheck client path = /export/samba/intercheck public = yes writable = yes printable = no Thanks in advance. ************************************************** Steve Saitman Network Technician Facilities Services Division Los Angeles Unified School District Office 213 Fax 213-633-8462 From jerry at samba.org Tue Oct 2 08:38:06 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:05 2003 Subject: Can not add printer drivers from Windows 2000. In-Reply-To: <3BB9D8A8.A0D2F1BD@hotmail.com> Message-ID: On Tue, 2 Oct 2001, root wrote: > I've set up a samba server on a Linux box with Samba 2.2.1a-4. I can > see the printers fine for an NT box. When logged in as Administator > on the NT box I access the samba server using the root account. I've > set up the print$ share and the directory structure for the printer > drivers. The [print$] share has "write list = root @ntadmin". > However, when I try to use the Add Printer Wizard to add drivers I > get: > > Unable to install the Intel, Windows 2000 driver. Operation could not > be completed. WHat driver is this? Lexmark by chance? Can you reproduce it using the latest SAMBA_2_2 cvs? jerry From sax at kodu.net Tue Oct 2 10:08:01 2001 From: sax at kodu.net (Erki Simson) Date: Tue Dec 2 02:36:05 2003 Subject: Windows XP and Samba In-Reply-To: Message-ID: <000001c14b65$0dfdc700$02627ec2@sax> Hi! > Are there any known Issue with Samba (2.2.1a) and Windows XP I should be aware of before Upgrading my users Desktop computers? You must change HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\Netlogon\Parameters\requir esignorseal value to 0 to make domain logons to work. If value is set to 1 you'll be able to join to the domain but not allowed to logon to domain. That requiresignorseal thing i found from event viewer. It said there to set it 0 or something and after reboot it worked just perfect. Been running XP for a month now without any problems(crashes:) --- Erki Simson network admin Reaalaja O? -- The box said "Requires Win95, NT, -- -- or better," and so I installed Linux. -- From affuso at sipal.it Tue Oct 2 10:39:01 2001 From: affuso at sipal.it (Giovanni Affuso) Date: Tue Dec 2 02:36:05 2003 Subject: SmbMount Problem Message-ID: <5.1.0.14.2.20011002194120.0237e028@10.10.1.12> Dear Everybody, I have in my system,Suse 7.1 kernel 2.4.10 and Samba 2.0.10, mounted with the command mount -t smbfs etc etc , resource exported of a Nt server, after a indeterminate time the process ad example smbmount //172.20.200.53/sipal /mnt/oci/sipal crash, in the my log I have this messages: Oct 2 11:53:52 linux kernel: smb_trans2_request: result=-104, setting invalid Oct 2 11:53:52 linux kernel: smb_retry: successful, new pid=501, generation=2 Oct 2 11:53:52 linux kernel: smb_trans2_request: result=-104, setting invalid Oct 2 11:53:53 linux kernel: smb_retry: successful, new pid=496, generation=2 Oct 2 12:11:05 linux kernel: smb_trans2_request: result=-104, setting invalid Oct 2 12:11:06 linux kernel: smb_retry: successful, new pid=506, generation=2 Have You an idea of solution to my problem? Thanks in advanced Giovanni Affuso Sipal Spa Sede sociale ed Uffici: Via Invorio, 24/a Torino tel. +390117176324 fax: +39011726766 mailto:affuso@sipal.it -------------- next part -------------- HTML attachment scrubbed and removed From dmair at us.ibm.com Tue Oct 2 10:45:17 2001 From: dmair at us.ibm.com (David Mair) Date: Tue Dec 2 02:36:05 2003 Subject: Having major permissions problems Message-ID: Hello: I sent a note a few days ago slightly related to this topic. We're running Samba 2.2.1a on RH 7.1 as a PDC. I've been attempting to setup a customized security template and group policy objects for W2K clients. As I was configuring these I began to notice that whenever I denied local_machine\users permissions _all_ of my administrative ID's (local and domain) also became subject to the same permissions. For example: I deny read&execute permission for (local_machine\users) on a particular application. When applied, NO ONE can run the application including administrators. Fortunately, administrator still retains the right to change permissions. Am I doing something wrong here? Anyone else experienced this same problem? Specifics: Samba 2.2.1a on RH 7.1 PDC Clients are running W2K SP1. Thanks, Dave Consultant, n.: [From con "to defraud, dupe, swindle," or, possibly, French con (vulgar) "a person of little merit" + sult elliptical form of "insult."] A tipster disguised as an oracle, especially one who has learned to decamp at high speed in spite of a large briefcase and heavy wallet. From affuso at sipal.it Tue Oct 2 10:53:03 2001 From: affuso at sipal.it (Giovanni Affuso) Date: Tue Dec 2 02:36:05 2003 Subject: SmbMount Problem Message-ID: <5.1.0.14.2.20011002200221.0237e2a8@10.10.1.12> Dear Everybody, I have in my system,Suse 7.1 kernel 2.4.10 and Samba 2.0.10, mounted with the command mount -t smbfs etc etc , resource exported of a Nt server, after a indeterminate time the process ad example smbmount //172.20.200.53/sipal /mnt/oci/sipal crash, in the my log I have this messages: Oct 2 11:53:52 linux kernel: smb_trans2_request: result=-104, setting invalid Oct 2 11:53:52 linux kernel: smb_retry: successful, new pid=501, generation=2 Oct 2 11:53:52 linux kernel: smb_trans2_request: result=-104, setting invalid Oct 2 11:53:53 linux kernel: smb_retry: successful, new pid=496, generation=2 Oct 2 12:11:05 linux kernel: smb_trans2_request: result=-104, setting invalid Oct 2 12:11:06 linux kernel: smb_retry: successful, new pid=506, generation=2 Have You an idea of solution to my problem? Thanks in advanced Giovanni Affuso Sipal Spa Sede sociale ed Uffici: Via Invorio, 24/a Torino tel. +390117176324 fax: +39011726766 mailto:affuso@sipal.it From johnl at sotxlighthouse.org Tue Oct 2 12:01:51 2001 From: johnl at sotxlighthouse.org (johnl@sotxlighthouse.org) Date: Tue Dec 2 02:36:05 2003 Subject: inablity to manage users from w2k machines Message-ID: <3BB9C90F.23548.47C8B0B@localhost> Hello again, I've had no answer to my last post... ever the optimist, I'll try another. I have a linux/samba acting as pdc on a network of mostly win9x machines which also has a w2k ts/citrix machine and a w2k workstation. I want to add a user to a citrix application, but can see just 2 groups and 10 users within the domain when I try to do so. There are more of each. And the user I want to add to the citrix app is not among those I can 'see'. All the documentation leads me to an 'Active Directory Users and Computers' tool to manage users, but this tool seems not to work with plain old samba 2.2.1a domain users. It won't even start. I get 'Naming information cannot be located because: The specified domain either does not exist or could not be contacted" I've downloaded the NT usrngr and srvmgr tools, but their 'stubs receive bad data' when I try to run them. Everything looks fine from linux. The users and groups exist in /etc/passwd and smbpasswd files. How can I manage the samba users? How can I even see the samba domain contents from w2k machines? Hoping to hear from someone... --- John Francis Lee, IS Manager South Texas Lighthouse for the Blind 1907 Leopard Street PO Box 9697 Corpus Christi TX 78469 361.883.6553x45 361.883.1041 fax JohnL@sotxlighthouse.org From jolt at nicholasofmyra.org Tue Oct 2 12:37:03 2001 From: jolt at nicholasofmyra.org (Joseph) Date: Tue Dec 2 02:36:05 2003 Subject: Having major permissions problems References: Message-ID: <3BBA17EB.5020803@nicholasofmyra.org> Deny permissions outwiegh grant permissions. When a user logs onto the local machine, they are considered (by that computer) to be a local user. Try granting permissions to only the users/groups that should run the application and don't use the deny permission. Anyone not in the allow list still cannot access it. David Mair wrote: > Hello: > > I sent a note a few days ago slightly related to this topic. We're running > Samba 2.2.1a on RH 7.1 as a PDC. I've been attempting to setup a > customized security template and group policy objects for W2K clients. As > I was configuring these I began to notice that whenever I denied > local_machine\users permissions _all_ of my administrative ID's (local and > domain) also became subject to the same permissions. > > For example: I deny read&execute permission for (local_machine\users) on a > particular application. When applied, NO ONE can run the application > including administrators. Fortunately, administrator still retains the > right to change permissions. Am I doing something wrong here? Anyone else > experienced this same problem? > > Specifics: > > Samba 2.2.1a on RH 7.1 PDC > Clients are running W2K SP1. > > Thanks, > > Dave > > Consultant, n.: [From con "to defraud, dupe, swindle," or, possibly, > French con (vulgar) "a person of little merit" + sult elliptical form of > "insult."] A tipster disguised as an oracle, especially one who has > learned to decamp at high speed in spite of a large briefcase and heavy > wallet. > > > From greg at leiinc.com Tue Oct 2 14:11:03 2001 From: greg at leiinc.com (Greg J. Zartman, P.E.) Date: Tue Dec 2 02:36:05 2003 Subject: Mailing list slowing down Message-ID: This mailing list seems much "slower" than in past months. Are most people moving to a different list? Thank you Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. (541)683-8383 fax (541)683-8144 www.leiinc.com From rickera2 at SLU.EDU Tue Oct 2 14:48:01 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:05 2003 Subject: machine accounts question Message-ID: <3BBA36C3.3057D755@slu.edu> Hello all, My question is what functionality do machine accounts have in a samba PDC set up? I can authenticate a user and use samba shares sans any issues, without a machine account. I have done some research but have not found any concrete info pertaining to this. I appreciate everyone's time. Cheers, Tony ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From greg at kwikfind.com Tue Oct 2 15:02:03 2001 From: greg at kwikfind.com (Greg J. Zartman) Date: Tue Dec 2 02:36:05 2003 Subject: machine accounts question In-Reply-To: <3BBA36C3.3057D755@slu.edu> Message-ID: Machine accounts are very similar to user accounts in that user accounts relate to a person and machine account to a computer. In order for a machine to logon to a domain, it must have an account with the computer that controls that domain, the PDC (very similar to you having to have a user account on a computer in order to log onto that computer). Once the machine logs onto the PDC, then the PDC trusts what that computer does. This trust allows you to access resources in the domain without having to input a user password every time you want to do something with a domain resource. Really the domain is like a linux user group in that all computer are members of the group. It can be a little difficult to distinguish between a workgroup and a domain. They are in fact very simular from Samba's view point. The primary advantage to the domain is that authentication is centralized at the PDC (i.e., you don't have to setup user accounts on every machine in order for a person to log on resources on a given machine. The PDC keeps a central user database for you and control authentication) Hope this helps a little. Greg > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Tony Ricker > Sent: Tuesday, 2 October 2001 2:51 PM > To: Samba; Samba NT-Dom > Subject: machine accounts question > > > Hello all, > My question is what functionality do machine accounts have in a > samba PDC set up? I can authenticate a user and use samba shares sans > any issues, without a machine account. I have done some research but > have not found any concrete info pertaining to this. I appreciate > everyone's time. > > Cheers, > > Tony > ------------------------------- > Tony Ricker > Technology Coordinator > SLUCare - P.M.O. > St. Louis University > Phone: 314.977.6844 > E-mail: rickera2@slu.edu > ------------------------------- > "In the beginners mind, there > are many possibilities. In the > experts mind, there are few" > - Shunryu Suzuki > ------------------------------- > "Think Different" > > > > > From darryl_g at hotmail.com Tue Oct 2 15:51:04 2001 From: darryl_g at hotmail.com (Darryl Goodridge) Date: Tue Dec 2 02:36:05 2003 Subject: Samba Woes ---need help Message-ID: I am running a samba server on an NT domain. I can see the server from my Wndows machines ,and read my my unix files,but I cannot see the windows files from the linux machine or print to a printer attached to one of the windows machines.At best I can send a pop up message to my NT server.Can someone help me? _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp From idra at samba.org Tue Oct 2 16:46:02 2001 From: idra at samba.org (Simo Sorce) Date: Tue Dec 2 02:36:05 2003 Subject: Mailing list slowing down In-Reply-To: ; from greg@leiinc.com on Tue, Oct 02, 2001 at 02:11:41PM -0700 References: Message-ID: <20011002164533.A17825@va.samba.org> some of the samba developers active there thinks that this list have made it's lifecycle now that nt domain support is official, so samba@samba.org should be the place to go. On Tue, Oct 02, 2001 at 02:11:41PM -0700, Greg J. Zartman, P.E. wrote: > This mailing list seems much "slower" than in past months. Are most people > moving to a different list? > > Thank you > > > Greg J. Zartman, P.E. > Vice-President > Logging Engineering International, Inc. > (541)683-8383 fax (541)683-8144 > www.leiinc.com > > -- Simo Sorce idra@samba.org ------------------------------- Samba Team http://www.samba.org From spwu at swgenius.com.tw Tue Oct 2 22:13:02 2001 From: spwu at swgenius.com.tw (spwu) Date: Tue Dec 2 02:36:05 2003 Subject: Message-ID: <008101c14bca$3f7b3280$7801a8c0@swgenius.com.tw> Skipped content of type multipart/alternative-------------- next part -------------- A non-text attachment was scrubbed... Name: =?big5?B?p2QgpPS6XS52Y2Y=?= Type: text/x-vcard Size: 677 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011002/b46b66c1/big5Bp2QgpPS6XS52Y2Y.vcf From Anette_Vevle_0xL19Dzvre0xL186zs/i-COM at INDCOMLURA.ic-group.no Wed Oct 3 07:02:05 2001 From: Anette_Vevle_0xL19Dzvre0xL186zs/i-COM at INDCOMLURA.ic-group.no (Anette Vevle =?iso-8859-1?q?=D8vre=E5s=2Fi-COM?=) Date: Tue Dec 2 02:36:06 2003 Subject: After upgrading - Account not authorized..... Message-ID: Hi there! First of all, thanks to all of you giving me feedback on my mail related to upgrading. I have recently upgraded our HP-UX 10.2 server from Samba 1.9.18p1 to 2.2.1a. The upgrade went OK but when I try to map a share, it will not do what I want. I have been through all the tests in "Diagnosing your Samba Server", and some of them failed. TEST 8 failed. When I typed "net view \\server" in the MS-DOS window I got this message: "System error 5 has occured. Access is denied." TEST 9 failed. Using the Run command on "net use x: \\server\tmp", It said: "The password is invalid for \\server\tmp, type the password for \\dt17\tmp:" When I wrote it, nothing happened. TEST 11 failed. I tried to dobble click on the server in the browse list. Then I got the following message: "Incorrect password or unknown username for \\server. Connect as:_____________ Password:____________." When username and password was written the following message came: "\\server is not accessible. The account is not authorized to login from this station. I am using a Win NT 4.0 workstation doing my tests. With the EnablePlainTextPassword enabled in the registry, I am able to get on to the server, but I hoped not to use this one after upgrading. I know it shall work without it, so there might be some settings in the [global] part of my smb.conf file I have to change. Here is my smb.conf configuration: [global] getwd cache = yes read raw = yes workgroup = icbergen server string = Samba Server %v security = server password server = Windows_NT_Machine local master = no hosts allow = 193.212.169.0/255.255.255.0 printing = sysv printcap name = /etc/printcap load printers = yes [homes] comment = Home Directory browseable = no read only = no create mode = 0700 [public] comment = Public Directory path = /usr/public public = no writable = yes force create mode = 0755 force directory mode = 0755 [office] comment = Office Directory path = /usr/office public = no writable = yes force create mode = 0775 force directory mode = 0775 [felles] comment = Felles Directory path = /home/felles public = no writable = yes force create mode = 0777 force directory mode = 0777 [printers] comment = Tilgjengelige printere path = /tmp browsable = no printable = yes public = no writable = no create mode = 0700 [tmp] comment = Temporary Files path = /tmp read only = yes Hopefully some of you are familiar with my problem, in advance THANK'S!!!! Regards, *********************************************************************** Anette Vevle Oevreaas System Administrator/Systems Consultant i-COM AS From noelfitz at ipac.ie Wed Oct 3 07:08:03 2001 From: noelfitz at ipac.ie (Noel Fitzpatrick) Date: Tue Dec 2 02:36:06 2003 Subject: Quick FreeBSD question?? Message-ID: <712A2C3F8297CB498D51421F26F7ECAE03632D@ipac01.ipac.local> Hi, I'm relevantly new to Samba, but can anyone give me some pointers on what to use for the add user script on a FreeBSD machine. pw and useradd don't support putting the "$" at the end of the machine name. TIA. All the best, Noel. From memphis_ms at gmx.net Wed Oct 3 07:45:03 2001 From: memphis_ms at gmx.net (Raoul Schroeder) Date: Tue Dec 2 02:36:06 2003 Subject: Quick FreeBSD question?? References: <712A2C3F8297CB498D51421F26F7ECAE03632D@ipac01.ipac.local> Message-ID: <3BBB25B4.FAD7457C@gmx.net> Correct me if I am wrong, but the add user script is only for adding users, not machines? Then, it is not a problem at all. The $ is only there for machine accounts. As far as I know, the only way to add the $ in FreeBSD is vipw. pw, useradd, adduser do not work that way. Noel Fitzpatrick wrote: > Hi, > > I'm relevantly new to Samba, but can anyone give me some pointers on > what to use for the add user script on a FreeBSD machine. > > pw and useradd don't support putting the "$" at the end of the machine > name. > > TIA. > > All the best, > Noel. From jolt at nicholasofmyra.org Wed Oct 3 08:43:03 2001 From: jolt at nicholasofmyra.org (Joseph) Date: Tue Dec 2 02:36:06 2003 Subject: Quick FreeBSD question?? References: <712A2C3F8297CB498D51421F26F7ECAE03632D@ipac01.ipac.local> Message-ID: <3BBB3231.8090102@nicholasofmyra.org> Try these files. I use them on my FreeBSD server. One is just a shell script that you would use from smb.conf: add user script = /newcomputer %m It will in turn call a hacked adduser script called addcomputer. I put addcomputer in /usr/local/bin/. I had newcomputer in /usr/local/bin also. There are no guarantees with these scripts, but they work for me. Addcomputer adds computer accounts with UIDs of 500 to 999. It adds the computer with a primary group of machines. There is also a shell script for deleting a computer. However, FreeBSD seems to handle that fine. I included the script though. Let me know if it works or not for you. Joseph Noel Fitzpatrick wrote: > Hi, > > I'm relevantly new to Samba, but can anyone give me some pointers on > what to use for the add user script on a FreeBSD machine. > > pw and useradd don't support putting the "$" at the end of the machine > name. > > > TIA. > > All the best, > Noel. > > -------------- next part -------------- A non-text attachment was scrubbed... Name: adduserscript.tar.gz Type: application/x-gzip Size: 5112 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011003/6fb0e77f/adduserscript.tar.bin From jay at toltec.metran.cx Wed Oct 3 10:37:03 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:06 2003 Subject: After upgrading - Account not authorized..... In-Reply-To: from "Anette Vevle =?iso-8859-1?q?=D8vre=E5s=2Fi-COM?=" at Oct 03, 2001 04:04:10 PM Message-ID: <200110031738.f93Hcrl02772@toltec.metran.cx> Anette, Looks like you need the line [global] encrypt passwords = yes in your smb.conf file. You don't need to change the registry on your NT system, or use plaintext passwords. - Jay Ts jayts@iname.com > Hi there! > > First of all, thanks to all of you giving me feedback on my mail related to > upgrading. > > I have recently upgraded our HP-UX 10.2 server from Samba 1.9.18p1 to > 2.2.1a. The upgrade went OK but when I try to map a share, it will not do > what I want. I have been through all the tests in "Diagnosing your Samba > Server", and some of them failed. > > TEST 8 failed. When I typed "net view \\server" in the MS-DOS window I got > this message: "System error 5 has occured. Access is denied." > > TEST 9 failed. Using the Run command on "net use x: \\server\tmp", It said: > "The password is invalid for \\server\tmp, type the password for > \\dt17\tmp:" When I wrote it, nothing happened. > > TEST 11 failed. I tried to dobble click on the server in the browse list. > Then I got the following message: "Incorrect password or unknown username > for \\server. Connect as:_____________ Password:____________." When > username and password was written the following message came: "\\server is > not accessible. The account is not authorized to login from this station. > > I am using a Win NT 4.0 workstation doing my tests. With the > EnablePlainTextPassword enabled in the registry, I am able to get on to the > server, but I hoped not to use this one after upgrading. I know it shall > work without it, so there might be some settings in the [global] part of my > smb.conf file I have to change. > > Here is my smb.conf configuration: > > [global] > getwd cache = yes > read raw = yes > workgroup = icbergen > server string = Samba Server %v > security = server > password server = Windows_NT_Machine > local master = no > hosts allow = 193.212.169.0/255.255.255.0 > printing = sysv > printcap name = /etc/printcap > load printers = yes > > [homes] > comment = Home Directory > browseable = no > read only = no > create mode = 0700 > > [public] > comment = Public Directory > path = /usr/public > public = no > writable = yes > force create mode = 0755 > force directory mode = 0755 > > [office] > comment = Office Directory > path = /usr/office > public = no > writable = yes > force create mode = 0775 > force directory mode = 0775 > > [felles] > comment = Felles Directory > path = /home/felles > public = no > writable = yes > force create mode = 0777 > force directory mode = 0777 > > [printers] > comment = Tilgjengelige printere > path = /tmp > browsable = no > printable = yes > public = no > writable = no > create mode = 0700 > > [tmp] > comment = Temporary Files > path = /tmp > read only = yes > > > > Hopefully some of you are familiar with my problem, in advance THANK'S!!!! > > Regards, > *********************************************************************** > Anette Vevle Oevreaas > System Administrator/Systems Consultant > i-COM AS > > From Holger.Daehre at t-online.de Wed Oct 3 11:16:04 2001 From: Holger.Daehre at t-online.de (Holger.Daehre) Date: Tue Dec 2 02:36:06 2003 Subject: winbind doesn't import users Message-ID: <000801c14c38$08913c60$4804d70a@hdpc> I'm trying to run Winbind on Samba 2.2.2-pre. "wbinfo -u" and "wbinfo -g" return my domain users and groups, but "getent passwd" shows only my local users. There is no domain user. I tried CVS SAMBA_2_2 and HEAD. Both had the same result. My system is running SuSE 7.1, with custom kernel 2.4.9 including XFS support for ACLs. -Samba compiled with following options: --with-pam --with-acl-support --with-winbind -libnss_winbind.so.2 copied to /lib and pam_winbind.so copied to /lib/security -winbind entries inserted to nsswitch.conf -joined the domain using smbpasswd Anyone seen this problem before? Who can give my a hint ? Thanks in advance, Holger Daehre -------------- next part -------------- HTML attachment scrubbed and removed From BMarkley at Datalux.com Wed Oct 3 11:27:03 2001 From: BMarkley at Datalux.com (Bill Markley) Date: Tue Dec 2 02:36:06 2003 Subject: Samba 2.2.1a in WinNT domain Message-ID: Hello, I would prefer to use winbind for authentication. I have spent time reading over the articles in at marc.theaimsgroup.com but still am confused. I have configured samba-2.2.1a.tar.gz --with-pam --with-winbind. Did a make & make install. After a search over the hdd there is no winbind file. Assuming that I need to download winbind I looked over the samba download site. Unsure what to download??? There was mention about HEAD & CVS & TNG but all I need is winbind..... Can someone point me to the correct file that I need to add onto samba to talk to NT DC's? I'm lost. TIA, Bill -----Original Message----- From: Michels, Gustavo [EES/BR] [mailto:gustavo.michels@emersonenergy.com] Sent: Monday, September 17, 2001 1:20 PM To: Bill Markley; Samba NT Subject: RE: Samba 2.2.1a in WinNT domain Hi, You have two directions, either use winbind or smbpasswd file. Using the first one, you pass all the authentication process directly to the NT DCs using linux PAM. The other way you still authenticate the users with the NT DCs but you must create a local account for each user that will be connected to the samba server. Look the FAQs and HOW-Tos for more info. Also searching the mail list archives (marc.theaimsgroup.com) is a good starting point. Then you come back with problems you may encounter. Cheers Gustavo -----Original Message----- From: Bill Markley [mailto:BMarkley@Datalux.com] Sent: segunda-feira, 17 de setembro de 2001 13:53 To: Samba NT Subject: Samba 2.2.1a in WinNT domain I'm trying to add a RH 7.1 Linux/Samba PC into a WinNT domain. The PDC is WinNT and I would like for all users to be validated on that PC or two other BDC's. The Samba box is a member of the Domain but it is inaccessible by any of the NT/98 servers or workstations. I have tried using the "net use" command to map a drive to the Linux share but that doesn't work either. It returns an error. The Samba box can be seen through MS explorer but cannot access it. A "ping" to the box returns no errors. Can someone point me in the direction of where the problem may lie. Thanks, Bill Markley Network Admin. Datalux Corp. From gustavo.michels at emersonenergy.com Wed Oct 3 11:28:02 2001 From: gustavo.michels at emersonenergy.com (Michels, Gustavo [EES/BR]) Date: Tue Dec 2 02:36:06 2003 Subject: winbind doesn't import users Message-ID: <7F0147C496F3D411813C0002B32BF1CC0141EF30@eesekkex001.kkekant.ericsson.se> Hello, Your setup looks perfect, but let's just be exact in some points: - after 'make install', you copied nsswitch/libnss_winbind.so to /lib? Or copied directly to /lib/libnss_winbind.so.2? Maybe it would be better if you copied the plain .so file and made a symbolic link inside the lib folder. - the only other problem I can see is 'winbind enum users/groups' entry in smb.conf set as 'no'. I do have this entry to save system resources, so getents do not work, although wbinfo work. I use SAMBA_2_2. Using 'smbclient -L hostname -UAdministrator', what is returned? Try looking at higher level debug logs also. cheers Gustavo -----Original Message----- From: Holger.Daehre@t-online.de [mailto:Holger.Daehre@t-online.de] Sent: quarta-feira, 3 de outubro de 2001 15:20 To: samba-ntdom@lists.samba.org Subject: winbind doesn't import users I'm trying to run Winbind on Samba 2.2.2-pre. "wbinfo -u" and "wbinfo -g" return my domain users and groups, but "getent passwd" shows only my local users. There is no domain user. I tried CVS SAMBA_2_2 and HEAD. Both had the same result. My system is running SuSE 7.1, with custom kernel 2.4.9 including XFS support for ACLs. -Samba compiled with following options: --with-pam --with-acl-support --with-winbind -libnss_winbind.so.2 copied to /lib and pam_winbind.so copied to /lib/security -winbind entries inserted to nsswitch.conf -joined the domain using smbpasswd Anyone seen this problem before? Who can give my a hint ? Thanks in advance, Holger Daehre From gustavo.michels at emersonenergy.com Wed Oct 3 11:31:11 2001 From: gustavo.michels at emersonenergy.com (Michels, Gustavo [EES/BR]) Date: Tue Dec 2 02:36:06 2003 Subject: Samba 2.2.1a in WinNT domain Message-ID: <7F0147C496F3D411813C0002B32BF1CC0141EF32@eesekkex001.kkekant.ericsson.se> Hello, Samba 2.2.1a does not have winbind. You have to use CVS sources, either SAMBA_2_2 or HEAD tags. I use SAMBA_2_2. To download the cvs source: $ cvs -d :pserver:cvs@pserver.samba.org:/cvsroot login (pass is cvs) $ cvs -z3 -d :pserver:cvs@pserver.samba.org:/cvsroot co -r SAMBA_2_2 samba Then you should have the source code with winbind. Read the mail archives or the winbindd man page, there are plenty of posts showing directions of what you do next. cheers Gustavo -----Original Message----- From: Bill Markley [mailto:BMarkley@Datalux.com] Sent: quarta-feira, 3 de outubro de 2001 15:33 To: Michels, Gustavo [EES/BR]; Samba NT Subject: RE: Samba 2.2.1a in WinNT domain Hello, I would prefer to use winbind for authentication. I have spent time reading over the articles in at marc.theaimsgroup.com but still am confused. I have configured samba-2.2.1a.tar.gz --with-pam --with-winbind. Did a make & make install. After a search over the hdd there is no winbind file. Assuming that I need to download winbind I looked over the samba download site. Unsure what to download??? There was mention about HEAD & CVS & TNG but all I need is winbind..... Can someone point me to the correct file that I need to add onto samba to talk to NT DC's? I'm lost. TIA, Bill -----Original Message----- From: Michels, Gustavo [EES/BR] [mailto:gustavo.michels@emersonenergy.com] Sent: Monday, September 17, 2001 1:20 PM To: Bill Markley; Samba NT Subject: RE: Samba 2.2.1a in WinNT domain Hi, You have two directions, either use winbind or smbpasswd file. Using the first one, you pass all the authentication process directly to the NT DCs using linux PAM. The other way you still authenticate the users with the NT DCs but you must create a local account for each user that will be connected to the samba server. Look the FAQs and HOW-Tos for more info. Also searching the mail list archives (marc.theaimsgroup.com) is a good starting point. Then you come back with problems you may encounter. Cheers Gustavo -----Original Message----- From: Bill Markley [mailto:BMarkley@Datalux.com] Sent: segunda-feira, 17 de setembro de 2001 13:53 To: Samba NT Subject: Samba 2.2.1a in WinNT domain I'm trying to add a RH 7.1 Linux/Samba PC into a WinNT domain. The PDC is WinNT and I would like for all users to be validated on that PC or two other BDC's. The Samba box is a member of the Domain but it is inaccessible by any of the NT/98 servers or workstations. I have tried using the "net use" command to map a drive to the Linux share but that doesn't work either. It returns an error. The Samba box can be seen through MS explorer but cannot access it. A "ping" to the box returns no errors. Can someone point me in the direction of where the problem may lie. Thanks, Bill Markley Network Admin. Datalux Corp. From webguardian at safepointetech.com Thu Oct 4 06:05:17 2001 From: webguardian at safepointetech.com (WebGuardian) Date: Tue Dec 2 02:36:06 2003 Subject: Please Help - Account Not Authorized Error Message-ID: <1002200825.25227.39.camel@sfp01> Hello, We have a situation here that we sure could use some help on. Let me explain what we did so far: On a test Red Hat 7.1 box we installed Samba 2.2.1a. From there we created the below smb.conf file and manually added the machine account to the system and then added it to the smbpasswd file. We then added the root account to the smbpasswd file. Then we proceeded to join the MAINOFFICE domain with our Windows 2000sp2 test client, and to our surprise it worked flawlessly. We then added users to the smbpasswd file and we could then log in from the W2K box. Not so much as a hiccup. Since we experienced positive results with that, we unjoined the domain with our W2K client and then removed samba from our test box. We then installed Samba on one of production servers that we had slated for this role. We then followed the procedures from above and loaded the same exact smb.conf file we used before and started the services. This time we got a whole new ballgame. When we attempt to join the domain from our test W2k client we get an error message "The account is not authorized to login from this station" Anyone have any ideas? Thanks in advance Bruce P. Morin [global] security = user status = yes workgroup = MAINOFFICE encrypt passwords = yes domain logons =yes logon script = scripts\%U.bat domain admin group = @adm guest account = ftp share modes= no os level=65 [homes] guest ok = no read only = no create mask = 0700 directory mask = 0700 oplocks = false locking = no [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no From muellret at zhwin.ch Thu Oct 4 07:56:04 2001 From: muellret at zhwin.ch (reto mueller) Date: Tue Dec 2 02:36:06 2003 Subject: Samba Head Message-ID: Hello everyone I have just installed the samba head version. The server is working well, but I like to configure the winbind now. I tried to do as descriped in the winbindd man. There is a line where I should copy the winbind.so to /lib and the pam_winbind to /lib/security. And that is the point, I haven't got such a file. I have only two files called pam_windbind.h and pam_winbind.c and when I try make nsswitch/pam_winbind.so an error occurs that pam_winbind.po couln't be found. What can I do to fix this problem or where can I get the pam_winbind.po. I can need every kind of help.. thanks Reto M?ller Content Security by MailMarshal -------------- next part -------------- HTML attachment scrubbed and removed From gustavo.michels at emersonenergy.com Thu Oct 4 08:03:09 2001 From: gustavo.michels at emersonenergy.com (Michels, Gustavo [EES/BR]) Date: Tue Dec 2 02:36:06 2003 Subject: Samba Head Message-ID: <7F0147C496F3D411813C0002B32BF1CC0141F163@eesekkex001.kkekant.ericsson.se> Skipped content of type multipart/alternative From ejs at delfi.lt Thu Oct 4 08:59:03 2001 From: ejs at delfi.lt (Augis) Date: Tue Dec 2 02:36:06 2003 Subject: Strange behaviour while joining domain Message-ID: Hi all, i'm running Samba-2.2.1 on RedHat Linux 7.1 (2.4.2-2 kernel) just logs (loglevel 3): > ----- start PDC1: log.antras > ... > [2000/10/03 14:24:44, 3] smbd/negprot.c:reply_negprot(349) > Requested protocol [PC NETWORK PROGRAM 1.0] > [...] > [2000/10/03 14:24:44, 3] smbd/negprot.c:reply_negprot(349) > Requested protocol [LANMAN2.1] > [2000/10/03 14:24:44, 3] smbd/negprot.c:reply_negprot(349) > Requested protocol [NT LM 0.12] > [2000/10/03 14:24:44, 3] smbd/negprot.c:reply_negprot(433) > Selected protocol NT LM 0.12 > [2000/10/03 14:24:44, 3] smbd/process.c:process_smb(837) > Transaction 2 of length 188 > [2000/10/03 14:24:44, 3] smbd/process.c:switch_message(650) > switch message SMBsesssetupX (pid 4999) > [2000/10/03 14:24:44, 3] smbd/sec_ctx.c:set_sec_ctx(317) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2000/10/03 14:24:44, 3] smbd/reply.c:reply_sesssetup_and_X(866) > Domain=[AIL] NativeOS=[Windows NT 1381] NativeLanMan=[] > [2000/10/03 14:24:44, 3] smbd/reply.c:reply_sesssetup_and_X(876) > sesssetupX:name=[ANTRAS_] > [2000/10/03 14:24:44, 1] smbd/password.c:pass_check_smb(546) > Couldn't find user 'antras_' in UNIX password database. > [2000/10/03 14:24:44, 2] smbd/reply.c:reply_sesssetup_and_X(980) > NT Password did not match for user 'antras_'! > [2000/10/03 14:24:44, 2] smbd/reply.c:reply_sesssetup_and_X(990) > Defaulting to Lanman password for antras_ > [2000/10/03 14:24:44, 1] smbd/password.c:pass_check_smb(546) > Couldn't find user 'antras_' in UNIX password database. > [2000/10/03 14:24:44, 1] smbd/reply.c:reply_sesssetup_and_X(1005) > Rejecting user 'antras_': authentication failed > [2000/10/03 14:24:44, 3] smbd/error.c:error_packet(123) > error string = No such file or directory > [2000/10/03 14:24:44, 3] smbd/error.c:error_packet(130) > 32 bit error packet at line 697 cmd=115 (SMBsesssetupX) > eclass=c000006d [Error: Unknown error (109,49152)] > [2000/10/03 14:24:44, 3] smbd/process.c:timeout_processing(1062) > end of file from client > [2000/10/03 14:24:44, 3] smbd/sec_ctx.c:set_sec_ctx(317) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2000/10/03 14:24:44, 2] smbd/server.c:exit_server(448) > Closing connections > > ----- end PDC1: log.antras The same client is joining other domain: > ----- start PDC2: log.antras > ... > [2001/10/03 18:00:31, 3] smbd/process.c:switch_message(650) > switch message SMBnegprot (pid 1913) > [2001/10/03 18:00:31, 3] smbd/sec_ctx.c:set_sec_ctx(317) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2001/10/03 18:00:31, 3] smbd/negprot.c:reply_negprot(349) > Requested protocol [PC NETWORK PROGRAM 1.0] > [...] > [2001/10/03 18:00:31, 3] smbd/negprot.c:reply_negprot(349) > Requested protocol [LANMAN2.1] > [2001/10/03 18:00:31, 3] smbd/negprot.c:reply_negprot(349) > Requested protocol [NT LM 0.12] > [2001/10/03 18:00:31, 3] smbd/negprot.c:reply_negprot(433) > Selected protocol NT LM 0.12 > [2001/10/03 18:00:31, 3] smbd/process.c:process_smb(837) > Transaction 2 of length 193 > [2001/10/03 18:00:31, 3] smbd/process.c:switch_message(650) > switch message SMBsesssetupX (pid 1913) > [2001/10/03 18:00:31, 3] smbd/sec_ctx.c:set_sec_ctx(317) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2001/10/03 18:00:31, 3] smbd/reply.c:reply_sesssetup_and_X(866) > Domain=[MYGROUP] NativeOS=[Windows NT 1381] NativeLanMan=[] > [2001/10/03 18:00:31, 3] smbd/reply.c:reply_sesssetup_and_X(876) > sesssetupX:name=[ANTRAS$] > [2001/10/03 18:00:31, 3] smbd/error.c:error_packet(130) > 32 bit error packet at line 507 cmd=115 (SMBsesssetupX) > eclass=c0000199 [Error: Unknown error (153,49152)] > [2001/10/03 18:00:31, 3] smbd/process.c:timeout_processing(1062) > end of file from client > [2001/10/03 18:00:31, 3] smbd/sec_ctx.c:set_sec_ctx(317) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2001/10/03 18:00:31, 2] smbd/server.c:exit_server(448) > Closing connections > [2001/10/03 18:00:31, 3] smbd/connection.c:yield_connection(50) > Yielding connection to > [2001/10/03 18:00:31, 3] smbd/server.c:exit_server(483) > Server exit (normal exit) > > ----- end PDC2: log.antras I use the same CDs for install, select the same package set, use the same '/etc/passwd' and '/etc/shadow' files. Samba-2.2.1 is installed from the same RPM file. I use the same /etc/samba/smb.conf file, altering just domain name. This situation occures only when Samba looks for trusted account. Everything else works fine ( so far ;) Any ideas? I've checked RedHat 7.0, 7.0 distributions, Samba-2.2.0, 2.2.1, 2.2.1a - its the same. Changed system time to year 2000 to eliminate time factor or some posssible bug in libc. Nothing helped. It happens on a freshly installed system PDC1: Cyrix586, VIA chipset, 32 Mb RAM and 96 Mb swap PDC2: AMD Athlon, AMD chipset, 128Mb RAM'o and some swap both NICs are 10/100; using rtl8139 chipset, connected to the same hub This started in Friday, somewhere about 14:00 GMT. Untill this time everything worked just fine (well, there were some issues with roaming profiles, but just because some directories were excluded from roaming) All clients are WinNT 4.0 Wks, SP 6a machines. Every NT box i try to join the domain acts exactly the same way. Samba-2.2.1 RPM i'm installing is compiled on Cyrix box. PS: /etc/samba/smb.conf: > [global] > client code page = 775 > character set = iso8859-13 > workgroup = AIL > server string = Samba-2.2.1 > interfaces = 192.168.232.0/24 > encrypt passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > username map = /etc/samba/smbusers > unix password sync = Yes > log level = 3 > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 500 > name resolve order = wins hosts lmhosts bcast > max ttl = 25290 > max open files = 1000 > socket options = TCP_NODELAY IPTOS_LOWDELAY > logon script = scipts\%U.bat > domain logons = Yes > os level = 50 > preferred master = True > domain master = True > wins proxy = Yes > wins support = Yes > hosts allow = 192.168.232. 127. -- Eugenijus Januskevicius Of all men's miseries, the bitterest is this: to know so much and have control over nothing. -- Herodotus From dmair at us.ibm.com Thu Oct 4 10:30:07 2001 From: dmair at us.ibm.com (David Mair) Date: Tue Dec 2 02:36:06 2003 Subject: Password expiration Message-ID: Hello: Has anyone figured out what 'flag' LanManager or NTHash uses to determine if a password is expired and forces the user to reset it? This is a feature I will eventually have to have even if we have to code it ourselves..... Thanks, Dave From trancos at oasi.upc.es Thu Oct 4 10:51:05 2001 From: trancos at oasi.upc.es (=?ISO-8859-1?Q?Sergio_=C1lvarez_Napagao?=) Date: Tue Dec 2 02:36:06 2003 Subject: Big problems updating from 2.0.7 to 2.2.1a Message-ID: Hi, I have to admin a LAN with three Windows PCs (1 Win98, 1 WinNT and 1 Win2k) and a Linux PC that serves as a PDC to the WinNT PC. When I installed the Samba PDC, I was using Samba 2.0.7. After some typical problems, I could configure all well and the PDC worked correctly. WinNT users could log on the Linux server, and in the Microsoft Networking window users could see all the shares. But the problem went when it has become necessary to configure the Win2k in order to log on the Samba. So I had to uninstall 2.0.7 Samba version and install 2.2.1a one. After installing troubles started to appear. At first, in the Microsoft Networking window of any of the three Windows PC I could see at some times the net, but in other times I couldn't, and finally now it's impossible to browse the net at any time. The system gets locked for a minute aproximately and then says that the workgroup is not accessible. I've been trying a lot of configurations, but this seems impossible to repair. If the Windows PCs can't browse the net, it seems obvious that I can't configure any of the Win PCs in order to log on the Samba server. I need help! Thanks a lot, Sergio Alvarez P.D.: Here I attach my config file smb.conf. It worked perfectly with Samba 2.0.7. # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] netbios name = REVISTES # workgroup = NT-Domain-Name or Workgroup-Name workgroup = WG_REVISTES # server string is the equivalent of the NT Description field server string = Servidor del Despatx de Revistes # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. hosts allow = 147.83. browseable = no time server = yes # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest message command = cat %s | write trancos; cat %s | write zeus; rm %s # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m lock dir = /var/lock/samba # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. # security = share security = user # Use password server option only with security = server ; password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply # local master = yes local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes # Use only if you have an NT server on your network that has been # configured at install time to be a primary domain controller. ; domain controller = # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat logon script = login.bat logon drive = F: # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both wins server = 147.83.41.117 # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes [printers] comment = Las impresoras browseable = no public = yes printable = yes guest ok = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no browseable = yes public = no [Profiles] path = /home/profiles browseable = no guest ok = yes [scratch] comment = Espacio de almacenamiento temporal path = /var/spool/samba/scratch writable = yes browseable = yes read only = no delete readonly = no public = yes [utils] comment = Utilidades path = /var/spool/samba/utils writable = no browseable = yes read only = yes public = yes From crotti at hi-think.it Thu Oct 4 11:00:34 2001 From: crotti at hi-think.it (Manuel) Date: Tue Dec 2 02:36:06 2003 Subject: troubles SMBclient vs SMB ! Message-ID: <3BBCF862.60208@hi-think.it> Hi, It's Manuel from Italy. I configured a Samba to work as PDC,everithing is good. I have another linux box, I tried some manners to estabilish a connection via SAMBA. Everithing worked well, with smbclient, smbmount, mount -t smbfs ... mount -t smbfs ? YES but during a session my client crashed (I was testing X-Window...) and now it's a DISASTER. from this client machine I can reach the server only as anonymous user!!! I tried everithing on client side (changin' netbios name, Ip address, Re-installing the system) On the server side I defined another machine$ I GET EVERYTIME THE SAME ERROR: session setup failed: code 0 From other clients (windoze2k) everithing works well, and I can reach all the others but the server from my linux-client What damn it happened? Sorry for the long mail and PLEASE HELPME!!!! From little.idiot at poelzi.org Thu Oct 4 11:08:16 2001 From: little.idiot at poelzi.org (poelzi) Date: Tue Dec 2 02:36:06 2003 Subject: ldap crash Message-ID: <14110.62.154.237.50.1002219015.squirrel@webmail.poelzi.org> hi, i tried samba-tng cvs and the last release openldap 2.15 and all running good. samr and netlogond crashes after they get the account from the ldap with the log after. this is from version tng 2.6.1 i need a long time to find out that --with-ldap=/usr/local/openldap didn't work :) maybe, that the nss_ldap made the lookups into the ldap, cause it worked half. at the end there is a ntlogd with debuglevel 5 who crashed if i try to connect with samedit -S KEN -U root%XXXX -W MCONNEXION by poelzi ==> /usr/local/samba-tng/var/log.samr <== Changed root to / get_user_creds: Got only 20 bytes, expected 24 Setting 0 in 1 groups: 0 adding home directory root at /root msrpc_process: client_name: samr my_name: ken api_pipe_bind_req: \PIPE\samr -> \PIPE\samrd Doing \PIPE\samr api_rpc_command: SAMR_CONNECT Doing \PIPE\samr api_rpc_command: SAMR_ENUM_DOMAINS Doing \PIPE\samr api_rpc_command: SAMR_LOOKUP_DOMAIN Doing \PIPE\samr api_rpc_command: SAMR_CLOSE_HND end of file from client Closing connections Server exit (normal exit) Changed root to / get_user_creds: Got only 20 bytes, expected 24 Setting 0 in 1 groups: 0 adding home directory root at /root msrpc_process: client_name: samr my_name: ken api_pipe_bind_req: \PIPE\samr -> \PIPE\samrd Doing \PIPE\samr api_rpc_command: SAMR_CONNECT Doing \PIPE\samr api_rpc_command: SAMR_OPEN_DOMAIN Setting policy sid=S-1-5-21-737654797-3007802452-2889425168 Service setting policy sid=S-1-5-21-737654797-3007802452-2889425168 Doing \PIPE\samr api_rpc_command: SAMR_OPEN_DOMAIN Setting policy sid=S-1-5-32 Service setting policy sid=S-1-5-32 Doing \PIPE\samr api_rpc_command: SAMR_ENUM_DOM_USERS Connected to LDAP server Searching in [dc=mconnexion,dc=com] for [objectclass=sambaAccount] with scope [2] 23 matching entries found get: [uid] = [lookup] Retrieving account [lookup] get: [uidNumber] = [65536] get: [ntuid] = [lookup] get: [rid] = [10000] get: [acctFlags] = [[U ]] get: [lmPassword] = [XXX here is somthing right XXX] get: [ntPassword] = [XXX here is something xxx] get: [pwdLastSet] = [3b9fcf7c] get: [gidNumber] = [65536] get: [grouprid] = [201] get: [cn] = [lookup] get: [description] = [Mconnexion.com user] get: [smbHome] = [\\%N\%U\Profile] get: [homeDrive] = [H:] get: [script] = [logon.bat] get: [profile] = [\\%N\%U] get: [pwdCanChange] = [3A2CEBFF] get: [pwdMustChange] = [FFFFFFFF] get: [logonTime] = [00000000] get: [logoffTime] = [00000000] get: [kickoffTime] = [00000000] =============================================================== INTERNAL ERROR: Signal 11 in pid 23028 (TNG-alpha) Please read the file BUGS.txt in the distribution =============================================================== Stack backtrace: /usr/local/samba-tng/lib/libsamba.so.0(generate_backtrace+0x29) [0x400d8219] /usr/local/samba-tng/lib/libsamba.so.0 [0x400d8069] /usr/local/samba-tng/lib/libsamba.so.0 [0x400d8186] /lib/libc.so.6 [0x402898d8] /usr/local/samba-tng/lib/libsamba.so.0 [0x400e36ba] /usr/local/samba-tng/lib/libsamba.so.0(standard_sub_vuser+0x32) [0x400e37a2] /usr/local/samba-tng/lib/libsmbpw.so.0 [0x40189bf2] /usr/local/samba-tng/lib/libsmbpw.so.0 [0x4018a024] /usr/local/samba-tng/lib/libsmbpw.so.0(getsam21pwent+0x27) [0x401882a7] /usr/local/samba-tng/lib/libsamrpass.so.0 [0x40175df4] /usr/local/samba-tng/lib/libsamrpass.so.0(_samr_enum_dom_users+0xb3) [0x40176467] /usr/local/samba-tng/sbin/samrd [0x8051975] /usr/local/samba-tng/sbin/samrd [0x8054179] /usr/local/samba-tng/sbin/samrd [0x8054248] /usr/local/samba-tng/sbin/samrd [0x8052e8b] /usr/local/samba-tng/sbin/samrd [0x8053b22] /usr/local/samba-tng/sbin/samrd [0x8053e82] /usr/local/samba-tng/sbin/samrd [0x8054339] /usr/local/samba-tng/sbin/samrd [0x804ebfd] /usr/local/samba-tng/sbin/samrd [0x804f4a5] /usr/local/samba-tng/sbin/samrd(main+0x598) [0x804ea10] /lib/libc.so.6(__libc_start_main+0xbb) [0x402796ef] /usr/local/samba-tng/sbin/samrd(samr_io_r_del_groupmem+0x31) [0x804dce1] This program is now stopped for 60 seconds. You can use this time to attach gdb to this process. The command to do so is probably: gdb /usr/local/samba-tng/sbin/DAEMON 23028 At the (gdb) prompt, please type `bt'. If you're done with gdb, you can type `kill' and `quit'. [global] # ldap stuff ldap suffix = "dc=mconnexion,dc=com" ldap bind as = "cn=manager,dc=mconnexion,dc=com" ldap passwd file = /etc/ldappasswd # if the ldap server resides in the same machine you can use localhost ldap server = localhost ldap port = 389 ldap scope = sub # the password will expire in 30 days since the last change password expire time = 30 comment = Linux Auth Samba-TNG Server workgroup = MCONNEXION netbios name = KEN security = user status = yes #wins server = 157.27.252.10 null passwords = yes encrypt passwords = yes domain logons = yes logon drive = H: logon script = scripts\startup.bat #logon home = \\KEN\homes # Many different ways of doing a roaming profile ;logon path = \\%N\%U\Profile ;logon path = \\%N\%H\Profile ;logon path = \\KEN\profiles\%U ;logon path = \\%N\profiles\%U # My preferred mandatory profile # Make it ending with .man, if you want not to allow users # to login if profile is not available #logon path = \\KEN\profiles\default.man guest account = nobody share modes = no os level = 65 local master = yes domain master = yes preferred master = yes /etc/samba-tng/smb.conf # Make it ending with .man, if you want not to allow users # to login if profile is not available #logon path = \\KEN\profiles\default.man guest account = nobody share modes = no os level = 65 local master = yes domain master = yes preferred master = yes ; sync samba with unix password unix password sync = yes passwd program = /usr/local/sbin/ldapsync.pl -o %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying* ;passwd chat debug = Yes ;debug level = 100 time server = yes [homes] guest ok = no read only = no create mask = 0700 directory mask = 0700 oplocks = false level 2 oplocks = false locking = no [netlogon] ;utmp = yes path = /var/domain/netlogon writeable = no guest ok = no ; netlogon share must (?) be browsable for the profiles browseable = no public = no ;preexec = echo "%T - user %u connected to %S from %m (%I)" >>/tmp/log ;postexec = echo "%T - user %u disconnected from %S from %m (%I)" >>/tmp/log [profiles] path = /var/domain/profiles writeable = yes browseable = no create mode = 0644 directory mode = 0755 guest ok = yes (END) ---------------------------- ntlogd with debug 5 Changed root to / get_user_creds: Got only 24 bytes, expected 28 000000 creds_io_cmd creds 000004 vuid_io_key key 0004 pid : 00005b74 0008 vuid: 0065 000000 vuid_io_key key 0000 pid : 00005b74 0004 vuid: 0065 become_unix_sec_ctx: 0 0 1 0x80e4580 Setting 0 in 1 groups: 0 become_unix_sec_ctx uid=(0,0) gid=(0,0) vuser=(23412,65) 000000 vuid_io_key key 0000 pid : 00005b74 0004 vuid: 0065 adding home directory root at /root Serverzone is -7200 msrpc_process: client_name: netlogon my_name: ken 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr 000000 vuid_io_key key 0000 pid : 00005b74 0004 vuid: 0065 Skipping become_unix_sec_ctx - already user api_pipe_bind_req: decode request. 385 api_pipe_bind_req: \PIPE\netlogon -> \PIPE\netlogond 000000 smb_io_rpc_hdr_rb api_pipe_bind_req: make response. 332 000000 smb_io_rpc_hdr_ba 000000 smb_io_rpc_hdr 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr_req req 000000 vuid_io_key key 0000 pid : 00005b74 0004 vuid: 0065 Skipping become_unix_sec_ctx - already user Doing \PIPE\netlogon api_rpc_command: api_netlog_rpc op 0x4 - NET_REQCHAL 000008 net_io_q_req_chal root is in 1 groups: 0 uid 0 registered to name root Clearing default real name User name: root Real name: root uid 0 vuid 100 registered to unix name root 000000 vuid_io_key key 0000 pid : 00005b76 0004 vuid: 0064 ncalrpc_l_establish_connection: connecting to lsarpc 000004 creds_io_cmd creds 000008 vuid_io_key key 0008 pid : 00005b76 000c vuid: 0064 Bind RPC Pipe: \PIPE\lsarpc Bind Abstract Syntax: [000] 78 57 34 12 34 12 CD AB EF 00 01 23 45 67 89 AB xW4.4... ...#Eg.. [010] 00 00 00 00 .... Bind Transfer Syntax: [000] 04 5D 88 8A EB 1C C9 11 9F E8 08 00 2B 10 48 60 .]...... ....+.H` [010] 02 00 00 00 .... 000000 smb_io_rpc_hdr_rb 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 68 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 68 rpc_api_pipe: return OK 000000 smb_io_rpc_hdr_ba bind_rpc_pipe: pipe_name \PIPE\lsass != expected pipe \PIPE\lsarpcd. oh well! bind_rpc_pipe: accepted! LSA Open Policy2 make_open_pol2: attr:0 da:33554432 make_lsa_obj_attr 000000 lsa_io_q_open_pol2 create_rpc_request: opnum: 0x2c data_len: 0x4c 000000 smb_io_rpc_hdr hdr 000010 smb_io_rpc_hdr_req hdr_req 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 000000 lsa_io_r_open_pol2 Opened policy hnd[1] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 01 00 00 00 .... Found policy hnd[1] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 01 00 00 00 .... policy(pnum=1 ): Setting policy state setting policy con LSA Open Secret make_q_open_secret 000000 lsa_io_q_open_secret Found policy hnd[1] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 01 00 00 00 .... policy(pnum=1 ): Getting policy state Getting policy con state create_rpc_request: opnum: 0x1c data_len: 0x5c 000000 smb_io_rpc_hdr hdr 000010 smb_io_rpc_hdr_req hdr_req 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 000000 lsa_io_r_open_secret Found policy hnd[1] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 01 00 00 00 .... policy(pnum=1 ): Getting policy state Getting policy con state Found policy hnd[1] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 01 00 00 00 .... policy(pnum=1 ): Duplicating policy Opened policy hnd[2] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 02 00 00 00 .... Found policy hnd[2] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 02 00 00 00 .... policy(pnum=2 ): Setting policy state setting policy con Found policy hnd[2] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 02 00 00 00 .... policy(pnum=2): setting name to LSA_OPENSECRET LSA Query Secret make_q_query_secret 000000 lsa_io_q_query_secret Found policy hnd[2] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 02 00 00 00 .... policy(pnum=2 LSA_OPENSECRET): Getting policy state Getting policy con state create_rpc_request: opnum: 0x1e data_len: 0x40 000000 smb_io_rpc_hdr hdr 000010 smb_io_rpc_hdr_req hdr_req 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 96 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 96 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 000000 lsa_io_r_query_secret Found policy hnd[2] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 02 00 00 00 .... policy(pnum=2 LSA_OPENSECRET): Getting policy state Getting policy con state LSA Close make_lsa_q_close 000000 lsa_io_q_close Found policy hnd[2] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 02 00 00 00 .... policy(pnum=2 LSA_OPENSECRET): Getting policy state Getting policy con state create_rpc_request: opnum: 0x0 data_len: 0x2c 000000 smb_io_rpc_hdr hdr 000010 smb_io_rpc_hdr_req hdr_req 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 000000 lsa_io_r_close Found policy hnd[2] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 02 00 00 00 .... policy(pnum=2 LSA_OPENSECRET): Closing LSA Close make_lsa_q_close 000000 lsa_io_q_close Found policy hnd[1] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 01 00 00 00 .... policy(pnum=1 ): Getting policy state Getting policy con state create_rpc_request: opnum: 0x0 data_len: 0x2c 000000 smb_io_rpc_hdr hdr 000010 smb_io_rpc_hdr_req hdr_req 000000 smb_io_rpc_hdr hdr rpc_check_hdr: rdata->data_size: 48 000000 smb_io_rpc_hdr rpc_hdr rpc_check_hdr: (after smb_io_rpc_hdr call) rdata->data_size: 48 000010 smb_io_rpc_hdr_resp rpc_hdr_resp 000000 lsa_io_r_close Found policy hnd[1] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 77 5B 00 00 .......O .L..w[.. [010] 01 00 00 00 .... policy(pnum=1 ): Closing cred_session_key clnt_chal: 594FFE929B33BCCE srv_chal : 706B82DB3EBB57B2 clnt+srv : C9BA806ED9EE1381 sess_key : C7550EAECF493FFD 000000 net_io_r_req_chal create_noauth_reply: data_start: 0 data_end: 12 max_tsize: 5680 000000 smb_io_rpc_hdr rhdr 000010 smb_io_rpc_hdr_resp resp WARNING: prs_create initialised a buffer in marshalling-mode 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr_req req 000000 vuid_io_key key 0000 pid : 00005b74 0004 vuid: 0065 Skipping become_unix_sec_ctx - already user Doing \PIPE\netlogon api_rpc_command: api_netlog_rpc op 0xf - NET_AUTH2 000008 net_io_q_auth_2 cred_create sess_key : C7550EAECF493FFD stor_cred: 594FFE929B33BCCE timestamp: 0 timecred : 594FFE929B33BCCE calc_cred: 0A1F7E4741605F39 cred_assert challenge : 0A1F7E4741605F39 calculated: 0A1F7E4741605F39 credentials check ok cred_create sess_key : C7550EAECF493FFD stor_cred: 706B82DB3EBB57B2 timestamp: 0 timecred : 706B82DB3EBB57B2 calc_cred: AAA0072AB545A5A6 000000 net_io_r_auth_2 create_noauth_reply: data_start: 0 data_end: 16 max_tsize: 5680 000000 smb_io_rpc_hdr rhdr 000010 smb_io_rpc_hdr_resp resp WARNING: prs_create initialised a buffer in marshalling-mode 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr hdr 000000 smb_io_rpc_hdr_req req 000000 vuid_io_key key 0000 pid : 00005b74 0004 vuid: 0065 Skipping become_unix_sec_ctx - already user Doing \PIPE\netlogon api_rpc_command: api_netlog_rpc op 0x2 - NET_SAMLOGON 000008 net_io_q_sam_logon deal_with_creds: 187 cred_create sess_key : C7550EAECF493FFD stor_cred: 0A1F7E4741605F39 timestamp: 3bbca52e timecred : 38C43A8341605F39 calc_cred: 8FCC313935F2AF88 cred_assert challenge : 8FCC313935F2AF88 calculated: 8FCC313935F2AF88 credentials check ok deal_with_creds: new_cred[0]=833ac439 deal_with_creds: new_clnt_time=3bbca52f cred_create sess_key : C7550EAECF493FFD stor_cred: 0A1F7E4741605F39 timestamp: 3bbca52f timecred : 39C43A8341605F39 calc_cred: E4F46E3A02FEC4F6 deal_with_creds: clnt_cred=0A1F7E4741605F39 SAM Logon (Network). Domain:[MCONNEXION] User:[ROOT] Opened policy hnd[3] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 76 5B 00 00 .......O .L..v[.. [010] 01 00 00 00 .... Found policy hnd[3] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 76 5B 00 00 .......O .L..v[.. [010] 01 00 00 00 .... policy(pnum=3): setting name to sam_connect Found policy hnd[3] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 76 5B 00 00 .......O .L..v[.. [010] 01 00 00 00 .... Found policy hnd[3] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 76 5B 00 00 .......O .L..v[.. [010] 01 00 00 00 .... Getting policy vuser_key pnum=3 pid=23412 vuid=65 Opened policy hnd[4] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 76 5B 00 00 .......O .L..v[.. [010] 02 00 00 00 .... Found policy hnd[4] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 76 5B 00 00 .......O .L..v[.. [010] 02 00 00 00 .... policy(pnum=4): setting name to sam_domain Setting policy sid=S-1-5-21-737654797-3007802452-2889425168 Found policy hnd[4] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 76 5B 00 00 .......O .L..v[.. [010] 02 00 00 00 .... policy(pnum=4 sam_domain): Setting policy state Service setting policy sid=S-1-5-21-737654797-3007802452-2889425168 _samr_open_domain: 262 samr_lookup_names: 1513 Found policy hnd[4] [000] 00 00 00 00 00 0B AA 4F FF 4C C1 01 76 5B 00 00 .......O .L..v[.. [010] 02 00 00 00 .... policy(pnum=4 sam_domain): Getting policy state Getting policy sid=S-1-5-21-737654797-3007802452-2889425168 pol_sid: MCONNEXION (S-1-5-21-737654797-3007802452-2889425168) Connected to LDAP server Searching in [dc=mconnexion,dc=com] for [(&(ntuid=ROOT) (objectclass=sambaAccount))] with scope [2] 1 matching entries found get: [uid] = [root] Retrieving account [root] get: [uidNumber] = [0] get: [ntuid] = [root] get: [rid] = [1f4] get: [acctFlags] = [[U ]] get: [lmPassword] = [B45AE75B29647E5CAAD3B435B51404EE] get: [ntPassword] = [18B9C48CB9A75535058BA36BDC3F3154] get: [pwdLastSet] = [3bbc8893] getsamfile21pwent get: [gidNumber] = [0] get: [grouprid] = [200] get: [cn] = [root] get: [description] = [Mconnexion.com user] get: [smbHome] = [\\%N\%U\Profile] get: [homeDrive] = [H:] get: [script] = [logon.bat] get: [profile] = [\\%N\%U] get: [pwdCanChange] = [3A2CEBFF] get: [pwdMustChange] = [FFFFFFFF] get: [logonTime] = [00000000] get: [logoffTime] = [00000000] get: [kickoffTime] = [00000000] Home server: ken =============================================================== INTERNAL ERROR: Signal 11 in pid 23414 (TNG-alpha) Please read the file BUGS.txt in the distribution =============================================================== Stack backtrace: /usr/local/samba-tng/lib/libsamba.so.0(generate_backtrace+0x29) [0x400dc219] /usr/local/samba-tng/lib/libsamba.so.0 [0x400dc069] /usr/local/samba-tng/lib/libsamba.so.0 [0x400dc186] /lib/libc.so.6 [0x402898d8] /usr/local/samba-tng/lib/libsamba.so.0 [0x400e76ba] /usr/local/samba-tng/lib/libsamba.so.0(standard_sub_vuser+0x32) [0x400e77a2] /usr/local/samba-tng/lib/libsmbpw.so.0 [0x4018dbf2] /usr/local/samba-tng/lib/libsmbpw.so.0 [0x4018df69] /usr/local/samba-tng/lib/libsmbpw.so.0(getsam21pwntnam+0x27) [0x4018c65f] /usr/local/samba-tng/lib/libsamrpass.so.0 [0x401797b3] /usr/local/samba-tng/lib/libsamrpass.so.0 [0x401798ee] /usr/local/samba-tng/lib/libsamrpass.so.0(lookup_name+0x40) [0x4017994c] /usr/local/samba-tng/lib/libsamrpass.so.0(_samr_lookup_names+0x28c) [0x4017ca3c] /usr/local/samba-tng/sbin/netlogond [0x804f03c] /usr/local/samba-tng/sbin/netlogond [0x8050c84] /usr/local/samba-tng/sbin/netlogond [0x8051b2f] /usr/local/samba-tng/sbin/netlogond [0x8053fc9] /usr/local/samba-tng/sbin/netlogond [0x8054098] /usr/local/samba-tng/sbin/netlogond [0x8051ccf] /usr/local/samba-tng/sbin/netlogond [0x8053972] /usr/local/samba-tng/sbin/netlogond [0x8053cd2] /usr/local/samba-tng/sbin/netlogond [0x8054189] /usr/local/samba-tng/sbin/netlogond [0x804d43d] /usr/local/samba-tng/sbin/netlogond [0x804dce5] /usr/local/samba-tng/sbin/netlogond(main+0x598) [0x804d250] /lib/libc.so.6(__libc_start_main+0xbb) [0x402796ef] /usr/local/samba-tng/sbin/netlogond(get_trusted_serverlist+0x3d) [0x804c521] This program is now stopped for 60 seconds. You can use this time to attach gdb to this process. The command to do so is probably: gdb /usr/local/samba-tng/sbin/DAEMON 23414 At the (gdb) prompt, please type `bt'. If you're done with gdb, you can type `kill' and `quit'. -- nihil back ----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ From awilliam at whitemice.org Thu Oct 4 17:34:01 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:36:06 2003 Subject: Password expiration In-Reply-To: References: Message-ID: <1002242143.18288.1.camel@estate1.whitemice.org> > Has anyone figured out what 'flag' LanManager or NTHash uses to determine > if a password is expired and forces the user to reset it? This is a > feature I will eventually have to have even if we have to code it > ourselves..... Someone has figured it out, as last I checked TNG claimed to support password expiration. I've been eagerly awaiting someone bringing that feature to Samba 2.x.x From npande at bajajauto.co.in Thu Oct 4 20:10:06 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:06 2003 Subject: Linux does not join NT-Domain References: <3BB979EE.1070104@uniten.edu.my> <3BB98C4E.6D872427@bajajauto.co.in> <1002164008.2282.2.camel@udippel.coe.uniten.edu.my> Message-ID: <3BBD2506.2DC4A8A6@bajajauto.co.in> Uwe, I'm sorry! I should have posted the Win to Unix joining too. Here it is: Make sure you set up 'domain admin users' in smb.conf. Map this account to root in smbusers file and adding a user root to smbpasswd may also be necessary. However, creating machine trust account through Windows Net->Properties leads to disabled account. Enable it with webmin or look at smbpasswd file - remove letter D at the right side of appropriate string. Then, close Net->Properties applets window and join domain again without creating an account. Uwe Dippel wrote: > Dear Nitin Pande, > > thanks for your help ! - The approach is the one when joining WinNT to a > Lin-Domain; but my problem is the other way round ... > > Thanks nevertheless, > > Uwe > > On Tue, 2001-10-02 at 17:43, NITIN PANDE wrote: > > Uwe, > > Create Unix account with no shell, no home, no password... > > And > > # smbpasswd -a -m > > Join domain without creating trust account from Win side. > > HTH, Ciao > > > > Nitin Pande > > Mail Administrator > > Bajaj Auto Ltd. > > > > Uwe Dippel wrote: > > > > > I am sure, that it is my mistake. - I am trying to join an NT-Domain > > > without success: > > > smbpasswd -j DOMNAME > > > gives the following result: > > > "cli_net_auth2: Error NT_STATUS_ACCESS_DENIED > > > cli_nt_setup_creds: auth2 challenge failed > > > modify_trust_password: unable to setup the PDC credentials to machine > > > LIB-DOMAIP-01. Error was : NT_STATUS_ACCESS_DENIED. > > > 2001/10/02 13:08:06 : change_trust_account_password: Failed to change > > > password for domain DOMNAME." > > > The account for the NetBIOS-Name has been created; I tried with Security > > > = Server and Security = Domain. > > > > > > Any hints? > > > > > > Uwe From joe_tseng at hotmail.com Thu Oct 4 20:33:01 2001 From: joe_tseng at hotmail.com (Joe Tseng) Date: Tue Dec 2 02:36:06 2003 Subject: Samba PDC password sync Message-ID: Has anyone been able to make their Samba PDC work so that changes to /etc/passwd would be made automatically to smbpasswd and vice versa? If so, what are the magic config lines in smb.conf to make this happen? I have been trying to do this so passwords can be changed either from the *nix shell or from W2k. Joe Tseng userid: joe_tseng / domain: hotmail.com __________________________________________________ "I think there is a world market for maybe five computers." - Thomas Watson, IBM, 1943 From npande at bajajauto.co.in Thu Oct 4 21:55:01 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:06 2003 Subject: Samba PDC password sync References: Message-ID: <3BBD3D83.F41EEF9E@bajajauto.co.in> Joe, Last I had checked, there was no automatic way to transfer passwords. You have to run that mkpasswd (not exact name!) script. If you want to keep updating the /etc/passwd file you could write a small script that each time a user password is changed, it will run that mkpasswd script thingy. HTH, Ciao, Nitin Pande Mail Administrator Ext. 6960 Joe Tseng wrote: > Has anyone been able to make their Samba PDC work so that changes to > /etc/passwd would be made automatically to smbpasswd and vice versa? If so, > what are the magic config lines in smb.conf to make this happen? I have > been trying to do this so passwords can be changed either from the *nix > shell or from W2k. > > Joe Tseng > userid: joe_tseng / domain: hotmail.com > __________________________________________________ > > "I think there is a world market for maybe five computers." - Thomas Watson, > IBM, 1943 From npande at bajajauto.co.in Thu Oct 4 22:00:06 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:07 2003 Subject: Please Help - Account Not Authorized Error References: <1002200825.25227.39.camel@sfp01> Message-ID: <3BBD3EDE.CAEF777E@bajajauto.co.in> The trust account is machine specific. Since you added the machine account manually in your smb.conf, it (probably) is causing problems in the new box. I would suggest you rid the manual part and add the trust account using this: smbpasswd -a -m HTH, Ciao, Nitin Pande Mail Administrator WebGuardian wrote: > Hello, > > We have a situation here that we sure could use some help on. Let me > explain what we did so far: > > On a test Red Hat 7.1 box we installed Samba 2.2.1a. From there we > created the below smb.conf file and manually added the machine account > to the system and then added it to the smbpasswd file. We then added the > root account to the smbpasswd file. > > Then we proceeded to join the MAINOFFICE domain with our Windows 2000sp2 > test client, and to our surprise it worked flawlessly. We then added > users to the smbpasswd file and we could then log in from the W2K box. > Not so much as a hiccup. > > Since we experienced positive results with that, we unjoined the domain > with our W2K client and then removed samba from our > test box. We then installed Samba on one of production servers that we > had slated for this role. We then followed the procedures > from above and loaded the same exact smb.conf file we used before and > started the services. > > This time we got a whole new ballgame. When we attempt to join the > domain from our test W2k client we get an error message > "The account is not authorized to login from this station" > > Anyone have any ideas? > > Thanks in advance > > Bruce P. Morin > > > [global] > security = user > status = yes > workgroup = MAINOFFICE > encrypt passwords = yes > domain logons =yes > logon script = scripts\%U.bat > domain admin group = @adm > guest account = ftp > share modes= no > os level=65 > > [homes] > guest ok = no > read only = no > create mask = 0700 > directory mask = 0700 > oplocks = false > locking = no > [netlogon] > > path = /usr/local/samba/netlogon > writeable = no > guest ok = no From npande at bajajauto.co.in Thu Oct 4 22:04:02 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:07 2003 Subject: Having major permissions problems References: Message-ID: <3BBD3FC9.7007FCE3@bajajauto.co.in> David, Make a new group and add the users to that group. Then deny that group execute permission of those particular programs. HTH, Ciao, Nitin Pande Mail Administrator David Mair wrote: > Hello: > > I sent a note a few days ago slightly related to this topic. We're running > Samba 2.2.1a on RH 7.1 as a PDC. I've been attempting to setup a > customized security template and group policy objects for W2K clients. As > I was configuring these I began to notice that whenever I denied > local_machine\users permissions _all_ of my administrative ID's (local and > domain) also became subject to the same permissions. > > For example: I deny read&execute permission for (local_machine\users) on a > particular application. When applied, NO ONE can run the application > including administrators. Fortunately, administrator still retains the > right to change permissions. Am I doing something wrong here? Anyone else > experienced this same problem? > > Specifics: > > Samba 2.2.1a on RH 7.1 PDC > Clients are running W2K SP1. > > Thanks, > > Dave > > Consultant, n.: [From con "to defraud, dupe, swindle," or, possibly, > French con (vulgar) "a person of little merit" + sult elliptical form of > "insult."] A tipster disguised as an oracle, especially one who has > learned to decamp at high speed in spite of a large briefcase and heavy > wallet. From npande at bajajauto.co.in Thu Oct 4 22:27:02 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:07 2003 Subject: Samba Woes ---need help References: Message-ID: <3BBD44B7.4A72755F@bajajauto.co.in> Darryl, If I'm not mistaken your linux box in not mounting the NT shares. Actually, this was the very first problem I faced with Samba. See if you can resolve names of M$ machines. Then mount there shares. Better still get xSMBrowser, it's gui interface gives you M$ box feel and look. HTH, Nitin Pande Mail Administrator Darryl Goodridge wrote: > I am running a samba server on an NT domain. > I can see the server from my Wndows machines ,and read my my unix files,but > I cannot see the windows files from the linux machine or print to a printer > attached to one of the windows machines.At best I can send a pop up message > to my NT server.Can someone help me? From idra at samba.org Thu Oct 4 23:52:02 2001 From: idra at samba.org (Simo Sorce) Date: Tue Dec 2 02:36:07 2003 Subject: Samba PDC password sync In-Reply-To: <3BBD3D83.F41EEF9E@bajajauto.co.in>; from npande@bajajauto.co.in on Fri, Oct 05, 2001 at 10:26:35AM +0530 References: <3BBD3D83.F41EEF9E@bajajauto.co.in> Message-ID: <20011004235109.A31229@va.samba.org> No. that script, only create users in smbpasswd from /etc/passwd, do no convert any password. The only way to synchronize is to change password with smbpasswd and have unix password sync option in smb.conf. It is not possible to sync changes made from windows unless you use plain text passwords, which is impossible in a domain environment. This is not a problem of samba, this happen becuse encrypted password are sent from windows and stored as is and does not any function that can convert the windows encrypted passwords into unix crypt or md5 compatible ones. On Fri, Oct 05, 2001 at 10:26:35AM +0530, NITIN PANDE wrote: > Joe, > Last I had checked, there was no automatic way to transfer passwords. You have > to run that mkpasswd (not exact name!) script. If you want to keep updating the > /etc/passwd file you could write a small script that each time a user password > is changed, it will run that mkpasswd script thingy. HTH, > Ciao, > Nitin Pande > Mail Administrator > Ext. 6960 > > Joe Tseng wrote: > > > Has anyone been able to make their Samba PDC work so that changes to > > /etc/passwd would be made automatically to smbpasswd and vice versa? If so, > > what are the magic config lines in smb.conf to make this happen? I have > > been trying to do this so passwords can be changed either from the *nix > > shell or from W2k. > > > > Joe Tseng > > userid: joe_tseng / domain: hotmail.com > > __________________________________________________ > > > > "I think there is a world market for maybe five computers." - Thomas Watson, > > IBM, 1943 > > -- Simo Sorce idra@samba.org ------------------------------- Samba Team http://www.samba.org From joe_tseng at hotmail.com Fri Oct 5 06:32:03 2001 From: joe_tseng at hotmail.com (Joe Tseng) Date: Tue Dec 2 02:36:07 2003 Subject: Samba PDC password sync References: <3BBD3D83.F41EEF9E@bajajauto.co.in> <20011004235109.A31229@va.samba.org> Message-ID: Last night when I reread the smb.conf man page there were two small passages of interest: Update encrypted: "In order for this parameter to work correctly the encrypt passwords parameter must be set to no when this parameter is set to yes." Encrypt passwords: "...Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed." - What is that registry entry? - Should disabling the use of encrypted passwords be done? Is it discouraged? - Password sync worked when I used Webmin with Samba 2.0.x. How come that doesn't work with 2.2.x? ----- Original Message ----- From: "Simo Sorce" To: "NITIN PANDE" Cc: "Joe Tseng" ; Sent: Friday, October 05, 2001 2:51 AM Subject: Re: Samba PDC password sync > It is not possible to sync changes made from windows unless you use plain text > passwords, which is impossible in a domain environment. > This is not a problem of samba, this happen becuse encrypted password are sent > from windows and stored as is and does not any function that can convert the > windows encrypted passwords into unix crypt or md5 compatible ones. > > > Last I had checked, there was no automatic way to transfer passwords. You have > > to run that mkpasswd (not exact name!) script. If you want to keep updating the > > /etc/passwd file you could write a small script that each time a user password > > is changed, it will run that mkpasswd script thingy. HTH, > > > > > Has anyone been able to make their Samba PDC work so that changes to > > > /etc/passwd would be made automatically to smbpasswd and vice versa? If so, > > > what are the magic config lines in smb.conf to make this happen? I have > > > been trying to do this so passwords can be changed either from the *nix > > > shell or from W2k. From kristoph at insidebeat.net Fri Oct 5 06:43:04 2001 From: kristoph at insidebeat.net (Kristoph - InsideBeat.net) Date: Tue Dec 2 02:36:07 2003 Subject: Samba PDC password sync In-Reply-To: Message-ID: The registry entry is as follows.... HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param eters\enableplaintextpassword set it to 1 if you want to turn off password encryption.. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Joe Tseng Sent: 05 October 2001 14:34 To: samba-ntdom@lists.samba.org Subject: Re: Samba PDC password sync Last night when I reread the smb.conf man page there were two small passages of interest: Update encrypted: "In order for this parameter to work correctly the encrypt passwords parameter must be set to no when this parameter is set to yes." Encrypt passwords: "...Windows NT 4.0 SP3 and above and also Windows 98 will by default expect encrypted passwords unless a registry entry is changed." - What is that registry entry? - Should disabling the use of encrypted passwords be done? Is it discouraged? - Password sync worked when I used Webmin with Samba 2.0.x. How come that doesn't work with 2.2.x? ----- Original Message ----- From: "Simo Sorce" To: "NITIN PANDE" Cc: "Joe Tseng" ; Sent: Friday, October 05, 2001 2:51 AM Subject: Re: Samba PDC password sync > It is not possible to sync changes made from windows unless you use plain text > passwords, which is impossible in a domain environment. > This is not a problem of samba, this happen becuse encrypted password are sent > from windows and stored as is and does not any function that can convert the > windows encrypted passwords into unix crypt or md5 compatible ones. > > > Last I had checked, there was no automatic way to transfer passwords. You have > > to run that mkpasswd (not exact name!) script. If you want to keep updating the > > /etc/passwd file you could write a small script that each time a user password > > is changed, it will run that mkpasswd script thingy. HTH, > > > > > Has anyone been able to make their Samba PDC work so that changes to > > > /etc/passwd would be made automatically to smbpasswd and vice versa? If so, > > > what are the magic config lines in smb.conf to make this happen? I have > > > been trying to do this so passwords can be changed either from the *nix > > > shell or from W2k. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.282 / Virus Database: 150 - Release Date: 25/09/2001 From awilliam at whitemice.org Fri Oct 5 06:46:03 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:36:07 2003 Subject: Samba PDC password sync In-Reply-To: Message-ID: >Last night when I reread the smb.conf man page there were two small passages >of interest: >Update encrypted: >"In order for this parameter to work correctly the encrypt passwords >parameter must be set to no when this parameter is set to yes." >Encrypt passwords: >"...Windows NT 4.0 SP3 and above and also Windows 98 will by default expect >encrypted passwords unless a registry entry is changed." >- What is that registry entry? It is in the Samba tar-ball somewhere if I remember correctly. >- Should disabling the use of encrypted passwords be done? No. > Is is discouraged? Yes. Fire up ethereal on a Linux laptop, and capture everyone's clear text password. Sounds like a bad idea to me. Also your Samba server looses the ability to DC or handle machine accounts. >- Password sync worked when I used Webmin with Samba 2.0.x. How come that >doesn't work with 2.2.x? It does, or as well as it did in 2.0.x. It is working here. From Travis.VanSciver at veritect.com Fri Oct 5 09:28:04 2001 From: Travis.VanSciver at veritect.com (Van Sciver, Travis) Date: Tue Dec 2 02:36:07 2003 Subject: unsubscribe Message-ID: -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 1640 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011005/b5c7ff49/attachment.bin From jon at yackgoggleclick.com Fri Oct 5 10:28:02 2001 From: jon at yackgoggleclick.com (Jon Agland) Date: Tue Dec 2 02:36:07 2003 Subject: unsubscribe References: Message-ID: <002c01c14dc3$58e5c820$0428a8c0@furtheraway> Hi mate i don't think thats the way to unsubscribe - heres the info you need on doing so; Jon Agland ntl: Newport VISP Support Agent University of Wales Swansea Computer Science Undergraduate Contact Details Mobile: 07779259661, 07941018761, and 07763601184 University Landline: 0870282420 Personal E-mail: jon@yackgoggleclick.com University E-mail: 197280@swan.ac.uk Work E-mail: jon.agland@ntl.com ICQ: 132480600 ****************************** Original Message Follows: Welcome to the samba-ntdom@lists.samba.org mailing list! To post to this list, send your email to: samba-ntdom@lists.samba.org General information about the mailing list is at: http://lists.samba.org/listinfo/samba-ntdom If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: http://lists.samba.org/options/samba-ntdom/jon%40yackgoggleclick.com You can also make such adjustments via email by sending a message to: samba-ntdom-request@lists.samba.org with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. It is: ************* my password ******** If you forget your password, don't worry, you will receive a monthly reminder telling you what all your lists.samba.org mailing list passwords are, and how to unsubscribe or change your options. There is also a button on your options page that will email your current password to you. You may also have your password mailed to you automatically off of the Web page noted above. ----- Original Message ----- From: "Van Sciver, Travis" To: "'samba-ntdom'" Sent: Friday, October 05, 2001 5:30 PM Subject: unsubscribe > > From hbrown at doc-it.net Fri Oct 5 12:32:04 2001 From: hbrown at doc-it.net (Howard Brown) Date: Tue Dec 2 02:36:07 2003 Subject: Delete Security Rights Message-ID: Hi, From kevin at ShopsForMe.com Fri Oct 5 12:55:18 2001 From: kevin at ShopsForMe.com (Hanser, Kevin) Date: Tue Dec 2 02:36:07 2003 Subject: samba BDC Message-ID: <20EBFFBA752CD511A57700902798AD62085C@primary.shopsforme.com> I've been looking thru the mailing lists, and the web site, for imformation on using samba as a BDC. I've found a number of messages relating to PDC, and a few regarding BDC... most of the references to BDC say something like it isn't "fully implemented" yet. I haven't been able to find anything specific though... when you say it isn't "fully implemented", what does that mean? Is it partially functional? If so, what is the stuff that is functional, and what sort of things don't work? Thanx! Kevin Hanser System Administrator Merchant Internet Group, Inc. ShopsForMe.com kevin@merchantinternetgroup.com kevin@shopsforme.com From nicolas.dupre at wanadoo.fr Fri Oct 5 13:18:02 2001 From: nicolas.dupre at wanadoo.fr (Nicolas Dupre) Date: Tue Dec 2 02:36:08 2003 Subject: samba 2.2.1 Message-ID: <000c01c14dda$df19bde0$a6ff80d9@versailles.fr> hello, I need to knox before installing Samba on a production server if we can use the NT administration tools (those which are included with NT server) to manage the user accounts, the samba server (shared directories etc.). I explain my environnement : 1 linux server (the files, print and authentification server, 23 Win2000 Pro stations and some Win98 stations ; instead of spending money on licenses to Microsoft, I would like tu use a free and stable product. Can anyone help me? Thanx a lot for you support (ndupre@free.fr) -------------- next part -------------- HTML attachment scrubbed and removed From sevans at foundation.sdsu.edu Fri Oct 5 13:21:10 2001 From: sevans at foundation.sdsu.edu (Steve Evans) Date: Tue Dec 2 02:36:08 2003 Subject: Samba and Windows 2000 Active Directory Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A71F9@foundation.foundation.sdsu.edu> Anyone have any documentation on how to integrate the two? Steve -------------- next part -------------- HTML attachment scrubbed and removed From sevans at foundation.sdsu.edu Fri Oct 5 13:27:03 2001 From: sevans at foundation.sdsu.edu (Steve Evans) Date: Tue Dec 2 02:36:08 2003 Subject: Samba and Windows 2000 Active Directory Message-ID: <20C245C5F9A41949A359CCDBF4B3ADED2A71FA@foundation.foundation.sdsu.edu> Anyone have any documentation on how to integrate the two? Steve From abartlet at pcug.org.au Fri Oct 5 18:25:12 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:36:08 2003 Subject: user password timeout (password expiry) References: <20011003141010.AAA1395@mail.streamgate.de@there> <3BBC1300.6EA9035D@bartlett.house> <20011004193636.AAA19964@mail.streamgate.de@there> Message-ID: <3BBE5DD8.5373B310@bartlett.house> Bernhard Hornung wrote: > > Thank you very much for answering my questions! > > I will look into this and will probaply ask some questios to the ntdom list > ;-) For reference: As Samba's NT Domain support is now oficially supported in released versions of Samba, discussion of Samba's interactions in NT domains should be on samba@samba.org or samba-technical@samba.org as appropriate. -- Andrew Bartlett abartlet@pcug.org.au Samba Team member, Build Farm maintainer abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net From npande at bajajauto.co.in Fri Oct 5 21:57:02 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:08 2003 Subject: samba 2.2.1 References: <000c01c14dda$df19bde0$a6ff80d9@versailles.fr> Message-ID: <3BBE8F9C.B0E56D5C@bajajauto.co.in> Most of things you mentioned can be done (and much more!). But they are done in a different manner. Remember, you need to know a bit on Unix/Linux too. And is surely is very stable! Check out www.samba.org HTH, Ciao, Nitin Pande Mail Administrator Nicolas Dupre wrote: > hello, I need to knox before installing Samba on a production server > if we can use the NT administration tools (those which are included > with NT server) to manage the user accounts, the samba server (shared > directories etc.).I explain my environnement : 1 linux server (the > files, print and authentification server, 23 Win2000 Pro stations and > some Win98 stations ; instead of spending money on licenses to > Microsoft, I would like tu use a free and stable product.Can anyone > help me? Thanx a lot for you support (ndupre@free.fr) From npande at bajajauto.co.in Sat Oct 6 03:03:03 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:08 2003 Subject: Delete Security Rights References: Message-ID: <3BBED71E.85FF4EB2@bajajauto.co.in> Howard, It sure is possible in Linux/Unix. U can set sticky-bit thingy (see man chmod) to a file or a directory. This will restrict the others from deleting the files. HTH, Ciao, Nitin Pande Mail Administrator Howard Brown wrote: > Hi, > > From what I can tell, Samba under Linux only allows file security rights for > Read, Write and Execute. NT security allows control for Delete rights as > well. I it possible with Samba under Linux to control whether a user can > delete files in share while stll maintaining Write privileges? We would > like to get away from NT Server but this one obstacle is standing in our > way. > > Thanks > Howard Brown From Arne at mediaventures.be Sat Oct 6 05:27:02 2001 From: Arne at mediaventures.be (Arne Van Renterghem) Date: Tue Dec 2 02:36:08 2003 Subject: Samba 2.2.1a + Invalid Tag Message-ID: Hi, I'm having problems using user manager and server manager in combination with a samba PDC. My setup is : - Linux Redhat 7.0 file server + PDC (Samba) - 15 Windows 2000 Pro workstations (SP2) - 1 Win95 - 1 Windows NT Server 4.0 (SP4) + exchange server 5.5 (sp 3) - 1 Winbdows NT Workstation When activating one of the usermanager for domains or servermanager I get an error "The tag is invalid. Do you want to select another domain to administer ?". If I choose another domain and use the local computerdomain, no problems. If I try again, the same error occurs. If I set "slow connection" then I can search for users on the domain, see their properties, but I cannot save any changes made". This problem was already reported several times, but as far as I know, no solution has been given. I understand that the "tag message" occurs only with samba 2.2.1a and that the messages is normally intended to show that there are 2 PDC in the network. Any help would be appreciated, because it is impossible to manage an exchange server properly this way. Linked to that I have a second problem. If I try to reach my exchange server through the internet using the IMAP protocol, I can only reach the Administrator mailbox, because that is the only one that gets authenticated. I tried adding the different mailbox users to the local EXCHANGE computers, but no luck. Using outlook with the EXCHANGE server in the network and with the propriatary protocol works fine for all users. But IMAP seems impossible. Any suggestions ? Thanks, Arne Arne Van Renterghem Production MEDIAVENTURES St. Jozefstraat 18 9820 Merelbeke +32 9 239 01 10 +32 9 231 89 20 www.mediaventures.be From dataiv-lists at noc.peon.net Sat Oct 6 05:33:02 2001 From: dataiv-lists at noc.peon.net (David van Geyn) Date: Tue Dec 2 02:36:08 2003 Subject: Samba 2.2.1a + Invalid Tag Message-ID: <000d01c14e63$5775eec0$6e02a8c0@dtlan.peon.net> Arne, This was a problem I had with 2.2.1a too, I believe it is a known problem with that version. Try pulling the SAMBA_2_2 CVS and compile that. It seems to work just fine. David. ----- Original Message ----- From: "Arne Van Renterghem" To: Sent: Saturday, October 06, 2001 8:27 AM Subject: Samba 2.2.1a + Invalid Tag > Hi, > > I'm having problems using user manager and server manager in combination > with a samba PDC. > > My setup is : > - Linux Redhat 7.0 file server + PDC (Samba) > - 15 Windows 2000 Pro workstations (SP2) > - 1 Win95 > - 1 Windows NT Server 4.0 (SP4) + exchange server 5.5 (sp 3) > - 1 Winbdows NT Workstation > > When activating one of the usermanager for domains or servermanager I get an > error "The tag is invalid. Do you want to select another domain to > administer ?". > > If I choose another domain and use the local computerdomain, no problems. If > I try again, the same error occurs. If I set "slow connection" then I can > search for users on the domain, see their properties, but I cannot save any > changes made". > > This problem was already reported several times, but as far as I know, no > solution has been given. > > I understand that the "tag message" occurs only with samba 2.2.1a and that > the messages is normally intended to show that there are 2 PDC in the > network. > > Any help would be appreciated, because it is impossible to manage an > exchange server properly this way. > > Linked to that I have a second problem. If I try to reach my exchange server > through the internet using the IMAP protocol, I can only reach the > Administrator mailbox, because that is the only one that gets authenticated. > I tried adding the different mailbox users to the local EXCHANGE computers, > but no luck. Using outlook with the EXCHANGE server in the network and with > the propriatary protocol works fine for all users. But IMAP seems > impossible. > > Any suggestions ? > > Thanks, > > Arne > > Arne Van Renterghem > Production > MEDIAVENTURES > St. Jozefstraat 18 > 9820 Merelbeke > +32 9 239 01 10 > +32 9 231 89 20 > www.mediaventures.be > > From rvt at dds.nl Sat Oct 6 07:25:05 2001 From: rvt at dds.nl (Ries van twisk) Date: Tue Dec 2 02:36:08 2003 Subject: Delete Security Rights References: <3BBED71E.85FF4EB2@bajajauto.co.in> Message-ID: <3BBF150C.1AFF606B@dds.nl> WHile this is not a samba-ntdom question I'll post a other options aswell. If you need a more or less NT alike security model you can also take a look at the ACL code. You need a filesystem which supports ACL aswell. XFS would be a good for any office server. If you don't need a journaling filesystem (XFS is a journaling filesystem, quto support and ACL support) you can get away with standard ACL code. Ries NITIN PANDE wrote: > > Howard, > It sure is possible in Linux/Unix. U can set sticky-bit thingy (see man chmod) > to a file or a directory. This will restrict the others from deleting the > files. HTH, > Ciao, > Nitin Pande > Mail Administrator > > Howard Brown wrote: > > > Hi, > > > > From what I can tell, Samba under Linux only allows file security rights for > > Read, Write and Execute. NT security allows control for Delete rights as > > well. I it possible with Samba under Linux to control whether a user can > > delete files in share while stll maintaining Write privileges? We would > > like to get away from NT Server but this one obstacle is standing in our > > way. > > > > Thanks > > Howard Brown From jerry at samba.org Sat Oct 6 08:19:01 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:08 2003 Subject: machine accounts question In-Reply-To: <3BBA36C3.3057D755@slu.edu> Message-ID: On Tue, 2 Oct 2001, Tony Ricker wrote: > My question is what functionality do machine accounts have in a > samba PDC set up? I can authenticate a user and use samba shares sans > any issues, without a machine account. I have done some research but > have not found any concrete info pertaining to this. I appreciate > everyone's time. a machine trust account allows a domain member and a domain controller to have a shared secret for authenticating the member and ecnrypting certain traffic between the two. cheers, jerry --------------------------------------------------------------------- www.samba.org SAMBA Team jerry_at_samba.org www.plainjoe.org jerry_at_plainjoe.org --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- From joelthemmen at home.com Sat Oct 6 08:52:14 2001 From: joelthemmen at home.com (Joel Themmen) Date: Tue Dec 2 02:36:08 2003 Subject: Connecting over a VPN to Solaris 8 Message-ID: Hi, I am semi-literate with regards to Samba so please be patient. My boss (whom I like to keep happy) wants to access a Solaris 8 box upon which I have installed Samba from his home. Our company uses a SonicWall Internet Appliance for VPN access. This is where the problem may arise. My boss has a W2K machine at home and can connect to his office NT box using PCAnywhere 8 and can go from there to the Sun box but he would really like to map a drive from his home box to a Samba share on the Sun box at work. I cannot get this to work. (For that matter I would also like to be able to do this) What I can tell you: I can ping the IP of the Sun box at work - 192.168.106.94 (I have the same VPN setup) The Sun box share that he wants to connect to is "local" The Sun Box NetBios name is "SunServer" and I cannot ping it from home (This sounds bad to me) He is not behind a firewall at home but likely will be I am behind a D-Link 704 Internet Gateway Any help (even a "That can't be done) is appreciated, Thanks, Joel From npande at bajajauto.co.in Sat Oct 6 20:32:03 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:08 2003 Subject: Connecting over a VPN to Solaris 8 References: Message-ID: <3BBFCD57.7807397F@bajajauto.co.in> Joel, From damian at tct.fwc.edu.to Sun Oct 7 02:48:01 2001 From: damian at tct.fwc.edu.to (Damian Sweeney) Date: Tue Dec 2 02:36:09 2003 Subject: Samba PDC password sync Message-ID: <200110070623.f976NpM12850@tct.fwc.edu.to> A few months ago we changed from Samba 2.07 running on plain text passwords to Samba 2.2.0a running as a PDC. During the transition the smb.conf had the following global settings: encrypt passwords = no update encrypted = yes smb passwd file = /etc/samba/smbpasswd This allowed us to automatically update the smbpasswd file (i.e. passwords moving from *nix to Window$) as users logged into the network. After most users had been through this process, we switched to: encrypted passwords = yes passwd program = /usr/bin/passwd %u passwd chat = *password* %n\n *password* %n\n *successful* smb passwd file = /etc/samba/smbpasswd Update encrypted was then omitted (because it doesn't work with encryption on), but whenever a user arrived saying they couldn't use a resource on the *nix box that needed their old password (perhaps because they didn't log on in the transition period), we simply give them a temporary samba password and get them to change it on a Window$ box. This updates both the smbpasswd and passwd files (and shadow). We are running RedHat 7.1 and this password syncing has worked from Win9x and Win2k machines. You may need to adjust the passwd program = and/or passwd chat = parameters to suit your *nix. Hope that helps, Damian. From business1 at tangfeng.org Sun Oct 7 22:09:01 2001 From: business1 at tangfeng.org (business1@tangfeng.org) Date: Tue Dec 2 02:36:12 2003 Subject: Beijing Tangfeng Culture Exchange Centre Message-ID: <20011008050845.4D30E410D@lists.samba.org> Xiu Yuan Name: Beijing Tangfeng Culture Exchange Centre Address: No.210, Building 2, Party School of Beijing Municipal Government Committee,No.6 Chegongzhuang Street, Xicheng District,Beijing, China. Tel: 86-10-6800-1452 86-10-6800-3112 Mobile Tel:13661361402 Homepage: Http://www.Tangfeng.org E-mail:Webmaster: postmaster@tangfeng.org VIP customers service: office@tangfeng.org Business customers service: business1@tangfeng.org business2@tangfeng.org xiuyuan@tangfeng.org xiuyuan@263.net.cn Dear Sir or Madam, T&F provide a variety of investment advisory services and status inquiry services in China.Over a long period,T&F have developed and maintained cooperative working relationships with a large number of government agencies in China.Our reports on credit inquiry and information of every internal industry or commerce business, including registration of corporation, history of corporation,At the same time, we should be pleased to hear if you would grant us the sole agency for China or you would be our agency for your district if you want. T&F will be provide a piece of accurate and credible investigation data, which you want about achieving nation-wide and comprehensive reference report forever! Please visit our Homepage: http://www.tangfeng.org , write or e-mail to T&F promptly, if you are interested in it. T&F shall be pleased to render you any further services. Very turly yours, Beijing Tangfeng Culture Exchange Center Xiu Yuan From jay at toltec.metran.cx Sun Oct 7 22:38:03 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:12 2003 Subject: Beijing Tangfeng Culture Exchange Centre In-Reply-To: <20011008050845.4D30E410D@lists.samba.org> from "business1@tangfeng.org" at Oct 07, 2001 10:56:35 PM Message-ID: <200110080537.f985bwx30045@toltec.metran.cx> Well, should we forward this to an Internet-enabled Coke machine, or what? - Jay Ts > Xiu Yuan > Name: Beijing Tangfeng Culture Exchange Centre > Address: No.210, Building 2, Party School of Beijing Municipal Government > Committee,No.6 Chegongzhuang Street, > Xicheng District,Beijing, > China. > Tel: 86-10-6800-1452 86-10-6800-3112 > Mobile Tel:13661361402 > Homepage: Http://www.Tangfeng.org > E-mail:Webmaster: postmaster@tangfeng.org > VIP customers service: office@tangfeng.org > Business customers service: business1@tangfeng.org > business2@tangfeng.org > xiuyuan@tangfeng.org > xiuyuan@263.net.cn > Dear Sir or Madam, > T&F provide a variety of investment advisory services and status inquiry services in China.Over a long period,T&F have developed and maintained cooperative working relationships with a large number of government agencies in China.Our reports on credit inquiry and information of every internal industry or commerce business, including registration of corporation, history of corporation,At the same time, we should be pleased to hear if you would grant us the sole agency for China or you would be our agency for your district if you want. > T&F will be provide a piece of accurate and credible investigation data, which you want about achieving nation-wide and comprehensive reference report forever! Please visit our Homepage: http://www.tangfeng.org , write or e-mail to T&F promptly, if you are interested in it. T&F shall be pleased to render you any further services. > > Very turly yours, > Beijing Tangfeng Culture Exchange Center > Xiu Yuan > > > > > > > > From WToffling at aol.com Sun Oct 7 23:16:02 2001 From: WToffling at aol.com (WToffling@aol.com) Date: Tue Dec 2 02:36:12 2003 Subject: Beijing Tangfeng Culture Exchange Centre Message-ID: <74.1140891a.28f29f13@aol.com> I'd prank call them and add them to spam lists...but that's me and I'm immature. -----Original Message----- From: Jay Ts [mailto:jay@toltec.metran.cx] Sent: Monday, October 08, 2001 1:41 AM Cc: samba-ntdom@samba.org Subject: Re: Beijing Tangfeng Culture Exchange Centre Well, should we forward this to an Internet-enabled Coke machine, or what? - Jay Ts > Xiu Yuan > Name: Beijing Tangfeng Culture Exchange Centre > Address: No.210, Building 2, Party School of Beijing Municipal Government > Committee,No.6 Chegongzhuang Street, > Xicheng District,Beijing, > China. > Tel: 86-10-6800-1452 86-10-6800-3112 > Mobile Tel:13661361402 > Homepage: Http://www.Tangfeng.org > E-mail:Webmaster: postmaster@tangfeng.org > VIP customers service: office@tangfeng.org > Business customers service: business1@tangfeng.org > business2@tangfeng.org > xiuyuan@tangfeng.org > xiuyuan@263.net.cn > Dear Sir or Madam, > T&F provide a variety of investment advisory services and status inquiry services in China.Over a long period,T&F have developed and maintained cooperative working relationships with a large number of government agencies in China.Our reports on credit inquiry and information of every internal industry or commerce business, including registration of corporation, history of corporation,At the same time, we should be pleased to hear if you would grant us the sole agency for China or you would be our agency for your district if you want. > T&F will be provide a piece of accurate and credible investigation data, which you want about achieving nation-wide and comprehensive reference report forever! Please visit our Homepage: http://www.tangfeng.org , write or e-mail to T&F promptly, if you are interested in it. T&F shall be pleased to render you any further services. > > Very turly yours, > Beijing Tangfeng Culture Exchange Center > Xiu Yuan > > > > > > > > From jamie at jharris.homeip.net Mon Oct 8 04:57:02 2001 From: jamie at jharris.homeip.net (Jamie Harris) Date: Tue Dec 2 02:36:12 2003 Subject: Browser woe's Message-ID: <3761.194.82.103.36.1002542303.squirrel@jharris.homeip.net> Hi all, Firstly - appologies for the cross post to those who are on both the ntdom & samba lists... I've got a Samba 2.2 PDC running a Linux box. Its the master browser and its running as a WINS server. Yet when I look in Network Neighbourhood I can't see any of the machines, yet when I run a 'Find' it can find the boxes (I assume this it resolving the machine using WINS). I've read through all the documentation that I can find and have checked that I have a guest account setup, and have looked in the file logs and file used by nmbd to store the WINS/browser info and these seem to show that its getting info about machines. The only thing I am a little curious about is that it says its becomming the master browser of the 164.11.222.200 subnet, yet this isn't a subnet - its the IP address of the Samba server. Below are the relevant bits nmbd's log. Any help would be appreciated as I'm stumped!!! Here are the logs: [2001/10/08 06:17:54, 2] lib/interface.c:add_interface(85) added interface ip=164.11.222.200 bcast=164.11.222.255 nmask=255.255.255.0 [2001/10/08 06:17:54, 3] lib/util_sock.c:open_socket_in(832) bind succeeded on port 137 [2001/10/08 06:17:54, 3] lib/util_sock.c:open_socket_in(832) bind succeeded on port 138 [2001/10/08 06:17:54, 2] nmbd/nmbd_subnetdb.c:make_subnet(195) making subnet name:164.11.222.200 Broadcast address:164.11.222.255 Subnet mask:255.255.255.0 [2001/10/08 06:17:54, 2] nmbd/nmbd_subnetdb.c:make_subnet(195) making subnet name:UNICAST_SUBNET Broadcast address:164.11.222.200 Subnet mask:164.11.222.200 [2001/10/08 06:17:54, 2] nmbd/nmbd_subnetdb.c:make_subnet(195) making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 [2001/10/08 06:17:54, 2] nmbd/nmbd_subnetdb.c:make_subnet(195) making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0 ....... [2001/10/08 06:18:08, 2] nmbd/nmbd_elections.c:send_election_dgram(45) send_election_dgram: Sending election packet for workgroup NETLAB on subnet 164.11.222.200 [2001/10/08 06:18:08, 2] nmbd/nmbd_elections.c:run_elections(209) run_elections: >>> Won election for workgroup NETLAB on subnet 164.11.222.200 <<< [2001/10/08 06:18:08, 2] nmbd/nmbd_become_lmb.c:become_local_master_browser(550) become_local_master_browser: Starting to become a master browser for workgroup NETLAB on subnet 164.11.222.200 [2001/10/08 06:18:08, 3] nmbd/nmbd_become_lmb.c:become_local_master_browser(552) become_local_master_browser: first stage - attempt to register ^1^2__MSBROWSE__^2^1 [2001/10/08 06:18:10, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(458) write_browse_list: Wrote browse list into file /usr/local/samba/var/locks/browse.dat [2001/10/08 06:18:12, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(249) add_name_to_subnet: Added netbios name __MSBROWSE__<01> with first IP 164.11.222.200 ttl=0 nb_flags=c0 to subnet 164.11.222.200 [2001/10/08 06:18:12, 3] nmbd/nmbd_become_lmb.c:become_local_master_stage1(460) become_local_master_stage1: go to stage 2: register the NETLAB<1d> name. [2001/10/08 06:18:12, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(249) add_name_to_subnet: Added netbios name __MSBROWSE__<01> with first IP 164.11.222.200 ttl=0 nb_flags=c0 to subnet UNICAST_SUBNET [2001/10/08 06:18:16, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(249) add_name_to_subnet: Added netbios name NETLAB<1d> with first IP 164.11.222.200 ttl=0 nb_flags=40 to subnet 164.11.222.200 [2001/10/08 06:18:16, 3] nmbd/nmbd_become_lmb.c:become_local_master_stage2(361) become_local_master_stage2: registered as master browser for workgroup NETLAB on subnet 164.11.222.200 [2001/10/08 06:18:16, 3] nmbd/nmbd_sendannounce.c:broadcast_announce_request(74) broadcast_announce_request: sending announce request for workgroup NETLAB to subnet 164.11.222.200 [2001/10/08 06:18:16, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(249) add_name_to_subnet: Added netbios name NETLAB<1d> with first IP 164.11.222.200 ttl=0 nb_flags=40 to subnet UNICAST_SUBNET [2001/10/08 06:18:16, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(405) ***** Samba name server KENNY is now a local master browser for workgroup NETLAB on subnet 164.11.222.200 ***** .......... Cheers all Jamie... -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= *** This message was transmitted on 100% recycled electrons *** =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= From chris_nias at yahoo.com Mon Oct 8 06:01:02 2001 From: chris_nias at yahoo.com (Chris Nias) Date: Tue Dec 2 02:36:12 2003 Subject: Beijing Tangfeng Culture Exchange Centre In-Reply-To: <74.1140891a.28f29f13@aol.com> Message-ID: <000601c14ff9$98c0d5b0$0100a8c0@marvin> What's an internet enabled coke machine? -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of WToffling@aol.com Sent: 08 October 2001 07:18 Cc: samba-ntdom@samba.org Subject: RE: Beijing Tangfeng Culture Exchange Centre I'd prank call them and add them to spam lists...but that's me and I'm immature. -----Original Message----- From: Jay Ts [mailto:jay@toltec.metran.cx] Sent: Monday, October 08, 2001 1:41 AM Cc: samba-ntdom@samba.org Subject: Re: Beijing Tangfeng Culture Exchange Centre Well, should we forward this to an Internet-enabled Coke machine, or what? - Jay Ts > Xiu Yuan > Name: Beijing Tangfeng Culture Exchange Centre > Address: No.210, Building 2, Party School of Beijing Municipal Government > Committee,No.6 Chegongzhuang Street, > Xicheng District,Beijing, > China. > Tel: 86-10-6800-1452 86-10-6800-3112 > Mobile Tel:13661361402 > Homepage: Http://www.Tangfeng.org > E-mail:Webmaster: postmaster@tangfeng.org > VIP customers service: office@tangfeng.org > Business customers service: business1@tangfeng.org > business2@tangfeng.org > xiuyuan@tangfeng.org > xiuyuan@263.net.cn > Dear Sir or Madam, > T&F provide a variety of investment advisory services and status inquiry services in China.Over a long period,T&F have developed and maintained cooperative working relationships with a large number of government agencies in China.Our reports on credit inquiry and information of every internal industry or commerce business, including registration of corporation, history of corporation,At the same time, we should be pleased to hear if you would grant us the sole agency for China or you would be our agency for your district if you want. > T&F will be provide a piece of accurate and credible investigation data, which you want about achieving nation-wide and comprehensive reference report forever! Please visit our Homepage: http://www.tangfeng.org , write or e-mail to T&F promptly, if you are interested in it. T&F shall be pleased to render you any further services. > > Very turly yours, > Beijing Tangfeng Culture Exchange Center > Xiu Yuan > > > > > > > > _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com From jay at toltec.metran.cx Mon Oct 8 07:29:05 2001 From: jay at toltec.metran.cx (Jay Ts) Date: Tue Dec 2 02:36:12 2003 Subject: Beijing Tangfeng Culture Exchange Centre In-Reply-To: <000601c14ff9$98c0d5b0$0100a8c0@marvin> from "Chris Nias" at Oct 08, 2001 02:03:12 PM Message-ID: <200110081430.f98EUIL32399@toltec.metran.cx> There were at least a few examples of such things, but the reference was to back in the 80s when some students at Carnegie-Mellon University wired up the soda vending machine down the hall so they could ping it and ask it if it was empty. It saved them the walk down the hall. I was just thinking that since Coke machines make money, and the Samba project is not a commercial entity, the email would more be appropriately be sent to such a thing! - Jay Ts > What's an internet enabled coke machine? > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of > WToffling@aol.com > Sent: 08 October 2001 07:18 > Cc: samba-ntdom@samba.org > Subject: RE: Beijing Tangfeng Culture Exchange Centre > > I'd prank call them and add them to spam lists...but that's me and I'm > immature. > > -----Original Message----- > From: Jay Ts [mailto:jay@toltec.metran.cx] > Sent: Monday, October 08, 2001 1:41 AM > Cc: samba-ntdom@samba.org > Subject: Re: Beijing Tangfeng Culture Exchange Centre > > Well, should we forward this to an Internet-enabled Coke > > > > machine, or what? > > > > > > > > > > > - Jay Ts > > > > > > > > > > > > Xiu Yuan > > > > > Name: Beijing Tangfeng Culture Exchange Centre > > > > > Address: No.210, Building 2, Party School of Beijing Municipal > Government > > > > > Committee,No.6 Chegongzhuang Street, > > > > > Xicheng District,Beijing, > > > > > China. > > > > > Tel: 86-10-6800-1452 86-10-6800-3112 > > > > > Mobile Tel:13661361402 > > > > > Homepage: Http://www.Tangfeng.org > > > > > E-mail:Webmaster: postmaster@tangfeng.org > > > > > VIP customers service: office@tangfeng.org > > > > > Business customers service: business1@tangfeng.org > > > > > business2@tangfeng.org > > > > > xiuyuan@tangfeng.org > > > > > xiuyuan@263.net.cn > > > > > Dear Sir or Madam, > > > > > T&F provide a variety of investment advisory services and status > > > > inquiry services in China.Over a long period,T&F have developed and > > > > maintained cooperative working relationships with a large number of > > > > government agencies in China.Our reports on credit inquiry and > information of > > > > every internal industry or commerce business, including registration of > > > > corporation, history of corporation,At the same time, we should be > pleased to > > > > hear if you would grant us the sole agency for China or you would be our > > > > agency for your district if you want. > > > > > T&F will be provide a piece of accurate and credible > investigation > > > > data, which you want about achieving nation-wide and comprehensive > reference > > > > report forever! Please visit our Homepage: http://www.tangfeng.org , > write or > > > > e-mail to T&F promptly, if you are interested in it. T&F shall be > pleased to > > > > render you any further services. > > > > > > > > > > Very turly yours, > > > > > Beijing Tangfeng Culture Exchange Center > > > > > Xiu Yuan > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > From IFFATH.ZOFISHAN at Micrel.Com Mon Oct 8 10:45:09 2001 From: IFFATH.ZOFISHAN at Micrel.Com (Zofishan, Iffath) Date: Tue Dec 2 02:36:12 2003 Subject: NT Samba authentication Message-ID: <62D6899CAE9FD311A036009027860B05F9FABE@MAIL.micrel.com> Hello , We are currently running samba version 2.2.1a on Solaris 8. We have a couple of folders/disks that are shared out and the PC users running windows NT map these . We are having a problem which is increasing among all PC users , their authentication to Samba maps is not being accepted . It just says access denied . When this occurs I have to remove all the existing maps and remap them which will prompt for a password and then it is back to normal. But once the system crashes the password is again not accepted. Sometimes I will have to even change the profile to get back all the maps and get a successful password authentication. I would really appreciate if someone could give pointers on this as I am posting this problem for the second time. Thanks, --Iffath From peter.milburn at sofcom.com.au Mon Oct 8 15:46:01 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:36:12 2003 Subject: samba 2.2.1a + winbind Message-ID: I have just downloaded 2.2.1a , where do I get winbind for this release of samba. Doing a great job with samba, Thanks, -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From lkcl at samba-tng.org Mon Oct 8 16:51:41 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:36:12 2003 Subject: TNG services and FreeDCE development In-Reply-To: <20011009005651.C1449@angua.rince.de>; from lkcl@samba-tng.org on Tue, Oct 09, 2001 at 12:56:51AM +0200 References: <200110081211.WAA86503@au.padl.com> <20011009005651.C1449@angua.rince.de> Message-ID: <20011009014844.F1449@angua.rince.de> development time estimates for TNG / dcerpc.net project tasks dcethreads: portability rewrite 50? (to use Apache Runtime Library for preference) pthreads rewrite 200? (2nd preference: cut out dcethreads) libapr_ntemu_util: APR NamedPipe emulation 50? NT Security emulation 50? netlogond: idl file 90 server 76 client / test 76 samrd: idl file [mostly done] 24 test server 120 client / test 120 lsarpcd: idl file 120 server 120 client / test 80 ntlmssp and integration of ntlmssp into freedce ntlmsspauth: server [mostly done] 100 client [just beginning] 100 credential cache 16 auth (server-side) 24 auth (client-side) 24 nt "named pipe" emulation layer: tng server-side [done] 100 (it's basically done) tng client-side [done] 100 (ditto) freedce srv-side 80 (25% complete) freedce client-side 80 (25% complete) freedce auth integration 36 (related to rpc_binding_set_auth_info) i've probably missed some things out, here. times are in hours. if anyone would like to assist with any of the above development, your time and input would be greatly appreciated: please register on dcerpc.net, place an ssh public key in your user-profile and let me know which of the above projects and tasks you would like to help with. minimum requirements are to have linux on, preferably an x86 or other intel-byte-order machine (at the moment: later on we will need to test against reverse-intel-byte-order); ssh, cvs, gcc and other development tools; experience or enthusiasm with c development; lots of enthusiasm; internet connection not blocking cvs port access. thanks, luke From lkcl at samba-tng.org Mon Oct 8 17:06:07 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:36:12 2003 Subject: [xad] Rough time estimates In-Reply-To: <200110081337.XAA87032@au.padl.com>; from lukeh@PADL.COM on Mon, Oct 08, 2001 at 11:37:10PM +1000 References: <200110081337.XAA87032@au.padl.com> Message-ID: <20011009020326.J1449@angua.rince.de> > Big tasks > ========= > > - Integration of GSS-API with DCE RPC runtime [100h] > - NTLMSSP GSS-API mechanism implementation [100h] > - Migration of TNG code to FreeDCE [200h] more like 600. i listed them all for you, cc'd to various lists because the total time is _way_ over the top. i mean, i usually do about 4 actual hours development per day, that means 6 months development if i did this all myself, and i'm going to need to do a lot of it because noone else gets NTLMSSP or the TNG architecture / integration issues. oh, and _until_ a lot of those 600 hours are done, _nothing_ else can proceed. this is critical path work. without the client-side netlogon, lsa and samr APIs on which domain_client_validate must be written on to of, ntlmssp cannot perform authentication. without the ntlmssp integrated into freedce, nothing works. without the netlogond, samrd and lsarpcd (you can use TNG's current services, here), the ntlmssp code - even once it's developed! - doesn't have anything to operate off of so is useless. without the NamedPipe emulation layer, you can't interoperate with Windows NT or Samba or Samba TNG in an NT domain environment. it's all very tightly knitted together. and without _all_ of that working, you cannot then proceed to do DRS, Exchange, SQL or DCOM. except with no security, and with no means to test / interoperate against NT in order to find out of your freedce services actually work against NT, because they kick you out because you can't Authenticate or be Authenticated. lkcl From peter.milburn at sofcom.com.au Mon Oct 8 17:44:02 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:36:12 2003 Subject: samba and winbind Message-ID: Ok I need some help here please, I have not been able to find winbind just to add to my current samba that I have installed Here is what I have: I have a samba PDC running which some 70+ win2K machines connect and use no problems at all, which is fantastic. I have all our linux servers connected to the PDC as well, which is even better. What I want to do now, is utilize pam so that local accounts do not need to be on the linux machine. It was suggested that I use winbind, the only version I can find, is a rpm which installed samba pre 3.0 After completing this I can not gett the samba + winbind rpm to connect to my linux PDC. Am I doing this all wrong or am I on the right track. I am wanting someone to do it for me, just point me in the direction of docos and files. Thanks heaps for your time. Pete -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From hyc at highlandsun.com Mon Oct 8 18:07:27 2001 From: hyc at highlandsun.com (Howard Chu) Date: Tue Dec 2 02:36:12 2003 Subject: [xad] TNG services and FreeDCE development In-Reply-To: <20011009014844.F1449@angua.rince.de> Message-ID: <001d01c1505f$0db893c0$7601a8c0@fiddle.symas.com> > -----Original Message----- > From: owner-xad@PADL.COM [mailto:owner-xad@PADL.COM]On Behalf Of Luke > Kenneth Casson Leighton > development time estimates for TNG / dcerpc.net project tasks > > dcethreads: > > portability rewrite 50? (to use Apache Runtime Library for > preference) > pthreads rewrite 200? (2nd preference: cut out dcethreads) Can you give me a bit more detail on this? In particular, I need to decide whether to try to port freedce to Solaris or get Sun's commercial DCE implementation instead, and try to make it all play together. What is the issue with the current dcethreads code? (I haven't looked at the freedce source tree yet.) -- Howard Chu Chief Architect, Symas Corp. Director, Highland Sun http://www.symas.com http://highlandsun.com/hyc From lkcl at samba-tng.org Mon Oct 8 19:08:01 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:36:12 2003 Subject: [xad] TNG services and FreeDCE development In-Reply-To: <001d01c1505f$0db893c0$7601a8c0@fiddle.symas.com>; from hyc@highlandsun.com on Mon, Oct 08, 2001 at 06:09:32PM -0700 References: <20011009014844.F1449@angua.rince.de> <001d01c1505f$0db893c0$7601a8c0@fiddle.symas.com> Message-ID: <20011009040530.D5242@angua.rince.de> On Mon, Oct 08, 2001 at 06:09:32PM -0700, Howard Chu wrote: > > -----Original Message----- > > From: owner-xad@PADL.COM [mailto:owner-xad@PADL.COM]On Behalf Of Luke > > Kenneth Casson Leighton > > > development time estimates for TNG / dcerpc.net project tasks > > > > dcethreads: > > > > portability rewrite 50? (to use Apache Runtime Library for > > preference) > > pthreads rewrite 200? (2nd preference: cut out dcethreads) > > Can you give me a bit more detail on this? In particular, I need to decide > whether to try to port freedce to Solaris or get Sun's commercial DCE > implementation > instead, and try to make it all play together. What is the issue with the > current dcethreads code? (I haven't looked at the freedce source tree yet.) the current dcethreads library is an addition to the suite of POSIX draft 4 emulation libraries, and the original focus of dcethreads was to add to that suite w.r.t linux, which was _not_ included, as linux wasn't _around_ when OSF started DCE :) so you may find that you don't need dcethreads, you may be able to #define SOLARIS and compile from there, and not even _use_ dcethreads. you'll have to check the code. dcethreads is a user-space emulation library on top of sigsetjmp and siglongjump. it is horrible, but it works. personally, as i am doing this development without funding at present, and my skills are on NT / unix interoperability, as long as i have _a_ library, and _a_ platform on which that library works, i am not the best person to ask w.r.t. getting other OSes to work: i'll focus on the common bits in my area of expertise. i do, however, know of, and have been gently encouraging, some other people to develop, relace or rewrite dcethreads, plus there _is_ a possibility to do away with dcethreads and use modern posix threads instead. the disadvantage of that is that we lose thread cancellation, which POSIX draft 4, and therefore dcethreads, provides. given that most OSes don't support thread cancellation without some sort of problems such as instability and memory loss in the kernel (i.e. solaris), that's not such a big deal. luke. From lukeh at padl.com Mon Oct 8 22:57:08 2001 From: lukeh at padl.com (Luke Howard) Date: Tue Dec 2 02:36:12 2003 Subject: [xad] TNG services and FreeDCE development Message-ID: <200110090557.PAA94345@au.padl.com> >Can you give me a bit more detail on this? In particular, I need to decide >whether to try to port freedce to Solaris or get Sun's commercial DCE >implementation >instead, and try to make it all play together. What is the issue with the >current dcethreads code? (I haven't looked at the freedce source tree yet.) Gawd, I really hate this cross-posting :-) You will need the source code implement the named pipe transport, unless Sun provide support for dynamically loadable transport mechanisms (and, come to think of it, authentication mechanisms); I know this was something that Wez specifically added to FreeDCE. cheers, -- Luke -- Luke Howard | lukehoward.com PADL Software | www.padl.com From epn.neustadt at t-online.de Tue Oct 9 00:16:04 2001 From: epn.neustadt at t-online.de (epn) Date: Tue Dec 2 02:36:12 2003 Subject: Problem with W2K -Login References: <15o1tZ-0blTRhC@fwd04.sul.t-online.com> <3BB8773E.E37074CC@gmp.iut-tlse3.fr> <15oLQu-23i7HsC@fwd02.sul.t-online.com> <3BB99F4B.EDCA081@gmp.iut-tlse3.fr> Message-ID: <15qr8R-17e2zYC@fwd01.sul.t-online.com> Hi all, my PDC under Samba works fine (with 25 x Win9X). Now I try to login with W2K. I Have Samba 2.2.1a and W2K sp1 ! First adding the account to the UNIX-password-file # adduser -d /dev/null -s /bin/false Second adding the smbpassword # smbpasswd -a -m The error message from Windows is: "Unknown user or bad password" "/var/log/samba/log.smbd" says "startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd Error was Permission denied" What can I do??? Thanks Sebastian Wern From dstojanov at bach.vmei.acad.bg Tue Oct 9 00:52:08 2001 From: dstojanov at bach.vmei.acad.bg (Dejan Stojanov) Date: Tue Dec 2 02:36:12 2003 Subject: Printer accounting Message-ID: <3BC2ACE8.47010A71@bach.vmei.acad.bg> Hello, can somebody tell me if it is possible to count the pages per user to a printer attached to a 2.2.1a Samba RH 7.1 server. I have a NT4 PDC which does not support a printer accunting (or more clear - I get my event log full, because I have limited it to 512 kb, but I constantly have a SCSI error). So I cannot depend on the event log. I will appreciate any help. -------------- next part -------------- A non-text attachment was scrubbed... Name: dstojanov.vcf Type: text/x-vcard Size: 291 bytes Desc: Card for Dejan Stojanov Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011009/476e67d6/dstojanov.vcf From pierre at globeall.de Tue Oct 9 01:26:03 2001 From: pierre at globeall.de (Pierre Burri) Date: Tue Dec 2 02:36:12 2003 Subject: Problem with W2K -Login In-Reply-To: <15qr8R-17e2zYC@fwd01.sul.t-online.com> References: <15o1tZ-0blTRhC@fwd04.sul.t-online.com> <3BB99F4B.EDCA081@gmp.iut-tlse3.fr> <15qr8R-17e2zYC@fwd01.sul.t-online.com> Message-ID: <20011009082700.1DFBF483C9@globeall.de> Hi Sebastian You have to add user "root" in your smbpasswd and than join the domain the first time with root. Afterwards you can use any other account. cheers, Pierre On Tuesday 09 October 2001 09:17, you wrote: > Hi all, > my PDC under Samba works fine (with 25 x Win9X). > Now I try to login with W2K. > I Have Samba 2.2.1a and W2K sp1 ! > > First adding the account to the UNIX-password-file > # adduser -d /dev/null -s /bin/false > Second adding the smbpassword > # smbpasswd -a -m > > > The error message from Windows is: > "Unknown user or bad password" > > "/var/log/samba/log.smbd" says > "startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd > Error was Permission denied" > > > What can I do??? > > Thanks > Sebastian Wern -- Feel free to visit my Site! http://www.GlobeAll.de Pierre Burri Tel. +49 30 757 02 517 Fax: +49 30 757 02 518 From pierre at globeall.de Tue Oct 9 01:44:01 2001 From: pierre at globeall.de (Pierre Burri) Date: Tue Dec 2 02:36:12 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) In-Reply-To: References: Message-ID: <20011009084328.114F5483C9@globeall.de> I have finally managed to upload drivers (PPD files for CUPS) from my win2k to my samba server. The bug was in my script addprinter. I had to add my printer admin group in /etc/cups/cupsd.conf (SystemGroup xxxx), fetch the PPD file name from the fourth APW parameter and then reload samba, using sudo for the necessary privileges. After that it worked fine. I thought it might help someone else if I gave the listing of my script, just to give an idea: #!/bin/sh # Name: /usr/bin/addprinter # Authors: Pierre Burri & Michel Bisson # Date: 7-Oct-2001 # This script adds a CUPS printer (Postscript) from Windows2000 APW # with Samba Version 2.2.1a. (APW = Add Printer Wizard) #-------------------------------------------------------------------------- # Parameters given by the APW: # $1 = printer name # $2 = share name # $3 = port name # $4 = driver name # $5 = location # $6 = windows 9x driver location #-------------------------------------------------------------------------- smb_pr_dir="/home/samba/printers" addpr_log="$smb_pr_dir/addprinter.log" print_port="parallel:/dev/lp0" # echo "----------------------" >> $addpr_log echo "date : `date`" >> $addpr_log echo "all parameters : 1=<$1> 2=<$2> 3=<$3> 4=<$4> 5=<$5> 6=<$6>" \ >> $addpr_log # extract the PPD file name driver=$(grep -lr "$4" $smb_pr_dir/W32X86 |head -1) echo "driver name : <$driver>" >> $addpr_log # add the printer to cups /usr/sbin/lpadmin -p $2 -P $driver -L "$5" -v $print_port -E \ >> $addpr_log 2>>1& # reload samba (with the SuSE Linux script) sudo /etc/init.d/smb reload sleep 3 Of course, this script doesn't work for all situations! happy Samba, Pierre -- Feel free to visit my Site! http://www.GlobeAll.de Pierre Burri Tel. +49 30 757 02 517 Fax: +49 30 757 02 518 From epn.neustadt at t-online.de Tue Oct 9 02:40:16 2001 From: epn.neustadt at t-online.de (epn) Date: Tue Dec 2 02:36:12 2003 Subject: W2K -NETLOGON References: <15o1tZ-0blTRhC@fwd04.sul.t-online.com> <3BB8773E.E37074CC@gmp.iut-tlse3.fr> <15oLQu-23i7HsC@fwd02.sul.t-online.com> <3BB99F4B.EDCA081@gmp.iut-tlse3.fr> Message-ID: <15qtOk-1MTaXQC@fwd03.sul.t-online.com> Hi all, my PDC under Samba works fine (with 25 x Win9X). I connected to my Domain correctly. But the netlogon-script in W2K is not executed ?? (I can execute the script per hand "\\\netlogon\.bat") With W9X it works. What can I do??? Thanks Sebastian Wern From jmartos at ayto-fuenlabrada.es Tue Oct 9 03:44:02 2001 From: jmartos at ayto-fuenlabrada.es (jmartos@ayto-fuenlabrada.es) Date: Tue Dec 2 02:36:12 2003 Subject: I can't see shares disk from PDC WNT Server Message-ID: I have added a Linux machine (Suse 7.0) to a windows Domain. I'd like Samba delegates password authentication and control access to Shares(Disk) to a Windows NT 4.0 Server acting as a PDC on the network, I can see shares disk from any windows 98 worksation, but I can't see Shares from the PDC. What can I do? Thanks. --------------------------------------------------------- Jos? Martos Collado Departamento de Inform?tica Ayuntamiento de Fuenlabrada C / Hungr?a, 5 28943 Fuenlabrada Madrid (Spain) Tel. 916 49 70 28 Fax 916 49 19 70 email: jmartos@ayto-fuenlabrada.es From barth at cck.uni-kl.de Tue Oct 9 05:19:02 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:36:13 2003 Subject: Printer accounting In-Reply-To: <3BC2ACE8.47010A71@bach.vmei.acad.bg> Message-ID: <3BC3079F.31427.155FEA8@localhost> > Hello, > > can somebody tell me if it is possible to count the pages per user to a > printer attached to a 2.2.1a Samba RH 7.1 server. > I have a NT4 PDC which does not support a printer accunting (or more > clear - I get my event log full, because I have limited it to 512 kb, > but I constantly have a SCSI error). So I cannot depend on the event > log. > Printer accounting has nothing to do with samba, as this is done / should be done on the unix level of the print system. LPRng shiped with RH 7.1 offers a good printer accounting, see www.lprng.org, I have never configured it. If you use cups, cups propably offers accounting to. If you use a print demon with out accounting you can insert a "page counting hack" into the print filter, whicht works quite good with postscript printers. Christian > I will appreciate any help. > > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From cyroreal at bol.com.br Tue Oct 9 06:47:02 2001 From: cyroreal at bol.com.br (cyroreal) Date: Tue Dec 2 02:36:13 2003 Subject: locking problems with samba 2.2.1a Message-ID: Hello all, I have a samba 2.2.1a server running as the PDC of my network on a Mandrake 8.0 system with a reiserFS partition. I am serving for the win98 clients a small DOS clipper program with a DBF database. The programs run well on the workstations when there is only one user using it, when another user try to use the same program it starts to get very slow. I think this is a lock problems or something like that, but I don't know how to solve the problem. Can someone help me with this?? Tanks very much for the help.... Cyro Corte Real __________________________________________________________________________ AcessoBOL, s=F3 R$ 9,90! O menor pre=E7o do mercado! Assine j=E1! http://www.bol.com.br/acessobol From mendeda at quincy.edu Tue Oct 9 07:06:06 2001 From: mendeda at quincy.edu (David Mendez) Date: Tue Dec 2 02:36:13 2003 Subject: Win2K logging into Samba [newbie] Message-ID: I just started fooling with having one of our Win2K Pro machines trying to log into our Samba domain. No go. I can access my network and see the Samba server, access file shares, and access and install printers through samba but when I try to log on I get the usual 'credential errors' or 'procedure out of range'. It looks like the archives talk about this but what I want to know is what version of Samba is required in order for Win 2K clients to log into the Samba domain?? Can anyone tell me? Thanks in advance. Dave From Jim at Morris.net Tue Oct 9 07:27:05 2001 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:36:13 2003 Subject: locking problems with samba 2.2.1a References: Message-ID: <3BC3072D.67D42735@Morris.net> cyroreal wrote: > I am serving for the win98 clients a small DOS > clipper program with a DBF database. The programs run > well on the workstations when there is only one user > using it, when another user try to use the same program > it starts to get very slow. I think this is a lock > problems or something like that, but I don't know how to > solve the problem. Can someone help me with this?? Tanks > very much for the help.... I think you are running into oplock issues with the Windows clients. Opportunistic locking allows the clients to cache the data file on the client - and make cached writes to the dBase file as well. However, when a second user opens the file, Samba has to go through a lot of gyrations with the clients to break the oplocks - and many clients are slow to respond to the oplock break request by Samba, resulting in a long delay for the second client to even get access to open the dBase file. I would try adding the following to the share definition in smb.conf for the share that the dBase files reside on: veto oplock files = /*.dbf/*.DBF/*.mdx/*.MDX/ That will cover your most common dBase file extensions. See if that helps. If you have any indexes in NDX files, add those to the list too, and memo (.MMO) files if used... Hope that helps you! -- /------------------------------------------------\ | Jim Morris | Business: jmorris@rtc-group.com | | | Personal: Jim@Morris.net | |------------------------------------------------| | AOL Instant Messenger: JFM2001 | \------------------------------------------------/ -------------- next part -------------- A non-text attachment was scrubbed... Name: Jim.vcf Type: text/x-vcard Size: 268 bytes Desc: Card for Jim Morris Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011009/42b328c1/Jim.vcf From WVass at sterlingmccalltoyota.com Tue Oct 9 09:35:04 2001 From: WVass at sterlingmccalltoyota.com (Vass Wayne) Date: Tue Dec 2 02:36:13 2003 Subject: Samba 3.0... Message-ID: Can anyone tell me what the status is on Samba 3.0? Neither TNGSamba or Samba.org has had any updated info in a while. I'm mainly wanting to find out the development of BDC and Trust Relationship progress. Please let me know. Thank you. By the way, I've had a Samba File Server up and running for approx 279 days and that's longer than any of my NT4.0 Servers running other services. My goal is to convert all PDC and BDC tasks as soon as 3.0 is released with a stable version. From Daniel.Moeller at de.bosch.com Tue Oct 9 11:20:02 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:36:13 2003 Subject: AW: winbind doesn't import users Message-ID: <1121C3ABCA53C945B821A821CDD67F62304E02@simail21.desi2.bosch.com> Skipped content of type multipart/alternative From klf at studcs.uni-sb.de Tue Oct 9 12:03:15 2001 From: klf at studcs.uni-sb.de (Peter =?iso-8859-1?Q?H=FCbschen?=) Date: Tue Dec 2 02:36:13 2003 Subject: Samba 3.0... References: Message-ID: <3BC34A2A.93494F33@studcs.uni-sb.de> Hi, it's not known, when Samba 3.0 is released and the developmeners will not say any fixed date (There were some discussions earlier, when some people asked, when Samba 2.2 would be released). The next version is 2.2.2 in the very near future. For Samba TNG is this the wrong list. Look at www.samba-tng.org for further informations. But Samba-TNG is and will be a alpha version. They implement and implemented some more things, than the "old-fashioned"-Samba, but I don't know exactly, if BDC functionality is working. If I'm right, there were some work-arounds for this task. But samba-tng is not offically for production environments. Some use it, but it's at their own risk. Peter Vass Wayne schrieb: > Can anyone tell me what the status is on Samba 3.0? Neither TNGSamba or > Samba.org has had any updated info in a while. I'm mainly wanting to find > out the development of BDC and Trust Relationship progress. Please let me > know. Thank you. By the way, I've had a Samba File Server up and running > for approx 279 days and that's longer than any of my NT4.0 Servers running > other services. My goal is to convert all PDC and BDC tasks as soon as 3.0 > is released with a stable version. From =?Windows-1252?Q?Rapha=EBl_Roung_ at _SMA?= Tue Oct 9 14:33:03 2001 From: =?Windows-1252?Q?Rapha=EBl_Roung_ at _SMA?= (=?Windows-1252?Q?Rapha=EBl_Roung_@_SMA?=) Date: Tue Dec 2 02:36:13 2003 Subject: Access linux files with a NT service program Message-ID: <003c01c1510a$216ae160$0600a8c0@dellraphael> Hi, I am very new, in the Unix/linux world. I would like to share linux folders with NT machines. I have Red Hat 6.0, NFS and Samba are up. On my NT (Server, SP6), with the explorer I can access folder on the linux machine, create, read files in these folders... All is Ok. I have a NT program that would do the same. If I execute this program as a normal NT process, it works also fine. But if I run this program as a NT service running under system account, it has no more visibility on the linux machine. If it sends a dir command, the respond is 0 file, and I am sure there are files in the linux folder. If I do the same between two NT machines, to allow the NT service to see files on a remote NT, i have to share the remote folder and to modify the remote registry key : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionShares to add the name of the shared folder. Is there a similar thing to do with linux Thanks a lot for your help Rapha?l Roung rroung@smaeur.com http://www.sameur.com raphael@roung.com http://www.roung.com -------------- next part -------------- HTML attachment scrubbed and removed From grobe at gmx.net Tue Oct 9 15:26:03 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:36:13 2003 Subject: Printer accounting References: <3BC3079F.31427.155FEA8@localhost> Message-ID: <3BC37A0B.B0DF68BC@gmx.net> Hi! Do you know if this also can do calculation about "saturation", to calculate not only the costs of paper but of ink, too... that should be implemented in ghostscript... CU, Lars. > _(_)_ wWWWw _ > @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ > @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) > @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ > / Y \| \|/ /(_) \| |/ | > \ | \ |/ | / \ | / \|/ |/ \| \|/ > jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ cool :-D From axelr8 at bigfoot.com Tue Oct 9 17:21:03 2001 From: axelr8 at bigfoot.com (Chris) Date: Tue Dec 2 02:36:13 2003 Subject: samba-tng Message-ID: <594259360.20011010095032@bigfoot.com> Hello, I am having some trouble with samba-tng on my debian/woody box. Samba-tng appears to be installed properly, and all the services startup without any errors, however, whenever I try to add a user or machine account through samedit I get the following error: [root@.]$ createuser user DOMAIN -p passwd createuser user DOMAIN -p passwd SAM Create Domain User Domain: DOMAIN Name: user ACB: [U ] SAMR_CREATE_USER: NT_STATUS_ACCESS_DENIED Create Domain User: FAILED and my log.samr says: open: Connection refused open: Connection refused open: Connection refused Failed to add entry for user user. I have made sure that the user exists in my /etc/passwd file and I have gone through the docs as well as some websites with instructions on how to get samba-tng config'd but I can't manage to see where I am going wrong and if anyone could help me out I would be greatly appreciative :) Chris From succhi at hotmail.com Tue Oct 9 22:06:02 2001 From: succhi at hotmail.com (Stuart Fraser) Date: Tue Dec 2 02:36:13 2003 Subject: Domain unavailable / server not setup for transactions Message-ID: I have tried numerous times to get PDC working but with the same problem occuring over and over. I use the smb.conf below with Samba2.2.1a and Mandrake8.0. My client is Win XP with passwd encryption on and the suggested "domain member: signature.... (always)" option disabled. I can join my client machine to the domain fine but when I try to logon I am told my domain is unavailable. So I logon to the local machine and try and browse "Computers near me" and I get the message "UQI [Domain] is not accessible. You might not have permission to use this network resource. Contact the ..... The server is not configured for transactions" I can't even see my parents machine which is on the same lan. I didn't have any of the browse issues with Samba 2.0 no PDC setup. I could see all server shares and other machines attached to the lan. I have scoured all the docs and almost all the mails and haven't found a solution yet, anyone who has this problem and had a fix HELP ME please. Stu [global] netbios name = DS7 workgroup = UQI os level = 64 preferred master = yes domain master = yes local master = yes remote announce = 192.168.3.255 security = user password level = 7 encrypt passwords = yes domain logons = yes logon drive = X: logon script = logon.cmd hosts allow = 192.168.3. 127. interfaces = 192.168.3.0/24 name resolve order = wins lmhosts bcast wins support = yes wins proxy = yes dns proxy = no log file = /usr/local/samba/var/log.%m domain guest group = person1, person2, person3 domain admin group = root, person1 [netlogon] path = /usr/local/samba/lib/netlogon writeable = no write list = root, person1 [homes] comment = Home Directories browsable = yes writable = yes force create mode = 0705 force directory mode = 0705 _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp From barth at cck.uni-kl.de Tue Oct 9 23:22:02 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:36:13 2003 Subject: Access linux files with a NT service program In-Reply-To: <003c01c1510a$216ae160$0600a8c0@dellraphael> Message-ID: <3BC40563.3814.169F0F@localhost> > Hi, > > I am very new, in the Unix/linux world. > I would like to share linux folders with NT machines. I have Red Hat > 6.0, NFS and Samba are up. > On my NT (Server, SP6), with the explorer I can access folder on the > linux machine, create, read files in these folders... All is Ok. > I have a NT program that would do the same. If I execute this program > as a normal NT process, it works also fine. > But if I run this program as a NT service running under system > account, it has no more visibility on the linux machine. > If it sends a dir command, the respond is 0 file, and I am sure there > are files in the linux folder. What do the samba logs say in this case? I assume the respons "0 files" is just an other buggy windows message and should be an "access denyed": If the programm runs as service, which user uses it to connect to samba? Is this user allowed to connect with out a password? If a password is required: Has the service the password stored some where. Try what happens if you set up the share with "guest ok = yes", "map to guest = bad user" and "null passwords = yes" and setup a valid guest account Read man smb.conf about the serve security impact of this!! Just do it for a short term test and if it works look for a better solution! > If I do the same between two NT machines, to allow the NT service to > see files on a remote NT, > i have to share the remote folder and to modify the remote registry > key : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionShares > to add the name of the shared folder. Not being an expert for NT: "NullSessionShares" looks like "null passwords" or some thing similar. Christian > > Is there a similar thing to do with linux > > Thanks a lot for your help > > > Rapha?l Roung > > rroung@smaeur.com > http://www.sameur.com > > raphael@roung.com > http://www.roung.com > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From dennis at evers.2y.net Tue Oct 9 23:37:01 2001 From: dennis at evers.2y.net (dennis@evers.2y.net) Date: Tue Dec 2 02:36:13 2003 Subject: Access linux files with a NT service program In-Reply-To: <3BC40563.3814.169F0F@localhost> References: <3BC40563.3814.169F0F@localhost> Message-ID: <1002695902.3bc3ecde17109@evers.2y.net> Hi, The problem is in the NT system account. The system account doesn't have privilege to use the network. If you let you service start as a user (which has to excist on samba of course) the problem should be solved. grtz, Dennis Quoting Christian Barth : > > Hi, > > > > I am very new, in the Unix/linux world. > > I would like to share linux folders with NT machines. I have Red Hat > > 6.0, NFS and Samba are up. > > On my NT (Server, SP6), with the explorer I can access folder on > the > > linux machine, create, read files in these folders... All is Ok. > > I have a NT program that would do the same. If I execute this > program > > as a normal NT process, it works also fine. > > But if I run this program as a NT service running under system > > account, it has no more visibility on the linux machine. > > If it sends a dir command, the respond is 0 file, and I am sure > there > > are files in the linux folder. > What do the samba logs say in this case? > I assume the respons "0 files" is just an other buggy windows message > and should be an "access denyed": If the programm runs as service, > which user uses it to connect to samba? Is this user allowed to > connect with out a password? If a password is required: Has the > service the password stored some where. > > Try what happens if you set up the share with "guest ok = yes", "map > to guest = bad user" and "null passwords = yes" and setup a valid > guest account Read man smb.conf about the serve security impact of > this!! Just do it for a short term test and if it works look for a > better solution! > > > If I do the same between two NT machines, to allow the NT service to > > see files on a remote NT, > > i have to share the remote folder and to modify the remote registry > > key : > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Nul lSessionShares > > to add the name of the shared folder. > Not being an expert for NT: "NullSessionShares" looks like "null > passwords" or some thing similar. > > Christian > > > > > > Is there a similar thing to do with linux > > > > Thanks a lot for your help > > > > > > Rapha?l Roung > > > > rroung@smaeur.com > > http://www.sameur.com > > > > raphael@roung.com > > http://www.roung.com > > > > > _(_)_ wWWWw _ > @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ > @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) > @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ > / Y \| \|/ /(_) \| |/ | > \ | \ |/ | / \ | / \|/ |/ \| \|/ > jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > From dennis at evers.2y.net Tue Oct 9 23:40:02 2001 From: dennis at evers.2y.net (dennis@evers.2y.net) Date: Tue Dec 2 02:36:13 2003 Subject: Domain unavailable / server not setup for transactions In-Reply-To: References: Message-ID: <1002696099.3bc3eda364f3e@evers.2y.net> In order for Winxp to logon to the samba domain you would have to change the following registry key. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\Netlogon\Parameters\requir esignorseal value to 0 In my case it solved the problem. grtz, Dennis Quoting Stuart Fraser : > I have tried numerous times to get PDC working but with the same problem > > occuring over and over. I use the smb.conf below with Samba2.2.1a and > > Mandrake8.0. My client is Win XP with passwd encryption on and the > suggested "domain member: signature.... (always)" option disabled. > > I can join my client machine to the domain fine but when I try to logon > I am > told my domain is unavailable. So I logon to the local machine and try > and > browse "Computers near me" and I get the message "UQI [Domain] is not > accessible. You might not have permission to use this network resource. > > Contact the ..... The server is not configured for transactions" > > I can't even see my parents machine which is on the same lan. I didn't > have > any of the browse issues with Samba 2.0 no PDC setup. I could see all > > server shares and other machines attached to the lan. > > I have scoured all the docs and almost all the mails and haven't found a > > solution yet, anyone who has this problem and had a fix HELP ME > please. > > Stu > > [global] > netbios name = DS7 > workgroup = UQI > os level = 64 > preferred master = yes > domain master = yes > local master = yes > remote announce = 192.168.3.255 > security = user > password level = 7 > encrypt passwords = yes > domain logons = yes > logon drive = X: > logon script = logon.cmd > > hosts allow = 192.168.3. 127. > interfaces = 192.168.3.0/24 > name resolve order = wins lmhosts bcast > wins support = yes > wins proxy = yes > dns proxy = no > log file = /usr/local/samba/var/log.%m > domain guest group = person1, person2, person3 > domain admin group = root, person1 > > [netlogon] > path = /usr/local/samba/lib/netlogon > writeable = no > write list = root, person1 > > [homes] > comment = Home Directories > browsable = yes > writable = yes > force create mode = 0705 > force directory mode = 0705 > > > _________________________________________________________________ > Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp > > > From pierre at globeall.de Wed Oct 10 01:25:06 2001 From: pierre at globeall.de (Pierre Burri) Date: Tue Dec 2 02:36:15 2003 Subject: Win2K logging into Samba [newbie] In-Reply-To: References: Message-ID: <20011010082622.92FF1483C9@globeall.de> On Tuesday 09 October 2001 16:10, you wrote: > I just started fooling with having one of our Win2K Pro machines trying to > log into our Samba domain. No go. I can access my network and see the > Samba server, access file shares, and access and install printers through > samba but when I try to log on I get the usual 'credential errors' or > 'procedure out of range'. It looks like the archives talk about this but > what I want to know is what version of Samba is required in order for Win > 2K clients to log into the Samba domain?? Can anyone tell me? Thanks in > advance. > > Dave You need version 2.2.1a and you have to add user "root" in your smbpasswd and than join the domain the first time with root. Afterwards you can use any other account. Cheers, Pierre -- Feel free to visit my Site! http://www.GlobeAll.de Pierre Burri Tel. +49 30 757 02 517 Fax: +49 30 757 02 518 From dennis.bieling at primedisc.com Wed Oct 10 03:44:02 2001 From: dennis.bieling at primedisc.com (dennis.bieling@primedisc.com) Date: Tue Dec 2 02:36:15 2003 Subject: Automatic printerdriver distribution to Windows NT 4.0 Message-ID: Hello to all of you ! By installing my samba-printserver I have discovered some problems that I can`t solve. I am using a Suse 7.2 linux-distribution and samba version 2.2.0. The printing works fine, but I am not able to distribute the printer drivers to my Windows NT 4.0 clients. I build the driver packages using lpadmin. I also created the print$ share and the W32X86 subfolder. I installed an additional subfolder for each printer-model I wanna use and extracted the printer driver package to the specific subfolder. Can anyone help me out of my misery ? Dennis My smb.conf dealing with the printers looks like this: [printers] comment = All Printers create mask = 0700 guest ok = No printable = Yes browseable = No [print$] path = /usr/local/samba/printers read only = Yes [TESTPRIPL009] comment = TESTPRIPL009 read only = Yes create mask = 0700 guest ok = No hosts allow = all printable = Yes printer driver = HP LaserJet 4000 Series PCL 6 printer driver file = /usr/local/samba/printers/W32X86/HP4000PCL/oemnt40.inf printer driver location = /usr/local/samba/printers/W32X86/HP4000PCL/oemnt40.inf oplocks = No share modes = No [HP2500C] create mask = 0700 guest ok = No printable = Yes printer name = HP2500C printer driver = HP 2500C Series Printer printer driver file = usr/local/samba/printers/W32X86/HP2500C/hp2x00c.inf printer driver location = usr/local/samba/printers/W32X86/HP2500C/hp2x00c.inf oplocks = No share modes = No [TESTPRIPL009_PS2] printable = Yes printer name = TESTPRIPL009_PS2 printer driver = HP LaserJet 4000 Series PS printer driver file = usr/local/samba/printers/W32X86/ntprint.inf printer driver location = usr/local/samba/printers/W32X86/ntprint.inf From Damien.J.Dye at student.shu.ac.uk Wed Oct 10 04:40:10 2001 From: Damien.J.Dye at student.shu.ac.uk (Damien J. Dye) Date: Tue Dec 2 02:36:15 2003 Subject: Fwd: samba-tng Message-ID: Have you create the smbpasswd file cos if there isn't one then u get ACCESS DENIED Hello, I am having some trouble with samba-tng on my debian/woody box. Samba-tng appears to be installed properly, and all the services startup without any errors, however, whenever I try to add a user or machine account through samedit I get the following error: [root@.]$ createuser user DOMAIN -p passwd createuser user DOMAIN -p passwd SAM Create Domain User Domain: DOMAIN Name: user ACB: [U ] SAMR_CREATE_USER: NT_STATUS_ACCESS_DENIED Create Domain User: FAILED and my log.samr says: open: Connection refused open: Connection refused open: Connection refused Failed to add entry for user user. I have made sure that the user exists in my /etc/passwd file and I have gone through the docs as well as some websites with instructions on how to get samba-tng config'd but I can't manage to see where I am going wrong and if anyone could help me out I would be greatly appreciative :) Chris From harmit at opentechindia.com Wed Oct 10 04:44:02 2001 From: harmit at opentechindia.com (Harmit) Date: Tue Dec 2 02:36:15 2003 Subject: Samba installation help newbie Message-ID: <3BC434B9.A0E48D8E@opentechindia.com> Hi I am newbie to linux and samba .I will appreciate any help from your side to install,configure..successfully run samba on redhat linux be possible.(steps by steps is preferrred) The /etc/smb.conf is too big to be lost in and I ended up with messsed up configuration. Please help me install in Windows . TIA From bjorn.sundberg at debitech.com Wed Oct 10 05:10:12 2001 From: bjorn.sundberg at debitech.com (=?iso-8859-1?Q?Bj=F6rn__Sundberg?=) Date: Tue Dec 2 02:36:15 2003 Subject: SV: samba-tng Message-ID: <47CB5BFBF511D411A3AC00508BC8636B942101@DEBITECH11> Hi. Have you created a Unix user with that name. Without a Unix user it doesn't work. Cheers Bjorn -----Ursprungligt meddelande----- Fr?n: Chris [mailto:axelr8@bigfoot.com] Skickat: den 10 oktober 2001 02:21 Till: samba-ntdom@lists.samba.org ?mne: samba-tng Hello, I am having some trouble with samba-tng on my debian/woody box. Samba-tng appears to be installed properly, and all the services startup without any errors, however, whenever I try to add a user or machine account through samedit I get the following error: [root@.]$ createuser user DOMAIN -p passwd createuser user DOMAIN -p passwd SAM Create Domain User Domain: DOMAIN Name: user ACB: [U ] SAMR_CREATE_USER: NT_STATUS_ACCESS_DENIED Create Domain User: FAILED and my log.samr says: open: Connection refused open: Connection refused open: Connection refused Failed to add entry for user user. I have made sure that the user exists in my /etc/passwd file and I have gone through the docs as well as some websites with instructions on how to get samba-tng config'd but I can't manage to see where I am going wrong and if anyone could help me out I would be greatly appreciative :) Chris From lederhaas.horst at seidel.at Wed Oct 10 05:55:02 2001 From: lederhaas.horst at seidel.at (Horst Lederhaas) Date: Tue Dec 2 02:36:15 2003 Subject: "security = domain" Problem Message-ID: <3BC4456D.A8150C8E@seidel.at> Hello ! I would like to put my samba file server in a existing nt 4.0 domain. It work's all fine, only the password verification makes some problems. I've enabled: "security = domain" "password server = 10.10.1.2 10.10.1.9" "encrypt passwords = yes" Now i have the problem that samba only looks in the smbpasswd file for the passwords. If i enable in smbpasswd that "no password required" an a client does not do a domain logon to the nt servers, and the user exists on the samba server, he get access to the server, even also when the password is not correct (to the nt pdc). i would'nt like to convert the nt users to a smbpasswd. Is this normal that he only look in the smbpasswd? i would like to verify the user on my nt domain. I've read that only the user must exist, without any password and the nt pdc says if the password is correct or not. I hope you can follow me with my problem, and anybody can help me. I use SuSE 7.2 with Samba 2.2.0 The PDC and BDC are NT 4.0 Srv. SrvPack 6 Thnx Horst -- Horst Lederhaas, IT - Management SEIDEL Elektronik GmbH. Frauentalerstr. 100 8530 Deutschlandsberg, Austria Phone: ++43 3462 6800 252 Fax: ++43 3462 6800 165 URL: http://www.seidel.at/ From ramat at univ-littoral.fr Wed Oct 10 06:09:02 2001 From: ramat at univ-littoral.fr (ramat) Date: Tue Dec 2 02:36:15 2003 Subject: Approbation d'un domaine de la part de samba Message-ID: <3BC448BD.2B344F5@univ-littoral.fr> Bonjour, Je travaille actuellement ? l'universit? du littoral. Cet ?t? , j'ai installe un serveur samba sous une debian 2.2. Ca fonctionne tres bien. Parallelement ? ce serveur, j'ai un autre serveur sous Windows 2000 . Je souhaiterais realiser une relation d'approbation entre samba et ce serveur. Est ce possible ? Comment fait-on ? Merci pour votre aide Nathalie From asoler at martinaditrento.com Wed Oct 10 06:34:06 2001 From: asoler at martinaditrento.com (Alejandro Soler) Date: Tue Dec 2 02:36:16 2003 Subject: C$ Share - Please Message-ID: <3BC44DBD.7030106@martinaditrento.com> Hello: This is my second mail to the list. I`m very desperate about this cuestion. I need to log in NT 4 (SP6) workstation remotly to C$ share. I`m a domain administrator and C$ share exists. My PDC is Samba 2.2.1a in RH 7.1 server with 2.4.9 Kernel. When I try to do this my samba client give my this error: tree connect failed: ERRDOS - ERRnoaccess (Acces denied.) If i go to the workstation and put my user in the Administrator list i dont have any problem. But i have more than 100 NT workstations ;-) This is the log in my PDC server, my administrador user is granted as domain admin user. Anybody could help me? Please Thanks [2001/10/10 10:23:09.096157, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) Transaction 4508 of length 95 [2001/10/10 10:23:09.096260, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) switch message SMBntcreateX (pid 29871) [2001/10/10 10:23:09.096343, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) nt_open_pipe: Known pipe srvsvc opening. [2001/10/10 10:23:09.097219, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) Transaction 4509 of length 152 [2001/10/10 10:23:09.097303, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) switch message SMBtrans (pid 29871) [2001/10/10 10:23:09.097381, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) trans <\PIPE\> data=72 params=0 setup=2 [2001/10/10 10:23:09.097453, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) named pipe command on <> name [2001/10/10 10:23:09.097519, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) Got API command 0x26 on pipe "srvsvc" (pnum 702e)api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs [2001/10/10 10:23:09.098352, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) Transaction 4510 of length 140 [2001/10/10 10:23:09.098433, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) switch message SMBtrans (pid 29871) [2001/10/10 10:23:09.098507, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) trans <\PIPE\> data=60 params=0 setup=2 [2001/10/10 10:23:09.098575, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) named pipe command on <> name [2001/10/10 10:23:09.098636, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) Got API command 0x26 on pipe "srvsvc" (pnum 702e)free_pipe_context: destroying talloc pool of size 0 [2001/10/10 10:23:09.098761, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) Doing \PIPE\srvsvc [2001/10/10 10:23:09.098835, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO [2001/10/10 10:23:09.098955, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) free_pipe_context: destroying talloc pool of size 1148 [2001/10/10 10:23:09.099699, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) Transaction 4511 of length 46 [2001/10/10 10:23:09.099778, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) switch message SMBclose (pid 29871) [2001/10/10 10:23:09.100533, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) Transaction 4512 of length 430 [2001/10/10 10:23:09.100615, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) switch message SMBtrans (pid 29871) [2001/10/10 10:23:09.100691, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) trans <\PIPE\> data=350 params=0 setup=2 [2001/10/10 10:23:09.100759, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) named pipe command on <> name [2001/10/10 10:23:09.100861, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) Got API command 0x26 on pipe "NETLOGON" (pnum 703a)free_pipe_context: destroying talloc pool of size 0 [2001/10/10 10:23:09.101005, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) Doing \PIPE\NETLOGON [2001/10/10 10:23:09.101075, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) api_rpcTNP: rpc command: NET_SAMLOGON [2001/10/10 10:23:09.101878, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_netlog_nt.c:_net_sam_logon(544) SAM Logon (Network). Domain:[GENERAL]. User:[ADMINISTRADOR] [2001/10/10 10:23:09.101976, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2001/10/10 10:23:09.102107, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2001/10/10 10:23:09.102742, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2001/10/10 10:23:09.102825, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 [2001/10/10 10:23:09.102893, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2001/10/10 10:23:09.102984, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2001/10/10 10:23:09.103584, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(185) domain group access 513/7 granted [2001/10/10 10:23:09.103903, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(192) domain admin group access 512/7 granted [2001/10/10 10:23:09.104105, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) free_pipe_context: destroying talloc pool of size 4830 [2001/10/10 10:23:09.104325, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) Transaction 4513 of length 95 [2001/10/10 10:23:09.104404, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) switch message SMBntcreateX (pid 29871) [2001/10/10 10:23:09.104477, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) nt_open_pipe: Known pipe wkssvc opening. [2001/10/10 10:23:09.106134, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) Transaction 4514 of length 152 [2001/10/10 10:23:09.106216, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) switch message SMBtrans (pid 29871) [2001/10/10 10:23:09.106290, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) trans <\PIPE\> data=72 params=0 setup=2 [2001/10/10 10:23:09.106358, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) named pipe command on <> name [2001/10/10 10:23:09.106419, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) Got API command 0x26 on pipe "wkssvc" (pnum 702f)api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs [2001/10/10 10:23:09.107280, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) Transaction 4515 of length 140 [2001/10/10 10:23:09.107360, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) switch message SMBtrans (pid 29871) [2001/10/10 10:23:09.107432, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) trans <\PIPE\> data=60 params=0 setup=2 [2001/10/10 10:23:09.107499, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) named pipe command on <> name [2001/10/10 10:23:09.107558, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) Got API command 0x26 on pipe "wkssvc" (pnum 702f)free_pipe_context: destroying talloc pool of size 0 [2001/10/10 10:23:09.107675, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) Doing \PIPE\wkssvc [2001/10/10 10:23:09.107745, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) api_rpcTNP: rpc command: WKS_Q_QUERY_INFO [2001/10/10 10:23:09.107852, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) free_pipe_context: destroying talloc pool of size 1092 [2001/10/10 10:23:09.108544, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) Transaction 4516 of length 46 [2001/10/10 10:23:09.108622, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) switch message SMBclose (pid 29871) -- --------------------------------------------------- _/ _____/ Alejandro L. Soler _/ _/ _/ Administrador de Sistemas _/ _/ ____/ Martina di Trento S.A. _/_/_/_/ _/ Buenos Aires - Argentina _/ _/ _____/ http://www.martinaditrento.com --------------------------------------------------- Linux Registered User: # 184478 From beers at xs4all.nl Wed Oct 10 06:42:06 2001 From: beers at xs4all.nl (beers) Date: Tue Dec 2 02:36:16 2003 Subject: C$ Share - Please In-Reply-To: <3BC44DBD.7030106@martinaditrento.com> References: <3BC44DBD.7030106@martinaditrento.com> Message-ID: <01101010425601.01153@beers> On Wednesday 10 October 2001 08:31, Alejandro Soler wrote: > Hello: > This is my second mail to the list. I`m very desperate about this cuestion. > I need to log in NT 4 (SP6) workstation remotly to C$ share. I`m a domain > administrator and C$ share exists. My PDC is Samba 2.2.1a in RH 7.1 server > with 2.4.9 Kernel. When I try to do this my samba client give my this > error: > > tree connect failed: ERRDOS - ERRnoaccess (Acces denied.) > > If i go to the workstation and put my user in the Administrator list i dont > have any problem. But i have more than 100 NT workstations ;-) > > This is the log in my PDC server, my administrador user is granted as > domain admin user. > > Anybody could help me? Please The easiest solution is to not use c$ Instead make a cee$ share or something yourself. c$ is shared by NT as a admin only share and they put some voodoo in there so its perms are not easy modifyable. HTH Richard From epn.neustadt at t-online.de Wed Oct 10 06:55:03 2001 From: epn.neustadt at t-online.de (epn) Date: Tue Dec 2 02:36:16 2003 Subject: W2K -Printing References: <15o1tZ-0blTRhC@fwd04.sul.t-online.com> <3BB8773E.E37074CC@gmp.iut-tlse3.fr> <15oLQu-23i7HsC@fwd02.sul.t-online.com> <3BB99F4B.EDCA081@gmp.iut-tlse3.fr> Message-ID: <15rJqT-2B42NMC@fwd01.sul.t-online.com> Hi all, my Printing under Samba 2.2.1a works fine (with 25 x Win9X). But under W2K are many effects like this: Cannot change the Printer-Name . After second booting, I have no access to the printer . File access to the PDC from W2K is O.K. Is there any additional setup for W2K required ???? Thanks Sebastian Wern From grobe at gmx.net Wed Oct 10 07:41:10 2001 From: grobe at gmx.net (grobe@gmx.net) Date: Tue Dec 2 02:36:16 2003 Subject: setting date for account expiration with samba pdc? Message-ID: <20222.1002724951@www35.gmx.net> Hi! I have 2.2 configured as PDC for Windows2000-clients. Everything's nice and stable, I just found that samba ignores the unix account expiration date (I have security=user). Do I have to recompile samba with pam enabled to make account expiration work? Thank You, CU, Lars. -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net From barth at cck.uni-kl.de Wed Oct 10 07:43:05 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:36:16 2003 Subject: "security = domain" Problem In-Reply-To: <3BC4456D.A8150C8E@seidel.at> Message-ID: <3BC47AE8.15466.1E1ACD5@localhost> > Hello ! > > I would like to put my samba file server in a existing nt 4.0 domain. > It work's all fine, only the password verification makes some problems. > > I've enabled: > "security = domain" > "password server = 10.10.1.2 10.10.1.9" > "encrypt passwords = yes" Have you joint samba to the nt domain with smbpasswd -j ..... ? Christian > Now i have the problem that samba only looks in the smbpasswd file for > the passwords. > If i enable in smbpasswd that "no password required" an a client does > not do a domain > logon to the nt servers, and the user exists on the samba server, he get > access to the server, even > also when the password is not correct (to the nt pdc). > i would'nt like to convert the nt users to a smbpasswd. > > Is this normal that he only look in the smbpasswd? i would like to > verify the user on my nt domain. > I've read that only the user must exist, without any password and the nt > pdc says if the password is correct > or not. > > I hope you can follow me with my problem, and anybody can help me. > I use SuSE 7.2 with Samba 2.2.0 > The PDC and BDC are NT 4.0 Srv. SrvPack 6 > > Thnx > Horst > > > > -- > Horst Lederhaas, > IT - Management > > SEIDEL Elektronik GmbH. > Frauentalerstr. 100 > 8530 Deutschlandsberg, Austria > Phone: ++43 3462 6800 252 > Fax: ++43 3462 6800 165 > URL: http://www.seidel.at/ > > > > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From ian at WPI.EDU Wed Oct 10 07:44:24 2001 From: ian at WPI.EDU (Ian Cooper) Date: Tue Dec 2 02:36:16 2003 Subject: C$ Share - Please In-Reply-To: <3BC44DBD.7030106@martinaditrento.com> Message-ID: This is just a guess (I'm mildly familiar with NT and W2000), but I think that to access the default C$ share, you need to be a member of the "Administrators" group unless you can change the permissions on that share on each machine. On Wed, 10 Oct 2001, Alejandro Soler wrote: > Hello: > This is my second mail to the list. I`m very desperate about this cuestion. I need to log in NT 4 (SP6) workstation remotly to C$ share. I`m a domain administrator and C$ share exists. My PDC is Samba 2.2.1a in RH 7.1 server with 2.4.9 Kernel. > When I try to do this my samba client give my this error: > > tree connect failed: ERRDOS - ERRnoaccess (Acces denied.) > > If i go to the workstation and put my user in the Administrator list i dont have any problem. But i have more than 100 NT workstations ;-) > > This is the log in my PDC server, my administrador user is granted as domain admin user. > > Anybody could help me? Please > > Thanks > > [2001/10/10 10:23:09.096157, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4508 of length 95 > [2001/10/10 10:23:09.096260, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBntcreateX (pid 29871) > [2001/10/10 10:23:09.096343, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) > nt_open_pipe: Known pipe srvsvc opening. > [2001/10/10 10:23:09.097219, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4509 of length 152 > [2001/10/10 10:23:09.097303, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.097381, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=72 params=0 setup=2 > [2001/10/10 10:23:09.097453, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.097519, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "srvsvc" (pnum 702e)api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs > [2001/10/10 10:23:09.098352, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4510 of length 140 > [2001/10/10 10:23:09.098433, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.098507, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=60 params=0 setup=2 > [2001/10/10 10:23:09.098575, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.098636, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "srvsvc" (pnum 702e)free_pipe_context: destroying talloc pool of size 0 > [2001/10/10 10:23:09.098761, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > Doing \PIPE\srvsvc > [2001/10/10 10:23:09.098835, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO > [2001/10/10 10:23:09.098955, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > free_pipe_context: destroying talloc pool of size 1148 > [2001/10/10 10:23:09.099699, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4511 of length 46 > [2001/10/10 10:23:09.099778, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBclose (pid 29871) > [2001/10/10 10:23:09.100533, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4512 of length 430 > [2001/10/10 10:23:09.100615, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.100691, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=350 params=0 setup=2 > [2001/10/10 10:23:09.100759, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.100861, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "NETLOGON" (pnum 703a)free_pipe_context: destroying talloc pool of size 0 > [2001/10/10 10:23:09.101005, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > Doing \PIPE\NETLOGON > [2001/10/10 10:23:09.101075, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > api_rpcTNP: rpc command: NET_SAMLOGON > [2001/10/10 10:23:09.101878, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_netlog_nt.c:_net_sam_logon(544) > SAM Logon (Network). Domain:[GENERAL]. User:[ADMINISTRADOR] > [2001/10/10 10:23:09.101976, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102107, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102742, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > [2001/10/10 10:23:09.102825, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102893, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102984, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > [2001/10/10 10:23:09.103584, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(185) > domain group access 513/7 granted > [2001/10/10 10:23:09.103903, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(192) > domain admin group access 512/7 granted > [2001/10/10 10:23:09.104105, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > free_pipe_context: destroying talloc pool of size 4830 > [2001/10/10 10:23:09.104325, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4513 of length 95 > [2001/10/10 10:23:09.104404, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBntcreateX (pid 29871) > [2001/10/10 10:23:09.104477, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) > nt_open_pipe: Known pipe wkssvc opening. > [2001/10/10 10:23:09.106134, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4514 of length 152 > [2001/10/10 10:23:09.106216, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.106290, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=72 params=0 setup=2 > [2001/10/10 10:23:09.106358, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.106419, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "wkssvc" (pnum 702f)api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs > [2001/10/10 10:23:09.107280, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4515 of length 140 > [2001/10/10 10:23:09.107360, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.107432, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=60 params=0 setup=2 > [2001/10/10 10:23:09.107499, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.107558, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "wkssvc" (pnum 702f)free_pipe_context: destroying talloc pool of size 0 > [2001/10/10 10:23:09.107675, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > Doing \PIPE\wkssvc > [2001/10/10 10:23:09.107745, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > api_rpcTNP: rpc command: WKS_Q_QUERY_INFO > [2001/10/10 10:23:09.107852, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > free_pipe_context: destroying talloc pool of size 1092 > [2001/10/10 10:23:09.108544, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4516 of length 46 > [2001/10/10 10:23:09.108622, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBclose (pid 29871) > > > > -- > --------------------------------------------------- > _/ _____/ Alejandro L. Soler > _/ _/ _/ Administrador de Sistemas > _/ _/ ____/ Martina di Trento S.A. > _/_/_/_/ _/ Buenos Aires - Argentina > _/ _/ _____/ http://www.martinaditrento.com > --------------------------------------------------- > Linux Registered User: # 184478 > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- Ian Cooper ian@wpi.edu From succhi at hotmail.com Wed Oct 10 08:35:02 2001 From: succhi at hotmail.com (Stuart Fraser) Date: Tue Dec 2 02:36:16 2003 Subject: Domain unavailable / server not setup for transactions Message-ID: Do you have any other ideas, I had already set HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\Netlogon\Parameters\requiresignorseal value to 0 without any success. Stu >From: dennis@evers.2y.net >To: Stuart Fraser >CC: samba-ntdom@lists.samba.org >Subject: Re: Domain unavailable / server not setup for transactions >Date: Wed, 10 Oct 2001 08:41:39 +0200 (CEST) > >In order for Winxp to logon to the samba domain you would have to change >the >following registry key. > >HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\Netlogon\Parameters\requir >esignorseal > >value to 0 > >In my case it solved the problem. > >grtz, >Dennis > >Quoting Stuart Fraser : > > > I have tried numerous times to get PDC working but with the same problem > > > > occuring over and over. I use the smb.conf below with Samba2.2.1a and > > > > Mandrake8.0. My client is Win XP with passwd encryption on and the > > suggested "domain member: signature.... (always)" option disabled. > > > > I can join my client machine to the domain fine but when I try to logon > > I am > > told my domain is unavailable. So I logon to the local machine and try > > and > > browse "Computers near me" and I get the message "UQI [Domain] is not > > accessible. You might not have permission to use this network resource. > > > > Contact the ..... The server is not configured for transactions" > > > > I can't even see my parents machine which is on the same lan. I didn't > > have > > any of the browse issues with Samba 2.0 no PDC setup. I could see all > > > > server shares and other machines attached to the lan. > > > > I have scoured all the docs and almost all the mails and haven't found a > > > > solution yet, anyone who has this problem and had a fix HELP ME > > please. > > > > Stu > > > > [global] > > netbios name = DS7 > > workgroup = UQI > > os level = 64 > > preferred master = yes > > domain master = yes > > local master = yes > > remote announce = 192.168.3.255 > > security = user > > password level = 7 > > encrypt passwords = yes > > domain logons = yes > > logon drive = X: > > logon script = logon.cmd > > > > hosts allow = 192.168.3. 127. > > interfaces = 192.168.3.0/24 > > name resolve order = wins lmhosts bcast > > wins support = yes > > wins proxy = yes > > dns proxy = no > > log file = /usr/local/samba/var/log.%m > > domain guest group = person1, person2, person3 > > domain admin group = root, person1 > > > > [netlogon] > > path = /usr/local/samba/lib/netlogon > > writeable = no > > write list = root, person1 > > > > [homes] > > comment = Home Directories > > browsable = yes > > writable = yes > > force create mode = 0705 > > force directory mode = 0705 > > > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at > > http://explorer.msn.com/intl.asp > > > > > > > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp From jpuckett at ticom.com Wed Oct 10 09:09:02 2001 From: jpuckett at ticom.com (James Puckett) Date: Tue Dec 2 02:36:16 2003 Subject: 2 NT 4.0 / Samba 2.2.0-15 questions Message-ID: <01101012054502.14423@blackwell> All, I am using NT 4 SP 6 and Samba 2.2.0-15 on Linux, and am having two problems. The samba server is a domain controller and print server for the NT machines, which I am attempting to convert to use roaming profiles via the samba PDC. Problem one: When using my Samba domain account on the machines, programs running in Windows constantly generate memory access violation errors and crash, starting Dr. Watson and often causing problems with the machines in general. Problem two: I am able to set up my printer on the Samba machine and have the NT machines print to it as the local admin account, but when I log in with my domain account the printer settings have been lost, and I can not set up the printer because I do not have local access to install drivers. Other users however, are able to install the driver. What I want to do is have one network printer set up on the NT machines that is the same for all users. My smb.conf follows below, private information has been replaced with XXX. Thanks! -james # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2001/10/10 11:16:37 # Global parameters [global] workgroup = XXX netbios name = XXX encrypt passwords = Yes smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u username map = /etc/username.mapping password level = 8 username level = 8 unix password sync = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain admin users = XXX logon script = %U.bat logon path = \\XXX\profile\%U logon home = \\XXX\%U domain logons = Yes os level = 34 preferred master = True domain master = True invalid users = root bin daemon adm lp sync shutdown halt mail news uucp operator admin users = XXX [cgsmb] comment = XXX path = /home/XXX valid users = @XXX create mask = 0660 directory mask = 0770 [homes] read only = No browseable = No [netlogon] comment = The domain logon service path = /home/netlogon browseable = No [profile] comment = User profiles path = /home/profile read only = No create mask = 0600 directory mask = 0700 browseable = No [lp] path = /tmp guest account = ftp guest ok = Yes printable = Yes print command = /usr/bin/lpr -r %s printer name = lp printer driver = HP Deskjet 850C valid users = * From jmcd at us.ibm.com Wed Oct 10 09:11:03 2001 From: jmcd at us.ibm.com (Jim McDonough) Date: Tue Dec 2 02:36:16 2003 Subject: Approbation d'un domaine de la part de samba Message-ID: Peut-?tre tu peux mettre le serveur Samba dans le (la?) domaine? Est-ce qu'il y a des serveurs NT dans le domaine? J'essai ? demander si le domaine est en "mixed mode" (pardon, je ne connais pas tous les mots)...s'il y en a, on pourrait le joindre au domaine et utiliser winbind... C'est quelle version de samba? ---------------------------- Jim McDonough IBM Linux Technology Center 6 Minuteman Drive Scarborough, ME 04074 USA jmcd@us.ibm.com Phone: (207) 885-5565 IBM tie-line: 776-9984 ramat on 10/10/2001 11:13:52 AM To: Jim McDonough/Portland/IBM@IBMUS cc: Subject: Re: Approbation d'un domaine de la part de samba Ce serveur Windows 2000 est un controleur de domaine . Quant ? mon fichier Samba je te le joins car je pense qu'il manque des commandes. A plus Nathalie Jim McDonough a ?crit : > > Ce serveur sous Windows 2000, est-ce qu'il est dans une domaine? Et pour > le serveur samba, comment lire la ligne "security =" dans le fichier > smb.conf? > > ---------------------------- > Jim McDonough > IBM Linux Technology Center > 6 Minuteman Drive > Scarborough, ME 04074 > USA > > jmcd@us.ibm.com > > Phone: (207) 885-5565 > IBM tie-line: 776-9984 > > ramat @lists.samba.org on 10/10/2001 09:10:21 AM > > Sent by: samba-ntdom-admin@lists.samba.org > > To: samba-ntdom@lists.samba.org > cc: > Subject: Approbation d'un domaine de la part de samba > > Bonjour, > > Je travaille actuellement ? l'universit? du littoral. Cet ?t? , j'ai > installe un serveur samba sous une debian 2.2. Ca fonctionne tres bien. > Parallelement ? ce serveur, j'ai un autre serveur sous Windows 2000 . > Je souhaiterais realiser une relation d'approbation entre samba et ce > serveur. Est ce possible ? Comment fait-on ? > > Merci pour votre aide > > Nathalie ; ******************************************************************* ; ******************************************************************* ; *** *** ; *** WELCOME TO ARNAUD'S SMB.CONF *** ; *** *** ; *** *** ; ******************************************************************* ; ******************************************************************* ; ; /etc/samba/smb.conf ; [global] printing = bsd printcap name = /etc/printcap load printers = yes ; partage des imprimantes du serveur log file = /var/log/log.%m ; fichier log logon home = \\%L\%U ; repertoire home de l'utilisateur (%L=serveur, %U=user) logon path = \\%L\%U\profile ; repertoire pour les profiles domain logons = yes ; possibilite de se loguer sur le domaine password server = 192.168.22.61 ; adresse du serveur ou se trouvent les mots de passe hosts allow = 192.168.22. ; les adresses des machines autorisees smb passwd file = /etc/samba/smbpasswd ; fichier samba des passwords logon drive = u: ; lecteur attribue au repertoire home de l'user logon script = connexion.bat ; script execute a la connexion security = user ; oblige celui qui ce connecte sous NT a avoir un compte unix sur le serveur workgroup = DPTINFO ; nom du domaine/workgroup netbios name = litchi netbios aliases = LITCHI ; nom NetBIOS du serveur Samba server string = Serveur Samba %v ; commentaire associe au serveur encrypt passwords = yes ; cryptage des passwords wins support = yes ;wins server = 192.168.22.62 ; samba ne sert de serveur wins (fait le rapprochement nom_machine/adresse_IP) ; ce service est sur nectarine name resolve order = lmhosts host wins bcast ; ordre de resolution des noms de machine dns proxy = no ; This will prevent nmbd to search for NetBIOS names through DNS. preserve case = yes short preserve case = yes ; Name mangling options unix password sync = yes ; synchronisation des passwd samba/unix : si un est change, l'autre aussi passwd program = /usr/bin/yppasswd %u ;passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ;passwd chat = "*Enter OLD *password*" %o\n "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password changed*" passwd chat = *ld*password:* %o\n *ew*password:* %n\n *etype*ew*password:* %n\n "*sword has been changed*" ; programme necessaire pour la synchronisation des passwords unix/samba max log size = 1000 ; taille maximale du fichier log max disk size = 50 time server = yes ; samba sert de server pour l'horloge socket options = TCP_NODELAY os level = 255 domain master = yes local master = yes preferred master = yes dead time = 0 debug level = 0 ; autres parametres [homes] comment = Repertoires Home browseable = no read only = no create mask = 0700 directory mask = 0700 [printers] comment = All Printers browseable = no path = /tmp printable = yes ; public = no ; writable = no ; create mode = 0700 guest ok = yes [netlogon] comment = NetLogon path = /home/netlogon/%g public = no writable = no ; browseable = no ; create mask = 0644 ; directory mask = 0755 [temp] comment = Repertoire temporaire path = /home/temp read only = no public = yes create mode = 0755 From jroman6 at ford.com Wed Oct 10 10:11:03 2001 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:36:16 2003 Subject: C$ Share - Please Message-ID: <200110101712.f9AHCOr00628@dymwsm12.mailwatch.com> I used to have a problem with this because I forgot to escape the $. the BASH shell expects a variable name to follow a "$" sign. The only way I can get it to work is like this: smbmount //workstationname/c\$ /mnt/remote -o username=NTDomain\username -----Original Message----- From: Ian Cooper [mailto:ian@WPI.EDU] Sent: Wednesday, October 10, 2001 10:46 AM To: Alejandro Soler Cc: Samba; samba-ntdom@lists.samba.org Subject: Re: C$ Share - Please This is just a guess (I'm mildly familiar with NT and W2000), but I think that to access the default C$ share, you need to be a member of the "Administrators" group unless you can change the permissions on that share on each machine. On Wed, 10 Oct 2001, Alejandro Soler wrote: > Hello: > This is my second mail to the list. I`m very desperate about this cuestion. I need to log in NT 4 (SP6) workstation remotly to C$ share. I`m a domain administrator and C$ share exists. My PDC is Samba 2.2.1a in RH 7.1 server with 2.4.9 Kernel. > When I try to do this my samba client give my this error: > > tree connect failed: ERRDOS - ERRnoaccess (Acces denied.) > > If i go to the workstation and put my user in the Administrator list i dont have any problem. But i have more than 100 NT workstations ;-) > > This is the log in my PDC server, my administrador user is granted as domain admin user. > > Anybody could help me? Please > > Thanks > > [2001/10/10 10:23:09.096157, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4508 of length 95 > [2001/10/10 10:23:09.096260, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBntcreateX (pid 29871) > [2001/10/10 10:23:09.096343, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) > nt_open_pipe: Known pipe srvsvc opening. > [2001/10/10 10:23:09.097219, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4509 of length 152 > [2001/10/10 10:23:09.097303, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.097381, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=72 params=0 setup=2 > [2001/10/10 10:23:09.097453, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.097519, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "srvsvc" (pnum 702e)api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs > [2001/10/10 10:23:09.098352, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4510 of length 140 > [2001/10/10 10:23:09.098433, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.098507, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=60 params=0 setup=2 > [2001/10/10 10:23:09.098575, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.098636, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "srvsvc" (pnum 702e)free_pipe_context: destroying talloc pool of size 0 > [2001/10/10 10:23:09.098761, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > Doing \PIPE\srvsvc > [2001/10/10 10:23:09.098835, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO > [2001/10/10 10:23:09.098955, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > free_pipe_context: destroying talloc pool of size 1148 > [2001/10/10 10:23:09.099699, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4511 of length 46 > [2001/10/10 10:23:09.099778, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBclose (pid 29871) > [2001/10/10 10:23:09.100533, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4512 of length 430 > [2001/10/10 10:23:09.100615, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.100691, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=350 params=0 setup=2 > [2001/10/10 10:23:09.100759, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.100861, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "NETLOGON" (pnum 703a)free_pipe_context: destroying talloc pool of size 0 > [2001/10/10 10:23:09.101005, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > Doing \PIPE\NETLOGON > [2001/10/10 10:23:09.101075, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > api_rpcTNP: rpc command: NET_SAMLOGON > [2001/10/10 10:23:09.101878, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_netlog_nt.c:_net_sam_logon(544) > SAM Logon (Network). Domain:[GENERAL]. User:[ADMINISTRADOR] > [2001/10/10 10:23:09.101976, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102107, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102742, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > [2001/10/10 10:23:09.102825, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102893, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102984, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > [2001/10/10 10:23:09.103584, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(185) > domain group access 513/7 granted > [2001/10/10 10:23:09.103903, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(192) > domain admin group access 512/7 granted > [2001/10/10 10:23:09.104105, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > free_pipe_context: destroying talloc pool of size 4830 > [2001/10/10 10:23:09.104325, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4513 of length 95 > [2001/10/10 10:23:09.104404, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBntcreateX (pid 29871) > [2001/10/10 10:23:09.104477, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) > nt_open_pipe: Known pipe wkssvc opening. > [2001/10/10 10:23:09.106134, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4514 of length 152 > [2001/10/10 10:23:09.106216, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.106290, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=72 params=0 setup=2 > [2001/10/10 10:23:09.106358, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.106419, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "wkssvc" (pnum 702f)api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs > [2001/10/10 10:23:09.107280, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4515 of length 140 > [2001/10/10 10:23:09.107360, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.107432, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=60 params=0 setup=2 > [2001/10/10 10:23:09.107499, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.107558, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "wkssvc" (pnum 702f)free_pipe_context: destroying talloc pool of size 0 > [2001/10/10 10:23:09.107675, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > Doing \PIPE\wkssvc > [2001/10/10 10:23:09.107745, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > api_rpcTNP: rpc command: WKS_Q_QUERY_INFO > [2001/10/10 10:23:09.107852, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > free_pipe_context: destroying talloc pool of size 1092 > [2001/10/10 10:23:09.108544, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4516 of length 46 > [2001/10/10 10:23:09.108622, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBclose (pid 29871) > > > > -- > --------------------------------------------------- > _/ _____/ Alejandro L. Soler > _/ _/ _/ Administrador de Sistemas > _/ _/ ____/ Martina di Trento S.A. > _/_/_/_/ _/ Buenos Aires - Argentina > _/ _/ _____/ http://www.martinaditrento.com > --------------------------------------------------- > Linux Registered User: # 184478 > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- Ian Cooper ian@wpi.edu From jroman6 at ford.com Wed Oct 10 11:18:01 2001 From: jroman6 at ford.com (Roman, James (J.D.)) Date: Tue Dec 2 02:36:16 2003 Subject: C$ Share - Please Message-ID: <200110101819.f9AIJJY10288@dymwsm10.mailwatch.com> Correction to the earlier command. It should be: smbmount //workstationname/c\$ /mnt/remote -o username=username/NTdomain Additionally, you would need to escape `~!@#%^&*()[]{}:;\,.'" characters anyplace else. However, you should not need to add yourself to the Administrator group on each Workstation. Domain Admins should already be a member of a PC that belongs to an NT domain. -----Original Message----- From: Roman, James (J.D.) [mailto:jroman6@ford.com] Sent: Wednesday, October 10, 2001 1:06 PM To: 'Ian Cooper'; Alejandro Soler Cc: Samba; samba-ntdom@lists.samba.org Subject: RE: C$ Share - Please I used to have a problem with this because I forgot to escape the $. the BASH shell expects a variable name to follow a "$" sign. The only way I can get it to work is like this: smbmount //workstationname/c\$ /mnt/remote -o username=NTDomain\username -----Original Message----- From: Ian Cooper [mailto:ian@WPI.EDU] Sent: Wednesday, October 10, 2001 10:46 AM To: Alejandro Soler Cc: Samba; samba-ntdom@lists.samba.org Subject: Re: C$ Share - Please This is just a guess (I'm mildly familiar with NT and W2000), but I think that to access the default C$ share, you need to be a member of the "Administrators" group unless you can change the permissions on that share on each machine. On Wed, 10 Oct 2001, Alejandro Soler wrote: > Hello: > This is my second mail to the list. I`m very desperate about this cuestion. I need to log in NT 4 (SP6) workstation remotly to C$ share. I`m a domain administrator and C$ share exists. My PDC is Samba 2.2.1a in RH 7.1 server with 2.4.9 Kernel. > When I try to do this my samba client give my this error: > > tree connect failed: ERRDOS - ERRnoaccess (Acces denied.) > > If i go to the workstation and put my user in the Administrator list i dont have any problem. But i have more than 100 NT workstations ;-) > > This is the log in my PDC server, my administrador user is granted as domain admin user. > > Anybody could help me? Please > > Thanks > > [2001/10/10 10:23:09.096157, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4508 of length 95 > [2001/10/10 10:23:09.096260, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBntcreateX (pid 29871) > [2001/10/10 10:23:09.096343, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) > nt_open_pipe: Known pipe srvsvc opening. > [2001/10/10 10:23:09.097219, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4509 of length 152 > [2001/10/10 10:23:09.097303, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.097381, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=72 params=0 setup=2 > [2001/10/10 10:23:09.097453, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.097519, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "srvsvc" (pnum 702e)api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs > [2001/10/10 10:23:09.098352, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4510 of length 140 > [2001/10/10 10:23:09.098433, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.098507, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=60 params=0 setup=2 > [2001/10/10 10:23:09.098575, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.098636, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "srvsvc" (pnum 702e)free_pipe_context: destroying talloc pool of size 0 > [2001/10/10 10:23:09.098761, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > Doing \PIPE\srvsvc > [2001/10/10 10:23:09.098835, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO > [2001/10/10 10:23:09.098955, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > free_pipe_context: destroying talloc pool of size 1148 > [2001/10/10 10:23:09.099699, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4511 of length 46 > [2001/10/10 10:23:09.099778, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBclose (pid 29871) > [2001/10/10 10:23:09.100533, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4512 of length 430 > [2001/10/10 10:23:09.100615, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.100691, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=350 params=0 setup=2 > [2001/10/10 10:23:09.100759, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.100861, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "NETLOGON" (pnum 703a)free_pipe_context: destroying talloc pool of size 0 > [2001/10/10 10:23:09.101005, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > Doing \PIPE\NETLOGON > [2001/10/10 10:23:09.101075, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > api_rpcTNP: rpc command: NET_SAMLOGON > [2001/10/10 10:23:09.101878, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_netlog_nt.c:_net_sam_logon(544) > SAM Logon (Network). Domain:[GENERAL]. User:[ADMINISTRADOR] > [2001/10/10 10:23:09.101976, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102107, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102742, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > [2001/10/10 10:23:09.102825, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102893, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > [2001/10/10 10:23:09.102984, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > [2001/10/10 10:23:09.103584, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(185) > domain group access 513/7 granted > [2001/10/10 10:23:09.103903, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(192) > domain admin group access 512/7 granted > [2001/10/10 10:23:09.104105, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > free_pipe_context: destroying talloc pool of size 4830 > [2001/10/10 10:23:09.104325, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4513 of length 95 > [2001/10/10 10:23:09.104404, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBntcreateX (pid 29871) > [2001/10/10 10:23:09.104477, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) > nt_open_pipe: Known pipe wkssvc opening. > [2001/10/10 10:23:09.106134, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4514 of length 152 > [2001/10/10 10:23:09.106216, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.106290, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=72 params=0 setup=2 > [2001/10/10 10:23:09.106358, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.106419, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "wkssvc" (pnum 702f)api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs > [2001/10/10 10:23:09.107280, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4515 of length 140 > [2001/10/10 10:23:09.107360, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBtrans (pid 29871) > [2001/10/10 10:23:09.107432, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > trans <\PIPE\> data=60 params=0 setup=2 > [2001/10/10 10:23:09.107499, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > named pipe command on <> name > [2001/10/10 10:23:09.107558, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > Got API command 0x26 on pipe "wkssvc" (pnum 702f)free_pipe_context: destroying talloc pool of size 0 > [2001/10/10 10:23:09.107675, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > Doing \PIPE\wkssvc > [2001/10/10 10:23:09.107745, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > api_rpcTNP: rpc command: WKS_Q_QUERY_INFO > [2001/10/10 10:23:09.107852, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > free_pipe_context: destroying talloc pool of size 1092 > [2001/10/10 10:23:09.108544, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > Transaction 4516 of length 46 > [2001/10/10 10:23:09.108622, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > switch message SMBclose (pid 29871) > > > > -- > --------------------------------------------------- > _/ _____/ Alejandro L. Soler > _/ _/ _/ Administrador de Sistemas > _/ _/ ____/ Martina di Trento S.A. > _/_/_/_/ _/ Buenos Aires - Argentina > _/ _/ _____/ http://www.martinaditrento.com > --------------------------------------------------- > Linux Registered User: # 184478 > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- Ian Cooper ian@wpi.edu From jmcd at us.ibm.com Wed Oct 10 11:37:19 2001 From: jmcd at us.ibm.com (Jim McDonough) Date: Tue Dec 2 02:36:16 2003 Subject: Approbation d'un domaine de la part de samba Message-ID: Ok, anybody else? What's the status of trust relationships? Last I knew they didn't work...a brief glance at the code acknowledges they exist, but may nothing more... .......... Nathalie, Ah, je comprends maintenant. "Mixed Mode", c'est a dire que le serveur Windows 2000 peut gerer des salles (je ne connais pas cette utilisasion de ce mot...je devine que c'est un ordinateur...mon francais n'est pas si bon) qui sont soit Windows 2000 soit Windows NT. Un domaine "Native mode" peut contenir seulment les salles Windows 2000. "Mixed mode" est comme un domaine NT. "Native mode" est tres different. Je souhaitais que le seurver samba n'ait pas un domaine, parce que joindre l'autre domaine serait plus facile. Je ne crois pas que samba puissent faire une approbation d'un domaine, mais les reponses de mon question au dessus diront. ---------------------------- Jim McDonough IBM Linux Technology Center 6 Minuteman Drive Scarborough, ME 04074 USA jmcd@us.ibm.com Phone: (207) 885-5565 IBM tie-line: 776-9984 ramat on 10/10/2001 12:42:34 PM To: Jim McDonough/Portland/IBM@IBMUS cc: Subject: Re: Approbation d'un domaine de la part de samba Pour etre plus precise, j'ai mon serveur samba qui gere un "domaine NT " qui s'appelle DPTINFO et j'ai mon serveur Windows 2000 qui gere le domaine CRIPCL. J'ai cinq salles qui se connectent au serveur CRIPCL. J'ai deux salles qui se connectent au serveur DPTINFO. J'aimerais que les deux salles qui se connectent sous DPTINFO puissent aussi se connecter sous CRIPCL tout en utilisant les comptes "linux". Que veux tu dire par Mixed mode ? Je debute juste sous Samba et aussi linux je ne connais pas tous les termes non plus. Winbind : c'est un logiciel ? A plus From MMcEldowney at deltaregional.com Wed Oct 10 12:04:07 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:36:16 2003 Subject: User List ( aka Beating a Dead Horse ) Message-ID: Hey all, I know this has been posted a gazillion times, but I searched the archives and came up with exactly nuthin... I have 2.2.0 running on RH 7.0. From an NT member server I can use the "User Mangler for Domains", change to the samba controlled domain, and get a FULL user list. From _some_ win98 machines I can see the list, from _some_ I cannot. I get the familiar "You cannot view a list of users at this time. Try again later." message. ARGH! I have uninstalled file and print sharing on the win98 machine and reinstalled, to no avail. I've made sure my passwd and smbpasswd files are consistent ( that, in fact, did clear up the truncated list problem I previously had.) Anybody have a clue as to what is going on? I'd hate to turn on level 10 debugs, I have nearly 300 users and the log would be HUGE! Is this fixed in 2.2.2a? Do I need to just forget my college football weekend and upgrade??? Thanks a million, Mike McEldowney Information Systems Director Delta Regional Medical Center 1400 East Union Street Greenville, MS 38703 v. 662-334-2075 e. mmceldowney@deltaregional.com Come and visit us on the web! www.deltaregional.com Quote of the Month: "Not one shred of evidence supports the notion that life is serious." From Gilles.Vautour at statcan.ca Wed Oct 10 13:26:01 2001 From: Gilles.Vautour at statcan.ca (Gilles.Vautour@statcan.ca) Date: Tue Dec 2 02:36:16 2003 Subject: Approbation d'un domaine de la part de samba Message-ID: <3A66CAF3B5D3D4119AFD00508BC286AD019C11BB@msxa4.statcan.ca> Nathalie, Est-ce que l'environnement Windows 2000 utilise Active Directory? Si oui, celui-ci doit-?tre en "mixed mode", o? il existe un contr?leur de domaine NT4. Si Active Directory est on "Native Mode", il n'y pas de contr?leur de domaine NT4 et donc pas de validation du client. A ma connaissance, la version courante de SAMBA n'est pas compatible avec Active Directory en "Native Mode" Voir le commentaire ? ce sujet sur le site SAMBA (http://ca.samba.org/samba/development.html) Bonne Chance, Gilles A. Vautour Senior Systems Administrator / Administrateur Principal de Syst?mes Phone :(613) 951-1951 Main Bldg., Room 3120, Tunney's Pasture Fax : (613) 951-5198 ITSD/DSTI, Statistics Canada Internet : vautgil@statcan.ca Ottawa, Ontario, Canada, K1A 0T6 -----Original Message----- From: ramat [mailto:ramat@univ-littoral.fr] Sent: October 10, 2001 9:10 AM To: samba-ntdom@lists.samba.org Subject: Approbation d'un domaine de la part de samba Bonjour, Je travaille actuellement ? l'universit? du littoral. Cet ?t? , j'ai installe un serveur samba sous une debian 2.2. Ca fonctionne tres bien. Parallelement ? ce serveur, j'ai un autre serveur sous Windows 2000 . Je souhaiterais realiser une relation d'approbation entre samba et ce serveur. Est ce possible ? Comment fait-on ? Merci pour votre aide Nathalie From idra at samba.org Wed Oct 10 14:28:06 2001 From: idra at samba.org (Simo Sorce) Date: Tue Dec 2 02:36:16 2003 Subject: C$ Share - Please In-Reply-To: <200110101712.f9AHCOr00628@dymwsm12.mailwatch.com>; from jroman6@ford.com on Wed, Oct 10, 2001 at 01:06:03PM -0400 References: <200110101712.f9AHCOr00628@dymwsm12.mailwatch.com> Message-ID: <20011010142714.A26402@va.samba.org> try to use WKSNAME/Administrator and use local machine administrator password. On Wed, Oct 10, 2001 at 01:06:03PM -0400, Roman, James (J.D.) wrote: > I used to have a problem with this because I forgot to escape the $. the BASH shell expects a variable name to follow a "$" sign. The only way I can get it to work is like this: > > smbmount //workstationname/c\$ /mnt/remote -o username=NTDomain\username > > -----Original Message----- > From: Ian Cooper [mailto:ian@WPI.EDU] > Sent: Wednesday, October 10, 2001 10:46 AM > To: Alejandro Soler > Cc: Samba; samba-ntdom@lists.samba.org > Subject: Re: C$ Share - Please > > > This is just a guess (I'm mildly familiar with NT and W2000), but I think > that to access the default C$ share, you need to be a member of the > "Administrators" group unless you can change the permissions on that share > on each machine. > > On Wed, 10 Oct 2001, Alejandro Soler wrote: > > > Hello: > > This is my second mail to the list. I`m very desperate about this cuestion. I need to log in NT 4 (SP6) workstation remotly to C$ share. I`m a domain administrator and C$ share exists. My PDC is Samba 2.2.1a in RH 7.1 server with 2.4.9 Kernel. > > When I try to do this my samba client give my this error: > > > > tree connect failed: ERRDOS - ERRnoaccess (Acces denied.) > > > > If i go to the workstation and put my user in the Administrator list i dont have any problem. But i have more than 100 NT workstations ;-) > > > > This is the log in my PDC server, my administrador user is granted as domain admin user. > > > > Anybody could help me? Please > > > > Thanks > > > > [2001/10/10 10:23:09.096157, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > > Transaction 4508 of length 95 > > [2001/10/10 10:23:09.096260, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > > switch message SMBntcreateX (pid 29871) > > [2001/10/10 10:23:09.096343, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) > > nt_open_pipe: Known pipe srvsvc opening. > > [2001/10/10 10:23:09.097219, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > > Transaction 4509 of length 152 > > [2001/10/10 10:23:09.097303, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > > switch message SMBtrans (pid 29871) > > [2001/10/10 10:23:09.097381, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > > trans <\PIPE\> data=72 params=0 setup=2 > > [2001/10/10 10:23:09.097453, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > > named pipe command on <> name > > [2001/10/10 10:23:09.097519, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > > Got API command 0x26 on pipe "srvsvc" (pnum 702e)api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs > > [2001/10/10 10:23:09.098352, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > > Transaction 4510 of length 140 > > [2001/10/10 10:23:09.098433, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > > switch message SMBtrans (pid 29871) > > [2001/10/10 10:23:09.098507, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > > trans <\PIPE\> data=60 params=0 setup=2 > > [2001/10/10 10:23:09.098575, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > > named pipe command on <> name > > [2001/10/10 10:23:09.098636, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > > Got API command 0x26 on pipe "srvsvc" (pnum 702e)free_pipe_context: destroying talloc pool of size 0 > > [2001/10/10 10:23:09.098761, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > > Doing \PIPE\srvsvc > > [2001/10/10 10:23:09.098835, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > > api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO > > [2001/10/10 10:23:09.098955, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > > free_pipe_context: destroying talloc pool of size 1148 > > [2001/10/10 10:23:09.099699, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > > Transaction 4511 of length 46 > > [2001/10/10 10:23:09.099778, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > > switch message SMBclose (pid 29871) > > [2001/10/10 10:23:09.100533, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > > Transaction 4512 of length 430 > > [2001/10/10 10:23:09.100615, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > > switch message SMBtrans (pid 29871) > > [2001/10/10 10:23:09.100691, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > > trans <\PIPE\> data=350 params=0 setup=2 > > [2001/10/10 10:23:09.100759, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > > named pipe command on <> name > > [2001/10/10 10:23:09.100861, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > > Got API command 0x26 on pipe "NETLOGON" (pnum 703a)free_pipe_context: destroying talloc pool of size 0 > > [2001/10/10 10:23:09.101005, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > > Doing \PIPE\NETLOGON > > [2001/10/10 10:23:09.101075, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > > api_rpcTNP: rpc command: NET_SAMLOGON > > [2001/10/10 10:23:09.101878, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_netlog_nt.c:_net_sam_logon(544) > > SAM Logon (Network). Domain:[GENERAL]. User:[ADMINISTRADOR] > > [2001/10/10 10:23:09.101976, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) > > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 > > [2001/10/10 10:23:09.102107, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) > > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > > [2001/10/10 10:23:09.102742, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) > > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > > [2001/10/10 10:23:09.102825, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) > > push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 > > [2001/10/10 10:23:09.102893, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) > > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 > > [2001/10/10 10:23:09.102984, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) > > pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 > > [2001/10/10 10:23:09.103584, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(185) > > domain group access 513/7 granted > > [2001/10/10 10:23:09.103903, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(192) > > domain admin group access 512/7 granted > > [2001/10/10 10:23:09.104105, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > > free_pipe_context: destroying talloc pool of size 4830 > > [2001/10/10 10:23:09.104325, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > > Transaction 4513 of length 95 > > [2001/10/10 10:23:09.104404, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > > switch message SMBntcreateX (pid 29871) > > [2001/10/10 10:23:09.104477, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) > > nt_open_pipe: Known pipe wkssvc opening. > > [2001/10/10 10:23:09.106134, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > > Transaction 4514 of length 152 > > [2001/10/10 10:23:09.106216, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > > switch message SMBtrans (pid 29871) > > [2001/10/10 10:23:09.106290, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > > trans <\PIPE\> data=72 params=0 setup=2 > > [2001/10/10 10:23:09.106358, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > > named pipe command on <> name > > [2001/10/10 10:23:09.106419, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > > Got API command 0x26 on pipe "wkssvc" (pnum 702f)api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs > > [2001/10/10 10:23:09.107280, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > > Transaction 4515 of length 140 > > [2001/10/10 10:23:09.107360, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > > switch message SMBtrans (pid 29871) > > [2001/10/10 10:23:09.107432, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) > > trans <\PIPE\> data=60 params=0 setup=2 > > [2001/10/10 10:23:09.107499, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) > > named pipe command on <> name > > [2001/10/10 10:23:09.107558, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) > > Got API command 0x26 on pipe "wkssvc" (pnum 702f)free_pipe_context: destroying talloc pool of size 0 > > [2001/10/10 10:23:09.107675, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) > > Doing \PIPE\wkssvc > > [2001/10/10 10:23:09.107745, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) > > api_rpcTNP: rpc command: WKS_Q_QUERY_INFO > > [2001/10/10 10:23:09.107852, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) > > free_pipe_context: destroying talloc pool of size 1092 > > [2001/10/10 10:23:09.108544, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) > > Transaction 4516 of length 46 > > [2001/10/10 10:23:09.108622, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) > > switch message SMBclose (pid 29871) > > > > > > > > -- > > --------------------------------------------------- > > _/ _____/ Alejandro L. Soler > > _/ _/ _/ Administrador de Sistemas > > _/ _/ ____/ Martina di Trento S.A. > > _/_/_/_/ _/ Buenos Aires - Argentina > > _/ _/ _____/ http://www.martinaditrento.com > > --------------------------------------------------- > > Linux Registered User: # 184478 > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > Ian Cooper > ian@wpi.edu > > -- Simo Sorce idra@samba.org ------------------------------- Samba Team http://www.samba.org From cknorton.nei-inc.com at mail.nei-inc.com Wed Oct 10 15:52:04 2001 From: cknorton.nei-inc.com at mail.nei-inc.com (Chris) Date: Tue Dec 2 02:36:17 2003 Subject: C$ Share - Please References: <200110101712.f9AHCOr00628@dymwsm12.mailwatch.com> <20011010142714.A26402@va.samba.org> Message-ID: <3BC4D574.4050204@mail.nei-inc.com> Hi, I'm a novice to samba but I just played around with the setup and I used the line below to connect to a W2K workstation c$ and just a share folder both worked. smbmount //WorkstationName/C\$ /mount/location -o username=username/domain or smbmount //WorkstationName/sharename /mount/location -o username=username/domain I had to issue both commands as root to get this to work. Also, make sure that C: is shared properly (proper permissions for WorkstationName access). You should get a prompt for the machine password. I hope this helps, Chris Simo Sorce wrote: >try to use WKSNAME/Administrator and use local machine administrator password. > >On Wed, Oct 10, 2001 at 01:06:03PM -0400, Roman, James (J.D.) wrote: > >>I used to have a problem with this because I forgot to escape the $. the BASH shell expects a variable name to follow a "$" sign. The only way I can get it to work is like this: >> >>smbmount //workstationname/c\$ /mnt/remote -o username=NTDomain\username >> >>-----Original Message----- >>From: Ian Cooper [mailto:ian@WPI.EDU] >>Sent: Wednesday, October 10, 2001 10:46 AM >>To: Alejandro Soler >>Cc: Samba; samba-ntdom@lists.samba.org >>Subject: Re: C$ Share - Please >> >> >>This is just a guess (I'm mildly familiar with NT and W2000), but I think >>that to access the default C$ share, you need to be a member of the >>"Administrators" group unless you can change the permissions on that share >>on each machine. >> >>On Wed, 10 Oct 2001, Alejandro Soler wrote: >> >>>Hello: >>>This is my second mail to the list. I`m very desperate about this cuestion. I need to log in NT 4 (SP6) workstation remotly to C$ share. I`m a domain administrator and C$ share exists. My PDC is Samba 2.2.1a in RH 7.1 server with 2.4.9 Kernel. >>>When I try to do this my samba client give my this error: >>> >>>tree connect failed: ERRDOS - ERRnoaccess (Acces denied.) >>> >>>If i go to the workstation and put my user in the Administrator list i dont have any problem. But i have more than 100 NT workstations ;-) >>> >>>This is the log in my PDC server, my administrador user is granted as domain admin user. >>> >>>Anybody could help me? Please >>> >>>Thanks >>> >>>[2001/10/10 10:23:09.096157, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) >>> Transaction 4508 of length 95 >>>[2001/10/10 10:23:09.096260, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) >>> switch message SMBntcreateX (pid 29871) >>>[2001/10/10 10:23:09.096343, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) >>> nt_open_pipe: Known pipe srvsvc opening. >>>[2001/10/10 10:23:09.097219, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) >>> Transaction 4509 of length 152 >>>[2001/10/10 10:23:09.097303, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) >>> switch message SMBtrans (pid 29871) >>>[2001/10/10 10:23:09.097381, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) >>> trans <\PIPE\> data=72 params=0 setup=2 >>>[2001/10/10 10:23:09.097453, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) >>> named pipe command on <> name >>>[2001/10/10 10:23:09.097519, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) >>> Got API command 0x26 on pipe "srvsvc" (pnum 702e)api_pipe_bind_req: \PIPE\srvsvc -> \PIPE\ntsvcs >>>[2001/10/10 10:23:09.098352, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) >>> Transaction 4510 of length 140 >>>[2001/10/10 10:23:09.098433, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) >>> switch message SMBtrans (pid 29871) >>>[2001/10/10 10:23:09.098507, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) >>> trans <\PIPE\> data=60 params=0 setup=2 >>>[2001/10/10 10:23:09.098575, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) >>> named pipe command on <> name >>>[2001/10/10 10:23:09.098636, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) >>> Got API command 0x26 on pipe "srvsvc" (pnum 702e)free_pipe_context: destroying talloc pool of size 0 >>>[2001/10/10 10:23:09.098761, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) >>> Doing \PIPE\srvsvc >>>[2001/10/10 10:23:09.098835, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) >>> api_rpcTNP: rpc command: SRV_NET_SRV_GET_INFO >>>[2001/10/10 10:23:09.098955, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) >>> free_pipe_context: destroying talloc pool of size 1148 >>>[2001/10/10 10:23:09.099699, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) >>> Transaction 4511 of length 46 >>>[2001/10/10 10:23:09.099778, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) >>> switch message SMBclose (pid 29871) >>>[2001/10/10 10:23:09.100533, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) >>> Transaction 4512 of length 430 >>>[2001/10/10 10:23:09.100615, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) >>> switch message SMBtrans (pid 29871) >>>[2001/10/10 10:23:09.100691, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) >>> trans <\PIPE\> data=350 params=0 setup=2 >>>[2001/10/10 10:23:09.100759, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) >>> named pipe command on <> name >>>[2001/10/10 10:23:09.100861, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) >>> Got API command 0x26 on pipe "NETLOGON" (pnum 703a)free_pipe_context: destroying talloc pool of size 0 >>>[2001/10/10 10:23:09.101005, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) >>> Doing \PIPE\NETLOGON >>>[2001/10/10 10:23:09.101075, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) >>> api_rpcTNP: rpc command: NET_SAMLOGON >>>[2001/10/10 10:23:09.101878, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_netlog_nt.c:_net_sam_logon(544) >>> SAM Logon (Network). Domain:[GENERAL]. User:[ADMINISTRADOR] >>>[2001/10/10 10:23:09.101976, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) >>> push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 >>>[2001/10/10 10:23:09.102107, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) >>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >>>[2001/10/10 10:23:09.102742, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) >>> pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 >>>[2001/10/10 10:23:09.102825, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:push_sec_ctx(284) >>> push_sec_ctx(99, 99) : sec_ctx_stack_ndx = 1 >>>[2001/10/10 10:23:09.102893, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:set_sec_ctx(316) >>> setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >>>[2001/10/10 10:23:09.102984, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/sec_ctx.c:pop_sec_ctx(423) >>> pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 >>>[2001/10/10 10:23:09.103584, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(185) >>> domain group access 513/7 granted >>>[2001/10/10 10:23:09.103903, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_util.c:get_domain_user_groups(192) >>> domain admin group access 512/7 granted >>>[2001/10/10 10:23:09.104105, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) >>> free_pipe_context: destroying talloc pool of size 4830 >>>[2001/10/10 10:23:09.104325, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) >>> Transaction 4513 of length 95 >>>[2001/10/10 10:23:09.104404, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) >>> switch message SMBntcreateX (pid 29871) >>>[2001/10/10 10:23:09.104477, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/nttrans.c:nt_open_pipe(621) >>> nt_open_pipe: Known pipe wkssvc opening. >>>[2001/10/10 10:23:09.106134, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) >>> Transaction 4514 of length 152 >>>[2001/10/10 10:23:09.106216, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) >>> switch message SMBtrans (pid 29871) >>>[2001/10/10 10:23:09.106290, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) >>> trans <\PIPE\> data=72 params=0 setup=2 >>>[2001/10/10 10:23:09.106358, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) >>> named pipe command on <> name >>>[2001/10/10 10:23:09.106419, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) >>> Got API command 0x26 on pipe "wkssvc" (pnum 702f)api_pipe_bind_req: \PIPE\wkssvc -> \PIPE\ntsvcs >>>[2001/10/10 10:23:09.107280, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) >>> Transaction 4515 of length 140 >>>[2001/10/10 10:23:09.107360, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) >>> switch message SMBtrans (pid 29871) >>>[2001/10/10 10:23:09.107432, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:reply_trans(484) >>> trans <\PIPE\> data=60 params=0 setup=2 >>>[2001/10/10 10:23:09.107499, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:named_pipe(336) >>> named pipe command on <> name >>>[2001/10/10 10:23:09.107558, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/ipc.c:api_fd_reply(298) >>> Got API command 0x26 on pipe "wkssvc" (pnum 702f)free_pipe_context: destroying talloc pool of size 0 >>>[2001/10/10 10:23:09.107675, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_pipe_request(1163) >>> Doing \PIPE\wkssvc >>>[2001/10/10 10:23:09.107745, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1195) >>> api_rpcTNP: rpc command: WKS_Q_QUERY_INFO >>>[2001/10/10 10:23:09.107852, 3, pid=29871, effective(99, 99), real(0, 0)] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) >>> free_pipe_context: destroying talloc pool of size 1092 >>>[2001/10/10 10:23:09.108544, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:process_smb(837) >>> Transaction 4516 of length 46 >>>[2001/10/10 10:23:09.108622, 3, pid=29871, effective(99, 99), real(0, 0)] smbd/process.c:switch_message(650) >>> switch message SMBclose (pid 29871) >>> >>> >>> >>>-- >>>--------------------------------------------------- >>> _/ _____/ Alejandro L. Soler >>> _/ _/ _/ Administrador de Sistemas >>> _/ _/ ____/ Martina di Trento S.A. >>> _/_/_/_/ _/ Buenos Aires - Argentina >>>_/ _/ _____/ http://www.martinaditrento.com >>>--------------------------------------------------- >>>Linux Registered User: # 184478 >>> >>> >>> >>>-- >>>To unsubscribe from this list go to the following URL and read the >>>instructions: http://lists.samba.org/mailman/listinfo/samba >>> >>-- >>Ian Cooper >>ian@wpi.edu >> >> > -------------- next part -------------- HTML attachment scrubbed and removed From xiaowen at comstocksys.com Wed Oct 10 18:36:02 2001 From: xiaowen at comstocksys.com (Xiaowen Wu) Date: Tue Dec 2 02:36:17 2003 Subject: [Q]running two PDC on one subnet ? Message-ID: <3BC4F808.AB12A84A@comstocksys.com> Hello all, I'm new to samba, and I plan to replace our current NT server with Samba. We have a NT server serving as PDC for one domain, and I created another domain and using the Samba as PDC for the new domain. The samba domain is shown up in the MS network, and we can access the file in that domain. But the Window NT machine to join the Samba Domain. It always returns the error message "The domain contoller for this domain can not be located". Did I miss something, or I cannot run 2 PDC on the network ? Thank you very much Xiaowen Wu From Sylvain.Berge at medasys.fr Thu Oct 11 01:02:09 2001 From: Sylvain.Berge at medasys.fr (Sylvain =?ISO-8859-1?Q?Berg=E9?=) Date: Tue Dec 2 02:36:17 2003 Subject: Approbation d'un domaine de la part de samba References: Message-ID: <3BC54F40.6050809@medasys.fr> Officiellement, les relations d'approbation ne sont pas encore possible avec Samba ! (PDC <-> BDC ou PDC<->PDC) Sylvain.B. Jim McDonough wrote: >Ok, anybody else? What's the status of trust relationships? Last I knew >they didn't work...a brief glance at the code acknowledges they exist, but >may nothing more... > >.......... > >Nathalie, >Ah, je comprends maintenant. > >"Mixed Mode", c'est a dire que le serveur Windows 2000 peut gerer des >salles (je ne connais pas cette utilisasion de ce mot...je devine que c'est >un ordinateur...mon francais n'est pas si bon) qui sont soit Windows 2000 >soit Windows NT. Un domaine "Native mode" peut contenir seulment les >salles Windows 2000. "Mixed mode" est comme un domaine NT. "Native mode" >est tres different. > >Je souhaitais que le seurver samba n'ait pas un domaine, parce que joindre >l'autre domaine serait plus facile. Je ne crois pas que samba puissent >faire une approbation d'un domaine, mais les reponses de mon question au >dessus diront. > > > >---------------------------- >Jim McDonough >IBM Linux Technology Center >6 Minuteman Drive >Scarborough, ME 04074 >USA > >jmcd@us.ibm.com > >Phone: (207) 885-5565 >IBM tie-line: 776-9984 > > >ramat on 10/10/2001 12:42:34 PM > >To: Jim McDonough/Portland/IBM@IBMUS >cc: >Subject: Re: Approbation d'un domaine de la part de samba > > > >Pour etre plus precise, j'ai mon serveur samba qui gere un "domaine NT " >qui s'appelle DPTINFO et j'ai mon serveur Windows 2000 qui gere le >domaine CRIPCL. >J'ai cinq salles qui se connectent au serveur CRIPCL. >J'ai deux salles qui se connectent au serveur DPTINFO. >J'aimerais que les deux salles qui se connectent sous DPTINFO puissent >aussi se connecter sous CRIPCL tout en utilisant les comptes "linux". > >Que veux tu dire par Mixed mode ? Je debute juste sous Samba et aussi >linux je ne connais pas tous les termes non plus. >Winbind : c'est un logiciel ? > >A plus > > > > > > > > From ramat at univ-littoral.fr Thu Oct 11 02:11:19 2001 From: ramat at univ-littoral.fr (ramat) Date: Tue Dec 2 02:36:17 2003 Subject: samba relation approbation Message-ID: <3BC561C8.81D65658@univ-littoral.fr> Merci ? tous pour votre aide. Si j'apprends des nouveautes je vous le dis. A Plus Nathalie From bernard.askew at rtc.ch Thu Oct 11 02:16:06 2001 From: bernard.askew at rtc.ch (Askew Bernard) Date: Tue Dec 2 02:36:17 2003 Subject: Error 51: intermittent problem mounting Samba share Message-ID: Hi folks I have a strange problem. On some NT Workstations connecting at some times following error appears (German OS). ---------------------------------------------------------------------- Systemfehler 51 aufgetreten. Der Remote-Computer ist nicht verf?gbar. ---------------------------------------------------------------------- which means that it cannot access to the share. All the NT Workstations are configured identically (as where the problem doesn't occur) The mounting is done via following command: net use k: \\pdmprd.rtc.ch\pdmsdate /USER:RTC_PROD\%username% If you try it a second time, it works fine Any idea? Network load? Setting? Thks Regards Bernard Askew From harmit at opentechindia.com Thu Oct 11 03:07:03 2001 From: harmit at opentechindia.com (Harmit) Date: Tue Dec 2 02:36:17 2003 Subject: Samba installation help newbie(Secnd request) Message-ID: <3BC56EDD.EE7D9A13@opentechindia.com> Hi I am newbie to linux and samba .I will appreciate any help from your side to install,configure..successfully run samba on redhat linux be possible.(steps by steps is preferrred).How to start with the installation. The /etc/smb.conf is too big to be lost in and I ended up with messsed up configuration. Please help me install in Windows . TIA From dennis at evers.2y.net Thu Oct 11 03:34:37 2001 From: dennis at evers.2y.net (dennis@evers.2y.net) Date: Tue Dec 2 02:36:17 2003 Subject: Samba installation help newbie(Secnd request) In-Reply-To: <3BC56EDD.EE7D9A13@opentechindia.com> References: <3BC56EDD.EE7D9A13@opentechindia.com> Message-ID: <1002796518.3bc575e6ee350@evers.2y.net> Perhaps it's a good idea to start reading the Samba documentation, which contains a step by step guide to install and configure samba. grtz, Dennis > Hi > I am newbie to linux and samba .I will appreciate any help from your > side to install,configure..successfully run samba on redhat linux be > possible.(steps by steps is preferrred).How to start with the > installation. > The /etc/smb.conf is too big to be lost in and I ended up with > messsed > up configuration. > Please help me install in Windows . > TIA > > > > > From bgmilne at cae.co.za Thu Oct 11 03:41:11 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:36:17 2003 Subject: samba and winbind Message-ID: <3BC576E4.70105@cae.co.za> Sorry for the lateness of the replay and the messed up mail below, but I'm subscribed in digest ..... If you have a single Unix PDC, you DO NOT WANT TO IMPLEMENT WINBIND!. The only time you want to implement winbind is when you have Windows DCs involved in the equation, and then you must accept that you will not be able to use NFS between the linux boxes (since each machine could have a different RID->uid/gid mapping). If you have a sinlge unix pdc (no inter-domain trusts), then it is better to use LDAP for account information (user, group etc), and use pam_smb to authenticate using the windows password. LDAP will store uids, and by making changes to /etc/nsswitch.conf (after installing nss_ldap) and some of the files in /etc/pam.d, you can create an environment where you have: 1)Windows domain as usual 2)LDAP directory which you can also use as a global address book 3)Consistent uid's and group membership details across all unix machines 4)Advanced mail routing based on LDAP entries 5)NFS share which linux users can mount on boot (no need to try and emulate NT login scripts to mount drives) 6)Use LDAP and the replication protocol to replicate this data to other LDAP servers (no need for domain trusts if all you DC's are samba). Plus, it also means you can add more linux file servers with no worry about trying to ensure that your PDC is giving back correct domain group lists. There are migration scripts distributed with ldap in most linux distros which will allow you to migrate all the data stored in the system files (for example passwd, aliases, group, shadow, hosts, protocols, services). It should take you about an hour to get all the data (for a smallish network, say 100 users) imported once your LDAP server is running. If you need help in setting up LDAP, give me a shout, or check out some of these pages. http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP.html http://www2.linuxjournal.com/articles/linux_review/0030.html http://www.padl.com/tools.html http://www.bayour.com/LDAPv3-HOWTO.html#4.2.6.SLAPADD%20problems/messages|outline Note that Netscape and Mozilla can autocomplete email addresses from an LDAP server, which is REALLY cool. Regards, Buchan Message: 4 Date: Tue, 9 Oct 2001 10:45:17 +1000 Subject: samba and winbind From: peter.milburn@sofcom.com.au To: samba-ntdom@lists.samba.org Ok I need some help here please, I have not been able to find winbind just to add to my current samba that I have installed Here is what I have: I have a samba PDC running which some 70+ win2K machines connect and use no problems at all, which is fantastic. I have all our linux servers connected to the PDC as well, which is even better. What I want to do now, is utilize pam so that local accounts do not need to be on the linux machine. It was suggested that I use winbind, the only version I can find, is a rpm which installed samba pre 3.0 After completing this I can not gett the samba + winbind rpm to connect to my linux PDC. Am I doing this all wrong or am I on the right track. I am wanting someone to do it for me, just point me in the direction of docos and files. Thanks heaps for your time. Pete -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From grobe at gmx.net Thu Oct 11 03:49:06 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:36:17 2003 Subject: samba and winbind References: <3BC576E4.70105@cae.co.za> Message-ID: <3BC5798D.DB6C43D7@gmx.net> Hi! This sounds promising. Is it possible to use encrypted passwords with ldap? Thank You, CU, Lars. From bgmilne at cae.co.za Thu Oct 11 03:54:06 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:36:17 2003 Subject: samba and winbind References: <3BC576E4.70105@cae.co.za> <3BC5798D.DB6C43D7@gmx.net> Message-ID: <3BC57A23.2040708@cae.co.za> Lars O. Grobe wrote: >Hi! > >This sounds promising. Is it possible to use encrypted passwords with >ldap? > >Thank You, CU, Lars. > Yes, LDAP can use _unix_ encrypted passwords, but not yet samba encrypted passwords. This is under development, but apparently not very stable. If you set pam_smb up to do the password side, though, then you can use samba encrypted passwords. pam_smb will only authenticate for one domain currently (set in a config file /etc/pam_smb.conf), so you would have to sync smb passwords for multiple domains (using perl scripts available in samba-2.2.1a as a cron to import/export samba passwords from LDAP). I have not tested this yet, but it is on my list (for our remote facility). Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From succhi at hotmail.com Thu Oct 11 03:57:02 2001 From: succhi at hotmail.com (Stuart Fraser) Date: Tue Dec 2 02:36:17 2003 Subject: Domain unavailable / server not setup for transactions Message-ID: Removing the line has not helped, but thanks for the suggestion. During my hols I might try and re-install everything again just incase I missed anything but I don't think so. I can join the domain fine so passwords are OK, I can mount my drives fine, I just can't logon to the domain, or browse the servers mounts, all the things I said before. Stu >From: "Dennis Evers" >To: "Stuart Fraser" >Subject: Re: Domain unavailable / server not setup for transactions >Date: Wed, 10 Oct 2001 17:42:33 +0200 > >You need to remove the line >wins proxy = yes >from you smb.conf > >that might fix the problem > >grtz, >Dennis >----- Original Message ----- >From: "Stuart Fraser" >To: >Cc: >Sent: Wednesday, October 10, 2001 15:36 >Subject: Re: Domain unavailable / server not setup for transactions > > > > Do you have any other ideas, I had already set > > >HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\Netlogon\Parameters\requiresig >norseal > > value to 0 without any success. > > > > Stu > > > > > > >From: dennis@evers.2y.net > > >To: Stuart Fraser > > >CC: samba-ntdom@lists.samba.org > > >Subject: Re: Domain unavailable / server not setup for transactions > > >Date: Wed, 10 Oct 2001 08:41:39 +0200 (CEST) > > > > > >In order for Winxp to logon to the samba domain you would have to >change > > >the > > >following registry key. > > > > > > >HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Services\Netlogon\Parameters\requir > > >esignorseal > > > > > >value to 0 > > > > > >In my case it solved the problem. > > > > > >grtz, > > >Dennis > > > > > >Quoting Stuart Fraser : > > > > > > > I have tried numerous times to get PDC working but with the same >problem > > > > > > > > occuring over and over. I use the smb.conf below with Samba2.2.1a >and > > > > > > > > Mandrake8.0. My client is Win XP with passwd encryption on and the > > > > suggested "domain member: signature.... (always)" option disabled. > > > > > > > > I can join my client machine to the domain fine but when I try to >logon > > > > I am > > > > told my domain is unavailable. So I logon to the local machine and >try > > > > and > > > > browse "Computers near me" and I get the message "UQI [Domain] is >not > > > > accessible. You might not have permission to use this network >resource. > > > > > > > > Contact the ..... The server is not configured for transactions" > > > > > > > > I can't even see my parents machine which is on the same lan. I >didn't > > > > have > > > > any of the browse issues with Samba 2.0 no PDC setup. I could see >all > > > > > > > > server shares and other machines attached to the lan. > > > > > > > > I have scoured all the docs and almost all the mails and haven't >found >a > > > > > > > > solution yet, anyone who has this problem and had a fix HELP ME > > > > please. > > > > > > > > Stu > > > > > > > > [global] > > > > netbios name = DS7 > > > > workgroup = UQI > > > > os level = 64 > > > > preferred master = yes > > > > domain master = yes > > > > local master = yes > > > > remote announce = 192.168.3.255 > > > > security = user > > > > password level = 7 > > > > encrypt passwords = yes > > > > domain logons = yes > > > > logon drive = X: > > > > logon script = logon.cmd > > > > > > > > hosts allow = 192.168.3. 127. > > > > interfaces = 192.168.3.0/24 > > > > name resolve order = wins lmhosts bcast > > > > wins support = yes > > > > wins proxy = yes > > > > dns proxy = no > > > > log file = /usr/local/samba/var/log.%m > > > > domain guest group = person1, person2, person3 > > > > domain admin group = root, person1 > > > > > > > > [netlogon] > > > > path = /usr/local/samba/lib/netlogon > > > > writeable = no > > > > write list = root, person1 > > > > > > > > [homes] > > > > comment = Home Directories > > > > browsable = yes > > > > writable = yes > > > > force create mode = 0705 > > > > force directory mode = 0705 > > > > > > > > > > > > _________________________________________________________________ > > > > Get your FREE download of MSN Explorer at > > > > http://explorer.msn.com/intl.asp > > > > > > > > > > > > > > > > > > > > > _________________________________________________________________ > > Get your FREE download of MSN Explorer at >http://explorer.msn.com/intl.asp > > > > > > > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp From jolt at nicholasofmyra.org Thu Oct 11 05:56:04 2001 From: jolt at nicholasofmyra.org (Joseph) Date: Tue Dec 2 02:36:17 2003 Subject: [Q]running two PDC on one subnet ? References: <3BC4F808.AB12A84A@comstocksys.com> Message-ID: <3BC59723.6050905@nicholasofmyra.org> Try making the Samba computer the master browser for the network. Are you running a wins server on the NT machines? If so, is Samba registering with it? Xiaowen Wu wrote: > Hello all, > > I'm new to samba, and I plan to replace our current NT server with > Samba. We have a NT server serving as PDC for one domain, and I created > another domain and using the Samba as PDC for the new domain. The samba > domain is shown up in the MS network, and we can access the file in that > domain. But the Window NT machine to join the Samba Domain. It always > returns the error message "The domain contoller for this domain can not > be located". Did I miss something, or I cannot run 2 PDC on the network > ? > > Thank you very much > > Xiaowen Wu > > > > From gerrym at futuremetals.com Thu Oct 11 06:23:06 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:17 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS Message-ID: <3BC59D13.16767EC5@futuremetals.com> I am in the process of upgrading my existing samba 2.05a PDC on an old box running RH6.2 to a new faster box running Samba 2.2.1a on a RH7.1 box. I have all the same files and directories as the old samba box including the same smb.conf file (the only thing changed in the smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security patches. Whenever I try to connect to the new Samba box from my NT box I get: \\Penguin is not accessible. The remote procedure call failed and did not execute. I checked the samba logs and found no errors or complaints. No errors or complaints in /var/log/messages as well.... Here is the global section of my new systems (samba 2.2.1a) smb.conf: netbios name = Nero server string = FL1 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd syslog only = Yes log file = /var/log/samba/log.%m time server = Yes wins support = no name resolve order = wins lmhosts hosts bcast max open files = 100000 local master = yes os level = 99 domain master = yes preferred master = yes security = domain password server = 192.168.0.1 domain master = no preferred master = no logon script = gerry.bat logon path = \\%N\profiles\%U security = user workgroup = WORKGROUP domain admin group = @IT domain logons = Yes dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes socket options = IPTOS_LOWDELAY TCP_NODELAY deadtime = 15 getwd cache = Yes oplocks = True level2 oplocks = True read raw = No write cache size = 262144 interfaces = eth1 Here is the smb.conf in my older PDC (samba 2.05a) netbios name = PENGUIN server string = FL02 encrypt passwords = Yes smb passwd file = /usr/local/samba/bin/smbpasswd syslog only = Yes log file = /usr/local/samba/lib/samba.log.%m time server = Yes wins support = yes name resolve order = wins lmhosts hosts bcast max open files = 100000 logon script = gerry.bat logon path = \\%N\profiles\%U security = user workgroup = WORKGROUP domain admin group = @IT domain logons = Yes os level = 65 preferred master = yes domain master = yes local master = yes strict locking = Yes dos filetimes = Yes dos filetime resolution = Yes fake directory create times = Yes I'm running out of ideas here! Please help! Thanks in advance! -------------- next part -------------- A non-text attachment was scrubbed... Name: gerrym.vcf Type: text/x-vcard Size: 360 bytes Desc: Card for Gerry Maddock Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011011/d657d444/gerrym.vcf From gerrym at futuremetals.com Thu Oct 11 07:07:04 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:17 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: Message-ID: -----Original Message----- From: Mark Cave-Ayland [mailto:mca198@ecs.soton.ac.uk] Sent: Thursday, October 11, 2001 9:47 AM To: Gerry Maddock Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS On Thu, 11 Oct 2001, Gerry Maddock wrote: > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get: > \\Penguin is not accessible. > The remote procedure call failed and did not execute. > > I checked the samba logs and found no errors or complaints. > No errors or complaints in /var/log/messages as well.... Hi Gerry, Try looking at the firewall rules on your new Redhat 7.1 box. I have recently reinstalled Samba on a Mandrake 8 box and the firewall rules were so strict they did not even allow SMB ports (137-139) and broadcasts on any interface, both of which are required for Samba to work. Cheers, Mark. From gerrym at futuremetals.com Thu Oct 11 07:09:20 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:17 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: Message-ID: I was thinking that, but when I installed Rh7.1 I specifically set no firewall. I was planning on configuring its firewall after I got the essential services started. -----Original Message----- From: Mark Cave-Ayland [mailto:mca198@ecs.soton.ac.uk] Sent: Thursday, October 11, 2001 9:47 AM To: Gerry Maddock Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS On Thu, 11 Oct 2001, Gerry Maddock wrote: > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get: > \\Penguin is not accessible. > The remote procedure call failed and did not execute. > > I checked the samba logs and found no errors or complaints. > No errors or complaints in /var/log/messages as well.... Hi Gerry, Try looking at the firewall rules on your new Redhat 7.1 box. I have recently reinstalled Samba on a Mandrake 8 box and the firewall rules were so strict they did not even allow SMB ports (137-139) and broadcasts on any interface, both of which are required for Samba to work. Cheers, Mark. From jolt at nicholasofmyra.org Thu Oct 11 07:09:55 2001 From: jolt at nicholasofmyra.org (Joseph) Date: Tue Dec 2 02:36:17 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS References: <3BC59D13.16767EC5@futuremetals.com> Message-ID: <3BC5A834.2030202@nicholasofmyra.org> Try adding "wins server = " to your new PDC. Also, try setting domain master and prefered master on old PDC to auto. Gerry Maddock wrote: > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get: > \\Penguin is not accessible. > The remote procedure call failed and did not execute. > > I checked the samba logs and found no errors or complaints. > No errors or complaints in /var/log/messages as well.... > > Here is the global section of my new systems (samba 2.2.1a) smb.conf: > netbios name = Nero > server string = FL1 > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > syslog only = Yes > log file = /var/log/samba/log.%m > time server = Yes > wins support = no > name resolve order = wins lmhosts hosts bcast > max open files = 100000 > local master = yes > os level = 99 > domain master = yes > preferred master = yes > security = domain > password server = 192.168.0.1 > domain master = no > preferred master = no > logon script = gerry.bat > logon path = \\%N\profiles\%U > security = user > workgroup = WORKGROUP > domain admin group = @IT > domain logons = Yes > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > socket options = IPTOS_LOWDELAY TCP_NODELAY > deadtime = 15 > getwd cache = Yes > oplocks = True > level2 oplocks = True > read raw = No > write cache size = 262144 > interfaces = eth1 > > Here is the smb.conf in my older PDC (samba 2.05a) > > netbios name = PENGUIN > server string = FL02 > encrypt passwords = Yes > smb passwd file = /usr/local/samba/bin/smbpasswd > syslog only = Yes > log file = /usr/local/samba/lib/samba.log.%m > time server = Yes > wins support = yes > name resolve order = wins lmhosts hosts bcast > max open files = 100000 > logon script = gerry.bat > logon path = \\%N\profiles\%U > security = user > workgroup = WORKGROUP > domain admin group = @IT > domain logons = Yes > os level = 65 > preferred master = yes > domain master = yes > local master = yes > strict locking = Yes > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > > I'm running out of ideas here! Please help! Thanks in advance! > > From gerrym at futuremetals.com Thu Oct 11 07:22:05 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:17 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: <3BC5A834.2030202@nicholasofmyra.org> Message-ID: I just tried that, restarted samba on both boxes and still nothing. -----Original Message----- From: Joseph [mailto:jolt@nicholasofmyra.org] Sent: Thursday, October 11, 2001 10:10 AM To: Gerry Maddock Cc: NTSAMBA Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS Try adding "wins server = " to your new PDC. Also, try setting domain master and prefered master on old PDC to auto. Gerry Maddock wrote: > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get: > \\Penguin is not accessible. > The remote procedure call failed and did not execute. > > I checked the samba logs and found no errors or complaints. > No errors or complaints in /var/log/messages as well.... > > Here is the global section of my new systems (samba 2.2.1a) smb.conf: > netbios name = Nero > server string = FL1 > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > syslog only = Yes > log file = /var/log/samba/log.%m > time server = Yes > wins support = no > name resolve order = wins lmhosts hosts bcast > max open files = 100000 > local master = yes > os level = 99 > domain master = yes > preferred master = yes > security = domain > password server = 192.168.0.1 > domain master = no > preferred master = no > logon script = gerry.bat > logon path = \\%N\profiles\%U > security = user > workgroup = WORKGROUP > domain admin group = @IT > domain logons = Yes > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > socket options = IPTOS_LOWDELAY TCP_NODELAY > deadtime = 15 > getwd cache = Yes > oplocks = True > level2 oplocks = True > read raw = No > write cache size = 262144 > interfaces = eth1 > > Here is the smb.conf in my older PDC (samba 2.05a) > > netbios name = PENGUIN > server string = FL02 > encrypt passwords = Yes > smb passwd file = /usr/local/samba/bin/smbpasswd > syslog only = Yes > log file = /usr/local/samba/lib/samba.log.%m > time server = Yes > wins support = yes > name resolve order = wins lmhosts hosts bcast > max open files = 100000 > logon script = gerry.bat > logon path = \\%N\profiles\%U > security = user > workgroup = WORKGROUP > domain admin group = @IT > domain logons = Yes > os level = 65 > preferred master = yes > domain master = yes > local master = yes > strict locking = Yes > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > > I'm running out of ideas here! Please help! Thanks in advance! > > From gerrym at futuremetals.com Thu Oct 11 07:23:09 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:18 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: Message-ID: This is everything currently running on my new sys: samba 2.2.1a: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 1368 544 ? S 01:30 0:04 init [3] root 2 0.0 0.0 0 0 ? SW 01:30 0:00 [keventd] root 3 0.0 0.0 0 0 ? SW 01:30 0:01 [kswapd] root 4 0.0 0.0 0 0 ? SW 01:30 0:00 [kreclaimd] root 5 0.0 0.0 0 0 ? SW 01:30 0:00 [bdflush] root 6 0.0 0.0 0 0 ? SW 01:30 0:00 [kupdated] root 7 0.0 0.0 0 0 ? SW< 01:30 0:00 [mdrecoveryd] root 14 0.0 0.0 0 0 ? SW 01:30 0:00 [AIFd] root 385 0.0 0.1 1428 600 ? S 01:36 0:00 syslogd -m 0 root 390 0.0 0.2 2016 1176 ? S 01:36 0:00 klogd -2 root 473 0.0 0.2 2348 1048 ? S 01:36 0:00 /usr/sbin/sshd daemon 490 0.0 0.1 2152 944 ? S 01:36 0:00 lpd Waiting root 518 0.0 0.0 1396 508 ? S 01:36 0:00 gpm -t ps/2 -m /dev/mouse root 530 0.0 0.1 1552 700 ? S 01:36 0:00 crond root 568 0.0 0.0 1336 416 tty1 S 01:36 0:00 /sbin/mingetty tty1 root 569 0.0 0.0 1336 416 tty2 S 01:36 0:00 /sbin/mingetty tty2 root 570 0.0 0.0 1336 416 tty3 S 01:36 0:00 /sbin/mingetty tty3 root 571 0.0 0.0 1336 416 tty4 S 01:36 0:00 /sbin/mingetty tty4 root 572 0.0 0.0 1336 416 tty5 S 01:36 0:00 /sbin/mingetty tty5 root 573 0.0 0.0 1336 416 tty6 S 01:36 0:00 /sbin/mingetty tty6 root 848 0.0 0.3 3128 1736 ? S 08:32 0:00 /usr/sbin/sshd gerrym 849 0.0 0.2 2332 1300 pts/0 S 08:32 0:00 -bash root 878 0.0 0.1 2188 1024 pts/0 S 08:32 0:00 su - root 879 0.0 0.2 2336 1308 pts/0 S 08:32 0:00 -bash root 1071 0.0 0.2 4180 1392 ? S 10:19 0:00 smbd -D root 1076 0.0 0.2 3116 1264 ? S 10:19 0:00 nmbd -D root 1079 0.0 0.4 4676 2060 ? S 10:19 0:00 smbd -D root 1087 0.0 0.1 2740 836 pts/0 R 10:21 0:00 ps -waux root 1088 0.0 0.1 1572 572 pts/0 S 10:21 0:00 more -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Gerry Maddock Sent: Thursday, October 11, 2001 10:07 AM To: samba-ntdom@lists.samba.org Subject: RE: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS -----Original Message----- From: Mark Cave-Ayland [mailto:mca198@ecs.soton.ac.uk] Sent: Thursday, October 11, 2001 9:47 AM To: Gerry Maddock Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS On Thu, 11 Oct 2001, Gerry Maddock wrote: > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get: > \\Penguin is not accessible. > The remote procedure call failed and did not execute. > > I checked the samba logs and found no errors or complaints. > No errors or complaints in /var/log/messages as well.... Hi Gerry, Try looking at the firewall rules on your new Redhat 7.1 box. I have recently reinstalled Samba on a Mandrake 8 box and the firewall rules were so strict they did not even allow SMB ports (137-139) and broadcasts on any interface, both of which are required for Samba to work. Cheers, Mark. From gerrym at futuremetals.com Thu Oct 11 07:32:11 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:18 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: Message-ID: By the way... (off the subject) anyone know what AIFd is???? -----Original Message----- From: Gerry Maddock [mailto:gerrym@futuremetals.com] Sent: Thursday, October 11, 2001 10:22 AM To: samba-ntdom@lists.samba.org Subject: RE: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS This is everything currently running on my new sys: samba 2.2.1a: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.1 1368 544 ? S 01:30 0:04 init [3] root 2 0.0 0.0 0 0 ? SW 01:30 0:00 [keventd] root 3 0.0 0.0 0 0 ? SW 01:30 0:01 [kswapd] root 4 0.0 0.0 0 0 ? SW 01:30 0:00 [kreclaimd] root 5 0.0 0.0 0 0 ? SW 01:30 0:00 [bdflush] root 6 0.0 0.0 0 0 ? SW 01:30 0:00 [kupdated] root 7 0.0 0.0 0 0 ? SW< 01:30 0:00 [mdrecoveryd] root 14 0.0 0.0 0 0 ? SW 01:30 0:00 [AIFd] root 385 0.0 0.1 1428 600 ? S 01:36 0:00 syslogd -m 0 root 390 0.0 0.2 2016 1176 ? S 01:36 0:00 klogd -2 root 473 0.0 0.2 2348 1048 ? S 01:36 0:00 /usr/sbin/sshd daemon 490 0.0 0.1 2152 944 ? S 01:36 0:00 lpd Waiting root 518 0.0 0.0 1396 508 ? S 01:36 0:00 gpm -t ps/2 -m /dev/mouse root 530 0.0 0.1 1552 700 ? S 01:36 0:00 crond root 568 0.0 0.0 1336 416 tty1 S 01:36 0:00 /sbin/mingetty tty1 root 569 0.0 0.0 1336 416 tty2 S 01:36 0:00 /sbin/mingetty tty2 root 570 0.0 0.0 1336 416 tty3 S 01:36 0:00 /sbin/mingetty tty3 root 571 0.0 0.0 1336 416 tty4 S 01:36 0:00 /sbin/mingetty tty4 root 572 0.0 0.0 1336 416 tty5 S 01:36 0:00 /sbin/mingetty tty5 root 573 0.0 0.0 1336 416 tty6 S 01:36 0:00 /sbin/mingetty tty6 root 848 0.0 0.3 3128 1736 ? S 08:32 0:00 /usr/sbin/sshd gerrym 849 0.0 0.2 2332 1300 pts/0 S 08:32 0:00 -bash root 878 0.0 0.1 2188 1024 pts/0 S 08:32 0:00 su - root 879 0.0 0.2 2336 1308 pts/0 S 08:32 0:00 -bash root 1071 0.0 0.2 4180 1392 ? S 10:19 0:00 smbd -D root 1076 0.0 0.2 3116 1264 ? S 10:19 0:00 nmbd -D root 1079 0.0 0.4 4676 2060 ? S 10:19 0:00 smbd -D root 1087 0.0 0.1 2740 836 pts/0 R 10:21 0:00 ps -waux root 1088 0.0 0.1 1572 572 pts/0 S 10:21 0:00 more -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Gerry Maddock Sent: Thursday, October 11, 2001 10:07 AM To: samba-ntdom@lists.samba.org Subject: RE: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS -----Original Message----- From: Mark Cave-Ayland [mailto:mca198@ecs.soton.ac.uk] Sent: Thursday, October 11, 2001 9:47 AM To: Gerry Maddock Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS On Thu, 11 Oct 2001, Gerry Maddock wrote: > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get: > \\Penguin is not accessible. > The remote procedure call failed and did not execute. > > I checked the samba logs and found no errors or complaints. > No errors or complaints in /var/log/messages as well.... Hi Gerry, Try looking at the firewall rules on your new Redhat 7.1 box. I have recently reinstalled Samba on a Mandrake 8 box and the firewall rules were so strict they did not even allow SMB ports (137-139) and broadcasts on any interface, both of which are required for Samba to work. Cheers, Mark. From gerrym at futuremetals.com Thu Oct 11 07:50:03 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:18 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: Message-ID: Thanks for trying to help me out so far Mark and Joe! I am still unable to connect from my NT 4.0 box. Heres the recap: I have 2 samba systems going: My production server: Samba 2.05a PDC on RH 6.2 box that I have no problems with any machines connecting to. My newer system (will hopefully replace current PDC if/when NT systems can connect): Samba 2.2.1.a on RH 7.1 No error messages from ANY samba log No error message from /var/log/messages No firewall running or enabled Both smb.conf's were posted earlier (I'll repost if needed) The NT 4.0 boxes are all sp6 with the latest security patches... Anyone else experience this problem? PLEASE HELP!!!! From jolt at nicholasofmyra.org Thu Oct 11 07:53:03 2001 From: jolt at nicholasofmyra.org (Joseph) Date: Tue Dec 2 02:36:18 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS References: Message-ID: <3BC5B28C.9070803@nicholasofmyra.org> Did you join the new computer to the domain? smbpasswd -j stuff? Gerry Maddock wrote: > I just tried that, restarted samba on both boxes and still nothing. > > -----Original Message----- > From: Joseph [mailto:jolt@nicholasofmyra.org] > Sent: Thursday, October 11, 2001 10:10 AM > To: Gerry Maddock > Cc: NTSAMBA > Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > > > Try adding "wins server = " to your new PDC. Also, try > setting domain master and prefered master on old PDC to auto. > > Gerry Maddock wrote: > > >> I am in the process of upgrading my existing samba 2.05a PDC on an >>old box running RH6.2 to a new faster box running Samba 2.2.1a on a >>RH7.1 box. I have all the same files and directories as the old samba >>box including the same smb.conf file (the only thing changed in the >>smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same >>subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security >>patches. Whenever I try to connect to the new Samba box from my NT box I >>get: >> \\Penguin is not accessible. >>The remote procedure call failed and did not execute. >> >>I checked the samba logs and found no errors or complaints. >>No errors or complaints in /var/log/messages as well.... >> >>Here is the global section of my new systems (samba 2.2.1a) smb.conf: >>netbios name = Nero >> server string = FL1 >> encrypt passwords = yes >> smb passwd file = /etc/samba/smbpasswd >> syslog only = Yes >> log file = /var/log/samba/log.%m >> time server = Yes >> wins support = no >> name resolve order = wins lmhosts hosts bcast >> max open files = 100000 >> local master = yes >> os level = 99 >> domain master = yes >> preferred master = yes >> security = domain >> password server = 192.168.0.1 >> domain master = no >> preferred master = no >> logon script = gerry.bat >> logon path = \\%N\profiles\%U >> security = user >> workgroup = WORKGROUP >> domain admin group = @IT >> domain logons = Yes >> dos filetimes = Yes >> dos filetime resolution = Yes >> fake directory create times = Yes >> socket options = IPTOS_LOWDELAY TCP_NODELAY >> deadtime = 15 >> getwd cache = Yes >> oplocks = True >> level2 oplocks = True >> read raw = No >> write cache size = 262144 >> interfaces = eth1 >> >>Here is the smb.conf in my older PDC (samba 2.05a) >> >> netbios name = PENGUIN >> server string = FL02 >> encrypt passwords = Yes >> smb passwd file = /usr/local/samba/bin/smbpasswd >> syslog only = Yes >> log file = /usr/local/samba/lib/samba.log.%m >> time server = Yes >> wins support = yes >> name resolve order = wins lmhosts hosts bcast >> max open files = 100000 >> logon script = gerry.bat >> logon path = \\%N\profiles\%U >> security = user >> workgroup = WORKGROUP >> domain admin group = @IT >> domain logons = Yes >> os level = 65 >> preferred master = yes >> domain master = yes >> local master = yes >> strict locking = Yes >> dos filetimes = Yes >> dos filetime resolution = Yes >> fake directory create times = Yes >> >>I'm running out of ideas here! Please help! Thanks in advance! >> >> >> > > From lynnt at macnet.com Thu Oct 11 08:01:04 2001 From: lynnt at macnet.com (Lynn Turriff) Date: Tue Dec 2 02:36:18 2003 Subject: Samba Newbie Message-ID: <178236089248.20011011075551@macnet.com> I've been lurking here for a month or six weeks or so, and would just like to point out that the samba docs are sometimes something less than useful to a linux newbie. I have read the docs and man files, and have several linux manuals, but still can't get my system to acknowledge my NT4 network, much less communicate with it. I have reloaded RH 7.1 several times. I can ping all the machines on the net, but obviously something is dead wrong somewhere in the samba configuration. Ironically, I can get mail and surf through my NT proxy, but have made exactly zero progress with samba. I have tried without success to find some local brains to pick. Someone suggested to me that it might be easiest to communicate with my NT net via ftp and telnet - this actually might be a useful solution in my case, except that it doesn't allow me to access any printers, and when I went looking for printer information, well ... And it wouldn't help those who are trying to replace NT servers altogether, which is my ultimate goal. So rtfm is not *always* the answer ... thanks anyway. And undying gratitude to anyone who would care to help those of us out who have read so much documentation that we are about to hit cranial meltdown :-) Direct email is great in my case. tnx, Lynn > Perhaps it's a good idea to start reading the Samba documentation, > which > contains a step by step guide to install and configure samba. > > grtz, > Dennis > >> Hi >> I am newbie to linux and samba .I will appreciate any help from >> your >> side to install,configure..successfully run samba on redhat >> linux be >> possible.(steps by steps is preferrred).How to start with the >> installation. [snip] mailto:lynnt@macnet.com * * * Aun Aprendo I'd rather be WARP'ed * * * Team OS/2 http://www.sites.onlinemac.com/hawthorne/ From bill at lynden2.sweye.com Thu Oct 11 08:46:02 2001 From: bill at lynden2.sweye.com (William L. Terry) Date: Tue Dec 2 02:36:18 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS References: <3BC59D13.16767EC5@futuremetals.com> Message-ID: <3BC5BF01.1010600@sweye.com> Gerry Maddock wrote > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get:> > >\\Penguin is not accessible. > >The remote procedure call failed and did not execute. I also have this problem with redhat 7.1 and samba 2.2.1a . It is to the outside world as if this machine does not exist. I have 16 samba boxes out there around the state serving up domains for our locations. I have used everything from samba-tng2.5 to samba2.2.0 with success. The last good combination I got was 2.2.0 with a redhat 7.0 box. I also use a 2.0.7 as a non domain controller on a redhat 7.1 box successfully. I have tried with two separate installs to use 2.2.1a with redhat7.1. I also suspected the firewall rules, but I intentionally blew these away with no positive results. The only indication I get that the samba domain exists is that when I give the domain a name, the client sees that that domain exists, but can't see any machines in it. You can also do "nmblookup -B ACLIENT '* '" successfully. I am also stumped, but I will continue to slog along and see If I can stumble across something. -- William L. Terry (bill@sweye.com) Southwestern Eye Center http://www.sweye.com/ Information Systems 480-892-8400 ext. 142 From gerrym at futuremetals.com Thu Oct 11 08:53:10 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:18 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: <3BC5B28C.9070803@nicholasofmyra.org> Message-ID: In log.nmbd I get: [2001/10/11 00:56:29, 0] nmbd/nmbd_logonnames.c:add_logon_names(158) add_domain_logon_names: Attempting to become logon server for workgroup WORKGROUP on subnet 10.1.1.244 [2001/10/11 10:19:06, 0] nmbd/nmbd_logonnames.c:add_logon_names(158) add_domain_logon_names: Attempting to become logon server for workgroup WORKGROUP on subnet UNICAST_SUBNET [2001/10/11 10:19:06, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(116) become_logon_server_success: Samba is now a logon server for workgroup WORKGROUP on subnet UNICAST_SUBNET [2001/10/11 10:19:10, 0] nmbd/nmbd_logonnames.c:become_logon_server_success(116) become_logon_server_success: Samba is now a logon server for workgroup WORKGROUP on subnet 10.1.1.244 [2001/10/11 10:19:30, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(405) ***** Samba name server NENGUIN is now a local master browser for workgroup WORKGROUP on subnet 10.1.1.244 I never did the smbpasswd -j stuff. I dont think I need to since I never had to for my other samba servers @ my branch offices that are on the domain. They are all RH6.2 running samba 2.05.a too. I do have trust accounts set in my /etc/passwd and in smbpasswd files (these are the same files I pulled of my existing samba PDC that I would like to replace with this new one if it ever works... -----Original Message----- From: Joseph [mailto:jolt@nicholasofmyra.org] Sent: Thursday, October 11, 2001 10:54 AM To: Gerry Maddock Cc: NTSAMBA Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS Did you join the new computer to the domain? smbpasswd -j stuff? Gerry Maddock wrote: > I just tried that, restarted samba on both boxes and still nothing. > > -----Original Message----- > From: Joseph [mailto:jolt@nicholasofmyra.org] > Sent: Thursday, October 11, 2001 10:10 AM > To: Gerry Maddock > Cc: NTSAMBA > Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > > > Try adding "wins server = " to your new PDC. Also, try > setting domain master and prefered master on old PDC to auto. > > Gerry Maddock wrote: > > >> I am in the process of upgrading my existing samba 2.05a PDC on an >>old box running RH6.2 to a new faster box running Samba 2.2.1a on a >>RH7.1 box. I have all the same files and directories as the old samba >>box including the same smb.conf file (the only thing changed in the >>smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same >>subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security >>patches. Whenever I try to connect to the new Samba box from my NT box I >>get: >> \\Penguin is not accessible. >>The remote procedure call failed and did not execute. >> >>I checked the samba logs and found no errors or complaints. >>No errors or complaints in /var/log/messages as well.... >> >>Here is the global section of my new systems (samba 2.2.1a) smb.conf: >>netbios name = Nero >> server string = FL1 >> encrypt passwords = yes >> smb passwd file = /etc/samba/smbpasswd >> syslog only = Yes >> log file = /var/log/samba/log.%m >> time server = Yes >> wins support = no >> name resolve order = wins lmhosts hosts bcast >> max open files = 100000 >> local master = yes >> os level = 99 >> domain master = yes >> preferred master = yes >> security = domain >> password server = 192.168.0.1 >> domain master = no >> preferred master = no >> logon script = gerry.bat >> logon path = \\%N\profiles\%U >> security = user >> workgroup = WORKGROUP >> domain admin group = @IT >> domain logons = Yes >> dos filetimes = Yes >> dos filetime resolution = Yes >> fake directory create times = Yes >> socket options = IPTOS_LOWDELAY TCP_NODELAY >> deadtime = 15 >> getwd cache = Yes >> oplocks = True >> level2 oplocks = True >> read raw = No >> write cache size = 262144 >> interfaces = eth1 >> >>Here is the smb.conf in my older PDC (samba 2.05a) >> >> netbios name = PENGUIN >> server string = FL02 >> encrypt passwords = Yes >> smb passwd file = /usr/local/samba/bin/smbpasswd >> syslog only = Yes >> log file = /usr/local/samba/lib/samba.log.%m >> time server = Yes >> wins support = yes >> name resolve order = wins lmhosts hosts bcast >> max open files = 100000 >> logon script = gerry.bat >> logon path = \\%N\profiles\%U >> security = user >> workgroup = WORKGROUP >> domain admin group = @IT >> domain logons = Yes >> os level = 65 >> preferred master = yes >> domain master = yes >> local master = yes >> strict locking = Yes >> dos filetimes = Yes >> dos filetime resolution = Yes >> fake directory create times = Yes >> >>I'm running out of ideas here! Please help! Thanks in advance! >> >> >> > > From gerrym at futuremetals.com Thu Oct 11 08:56:07 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:18 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: <3BC5BF01.1010600@sweye.com> Message-ID: Thanks! I'm glad I'm not the only one! If I hear anything or somehow rig it to work, I'll let you know what I did. Please do the same for me. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of William L. Terry Sent: Thursday, October 11, 2001 11:47 AM To: samba-ntdom@lists.samba.org Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS Gerry Maddock wrote > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get:> > >\\Penguin is not accessible. > >The remote procedure call failed and did not execute. I also have this problem with redhat 7.1 and samba 2.2.1a . It is to the outside world as if this machine does not exist. I have 16 samba boxes out there around the state serving up domains for our locations. I have used everything from samba-tng2.5 to samba2.2.0 with success. The last good combination I got was 2.2.0 with a redhat 7.0 box. I also use a 2.0.7 as a non domain controller on a redhat 7.1 box successfully. I have tried with two separate installs to use 2.2.1a with redhat7.1. I also suspected the firewall rules, but I intentionally blew these away with no positive results. The only indication I get that the samba domain exists is that when I give the domain a name, the client sees that that domain exists, but can't see any machines in it. You can also do "nmblookup -B ACLIENT '* '" successfully. I am also stumped, but I will continue to slog along and see If I can stumble across something. -- William L. Terry (bill@sweye.com) Southwestern Eye Center http://www.sweye.com/ Information Systems 480-892-8400 ext. 142 From jolt at nicholasofmyra.org Thu Oct 11 09:06:03 2001 From: jolt at nicholasofmyra.org (Joseph) Date: Tue Dec 2 02:36:18 2003 Subject: Samba Newbie References: <178236089248.20011011075551@macnet.com> Message-ID: <3BC5C3CD.9010300@nicholasofmyra.org> Try: http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.html http://www.linuxdoc.org/HOWTO/SMB-HOWTO.html http://www.redhat.com/support/resources/print_file/samba.html If you are still having problems, try to be a little more specific. What is or is not working? How about attaching the global section of your smb.conf file. Lynn Turriff wrote: > I've been lurking here for a month or six weeks or so, > and would just like to point out that the samba docs > are sometimes something less than useful to a linux > newbie. > > I have read the docs and man files, and have several > linux manuals, but still can't get my system to > acknowledge my NT4 network, much less communicate with > it. I have reloaded RH 7.1 several times. I can ping > all the machines on the net, but obviously something is > dead wrong somewhere in the samba configuration. > Ironically, I can get mail and surf through my NT > proxy, but have made exactly zero progress with samba. > > I have tried without success to find some local brains > to pick. Someone suggested to me that it might be > easiest to communicate with my NT net via ftp and > telnet - this actually might be a useful solution in my > case, except that it doesn't allow me to access any > printers, and when I went looking for printer > information, well ... And it wouldn't help those who > are trying to replace NT servers altogether, which is > my ultimate goal. > > So rtfm is not *always* the answer ... thanks anyway. > > And undying gratitude to anyone who would care to help > those of us out who have read so much documentation > that we are about to hit cranial meltdown :-) > > Direct email is great in my case. > > tnx, > > Lynn > > >>Perhaps it's a good idea to start reading the Samba documentation, >>which >>contains a step by step guide to install and configure samba. >> >>grtz, >>Dennis >> >> >>>Hi >>>I am newbie to linux and samba .I will appreciate any help from >>>your >>>side to install,configure..successfully run samba on redhat >>>linux be >>>possible.(steps by steps is preferrred).How to start with the >>>installation. >>> > > [snip] > > > > mailto:lynnt@macnet.com * * * Aun Aprendo > I'd rather be WARP'ed * * * Team OS/2 > > http://www.sites.onlinemac.com/hawthorne/ > > > > From andre.doehn at econia.com Thu Oct 11 09:07:04 2001 From: andre.doehn at econia.com (andre.doehn@econia.com) Date: Tue Dec 2 02:36:18 2003 Subject: Failed to marshall NET_R_SAM_LOGON Message-ID: hi list, since iam using samba 2.2 and now upgraded to version 2.2.1a i have the following log in /var/log/messages: smbd[406]: [2001/10/11 19:39:08, 0] rpc_server/srv_netlog.c:api_net_sam_logon(208) smbd[406]: api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. smbd[406]: [2001/10/11 19:39:08, 0] rpc_server/srv_pipe.c:api_rpcTNP(1215) smbd[406]: api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. i dont know to handle this logentry - what iam doing wrong?! ive compiled samba with configure --with-pam --with-syslog --with-quotas --prefix=/usr/local/samba221a --with-utmp --with-acl-support --with-smbwrapper and this is my global smb.conf: [global] security = user status = yes workgroup = NTDOM netbios name = cgn-pdc interfaces = eth0 lo bind interfaces only = yes server string = Samba %v running on %h wins support = yes time server = yes encrypt passwords = yes domain logons = yes domain master = yes local master = yes preferred master = yes logon script = scripts\logon.bat logon home = \\%L\homes logon path = \\%L\Profiles\%U logon drive = z: domain admin group = @adm add user script = /usr/sbin/useradd -g smbcl -c Machine -d /dev/null -s /bin/false %m$ username map = /usr/local/samba/lib/usermap share modes=no os level=65 name resolve order = wins bcast host nt acl support = yes log level = 10 log file = /var/log/samba/log.%m socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE thanks andre From cknorton.nei-inc.com at mail.nei-inc.com Thu Oct 11 09:13:03 2001 From: cknorton.nei-inc.com at mail.nei-inc.com (Chris) Date: Tue Dec 2 02:36:18 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS References: Message-ID: <3BC5C943.2010504@mail.nei-inc.com> I also, had this problem running RedHat 7.1 with samba -2.0.10-2. I would get the "\\SambaShare is not accessible" from my NT, W2K, and WinMe machines but I rebooted my samba server and then all of a sudden I could access the samba share. Maybe this will give someone a clue as to what might be the problem. Gerry Maddock wrote: >Thanks! I'm glad I'm not the only one! If I hear anything or somehow rig it >to work, I'll let you know what I did. Please do the same for me. > >-----Original Message----- >From: samba-ntdom-admin@lists.samba.org >[mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of William L. Terry >Sent: Thursday, October 11, 2001 11:47 AM >To: samba-ntdom@lists.samba.org >Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > > >Gerry Maddock wrote > >>I am in the process of upgrading my existing samba 2.05a PDC on an >>old box running RH6.2 to a new faster box running Samba 2.2.1a on a >>RH7.1 box. I have all the same files and directories as the old samba >>box including the same smb.conf file (the only thing changed in the >>smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same >>subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security >>patches. Whenever I try to connect to the new Samba box from my NT box I >>get:> >> >>\\Penguin is not accessible. >> >>The remote procedure call failed and did not execute. >> > > >I also have this problem with redhat 7.1 and samba 2.2.1a . It is to the >outside world as if this machine does not exist. I have 16 samba boxes >out there around the state serving up domains for our locations. I have >used everything from samba-tng2.5 to samba2.2.0 with success. The last good >combination I got was 2.2.0 with a redhat 7.0 box. I also use a 2.0.7 as a >non domain controller on a redhat 7.1 box successfully. I have tried with >two >separate installs to use 2.2.1a with redhat7.1. I also suspected the >firewall >rules, but I intentionally blew these away with no positive results. The >only >indication I get that the samba domain exists is that when I give the domain >a >name, the client sees that that domain exists, but can't see any machines in >it. >You can also do "nmblookup -B ACLIENT '* '" successfully. > >I am also stumped, but I will continue to slog along and see If I can >stumble >across something. > >-- >William L. Terry (bill@sweye.com) >Southwestern Eye Center http://www.sweye.com/ >Information Systems >480-892-8400 ext. 142 > > > > > From barth at cck.uni-kl.de Thu Oct 11 09:44:04 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:36:18 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: <3BC59D13.16767EC5@futuremetals.com> Message-ID: <3BC5E8AC.25030.2371280@localhost> > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. If you have set up RedHat 7.1 with the default medium security the ports needed for samba a blocked by a software firewall. Look for ipchains/iptables. Christian > I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get: > \\Penguin is not accessible. > The remote procedure call failed and did not execute. > > I checked the samba logs and found no errors or complaints. > No errors or complaints in /var/log/messages as well.... > > Here is the global section of my new systems (samba 2.2.1a) smb.conf: > netbios name = Nero > server string = FL1 > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > syslog only = Yes > log file = /var/log/samba/log.%m > time server = Yes > wins support = no > name resolve order = wins lmhosts hosts bcast > max open files = 100000 > local master = yes > os level = 99 > domain master = yes > preferred master = yes > security = domain > password server = 192.168.0.1 > domain master = no > preferred master = no > logon script = gerry.bat > logon path = \\%N\profiles\%U > security = user > workgroup = WORKGROUP > domain admin group = @IT > domain logons = Yes > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > socket options = IPTOS_LOWDELAY TCP_NODELAY > deadtime = 15 > getwd cache = Yes > oplocks = True > level2 oplocks = True > read raw = No > write cache size = 262144 > interfaces = eth1 > > Here is the smb.conf in my older PDC (samba 2.05a) > > netbios name = PENGUIN > server string = FL02 > encrypt passwords = Yes > smb passwd file = /usr/local/samba/bin/smbpasswd > syslog only = Yes > log file = /usr/local/samba/lib/samba.log.%m > time server = Yes > wins support = yes > name resolve order = wins lmhosts hosts bcast > max open files = 100000 > logon script = gerry.bat > logon path = \\%N\profiles\%U > security = user > workgroup = WORKGROUP > domain admin group = @IT > domain logons = Yes > os level = 65 > preferred master = yes > domain master = yes > local master = yes > strict locking = Yes > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > > I'm running out of ideas here! Please help! Thanks in advance! > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From chris.bamford at ntli.net Thu Oct 11 09:54:24 2001 From: chris.bamford at ntli.net (Chris Bamford) Date: Tue Dec 2 02:36:18 2003 Subject: Winbind for Solaris? Message-ID: <3BC5CF83.4AE834BA@ntli.net> Hi all, I am looking for a Solaris implementation of winbind - can anyone point me to any information on the subject? Thanks! -- Chris From gerrym at futuremetals.com Thu Oct 11 09:56:15 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:19 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: <3BC5E8AC.25030.2371280@localhost> Message-ID: I specifically set the "No Firewall" option on the install of RH7.1. I wanted to be sure I had no other problems before I threw the firewall into the mess. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Christian Barth Sent: Thursday, October 11, 2001 12:45 PM To: NTSAMBA; Gerry Maddock Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > I am in the process of upgrading my existing samba 2.05a PDC on an > old box running RH6.2 to a new faster box running Samba 2.2.1a on a > RH7.1 box. If you have set up RedHat 7.1 with the default medium security the ports needed for samba a blocked by a software firewall. Look for ipchains/iptables. Christian > I have all the same files and directories as the old samba > box including the same smb.conf file (the only thing changed in the > smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > patches. Whenever I try to connect to the new Samba box from my NT box I > get: > \\Penguin is not accessible. > The remote procedure call failed and did not execute. > > I checked the samba logs and found no errors or complaints. > No errors or complaints in /var/log/messages as well.... > > Here is the global section of my new systems (samba 2.2.1a) smb.conf: > netbios name = Nero > server string = FL1 > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > syslog only = Yes > log file = /var/log/samba/log.%m > time server = Yes > wins support = no > name resolve order = wins lmhosts hosts bcast > max open files = 100000 > local master = yes > os level = 99 > domain master = yes > preferred master = yes > security = domain > password server = 192.168.0.1 > domain master = no > preferred master = no > logon script = gerry.bat > logon path = \\%N\profiles\%U > security = user > workgroup = WORKGROUP > domain admin group = @IT > domain logons = Yes > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > socket options = IPTOS_LOWDELAY TCP_NODELAY > deadtime = 15 > getwd cache = Yes > oplocks = True > level2 oplocks = True > read raw = No > write cache size = 262144 > interfaces = eth1 > > Here is the smb.conf in my older PDC (samba 2.05a) > > netbios name = PENGUIN > server string = FL02 > encrypt passwords = Yes > smb passwd file = /usr/local/samba/bin/smbpasswd > syslog only = Yes > log file = /usr/local/samba/lib/samba.log.%m > time server = Yes > wins support = yes > name resolve order = wins lmhosts hosts bcast > max open files = 100000 > logon script = gerry.bat > logon path = \\%N\profiles\%U > security = user > workgroup = WORKGROUP > domain admin group = @IT > domain logons = Yes > os level = 65 > preferred master = yes > domain master = yes > local master = yes > strict locking = Yes > dos filetimes = Yes > dos filetime resolution = Yes > fake directory create times = Yes > > I'm running out of ideas here! Please help! Thanks in advance! > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From barth at cck.uni-kl.de Thu Oct 11 09:57:11 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:36:19 2003 Subject: Samba Newbie In-Reply-To: <178236089248.20011011075551@macnet.com> Message-ID: <3BC5EB94.29105.2426CCA@localhost> > I've been lurking here for a month or six weeks or so, > and would just like to point out that the samba docs > are sometimes something less than useful to a linux > newbie. > > I have read the docs and man files, and have several > linux manuals, but still can't get my system to > acknowledge my NT4 network, much less communicate with > it. I have reloaded RH 7.1 several times. RH 7.1 when install in the default way ships with a software firewall that blocks the prots needed for samba. > I can ping > all the machines on the net, but obviously something is > dead wrong somewhere in the samba configuration. > Ironically, I can get mail and surf through my NT > proxy, but have made exactly zero progress with samba. > > I have tried without success to find some local brains > to pick. Someone suggested to me that it might be > easiest to communicate with my NT net via ftp and > telnet - this actually might be a useful solution in my > case, except that it doesn't allow me to access any > printers, and when I went looking for printer > information, well ... And it wouldn't help those who > are trying to replace NT servers altogether, which is > my ultimate goal. What do you want to do? - Connect with NT to a samba share on the linux machine? - Connect with the linux machine to a share on the Nt machine? --> two different approaches nessecary! - where are the printers attached to physicaly? - if its on linux, do they work form there? - are you using the rpm's from RH, from samba or have you compailed the source? > > So rtfm is not *always* the answer ... thanks anyway. With the samba source comes a file DIAGNOSTIC.txt (or like that). What are your results in the different steps? Christian > > And undying gratitude to anyone who would care to help > those of us out who have read so much documentation > that we are about to hit cranial meltdown :-) > > Direct email is great in my case. > > tnx, > > Lynn > > > Perhaps it's a good idea to start reading the Samba documentation, > > which > > contains a step by step guide to install and configure samba. > > > > grtz, > > Dennis > > > >> Hi > >> I am newbie to linux and samba .I will appreciate any help from > >> your > >> side to install,configure..successfully run samba on redhat > >> linux be > >> possible.(steps by steps is preferrred).How to start with the > >> installation. > > [snip] > > > > mailto:lynnt@macnet.com * * * Aun Aprendo > I'd rather be WARP'ed * * * Team OS/2 > > http://www.sites.onlinemac.com/hawthorne/ > > > > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From pereti at ump.edu.br Thu Oct 11 10:02:05 2001 From: pereti at ump.edu.br (Bruno Gimenes Pereti) Date: Tue Dec 2 02:36:19 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS References: <3BC5C943.2010504@mail.nei-inc.com> Message-ID: <002801c15276$b2f5b430$6300a8c0@Metropolitana.administracao> I got a problem this week that may be related to your problem. I'd blocked icmp to the PDC (RedHat 7.1 Samba 2.2.1a rpm). No problem to access the server but when I tried to join the domain with a W2k I couldn't. I allowed the icmp traffic and still couldn't join. When I restarted the smb daemon I could join the domain as before. Maybe this can help you. Bruno Gimenes Pereti. ----- Original Message ----- From: "Chris" To: "Gerry Maddock" Cc: "William L. Terry" ; Sent: Thursday, October 11, 2001 1:30 PM Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > I also, had this problem running RedHat 7.1 with samba -2.0.10-2. I > would get the "\\SambaShare is not accessible" from my NT, W2K, and > WinMe machines but I rebooted my samba server and then all of a sudden > I could access the samba share. > > Maybe this will give someone a clue as to what might be the problem. > > > Gerry Maddock wrote: > > >Thanks! I'm glad I'm not the only one! If I hear anything or somehow rig it > >to work, I'll let you know what I did. Please do the same for me. > > > >-----Original Message----- > >From: samba-ntdom-admin@lists.samba.org > >[mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of William L. Terry > >Sent: Thursday, October 11, 2001 11:47 AM > >To: samba-ntdom@lists.samba.org > >Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > > > > > >Gerry Maddock wrote > > > >>I am in the process of upgrading my existing samba 2.05a PDC on an > >>old box running RH6.2 to a new faster box running Samba 2.2.1a on a > >>RH7.1 box. I have all the same files and directories as the old samba > >>box including the same smb.conf file (the only thing changed in the > >>smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > >>subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > >>patches. Whenever I try to connect to the new Samba box from my NT box I > >>get:> > >> > >>\\Penguin is not accessible. > >> > >>The remote procedure call failed and did not execute. > >> > > > > > >I also have this problem with redhat 7.1 and samba 2.2.1a . It is to the > >outside world as if this machine does not exist. I have 16 samba boxes > >out there around the state serving up domains for our locations. I have > >used everything from samba-tng2.5 to samba2.2.0 with success. The last good > >combination I got was 2.2.0 with a redhat 7.0 box. I also use a 2.0.7 as a > >non domain controller on a redhat 7.1 box successfully. I have tried with > >two > >separate installs to use 2.2.1a with redhat7.1. I also suspected the > >firewall > >rules, but I intentionally blew these away with no positive results. The > >only > >indication I get that the samba domain exists is that when I give the domain > >a > >name, the client sees that that domain exists, but can't see any machines in > >it. > >You can also do "nmblookup -B ACLIENT '* '" successfully. > > > >I am also stumped, but I will continue to slog along and see If I can > >stumble > >across something. > > > >-- > >William L. Terry (bill@sweye.com) > >Southwestern Eye Center http://www.sweye.com/ > >Information Systems > >480-892-8400 ext. 142 From jbeauchamp at gesinc.com Thu Oct 11 10:02:36 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:36:19 2003 Subject: Samba Newbie References: <178236089248.20011011075551@macnet.com> Message-ID: <001c01c1528f$42467800$1d01a8c0@gesinc.com> Lynn: You need to be a little more specific about what type of problem you are having. People are generally very helpful if you provide the right information. Apologies If I missed an earlier post that had this info. What version are you running? Have you checked to make sure that smbd and nmbd are both running? Are you in the same workgroup as your domain (if you are a domain member)? Can you use smbclient -L machinename and get a list of shares from a windows machine? What does nmblookup -d2 '*' return? You should get a list of boxes on the network. HTH James ----- Original Message ----- From: "Lynn Turriff" To: Sent: Thursday, October 11, 2001 7:55 AM Subject: Samba Newbie > I've been lurking here for a month or six weeks or so, > and would just like to point out that the samba docs > are sometimes something less than useful to a linux > newbie. > > I have read the docs and man files, and have several > linux manuals, but still can't get my system to > acknowledge my NT4 network, much less communicate with > it. I have reloaded RH 7.1 several times. I can ping > all the machines on the net, but obviously something is > dead wrong somewhere in the samba configuration. > Ironically, I can get mail and surf through my NT > proxy, but have made exactly zero progress with samba. > > I have tried without success to find some local brains > to pick. Someone suggested to me that it might be > easiest to communicate with my NT net via ftp and > telnet - this actually might be a useful solution in my > case, except that it doesn't allow me to access any > printers, and when I went looking for printer > information, well ... And it wouldn't help those who > are trying to replace NT servers altogether, which is > my ultimate goal. > > So rtfm is not *always* the answer ... thanks anyway. > > And undying gratitude to anyone who would care to help > those of us out who have read so much documentation > that we are about to hit cranial meltdown :-) > > Direct email is great in my case. > > tnx, > > Lynn > > > Perhaps it's a good idea to start reading the Samba documentation, > > which > > contains a step by step guide to install and configure samba. > > > > grtz, > > Dennis > > > >> Hi > >> I am newbie to linux and samba .I will appreciate any help from > >> your > >> side to install,configure..successfully run samba on redhat > >> linux be > >> possible.(steps by steps is preferrred).How to start with the > >> installation. > > [snip] > > > > mailto:lynnt@macnet.com * * * Aun Aprendo > I'd rather be WARP'ed * * * Team OS/2 > > http://www.sites.onlinemac.com/hawthorne/ > > > From gerrym at futuremetals.com Thu Oct 11 10:18:02 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:19 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: <002801c15276$b2f5b430$6300a8c0@Metropolitana.administracao> Message-ID: I thought it might have been some of the "optimizations" I added to /etc/sysctl.conf,so I reverted back to the orinal sysctl.conf with no optimizations straight off the RH7.1 install, rebooted and still nothing. However, once I lost the "optimizations" I did notice a log.shadow, which Shadow is one of the NT boxes I'm trying to connect from, but the log.shadow was empty. Currently, I'm still running the default sysctl.conf from the RH7.1 install (with no added "optimizations" just to rule this out.... -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Bruno Gimenes Pereti Sent: Thursday, October 11, 2001 1:04 PM To: samba-ntdom@lists.samba.org Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS I got a problem this week that may be related to your problem. I'd blocked icmp to the PDC (RedHat 7.1 Samba 2.2.1a rpm). No problem to access the server but when I tried to join the domain with a W2k I couldn't. I allowed the icmp traffic and still couldn't join. When I restarted the smb daemon I could join the domain as before. Maybe this can help you. Bruno Gimenes Pereti. ----- Original Message ----- From: "Chris" To: "Gerry Maddock" Cc: "William L. Terry" ; Sent: Thursday, October 11, 2001 1:30 PM Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > I also, had this problem running RedHat 7.1 with samba -2.0.10-2. I > would get the "\\SambaShare is not accessible" from my NT, W2K, and > WinMe machines but I rebooted my samba server and then all of a sudden > I could access the samba share. > > Maybe this will give someone a clue as to what might be the problem. > > > Gerry Maddock wrote: > > >Thanks! I'm glad I'm not the only one! If I hear anything or somehow rig it > >to work, I'll let you know what I did. Please do the same for me. > > > >-----Original Message----- > >From: samba-ntdom-admin@lists.samba.org > >[mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of William L. Terry > >Sent: Thursday, October 11, 2001 11:47 AM > >To: samba-ntdom@lists.samba.org > >Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > > > > > >Gerry Maddock wrote > > > >>I am in the process of upgrading my existing samba 2.05a PDC on an > >>old box running RH6.2 to a new faster box running Samba 2.2.1a on a > >>RH7.1 box. I have all the same files and directories as the old samba > >>box including the same smb.conf file (the only thing changed in the > >>smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same > >>subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security > >>patches. Whenever I try to connect to the new Samba box from my NT box I > >>get:> > >> > >>\\Penguin is not accessible. > >> > >>The remote procedure call failed and did not execute. > >> > > > > > >I also have this problem with redhat 7.1 and samba 2.2.1a . It is to the > >outside world as if this machine does not exist. I have 16 samba boxes > >out there around the state serving up domains for our locations. I have > >used everything from samba-tng2.5 to samba2.2.0 with success. The last good > >combination I got was 2.2.0 with a redhat 7.0 box. I also use a 2.0.7 as a > >non domain controller on a redhat 7.1 box successfully. I have tried with > >two > >separate installs to use 2.2.1a with redhat7.1. I also suspected the > >firewall > >rules, but I intentionally blew these away with no positive results. The > >only > >indication I get that the samba domain exists is that when I give the domain > >a > >name, the client sees that that domain exists, but can't see any machines in > >it. > >You can also do "nmblookup -B ACLIENT '* '" successfully. > > > >I am also stumped, but I will continue to slog along and see If I can > >stumble > >across something. > > > >-- > >William L. Terry (bill@sweye.com) > >Southwestern Eye Center http://www.sweye.com/ > >Information Systems > >480-892-8400 ext. 142 From bgmilne at cae.co.za Thu Oct 11 10:29:09 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:36:19 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS References: <20011011164508.A4ACF4C92@lists.samba.org> Message-ID: <3BC5D680.20402@cae.co.za> Just so we are all sure .... run the following commands as root: # ipchains -L #(2.2 kernel) # iptables -L #(2.4 kernel) If you get any output besides the default action for each chain, try disabling all the rules with: #ipchains -F #(2.2. kernel) # iptables -F #(2.4 kernel) and try again. If that doesn't work, install Mandrake 8.1, which ships with XFS, ACLs and samba-2.2.1a (or Mandrake 8.0 and all the required stuff avaiable at http://www.cae.co.za/~bgmilne/mandrake/samba/samba-2.2.1a_xfs/) ;-) Buchan From jolt at nicholasofmyra.org Thu Oct 11 10:43:05 2001 From: jolt at nicholasofmyra.org (Joseph) Date: Tue Dec 2 02:36:19 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS References: Message-ID: <3BC5DA92.5070408@nicholasofmyra.org> Try increasing the debug level a little and see if you get anything useful in the log files. Gerry Maddock wrote: > I thought it might have been some of the "optimizations" I added to > /etc/sysctl.conf,so I reverted back to the orinal sysctl.conf with no > optimizations straight off the RH7.1 install, rebooted and still nothing. > However, once I lost the "optimizations" I did notice a log.shadow, which > Shadow is one of the NT boxes I'm trying to connect from, but the log.shadow > was empty. Currently, I'm still running the default sysctl.conf from the > RH7.1 install (with no added "optimizations" just to rule this out.... > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Bruno Gimenes > Pereti > Sent: Thursday, October 11, 2001 1:04 PM > To: samba-ntdom@lists.samba.org > Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > > > I got a problem this week that may be related to your problem. I'd blocked > icmp to the PDC (RedHat 7.1 Samba 2.2.1a rpm). No problem to access the > server but when I tried to join the domain with a W2k I couldn't. I allowed > the icmp traffic and still couldn't join. When I restarted the smb daemon I > could join the domain as before. > > Maybe this can help you. > > Bruno Gimenes Pereti. > > ----- Original Message ----- > From: "Chris" > To: "Gerry Maddock" > Cc: "William L. Terry" ; > > Sent: Thursday, October 11, 2001 1:30 PM > Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > > > >>I also, had this problem running RedHat 7.1 with samba -2.0.10-2. I >>would get the "\\SambaShare is not accessible" from my NT, W2K, and >>WinMe machines but I rebooted my samba server and then all of a sudden >>I could access the samba share. >> >>Maybe this will give someone a clue as to what might be the problem. >> >> >>Gerry Maddock wrote: >> >> >>>Thanks! I'm glad I'm not the only one! If I hear anything or somehow rig >>> > it > >>>to work, I'll let you know what I did. Please do the same for me. >>> >>>-----Original Message----- >>>From: samba-ntdom-admin@lists.samba.org >>>[mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of William L. Terry >>>Sent: Thursday, October 11, 2001 11:47 AM >>>To: samba-ntdom@lists.samba.org >>>Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS >>> >>> >>>Gerry Maddock wrote >>> >>> >>>>I am in the process of upgrading my existing samba 2.05a PDC on an >>>>old box running RH6.2 to a new faster box running Samba 2.2.1a on a >>>>RH7.1 box. I have all the same files and directories as the old samba >>>>box including the same smb.conf file (the only thing changed in the >>>>smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same >>>>subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security >>>>patches. Whenever I try to connect to the new Samba box from my NT box I >>>>get:> >>>> >>>>\\Penguin is not accessible. >>>> >>>>The remote procedure call failed and did not execute. >>>> >>>> >>> >>>I also have this problem with redhat 7.1 and samba 2.2.1a . It is to the >>>outside world as if this machine does not exist. I have 16 samba boxes >>>out there around the state serving up domains for our locations. I have >>>used everything from samba-tng2.5 to samba2.2.0 with success. The last >>> > good > >>>combination I got was 2.2.0 with a redhat 7.0 box. I also use a 2.0.7 as >>> > a > >>>non domain controller on a redhat 7.1 box successfully. I have tried >>> > with > >>>two >>>separate installs to use 2.2.1a with redhat7.1. I also suspected the >>>firewall >>>rules, but I intentionally blew these away with no positive results. The >>>only >>>indication I get that the samba domain exists is that when I give the >>> > domain > >>>a >>>name, the client sees that that domain exists, but can't see any machines >>> > in > >>>it. >>>You can also do "nmblookup -B ACLIENT '* '" successfully. >>> >>>I am also stumped, but I will continue to slog along and see If I can >>>stumble >>>across something. >>> >>>-- >>>William L. Terry (bill@sweye.com) >>>Southwestern Eye Center http://www.sweye.com/ >>>Information Systems >>>480-892-8400 ext. 142 >>> > > From gerrym at futuremetals.com Thu Oct 11 10:51:06 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:19 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: <3BC5D680.20402@cae.co.za> Message-ID: I get command not found for both. I havent installed ipchains yet. -----Original Message----- From: Buchan Milne [mailto:bgmilne@cae.co.za] Sent: Thursday, October 11, 2001 1:27 PM To: gerrym@futuremetals.com Cc: samba-ntdom@lists.samba.org Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS Just so we are all sure .... run the following commands as root: # ipchains -L #(2.2 kernel) # iptables -L #(2.4 kernel) If you get any output besides the default action for each chain, try disabling all the rules with: #ipchains -F #(2.2. kernel) # iptables -F #(2.4 kernel) and try again. If that doesn't work, install Mandrake 8.1, which ships with XFS, ACLs and samba-2.2.1a (or Mandrake 8.0 and all the required stuff avaiable at http://www.cae.co.za/~bgmilne/mandrake/samba/samba-2.2.1a_xfs/) ;-) Buchan From gerrym at futuremetals.com Thu Oct 11 11:04:04 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:19 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: <3BC5DA92.5070408@nicholasofmyra.org> Message-ID: Ok, I changed log level to =3, now I'm getting some logs. Here is the log file for the NT box I am testing with. I didnt attach the whole log, its now HUGE. I can forward the entire log if needed. Here is part of it. 2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 1 of length 174 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBnegprot (pid 1269) [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/11 13:55:58, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [PC NETWORK PROGRAM 1.0] [2001/10/11 13:55:58, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [XENIX CORE] [2001/10/11 13:55:58, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [MICROSOFT NETWORKS 1.03] [2001/10/11 13:55:58, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [LANMAN1.0] [2001/10/11 13:55:58, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [Windows for Workgroups 3.1a] [2001/10/11 13:55:58, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [LM1.2X002] [2001/10/11 13:55:58, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [LANMAN2.1] [2001/10/11 13:55:58, 3] smbd/negprot.c:reply_negprot(349) Requested protocol [NT LM 0.12] [2001/10/11 13:55:58, 3] smbd/negprot.c:reply_negprot(433) Selected protocol NT LM 0.12 [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 2 of length 198 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBsesssetupX (pid 1269) [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/11 13:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(865) Domain=[SHADOW] NativeOS=[Windows NT 1381] NativeLanMan=[] [2001/10/11 13:55:58, 3] smbd/reply.c:reply_sesssetup_and_X(876) sesssetupX:name=[administrator] [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:push_sec_ctx(284) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 1 groups: 547 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:pop_sec_ctx(423) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 1 groups: 547 [2001/10/11 13:55:58, 3] smbd/password.c:register_vuid(322) uid 595 registered to name administrator [2001/10/11 13:55:58, 3] smbd/password.c:register_vuid(324) Clearing default real name [2001/10/11 13:55:58, 3] smbd/password.c:register_vuid(326) User name: administrator Real name: [2001/10/11 13:55:58, 3] smbd/process.c:chain_reply(982) Chained message [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBtconX (pid 1269) [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/11 13:55:58, 3] smbd/password.c:authorise_login(787) authorise_login: ACCEPTED: validated uid ok as non-guest (user=administrator) [2001/10/11 13:55:58, 3] smbd/service.c:make_connection(477) Connect path is /tmp [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:push_sec_ctx(284) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 1 groups: 547 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:pop_sec_ctx(423) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:get_current_groups(167) get_current_groups: uid 0 is in 1 groups: 547 [2001/10/11 13:55:58, 3] lib/util_seaccess.c:se_access_check(239) se_access_check: user sid is S-1-5-21-1132588640-3893169706-2677359455-2190 [2001/10/11 13:55:58, 3] lib/util_seaccess.c:se_access_check(242) se_access_check: also S-1-5-21-1132588640-3893169706-2677359455-2095 [2001/10/11 13:55:58, 3] lib/util_seaccess.c:se_access_check(242) se_access_check: also S-1-1-0 [2001/10/11 13:55:58, 3] lib/util_seaccess.c:se_access_check(242) se_access_check: also S-1-5-2 [2001/10/11 13:55:58, 3] lib/util_seaccess.c:se_access_check(242) se_access_check: also S-1-5-11 [2001/10/11 13:55:58, 3] smbd/vfs.c:vfs_init_default(98) Initialising default vfs hooks [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (595, 547) - sec_ctx_stack_ndx = 0 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(322) 1 user groups: 547 [2001/10/11 13:55:58, 3] smbd/vfs.c:vfs_ChDir(643) vfs_ChDir to /tmp [2001/10/11 13:55:58, 3] smbd/service.c:make_connection(606) shadow (10.1.1.108) connect to service IPC$ as user administrator (uid=595, gid=547) (pid 1269) [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/11 13:55:58, 3] smbd/reply.c:reply_tcon_and_X(387) tconX service=ipc$ user=administrator [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 3 of length 95 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBntcreateX (pid 1269) [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(316) setting sec ctx (595, 547) - sec_ctx_stack_ndx = 0 [2001/10/11 13:55:58, 3] smbd/sec_ctx.c:set_sec_ctx(322) 1 user groups: 547 [2001/10/11 13:55:58, 3] smbd/nttrans.c:nt_open_pipe(621) nt_open_pipe: Known pipe srvsvc opening. [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 4 of length 152 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBtrans (pid 1269) [2001/10/11 13:55:58, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\> data=72 params=0 setup=2 [2001/10/11 13:55:58, 3] smbd/ipc.c:named_pipe(336) named pipe command on <> name [2001/10/11 13:55:58, 1] smbd/ipc.c:api_fd_reply(294) api_fd_reply: INVALID PIPE HANDLE: 86c5 [2001/10/11 13:55:58, 3] smbd/ipc.c:api_no_reply(256) Unsupported API fd command [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 5 of length 46 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBclose (pid 1269) [2001/10/11 13:55:58, 3] smbd/error.c:error_packet(136) error packet at line 255 cmd=4 (SMBclose) eclass=1 ecode=6 [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 6 of length 95 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBntcreateX (pid 1269) [2001/10/11 13:55:58, 3] smbd/nttrans.c:nt_open_pipe(621) nt_open_pipe: Known pipe srvsvc opening. [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 7 of length 152 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBtrans (pid 1269) [2001/10/11 13:55:58, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\> data=72 params=0 setup=2 [2001/10/11 13:55:58, 3] smbd/ipc.c:named_pipe(336) named pipe command on <> name [2001/10/11 13:55:58, 1] smbd/ipc.c:api_fd_reply(294) api_fd_reply: INVALID PIPE HANDLE: 86c6 [2001/10/11 13:55:58, 3] smbd/ipc.c:api_no_reply(256) Unsupported API fd command [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 8 of length 46 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBclose (pid 1269) [2001/10/11 13:55:58, 3] smbd/error.c:error_packet(136) error packet at line 255 cmd=4 (SMBclose) eclass=1 ecode=6 [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 9 of length 95 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBntcreateX (pid 1269) [2001/10/11 13:55:58, 3] smbd/nttrans.c:nt_open_pipe(621) nt_open_pipe: Known pipe srvsvc opening. [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 10 of length 152 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBtrans (pid 1269) [2001/10/11 13:55:58, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\> data=72 params=0 setup=2 [2001/10/11 13:55:58, 3] smbd/ipc.c:named_pipe(336) named pipe command on <> name [2001/10/11 13:55:58, 1] smbd/ipc.c:api_fd_reply(294) api_fd_reply: INVALID PIPE HANDLE: 86c7 [2001/10/11 13:55:58, 3] smbd/ipc.c:api_no_reply(256) Unsupported API fd command [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 11 of length 46 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) switch message SMBclose (pid 1269) [2001/10/11 13:55:58, 3] smbd/error.c:error_packet(136) error packet at line 255 cmd=4 (SMBclose) eclass=1 ecode=6 [2001/10/11 13:55:58, 3] smbd/process.c:process_smb(837) Transaction 12 of length 95 [2001/10/11 13:55:58, 3] smbd/process.c:switch_message(650) -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Joseph Sent: Thursday, October 11, 2001 1:45 PM To: Gerry Maddock Cc: samba-ntdom@lists.samba.org Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS Try increasing the debug level a little and see if you get anything useful in the log files. Gerry Maddock wrote: > I thought it might have been some of the "optimizations" I added to > /etc/sysctl.conf,so I reverted back to the orinal sysctl.conf with no > optimizations straight off the RH7.1 install, rebooted and still nothing. > However, once I lost the "optimizations" I did notice a log.shadow, which > Shadow is one of the NT boxes I'm trying to connect from, but the log.shadow > was empty. Currently, I'm still running the default sysctl.conf from the > RH7.1 install (with no added "optimizations" just to rule this out.... > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Bruno Gimenes > Pereti > Sent: Thursday, October 11, 2001 1:04 PM > To: samba-ntdom@lists.samba.org > Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > > > I got a problem this week that may be related to your problem. I'd blocked > icmp to the PDC (RedHat 7.1 Samba 2.2.1a rpm). No problem to access the > server but when I tried to join the domain with a W2k I couldn't. I allowed > the icmp traffic and still couldn't join. When I restarted the smb daemon I > could join the domain as before. > > Maybe this can help you. > > Bruno Gimenes Pereti. > > ----- Original Message ----- > From: "Chris" > To: "Gerry Maddock" > Cc: "William L. Terry" ; > > Sent: Thursday, October 11, 2001 1:30 PM > Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS > > > >>I also, had this problem running RedHat 7.1 with samba -2.0.10-2. I >>would get the "\\SambaShare is not accessible" from my NT, W2K, and >>WinMe machines but I rebooted my samba server and then all of a sudden >>I could access the samba share. >> >>Maybe this will give someone a clue as to what might be the problem. >> >> >>Gerry Maddock wrote: >> >> >>>Thanks! I'm glad I'm not the only one! If I hear anything or somehow rig >>> > it > >>>to work, I'll let you know what I did. Please do the same for me. >>> >>>-----Original Message----- >>>From: samba-ntdom-admin@lists.samba.org >>>[mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of William L. Terry >>>Sent: Thursday, October 11, 2001 11:47 AM >>>To: samba-ntdom@lists.samba.org >>>Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS >>> >>> >>>Gerry Maddock wrote >>> >>> >>>>I am in the process of upgrading my existing samba 2.05a PDC on an >>>>old box running RH6.2 to a new faster box running Samba 2.2.1a on a >>>>RH7.1 box. I have all the same files and directories as the old samba >>>>box including the same smb.conf file (the only thing changed in the >>>>smb.conf were changes to its PDC so I wouldn't have 2 PDC's on the same >>>>subnet). All of my Nt 4.0 boxes are sp6 with all of the latest security >>>>patches. Whenever I try to connect to the new Samba box from my NT box I >>>>get:> >>>> >>>>\\Penguin is not accessible. >>>> >>>>The remote procedure call failed and did not execute. >>>> >>>> >>> >>>I also have this problem with redhat 7.1 and samba 2.2.1a . It is to the >>>outside world as if this machine does not exist. I have 16 samba boxes >>>out there around the state serving up domains for our locations. I have >>>used everything from samba-tng2.5 to samba2.2.0 with success. The last >>> > good > >>>combination I got was 2.2.0 with a redhat 7.0 box. I also use a 2.0.7 as >>> > a > >>>non domain controller on a redhat 7.1 box successfully. I have tried >>> > with > >>>two >>>separate installs to use 2.2.1a with redhat7.1. I also suspected the >>>firewall >>>rules, but I intentionally blew these away with no positive results. The >>>only >>>indication I get that the samba domain exists is that when I give the >>> > domain > >>>a >>>name, the client sees that that domain exists, but can't see any machines >>> > in > >>>it. >>>You can also do "nmblookup -B ACLIENT '* '" successfully. >>> >>>I am also stumped, but I will continue to slog along and see If I can >>>stumble >>>across something. >>> >>>-- >>>William L. Terry (bill@sweye.com) >>>Southwestern Eye Center http://www.sweye.com/ >>>Information Systems >>>480-892-8400 ext. 142 >>> > > From xiaowen at comstocksys.com Thu Oct 11 11:28:10 2001 From: xiaowen at comstocksys.com (Xiaowen Wu) Date: Tue Dec 2 02:36:19 2003 Subject: [Q]running two PDC on one subnet ? References: <3BC4F808.AB12A84A@comstocksys.com> <3BC59723.6050905@nicholasofmyra.org> Message-ID: <3BC5E550.9628117D@comstocksys.com> Joseph, Thank you for your answer. I have setup the Samba machine as master browser, and also point the win server to the NT server. I don't know how to register the Samba to wins server. The machine and the domain is appear in the network. But the NT machine cannot join the domain. Are there any command line program to test there exist a PDC for the the domain ? Attact the smb.conf file, any help and comment are appreciated. Xiaowen Joseph wrote: > Try making the Samba computer the master browser for the network. Are > you running a wins server on the NT machines? If so, is Samba > registering with it? > > Xiaowen Wu wrote: > > > Hello all, > > > > I'm new to samba, and I plan to replace our current NT server with > > Samba. We have a NT server serving as PDC for one domain, and I created > > another domain and using the Samba as PDC for the new domain. The samba > > domain is shown up in the MS network, and we can access the file in that > > domain. But the Window NT machine to join the Samba Domain. It always > > returns the error message "The domain contoller for this domain can not > > be located". Did I miss something, or I cannot run 2 PDC on the network > > ? > > > > Thank you very much > > > > Xiaowen Wu > > > > > > > > -------------- next part -------------- # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # #======================= Global Settings ===================================== [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = COMSTOCKTEST1 netbios name = SERVER61 ## workgroup = IAXESS ## netbios name = SNAMBA1 # server string is the equivalent of the NT Description field server string = Samba Server (test1) # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = lprng # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # Put a capping on the size of the log files (in Kb). max log size = 0 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server or # security = domain ; password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # The following is needed to keep smbclient from spouting spurious errors # when Samba is built with support for SSL. ## ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt # The following are needed to allow password changing from Windows to # update the Linux sytsem password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 remote announce = 192.168.1.255 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 os level = 64 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election ; preferred master = yes; preferred master = yes # Enable this if you want Samba to be a domain logon server for # Windows95 workstations. ; domain logons = yes domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # All NetBIOS names must be resolved to IP Addresses # 'Name Resolve Order' allows the named resolution mechanism to be specified # the default order is "host lmhosts wins bcast". "host" means use the unix # system gethostbyname() function call that will use either /etc/hosts OR # DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf # and the /etc/resolv.conf file. "host" therefore is system configuration # dependant. This parameter is most often of use to prevent DNS lookups # in order to resolve NetBIOS names to IP Addresses. Use with care! # The example below excludes use of name resolution for machines that are NOT # on the local network segment # - OR - are not deliberately to be known via lmhosts or via WINS. ; name resolve order = wins lmhosts bcast # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server ; wins support = yes # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both ; wins server = w.x.y.z wins server = 192.168.1.201 # WINS Proxy - Tells Samba to answer name resolution queries on # behalf of a non WINS capable client, for this to work there must be # at least one WINS Server on the network. The default is NO. ; wins proxy = yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Case Preservation can be handy - system default is _no_ # NOTE: These can be set on a per share basis ; preserve case = no ; short preserve case = no # Default case is normally upper case for all DOS files ; default case = lower # Be very careful with case sensitivity - it can break things! ; case sensitive = no #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writable = yes create mode = 0600 directory mode = 0700 # Un-comment the following and create the netlogon directory for Domain Logons ; [netlogon] ; comment = Network Logon Service ; path = /home/netlogon ; guest ok = yes ; writable = no ; share modes = no [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = yes share modes = yes # Un-comment the following to provide a specific roving profile share # the default is to use the user's home directory ;[Profiles] ; path = /home/profiles ; browseable = no ; guest ok = yes # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no printable = yes # This one is useful for people to share files [tmpnew] comment = Temporary file space path = /tmp read only = no public = yes # A publicly accessible directory, but read only, except for people in # the "staff" group ;[public] ; comment = Public Stuff ; path = /home/samba ; public = yes ; writable = yes ; printable = no ; write list = @staff # Other examples. # # A private printer, usable only by fred. Spool data will be placed in fred's # home directory. Note that fred must have write access to the spool directory, # wherever it is. ;[fredsprn] ; comment = Fred's Printer ; valid users = fred ; path = /homes/fred ; printer = freds_printer ; public = no ; printable = yes # A private directory, usable only by fred. Note that fred requires write # access to the directory. ;[fredsdir] ; comment = Fred's Service ; path = /usr/somewhere/private ; valid users = fred ; public = no ; writable = yes ; printable = no # a service which has a different directory for each machine that connects # this allows you to tailor configurations to incoming machines. You could # also use the %u option to tailor it by user name. # The %m gets replaced with the machine name that is connecting. ;[pchome] ; comment = PC Directories ; path = /usr/pc/%m ; public = no ; writable = yes # A publicly accessible directory, read/write to all users. Note that all files # created in the directory by users will be owned by the default user, so # any user with access can delete any other user's files. Obviously this # directory must be writable by the default user. Another user could of course # be specified, in which case all files would be owned by that user instead. ;[public] ; path = /usr/somewhere/else/public ; public = yes ; only guest = yes ; writable = yes ; printable = no # The following two entries demonstrate how to share a directory so that two # users can place files there that will be owned by the specific users. In this # setup, the directory should be writable by both users and should have the # sticky bit set on it to prevent abuse. Obviously this could be extended to # as many users as required. ;[myshare] ; comment = Mary's and Fred's stuff ; path = /usr/somewhere/shared ; valid users = mary fred ; public = no ; writable = yes ; printable = no ; create mask = 0765 [testshare] path = /tmp/testshare comment = Just a test of the share from samba From bill at lynden2.sweye.com Thu Oct 11 11:56:02 2001 From: bill at lynden2.sweye.com (William L. Terry) Date: Tue Dec 2 02:36:19 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS References: <20011011164508.A4ACF4C92@lists.samba.org> <3BC5D680.20402@cae.co.za> Message-ID: <3BC5EB9D.7030209@sweye.com> Okay I feel foolish now. I was sure I had removed firewall control on this system but obviously not. Setting ipchains -F cleared the problem on this one machine. I still have the problem on another system but I need the ipchains/iptables as that system is running as a VPN. I did remove any restrictions to ports 137 and 139, but perhaps it is best for me to revisit the setup. I am posting my *working* smb.conf file for samba 2.2.1a with RH7.1 for Gerry to look at. FYI. RH7.1 by default sets up ipchains rather than iptables even though it is a 2.4 kernel. [global] netbios name = SIRRUS workgroup = MESA os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes logon path = \\%N\profiles\%u logon drive = H: logon home = \\SIRRUS\%u logon script = logon.cmd wins support = yes domain admin group = root @ntadmin [netlogon] path = /usr/local/samba/lib/netlogon writeable = no write list = ntadmin [profiles] path = /export/smb/ntprofile writeable = yes create mask = 0600 directory mask = 0700 [public] path = /home/public public = yes only guest = yes writable = yes printable = no Buchan Milne wrote: > Just so we are all sure .... run the following commands as root: > > # ipchains -L #(2.2 kernel) > > # iptables -L #(2.4 kernel) > > If you get any output besides the default action for each chain, try > disabling all the rules with: > > #ipchains -F #(2.2. kernel) > > # iptables -F #(2.4 kernel) > > and try again. > > If that doesn't work, install Mandrake 8.1, which ships with XFS, ACLs > and samba-2.2.1a (or Mandrake 8.0 and all the required stuff avaiable > at http://www.cae.co.za/~bgmilne/mandrake/samba/samba-2.2.1a_xfs/) ;-) > > Buchan > -- William L. Terry (bill@sweye.com) Southwestern Eye Center http://www.sweye.com/ Information Systems 480-892-8400 ext. 142 From gerrym at futuremetals.com Thu Oct 11 12:08:05 2001 From: gerrym at futuremetals.com (Gerry Maddock) Date: Tue Dec 2 02:36:19 2003 Subject: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS In-Reply-To: <3BC5EB9D.7030209@sweye.com> Message-ID: Thats odd, I dont have ipchains or iptables installed and I am still unable to connect to this box from an NT sys. I have no probs whatsoever with my 9x boxes. With what William just wrote, I should be able to join too since I dont have any firewall running yet. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of William L. Terry Sent: Thursday, October 11, 2001 2:58 PM To: samba-ntdom Subject: Re: WIN NT 4.0 NO GO & YES I HAVE ENCRYPTED PASSWORDS Okay I feel foolish now. I was sure I had removed firewall control on this system but obviously not. Setting ipchains -F cleared the problem on this one machine. I still have the problem on another system but I need the ipchains/iptables as that system is running as a VPN. I did remove any restrictions to ports 137 and 139, but perhaps it is best for me to revisit the setup. I am posting my *working* smb.conf file for samba 2.2.1a with RH7.1 for Gerry to look at. FYI. RH7.1 by default sets up ipchains rather than iptables even though it is a 2.4 kernel. [global] netbios name = SIRRUS workgroup = MESA os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes logon path = \\%N\profiles\%u logon drive = H: logon home = \\SIRRUS\%u logon script = logon.cmd wins support = yes domain admin group = root @ntadmin [netlogon] path = /usr/local/samba/lib/netlogon writeable = no write list = ntadmin [profiles] path = /export/smb/ntprofile writeable = yes create mask = 0600 directory mask = 0700 [public] path = /home/public public = yes only guest = yes writable = yes printable = no Buchan Milne wrote: > Just so we are all sure .... run the following commands as root: > > # ipchains -L #(2.2 kernel) > > # iptables -L #(2.4 kernel) > > If you get any output besides the default action for each chain, try > disabling all the rules with: > > #ipchains -F #(2.2. kernel) > > # iptables -F #(2.4 kernel) > > and try again. > > If that doesn't work, install Mandrake 8.1, which ships with XFS, ACLs > and samba-2.2.1a (or Mandrake 8.0 and all the required stuff avaiable > at http://www.cae.co.za/~bgmilne/mandrake/samba/samba-2.2.1a_xfs/) ;-) > > Buchan > -- William L. Terry (bill@sweye.com) Southwestern Eye Center http://www.sweye.com/ Information Systems 480-892-8400 ext. 142 From auji at cruzio.com Thu Oct 11 14:21:08 2001 From: auji at cruzio.com (James Austin) Date: Tue Dec 2 02:36:19 2003 Subject: Samba Newbie References: <178236089248.20011011075551@macnet.com> Message-ID: <3BC565F4.DD7C602F@cruzio.com> Lynn, Just got my samba working with win2k and running on Linux 7.1. Important steps are: 1) enable encrypted passwords in the registry on Windows. 2) add the user on the Samba server with the "password -a username" command. 3) Enable encrypted password = yes in smb.conf. 4) restart smbd and nmbd after changes to the smb.conf file hth, Jim Lynn Turriff wrote: > I've been lurking here for a month or six weeks or so, > and would just like to point out that the samba docs > are sometimes something less than useful to a linux > newbie. > > I have read the docs and man files, and have several > linux manuals, but still can't get my system to > acknowledge my NT4 network, much less communicate with > it. I have reloaded RH 7.1 several times. I can ping > all the machines on the net, but obviously something is > dead wrong somewhere in the samba configuration. > Ironically, I can get mail and surf through my NT > proxy, but have made exactly zero progress with samba. > > I have tried without success to find some local brains > to pick. Someone suggested to me that it might be > easiest to communicate with my NT net via ftp and > telnet - this actually might be a useful solution in my > case, except that it doesn't allow me to access any > printers, and when I went looking for printer > information, well ... And it wouldn't help those who > are trying to replace NT servers altogether, which is > my ultimate goal. > > So rtfm is not *always* the answer ... thanks anyway. > > And undying gratitude to anyone who would care to help > those of us out who have read so much documentation > that we are about to hit cranial meltdown :-) > > Direct email is great in my case. > > tnx, > > Lynn > > > Perhaps it's a good idea to start reading the Samba documentation, > > which > > contains a step by step guide to install and configure samba. > > > > grtz, > > Dennis > > > >> Hi > >> I am newbie to linux and samba .I will appreciate any help from > >> your > >> side to install,configure..successfully run samba on redhat > >> linux be > >> possible.(steps by steps is preferrred).How to start with the > >> installation. > > [snip] > > mailto:lynnt@macnet.com * * * Aun Aprendo > I'd rather be WARP'ed * * * Team OS/2 > > http://www.sites.onlinemac.com/hawthorne/ From griff.miller at positron.com Thu Oct 11 14:38:02 2001 From: griff.miller at positron.com (Griff Miller) Date: Tue Dec 2 02:36:19 2003 Subject: Uploading Printer Drivers to Samba Server Message-ID: <3BC61197.25299D39@positron.com> Hello, all. I have Samba 2.2.1a running on a Solaris 2.6 machine. It is my WINS server and PDC. All clients are Windows NT 4 SP6. I followed the instructions in the How-To at: http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.html#PRINTING The good news is, it all seems to work fine. I have uploaded some printer drivers to the Samba server from a client NT machine, and I am able to set up printers on client NT machines just by navigating to the Samba server in Network Neighborhood and double-clicking on the various printers for which I have uploaded drivers. But (you knew there was going to be a "but") I have a problem and a question. Problem: For some printers, I cannot complete the driver upload. The problem seems to be that some of the files try to copy to C:\whatever instead of print$ . What will happen is that after I choose the directory where my .inf file is, and then select the printer type, the upload starts and files start going to print$ . But then it will stop, saying a particular file cannot be copied. You can see that where it is trying to copy it is someplace out in C:\WINNT (can't remember exactly where at the moment, and besides, it varies) . Well, since my printer admin account doesn't have access to that destination, yes, there is a problem! I could make it so my printer admin account does have access, but then the file wouldn't be going to print$ . Wouldn't that be a problem, too? I have noticed that the printers with this particular symptom have .inf files that have statements in the [DestinationDirs] that seem to direct some files to other than the 66000 destination (whatever that is) . Could that be the problem? What do I need to do to get these printers' drivers uploaded to the Samba server? Question: I've noticed that drivers just seem to get piled all in one place underneath print$ : % find . -print . ./W32X86 ./W32X86/2 ./W32X86/2/ADOBEPS5.DLL ./W32X86/2/TK850DX1.PPD ./W32X86/2/ADOBEPSU.DLL ./W32X86/2/ADOBEPSU.HLP ./W32X86/2/ADOBEPS5.NTF ./W32X86/2/PSCRIPT.DLL ./W32X86/2/TKP840E1.PPD ./W32X86/2/PSCRPTUI.DLL ./W32X86/2/PSCRIPT.HLP ./WIN40 ./W32ALPHA ./W32MIPS ./W32PPC My question is this: what happens if two different printers have same-named driver files? In the case of the Phaser 840 and 850, which is what I have installed drivers for so far, this is actually the case. There are some files that have the same names in each driver set. So long as the files are identical, I guess it's okay. But what if they are not? What if the ABCXYZ.dll file from one printer driver is different from the ABCXYZ.dll from another? I checked all the files in the 840 and 850 driver sets, and of the filenames that are common, most are identical (I used cksum to see). But not all. So I worry. Thanks in advance for your help. Email cc's are appreciated. -- Griff Miller II | | Manager of Information Technology | "Never anthropomorphize computers; | Positron Corporation | they hate that." | griff.miller@positron.com | | From srinidhi.iyangar at wipro.com Thu Oct 11 16:15:08 2001 From: srinidhi.iyangar at wipro.com (Sreenidhi R Iyangar) Date: Tue Dec 2 02:36:19 2003 Subject: Printer driver downloading in samba 2.2.1a Message-ID: <004801c1526d$e48a5b30$95eba8c0@wipro.com> Hi Beginning with 2.2.0 release samba supports native Windows NT printing mechanisms. This includes support for automatic printer driver download. (As documented in 2.2.0 release note). I have gone through printer_driver2.html in the samba docs. For printer driver sharing we have to put entries in [print$]. But the doc says parameters "printer driver location", "printer driver" will be depreciated in futer version. and it suggests not to use them. My main aim is *automatic printer driver download for NT and 2K* machines. What parameters should be used in smb.conf for automatic printer driver download for Win NT machines? Can we use "printer driver location", "printer driver" . Please tell me how to configure? Thanks, Sreenidhi -------------- next part -------------- ----------------------------------------------------------------------------------------------------------------------- Information transmitted by this E-MAIL is proprietary to Wipro and/or its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at mailto:mailadmin@wipro.com and delete this mail from your records. ------------------------------------------------------------------------------------------------------------------------ From akopps at CSUA.Berkeley.EDU Thu Oct 11 18:58:12 2001 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:36:19 2003 Subject: Samba and NIS+ Message-ID: I am wondering what is the advantage of storing the smbpasswd data in a NIS+ table as opposed to a plain smbpasswd file. Does anyone know? Thanks. -akop From mike at digitalpipe.net Thu Oct 11 20:34:17 2001 From: mike at digitalpipe.net (Mike Papper) Date: Tue Dec 2 02:36:20 2003 Subject: NTLM HTTP Authentication - distinguishing between win9x and NT and 2000 Message-ID: <200110120335.f9C3ZdM00809@mail.digitalpipe.com> Hello, I am trying to get the mod_ntlm Apache module running. I have been playing with the code and find that I cannot distinguish between a IE browser running on win98 and one running on Windows 2000. My Apache server is running on red hat 7.1 x86. The code does the following to distinguish: if ((strcmp(ntlmssp->host,"")==0) && (strcmp(ntlmssp->domain,"")==0)) I.e., it looks for a blank domain and machine name (host). The problem is that it is blank for win98 but is not blank for win NT but IS blank for win 2000. However, it appears that the info sent from the browser (for win 2000) should be processed in the same way as for windows NT. The question then becomes: is there a way to determine (from the auth string sent from the browser) what kind of machine it is/ whether to treat the structure like a win98 or a winNT struct? Here is the code that is executed dependent on if it thinks the data came from a win9x or NT client: ----------------- if (win9x==0) { ntlm_encode_msg2(ntlm_connection->nonce, &msg); challenge = uuencode_binary(r->pool, (unsigned char *) &msg, sizeof(msg)); } else { ntlm_encode_msg2_win9x(ntlm_connection->nonce, &msg_win9x,crec->ntlm_domain); challenge = uuencode_binary(r->pool, (unsigned char *) &msg_win9x, NTLM_MSG2_WIN9X_FIXED_SIZE+strlen(crec->ntlm_domain)); } -------------------- Possibly looking at the length of these structs or something - the nonce member?? would detmine this. Note: a seg fault occurs if we use the wrong one. Also: ----- Note: curiously, only the very first time I used this with my browser running on win 2000, it DID send the host and domain - and the authentication worked. But every other time after that (even after restarting IE), the browser did not send the domain/host info. Is there a way to force IE to send that info? If anyone has any ideas, can you send email to: mike@digitalpipe.net as I am not quite on the list yet (will be soon). -- Mike Papper Digital Pipe mike@digitalpipe.net 650-627-5100 ext. 5211 From vorlon at minbar.dodds.net Thu Oct 11 21:11:07 2001 From: vorlon at minbar.dodds.net (Steve Langasek) Date: Tue Dec 2 02:36:20 2003 Subject: Samba and NIS+ In-Reply-To: References: Message-ID: <20011011231246.A8208@minbar.dodds.net> On Thu, Oct 11, 2001 at 06:59:22PM -0700, Akop Pogosian wrote: > I am wondering what is the advantage of storing the smbpasswd data in > a NIS+ table as opposed to a plain smbpasswd file. Does anyone know? > Thanks. If you are already using NIS+ on your network, you can leverage this infrastructure to distribute the ntlm passwords to all of your Unix servers, so that you can use the same usernames and passwords for encrypted logins to all fileshares without setting up an NT domain / PDC on the network. For some people who don't have an NT PDC, this might be a good option, because NIS+ has better redundancy than Samba PDC's currently do. Steve Langasek postmodern programmer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011011/44eb91ef/attachment.bin From Lutz.Jaenicke at iee.TU-Berlin.DE Thu Oct 11 23:02:08 2001 From: Lutz.Jaenicke at iee.TU-Berlin.DE (Lutz Jaenicke) Date: Tue Dec 2 02:36:20 2003 Subject: Failed to marshall NET_R_SAM_LOGON In-Reply-To: ; from andre.doehn@econia.com on Thu, Oct 11, 2001 at 06:08:50PM +0200 References: Message-ID: <20011012080310.A28210@emserv1.ee.TU-Berlin.DE> On Thu, Oct 11, 2001 at 06:08:50PM +0200, andre.doehn@econia.com wrote: > since iam using samba 2.2 and now upgraded to version 2.2.1a i have the > following > log in /var/log/messages: > > smbd[406]: [2001/10/11 19:39:08, 0] > rpc_server/srv_netlog.c:api_net_sam_logon(208) > smbd[406]: api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. > smbd[406]: [2001/10/11 19:39:08, 0] rpc_server/srv_pipe.c:api_rpcTNP(1215) > smbd[406]: api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. > > i dont know to handle this logentry - what iam doing wrong?! I have seen some of these errors and reported to the list. If you search the mailing list archive, you will alse find a message from Gerald Carter indicating, that it is a red herring. Therefore, as long as you don't experience any problems, you should just ignore the messages. Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@iee.TU-Berlin.DE TU Berlin http://www.iee.TU-Berlin.DE/personen/jaenicke/ Institut fuer Elektrische Energietechnik Tel. +49 30 314-24552 Einsteinufer 11, D-10587 Berlin Fax. +49 30 314-21133 From barth at cck.uni-kl.de Thu Oct 11 23:33:05 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:36:20 2003 Subject: Samba Newbie In-Reply-To: <3BC565F4.DD7C602F@cruzio.com> Message-ID: <3BC6AAFE.14916.1B82BE@localhost> > Lynn, > Just got my samba working with win2k and running on Linux 7.1. > Important steps are: > 1) enable encrypted passwords in the registry on Windows. They are enabeled by default. If you want to use your step 3) then you do not have to touch the registry. If you want encrypted passwords = no, then you have to change the windwos registry to allow windows to send plaintext passwords if the server (= samba) does not work with encrypted passwords. This step may be called "disable encrypted passwords", but they are not realy disabled and can be used with other servers on the same time. > 2) add the user on the Samba server with the "password -a username" > command. you mean "smbpasswd -a username"? > 3) Enable encrypted password = yes in smb.conf. > 4) restart smbd and nmbd after changes to the smb.conf file > hth, > Jim > > Lynn Turriff wrote: > > > I've been lurking here for a month or six weeks or so, > > and would just like to point out that the samba docs > > are sometimes something less than useful to a linux > > newbie. > > > > I have read the docs and man files, and have several > > linux manuals, but still can't get my system to > > acknowledge my NT4 network, much less communicate with > > it. I have reloaded RH 7.1 several times. I can ping > > all the machines on the net, but obviously something is > > dead wrong somewhere in the samba configuration. > > Ironically, I can get mail and surf through my NT > > proxy, but have made exactly zero progress with samba. > > > > I have tried without success to find some local brains > > to pick. Someone suggested to me that it might be > > easiest to communicate with my NT net via ftp and > > telnet - this actually might be a useful solution in my > > case, except that it doesn't allow me to access any > > printers, and when I went looking for printer > > information, well ... And it wouldn't help those who > > are trying to replace NT servers altogether, which is > > my ultimate goal. > > > > So rtfm is not *always* the answer ... thanks anyway. > > > > And undying gratitude to anyone who would care to help > > those of us out who have read so much documentation > > that we are about to hit cranial meltdown :-) > > > > Direct email is great in my case. > > > > tnx, > > > > Lynn > > > > > Perhaps it's a good idea to start reading the Samba documentation, > > > which > > > contains a step by step guide to install and configure samba. > > > > > > grtz, > > > Dennis > > > > > >> Hi > > >> I am newbie to linux and samba .I will appreciate any help from > > >> your > > >> side to install,configure..successfully run samba on redhat > > >> linux be > > >> possible.(steps by steps is preferrred).How to start with the > > >> installation. > > > > [snip] > > > > mailto:lynnt@macnet.com * * * Aun Aprendo > > I'd rather be WARP'ed * * * Team OS/2 > > > > http://www.sites.onlinemac.com/hawthorne/ > > > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From Okomba at kabage.co.ke Fri Oct 12 00:49:05 2001 From: Okomba at kabage.co.ke (Joseph Okomba) Date: Tue Dec 2 02:36:20 2003 Subject: Can't connect to linux machine/shares Message-ID: <715DF98A936DD211B29D0008C71E55D445FAC1@NTSERVER1> I have set up a linux machine with samba 2.2.1a. From the linux machine I can mount shares on the NT network but I can't see the linux machine from the windows machines. Running nmblookup gives the following results: [okomba@okomba /root]$ nmblookup okomba querying okomba on 192.168.0.255 name_query failed to find name okomba ====================== [root@okomba /root]# nmblookup dkibiro querying dkibiro on 192.168.0.255 192.168.0.42 dkibiro<00> where okomba is the name of my linux machine while dkibiro is a windows machine on the network. while running smbclient -L gives me the following results. [root@okomba /root]# smbclient -L okomba added interface ip=192.168.0.93 bcast=192.168.0.255 nmask=255.255.255.0 Password: session setup failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) ====================== [root@okomba /root]# smbclient -L dkibiro added interface ip=192.168.0.93 bcast=192.168.0.255 nmask=255.255.255.0 Got a positive name query response from 192.168.0.42 ( 192.168.0.42 ) Password: Sharename Type Comment --------- ---- ------- OKOMBATEST Printer HP LJET ANN Printer PRINTER$ Disk HPLASERJET4 Printer D Disk C Disk IPC$ IPC Remote Inter Process Communication Server Comment --------- ------- Workgroup Master --------- ------- It appears that there is something wrong with my linux machine but I don't know what. I will be very grateful for any assistance. I am using RedHat 7.1 with Samba 2.2.1a. Thanks in advance. From srinidhi.iyangar at wipro.com Fri Oct 12 03:56:03 2001 From: srinidhi.iyangar at wipro.com (Sreenidhi R Iyangar) Date: Tue Dec 2 02:36:20 2003 Subject: Automatic Printer driver downloading for Win NT in samba 2.2.1a Message-ID: <003701c1530d$0f4e6240$95eba8c0@wipro.com> Hi Beginning with 2.2.0 release samba supports native Windows NT printing mechanisms. This includes support for automatic printer driver download. (As documented in 2.2.0 release note). I have gone through printer_driver2.html in the samba docs. For printer driver sharing we have to put entries in [print$]. But the doc says parameters "printer driver location", "printer driver" will be depreciated in futer version. and it suggests not to use them. My main aim is **automatic printer driver download for NT and 2K** machines. What parameters should be used in smb.conf for automatic printer driver download for Win NT machines? Can we use "printer driver location", "printer driver" . Please tell me how to configure? Is it possible to make the downloading without any user intervention? Thanks, Sreenidhi -------------- next part -------------- ---------------------------------------------------------------------------------------------------------------------- Information transmitted by this E-MAIL is proprietary to Wipro and/or its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at mailto:mailadmin@wipro.com and delete this mail from your records. ---------------------------------------------------------------------------------------------------------------------- From bernard.askew at rtc.ch Fri Oct 12 05:02:03 2001 From: bernard.askew at rtc.ch (Askew Bernard) Date: Tue Dec 2 02:36:20 2003 Subject: AW: "security = domain" Problem Message-ID: Hi -Did you join the domain? smbpasswd -j -r -Can you see the server on your NT execute c:\winnt\system32\srvmgr, you should see your shares -Did you make a usermap file? make sure that all your NT users who will have access to the shares exist in this file and that they correspond 1 to 1 to a different UNIX user. For this you will have (in the normal case) to create as many UNIX users as NT Users. Still difficulties? write back. I've done it for about 400 users, and it works fine. The only problems you might have is the administration (open users on both environments). But there's no 2nd password control and the use is transparent. Try finetuning with rights (you can hide where no rights, which is not possible with NT!) Rgds Bernard Askew > -----Urspr?ngliche Nachricht----- > Von: Horst Lederhaas [mailto:lederhaas.horst@seidel.at] > Gesendet am: Mittwoch, 10. Oktober 2001 14:56 > An: samba-ntdom@lists.samba.org > Betreff: "security = domain" Problem > > Hello ! > > I would like to put my samba file server in a existing nt 4.0 domain. > It work's all fine, only the password verification makes some > problems. > > I've enabled: > "security = domain" > "password server = 10.10.1.2 10.10.1.9" > "encrypt passwords = yes" > > Now i have the problem that samba only looks in the smbpasswd file for > the passwords. > If i enable in smbpasswd that "no password required" an a client does > not do a domain > logon to the nt servers, and the user exists on the samba > server, he get > access to the server, even > also when the password is not correct (to the nt pdc). > i would'nt like to convert the nt users to a smbpasswd. > > Is this normal that he only look in the smbpasswd? i would like to > verify the user on my nt domain. > I've read that only the user must exist, without any password > and the nt > pdc says if the password is correct > or not. > > I hope you can follow me with my problem, and anybody can help me. > I use SuSE 7.2 with Samba 2.2.0 > The PDC and BDC are NT 4.0 Srv. SrvPack 6 > > Thnx > Horst > > > > -- > Horst Lederhaas, > IT - Management > > SEIDEL Elektronik GmbH. > Frauentalerstr. 100 > 8530 Deutschlandsberg, Austria > Phone: ++43 3462 6800 252 > Fax: ++43 3462 6800 165 > URL: http://www.seidel.at/ > > > > From noelfitz at ipac.ie Fri Oct 12 05:15:04 2001 From: noelfitz at ipac.ie (Noel Fitzpatrick) Date: Tue Dec 2 02:36:20 2003 Subject: Printing. Message-ID: <712A2C3F8297CB498D51421F26F7ECAE036469@ipac01.ipac.local> Hi, I'm running Samba 2.2.1a on a FreeBSD 4.3 box. Basically I'm trying to replace a Small Business Server 2000 machine. The one problem I have run into so far is printing. I have about 6 Hp laserjet printers. Can anyone point me in the right direction towards getting these up and running. I've looked at the FreeBSD handbook. But couldn't get them to work - the need to be set up as network printers rather than throught parrallel ports due to physical restrictions. Anyone got any pointers, I'd really appreciate. Thanks. Regards, Noel Fitzpatrick. From barth at cck.uni-kl.de Fri Oct 12 05:52:03 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:36:20 2003 Subject: Printing. In-Reply-To: <712A2C3F8297CB498D51421F26F7ECAE036469@ipac01.ipac.local> Message-ID: <3BC703D0.5886.17679DB@localhost> > Hi, > > I'm running Samba 2.2.1a on a FreeBSD 4.3 box. Basically I'm trying to > replace a Small Business Server 2000 machine. The one problem I have run > into so far is printing. I have about 6 Hp laserjet printers. Can anyone > point me in the right direction towards getting these up and running. > I've looked at the FreeBSD handbook. But couldn't get them to work - the > need to be set up as network printers rather than throught parrallel > ports due to physical restrictions. Anyone got any pointers, I'd really > appreciate. Thanks. If the printers are attached to the network, then use "print to a remote print server (running lpd)" or same thing like this in FreeBSD. Once you have them running there, then that up samba to use them. Christian > > > Regards, > Noel Fitzpatrick. > > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From dhlii at 1dla.com Fri Oct 12 06:28:03 2001 From: dhlii at 1dla.com (David H. Lynch Jr.) Date: Tue Dec 2 02:36:20 2003 Subject: Doing without Netbios References: <3BC34A2A.93494F33@studcs.uni-sb.de> Message-ID: <028d01c15322$b44f8bb0$eca9a6cd@ldhlii> I have my W2K net setup to run without Netbios or NetBT. Does Samba require Netbios ? If not is there anything special to configuring it to work without Netbios ? From eimis at ism.lt Fri Oct 12 06:45:08 2001 From: eimis at ism.lt (Eimantas Serpenskas) Date: Tue Dec 2 02:36:20 2003 Subject: W2k SP2 & samba problems References: Message-ID: <044b01c15324$892cd7b0$1401a8c0@ism.lt> Hi! I'm new in this list (but not in linux nor samba :) so sorry if simmilar problem was answered. First branch: samba 2.2.1a cvs as a PDC. Domain has ~25 w2k sp2 and 2 win98 PC's. Everything works OK from w2k: I can connect to PDC, to Win98, but there are problems connecting from PDC or win98 to w2k. From jerry at samba.org Fri Oct 12 07:58:03 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:20 2003 Subject: Printer drivers upload from Windows2000 (samba 2.2.1a) In-Reply-To: <20011009084328.114F5483C9@globeall.de> Message-ID: On Tue, 9 Oct 2001, Pierre Burri wrote: > I thought it might help someone else if I gave the listing of my script, just > to give an idea: Thanks. Can I check this in to the cvs tree? jerry From idra at samba.org Fri Oct 12 08:34:51 2001 From: idra at samba.org (Simo Sorce) Date: Tue Dec 2 02:36:21 2003 Subject: Doing without Netbios In-Reply-To: <028d01c15322$b44f8bb0$eca9a6cd@ldhlii>; from dhlii@1dla.com on Fri, Oct 12, 2001 at 09:35:03AM -0400 References: <3BC34A2A.93494F33@studcs.uni-sb.de> <028d01c15322$b44f8bb0$eca9a6cd@ldhlii> Message-ID: <20011012083058.C30261@va.samba.org> On Fri, Oct 12, 2001 at 09:35:03AM -0400, David H. Lynch Jr. wrote: > > I have my W2K net setup to run without Netbios or NetBT. Does Samba > require Netbios ? > > If not is there anything special to configuring it to work without > Netbios ? > Only development version can run without netbios connecting to port 445, if you want to experiment with that you can use the HEAD CVS branch, but it is not suitable for production servers. -- Simo Sorce idra@samba.org ------------------------------- Samba Team http://www.samba.org From barth at cck.uni-kl.de Fri Oct 12 09:15:05 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:36:21 2003 Subject: W2k SP2 & samba problems In-Reply-To: <044b01c15324$892cd7b0$1401a8c0@ism.lt> Message-ID: <3BC73282.20892.22CDDEA@localhost> > > >From PDC: > smbclient -L //w2k_pc_name -U w2k_pc_name/w2k_pc_username - works. > smbclient -L //w2k_pc_name -U domain_username - doesn't, i get: have you tried smbclient -L //w2k_pc_name -U domain_name/domain_username \\ ? Also look for the -W parameter Christian _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From griff.miller at positron.com Fri Oct 12 14:25:02 2001 From: griff.miller at positron.com (Griff Miller) Date: Tue Dec 2 02:36:21 2003 Subject: Printing. Message-ID: <3BC75FC9.955D188E@positron.com> > Hi, > > I'm running Samba 2.2.1a on a FreeBSD 4.3 box. Basically I'm trying to > replace a Small Business Server 2000 machine. The one problem I have run > into so far is printing. I have about 6 Hp laserjet printers. Can anyone > point me in the right direction towards getting these up and running. > I've looked at the FreeBSD handbook. But couldn't get them to work - the > need to be set up as network printers rather than throught parrallel > ports due to physical restrictions. Anyone got any pointers, I'd really > appreciate. Thanks. I am not the world's most experienced, but I'll try to help out. Note that there's more than one way to do this. I'll just describe one. For example, you could set "load printers" to yes, and your printers would automatically get loaded. I prefer to set them up individually. First of all, you need to be able to print to these printers from the Unix machine. Can you do that yet? If not, you need to set this up. I don't know if FreeBSD has any kind of printer admin interface, but if you set up the FreeBSD machine to print to the "raw" queue on the printers, you should be very close. Example /etc/printcap entry: hp1:lp=:rm=hp1:rp=raw:lf=/usr/adm/lpd-errs:sd=/usr/spool/hp1:mx#0: So, you would have a queue on the FreeBSD box called "hp1", which prints to a printer whose hostname is "hp1" . Obviously, whatever nameservice you are using needs to resolve "hp1" to the printer's IP address. You need to have a file called /usr/adm/lpd-errs and a directory called /usr/spool/hp1. These need to have the proper permissions and owner/group, whatever that is for FreeBSD. Now, you should be able to "echo foo | lpr -P hp1" and get something out on hp1. Once that is working, you can then setup a share in your smb.conf like this: [hp1] comment = HP LaserJet 1 path = /usr/spool/samba-printers/hp1 printer = hp1 public = no writable = no printable = yes Make sure that /usr/spool/samba-printers/hp1 exists and is writable. Now, you can navigate to Network Neighborhood -> SAMBASERVER -> hp1 . Double-click on hp1, and provide it with a printer driver, and you should be good to go. Later, when you get a little more comfortable with Samba, you can configure Samba to hold the printer drivers, so that you don't have to manually install printer drivers on every client machine. Just double-click on hp1, and you're instantly set up. Hope this helps. Good luck! -- Griff Miller II | | Manager of Information Technology | "I need to be the owner of all of | Positron Corporation | the files in /usr/kvm." | griff.miller@positron.com | | From Programing at nib.si Sat Oct 13 03:39:02 2001 From: Programing at nib.si (Damir Dezeljin) Date: Tue Dec 2 02:36:21 2003 Subject: Some questions: Samba+SQL; LDAP; roaming profiles on Win2k+WinME+Win9x Message-ID: <000001c153d3$837bfb70$0100a8c0@win2k> Firstly excuse my poor english :) I want to set up a system with only off-site users. The main purpose of doing this is to have a more secure box and to have password syncronization. I have some questions: - Is it posible to use the same MySQL table to autenticate a user with Samba and CyrusIMAP or I have to rewrite an PAM? << any sugestion??? Is there any Samba+SQL HOWTO? - Is it posible to map all samba users to a single UID (single linux user) << are there some problems with that? - What about LDAP - I read some docs, but I don't understand what advantage I will have if I use LDAP??? I'm curently using Samba 2.2.1a with Win9x WinME and Win2k clients and I have problems with roaming profiles (with start menu, IE temporary files,...). How can I set up those clients to store ONLY Favorites, IE settings and My Documents on roaming profiles? Is it posible to limit a logon time of certain users with SAMBA (ex. user dezo can login only between 7 AM and 3 PM)? If it is posible, how can I set up an auto logout after this time period? Regards, Dezo From intspecialistsremoval at yahoo.com Sat Oct 13 10:59:08 2001 From: intspecialistsremoval at yahoo.com (intspecialistsremoval@yahoo.com) Date: Tue Dec 2 02:36:21 2003 Subject: ****11,295,000 EMAIL ADDRESSES PLUS $2,000 IN FREE SOFTWARE! Message-ID: <3791856948.991306994491@m0.net> Dear samba-ntdom@samba.org, Would you like to send an Email Message or Advertisement to 11,295,000 PEOPLE DAILY for FREE? ======================================================= 1) Let's say you... Sell a $24.95 PRODUCT or SERVICE. 2) Let's say you... Broadcast Email to only 500,000 PEOPLE. 3) Let's say you... Receive JUST 1 ORDER for EVERY 2,500 EMAILS. CALCULATION OF YOUR EARNINGS BASED ON THE ABOVE STATISTICS: [Day 1]: $4,990 [Week 1]: $34,930 [Month 1]: $139,720 NOTE: (If you do not already have a product or service to sell, we can supply you with one). ========================================================= To find out more information, Do not respond by email or you will be permanantly removed from any future emails from us. Instead, please visit our web site at: http://www.moneyinyourhands.com/package1.htm List Removal Instructions: We hope you enjoyed receiving this message. However, if you'd rather not receive future e-mails of this sort from Internet Specialists, send an email to intspecialistsremoval@yahoo.com and type "remove" in the "subject" line and you will be removed from any future mailings. We hope you have a great day! Internet Specialists From ekolb at edscha-na.com Sat Oct 13 12:06:05 2001 From: ekolb at edscha-na.com (Eric Kolb) Date: Tue Dec 2 02:36:21 2003 Subject: samba-ntdom digest, Vol 1 #513 - 3 msgs (On Vacation) Message-ID: I'll be on vacation until Oct.22. Eric Kolb Senior Systems / Network Administrator Edscha of Canada / Edscha North America From rickera2 at SLU.EDU Sat Oct 13 14:18:01 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:21 2003 Subject: URGENT HELP NEEDED Message-ID: <3BC8B031.14DF046A@slu.edu> All, I need to know if samba can be a PDC across subnets (i.e. server is no .23 and client is on .24) I was told by Redhat that it could not, which I found hard to believe. This is mission critical because if I can not find a way to make it work, i get the proverbial pie in the face. Plus all kinds of crap about pushing for Linux and telling them (boss) it would work. Any help at all would be appreciated. Set up: Redhat 7.1 Samba 2.2.1a Cheers, Tony -- ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From tarjei at nu.no Sat Oct 13 14:24:02 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:36:21 2003 Subject: URGENT HELP NEEDED References: <3BC8B031.14DF046A@slu.edu> Message-ID: <3BC8B161.28A3EB43@nu.no> AFAIK to get samba working over different subnets, you'll need to set up a wins server, preferably on the samba server. read the using samba book (the full text is found both at oriellys and in the samba source maybe also in the rh rpms) for more on this. tarjei Tony Ricker wrote: > > All, > I need to know if samba can be a PDC across subnets (i.e. server is > no .23 and client is on .24) I was told by Redhat that it could not, > which I found hard to believe. This is mission critical because if I can > not find a way to make it work, i get the proverbial pie in the face. > Plus all kinds of crap about pushing for Linux and telling them (boss) > it would work. Any help at all would be appreciated. > > Set up: Redhat 7.1 Samba 2.2.1a > > Cheers, > > Tony > > -- > ------------------------------- > Tony Ricker > Technology Coordinator > SLUCare - P.M.O. > St. Louis University > Phone: 314.977.6844 > E-mail: rickera2@slu.edu > ------------------------------- > "In the beginners mind, there > are many possibilities. In the > experts mind, there are few" > - Shunryu Suzuki > ------------------------------- > "Think Different" From jra at samba.org Sat Oct 13 14:24:42 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:36:21 2003 Subject: URGENT HELP NEEDED In-Reply-To: <3BC8B031.14DF046A@slu.edu>; from rickera2@SLU.EDU on Sat, Oct 13, 2001 at 04:20:49PM -0500 References: <3BC8B031.14DF046A@slu.edu> Message-ID: <20011013142322.A28335@va.samba.org> On Sat, Oct 13, 2001 at 04:20:49PM -0500, Tony Ricker wrote: > All, > I need to know if samba can be a PDC across subnets (i.e. server is > no .23 and client is on .24) I was told by Redhat that it could not, > which I found hard to believe. This is mission critical because if I can > not find a way to make it work, i get the proverbial pie in the face. > Plus all kinds of crap about pushing for Linux and telling them (boss) > it would work. Any help at all would be appreciated. > > Set up: Redhat 7.1 Samba 2.2.1a Yes, it can. You need a WINS server setup correctly so that the PDC will register names correctly with it, and the clients will resolve names correctly with it. Samba 2.2.1a can be that WINS server. I'm about to release Samba 2.2.2 (with a RH7.1 binary) which will fix many of the known issues with Samba 2.2.1a. You might want to test drive it over the next few days. As my ex-boss at VA has just joined RedHat (along with most of VA's professional services team) I'll forward this reply to him also so he can work on fixing RedHat's internal tech support replies w.r.t. Samba. Cheers, Jeremy Allison, Samba Team. From kunathma at pilot.msu.edu Sat Oct 13 14:54:04 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:21 2003 Subject: smb win2k-server-as-client share permission problem Message-ID: <200110132155.f9DLtnm44906@pilot16.cl.msu.edu> Hello, I am not new to samba but new to win2k clients using samba. I have a copy of win2k advanced server(no service packs yet) and want to connect as client machine of samba. I installed samba 2.2.1a. I am able to log onto the domain (with use of user root) and log in as user(marcel). Profiles \\%L\profiles\%U work. The home directory gets mapped automatically and the user "marcel" has control over it. I checked (right click) the drive but there is no security permission tab. I want as user to map another share called share-drive1 and I can do so. The user has no permissions though. I check the security tab and it says something weird. Everyone none checked ntadmin(mydomain\ntadmin) none checked unix_user.103(mydomain\unix_user.103) none checked (ntadmin is my domain admin group; I don't understand why it chose to add a unix_user.103 to the list instead of the other user: Marcel (mydomain\marcel) marcel has a unix account 500:100 and not 103:100. Marcel is part of group ntadmin so I try to change some permissions maybe. I check some stuff on either marcel or ntadmin and hit "Apply". It stalls out, I see constant traffic on the switch and when I click the "[X]" to abord it says program fails to respond "End Now". Another thing I did not set up was the permissions on the unix directory as they are now: 103:ntadmin /share-drive1 I am sure I had set them to root:users.There is no unix user 103 on my Linux system. I was logged in locally as admin before and was able to change permissions for Marcel (mydomain\marcel) on the C drive just fine. It didn't stall. While the permission change hangs the log for the machine on the samba server says: [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. I wonder why I have to set permissions in the first place. Do I have to be root to set the permissions? I thought Samba as PDC will take the Unix permissions(user:group) existing on the unix directory to be mounted and take any permissions(directory mask etc) from the smb.conf file and map it onto the win2k workstation(advanced server in my case). When I did this stuff with win9x my user had proper read,write,execute permissions across all my shares. I know win2k is a different beast. I don't mind having to set permissions but it stalls and that is what is the problem. My second problem is I have a logon script which does get executed. It doesn't do any work as prescribed in it though. My script is to map three shares to drive letters but none of them show up. My commands are of the form: net use i: \\server\share-drive1 /persistent:no It doesn't get mapped automatically but I can map it manually once logged in. Another question I had was: What are the unix directory permissions suppose to be on the profiles directories: /etc/samba/ntprofile /etc/samba/ntprofile/marcel Find my smb.conf attached. I'd appreciate any suggestions. Thanks, mk # Samba config file created using SWAT # from 192.168.1.2 (192.168.1.2) # Date: 2001/10/13 18:08:55 # Global parameters [global] workgroup = mydomain netbios name = MAIL server string = Samba %v on %L interfaces = 192.168.1.1/24 127.0.0.0/24 encrypt passwords = Yes update encrypted = Yes null passwords = Yes passwd program = /usr/bin/passwd %u passwd chat debug = Yes unix password sync = No log file = /var/log/samba-log.%m time server = Yes keepalive = 30 domain admin group = @ntadmin #domain admin users = marcel logon script = %U.bat logon path = \\%L\profiles\%U logon drive = X: domain logons = Yes os level = 65 preferred master = True domain master = True kernel oplocks = No #config file = /etc/smb.conf.%U guest account = guest hosts allow = 192.168.1., 127. browseable = No [homes] comment = %U Home Directory invalid users = guest read only = No veto files = /.*/ writable = Yes [netlogon] comment = The Domain Logon Service path = /etc/samba/logon [share-drive1] comment = Network Drive path = /share-drive1 read only = No create mask = 0644 guest ok = Yes [programs] comment = Unix and Windows Programs path = /usr/src/source-storage valid users = marcel read only = No [profiles] comment = NT profiles path = /etc/samba/ntprofile create mask = 0600 directory mask = 0700 writable = Yes From bolke at xs4all.nl Sat Oct 13 15:08:02 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:22 2003 Subject: smb win2k-server-as-client share permission problem In-Reply-To: <200110132155.f9DLtnm44906@pilot16.cl.msu.edu> Message-ID: Sorry don't have an answer to your question (yet), but as I am running W2K AS here as well, I just checked the permissions on my shares and I am not getting the that unix user. just the normal FYI: Charlie &,,, (OPENBSD\root) (all checked) daemon (OPENBSD\root) (none checked) EveryOne (some additional ACLs) Could there be something in your setup (W2L) which is different from a stanadrd setup (btw I ran it against W2K AS SP2) Bolke -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Marcel Kunath Verzonden: zaterdag 13 oktober 2001 23:56 Aan: samba-ntdom@samba.org Onderwerp: smb win2k-server-as-client share permission problem Hello, I am not new to samba but new to win2k clients using samba. I have a copy of win2k advanced server(no service packs yet) and want to connect as client machine of samba. I installed samba 2.2.1a. I am able to log onto the domain (with use of user root) and log in as user(marcel). Profiles \\%L\profiles\%U work. The home directory gets mapped automatically and the user "marcel" has control over it. I checked (right click) the drive but there is no security permission tab. I want as user to map another share called share-drive1 and I can do so. The user has no permissions though. I check the security tab and it says something weird. Everyone none checked ntadmin(mydomain\ntadmin) none checked unix_user.103(mydomain\unix_user.103) none checked (ntadmin is my domain admin group; I don't understand why it chose to add a unix_user.103 to the list instead of the other user: Marcel (mydomain\marcel) marcel has a unix account 500:100 and not 103:100. Marcel is part of group ntadmin so I try to change some permissions maybe. I check some stuff on either marcel or ntadmin and hit "Apply". It stalls out, I see constant traffic on the switch and when I click the "[X]" to abord it says program fails to respond "End Now". Another thing I did not set up was the permissions on the unix directory as they are now: 103:ntadmin /share-drive1 I am sure I had set them to root:users.There is no unix user 103 on my Linux system. I was logged in locally as admin before and was able to change permissions for Marcel (mydomain\marcel) on the C drive just fine. It didn't stall. While the permission change hangs the log for the machine on the samba server says: [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. I wonder why I have to set permissions in the first place. Do I have to be root to set the permissions? I thought Samba as PDC will take the Unix permissions(user:group) existing on the unix directory to be mounted and take any permissions(directory mask etc) from the smb.conf file and map it onto the win2k workstation(advanced server in my case). When I did this stuff with win9x my user had proper read,write,execute permissions across all my shares. I know win2k is a different beast. I don't mind having to set permissions but it stalls and that is what is the problem. My second problem is I have a logon script which does get executed. It doesn't do any work as prescribed in it though. My script is to map three shares to drive letters but none of them show up. My commands are of the form: net use i: \\server\share-drive1 /persistent:no It doesn't get mapped automatically but I can map it manually once logged in. Another question I had was: What are the unix directory permissions suppose to be on the profiles directories: /etc/samba/ntprofile /etc/samba/ntprofile/marcel Find my smb.conf attached. I'd appreciate any suggestions. Thanks, mk # Samba config file created using SWAT # from 192.168.1.2 (192.168.1.2) # Date: 2001/10/13 18:08:55 # Global parameters [global] workgroup = mydomain netbios name = MAIL server string = Samba %v on %L interfaces = 192.168.1.1/24 127.0.0.0/24 encrypt passwords = Yes update encrypted = Yes null passwords = Yes passwd program = /usr/bin/passwd %u passwd chat debug = Yes unix password sync = No log file = /var/log/samba-log.%m time server = Yes keepalive = 30 domain admin group = @ntadmin #domain admin users = marcel logon script = %U.bat logon path = \\%L\profiles\%U logon drive = X: domain logons = Yes os level = 65 preferred master = True domain master = True kernel oplocks = No #config file = /etc/smb.conf.%U guest account = guest hosts allow = 192.168.1., 127. browseable = No [homes] comment = %U Home Directory invalid users = guest read only = No veto files = /.*/ writable = Yes [netlogon] comment = The Domain Logon Service path = /etc/samba/logon [share-drive1] comment = Network Drive path = /share-drive1 read only = No create mask = 0644 guest ok = Yes [programs] comment = Unix and Windows Programs path = /usr/src/source-storage valid users = marcel read only = No [profiles] comment = NT profiles path = /etc/samba/ntprofile create mask = 0600 directory mask = 0700 writable = Yes From kunathma at pilot.msu.edu Sat Oct 13 15:26:03 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:22 2003 Subject: smb win2k-server-as-client share permission problem In-Reply-To: from "Bolke de Bruin" at Oct 14, 2001 00:02:11 am Message-ID: <200110132227.f9DMRoq59032@pilot18.cl.msu.edu> Well I reset my share-drive1 to root:users and it now shows up as such on w2k. It still stalls when trying to set permissions. Not sure about my w2k setup. I never installed it before. I just went next nex next =) So I guess its a normal setup. =) I will upgrade to sp2 soon but can't right now. I am scared of telstra and its 3gig cap service people chasing me down. thanks, mk > > Sorry don't have an answer to your question (yet), > but as I am running W2K AS here as well, I just checked the > permissions on my shares and I am not getting the > that unix user. > > just the normal > > FYI: > > Charlie &,,, (OPENBSD\root) (all checked) > daemon (OPENBSD\root) (none checked) > EveryOne (some additional ACLs) > > > Could there be something in your setup (W2L) which is > different from a stanadrd setup (btw I ran it against W2K AS SP2) > > Bolke > > -----Oorspronkelijk bericht----- > Van: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]Namens Marcel Kunath > Verzonden: zaterdag 13 oktober 2001 23:56 > Aan: samba-ntdom@samba.org > Onderwerp: smb win2k-server-as-client share permission problem > > > Hello, > > I am not new to samba but new to win2k clients using samba. > > I have a copy of win2k advanced server(no service packs yet) and want to > connect as client machine of samba. I installed samba 2.2.1a. I am able to > log > onto the domain (with use of user root) and log in as user(marcel). Profiles > \\%L\profiles\%U work. The home directory gets mapped automatically and the > user "marcel" has control over it. I checked (right click) the drive but > there > is no security permission tab. > > I want as user to map another share called share-drive1 and I can do so. The > user has no permissions though. I check the security tab and it says > something > weird. > > Everyone none checked > ntadmin(mydomain\ntadmin) none checked > unix_user.103(mydomain\unix_user.103) none checked > > > (ntadmin is my domain admin group; I don't understand why it chose to add a > unix_user.103 to the list instead of the other user: > > Marcel (mydomain\marcel) > > marcel has a unix account 500:100 and not 103:100. > > Marcel is part of group ntadmin so I try to change some permissions maybe. I > check some stuff on either marcel or ntadmin and hit "Apply". It stalls out, > I > see constant traffic on the switch and when I click the "[X]" to abord it > says > program fails to respond "End Now". > > Another thing I did not set up was the permissions on the unix directory as > they are now: > > 103:ntadmin /share-drive1 > > I am sure I had set them to root:users.There is no unix user 103 on my Linux > system. > > I was logged in locally as admin before and was able to change permissions > for > Marcel (mydomain\marcel) on the C drive just fine. It didn't stall. > > While the permission change hangs the log for the machine on the samba > server > says: > > > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > > > I wonder why I have to set permissions in the first place. Do I have to be > root > to set the permissions? I thought Samba as PDC will take the Unix > permissions(user:group) existing on the unix directory to be mounted and > take > any permissions(directory mask etc) from the smb.conf file and map it onto > the > win2k workstation(advanced server in my case). When I did this stuff with > win9x > my user had proper read,write,execute permissions across all my shares. I > know > win2k is a different beast. > > I don't mind having to set permissions but it stalls and that is what is the > problem. > > > My second problem is I have a logon script which does get executed. It > doesn't > do any work as prescribed in it though. > > My script is to map three shares to drive letters but none of them show up. > > My commands are of the form: > > net use i: \\server\share-drive1 /persistent:no > > It doesn't get mapped automatically but I can map it manually once logged > in. > > > Another question I had was: What are the unix directory permissions suppose > to > be on the profiles directories: > > /etc/samba/ntprofile > /etc/samba/ntprofile/marcel > > > Find my smb.conf attached. I'd appreciate any suggestions. Thanks, > > mk > > > # Samba config file created using SWAT > # from 192.168.1.2 (192.168.1.2) > # Date: 2001/10/13 18:08:55 > > # Global parameters > [global] > workgroup = mydomain > netbios name = MAIL > server string = Samba %v on %L > interfaces = 192.168.1.1/24 127.0.0.0/24 > encrypt passwords = Yes > update encrypted = Yes > null passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat debug = Yes > unix password sync = No > log file = /var/log/samba-log.%m > time server = Yes > keepalive = 30 > domain admin group = @ntadmin > #domain admin users = marcel > logon script = %U.bat > logon path = \\%L\profiles\%U > logon drive = X: > domain logons = Yes > os level = 65 > preferred master = True > domain master = True > kernel oplocks = No > #config file = /etc/smb.conf.%U > guest account = guest > hosts allow = 192.168.1., 127. > browseable = No > > [homes] > comment = %U Home Directory > invalid users = guest > read only = No > veto files = /.*/ > writable = Yes > > [netlogon] > comment = The Domain Logon Service > path = /etc/samba/logon > > [share-drive1] > comment = Network Drive > path = /share-drive1 > read only = No > create mask = 0644 > guest ok = Yes > > [programs] > comment = Unix and Windows Programs > path = /usr/src/source-storage > valid users = marcel > read only = No > > [profiles] > comment = NT profiles > path = /etc/samba/ntprofile > create mask = 0600 > directory mask = 0700 > writable = Yes > > > > -- Marcel Kunath *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Montie House Network Greater Lansing Linux Users Group http://www.montiehouse.com http://www.gllug.org *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* From jra at samba.org Sat Oct 13 16:23:02 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:36:22 2003 Subject: Samba 2.2.2 released Message-ID: <20011013162220.A7718@va.samba.org> The Samba Team is proud to announce the release of Samba 2.2.2. This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. There are several important oplock logic bugs that have been fixed in this release, so an upgrade is recommended. Binary packages will be released shortly for major platforms. The source code can be downloaded from : ftp://ftp.samba.org/pub/samba/ in the file samba-2.2.2.tar.gz. The release notes follow. As always, all bugs are our responsibility. Regards, The Samba Team. ---------------------------------------------------------------------------- WHATS NEW IN Samba 2.2.2: 13th October 2001 =========================================== This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. There are several important oplock logic bugs that have been fixed in this release, so an upgrade is recommended. New daemon included - winbindd ------------------------------ Samba 2.2.2 is the first release to include the winbind daemon. This code allows UNIX systems that implement the name service switch (nss) to be entered into a Windows NT/2000 domain and use the Domain controller for all user and group enumeration. This allows a Samba server added to a Windows domain to serve file and print services with *NO* local users needed in /etc/passwd and /etc/group - all users and groups are read directly from the Windows domain controller. In addition with pam_winbind which allows a PAM enabled UNIX system to use a Windows domain for authentication service this allows single sign on and account control across UNIX and Windows systems. The current version of winbindd shipped in 2.2.2 does have some memory leaks, which will be addressed for the next Samba release, so it is advisable to monitor the winbind process. This code is being used in production by several vendors, so the leaks are managable. In addition, this version of winbind does not work correctly against a Samba PDC, due to some missing calls on the PDC side. These problems are being addressed for the next Samba release, but it was thought better to release the code now rather than delay the main Samba code to match the winbind release schedule. For more information on using winbind, see the man pages for winbindd and wbinfo. Note that winbindd is not installed by default. New/Changed parameters in 2.2.2 ------------------------------- For more information on these parameters, see the man pages for smb.conf. Added/changed parameters. ------------------------- strict allocate Causes Samba not to create UNIX 'sparse' files, but to follow the Windows behaviour of always allocating on-disk space. use mmap Set to 'on' by default, only set to 'off' on HPUX 11.x or below or other UNIX systems that don't have coherent mmap/read-write internal caches. You should not need to set this parameter. nt acl support This parameter has been changed to a per-share option, and is very useful in enabling Windows 2000 SP2 to load/save profiles from a Samba share. New printing parameters. ------------------------ disable spoolss Setting this parameter causes Samba to go back to the old 2.0.x LANMAN printing behaviour, for people who wish to disable the new SPOOLSS pipe. use client driver Causes Windows NT/2000 clients to need have a local printer driver installed and to treat the printer as local. New LDAP parameters. -------------------- Samba 2.2.2 contains new code to maintain a Samba SAM database on a remote LDAP server. These parameters have been added as part of this code. These parameters are only available when Samba has been compiled with the --with-ldapsam option. ldap admin dn ldap ssl New SSL parameters. ------------------- The SSL support in Samba has been fixed. These new parameters are part of the changes added. These parameters are only available when Samba has been compiled with the --with-ssl option. Please see the smb.conf man page for details. ssl egd socket ssl entropy file ssl entropy bytes New winbindd parameters. ------------------------ These parameters are used by winbindd. See the man page for winbindd for details. winbind separator winbind uid winbind gid winbind cache time winbind enum users winbind enum groups template homedir template shell Removed parameters. ------------------- share modes ldap root ldap root passwd New Documentation. ------------------ Some new README's have been added in the docs/ directory. These cover using roving profiles with Windows 2000 SP2 (docs/README.Win2kSP2), and how to use Samba to help prevent Windows virus spread (docs/README.Win32-Viruses). Quota problems on a Linux 2.4 kernel. ------------------------------------- Currently the quota interfaces have diverged between the Linus 2.4.x kernels and the Alan Cox 2.4.x kernels (the Alan Cox varients are shipped with RedHat). Running quota-enabled Samba compiled on an Alan Cox kernel works correctly on an Alan Cox kernel (the one shipped by default with RedHat 7.x) but fails on a Linus kernel. This is a mess, and hopefully Alan and Linus will sort it out soon. In the meantime we need to ship..... Changes in 2.2.2 ----------------- 1). mmap tdb code disabled on HPUX. This should prevent the reports of tdb corruption on HUPX. 2). Large file support set to off in Solaris 5.5 and below. 3). Better CUPS detection. 4). New SAM (password database) backends - smbpasswd (traditional), LDAP, NIS+ and Samba TDB. 5). Quota fixups on Linux. 6). libsmbclient stand-alone code added. Can be built as a shared library under Linux. 7). Tru64 ACL suppport added. 8). winbindd option added. 9). Realloc fail tidyup fixes all over the code. 10). Large improvement in hash table code efficiency - would be found with large stat caches. 11). Error code consistency improved (still needs more work). 12). Profile shared memory support added to nmbd. 13). New Windows 2000/NT passthrough info levels added. 14). readraw/writeraw code rewritten - many bugs fixed. 15). UNIX password sync (non pam) code fixed, use correct wildcard matcher. 16). Reverse DNS lookup avoided on socket open. 17). Bug preventing nmbd re-registering names on WINS server timeout fixed. 18). Zero length byte range lock code added. Much closer to Windows semantics. 19). Alignment fault fixes for Linux/Alpha. 20). Error checking on tdb returns vastly improved. 21). Handling of delete on close fixed. No longer possible to leave 'dead' file entries. 22). Handling of oplock break failure cleanups improved. Should not be able to leave 'dead' entries. 23). Fix handling of errors trying to set 64 bit locks on 32 bit NFS mounts. 24). Misc. MS-DFS code fixes. 25). Ignore logon packets if not a PDC (needed for PDC/BDC failover). 26). winbind pam module added. 27). Order N^^2 enumeration of printers problem fixed. 28). Password backend database code re-ordered to allow different password backends (at compile time currently). 29). Improved print driver version detection for Windows 2000. 30). Driver DEVMODE initialization fixes. 31). Improved SYSV print parse code. 32). Fixed enumeration of large numbers of users/groups from Windows clients. Code still too slow. 33). Fix for buggy NetApp RPC pipe clients. 34). Fix for NT sending multiple SetPrinterDataEx calls. 35). Fix for logic bug where smbd could delay oplock break request messages from other smbd daemons whilst client kept us busy. 36). Fix deadlock problem with connections tdb on enumeration. 37). Fixes for setting/getting NT ACLs - improved POSIX mapping both ways. 38). Removed unused readbmpx/writebmpx code. 39). Attempt to fix Linux 2.4.x quota mess. 40). Improved ctemp code for Windows 2000 compatibilty. 41). Finally understood difference between set EOF and set allocation requests. Added strict allocate parameter to help. 42). Correctly return name types on name to SID lookups. 43). tdb spinlock code update. 44). Use pread/pwrite on systems that have it to fix race condition in tdb code. Older release notes for Samba 2.2.x follow. ----------------------------------------------------------------------------- The release notes for 2.2.1a follow : This is a minor bugfix release for 2.2.1, *NOT* security related. 1). 2.2.1 had a bug where using smbpasswd -m to add a Windows NT or Windows2000 machine into a Samba hosted PDC would fail due to our stricter user name checking. We were disallowing user names containing '$', which is needed when using smbpasswd to add a machine into a domain. Automatically adding machines (using the native Windows tools) into a Samba domain worked correctly. 2.2.1a fixes this single problem. ----------------------------------------------------------------------------- The release notes for 2.2.1 follow : New/Changed parameters in 2.2.1 ------------------------------- Added parameters. ----------------- obey pam restrictions When Samba is configured to use PAM, turns on or off Samba checking the PAM account restrictions. Defaults to off. pam password change When Samba is configured to use PAM, turns on or off Samba passing the password changes to PAM. Defaults to off. large readwrite New option to allow new Windows 2000 large file (64k) streaming read/write options. Needs a 64 bit underlying operating system (for Linux use kernel 2.4 with glibc 2.2 or above). Can improve performance by 10% with Windows 2000 clients. Defaults to off. Not as tested as some other Samba code paths. hide unreadable Prevents clients from seeing the existance of files that cannot be read. Off by default. enhanced browsing Turn on/off the enhanced Samba browing functionality (*1B names). Default is "on". Can prevent eternal machines in workgroups when WINS servers are not synchronised. Removed parameters. ------------------- domain groups domain admin users domain guest users Changes in 2.2.1 ----------------- 1). "find" command removed for smbclient. Internal code now used. 2). smbspool updates to retry connections from Michael Sweet. 3). Fix for mapping 8859-15 characters to UNICODE. 4). Changed "security=server" to try with invalid username to prevent account lockouts. 5). Fixes to allow Windows 2000 SP2 clients to join a Samba PDC. 6). Support for Windows 9x Nexus tools to allow security changes from Win9x. 7). Two locking fixes added. Samba 2.2.1 now passes the Clarion network lock tester tool for distributed databases. 8). Preliminary support added for Windows 2000 large file read/write SMBs. 9). Changed random number generator in Samba to prevent guess attacks. 10). Fixes for tdb corruption in connections.tdb and file locking brlock.tdb. smbd's clean the tdb files on startup and shutdown. 11). Fixes for default ACLs on Solaris. 12). Tidyup of password entry caching code. 13). Correct shutdowns added for send fails. Helps tdb cleanup code. 14). Prevent invalid '/' characters in workgroup names. 15). Removed more static arrays in SAMR code. 16). Client code is now UNICODE on the wire. 17). Fix 2 second timstamp resolution everywhere if dos timestamp set to yes. 18). All tdb opens now going through logging function. 19). Add pam password changing and pam restrictions code. 20). Printer driver management improvements (delete driver). 21). Fix difference between NULL security descriptors and empty security descriptors. 22). Fix SID returns for server roles. 23). Allow Windows 2000 mmc to view and set Samba share security descriptors. 24). Allow smbcontrol to forcibly disconnect a share. 25). tdb fixes for HPUX, OpenBSD and other OS's that don't have a coherent mmap/file read/write cache. 26). Fix race condition in returning create disposition for file create/open. 27). Fix NT rewriting of security descriptors to their canonical form for ACLs. 28). Fix for Samba running on top of Linux VFAT ftruncate bug. 29). Swat fixes for being run with xinetd that doesn't set the umask. 30). Fix for slow writes with Win9x Explorer clients. Emulates Microsoft TCP stack early ack specification error. 31). Changed lock & persistant tdb directory to /var/cache/samba by default on RedHat and Mandrake as they clear the /var/lock/samba directory on reboot. ----------------------------------------------------------------------------- The release notes for 2.2.0a follow : SECURITY FIX ============ This is a security bugfix release for Samba 2.2.0. This release provides the following two changes *ONLY* from the 2.2.0 release. 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) and described in the security advisory below. 2). Fix for the hosts allow/hosts deny parameters not being honoured. No other changes are being made for this release to ensure a security fix only. For new functionality (including these security fixes) download Samba 2.2.1 when it is available. The security advisory follows : IMPORTANT: Security bugfix for Samba ------------------------------------ June 23rd 2001 Summary ------- A serious security hole has been discovered in all versions of Samba that allows an attacker to gain root access on the target machine for certain types of common Samba configuration. The immediate fix is to edit your smb.conf configuration file and remove all occurances of the macro "%m". Replacing occurances of %m with %I is probably the best solution for most sites. Details ------- A remote attacker can use a netbios name containing unix path characters which will then be substituted into the %m macro wherever it occurs in smb.conf. This can be used to cause Samba to create a log file on top of an important system file, which in turn can be used to compromise security on the server. The most commonly used configuration option that can be vulnerable to this attack is the "log file" option. The default value for this option is VARDIR/log.smbd. If the default is used then Samba is not vulnerable to this attack. The security hole occurs when a log file option like the following is used: log file = /var/log/samba/%m.log In that case the attacker can use a locally created symbolic link to overwrite any file on the system. This requires local access to the server. If your Samba configuration has something like the following: log file = /var/log/samba/%m Then the attacker could successfully compromise your server remotely as no symbolic link is required. This type of configuration is very rare. The most commonly used log file configuration containing %m is the distributed in the sample configuration file that comes with Samba: log file = /var/log/samba/log.%m in that case your machine is not vulnerable to this attack unless you happen to have a subdirectory in /var/log/samba/ which starts with the prefix "log." Credit ------ Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this vulnerability. New Release ----------- While we recommend that vulnerable sites immediately change their smb.conf configuration file to prevent the attack we will also be making new releases of Samba within the next 24 hours to properly fix the problem. Please see http://www.samba.org/ for the new releases. Please report any attacks to the appropriate authority. The Samba Team security@samba.org --------------------------------------------------------------------------- The release notes for 2.2.0 follow : This is the official Samba 2.2.0 release. This version of Samba provides the following new features and enhancements. Integration between Windows oplocks and NFS file opens (IRIX and Linux 2.4 kernel only). This gives complete data and locking integrity between Windows and UNIX file access to the same data files. Ability to act as an authentication source for Windows 2000 clients as well as for NT4.x clients. Integration with the winbind daemon that provides a single sign on facility for UNIX servers in Windows 2000/NT4 networks driven by a Windows 2000/NT4 PDC. winbind is not included in this release, it currently must be obtained separately. We are committed to including winbind in a future Samba 2.2.x release. Support for native Windows 2000/NT4 printing RPCs. This includes support for automatic printer driver download. Support for server supported Access Control Lists (ACLs). This release contains support for the following filesystems: Solaris 2.6+ SGI Irix Linux Kernel with ACL patch from http://acl.bestbits.at Linux Kernel with XFS ACL support. Caldera/SCO UnixWare IBM AIX FreeBSD (with external patch) Other platforms will be supported as resources are available to test and implement the encessary modules. If you are interested in writing the support for a particular ACL filesystem, please join the samba-technical mailing list and coordinate your efforts. On PAM (Pluggable Authentication Module) based systems - better debugging messages and encrypted password users now have access control verified via PAM - Note: Authentication still uses the encrypted password database. Rewritten internal locking semantics for more robustness. This release supports full 64 bit locking semantics on all (even 32 bit) platforms. SMB locks are mapped onto POSIX locks (32 bit or 64 bit) as the underlying system allows. Conversion of various internal flat data structures to use database records for increased performance and flexibility. Support for acting as a MS-DFS (Distributed File System) server. Support for manipulating Samba shares using Windows client tools (server manager). Per share security can be set using these tools and Samba will obey the access restrictions applied. Samba profiling support (see below). Compile time option for enabling a (Virtual file system) VFS layer to allow non-disk resources to be exported as Windows filesystems (such as databases etc.). The documentation in this release has been updated and converted from Yodl to DocBook 4.1. There are many new parameters since 2.0.7 and some defaults have changed. Profiling support. ------------------ Support for collection of profile information. A shared memory area has been created which contains counters for the number of calls to and the amount of time spent in various system calls, smb transactions and nmbd activity. See the file profile.h for a complete listing of the information collected. Sample code for a samba pmda (collection agent for Performance Co-Pilot) has been included in the pcp directory. To enable the profile data collection code in samba, you must compile samba with profile data support (run configure with the --with-profiling-data option). On startup, collection of data is disabled. To begin collecting data use the smbcontrol program to turn on profiling (see the smbcontrol man page). Profile information collection can be enabled for nmbd, all smbd processes or one or more selected processes. The profiling data collected is the aggragate for all processes that have profiling enabled. With samba compiled for profile data collection, you may see a very slight degradation in performance even with profiling collection turned off. On initial tests with NetBench on an SGI Origin 200 server, this degradation was not measureable with profile collection off compared to no profile collection compiled into samba. With count profile collection enabled on all clients, the degradation was less than 2%. With full profile collection enabled on all clients, the degradation was about 8.5%. ===================================================================== If you think you have found a bug please email a report to : samba@samba.org As always, all bugs are our responsibility. Regards, The Samba Team. From bolke at xs4all.nl Sat Oct 13 17:51:06 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:22 2003 Subject: nt acl support In-Reply-To: <20011013162220.A7718@va.samba.org> Message-ID: Just read Jeremy's email about the release: Great work guys! A small detail caught my eye in the add/changed config options section: nt acl support I am using W2K AS SP2 here and I did not have any problems using roaming profiles until now. Just when I "upgraded" to the HEAD branch my profile gave an "acces denied error". My question is why did that suddenly turn up and why was it implemented in 2.2.2 as it seems for me that 2.2.1a did not have any trouble with it and last but not least (hope I'm not asking too many questions here, but I'd like to beta-test your package and maybe help with the development later on) I guess the "nt acl support" should be set on the "Profiles" share? Thx in advance Bolke. From npande at bajajauto.co.in Sat Oct 13 20:16:04 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:25 2003 Subject: Samba 2.2.2 released References: <20011013162220.A7718@va.samba.org> Message-ID: <3BC903C4.23259F87@bajajauto.co.in> I'll test this new version. Brings tears to your eyes. ;) Long live Samba Thanks to Samba Team -Nitin Pande Mail Administrator Bajaj Auto Ltd. Jeremy Allison wrote: > The Samba Team is proud to announce the release of Samba 2.2.2. > > This is the latest stable release of Samba. This is the version that all > production Samba servers should be running for all current bug-fixes. > > There are several important oplock logic bugs that have been fixed in > this release, so an upgrade is recommended. > > Binary packages will be released shortly for major platforms. The source > code can be downloaded from : > > ftp://ftp.samba.org/pub/samba/ > > in the file samba-2.2.2.tar.gz. > > The release notes follow. > > As always, all bugs are our responsibility. > > Regards, > > The Samba Team. > > ---------------------------------------------------------------------------- > WHATS NEW IN Samba 2.2.2: 13th October 2001 > =========================================== > > This is the latest stable release of Samba. This is the version that all > production Samba servers should be running for all current bug-fixes. > > There are several important oplock logic bugs that have been fixed in > this release, so an upgrade is recommended. > > New daemon included - winbindd > ------------------------------ > > Samba 2.2.2 is the first release to include the winbind daemon. > This code allows UNIX systems that implement the name service > switch (nss) to be entered into a Windows NT/2000 domain and > use the Domain controller for all user and group enumeration. > > This allows a Samba server added to a Windows domain to serve > file and print services with *NO* local users needed in /etc/passwd > and /etc/group - all users and groups are read directly from the > Windows domain controller. In addition with pam_winbind which allows > a PAM enabled UNIX system to use a Windows domain for authentication > service this allows single sign on and account control across > UNIX and Windows systems. > > The current version of winbindd shipped in 2.2.2 does have some > memory leaks, which will be addressed for the next Samba release, > so it is advisable to monitor the winbind process. This code is > being used in production by several vendors, so the leaks are > managable. In addition, this version of winbind does not work > correctly against a Samba PDC, due to some missing calls on the > PDC side. These problems are being addressed for the next Samba > release, but it was thought better to release the code now rather > than delay the main Samba code to match the winbind release schedule. > > For more information on using winbind, see the man pages for > winbindd and wbinfo. > > Note that winbindd is not installed by default. > > New/Changed parameters in 2.2.2 > ------------------------------- > > For more information on these parameters, see the man pages for > smb.conf. > > Added/changed parameters. > ------------------------- > > strict allocate > > Causes Samba not to create UNIX 'sparse' files, but to follow the > Windows behaviour of always allocating on-disk space. > > use mmap > > Set to 'on' by default, only set to 'off' on HPUX 11.x or below or other > UNIX systems that don't have coherent mmap/read-write internal caches. > You should not need to set this parameter. > > nt acl support > > This parameter has been changed to a per-share option, and is very > useful in enabling Windows 2000 SP2 to load/save profiles from a > Samba share. > > New printing parameters. > ------------------------ > > disable spoolss > > Setting this parameter causes Samba to go back to the old 2.0.x > LANMAN printing behaviour, for people who wish to disable the > new SPOOLSS pipe. > > use client driver > > Causes Windows NT/2000 clients to need have a local printer driver > installed and to treat the printer as local. > > New LDAP parameters. > -------------------- > > Samba 2.2.2 contains new code to maintain a Samba SAM database > on a remote LDAP server. These parameters have been added as > part of this code. These parameters are only available when Samba > has been compiled with the --with-ldapsam option. > > ldap admin dn > ldap ssl > > New SSL parameters. > ------------------- > > The SSL support in Samba has been fixed. These new parameters > are part of the changes added. These parameters are only available > when Samba has been compiled with the --with-ssl option. > Please see the smb.conf man page for details. > > ssl egd socket > ssl entropy file > ssl entropy bytes > > New winbindd parameters. > ------------------------ > > These parameters are used by winbindd. See the man page for > winbindd for details. > > winbind separator > winbind uid > winbind gid > winbind cache time > winbind enum users > winbind enum groups > template homedir > template shell > > Removed parameters. > ------------------- > > share modes > ldap root > ldap root passwd > > New Documentation. > ------------------ > > Some new README's have been added in the docs/ directory. These cover > using roving profiles with Windows 2000 SP2 (docs/README.Win2kSP2), > and how to use Samba to help prevent Windows virus spread > (docs/README.Win32-Viruses). > > Quota problems on a Linux 2.4 kernel. > ------------------------------------- > > Currently the quota interfaces have diverged between the Linus > 2.4.x kernels and the Alan Cox 2.4.x kernels (the Alan Cox varients > are shipped with RedHat). Running quota-enabled Samba compiled on > an Alan Cox kernel works correctly on an Alan Cox kernel (the one > shipped by default with RedHat 7.x) but fails on a Linus kernel. > > This is a mess, and hopefully Alan and Linus will sort it out soon. > In the meantime we need to ship..... > > Changes in 2.2.2 > ----------------- > > 1). mmap tdb code disabled on HPUX. This should prevent the reports of > tdb corruption on HUPX. > 2). Large file support set to off in Solaris 5.5 and below. > 3). Better CUPS detection. > 4). New SAM (password database) backends - smbpasswd (traditional), > LDAP, NIS+ and Samba TDB. > 5). Quota fixups on Linux. > 6). libsmbclient stand-alone code added. Can be built as a shared library > under Linux. > 7). Tru64 ACL suppport added. > 8). winbindd option added. > 9). Realloc fail tidyup fixes all over the code. > 10). Large improvement in hash table code efficiency - would be found with > large stat caches. > 11). Error code consistency improved (still needs more work). > 12). Profile shared memory support added to nmbd. > 13). New Windows 2000/NT passthrough info levels added. > 14). readraw/writeraw code rewritten - many bugs fixed. > 15). UNIX password sync (non pam) code fixed, use correct wildcard matcher. > 16). Reverse DNS lookup avoided on socket open. > 17). Bug preventing nmbd re-registering names on WINS server timeout fixed. > 18). Zero length byte range lock code added. Much closer to Windows semantics. > 19). Alignment fault fixes for Linux/Alpha. > 20). Error checking on tdb returns vastly improved. > 21). Handling of delete on close fixed. No longer possible to leave 'dead' > file entries. > 22). Handling of oplock break failure cleanups improved. Should not be > able to leave 'dead' entries. > 23). Fix handling of errors trying to set 64 bit locks on 32 bit NFS mounts. > 24). Misc. MS-DFS code fixes. > 25). Ignore logon packets if not a PDC (needed for PDC/BDC failover). > 26). winbind pam module added. > 27). Order N^^2 enumeration of printers problem fixed. > 28). Password backend database code re-ordered to allow different password > backends (at compile time currently). > 29). Improved print driver version detection for Windows 2000. > 30). Driver DEVMODE initialization fixes. > 31). Improved SYSV print parse code. > 32). Fixed enumeration of large numbers of users/groups from Windows clients. > Code still too slow. > 33). Fix for buggy NetApp RPC pipe clients. > 34). Fix for NT sending multiple SetPrinterDataEx calls. > 35). Fix for logic bug where smbd could delay oplock break request messages > from other smbd daemons whilst client kept us busy. > 36). Fix deadlock problem with connections tdb on enumeration. > 37). Fixes for setting/getting NT ACLs - improved POSIX mapping both ways. > 38). Removed unused readbmpx/writebmpx code. > 39). Attempt to fix Linux 2.4.x quota mess. > 40). Improved ctemp code for Windows 2000 compatibilty. > 41). Finally understood difference between set EOF and set allocation requests. > Added strict allocate parameter to help. > 42). Correctly return name types on name to SID lookups. > 43). tdb spinlock code update. > 44). Use pread/pwrite on systems that have it to fix race condition in tdb code. > > Older release notes for Samba 2.2.x follow. > > ----------------------------------------------------------------------------- > The release notes for 2.2.1a follow : > > This is a minor bugfix release for 2.2.1, *NOT* security related. > > 1). 2.2.1 had a bug where using smbpasswd -m to add a Windows NT or > Windows2000 machine into a Samba hosted PDC would fail due to our > stricter user name checking. We were disallowing user names > containing '$', which is needed when using smbpasswd to add a > machine into a domain. Automatically adding machines (using the > native Windows tools) into a Samba domain worked correctly. > > 2.2.1a fixes this single problem. > > ----------------------------------------------------------------------------- > The release notes for 2.2.1 follow : > > New/Changed parameters in 2.2.1 > ------------------------------- > > Added parameters. > ----------------- > > obey pam restrictions > > When Samba is configured to use PAM, turns on or off Samba checking > the PAM account restrictions. Defaults to off. > > pam password change > > When Samba is configured to use PAM, turns on or off Samba passing > the password changes to PAM. Defaults to off. > > large readwrite > > New option to allow new Windows 2000 large file (64k) streaming > read/write options. Needs a 64 bit underlying operating system > (for Linux use kernel 2.4 with glibc 2.2 or above). Can improve performance > by 10% with Windows 2000 clients. Defaults to off. Not as tested > as some other Samba code paths. > > hide unreadable > > Prevents clients from seeing the existance of files that cannot > be read. Off by default. > > enhanced browsing > > Turn on/off the enhanced Samba browing functionality (*1B names). > Default is "on". Can prevent eternal machines in workgroups when > WINS servers are not synchronised. > > Removed parameters. > ------------------- > > domain groups > domain admin users > domain guest users > > Changes in 2.2.1 > ----------------- > > 1). "find" command removed for smbclient. Internal code now used. > 2). smbspool updates to retry connections from Michael Sweet. > 3). Fix for mapping 8859-15 characters to UNICODE. > 4). Changed "security=server" to try with invalid username to prevent > account lockouts. > 5). Fixes to allow Windows 2000 SP2 clients to join a Samba PDC. > 6). Support for Windows 9x Nexus tools to allow security changes from Win9x. > 7). Two locking fixes added. Samba 2.2.1 now passes the Clarion network > lock tester tool for distributed databases. > 8). Preliminary support added for Windows 2000 large file read/write SMBs. > 9). Changed random number generator in Samba to prevent guess attacks. > 10). Fixes for tdb corruption in connections.tdb and file locking brlock.tdb. > smbd's clean the tdb files on startup and shutdown. > 11). Fixes for default ACLs on Solaris. > 12). Tidyup of password entry caching code. > 13). Correct shutdowns added for send fails. Helps tdb cleanup code. > 14). Prevent invalid '/' characters in workgroup names. > 15). Removed more static arrays in SAMR code. > 16). Client code is now UNICODE on the wire. > 17). Fix 2 second timstamp resolution everywhere if dos timestamp set to yes. > 18). All tdb opens now going through logging function. > 19). Add pam password changing and pam restrictions code. > 20). Printer driver management improvements (delete driver). > 21). Fix difference between NULL security descriptors and empty > security descriptors. > 22). Fix SID returns for server roles. > 23). Allow Windows 2000 mmc to view and set Samba share security descriptors. > 24). Allow smbcontrol to forcibly disconnect a share. > 25). tdb fixes for HPUX, OpenBSD and other OS's that don't have a coherent > mmap/file read/write cache. > 26). Fix race condition in returning create disposition for file create/open. > 27). Fix NT rewriting of security descriptors to their canonical form for > ACLs. > 28). Fix for Samba running on top of Linux VFAT ftruncate bug. > 29). Swat fixes for being run with xinetd that doesn't set the umask. > 30). Fix for slow writes with Win9x Explorer clients. Emulates Microsoft > TCP stack early ack specification error. > 31). Changed lock & persistant tdb directory to /var/cache/samba by default on > RedHat and Mandrake as they clear the /var/lock/samba directory on reboot. > > ----------------------------------------------------------------------------- > The release notes for 2.2.0a follow : > > SECURITY FIX > ============ > > This is a security bugfix release for Samba 2.2.0. This release provides the > following two changes *ONLY* from the 2.2.0 release. > > 1). Fix for the security hole discovered by Michal Zalewski (lcamtuf@bos.bindview.com) > and described in the security advisory below. > 2). Fix for the hosts allow/hosts deny parameters not being honoured. > > No other changes are being made for this release to ensure a security fix only. > For new functionality (including these security fixes) download Samba 2.2.1 > when it is available. > > The security advisory follows : > > IMPORTANT: Security bugfix for Samba > ------------------------------------ > > June 23rd 2001 > > Summary > ------- > > A serious security hole has been discovered in all versions of Samba > that allows an attacker to gain root access on the target machine for > certain types of common Samba configuration. > > The immediate fix is to edit your smb.conf configuration file and > remove all occurances of the macro "%m". Replacing occurances of %m > with %I is probably the best solution for most sites. > > Details > ------- > > A remote attacker can use a netbios name containing unix path > characters which will then be substituted into the %m macro wherever > it occurs in smb.conf. This can be used to cause Samba to create a log > file on top of an important system file, which in turn can be used to > compromise security on the server. > > The most commonly used configuration option that can be vulnerable to > this attack is the "log file" option. The default value for this > option is VARDIR/log.smbd. If the default is used then Samba is not > vulnerable to this attack. > > The security hole occurs when a log file option like the following is > used: > > log file = /var/log/samba/%m.log > > In that case the attacker can use a locally created symbolic link to > overwrite any file on the system. This requires local access to the > server. > > If your Samba configuration has something like the following: > > log file = /var/log/samba/%m > > Then the attacker could successfully compromise your server remotely > as no symbolic link is required. This type of configuration is very > rare. > > The most commonly used log file configuration containing %m is the > distributed in the sample configuration file that comes with Samba: > > log file = /var/log/samba/log.%m > > in that case your machine is not vulnerable to this attack unless you > happen to have a subdirectory in /var/log/samba/ which starts with the > prefix "log." > > Credit > ------ > > Thanks to Michal Zalewski (lcamtuf@bos.bindview.com) for finding this > vulnerability. > > New Release > ----------- > > While we recommend that vulnerable sites immediately change their > smb.conf configuration file to prevent the attack we will also be > making new releases of Samba within the next 24 hours to properly fix > the problem. Please see http://www.samba.org/ for the new releases. > > Please report any attacks to the appropriate authority. > > The Samba Team > security@samba.org > > --------------------------------------------------------------------------- > > The release notes for 2.2.0 follow : > > This is the official Samba 2.2.0 release. This version of Samba provides > the following new features and enhancements. > > Integration between Windows oplocks and NFS file opens (IRIX and Linux > 2.4 kernel only). This gives complete data and locking integrity between > Windows and UNIX file access to the same data files. > > Ability to act as an authentication source for Windows 2000 clients as > well as for NT4.x clients. > > Integration with the winbind daemon that provides a single > sign on facility for UNIX servers in Windows 2000/NT4 networks > driven by a Windows 2000/NT4 PDC. winbind is not included in > this release, it currently must be obtained separately. We are > committed to including winbind in a future Samba 2.2.x release. > > Support for native Windows 2000/NT4 printing RPCs. This includes > support for automatic printer driver download. > > Support for server supported Access Control Lists (ACLs). > This release contains support for the following filesystems: > > Solaris 2.6+ > SGI Irix > Linux Kernel with ACL patch from http://acl.bestbits.at > Linux Kernel with XFS ACL support. > Caldera/SCO UnixWare > IBM AIX > FreeBSD (with external patch) > > Other platforms will be supported as resources are > available to test and implement the encessary modules. If > you are interested in writing the support for a particular > ACL filesystem, please join the samba-technical mailing > list and coordinate your efforts. > > On PAM (Pluggable Authentication Module) based systems - better debugging > messages and encrypted password users now have access control verified via > PAM - Note: Authentication still uses the encrypted password database. > > Rewritten internal locking semantics for more robustness. > This release supports full 64 bit locking semantics on all > (even 32 bit) platforms. SMB locks are mapped onto POSIX > locks (32 bit or 64 bit) as the underlying system allows. > > Conversion of various internal flat data structures to use > database records for increased performance and > flexibility. > > Support for acting as a MS-DFS (Distributed File System) server. > > Support for manipulating Samba shares using Windows client tools > (server manager). Per share security can be set using these tools > and Samba will obey the access restrictions applied. > > Samba profiling support (see below). > > Compile time option for enabling a (Virtual file system) VFS layer > to allow non-disk resources to be exported as Windows filesystems > (such as databases etc.). > > The documentation in this release has been updated and converted > from Yodl to DocBook 4.1. There are many new parameters since 2.0.7 > and some defaults have changed. > > Profiling support. > ------------------ > Support for collection of profile information. A shared > memory area has been created which contains counters for > the number of calls to and the amount of time spent in > various system calls, smb transactions and nmbd activity. See > the file profile.h for a complete listing of the information > collected. Sample code for a samba pmda (collection agent > for Performance Co-Pilot) has been included in the pcp > directory. > > To enable the profile data collection code in samba, you must > compile samba with profile data support (run configure with > the --with-profiling-data option). On startup, collection of > data is disabled. To begin collecting data use the smbcontrol > program to turn on profiling (see the smbcontrol man page). > Profile information collection can be enabled for nmbd, all smbd > processes or one or more selected processes. The profiling > data collected is the aggragate for all processes that have > profiling enabled. > > With samba compiled for profile data collection, you may see > a very slight degradation in performance even with profiling > collection turned off. On initial tests with NetBench on an > SGI Origin 200 server, this degradation was not measureable > with profile collection off compared to no profile collection > compiled into samba. > > With count profile collection enabled on all clients, the > degradation was less than 2%. With full profile collection > enabled on all clients, the degradation was about 8.5%. > > ===================================================================== > > If you think you have found a bug please email a report to : > > samba@samba.org > > As always, all bugs are our responsibility. > > Regards, > > The Samba Team. From shlomi at airslide.com Sun Oct 14 00:23:04 2001 From: shlomi at airslide.com (Shlomi Bachar) Date: Tue Dec 2 02:36:25 2003 Subject: Setup problems Message-ID: <870C3615A99BF74FB6BEDDA2FC9E8DD40757FE@mailslide.airslide.com> Hi, I get the following error when trying to connect to my Sun UNIX station from a pc in a win2k domain: H:\>net use k: \\tsunami\homes System error 1240 has occurred. The account is not authorized to log in from this station. This is my smb.conf file: workgroup = airslide-il [homes] guest ok = no read only = no Where airslide-il is the domain name for the win2k domain. I've also created the same user in which I use to login to the PC in the UNIX machine and with the same password. Any help in solving this problem will be appreciated. Thank you in advance, Shlomi Bachar IT Manager Airslide Systems Ltd. www.airslide.com Tel: +972 9 970 9861 Mobile: +972 54 416465 Fax: +972 9 970 9843 eMail: shlomi@airslide.com From grobe at gmx.net Sun Oct 14 03:50:02 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:36:25 2003 Subject: setting date for account expiration with samba pdc? References: <20222.1002724951@www35.gmx.net> Message-ID: <3BC96E4C.3756728D@gmx.net> Hi! grobe@gmx.net wrote: > Everything's nice and stable, I just found that samba ignores the unix > account expiration date (I have security=user). Do I have to recompile samba > with pam enabled to make account expiration work? Just for the next one who tries: I have to set "obey pam restrictions = Yes" in smb.conf (I just found this as I read the changes for 2.2.2 - there was the list of new settings of 2.2.1a included ;-)... CU, Lars. From oliver at methfessel.net Sun Oct 14 04:22:02 2001 From: oliver at methfessel.net (Oliver Methfessel) Date: Tue Dec 2 02:36:25 2003 Subject: Windows NT4 Domain: Printing on a printer connected to NT-Box from Linux-Box Message-ID: <3BC97535.6080900@methfessel.net> HI There, I have a smal LAN here at home. As a server I have got a Windows NT4 Box, as Clients I have seom Win95 /98 Boxes and for some weeks now a Suse 7.0 Box. Everything is working fine. Except one thing: I can't print on my Printer (Hp DJ 820Cxi) which is connected at the server. With the Windows-Clients it is no problem, but with the linuxbox I am not able to print. I have joined succesfully the domain called "methfessel" and installed the printer like desribed in the docs from sdb.suse.de When I want to test the configuratoin by typing lpr -Premote test.txt he tells me bash-2.04# lpr -Premote test.txt lpr: connect: Verbindungsaufbau abgelehnt (: connection refused) jobs queued, but cannot start daemon For Information: I named the forwarding queue remote (in apsfilter, generated with lprsetup) I can access all the other shares on the server, also the printer named "hp" (with smbclient) Any Sugestions how to solve that problem??? _________________________________________________________________________ http://www.methfessel-com.de | oliver@methfessel.net http://www.whf.de | http://www.leibnetz.de From ekolb at edscha-na.com Sun Oct 14 12:07:45 2001 From: ekolb at edscha-na.com (Eric Kolb) Date: Tue Dec 2 02:36:25 2003 Subject: samba-ntdom digest, Vol 1 #514 - 13 msgs (On Vacation) Message-ID: I'll be on vacation until Oct.22. Eric Kolb Senior Systems / Network Administrator Edscha of Canada / Edscha North America From eimis at ism.lt Sun Oct 14 23:19:01 2001 From: eimis at ism.lt (Eimantas Serpenskas) Date: Tue Dec 2 02:36:25 2003 Subject: W2k SP2 & samba problems References: <3BC73282.20892.22CDDEA@localhost> Message-ID: <068e01c15541$6c724d70$1401a8c0@ism.lt> > > > > >From PDC: > > smbclient -L //w2k_pc_name -U w2k_pc_name/w2k_pc_username - works. > > smbclient -L //w2k_pc_name -U domain_username - doesn't, i get: > have you tried > smbclient -L //w2k_pc_name -U domain_name/domain_username > \\ ? > Also look for the -W parameter > > Christian It doesn't help :( Eimis From barth at cck.uni-kl.de Sun Oct 14 23:53:01 2001 From: barth at cck.uni-kl.de (Christian Barth) Date: Tue Dec 2 02:36:25 2003 Subject: URGENT HELP NEEDED In-Reply-To: <3BC8B031.14DF046A@slu.edu> Message-ID: <3BCAA413.10440.2F7E11@localhost> > All, > I need to know if samba can be a PDC across subnets (i.e. server is > no .23 and client is on .24) It works! You have to set up cross subnet browsing. Easeist way: make the pdc a wins server and let the pc point to it. You may also look at the remote announce parameter. If all fails you can still add the pdc to the lmhosts file on the client. Christian > I was told by Redhat that it could not, > which I found hard to believe. This is mission critical because if I can > not find a way to make it work, i get the proverbial pie in the face. > Plus all kinds of crap about pushing for Linux and telling them (boss) > it would work. Any help at all would be appreciated. > > Set up: Redhat 7.1 Samba 2.2.1a > > Cheers, > > Tony > > -- > ------------------------------- > Tony Ricker > Technology Coordinator > SLUCare - P.M.O. > St. Louis University > Phone: 314.977.6844 > E-mail: rickera2@slu.edu > ------------------------------- > "In the beginners mind, there > are many possibilities. In the > experts mind, there are few" > - Shunryu Suzuki > ------------------------------- > "Think Different" > > > > _(_)_ wWWWw _ @@@@ (_)@(_) vVVVv _ @@@@ (___) _(_)_ @@()@@ wWWWw (_)\ (___) _(_)_ @@()@@ Y (_)@(_) @@@@ (___) `|/ Y (_)@(_) @@@@ \|/ (_)\ / Y \| \|/ /(_) \| |/ | \ | \ |/ | / \ | / \|/ |/ \| \|/ jgs|// \\|/// \\\|//\\\|/// \|/// \\\|// \\|// \\\|// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From Bhavna.Sanghavi at lntinfotech.com Mon Oct 15 01:40:23 2001 From: Bhavna.Sanghavi at lntinfotech.com (Bhavna.Sanghavi@lntinfotech.com) Date: Tue Dec 2 02:36:25 2003 Subject: Post to this list Message-ID: From chris.bamford at ntli.net Mon Oct 15 01:56:02 2001 From: chris.bamford at ntli.net (Chris Bamford) Date: Tue Dec 2 02:36:25 2003 Subject: winbind Message-ID: <3BCAA576.8A414200@ntli.net> Hi All, Last week I posted a question about winbind on Solaris and have heard nothing; am I posting to the wrong list? If so, where should I ask this question? Thanks, -- Chris From Michael.Keightley at quadstone.com Mon Oct 15 03:01:04 2001 From: Michael.Keightley at quadstone.com (Michael Keightley) Date: Tue Dec 2 02:36:25 2003 Subject: Samba-2.2.2 fails to compile with Sun C compiler Message-ID: <20011015110224.A1153@quadstone.com> Am getting this error when I try to compile Samba-2.2.2 with the Sun C compiler (Forte 6 update 2) on Solaris 8 (same error on 2.6): Compiling nsswitch/wb_common.c with -KPIC Linking nsswitch/libnss_winbind.so ld: fatal: option -h and building a dynamic executable are incompatible ld: fatal: Flags processing errors *** Error code 1 make: Fatal error: Command failed for target `nsswitch/libnss_winbind.so' Here are the flags: Using FLAGS32 = -O -xtarget=ultra2 -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLOGFILEBASE="/home/samba_pearl/var" -DCONFIGFILE="/home/samba_pearl/lib/smb.conf" -DLMHOSTSFILE="/home/samba_pearl/lib/lmhosts" -DSWATDIR="/home/samba_pearl/swat" -DSBINDIR="/home/samba_pearl/sbin" -DLOCKDIR="/home/samba_pearl/var/locks" -DCODEPAGEDIR="/home/samba_pearl/lib/codepages" -DDRIVERFILE="/home/samba_pearl/lib/printers.def" -DBINDIR="/home/samba_pearl/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/home/samba_pearl/private/smbpasswd" -DTDB_PASSWD_FILE="/home/samba_pearl/private/smbpasswd.tdb" Any idea what might be wrong? Michael -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From eirvine at tpgi.com.au Mon Oct 15 04:58:03 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:36:25 2003 Subject: Samba-2.2.2 fails to compile with Sun C compiler References: <20011015110224.A1153@quadstone.com> Message-ID: <3BCACEBD.F2B0F2D1@tpgi.com.au> Hi, I seem to recall that I had to *explicitly* shut off winbind support at the configure stage. (If you actually want winbind, then this is a problem :)). Eddie. Michael Keightley wrote: > > Am getting this error when I try to compile Samba-2.2.2 with the Sun C compiler > (Forte 6 update 2) on Solaris 8 (same error on 2.6): > > Compiling nsswitch/wb_common.c with -KPIC > Linking nsswitch/libnss_winbind.so > ld: fatal: option -h and building a dynamic executable are incompatible > ld: fatal: Flags processing errors > *** Error code 1 > make: Fatal error: Command failed for target `nsswitch/libnss_winbind.so' > > Here are the flags: > > Using FLAGS32 = -O -xtarget=ultra2 -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLOGFILEBASE="/home/samba_pearl/var" -DCONFIGFILE="/home/samba_pearl/lib/smb.conf" -DLMHOSTSFILE="/home/samba_pearl/lib/lmhosts" -DSWATDIR="/home/samba_pearl/swat" -DSBINDIR="/home/samba_pearl/sbin" -DLOCKDIR="/home/samba_pearl/var/locks" -DCODEPAGEDIR="/home/samba_pearl/lib/codepages" -DDRIVERFILE="/home/samba_pearl/lib/printers.def" -DBINDIR="/home/samba_pearl/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/home/samba_pearl/private/smbpasswd" -DTDB_PASSWD_FILE="/home/samba_pearl/private/smbpasswd.tdb" > > Any idea what might be wrong? > > Michael > > -- > Michael Keightley Tel: +44 131 220 4491 > Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 > 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From thorsten.stettin at gemplus.com Mon Oct 15 05:09:04 2001 From: thorsten.stettin at gemplus.com (Thorsten Stettin) Date: Tue Dec 2 02:36:25 2003 Subject: Samba-2.2.2 fails to compile with Sun C compiler References: <20011015110224.A1153@quadstone.com> Message-ID: <3BCAD225.E343174B@gemplus.com> Michael Keightley schrieb: > Am getting this error when I try to compile Samba-2.2.2 with the Sun C compiler > (Forte 6 update 2) on Solaris 8 (same error on 2.6): > > Compiling nsswitch/wb_common.c with -KPIC > Linking nsswitch/libnss_winbind.so > ld: fatal: option -h and building a dynamic executable are incompatible > Which ld are you using? > ld: fatal: Flags processing errors > *** Error code 1 > make: Fatal error: Command failed for target `nsswitch/libnss_winbind.so' > > Here are the flags: > > Using FLAGS32 = -O -xtarget=ultra2 -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLOGFILEBASE="/home/samba_pearl/var" -DCONFIGFILE="/home/samba_pearl/lib/smb.conf" -DLMHOSTSFILE="/home/samba_pearl/lib/lmhosts" -DSWATDIR="/home/samba_pearl/swat" -DSBINDIR="/home/samba_pearl/sbin" -DLOCKDIR="/home/samba_pearl/var/locks" -DCODEPAGEDIR="/home/samba_pearl/lib/codepages" -DDRIVERFILE="/home/samba_pearl/lib/printers.def" -DBINDIR="/home/samba_pearl/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/home/samba_pearl/private/smbpasswd" -DTDB_PASSWD_FILE="/home/samba_pearl/private/smbpasswd.tdb" > > Any idea what might be wrong? > > Michael > > -- > Michael Keightley Tel: +44 131 220 4491 > Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 > 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From WToffling at aol.com Mon Oct 15 05:33:11 2001 From: WToffling at aol.com (WToffling@aol.com) Date: Tue Dec 2 02:36:25 2003 Subject: samba-2.2.2 and swat.???? Message-ID: Ok so I installed samba 2.2.2 after removing 2.2.1a and now I can't get swat to work.. All the config files tell me I should have inetd.conf in my /etc directory.well I don't..do I make it???? If so how?? p.s. this is mandrake 8.1 Dave Toffling From gunnar at ki.ericsson.se Mon Oct 15 05:51:01 2001 From: gunnar at ki.ericsson.se (Gunnar Gunnarsson) Date: Tue Dec 2 02:36:25 2003 Subject: Samba-2.2.2 fails to compile with Sun C compiler In-Reply-To: <20011015110224.A1153@quadstone.com> References: <20011015110224.A1153@quadstone.com> Message-ID: <15306.56012.686186.972981@gonzo.eral.ericsson.se> Work around to compile it with Sun C compiler/linker. This should be fixed in the configure script. 622c622 < $(LD) -B dynamic -o $@ $(PAM_SMBPASS_OBJ) lib/snprintf.o -lpam $(LIBS) -lc --- > $(LD) -shared -symbolic -o $@ $(PAM_SMBPASS_OBJ) -lpam $(LIBS) -lc 626c626 < @$(LD) -B dynamic -o $@ $(NSS_OBJ) -lc --- > @$(LD) -shared -o $@ $(NSS_OBJ) -lc 634c634 < @$(LINK) -G -o $@ $(WINBIND_NSS_PICOBJS) --- > @$(LINK) -shared -o $@ $(WINBIND_NSS_PICOBJS) 638c638 < @$(LINK) -G -o $@ $(PAM_WINBIND_OBJ) -lpam -lnsl --- > @$(LINK) -shared -o $@ $(PAM_WINBIND_OBJ) Michael Keightley writes: > > Am getting this error when I try to compile Samba-2.2.2 with the Sun C compiler > (Forte 6 update 2) on Solaris 8 (same error on 2.6): > > > Compiling nsswitch/wb_common.c with -KPIC > Linking nsswitch/libnss_winbind.so > ld: fatal: option -h and building a dynamic executable are incompatible > ld: fatal: Flags processing errors > *** Error code 1 > make: Fatal error: Command failed for target `nsswitch/libnss_winbind.so' > > Here are the flags: > > Using FLAGS32 = -O -xtarget=ultra2 -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLOGFILEBASE="/home/samba_pearl/var" -DCONFIGFILE="/home/samba_pearl/lib/smb.conf" -DLMHOSTSFILE="/home/samba_pearl/lib/lmhosts" -DSWATDIR="/home/samba_pearl/swat" -DSBINDIR="/home/samba_pearl/sbin" -DLOCKDIR="/home/samba_pearl/var/locks" -DCODEPAGEDIR="/home/samba_pearl/lib/codepages" -DDRIVERFILE="/home/samba_pearl/lib/printers.def" -DBINDIR="/home/samba_pearl/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/home/samba_pearl/private/smbpasswd" -DTDB_PASSWD_FILE="/home/samba_pearl/private/smbpasswd.tdb" > > Any idea what might be wrong? > > Michael > > > > -- > Michael Keightley Tel: +44 131 220 4491 > Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 > 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From dennis.bieling at primedisc.com Mon Oct 15 06:13:26 2001 From: dennis.bieling at primedisc.com (dennis.bieling@primedisc.com) Date: Tue Dec 2 02:36:25 2003 Subject: Printerdriver Distribution to Windows NT 4.0 Message-ID: Hello! I installed a Samba-Printserver for my Windows NT 4.0 clients. The server works fine and even the printer-driver distribution works fine, but I discovered the following problem: When I upload a Windows-printerdriver using the APW, all my clients can use this driver and it is distributed to them fine, but when I have to restart the Samba-Server the driver seems gone. Therefore I had a closer look and noticed that the server took the correct path as specified in my print$ , switched to W32X86 but then created a subfolder named "2". In that subfolder he wrote all the dll- and ppd- files but no inf-file. This problem occured when I tried to install 2 different HP Laserjet drivers. Best regards Dennis From jasonc at reinit.org Mon Oct 15 06:48:03 2001 From: jasonc at reinit.org (Jason Cook) Date: Tue Dec 2 02:36:25 2003 Subject: samba-2.2.2 and swat.???? In-Reply-To: ; from WToffling@aol.com on Mon, Oct 15, 2001 at 08:34:36AM -0400 References: Message-ID: <20011015094946.A13191@panacea.canonical.org> * WToffling@aol.com (WToffling@aol.com) wrote: > Ok so I installed samba 2.2.2 after removing 2.2.1a and now I can't get > swat to work.. All the config files tell me I should have inetd.conf in > my /etc directory.well I don't..do I make it???? If so how?? > > p.s. this is mandrake 8.1 > > Dave Toffling > Mandrake uses xinetd. Look in /etc/xinet.d/swat IIRC. -- Jason Cook | GnuPG Fingerprint: D531 F4F4 BDBF 41D1 514D GNU/Linux Technical Lead | F930 FD03 262E 5120 BEDD evolServ Technology | Home page: http://reinit.org asm sucks. Real men use a pair of tweezers and a magnet. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011015/b3b21e00/attachment.bin From eimis at ism.lt Mon Oct 15 07:02:04 2001 From: eimis at ism.lt (Eimantas Serpenskas) Date: Tue Dec 2 02:36:25 2003 Subject: samba-2.2.2 and swat.???? References: Message-ID: <09b601c15582$6f034800$1401a8c0@ism.lt> I think mandrake 8.1 uses xinetd service instead of inetd, so look for /etc/xinet.d/swat and configure it. Eimis > Ok so I installed samba 2.2.2 after removing 2.2.1a and now I can't get > swat to work.. All the config files tell me I should have inetd.conf in > my /etc directory.well I don't..do I make it???? If so how?? > > p.s. this is mandrake 8.1 > > Dave Toffling > > > From jerry at samba.org Mon Oct 15 07:10:03 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:26 2003 Subject: Samba-2.2.2 fails to compile with Sun C compiler In-Reply-To: <20011015110224.A1153@quadstone.com> Message-ID: On Mon, 15 Oct 2001, Michael Keightley wrote: > > Am getting this error when I try to compile Samba-2.2.2 with the Sun C compiler > (Forte 6 update 2) on Solaris 8 (same error on 2.6): > > > Compiling nsswitch/wb_common.c with -KPIC > Linking nsswitch/libnss_winbind.so > ld: fatal: option -h and building a dynamic executable are incompatible > ld: fatal: Flags processing errors > *** Error code 1 > make: Fatal error: Command failed for target `nsswitch/libnss_winbind.so' Use ./configure --with-winbind=no to bypass building winbindd and libnss_winbind.so cheers, jerry From mario at berlin.das-werk.de Mon Oct 15 07:13:04 2001 From: mario at berlin.das-werk.de (mario) Date: Tue Dec 2 02:36:26 2003 Subject: pdc Message-ID: <3BCAED54.314F215B@berlin.das-werk.de> Hello I have a problem with samba as a PDC. The network is running without problems. But when I want to add a new NT-Machine to the domain, the Network-Settings on NT produce an crash (memory fault) and in the log file I have the following entry: rpc_server/srv_samr.c:api_samr_unknown_32(1508) trouble! What can I do, five other NT-Workstations are running without any problems. I run samba on redhat linux v7.2 its version 2.0.7 thanks for help From andreas.schubert at mathema.de Mon Oct 15 08:02:08 2001 From: andreas.schubert at mathema.de (Andreas Schubert) Date: Tue Dec 2 02:36:26 2003 Subject: pdc In-Reply-To: <3BCAED54.314F215B@berlin.das-werk.de> Message-ID: <200110151457.f9FEvFL25138@abel.mathema.de> > I run samba on redhat linux v7.2 its version 2.0.7 You should youse Samba 2.2.x, it has better pdc support... > > thanks for help > > Andreas -- andreas.schubert@mathema.de MATHEMA AG N?gelsbachstra?e 25 b 91052 E r l a n g e n Telefon 09131/8903-0 Telefax 09131/8903-55 http://www.mathema.de From Michael.Keightley at quadstone.com Mon Oct 15 08:26:04 2001 From: Michael.Keightley at quadstone.com (Michael Keightley) Date: Tue Dec 2 02:36:26 2003 Subject: DCOM problem within a Samba controlled domain Message-ID: <20011015160711.A1733@quadstone.com> We have been having problems with NT DCOM client and server when the NT machines are in a Samba domain (Samba-2.2.1a). Below is an explanation of the problem one of devlelopers is having: Anyone got any ideas? Problem Overview: DCOM client and server running on different NT4 workstations within the same SAMBA controlled domain. The client can launch the server, create an object within the server and obtain an interface to the object (using CoCreateInstanceEx), but the first method call on the interface generates an HRESULT of 0x80070005 (E_ACCESSDENIED). When run under the debugger, the debugger shows that the method body is not entered, so it appears to be some access problem with the actual method call. When client and server are run on a similar setup within an NT server controlled domain the method call succeeds. More Details: The DCOM server is running as a system service which runs within the System Account context. The DCOM server has no programmatically set security. The DCOM server's security permissions (as set within DCOMCnfg) are: Authentication Level: none Impersonation Level: Identity (though same problem when set as any of other levels) Access Permissions: Allow Access for "Domain Users" and "Everyone" -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From jbeauchamp at gesinc.com Mon Oct 15 10:39:35 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:36:26 2003 Subject: DCOM problem within a Samba controlled domain References: <20011015160711.A1733@quadstone.com> Message-ID: <008e01c155b8$84bce580$1d01a8c0@gesinc.com> Michael: I don't know squat about most of what you describe, but in the release announcement for 2.2.2 they indicate they fixed a number of oplock issues. Is it possible this is related to your problem? If so you might want to try and upgrade. HTH James ----- Original Message ----- From: "Michael Keightley" To: Sent: Monday, October 15, 2001 8:07 AM Subject: DCOM problem within a Samba controlled domain > > > We have been having problems with NT DCOM client and server when the NT > machines are in a Samba domain (Samba-2.2.1a). Below is an explanation of the > problem one of devlelopers is having: > Anyone got any ideas? > > Problem Overview: > DCOM client and server running on different NT4 workstations within the same > SAMBA controlled domain. The client can launch the server, create an object > within the server and obtain an interface to the object (using > CoCreateInstanceEx), but the first method call on the interface generates an > HRESULT of 0x80070005 (E_ACCESSDENIED). When run under the debugger, the > debugger shows that the method body is not entered, so it appears to be some > access problem with the actual method call. > > When client and server are run on a similar setup within an NT server > controlled domain the method call succeeds. > > More Details: > The DCOM server is running as a system service which runs within the > System Account context. > The DCOM server has no programmatically set security. > The DCOM server's security permissions (as set within DCOMCnfg) are: > Authentication Level: none > Impersonation Level: Identity (though same problem when set as any of > other levels) > Access Permissions: Allow Access for "Domain Users" and "Everyone" > > -- > Michael Keightley Tel: +44 131 220 4491 > Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 > 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com > From herb at sgi.com Mon Oct 15 11:42:03 2001 From: herb at sgi.com (Herb Lewis) Date: Tue Dec 2 02:36:26 2003 Subject: Samba 2.2.2 released References: <20011013162220.A7718@va.samba.org> Message-ID: <3BCB2DDA.60E59E39@sgi.com> IRIX install package is avaliable at http://us1.samba.org/samba/ftp/Binary_Packages/IRIX/ -- ====================================================================== Herb Lewis Silicon Graphics Networking Engineer 1600 Amphitheatre Pkwy MS-510 Strategic Software Organization Mountain View, CA 94043-1351 herb@sgi.com Tel: 650-933-2177 http://www.sgi.com Fax: 650-932-2177 ====================================================================== From ekolb at edscha-na.com Mon Oct 15 12:10:32 2001 From: ekolb at edscha-na.com (Eric Kolb) Date: Tue Dec 2 02:36:26 2003 Subject: samba-ntdom digest, Vol 1 #515 - 21 msgs (On Vacation) Message-ID: I'll be on vacation until Oct.22. Eric Kolb Senior Systems / Network Administrator Edscha of Canada / Edscha North America From greg at leiinc.com Mon Oct 15 13:07:02 2001 From: greg at leiinc.com (Greg J. Zartman, P.E.) Date: Tue Dec 2 02:36:26 2003 Subject: How many people use Samba Message-ID: Does anyone have a ballpark of how many people use Samba? Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. (541)683-8383 fax (541)683-8144 www.leiinc.com From jra at samba.org Mon Oct 15 13:10:06 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:36:26 2003 Subject: How many people use Samba In-Reply-To: ; from greg@leiinc.com on Mon, Oct 15, 2001 at 01:07:01PM -0700 References: Message-ID: <20011015130932.O26579@va.samba.org> On Mon, Oct 15, 2001 at 01:07:01PM -0700, Greg J. Zartman, P.E. wrote: > Does anyone have a ballpark of how many people use Samba? The "stick your finger in the air" answer I usually give reporters is that "30% of Windows clients connect to one or more Samba servers". Then they go away trying to figure out how many clients that is :-). It's a ballpark number that came out of some corporate research by "someone who must not be named"...... :-) :-). Jeremy. From grobe at gmx.net Mon Oct 15 13:51:02 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:36:26 2003 Subject: pdc References: <3BCAED54.314F215B@berlin.das-werk.de> Message-ID: <3BCB4CD3.C7267093@gmx.net> mario wrote: . > But when I want to add a new NT-Machine > to the domain, the Network-Settings on NT > produce an crash (memory fault) and in the log > file I have the following entry: Hi Mario! What versions of NT do you use? I have had an installation of NT4 with 2.07 as well as 2.20/21 with Windows 2000. Samba is PDC and does authentication of the MacOS/Netatalk clients (pam_smb) as well. Now I installed samba-2.21a as fileserver and samba-tng to be pdc (both on one machine) to get more control on user and group permissions (I needed some kind of group mapping, and as domain groups is gone with samba-2.2, I have a tng-pdc now ;-). So please give us some details on the installation you have / you want. CU, Lars. (Das Werk - etwa auch einer von der Firma, die es auch hier in Frankfurt gibt...? ;-) From junk1 at sach.mailshell.com Mon Oct 15 18:53:02 2001 From: junk1 at sach.mailshell.com (junk1@sach.mailshell.com) Date: Tue Dec 2 02:36:26 2003 Subject: samba-winbind NT authentication. Message-ID: <1003197245.3bcb933d186d3@www.mailshell.com> Hi, We have a set of Solaris boxes are installed with Samba code. The user population is NT based. We want to provide authentication services on the Solaris boxes for NT users. So far we have got it working by installing SAMBA 2.2 and modifying the client.c(samba\samba-2.2.1a\source\client) program that comes with samba installation. This work well but it uses smbserver to connect and validate users on the NT domain. I have some questions in this approach:- 1) What level of Window Lan Manager protocol does samba use? 2) Will it work seamlessly with Win2K boxes.? The 2nd option is to use Winbind daemon on the solaris box to authenticate users. However winbind works with PAM and NSS. As I understand I will have to write in my application code that call PAM library functions to authenticate users. These in turn will call winbindd daemon, which will authenticate against Windows NT domain. I have 2 questions here:- 1) Can I directly take the winbind code and integrate it with my application quickly and in that process bypass PAM and NSS. What are the pros and cons of this approach? 2) What level of Window Lan Manager protocol does winbind work againsts? 3) Is winbind authentication thread safe?(can i do multiple logons) 4) Will it work seamlessly with Windows 2000 server boxes or do i need some changes in code.? I would really appreciate a quick response to this message. Thanks, Sachin _______________________________________________________ The FREE service that prevents junk email http://www.mailshell.com From kokwei at eXtropia.com Mon Oct 15 21:28:02 2001 From: kokwei at eXtropia.com (Kok Wei, Koh) Date: Tue Dec 2 02:36:26 2003 Subject: Permissions Message-ID: <5.1.0.14.2.20011016122614.00ac4ef0@192.168.168.10> I'm using Samba to allow Windows machines to access files in a Linux box. I understand that you can assign valid users to a samba share with the following: [share-name] path = /path/to/share valid=users = @validgroup writable = yes browsable = yes blah blah blah ... I have another group in my Linux machine called 'contract' which I made the following changes to the above share: [share-name] path = /path/to/share valid=users = @validgroup @contract writable = yes browsable = yes blah blah blah ... The problem is I would only want users in the group 'contract' to only able to access certain directories in /path/to/share unlike 'validgroup' which is able to access to everything in /path/to/share. Is this possible with Samba? -- Kok Wei, Koh From kunathma at pilot.msu.edu Mon Oct 15 21:32:03 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:26 2003 Subject: smb win2k-server-as-client share permission problem In-Reply-To: <200110132155.f9DLtnm44906@pilot16.cl.msu.edu> from "Marcel Kunath" at Oct 13, 2001 05:55:49 pm Message-ID: <200110160433.f9G4XI824710@pilot05.cl.msu.edu> Hello, I had power failure which immediately tossed my freshly installed w2kas. So I went ahead and reinstalled it, updated to SP2 and installed samba 2.2.2 on my Linux box. Authentication against PDC works. Logon drive gets mapped. user script marcel.bat gets executed but drives don't get mapped. After mapping them by hand I try to set permissions and there is constant traffic on the switch. The log for the client(w2kas) gets filled with the following lines: > > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > create_canon_ace_lists: unable to map SID > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > Anybody have this problem? mk From kunathma at pilot.msu.edu Tue Oct 16 01:23:03 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:26 2003 Subject: smb win2k-server-as-client share permission problem In-Reply-To: <200110160433.f9G4XI824710@pilot05.cl.msu.edu> from "Marcel Kunath" at Oct 16, 2001 00:33:18 am Message-ID: <200110160824.f9G8O0u54148@pilot13.cl.msu.edu> more stuff. Ok as described before I run a marcel.bat script mounting three shares which don't show up though. If I go afterwards into network and dial connections and try to mount a share as a different user it says: The network folder is currently mapped using a different username. TO connect first disconnect. So it figures it connected to the shares but it didn't/. I did search on google for http://www.google.com/search?q=create_canon_ace_lists:+unable+to+map+SID Similar problems but no solutions. mk > > Hello, > > I had power failure which immediately tossed my freshly installed w2kas. So I > went ahead and reinstalled it, updated to SP2 and installed samba 2.2.2 on my > Linux box. Authentication against PDC works. Logon drive gets mapped. user > script > marcel.bat gets executed but drives don't get mapped. After mapping them by > hand I try to set permissions and there is constant traffic on the switch. The > log for the client(w2kas) gets filled with the following lines: > > > > > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > > create_canon_ace_lists: unable to map SID > > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > > create_canon_ace_lists: unable to map SID > > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > > create_canon_ace_lists: unable to map SID > > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > > create_canon_ace_lists: unable to map SID > > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > > [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) > > create_canon_ace_lists: unable to map SID > > S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. > > > > Anybody have this problem? > > mk > -- Marcel Kunath *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Montie House Network Greater Lansing Linux Users Group http://www.montiehouse.com http://www.gllug.org *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* From grobe at gmx.net Tue Oct 16 02:33:01 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:36:26 2003 Subject: Permissions References: <5.1.0.14.2.20011016122614.00ac4ef0@192.168.168.10> Message-ID: <3BCBFF62.E6B8DC86@gmx.net> Hi! chown .contract /path/to/share/ chown -R .contract /path/to/share/quite_open_files/ chown -R .validgroup /path/to/share/all_my_secrets/ So only validgroup is able to acces the folder all_my_secrets. Make all members of validgroup to be members of contract, too, and they will have access to folders of validgroups as well as contract. You might do this with acls, but unix permissions are ok for this task. CU, Lars. -- "Kok Wei, Koh" wrote: > > I'm using Samba to allow Windows machines to access files in a Linux box. > > I understand that you can assign valid users to a samba share with the > following: > > [share-name] > path = /path/to/share > valid=users = @validgroup > writable = yes > browsable = yes > blah blah blah ... > > I have another group in my Linux machine called 'contract' which I made the > following changes to the above share: > > [share-name] > path = /path/to/share > valid=users = @validgroup @contract > writable = yes > browsable = yes > blah blah blah ... > > The problem is I would only want users in the group 'contract' to only able > to access certain directories in /path/to/share unlike 'validgroup' which > is able to access to everything in /path/to/share. Is this possible with Samba? > > -- > Kok Wei, Koh From sascha.willuweit at charite.de Tue Oct 16 06:16:05 2001 From: sascha.willuweit at charite.de (Sascha Willuweit) Date: Tue Dec 2 02:36:26 2003 Subject: Please unsubscribe!!!! Message-ID: <03a501c15643$10786dd0$32182a8d@rem.charite.de> Allready tried the normal way..... ...doesn?t help From Joachim.Tork at gad.de Tue Oct 16 07:11:07 2001 From: Joachim.Tork at gad.de (Joachim.Tork@gad.de) Date: Tue Dec 2 02:36:26 2003 Subject: Samba as a PDC with ldap backend Message-ID: Hello, I am trying to set up a linux box with samba as a PDC. I am using samba-2.2.2, encouraged by the announcement that there is better support for that in this new release. I set up an ldap server and fed this with entries according to samba.schema. The mounting of shares is working fine, but a domain logon is not working at all. So my question is if anyone has brought this thing to work. Is there already a howto available ? Best regards Joachim From jwise at newroads.org Tue Oct 16 09:08:44 2001 From: jwise at newroads.org (Joe Wise) Date: Tue Dec 2 02:36:26 2003 Subject: unsubscibe Message-ID: <004001c15613$b3431590$aa00a8c0@newroads.org> Skipped content of type multipart/alternative-------------- next part -------------- NTMail K12 - the Mail Server for Education From samba at denverdata.com Tue Oct 16 09:59:04 2001 From: samba at denverdata.com (Samba Admin) Date: Tue Dec 2 02:36:26 2003 Subject: Samba as a PDC with ldap backend In-Reply-To: Message-ID: Joachim, I've had Samba 2.2.1a and now Samba 2.2.2 running with OpenLDAP as the SAM database. I have a small number of users that were already being authenticated via pam/nss to LDAP, so I just updated the accounts by hand with the info from my old smbpasswd. To get 2.2.2 against LDAP add the following to the global section of you smb.conf: ldap server = ldap port = ldap admin dn = Once that is done, run smbpasswd as root as follows: smbpasswd -w This puts the password in the secrets.tdb. Samba 2.2.2 is proving a challenge in that it appears the handling of a users rid is inconsistent. Sometimes it is treated as a decimal number, sometime hex -- at least that's what I'm observing so far. User Manager for Domains is proving a good test for the validity of your LDAP entries. If you can double click a user account and view its properties, the entry is should be good. Editting those properties is not currently working via User Manager... HTH, Doug > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of > Joachim.Tork@gad.de > Sent: Tuesday, October 16, 2001 8:08 AM > To: samba-ntdom@lists.samba.org > Subject: Samba as a PDC with ldap backend > > > Hello, > > I am trying to set up a linux box with samba as a PDC. > I am using samba-2.2.2, encouraged by the announcement > that there is better support for that in this new release. > > I set up an ldap server and fed this with entries according to > samba.schema. > The mounting of shares is working fine, but a domain logon > is not working at all. > > So my question is if anyone has brought this thing to work. > Is there already a howto available ? > > Best regards > > Joachim > > > From junk1 at sach.mailshell.com Tue Oct 16 10:23:06 2001 From: junk1 at sach.mailshell.com (junk1@sach.mailshell.com) Date: Tue Dec 2 02:36:26 2003 Subject: samba-winbind NT authentication. Message-ID: <1003251719.3bcc68075a5b9@www.mailshell.com> Hi, We have a set of Solaris boxes are installed with Samba code. The user population is NT based. We want to provide authentication services on the Solaris boxes for NT users. So far we have got it working by installing SAMBA 2.2 and modifying the client.c(samba\samba-2.2.1a\source\client) program that comes with samba installation. This work well but it uses smbserver to connect and validate users on the NT domain. I have some questions in this approach:- 1) What level of Window Lan Manager protocol does samba use? 2) Will it work seamlessly with Win2K boxes.? The 2nd option is to use Winbind daemon on the solaris box to authenticate users. However winbind works with PAM and NSS. As I understand I will have to write in my application code that call PAM library functions to authenticate users. These in turn will call winbindd daemon, which will authenticate against Windows NT domain. I have 2 questions here:- 1) Can I directly take the winbind code and integrate it with my application quickly and in that process bypass PAM and NSS. What are the pros and cons of this approach? 2) What level of Window Lan Manager protocol does winbind work againsts? 3) Is winbind authentication thread safe?(can i do multiple logons) 4) Will it work seamlessly with Windows 2000 server boxes or do i need some changes in code.? I would really appreciate a quick response to this message. Thanks, Sachin _______________________________________________________ The FREE service that prevents junk email http://www.mailshell.com From ekolb at edscha-na.com Tue Oct 16 13:39:18 2001 From: ekolb at edscha-na.com (Eric Kolb) Date: Tue Dec 2 02:36:26 2003 Subject: samba-ntdom digest, Vol 1 #516 - 14 msgs (On Vacation) Message-ID: I'll be on vacation until Oct.22. Eric Kolb Senior Systems / Network Administrator Edscha of Canada / Edscha North America From johnl at sotxlighthouse.org Tue Oct 16 14:20:32 2001 From: johnl at sotxlighthouse.org (John Francis Lee) Date: Tue Dec 2 02:36:26 2003 Subject: checking configure summary error: no seteuid available Message-ID: <3BCC9FDB.2040606@sotxlighthouse.org> Trying to complie 2.2.2 I get the following at the very end of the ./configures output: checking configure summary WARNING: No automated network interface determination ERROR: no seteuid method available configure: error: summary failure. Aborting config ifconfig shows eth0's configuration, as well as vmnet1's and vmnet8's from vmware's installation. I'm not sure why samba would conclude seteuid was unavailable. I tried the rpm, but it told me that I had to have a kernel > 2.2.1 to install it. My kernel is 2.4.12. -- John Francis Lee IS Director South Texas Lighthouse for the Blind PO Box 9697 Corpus Christi TX 78469 361.883.6553x45 From wildman at mediaone.net Tue Oct 16 21:56:02 2001 From: wildman at mediaone.net (Art Wildman) Date: Tue Dec 2 02:36:26 2003 Subject: How many people use Samba References: <20011015130932.O26579@va.samba.org> Message-ID: <3BCD1153.C9A86D9F@mediaone.net> hehe... Seriously, some web statistics on the number of downloads may help quantify the size of the ballpark. OT: Good to here from you again Jeremy, and thanks again for visiting JaxLUG at the ITEC trade show last summer. You really made our day! http://www.jaxlug.org/itec2001/Mvc-448f.jpg http://www.jaxlug.org/itec2001/Mvc-437f.jpg -- Art Wildman - wildman@pobox.com - PGPID=0x710B8A1F Jacksonville Linux Users Group (JaxLUG) PO Box 16757, Jacksonville, FL 32245-6757 http://www.jaxlug.org | jaxlug-list@jaxlug.org Jeremy Allison wrote: > > On Mon, Oct 15, 2001 at 01:07:01PM -0700, Greg J. Zartman, P.E. wrote: > > Does anyone have a ballpark of how many people use Samba? > > The "stick your finger in the air" answer I usually give reporters > is that "30% of Windows clients connect to one or more Samba servers". > > Then they go away trying to figure out how many clients that is :-). > > It's a ballpark number that came out of some corporate research by > "someone who must not be named"...... :-) :-). > > Jeremy. From shashi.kumar at wipro.com Tue Oct 16 21:59:08 2001 From: shashi.kumar at wipro.com (Shashi Kumar) Date: Tue Dec 2 02:36:26 2003 Subject: Profiles Seup for SAMBA 2.2.2 PDC Message-ID: <3BCD0805.6BD1F339@wipro.com> Hi, Am trying to convert existing NT PDC to Samba(Samba 2.2.2) PDC on Linux machine. I was able to setup Authentication on Samba PDC. But i am not able to setup the profiles previously used by NT PDC. When I do authentication using Samba PDC, it creates a one more local profile on NTws. Any help is appreciated. Regards, Shashi -------------- next part -------------- ----------------------------------------------------------------------------------------------------------------------- Information transmitted by this E-MAIL is proprietary to Wipro and/or its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at mailto:mailadmin@wipro.com and delete this mail from your records. ------------------------------------------------------------------------------------------------------------------------ From jmartos at ayto-fuenlabrada.es Wed Oct 17 00:45:09 2001 From: jmartos at ayto-fuenlabrada.es (jmartos@ayto-fuenlabrada.es) Date: Tue Dec 2 02:36:26 2003 Subject: I can't see shares disk from PDC WNT Server Message-ID: I have added a Linux machine (Suse 7.0) to a windows Domain. I'd like Samba delegates password authentication and control access to Shares(Disk) to a Windows NT 4.0 Server acting as a PDC on the network, I can see shares disk from any windows 98 worksation, but I can't see Shares from the PDC. What can I do? Thanks. --------------------------------------------------------- Jos? Martos Collado Departamento de Inform?tica Ayuntamiento de Fuenlabrada C / Hungr?a, 5 28943 Fuenlabrada (Madrid) Spain From oalvarez at prisacom.com Wed Oct 17 02:44:02 2001 From: oalvarez at prisacom.com (Oscar Alvarez) Date: Tue Dec 2 02:36:26 2003 Subject: Is possible to use NT2000 user database as a single point of authentification? Message-ID: <005e01c156f0$41850160$69c85a0a@prisacom.int> I just want to use Samba for common directory exporting for all the 2000 domain users. I don't want to maintain a Samba user's database at Linux, i want to manage all user/passwd from NT. Reading Samba doc's allways speak about a NT and then UNIX password masking, can i exclude this UNIX authentification? Thanks in Advance. Oscar Alvarez -------------- next part -------------- HTML attachment scrubbed and removed From steve at inserted.net Wed Oct 17 05:12:05 2001 From: steve at inserted.net (steve) Date: Tue Dec 2 02:36:26 2003 Subject: Win XP logons. Message-ID: <20011017221453.A4118@entropy.inserted.net> Howdy, I've been using samba for a while, but only as a workgroup member. I decided to play with it as a domain controller, and am having a problem or two. I've set up the machines (samba 2.2.1a/OpenBSD 2.9) to the letter as described in the installtion/configuration guide. I have no problem joining the domain, but when I go to log on, Windows complains that it either cannot find a domain controller, or that there isn't a machine account in the domain. This throws me a little, as it has no problem joining the domain to begin with, just logging on. The error reported by samba is: [2001/10/17 20:56:55, 0] rpc_server/srv_samr_nt.c:_samr_query_useraliases(2454) _samr_query_useraliases: Not yet implemented. Is this something whacky with XP (it is a legal version)? I don't have any 2k clients to compare against, unfortunatly. As previously suggested on the list, I've tried the current cvs, but the same problem occurs. Has anyone had any luck getting an XP client to log on to the domain? If so, a prod in the right direction would be much appreciated. Please cc me, as I'm not subscribed to the list. -- Regards, Stephen Ware -steve@inserted.net From Eddie.Wimberly at robins.af.mil Wed Oct 17 07:38:05 2001 From: Eddie.Wimberly at robins.af.mil (Wimberly Eddie Contr WRALC/LYSFR) Date: Tue Dec 2 02:36:26 2003 Subject: 2.2.2 and Roaming Profiles with Win2k Message-ID: Skipped content of type multipart/alternative From jerry at samba.org Wed Oct 17 08:17:03 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:26 2003 Subject: 2.2.2 and Roaming Profiles with Win2k In-Reply-To: Message-ID: On Wed, 17 Oct 2001, Wimberly Eddie Contr WRALC/LYSFR wrote: > I have 2.2.2 running as a PDC. I am trying to get roaming profiles to > work and have read the related docs. I am seeing the following > symptoms. After logging in on the Win2k box, it tells me that > "Windows cannot create profile directory > \\sambapdc\username\profile.pds. You will be logged on with a local > profile ...." > > In the [globals] section, I have "logon path = //%N/profiles/%U" as stated in the > docs. > Using smbclient on the samba server to test, I enter "smbclient > //sambapdc/profiles -U username" and get the expected results. But if > I enter, "smbclient //sambapdc/profiles/username > -U username", I get "tree connect failed: ERRDOS - > ERRnosuchshare (You specified an invalid share name)." Can the user write the [profiles] share and create the directory? The initial error message normally occurs the first time you log on and do have have a roaming profile stored on a network file server. Oh....and you cannot connect to //server/share/directory It's invalid syntax jerry From lee at booksys.com Wed Oct 17 08:40:04 2001 From: lee at booksys.com (Lee Smith) Date: Tue Dec 2 02:36:27 2003 Subject: Samba in an NT Domain Message-ID: <20011017100719.7cdb9c71.lee@booksys.com> Is there any good location I can find up to date documentation on what I can or cannot do? I'm looking into moving my NT DCs to samba, but I can only do so if Samba can also act as a BDC (I read somewhere about an LDAP/2 PDC combo offering similar capabilities to a BDC). Could someone please point me to a document explaining what samba is capable of this moment (stable, cvs or otherwise). Thanks. From gaston at delta.com.ar Wed Oct 17 09:39:03 2001 From: gaston at delta.com.ar (=?iso-8859-1?B?R2FzdPNuIETtYXo=?=) Date: Tue Dec 2 02:36:27 2003 Subject: unsubscibe Message-ID: <002101c1578e$85550a40$f58510c8@smb> Message unsubscribe gaston@delta.com.ar -------------------------------------------------------------------------------- -------------- next part -------------- HTML attachment scrubbed and removed From dave.stevenson at durham.ac.uk Wed Oct 17 09:50:07 2001 From: dave.stevenson at durham.ac.uk (Dave Stevenson) Date: Tue Dec 2 02:36:27 2003 Subject: 2.2.2 and Roaming Profiles with Win2k References: Message-ID: <3BCDB4D4.CF97492A@durham.ac.uk> I may be wrong about this but...(with flame retardent clothing applied.) isnt logon path= ... something that's passed to the NT/2000 box so maybe the slashes should be \\ rather than // ?? - or maybe that's just too simple certainly \\ works for me :-) "Gerald (Jerry) Carter" wrote: > On Wed, 17 Oct 2001, Wimberly Eddie Contr WRALC/LYSFR wrote: > > > I have 2.2.2 running as a PDC. I am trying to get roaming profiles to > > work and have read the related docs. I am seeing the following > > symptoms. After logging in on the Win2k box, it tells me that > > "Windows cannot create profile directory > > \\sambapdc\username\profile.pds. You will be logged on with a local > > profile ...." > > > > In the [globals] section, I have "logon path = //%N/profiles/%U" as stated in the > > docs. > > Using smbclient on the samba server to test, I enter "smbclient > > //sambapdc/profiles -U username" and get the expected results. But if > > I enter, "smbclient //sambapdc/profiles/username > > -U username", I get "tree connect failed: ERRDOS - > > ERRnosuchshare (You specified an invalid share name)." > > Can the user write the [profiles] share and create the > directory? The initial error message normally occurs the first > time you log on and do have have a roaming profile stored on a network > file server. > > Oh....and you cannot connect to //server/share/directory > It's invalid syntax > > jerry -- omou kokoro o shirabetsutsu hikiarikedomo shiru hito mo nashi From jerry at samba.org Wed Oct 17 10:22:02 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:27 2003 Subject: 2.2.2 and Roaming Profiles with Win2k In-Reply-To: <3BCDB4D4.CF97492A@durham.ac.uk> Message-ID: On Wed, 17 Oct 2001, Dave Stevenson wrote: > I may be wrong about this but...(with flame retardent clothing > applied.) > > isnt logon path= ... something that's passed to the NT/2000 box so > maybe the slashes should be \\ rather than // ?? - or maybe that's > just too simple certainly \\ works for me :-) Doh! [reaches for towel to wipe egg off of face...] I did not even notice that. Must be getting old.... ;) Of course, you are correct. Thanks. > > > \\sambapdc\username\profile.pds. You will be logged on with a local ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > profile ...." > > > > > > In the [globals] section, I have "logon path = //%N/profiles/%U" as ^^^^^^^^^^^^^^^^ cheers, jerry --------------------------------------------------------------------- www.samba.org SAMBA Team jerry_at_samba.org www.plainjoe.org jerry_at_plainjoe.org --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- From ken at sdd.hp.com Wed Oct 17 10:26:44 2001 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:36:27 2003 Subject: Better printing (driver handling) docs ? Message-ID: <200110171725.KAA03228@hpsdlz.sdd.hp.com> Is there anything better than just what is in the HowTo for NT server style printer driver handling ? I have a server that uses security = domain but I don't have any admin access to the domain, just the samba server. We use name maps to equate people's nt doamin names to their unix logins .... OS = HP-UX 10.20 .... latest (as of this morning) CVS bits for SAMBA_2_2 I can get general printer access to work fine as in [global] printing = hpux printcap name = /local/samba/lib/printcap [printers] comment = Test Printers for Ken valid users = ken path = /local/samba/var/spool read only = yes printable = yes browseable = yes But when I started adding things like .... [global] printer admin = ken [print$] comment = Testing NT Printer Support In Samba 2.2.2 path = /local/samba/printers browseable = yes read only = yes write list = ken I still don't get anything in the printers folder when I browse and I get messages in the log.smbd like [2001/10/17 10:07:54, 0, pid=3103, effective(0, 1), real(0, 0)] lib/util_sec.c:(77) Failed to set uid privileges to (-1,-2) now set to (0,0) [2001/10/17 10:07:54, 0, pid=3103, effective(0, 1), real(0, 0)] lib/util.c:(1055) PANIC: failed to set uid Pointers/help appreciated .... -- Ken From Eddie.Wimberly at robins.af.mil Wed Oct 17 10:27:33 2001 From: Eddie.Wimberly at robins.af.mil (Wimberly Eddie Contr WRALC/LYSFR) Date: Tue Dec 2 02:36:27 2003 Subject: 2.2.2 and Roaming Profiles with Win2k Message-ID: Sorry about that. I mistyped the slashes in the post. I do have the correct slashes in smb.conf. Also, I can use smbclient with the -U option to login as a user and I can create directories under the [profile] share. However, I still can't get the windows box to see it. The windows box is still looking at \\sambapdc\username\profile. It's like samba is not using the "logon path" option. Ed > -----Original Message----- > From: Gerald (Jerry) Carter [mailto:jerry@samba.org] > Sent: Wednesday, October 17, 2001 1:25 PM > To: Dave Stevenson > Cc: Wimberly Eddie Contr WRALC/LYSFR; samba-ntdom@lists.samba.org > Subject: Re: 2.2.2 and Roaming Profiles with Win2k > > > On Wed, 17 Oct 2001, Dave Stevenson wrote: > > > I may be wrong about this but...(with flame retardent clothing > > applied.) > > > > isnt logon path= ... something that's passed to the NT/2000 box so > > maybe the slashes should be \\ rather than // ?? - or maybe that's > > just too simple certainly \\ works for me :-) > > Doh! > > [reaches for towel to wipe egg off of face...] > > I did not even notice that. Must be getting old.... ;) > > Of course, you are correct. Thanks. > > > > > > \\sambapdc\username\profile.pds. You will be logged on > with a local > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > > profile ...." > > > > > > > > In the [globals] section, I have "logon path = > //%N/profiles/%U" as > ^^^^^^^^^^^^^^^^ > > > > > > > > > cheers, jerry > --------------------------------------------------------------------- > www.samba.org SAMBA Team jerry_at_samba.org > www.plainjoe.org jerry_at_plainjoe.org > --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- > From ariel at jusbaires.gov.ar Wed Oct 17 10:38:03 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:27 2003 Subject: Problems with samba 2.2.2 and 2.2.1a References: Message-ID: <000e01c15731$eb71c3c0$1a3ca8ac@jusbaoires.gov.ar> i have a PDC samba configured. all works ok, profiles, logon scripts, permissions etc. but when i go to a windoze workstation and configure the Access control list of users in the properties of network neighbourhood i set my domain to obtain a list of users for acl the local (in the windoze) file sharing. when i go to share a directory i go to Add to retrieve the list of users and groups from my pdc, 1) only the first 100 users are retrieved, all users can logon, but in the list only appear the first 100(i vae 800 users logging in to my server) 2) only 2 groups are in the list and i want to set groups for users because seting an local acl user per user is a bit ugly. any idea? thx for all From oliver at methfessel.net Wed Oct 17 10:46:05 2001 From: oliver at methfessel.net (Oliver Methfessel) Date: Tue Dec 2 02:36:27 2003 Subject: Windows NT4 Domain: Printing on a printer (connected to NT-Box) from Linux-Box Message-ID: <006601c15733$716e7ee0$6300a8c0@oliver> HI There, some days agp I postet following Message to this List but I didn't get any answers. I have a smal LAN here at home. As a server I have got a Windows NT4 Box, as Clients I have seom Win95 /98 Boxes and for some weeks now a Suse 7.0 Box. Everything is working fine. Except one thing: I can't print on my Printer (Hp DJ 820Cxi) which is connected at the server. With the Windows-Clients it is no problem, but with the linuxbox I am not able to print. I have joined succesfully the domain called "methfessel" and installed the printer like desribed in the docs from sdb.suse.de When I want to test the configuratoin by typing lpr -Premote test.txt he tells me bash-2.04# lpr -Premote test.txt lpr: connect: Verbindungsaufbau abgelehnt (: connection refused) jobs queued, but cannot start daemon For Information: I named the forwarding queue remote (in apsfilter, generated with lprsetup) I can access all the other shares on the server, also the printer named "hp" (with smbclient) Any Sugestions how to solve that problem??? _________________________________________________________________________ http://www.methfessel-com.de | oliver@methfessel.net http://www.whf.de | http://www.leibnetz.de -------------- next part -------------- HTML attachment scrubbed and removed From cg88 at email.com Wed Oct 17 11:52:12 2001 From: cg88 at email.com (Corey Hamilton) Date: Tue Dec 2 02:36:27 2003 Subject: Failed to marshall NET_R_SAM_LOGON after first 2K Logon Message-ID: <20011017185310.6782.qmail@email.com> Looking for the reason as to why this comes up in the smbd logs. Also, seems after this message comes up, I can no longer log in with a different user. For another user to log back into the machine, I have to re-add the Win2000 machine onto the Samba domain. The exact error message says: rpc_server/srv_netlog.c:api_net_sam_logon(208) api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. Any ideas? Thanks, Corey cg88@email.com -- _______________________________________________ Talk More, Pay Less with Net2Phone Direct(R), up to 1500 minutes free! http://www.net2phone.com/cgi-bin/link.cgi?143 From Administrator at pro-tax.com Wed Oct 17 11:53:14 2001 From: Administrator at pro-tax.com (Administrator) Date: Tue Dec 2 02:36:27 2003 Subject: Probably a simple question... Message-ID: <1F40153621D010438815DE7F6374B4A721D6@ptxmaster.protaxemployees.com> Hi, I'm new to linux and samba but I desperately need to get this thing working so I'd appreciate any help anyone could give me. My problem is this: Samba successfully registers itself with my WINS server (a Windows 2000 domain controller) and appears in the appropriate location in "Network Neighborhood." However, I am unable to browse the shares provided by the samba server. (IE, if the server name is "smbserver", then SMBSERVER is present network neighborhoos but I am unable to browse into the server itself to view its shares) I receive the message: "\\Smbserver is not accessible \n The account is not authorized to log in from this station." My smb.conf file looks something like this: ; Riovia I.S., 16 October 2001 [global] log file = /var/log/samba-log.%m lock directory = /var/lock/samba workgroup = Protaxemployees mangle case = yes case sensitive = no default case = lower wins server = 192.168.100.28 name resolve order = wins hosts bcast guest account = riovia ; Every user will have a home directory ;[homes] ; comment = Home Directories ; browseable = no ; read only = no ; create mode = 700 ; /data/shared is a folder that every user can use [shared] comment = Shared Folder path = /data/shared writable = yes public = yes create mode = 666 This was actually created by two people who dont really know what they're doing so, any inut would be more than welcome. Its not that important that we serve domain logins just yet. ANY log in is good enough for me at the moment. I would really (REALLY) appreciate any help anyone cold provide. -Paul Caritj From ntl-linux at ntlworld.com Wed Oct 17 11:55:17 2001 From: ntl-linux at ntlworld.com (Jim Jarvie) Date: Tue Dec 2 02:36:27 2003 Subject: Problems Listing Users Message-ID: <20011017.18551000@linux.jarvie.org.uk> I have a samba server with a user list of around 1,300 users, mainly connected via windows 98 machines (with a few NT). I'm considering switching on user level access control on the clients - the windows 98 machines can then be configured with shares accessible only to particular specified users. However, I find a problem when I do this and attempt to obtain the list of users from my Samba 2.2.2 server acting as a PDC (domain logins etc. Work OK and have done so for some time). What I find is that on Windows 98 SE the first 100 users from my smbpasswd file are listed and then no more. i.e. A total of exactly 100 users of the 1300 are shown. With NT, the password list appears to work correctly - though I've not checked every user is shown, there are certainly many more than shown with W98. My password file is based on NIS. Has anyone else experienced this - or have I missed something which is immediately obvious to the list members ? Jim A level 1 debug shows : [2001/10/17 18:40:00, 1] smbd/service.c:make_connection(610) vmware (172.16.6.88) connect to service tas as user jim (uid=65000, gid=59999)[2001/10/17 18:40:00, 1] smbd/service.c:make_connection(610) vmware (172.16.6.88) connect to service office as user jim (uid=65000, gid=1) [2001/10/17 18:40:52, 1] smbd/ipc.c:api_fd_reply(293) api_fd_reply: INVALID PIPE HANDLE: 0 [2001/10/17 18:40:52, 1] smbd/ipc.c:api_fd_reply(293) api_fd_reply: INVALID PIPE HANDLE: 0 And, turning this up to level 3, the relevant portion is : [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-21-1651842875-601990308-2174710594-3205 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-21-1651842875-601990308-2174710594-3203 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-21-1651842875-601990308-2174710594-1121 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-1-0 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-2 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-11 [2001/10/17 18:46:40, 3] smbd/vfs.c:vfs_init_default(98) Initialising default vfs hooks [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) setting sec ctx (65000, 1) - sec_ctx_stack_ndx = 0 [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(326) 16 user groups: 1 59999 65533 1029 1024 1095 1035 1026 132 30 1097 1096 133 1102 1101 60 [2001/10/17 18:46:40, 3] smbd/vfs.c:vfs_ChDir(658) vfs_ChDir to /tmp [2001/10/17 18:46:40, 3] smbd/service.c:make_connection(610) vmware (172.16.6.88) connect to service IPC$ as user jim (uid=65000, gid=1) (p[2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/17 18:46:40, 3] smbd/reply.c:reply_tcon_and_X(397) tconX service=ipc$ user=jim [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) Transaction 8 of length 99 [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) switch message SMBtrans (pid 1846) [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) setting sec ctx (65000, 1) - sec_ctx_stack_ndx = 0 [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(326) 16 user groups: 1 59999 65533 1029 1024 1095 1035 1026 132 30 1097 1096 133 1102 1101 60 [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LANMAN> data=0 params=19 setup=0 [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) named pipe command on name [2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3328) Got API command 13 of form (tdscnt=0,tpscnt=19,mdrcnt=66,mprc[2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3332) Doing RNetServerGetInfo [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) Transaction 9 of length 99 [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) switch message SMBtrans (pid 1846) [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LANMAN> data=0 params=19 setup=0 [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) named pipe command on name [2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3328) Got API command 13 of form (tdscnt=0,tpscnt=19,mdrcnt=66,mprc[2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3332) Doing RNetServerGetInfo [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) Transaction 10 of length 84 [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) switch message SMBtrans (pid 1846) [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LSARPC> data=0 params=0 setup=2 [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) named pipe command on name [2001/10/17 18:46:40, 1] smbd/ipc.c:api_fd_reply(293) api_fd_reply: INVALID PIPE HANDLE: 0 From Administrator at pro-tax.com Wed Oct 17 12:06:32 2001 From: Administrator at pro-tax.com (Administrator) Date: Tue Dec 2 02:36:27 2003 Subject: Simple Question Message-ID: <1F40153621D010438815DE7F6374B4A721D7@ptxmaster.protaxemployees.com> Hi, I'm new to linux and samba but I desperately need to get this thing working so I'd appreciate any help anyone could give me. My problem is this: Samba successfully registers itself with my WINS server (a Windows 2000 domain controller) and appears in the appropriate location in "Network Neighborhood." However, I am unable to browse the shares provided by the samba server. (IE, if the server name is "smbserver", then SMBSERVER is present network neighborhoos but I am unable to browse into the server itself to view its shares) I receive the message: "\\Smbserver is not accessible \n The account is not authorized to log in from this station." My smb.conf file looks something like this: ; Riovia I.S., 16 October 2001 [global] log file = /var/log/samba-log.%m lock directory = /var/lock/samba workgroup = Protaxemployees mangle case = yes case sensitive = no default case = lower wins server = 192.168.100.28 name resolve order = wins hosts bcast guest account = riovia ; Every user will have a home directory ;[homes] ; comment = Home Directories ; browseable = no ; read only = no ; create mode = 700 ; /data/shared is a folder that every user can use [shared] comment = Shared Folder path = /data/shared writable = yes public = yes create mode = 666 This was actually created by two people who dont really know what they're doing so, any inut would be more than welcome. Its not that important that we serve domain logins just yet. ANY log in is good enough for me at the moment. I would really (REALLY) appreciate any help anyone cold provide. -Paul Caritj From MMcEldowney at deltaregional.com Wed Oct 17 12:39:10 2001 From: MMcEldowney at deltaregional.com (McEldowney, Michael) Date: Tue Dec 2 02:36:27 2003 Subject: Problems Listing Users Message-ID: Hi Jim, I had the same problem here, but fewer users in my list on Win 98 SE. Same result in User Manager for Domains on an NT server. I'm using passwd, not NIS. I checked the list of users in my passwd file to the list in smbpasswd, and found a few minor discrepancies, things like the user had been deleted from passwd, but not from smbpasswd. Once I fixed those, the list of users on the NT server shows up in entirety. BUT! Now I get no list at all on Win98SE! All I get is a error message "You cannot view a list of users at this time. Try again later." I've searched the archives with no luck, and have posted to the list twice and received no response. My only advice is to examine your smbpasswd file and your NIS database for inconsistencies. Good luck, and if you get any advice that works, please let me know. Thanks, Mike McEldowney Information Systems Director Delta Regional Medical Center 1400 East Union Street Greenville, MS 38703 v. 662-334-2075 e. mmceldowney@deltaregional.com Come and visit us on the web! www.deltaregional.com Quote of the Month: "Not one shred of evidence supports the notion that life is serious." -----Original Message----- From: Jim Jarvie [mailto:ntl-linux@ntlworld.com] Sent: Wednesday, October 17, 2001 1:55 PM To: samba-ntdom@lists.samba.org Subject: Problems Listing Users I have a samba server with a user list of around 1,300 users, mainly connected via windows 98 machines (with a few NT). I'm considering switching on user level access control on the clients - the windows 98 machines can then be configured with shares accessible only to particular specified users. However, I find a problem when I do this and attempt to obtain the list of users from my Samba 2.2.2 server acting as a PDC (domain logins etc. Work OK and have done so for some time). What I find is that on Windows 98 SE the first 100 users from my smbpasswd file are listed and then no more. i.e. A total of exactly 100 users of the 1300 are shown. With NT, the password list appears to work correctly - though I've not checked every user is shown, there are certainly many more than shown with W98. My password file is based on NIS. Has anyone else experienced this - or have I missed something which is immediately obvious to the list members ? Jim A level 1 debug shows : [2001/10/17 18:40:00, 1] smbd/service.c:make_connection(610) vmware (172.16.6.88) connect to service tas as user jim (uid=65000, gid=59999)[2001/10/17 18:40:00, 1] smbd/service.c:make_connection(610) vmware (172.16.6.88) connect to service office as user jim (uid=65000, gid=1) [2001/10/17 18:40:52, 1] smbd/ipc.c:api_fd_reply(293) api_fd_reply: INVALID PIPE HANDLE: 0 [2001/10/17 18:40:52, 1] smbd/ipc.c:api_fd_reply(293) api_fd_reply: INVALID PIPE HANDLE: 0 And, turning this up to level 3, the relevant portion is : [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-21-1651842875-601990308-2174710594-3205 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-21-1651842875-601990308-2174710594-3203 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-21-1651842875-601990308-2174710594-1121 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-1-0 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-2 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-11 [2001/10/17 18:46:40, 3] smbd/vfs.c:vfs_init_default(98) Initialising default vfs hooks [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) setting sec ctx (65000, 1) - sec_ctx_stack_ndx = 0 [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(326) 16 user groups: 1 59999 65533 1029 1024 1095 1035 1026 132 30 1097 1096 133 1102 1101 60 [2001/10/17 18:46:40, 3] smbd/vfs.c:vfs_ChDir(658) vfs_ChDir to /tmp [2001/10/17 18:46:40, 3] smbd/service.c:make_connection(610) vmware (172.16.6.88) connect to service IPC$ as user jim (uid=65000, gid=1) (p[2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/17 18:46:40, 3] smbd/reply.c:reply_tcon_and_X(397) tconX service=ipc$ user=jim [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) Transaction 8 of length 99 [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) switch message SMBtrans (pid 1846) [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) setting sec ctx (65000, 1) - sec_ctx_stack_ndx = 0 [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(326) 16 user groups: 1 59999 65533 1029 1024 1095 1035 1026 132 30 1097 1096 133 1102 1101 60 [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LANMAN> data=0 params=19 setup=0 [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) named pipe command on name [2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3328) Got API command 13 of form (tdscnt=0,tpscnt=19,mdrcnt=66,mprc[2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3332) Doing RNetServerGetInfo [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) Transaction 9 of length 99 [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) switch message SMBtrans (pid 1846) [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LANMAN> data=0 params=19 setup=0 [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) named pipe command on name [2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3328) Got API command 13 of form (tdscnt=0,tpscnt=19,mdrcnt=66,mprc[2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3332) Doing RNetServerGetInfo [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) Transaction 10 of length 84 [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) switch message SMBtrans (pid 1846) [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LSARPC> data=0 params=0 setup=2 [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) named pipe command on name [2001/10/17 18:46:40, 1] smbd/ipc.c:api_fd_reply(293) api_fd_reply: INVALID PIPE HANDLE: 0 From jbeauchamp at gesinc.com Wed Oct 17 12:56:02 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:36:27 2003 Subject: Probably a simple question... References: <1F40153621D010438815DE7F6374B4A721D6@ptxmaster.protaxemployees.com> Message-ID: <008401c1575e$776da020$1d01a8c0@gesinc.com> HI: When you try to browse the samba server from the win client, samba attempts to authenticate you by looking for the username that you are logged onto the win client with as well as the smb name of the win client. Therefore I believe you need to create a user account and machine account on the samba machine for the person you are logged into the win box as. Then when you connect, samba will look at etc/passwd and find that username and password and then allow you to see whatever shares you have authority to view on the box. This is how my system works here. I do not do domain logins, just authenticate users on a per share basis at they time they try to connect to a service. I'm surprised that windoze didn't give you the box that says something like "that user id is not valid, enter a user id and password that you would like to connect as" HTH James ----- Original Message ----- From: "Administrator" To: Sent: Wednesday, October 17, 2001 11:54 AM Subject: Probably a simple question... Hi, I'm new to linux and samba but I desperately need to get this thing working so I'd appreciate any help anyone could give me. My problem is this: Samba successfully registers itself with my WINS server (a Windows 2000 domain controller) and appears in the appropriate location in "Network Neighborhood." However, I am unable to browse the shares provided by the samba server. (IE, if the server name is "smbserver", then SMBSERVER is present network neighborhoos but I am unable to browse into the server itself to view its shares) I receive the message: "\\Smbserver is not accessible \n The account is not authorized to log in from this station." My smb.conf file looks something like this: ; Riovia I.S., 16 October 2001 [global] log file = /var/log/samba-log.%m lock directory = /var/lock/samba workgroup = Protaxemployees mangle case = yes case sensitive = no default case = lower wins server = 192.168.100.28 name resolve order = wins hosts bcast guest account = riovia ; Every user will have a home directory ;[homes] ; comment = Home Directories ; browseable = no ; read only = no ; create mode = 700 ; /data/shared is a folder that every user can use [shared] comment = Shared Folder path = /data/shared writable = yes public = yes create mode = 666 This was actually created by two people who dont really know what they're doing so, any inut would be more than welcome. Its not that important that we serve domain logins just yet. ANY log in is good enough for me at the moment. I would really (REALLY) appreciate any help anyone cold provide. -Paul Caritj From ariel at jusbaires.gov.ar Wed Oct 17 12:58:02 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:27 2003 Subject: Problems Listing Users References: <20011017.18551000@linux.jarvie.org.uk> Message-ID: <005f01c15745$b22343a0$1a3ca8ac@jusbaoires.gov.ar> Jim: i have a samba PDC too... and i having the same problem.. only the 100 first user of the smbpasswd are listed when you retrieve the list of users.. i have probed with samba 2.2.1a for redhat 7.1 and 2.2.2 any idea?? ----- Original Message ----- From: "Jim Jarvie" To: Sent: Wednesday, October 17, 2001 3:55 PM Subject: Problems Listing Users I have a samba server with a user list of around 1,300 users, mainly connected via windows 98 machines (with a few NT). I'm considering switching on user level access control on the clients - the windows 98 machines can then be configured with shares accessible only to particular specified users. However, I find a problem when I do this and attempt to obtain the list of users from my Samba 2.2.2 server acting as a PDC (domain logins etc. Work OK and have done so for some time). What I find is that on Windows 98 SE the first 100 users from my smbpasswd file are listed and then no more. i.e. A total of exactly 100 users of the 1300 are shown. With NT, the password list appears to work correctly - though I've not checked every user is shown, there are certainly many more than shown with W98. My password file is based on NIS. Has anyone else experienced this - or have I missed something which is immediately obvious to the list members ? Jim A level 1 debug shows : [2001/10/17 18:40:00, 1] smbd/service.c:make_connection(610) vmware (172.16.6.88) connect to service tas as user jim (uid=65000, gid=59999)[2001/10/17 18:40:00, 1] smbd/service.c:make_connection(610) vmware (172.16.6.88) connect to service office as user jim (uid=65000, gid=1) [2001/10/17 18:40:52, 1] smbd/ipc.c:api_fd_reply(293) api_fd_reply: INVALID PIPE HANDLE: 0 [2001/10/17 18:40:52, 1] smbd/ipc.c:api_fd_reply(293) api_fd_reply: INVALID PIPE HANDLE: 0 And, turning this up to level 3, the relevant portion is : [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-21-1651842875-601990308-2174710594-3205 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-21-1651842875-601990308-2174710594-3203 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-21-1651842875-601990308-2174710594-1121 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-1-0 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-2 [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) se_access_check: also S-1-5-11 [2001/10/17 18:46:40, 3] smbd/vfs.c:vfs_init_default(98) Initialising default vfs hooks [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) setting sec ctx (65000, 1) - sec_ctx_stack_ndx = 0 [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(326) 16 user groups: 1 59999 65533 1029 1024 1095 1035 1026 132 30 1097 1096 133 1102 1101 60 [2001/10/17 18:46:40, 3] smbd/vfs.c:vfs_ChDir(658) vfs_ChDir to /tmp [2001/10/17 18:46:40, 3] smbd/service.c:make_connection(610) vmware (172.16.6.88) connect to service IPC$ as user jim (uid=65000, gid=1) (p[2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/17 18:46:40, 3] smbd/reply.c:reply_tcon_and_X(397) tconX service=ipc$ user=jim [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) Transaction 8 of length 99 [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) switch message SMBtrans (pid 1846) [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) setting sec ctx (65000, 1) - sec_ctx_stack_ndx = 0 [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(326) 16 user groups: 1 59999 65533 1029 1024 1095 1035 1026 132 30 1097 1096 133 1102 1101 60 [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LANMAN> data=0 params=19 setup=0 [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) named pipe command on name [2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3328) Got API command 13 of form (tdscnt=0,tpscnt=19,mdrcnt=66,mprc[2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3332) Doing RNetServerGetInfo [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) Transaction 9 of length 99 [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) switch message SMBtrans (pid 1846) [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LANMAN> data=0 params=19 setup=0 [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) named pipe command on name [2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3328) Got API command 13 of form (tdscnt=0,tpscnt=19,mdrcnt=66,mprc[2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3332) Doing RNetServerGetInfo [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) Transaction 10 of length 84 [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) switch message SMBtrans (pid 1846) [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) trans <\PIPE\LSARPC> data=0 params=0 setup=2 [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) named pipe command on name [2001/10/17 18:46:40, 1] smbd/ipc.c:api_fd_reply(293) api_fd_reply: INVALID PIPE HANDLE: 0 From ariel at jusbaires.gov.ar Wed Oct 17 13:02:18 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:27 2003 Subject: Problems Listing Users References: Message-ID: <006e01c15746$1605f160$1a3ca8ac@jusbaoires.gov.ar> MC: the problem you are talking is when the smbpasswd got broken... if you look the logs tell a message like: "User bla bla bla doesnt exist in the user database.. the password file is corrupt" i and jim have a problem ho is correct to show in a NT box.. but not in a win98 or me client. ideas? ----- Original Message ----- From: "McEldowney, Michael" To: "'Jim Jarvie'" ; Sent: Wednesday, October 17, 2001 4:36 PM Subject: RE: Problems Listing Users > Hi Jim, > > I had the same problem here, but fewer users in my list on Win 98 SE. > Same result in User Manager for Domains on an NT server. I'm using > passwd, not NIS. I checked the list of users in my passwd file to the > list in smbpasswd, and found a few minor discrepancies, things like the > user had been deleted from passwd, but not from smbpasswd. Once I fixed > those, the list of users on the NT server shows up in entirety. BUT! > Now I get no list at all on Win98SE! All I get is a error message "You > cannot view a list of users at this time. Try again later." > > I've searched the archives with no luck, and have posted to the list > twice and received no response. My only advice is to examine your > smbpasswd file and your NIS database for inconsistencies. Good luck, > and if you get any advice that works, please let me know. > > Thanks, > > Mike McEldowney > Information Systems Director > Delta Regional Medical Center > 1400 East Union Street > Greenville, MS 38703 > > v. 662-334-2075 > e. mmceldowney@deltaregional.com > > Come and visit us on the web! > www.deltaregional.com > > Quote of the Month: "Not one shred of evidence supports the notion that > life is serious." > > > -----Original Message----- > From: Jim Jarvie [mailto:ntl-linux@ntlworld.com] > Sent: Wednesday, October 17, 2001 1:55 PM > To: samba-ntdom@lists.samba.org > Subject: Problems Listing Users > > > I have a samba server with a user list of around 1,300 users, mainly > connected via windows 98 machines (with a few NT). > > I'm considering switching on user level access control on the clients - > the windows 98 machines can then be configured with shares accessible > only to particular specified users. > > However, I find a problem when I do this and attempt to obtain the list > of users from my Samba 2.2.2 server acting as a PDC (domain logins etc. > Work OK and have done so for some time). > > What I find is that on Windows 98 SE the first 100 users from my > smbpasswd file are listed and then no more. i.e. A total of exactly 100 > > users of the 1300 are shown. > > With NT, the password list appears to work correctly - though I've not > checked every user is shown, there are certainly many more than shown > with W98. > > My password file is based on NIS. > > Has anyone else experienced this - or have I missed something which is > immediately obvious to the list members ? > > Jim > > > A level 1 debug shows : > > [2001/10/17 18:40:00, 1] smbd/service.c:make_connection(610) > vmware (172.16.6.88) connect to service tas as user jim (uid=65000, > gid=59999)[2001/10/17 18:40:00, 1] smbd/service.c:make_connection(610) > vmware (172.16.6.88) connect to service office as user jim (uid=65000, > > gid=1) > [2001/10/17 18:40:52, 1] smbd/ipc.c:api_fd_reply(293) > api_fd_reply: INVALID PIPE HANDLE: 0 > [2001/10/17 18:40:52, 1] smbd/ipc.c:api_fd_reply(293) > api_fd_reply: INVALID PIPE HANDLE: 0 > > > And, turning this up to level 3, the relevant portion is : > > [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) > se_access_check: also S-1-5-21-1651842875-601990308-2174710594-3205 > [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) > se_access_check: also S-1-5-21-1651842875-601990308-2174710594-3203 > [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) > se_access_check: also S-1-5-21-1651842875-601990308-2174710594-1121 > [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) > se_access_check: also S-1-1-0 > [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) > se_access_check: also S-1-5-2 > [2001/10/17 18:46:40, 3] lib/util_seaccess.c:se_access_check(246) > se_access_check: also S-1-5-11 > [2001/10/17 18:46:40, 3] smbd/vfs.c:vfs_init_default(98) > Initialising default vfs hooks > [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) > setting sec ctx (65000, 1) - sec_ctx_stack_ndx = 0 > [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(326) > 16 user groups: > 1 59999 65533 1029 1024 1095 1035 1026 132 30 1097 1096 133 1102 1101 > 60 > [2001/10/17 18:46:40, 3] smbd/vfs.c:vfs_ChDir(658) > vfs_ChDir to /tmp > [2001/10/17 18:46:40, 3] smbd/service.c:make_connection(610) > vmware (172.16.6.88) connect to service IPC$ as user jim (uid=65000, > gid=1) (p[2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2001/10/17 18:46:40, 3] smbd/reply.c:reply_tcon_and_X(397) > tconX service=ipc$ user=jim > [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) > Transaction 8 of length 99 > [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) > switch message SMBtrans (pid 1846) > [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(321) > setting sec ctx (65000, 1) - sec_ctx_stack_ndx = 0 > [2001/10/17 18:46:40, 3] smbd/sec_ctx.c:set_sec_ctx(326) > 16 user groups: > 1 59999 65533 1029 1024 1095 1035 1026 132 30 1097 1096 133 1102 1101 > 60 > [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) > trans <\PIPE\LANMAN> data=0 params=19 setup=0 > [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) > named pipe command on name > [2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3328) > Got API command 13 of form > (tdscnt=0,tpscnt=19,mdrcnt=66,mprc[2001/10/17 18:46:40, 3] > smbd/lanman.c:api_reply(3332) > Doing RNetServerGetInfo > [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) > Transaction 9 of length 99 > [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) > switch message SMBtrans (pid 1846) > [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) > trans <\PIPE\LANMAN> data=0 params=19 setup=0 > [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) > named pipe command on name > [2001/10/17 18:46:40, 3] smbd/lanman.c:api_reply(3328) > Got API command 13 of form > (tdscnt=0,tpscnt=19,mdrcnt=66,mprc[2001/10/17 18:46:40, 3] > smbd/lanman.c:api_reply(3332) > Doing RNetServerGetInfo > [2001/10/17 18:46:40, 3] smbd/process.c:process_smb(860) > Transaction 10 of length 84 > [2001/10/17 18:46:40, 3] smbd/process.c:switch_message(667) > switch message SMBtrans (pid 1846) > [2001/10/17 18:46:40, 3] smbd/ipc.c:reply_trans(484) > trans <\PIPE\LSARPC> data=0 params=0 setup=2 > [2001/10/17 18:46:40, 3] smbd/ipc.c:named_pipe(335) > named pipe command on name > [2001/10/17 18:46:40, 1] smbd/ipc.c:api_fd_reply(293) > api_fd_reply: INVALID PIPE HANDLE: 0 > > > > > From ctooley at amoa.org Wed Oct 17 13:19:03 2001 From: ctooley at amoa.org (Chris Tooley) Date: Tue Dec 2 02:36:27 2003 Subject: Problems with samba 2.2.2 and 2.2.1a In-Reply-To: <000e01c15731$eb71c3c0$1a3ca8ac@jusbaoires.gov.ar> References: <000e01c15731$eb71c3c0$1a3ca8ac@jusbaoires.gov.ar> Message-ID: <1003349787.1469.9.camel@itspec.amoa.org> I had a problem similar to this when I was first setting up my 2.2.0 box. I resolved it by editing my smbpasswd file with vi and pulling out an entry that was garbled up. It appeared that when it got to that entry it just bombed and wouldn't load the rest of the users. Deleting the entry fixed the problem. BTW on mine the "garbled" entry was fine except that I had put a # in front of it manually and that seemed to confuse it. Good luck, Chris Tooley On Wed, 2001-10-17 at 13:04, samba-ntdom-admin@lists.samba.org wrote: > i have a PDC samba configured. all works ok, profiles, logon scripts, > permissions etc. > but when i go to a windoze workstation and configure the Access control list > of users in the properties of network neighbourhood i set my domain to > obtain a list of users for acl the local (in the windoze) file sharing. > when i go to share a directory i go to Add to retrieve the list of users and > groups from my pdc, > 1) only the first 100 users are retrieved, all users can logon, but in the > list only appear the first 100(i vae 800 users logging in to my server) > 2) only 2 groups are in the list and i want to set groups for users because > seting an local acl user per user is a bit ugly. > > any idea? > thx for all > > From Jean-Francois.Micouleau at dalalu.fr Wed Oct 17 14:43:11 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:36:27 2003 Subject: Problems Listing Users In-Reply-To: <005f01c15745$b22343a0$1a3ca8ac@jusbaoires.gov.ar> Message-ID: On Wed, 17 Oct 2001, Ariel Mella wrote: > Jim: > > i have a samba PDC too... and i having the same problem.. only the 100 first > user of the smbpasswd are listed when you retrieve the list of users.. > i have probed with samba 2.2.1a for redhat 7.1 and 2.2.2 > > any idea?? yes an idea: MAX_SAM_ENTRIES is 50 ! jerry, in case you're looking on that bug: I think i know where the bug is. I need to make some test to verify my theory. J.F. From kunathma at pilot.msu.edu Wed Oct 17 14:47:08 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:27 2003 Subject: 2.2.2 and Roaming Profiles with Win2k In-Reply-To: from "Wimberly Eddie Contr WRALC/LYSFR" at Oct 17, 2001 10:39:32 am Message-ID: <200110172148.f9HLmdw28178@pilot20.cl.msu.edu> I have a similar problem. I had roaming profiles working. I don't know what bothered me but I messed around with it and it stopped saving the profile to the pdc and only gave me a local profile. So I said ok. Let's delete the profile directory and start from scratch. No go there. The win2k box has some profile saved locally on the box now and I can't even delete it as admin. It still tries to save the profile to the server but gives errors on loading and then just opts for the local one. Can somebody tell me how to delete a stubborn folder in win2k where it says: "folder access denied. folder in use" Oh I remember how the whole thing started. I had deleted /etc/MACHINE.SID (because of my sid map problem) and tried to log back onto the domain and then the profiles got messed up. mk > > This message is in MIME format. Since your mail reader does not understand > this format, some or all of this message may not be legible. > > --------------InterScan_NT_MIME_Boundary > Content-Type: multipart/alternative; > boundary="----_=_NextPart_001_01C15719.891D1CF0" > > ------_=_NextPart_001_01C15719.891D1CF0 > Content-Type: text/plain; > charset="iso-8859-1" > > I have 2.2.2 running as a PDC. I am trying to get roaming profiles > to work and have read the related docs. I am seeing the following > symptoms. After logging in on the Win2k box, it tells me that "Windows > cannot create > profile directory \\sambapdc\username\profile.pds > . You will be logged > on with a local profile ...." > > In the [globals] section, I have "logon path = //%N/profiles/%U > " as stated in the > docs. > > Using smbclient on the samba server to test, I enter > "smbclient //sambapdc/profiles -U username" and > get the expected results. > But if I enter, "smbclient //sambapdc/profiles > /username -U username", I get > "tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid > share name)." > > Any body else seen this or actually have roaming profiles working? > > Ed > > ------_=_NextPart_001_01C15719.891D1CF0 > Content-Type: text/html; > charset="iso-8859-1" > > > > > > > > >
I have 2.2.2 runni ng > as a PDC.  I am trying to get roaming profiles
>
to work and have > read the related docs.  I am seeing the following
>
symptoms.  > After logging in on the Win2k box, it tells me that "Windows cannot > create
> >
on with a local > profile ...."
>
class=806491813-17102001> 
>
>
docs.  >
>
class=806491813-17102001> 
>
Using smbclient on > the samba server to test, I enter
>
"smbclient href="file://sambapdc/profiles">//sambapdc/profiles -U username" and get t he > expected results.
>
But if I enter, > "smbclient href="file://sambapdc/profiles">//sambapdc/profiles/username -U username", I > get
>
size=2>"tree connect failed: ERRDOS - > ERRnosuchshare (You specified an invalid share > name)."
>
size=2> 
>
size=2>Any body else seen this or actually have > roaming profiles working?
>
size=2> 
>
size=2> class=806491813-17102001>Ed
> > ------_=_NextPart_001_01C15719.891D1CF0-- > > --------------InterScan_NT_MIME_Boundary-- > > > From ariel at jusbaires.gov.ar Wed Oct 17 15:00:06 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:27 2003 Subject: Problems Listing Users References: Message-ID: <008a01c15756$d69e7f40$1a3ca8ac@jusbaoires.gov.ar> and .... where its suppose to put that??!!! help pls!!! i have all the boss over my head!!! > yes an idea: MAX_SAM_ENTRIES is 50 ! > > jerry, in case you're looking on that bug: I think i know where the bug > is. I need to make some test to verify my theory. > > > J.F. > > > > From marcb at calibredigital.com Wed Oct 17 15:17:01 2001 From: marcb at calibredigital.com (Marc Anthony Pierre Barrette) Date: Tue Dec 2 02:36:27 2003 Subject: samba-ntdom -- confirmation of subscription -- request 506993 References: <20011017215233.B85E14DDA@lists.samba.org> Message-ID: <3BCDFD4F.4B7B984C@calibredigital.com> samba-ntdom-request@lists.samba.org wrote: > > samba-ntdom -- confirmation of subscription -- request 506993 > > We have received a request from 207.139.221.187 for subscription of > your email address, , to the > samba-ntdom@lists.samba.org mailing list. To confirm the request, > please send a message to samba-ntdom-request@lists.samba.org, and > either: > > - maintain the subject line as is (the reply's additional "Re:" is > ok), > > - or include the following line - and only the following line - in the > message body: > > confirm 506993 > > (Simply sending a 'reply' to this message should work from most email > interfaces, since that usually leaves the subject line in the right > form.) > > If you do not wish to subscribe to this list, please simply disregard > this message. Send questions to samba-ntdom-admin@lists.samba.org. -- Marc Anthony Pierre Barrette System Administrator Calibre Digital Pictures e. marcb@calibredigital.com w. www.calibredigital.com t. 416.531.8383 x5090 d. 416.405.5090 f. 416.531.8083 From gbeaven at pc.gov.au Wed Oct 17 18:47:02 2001 From: gbeaven at pc.gov.au (Beaven, Guy) Date: Tue Dec 2 02:36:27 2003 Subject: (no subject) Message-ID: <10C88877F6DCD311BEEC00A0C99A2F58C32E2C@exchcanb1.pc.gov.au> Guy Beaven Database/Web Assistant Productivity Commission 03 9653 2269 0411 380 383 gbeaven@pc.gov.au From peter.milburn at sofcom.com.au Wed Oct 17 19:43:02 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:36:28 2003 Subject: winbind Message-ID: Is it possible to get winbind to talk to a linux PDC, or will it only work with a Windows PDC ? -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From jra at samba.org Wed Oct 17 19:48:01 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:36:28 2003 Subject: winbind In-Reply-To: ; from peter.milburn@sofcom.com.au on Thu, Oct 18, 2001 at 12:44:35PM +1000 References: Message-ID: <20011017194800.Y23000@va.samba.org> On Thu, Oct 18, 2001 at 12:44:35PM +1000, peter.milburn@sofcom.com.au wrote: > Is it possible to get winbind to talk to a linux PDC, or will it only > work with a Windows PDC ? Nope, there are some server side call missing. Scheduling conflict (and we needed to get 2.2.2 out). Fixing this in smbd and the mem leaks in winbind are top priority for 2.2.3 (due as soon as we've fixed this). Jeremy. From einhverfr at hotmail.com Wed Oct 17 19:59:04 2001 From: einhverfr at hotmail.com (Christopher Travers) Date: Tue Dec 2 02:36:28 2003 Subject: Simple Question Message-ID: Hi; May not be so simple. Please send me more info about your network setup. Thanks; Chris Travers MCSE, LPIC-1 >From: "Administrator" >To: >Subject: Simple Question >Date: Wed, 17 Oct 2001 15:03:25 -0400 >Hi, >I'm new to linux and samba but I desperately need to get this thing >working so I'd appreciate any help anyone could give me. > >My problem is this: >Samba successfully registers itself with my WINS server (a Windows 2000 >domain controller) and appears in the appropriate location in "Network >Neighborhood." However, I am unable to browse the shares provided by the >samba server. (IE, if the server name is "smbserver", then SMBSERVER is >present network neighborhoos but I am unable to browse into the server >itself to view its shares) I receive the message: "\\Smbserver > is not >accessible \n The account is not authorized to log in from this >station." > >My smb.conf file looks something like this: >; Riovia I.S., 16 October 2001 > >[global] >log file = /var/log/samba-log.%m >lock directory = /var/lock/samba >workgroup = Protaxemployees >mangle case = yes >case sensitive = no >default case = lower >wins server = 192.168.100.28 >name resolve order = wins hosts bcast >guest account = riovia >; Every user will have a home directory >;[homes] >; comment = Home Directories >; browseable = no >; read only = no >; create mode = 700 > >; /data/shared is a folder that every user can use >[shared] >comment = Shared Folder >path = /data/shared >writable = yes >public = yes >create mode = 666 > > >This was actually created by two people who dont really know what >they're doing so, any inut would be more than welcome. Its not that >important that we serve domain logins just yet. ANY log in is good >enough for me at the moment. > >I would really (REALLY) appreciate any help anyone cold provide. >-Paul Caritj > > > > _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp From dennis.bieling at primedisc.com Wed Oct 17 23:39:07 2001 From: dennis.bieling at primedisc.com (dennis.bieling@primedisc.com) Date: Tue Dec 2 02:36:28 2003 Subject: Printerdriver distribution to Windows NT 4.0 clients Message-ID: Hello list! I still have a major problem with my configuration :-( My samba server is working fine aand also the driver distribution works fine, but as soon as I have to reboot the samba-server, my Windows NT 4.0 clients can`t get the drivers anymore. It seems as the server forgets where he saved this driver ... The driver is stored in the correct path, but I am missing the "inf-files" ... Can this be my problem? I simply set up the printerdrivers using the APW of Windows NT. Any help or advices will be great !!!! Best regards Dennis From con at gfm.co.uk Thu Oct 18 01:56:02 2001 From: con at gfm.co.uk (Con Harte) Date: Tue Dec 2 02:36:28 2003 Subject: NT Style groups Message-ID: <5.0.2.1.0.20011018094823.00a3b1a0@voodoo> Hi. I am attempting to replace a Windows NT domain, (an old Small Business Server version) with a Linux Samba PDC. I have set up the Samba server, and a few users, most of which use W95 clients, and a couple of NT machine accounts. I have not been very successful in finding out how to set up and maintain user groups... If anyone can help me out, or just point me in the right direction that would be great. Also, I am wondering if it's possible and a good idea to set up multiple NT domains using one Samba server. (Would you need a physical interface per domain and multiple instances of smbd/nmbd with different config files and listening on specific interfaces?) The priority is the groups thing though. Thanks in advance, Con. From virgo at azcher.kharkov.ua Thu Oct 18 01:57:05 2001 From: virgo at azcher.kharkov.ua (Virgo) Date: Tue Dec 2 02:36:28 2003 Subject: ACL Extended Attributes + Samba 2.2.1a Message-ID: <3BCEA774.8010001@azcher.kharkov.ua> Hi Samba Team, administrators and users! There is a core 2.2.19 with Extended Attributes and Access Control Lists for Linux support. Samba 2.2.1a was compiled with the parameter --with-acl-support Problem: When I create the file or directory on the disk there are rights of object without Extented ACL. Example: # ls -al test/ total 16 drwxrwxr-x 2 root root 4096 Oct 18 11:41./ drwxrwx --- 143 virgo engineer 4096 Oct 18 11:41../ # getfacl test/ # file: test/ # owner: root # group: root user:: rwx group:: r-x group:users:rwx mask:: rwx other:: r-x When I create the file in the directory "test" through NT Explorer, I think that this file must be created with Extented ACL, but # ls -al test/ total 16 drwxrwxr-x 2 root root 4096 Oct 18 11:45./ drwxrwx --- 143 virgo engineer 4096 Oct 18 11:41../ -rwxrw ---- 1 root engineer 0 Oct 18 11:45 Test_file* # cd test/ # getfacl * # file: Test_file # owner: root # group: engineering user:: rwx group:: rw- other:: --- Any ideas? Thank. -- Registered Linux User #186627 ICQ UIN 50715669 E-Mail: mailto:virgo@azcher.kharkov.ua SMS: mailto:virgo@kyivstar.net Tel: +38(0572)194976 Fax: +38(0572)194905 From tony at cantech.net.au Thu Oct 18 02:05:07 2001 From: tony at cantech.net.au (Anthony J. Breeds-Taurima) Date: Tue Dec 2 02:36:28 2003 Subject: ACL Extended Attributes + Samba 2.2.1a In-Reply-To: <3BCEA774.8010001@azcher.kharkov.ua> Message-ID: On Thu, 18 Oct 2001, Virgo wrote: > Hi Samba Team, administrators and users! > There is a core 2.2.19 with Extended Attributes and Access Control Lists > for Linux support. > Samba 2.2.1a was compiled with the parameter --with-acl-support > Problem: > When I create the file or directory on the disk there are rights of > object without Extented ACL. > Example: > # ls -al test/ > total 16 > drwxrwxr-x 2 root root 4096 Oct 18 11:41./ > drwxrwx --- 143 virgo engineer 4096 Oct 18 11:41../ > # getfacl test/ > # file: test/ > # owner: root > # group: root > user:: rwx > group:: r-x > group:users:rwx > mask:: rwx > other:: r-x > When I create the file in the directory "test" through NT Explorer, I > think that this file must be created with Extented ACL, but > # ls -al test/ Yes you need to set a default value for your directories. See: http://acl.bestbits.at/example.html for a brief infto and the man pages for more info. I guess what you want is: cd setfacl -dg:user:rwx . -R This is an ACL's question NOT a samba question. Yours Tony. /* * "The significant problems we face cannot be solved at the * same level of thinking we were at when we created them." * --Albert Einstein */ From ravikolar at deccanetworld.com Thu Oct 18 02:16:02 2001 From: ravikolar at deccanetworld.com (M.Ravi) Date: Tue Dec 2 02:36:28 2003 Subject: Login Problem for samba share. Message-ID: <000a01c157b3$61c0eac0$1b01a8c0@vsnl.net> Dear Sir, I am using samba on my RedHat Linux system with Windows NT and 2000 network.I am always facing one problem.when user connects to the samba share from Windows NT client it will not allow him to login.his password is same for telnet and FTP service It will work there without any problem.I am not using sbmpasswd file. we are using same normal linux login account and password. In the same client If we login with other user name it will work fine. If we delete that user profile in the client system next time it will allow. with the same settings.what is wrong..?This problem is very common for me I am always deleting there profiles and re creating it.?is there any whey to solve this problem ? Please help. Thanks & Regards, ************************************************* M.Ravi System Administrator Deccanet Designs Ltd. #50, 1st Main, 9th Cross, 3rd Phase, J.P. Nagar Industrial Area, Bangalore - 560 078. Tel: +91-80-658 7072 to 75 Fax: +91-80-658 6869 URL-- www.deccanetworld.com -------------- next part -------------- HTML attachment scrubbed and removed From succhi at hotmail.com Thu Oct 18 02:50:21 2001 From: succhi at hotmail.com (Stuart Fraser) Date: Tue Dec 2 02:36:28 2003 Subject: server not setup for transactions Message-ID: I have tried numerous times to get PDC working but with the same problem occuring over and over. (Thank you to those who tried to help on that issue). So I decided to try a simple non-pdc samba setup so I could see my linux box in my workgroup. My non-PDC smb.conf and PDC smb.conf are found below. I use Samba2.2.1a and Mandrake8.0. My client is Win XP with passwd encryption on and the suggested "domain member: signature.... (always)" option disabled. I can now see the linux machine and my own computer in "Network Neighbourhood" which was more than when running as PDC. But when I try and browse the linux machine I still get the message "\\Ds7 is not accessible. You might not have permission to use this network resource. Contact the ..... The server is not configured for transactions". Same as the previous messages but before "\\Ds7 is not..." was replaced with "UQI is not..." and I couldn't browse the linux machine or see my computer which joined the domain fine. This leads me to believe if I can fix the "server is not configured for transactions error" with the plain old setup I will be able to run it fine as a PDC as the error is the same. Any help would be most appreciated Stu Non PDC version [global] netbios name = DS7 workgroup = UQI os level = 64 preferred master = no domain master = no local master = no security = user password level = 7 encrypt passwords = yes hosts allow = 192.168.3. 127. interfaces = 192.168.3.1/24 name resolve order = wins lmhosts bcast ;wins support = yes ;wins proxy = yes dns proxy = no log file = /usr/local/samba/var/log.%m [netlogon] path = /usr/local/samba/lib/netlogon writeable = no write list = root, person1 [homes] comment = Home Directories browsable = yes writable = yes force create mode = 0705 force directory mode = 0705 PDC version. below [global] netbios name = DS7 workgroup = UQI os level = 64 preferred master = yes domain master = yes local master = yes remote announce = 192.168.3.255 security = user password level = 7 encrypt passwords = yes domain logons = yes logon drive = X: logon script = logon.cmd add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u hosts allow = 192.168.3. 127. interfaces = 192.168.3.1/24 name resolve order = wins lmhosts bcast ;wins support = yes ;wins proxy = yes dns proxy = no log file = /usr/local/samba/var/log.%m domain guest group = person1, person2, person3 domain admin group = @smbadm [netlogon] path = /usr/local/samba/lib/netlogon writeable = no write list = root, person1 [homes] comment = Home Directories browsable = yes writable = yes force create mode = 0705 force directory mode = 0705 _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp From ntl-linux at ntlworld.com Thu Oct 18 03:12:26 2001 From: ntl-linux at ntlworld.com (Jim Jarvie) Date: Tue Dec 2 02:36:28 2003 Subject: Problems Listing Users In-Reply-To: <008a01c15756$d69e7f40$1a3ca8ac@jusbaoires.gov.ar> References: <008a01c15756$d69e7f40$1a3ca8ac@jusbaoires.gov.ar> Message-ID: <20011018.10120900@linux.jarvie.org.uk> Yes, I found [and changed] that entry [by recompiling] - what I got then was a complete failure to list the users at all (I tried various values).. Since the 100 users is exactly two blocks of 50 I though I could change this to 1000 and my problem would be solved, but it made things a lot worse ! I could only get it to work [i.e. To show any users] by reverting to 50, which put me back exactly where I started... Jim >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 17/10/01, 22:58:21, Ariel Mella wrote regarding Re: Problems Listing Users: > and .... where its suppose to put that??!!! > help pls!!! i have all the boss over my head!!! > > yes an idea: MAX_SAM_ENTRIES is 50 ! > > > > jerry, in case you're looking on that bug: I think i know where the bug > > is. I need to make some test to verify my theory. > > > > > > J.F. > > > > > > > > From msr at firstoption.com Thu Oct 18 03:13:02 2001 From: msr at firstoption.com (Michael Roantree) Date: Tue Dec 2 02:36:28 2003 Subject: Tutorials Message-ID: <001e01c157bd$b0735b30$6d0010ac@stargazer> Are there any decent tutorials on the web for setting up Samba as a PDC? ______________________________________________________________________ First Option's outgoing email policy is at http://www.firstoption.com/emailpolicy.html, but a short summary is :- - all email/attachments are confidential; do not use, circulate or release without our consent - email is not authorised unless it is on First Option business - email is not binding unless it is from an authorised person and is signed with a digital certificate First Option Ltd. - Switchboard +44 (0) 1962 738200 Signal House, Jacklyns Lane, Alresford, Hants, SO24 9JJ, United Kingdom _______________________________________________________________________ -------------- next part -------------- HTML attachment scrubbed and removed From Joachim.Tork at gad.de Thu Oct 18 03:44:04 2001 From: Joachim.Tork at gad.de (Joachim.Tork@gad.de) Date: Tue Dec 2 02:36:28 2003 Subject: Windows 2000 Domain Logon with LDAP backend Message-ID: Hello everybody, I am trying to perform a Windows 2000 Domain Logon on a Samba-2.2.2 Server compiled with ldapsam against an ldap server. Unfortunately it isn't working. I think that my smb.conf is alright because the logon is working fine when I compile the samba source without ldapsam and use the smbpasswd file as the password storage. So it may be caused by a misconfiguration of my ldap-server. So that's what I have done: 1. I created an ldapserver containing sambaAccounts (+posixAccounts, cause I use this server for Linux authentification). 2. I put a samba user -xgadjto- into it with posix root previleges to be an admin 3. I made this user known using - username map = filename - in smb.conf, addintionally with admin users xgadjto (I don't know if this is necessary) 4. I gave this user windows passwords using -smbpasswd xgadjto-. These passwords were successfully stored in the ldap database. 5. Next I wrote a small perl script named user_add.pl. This scripts adds an user to the ldap database with the necessary attributes. 6. I made this script known in smb.conf with - add user script. 7. I put the needed ldap configurations in smb.conf I can see from the log-Files that my script is used and a maschine account is created in the ldap database. But unhappily that's it. :-( On my Windows machine a get an error window saying "Username not found (translated from german: Benutzername nicht gefunden.)" On log.smbd I can see this messages apart from others: [2001/10/18 10:53:00, 0] rpc_server/srv_samr_nt.c: _samr_delete_dom_user(2673) _samr_delete_dom_user: Not yet implemented. May this be the reason why the logon fails ? Can anybody help or has anybody realized such a domain logon and give me tips ? Best regards Joachim From jacek at mer.chemia.polsl.gliwice.pl Thu Oct 18 03:51:02 2001 From: jacek at mer.chemia.polsl.gliwice.pl (Jacek Stolarczyk) Date: Tue Dec 2 02:36:28 2003 Subject: mounting disks per secondary groups Message-ID: Hi, In a student lab I mount several resources upon login, as specified in students.bat ("students" is a name of a primary group, which these users belong to). That is all well, but for a part of this group which happens also to belong to group "physics" I'd like to mount additional resource (say, /lab/physics as disk K:). How to achieve that? I don't want to move this users from students group not to make physics their primary group. The students have no right to mount disks themselves. The other thing is: how to force WinNT 4.0 SP2 not to save the users' profiles locally? They should be only on the server and we have some 600 users whose profiles fill up local disks. I have Samba-2.2.1a on the server. Best wishes and thanks for your great work. Regards, Jacek Stolarczyk -- PhD student in physical chemistry netadm for Facult of Chemistry Silesian University of Technology Gliwice, Poland From ig4812 at alunos.ipb.pt Thu Oct 18 04:30:02 2001 From: ig4812 at alunos.ipb.pt (Paulo Gomes) Date: Tue Dec 2 02:36:28 2003 Subject: help for logons Message-ID: <3BCEBD1F.FBBAC970@alunos.ipb.pt> Is it possible to restricted user logons to specific time? I want a way to allow and deny users logon's based on a specific hour. (sorry by the bad english) From jsilva at esec.pt Thu Oct 18 04:34:03 2001 From: jsilva at esec.pt (=?iso-8859-1?Q?Jos=E9_Silva?=) Date: Tue Dec 2 02:36:28 2003 Subject: Policies stop working in samaba 2.2.2 Message-ID: <004601c157c8$f08a3670$0c00a8c0@cicwork3> Hi. When I used group policies in a Samaba 2.2.1a PDC, my W2K worktaions acepted them very well. Since I upgrade to Samaba 2.2.2 they stop working. I had 2 different group policies constructed with NT Server Policy Editor. One for "Domain Users" and other for "Domain Admins". With group priority I established the desired behaviour. When I upgrade to samaba 2.2.2 I sow (with "ifmeber" NT resource kit program) that the users no longer belong to this groups, they belong to the Unix group. For me that was fine sincenow I could set policies to exactly the Unix group I want, but unfortunately when I build the "ntconfig.pol" file, the W2K workstations don't assume this policies. I really need help. Jose Silva From cr at neuro.ma.uni-heidelberg.de Thu Oct 18 05:35:03 2001 From: cr at neuro.ma.uni-heidelberg.de (Chr. Rossmanith) Date: Tue Dec 2 02:36:28 2003 Subject: problems with smbclient + German special chars (umlaute) Message-ID: <3BCECBFD.DA94B022@neuro.ma.uni-heidelberg.de> Hi, I'd like to migrate from an old samba version (2.1.0-prealpha, linux kernel 2.0.33) to the most recent version on a new machine (2.2.2, linux kernel 2.4.9). Unfortunately, with the new version I have problems accessing files with filenames containing German special characters. Executing a smbclient-"get" on the linux machine running the samba server with such a file results e.g. in the following error message: ERRDOS - ERRbadfile (File not found.) opening remote file \GO?_VERZ.LIQ. On the other hand, if I mount the share using "mount -t smbfs" I can access the file just using unix-"cp" without any error message. I don't know whether I've described the problem sufficiently. Just ask, if any information is missing. Thank you for your help, Christina Rossmanith From jmcd at us.ibm.com Thu Oct 18 05:39:02 2001 From: jmcd at us.ibm.com (Jim McDonough) Date: Tue Dec 2 02:36:28 2003 Subject: winbind Message-ID: Jeremy Allison wrote: >> Is it possible to get winbind to talk to a linux PDC, or will it only >> work with a Windows PDC ? > >Nope, there are some server side call missing. Scheduling conflict (and >we needed to get 2.2.2 out). Fixing this in smbd and the mem leaks in >winbind are top priority for 2.2.3 (due as soon as we've fixed this). Hmm, a lot of it sure works for me...I'm running a fairly recent (within last 2 weeks) PDC and winbind, and it works...including ACL support. I've been running that way for quite a few months now...what shouldn't be working? ---------------------------- Jim McDonough IBM Linux Technology Center 6 Minuteman Drive Scarborough, ME 04074 USA jmcd@us.ibm.com Phone: (207) 885-5565 IBM tie-line: 776-9984 jra@samba.org (Jeremy Allison)@lists.samba.org on 10/17/2001 10:48:00 PM Sent by: samba-ntdom-admin@lists.samba.org To: peter.milburn@sofcom.com.au cc: samba-ntdom@lists.samba.org Subject: Re: winbind On Thu, Oct 18, 2001 at 12:44:35PM +1000, peter.milburn@sofcom.com.au wrote: > Is it possible to get winbind to talk to a linux PDC, or will it only > work with a Windows PDC ? Nope, there are some server side call missing. Scheduling conflict (and we needed to get 2.2.2 out). Fixing this in smbd and the mem leaks in winbind are top priority for 2.2.3 (due as soon as we've fixed this). Jeremy. From marcb at calibredigital.com Thu Oct 18 06:22:46 2001 From: marcb at calibredigital.com (Marc Anthony Pierre Barrette) Date: Tue Dec 2 02:36:28 2003 Subject: Winbind Question References: <20011017220205.BDE664F9D@lists.samba.org> Message-ID: <3BCED57B.19EDF3D5@calibredigital.com> samba 2.2.2 using Redhat 7.1 i get this after follwoing the winbindd setup and install instructions anyone know why this might be happening [root@yoda var]# wbinfo -u Error looking up domain users [root@yoda var]# yet my trust secret is good as well wbinfo -n username does report back a SID I am not sure if this is a SID from the W2k PDC or just a madde up one smbclient -L HOST -U ADMIN works from other unices but I can't seeem to enumerate my DOMAIN\users nor groups preventing users access to the Shares and other resources Thanks in advance for any info -- Marc Anthony Pierre Barrette System Administrator Calibre Digital Pictures e. marcb@calibredigital.com w. www.calibredigital.com t. 416.531.8383 x5090 d. 416.405.5090 f. 416.531.8083 From Jean-Francois.Micouleau at dalalu.fr Thu Oct 18 06:45:01 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:36:28 2003 Subject: Problems Listing Users In-Reply-To: <20011018.10120900@linux.jarvie.org.uk> Message-ID: On Thu, 18 Oct 2001, Jim Jarvie wrote: > Yes, I found [and changed] that entry [by recompiling] - what I got then > was a complete failure to list the users at all (I tried various > values).. Since the 100 users is exactly two blocks of 50 I though I > could change this to 1000 and my problem would be solved, but it made > things a lot worse ! I could only get it to work [i.e. To show any > users] by reverting to 50, which put me back exactly where I started... Did you try changing to say 10 to check if you only get 20 users in the list ? I don't think the value of 50 is the problem, it's somewhere else. In the second and next packet we probably don't upgrade correctly an index. J.F. From ntl-linux at ntlworld.com Thu Oct 18 08:11:52 2001 From: ntl-linux at ntlworld.com (Jim Jarvie) Date: Tue Dec 2 02:36:28 2003 Subject: Problems Listing Users In-Reply-To: References: Message-ID: <20011018.15113600@linux.jarvie.org.uk> I'm somewhat embarrassed to say no - your suggestion is a very obvious way to test the theory. I was so keen to try to fix that I forgot a more basic step and only tried numbers > 50 ! I'll make the change to 10 and test to see if I still get 2 blocks and a total of 20 now... Thanks for your suggestion - I'll report back with my results. Jim >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 18/10/01, 14:47:24, Jean Francois Micouleau wrote regarding Re: Problems Listing Users: > On Thu, 18 Oct 2001, Jim Jarvie wrote: > > Yes, I found [and changed] that entry [by recompiling] - what I got then > > was a complete failure to list the users at all (I tried various > > values).. Since the 100 users is exactly two blocks of 50 I though I > > could change this to 1000 and my problem would be solved, but it made > > things a lot worse ! I could only get it to work [i.e. To show any > > users] by reverting to 50, which put me back exactly where I started... > Did you try changing to say 10 to check if you only get 20 users in the > list ? > I don't think the value of 50 is the problem, it's somewhere else. In the > second and next packet we probably don't upgrade correctly an index. > J.F. From greg at kwikfind.com Thu Oct 18 08:55:04 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:28 2003 Subject: Tutorials In-Reply-To: <001e01c157bd$b0735b30$6d0010ac@stargazer> Message-ID: > A re there any decent tutorials on the web for setting up Samba as a PDC Yes, numerous references. A good place to start is the Samba book "Using Samba." You can download a PDF version from the net. This book was based on Samba 2.0.7, so some of it's getting out of date now, but the concepts are good. Another good reference is David Barron's HowTo and FAQ documents. Very good texts. Finally, poke around in the Samba docs directory. You'll have to install the source code tree on your system to get at these. This can be easily done by download a tar ball or installing an RPM source on your system. Greg J. Zartman -------------- next part -------------- HTML attachment scrubbed and removed From ressin at psychologie.uni-kiel.de Thu Oct 18 10:03:07 2001 From: ressin at psychologie.uni-kiel.de (Malte Ressin) Date: Tue Dec 2 02:36:28 2003 Subject: Problem with Samba and Windows 2000/Service pack 2 Message-ID: Hi there I have the following problem: We have a windows domain running on a Linux machine (kernel 2.2.3), on Samba 2.2.2. The domain is working so far, it works to connect network drives with Windows 95/98, NT 4.0 (service pack 6a) and W2K (service pack 2). Logging into a domain works also, but only with Win95/98 (I mean the windows login screen that pops up at the start of windows). I fail to log into this domain with W2K. W2K gives me an error message stating that it is unable to find the domain. I don't think the problem is with my Windows installation, because I can log in to a different domain running on a NT 4.0 server, but not on that domain on the Linux server. So, the questions I have is the following: a) is it supposed to work, to log in a windows domain with W2K service pack 2, running on samba 2.2.2? The trouble is, I read several reports on the net of people who claimed to do so, sometimes even without any setup work, "out of the box". Then again, I also read some reports that no version of samba is supposed to provide login functionality for W2K. b) if it is supposed to work, and someone managed to do so, could you please tell me how exactly you did it? Maybe a step-to-step runthrough? I'm sorry, but we really tried here and I am totally lost by now. Another problem is that we run the german W2K version, so I unfortunately cannot give the exact english (error) messages since I get them in german. I hope that's not too big of a problem. Anyway, any kind of help is greatly appreciated. Maybe if someone could answer a) at least, so that we know if we're chasing things that simply are not there. Apart from that, congrats and thanks to the samba team for their efforts and their really great and reliable software. So far, Malte :-) -------------------------------------------------------------------------- Kontakt: Raum 340, i.d.R. Montags und Freitags zwischen 12 und 13 Uhr oder (noch besser) email: ressin@psychologie.uni-kiel.de -------------------------------------------------------------------------- From aoclarit at kiwi.dhs.org Thu Oct 18 10:06:04 2001 From: aoclarit at kiwi.dhs.org (Aoclarit) Date: Tue Dec 2 02:36:28 2003 Subject: domain admin account ? Message-ID: <3BCF0C47.78F6E946@kiwi.dhs.org> Hi folks I recently set up my samba "PDC" successfully but the only thing that doesn't quite work is the domain admin account. I read somewhere that you're supposed to create a samba user that is part of the UNIX adm-account (by default root,adm and deamon) and then add this line to smb.conf Domain Admin group = @adm if you then log on as this user you're supposed to be the domain admin but when I do that it seems I'm just another user. When I try to write to the netlogon-share I still get an access denied and I still cannot see other user's home directories. Aren't I supposed to be able to do that as Domain admin ? help is appreciated ALEX From jra at samba.org Thu Oct 18 11:13:03 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:36:28 2003 Subject: winbind In-Reply-To: ; from jmcd@us.ibm.com on Thu, Oct 18, 2001 at 08:39:48AM -0400 References: Message-ID: <20011018111234.E23000@va.samba.org> On Thu, Oct 18, 2001 at 08:39:48AM -0400, Jim McDonough wrote: > Hmm, a lot of it sure works for me...I'm running a fairly recent (within > last 2 weeks) PDC and winbind, and it works...including ACL support. I've > been running that way for quite a few months now...what shouldn't be > working? Well this is from talking to Tim Potter, who wrote winbind. Tim, can you comment on the specifics please ? Thanks, Jeremy. From fperfumov at nexo.es Thu Oct 18 13:41:09 2001 From: fperfumov at nexo.es (Fernando Perfumo) Date: Tue Dec 2 02:36:28 2003 Subject: smb.conf % variables Message-ID: <3BCF3F6F.B9D10390@nexo.es> Hi. Tunning my smb.conf I observed that %U %L %etc variables seems not to be assigned, or smbd and nmbd simply ignore them. Could somebody give indications about possible causes of this? Thanks all. P.S.: slakware 8, samba 2.2 From lkcl at samba-tng.org Thu Oct 18 14:36:22 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:36:28 2003 Subject: lsarpc.idl API Message-ID: <20011018233149.E6753@angua.rince.de> thanks to matty for the lsarpc.idl file: it compiles in dceidl (slightly modified) and we're away! client-side header file and API is generated _automatically_ by dceidl, for immediate use with freedce libraries. porting of TNG's srv_lsa_nt.c can now take place if anyone's interested. volunteers, anyone? luke p.s. we also have winreg.idl so that means that the Reg* API is also automatically available for immediate use. if anyone's interested. From lkcl at samba-tng.org Thu Oct 18 14:43:15 2001 From: lkcl at samba-tng.org (Luke Kenneth Casson Leighton) Date: Tue Dec 2 02:36:28 2003 Subject: netlogon.idl API Message-ID: <20011018233932.H6753@angua.rince.de> first _useable_ experimentation with netlogon.idl is underway. i may actually have a freedce native version of check_domain_security far quicker than i had imagined or hoped, at this rate! i have successfully tested NetServerReqChallenge and NetAuthenticate2 and, unbelievably, they worked first time. once i have the LsaQuerySecret code working, i can test NetSamLogon (hurrah!) porting of TNG's srv_netlogon_nt.c can also proceed, now that we have netlogon.idl. if anyone is interested in assisting with this, let me know. luke From jerry at samba.org Thu Oct 18 15:13:04 2001 From: jerry at samba.org (Gerald (Jerry) Carter) Date: Tue Dec 2 02:36:28 2003 Subject: winbind In-Reply-To: <20011018111234.E23000@va.samba.org> Message-ID: On Thu, 18 Oct 2001, Jeremy Allison wrote: > On Thu, Oct 18, 2001 at 08:39:48AM -0400, Jim McDonough wrote: > > > Hmm, a lot of it sure works for me...I'm running a fairly recent (within > > last 2 weeks) PDC and winbind, and it works...including ACL support. I've > > been running that way for quite a few months now...what shouldn't be > > working? > > Well this is from talking to Tim Potter, who wrote winbind. Tim, can > you comment on the specifics please ? Group enumeration is unimplemented in Samba's rpc server code. cheers, jerry --------------------------------------------------------------------- www.samba.org SAMBA Team jerry_at_samba.org www.plainjoe.org jerry_at_plainjoe.org --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- From cbarry at infiniconsys.com Thu Oct 18 15:28:02 2001 From: cbarry at infiniconsys.com (Barry, Christopher) Date: Tue Dec 2 02:36:28 2003 Subject: 2.2.2 and Roaming Profiles with Win2k Message-ID: <08628CA53C6CBA4ABAFB9E808A5214CB347B@mercury.infiniconsys.com> First, you won't be able to delete a profile if it is the current user's profile - but I'm assuming you know that. Second, you'll want to remove profiles using the user profile tab of the system properties dialog (right click My Computer -> Properties). Log in as admin to the local box, and delete it then if all else fails. It will likely not resolve the profile name, but instead say 'Unknown Profile'. Christopher Barry InfiniCon Systems > -----Original Message----- > From: Marcel Kunath [mailto:kunathma@pilot.msu.edu] > Sent: Wednesday, October 17, 2001 5:49 PM > To: Wimberly Eddie Contr WRALC/LYSFR > Cc: samba-ntdom@lists.samba.org > Subject: Re: 2.2.2 and Roaming Profiles with Win2k > > > I have a similar problem. I had roaming profiles working. I > don't know what > bothered me but I messed around with it and it stopped saving > the profile to > the pdc and only gave me a local profile. So I said ok. Let's > delete the > profile directory and start from scratch. No go there. The > win2k box has some > profile saved locally on the box now and I can't even delete > it as admin. It > still tries to save the profile to the server but gives > errors on loading and > then just opts for the local one. > > Can somebody tell me how to delete a stubborn folder in win2k > where it says: > "folder access denied. folder in use" > > Oh I remember how the whole thing started. I had deleted > /etc/MACHINE.SID > (because of my sid map problem) and tried to log back onto > the domain and then > the profiles got messed up. > > mk > > > > This > message is in MIME format. Since your mail reader does > not understand > this format, some or all of this message may > not be legible. > > > > --------------InterScan_NT_MIME_Boundary > > Content-Type: multipart/alternative; > > boundary="----_=_NextPart_001_01C15719.891D1CF0" > > > > ------_=_NextPart_001_01C15719.891D1CF0 > > Content-Type: text/plain; > > charset="iso-8859-1" > > > > I have 2.2.2 running as a PDC. I am trying to get roaming profiles > > to work and have read the related docs. I am seeing the following > > symptoms. After logging in on the Win2k box, it tells me > that "Windows > > cannot create > > profile directory \\sambapdc\username\profile.pds > > . You will be logged > > on with a local profile ...." > > > > In the [globals] section, I have "logon path = //%N/profiles/%U > > " as stated in the > > docs. > > > > Using smbclient on the samba server to test, I enter > > "smbclient //sambapdc/profiles > -U username" and > > get the expected results. > > But if I enter, "smbclient //sambapdc/profiles > > > /username -U username", I get > > "tree connect failed: ERRDOS - ERRnosuchshare (You > specified an invalid > > share name)." > > > > Any body else seen this or actually have roaming profiles working? > > > > Ed > > > > ------_=_NextPart_001_01C15719.891D1CF0 > > Content-Type: text/html; > > charset="iso-8859-1" > > > > > > > > > > > > > > > > > >
class=806491813-17102001>I have 2.2.2 runni > ng > > as a PDC.  I am trying to get roaming profiles >
> >
class=806491813-17102001>to work and have > > read the related docs.  I am seeing the following >
> >
class=806491813-17102001>symptoms.  > > After logging in on the Win2k box, it tells me that "Windows cannot > > create
> > > >
class=806491813-17102001>on with a local > > profile ...."
> >
> class=806491813-17102001> 
> >
> >
class=806491813-17102001>docs.  > >
> >
> class=806491813-17102001> 
> >
class=806491813-17102001>Using smbclient on > > > the samba server to test, I enter
> >
class=806491813-17102001>"smbclient > href="file://sambapdc/profiles">//sambapdc/profiles -U > username" and get t > he > > expected results.
> >
class=806491813-17102001>But if I enter, > > "smbclient > > href="file://sambapdc/profiles">//sambapdc/profiles/userna > me -U username", > I > > get
> >
class=806491813-17102001> > size=2>"tree connect failed: ERRDOS - > > ERRnosuchshare (You specified an invalid share > > name)."
> >
class=806491813-17102001> > size=2> class=806491813-17102001> 
> > >
class=806491813-17102001> > size=2>Any body else seen > this or actually have > > > roaming profiles working?
> >
class=806491813-17102001> > size=2> class=806491813-17102001> 
> > >
class=806491813-17102001> > size=2> > > class=806491813-17102001>Ed
< > /BODY> > > > > ------_=_NextPart_001_01C15719.891D1CF0-- > > > > --------------InterScan_NT_MIME_Boundary-- > > > > > > > > > From aoclarit at kiwi.dhs.org Thu Oct 18 19:56:02 2001 From: aoclarit at kiwi.dhs.org (alex) Date: Tue Dec 2 02:36:28 2003 Subject: WINS-server and push/pull Message-ID: <3BCF987F.BC8A1E67@kiwi.dhs.org> Hi all Can I set up a linux-box to be a wins-server within a domain and then tell it to sync with other NT-based wins-servers that already exist in the domain ? I cannot find anything on that. ALEX From aoclarit at kiwi.dhs.org Thu Oct 18 21:18:02 2001 From: aoclarit at kiwi.dhs.org (alex) Date: Tue Dec 2 02:36:28 2003 Subject: WINS-sever and push/pull partner ? Message-ID: <3BCFABA1.AAEB6A7C@kiwi.dhs.org> Hi all Can I set up a linux-box to be a WINS-server within a domain and then tell it to sync with other NT-based WINS-servers that already exist in the domain ? How can I test if the WINS-database on the linux-box is populated ? Thanks ALEX From pcaritj at riovia.net Thu Oct 18 23:09:02 2001 From: pcaritj at riovia.net (Paul J. Caritj) Date: Tue Dec 2 02:36:28 2003 Subject: Getting Desperate Message-ID: OK, I'm getting desperate. I am sure this problem is nothing out of the ordinary, but I've never used samba (and, only rarely, linux) and I need this thing running by next week. What I've Done: I have a Windows2000 PDC and (save one) 2000 clients. I have a linux fileserver (Kernel 2.4; Redhat 7.1; Samba 2.2.2) sharing two public folders ("Resources" and "Tax") What I need: A home directory for any given user who browses their way into the fileserver through Network Neighborhood. Each also needs to map a network drive (Z:) to their Home directory. I have the home directories working properly but no one can log in. At the risk of sounding lazy, what should smb.conf look like? How do I handle passwords (that is the main issue). I have little interest in integrating with the PDC's security. I just want to make the accounts manually on the unxix machine. So, I know this is a lot to ask, but could someone give me a step by step to (in summary) do the following: configure home directories for users in which the corrosponding user has full permissions (Read, write, execute, the whole enchilada) that they can successfully log into from their Win2000 workstation. Again, password servers, domain membership, etc are irrelevent. I'm willing to either use encrypted passwords on the Liux box OR unencrypted passwords on the Windows box. Whichever is easier, as long as it works. If someone could help me with this I would appreciate it SO much. Thank you, Paul Caritj pcaritj@riovia.net From fry at lem.com Fri Oct 19 00:01:37 2001 From: fry at lem.com (Francois Ryser) Date: Tue Dec 2 02:36:28 2003 Subject: samba 2.2.2 Message-ID: Hello I have migrate from samba-2.2.1a to samba-2.2.2 on redhat 7.0 Since this migration if i look on my PC (win2k SP2) the "Domain Admins" is now unix_group.214xxxxx. and it is not possible to add "Domain User", i can see the to group on the list but if i try to add it say this is not a group. Can some one help me ??? Ryser Fran?ois System Administrator fry@lem.com www.lem.com From Leong at nti.infomal.com.my Fri Oct 19 00:05:22 2001 From: Leong at nti.infomal.com.my (Tai Kee Leong) Date: Tue Dec 2 02:36:28 2003 Subject: Need help to setup Samba PDC for Windows 9x/NT/2000 Message-ID: Hello everyone, I need help to configure a Samba as the PDC for Windows 9x/NT/2000 machines. I have configure the encrypted password based on the document I read from redhat.com entitle 'Using Samba with Windows NT 4.0 and Windows 2000'. The following command was used: - - cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd - chmod 600 /etc/samba/ - smbpasswd username The machine that I login is Windows 2000 with workgroup but Samba could not authenticate my username. What else do i need to configure? The software version as follow:- - Redhat Linux 7.0 with Samba 2.0.7 - Windows 2000 Professional with SP1 Thank you. Leong From rtune at chariot.net.au Fri Oct 19 00:28:04 2001 From: rtune at chariot.net.au (Robert Tune) Date: Tue Dec 2 02:36:29 2003 Subject: Fw: unsubscribe Message-ID: <00f801c15870$bc712e40$3758190a@chariot.net.au> ----- Original Message ----- From: "Robert Tune" To: Sent: Friday, October 19, 2001 5:04 PM Subject: unsubscribe > Please unsubscribe from this list. > > > Robert Tune > > From alois.blasbichler at sb-brixen.it Fri Oct 19 00:45:11 2001 From: alois.blasbichler at sb-brixen.it (alois blasbichler) Date: Tue Dec 2 02:36:29 2003 Subject: Need help to setup Samba PDC for Windows 9x/NT/2000 In-Reply-To: References: Message-ID: <01Oct19.094653cest.117121@maastricht02.se-nord.provinz.bz.it> i have the same problem; its possible to use samba 2.0.7 as PDC with Windows2000 (i have SP 2) ?? because from Win98 it works fine i get the error on Windows2000 "the number of processes is out of the range" a part of my log-file: ############################### Skipping become_user - already user [2001/10/19 09:16:12, 4] smbd/nttrans.c:nt_open_pipe(560) nt_open_pipe: Opening pipe \samr. [2001/10/19 09:16:12, 3] smbd/nttrans.c:nt_open_pipe(576) nt_open_pipe: Known pipe samr opening. [2001/10/19 09:16:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(116) Open pipe requested samr (pipes_open=2) [2001/10/19 09:16:12, 4] rpc_server/srv_pipe_hnd.c:open_rpc_pipe_p(205) Opened pipe samr with handle 7006 (pipes_open=3) [2001/10/19 09:16:12, 3] smbd/process.c:process_smb(618) Transaction 32 of length 152 [2001/10/19 09:16:12, 3] smbd/process.c:switch_message(448) switch message SMBtrans (pid 8549) [2001/10/19 09:16:12, 4] smbd/uid.c:become_user(186) Skipping become_user - already user [2001/10/19 09:16:12, 3] smbd/ipc.c:reply_trans(3659) trans <\PIPE\> data=72 params=0 setup=2 [2001/10/19 09:16:12, 3] smbd/ipc.c:named_pipe(3516) named pipe command on <> name [2001/10/19 09:16:12, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(817) search for pipe pnum=7006 ########################### alois Zitiere Tai Kee Leong : > Hello everyone, > > I need help to configure a Samba as the PDC for Windows 9x/NT/2000 > machines. > I have configure the encrypted password based on the document I read > from > redhat.com entitle 'Using Samba with Windows NT 4.0 and Windows 2000'. > The > following command was used: - > > - cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd > - chmod 600 /etc/samba/ > - smbpasswd username > > The machine that I login is Windows 2000 with workgroup but Samba could > not > authenticate my username. What else do i need to configure? > > The software version as follow:- > - Redhat Linux 7.0 with Samba 2.0.7 > - Windows 2000 Professional with SP1 > > Thank you. > Leong > > ********************* dr. alois blasbichler Informatikabteilung SB-Brixen Dantestr. 51 39042 Brixen tel. 0472/812087 mail alois.blasbichler@sb-brixen.it From kokwei at eXtropia.com Fri Oct 19 00:48:04 2001 From: kokwei at eXtropia.com (Kok Wei, Koh) Date: Tue Dec 2 02:36:29 2003 Subject: Need help to setup Samba PDC for Windows 9x/NT/2000 In-Reply-To: Message-ID: <5.1.0.14.2.20011019154441.00ac4df8@192.168.168.10> Hi Leong, You still need to set your Samba as your domain logon server. Under [Global]: domain logon = yes security = user That's all I can remember, perhaps someone else in this list may give you a clearer picture of what else you need to do. With Samba as your domain logon server, you can then have roaming user profiles and logon scripts that you have to store in the netlogon share in Samba. Kok Wei At 03:02 PM 10/19/2001 +0800, Tai Kee Leong wrote: >Hello everyone, > >I need help to configure a Samba as the PDC for Windows 9x/NT/2000 machines. >I have configure the encrypted password based on the document I read from >redhat.com entitle 'Using Samba with Windows NT 4.0 and Windows 2000'. The >following command was used: - > >- cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd >- chmod 600 /etc/samba/ >- smbpasswd username > >The machine that I login is Windows 2000 with workgroup but Samba could not >authenticate my username. What else do i need to configure? > >The software version as follow:- >- Redhat Linux 7.0 with Samba 2.0.7 >- Windows 2000 Professional with SP1 > >Thank you. >Leong From alois.blasbichler at sb-brixen.it Fri Oct 19 01:48:04 2001 From: alois.blasbichler at sb-brixen.it (alois blasbichler) Date: Tue Dec 2 02:36:29 2003 Subject: Need help to setup Samba PDC for Windows 9x/NT/2000 In-Reply-To: <5.1.0.14.2.20011019154441.00ac4df8@192.168.168.10> References: <5.1.0.14.2.20011019154441.00ac4df8@192.168.168.10> Message-ID: <01Oct19.104928cest.117121@maastricht02.se-nord.provinz.bz.it> the global -section of my smb.conf is: is their anything wrong ?? alois ####################################### [global] workgroup = adom printcap name = /etc/printcap interfaces = 10.53.5.44/255.255.252.0 socket options = TCP_NODELAY guest account = nobody keep alive = 30 load printers = yes security = user domain logons = yes os level = 33 netbios name = mir local master = yes domain master = true preferred master = true encrypt passwords = yes map to guest = Bad User printing = bsd kernel oplocks = false wins support = no log level = 4 ####################################### Zitiere "Kok Wei, Koh" : > Hi Leong, > > You still need to set your Samba as your domain logon server. > Under [Global]: > > domain logon = yes > security = user > > That's all I can remember, perhaps someone else in this list may give > you a > clearer picture of what else you need to do. > With Samba as your domain logon server, you can then have roaming user > profiles and logon scripts that you have to store in the netlogon share > in > Samba. > > > Kok Wei > > At 03:02 PM 10/19/2001 +0800, Tai Kee Leong wrote: > >Hello everyone, > > > >I need help to configure a Samba as the PDC for Windows 9x/NT/2000 > machines. > >I have configure the encrypted password based on the document I read > from > >redhat.com entitle 'Using Samba with Windows NT 4.0 and Windows 2000'. > The > >following command was used: - > > > >- cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd > >- chmod 600 /etc/samba/ > >- smbpasswd username > > > >The machine that I login is Windows 2000 with workgroup but Samba could > not > >authenticate my username. What else do i need to configure? > > > >The software version as follow:- > >- Redhat Linux 7.0 with Samba 2.0.7 > >- Windows 2000 Professional with SP1 > > > >Thank you. > >Leong > > > From grobe at gmx.net Fri Oct 19 01:56:05 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:36:29 2003 Subject: Need help to setup Samba PDC for Windows 9x/NT/2000 References: <5.1.0.14.2.20011019154441.00ac4df8@192.168.168.10> <01Oct19.104928cest.117121@maastricht02.se-nord.provinz.bz.it> Message-ID: <3BCFEB1D.CBAEB0B3@gmx.net> Hi! Did you try to use smbclient on the server? smbclient -U username -L servername If this works, it might be not a user-related problem, bu a network setup errror. Do you have a wins-server? We use our pdc as wins here, but you can also make it register at another machine, as the clients will have to find the pdc... In fact, setting up the wins-settings isn't difficult on the samba side (the clients get this over dhcp here). CU, Lars. From alois.blasbichler at sb-brixen.it Fri Oct 19 02:55:02 2001 From: alois.blasbichler at sb-brixen.it (alois blasbichler) Date: Tue Dec 2 02:36:29 2003 Subject: Need help to setup Samba PDC for Windows 9x/NT/2000 In-Reply-To: <3BCFEB1D.CBAEB0B3@gmx.net> References: <5.1.0.14.2.20011019154441.00ac4df8@192.168.168.10> <01Oct19.104928cest.117121@maastricht02.se-nord.provinz.bz.it> <3BCFEB1D.CBAEB0B3@gmx.net> Message-ID: <01Oct19.115641cest.117121@maastricht02.se-nord.provinz.bz.it> Zitiere "Lars O. Grobe" : > Hi! > > Did you try to use smbclient on the server? > > smbclient -U username -L servername > yes and it works : session setup ok and tconx ok other suggestions alois > If this works, it might be not a user-related problem, bu a network > setup errror. > > Do you have a wins-server? We use our pdc as wins here, but you can > also > make it register at another machine, as the clients will have to find > the pdc... In fact, setting up the wins-settings isn't difficult on the > samba side (the clients get this over dhcp here). > > CU, Lars. > > ********************* dr. alois blasbichler Informatikabteilung SB-Brixen Dantestr. 51 39042 Brixen tel. 0472/812087 mail alois.blasbichler@sb-brixen.it From kunathma at pilot.msu.edu Fri Oct 19 03:57:02 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:29 2003 Subject: samba 2.2.2 In-Reply-To: from "Francois Ryser" at Oct 19, 2001 08:55:43 am Message-ID: <200110191058.f9JAw9R46992@pilot19.cl.msu.edu> Yes I had a similar thing happen. I migrated from 2.2.1a to 2.2.2 and I had this unix_user.103 appear. Fact is I don;t have such user. Check your passwd/group files for inconsistencies and also check your directory/file tree if any of your files are chowned xxx:214xxxx. Chown them to what they are suppose to be and this group 214 should disappear again. mk > > Hello > > I have migrate from samba-2.2.1a to samba-2.2.2 on redhat 7.0 > > Since this migration if i look on my PC (win2k SP2) the "Domain Admins" is > now unix_group.214xxxxx. and it is not possible to add "Domain User", i can > see the to group on the list but if i try to add it say this is not a group. > > Can some one help me ??? > > > Ryser François > System Administrator > fry@lem.com > www.lem.com > > > From Aaron.Meyer at BakerHughes.com Fri Oct 19 08:01:08 2001 From: Aaron.Meyer at BakerHughes.com (Meyer, Aaron) Date: Tue Dec 2 02:36:29 2003 Subject: Need help to setup Samba PDC for Windows 9x/NT/2000 Message-ID: <1F77B6E019F9D211826700805F15B5E706D2E29B@CENCOKISS01.bakerhughes.com> If you are wanting to service as PDC for Windows 2000, with DOMAIN logons, you will need at lease Samba 2.2.0 of course the latest Samba 2.2.2 is probably the best bet for you. (PDC support for anything but Win9x in Samba 2.0.x was entirely experimental! - it could work, but many had problems with NT, MANY problems with 2000) Samba 2.2.0 and better tarballs come with the latest documentation and has the best PDC functionallity. Aaron Meyer LNXRLZ, MSSKS, 2kBLWS -----Original Message----- From: Tai Kee Leong [mailto:Leong@nti.infomal.com.my] Sent: Friday, October 19, 2001 2:02 AM To: 'samba-ntdom@lists.samba.org' Subject: Need help to setup Samba PDC for Windows 9x/NT/2000 Hello everyone, I need help to configure a Samba as the PDC for Windows 9x/NT/2000 machines. I have configure the encrypted password based on the document I read from redhat.com entitle 'Using Samba with Windows NT 4.0 and Windows 2000'. The following command was used: - - cat /etc/passwd | mksmbpasswd.sh > /etc/samba/smbpasswd - chmod 600 /etc/samba/ - smbpasswd username The machine that I login is Windows 2000 with workgroup but Samba could not authenticate my username. What else do i need to configure? The software version as follow:- - Redhat Linux 7.0 with Samba 2.0.7 - Windows 2000 Professional with SP1 Thank you. Leong From Aaron.Meyer at BakerHughes.com Fri Oct 19 08:32:05 2001 From: Aaron.Meyer at BakerHughes.com (Meyer, Aaron) Date: Tue Dec 2 02:36:29 2003 Subject: Getting Desperate Message-ID: <1F77B6E019F9D211826700805F15B5E706D2E30D@CENCOKISS01.bakerhughes.com> Ok, I've got a test instance of Samba 2.2.2 running. it is setup with USER security so all accounts are authenticated locally - not on the DOMAIN. Which means you have to be careful or you'll get conflicting credentials. This configuration will use an existing NT or 2000 PDC as WINS and Master Browser server. All user authentication is done locally. I don't have Winbindd running at all. Add each user by 'useradd ' and 'smbpasswd ' when passwords expire on the domain, they will NOT be updated here, credential confliction may then occur. Passwords will have to be synced manually. I did have winbindd working, but took it out because it was so dreadfully slow on our domain with 30,000+ users. Each user can map his own home directory by running. Their home directory will be specified in your /etc/passwd file. 'net use Z: \\servername\ /persistent:yes' << smb.conf >> [global] workgroup = workgroup netbios name = barlnxpc server string = barlnxpc comment = ## Hide Linux so Corp doesn't freak out! announce as = NT Workstation announce version = 4.0 guest account = nobody keep alive = 30 log file = /opt/samba-2.2.2/var/log/samba/log.%m max log size = 50 security = USER encrypt passwords = yes smb passwd file = /opt/samba-2.2.2/private/smbpasswd username map = /opt/samba-2.2.2/private/smbusers socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = no preferred master = no domain logons = no wins server = 10.250.8.2 wins proxy = no dns proxy = no [homes] comment = Users Home Directory browseable = no writable = yes [C$] path = / comment = Admin Share browseable = yes writeable = yes admin users = root valid users = root @samba-admins public = no [Sharedir] path = /exports/sharedir comment = Network Share Folder writeable = yes public = no << EOF smb.conf >> Hope this helps you. Aaron Meyer LNXRLZ, MSSKS, 2kBLWS -----Original Message----- From: Paul J. Caritj [mailto:pcaritj@riovia.net] Sent: Friday, October 19, 2001 1:11 AM To: samba-ntdom@lists.samba.org Subject: Getting Desperate OK, I'm getting desperate. I am sure this problem is nothing out of the ordinary, but I've never used samba (and, only rarely, linux) and I need this thing running by next week. What I've Done: I have a Windows2000 PDC and (save one) 2000 clients. I have a linux fileserver (Kernel 2.4; Redhat 7.1; Samba 2.2.2) sharing two public folders ("Resources" and "Tax") What I need: A home directory for any given user who browses their way into the fileserver through Network Neighborhood. Each also needs to map a network drive (Z:) to their Home directory. I have the home directories working properly but no one can log in. At the risk of sounding lazy, what should smb.conf look like? How do I handle passwords (that is the main issue). I have little interest in integrating with the PDC's security. I just want to make the accounts manually on the unxix machine. So, I know this is a lot to ask, but could someone give me a step by step to (in summary) do the following: configure home directories for users in which the corrosponding user has full permissions (Read, write, execute, the whole enchilada) that they can successfully log into from their Win2000 workstation. Again, password servers, domain membership, etc are irrelevent. I'm willing to either use encrypted passwords on the Liux box OR unencrypted passwords on the Windows box. Whichever is easier, as long as it works. If someone could help me with this I would appreciate it SO much. Thank you, Paul Caritj pcaritj@riovia.net From pjmp at kingsfords.co.uk Fri Oct 19 09:32:03 2001 From: pjmp at kingsfords.co.uk (Peter Polkinghorne) Date: Tue Dec 2 02:36:29 2003 Subject: Samba PDC talk - Thu 25/10/2001 - London, England Message-ID: <200110191635.RAA21175@helios.kingsfords.co.uk> I am giving a free talk about my experiences with Samba PDC (and tarantella) entitled "Containing Windows" at LUUG at 19:00 Thu 25/10/2001 at Room 415, Institute of Education, Bedford Way, London WC1H 0AL. Apologies to the bulk who are not in London. For details see: http://www.ukuug.org/ and http://www.ukuug.org/lugs/luug.shtml -- Peter Polkinghorne, IT Manager Kingsford Stacey Blackwell ppolkinghorne@kingsfords.co.uk 14 Old Square, Lincoln's Inn (44) 020 7447 1200 London WC2A 3UB From barroca at coltec.ufmg.br Fri Oct 19 09:41:04 2001 From: barroca at coltec.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:29 2003 Subject: subscribe samba-nt Message-ID: <20011019164210.10691.qmail@zabumba.coltec.ufmg.br> From ntl-linux at ntlworld.com Fri Oct 19 10:41:19 2001 From: ntl-linux at ntlworld.com (Jim Jarvie) Date: Tue Dec 2 02:36:29 2003 Subject: Problems Listing Users In-Reply-To: References: Message-ID: <20011019.17415700@linux.jarvie.org.uk> Dear Jean & nt-dom list, Following up my earlier message regarding the list problem, I have now re-tried the user list with samba re-compiled for 10 users per block. This does indeed give me 20 entries in the list (18 users + 2 domain groups), so it appears only 2 blocks are being sent to Win98, hence the incomplete list I am experiencing. Where do we go from here ? Should I submit any more detailed debug logs to help track this problem down ? Regards Jim >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 18/10/01, 14:47:24, Jean Francois Micouleau wrote regarding Re: Problems Listing Users: > On Thu, 18 Oct 2001, Jim Jarvie wrote: > > Yes, I found [and changed] that entry [by recompiling] - what I got then > > was a complete failure to list the users at all (I tried various > > values).. Since the 100 users is exactly two blocks of 50 I though I > > could change this to 1000 and my problem would be solved, but it made > > things a lot worse ! I could only get it to work [i.e. To show any > > users] by reverting to 50, which put me back exactly where I started... > Did you try changing to say 10 to check if you only get 20 users in the > list ? > I don't think the value of 50 is the problem, it's somewhere else. In the > second and next packet we probably don't upgrade correctly an index. > J.F. From Jean-Francois.Micouleau at dalalu.fr Fri Oct 19 10:55:12 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:36:29 2003 Subject: Problems Listing Users In-Reply-To: <20011019.17415700@linux.jarvie.org.uk> Message-ID: On Fri, 19 Oct 2001, Jim Jarvie wrote: > Following up my earlier message regarding the list problem, I have now > re-tried the user list with samba re-compiled for 10 users per block. > This does indeed give me 20 entries in the list (18 users + 2 domain > groups), so it appears only 2 blocks are being sent to Win98, hence the > incomplete list I am experiencing. good. > Where do we go from here ? Should I submit any more detailed debug logs > to help track this problem down ? No that's fine. I just have to fire up by vmware win98 session to debug it. Will do that this week end. Thanks for the report. J.F. From rebecca at unterlaw.com Fri Oct 19 14:00:05 2001 From: rebecca at unterlaw.com (Rebecca Pakish) Date: Tue Dec 2 02:36:29 2003 Subject: Newbie...confused on the basics... Message-ID: <11AAC3C562ADD41197C40090273DFB965CAF9F@in-db.unterlaw.com> Hi all... I'm new to Samba, new to Linux and well, I'm not all that terribly strong with NT administration. We're moving into the wonderful world of Linux, and I've been charged with the new backup and recovery system. I've chosen amanda to go through samba to pull from my NT boxes. I'm running my amanda/samba server all on one RH 7.1 box in testing right now. Running samba 2.0.10. Using SWAT and Webmin and anything else that seems to make this easy (*aspiring command-line junkie, but I'm not there yet*) My questions are these: 1. Right now I can see my samba server (salad) on all of my NT boxes (there are 3). When I go into the server manager, I can see salad there, as well, listed as a Windows NT 4.2 Server (I didn't put this here, and don't know where it picked up the 4.2 part) and the description is saying "Samba server" (because my smb.conf told it to, which is inspiring...at least I know the two are speaking) I never could run the smbpasswd -j DOMAIN -r PDCname command without getting an error involving NT_STATUS_NO_TRUST_SAM_ACCOUNT. I understand this means that the NT setup isn't kosher, but I don't know what to do about it. I can double click on salad in the nethood and see the shares and access them all I want. Don't I still need to join the domain...with the above command, or did this magically happen for me somehow without me knowing it? 2. To use the amanda amrecover, amrestore features...it's my understanding that you have to cd into the area where the file originally lived and run the amrecover command from that spot to recover the file. How in the world do I access my NT box from my Samba server. There are volumes of information on getting to my samba server from NT, but I can't find any commands to get me from samba to my nt shares? I realize it's probably so basic it's just silly, but I'm truly a novice here. Can someone please help me before I go insane? I've got several books and I'm pouring through the archives trying to find some answers. I cannot be the only sys admin trying to run this kind of setup....HELP??? rap Rebecca A. Pakish Systems Administrator Unterberg & Associates, P.C. (219) 736-5579 ext. 184 From johnd at attronica.com Fri Oct 19 14:27:05 2001 From: johnd at attronica.com (johnd) Date: Tue Dec 2 02:36:29 2003 Subject: To set Tru64 UNIX as client to access NT (2000) server Message-ID: <000801c158e4$966b80a0$b1b0c7d0@attronica.com> Hi, We are looking for a software that can set Compaq Tru64 UNIX server as a client to access NT( or WIN 2000) server. The Samba software is let UNIX to set as SERVER so NT domain users can access unix., but can't set UNIX as client. Does anybody know that kind of software, please tell us. Thanks in advance. John Ding -------------- next part -------------- HTML attachment scrubbed and removed From Aaron.Meyer at BakerHughes.com Fri Oct 19 14:40:10 2001 From: Aaron.Meyer at BakerHughes.com (Meyer, Aaron) Date: Tue Dec 2 02:36:29 2003 Subject: To set Tru64 UNIX as client to access NT (2000) server Message-ID: <1F77B6E019F9D211826700805F15B5E706D2EA52@CENCOKISS01.bakerhughes.com> SAMBA does support UNIX to NT client access. See the information about using smbclient as a ftp like client or see smbmount information for mounting an NT share on the UNIX filesystem tree. Aaron Meyer LNXRLZ, MSSKS, 2kBLWS -----Original Message----- From: johnd [mailto:johnd@attronica.com] Sent: Friday, October 19, 2001 4:25 PM To: samba-ntdom@lists.samba.org Subject: To set Tru64 UNIX as client to access NT (2000) server Hi, We are looking for a software that can set Compaq Tru64 UNIX server as a client to access NT( or WIN 2000) server. The Samba software is let UNIX to set as SERVER so NT domain users can access unix., but can't set UNIX as client. Does anybody know that kind of software, please tell us. Thanks in advance. John Ding From npande at bajajauto.co.in Fri Oct 19 23:18:01 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:29 2003 Subject: Simple Question References: <1F40153621D010438815DE7F6374B4A721D7@ptxmaster.protaxemployees.com> Message-ID: <3BD11816.9E860999@bajajauto.co.in> Paul, Are you able to login using root account? If not then make sure to map the users from samba to Linux. There is a script to do that. Also, are you in a Domain or Workgorup environment. You may have to join the Linux box to NT Domain. That's quite easy to do. HTH, Ciao, Nitin Pande Mail Administrator Administrator wrote: > Hi, > I'm new to linux and samba but I desperately need to get this thing > working so I'd appreciate any help anyone could give me. > > My problem is this: > Samba successfully registers itself with my WINS server (a Windows 2000 > domain controller) and appears in the appropriate location in "Network > Neighborhood." However, I am unable to browse the shares provided by the > samba server. (IE, if the server name is "smbserver", then SMBSERVER is > present network neighborhoos but I am unable to browse into the server > itself to view its shares) I receive the message: "\\Smbserver > is not > accessible \n The account is not authorized to log in from this > station." > > My smb.conf file looks something like this: > ; Riovia I.S., 16 October 2001 > > [global] > log file = /var/log/samba-log.%m > lock directory = /var/lock/samba > workgroup = Protaxemployees > mangle case = yes > case sensitive = no > default case = lower > wins server = 192.168.100.28 > name resolve order = wins hosts bcast > guest account = riovia > ; Every user will have a home directory > ;[homes] > ; comment = Home Directories > ; browseable = no > ; read only = no > ; create mode = 700 > > ; /data/shared is a folder that every user can use > [shared] > comment = Shared Folder > path = /data/shared > writable = yes > public = yes > create mode = 666 > > This was actually created by two people who dont really know what > they're doing so, any inut would be more than welcome. Its not that > important that we serve domain logins just yet. ANY log in is good > enough for me at the moment. > > I would really (REALLY) appreciate any help anyone cold provide. > -Paul Caritj From npande at bajajauto.co.in Fri Oct 19 23:24:01 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:29 2003 Subject: Problems Listing Users References: <008a01c15756$d69e7f40$1a3ca8ac@jusbaoires.gov.ar> Message-ID: <3BD11995.EEED391F@bajajauto.co.in> Ariel, MAX_SAM_ENTRIES is in your NT Server registry. I think it's under HKEY_USERS. Better still, find it by doing a search. I don't have an access to a NT Server right now, otherwise I could have told you the exact path. HTH, Ciao, Nitin Pande Mail Administrator Ariel Mella wrote: > and .... where its suppose to put that??!!! > help pls!!! i have all the boss over my head!!! > > > yes an idea: MAX_SAM_ENTRIES is 50 ! > > > > jerry, in case you're looking on that bug: I think i know where the bug > > is. I need to make some test to verify my theory. > > > > > > J.F. > > > > > > > > From kunathma at pilot.msu.edu Sat Oct 20 02:48:02 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:29 2003 Subject: unable to map SID Message-ID: <200110200948.f9K9mr669582@pilot25.cl.msu.edu> Hello, I am sorry to come back to this again but I haven't gotten much of answer. I realize a solution may not exist but I am more interested in finding out what the actual problem is. As described before I use w2kas as client machine to a Linux PDC(smb-2.2.2). All works well except I cannot assign permissions on shares in w2kas. The process always stalls and the log gets filled with the following message: [2001/10/14 07:02:59, 0] smbd/posix_acls.c:create_canon_ace_lists(747) create_canon_ace_lists: unable to map SID S-1-5-21-2274180574-1372678260-942134435-3005 to uid or gid. Now where lies the problem? - hardware - my distribution (suse 7.2) - w2kadvanced server - samba code - my compile of smb without a module (unknown to me) necessary to do the mapping - missing implementation of a SID map check in samba code when a mapping fails Is this being worked on? Is this a valid bug? mk From s-y-l at gmx.net Sat Oct 20 07:45:03 2001 From: s-y-l at gmx.net (Maik Holtkamp) Date: Tue Dec 2 02:36:29 2003 Subject: Problems with ME Message-ID: <20011020163802.A578@syl.holtkamp.priv> Hello, at a friend I had problems to configure samba 2.2.1a as a domain controller for two WIN98/ME clients. Therefore I installed W2K at my home client (my son runs w98) and installed samba (2.2.2 was released in the meatime) here. I did not use any configure options. The base systems (my friend and me) are the same: SuSE Linux 7.1 with 2.2.19. The smb.conf: [global] workgroup = HOLTKAMP netbios name = WORK interfaces = eth0 lo bind interfaces only = Yes encrypt passwords = Yes map to guest = Bad User keepalive = 30 domain admin group = root domain logons = Yes os level = 255 preferred master = True domain master = True wins support = Yes kernel oplocks = No hosts allow = 192.168.10.0/255.255.255.0 Here at home anything was fine I could connet to the domain, my son can write on my disk and vice versa. Then I visited my friend yesterday evening. Installed 2.2.2 (configure without options) used my working config (differecens in workgroup/server) and added the users/machines by smbpasswd. The result is: Both clients (ME/W98) can connect to the DOMAIN. The Application data is stored in their ~. They can both receive the users/groups list when opening a share on a client and give coresponding rights to each other, root or the goups. They can read and write on the shares of the Samba server. They can _not_ write/read on an opend share on the MS box of the otherone :(. The error message is: Could not connect to \\olli\eigenebilder Now, I am totally confused. What is so special with this ME client. I did not change config and how can both clients connect the domain and store their application data in ~ but can not connect to each other. I have already added any person the user samba dialog offers me to full access for the share but there is no way to read/write on the otherones disks. I am using the "Client for Microsoft Networks - native translation- on both an have allowed files/printers access. All the config is quite the same I have at home (in case of W98 it is the same). Since the MS error message is not what I call effective I explored google, deja and the mailing list archiv of this list but found no hint :(. Therfore any help would be greaty apperciated. Sorry, neither I ever ran an englisch MS version so I do not know the used terms therein nor I am very familiar with MS at all so probably I misunderstood some mechanisms. Anyhow, hoping you got me. TIA. CU _Maik Holtkamp_ -- /"\ \ / X ASCII RIBBON CAMPAIGN / \ AGAINST HTML MAIL & NEWS From Scott.Mann at lefthandnetworks.com Sat Oct 20 15:40:02 2001 From: Scott.Mann at lefthandnetworks.com (Scott Mann) Date: Tue Dec 2 02:36:29 2003 Subject: Can't get domain auth to work? Message-ID: <3BD1FDFA.47BA1300@lefthandnetworks.com> Hi All, I have a W2K domain controller. I downloaded samba-2.2.2 and compiled with winbind and ntacls. All of that went well. I followed the instructions in the winbind man page to set up my Linux box as a domain client. With winbindd running, I can get wbinfo to work just fine (including -u, -g, -n, -S, -Y, etc.). When I try to log in as a W2K user on the Linux system, however, it does not work. The problem seems to be with pam_winbind. When I use the debug argument, it always says that the user is "not found" even though it is a valid user in the W2K domain and shows up as such with wbinfo -u. Any ideas, RTFMs, etc. sincerely appreciated! Rgds, Scott From alexkuklin at mail.ru Sat Oct 20 19:03:03 2001 From: alexkuklin at mail.ru (áÌÅËÓÅÊ ëÕËÌÉÎ) Date: Tue Dec 2 02:36:29 2003 Subject: joining to Win2K SP2 PDC problem with samba 2.2.2 Message-ID: Hello all Encountered the following problem: doing smbpasswd -j DOM -r DOMPDC -UAdministrator%password ends with messag? "access to \\DOMRPC\IPC$ denied" or something very similar. What do i need to fix? Regards, Alex From alain.souric at sympatico.ca Sat Oct 20 19:49:02 2001 From: alain.souric at sympatico.ca (Alain Souric) Date: Tue Dec 2 02:36:29 2003 Subject: Joining a domain with a W2K Client Message-ID: <000801c159dc$40a22590$6401a8c0@alain> Hi, I'm using samba 2.2.1a on a RH 7.1 machine. I set it up as a PDC. When I try to join the domain on my W2k Pro machine, I am prompted for a user/password, I enter root and the correct password and I get the error "The specified User does not exist". But if I map a samba drive with root user, it works fine. So it's not a problem a user/password. It's something else. My root account is defined in the smbpasswd file, my machine account also, and of course, the domain logon is set to yes in my smb.conf. If I do a smbclient -L myserver -U root, it works fine. I must miss something. I don't know where to look. I'm lost! Any help would be very appreciated. -------------- next part -------------- HTML attachment scrubbed and removed From webmaster at viitindia.org Sun Oct 21 04:57:02 2001 From: webmaster at viitindia.org (Shekhar) Date: Tue Dec 2 02:36:29 2003 Subject: joining to Win2K SP2 PDC problem with samba 2.2.2 References: Message-ID: <008201c15a13$a4bcf550$010010ac@iis> Try this. Go to the computer u want to join samba. smbpasswd -j domainname . [no other paramaters r necessary] I am sure this will work. If not .. Delete whatever computer account u have created in sambpasswd. Create a new one. and try again. Shekhar System Administrator, VIIT Telefax: +91-2112-43476 to 79 Ext: 216 Email: webmaster@viitindia.org Web: www.viitindia.org ----------------------------------------- Check out viitindia.org for new Career services ----- Original Message ----- From: "??????? ??????" To: Sent: Saturday, October 20, 2001 7:03 PM Subject: joining to Win2K SP2 PDC problem with samba 2.2.2 > Hello all > > Encountered the following problem: > > doing > smbpasswd -j DOM -r DOMPDC -UAdministrator%password > ends with messag? "access to \\DOMRPC\IPC$ denied" or something very similar. > > What do i need to fix? > > Regards, Alex From Scott.Mann at lefthandnetworks.com Sun Oct 21 12:45:02 2001 From: Scott.Mann at lefthandnetworks.com (Scott Mann) Date: Tue Dec 2 02:36:29 2003 Subject: Can't get domain auth to work? References: <3BD1FDFA.47BA1300@lefthandnetworks.com> Message-ID: <3BD32668.F04D6C4C@lefthandnetworks.com> Got it figured out...turns out that W2K needs to think that the Samba 2.2.2 server is an NT 4.0 system. thanks for the read! Scott Scott Mann wrote: > > Hi All, > > I have a W2K domain controller. I downloaded samba-2.2.2 and compiled > with winbind > and ntacls. All of that went well. > > I followed the instructions in the winbind man page to set up my Linux > box > as a domain client. With winbindd running, I can get wbinfo to work just > fine (including -u, -g, -n, -S, -Y, etc.). > > When I try to log in as a W2K user on the Linux system, however, it does > not work. > The problem seems to be with pam_winbind. When I use the debug argument, > it always > says that the user is "not found" even though it is a valid user in the > W2K domain > and shows up as such with wbinfo -u. > > Any ideas, RTFMs, etc. sincerely appreciated! > > Rgds, > Scott From barroca at dcc.ufmg.br Sun Oct 21 13:16:02 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:29 2003 Subject: Problems with trust relationship In-Reply-To: <3BD32668.F04D6C4C@lefthandnetworks.com> Message-ID: let em explain my problem: on my network there is a PDC and a BDC,and there is a trust relationship bettween these two. so, when a workstation try to print to my linux workstation,it's TILT! i'd like to know if there is some way to make workstations that take password of the PDC (NT), print in a linux share ? if it is not possible, if there is a way to create a machine account for the linux box. Leonardo -------------- next part -------------- [global] workgroup = GRUPOLINUX server string = Este Samba da' Rock hosts allow = 10.0. printcap name = /etc/printcap load printers = yes admin users = barroca log file = /var/log/samba/%m.log max log size = 0 security = server password server = 10.0.25.71 encrypt passwords = yes preserve case = yes short preserve case = yes ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 17 [homes] comment = Home Directories browseable = no writable = yes [Impressoras] comment = Impressora do grupo Software Livre valid users = pb00946,barroca path = /var/spool/lpd/Prodabel3 printer = Prodabel3 printable = yes public = yes guest ok = yes printing = BSD read only = yes From cbarry at infiniconsys.com Sun Oct 21 15:15:04 2001 From: cbarry at infiniconsys.com (Barry, Christopher) Date: Tue Dec 2 02:36:29 2003 Subject: Houston, we have a problem... Message-ID: <08628CA53C6CBA4ABAFB9E808A5214CB3481@mercury.infiniconsys.com> Greetings. You've heard me here before. You know, the one with the recursively repeating folder issue. Well nobody is stepping up to the plate to tell me what the problem could be. Many people have said yes, they have seen it or yes they are dealing with it. But no one knows why it is happening or how to fix it? I just cannot believe this. Jeremy, What kind of info can I send to you for you to see what the problem is? Do a google groups search on '"weird folder looping" samba' and you will find the original thread. This problem is making samba very unusable. I would like to help troubleshoot and correct this problem for everyone's benefit. Thanks, +--------------------------+-------------------------+ | Christopher Barry | InfiniCon Systems | | Sr. SysAdmin | King of Prussia | | cbarry@infiniconsys.com | Pennsylvania | | 610-205-0130 ext: 25 | 19406 | +--------------------------+-------------------------+ From jra at samba.org Sun Oct 21 15:21:05 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:36:29 2003 Subject: Houston, we have a problem... In-Reply-To: <08628CA53C6CBA4ABAFB9E808A5214CB3481@mercury.infiniconsys.com>; from cbarry@infiniconsys.com on Sun, Oct 21, 2001 at 06:16:19PM -0400 References: <08628CA53C6CBA4ABAFB9E808A5214CB3481@mercury.infiniconsys.com> Message-ID: <20011021152007.J1269@va.samba.org> On Sun, Oct 21, 2001 at 06:16:19PM -0400, Barry, Christopher wrote: > > Greetings. > You've heard me here before. You know, the one with the > recursively repeating folder issue. Well nobody is stepping up to the > plate to tell me what the problem could be. Many people have said yes, > they have seen it or yes they are dealing with it. But no one knows why > it is happening or how to fix it? I just cannot believe this. > > Jeremy, What kind of info can I send to you for you to see what the > problem is? Do a google groups search on '"weird folder looping" samba' > and you will find the original thread. This problem is making samba very > unusable. I would like to help troubleshoot and correct this problem for > everyone's benefit. I need to be able to reproduce it. The last time we spoke, you sent me instructions to do this that did not work for me. If I can't see it, I can't fix it. I need help from you in getting a *fully reproducible* case for this, on a Linux 2.2.x or 2.4.x system by preference. Thanks, Jeremy. From cbarry at infiniconsys.com Sun Oct 21 18:22:03 2001 From: cbarry at infiniconsys.com (Barry, Christopher) Date: Tue Dec 2 02:36:29 2003 Subject: Houston, we have a problem... Message-ID: <08628CA53C6CBA4ABAFB9E808A5214CB3482@mercury.infiniconsys.com> Jeremy, Thanks very much for the quick reply. I will attach all of my configuration files tomorrow from works, so you can see what I'm doing. As for reproducibility, it's hard because it could be anything. You would need a complete mirror of my network. I, for one, don't experience the problem - samba works great for me - but many of my users machines show this behavior. After a reboot, it takes a while to begin, occasionally at first and then persistently. Rebooting the client computer somehow resets something - It could definately be the win2k boxes that are the problem. Would a tcp/ip traffic dump during the recursive moments be helpful? Thanks for your time and energy, it is very appreciated. Christopher Barry -----Original Message----- From: Jeremy Allison [mailto:jra@samba.org] Sent: Sunday, October 21, 2001 6:20 PM To: Barry, Christopher Cc: Samba-Ntdom (E-mail) Subject: Re: Houston, we have a problem... On Sun, Oct 21, 2001 at 06:16:19PM -0400, Barry, Christopher wrote: > > Greetings. > You've heard me here before. You know, the one with the > recursively repeating folder issue. Well nobody is stepping up to the > plate to tell me what the problem could be. Many people have said yes, > they have seen it or yes they are dealing with it. But no one knows why > it is happening or how to fix it? I just cannot believe this. > > Jeremy, What kind of info can I send to you for you to see what the > problem is? Do a google groups search on '"weird folder looping" samba' > and you will find the original thread. This problem is making samba very > unusable. I would like to help troubleshoot and correct this problem for > everyone's benefit. I need to be able to reproduce it. The last time we spoke, you sent me instructions to do this that did not work for me. If I can't see it, I can't fix it. I need help from you in getting a *fully reproducible* case for this, on a Linux 2.2.x or 2.4.x system by preference. Thanks, Jeremy. From jra at samba.org Sun Oct 21 19:09:02 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:36:29 2003 Subject: Houston, we have a problem... In-Reply-To: <08628CA53C6CBA4ABAFB9E808A5214CB3482@mercury.infiniconsys.com>; from cbarry@infiniconsys.com on Sun, Oct 21, 2001 at 09:22:33PM -0400 References: <08628CA53C6CBA4ABAFB9E808A5214CB3482@mercury.infiniconsys.com> Message-ID: <20011021190834.M1269@va.samba.org> On Sun, Oct 21, 2001 at 09:22:33PM -0400, Barry, Christopher wrote: > Jeremy, > Thanks very much for the quick reply. I will attach all of my > configuration files tomorrow from works, so you can see what I'm doing. > As for reproducibility, it's hard because it could be anything. You > would need a complete mirror of my network. I, for one, don't experience > the problem - samba works great for me - but many of my users machines > show this behavior. After a reboot, it takes a while to begin, > occasionally at first and then persistently. Rebooting the client > computer somehow resets something - It could definately be the win2k > boxes that are the problem. Would a tcp/ip traffic dump during the > recursive moments be helpful? When it happens, I'd like to see you kill the smbd connected to that client, then restart one with debug level 10. Then reproduce the problem on the client and send me the log please. Thanks, Jeremy. From npande at bajajauto.co.in Sun Oct 21 20:39:02 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:29 2003 Subject: Problems with trust relationship References: Message-ID: <3BD395EC.9436F7B9@bajajauto.co.in> Leonardo, You need to share the printer, which you have already done. Make sure you are able to see the printer share on a M$ box. If you are not able to see the shares of your Linux box, then you have to properly join it to the Domain. For that you will have to create a machine account and join it. HTH, Ciao, Nitin Pande Mail Administrator Leonardo Luiz Padovani da Mata wrote: > let em explain my problem: > on my network there is a PDC and a BDC,and there is a trust relationship > bettween these two. > so, when a workstation try to print to my linux workstation,it's TILT! > i'd like to know if there is some way to make workstations that take > password of the PDC (NT), print in a linux share ? > if it is not possible, if there is a way to create a machine account for > the linux box. > Leonardo From gbeaven at pc.gov.au Sun Oct 21 20:47:01 2001 From: gbeaven at pc.gov.au (Beaven, Guy) Date: Tue Dec 2 02:36:29 2003 Subject: Getting groups to authenticate using winbind Message-ID: <10C88877F6DCD311BEEC00A0C99A2F58C32E49@exchcanb1.pc.gov.au> Hello, I'm having trouble enabling group permissions on folders in smb.conf I'm using samba 2.2.2 and have winbind working, authenticating to a NT server. This works fine and I can specify NT users to view folders I have set up, however I would prefer to authenticate with groups from the NT server, which I can't seem to get to work. my smb.conf looks like: [global] winbind separator = + winbind cache time = 30 winbind uid = 10000-20000 winbind gid = 10000-20000 workgroup = DOMAIN security = domain password server = * netbios name = Linux server string = Linux encrypt passwords = yes log file = /var/log/samba/log.%m [Net] path = /var/www/html browseable = yes writable = yes valid users = DOMAIN+Domain Users any thoughts? Guy From sigalmal at hotmail.com Mon Oct 22 02:03:02 2001 From: sigalmal at hotmail.com (Sigal Malkin) Date: Tue Dec 2 02:36:29 2003 Subject: SMB length implications Message-ID: Hello, I am trying to understand how samba reacts when the declared SMB length (smb_len(inbuf)) is different than the actual length. It seems like we usually get either an immediate RST or samba does not respond and the client terminates the connection on timeout. I would like to decide when does samba takes either of the approaches. Any suggestions? _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp From hoffmanj at t-com.com Mon Oct 22 03:18:04 2001 From: hoffmanj at t-com.com (Jon Hoffman) Date: Tue Dec 2 02:36:29 2003 Subject: Login delays Message-ID: Hi everyone. I have had a samba network set up for almost a year now with 100+ people logging in everyday. I have a couple file servers and a PDC that does domain logins. This weekend I upgraded to samba 2.2.2. No the problem, when I upgraded to samba 2.2.0 I noticed that a couple of my Windows ME machines had a delay when they logged into the domain (they would put there domain password in and would get an error that there was no domain controller available to validate there password) they would click cancel there and then login again and it would be fine. I have the same problem with 2.2.2. Has anyone seen this problem before? Any help would be greatly appreciated Thanks From bgmilne at cae.co.za Mon Oct 22 03:25:01 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:36:30 2003 Subject: Can't get domain auth to work? References: <20011021190222.2CB3B489A@lists.samba.org> Message-ID: <3BD3F3A7.7030403@cae.co.za> > > > > >Message: 1 >Date: Sat, 20 Oct 2001 16:43:06 -0600 >From: Scott Mann >Organization: Left Hand Networks, Inc. >To: samba-ntdom@lists.samba.org >Subject: Can't get domain auth to work? > >Hi All, > >I have a W2K domain controller. I downloaded samba-2.2.2 and compiled >with winbind >and ntacls. All of that went well. > >I followed the instructions in the winbind man page to set up my Linux >box >as a domain client. With winbindd running, I can get wbinfo to work just >fine (including -u, -g, -n, -S, -Y, etc.). > >When I try to log in as a W2K user on the Linux system, however, it does >not work. >The problem seems to be with pam_winbind. When I use the debug argument, >it always >says that the user is "not found" even though it is a valid user in the >W2K domain >and shows up as such with wbinfo -u. > >Any ideas, RTFMs, etc. sincerely appreciated! > >Rgds, >Scott > > You need to ensure that the c library finds the user (AFAIK), so you need to add a "winbind" entry to the passwd and group sections on /etc/nsswitch.conf. Once you have done that, try : $ getent passwd and you should see a list of domain users, if not, you have problems. If "getent passwd" shows domain users, you should be in the money ... (well, if your pam config files work) Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From barroca at dcc.ufmg.br Mon Oct 22 03:46:38 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:30 2003 Subject: Problems with trust relationship In-Reply-To: <3BD395EC.9436F7B9@bajajauto.co.in> Message-ID: i have to join the domain with the linux machine? my windows workstation is on the domain and i?m loggin in with the user barroca, that is registered in this domain. Leonardo On Mon, 22 Oct 2001, NITIN PANDE wrote: > Leonardo, > You need to share the printer, which you have already done. Make sure you are > able to see the printer share on a M$ box. If you are not able to see the > shares of your Linux box, then you have to properly join it to the Domain. > For that you will have to create a machine account and join it. HTH, > Ciao, > Nitin Pande > Mail Administrator > > > Leonardo Luiz Padovani da Mata wrote: > > > let em explain my problem: > > on my network there is a PDC and a BDC,and there is a trust relationship > > bettween these two. > > so, when a workstation try to print to my linux workstation,it's TILT! > > i'd like to know if there is some way to make workstations that take > > password of the PDC (NT), print in a linux share ? > > if it is not possible, if there is a way to create a machine account for > > the linux box. > > Leonardo > > From Christian.Perrier at onera.fr Mon Oct 22 05:13:02 2001 From: Christian.Perrier at onera.fr (Christian Perrier) Date: Tue Dec 2 02:36:30 2003 Subject: Samba 2.2.2 printer driver downloading for Win9x clients Message-ID: <20011022141359.A30414@localhost> I have this problem for a while now, with all 2.2.x versions I installed, including the recent 2.2.2. On a Samba server which is domain member in a NT4-controlled domain, I have several printers defined. I have very carefully followed the steps described in printer_driver2.html and have been successful in making the printer driver download work for NT4/W2K clients. Unfortunately, for *some* of the defined printers, I am unable to have the Win9x printer driver download work. The procedure I try to use is the following : On a NT4 client, I open a session with a user granted as Domain Admin. The corresponding user on the Samba server side is member of the "staff" group (which is the group who has write access to the print$ share on the samba server, Unix permissions in the corresponding directory being OK for that group allso. In the Network Neighborhood, I open the Samba server, the "Printers". I choose a printer, then "Properties". Then I clik on the "Share" TAB and choose Windows 95 in the "Additionnal drivers" part. Then click OK. Here I get an error box with (translated from french) : "Additionnal drivers installation impossible. Unknown printer driver". Then, the printer properties dialog box is closed automatically. I can try to put a (very) high debug level on the samba side if this may help, of course. Which one should I use? 10? -- Christian Perrier ONERA/D?partement R?seau et Informatique Scientifique +33 (0) 1 4673 4438 - +33 (0) 6 1016 9480 PGP/GnuPG Key ID 30C9348A (DSS) From Sylvain.Berge at medasys.fr Mon Oct 22 05:20:05 2001 From: Sylvain.Berge at medasys.fr (Sylvain =?ISO-8859-1?Q?Berg=E9?=) Date: Tue Dec 2 02:36:30 2003 Subject: Samba 2.2.2 printer driver downloading for Win9x clients References: <20011022141359.A30414@localhost> Message-ID: <3BD40F40.9040409@medasys.fr> I've the same problem with the 2.2.1a Christian Perrier wrote: >I have this problem for a while now, with all 2.2.x versions I installed, >including the recent 2.2.2. > >On a Samba server which is domain member in a NT4-controlled domain, I have >several printers defined. > >I have very carefully followed the steps described in printer_driver2.html >and have been successful in making the printer driver download work for >NT4/W2K clients. > >Unfortunately, for *some* of the defined printers, I am unable to have the >Win9x printer driver download work. > >The procedure I try to use is the following : > >On a NT4 client, I open a session with a user granted as Domain Admin. The >corresponding user on the Samba server side is member of the "staff" group >(which is the group who has write access to the print$ share on the samba >server, Unix permissions in the corresponding directory being OK for that >group allso. > >In the Network Neighborhood, I open the Samba server, the "Printers". > >I choose a printer, then "Properties". Then I clik on the "Share" TAB and >choose Windows 95 in the "Additionnal drivers" part. Then click OK. > >Here I get an error box with (translated from french) : "Additionnal drivers >installation impossible. Unknown printer driver". Then, the printer >properties dialog box is closed automatically. > >I can try to put a (very) high debug level on the samba side if this may >help, of course. Which one should I use? 10? > From Christian.Perrier at onera.fr Mon Oct 22 05:39:04 2001 From: Christian.Perrier at onera.fr (Christian Perrier) Date: Tue Dec 2 02:36:30 2003 Subject: Samba 2.2.2 printer driver downloading for Win9x clients In-Reply-To: <20011022141359.A30414@localhost> References: <20011022141359.A30414@localhost> Message-ID: <20011022143749.B30414@localhost> Quoting Christian Perrier (Christian.Perrier@onera.fr): > I can try to put a (very) high debug level on the samba side if this may > help, of course. Which one should I use? 10? In the meantime I managed to get a level 10 log of this operation on a dedicated server (thus without interference from normal use on a production server). The file is 3Mb size, so if one of the fellow Samba Team members needs it, feel free to ask. -- Christian Perrier ONERA/D?partement R?seau et Informatique Scientifique +33 (0) 1 4673 4438 - +33 (0) 6 1016 9480 PGP/GnuPG Key ID 30C9348A (DSS) From ariel at jusbaires.gov.ar Mon Oct 22 06:37:04 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:30 2003 Subject: Problems Listing Users References: <008a01c15756$d69e7f40$1a3ca8ac@jusbaoires.gov.ar> <3BD11995.EEED391F@bajajauto.co.in> Message-ID: <001d01c15afe$7159fb40$1a3ca8ac@jusbaoires.gov.ar> Nintin: The problem is becasue... im not using a NT machine!!! my samba is PDC doamin master browser, and do all the thing to log on my winme and 98 workstations.... i look in the source of samba in the include directory a file called rpc_samr.h have the MAX_SAM_ENTRIES 50 value... if i look backward in the samba 2.07 the max_SAM_ENTRIES was 250!!!!!! i dont understand becuase if you change the value and recompile the code all the thing go down if you use a value higher than 50.... ----- Original Message ----- From: "NITIN PANDE" To: "Ariel Mella" ; "Samba" Sent: Saturday, October 20, 2001 3:28 AM Subject: Re: Problems Listing Users > Ariel, > MAX_SAM_ENTRIES is in your NT Server registry. I think it's under > HKEY_USERS. Better still, find it by doing a search. I don't have an access > to a NT Server right now, otherwise I could have told you the exact path. > HTH, > Ciao, > Nitin Pande > Mail Administrator > > > Ariel Mella wrote: > > > and .... where its suppose to put that??!!! > > help pls!!! i have all the boss over my head!!! > > > > > yes an idea: MAX_SAM_ENTRIES is 50 ! > > > > > > jerry, in case you're looking on that bug: I think i know where the bug > > > is. I need to make some test to verify my theory. > > > > > > > > > J.F. > > > > > > > > > > > > > > From s354199 at student.uq.edu.au Mon Oct 22 06:42:03 2001 From: s354199 at student.uq.edu.au (Elliot Mackenzie) Date: Tue Dec 2 02:36:30 2003 Subject: Win XP logons. In-Reply-To: <20011017221453.A4118@entropy.inserted.net> Message-ID: <000001c15aff$99700420$0401a8c0@macka> I have exactly the same problem. I do not get any error in the smbd/nmbd logs (in fact, it is as if no logon request is ever received by samba). Here is the situation: - Samba 2.2.2 (used the binary on the samba website) - Connecting with two different winXP test machines - Have a local subnet 192.168.1.255 - Have a line wins server = Yes in smb.conf (and yes it is loading the right conf file) - Removed all remnants of a previous samba install, and reinstalled with a smb.conf that was known to work with win2k sp1 machines and 2.2.1. - If I turn off "allow netbios over tcp/ip" on the xp machines, logon works, but I cannot access shares . If I turn it on, I can't log on, but I can access shares with the right un/pw logged in as a local user. - After restarting samba, nmbd says it has become the domain master for the domain successfully. Any suggestions appreciated. M. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of steve Sent: Wednesday, 17 October 2001 10:15 PM To: samba-ntdom@lists.samba.org Subject: Win XP logons. Howdy, I've been using samba for a while, but only as a workgroup member. I decided to play with it as a domain controller, and am having a problem or two. I've set up the machines (samba 2.2.1a/OpenBSD 2.9) to the letter as described in the installtion/configuration guide. I have no problem joining the domain, but when I go to log on, Windows complains that it either cannot find a domain controller, or that there isn't a machine account in the domain. This throws me a little, as it has no problem joining the domain to begin with, just logging on. The error reported by samba is: [2001/10/17 20:56:55, 0] rpc_server/srv_samr_nt.c:_samr_query_useraliases(2454) _samr_query_useraliases: Not yet implemented. Is this something whacky with XP (it is a legal version)? I don't have any 2k clients to compare against, unfortunatly. As previously suggested on the list, I've tried the current cvs, but the same problem occurs. Has anyone had any luck getting an XP client to log on to the domain? If so, a prod in the right direction would be much appreciated. Please cc me, as I'm not subscribed to the list. -- Regards, Stephen Ware -steve@inserted.net From cr at neuro.ma.uni-heidelberg.de Mon Oct 22 06:47:04 2001 From: cr at neuro.ma.uni-heidelberg.de (Chr. Rossmanith) Date: Tue Dec 2 02:36:30 2003 Subject: problems with smbclient + German special chars (umlaute) Part II Message-ID: <3BD4228A.87AAB8AD@neuro.ma.uni-heidelberg.de> Hi, some days ago I've reported problems accessing files with special characters (like German umlauts) in their names using smbclient. It seems to be a samba version problem. I've installed samba-2.1.0-prealpha in parallel on the machine having the problems and that smbclient with the samba-2.2.2 config file (smb.conf) works fine. So I'd guess that my config file should be fine?!? During configure I'm using the --prefix and the --with-smbmount options. For those not having my problem: Which version of samba are you using? Christina Rossmanith From maikel_j at tele.upr.edu.cu Mon Oct 22 07:00:16 2001 From: maikel_j at tele.upr.edu.cu (maikel) Date: Tue Dec 2 02:36:30 2003 Subject: De un nuevo usuario Message-ID: <00a001c15acf$940dff80$0106a8c0@telecom.upr.edu.cu> soy cubano, y mi idioma es espa?ol si no tienen nigun inconveniente puedo escribir asi. si no me entienden diganmelo. mi pregunta. monte samba como pdc pero como yo creo un usuario administrador que tenga derechos de cambias permiso en las maquinas workstation de NT. ademas cuando entro como administrador local que pongo el dominio de samba (PDC) no me sales los usuario del linux. me ponde algo asi como. userunix0001 userunix0002 como yo logro que cuando ponga el doominio me liste los usuarios de mi linux -------------- next part -------------- HTML attachment scrubbed and removed From s354199 at student.uq.edu.au Mon Oct 22 07:03:07 2001 From: s354199 at student.uq.edu.au (Elliot Mackenzie) Date: Tue Dec 2 02:36:30 2003 Subject: Win XP logons. In-Reply-To: <000001c15aff$99700420$0401a8c0@macka> Message-ID: <000101c15b02$7b7aeb80$0401a8c0@macka> Just an addendum to the previous note: I did remove the machine accounts and recreated them. The machines were permitted to join the domain, and a machine account name was added for each of them. However what follows is exactly as below. M. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of Elliot Mackenzie Sent: Monday, 22 October 2001 11:44 PM To: 'steve'; samba-ntdom@lists.samba.org Subject: RE: Win XP logons. I have exactly the same problem. I do not get any error in the smbd/nmbd logs (in fact, it is as if no logon request is ever received by samba). Here is the situation: - Samba 2.2.2 (used the binary on the samba website) - Connecting with two different winXP test machines - Have a local subnet 192.168.1.255 - Have a line wins server = Yes in smb.conf (and yes it is loading the right conf file) - Removed all remnants of a previous samba install, and reinstalled with a smb.conf that was known to work with win2k sp1 machines and 2.2.1. - If I turn off "allow netbios over tcp/ip" on the xp machines, logon works, but I cannot access shares . If I turn it on, I can't log on, but I can access shares with the right un/pw logged in as a local user. - After restarting samba, nmbd says it has become the domain master for the domain successfully. Any suggestions appreciated. M. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of steve Sent: Wednesday, 17 October 2001 10:15 PM To: samba-ntdom@lists.samba.org Subject: Win XP logons. Howdy, I've been using samba for a while, but only as a workgroup member. I decided to play with it as a domain controller, and am having a problem or two. I've set up the machines (samba 2.2.1a/OpenBSD 2.9) to the letter as described in the installtion/configuration guide. I have no problem joining the domain, but when I go to log on, Windows complains that it either cannot find a domain controller, or that there isn't a machine account in the domain. This throws me a little, as it has no problem joining the domain to begin with, just logging on. The error reported by samba is: [2001/10/17 20:56:55, 0] rpc_server/srv_samr_nt.c:_samr_query_useraliases(2454) _samr_query_useraliases: Not yet implemented. Is this something whacky with XP (it is a legal version)? I don't have any 2k clients to compare against, unfortunatly. As previously suggested on the list, I've tried the current cvs, but the same problem occurs. Has anyone had any luck getting an XP client to log on to the domain? If so, a prod in the right direction would be much appreciated. Please cc me, as I'm not subscribed to the list. -- Regards, Stephen Ware -steve@inserted.net From dennis at evers.2y.net Mon Oct 22 07:48:25 2001 From: dennis at evers.2y.net (dennis@evers.2y.net) Date: Tue Dec 2 02:36:30 2003 Subject: Win XP logons. In-Reply-To: <000101c15b02$7b7aeb80$0401a8c0@macka> References: <000101c15b02$7b7aeb80$0401a8c0@macka> Message-ID: <1003762099.3bd431b3864c1@evers.2y.net> The problem is caused by an evil registry setting in WinXP. I don't have the setting by hand right now. I'll try to submit it to the list when I get home tonight. grtz, Dennis Quoting Elliot Mackenzie : > Just an addendum to the previous note: I did remove the machine > accounts > and recreated them. The machines were permitted to join the domain, > and > a machine account name was added for each of them. However what > follows > is exactly as below. > > M. > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of Elliot > Mackenzie > Sent: Monday, 22 October 2001 11:44 PM > To: 'steve'; samba-ntdom@lists.samba.org > Subject: RE: Win XP logons. > > I have exactly the same problem. I do not get any error in the > smbd/nmbd logs (in fact, it is as if no logon request is ever received > by samba). > > Here is the situation: > - Samba 2.2.2 (used the binary on the samba website) > - Connecting with two different winXP test machines > - Have a local subnet 192.168.1.255 > - Have a line wins server = Yes in smb.conf (and yes it is loading the > right conf file) > - Removed all remnants of a previous samba install, and reinstalled > with > a smb.conf that was known to work with win2k sp1 machines and 2.2.1. > - If I turn off "allow netbios over tcp/ip" on the xp machines, logon > works, but I cannot access shares . If I turn it on, I can't log > on, > but I can access shares with the right un/pw logged in as a local > user. > - After restarting samba, nmbd says it has become the domain master > for > the domain successfully. > > Any suggestions appreciated. > > M. > > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of steve > Sent: Wednesday, 17 October 2001 10:15 PM > To: samba-ntdom@lists.samba.org > Subject: Win XP logons. > > Howdy, > > I've been using samba for a while, but only as a workgroup member. I > decided to play with > it as a domain controller, and am having a problem or two. I've set up > the machines (samba > 2.2.1a/OpenBSD 2.9) to the letter as described in the > installtion/configuration guide. I > have no problem joining the domain, but when I go to log on, Windows > complains that it either > cannot find a domain controller, or that there isn't a machine account > in the domain. This > throws me a little, as it has no problem joining the domain to begin > with, just logging on. > > The error reported by samba is: > [2001/10/17 20:56:55, 0] > rpc_server/srv_samr_nt.c:_samr_query_useraliases(2454) > _samr_query_useraliases: Not yet implemented. > > Is this something whacky with XP (it is a legal version)? I don't have > any 2k clients to > compare against, unfortunatly. As previously suggested on the list, > I've > tried the current > cvs, but the same problem occurs. > > Has anyone had any luck getting an XP client to log on to the domain? > If > so, a prod in the > right direction would be much appreciated. Please cc me, as I'm not > subscribed to the list. > > > -- > Regards, > Stephen Ware > -steve@inserted.net > > > > From s.scheufen at ebv.com Mon Oct 22 07:58:06 2001 From: s.scheufen at ebv.com (Stephan Scheufen) Date: Tue Dec 2 02:36:30 2003 Subject: problems joining a NT domain Message-ID: <3BD433CB.3080908@ebv.com> Hello folks, i have _no_ idea what i can do against this error message: ----------------------------------------------- ebv-nettetal-ns:/etc # smbpasswd -j EBV_NETTETAL -r EBV-NETTETAL-NT cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine EBV-NETTETAL-NT. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 2001/10/22 16:54:05 : change_trust_account_password: Failed to change password for domain EBV_NETTETAL. Unable to join domain EBV_NETTETAL. ebv-nettetal-ns:/etc # ----------------------------------------------- can someboda please explain or tell me how i can get rid of that? regards Stephan From greg at kwikfind.com Mon Oct 22 08:11:04 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:30 2003 Subject: Win XP logons. In-Reply-To: <1003762099.3bd431b3864c1@evers.2y.net> Message-ID: > The problem is caused by an evil registry setting in WinXP. I believe this is what you are looking for: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters] "requirestrongkey"=dword:00000000 "requiresignorseal"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters] "requirestrongkey"=dword:00000000 "requiresignorseal"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requirestrongkey"=dword:00000000 "requiresignorseal"=dword:00000000 Set all to "0" Greg J. Zartman From s354199 at student.uq.edu.au Mon Oct 22 09:02:02 2001 From: s354199 at student.uq.edu.au (Elliot Mackenzie) Date: Tue Dec 2 02:36:30 2003 Subject: Win XP logons. In-Reply-To: Message-ID: <000001c15b13$1e97b6d0$0401a8c0@macka> How on Earth did you guys find that one? Well, thanks, it works :) M. -----Original Message----- From: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of Greg Zartman Sent: Tuesday, 23 October 2001 1:13 AM To: dennis@evers.2y.net; samba-ntdom@lists.samba.org Subject: RE: Win XP logons. > The problem is caused by an evil registry setting in WinXP. I believe this is what you are looking for: [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters] "requirestrongkey"=dword:00000000 "requiresignorseal"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters] "requirestrongkey"=dword:00000000 "requiresignorseal"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameter s] "requirestrongkey"=dword:00000000 "requiresignorseal"=dword:00000000 Set all to "0" Greg J. Zartman From greg at kwikfind.com Mon Oct 22 09:13:03 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:30 2003 Subject: Win XP logons. In-Reply-To: <000001c15b13$1e97b6d0$0401a8c0@macka> Message-ID: > How on Earth did you guys find that one? Well, thanks, it works :) This is the beauty of the GNU community.... Who knows who initially figures things like this out. We all simply read it and pass it along. :o) Greg > > M. > > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org] On Behalf Of Greg Zartman > Sent: Tuesday, 23 October 2001 1:13 AM > To: dennis@evers.2y.net; samba-ntdom@lists.samba.org > Subject: RE: Win XP logons. > > > > The problem is caused by an evil registry setting in WinXP. > I believe this is what you are looking for: > > [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon\Parameters] > "requirestrongkey"=dword:00000000 > "requiresignorseal"=dword:00000000 > [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon\Parameters] > "requirestrongkey"=dword:00000000 > "requiresignorseal"=dword:00000000 > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameter > s] > "requirestrongkey"=dword:00000000 > "requiresignorseal"=dword:00000000 > > Set all to "0" > > Greg J. Zartman > > > > > From barroca at dcc.ufmg.br Mon Oct 22 09:48:02 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:30 2003 Subject: Problems with trust relationship and machine accounts In-Reply-To: Message-ID: let em explain my problem: on my network there is a PDC and a BDC,and there is a trust relationship bettween these two. so, when a workstation try to print to my linux workstation,it's TILT! i'd like to know if there is some way to make workstations that take password of the PDC (NT), print in a linux share ? if it is not possible, if there is a way to create a machine account for the linux box. tell me some links that show this problem. Leonardo -------------- next part -------------- [global] workgroup = GRUPOLINUX server string = Este Samba da' Rock hosts allow = 10.0. printcap name = /etc/printcap load printers = yes admin users = barroca log file = /var/log/samba/%m.log max log size = 0 security = server password server = 10.0.25.71 encrypt passwords = yes preserve case = yes short preserve case = yes ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 17 [homes] comment = Home Directories browseable = no writable = yes [Impressoras] comment = Impressora do grupo Software Livre valid users = pb00946,barroca path = /var/spool/lpd/Prodabel3 printer = Prodabel3 printable = yes public = yes guest ok = yes printing = BSD read only = yes From Scott.Mann at lefthandnetworks.com Mon Oct 22 10:06:04 2001 From: Scott.Mann at lefthandnetworks.com (Scott Mann) Date: Tue Dec 2 02:36:30 2003 Subject: problems joining a NT domain References: <3BD433CB.3080908@ebv.com> Message-ID: <3BD452BF.A07FC245@lefthandnetworks.com> Stephan, There may be other ways to do this, but here is how I got it working. Assume that your W2K domain controller is called W2K for DOMAIN and your Linux/Samba client is lsam. On W2K go to "Active Directory Users and Computers." Select Action->New->Computer (if you've already done this, delete the existing entry first). When the window to add the computer comes up, fill in the computer name field and then click the Change button to the right of the "User or group:" grayed out field. A pop-up list will display---select "Pre-Windows 2000 Compatible." Then complete the add computer process by clicking OK (or Apply--whatever it is). At this point you can go to the Linux/samba systems and execute: lsam# smbpasswd -j DOMAIN NOTE: do not use -r or -U. At this point the system "lsam" should be joined in the domain. Hope this helps. Scott Stephan Scheufen wrote: > > Hello folks, > > i have _no_ idea what i can do against this error message: > ----------------------------------------------- > ebv-nettetal-ns:/etc # smbpasswd -j EBV_NETTETAL -r EBV-NETTETAL-NT > > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > EBV-NETTETAL-NT. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 2001/10/22 16:54:05 : change_trust_account_password: Failed to change > password for domain EBV_NETTETAL. > Unable to join domain EBV_NETTETAL. > ebv-nettetal-ns:/etc # > ----------------------------------------------- > > can someboda please explain or tell me how i can get rid of that? > > regards > Stephan From bubulle at kheops.frmug.org Mon Oct 22 10:26:05 2001 From: bubulle at kheops.frmug.org (Christian Perrier) Date: Tue Dec 2 02:36:30 2003 Subject: Samba 2.2.2 printer driver downloading for Win9x clients In-Reply-To: <20011022143749.B30414@localhost>; from Christian.Perrier@onera.fr on Mon, Oct 22, 2001 at 02:37:49PM +0200 References: <20011022141359.A30414@localhost> <20011022143749.B30414@localhost> Message-ID: <20011022181325.A373@mykerinos.onera> Quoting Christian Perrier (Christian.Perrier@onera.fr): > In the meantime I managed to get a level 10 log of this operation on a > dedicated server (thus without interference from normal use on a production > server). > > The file is 3Mb size, so if one of the fellow Samba Team members needs it, > feel free to ask. OK. Got in touch with Jean-Fran?ois Micouleau a few hours ago. We're dealing with this privately. I will post a summary as soon as the problem is identified and, I hop, fixed....:-) -- From larry.kavanagh at examiner.ie Mon Oct 22 11:12:06 2001 From: larry.kavanagh at examiner.ie (larry kavanagh) Date: Tue Dec 2 02:36:30 2003 Subject: NT 5 and solaris 2.7 Message-ID: Hi I'm trying to get my NT servers printing to printers hanging off a solaris 2.7 server. I've downloaded and installed samba 2.2.2 and I'm currently trying to configure by directly editing the smb.conf file and using the Web administrator. Going OK and one stage I actually saw a test share from my w2k client. I've since made changes and now I can no longer can see the share and I get the following errors in log.smbd [2001/10/22 17:24:26, 0] smbd/connection.c:yield_connection(63) yield_connection: tdb_delete for name failed with error Record does not exist. [2001/10/22 17:55:41, 0] smbd/connection.c:yield_connection(63) yield_connection: tdb_delete for name failed with error Record does not exist. [2001/10/22 17:55:41, 0] smbd/connection.c:yield_connection(63) yield_connection: tdb_delete for name failed with error Record does not exist. Attached in my current smb.conf file if anyone has time to look I'd be ethernally gratefull. Meanwhile I'll plough on myself Thanks -------------- next part -------------- A non-text attachment was scrubbed... Name: smb.conf Type: application/octet-stream Size: 426 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011022/60de14d5/smb.obj From barroca at dcc.ufmg.br Mon Oct 22 12:07:08 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:30 2003 Subject: Printing to a share In-Reply-To: Message-ID: hi all..... 1.my new linux box use the last rpm version for redhat (2.2). my machine is listed in the domain but i can't see the printer in the add new printer tool of the winNT. what is wrong? 2.when i try to add the machine account in the domain i got this problem? smbpasswd -j PBH-C -r s36-prodabel.pbh -U administrator Unknown parameter encountered: ~domain controller~ ignoring unknown parameter ~domain controller~ Password: Error connecting to s36-prodabel.pbh Unable to join domain PBH-C. what is wrong? Leonardo From amoote at fpelectronics.com Mon Oct 22 13:03:10 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:36:30 2003 Subject: SMB 2.2.2 PDC w/WIN2K SP2 clients Message-ID: I have been slaving over this problem for weeks now. I have used Samba in the past, but now we are trying to use it as a PDC and I am having one final problem that is really ticking me off. For all I know it's just a simple setting that I am missing. I starting working with Samba 2.2.1a on RH Linux 7.1 and have recently upgraded to 2.2.2 hoping to resolve my conflict. Said conflict is the inability to login to the SMB domain from Windows 2000. I thought it may have been the SP2 issue everyone has been chatting about, but I tried it without ANY service packs and it still fails. I made the root accoutn in the smbpasswd file and was able to initially join the domain, but after rebooting I cannot login as a user. Windows 98/ME works fine, logon scripts and all. The error message I receive is: "The system cannot log you into this domain because the system's computer account in it's primary domain is missing or the password on that account is incorrect." The account I am trying to use works when logging in from Windows 98/ME. I am not versed in NT accounts, I come from a Linux/NetWare background. This may be my problem. ;) Any ideas? If you could redirect me to a previous post which deals with this issue that too would be fine. Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 From Aaron.Meyer at BakerHughes.com Mon Oct 22 13:16:05 2001 From: Aaron.Meyer at BakerHughes.com (Meyer, Aaron) Date: Tue Dec 2 02:36:30 2003 Subject: SMB 2.2.2 PDC w/WIN2K SP2 clients Message-ID: <1F77B6E019F9D211826700805F15B5E706D8A70D@CENCOKISS01.bakerhughes.com> Could you post a trunkated log file to the list so we get the daemon messages from Samba's side. Aaron Meyer LNXRLZ, MSSKS, 2kBLWS -----Original Message----- From: amoote@fpelectronics.com [mailto:amoote@fpelectronics.com] Sent: Monday, October 22, 2001 3:04 PM To: samba-ntdom@lists.samba.org Subject: SMB 2.2.2 PDC w/WIN2K SP2 clients I have been slaving over this problem for weeks now. I have used Samba in the past, but now we are trying to use it as a PDC and I am having one final problem that is really ticking me off. For all I know it's just a simple setting that I am missing. I starting working with Samba 2.2.1a on RH Linux 7.1 and have recently upgraded to 2.2.2 hoping to resolve my conflict. Said conflict is the inability to login to the SMB domain from Windows 2000. I thought it may have been the SP2 issue everyone has been chatting about, but I tried it without ANY service packs and it still fails. I made the root accoutn in the smbpasswd file and was able to initially join the domain, but after rebooting I cannot login as a user. Windows 98/ME works fine, logon scripts and all. The error message I receive is: "The system cannot log you into this domain because the system's computer account in it's primary domain is missing or the password on that account is incorrect." The account I am trying to use works when logging in from Windows 98/ME. I am not versed in NT accounts, I come from a Linux/NetWare background. This may be my problem. ;) Any ideas? If you could redirect me to a previous post which deals with this issue that too would be fine. Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 From Daniel.Moeller at de.bosch.com Mon Oct 22 13:38:18 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:36:30 2003 Subject: AW: To set Tru64 UNIX as client to access NT (2000) server Message-ID: <1121C3ABCA53C945B821A821CDD67F62F683B5@simail21.desi2.bosch.com> Hi, smbmount is only available on Linux system, it relys on the smbfs file system. You can try to search the web for "Sharity". Its a commercial software implementing NT access on Unix systems. Don't know if it's available for Tru64. Kind regards, Danny -----Urspr?ngliche Nachricht----- Von: Meyer, Aaron [mailto:Aaron.Meyer@BakerHughes.com] Gesendet: Freitag, 19. Oktober 2001 23:37 An: johnd; samba-ntdom@lists.samba.org Betreff: RE: To set Tru64 UNIX as client to access NT (2000) server SAMBA does support UNIX to NT client access. See the information about using smbclient as a ftp like client or see smbmount information for mounting an NT share on the UNIX filesystem tree. Aaron Meyer LNXRLZ, MSSKS, 2kBLWS -----Original Message----- From: johnd [mailto:johnd@attronica.com] Sent: Friday, October 19, 2001 4:25 PM To: samba-ntdom@lists.samba.org Subject: To set Tru64 UNIX as client to access NT (2000) server Hi, We are looking for a software that can set Compaq Tru64 UNIX server as a client to access NT( or WIN 2000) server. The Samba software is let UNIX to set as SERVER so NT domain users can access unix., but can't set UNIX as client. Does anybody know that kind of software, please tell us. Thanks in advance. John Ding From amoote at fpelectronics.com Mon Oct 22 13:40:36 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:36:30 2003 Subject: SMB 2.2.2 PDC w/WIN2K SP2 clients Message-ID: I hope this is more than enough. I set the log level to 3 to get the most data. log.nmbd -------------- ***** [2001/10/22 16:32:46, 2] nmbd/nmbd_elections.c:send_election_dgram(44) send_election_dgram: Sending election packet for workgroup ADMIN on subnet 17 2.17.10.80 [2001/10/22 16:32:46, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(458) write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat [2001/10/22 16:32:48, 2] nmbd/nmbd_elections.c:send_election_dgram(44) send_election_dgram: Sending election packet for workgroup ADMIN on subnet 17 2.17.10.80 [2001/10/22 16:32:50, 1] nmbd/nmbd_processlogon.c:process_logon_packet(71) process_logon_packet: Logon from 172.17.1.228: code = 0x12 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(212) process_logon_packet: SAMLOGON sidsize 24, len = 128 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(219) process_logon_packet: len = 128 PTR_DIFF(q, buf) = 120 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(239) process_logon_packet: SAMLOGON sidsize 24 ntv 11 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(248) process_logon_packet: SAMLOGON user ISWORKSTATION$ [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(253) process_logon_packet: SAMLOGON request from ISWORKSTATION(172.17.1.228) for I SWORKSTATION$, returning logon svr \\SHOCKWAVE domain ADMIN code 13 token=ffff [2001/10/22 16:32:50, 2] nmbd/nmbd_elections.c:send_election_dgram(44) send_election_dgram: Sending election packet for workgroup ADMIN on subnet 17 2.17.10.80 [2001/10/22 16:32:50, 2] nmbd/nmbd_elections.c:run_elections(209) run_elections: >>> Won election for workgroup ADMIN on subnet 172.17.10.80 << < [2001/10/22 16:32:50, 2] nmbd/nmbd_become_lmb.c:become_local_master_browser(549 ) become_local_master_browser: Starting to become a master browser for workgrou p ADMIN on subnet 172.17.10.80 [2001/10/22 16:32:50, 3] nmbd/nmbd_become_lmb.c:become_local_master_browser(552 ) become_local_master_browser: first stage - attempt to register ^1^2__MSBROWSE __^2^1 [2001/10/22 16:32:50, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(458) write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat [2001/10/22 16:32:50, 1] nmbd/nmbd_processlogon.c:process_logon_packet(71) process_logon_packet: Logon from 172.17.1.228: code = 0x12 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(212) process_logon_packet: SAMLOGON sidsize 24, len = 128 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(219) process_logon_packet: len = 128 PTR_DIFF(q, buf) = 120 more... [2001/10/22 16:32:59, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) process_host_announce: from BIGFOOT<00> IP 172.17.1.226 to ADMIN<1d> for serv er BIGFOOT. [2001/10/22 16:32:59, 3] nmbd/nmbd_serverlistdb.c:create_server_on_workgroup(17 2) create_server_on_workgroup: Created server entry BIGFOOT of type 40019b03 (Sa mba Server 2.2.0) on workgroup ADMIN. [2001/10/22 16:32:59, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) process_host_announce: from TITAN<00> IP 172.17.10.225 to ADMIN<1d> for serve r TITAN. [2001/10/22 16:32:59, 3] nmbd/nmbd_serverlistdb.c:create_server_on_workgroup(17 2) create_server_on_workgroup: Created server entry TITAN of type 40019b03 (Intr anet Server (Samba 2.2.2)) on workgroup ADMIN. [2001/10/22 16:32:59, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) process_host_announce: from ISWORKSTATION<00> IP 172.17.1.228 to ADMIN<1d> fo r server ISWORKSTATION. [2001/10/22 16:32:59, 3] nmbd/nmbd_serverlistdb.c:create_server_on_workgroup(17 2) create_server_on_workgroup: Created server entry ISWORKSTATION of type 400110 03 () on workgroup ADMIN. [2001/10/22 16:32:59, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) log.isworkstation ------------------------ [2001/10/22 16:32:50, 3] rpc_server/srv_pipe.c:api_pipe_request(1152) Doing \PIPE\NETLOGON [2001/10/22 16:32:50, 3] rpc_server/srv_pipe.c:api_rpcTNP(1184) api_rpcTNP: rpc command: NET_AUTH2 [2001/10/22 16:32:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) free_pipe_context: destroying talloc pool of size 82 [2001/10/22 16:32:50, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7005 nwritten=160 [2001/10/22 16:32:50, 3] smbd/process.c:process_smb(860) Transaction 10 of length 63 [2001/10/22 16:32:50, 3] smbd/process.c:switch_message(667) switch message SMBreadX (pid 13047) [2001/10/22 16:32:50, 3] smbd/pipes.c:reply_pipe_read_and_X(240) readX-IPC pnum=7005 min=1024 max=1024 nread=40 [2001/10/22 16:32:50, 3] smbd/process.c:process_smb(860) Transaction 11 of length 45 [2001/10/22 16:32:50, 3] smbd/process.c:switch_message(667) switch message SMBclose (pid 13047) [2001/10/22 16:33:50, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 3] smbd/process.c:process_smb(860) Transaction 12 of length 39 [2001/10/22 16:33:52, 3] smbd/process.c:switch_message(667) switch message SMBtdis (pid 13047) [2001/10/22 16:33:52, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 3] smbd/service.c:close_cnum(648) isworkstation (172.17.1.228) closed connection to service IPC$ [2001/10/22 16:33:52, 3] smbd/connection.c:yield_connection(50) Yielding connection to IPC$ [2001/10/22 16:33:52, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 3] smbd/process.c:timeout_processing(1085) end of file from client [2001/10/22 16:33:52, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 2] smbd/server.c:exit_server(458) Closing connections [2001/10/22 16:33:52, 3] smbd/connection.c:yield_connection(50) Yielding connection to [2001/10/22 16:33:52, 3] smbd/server.c:exit_server(493) Server exit (normal exit) Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 "Meyer, Aaron" cc: Subject: RE: SMB 2.2.2 PDC w/WIN2K SP2 clients 10/22/01 04:12 PM Could you post a trunkated log file to the list so we get the daemon messages from Samba's side. Aaron Meyer LNXRLZ, MSSKS, 2kBLWS -----Original Message----- From: amoote@fpelectronics.com [mailto:amoote@fpelectronics.com] Sent: Monday, October 22, 2001 3:04 PM To: samba-ntdom@lists.samba.org Subject: SMB 2.2.2 PDC w/WIN2K SP2 clients I have been slaving over this problem for weeks now. I have used Samba in the past, but now we are trying to use it as a PDC and I am having one final problem that is really ticking me off. For all I know it's just a simple setting that I am missing. I starting working with Samba 2.2.1a on RH Linux 7.1 and have recently upgraded to 2.2.2 hoping to resolve my conflict. Said conflict is the inability to login to the SMB domain from Windows 2000. I thought it may have been the SP2 issue everyone has been chatting about, but I tried it without ANY service packs and it still fails. I made the root accoutn in the smbpasswd file and was able to initially join the domain, but after rebooting I cannot login as a user. Windows 98/ME works fine, logon scripts and all. The error message I receive is: "The system cannot log you into this domain because the system's computer account in it's primary domain is missing or the password on that account is incorrect." The account I am trying to use works when logging in from Windows 98/ME. I am not versed in NT accounts, I come from a Linux/NetWare background. This may be my problem. ;) Any ideas? If you could redirect me to a previous post which deals with this issue that too would be fine. Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 From Daniel.Moeller at de.bosch.com Mon Oct 22 13:46:03 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:36:30 2003 Subject: AW: Getting Desperate Message-ID: <1121C3ABCA53C945B821A821CDD67F62F683B6@simail21.desi2.bosch.com> Hi Paul, I would suggest you create all users on your Unix box with the same user ID as in NT. Use "encrypt passwords = yes", "security = server" and "password server = ". This way winbind isn't required and passwords in /etc/password are ignored, the password information comes from the NT PDC. Of course you will need plenty of disk space for your 30000 users ... File permissions and groups are handled on the Unix side. Kind regards, Danny -----Urspr?ngliche Nachricht----- Von: Paul J. Caritj [mailto:pcaritj@riovia.net] Gesendet: Freitag, 19. Oktober 2001 08:11 An: samba-ntdom@lists.samba.org Betreff: Getting Desperate OK, I'm getting desperate. I am sure this problem is nothing out of the ordinary, but I've never used samba (and, only rarely, linux) and I need this thing running by next week. What I've Done: I have a Windows2000 PDC and (save one) 2000 clients. I have a linux fileserver (Kernel 2.4; Redhat 7.1; Samba 2.2.2) sharing two public folders ("Resources" and "Tax") What I need: A home directory for any given user who browses their way into the fileserver through Network Neighborhood. Each also needs to map a network drive (Z:) to their Home directory. I have the home directories working properly but no one can log in. At the risk of sounding lazy, what should smb.conf look like? How do I handle passwords (that is the main issue). I have little interest in integrating with the PDC's security. I just want to make the accounts manually on the unxix machine. So, I know this is a lot to ask, but could someone give me a step by step to (in summary) do the following: configure home directories for users in which the corrosponding user has full permissions (Read, write, execute, the whole enchilada) that they can successfully log into from their Win2000 workstation. Again, password servers, domain membership, etc are irrelevent. I'm willing to either use encrypted passwords on the Liux box OR unencrypted passwords on the Windows box. Whichever is easier, as long as it works. If someone could help me with this I would appreciate it SO much. Thank you, Paul Caritj pcaritj@riovia.net From anderson at centtech.com Mon Oct 22 14:00:05 2001 From: anderson at centtech.com (Eric Anderson) Date: Tue Dec 2 02:36:30 2003 Subject: Samba PDC & /etc/passwd Message-ID: <3BD488E4.B78C71F5@centtech.com> Ok, I have seen a bunch of posts on similar subjects, but I'm just not putting the pieces together.. I have Samba 2.2.2 (on RedHat 6.2 - from their RPM), and a Windows 2k box (Advanced server). Everything works great, but samba wants me to use the smbpasswd file for authentication, and I would like to use the /etc/passwd stuffs to do the authentication - I'm using NIS, so this is important. Whats the smb.conf trick to basically say "use /etc/passwd instead of smbpasswd"? Just for the heck of it, here is one what person said a while back: ---- Quoted from Aaron Sheard ---- The way it works with me is as long as you have a +::0:0::: as the last line in your /etc/passwd file, samba will authenticate to the NIS master. If you can log on directly to the unix box through NIS, samba should work fine without any modifications. In my smb.conf file this is all I have for [global] variables and it works fine with NIS. (this is running on hpux 10.20) [global] passwd program = /usr/bin/passwd %u server string = unixbox workgroup = office passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* netbios name = unixbox socket address = 10.10.1.2 ---- ----- Thanks in advance! Eric -- ------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology # rm -rf /bin/laden ------------------------------------------------------------- From KMetz at psakids.com Mon Oct 22 14:00:39 2001 From: KMetz at psakids.com (Kevin Metz) Date: Tue Dec 2 02:36:30 2003 Subject: Using Samba for WINS Message-ID: <20BB5A31033CD411AB0500010238B1B4010A9B8A@PSAMES1> Our company just recently switched our WINS mechanism from Windows NT to Linux using Samba. Eveything seems to work just fine except for one problem, when using "Network Neighborhood" to browse the network when on a LAN you can get to every server and resource, however if your on the WAN you cannot browse to one server. This server is our mail server, it is an NT 4.0 server running Exchange 5.5, it also serves as the internal mail server and internet mail server, it also uses an application called Web Outlook. You cannot ping it by name, and for some reason in the Samba wins.dat file the server is not registering quite properly as the other servers, the numeric attributes are not "00", "03", and "20", instead they are "6a" and "87". Has anyone ever heard of this issue? Any help or information would be greatly appreciated. From amoote at fpelectronics.com Mon Oct 22 14:21:38 2001 From: amoote at fpelectronics.com (amoote@fpelectronics.com) Date: Tue Dec 2 02:36:31 2003 Subject: SMB 2.2.2 PDC w/WIN2K SP2 clients Message-ID: Sorry... log.smbd -------------- added interface ip=172.17.10.80 bcast=172.17.255.255 nmask=255.255.0.0 [2001/10/22 17:16:57, 3] smbd/server.c:main(731) loaded services [2001/10/22 17:16:57, 3] smbd/server.c:main(739) Becoming a daemon. [2001/10/22 17:16:57, 3] lib/util_sock.c:open_socket_in(839) bind succeeded on port 139 [2001/10/22 17:16:57, 2] smbd/server.c:open_sockets(201) waiting for a connection [2001/10/22 17:17:22, 3] smbd/oplock.c:init_oplocks(1239) open_oplock_ipc: opening loopback UDP socket. [2001/10/22 17:17:22, 3] lib/util_sock.c:open_socket_in(839) bind succeeded on port 0 [2001/10/22 17:17:22, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(293) Linux kernel oplocks enabled [2001/10/22 17:17:22, 3] smbd/oplock.c:init_oplocks(1269) open_oplock ipc: pid = 13167, global_oplock_port = 34663 [2001/10/22 17:17:22, 3] smbd/process.c:process_smb(860) Transaction 0 of length 72 [2001/10/22 17:17:22, 2] smbd/reply.c:reply_special(92) netbios connect: name1=SHOCKWAVE name2=ISWORKSTATION [2001/10/22 17:17:22, 2] smbd/reply.c:reply_special(111) netbios connect: local=shockwave remote=isworkstation Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 "Meyer, Aaron" cc: Subject: RE: SMB 2.2.2 PDC w/WIN2K SP2 clients 10/22/01 04:49 PM is there an log.smbd? Aaron Meyer LNXRLZ, MSSKS, 2kBLWS -----Original Message----- From: amoote@fpelectronics.com [mailto:amoote@fpelectronics.com] Sent: Monday, October 22, 2001 3:40 PM To: samba-ntdom@lists.samba.org Subject: RE: SMB 2.2.2 PDC w/WIN2K SP2 clients I hope this is more than enough. I set the log level to 3 to get the most data. log.nmbd -------------- ***** [2001/10/22 16:32:46, 2] nmbd/nmbd_elections.c:send_election_dgram(44) send_election_dgram: Sending election packet for workgroup ADMIN on subnet 17 2.17.10.80 [2001/10/22 16:32:46, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(458) write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat [2001/10/22 16:32:48, 2] nmbd/nmbd_elections.c:send_election_dgram(44) send_election_dgram: Sending election packet for workgroup ADMIN on subnet 17 2.17.10.80 [2001/10/22 16:32:50, 1] nmbd/nmbd_processlogon.c:process_logon_packet(71) process_logon_packet: Logon from 172.17.1.228: code = 0x12 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(212) process_logon_packet: SAMLOGON sidsize 24, len = 128 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(219) process_logon_packet: len = 128 PTR_DIFF(q, buf) = 120 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(239) process_logon_packet: SAMLOGON sidsize 24 ntv 11 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(248) process_logon_packet: SAMLOGON user ISWORKSTATION$ [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(253) process_logon_packet: SAMLOGON request from ISWORKSTATION(172.17.1.228) for I SWORKSTATION$, returning logon svr \\SHOCKWAVE domain ADMIN code 13 token=ffff [2001/10/22 16:32:50, 2] nmbd/nmbd_elections.c:send_election_dgram(44) send_election_dgram: Sending election packet for workgroup ADMIN on subnet 17 2.17.10.80 [2001/10/22 16:32:50, 2] nmbd/nmbd_elections.c:run_elections(209) run_elections: >>> Won election for workgroup ADMIN on subnet 172.17.10.80 << < [2001/10/22 16:32:50, 2] nmbd/nmbd_become_lmb.c:become_local_master_browser(549 ) become_local_master_browser: Starting to become a master browser for workgrou p ADMIN on subnet 172.17.10.80 [2001/10/22 16:32:50, 3] nmbd/nmbd_become_lmb.c:become_local_master_browser(552 ) become_local_master_browser: first stage - attempt to register ^1^2__MSBROWSE __^2^1 [2001/10/22 16:32:50, 3] nmbd/nmbd_serverlistdb.c:write_browse_list(458) write_browse_list: Wrote browse list into file /var/cache/samba/browse.dat [2001/10/22 16:32:50, 1] nmbd/nmbd_processlogon.c:process_logon_packet(71) process_logon_packet: Logon from 172.17.1.228: code = 0x12 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(212) process_logon_packet: SAMLOGON sidsize 24, len = 128 [2001/10/22 16:32:50, 3] nmbd/nmbd_processlogon.c:process_logon_packet(219) process_logon_packet: len = 128 PTR_DIFF(q, buf) = 120 more... [2001/10/22 16:32:59, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) process_host_announce: from BIGFOOT<00> IP 172.17.1.226 to ADMIN<1d> for serv er BIGFOOT. [2001/10/22 16:32:59, 3] nmbd/nmbd_serverlistdb.c:create_server_on_workgroup(17 2) create_server_on_workgroup: Created server entry BIGFOOT of type 40019b03 (Sa mba Server 2.2.0) on workgroup ADMIN. [2001/10/22 16:32:59, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) process_host_announce: from TITAN<00> IP 172.17.10.225 to ADMIN<1d> for serve r TITAN. [2001/10/22 16:32:59, 3] nmbd/nmbd_serverlistdb.c:create_server_on_workgroup(17 2) create_server_on_workgroup: Created server entry TITAN of type 40019b03 (Intr anet Server (Samba 2.2.2)) on workgroup ADMIN. [2001/10/22 16:32:59, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) process_host_announce: from ISWORKSTATION<00> IP 172.17.1.228 to ADMIN<1d> fo r server ISWORKSTATION. [2001/10/22 16:32:59, 3] nmbd/nmbd_serverlistdb.c:create_server_on_workgroup(17 2) create_server_on_workgroup: Created server entry ISWORKSTATION of type 400110 03 () on workgroup ADMIN. [2001/10/22 16:32:59, 3] nmbd/nmbd_incomingdgrams.c:process_host_announce(116) log.isworkstation ------------------------ [2001/10/22 16:32:50, 3] rpc_server/srv_pipe.c:api_pipe_request(1152) Doing \PIPE\NETLOGON [2001/10/22 16:32:50, 3] rpc_server/srv_pipe.c:api_rpcTNP(1184) api_rpcTNP: rpc command: NET_AUTH2 [2001/10/22 16:32:50, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(417) free_pipe_context: destroying talloc pool of size 82 [2001/10/22 16:32:50, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=7005 nwritten=160 [2001/10/22 16:32:50, 3] smbd/process.c:process_smb(860) Transaction 10 of length 63 [2001/10/22 16:32:50, 3] smbd/process.c:switch_message(667) switch message SMBreadX (pid 13047) [2001/10/22 16:32:50, 3] smbd/pipes.c:reply_pipe_read_and_X(240) readX-IPC pnum=7005 min=1024 max=1024 nread=40 [2001/10/22 16:32:50, 3] smbd/process.c:process_smb(860) Transaction 11 of length 45 [2001/10/22 16:32:50, 3] smbd/process.c:switch_message(667) switch message SMBclose (pid 13047) [2001/10/22 16:33:50, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 3] smbd/process.c:process_smb(860) Transaction 12 of length 39 [2001/10/22 16:33:52, 3] smbd/process.c:switch_message(667) switch message SMBtdis (pid 13047) [2001/10/22 16:33:52, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 3] smbd/service.c:close_cnum(648) isworkstation (172.17.1.228) closed connection to service IPC$ [2001/10/22 16:33:52, 3] smbd/connection.c:yield_connection(50) Yielding connection to IPC$ [2001/10/22 16:33:52, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 3] smbd/process.c:timeout_processing(1085) end of file from client [2001/10/22 16:33:52, 3] smbd/sec_ctx.c:set_sec_ctx(320) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2001/10/22 16:33:52, 2] smbd/server.c:exit_server(458) Closing connections [2001/10/22 16:33:52, 3] smbd/connection.c:yield_connection(50) Yielding connection to [2001/10/22 16:33:52, 3] smbd/server.c:exit_server(493) Server exit (normal exit) Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 "Meyer, Aaron" cc: Subject: RE: SMB 2.2.2 PDC w/WIN2K SP2 clients 10/22/01 04:12 PM Could you post a trunkated log file to the list so we get the daemon messages from Samba's side. Aaron Meyer LNXRLZ, MSSKS, 2kBLWS -----Original Message----- From: amoote@fpelectronics.com [mailto:amoote@fpelectronics.com] Sent: Monday, October 22, 2001 3:04 PM To: samba-ntdom@lists.samba.org Subject: SMB 2.2.2 PDC w/WIN2K SP2 clients I have been slaving over this problem for weeks now. I have used Samba in the past, but now we are trying to use it as a PDC and I am having one final problem that is really ticking me off. For all I know it's just a simple setting that I am missing. I starting working with Samba 2.2.1a on RH Linux 7.1 and have recently upgraded to 2.2.2 hoping to resolve my conflict. Said conflict is the inability to login to the SMB domain from Windows 2000. I thought it may have been the SP2 issue everyone has been chatting about, but I tried it without ANY service packs and it still fails. I made the root accoutn in the smbpasswd file and was able to initially join the domain, but after rebooting I cannot login as a user. Windows 98/ME works fine, logon scripts and all. The error message I receive is: "The system cannot log you into this domain because the system's computer account in it's primary domain is missing or the password on that account is incorrect." The account I am trying to use works when logging in from Windows 98/ME. I am not versed in NT accounts, I come from a Linux/NetWare background. This may be my problem. ;) Any ideas? If you could redirect me to a previous post which deals with this issue that too would be fine. Regards, Alan B. Moote Systems Administrator MARK IV Industries tel: 905.624.7908 fax: 905.625.6197 From peter.milburn at sofcom.com.au Mon Oct 22 18:41:04 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:36:31 2003 Subject: samba and winbind Message-ID: is there a beta of winbind, that will work talking to a Linux PDC ? Thanks -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From pk at qtac.edu.au Mon Oct 22 20:38:01 2001 From: pk at qtac.edu.au (Peter Kernke) Date: Tue Dec 2 02:36:31 2003 Subject: Samba as PDC for win2000 Message-ID: <200110230338.NAA21587@qtac.edu.au> Hi I am having the most basic of problems. I have setup a PDC with samba 2.2.2 and am trying to get my Win200) machine to join the domain. I followed the following proceedure http://ivy:901/swat/help/Samba-HOWTO-Collection.html#SAMBA-PDC And when I go to the client W2000 box and change from the workgroup to join the domain I get a popup which says ----------------------------------------------- Domain and Username Password Enter the name and password of an account with permission to join the domain Name: Password: ----------------------------------------------- What user and passwd do I enter here my domain is QTAC so I woul hav thought that it would be QTAC\root and the samba password setup for root. I will also add that I am currently having a problem (just within the last couple of hours) where it is not possible to browse the workgroup. Thanks in advance PK Peter Kernke Senior Programmer (Infrastructure and Operations) Queensland Tertiary Admissions Centre Ltd Level 2/33 Park Road PO Box 1331, Milton, Brisbane, Australia, 4064 Ph: (07) 3858-1238 Mobile: (0408) 347 677 Fax: (07) 3368-2263 E-mail: pk@qtac.edu.au From DavidAtkinson at solectron.com Mon Oct 22 21:23:03 2001 From: DavidAtkinson at solectron.com (DavidAtkinson@solectron.com) Date: Tue Dec 2 02:36:31 2003 Subject: WINS-server and push/pull Message-ID: <91C8BF85397AD411B62A0090274FA17F5D6829@wangex.wta.slr.com> I may be a little behind, but I don't think that this has been implemented yet. The closest you can do is to have one samba box as a WINS client and a second one as a WINS server and have both doing WINS proxying, so that they share the information via broadcasts. This is, however, cludgy, but it does work. Unfortunatly the best solution is to have multiple Winblows WINS servers or a single linux box (which makes maintenance tricky) Regards, David Atkinson System Administrator Solectron Australia Phone: +61 3 5720-2556 Mobile: +61 4 1957-4112 Fax: +61 3 5720-2412 or +61 2 8304-1206 -----Original Message----- From: alex [mailto:aoclarit@kiwi.dhs.org] Sent: Friday, 19 October 2001 1:06 PM To: samba Subject: WINS-server and push/pull Hi all Can I set up a linux-box to be a wins-server within a domain and then tell it to sync with other NT-based wins-servers that already exist in the domain ? I cannot find anything on that. ALEX From bernard.askew at rtc.ch Mon Oct 22 23:37:02 2001 From: bernard.askew at rtc.ch (Askew Bernard) Date: Tue Dec 2 02:36:31 2003 Subject: AW: problems joining a NT domain Message-ID: Check on your PDC NT Server if your host ebv-nettetal-ns is defined. You might have to delete it and create it again on the PDC. I had a fight with such a configuration last week. Is "ebv-nettetal-ns" it's real name or is it a virtual name (type "hostname" on your UNIX to check)? If you have another name as hostname, you might have to define it as well on your PDC. Eventually you might have to check if your Samba daemons are running or not when you join. Try both. If I'm right, you then don't need a password file on your Samba, you use the one on your PDC NT Server EBV-NETTETAL-NT. Good luck! Bernard > -----Urspr?ngliche Nachricht----- > Von: Stephan Scheufen [mailto:s.scheufen@ebv.com] > Gesendet am: Montag, 22. Oktober 2001 16:57 > An: samba-ntdom@samba.org > Betreff: problems joining a NT domain > > Hello folks, > > i have _no_ idea what i can do against this error message: > ----------------------------------------------- > ebv-nettetal-ns:/etc # smbpasswd -j EBV_NETTETAL -r > EBV-NETTETAL-NT > > cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT > cli_nt_setup_creds: auth2 challenge failed > modify_trust_password: unable to setup the PDC credentials to machine > EBV-NETTETAL-NT. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. > 2001/10/22 16:54:05 : change_trust_account_password: Failed to change > password for domain EBV_NETTETAL. > Unable to join domain EBV_NETTETAL. > ebv-nettetal-ns:/etc # > ----------------------------------------------- > > can someboda please explain or tell me how i can get rid of that? > > regards > Stephan > > > From jakscht at vit.de Tue Oct 23 02:29:06 2001 From: jakscht at vit.de (Michael Jakscht) Date: Tue Dec 2 02:36:31 2003 Subject: Unable to join Domain to NT 4.0 PDC with Samba 2.2.2 Message-ID: Hi, I didn't do this ever before so I'd prefer your help. Following: I want to connect Samba 2.2.2 to an existing PDC on NT 4.0. No when I use smbpasswd -j intranet (the pdc's workgroup) I get the following: # smbpasswd -j intranet cli_net_auth2: Error NT_STATUS_NO_TRUST_SAM_ACCOUNT cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine INTRANET. Error was : NT_STATUS_NO_TRUST_SAM_ACCOUNT. 2001/10/23 10:06:43 : change_trust_account_password: Failed to change password for domain INTRANET. Unable to join domain INTRANET. Hope you can help me, I don't know how to do this. I have some experience with Samba, but I've never done something like this before. Thanks, Michael From KMetz at psakids.com Tue Oct 23 05:00:02 2001 From: KMetz at psakids.com (Kevin Metz) Date: Tue Dec 2 02:36:31 2003 Subject: Using Samba for WINS Message-ID: <20BB5A31033CD411AB0500010238B1B4010A9B8F@PSAMES1> Our company just recently switched our WINS mechanism from Windows NT to Linux using Samba. Eveything seems to work just fine except for one problem, when using "Network Neighborhood" to browse the network when on a LAN you can get to every server and resource, however if your on the WAN you cannot browse to one server. This server is our mail server, it is an NT 4.0 server running Exchange 5.5, it also serves as the internal mail server and internet mail server, it also uses an application called Web Outlook. You cannot ping it by name, and for some reason in the Samba wins.dat file the server is not registering quite properly as the other servers, the numeric attributes are not "00", "03", and "20", instead they are "6a" and "87". Has anyone ever heard of this issue? Any help or information would be greatly appreciated. Also secondly is there a way to put in a static entry into the wins.dat file? From KFuerstberger at haitec.de Tue Oct 23 05:15:49 2001 From: KFuerstberger at haitec.de (KFuerstberger@haitec.de) Date: Tue Dec 2 02:36:31 2003 Subject: rid and pwdLastSet set with 2.2.2 and Lotus Notes Ldap Message-ID: Hi all, I use a 2.2.2 PDC and Notes Ldap. After many tests and a few grey hair I succeeded in joining the domain with w2k and xp and announcing me as a user whereby the accounts are stored in the LDAP directory of a Lotus Notes Server. I make the following: In order to generate a machine account: If I try to generate an account with smbpasswd, then that fails, user not found. Therefore I first generate a SambaAccount for the machine in the LDAP directory with uid and uidNumber, the other fields empty. Now an smbpasswd: smbtest:/usr/local/samba/bin# ./smbpasswd -D 2 -a -m nttest ldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[(&(uid=nttest $)(objectclass=sambaAccount))] get_single_attribute: [uid] = [nttest$] Entry found for user: nttest$ get_single_attribute: [sambaDomain] = [NULL] get_single_attribute: [pwdLastSet] = [0] get_single_attribute: [logonTime] = [0] get_single_attribute: [logoffTime] = [0] get_single_attribute: [kickoffTime] = [0] get_single_attribute: [pwdCanChange] = [0] get_single_attribute: [pwdMustChange] = [0] get_single_attribute: [gecos] = [NULL] get_single_attribute: [homeDrive] = [NULL] get_single_attribute: [smbHome] = [\\%N\] get_single_attribute: [scriptPath] = [NULL] get_single_attribute: [profilePath] = [\\%N\\profile] get_single_attribute: [description] = [NULL] get_single_attribute: [userWorkstations] = [NULL] get_single_attribute: [rid] = [0] get_single_attribute: [primaryGroupID] = [NULL] get_single_attribute: [lmPassword] = [67E5DC9874306DC5AAD3B435B51404EE] get_single_attribute: [ntPassword] = [BC1A251B15F2F27F4118CE32EF8090DA] get_single_attribute: [acctFlags] = [[U ]] ldap_open_connection: connection opened ldap_connect_system: succesful connection to the LDAP server ldap_search_one_user: searching for:[(&(uid=nttest $)(objectclass=sambaAccount))] Setting entry for user: nttest$ successfully modified uid = nttest$ in the LDAP database Here the "acctFlags" are not set to "W", and the rid=0. When I trie to join the domain I got the uid was found, but the rid=21420 was not found, hmm... [2001/10/23 13:57:03, 0] passdb/pdb_ldap.c:pdb_getsampwrid(750) We don't find this rid [21420] count=0 So I delete the lmPassword Hash Entry and the ntPassword Hash Entry, set acctFlags to [W ], and rid to 21420 Now I can join the domain from win xp client. Is this not implemented in smbpasswd to set the entries or make I an error? If I try afterwards to log in as a user , function also, I requested to modify my password, also ok. Nevertheless smbpasswd modify not the entry " pwdLastSet" in the LDAP directory. So if I log in thus again, I again requested the password to modify... Any hints? Thanx Klaus From eirvine at tpgi.com.au Tue Oct 23 05:52:03 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:36:31 2003 Subject: Samba PDC & /etc/passwd References: <3BD488E4.B78C71F5@centtech.com> Message-ID: <3BD567E6.1122F43F@tpgi.com.au> No. Samba must use encrypted passwords (in the smbpasswd file) to be a PDC. To use passwords in NIS, it must use plain text passwords. Plaintext as in that is how the client sends the password across the wire. So - to be a PDC, you've gotta set up smbpasswd. And you have to have machine names in /etc/passwd (or nis). Eddie. Eric Anderson wrote: > > Ok, I have seen a bunch of posts on similar subjects, but I'm just not putting the pieces together.. I have Samba 2.2.2 > (on RedHat 6.2 - from their RPM), and a Windows 2k box (Advanced server). Everything works great, but samba wants me to > use the smbpasswd file for authentication, and I would like to use the /etc/passwd stuffs to do the authentication - I'm > using NIS, so this is important. Whats the smb.conf trick to basically say "use /etc/passwd instead of smbpasswd"? > > Just for the heck of it, here is one what person said a while back: > > ---- Quoted from Aaron Sheard ---- > The way it works with me is as long as you have a +::0:0::: as the last line in > your /etc/passwd file, samba will authenticate to the NIS master. > > If you can log on directly to the unix box through NIS, samba should work fine > without any modifications. > > In my smb.conf file this is all I have for [global] variables and it works fine > with NIS. > (this is running on hpux 10.20) > > [global] > passwd program = /usr/bin/passwd %u > server string = unixbox > workgroup = office > passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* > netbios name = unixbox > socket address = 10.10.1.2 > ---- ----- > > Thanks in advance! > Eric > > -- > ------------------------------------------------------------- > Eric Anderson anderson@centtech.com Centaur Technology > # rm -rf /bin/laden > ------------------------------------------------------------- From anderson at centtech.com Tue Oct 23 06:04:02 2001 From: anderson at centtech.com (Eric Anderson) Date: Tue Dec 2 02:36:31 2003 Subject: Samba PDC & /etc/passwd References: <3BD488E4.B78C71F5@centtech.com> <3BD567E6.1122F43F@tpgi.com.au> Message-ID: <3BD56AE3.2DEA3821@centtech.com> Ok.. Well, basically, here's what I have, and what I want: I have a PDC (windows NT) currently, with Exchange running on it. I also have mostly unix/linux machines running NIS. I would like to have an Exchange server box (on Win2k), that gets all authentication information from a Samba box (linux) that ties in with the NIS passwd files. I don't really need a PDC I suppose, but I would like to be able to have Exchange users from the NIS database. Is this at all possible? Eric eirvine wrote: > > No. > > Samba must use encrypted passwords (in the smbpasswd file) to be a PDC. > To use passwords in NIS, it must use plain text passwords. Plaintext as > in that is how the client sends the password across the wire. > > So - to be a PDC, you've gotta set up smbpasswd. And you have to have > machine names in /etc/passwd (or nis). > > Eddie. > > Eric Anderson wrote: > > > > Ok, I have seen a bunch of posts on similar subjects, but I'm just not putting the pieces together.. I have Samba 2.2.2 > > (on RedHat 6.2 - from their RPM), and a Windows 2k box (Advanced server). Everything works great, but samba wants me to > > use the smbpasswd file for authentication, and I would like to use the /etc/passwd stuffs to do the authentication - I'm > > using NIS, so this is important. Whats the smb.conf trick to basically say "use /etc/passwd instead of smbpasswd"? > > > > Just for the heck of it, here is one what person said a while back: > > > > ---- Quoted from Aaron Sheard ---- > > The way it works with me is as long as you have a +::0:0::: as the last line in > > your /etc/passwd file, samba will authenticate to the NIS master. > > > > If you can log on directly to the unix box through NIS, samba should work fine > > without any modifications. > > > > In my smb.conf file this is all I have for [global] variables and it works fine > > with NIS. > > (this is running on hpux 10.20) > > > > [global] > > passwd program = /usr/bin/passwd %u > > server string = unixbox > > workgroup = office > > passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n > > *passwd:*all*authentication*tokens*updated*successfully* > > netbios name = unixbox > > socket address = 10.10.1.2 > > ---- ----- > > > > Thanks in advance! > > Eric > > > > -- > > ------------------------------------------------------------- > > Eric Anderson anderson@centtech.com Centaur Technology > > # rm -rf /bin/laden > > ------------------------------------------------------------- -- ------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology # rm -rf /bin/laden ------------------------------------------------------------- From rasmus.wiman at sami.se Tue Oct 23 06:37:12 2001 From: rasmus.wiman at sami.se (Rasmus Wiman) Date: Tue Dec 2 02:36:31 2003 Subject: Write-protected desktops? Message-ID: <20011023153306.62582985.rasmus.wiman@sami.se> Hi all, I run a small domain with a Slackware 8.0 box and Samba 2.2.1a PDC and a bunch of Win2000 clients. Most part of this works fine, but whenever a user saves a file on the desktop it loses all privileges. To delete, overwrite, move or do anything else with the file requires the user to change the file proerties to allow reading, writing, deleting and whatever other privilege he/she needs. This is rather annoying. What's wrong? I suppose this is the interesting part of the common section of smb.conf: logon script = Labs.bat # Where to store roving profiles (only for Win95 and WinNT) # %L substitutes for this servers netbios name, %U is username # You must uncomment the [Profiles] share below logon path = \\%L\Profiles\%U logon home = \\%L\%U\.profiles logon drive= u: And here is the Profiles share: [Profiles] path = /usr/local/samba/profiles browseable = no guest ok = yes writable = yes create mask = 0600 directory mask = 0700 From aandrews at eng.okla.seagate.com Tue Oct 23 08:32:04 2001 From: aandrews at eng.okla.seagate.com (Arnold Andrews X-324-4292) Date: Tue Dec 2 02:36:31 2003 Subject: Is possible to use NT2000 user database as a single point of authentification? Message-ID: <200110231531.KAA09192@ocosdrc01.eng.okla.seagate.com> > Delivered-To: samba-ntdom@lists.samba.org > From: "Oscar Alvarez" > To: > Subject: Is possible to use NT2000 user database as a single point of authentification? > MIME-Version: 1.0 > X-Priority: 3 > X-MSMail-Priority: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 > X-BeenThere: samba-ntdom@lists.samba.org > X-Mailman-Version: 2.0.6 > List-Help: > List-Post: > List-Subscribe: , > List-Id: Using Samba with Windows NT domains > List-Unsubscribe: , > List-Archive: > X-Original-Date: Wed, 17 Oct 2001 11:42:57 +0200 > Date: Wed, 17 Oct 2001 11:42:57 +0200 > > I just want to use Samba for common directory exporting for all the 2000 domain users. I don't want to maintain a Samba user's database at Linux, i want to manage all user/passwd from NT. > Reading Samba doc's allways speak about a NT and then UNIX password masking, can i exclude this UNIX authentification? > > Thanks in Advance. > > Oscar Alvarez Hi, Sorry for the late reply, but I have a hard time keeping up with the list. If you are still looking for a possible solution to your problem, read on... You can authenticate through an NT domain by setting "security = domain", and the "password server =" parameter, however you will still need to have matching names for the NT username on the Unix box. These can be local "/etc/passwd", or NIS. If the names don't match exactly, then you can use the "username map =" parameter to point to a file which maps the Unix user name to the windows user name(s) to be associated with the Unix account. Hope that helps, Arnold Andrews MCAD/Unix Systems Adminstrator Seagate Technology, LLC From joe_kroboth at chernay.com Tue Oct 23 08:38:02 2001 From: joe_kroboth at chernay.com (Kroboth, Joe) Date: Tue Dec 2 02:36:31 2003 Subject: Swat Authorization problem w/PAM Message-ID: <36B7C8AFF80DD311B8C200105ACAFC7D2AFB57@ftp.chernay.com> Hello, Installed the binary RPM (http://de.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/7.1/) for samba 2.2.2 on my redhat 7.1 server. I got winbind to work and my samba server is now using NT usernames and groups. I was very unsure about how modify the pam.d files. The only file I changed was the /etc/pam.d/samba file. I pulled this configuration from another mail post. /etc/pam.d/samba-------------------------------------- auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok account required /lib/security/pam_winbind.so session required /lib/security/pam_pwdb.so password required /lib/security/pam_pwdb.so ----------------------------------------------------------------- This seems to work fine for all but SWAT. I am able to log into swat using a NT domain name and password (DOMAIN+name and password) but I do not have full access to changing the config file. When I try to log in as root I receive an authorization failure. Hoping someone could point me in the right direction. Thanks Joe Joe Kroboth IT Director Chernay Printing, Inc 7483 South Main Street PO BOX 199 Coopersburg, PA 18036 610.282.3774 EXT 113 610.282.2982 FAX joe_kroboth@chernay.com www.chernay.com From Eddie.Wimberly at robins.af.mil Tue Oct 23 08:55:03 2001 From: Eddie.Wimberly at robins.af.mil (Wimberly Eddie Contr WRALC/LYSFR) Date: Tue Dec 2 02:36:31 2003 Subject: 2.2.2 and Roaming Profiles with Win2k Message-ID: I removed the machine$ entry from smbpasswd , recreated it and made the win2k machine rejoin the domain. Now profiles work like advertised. > -----Original Message----- > From: Gerald (Jerry) Carter [mailto:jerry@samba.org] > Sent: Wednesday, October 17, 2001 1:25 PM > To: Dave Stevenson > Cc: Wimberly Eddie Contr WRALC/LYSFR; samba-ntdom@lists.samba.org > Subject: Re: 2.2.2 and Roaming Profiles with Win2k > > > On Wed, 17 Oct 2001, Dave Stevenson wrote: > > > I may be wrong about this but...(with flame retardent clothing > > applied.) > > > > isnt logon path= ... something that's passed to the NT/2000 box so > > maybe the slashes should be \\ rather than // ?? - or maybe that's > > just too simple certainly \\ works for me :-) > > Doh! > > [reaches for towel to wipe egg off of face...] > > I did not even notice that. Must be getting old.... ;) > > Of course, you are correct. Thanks. > > > > > > \\sambapdc\username\profile.pds. You will be logged on > with a local > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > > profile ...." > > > > > > > > In the [globals] section, I have "logon path = > //%N/profiles/%U" as > ^^^^^^^^^^^^^^^^ > > > > > > > > > cheers, jerry > --------------------------------------------------------------------- > www.samba.org SAMBA Team jerry_at_samba.org > www.plainjoe.org jerry_at_plainjoe.org > --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- > From aandrews at eng.okla.seagate.com Tue Oct 23 09:02:01 2001 From: aandrews at eng.okla.seagate.com (Arnold Andrews X-324-4292) Date: Tue Dec 2 02:36:31 2003 Subject: winbind Message-ID: <200110231601.LAA09370@ocosdrc01.eng.okla.seagate.com> On Date: Mon, 15 Oct 2001 09:59:34 +0100, Chris Bamford Wrote: > Hi All, > > Last week I posted a question about winbind on Solaris and > have heard nothing; am I posting to the wrong list? If so, > where should I ask this question? > > Thanks, > > -- Chris Yes, I know what you mean. I could not even get it to compile on Solaris (8) unless I used the following option: ./configure --with-winbind=no What about it Samba Team? Is winbind supported or going to be supported on Solaris? Thanks, Arnold Andrews From barroca at dcc.ufmg.br Tue Oct 23 09:20:06 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:31 2003 Subject: Printing oly as admin user Message-ID: hi all. my linux box is sharig the printer, but only user defined as adim user can print. i need to make users that aren`t admin print. i also need to make user that has the password in other PDC (NT) to print in this share. Leonardo From aoclarit at kiwi.dhs.org Tue Oct 23 09:39:01 2001 From: aoclarit at kiwi.dhs.org (Aoclarit) Date: Tue Dec 2 02:36:31 2003 Subject: Printing oly as admin user References: Message-ID: <3BD59D4F.3B8C6F8D@kiwi.dhs.org> may I ask you how you created those domain admin users cause I have trouble doing that. THX Leonardo Luiz Padovani da Mata wrote: > hi all. > my linux box is sharig the printer, but only user defined as adim user can > print. > i need to make users that aren`t admin print. > i also need to make user that has the password in other PDC (NT) to print > in this share. > > Leonardo From barroca at dcc.ufmg.br Tue Oct 23 09:41:04 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:31 2003 Subject: Printing oly as admin user In-Reply-To: <3BD59D4F.3B8C6F8D@kiwi.dhs.org> Message-ID: just put in the global section: admin users = leo, barroca, other Leonardo On Tue, 23 Oct 2001, Aoclarit wrote: > may I ask you how you created those domain admin users cause I have trouble > doing that. > > THX > > Leonardo Luiz Padovani da Mata wrote: > > > hi all. > > my linux box is sharig the printer, but only user defined as adim user can > > print. > > i need to make users that aren`t admin print. > > i also need to make user that has the password in other PDC (NT) to print > > in this share. > > > > Leonardo > > From joe_kroboth at chernay.com Tue Oct 23 10:43:57 2001 From: joe_kroboth at chernay.com (Kroboth, Joe) Date: Tue Dec 2 02:36:31 2003 Subject: Swat Authorization problem w/PAM Message-ID: <36B7C8AFF80DD311B8C200105ACAFC7D2AFB59@ftp.chernay.com> Hello Again, I changed the permissions to rw-rw---, I changed the group of smb.conf to DOMAIN+Domain Admin. When I log into swat and enter a NT domain name that is part of the Domain Admin group, I have write privileges. Does this sound reasonably secure? Thanks, Joe -----Original Message----- From: Kroboth, Joe Sent: Tuesday, October 23, 2001 12:13 PM To: 'Jens Uwe Schmidt' Subject: RE: Swat Authorization problem w/PAM Hello, Thanks for your response. If I change the permissions to 666 I can edit the smb.conf from swat logged in as a NT domain user. I'm Hoping for a better solution. I also tried creating a 'root' account on my NT domain....No luck. Thanks, Joe -----Original Message----- From: Jens Uwe Schmidt [mailto:j.schmidt@extracom.de] Sent: Tuesday, October 23, 2001 12:00 PM To: Kroboth, Joe Subject: AW: Swat Authorization problem w/PAM Hi, I assume, swat uses unix accounts. May be, you can use acccounts validated on your NT Box but then swat isn't allowed to manipulate the smb.conf file. For a short try, you can give smb.conf the rights rw-rw-rw- and try if it works with a user validated from the NT-Box, but switch back to the original rights (rw-r--r--, owner and group root) and try to login to swat as root, validated by your redhat-box. Otherwise everyone can fiddle around in your smb.conf and get himself rights to mount any smb-share! Maybe you can add an account "root" on the NT-Server with the same pwd as on the redhat box, but this is still another ugly workaround. Bye JUS > -----Urspr?ngliche Nachricht----- > Von: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]Im Auftrag von Kroboth, Joe > Gesendet: Dienstag, 23. Oktober 2001 17:39 > An: 'samba-ntdom@lists.samba.org' > Betreff: Swat Authorization problem w/PAM > > > Hello, > > Installed the binary RPM > (http://de.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/7.1/) for samba > 2.2.2 on my redhat 7.1 server. I got winbind to work and my > samba server is > now using NT usernames and groups. I was very unsure about how modify the > pam.d files. The only file I changed was the /etc/pam.d/samba file. I > pulled this configuration from another mail post. > > /etc/pam.d/samba-------------------------------------- > > auth required /lib/security/pam_securetty.so > auth required /lib/security/pam_nologin.so > auth sufficient /lib/security/pam_winbind.so > auth required /lib/security/pam_pwdb.so use_first_pass > shadow nullok > account required /lib/security/pam_winbind.so > session required /lib/security/pam_pwdb.so > password required /lib/security/pam_pwdb.so > > ----------------------------------------------------------------- > > This seems to work fine for all but SWAT. > > I am able to log into swat using a NT domain name and password > (DOMAIN+name > and password) but I do not have full access to changing the config file. > When I try to log in as root I receive an authorization failure. > > Hoping someone could point me in the right direction. > > Thanks > > Joe > > > Joe Kroboth > IT Director > Chernay Printing, Inc > 7483 South Main Street > PO BOX 199 > Coopersburg, PA 18036 > 610.282.3774 EXT 113 > 610.282.2982 FAX > joe_kroboth@chernay.com > www.chernay.com > > > From Scott.Mann at lefthandnetworks.com Tue Oct 23 10:45:07 2001 From: Scott.Mann at lefthandnetworks.com (Scott Mann) Date: Tue Dec 2 02:36:31 2003 Subject: Swat Authorization problem w/PAM References: <36B7C8AFF80DD311B8C200105ACAFC7D2AFB57@ftp.chernay.com> Message-ID: <3BD5AD63.8CB128DF@lefthandnetworks.com> "Kroboth, Joe" wrote: > > Hello, > > Installed the binary RPM > (http://de.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/7.1/) for samba > 2.2.2 on my redhat 7.1 server. I got winbind to work and my samba server is > now using NT usernames and groups. I was very unsure about how modify the > pam.d files. The only file I changed was the /etc/pam.d/samba file. I > pulled this configuration from another mail post. > > /etc/pam.d/samba-------------------------------------- > > auth required /lib/security/pam_securetty.so > auth required /lib/security/pam_nologin.so > auth sufficient /lib/security/pam_winbind.so > auth required /lib/security/pam_pwdb.so use_first_pass > shadow nullok > account required /lib/security/pam_winbind.so > session required /lib/security/pam_pwdb.so > password required /lib/security/pam_pwdb.so > Hi Joe, I believe that RH 7.1 uses the centralized /etc/pam.d/system-auth file. You can set you /etc/pam.d/samba file to mimic /etc/pam.d/login or the like. Here's my /etc/pam.d/samba auth required /lib/security/pam_nologin.so auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth The pam_stack.so module invokes the specified service (system-auth in this case which means that you must have a /etc/pam.d/system-auth file). Here's my /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so debug auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok auth required /lib/security/pam_deny.so account required /lib/security/pam_winbind.so #account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow nis password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Note the pam_windbind entries and the auth pam_unix entry with the "use_first_pass" argument. You could probably replace the pam_unix stuff with pam_pwdb if you prefer that. Anyway, this configuration works for me using swat and, in particular, correctly authenticates local/nis users vs. domain users. Hope this helps. Scott > ----------------------------------------------------------------- > > This seems to work fine for all but SWAT. > > I am able to log into swat using a NT domain name and password (DOMAIN+name > and password) but I do not have full access to changing the config file. > When I try to log in as root I receive an authorization failure. > > Hoping someone could point me in the right direction. > > Thanks > > Joe > > Joe Kroboth > IT Director > Chernay Printing, Inc > 7483 South Main Street > PO BOX 199 > Coopersburg, PA 18036 > 610.282.3774 EXT 113 > 610.282.2982 FAX > joe_kroboth@chernay.com > www.chernay.com From joe_kroboth at chernay.com Tue Oct 23 10:59:03 2001 From: joe_kroboth at chernay.com (Kroboth, Joe) Date: Tue Dec 2 02:36:31 2003 Subject: Swat Authorization problem w/PAM Message-ID: <36B7C8AFF80DD311B8C200105ACAFC7D2AFB5A@ftp.chernay.com> Hi Scott, That did the trick. Thanks for your help! Joe -----Original Message----- From: Scott Mann [mailto:Scott.Mann@lefthandnetworks.com] Sent: Tuesday, October 23, 2001 1:48 PM To: Kroboth, Joe Cc: 'samba-ntdom@lists.samba.org' Subject: Re: Swat Authorization problem w/PAM "Kroboth, Joe" wrote: > > Hello, > > Installed the binary RPM > (http://de.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/7.1/) for samba > 2.2.2 on my redhat 7.1 server. I got winbind to work and my samba server is > now using NT usernames and groups. I was very unsure about how modify the > pam.d files. The only file I changed was the /etc/pam.d/samba file. I > pulled this configuration from another mail post. > > /etc/pam.d/samba-------------------------------------- > > auth required /lib/security/pam_securetty.so > auth required /lib/security/pam_nologin.so > auth sufficient /lib/security/pam_winbind.so > auth required /lib/security/pam_pwdb.so use_first_pass > shadow nullok > account required /lib/security/pam_winbind.so > session required /lib/security/pam_pwdb.so > password required /lib/security/pam_pwdb.so > Hi Joe, I believe that RH 7.1 uses the centralized /etc/pam.d/system-auth file. You can set you /etc/pam.d/samba file to mimic /etc/pam.d/login or the like. Here's my /etc/pam.d/samba auth required /lib/security/pam_nologin.so auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth The pam_stack.so module invokes the specified service (system-auth in this case which means that you must have a /etc/pam.d/system-auth file). Here's my /etc/pam.d/system-auth: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so debug auth sufficient /lib/security/pam_unix.so use_first_pass likeauth nullok auth required /lib/security/pam_deny.so account required /lib/security/pam_winbind.so #account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow nis password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so Note the pam_windbind entries and the auth pam_unix entry with the "use_first_pass" argument. You could probably replace the pam_unix stuff with pam_pwdb if you prefer that. Anyway, this configuration works for me using swat and, in particular, correctly authenticates local/nis users vs. domain users. Hope this helps. Scott > ----------------------------------------------------------------- > > This seems to work fine for all but SWAT. > > I am able to log into swat using a NT domain name and password (DOMAIN+name > and password) but I do not have full access to changing the config file. > When I try to log in as root I receive an authorization failure. > > Hoping someone could point me in the right direction. > > Thanks > > Joe > > Joe Kroboth > IT Director > Chernay Printing, Inc > 7483 South Main Street > PO BOX 199 > Coopersburg, PA 18036 > 610.282.3774 EXT 113 > 610.282.2982 FAX > joe_kroboth@chernay.com > www.chernay.com From paula at scripps.edu Tue Oct 23 13:28:14 2001 From: paula at scripps.edu (Paula J. Lindsay) Date: Tue Dec 2 02:36:31 2003 Subject: a quick Message-ID: In WINNT4 how is the entry "EnablePlainTextPassword"=dword:00000001 entered? As a string or binary value, what is the name assigned to that value and what is the value, =dword:00000001??? Many thanks in advance for any help. Paula --*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* o The Paula J. Lindsay, Systems Analyst / Research Computing, TPC21 o Scripps phone: 858.784.9378 \ fax: 858.784.9301 o Research email: paula@scripps.edu / o Institute From anderson at centtech.com Tue Oct 23 13:43:15 2001 From: anderson at centtech.com (Eric Anderson) Date: Tue Dec 2 02:36:31 2003 Subject: a quick References: Message-ID: <3BD5D601.6271BA6F@centtech.com> Save this to a file called something.reg, double click, "ok", and reboot. REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters] "EnablePlainTextPassword"=dword:00000001 "Paula J. Lindsay" wrote: > > In WINNT4 how is the entry "EnablePlainTextPassword"=dword:00000001 > entered? As a string or binary value, what is the name assigned to that > value and what is the value, =dword:00000001??? > Many thanks in advance for any help. > Paula > > --*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* > o The Paula J. Lindsay, Systems Analyst > / Research Computing, TPC21 > o Scripps phone: 858.784.9378 > \ fax: 858.784.9301 > o Research email: paula@scripps.edu > / > o Institute -- ------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology # rm -rf /bin/laden ------------------------------------------------------------- From jmcd at us.ibm.com Tue Oct 23 13:49:02 2001 From: jmcd at us.ibm.com (Jim McDonough) Date: Tue Dec 2 02:36:31 2003 Subject: a quick Message-ID: If you're talking about the NT4_PlainPassword.reg file, you can just "execute" it, and NT will update the entry for you. If you want to do it yourself, the name of the value is "EnablePlainTextPassword", the type is REG_DWORD, and the value is 1. ---------------------------- Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA jmcd@us.ibm.com Phone: (207) 885-5565 IBM tie-line: 776-9984 "Paula J. Lindsay" @lists.samba.org on 10/23/2001 04:32:04 PM Sent by: samba-ntdom-admin@lists.samba.org To: samba-ntdom@lists.samba.org cc: Subject: a quick In WINNT4 how is the entry "EnablePlainTextPassword"=dword:00000001 entered? As a string or binary value, what is the name assigned to that value and what is the value, =dword:00000001??? Many thanks in advance for any help. Paula --*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* o The Paula J. Lindsay, Systems Analyst / Research Computing, TPC21 o Scripps phone: 858.784.9378 \ fax: 858.784.9301 o Research email: paula@scripps.edu / o Institute From carlz at clinlogic.com Tue Oct 23 14:13:54 2001 From: carlz at clinlogic.com (Carl Zaldivar) Date: Tue Dec 2 02:36:31 2003 Subject: I found your company on Centerwatch, will you pls participate in my survey. Message-ID: <1277568-220011022321205184@clinlogic.com> I’m conducting a web survey (8 questions) regarding a software application for Clinical Trials Project Management. I will be happy to share the results with you if you participate. All feedback is useful, thus if you can forward the survey link to anyone you feel can contribute, I would greatly appreciate it. The survey is located at http://www.clinlogic.com\survey.asp?survey=865 Thanks again Carl Zaldivar Director of Marketing ClinLogic, Inc. (310) 921-6025 x12 carlz@clinlogic.com From rickera2 at SLU.EDU Tue Oct 23 14:17:36 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:31 2003 Subject: Samba NIC Failover Message-ID: <3BD5DE9C.77379346@slu.edu> All, If samba is on a server with two NIC cards, can samb.conf be configured to use the other NIC if one goes down? Can this be done at the server level? Or does this have to me dealt with at the network level (i.e. load balance)? Cheers all, Tony ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From Aaron.Meyer at BakerHughes.com Tue Oct 23 14:24:10 2001 From: Aaron.Meyer at BakerHughes.com (Meyer, Aaron) Date: Tue Dec 2 02:36:31 2003 Subject: winbind Message-ID: <1F77B6E019F9D211826700805F15B5E706DDEDB8@CENCOKISS01.bakerhughes.com> If I recall correctly there is only one Samba Team developer that is a member of this list. All the others moved to the main SAMBA list. Check the list history as to their reasons. The support here is predominantly user based. Aaron Meyer -----Original Message----- From: Arnold Andrews X-324-4292 [mailto:aandrews@eng.okla.seagate.com] Sent: Tuesday, October 23, 2001 11:02 AM To: samba-ntdom@lists.samba.org; chris.bamford@ntli.net Subject: Re: winbind On Date: Mon, 15 Oct 2001 09:59:34 +0100, Chris Bamford Wrote: > Hi All, > > Last week I posted a question about winbind on Solaris and > have heard nothing; am I posting to the wrong list? If so, > where should I ask this question? > > Thanks, > > -- Chris Yes, I know what you mean. I could not even get it to compile on Solaris (8) unless I used the following option: ./configure --with-winbind=no What about it Samba Team? Is winbind supported or going to be supported on Solaris? Thanks, Arnold Andrews From chlige at home.com Tue Oct 23 14:54:30 2001 From: chlige at home.com (George Chlipala) Date: Tue Dec 2 02:36:31 2003 Subject: pdb_getsampwrid Failure. Message-ID: <3BD5E742.1090209@home.com> I'm having trouble joining a Win2k pro machine to a Samba 2.2.2 domain with a LDAP backend. I have a user add script defined which is working. I can also logon to the Samba via root. When try to add the domain I use root as the admin login and I get the following message on the Win2k machine. "The specified user does not exist." And here is the last two log messages in the samba log for the machine. [2001/10/23 16:33:00, 0, effective(0, 0), real(0, 0)] passdb/pdb_ldap.c:pdb_getsampwrid(750) We don't find this rid [1400] count=0 [2001/10/23 16:33:01, 2, effective(0, 0), real(0, 0)] smbd/server.c:exit_server(458) Closing connections It seems to be looking for a RID of 1400. Why would it be doing that? I believe that this call is what is causing the domain joining to fail. - George chlige at home dot com From tbartos at tombartos.com Tue Oct 23 14:56:05 2001 From: tbartos at tombartos.com (Tom Bartos) Date: Tue Dec 2 02:36:31 2003 Subject: Samba NIC Failover References: <3BD5DE9C.77379346@slu.edu> Message-ID: <000701c15c0d$d0438260$1a01a8c0@sandrine> Typicall NIC Failover is accomplished thru "teaming" software, provided by the vendor of the NIC card. I have seen Intel pro 10/100 and compaq NIC cards teamed. Go to the vendor of your NIC card(s) and find out if they offer teaming software for their NIC cards. ----- Original Message ----- From: "Tony Ricker" To: "Samba" ; "Samba NT-Dom" Sent: Tuesday, October 23, 2001 2:18 PM Subject: Samba NIC Failover > All, > If samba is on a server with two NIC cards, can samb.conf be > configured to use the other NIC if one goes down? Can this be done at > the server level? Or does this have to me dealt with at the network > level (i.e. load balance)? > > Cheers all, > > Tony > ------------------------------- > Tony Ricker > Technology Coordinator > SLUCare - P.M.O. > St. Louis University > Phone: 314.977.6844 > E-mail: rickera2@slu.edu > ------------------------------- > "In the beginners mind, there > are many possibilities. In the > experts mind, there are few" > - Shunryu Suzuki > ------------------------------- > "Think Different" > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > From aoclarit at kiwi.dhs.org Tue Oct 23 16:05:06 2001 From: aoclarit at kiwi.dhs.org (alex) Date: Tue Dec 2 02:36:31 2003 Subject: just testing my mailfilter..please disregard Message-ID: <023b01c15c17$4231d5d0$104231a2@Alex2k> -------------- next part -------------- HTML attachment scrubbed and removed From aandrews at eng.okla.seagate.com Tue Oct 23 17:20:02 2001 From: aandrews at eng.okla.seagate.com (Arnold Andrews X-324-4292) Date: Tue Dec 2 02:36:31 2003 Subject: Success compiling 2.2.2 with Winbind on Solaris 8 Message-ID: <200110240019.TAA15290@ocosdrc01.eng.okla.seagate.com> Hello, My apologies to the Samba team! It is possible to compile Samba 2.2.2 with Winbind on Solaris 8. After downloading, compiling, and installing the GCC compiler (version 3.0.1), I was successful at compiling the 2.2.2 release without having to disable the winbind feature. It failed for me before using the Sun C compiler version 4.2. Not only did the GCC compiler do a better job the the Sun compiler considering that the Sun compiler wouldn't do it, but the GCC compiler is FREE, just like Samba! I still have yet to attempt to configure and use winbind, and I'm not actually sure I even want to yet, but it is nice to know that it is there for me to try when I am. Regards, Arnold Andrews MCAD/UNIX Systems Administrator Seagate Technology, LLC > Delivered-To: samba-ntdom@lists.samba.org > From: Arnold Andrews X-324-4292 > Subject: Re: winbind > To: samba-ntdom@lists.samba.org, chris.bamford@ntli.net > MIME-Version: 1.0 > Content-MD5: MRFax3eGOMk1R0iC+j3gpw== > X-BeenThere: samba-ntdom@lists.samba.org > X-Mailman-Version: 2.0.6 > List-Help: > List-Post: > List-Subscribe: , > List-Id: Using Samba with Windows NT domains > List-Unsubscribe: , > List-Archive: > X-Original-Date: Tue, 23 Oct 2001 11:01:55 -0500 (CDT) > Date: Tue, 23 Oct 2001 11:01:55 -0500 (CDT) > > On Date: Mon, 15 Oct 2001 09:59:34 +0100, Chris Bamford Wrote: > > > Hi All, > > > > Last week I posted a question about winbind on Solaris and > > have heard nothing; am I posting to the wrong list? If so, > > where should I ask this question? > > > > Thanks, > > > > -- Chris > > > Yes, I know what you mean. I could not even get it to compile on Solaris (8) > unless I used the following option: > > > ./configure --with-winbind=no > > > What about it Samba Team? Is winbind supported or going to be supported on > Solaris? > > Thanks, > > Arnold Andrews > > From akopps at CSUA.Berkeley.EDU Tue Oct 23 17:33:13 2001 From: akopps at CSUA.Berkeley.EDU (Akop Pogosian) Date: Tue Dec 2 02:36:31 2003 Subject: Success compiling 2.2.2 with Winbind on Solaris 8 In-Reply-To: <200110240019.TAA15290@ocosdrc01.eng.okla.seagate.com> Message-ID: <20011023172654.Q69838-100000@soda.csua.berkeley.edu> On Tue, 23 Oct 2001, Arnold Andrews X-324-4292 wrote: > Hello, > > My apologies to the Samba team! It is possible to compile Samba 2.2.2 with > Winbind on Solaris 8. After downloading, compiling, and installing the GCC > compiler (version 3.0.1), I was successful at compiling the 2.2.2 release > without having to disable the winbind feature. It failed for me before using > the Sun C compiler version 4.2. Not only did the GCC compiler do a better job > the the Sun compiler considering that the Sun compiler wouldn't do it, but the > GCC compiler is FREE, just like Samba! > Granted, the Sun C compiler is known to optimize code for UltraSPARC* processors much better than gcc. Also, gcc still has issues compiling 64-bit sparc code on Solaris while Sun's cc did it well for years (starting with version 5.0) I have compiled compiled older Samba versions with Sun's cc with no problems, so may be, it's just winbind code that wasn't tested with other compilers yet.. -akop From doverbey at att.com Tue Oct 23 19:22:21 2001 From: doverbey at att.com (Overbey, Alfred D (Dudley), ALCOO) Date: Tue Dec 2 02:36:31 2003 Subject: Assistance with a problem Message-ID: I have an NT and UNIX network where Samba is used for file and print sharing (an old version of Samba - 1.9.18p10). My problem is that I have a Win2K client that can connect to NT shares without any problems, when I attempts to connect to the Samba share the following messages is provided: "System error 121 has occurred - the semaphore timeout period has expired". I tried TechNet to no avail. Does any body have any ideas? Thanks doverbey@att.com From Leong at nti.infomal.com.my Tue Oct 23 21:54:03 2001 From: Leong at nti.infomal.com.my (Tai Kee Leong) Date: Tue Dec 2 02:36:31 2003 Subject: Unable to decompress samba-2.2.2.tar.gz Message-ID: Dear all, I'm totally new to unix environment and I dont know anything about unix. I downloaded samba-2.2.2.tar.gz but I dont know how to unzip it. The following command was used the error messages. [root@singa public]# gunzip samba-2.2.2.tar.gz | tar xfvzp samba-2.2.2.tar.gz gunzip: samba-2.2.2.tar.gz has more than one entry -- unchanged gzip: stdin has more than one entry--rest ignored tar: 308 garbage bytes ignored at end of archive tar: Child returned status 2 tar: Error exit delayed from previous errors What could have go wrong? Please advice, thank you. Leong From kunathma at pilot.msu.edu Tue Oct 23 23:06:02 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:31 2003 Subject: Unable to decompress samba-2.2.2.tar.gz In-Reply-To: from "Tai Kee Leong" at Oct 24, 2001 12:51:50 pm Message-ID: <200110240605.f9O65Vv48614@pilot13.cl.msu.edu> try tar zxvpf smaba....... > > Dear all, > > I'm totally new to unix environment and I dont know anything about unix. I > downloaded samba-2.2.2.tar.gz but I dont know how to unzip it. The following > command was used the error messages. > > [root@singa public]# gunzip samba-2.2.2.tar.gz | tar xfvzp > samba-2.2.2.tar.gz > gunzip: samba-2.2.2.tar.gz has more than one entry -- unchanged > gzip: stdin has more than one entry--rest ignored > tar: 308 garbage bytes ignored at end of archive > tar: Child returned status 2 > tar: Error exit delayed from previous errors > > What could have go wrong? Please advice, thank you. > > Leong > > From eelco at nexus.com.na Wed Oct 24 00:01:34 2001 From: eelco at nexus.com.na (Eelco Vriezekolk) Date: Tue Dec 2 02:36:31 2003 Subject: Unable to decompress samba-2.2.2.tar.gz References: Message-ID: <3BD663AF.1020000@nexus.com.na> Tai Kee Leong wrote: > [root@singa public]# gunzip samba-2.2.2.tar.gz | tar xfvzp > samba-2.2.2.tar.gz I guess the first 'gunzip' made you end up with a .tar file. Just doing tar xfv samba-2.2.2.tar should work. If you still have a .gz file, then do tar xfvzp samba-2.2.2.tar.gz The 'z' option already unzips the file; 'gunzip' unzips the file and removes the '.gz' extension, without producing any useful data on stdout to be piped into tar. What could have worked is zcat samba-2.2.tar.gz | tar xfvp - Also, it is better not do unpack and compile software as 'root'. Just use your normal login, and become root only for the final 'make install'. Hope this helps, -- Nexus Consultants cc, Eelco Vriezekolk Phone: +264 61 252345 AOL IM: "vriezekolk" Fax: +264 61 250392 Mobile: +264 81 2495182 From seyad at jet.es Wed Oct 24 01:29:10 2001 From: seyad at jet.es (Elsa Nwanry) Date: Tue Dec 2 02:36:31 2003 Subject: Is possible to MAP USER GROUPS? Message-ID: <000b01c15c66$24b6bda0$627c243e@flanders> It's a simple cuestion but I can't answer right by myself reading this list. 1) I've compiled 2.2.1a (few months ago) and it's working at production level. 2) Windows 2k Professional shows UNIX groups, but them seems to be "dummy groups" since permissions (at group level) doesn't works 3) I use Windows 2k only as my "workstation". All the workstations (at production level) are Win9x, and they doesn't show more than "Domain Admins" and "Domain Users" for "funtional prupose" (as NT4 user manager shows when you attach it to a SAMBA 2.2.x PDC) So ... Can 2.2.1a/2.2.2 MAP USER GROUPS for share pruposes? Sorry for my "free english" ______________________________ Elsa Nwanry System Administrator SeyAD From Michael.Keightley at quadstone.com Wed Oct 24 02:39:05 2001 From: Michael.Keightley at quadstone.com (Michael.Keightley@quadstone.com) Date: Tue Dec 2 02:36:31 2003 Subject: problems sharing print drivers between NT4 and W2K Message-ID: <200110240939.f9O9dkCu016050@gromit.quadstone.co.uk> When I setup HP Laserjet 4050TN printers in Samba-2.2.2 on NT it sets up the printers correctly in the print$ share, adding an extra tray and duplex unit. When I add these printers on a NT4 machine as a normal domain user it picks up the extra trays ok, but if I add the printers to W2K machines there is no extra tray or duplex unit. Setting up the printer on a W2K machine and adding it to a W2K machine works, but similarly adding it to NT4 it looses the extra tray and duplex unit. This doesn't seem to happen with other types of HP printer (4000 and 4M+). Is there a problem with this printer driver? Should I be storing the print$ share in a separate directory for NT and W2K, i.e. add %a ?? [print$] comment = Printer Drivers path = /home/samba/%a/printers guest ok = yes read only = yes browseable = yes write list = @ntadmin,root -- Michael Keightley Tel: +44 131 240 3137 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From gbragante at incasgroup.it Wed Oct 24 02:59:05 2001 From: gbragante at incasgroup.it (Gianni Bragante) Date: Tue Dec 2 02:36:31 2003 Subject: Samba 2.2.2, Solaris 8, winbind Message-ID: > I am a newbie in the arguments in the subject and wishing to make some > test. > It is possible to use winbind on Solaris 8? > I have tried to follow steps in documentation for three days but I am > unable to came out of this stuff. > Has anybody succefully completed this task under Solaris 8? It there a > detailed task list somewere? > > Thanks > Gianni Bragante From ghost at uusikaupunki.net Wed Oct 24 03:45:02 2001 From: ghost at uusikaupunki.net (Juha Auvinen) Date: Tue Dec 2 02:36:31 2003 Subject: log.smbd Message-ID: Here is a clip from log.smbd. Does anyone know what causes this problem? Is samba run whit root permissions or not? [2001/10/23 22:47:03, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171) startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd. Error was Permission denied [2001/10/23 22:47:03, 0] passdb/pdb_smbpasswd.c:pdb_getsampwrid(1459) unable to open passdb database. Here is file permissions on the smbpasswd file: -rw------- 1 root root 6992 Oct 23 22:00 smbpasswd Any ideas anyone? -- Juha Auvinen Talinkorventie 11 c 80 20320 TURKU Handle Ghost Email: ghost@uusikaupunki.net Carpe Diem Lads! From lutz.westhaeusser at base-system.com Wed Oct 24 04:56:03 2001 From: lutz.westhaeusser at base-system.com (Lutz Westhaeusser) Date: Tue Dec 2 02:36:32 2003 Subject: log.smbd In-Reply-To: References: Message-ID: <01102413571200.10588@manchester> Which permisions does the directory have? greetings Lutz Am Mittwoch, 24. Oktober 2001 12:45 schrieb Juha Auvinen: > Here is a clip from log.smbd. Does anyone know what causes this problem? > > Is samba run whit root permissions or not? > > > [2001/10/23 22:47:03, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171) > startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd. > Error was Permission denied > [2001/10/23 22:47:03, 0] passdb/pdb_smbpasswd.c:pdb_getsampwrid(1459) > unable to open passdb database. > > Here is file permissions on the smbpasswd file: > > -rw------- 1 root root 6992 Oct 23 22:00 smbpasswd > > Any ideas anyone? From ghost at uusikaupunki.net Wed Oct 24 05:01:05 2001 From: ghost at uusikaupunki.net (Juha Auvinen) Date: Tue Dec 2 02:36:32 2003 Subject: log.smbd In-Reply-To: <01102413571200.10588@manchester> Message-ID: On Wed, 24 Oct 2001, Lutz Westhaeusser wrote: > Which permisions does the directory have? > > greetings Lutz drwxr-xr-x 3 root root 4096 Oct 24 13:55 samba/ This is a new error in the logs, and there has been no changes in samba configuration.... > Am Mittwoch, 24. Oktober 2001 12:45 schrieb Juha Auvinen: > > Here is a clip from log.smbd. Does anyone know what causes this problem? > > > > Is samba run whit root permissions or not? > > > > > > [2001/10/23 22:47:03, 0] passdb/pdb_smbpasswd.c:startsmbfilepwent(171) > > startsmbfilepwent_internal: unable to open file /etc/samba/smbpasswd. > > Error was Permission denied > > [2001/10/23 22:47:03, 0] passdb/pdb_smbpasswd.c:pdb_getsampwrid(1459) > > unable to open passdb database. > > > > Here is file permissions on the smbpasswd file: > > > > -rw------- 1 root root 6992 Oct 23 22:00 smbpasswd > > > > Any ideas anyone? > -- Juha Auvinen Talinkorventie 11 c 80 20320 TURKU Handle Ghost Puh 0400-976272 http://atsilnx.uusikaupunki.net Email: ghost@iki.fi ghost@uusikaupunki.net juha.auvinen@vskol.uusikaupunki.fi juha.auvinen@levi.fi Carpe Diem Lads! From jolt at nicholasofmyra.org Wed Oct 24 06:12:05 2001 From: jolt at nicholasofmyra.org (Joseph) Date: Tue Dec 2 02:36:32 2003 Subject: Assistance with a problem References: Message-ID: <3BD6BE36.7010900@nicholasofmyra.org> You need to update your Samba to 2.2.x if you are using Win2k. Overbey, Alfred D (Dudley), ALCOO wrote: >I have an NT and UNIX network where Samba is used for file and print sharing >(an old version of Samba - 1.9.18p10). My problem is that I have a Win2K >client that can connect to NT shares without any problems, when I attempts >to connect to the Samba share the following messages is provided: "System >error 121 has occurred - the semaphore timeout period has expired". I tried >TechNet to no avail. Does any body have any ideas? > >Thanks >doverbey@att.com > From pm278 at cam.ac.uk Wed Oct 24 06:14:16 2001 From: pm278 at cam.ac.uk (Paul Miller) Date: Tue Dec 2 02:36:32 2003 Subject: WIN98 not seeing shares Message-ID: <000e01c15c8d$b4860270$cfb26f83@pc231> Hi My Win98 and WinMill clients do not see our samba shares (samba machine does not show up in net neighbourhood). NT4 clients can browse the shares with no problem. Has anyone any ideas as to why this is happening ? portion of smb.conf......... [global] workgroup = domain_xx netbios name = STAR interfaces = xxx.xxx.xxx.29/24 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes password server = SERVER1,SERVER2,SERVER3, debug level = 2 name resolve order = wins lmhosts host bcast domain admin group = ntadmin domain logons = Yes os level = 0 wins server = xxx.xxx.xxx.xxx admin users = admins hosts allow = localhost 127.0.0.1 star xxx.xxx.xxx.xxx [root] comment = Solaris root path = / browseable = No [share] path = /path/to/share/share valid users = @group1,@group2 writeable = Yes Thanks In advance From pm278 at cam.ac.uk Wed Oct 24 06:19:02 2001 From: pm278 at cam.ac.uk (Paul Miller) Date: Tue Dec 2 02:36:32 2003 Subject: WIN98 not seeing shares Message-ID: <000f01c15c8e$5e703d50$cfb26f83@pc231> Hi My Win98 and WinMill clients do not see our samba shares (samba machine does not show up in net neighbourhood). NT4 clients can browse the shares with no problem. Has anyone any ideas as to why this is happening ? I'm using Smaba 2.0.7 portion of smb.conf......... [global] workgroup = domain_xx netbios name = STAR interfaces = xxx.xxx.xxx.29/24 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes password server = SERVER1,SERVER2,SERVER3, debug level = 2 name resolve order = wins lmhosts host bcast domain admin group = ntadmin domain logons = Yes os level = 0 wins server = xxx.xxx.xxx.xxx admin users = admins hosts allow = localhost 127.0.0.1 star xxx.xxx.xxx.xxx [root] comment = Solaris root path = / browseable = No [share] path = /path/to/share/share valid users = @group1,@group2 writeable = Yes Thanks In advance From aandrews at eng.okla.seagate.com Wed Oct 24 07:04:13 2001 From: aandrews at eng.okla.seagate.com (Arnold Andrews X-324-4292) Date: Tue Dec 2 02:36:32 2003 Subject: Unable to decompress samba-2.2.2.tar.gz Message-ID: <200110241403.JAA22596@ocosdrc01.eng.okla.seagate.com> Hi, The problem is that you are trying to use gunzip into a pipe. The behavior of gunzip as you are trying to use is would result in a file called samba-2.2.2.tar. On the next command, you could then untar the result. Another method that is sort of an "all in one" would be to use the "gnu" zcat to the pipe as you tried. Here are 2 different examples on how you can do it: method 1: gunzip samba-2.2.2.tar.gz tar xvf samba-2.2.2.tar method 2: //zcat samba-2.2.2.tar.gz | tar xvf - Hope that helpls, Arnold Andrews > Dear all, > > I'm totally new to unix environment and I dont know anything about unix. I > downloaded samba-2.2.2.tar.gz but I dont know how to unzip it. The following > command was used the error messages. > > [root@singa public]# gunzip samba-2.2.2.tar.gz | tar xfvzp > samba-2.2.2.tar.gz > gunzip: samba-2.2.2.tar.gz has more than one entry -- unchanged > gzip: stdin has more than one entry--rest ignored > tar: 308 garbage bytes ignored at end of archive > tar: Child returned status 2 > tar: Error exit delayed from previous errors > > What could have go wrong? Please advice, thank you. > > Leong > From greg at kwikfind.com Wed Oct 24 07:39:05 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:32 2003 Subject: WIN98 not seeing shares In-Reply-To: <000e01c15c8d$b4860270$cfb26f83@pc231> Message-ID: What version of Samba are you using. I ran into this problem a couple of months back with a CVS of Samba 2.2.2(pre). With Samba 2.2.1a, Win98 could see all machines in the domain, but when I switched to 2.2.2(pre) it was like it was on the network all by it's self. I posted the issue here, but didn't see it really go anywhere. We don't have a Win98 sys on our network any longer, so I can't report if Samba 2.2.2 release fixed the problem or not. Is anyone else having a problem with WIn 98 and Samba 2.2.2? Greg > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Paul Miller > Sent: Wednesday, 24 October 2001 6:14 AM > To: samba-ntdom@lists.samba.org > Subject: WIN98 not seeing shares > > > Hi > > My Win98 and WinMill clients do not see our samba shares (samba > machine does > not show up in net neighbourhood). NT4 clients can browse the > shares with no > problem. > > Has anyone any ideas as to why this is happening ? > > portion of smb.conf......... > > [global] > workgroup = domain_xx > netbios name = STAR > interfaces = xxx.xxx.xxx.29/24 > bind interfaces only = Yes > security = DOMAIN > encrypt passwords = Yes > password server = SERVER1,SERVER2,SERVER3, > debug level = 2 > name resolve order = wins lmhosts host bcast > domain admin group = ntadmin > domain logons = Yes > os level = 0 > wins server = xxx.xxx.xxx.xxx > admin users = admins > hosts allow = localhost 127.0.0.1 star xxx.xxx.xxx.xxx > > [root] > comment = Solaris root > path = / > browseable = No > > [share] > path = /path/to/share/share > valid users = @group1,@group2 > writeable = Yes > > Thanks In advance > > > > > From ariel at jusbaires.gov.ar Wed Oct 24 09:01:36 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:32 2003 Subject: Problems Listing Users References: Message-ID: <00c301c15ca4$e9fabc40$1a3ca8ac@jusbaoires.gov.ar> Hi J.F! We have seen you comitted some changes related to sam on Sunday. Do you know if we can just overwrite the files you changed on the 2.2.2 tree or do we have to checkout the current tree and compile it? Do you recommend this for a production server? We don?t care if this is a "beta" release, since we have the "100+ are invisible" problem... Has anyone tested this? Any comments? ----- Original Message ----- From: "Jean Francois Micouleau" To: "Jim Jarvie" Cc: "Ariel Mella" ; ; Sent: Friday, October 19, 2001 2:56 PM Subject: Re: Problems Listing Users > > > On Fri, 19 Oct 2001, Jim Jarvie wrote: > > > Following up my earlier message regarding the list problem, I have now > > re-tried the user list with samba re-compiled for 10 users per block. > > This does indeed give me 20 entries in the list (18 users + 2 domain > > groups), so it appears only 2 blocks are being sent to Win98, hence the > > incomplete list I am experiencing. > > good. > > > Where do we go from here ? Should I submit any more detailed debug logs > > to help track this problem down ? > > No that's fine. I just have to fire up by vmware win98 session to debug > it. Will do that this week end. Thanks for the report. > > J.F. > > > > From barroca at dcc.ufmg.br Wed Oct 24 09:31:46 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:32 2003 Subject: Problems with trust relationship and machine accounts In-Reply-To: Message-ID: On Mon, 22 Oct 2001, Leonardo Luiz Padovani da Mata wrote: > let em explain my problem: on my network there is a PDC and a BDC,and there is a trust relationship bettween these two. so, when a workstation try to print to my linux workstation,it's TILT! i'd like to know if there is some way to make workstations that take password of the PDC (NT), print in a linux share ? if it is not possible, if there is a way to create a machine account for the linux box. tell me some links that show this problem. Leonardo From barroca at dcc.ufmg.br Wed Oct 24 09:32:38 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:32 2003 Subject: Printing to a share In-Reply-To: Message-ID: hi all..... 1.my new linux box use the last rpm version for redhat (2.2). my machine is listed in the domain but i can't see the printer in the add new printer tool of the winNT. what is wrong? 2.when i try to add the machine account in the domain i got this problem? smbpasswd -j PBH-C -r s36-prodabel.pbh -U administrator Unknown parameter encountered: ~domain controller~ ignoring unknown parameter ~domain controller~ Password: Error connecting to s36-prodabel.pbh Unable to join domain PBH-C. what is wrong? Leonardo From gerard.larance at aldeavision.com Wed Oct 24 10:03:05 2001 From: gerard.larance at aldeavision.com (=?iso-8859-1?Q?G=E9rard_Larance?=) Date: Tue Dec 2 02:36:32 2003 Subject: Domain member problem Message-ID: I have a Linux Red Hat 7.1 server with samba 2.0.7 and I want to use it to share files in my NT domain. So I need to add my Linux box in my NT domain. I have followed the explanation that I found in the "DOMAIN_MEMBER.txt for Samba release 2.2.0-alpha2 30 Jan 2001" information file made by Jeremy Allison. I made the folder that I want to share. I have filled the /etc/hosts file. Everything seems to work because I can see my Linux box in the network neighbourhood from a win2k pro workstation. But when I try to get in the shared folder after a long while I have the following message: \\mylinuxboxnetbiosname is not accessible The network path was not found I think I have forgot something but at this time I do not know what is it. Thx for your help. mailto:gerard.larance@aldeavision.com Tel : 514-344-5432 #3435 Fax : 514-344-5439 From bkingsolver at ltgc.com Wed Oct 24 14:00:03 2001 From: bkingsolver at ltgc.com (Benjamin Kingsolver) Date: Tue Dec 2 02:36:32 2003 Subject: Print properties not available as user Message-ID: <3BD72BD5.1020104@ltgc.com> All, I have a Samba 2.2.1a on Linux domain controller for a domain with about 30 printers. Some of these printers are HP 8100 printers with "mailboxes", or multiple output trays, attached. When a user is a member of the domain, they are not able to change the printer options as they are greyed out. Meaning, they cannot choose which mailbox to print to. I gave a test user the "manage document" right which prevented printer from installing. The user can change properties if he has full control of the printer. I would rather not give the users administrative rights. Is there a setting I can change to allow them to control some of the local properties? Here is the printers section of my smb.conf: [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = Yes printable = Yes print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. lpq command = lpstat -o %p lprm command = cancel %p-%j browseable = No I can provide other sections if necessary. Suggestions? Directions on where to look if this is not a Samba problem? Thanks. /Benjamin Kingsolver/ Linux Network Administrator Land Title Guarantee Company From schleter at engr.utk.edu Wed Oct 24 17:06:01 2001 From: schleter at engr.utk.edu (Will Schleter) Date: Tue Dec 2 02:36:32 2003 Subject: smbcacls Message-ID: <3BD8CC1A@webmail.utk.edu> Anybody know, does this command support wildcards for the filename as its NT counterpart (cacls) does? I can get it to work for a single file, but not for wildcards. Will Schleter Instructor, Engineering Fundamentals Instructor wschleter@utk.edu 865-974-9810 From simon.skill at workingmouse.com Wed Oct 24 17:11:02 2001 From: simon.skill at workingmouse.com (Simon Skill) Date: Tue Dec 2 02:36:32 2003 Subject: Syncing passwords between Windows and Linux/samba Message-ID: <51B234EF8BDBD211833D00508B551C191A5AE3@WHISKERS> Hi all, Apologies if this is a dumb question, I'm a Samba newbie. I have tried to find the answer by searching the archives but it's hard to pick search terms that work. I have a Redhat 7.1 box ("A") connecting to a Windows NT server ("B") using smbfs. Our users have a working directory on each machine. They need to mount the folder on B into a folder in their home directory on A. I have done this easily enough using automount. Each user has the same username on both boxes. In their home directory on A, there is a file called credentials that lists the username and password of their account on on B. This is used by mount/automount so that the NT password does not have to be entered when the machine boots up, or when the user accesses the mounted B-folder on A. This setup is working fine, each user can get into their mounted directory with no problems. The issue I have though, is that when they change their password on the NT server (every 45 days or so), the authentication stored in the credentials file will be out-of-date, and they won't be able to mount the directory. I want to avoid them manually changing the file, and also avoid using a script that they would need to run. Is there another option? Can the unix and NT accounts be synced somehow, so that it doesn't matter what their password is on B, they can still mount it to A? I think I need to mention that I'm not running A as a Samba server, it is only running the client tools. Thanks, Simon Simon Skill Systems Administrator simon.skill@workingmouse.com Workingmouse.com Pty Ltd Phone (07) 3369 1933 45 Railway Terrace Fax (07) 3369 1704 Milton, Queensland 4064 www.workingmouse.com Workingmice Onsite PC, Internet and Networking Solutions - Phone 1800 171 444 www.workingmice.com.au ---------- IMPORTANT NOTICE REGARDING CONFIDENTIALITY Opinions contained in this e-mail do not necessarily reflect the opinions of Workingmouse.com. This electronic mail message is intended only for the addressee and may contain confidential information. If you are not the addressee, you are notified that any transmission, distribution or dissemination of this e-mail is strictly prohibited. The confidentiality attached to this e-mail is not waived, lost or destroyed by reasons of a mistaken delivery to you. If you have received this message in error please notify the sender of this message. Any warranty implied in this message is excluded. From andreas.kauffmann at tzdan.de Wed Oct 24 23:05:02 2001 From: andreas.kauffmann at tzdan.de (Kauffmann, Andreas) Date: Tue Dec 2 02:36:32 2003 Subject: Problem installing Printer Message-ID: Hello everybody out there! I got a problem to connect to a samba printer from the client. Everytime I want to install the printer, the client PC asks for a driver, and then when I want to feed it with the driver from the HPLJ2100CD it says tha the driver is not the correct one. Can anybody help me? Thanks! Andreas PS: Please answer on my email adress andreas.kauffmann@tzdan.de because I?m currently not subscribed (traffic) From Daniel.Moeller at de.bosch.com Thu Oct 25 01:11:04 2001 From: Daniel.Moeller at de.bosch.com (Moeller Daniel (QI/CCE2-SI) *) Date: Tue Dec 2 02:36:32 2003 Subject: AW: Samba NIC Failover Message-ID: <1121C3ABCA53C945B821A821CDD67F62F683D0@simail21.desi2.bosch.com> Hi Tony, a simple approach will be to configure both NICs and configure Samba to use both cards. DNS can be used to assign IP addresse of both NICs to one host name. If one NIC fails the other one will still be running. Another one could be a little script which is run by cron and tries to ping another machine in the LAN or ping the default router. If the ping fails it can make a second ping to make sure it's not that one IP device down. If the second ping fails too, the script can unconfigure the first NIC and bring up the second NIC. My 2c. Kind regards, Danny -----Urspr?ngliche Nachricht----- Von: Tony Ricker [mailto:rickera2@SLU.EDU] Gesendet: Dienstag, 23. Oktober 2001 23:18 An: Samba; Samba NT-Dom Betreff: Samba NIC Failover All, If samba is on a server with two NIC cards, can samb.conf be configured to use the other NIC if one goes down? Can this be done at the server level? Or does this have to me dealt with at the network level (i.e. load balance)? Cheers all, Tony ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From rognvik at tele.ntnu.no Thu Oct 25 01:24:05 2001 From: rognvik at tele.ntnu.no (Egil Rognvik) Date: Tue Dec 2 02:36:32 2003 Subject: Samba 2.2.2, printing. Message-ID: <5.0.0.25.2.20011025100956.00ba35d0@129.241.2.10> I am not able to upload printer drivers to my Samba 2.2.2 server. I can install printer drivers locally logged into 2000 as root, but the server only saves the printer driver name, not the driver itself. I have a 'printers' directory, 'printers/W32X86' and 'printers/WIN40'. The directories are empty, and I get no error messages. I am also not able to install NT 4.0 drivers. The APW keeps asking for the Server CD-ROM for NT. It is not satisfied with the drivers I try to install, even the simplest ones, like QMS-PS 810. This means I cannot install new printers on NT 4.0 PC's, I can only only the old ones. What am I doing wrong, what am I missing here? (Printing worked OK with Samba 2.0.7) Egil Rognvik ---------------------------------------------------------------------- Egil Rognvik E-mail: egil.rognvik@tele.ntnu.no Instrumenttjenesten, http://www.tele.ntnu.no/users/rognvik Teleteknikk Telefon: +47 73 59 14 23 NTNU Fax: +47 73 59 76 40 From atsyber at ifrance.com Thu Oct 25 01:26:03 2001 From: atsyber at ifrance.com (Sylvain) Date: Tue Dec 2 02:36:32 2003 Subject: Print properties not available as user References: <3BD72BD5.1020104@ltgc.com> Message-ID: <3BD7CCE0.4070009@ifrance.com> I think only administrator can do it ! Sylvain.B. Benjamin Kingsolver wrote: > All, > > I have a Samba 2.2.1a on Linux domain controller for a domain with > about 30 printers. Some of these printers are HP 8100 printers with > "mailboxes", or multiple output trays, attached. When a user is a > member of the domain, they are not able to change the printer options > as they are greyed out. Meaning, they cannot choose which mailbox to > print to. I gave a test user the "manage document" right which > prevented printer from installing. The user can change properties if > he has full control of the printer. I would rather not give the users > administrative rights. Is there a setting I can change to allow them > to control some of the local properties? Here is the printers section > of my smb.conf: > > [printers] > comment = All Printers > path = /var/spool/samba > create mask = 0700 > guest ok = Yes > printable = Yes > print command = lpr-cups -P %p -o raw %s -r # using client side > printer drivers. > lpq command = lpstat -o %p > lprm command = cancel %p-%j > browseable = No > > I can provide other sections if necessary. > > Suggestions? Directions on where to look if this is not a Samba problem? > > Thanks. > > /Benjamin Kingsolver/ > Linux Network Administrator > Land Title Guarantee Company > > > > From osl at fast.no Thu Oct 25 02:14:03 2001 From: osl at fast.no (olaf slazak =?ISO-8859-1?Q?l=F8ken?=) Date: Tue Dec 2 02:36:32 2003 Subject: Printing in Samba 2.2.X Message-ID: <3BD7D7E2.7020309@fast.no> There have been a lot of Q about printing in Samba 2.2.2 Here a my settings for printing in a NT 4 domain. I use Windows AWK to modify and install drivers for NT4 and Windows 2000 and XP. It works.. (Thanks Samba Team ! ) smb.conf [global] workgroup = XXXX netbios name = XXXX server string = Print Server for Fast Oslo hosts allow = 192.168. 127. load printers = yes log file = /var/log/samba/log.%m max log size = 50 debug level = 0 security = domain password server = * ( if you use windbind ) encrypt passwords = no socket options = TCP_NODELAY local master = no wins server = 192.168.1.xxxx dns proxy = no client code page=850 include = /etc/samba/smb.conf.%h smb.conf.xxxxx [global] interfaces = 192.168.0.118/21 printer admin = @ntadmin (user allowed to modify and install drivers on Samba server) printing = cups #============================ Share Definitions ============================== [homes] comment = Home Directories browseable = no writeable = yes [print$] path = /var/spool/samba/printers show add printer wizard = yes write list = @ntadmin,osl browseable = yes read only = yes [printers] comment = All Printers path = /var/spool/samba # guest ok = Yes ( if you want to use banner with nt-user name don't use guest user.) printable = Yes write list = @ntadmin print command = /usr/bin/lp -d%p -oraw %s; rm %s lpq command = /usr/bin/lpstat -o%p lprm command = /usr/bin/cancel %p-%j queuepause command = /usr/bin/disable %p queueresume command = /usr/bin/enable %p ===========================================================> If you have any Q please send me a mail and I try to help as best as I can. -- -- Olaf S L?ken Mail: Olaf.S.Loken@fast.no Senior System Administrator Web: http://www.fastsearch.com/ Fast Search & Transfer ASA Phone: +47 23 01 12 49 P.O. Box 1677 Vika Fax: +47 23 01 12 01 NO-0120 Oslo, NORWAY Mob: +47 48 01 12 49 Try FAST Search: http://alltheweb.com From mh at bacher.at Thu Oct 25 03:39:13 2001 From: mh at bacher.at (Martin Hofbauer) Date: Tue Dec 2 02:36:32 2003 Subject: winbind / nss_winbind with Solaris with large amout of uses/groups Message-ID: <00db01c15d41$63513b90$9b4d180a@bacher.at> hi all ! I have compiled Samba 2.2.2 for Solaris 7 ( Solaris 8 also ) but found out that the "nss_winbind" support is available in source-code, but not after compilation. The neccessary entries in the Makefile after "configre" are missing !! Why ? I have got it to run and it works fine with a small amout of groups. But deploying this samba/winbind version to a Windows network with more than 3000 user and more than 200 groups gives following result: "getent passwd" works fin, also adding "winbind" to /etc/nsswitch.conf and looking through the windows-users owned files is ok ! "getent group" takes about 20 sek, than the first group "Domain Admins" is printed out, but NO OTHER groups/information is seen. ( no other 199 groups are listed) I have notices that the next group will be "Domain User" with this 3000 Users ! I have noticed also that there are performance considurations/discussions with/about winbind. ( bringing winbind to Debug Level 4 or above shows a huge amout of "rpc_parsing" ... ) Do you have any idea to bring this under control (, Tim ) ? Thank you for every help Martin From virgo at azcher.kharkov.ua Thu Oct 25 05:34:02 2001 From: virgo at azcher.kharkov.ua (Virgo) Date: Tue Dec 2 02:36:32 2003 Subject: Samba-2.2.2 uses 100% of resources. Message-ID: <3BD8148B.8010503@azcher.kharkov.ua> Hi! Process smbd sometimes not respond and uses 100 % of resources of the processor. It is impossible to kill him. It's happens when logout Win2K Professional. As the process does not respond on kill -SIGKILL, kill -SIGQUIT , it is necessary to restart linux. Where can be a problem? Tnx. -- Registered Linux User #186627 ICQ UIN 50715669 E-Mail: mailto:virgo@azcher.kharkov.ua SMS: mailto:virgo@kyivstar.net Tel: +38(0572)194976 Fax: +38(0572)194905 From Manuela.Guandalini at sinnerschrader.com Thu Oct 25 05:39:03 2001 From: Manuela.Guandalini at sinnerschrader.com (Manuela.Guandalini@sinnerschrader.com) Date: Tue Dec 2 02:36:32 2003 Subject: (no subject) Message-ID: So... i decided to write, after reading a bunch of stuff and getting more and more confused. Please, don't blame me for asking. I have a Samba 2.2.2 PDC, a few Samba an NT Severs (not PDC), a lot of NT 4.0 and W2K clients. I'd like to use the usrmgr and the srvmgr on an NT workstation to change groups and domains on the PDC (Deb/2.4.10). I'd even like to be able to change group ownership to my unix directories/files when i'm their owner and can see the share on my NTexplorer. Does anybody have a recept, how to make it work? I don't understand if i need security=domains on the PDC, or on the other Servers hanging in the same domain.... or whatever. I don't understand if winbindd would help, since the PDC is a linux machine and not NT. And what is with ACL, do i really need it to be supported? I believe the real problem is, that i don't get this win stuff: it's all so unlogical!!! Thanks for recepts, examples, links to the right howtos and other help. ciao. manu. From joerg.haensel at web.de Thu Oct 25 05:42:02 2001 From: joerg.haensel at web.de (=?iso-8859-1?B?SvZyZyBI5G5zZWw=?=) Date: Tue Dec 2 02:36:32 2003 Subject: AW: Problems with samba 2.2.2 In-Reply-To: Message-ID: <000001c15d51$f7913f70$6802a8c0@sesamstrasse.de> Hello (Hallo), thanks for your quick help. As you wrote I tried to be more precise. > > I rebuilt the packages acl, acl-dev from oss.sgi.com and samba as debian > > packages. > > The ACLs and XFS seem work fine and pretty fast. > > This means that you can use 'chacl', 'getfacl', and 'setfacl' > correctly on an > XFS filesystem? > I have not much experience using ACLs but I tried some examples I found in different documents and they worked. I tested the behavior of writing to files and directories with different users. > User manager for domains is running on the NT server. I'm not > sure how it is > supposed to know about the groups you have assigned on the Samba > server. Does > 'getent group' show this user in your LOCAl 'smbdomadm' group? You can run User manager for domains on a NT Workstation as well. I thought that it is just like a frontend for specific RPC on the PDC. Since I listed "smbdomadm" in the "domain admin group" param in smb.conf I expect smbdomadm to be a GLOBAL group in my domain. (Sure, on the samba server it is local.) So the user "haenseladmin" is definitly member of the local unix group "smbdomadm" and of the global nt-group "smbdomadm". I hope I understood the difference between local and global groups in NT Domains. > > ACLs do not work: > > ----------------- > > When I use the ACL capable versions of samba the file security > dialog under > > Windows NT does not show the correct ACLs. > > I use Default ACLs. Perhaps this causes problems under windows NT. > > Please be more specific in how this is failing. Are you setting > ACLs in Samba > that are not reflected when you try 'getfacl'? Are you setting ACLs under > Linux that are not reflected when you look at them through the NT security > dialog? What is the ACL set for your directory? What is the > umask set as? An example: I am loggeg in at the samba server as "haenseladm" with following environment: unix umask 077 umask of samba share: create mask=0600, directory mask: 0700 groups: haenseladm (primary), smbdomadm (2nd) 1.) create a file in home haenseladmin@reno:~$ touch test haenseladmin@reno:~$ ls -l total 0 -rw------- 1 haensela haensela 0 Oct 25 12:30 test haenseladmin@reno:~$ getfacl test # file: test # owner: haenseladmin # group: haenseladmin user::rw- group::--- other::--- 2.) logged in at a Windows NT Client as haenseladm: The Seccurity Dialog in Windows Explorer says for the file "test": Everyone (O) (take ownership) ??? group haenseladmin (O) ??? haenseladmin (RW) OK. When I close the dialog with OK and list the file under unix I get the following: haenseladmin@reno:~$ ls -l test -rw-rwx--- 1 haensela haensela 0 Oct 25 12:30 test haenseladmin@reno:~$ getfacl test # file: test # owner: haenseladmin # group: haenseladmin user::rw- group::--- other::--- mask::rwx So suddenly the mask appears ! I am new to ACLs so I perhaps I understodd something wrong. I dont understand why the group is rwx with --- and mask rwx. I thougt that the mask is just for restricting group ownerships in die Access Control List and its Bits are ANDed to the group Bits and so the corresponding List should be: -rw------- 1 haensela haensela 0 Oct 25 12:30 test 3.) Again open the security dialog (Windows NT) and remove everyone and change permission of user/group "haenseladm" to full. Result: haenseladmin@reno:~$ ls -l total 4 -rwxrwx--- 1 haensela haensela 0 Oct 25 12:30 test haenseladmin@reno:~$ getfacl test # file: test # owner: haenseladmin # group: haenseladmin other::--- user::rwx group::rwx mask::rwx That seem to be OK. 4.) under unix: haenseladmin@reno:~$ su Password: reno:/home/haenseladmin# groupadd sambatest reno:/home/haenseladmin# usermod -G smbdomadm,sambatest haenseladmin reno:/home/haenseladmin# exit 5.) Logging in again as haenseladmin haenseladmin@reno:~$ groups haenseladmin smbdomadm sambatest 6.) At the NT Client: Add group "sambatest" with full access to the ACL of file "test" 7.) At Unix: haenseladmin@reno:~$ getfacl test # file: test # owner: haenseladmin # group: haenseladmin group:sambatest:rwx group::rwx user::rwx other::--- mask::rwx Seem to work as well. I will do some other tests. After the initial errors are fixed the ACL seem to work. But the NT ACL - Posix ACL mapping when creating a file seems to fail. Thanks a lot, Joerg From jtrostel at snapserver.com Thu Oct 25 07:22:04 2001 From: jtrostel at snapserver.com (jtrostel@snapserver.com) Date: Tue Dec 2 02:36:32 2003 Subject: AW: Problems with samba 2.2.2 In-Reply-To: <000001c15d51$f7913f70$6802a8c0@sesamstrasse.de> Message-ID: Guten Tag! (Ich kanne ein bischen deutsch) On 25-Oct-2001 Jörg Hänsel wrote: > Hello (Hallo), > thanks for your quick help. As you wrote I tried to be more precise. > >> > I rebuilt the packages acl, acl-dev from oss.sgi.com and samba as debian >> > packages. >> > The ACLs and XFS seem work fine and pretty fast. >> >> This means that you can use 'chacl', 'getfacl', and 'setfacl' >> correctly on an >> XFS filesystem? >> > I have not much experience using ACLs but I tried some examples I found in > different documents and they worked. I tested the behavior of writing to > files and directories with different users. Good.... first step is successful! >> User manager for domains is running on the NT server. I'm not >> sure how it is >> supposed to know about the groups you have assigned on the Samba >> server. Does >> 'getent group' show this user in your LOCAl 'smbdomadm' group? > > You can run User manager for domains on a NT Workstation as well. I thought > that it is just like a frontend for specific RPC on the PDC. Since I listed > "smbdomadm" in the "domain admin group" param in smb.conf I expect smbdomadm > to be a GLOBAL group in my domain. (Sure, on the samba server it is local.) > So the user "haenseladmin" is definitly member of the local unix group > "smbdomadm" and of the global nt-group "smbdomadm". > I hope I understood the difference between local and global groups in NT > Domains. Hmmm.... I'm sure not the one to ask about this. Seems like the user would only be in the local unix group smbdomadm. Is the Samba server also acting as the domain PDC? Then I can see the members of that group being in the global "Domain Admins" group. >> > ACLs do not work: >> > ----------------- >> > When I use the ACL capable versions of samba the file security >> dialog under >> > Windows NT does not show the correct ACLs. >> > I use Default ACLs. Perhaps this causes problems under windows NT. >> >> Please be more specific in how this is failing. Are you setting >> ACLs in Samba >> that are not reflected when you try 'getfacl'? Are you setting ACLs under >> Linux that are not reflected when you look at them through the NT security >> dialog? What is the ACL set for your directory? What is the >> umask set as? This is where it is interesting (and I think I can explain what's happening) (It looks like it is doing 'the right thing') > An example: > I am loggeg in at the samba server as "haenseladm" with following > environment: > unix umask 077 > umask of samba share: create mask=0600, directory mask: 0700 > groups: haenseladm (primary), smbdomadm (2nd) What is the default ACL on the directory which represents the share? > 1.) create a file in home > > haenseladmin@reno:~$ touch test > haenseladmin@reno:~$ ls -l > total 0 > -rw------- 1 haensela haensela 0 Oct 25 12:30 test OK... it created the file as would be expected. > haenseladmin@reno:~$ getfacl test ># file: test ># owner: haenseladmin ># group: haenseladmin > user::rw- > group::--- > other::--- And the ACLs reflect this. (What does 'chacl -l test say?) > > 2.) logged in at a Windows NT Client as haenseladm: > The Seccurity Dialog in Windows Explorer says for the file "test": > Everyone (O) (take ownership) ??? > group haenseladmin (O) ??? > haenseladmin (RW) OK. Yes... Samba is 'overloading' the 'take ownership' bit in NT to represent the no permissions '---' in group and other. 'Take ownership' permission is not supported in 'normal' linux/XFS. > When I close the dialog with OK and list the file under unix I get the > following: > haenseladmin@reno:~$ ls -l test > -rw-rwx--- 1 haensela haensela 0 Oct 25 12:30 test > haenseladmin@reno:~$ getfacl test ># file: test ># owner: haenseladmin ># group: haenseladmin > user::rw- > group::--- > other::--- > mask::rwx The 'ls -l' and the 'getfacl' results agree with one another. The mask ACL does get reset to 'rwx' by Samba. If a 'mask' ACL exists, it becomes the 'normal' group permission, if it doesn't exist, the group ACL functions as you would 'expect'. It's in the posix ACL specification. (And it's confusing) > So suddenly the mask appears ! I am new to ACLs so I perhaps I understodd > something wrong. I dont understand why the group is rwx with --- and mask > rwx. I thougt that the mask is just for restricting group ownerships in die > Access Control List and its Bits are ANDed to the group Bits and so the > corresponding List should be: > -rw------- 1 haensela haensela 0 Oct 25 12:30 test The permissions specified by the file class group permission bits correspond to the permissions associated with the GROUP_OBJ entry if no MASK entry exists, or with the MASK entry if the ACL contains a MASK entry. > 3.) Again open the security dialog (Windows NT) and remove everyone and > change permission of user/group "haenseladm" to full. > > Result: > haenseladmin@reno:~$ ls -l > total 4 > -rwxrwx--- 1 haensela haensela 0 Oct 25 12:30 test > haenseladmin@reno:~$ getfacl test ># file: test ># owner: haenseladmin ># group: haenseladmin > other::--- > user::rwx > group::rwx > mask::rwx > > That seem to be OK. Yes... although the 'ls -l' permissions are really reflecting rwx rwx --- owner mask other > 4.) under unix: > haenseladmin@reno:~$ su > Password: > reno:/home/haenseladmin# groupadd sambatest > reno:/home/haenseladmin# usermod -G smbdomadm,sambatest haenseladmin > reno:/home/haenseladmin# exit > > 5.) Logging in again as haenseladmin > haenseladmin@reno:~$ groups > haenseladmin smbdomadm sambatest > > 6.) At the NT Client: > Add group "sambatest" with full access to the ACL of file "test" > > 7.) At Unix: > haenseladmin@reno:~$ getfacl test ># file: test ># owner: haenseladmin ># group: haenseladmin > group:sambatest:rwx > group::rwx > user::rwx > other::--- > mask::rwx > > Seem to work as well. That's good, it's adding in the supplemental groups without problem. > I will do some other tests. After the initial errors are fixed the ACL seem > to work. But the NT ACL - Posix ACL mapping when creating a file seems to > fail. It's really working, except for the automatic creation of the mask by Samba. There's a reason for that.... I just don't remember why it was deemed necessary right now. > Thanks a lot, > Joerg Sure... -- John M. Trostel Senior Software Engineer Quantum Corp. / NASD jtrostel@snapserver.com From greg at kwikfind.com Thu Oct 25 07:27:07 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:32 2003 Subject: (no subject) In-Reply-To: Message-ID: > So... i decided to write, after reading a bunch of stuff and getting more > and more confused. Please, don't blame me for asking. > > I have a Samba 2.2.2 PDC, a few Samba an NT Severs (not PDC), a lot of NT > 4.0 and W2K clients. > I'd like to use the usrmgr and the srvmgr on an NT workstation to change > groups and domains on the PDC (Deb/2.4.10). > I'd even like to be able to change group ownership to my unix > directories/files when i'm their owner and can see the share on my > NTexplorer. > Does anybody have a recept, how to make it work? Although I've yet to try it yet, I believe the new windbindd service is what you are looking for. There are numerious posts on the mailing list archives about this topic. If you are interested in configuring winbind, I'd read the PDF howto collection, windbindd man pages, then scan the mailing list archives. Set it up and give it a try. Greg From Manuela.Guandalini at sinnerschrader.com Thu Oct 25 07:31:23 2001 From: Manuela.Guandalini at sinnerschrader.com (Manuela.Guandalini@sinnerschrader.com) Date: Tue Dec 2 02:36:32 2003 Subject: Forgot subject: usrmgr and srvmgr for Samba 2.2.2 PDC Message-ID: On 25.10.2001 14:38:12 samba-ntdom-admin wrote: > So... i decided to write, after reading a bunch of stuff and getting more > and more confused. Please, don't blame me for asking. > > I have a Samba 2.2.2 PDC, a few Samba an NT Severs (not PDC), a lot of NT > 4.0 and W2K clients. > I'd like to use the usrmgr and the srvmgr on an NT workstation to change > groups and domains on the PDC (Deb/2.4.10). > I'd even like to be able to change group ownership to my unix > directories/files when i'm their owner and can see the share on my > NTexplorer. > Does anybody have a recept, how to make it work? > I don't understand if i need security=domains on the PDC, or on the other > Servers hanging in the same domain.... or whatever. I don't understand if > winbindd would help, since the PDC is a linux machine and not NT. And what > is with ACL, do i really need it to be supported? > I believe the real problem is, that i don't get this win stuff: it's all so > unlogical!!! > Thanks for recepts, examples, links to the right howtos and other help. > ciao. > manu. > From S.Scheufen at ebv.com Thu Oct 25 08:04:02 2001 From: S.Scheufen at ebv.com (Scheufen Stephan) Date: Tue Dec 2 02:36:32 2003 Subject: Winbindd as deamon or in debug mode is a BIG difference ?!? Message-ID: Hello Folks, i discovered the following... i do as root: root:# cd /usr/local/samba/bin root:# ./winbindd root:# ./wbinfo -u ......error looking up domain users..... if i do as root: root:# cd /usr/local/samba/bin root:# ./winbindd -d 5 -i root:# ./wbinfo -u ...i get the complete list!!.... but i want to use the Winbindd as deamon in the background... What should i do?? has somebody a idea and can help me? (I?m running on a SuSE7.2) (Sorry that i?ve send to both lists...i?ve no idea which is the correct list) cheers Stephan > > Stephan Scheufen > EBV ELEKTRONIK > L?tscher Weg 66 - D-41334 Nettetal - Germany > Fon: +49-2153-733-315 - Fax: 310 - Mail: s.scheufen@ebv.com > From frederic.lebastard at strathom.com Thu Oct 25 08:20:06 2001 From: frederic.lebastard at strathom.com (Frederic Le Bastard) Date: Tue Dec 2 02:36:32 2003 Subject: Advanced user rights on a samba PDC Message-ID: Hello, Sorry for the crosspost on both lists. I've just finished to install a Linux RedHat 2.4.2 / Samba 2.2.1a server, which acts as a PDC server for about 30 windows 9X/NT/2000 clients. It works ok, but 2 problems remain, which I suspect to be bounded : 1) I can't start the user manager for domains on a Win NT4 workstation SP5 box, i have the following error message (translated form french to english :-) : "nonvalid symbolic link". It then prompts me to choose another domain to administer. 2) I'm installing Backup Exec 7.3 on a WinNT4 SP5 workstation. During the installation process, it prompts me for a username to start the services. If I select a domain admin account, Backup exec tries to assign it the following advanced NT right :"act as part of the operating system", in wich I suspect it doesn't succeed, giving me the error message : "failed to creat account". (I suspect it comes from the advanced rights, as long as the account already exists) And here is my question : how can I make thoses things work ? and is it possible to change advanced user right on a Samba PDC controller ? Thanks for your help Fred From mh at bacher.at Thu Oct 25 08:24:16 2001 From: mh at bacher.at (Martin Hofbauer) Date: Tue Dec 2 02:36:32 2003 Subject: winbind / nss_winbind with Solaris with large amout of uses/groups Message-ID: hi all ! I have compiled Samba 2.2.2 for Solaris 7 ( Solaris 8 also ) but found out that the "nss_winbind" support is available in source-code, but not after compilation. The neccessary entries in the Makefile after "configre" are missing !! Why ? I have got it to run and it works fine with a small amout of groups. But deploying this samba/winbind version to a Windows network with more than 3000 user and more than 200 groups gives following result: "getent passwd" works fin, also adding "winbind" to /etc/nsswitch.conf and looking through the windows-users owned files is ok ! "getent group" takes about 20 sek, than the first group "Domain Admins" is printed out, but NO OTHER groups/information is seen. ( no other 199 groups are listed) I have notices that the next group will be "Domain User" with this 3000 Users ! I have noticed also that there are performance considurations/discussions with/about winbind. ( bringing winbind to Debug Level 4 or above shows a huge amout of "rpc_parsing" ... ) Do you have any idea to bring this under control (, Tim ) ? Thank you for every help Martin ------------------------------------------------------------------- Martin Hofbauer IT-Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- From abo at netlands.de Thu Oct 25 08:30:16 2001 From: abo at netlands.de (Andreas Boeckler) Date: Tue Dec 2 02:36:32 2003 Subject: users vs. domain users Message-ID: <20011025173103.A1056@netlands.de> Hi, there are many stupid windows-programs, that require main/prime User-privileges (in german "Hauptbenutzer") to perform certain tasks or to even start ( e.g Adobe GoLive to display the Help, Ulead PhotoImpact to start). Unfortunately Samba, acting as PDC, gives all users the normal user-Privilege, if they are not in the Domain Admin Group. Is there any way to get around this, without giving everybody the admin privileges on WIN2k-Clients? Thanks in advance Andreas Boeckler -- Andreas B?ckler netlands edv consulting GbR mailto:abo@netlands.de From DavidB at mail.interclean.com Thu Oct 25 08:54:02 2001 From: DavidB at mail.interclean.com (David Brodbeck) Date: Tue Dec 2 02:36:32 2003 Subject: Samba NIC Failover Message-ID: nmbd will complain bitterly about the extra responses it's seeing to broadcast queries if you do this. -----Original Message----- From: Moeller Daniel (QI/CCE2-SI) * [mailto:Daniel.Moeller@de.bosch.com] Sent: Thursday, October 25, 2001 4:10 AM To: 'Tony Ricker'; Samba; Samba NT-Dom Subject: AW: Samba NIC Failover Hi Tony, a simple approach will be to configure both NICs and configure Samba to use both cards. DNS can be used to assign IP addresse of both NICs to one host name. If one NIC fails the other one will still be running. From sarunas at vtex.lt Thu Oct 25 09:11:11 2001 From: sarunas at vtex.lt (Sarunas) Date: Tue Dec 2 02:36:32 2003 Subject: Space in smb.conf parameter value References: <20011025173103.A1056@netlands.de> Message-ID: <3BD839D7.5090503@vtex.lt> Hello. How do you put, for example, 'Domain Admins' group into valid users = ...? (Samba 2.2.2 --with-winbind.) Thanks, -- Sarunas Burdulis Head Electronic Publishing, VTEX Ltd. sarunas@vtex.lt Office +370 2 729609, GSM +370 98 24498 From damed92 at hotmail.com Thu Oct 25 10:27:11 2001 From: damed92 at hotmail.com (Ed Dam) Date: Tue Dec 2 02:36:32 2003 Subject: Samba Print Server? Message-ID: Hello everyone. I am setting up a print server using Samba 2.2.1a. I need to know how to get the print drivers (Win9x, Winnt, Win2k) to the server so clients can download/install them. I have set up the [print$] share in smb.conf. I have created all the proper directories (W32X86, etc..) under the print$ share and given them read/write permissions. I keep reading that I have to add a "add printer command =" line to the smb.conf, but I can't find ANYTHING as to what this command is? Can anyone help me? What value should I put in for the Add Command = parameter? Thanks In Advance.. Edward J. Dam Network Administrator Dana Canada, Inc. -------------- next part -------------- HTML attachment scrubbed and removed From damed92 at hotmail.com Thu Oct 25 10:27:27 2001 From: damed92 at hotmail.com (Ed Dam) Date: Tue Dec 2 02:36:32 2003 Subject: Samba Print Server? Message-ID: Hello everyone. I am setting up a print server using Samba 2.2.1a. I need to know how to get the print drivers (Win9x, Winnt, Win2k) to the server so clients can download/install them. I have set up the [print$] share in smb.conf. I have created all the proper directories (W32X86, etc..) under the print$ share and given them read/write permissions. I keep reading that I have to add a "add printer command =" line to the smb.conf, but I can't find ANYTHING as to what this command is? Can anyone help me? What value should I put in for the Add Command = parameter? Thanks In Advance.. Edward J. Dam Network Administrator Dana Canada, Inc. -------------- next part -------------- HTML attachment scrubbed and removed From Manuela.Guandalini at sinnerschrader.com Thu Oct 25 10:33:16 2001 From: Manuela.Guandalini at sinnerschrader.com (Manuela.Guandalini@sinnerschrader.com) Date: Tue Dec 2 02:36:32 2003 Subject: Forgot subject: usrmgr and srvmgr for Samba 2.2.2 PDC Message-ID: On 25.10.2001 17:17:38 Scheufen Stephan wrote: > Hi Manu, > go for the samba 2.2.2. > look then into ../docs/htmldocs/winbind.htm > there you find a very (!) good recept to setup what you want. > additional to that you need to use a ACL capable filesystem like XFS or > EXT2/3. Anyhow you must patch the kernel to support ACLs. > > the mailinglist has a mail her where you can see some URLs about ACLs. > Just look...;-) > > regards > Stephan Hi Stephan, thank u for your answer. I've been reading this howtos many many times already and always get confused on many points: a) What does the option security have to do with all this? Should i use security = domain on my PDC too, or should i just use it on other servers, which join the same domain? b) My passwds are doubled (/etc/passwd because of nis, and /etc/samba/smbpasswd because of samba) on the PDC. How am i supposed to join the DOMPDC through `smbpasswd -j DOM -r DOMPDC -Uadministrator%password`, if i use 'security = domain' on the PDC??? Does it mean, that a PDC always has 'security=users' set? c) Who the heck is the (samba) administrator if not root??? The option 'domain admin group' didn't help that much.... d) How should i use the winbind deamon, if i have no NT PDC? I read somewhere (forgot where), that it just works to translate NT policies into linux, but not on reverse. Is it true? I'm just getting crazy trying to figure out, which is the role of 'security = domain', which the one of winbindd, and how they interact. ACL makes it all more complicated, but i believe u are right when u say, i need it setted up. I sure already read, that the regular kernel needs a patch. I'll take care of that. (But 'nt acl support = no' must be set against W2K sp2!!!). Uff. Not so easy, ain't it? I just heard, that i will get testing machines to figure this all out. If it will work, i'll write a recept (i love recepts: step by step help) to the list. Hope i make it. Thanks again. ciao manu From ken at sdd.hp.com Thu Oct 25 10:40:05 2001 From: ken at sdd.hp.com (Ken Stone) Date: Tue Dec 2 02:36:32 2003 Subject: Issue with 2.2.2 latest bits (most likely printing ?) Message-ID: <200110251740.KAA00126@hpsdlz.sdd.hp.com> I am seeing the following repeated over and over in my log.smbd file [2001/10/22 14:13:21, 0, pid=5728, effective(0, 1), real(0, 0)] lib/util_sec.c:(76) Failed to set uid privileges to (-1,-2) now set to (0,0) [2001/10/22 14:13:21, 0, pid=5728, effective(0, 1), real(0, 0)] lib/util.c:(1053) PANIC: failed to set uid It started after I set up printing to handle driver distribution ... I have the printing stuff working for the most part ... driver distribution and installation works fine but there appears to still be a problem actually printing do auto installed devices (no problem if driver installed locally and just pointed at port \\hpsdlz\ljepg, etc) .... Where should I look ? Thanks -- Ken From Programing at nib.si Thu Oct 25 10:47:05 2001 From: Programing at nib.si (Damir Dezeljin) Date: Tue Dec 2 02:36:33 2003 Subject: SAMBA and Mail client Message-ID: <001101c15d7d$543502e0$0100a8c0@win2k> Dear all, I'm going to set-up an server with SAMBA file sharing and Cyrus-IMAP server which use the same user/pass database (LDAP). Is it posible to use an Windows logon username and password for a mail client? If it is posible, which client suport this and how to set-up the clients? Lp, Dezo ______________ Damir Dezeljin, Korte 67, 6310 Izola, Slovenia Tel: +386 (0)5 642 03 31; MailTo: Dezo@nib.si -------------- next part -------------- HTML attachment scrubbed and removed From Programing at nib.si Thu Oct 25 10:57:08 2001 From: Programing at nib.si (Damir Dezeljin) Date: Tue Dec 2 02:36:33 2003 Subject: FW: SAMBA and Mail client Message-ID: <001a01c15d7e$ab443140$0100a8c0@win2k> Dear all, I'm going to set-up an server with SAMBA file sharing and Cyrus-IMAP server which use the same user/pass database (LDAP). Is it posible to use an Windows logon username and password for a mail client? If it is posible, which client suport this and how to set-up the clients? Lp, Dezo ______________ Damir Dezeljin, Korte 67, 6310 Izola, Slovenia Tel: +386 (0)5 642 03 31; MailTo: Dezo@nib.si From pietro.regis at darts.it Thu Oct 25 11:05:06 2001 From: pietro.regis at darts.it (Pietro Regis) Date: Tue Dec 2 02:36:33 2003 Subject: Problems using samba as a PDC Message-ID: Hi, We are trying to use samba as a PDC, and we have the following problem. We have a NT Server PDC, but it's a very old machine, so we want to substitute it with a Linux Server runnig samba as a PDC. All the user's profiles are stored locally on the NT Clients, and we don't want to use roaming profiles. The Linux Server is correctly configured as a PDC, it uses samba 2.2.1a and has the same name and the same IP Address of the NT Server. When we shut down the NT Server and start the Linux Server, all the NT Clients fail when a user tries to log into the domain, and we see the following error: The system cannot log you on to this domain because the system's computer account in its primary is missing or the password on that account is invalid We succeed in logging into the domain only if we execute the following operations: we log into the NT Client locally as administrator; we successfully join to a dummy workgroup and restart the PC; we log into the NT Client as administrator; we successfully join to the domain and restart the PC. The problem is that if we execute these steps, when an user log into the NT machines he has assigned the default profile, and not the local profile he has when we use the NT Server as a PDC. Any suggestions? Thanks in advance. From aoclarit at kiwi.dhs.org Thu Oct 25 11:27:03 2001 From: aoclarit at kiwi.dhs.org (Alex) Date: Tue Dec 2 02:36:33 2003 Subject: Problems using samba as a PDC References: Message-ID: <012701c15d82$a9d9cf00$104231a2@Alex2k> did you add the NT-machine accounts to the samba-PDC in the /etc/passwd and /etc/samba/smbpasswd files ? ----- Original Message ----- From: "Pietro Regis" To: Sent: Thursday, October 25, 2001 11:05 AM Subject: Problems using samba as a PDC > Hi, > We are trying to use samba as a PDC, and we have the following problem. > > We have a NT Server PDC, but it's a very old machine, so we want to > substitute it with a Linux Server runnig samba as a PDC. > All the user's profiles are stored locally on the NT Clients, and we don't > want to use roaming profiles. > The Linux Server is correctly configured as a PDC, it uses samba 2.2.1a and > has the same name and the same IP Address of the NT Server. > When we shut down the NT Server and start the Linux Server, all the NT > Clients fail when a user tries to log into the domain, and we see the > following error: > > The system cannot log you on to this domain because the system's computer > account in its primary is missing or the password on that account is invalid > > We succeed in logging into the domain only if we execute the following > operations: > we log into the NT Client locally as administrator; > we successfully join to a dummy workgroup and restart the PC; > we log into the NT Client as administrator; > we successfully join to the domain and restart the PC. > > The problem is that if we execute these steps, when an user log into the NT > machines he has assigned the default profile, and not the local profile he > has when we use the NT Server as a PDC. > > Any suggestions? > > Thanks in advance. > > > > > From aandrews at eng.okla.seagate.com Thu Oct 25 13:43:02 2001 From: aandrews at eng.okla.seagate.com (Arnold Andrews X-324-4292) Date: Tue Dec 2 02:36:33 2003 Subject: problem: win2k (re)joining domain Message-ID: <200110252042.PAA13520@ocosdrc01.eng.okla.seagate.com> Hi, I recently upgraded from 2.2.1a to 2.2.2 on Solaris 8. I don't know whether it was related, but I noticed that I could no longer browse computers within the "Microsoft Windows Networking" section of the "Entire Network" under "My Network Places". Puzzled as to what may have caused this, I decided to leave the domain by switching from being a member of the domain to being a workgroup member. When I still couldn't browse other computers I decided to uninstall the "Microsoft Networking Client". After I reinstalled the client, I could again see the computers as before. Now when I attempt to switch back to being a member of the domain, I get an error message saying: The following error occurred attempting to join the domain "ocomcad": The credentials supplied conflict with an existing set of credentials. I have seen this particular error message referenced in the mail list over and over again several times. I know that it means that there is already a connection to the resource as another user then the one being attempted with. The problem is that I don't have any drives mapping to it at all so I don't know why I am getting the conflict. When I check the status with SWAT it does show an "IPC$" share being done. How can I remove the "IPC$" connection so that I don't get a conflict when I attempt to rejoin the domain? I thought it might possibly be a service pack 2 issue, so I rolled back to SP1 with no success. I still get the same error. Now I have even uninstalled 2.2.2 and put back 2.2.1a and I still have the problem. Any help would be greatly appreciated. Regards, Arnold Andrews MCAD/UNIX Systems Administrator Seagate Technology, LLC From samba at denverdata.com Thu Oct 25 15:38:06 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:33 2003 Subject: Problems using samba as a PDC In-Reply-To: <012701c15d82$a9d9cf00$104231a2@Alex2k> Message-ID: > did you add the NT-machine accounts to the samba-PDC in the > /etc/passwd and > /etc/samba/smbpasswd files ? > While these are required steps, they may not be sufficient to fix the problem. See below. > > > > > We succeed in logging into the domain only if we execute the following > > operations: > > we log into the NT Client locally as administrator; > > we successfully join to a dummy workgroup and restart the PC; > > we log into the NT Client as administrator; > > we successfully join to the domain and restart the PC. > > > > The problem is that if we execute these steps, when an user log into the > NT > > machines he has assigned the default profile, and not the local > profile he > > has when we use the NT Server as a PDC. > > > > Any suggestions? > > > > Thanks in advance. > > > Background Each account in a domain, machine or user, and the domain itself, has a unique identifier, or SID (similar to unix uid). The domain SID is part of all the user and machine account SIDs in a domain, and these SIDs get stored in a domain users profile (the parts of the registry that are user specific). If, as you have explained, you simply shutdown your NT PDC and started samba as a PDC, there is now guarantee that the samba PDC will have the same domain SID as your NT PDC. This is why you could have the same user in your NT PDC and your samba PDC, but when they logon they get a different profile. I hope I explained that well enough. Here's a suggestion: *** COMPLETELY UNTESTED *** USE AT YOUR OWN RISK *** 1. Determine the domain SID of your NT PDC (try this from your linux box "rpcclient -c "lsaquery" -W ). The SID should look something like S-1-5-21-3720025594-2811526445-1635277529. 2. In your samba configuration directory is a file named MACHINE.SID, and it will have a similar SID value in it. Make a backup copy of the MACHINE.SID file. 3. Replace the existing SID in MACHINE.SID with the one from the NT PDC. 4. Shutdown NT PDC and start samba PDC 5. Add your machine and user accounts to Samba PDC 6. Try logging in as a domain user and see if the existing locally stored profile is used. If the existing local profile is still not being used, check your samba logs for messages like "cannot find rid []". RIDs are the unique part of an accounts SID -- the set of digits after the domain SID. The account RID and the profile RID must match in order for your existing local profiles to be used. Unfortunately, if you are storing accounts in smbpasswd, I do not know how you can change an accounts RID (Does samba use the uid?) Good luck, take it slow, and keep posting to the list (someone must have tried this before), Doug From sysadmin at igicom.com Thu Oct 25 16:18:03 2001 From: sysadmin at igicom.com (Nelson Yip) Date: Tue Dec 2 02:36:33 2003 Subject: (no subject) Message-ID: <006b01c15dac$b330ea50$9865fea9@ny1> -------------- next part -------------- HTML attachment scrubbed and removed From sysadmin at igicom.com Thu Oct 25 16:19:01 2001 From: sysadmin at igicom.com (Nelson Yip) Date: Tue Dec 2 02:36:33 2003 Subject: help Message-ID: <007001c15dac$c44c5720$9865fea9@ny1> -------------- next part -------------- HTML attachment scrubbed and removed From gary at edisoninfo.com Thu Oct 25 16:25:01 2001 From: gary at edisoninfo.com (Gary MacKay) Date: Tue Dec 2 02:36:33 2003 Subject: Linux, Samba, and Macintosh's Message-ID: <3BD89F73.C32C0A99@edisoninfo.com> OK, I was just about to bring a new samba server online to replace an ageing Novell server, when a student walks up and says, Kool, but will I still be able to connect with my Macintosh? "D*^n, I forgot about them" I says. Before I get rode out of town, does anyone know how to connect them to samba? I've seen in the kernel where I can compile in the AppleTalk protocol, but I've never used it, and have no idea if it will play nicely with samba. Any ideas? Gary From greg at kwikfind.com Thu Oct 25 16:29:03 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:33 2003 Subject: Linux, Samba, and Macintosh's In-Reply-To: <3BD89F73.C32C0A99@edisoninfo.com> Message-ID: Gary, Yes you can. A VERY good and nearly turnkey solution for doing this can be found in SME5.0 Linux. www.e-smith.org then downloads. Greg Zartman > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Gary MacKay > Sent: Thursday, 25 October 2001 4:26 PM > To: samba-ntdom@lists.samba.org > Subject: Linux, Samba, and Macintosh's > > > OK, I was just about to bring a new samba server online to replace an > ageing Novell server, when a student walks up and says, Kool, but will I > still be able to connect with my Macintosh? "D*^n, I forgot about them" > I says. Before I get rode out of town, does anyone know how to connect > them to samba? I've seen in the kernel where I can compile in the > AppleTalk protocol, but I've never used it, and have no idea if it will > play nicely with samba. > > Any ideas? > > Gary > > > From gary at edisoninfo.com Thu Oct 25 16:37:02 2001 From: gary at edisoninfo.com (Gary MacKay) Date: Tue Dec 2 02:36:33 2003 Subject: Linux, Samba, and Macintosh's References: Message-ID: <3BD8A246.93B7C72F@edisoninfo.com> Thanks Greg! Do I read the site right tho, that looks like a whole linux distro of it's own. That means I'd have to blow away everything I've done so far and load this version of linux? - Gary Greg Zartman wrote: > > Gary, > > Yes you can. A VERY good and nearly turnkey solution for doing this can be > found in SME5.0 Linux. www.e-smith.org then downloads. > > Greg Zartman > > > -----Original Message----- > > From: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Gary MacKay > > Sent: Thursday, 25 October 2001 4:26 PM > > To: samba-ntdom@lists.samba.org > > Subject: Linux, Samba, and Macintosh's > > > > > > OK, I was just about to bring a new samba server online to replace an > > ageing Novell server, when a student walks up and says, Kool, but will I > > still be able to connect with my Macintosh? "D*^n, I forgot about them" > > I says. Before I get rode out of town, does anyone know how to connect > > them to samba? I've seen in the kernel where I can compile in the > > AppleTalk protocol, but I've never used it, and have no idea if it will > > play nicely with samba. > > > > Any ideas? > > > > Gary > > > > > > From matthew at arts.usyd.edu.au Thu Oct 25 16:50:08 2001 From: matthew at arts.usyd.edu.au (Matthew Geier) Date: Tue Dec 2 02:36:33 2003 Subject: Linux, Samba, and Macintosh's References: <3BD8A246.93B7C72F@edisoninfo.com> Message-ID: <3BD8A551.2E859CF8@arts.usyd.edu.au> Gary MacKay wrote: > > Thanks Greg! Do I read the site right tho, that looks like a whole linux > distro of it's own. That means I'd have to blow away everything I've > done so far and load this version of linux? http://netatalk.sourceforge.net/ Installing NetAtalk would be some what simpler. :-) -- Matthew Geier matthew@arts.usyd.edu.au Arts IT Unit +61 2 9351 4713 Sydney University -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 2004 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011025/0a51b311/smime.bin From greg at kwikfind.com Thu Oct 25 16:53:03 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:33 2003 Subject: Linux, Samba, and Macintosh's In-Reply-To: <3BD8A246.93B7C72F@edisoninfo.com> Message-ID: That's right. It is a complete Linux distro.... Would require that a separate machine run as you PDC. Greg > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Gary MacKay > Sent: Thursday, 25 October 2001 4:38 PM > To: samba-ntdom@lists.samba.org > Subject: Re: Linux, Samba, and Macintosh's > > > Thanks Greg! Do I read the site right tho, that looks like a whole linux > distro of it's own. That means I'd have to blow away everything I've > done so far and load this version of linux? > > - Gary > > > Greg Zartman wrote: > > > > Gary, > > > > Yes you can. A VERY good and nearly turnkey solution for doing > this can be > > found in SME5.0 Linux. www.e-smith.org then downloads. > > > > Greg Zartman > > > > > -----Original Message----- > > > From: samba-ntdom-admin@lists.samba.org > > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Gary MacKay > > > Sent: Thursday, 25 October 2001 4:26 PM > > > To: samba-ntdom@lists.samba.org > > > Subject: Linux, Samba, and Macintosh's > > > > > > > > > OK, I was just about to bring a new samba server online to replace an > > > ageing Novell server, when a student walks up and says, Kool, > but will I > > > still be able to connect with my Macintosh? "D*^n, I forgot > about them" > > > I says. Before I get rode out of town, does anyone know how to connect > > > them to samba? I've seen in the kernel where I can compile in the > > > AppleTalk protocol, but I've never used it, and have no idea > if it will > > > play nicely with samba. > > > > > > Any ideas? > > > > > > Gary > > > > > > > > > > > > From DavidAtkinson at solectron.com Thu Oct 25 17:25:03 2001 From: DavidAtkinson at solectron.com (DavidAtkinson@solectron.com) Date: Tue Dec 2 02:36:33 2003 Subject: Linux, Samba, and Macintosh's Message-ID: <91C8BF85397AD411B62A0090274FA17F5D682D@wangex.wta.slr.com> Guys, there are several solutions that I have used. The one i prefer is Netatalk (separate program to samba) because it is free. You could also try Dave which is a Mac SMB client/server package. Dave is a commercial package, but there is a limmited trial version on the web. (try download.com, or simmilar). Netatalk I use at home to support my mothers powerbook laptop. it does do PAP and AFS but it is no where near as full-featured as Samba. You can check out netatalk at http://www.umich.edu/~rsug/netatalk/. If you want some help you can contact me directly or try some of the netatalk mailing lists. This isn't exactly Samba NT dom type stuff. hope this helps. Regards, David Atkinson System Administrator Solectron Australia Phone: +61 3 5720-2556 Mobile: +61 4 1957-4112 Fax: +61 3 5720-2412 or +61 2 8304-1206 -----Original Message----- From: Gary MacKay [mailto:gary@edisoninfo.com] Sent: Friday, 26 October 2001 9:38 AM To: samba-ntdom@lists.samba.org Subject: Re: Linux, Samba, and Macintosh's Thanks Greg! Do I read the site right tho, that looks like a whole linux distro of it's own. That means I'd have to blow away everything I've done so far and load this version of linux? - Gary Greg Zartman wrote: > > Gary, > > Yes you can. A VERY good and nearly turnkey solution for doing this can be > found in SME5.0 Linux. www.e-smith.org then downloads. > > Greg Zartman > > > -----Original Message----- > > From: samba-ntdom-admin@lists.samba.org > > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Gary MacKay > > Sent: Thursday, 25 October 2001 4:26 PM > > To: samba-ntdom@lists.samba.org > > Subject: Linux, Samba, and Macintosh's > > > > > > OK, I was just about to bring a new samba server online to replace an > > ageing Novell server, when a student walks up and says, Kool, but will I > > still be able to connect with my Macintosh? "D*^n, I forgot about them" > > I says. Before I get rode out of town, does anyone know how to connect > > them to samba? I've seen in the kernel where I can compile in the > > AppleTalk protocol, but I've never used it, and have no idea if it will > > play nicely with samba. > > > > Any ideas? > > > > Gary > > > > > > From tony at cantech.net.au Thu Oct 25 17:58:14 2001 From: tony at cantech.net.au (Anthony J. Breeds-Taurima) Date: Tue Dec 2 02:36:33 2003 Subject: winbind / nss_winbind with Solaris with large amout of uses/groups In-Reply-To: <00db01c15d41$63513b90$9b4d180a@bacher.at> Message-ID: On Thu, 25 Oct 2001, Martin Hofbauer wrote: > I have compiled Samba 2.2.2 for Solaris 7 ( Solaris 8 also ) but found out > that the "nss_winbind" support > is available in source-code, but not after compilation. > The neccessary entries in the Makefile after "configre" are missing !! You did use --with-winbindd on your configure command didn't you ??? Yours Tony. /* * "The significant problems we face cannot be solved at the * same level of thinking we were at when we created them." * --Albert Einstein */ From kathee at mindiq.com Thu Oct 25 18:47:02 2001 From: kathee at mindiq.com (Kat) Date: Tue Dec 2 02:36:33 2003 Subject: samba & AD In-Reply-To: <3B7FA921.643CDCBE@bajajauto.co.in> References: Message-ID: <5.1.0.14.2.20011025204715.00c1fb00@mail.mindiq.com> Is there anyone who can elaborate on the current or future of support for PDC's running Active Directory only and the compatibility with Samba? thanks Kat From Jim at Morris.net Thu Oct 25 19:33:02 2001 From: Jim at Morris.net (Jim Morris) Date: Tue Dec 2 02:36:33 2003 Subject: Linux, Samba, and Macintosh's References: <3BD89F73.C32C0A99@edisoninfo.com> Message-ID: <3BD8CB99.8070608@Morris.net> Gary MacKay wrote: > OK, I was just about to bring a new samba server online to replace an > ageing Novell server, when a student walks up and says, Kool, but will I > still be able to connect with my Macintosh? "D*^n, I forgot about them" > I says. Before I get rode out of town, does anyone know how to connect > them to samba? I've seen in the kernel where I can compile in the > AppleTalk protocol, but I've never used it, and have no idea if it will > play nicely with samba. Have you considered using Netatalk to provide file and print services to the Macintosh users? I think it will coexist peacefully with Samba. Not sure how file locking is handled if a Samba user and a Netatalk user try to use the same exact file... Check it out at http://netatalk.sourceforge.net. Jim Morris (Jim@Morris.net) From DavidAtkinson at solectron.com Thu Oct 25 19:44:03 2001 From: DavidAtkinson at solectron.com (DavidAtkinson@solectron.com) Date: Tue Dec 2 02:36:33 2003 Subject: Linux, Samba, and Macintosh's Message-ID: <91C8BF85397AD411B62A0090274FA17F5D682E@wangex.wta.slr.com> There is no common locking system that I'm aware of, but mostly this isn't an issue. The biggest problem I find is keeping the passwords in sync if you use encrypted passwords for Samba or Netatalk. I believe that there is, however, some work being done on file locking issues by the Netatalk team which is noted in their FAQ'o'matic and mailing lists. You can also get around this by setting up the mac and pc users with separate shares and only put what has to be common in common shares. It should (in most cases be documents that are being worked on). If you advise your users to be careful and keep regular backups you should be fine. Regards, David Atkinson System Administrator Solectron Australia Phone: +61 3 5720-2556 Mobile: +61 4 1957-4112 Fax: +61 3 5720-2412 or +61 2 8304-1206 -----Original Message----- From: Jim Morris [mailto:Jim@Morris.net] Sent: Friday, 26 October 2001 12:34 PM To: Gary MacKay Cc: samba-ntdom@lists.samba.org Subject: Re: Linux, Samba, and Macintosh's Gary MacKay wrote: > OK, I was just about to bring a new samba server online to replace an > ageing Novell server, when a student walks up and says, Kool, but will I > still be able to connect with my Macintosh? "D*^n, I forgot about them" > I says. Before I get rode out of town, does anyone know how to connect > them to samba? I've seen in the kernel where I can compile in the > AppleTalk protocol, but I've never used it, and have no idea if it will > play nicely with samba. Have you considered using Netatalk to provide file and print services to the Macintosh users? I think it will coexist peacefully with Samba. Not sure how file locking is handled if a Samba user and a Netatalk user try to use the same exact file... Check it out at http://netatalk.sourceforge.net. Jim Morris (Jim@Morris.net) From Volker.Lendecke at SerNet.DE Thu Oct 25 23:46:01 2001 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:36:33 2003 Subject: Problems using samba as a PDC In-Reply-To: References: <012701c15d82$a9d9cf00$104231a2@Alex2k> Message-ID: On Thu, Oct 25, 2001 at 04:38:42PM -0600, Doug Douglass wrote: > Unfortunately, if you are storing accounts in smbpasswd, I do not know how > you can change an accounts RID (Does samba use the uid?) That's the problem with your approach. Samba uses an algorithm to translate uid/gid to rid and vice versa. This will not match NT's rid assignment. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011025/0e78f9a2/attachment.bin From KFuerstberger at haitec.de Fri Oct 26 01:13:06 2001 From: KFuerstberger at haitec.de (KFuerstberger@haitec.de) Date: Tue Dec 2 02:36:33 2003 Subject: pdb_getsampwrid Failure. Message-ID: Hai, This Patch from Ignacio Coupeau works for me: http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html ----------------------- smbtest:~/samba-cvs/samba/source/passdb# diff -u pdb_ldap.c.PATCHED pdb_ldap.c.DIST --- pdb_ldap.c.PATCHED Wed Oct 24 16:49:37 2001 +++ pdb_ldap.c.DIST Mon Oct 22 15:29:34 2001 @@ -577,11 +577,9 @@ make_a_mod(mods, ldap_state, "description", pdb_get_acct_desc(sampass)); make_a_mod(mods, ldap_state, "userWorkstations", pdb_get_workstations(sampass)); - if ( !sampass->user_rid) sampass->user_rid = pdb_uid_to_user_rid(pdb_get_uid(sampass)); slprintf(temp, sizeof(temp) - 1, "%i", sampass->user_rid); make_a_mod(mods, ldap_state, "rid", temp); - if ( !sampass->group_rid) sampass->group_rid = pdb_gid_to_group_rid(pdb_get_gid(sampass)); slprintf(temp, sizeof(temp) - 1, "%i", sampass->group_rid); make_a_mod(mods, ldap_state, "primaryGroupID", temp); ----------------------- Now, when you smpasswd add a machine the rid is calculated from the uid/gid and set in the LDAP database. Klaus > I'm having trouble joining a Win2k pro machine to a Samba 2.2.2 domain > with a LDAP backend. I have a user add script defined which is working. > I can also logon to the Samba via root. When try to add the domain I > use root as the admin login and I get the following message on the Win2k > machine. "The specified user does not exist." And here is the last two > log messages in the samba log for the machine. > > [2001/10/23 16:33:00, 0, effective(0, 0), real(0, 0)] > passdb/pdb_ldap.c:pdb_getsampwrid(750) We don't find this rid [1400] > count=0 > [2001/10/23 16:33:01, 2, effective(0, 0), real(0, 0)] > smbd/server.c:exit_server(458) Closing connections > > It seems to be looking for a RID of 1400. Why would it be doing that? > I believe that this call is what is causing the domain joining to fail. From Volker.Lendecke at SerNet.DE Fri Oct 26 02:14:26 2001 From: Volker.Lendecke at SerNet.DE (Volker Lendecke) Date: Tue Dec 2 02:36:33 2003 Subject: Is possible to MAP USER GROUPS? In-Reply-To: <000b01c15c66$24b6bda0$627c243e@flanders> References: <000b01c15c66$24b6bda0$627c243e@flanders> Message-ID: On Wed, Oct 24, 2001 at 10:30:30AM +0200, Elsa Nwanry wrote: > So ... Can 2.2.1a/2.2.2 MAP USER GROUPS for share pruposes? Sorry, no. Volker -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://lists.samba.org/archive/samba-ntdom/attachments/20011026/3bd8a48e/attachment.bin From lubo at ru.acad.bg Fri Oct 26 03:43:02 2001 From: lubo at ru.acad.bg (Lyubomir Velkov) Date: Tue Dec 2 02:36:33 2003 Subject: New update - new problems Message-ID: <3BD94D94.462B4465@ru.acad.bg> First - Thank you Samba Team for you work! I had two very annoying problems with samba-2.2.1a and RH7.1 - quota support didn't worked and "the Oplocks" problem (which cause 10 minutes freezing when user tries to logon , not loading polices and malfunction in many server installed programs). After compiling kernel 2.4.12-ac (where the quota support should be correct) and compiling new samba-2.2.2-src.rpm on my RH 7.1 quota seems to work but there are some annoying messages splashing on the console (and in syslog too) all the time: VFS: find_free_dqentry(): Data block full but it shouldn't. VFS: Error -5 occurred while creating quota. And I am observing some strange behavior in my NT4 SP6a network... Most annoying is that from time to time (mostly in the morning when nobody haven't used these machines for a some time) Workstations are refusing logons because they are unable to find their samba domain, and must be restarted to find it again! What may cause that? Another strange thing - some users started complaining that the mail server (same samba machine) was unreachable ( Netscape Messenger reported) or Netscape has just disappeared when they are reading their mail - may be another oplocks problem? -------------------- Lyubomir Velkov University Of Rousse From eirvine at tpgi.com.au Fri Oct 26 05:44:02 2001 From: eirvine at tpgi.com.au (eirvine) Date: Tue Dec 2 02:36:33 2003 Subject: Linux, Samba, and Macintosh's References: <91C8BF85397AD411B62A0090274FA17F5D682E@wangex.wta.slr.com> Message-ID: <3BD95A8A.565F0CB4@tpgi.com.au> Hi, I ran a school with Samba (for pc's) and Netatalk (for macs) for several years. Netatalk worked damn fine. One problem with interoperability was file name extensions (Macs don't use em) but it all worked never the less. And was much more stable than the Appleshare IP server! There is a bit of (kinda old) stuff at: http://www4.tpgi.com.au/users/eirvine/freebsd/hermione.html Eddie. DavidAtkinson@solectron.com wrote: > > There is no common locking system that I'm aware of, but mostly this isn't > an issue. The biggest problem I find is keeping the passwords in sync if you > use encrypted passwords for Samba or Netatalk. I believe that there is, > however, some work being done on file locking issues by the Netatalk team > which is noted in their FAQ'o'matic and mailing lists. You can also get > around this by setting up the mac and pc users with separate shares and only > put what has to be common in common shares. It should (in most cases be > documents that are being worked on). If you advise your users to be careful > and keep regular backups you should be fine. > > Regards, > David Atkinson > > System Administrator > Solectron Australia > Phone: +61 3 5720-2556 > Mobile: +61 4 1957-4112 > Fax: +61 3 5720-2412 or +61 2 8304-1206 > > -----Original Message----- > From: Jim Morris [mailto:Jim@Morris.net] > Sent: Friday, 26 October 2001 12:34 PM > To: Gary MacKay > Cc: samba-ntdom@lists.samba.org > Subject: Re: Linux, Samba, and Macintosh's > > Gary MacKay wrote: > > > OK, I was just about to bring a new samba server online to replace an > > ageing Novell server, when a student walks up and says, Kool, but will I > > still be able to connect with my Macintosh? "D*^n, I forgot about them" > > I says. Before I get rode out of town, does anyone know how to connect > > them to samba? I've seen in the kernel where I can compile in the > > AppleTalk protocol, but I've never used it, and have no idea if it will > > play nicely with samba. > > Have you considered using Netatalk to provide file and print services to > the Macintosh users? I think it will coexist peacefully with Samba. Not > sure how file locking is handled if a Samba user and a Netatalk user try > to use the same exact file... > > Check it out at http://netatalk.sourceforge.net. > > Jim Morris (Jim@Morris.net) From aandrews at eng.okla.seagate.com Fri Oct 26 06:28:05 2001 From: aandrews at eng.okla.seagate.com (Arnold Andrews X-324-4292) Date: Tue Dec 2 02:36:33 2003 Subject: Is possible to MAP USER GROUPS? Message-ID: <200110261327.IAA24320@ocosdrc01.eng.okla.seagate.com> Hi, If you use "acl-support", then you can use Unix groups to set permissions at group level. You must add the Unix user names to the Unix groups in Unix (at the Unix level) for the group membership to happen. Hope that helps, Arnold Andrews MCAD/UNIX Systems Administrator Seagate Technology, LLC > Delivered-To: samba-ntdom@lists.samba.org > From: "Elsa Nwanry" > To: > Subject: Is possible to MAP USER GROUPS? > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > X-Priority: 3 > X-MSMail-Priority: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 > X-BeenThere: samba-ntdom@lists.samba.org > X-Mailman-Version: 2.0.6 > List-Help: > List-Post: > List-Subscribe: , > List-Id: Using Samba with Windows NT domains > List-Unsubscribe: , > List-Archive: > X-Original-Date: Wed, 24 Oct 2001 10:30:30 +0200 > Date: Wed, 24 Oct 2001 10:30:30 +0200 > > It's a simple cuestion but I can't answer right by myself reading this list. > > 1) I've compiled 2.2.1a (few months ago) and it's working at production > level. > > 2) Windows 2k Professional shows UNIX groups, but them seems to be "dummy > groups" since permissions (at group level) doesn't works > > 3) I use Windows 2k only as my "workstation". All the workstations (at > production level) are Win9x, and they doesn't show more than "Domain Admins" > and "Domain Users" for "funtional prupose" (as NT4 user manager shows when > you attach it to a SAMBA 2.2.x PDC) > > So ... Can 2.2.1a/2.2.2 MAP USER GROUPS for share pruposes? > > > Sorry for my "free english" > ______________________________ > > Elsa Nwanry > System Administrator > SeyAD > > > > From weiser at fam.uni-paderborn.de Fri Oct 26 06:32:06 2001 From: weiser at fam.uni-paderborn.de (Jochen Weiser) Date: Tue Dec 2 02:36:33 2003 Subject: Trouble with Profiles Message-ID: <3BD96610.99C33168@fam.uni-paderborn.de> Hi there, I like to upgrade from samba 2.0.5a to samba 2.2.2. Everything worked fine and now my clients (NT) are able to join the domain. The login-scripts also works fine for users. The only thing that won't work is profile-management. I've left the 205a profiles on the server and try to connect to it. I've also removed them - but no other result. Every time a user logs in the NT-client states: The Network has detected a slow connection. Would you like to download your profile or take a local one. When trying to download the profile the NT-client tells me that it is unable to download the profile and that a new local one will be created (translated from German) can anybody help me through this??? looking forward to hear from you soon. sinceserely Jochen Weiser so here are my globals: workgroup = NT netbios name = SAMBA2.2.2 server string = Sambaserver Version 2.2.2 encrypt passwords = Yes name resolve order = host wins bcast domain admin group = @admin logon script = %G.bat logon path = \\%N\profiles\%u logon drive = U: logon home = \\%L\User domain logons = Yes os level = 65 preferred master = True domain master = True wins support = Yes and here are the shares: [netlogon] comment = netlogondir path = /usr/local/samba/server/netlogon write list = @admin force user = fam force group = fam guest ok = Yes browseable = No [profiles] comment = profiledir path = /usr/local/samba/server/profiles read only = No create mask = 0600 browseable = No [Home] comment = homedir path = %H read only = No create mask = 0700 force security mode = 0777 force directory security mode = 0777 [User] comment = userdir path = /pc/%u read only = No create mask = 0700 -- _______________________________________________________________ Dipl.-Ing. Jochen Weiser Fachgruppe Angewandte Mechanik Fachbereich 10 - Maschinentechnik I Universitaet - GH - Paderborn Pohlweg 47 -49 D - 33098 Paderborn Tel.: 05251 / 60 2292 (Buero P12.18) 05251 / 60 2265 (Labor P4301) Fax : 05251 / 60 3719 mailto:weiser@fam.uni-paderborn.de http://fam.uni-paderborn.de/Wir_ueber_uns/jochen_weiser.html _______________________________________________________________ From pietro.regis at darts.it Fri Oct 26 06:34:04 2001 From: pietro.regis at darts.it (Pietro Regis) Date: Tue Dec 2 02:36:33 2003 Subject: R: Problems using samba as a PDC In-Reply-To: Message-ID: Hi Doug, I tried to edit the new MACHINE.SID, and now I see that both the NT Server ad the Samba Server are using the same SID. Now I have a problem about RIDs: in the samba documentation I've read that for using samba as a PDC I need to set security = user, so I need to have the user's accounts stored locally in the samba Server (in the file smbpasswd). It seems to me that it's impossible to use the old local profiles with the Samba Server because the RIDS will be different (I see this viewing the file NTUSER.DAT stored in the local profile's directories): is it true or there is some other thing I can do? Thanks in advance, Pietro Regis -----Messaggio originale----- Da: Doug Douglass [mailto:samba@denverdata.com] Inviato: venerd? 26 ottobre 2001 0.39 A: Alex; Pietro Regis; samba-ntdom@lists.samba.org Oggetto: RE: Problems using samba as a PDC > did you add the NT-machine accounts to the samba-PDC in the > /etc/passwd and > /etc/samba/smbpasswd files ? > While these are required steps, they may not be sufficient to fix the problem. See below. > > > > > We succeed in logging into the domain only if we execute the following > > operations: > > we log into the NT Client locally as administrator; > > we successfully join to a dummy workgroup and restart the PC; > > we log into the NT Client as administrator; > > we successfully join to the domain and restart the PC. > > > > The problem is that if we execute these steps, when an user log into the > NT > > machines he has assigned the default profile, and not the local > profile he > > has when we use the NT Server as a PDC. > > > > Any suggestions? > > > > Thanks in advance. > > > Background Each account in a domain, machine or user, and the domain itself, has a unique identifier, or SID (similar to unix uid). The domain SID is part of all the user and machine account SIDs in a domain, and these SIDs get stored in a domain users profile (the parts of the registry that are user specific). If, as you have explained, you simply shutdown your NT PDC and started samba as a PDC, there is now guarantee that the samba PDC will have the same domain SID as your NT PDC. This is why you could have the same user in your NT PDC and your samba PDC, but when they logon they get a different profile. I hope I explained that well enough. Here's a suggestion: *** COMPLETELY UNTESTED *** USE AT YOUR OWN RISK *** 1. Determine the domain SID of your NT PDC (try this from your linux box "rpcclient -c "lsaquery" -W ). The SID should look something like S-1-5-21-3720025594-2811526445-1635277529. 2. In your samba configuration directory is a file named MACHINE.SID, and it will have a similar SID value in it. Make a backup copy of the MACHINE.SID file. 3. Replace the existing SID in MACHINE.SID with the one from the NT PDC. 4. Shutdown NT PDC and start samba PDC 5. Add your machine and user accounts to Samba PDC 6. Try logging in as a domain user and see if the existing locally stored profile is used. If the existing local profile is still not being used, check your samba logs for messages like "cannot find rid []". RIDs are the unique part of an accounts SID -- the set of digits after the domain SID. The account RID and the profile RID must match in order for your existing local profiles to be used. Unfortunately, if you are storing accounts in smbpasswd, I do not know how you can change an accounts RID (Does samba use the uid?) Good luck, take it slow, and keep posting to the list (someone must have tried this before), Doug From pereti at ump.edu.br Fri Oct 26 06:51:11 2001 From: pereti at ump.edu.br (Bruno Gimenes Pereti) Date: Tue Dec 2 02:36:33 2003 Subject: Trouble with Profiles References: <3BD96610.99C33168@fam.uni-paderborn.de> Message-ID: <027a01c15e25$5d5a6290$6300a8c0@Metropolitana.administracao> profiles need to be browseable and writeable. > [profiles] > comment = profiledir > path = /usr/local/samba/server/profiles > read only = No > create mask = 0600 > browseable = No ^^^^^^ I think it will work. Bruno Gimenes Pereti. From pierre at globeall.de Fri Oct 26 09:04:02 2001 From: pierre at globeall.de (Pierre Burri) Date: Tue Dec 2 02:36:33 2003 Subject: Samba Print Server? In-Reply-To: References: Message-ID: <200110261604.SAA73516@smtp1.nikoma.de> I guess that might help you: I tested it with SuSE Linux 7.2, CUPS and Win2K, Samba as a PDC + Printer Server. If you use lpr insthead of cups, you will have to adapt the script addprinter. (Of course the directory and group names are just examples) On Linux: 1.you need samba Version >= 2.2.1a 2.create a new group ntadmin as a printer administrator group 3.create an account for the printer administrator with: passwd -g ntadmin 4.add the same account with smbpasswd -ae 5.if not added yet: smbpasswd -ae root otherwise win2000 can not connect to the Domain the first time. It is probably adviseable to not give the same password as the original password under linux. 6.add an accout for every host (with a $ at the end): useradd ?-s /bin/false -d /dev/null hostname$ 7.add the same account in smbpasswd: smbpasswd -a -m ?hostname$ 8.create a structure for the profiles and the drivers: mkdir /home/samba/ cd /home/samba mkdir netlogon ?profiles ?printers chown :ntadmin printers chmod 775 printers chmod 777 profiles mkdir ?printers/W32X86 ? printers/WIN40 the drivers will be copied from APW in a subdirectory of W32X86, for e.g. ?2 ? 9.modify /etc/smb.conf with all entries for the PDC, print$ etc. 10.create a script /usr/bin/addprinter that will create a printer 11.add with visudo the possibility for printer administrators to reload samba: Cmnd_Alias RCSMB=/etc/init.d/smb madmin ?THIS_HOST=NOPASSWD:RCSMB 12.add SystemGroup ntadmin in /etc/cups/cupsd.conf and reload cups. On Windows2000 1.join the domain with user root, (Settings - System - Network Identification) you probably have to reboot afterwards... 2.log in as a printer administrator in the domain 3.click on the Network Neighborhood und search for your samba server 4.click on the samba server folder and then on the printer folder 5.click on the Add Printer Wizzard (APW) and install a printer. You need of course some drivers for this. Don't print a test page, it doesn'work. 6.you should now be able to see your new printer. if you get an "access denied", this mean your script addprinter doesn't work. 7.go to the regular "Printers" folder in the "Settings" and add a new network printer (the one you just uploaded). This time, the drivers will be copied from samba to your win2k directory: X:WINNT\System32\spool\drivers\W32X86\... 8.print a test page, that's it! File /usr/bin/addprinter #!/bin/sh # Name: ? ?/usr/bin/addprinter # Authors: Pierre Burri & Michel Bisson # Date: ? ?7-Oct-2001 # This script adds a CUPS printer (Postscript) from Windows2000 APW # with Samba Version 2.2.1a. (APW = Add Printer Wizard) #-------------------------------------------------------------------- # Parameters given by the APW: # $1 = printer name # $2 = share name # $3 = port name # $4 = driver name # $5 = location # $6 = windows 9x driver location #-------------------------------------------------------------------- smb_pr_dir="/home/samba/printers" addpr_log="$smb_pr_dir/addprinter.log" print_port="parallel:/dev/lp0" # echo "----------------------" >> $addpr_log echo "date : `date`" ? ? ? ? ?>> $addpr_log echo "all parameters : 1=<$1> 2=<$2> 3=<$3> 4=<$4> 5=<$5> 6=<$6>" >> $addpr_log # extract the PPD file name driver=$(grep -lr "$4" $smb_pr_dir/W32X86 |head -1) echo "driver name : <$driver>" ?>> $addpr_log # add the printer to cups /usr/sbin/lpadmin -p $2 -P $driver -L "$5" -v $print_port -E >> $addpr_log ? 2>>1& # reload samba (with the SuSE Linux script) sudo /etc/init.d/smb reload sleep 3 File smb.conf: [global] ? ?workgroup = STARS ? ? ?server string = Linux Samba PDC Server %v ? ?guest account = nobody ? ?keep alive = 30 ? ?os level = 64 ? ?kernel oplocks = false ? ?security = user ? ?debug level = 2 ? ?printer admin = @ntadmin ; ; Uncomment the following, if you want to use an existing ; NT-Server to authenticate users, but don't forget that ; you also have to create them locally!!! ; ?security = server ; ?password server = 192.168.1.10 ? ?encrypt passwords = yes ? ?printing = cups ? ?printcap name = /etc/printcap ? ?load printers = yes ; ; script to execute when a printer is added through the APW from Win2K ? ?addprinter command = /usr/bin/addprinter ? ?socket options = TCP_NODELAY ? ?map to guest = Bad User ; Uncomment this, if you want to integrate your server ; into an existing net e.g. with NT-WS to prevent nettraffic ; ?local master = no ? ? ?local master = yes ; Do you wan't samba to act as a logon-server for ; your windows 95/98 clients, so uncomment the ; following: ? ?domain logons = yes ? ?logon path = \\%L\Profiles\%u ? ?logon drive = H: ? ?logon home = \\%L\%u ; ? logon script = %U.cmd ? ?domain master = yes ? ?preferred master = yes [netlogon] ? ?path = /home/samba/netlogon ? ?writeable = no ? ?writelist = ntadmin ; share for storing user profiles [profiles] ? ?path = /home/samba/profiles ? ?writeable = yes ? ?browseable = no ? ?create mask = 0600 ? ?directory mask = 0700 ; share for storing printer drivers [print$] ? ?path = /home/samba/printers ? ?public = yes ? ?browseable = yes ? ?read only = yes ? ?write list = Administrator,madmin,root ? ?directory mask = 0775 [homes] ? ?comment = home directory ? ?browseable = no ? ?read only = no ? ?create mode = 0750 [printers] ? ?comment = all printers ? ?browseable = no ? ?printable = yes ? ?public = no ? ?read only = yes ? ?create mode = 0700 ? ?directory = /tmp - Feel free to visit my Site! http://www.GlobeAll.de Pierre Burri Tel. +49 30 757 02 517 Fax: +49 30 757 02 518 - From Scott.Copus at wku.edu Fri Oct 26 09:29:02 2001 From: Scott.Copus at wku.edu (Scott Copus) Date: Tue Dec 2 02:36:33 2003 Subject: Samba as PDC with PAM? Message-ID: <3BD98F81.F051C6E9@wku.edu> Using Samba 2.2.2 on a RedHat 7.1 system. I have read through the Samba 2.2 PDC FAQ and HOWTO, but I'm still trying to find out if it's *possible* to use Samba as a PDC along with PAM... while using encrypted passwords too (being a requirement for a PDC).......... ???? What I want to do is have several hundred Windows 98 (and newer Windows too) be able to authenticate against a Samba PDC. But the Samba server must authenticate with a user database that is on a remote Oracle SQL server. I would like to use PAM for this to create my own pam module to talk to the remote SQL database. I know of the PAM restrictions concerning the "LANMAN" password challenge/response scheme. HOWEVER, I am able to retrieve the the password from the remote SQL database as _plain text_. If I have to above scenario, shouldn't I really be able to use PAM on a Samba PDC if there were some way to check the encrypted password that is passed to the pam module, and the pam module retrieve the plain-text password from the remote SQL database and run the same encryption scheme on the plain-text password and then finally compare the two encrypted passwords? If not, got any ideas? Also, a colleague and I have tried compiling Samba 2.2.2 with both "-with-pam" and "-with-pam_smbpass" and setting up a single Win98 client to connect to our test domain. If you configure Samba with PAM, does Samba have nothing to do with the /etc/pam.d/samba file? Because if I change the file to "pam_deny" for everything, I can still login. I can't find any helpful documentation on what _exactly_ happens when those options are compiled in. Can someone explain? Also, when I compile Samba 2.2.2 with "pam_smbpass", make will create the "pam_smbpass.so" file. However, if I delete all instances of that file from my system, I would think that Samba would not allow any login access, since that file no longer exists. But that's not the case. Does Samba fall back to using the internal "smbpasswd" file for some reason? Any way to turn that off? thanx! Scott From aandrews at eng.okla.seagate.com Fri Oct 26 09:40:06 2001 From: aandrews at eng.okla.seagate.com (Arnold Andrews X-324-4292) Date: Tue Dec 2 02:36:33 2003 Subject: problem: win2k (re)joining domain Message-ID: <200110261639.LAA29267@ocosdrc01.eng.okla.seagate.com> Hello again, I was able to rejoin the domain, after creating a new domain on a different samba server and joining that. I also had to delete all the user profiles which were tied to the original domain. Once I had cleaned all my "ties" to the original domain, I was successful at rejoining the domain. It's strange though, because now it is back to my original problem which started me on all this in the first place, and that is that I am not able to browse any computers in the "Microsoft Windows Network". Just for the record, I am using Wins, and I only noticed this problem recently. It was working perfectly before. I can still ping any hostname by name, I just can't see them in the "My Network Places". Again, any help would be greatly appreciated. Thanks, Arnold Andrews > Delivered-To: samba-ntdom@lists.samba.org > From: Arnold Andrews X-324-4292 > Subject: problem: win2k (re)joining domain > To: samba-ntdom@lists.samba.org > MIME-Version: 1.0 > Content-MD5: Ve9YLyY77ASFi3JpFZRhxA== > X-BeenThere: samba-ntdom@lists.samba.org > X-Mailman-Version: 2.0.6 > List-Help: > List-Post: > List-Subscribe: , > List-Id: Using Samba with Windows NT domains > List-Unsubscribe: , > List-Archive: > X-Original-Date: Thu, 25 Oct 2001 15:42:34 -0500 (CDT) > Date: Thu, 25 Oct 2001 15:42:34 -0500 (CDT) > > Hi, > > I recently upgraded from 2.2.1a to 2.2.2 on Solaris 8. > > I don't know whether it was related, but I noticed that I could no longer browse > computers within the "Microsoft Windows Networking" section of the "Entire > Network" under "My Network Places". Puzzled as to what may have caused this, I > decided to leave the domain by switching from being a member of the domain to > being a workgroup member. When I still couldn't browse other computers I > decided to uninstall the "Microsoft Networking Client". > > After I reinstalled the client, I could again see the computers as before. Now > when I attempt to switch back to being a member of the domain, I get an error > message saying: > > The following error occurred attempting to join the domain "ocomcad": > The credentials supplied conflict with an existing set of credentials. > > > I have seen this particular error message referenced in the mail list over and > over again several times. I know that it means that there is already a > connection to the resource as another user then the one being attempted with. > The problem is that I don't have any drives mapping to it at all so I don't know > why I am getting the conflict. When I check the status with SWAT it does show > an "IPC$" share being done. > > How can I remove the "IPC$" connection so that I don't get a conflict when I > attempt to rejoin the domain? > > I thought it might possibly be a service pack 2 issue, so I rolled back to SP1 > with no success. I still get the same error. > > Now I have even uninstalled 2.2.2 and put back 2.2.1a and I still have the > problem. > > Any help would be greatly appreciated. > > Regards, > > Arnold Andrews > MCAD/UNIX Systems Administrator > Seagate Technology, LLC > > > From samba at denverdata.com Fri Oct 26 10:12:02 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:33 2003 Subject: Problems using samba as a PDC In-Reply-To: Message-ID: > > Hi Doug, > I tried to edit the new MACHINE.SID, and now I see that both the NT Server > ad the Samba Server are using the same SID. > Now I have a problem about RIDs: in the samba documentation I've read that > for using samba as a PDC I need to set security = user, so I need to have > the user's accounts stored locally in the samba Server (in the file > smbpasswd). > It seems to me that it's impossible to use the old local profiles with the > Samba Server because the RIDS will be different (I see this > viewing the file > NTUSER.DAT stored in the local profile's directories): is it true or there > is some other thing I can do? > > Thanks in advance, > > Pietro Regis > As I feared, using smbpasswd, as Volker's response states, will not produce the same RIDs as the NT PDC. At my site I use OpenLDAP as the SAM backend to samba instead of smbpasswd and RIDs are one of the attributes stored in each account entry. Therefore, I can modify the RID on any account if needed. You may wish to consider using LDAP if no other mechanism will work. Doug From lgee at applianceware.com Fri Oct 26 10:51:14 2001 From: lgee at applianceware.com (Larry Gee) Date: Tue Dec 2 02:36:34 2003 Subject: Space in smb.conf parameter value References: <20011025173103.A1056@netlands.de> <3BD839D7.5090503@vtex.lt> Message-ID: <3BD9A1E0.B3607A@applianceware.com> Sarunas wrote: > > Hello. > > How do you put, for example, 'Domain Admins' group into valid users = ...? > (Samba 2.2.2 --with-winbind.) I'm not sure about 2.2.2, but with 2.0.7 you could do it with the following [sharename] ... valid users = ,"@Domain Admins" ... The leading comma is very important. Failure to have it will cause the parser to mis-interpret the quoted string. > > Thanks, > > -- > Sarunas Burdulis > Head Electronic Publishing, VTEX Ltd. > sarunas@vtex.lt > Office +370 2 729609, GSM +370 98 24498 -- ----------------------------------------------------------------------------- Larry Gee, Server Architect | Error #152: Windows not found ApplianceWare, Inc. | (C)heer, (P)arty, (D)ance 510-580-5132 | ----------------------------------------------------------------------------- From greg at leiinc.com Fri Oct 26 14:22:03 2001 From: greg at leiinc.com (Greg J. Zartman, P.E.) Date: Tue Dec 2 02:36:34 2003 Subject: Samba add user parameter Message-ID: Is there a way to view what's going on with this parameter in terms of the "add machine script" when samba reads it in. I'm having trouble on my end getting this to work properly with a unique setup an was wondering if anything can be displayed in the log files. Thank you. Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. (541)683-8383 fax (541)683-8144 www.leiinc.com From npande at bajajauto.co.in Fri Oct 26 20:16:02 2001 From: npande at bajajauto.co.in (NITIN PANDE) Date: Tue Dec 2 02:36:34 2003 Subject: Chain letter apology.. References: <20011025093704.E050A50CA@lists.samba.org> <15319.58931.908509.751569@frungy.org> Message-ID: <3BDA2802.DD392A1@bajajauto.co.in> Very very sorry.. Totally unintentional... Once again, it was an accident > > Ok this is like a chain letter. I don't know who wrote it, but it tells > > what I've been blabbing to other. Also, I added a couple of lines at > > the end with my name. > > Please don't send chain letters to the samba mailing lists. From webmaster at viitindia.org Sat Oct 27 00:06:13 2001 From: webmaster at viitindia.org (Shekhar) Date: Tue Dec 2 02:36:34 2003 Subject: Samba-2.2.2 uses 100% of resources. References: <3BD8148B.8010503@azcher.kharkov.ua> Message-ID: <006301c15eae$9ecd9c40$010010ac@iis> Put _____________________ oplocks = no level2 oplocks = no _____________________ in global section of smb.conf . Shekhar System Administrator, VIIT Telefax: +91-2112-43476 to 79 Ext: 216 Email: webmaster@viitindia.org Web: www.viitindia.org ----------------------------------------- Check out viitindia.org for new Career services ----- Original Message ----- From: "Virgo" To: "samba-ntdom" Sent: Thursday, October 25, 2001 7:02 PM Subject: Samba-2.2.2 uses 100% of resources. > Hi! > Process smbd sometimes not respond and uses 100 % of resources of the > processor. It is impossible to kill him. It's happens when logout Win2K > Professional. > As the process does not respond on kill -SIGKILL, kill -SIGQUIT , it is > necessary to restart linux. > Where can be a problem? > Tnx. > -- > Registered Linux User #186627 > ICQ UIN 50715669 > E-Mail: mailto:virgo@azcher.kharkov.ua > SMS: mailto:virgo@kyivstar.net > Tel: +38(0572)194976 > Fax: +38(0572)194905 > From joerg.haensel at web.de Sat Oct 27 01:27:02 2001 From: joerg.haensel at web.de (=?iso-8859-1?B?SvZyZyBI5G5zZWw=?=) Date: Tue Dec 2 02:36:34 2003 Subject: Domain Administrator Logons Message-ID: <000001c15ec0$bbe085b0$6802a8c0@sesamstrasse.de> Hello, Since I upgraded to samba 2.2.2 I can not log in as a Domain Administrator from a NT Client. The Domain Admins are member of a special group callse SmbDomAdm on the linux samba PDC. I used the "domain admin group" in smb.conf for mapping this unix group to the windows group "domain admins". Has this method been changed in 2.2.2 ? Has anybody of you a similar problem ? Some people told me to try winbind. But this is used for mapping NT Users/Groups to Unix Users/Groups. Thanks for you help, Joerg From james at dattrax.co.uk Sat Oct 27 01:34:03 2001 From: james at dattrax.co.uk (Jim Hauxwell) Date: Tue Dec 2 02:36:34 2003 Subject: ACL doesn't seem to update on profile save Message-ID: All, Hope someone has come across this before, and knows how to solve it I'm using samba 2.2.2 (forced upgrade as my wife got an XP machine) and since the upgrade it seems that the ACLs for the profile directory are not updated. Using the security tab in win2k I can set the permissions to FULL_CONTROL and the propegate throughout tick box which quickly goes away and updates locally. When I log out windows save the profile and reports no errors. If you then log out and back in again 'boom!' back to the original settings. Am I doing something stupid? I have looked through the archive, but haven't found anything yet. Jim From tarjei at nu.no Sat Oct 27 03:26:02 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:36:34 2003 Subject: samba, linux and mackintosh Message-ID: <3BDA8BDD.DAB26C3C@nu.no> Hi, When you run configure for samba, you get the option --with-appleshare (or somehting simmilar - taking this from memory) that is marked EXPERIMENTAL. How experimental is this? Does it work? Does anyone use it? I'm running netatalk and samba on one machine, and that has givven med quite a few headaches when it comes to filelocking. I usually end up restarting samba (2.2.1a) ;( Also, I am wondering, what does the --with-afs configure do? Is this for using samba together with the afs as in OPENAFS distributed filesystem? Does anyone use this and what is the consept? One last thing: If you are going to use netatalk og nis together with samba, use LDAP! Place everything into your ldap dir and go from there. Btw, how good is the ldap - usermanger combo in Samba now? I've been using tng but am contemplating to switch if it's any good. Hmm. if it doesn't exist, here's a featurerequest: Make it possible that the ldap backend also changes the plaintext passwd when you change the nt/lm one through usermngr. Many questions, I hope someone has the time to answer some of them :=) From tarjei at nu.no Sat Oct 27 03:34:02 2001 From: tarjei at nu.no (Tarjei Huse) Date: Tue Dec 2 02:36:34 2003 Subject: FW: SAMBA and Mail client References: <001a01c15d7e$ab443140$0100a8c0@win2k> Message-ID: <3BDA8DAB.E0C857BE@nu.no> > I'm going to set-up an server with SAMBA file sharing and Cyrus-IMAP > server which use the same user/pass database (LDAP). Is it posible to > use an Windows logon username and password for a mail client? If it is > posible, which client suport this and how to set-up the clients? Hi, goto www.samba-tng.org/docs.html and read the samba with ldap howto there. I think most of it will work with 2.2.2 as well (does anyone know of a howto for 2.2.2-ldap? also does anyone know the differences between tng-ldap and samba-ldap?) that'll get you started. Install cyrus as well, and you'll need pam-ldap. Note however that you'll need the ldap-sasl patch becaus cyrus-sasl + cyrus-imapd + ldap creates a problem. Have a look here for more info on that: cyrus-utils.sf.net I've been running this setup for some time now, it works realy nice! Tarjei > Lp, > Dezo > ______________ > Damir Dezeljin, > Korte 67, 6310 Izola, Slovenia > Tel: +386 (0)5 642 03 31; MailTo: Dezo@nib.si From kunathma at pilot.msu.edu Sat Oct 27 04:56:01 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:34 2003 Subject: suse 7.2 and acl Message-ID: <200110271157.f9RBvHX26676@pilot21.cl.msu.edu> Hello, how do you compile samba on suse 7.2 with acl support? I know it looks for /usr/include/sys/acl.h but suse doesn't have this file in place. I read other people use acls on suse system though. How do you do this? 2.4.7-4gb kernel on reiserfs I saw this site: http://acl.bestbits.at/ but it mentions only certain kernels and not the one I am using? Doesn't suse package acl? They package all loads of crap but not acl? I am not even sure if I want to upgrade the kernel since suse also patches tons of stuff into it and I fear if I upgrade myself I break other stuff. If somebody could give clues on how to get acls on suse I'd appreciate it. mk From bolke at xs4all.nl Sat Oct 27 12:50:05 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:34 2003 Subject: samba & AD In-Reply-To: <5.1.0.14.2.20011025204715.00c1fb00@mail.mindiq.com> Message-ID: I know ppl got it running using W2K as PDC issueing kerberos tickets. Read samba-technical for more info. Also there are some docs onthe web but dont know them right now. Bolke -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Kat Verzonden: vrijdag 26 oktober 2001 2:49 Aan: samba-ntdom@lists.samba.org Onderwerp: samba & AD Is there anyone who can elaborate on the current or future of support for PDC's running Active Directory only and the compatibility with Samba? thanks Kat From bolke at xs4all.nl Sat Oct 27 12:56:15 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:34 2003 Subject: OpenBSD 2.9 - passwd sync - passwd chat Message-ID: (I'm crossposting this beacuse I'm not sure if it's a bug or if it's config error) I am running OpenBSD 2.9 as a PDC for a small domain containing some W2K (no service pack yet) and Win98 clients. I would like to use the password synchronization option, but this fails unfortunately. Turning on logging (eg log level = 101 passwd chat debug = True) gives me a log entry for the passwd chat along the lines of this: Expected [*New*] received [passwd: who are you??] It seems as if the passwd program is checking which user is running it and fails. Is this a normal error or am I doing something wrong here? On a side note: The useradd program does not accept usernames containing a "$" which makes it difficult to add computers easily (you have to add it manually to the /etc/passwd file and you will get a insecurity mail delivered to root) does someone know a (automatic) workaround for this? btw: this is all on samba 2.2.2 thx in advance Bolke de Bruin From bolke at xs4all.nl Sat Oct 27 13:02:05 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:34 2003 Subject: samba & AD In-Reply-To: Message-ID: Oops just found this (you should be running HEAD) http://samba.org/ftp/tridge/kerberos/HOWTO Bolke -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Bolke de Bruin Verzonden: zaterdag 27 oktober 2001 21:51 Aan: samba-ntdom@lists.samba.org Onderwerp: RE: samba & AD I know ppl got it running using W2K as PDC issueing kerberos tickets. Read samba-technical for more info. Also there are some docs onthe web but dont know them right now. Bolke -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Kat Verzonden: vrijdag 26 oktober 2001 2:49 Aan: samba-ntdom@lists.samba.org Onderwerp: samba & AD Is there anyone who can elaborate on the current or future of support for PDC's running Active Directory only and the compatibility with Samba? thanks Kat From p.grimmerink at home.nl Sat Oct 27 14:11:02 2001 From: p.grimmerink at home.nl (Pieter Grimmerink) Date: Tue Dec 2 02:36:34 2003 Subject: samba 2.2.2 PDC & NT4 client problem Message-ID: Hi all, With samba 2.2.2 as PDC, win98 and win2000 clients really start to work, when I create a share on a client, and add domainusers to the permission fields, they really have access to the shares. But: -Adding 'Domain Users' to a share on a win2000 client fails: "Unable to lookup user names for display" -once DOMAIN\user is added, it turns into PDC\user in the permission box (win2000) -once DOMAIN\user is added, it turns into DOMAIN\unknown user (nt4) This last problem is the most serious as far as I'm concerned, it makes the combination of samba PDC and NT4 clients impossible. Switching back to my very old and slow samba-tng again. Regards, Pieter Grimmerink From DanCreed at carolina.rr.com Sat Oct 27 22:30:07 2001 From: DanCreed at carolina.rr.com (Daniel A. Creed) Date: Tue Dec 2 02:36:34 2003 Subject: IOCTL? Message-ID: <000801c15f70$e0a57440$0a00a8c0@skywalker> Anyone know anything about IOCTL errors, and not being able to join a domain because of them? Thanks, DanCreed@carolina.rr.com -------------- next part -------------- HTML attachment scrubbed and removed From DanCreed at carolina.rr.com Sun Oct 28 06:42:04 2001 From: DanCreed at carolina.rr.com (Daniel Creed) Date: Tue Dec 2 02:36:34 2003 Subject: unable unmarshall samr set userinfo Message-ID: <000801c15efa$52ef6460$0b00a8c0@ANAKIN> Anyone know what this error is? and why it lets me join the domain but then fails when it tries to create an account and them won't let me logon to the domain.. I am trying to use Samba as my PDC. Thanks, DanCreed@carolina.rr.com -------------- next part -------------- HTML attachment scrubbed and removed From mlueck at lueckdatasystems.com Sun Oct 28 07:46:02 2001 From: mlueck at lueckdatasystems.com (Michael Lueck) Date: Tue Dec 2 02:36:34 2003 Subject: Installing on Mandrake 8.1 Suggested Reading Message-ID: <200110281546.JAA31798@turqua.propagation.net> Soon I will be installing a test box to learn Samba 2.2.2 PDC on. It will be running Mandrake 8.1 Linux. What are the suggested readings for installing 2.2.2 (over top of what Mandrake comes with, or unselect it when installing the OS?), what to download, setting up the Domain, making the Win2K clients happy, yadda yadda... TIA! Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ From js at mail.ic-bremen.de Sun Oct 28 15:29:02 2001 From: js at mail.ic-bremen.de (Jens Schwepe) Date: Tue Dec 2 02:36:34 2003 Subject: creating a generic disk image for nt clients Message-ID: <01C16010.E2C85E90.js@ic-bremen.de> hi, this may be abit off topic, but at least... maybe i reach someone with the knowledge to give me advice :) i am running an internet cafe with samba pdc and nt4 clients. as people keep installing/deinstalling software, erasing files, downloading stuff etc. i setup every client with linux and winnt. with "dd if=/dev/hda1 | gzip -c --best > diskimage.gz" i backed up the initial windows installation and via cron-script re-write it on disk every night. thus the nt client is "freshly installed" every morning :D now i hate to have all those different backups on the server. i'd rather like to have one initial backup re-written to every client, which then gets his customization while booting. concerning the ip-address, network and wins, this i have done with a central dhcp server, presenting fixed ip's based on the mac-address of the network card. but, i cannot set the machine's name and domain-password via this way. so i thought of the cron-script in linux: it would be possible to re-write the disk-image, mounting it and only overwrite the registry and the file where the machine's passwort is stored. this is my question (finally *g*): 'cos i am no windows freak, which files do i have to store ? e.g. which is the registry file, and in which file is the machine's password stored ? yours, jens js@ic-bremen.de www.ic-bremen.de From leong at nti.com.my Sun Oct 28 17:37:02 2001 From: leong at nti.com.my (Tai Kee Leong) Date: Tue Dec 2 02:36:34 2003 Subject: Install Samba-2.2.2 on top of Samba-2.0.7 Message-ID: <01fb01c1601b$09547d00$9e080a0a@Tai> Dear all, I'm entirely new to Linux. As my environment require Samba as PDC for Windows machines and the best is to a least have Samba-2.2.0. I downloaded Samba-2.2.2 and run root# ./configure It run a batch processing which I don't know what it does. How do I know it's running Samba-2.2.2 instead of Samba-2.0.7? Do I need to uninstall the old version before the new one? Please advice, thank you. -------------- next part -------------- HTML attachment scrubbed and removed From leong at nti.com.my Sun Oct 28 17:50:03 2001 From: leong at nti.com.my (Tai Kee Leong) Date: Tue Dec 2 02:36:34 2003 Subject: Install Samba-2.2.2 on top of Samba-2.0.7 Message-ID: <025b01c1601c$bf29c120$9e080a0a@Tai> Dear all, I'm entirely new to Linux. As my environment require Samba as PDC for Windows machines and the best is to a least have Samba-2.2.0. I downloaded Samba-2.2.2 and run root# ./configure It run a batch processing which I don't know what it does. How do I know it's running Samba-2.2.2 instead of Samba-2.0.7? Do I need to uninstall the old version before the new one? Please advice, thank you. From greg at kwikfind.com Sun Oct 28 17:58:02 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:34 2003 Subject: Removing Machine account passwd and smbpasswd entries when machine leaves domain References: <01C16010.E2C85E90.js@ic-bremen.de> Message-ID: <001201c1601b$c9e50ee0$a7203ace@greg> Is there anything in the works to remove machine account entries on the smbpasswd and passwd databases automatically when a win NT/2000/xp machine leaves a domain? Regards, Greg J. Zartman ----- Original Message ----- From: Jens Schwepe To: Sent: Sunday, October 28, 2001 3:30 PM Subject: creating a generic disk image for nt clients > hi, > > this may be abit off topic, but at least... > maybe i reach someone with the knowledge to give me advice :) > > i am running an internet cafe with samba pdc and nt4 clients. > as people keep installing/deinstalling software, erasing files, downloading > stuff etc. > i setup every client with linux and winnt. with "dd if=/dev/hda1 | gzip -c > --best > diskimage.gz" i backed up the initial windows installation and via > cron-script re-write it on disk every night. thus the nt client is "freshly > installed" every morning :D > > now i hate to have all those different backups on the server. i'd rather like > to have one initial backup re-written to every client, which then gets his > customization while booting. > concerning the ip-address, network and wins, this i have done with a central > dhcp server, presenting fixed ip's based on the mac-address of the network > card. > > but, i cannot set the machine's name and domain-password via this way. so i > thought of the cron-script in linux: > it would be possible to re-write the disk-image, mounting it and only overwrite > the registry and the file where the machine's passwort is stored. > > this is my question (finally *g*): > 'cos i am no windows freak, which files do i have to store ? e.g. which is the > registry file, and in which file is the machine's password stored ? > > > > yours, > jens > > js@ic-bremen.de > www.ic-bremen.de > > > From peter.milburn at sofcom.com.au Sun Oct 28 18:11:06 2001 From: peter.milburn at sofcom.com.au (peter.milburn@sofcom.com.au) Date: Tue Dec 2 02:36:34 2003 Subject: Passwd Expiry Message-ID: Does anyone know if in the lastest 2.2.2 release of samba, if there is or will be the ability to set a global passwd expiry on w2k work stations Thanks, Peter -- Peter Milburn Systems Manager Software Communication Group Ltd peter.milburn@sofcom.com.au Ph: +613 9826 8300 Fax: +613 9826 8336 Level 16, 644 Chapel St South Yarra, Vic 3141 www.sofcom.com.au ******************************************** This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you must not disseminate, copy or take any action in reliance on it. If you have received this message in error, please notify Software Communication Group immediately. Any views expressed in this message are those of the individual sender except where the sender specifically states them to be the views of Software Communication Group. ******************************************** From leong at nti.com.my Sun Oct 28 20:37:07 2001 From: leong at nti.com.my (Tai Kee Leong) Date: Tue Dec 2 02:36:34 2003 Subject: Server string parameter Message-ID: <000c01c16034$309b1400$9e080a0a@Tai> In the global, server string = Samba %v on (%h) it shows as Samba 2.0.7 on singa in the network neighbourhood. I install Samba-2.2.2 just now and rebooted the server. How come it show Samba-2.0.7? Is it the Samba-2.2.2 installation incomplete? How to check the samba version? Thank you. -------------- next part -------------- HTML attachment scrubbed and removed From Michael.Homsey at csiro.au Sun Oct 28 22:06:06 2001 From: Michael.Homsey at csiro.au (Michael.Homsey@csiro.au) Date: Tue Dec 2 02:36:34 2003 Subject: Server string parameter Message-ID: Check the install directory. At some point the install script started to put it into an sbin directory, your startup script (or however the system stops and starts it at boot time) could still be referencing the old server binaries. See bin/smbd vs sbin/smbd Michael Homsey CSIRO, TIP -----Original Message----- From: Tai Kee Leong [mailto:leong@nti.com.my] Sent: Monday, 29 October 2001 3:43 PM To: Samba Subject: Server string parameter In the global, server string = Samba %v on (%h) it shows as Samba 2.0.7 on singa in the network neighbourhood. I install Samba-2.2.2 just now and rebooted the server. How come it show Samba-2.0.7? Is it the Samba-2.2.2 installation incomplete? How to check the samba version? Thank you. -------------- next part -------------- HTML attachment scrubbed and removed From grobe at gmx.net Mon Oct 29 00:35:03 2001 From: grobe at gmx.net (Lars O. Grobe) Date: Tue Dec 2 02:36:34 2003 Subject: Passwd Expiry References: Message-ID: <3BDD2336.72CE5178@gmx.net> Hi! In 2.2.1 I did this with "obey pam restrictions". I have tng here at the moment, so I can't validate this setting with 2.2.2. Hope this helps, CU, Lars. From bolke at xs4all.nl Mon Oct 29 01:54:02 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:34 2003 Subject: Passwd Expiry In-Reply-To: <3BDD2336.72CE5178@gmx.net> Message-ID: Does it work without PAM as well (eg on BSD systems?) -----Oorspronkelijk bericht----- Van: samba-ntdom-admin@lists.samba.org [mailto:samba-ntdom-admin@lists.samba.org]Namens Lars O. Grobe Verzonden: maandag 29 oktober 2001 10:37 Aan: peter.milburn@sofcom.com.au CC: samba-ntdom@lists.samba.org Onderwerp: Re: Passwd Expiry Hi! In 2.2.1 I did this with "obey pam restrictions". I have tng here at the moment, so I can't validate this setting with 2.2.2. Hope this helps, CU, Lars. From leong at nti.com.my Mon Oct 29 02:41:04 2001 From: leong at nti.com.my (Tai Kee Leong) Date: Tue Dec 2 02:36:34 2003 Subject: Samba-2.2.2 installation, is it complete? Message-ID: <006e01c16066$f637d770$9e080a0a@Tai> I have try install samba-2.2.2 according to documentation Samba-HOWTO-collection. I follow the steps until steps 5b. The folowing command were tpye. root# pwd /usr/local/samba/bin root# smbd -D bash: smbd: command not found root# testparm bash: testparm: command not found Is there something I miss? Thank you. -------------- next part -------------- HTML attachment scrubbed and removed From kunathma at pilot.msu.edu Mon Oct 29 02:47:03 2001 From: kunathma at pilot.msu.edu (Marcel Kunath) Date: Tue Dec 2 02:36:34 2003 Subject: Samba-2.2.2 installation, is it complete? In-Reply-To: <006e01c16066$f637d770$9e080a0a@Tai> from "Tai Kee Leong" at Oct 29, 2001 06:46:21 pm Message-ID: <200110291047.f9TAlac93706@pilot27.cl.msu.edu> /usr/local/samba/bin is not in ur PATH. either include it in ur PATH or reinstall into a working directory which is in the path or use full directory drescriptor or ./smbd > > This is a multi-part message in MIME format. > > ------=_NextPart_000_006B_01C160AA.0084E220 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > I have try install samba-2.2.2 according to documentation = > Samba-HOWTO-collection. I follow the steps until steps 5b. The folowing=20 > command were tpye.=20 > > root# pwd > /usr/local/samba/bin > root# smbd -D > bash: smbd: command not found > root# testparm > bash: testparm: command not found > > Is there something I miss? Thank you. > > ------=_NextPart_000_006B_01C160AA.0084E220 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > > > charset=3Diso-8859-1"> > > > > >
I have try install samba-2.2.2 = > according to=20 > documentation Samba-HOWTO-collection. I follow the steps until steps 5b. = > The=20 > folowing
>
command were tpye.
>
 
>
root# = > pwd
/usr/local/samba/bin
>
root# smbd -D
bash: smbd: command = > not=20 > found
root# testparm
bash: testparm: command not = > found
>
 
>
Is there something I miss? Thank=20 > you.
> > ------=_NextPart_000_006B_01C160AA.0084E220-- > > > From klf at studcs.uni-sb.de Mon Oct 29 03:28:16 2001 From: klf at studcs.uni-sb.de (Peter =?iso-8859-1?Q?H=FCbschen?=) Date: Tue Dec 2 02:36:34 2003 Subject: Samba-2.2.2 installation, is it complete? References: <006e01c16066$f637d770$9e080a0a@Tai> Message-ID: <3BDD4BB6.CEBB7B25@studcs.uni-sb.de> First, the smbd daemon is per default in /sbin (since version 2.2) and not /bin. At most distribution you have to use ./ for starting a program from the actual directory, i.e. if testparm is under /usr/local/samba/bin und you are in this directory, you have to type ./testpam. Hope that helps Peter Tai Kee Leong schrieb: > I have try install samba-2.2.2 according to documentation > Samba-HOWTO-collection. I follow the steps until steps 5b. The > folowingcommand were tpye. root# pwd > /usr/local/samba/binroot# smbd -D > bash: smbd: command not found > root# testparm > bash: testparm: command not found Is there something I miss? Thank > you. From Joachim.Tork at gad.de Mon Oct 29 04:53:02 2001 From: Joachim.Tork at gad.de (Joachim.Tork@gad.de) Date: Tue Dec 2 02:36:34 2003 Subject: suse 7.2 and acl Message-ID: Hello, I just installed acl on SuSE 7.2 starting from acl.bestbits.at. There is a step by step guide how to do it. There is an even better instruction unfortunately in german, if you don't mind: www.pl-berichte.de/t_system/print/ext2_acl.html . But I think this version of acl supports only ext2 filesystems. I installed a standard 2.4.10 Kernel without problems. Best regards Joachim From huels at mk-ag.de Mon Oct 29 05:06:01 2001 From: huels at mk-ag.de (=?iso-8859-1?Q?H=FCls=2C_Klaus-Dieter?=) Date: Tue Dec 2 02:36:34 2003 Subject: Samba 2.2.2 with winbind in a W2K-domain Message-ID: <4F95FD6170E53E41B85C266CA9CD6FEB3483@mkmail.mk-ag.de> Hi, I have problems to authenticate a W2K-client against a samba-2.2.2-server with winbind in a W2K-domain. The samba-server appears correctly in the network neighbourhood, but when trying to list the shares I just get another window to enter usersname and pwd. When trying wbinfo on the samba-server all users and groups of the domain are listed up correctly, so nsswitch.conf seams to be configured correctly. I also edited pam.d/samba for authentication with pam_winbind.so, but that does not seam to work. My questions : Is pam-configuration necessary to access the samba-shares via winbind ? When trying to join the samba-server to the W2K-domain I wanted to use samedit. But the tool is missing ! Does anybody know if it should be included in Samba-2.2.2 ? I joined my Samba-Server manually on the W2K-server. The configuration is as follows : - PDC : W2K Server (Domain-Name : MKW2K) - "Member"-Srv : Samba-2.2.2 with winbind (SuSE Linux 7.2, Kernel 2.4.4) - Client : W2K professional (Member of the W2K-Domain) Snap of my smb.conf : [global] workgroup = MKW2K netbios name = MKTEST netbios aliases = MKTEST server string = MKTEST Samba %v interfaces = 130.30.2.147/255.255.0.0 socket address = 130.30.2.147 security = domain password server = 130.30.2.143 preload = Netlogon winbind uid = 10000-20000 winbind gid = 10000-20000 template homedir = /home/%D/%U template shell = /bin/false winbind separator = + winbind cache time = 15 [sys] path = /sys write list = root MKW2K+kd valid users = root MKW2K+kd read only = No Any help would be usefull. Thanks in advance. kd **************************************** M?nchner Kapitalanlage AG EDV Klaus-Dieter H?ls Beethovenplatz 4 80336 M?nchen Tel.: +49 (89) 514 92 - 190 Fax.: +49 (89) 514 92 - 188 eMail : huels@mk-ag.de **************************************** From bgmilne at cae.co.za Mon Oct 29 06:38:03 2001 From: bgmilne at cae.co.za (Buchan Milne) Date: Tue Dec 2 02:36:34 2003 Subject: Installing on Mandrake 8.1 Suggested Reading Message-ID: <3BDD68D3.8040506@cae.co.za> Sylvestre Taburet and I are working on official updates for samba-2.2.2 on Mandrake 8.1, but we have one outstanding issue, namely XFS quotas (which should work from the samba side in 2.2.1a-15mdk as shipped with 8.1). In the meantime you can grab the current RPMs we are working with at: http://ranger.dnsalias.com/mandrake/samba/samba-2.2.2-mdk81/ These RPMs are compiled with XFS-ACL support, so you can use and manipulate ACLs on XFS from winnt/win2k boxes. The /etc/samba/smb.conf file included has most options required for PDC use (including profiles and netlogon shares, working add user script, sample configuration entry for using ntlogon - see RPM in contribs), just commented out so the average user doesn't take out his companys PDC by mistake ;-). I think the only useful parameter that does not have an example, is domain admin group: domain admin group = @domadm root (where domadm is a unix group of domain admins). I have tested these RPMs on my home box, but not on our production machine yet (not yet running an XFS capable kernel ....) There is also some updated documentation on Mandrakeuser.org: http://www.mandrakeuser.org/connect/csamba6.html Which covers some of this, including registry changes to allow joining of Windows XP. Regards, Buchan Soon I will be installing a test box to learn Samba 2.2.2 PDC on. It will be running Mandrake 8.1 Linux. What are the suggested readings for installing 2.2.2 (over top of what Mandrake comes with, or unselect it when installing the OS?), what to download, setting up the Domain, making the Win2K clients happy, yadda yadda... TIA! Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 808 2497 ext 202 Stellenbosch Automotive Engineering http://www.cae.co.za From Gary at EdisonInfo.com Mon Oct 29 11:01:03 2001 From: Gary at EdisonInfo.com (Gary S MacKay) Date: Tue Dec 2 02:36:34 2003 Subject: Help! oplocks issue Message-ID: <1988.192.168.0.5.1004382119.squirrel@www.edisoninfo.com> We converted a 40 user network over from Netware to a new RedHat 7.1 server running the latest Samba 2.2.2. This morning when multiple users tried to run a database app (uses standard dbase III type tables) the app blows up at random places. I presume this is a file locking issue since one user can work fine. With the new version of samba, what are the proper settings supposed to be in the smb.conf file for oplocks, kernel oplocks, etc,. etc..?? I have a bunch of very angry women after me! Help! - Gary From greg at kwikfind.com Mon Oct 29 11:17:04 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:34 2003 Subject: Help! oplocks issue In-Reply-To: <1988.192.168.0.5.1004382119.squirrel@www.edisoninfo.com> Message-ID: Gary, There has been alot of discussion on this list with regards to oplocks. Database apps seem to cause the more trouble than typical apps as far as file locking is concerned. Personally, I set oplocks to no on my network as it works better for my situation. I'm betting you'll find the answer to your questions by running a search of the samba-ntdom mailing list archives. http://marc.theaimsgroup.com/?l=samba-ntdom&r=1&w=2 Regards, Greg Zartman From greg at kwikfind.com Mon Oct 29 14:03:04 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:34 2003 Subject: Delete User Script Message-ID: How does the delete user script work? Does it delete machine accounts when you move from a domain to a work group? Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. (541)683-8383 fax (541)683-8144 www.leiinc.com From jra at samba.org Mon Oct 29 18:18:15 2001 From: jra at samba.org (Jeremy Allison) Date: Tue Dec 2 02:36:34 2003 Subject: Possible bug when I try to copy a subtree with windows explorer (PR#21927) In-Reply-To: <20011029222148.CB2B24BA5@lists.samba.org>; from xavier@iname.com on Mon, Oct 29, 2001 at 02:21:48PM -0800 References: <20011029222148.CB2B24BA5@lists.samba.org> Message-ID: <20011029181708.K28429@va.samba.org> On Mon, Oct 29, 2001 at 02:21:48PM -0800, xavier@iname.com wrote: > Full_Name: Xavier Garcia > Samba_Version: 2.2.2 > Server_OS: Debian Woody 2.4.13 > Client_OS: Windows 98/2000/XP > Submission from: (NULL) (217.126.84.39) > > > If you have this subtree : > > DirA > L----DirB > I L----DirA > I I > I L-file1.ext > I > L-file1.ext > > you get an error about existing DirA when the system try to copy this subtree to > the root of a shared in a samba server, de inside DirA directory or the > file1.ext file don't get copied because they EXIST ! (wrong because they exist > in another level of the tree that it's created in the copy process, file and > directories have identical names) > > Please try to reproduce in any of your servers. > > I copy with a Drag&Drop from the files view to the tree view of explorer. > The same error occurs within the command line processor of windows using xcopy > /s/e. I'm afraid this looks like a problem Andrew discovered with the Debian Samba 2.2.2 only. It appears that the Debian Samba maintainer added a completely untested (by the Samba Team) patch to their 2.2.2 release, and LEFT THE SAME VERSION NUMBER !!!!! I'm not too happy about this (I know Andrew isn't) and don't really want to waste my time debugging problems introduced by vendors. We ship a "known" version for a reason, if Vendors want to change it please at least modify the version string so we know it isn't the code we tested....... Regards, Jeremy Allison, Samba Team. From S_Elble at yahoo.com Mon Oct 29 18:42:19 2001 From: S_Elble at yahoo.com (Sean Elble) Date: Tue Dec 2 02:36:34 2003 Subject: Possible bug when I try to copy a subtree with windows explorer (PR#21927) References: <20011029222148.CB2B24BA5@lists.samba.org> <20011029181708.K28429@va.samba.org> Message-ID: <011801c160ec$41b9f9a0$0a00a8c0@intranet.mp3s.com> Jeremy, Just a thought, but maybe you could add an option to the confiigure script to define a custom Samba version. It's something very easy to append something to, but it might offer more "incentive" if vendors could control this from one point. A case in point would be a RPM spec file; all a vendor would have to do is update the source tree, and rpm -ba samba2.spec, assuming they add their custom version tag in the configure line in the spec. Just a thought, my 2 cents worth, etc.. :-) ----------------------------------------------- Sean P. Elble Editor, Writer, Co-Webmaster ReactiveLinux.com (Formerly MaximumLinux.org) http://www.reactivelinux.com/ elbles@reactivelinux.com ----------------------------------------------- ----- Original Message ----- From: "Jeremy Allison" To: Cc: ; ; ; ; ; ; Sent: Monday, October 29, 2001 9:17 PM Subject: Re: Possible bug when I try to copy a subtree with windows explorer (PR#21927) > On Mon, Oct 29, 2001 at 02:21:48PM -0800, xavier@iname.com wrote: > > Full_Name: Xavier Garcia > > Samba_Version: 2.2.2 > > Server_OS: Debian Woody 2.4.13 > > Client_OS: Windows 98/2000/XP > > Submission from: (NULL) (217.126.84.39) > > > > > > If you have this subtree : > > > > DirA > > L----DirB > > I L----DirA > > I I > > I L-file1.ext > > I > > L-file1.ext > > > > you get an error about existing DirA when the system try to copy this subtree to > > the root of a shared in a samba server, de inside DirA directory or the > > file1.ext file don't get copied because they EXIST ! (wrong because they exist > > in another level of the tree that it's created in the copy process, file and > > directories have identical names) > > > > Please try to reproduce in any of your servers. > > > > I copy with a Drag&Drop from the files view to the tree view of explorer. > > The same error occurs within the command line processor of windows using xcopy > > /s/e. > > I'm afraid this looks like a problem Andrew discovered with the Debian > Samba 2.2.2 only. > > It appears that the Debian Samba maintainer added a completely > untested (by the Samba Team) patch to their 2.2.2 release, and > LEFT THE SAME VERSION NUMBER !!!!! > > I'm not too happy about this (I know Andrew isn't) and don't > really want to waste my time debugging problems introduced by > vendors. > > We ship a "known" version for a reason, if Vendors want to change > it please at least modify the version string so we know it isn't > the code we tested....... > > Regards, > > Jeremy Allison, > Samba Team. From doverbey at att.com Mon Oct 29 20:09:46 2001 From: doverbey at att.com (Overbey, Alfred D (Dudley), ALCOO) Date: Tue Dec 2 02:36:34 2003 Subject: Help Message-ID: <74745B5500AD8E4B9C48BC9CCECB6E010FB37A@OCCLUST04EVS1.ugd.att.com> I am trying to upgrade from samba 1.9.18p10 to either samba 2.2.1 or samba-2.2.2; besides the additional functionality, I was told that I needed one of these for Win2K functionality. After installing the new version 2.2.1, my client machines can no longer connect to their shares, personal or public shares. I have a smbpasswd file which includes the machine names of the clients along with logins. This file was generated using the convert script. The permissions are 600. When connecting, I receive one of the following messages: "Access is denied." Or "The specified network password is not correct." We are using the registry hack for clear text passwords. This all work fine for the previous version. Would someone kindly tell me what it is that I missed or screwed up? Thanks doverbey@att.com From daniel at systemexploit.org Mon Oct 29 23:30:04 2001 From: daniel at systemexploit.org (Daniel Frencham) Date: Tue Dec 2 02:36:35 2003 Subject: XP netbios and mutiple subnets Message-ID: <009d01c16114$b11ad350$c954000a@ocean> Hello, I run a medium sized network with multiple subnets. I have "allow netbios forwarding" enabled on all routers, but I can't always contact XP machines in other subnets. I just get "host not found". Also, sometimes XP machines give the message "the trust relationship between the workstation and the domain failed". Daniel Frencham -------------- next part -------------- HTML attachment scrubbed and removed From daniel at systemexploit.org Mon Oct 29 23:42:02 2001 From: daniel at systemexploit.org (Daniel Frencham) Date: Tue Dec 2 02:36:35 2003 Subject: XP netbios and mutiple subnets Message-ID: <00b301c16116$5e836a10$c954000a@ocean> Hello, I run a medium sized network with multiple subnets. I have "allow netbios forwarding" enabled on all routers, but I can't always contact XP machines in other subnets. I just get "host not found". Also, sometimes XP machines give the message "the trust relationship between the workstation and the domain failed". Daniel Frencham From DavidAtkinson at solectron.com Tue Oct 30 00:50:07 2001 From: DavidAtkinson at solectron.com (DavidAtkinson@solectron.com) Date: Tue Dec 2 02:36:35 2003 Subject: XP netbios and mutiple subnets Message-ID: <91C8BF85397AD411B62A0090274FA17F5D6838@wangex.wta.slr.com> To use multiple subnets you need to be using WINS. You can get around this by setting up your a samba server to act as a wins server and act as a broadcast proxy. the options are : wins support = yes wins proxy = yes but for this to work you need to have a samba server on each subnet. The samba servers on other subnets need to have options like : wins server = 10.20.30.40 wins proxy = yes You can use an NT machine as the wins server. Just set up all the samba machines as with the second options. (wins server = x.x.x.x). Ideally though you would want to (eventually) move all the clients to using a wins server directly, rather than through proxy broadcasts. The other option is far uglier. You can setup lmhost files. there should be a file called lmhosts or lmhosts.sam in your windows directory. You can use this as a basis, but I would not recommend this for the same reason I would not recommend using host files in place of DNS. -----Original Message----- From: Daniel Frencham [mailto:daniel@systemexploit.org] Sent: Tuesday, 30 October 2001 5:42 PM To: samba-ntdom@lists.samba.org Subject: XP netbios and mutiple subnets Hello, I run a medium sized network with multiple subnets. I have "allow netbios forwarding" enabled on all routers, but I can't always contact XP machines in other subnets. I just get "host not found". Also, sometimes XP machines give the message "the trust relationship between the workstation and the domain failed". Daniel Frencham From daniel at systemexploit.org Tue Oct 30 01:09:03 2001 From: daniel at systemexploit.org (Daniel Frencham) Date: Tue Dec 2 02:36:35 2003 Subject: XP netbios and mutiple subnets References: <91C8BF85397AD411B62A0090274FA17F5D6838@wangex.wta.slr.com> Message-ID: <00c301c16122$a2d25440$c954000a@ocean> > To use multiple subnets you need to be using WINS. You can get around this > by setting up your a samba server to act as a wins server and act as a > broadcast proxy. I already am. All subnets have a Samba server on them which relays Netbios broadcasts. My PDC is also my WINS server (running on samba). Daniel Frencham From rickera2 at SLU.EDU Tue Oct 30 06:54:02 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:35 2003 Subject: Log question Message-ID: <3BDEBF5D.FA85A22E@slu.edu> All, I continually see this error in my logs. As I understand it, the account is used to map users who fail to authenticate and samba tries to use the nobody account. Am I wrong? As you can see, this happens throughout the night. Any thoughts as to what is happening? Cheers, Tony Oct 29 18:32:59 sifl smbd[8811]: authorise_login: rejected invalid user nobody Oct 29 19:20:59 sifl smbd[8871]: authorise_login: rejected invalid user nobody Oct 29 21:08:58 sifl smbd[9034]: authorise_login: rejected invalid user nobody Oct 29 22:08:58 sifl smbd[9178]: authorise_login: rejected invalid user nobody Oct 29 22:46:28 sifl smbd[9211]: authorise_login: rejected invalid user nobody Oct 29 23:10:28 sifl smbd[9265]: authorise_login: rejected invalid user nobody Oct 29 23:34:28 sifl smbd[9292]: authorise_login: rejected invalid user nobody Oct 30 00:25:27 sifl smbd[9351]: authorise_login: rejected invalid user nobody Oct 30 00:37:27 sifl smbd[9375]: authorise_login: rejected invalid user nobody Oct 30 01:01:27 sifl smbd[9429]: authorise_login: rejected invalid user nobody Oct 30 01:37:27 sifl smbd[9459]: authorise_login: rejected invalid user nobody Oct 30 02:14:12 sifl smbd[9516]: authorise_login: rejected invalid user nobody Oct 30 02:38:12 sifl smbd[9543]: authorise_login: rejected invalid user nobody Oct 30 03:02:11 sifl smbd[9597]: authorise_login: rejected invalid user nobody Oct 30 03:14:11 sifl smbd[9600]: authorise_login: rejected invalid user nobody Oct 30 04:41:11 sifl smbd[9845]: authorise_login: rejected invalid user nobody Oct 30 04:53:10 sifl smbd[9848]: authorise_login: rejected invalid user nobody Oct 30 04:53:10 sifl smbd[9848]: authorise_login: rejected invalid user nobody -- ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From damed92 at hotmail.com Tue Oct 30 07:42:07 2001 From: damed92 at hotmail.com (Ed Dam) Date: Tue Dec 2 02:36:35 2003 Subject: Lexmark Problem Message-ID: hello... I have successfully set up Linux with Samba 2.2.1a as a print server. I was able to get the drivers for my printers uploaded, and I can install them on any machine. The only problem I have is that when a user installs the printer, then sets the printer settings, the printer settings reset themselves at every reboot - even every time you go to view the print settings, it resets them to default. If I install the printer as a local device, I can change settings and it saves them.. What is going on? This is really frustrating. Thanks Ed Dam Network Administrator Dana Canada, Inc. -------------- next part -------------- HTML attachment scrubbed and removed From barroca at dcc.ufmg.br Tue Oct 30 07:44:02 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:35 2003 Subject: Printing oly as admin user In-Reply-To: <3BD59D4F.3B8C6F8D@kiwi.dhs.org> Message-ID: put in the global admin users = user1,user2,user3,@group1 Leonardo On Tue, 23 Oct 2001, Aoclarit wrote: > may I ask you how you created those domain admin users cause I have trouble > doing that. > > THX > > Leonardo Luiz Padovani da Mata wrote: > > > hi all. > > my linux box is sharig the printer, but only user defined as adim user can > > print. > > i need to make users that aren`t admin print. > > i also need to make user that has the password in other PDC (NT) to print > > in this share. > > > > Leonardo > > > From barroca at dcc.ufmg.br Tue Oct 30 07:46:03 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:35 2003 Subject: Problems with trust relationship In-Reply-To: <3BD395EC.9436F7B9@bajajauto.co.in> Message-ID: Whel, i can print to the linux box, but only with the user that have the same account in NT PDC and the linux box. i've tryed to create the machine account but i've got an error.How am i create the accounts ? Leonardo On Mon, 22 Oct 2001, NITIN PANDE wrote: > Leonardo, > You need to share the printer, which you have already done. Make sure you are > able to see the printer share on a M$ box. If you are not able to see the > shares of your Linux box, then you have to properly join it to the Domain. > For that you will have to create a machine account and join it. HTH, > Ciao, > Nitin Pande > Mail Administrator > > > Leonardo Luiz Padovani da Mata wrote: > > > let em explain my problem: > > on my network there is a PDC and a BDC,and there is a trust relationship > > bettween these two. > > so, when a workstation try to print to my linux workstation,it's TILT! > > i'd like to know if there is some way to make workstations that take > > password of the PDC (NT), print in a linux share ? > > if it is not possible, if there is a way to create a machine account for > > the linux box. > > Leonardo > > > From damed92 at hotmail.com Tue Oct 30 08:00:07 2001 From: damed92 at hotmail.com (Ed Dam) Date: Tue Dec 2 02:36:35 2003 Subject: Printer Problem Message-ID: hello... I have successfully set up Linux with Samba 2.2.1a as a print server. I was able to get the drivers for my printers uploaded, and I can install them on any machine. The only problem I have is that when a user installs the printer, then sets the printer settings, the printer settings reset themselves at every reboot - even every time you go to view the print settings, it resets them to default. If I install the printer as a local device, I can change settings and it saves them.. What is going on? This is really frustrating. Thanks Ed Dam Network Administrator Dana Canada, Inc. -------------- next part -------------- HTML attachment scrubbed and removed From phillip at vanessen-online.de Tue Oct 30 08:00:45 2001 From: phillip at vanessen-online.de (Phillip van Essen) Date: Tue Dec 2 02:36:35 2003 Subject: Samba 2.2.2. and Win2K - no usual win2k-problem, i guess Message-ID: <000101c1615c$035b86e0$0364a8c0@homenet> Hi everyone! Is there a tool (possibly a GUI???) to create the security rules for a samba user, logging onto a win2k-machine. At the moment, every user is allowed to do anything(!) on the machine. I don't want this because it's a system located in a school. You know, those terrible hacker-kids ruin the machine before the login-mask comes up ;) Thanks 2 every guy out there!! Phil --- Phillip van Essen Speyerer Str. 26 68782 Br?hl/Baden Tel.: (06202) 575398 From Michael.Keightley at quadstone.com Tue Oct 30 08:37:02 2001 From: Michael.Keightley at quadstone.com (Michael Keightley) Date: Tue Dec 2 02:36:35 2003 Subject: XP and roaming profiles Message-ID: <20011030163731.A739@quadstone.com> I've managed to join an WinXP machine to our Samba-2.2.2 domain. I've setup our Samba config so the profiles are stored centrally, rather than in home dirs for NT and W2K. But when I logout of a domain user it splats files all over the users top level home directory. Here are the appropriate bits from our smb.conf file: [global] .... logon path = \\%N\profile\%U logon drive = q: [profile] path = /home/samba/%a/profile writeable = yes So in NT it stores the profiles in /home/samba/WinNT/profile/ and in W2K in /home/samba/Win2K/profile/ I've create a directory /home/samba/WinXP/profile/ and made it work writable, but nothing is ever stored in here. Michael -- Michael Keightley Tel: +44 131 220 4491 Systems Manager, Quadstone Limited, Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com From pauls at SCCWRP.ORG Tue Oct 30 08:52:24 2001 From: pauls at SCCWRP.ORG (Paul Smith) Date: Tue Dec 2 02:36:35 2003 Subject: help, with domain fallout problem Message-ID: <3BDEDBF4.83FB02F0@sccwrp.org> I've been installing a new samba server onto our local domain and I've run into a major problem. The domain controller and backup domain controller are Nt boxes. I have another samba server on the network as well. Both the new samba server and the one I previously had are set to point to the Nt domain controller for authentication. Here's my blunder which seems to be resulting in a catastrophe: To join the new samba server to the domain I used Server Manager to create the account "as an Nt workstation or Member server" then at the linux samba box I typed: smbpasswd -r "my domain controller server" -j "domain name" -U administrator then I got prompted for a password, which I typed in. Then I hear some noise on the domain controller and I get back an error on the linux samba terminal. My workstation (nt workstation) gets an administrative message indicating that the lmsass.exe has terminated. I can't log into the domain controller (message states "The system cannot log you on (C0000037) please try again or consult your system administrator). All the nt workstations can see the domain controller, but cannot access it. The backup domain controller is giving my error messages now as well. Help! what do I do. Has the new samba server taken over the domain controller position, if so how do I revert it. Thank you for any help, Paul pauls@sccwrp.org From amella at nebula-sa.com.ar Tue Oct 30 09:28:05 2001 From: amella at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:36:35 2003 Subject: Trusth relationship Message-ID: <001801c16168$4c7c6b80$1a3ca8ac@jusbaoires.gov.ar> i have a samba PDC "A" and i want to maintain trusth relationships betwen another PDC "B" (NT SERVER) to give acces to the users of "A" to the shares of "B" and the users of "B" acces to the shares of "A". any idea? thx -------------- next part -------------- HTML attachment scrubbed and removed From andrew at cmliris.harvard.edu Tue Oct 30 09:45:02 2001 From: andrew at cmliris.harvard.edu (Andrew B. Greytak) Date: Tue Dec 2 02:36:35 2003 Subject: How do I make samba NOT be a domain controller? Message-ID: Hi, My question is: I want to have my samba server allow domain users to connect, but I do NOT want the samba box to be a domain controller. What settings do I need? The story so far: The domain has an NT4 PDC and an NT4 BDC, a bunch of NT and 2000 workstations, and (hopefully) one RH linux box running samba 2.2.2. By using security = server or security = domain, users are indeed able to connect and everything appears fine. However, from time to time Windows NT workstations in the domain think that my linux box is a domain controller. Then, users can't log in on the windows boxes and it is difficult to get them to talk to the real PDC again. In the Windows NT server manager, the linux box always appears as a "Windows NT 4.5 Backup" -- but I don't want it to be a backup! I have set the browser level to zero and set all the browsing master options to false, but the problem persists. Also, at this point I cannot get the linux box to join the domain (it is only a member of the workgroup now, but still manages to confuse other workstations). When running smbpasswd -r -j I get the error NT_STATUS_NO_TRUST_SAM_ACCOUNT. So, I'd appreciate any advice. Andrew Greytak Lieber research group, Harvard Chemistry dept. From barroca at dcc.ufmg.br Tue Oct 30 09:51:02 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:35 2003 Subject: Passowrd Authentication Message-ID: What kind of passowrd db samba can use? What kind of Password server samba can use? Samba supports Mysql? Leonardo From amella at nebula-sa.com.ar Tue Oct 30 09:55:04 2001 From: amella at nebula-sa.com.ar (Ariel Mella) Date: Tue Dec 2 02:36:35 2003 Subject: trusth relationship Message-ID: <002c01c1616b$cee391e0$1a3ca8ac@jusbaoires.gov.ar> i have a samba PDC "A" and i want to maintain trusth relationships = betwen another PDC "B" (NT SERVER) to give acces to the users of "A" to = the shares of "B" and the users of "B" acces to the shares of "A". any idea? thx From nicolas at nickky.ca Tue Oct 30 10:24:13 2001 From: nicolas at nickky.ca (Nicolas) Date: Tue Dec 2 02:36:35 2003 Subject: Samba 2.2.1a/2.2.2 install with Win2000ServerSP2 Message-ID: I am currently running Samba perfectly as a PDC with Windows 98, Windows ME Clients... but yesterday we passed the whole night to simply add a Windows 2000 Server SP2 Server to the Domain and either it's always keeping asking for a valid username and password with rights to add the machine to the domain. But I added the machine name to the password files with the $ then I did the smbpasswd -a -m I also tried to add a completly different username and password with administrator rights in smb.conf. still returning me an error... We found on another mailing list an issue with the type of Encryption behing different in 2000 Server SP2. Help! :-) We dont want to transfer our users to Windows 2000 Server SP2 we want to keep using this good and stable samba. Best Regards, Nicolas Rolland nicolas@nickky.ca From damed92 at hotmail.com Tue Oct 30 10:46:47 2001 From: damed92 at hotmail.com (Ed Dam) Date: Tue Dec 2 02:36:35 2003 Subject: Printer Problem Message-ID: Well, as it turns out - it must be a driver issue. I installed the PostScript driver for the printer instead, and it holds all the settings.. Weird, huh?... Thanks everyone. ----- Original Message ----- From: Ed Dam To: samba-ntdom@samba.org Sent: Tuesday, October 30, 2001 11:00 AM Subject: Printer Problem hello... I have successfully set up Linux with Samba 2.2.1a as a print server. I was able to get the drivers for my printers uploaded, and I can install them on any machine. The only problem I have is that when a user installs the printer, then sets the printer settings, the printer settings reset themselves at every reboot - even every time you go to view the print settings, it resets them to default. If I install the printer as a local device, I can change settings and it saves them.. What is going on? This is really frustrating. Thanks Ed Dam Network Administrator Dana Canada, Inc. -------------- next part -------------- HTML attachment scrubbed and removed From Gary at EdisonInfo.com Tue Oct 30 11:20:02 2001 From: Gary at EdisonInfo.com (Gary S MacKay) Date: Tue Dec 2 02:36:35 2003 Subject: Samba 2.2.1a/2.2.2 install with Win2000ServerSP2 In-Reply-To: References: Message-ID: <59913.208.44.227.17.1004469621.squirrel@www.edisoninfo.com> You need to have a user in samba called 'root'. You then use that user and password when Win2k asks for the admin person. Works then. I setup a bunch over the weekend. Also, make sure you have the latest version of samba, 2.2.2 I think. - Gary Nicolas said: > > > I am currently running Samba perfectly as a PDC > with Windows 98, Windows ME Clients... but yesterday > we passed the whole night to simply add a > Windows 2000 Server SP2 Server to the Domain > and either it's always keeping asking for a > valid username and password with rights to add the > machine to the domain. > > But I added the machine name to the password files with the $ > then I did the smbpasswd -a -m > > I also tried to add a completly different username > and password with administrator rights in smb.conf. > > still returning me an error... > We found on another mailing list an issue with the type > of Encryption behing different in 2000 Server SP2. > > > Help! :-) We dont want to transfer our users to Windows 2000 Server SP2 > we want to keep using this good and stable samba. > > > > Best Regards, > Nicolas Rolland > nicolas@nickky.ca From phillip at vanessen-online.de Tue Oct 30 11:41:05 2001 From: phillip at vanessen-online.de (Phillip van Essen) Date: Tue Dec 2 02:36:35 2003 Subject: Samba 2.2.2. and Win2K - no usual win2k-problem, i guess Message-ID: <000d01c1617a$da39a5c0$0364a8c0@homenet> Hi everyone! Is there a tool (possibly a GUI???) to create the security rules for a samba user, logging onto a win2k-machine. At the moment, every user is allowed to do anything(!) on the machine. I don't want this because it's a system located in a school. You know, those terrible hacker-kids ruin the machine before the login-mask comes up ;) Thanks 2 every guy out there!! Phil --- Phillip van Essen Speyerer Str. 26 68782 Br?hl/Baden Tel.: (06202) 575398 From ig4812 at alunos.ipb.pt Tue Oct 30 11:45:12 2001 From: ig4812 at alunos.ipb.pt (Paulo Gomes) Date: Tue Dec 2 02:36:35 2003 Subject: policies not working Message-ID: <3BDF02AD.8CB62168@alunos.ipb.pt> I have migrate from samba-2.2.1a to samba-2.2.2 on redhat 7.1 Since that, policies stop working. Can someone help me? From Eric.Wallace at nsc.com Tue Oct 30 12:13:02 2001 From: Eric.Wallace at nsc.com (Eric Wallace) Date: Tue Dec 2 02:36:35 2003 Subject: Guest access even when domain is out of service? Message-ID: < "090343BDF08BE170*/c=US/admd= /prmd=National/o=notes/ou=Americas/s=Wallace/g=Eric/"@MHS> [cross-posted to Samba & Samba-NTdom.] I'm proposing Samba as a solution for several problems in an enterprise environment. However, high availability is absolutely critical to some applications, hence the question... Since Samba apparently can't serve up "local" accounts when it's using domain-level security (couldn't this be made an option?!?), I need to know if a domain-member configured Samba server will allow "guest" access (assuming it's configured properly) even when all the NT domain controllers are completely unavailable. Or, does the domain security call upon the domain's guest account, and therefore not work when the domain is gone? Will there be a time delay (timeout contacting domain controllers) before Samba allows the guest login? Has anyone really tested and proved this? Thanks for your input! ~eric w. wallace national semiconductor/maine i.s. infrastructure systems engineer From mdt-tech-mailbox at home.com Tue Oct 30 14:01:10 2001 From: mdt-tech-mailbox at home.com (Mike Traynor) Date: Tue Dec 2 02:36:35 2003 Subject: Some questions about networking with NT/Win2K ... Message-ID: <20011030220113.THBD5032.femail1.sdc1.sfba.home.com@GANDALF> Hi all, I've had 2.2.1a working well on a small network with Win98 clients for some time now. I'm having a bit of a struggle getting a Win2K client working, though. I think the problem is as much my lack of understanding of NT/2000 as of Samba. Answers to any of the following questions would be of help as I try to get things up and running: 1. What exactly does Win2K mean by a "computer account"? 2. How is this different from a "user account"? 3. What is the difference between a "global" and a "local" user account? 4. What is the difference between a "workgroup" and a "domain"? In addition, any hints on what I need to modify (eg. smb.conf, passwords, etc.) to use Win2K clients (given that I have a setup which works for Win98 clients) would be much appreciated. Thanks in advance, Mike Traynor. From ddjones at riddlemaster.org Tue Oct 30 15:34:02 2001 From: ddjones at riddlemaster.org (Daniel D Jones) Date: Tue Dec 2 02:36:35 2003 Subject: Win2k Pro Message-ID: <20011030233356.5520C4279@lists.samba.org> -----BEGIN PGP SIGNED MESSAGE----- I'm running samba 2.2.2 on a Debian (unstable) system. I have samba configured as the PDC. A Win98 box on the network logs into the domain without error. The Linux server shows up in Network Neighborhood; the home directory is visible as a share, as well as other shares I have set up. The 98 box also sees a 2k (pro) box on the network. Shares on both Windows machines are readily accesible from the other. The 2k box, however, does not see the Linux server at all. It does not show up in Network Neighborhood. A search for it fails. A manaul mapping of a share fails. Attempts to set the 2k machine to log into the domain results in errors that the domain controler does not exist. Clues or pointers as to where I may be misconfigured would be much appreciated. -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQB1AwUBO99F2TA1uBpee9v5AQEoTgMAsVw6nwaWm1mQbS+jYJaf+mz2QETuWuGI 3I7wUz4pYyIF6Z6BY3lB83o4PTFm4Oa3ct1rBFf/i11wMM6nbXRKU3olbQG1Vlf2 KYfsCfJd1z4PewZLLgBwv333HR81dIDL =buJ7 -----END PGP SIGNATURE----- From abartlet at pcug.org.au Tue Oct 30 17:04:01 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:36:35 2003 Subject: Passowrd Authentication References: Message-ID: <3BDF4DF5.EF5CF1D3@bartlett.house> Leonardo Luiz Padovani da Mata wrote: > > What kind of passowrd db samba can use? Its own, or PAM for cleartext authentications (not recommended). > What kind of Password server samba can use? Any other SMB server. > Samba supports Mysql? Only if you want to get down and very dirty with the code. Possible solution with PAM and an appropriate PAM module, still requires local system users. > Leonardo > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- Andrew Bartlett abartlet@pcug.org.au Samba Team member, Build Farm maintainer abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net From gary at edisoninfo.com Tue Oct 30 17:59:04 2001 From: gary at edisoninfo.com (Gary MacKay) Date: Tue Dec 2 02:36:35 2003 Subject: Win2k Pro References: <20011030233356.5520C4279@lists.samba.org> Message-ID: <3BDF5B06.79C6DE14@edisoninfo.com> Don't know if this is your problem or not, but I fought this same problem over the weekend. Turned out that someone had turned off the "Netbios over TCP/IP" checkbox in the Win2K config. Turned that back on and joined the domain fine. - Gary Daniel D Jones wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > I'm running samba 2.2.2 on a Debian (unstable) system. I have samba > configured as the PDC. A Win98 box on the network logs into the domain > without error. The Linux server shows up in Network Neighborhood; the home > directory is visible as a share, as well as other shares I have set up. The > 98 box also sees a 2k (pro) box on the network. Shares on both Windows > machines are readily accesible from the other. The 2k box, however, does not > see the Linux server at all. It does not show up in Network Neighborhood. A > search for it fails. A manaul mapping of a share fails. Attempts to set the > 2k machine to log into the domain results in errors that the domain controler > does not exist. > > Clues or pointers as to where I may be misconfigured would be much > appreciated. > > -----BEGIN PGP SIGNATURE----- > Version: 2.6.3ia > Charset: noconv > > iQB1AwUBO99F2TA1uBpee9v5AQEoTgMAsVw6nwaWm1mQbS+jYJaf+mz2QETuWuGI > 3I7wUz4pYyIF6Z6BY3lB83o4PTFm4Oa3ct1rBFf/i11wMM6nbXRKU3olbQG1Vlf2 > KYfsCfJd1z4PewZLLgBwv333HR81dIDL > =buJ7 > -----END PGP SIGNATURE----- From peloy at debian.org Tue Oct 30 18:01:33 2001 From: peloy at debian.org (Eloy A. Paris) Date: Tue Dec 2 02:36:35 2003 Subject: Possible bug when I try to copy a subtree with windows explorer (PR#21927) In-Reply-To: <20011029181708.K28429@va.samba.org> References: <20011029222148.CB2B24BA5@lists.samba.org> <20011029181708.K28429@va.samba.org> Message-ID: <20011030210123.B615@antenas.dyndns.org> On Mon, Oct 29, 2001 at 06:17:08PM -0800, Jeremy Allison wrote: > I'm afraid this looks like a problem Andrew discovered with the Debian > Samba 2.2.2 only. > > It appears that the Debian Samba maintainer added a completely > untested (by the Samba Team) patch to their 2.2.2 release, and > LEFT THE SAME VERSION NUMBER !!!!! Mea culpa. We were trying to fix Debian bug #47493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=47493 > I'm not too happy about this (I know Andrew isn't) and don't > really want to waste my time debugging problems introduced by > vendors. > > We ship a "known" version for a reason, if Vendors want to change > it please at least modify the version string so we know it isn't > the code we tested....... I am sorry for all the troubles, Jeremy. I did contact the Samba Team a long time ago to try to get help with the bug we tried to fix. I got no response (perhaps I used the wrong channels?) and then a fellow Debian developer (Steve Langasek, of libpam-smb fame) offered help. That's how the offending patch sneaked in. To help solve the problem I built new packages. They hit the mirrors today. The new packages have backed out the patch that caused the problem and also version.h has been changed so the version number makes it clear that the user is running a Debian package. This will definitely help in future bug reports. Please note that I try to add the least amount of Debian-specific patches to the Debian packages I build. I mostly add the Debian package stuff, which does not touch anything in the source/ directory. Again, my apologies for the problems caused. Cheers! Eloy.- From awilliam at whitemice.org Tue Oct 30 19:04:02 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:36:35 2003 Subject: Some questions about networking with NT/Win2K ... In-Reply-To: <20011030220113.THBD5032.femail1.sdc1.sfba.home.com@GANDALF> References: <20011030220113.THBD5032.femail1.sdc1.sfba.home.com@GANDALF> Message-ID: <1004497459.16831.5.camel@estate1.whitemice.org> >I've had 2.2.1a working well on a small network with Win98 clients for some time >now. I'm having a bit of a struggle getting a Win2K client working, though. I >think the problem is as much my lack of understanding of NT/2000 as of Samba. >Answers to any of the following questions would be of help as I try to get things >up and running: >1. What exactly does Win2K mean by a "computer account"? An entity that represents a workstation, just as a user account is an entitiy that represents a user. These exist so that security contexts can be applied to the workstation as well as the user, required for any "real" security model. Kerberos requires much the same thing, it simply just refers to them as host principles vs. user principles. > 2. How is this different from a "user account"? What it represents, it serves the same purpose, aplying a security context. > 3. What is the difference between a "global" and a "local" user account? A domain user exists n the security context of the domain, and thus is "known" to any server/workstation in the domain. A local user exists only in the security context of the local machine. > 4. What is the difference between a "workgroup" and a "domain"? A workgroup is a collection of names, a domain is a security context in which entities exist. >In addition, any hints on what I need to modify (eg. smb.conf, passwords, etc.) to >use Win2K clients (given that I have a setup which works for Win98 clients) would >be much appreciated. This is clearly documented on the Samba web site. From gatisgailis at nilda.apollo.lv Tue Oct 30 19:54:03 2001 From: gatisgailis at nilda.apollo.lv (Gatis Gailis) Date: Tue Dec 2 02:36:35 2003 Subject: Win98 can't login Samba 2.2.0 PDC. Last hope, please help Message-ID: <001601c161bf$c7e70b20$6400a8c0@gatis> Hi, I have been trying to setup Samba 2.2.0 as PDC on RedHat 7.1 for about a week now, day and night, and I still can't get it to work. I have read the books Samba UNIX&NT Internetworking and RedHat Linux 6 Server and FAQ and HOWTO about Samba 2.2.x as PDC. So my plan is to set up a network consisting of 2 machines - Linux and Win98. To begin with I don't understand some things about linux server: 1. Do I need to set up a DNS server on Linux (I guess not, but still..)? 2. If I make Samba provide WINS service, do I need DNS? I use linuxconf to setup Host details and manual suggests to name the host HOST.DOMAIN, while Samba server is named in smb.conf->workgroup = DOMAIN. So I have one IP address, 192.168.0.1, for the HOST. I can ping this address 192.168.0.1 from my win98 machine, but I cannot ping the name HOST (in TCP/IP properties WINS is pointed to 192.168.0.1 and NetBIOS over TCP/IP enabled). 3. Does it mean that WINS is not working? Ok, I make a file lmhosts with entry 192.168.0.1 HOST and now I can ping HOST. What I don't understand is where is the domain server (e.g. what would be the entry in lmhosts), because I cannot ping name DOMAIN. I see a workgroup icon in Network Neiborhood named DOMAIN, but I cannot enter it, just says "Servers in this wkgroup not available"; and if I tell win98 to join DOMAIN, it thinks for a while and then spits "There are no servers to verify your name/password". Ok, maybe the problem is with Samba configuration. Here is my smb.conf: [global] unix password sync = yes server string = Samba workgroup = domain encrypt passwords = yes passwd program = /usr/bin/passwd smb passwd file = /usr/local/samba/private/smbpasswd security = user status = yes map to guest = never password level = 4 null passwords = no OS level = 65 preferred master = yes domain master = yes domain logons = yes # Next is from HOWTO add user script = /usr/sbin/adduser -n -g machines -c Win98Machine -d /dev/null -s /bin/false %m$ logon script = scripts\%U.bat domain admin group = @Win2Kadm guest account = ftp dead time = 0 load printers = yes allow hosts = 192.168.0. wins support = yes netbios name = host [printers] available = no printable = yes browseable = no public = no path = /var/spool/samba guest ok = no [homes] available = yes guest ok = no read only = no create mask = 0700 directory mask = 0700 locking = no [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no Besides, here is my /etc/sysconfig/network: networking=yes hostname="host.domain" # Do I really need gateway now? I understand that I would need it in case I have another network connected, e.g. Internet gateway="192.168.0.254" gatewaydev="eth0" forward_ipv4="no" /etc/sysconfig/network-scripts/ifcfg-eth0: device="eth0" bootproto="none" ipaddr="192.168.0.1" netmask="255.255.255.0" onboot="yes" I have set up users and machines in passwd, and made a /usr/local/samba/private/smbpasswd. Another thing I tried to do is smbclient -L host -U root, but it always said "BADSERV or BADPASSWD.....". I guess it was just because I entered not-encrypted password, but SAMBA is set to use encrypted passwords. If you have any idea what's wrong with all this, please healp me out as I am sleeping only some 3 hours a day and won't have peace untils it gets working. Gatis -------------- next part -------------- HTML attachment scrubbed and removed From gatisgailis at nilda.apollo.lv Tue Oct 30 20:04:01 2001 From: gatisgailis at nilda.apollo.lv (Gatis Gailis) Date: Tue Dec 2 02:36:35 2003 Subject: Win98 can't login Samba 2.2.0 PDC. Last hope, please help Message-ID: <002f01c161c1$2fda90c0$6400a8c0@gatis> Hi, I have been trying to setup Samba 2.2.0 as PDC on RedHat 7.1 for about a week now, day and night, and I still can't get it to work. I have read the books Samba UNIX&NT Internetworking and RedHat Linux 6 Server and FAQ and HOWTO about Samba 2.2.x as PDC. So my plan is to set up a network consisting of 2 machines - Linux and Win98. To begin with I don't understand some things about linux server: 1. Do I need to set up a DNS server on Linux (I guess not, but still..)? 2. If I make Samba provide WINS service, do I need DNS? I use linuxconf to setup Host details and manual suggests to name the host HOST.DOMAIN, while Samba server is named in smb.conf->workgroup = DOMAIN. So I have one IP address, 192.168.0.1, for the HOST. I can ping this address 192.168.0.1 from my win98 machine, but I cannot ping the name HOST (in TCP/IP properties WINS is pointed to 192.168.0.1 and NetBIOS over TCP/IP enabled). 3. Does it mean that WINS is not working? Ok, I make a file lmhosts with entry 192.168.0.1 HOST and now I can ping HOST. What I don't understand is where is the domain server (e.g. what would be the entry in lmhosts), because I cannot ping name DOMAIN. I see a workgroup icon in Network Neiborhood named DOMAIN, but I cannot enter it, just says "Servers in this wkgroup not available"; and if I tell win98 to join DOMAIN, it thinks for a while and then spits "There are no servers to verify your name/password". Ok, maybe the problem is with Samba configuration. Here is my smb.conf: [global] unix password sync = yes server string = Samba workgroup = domain encrypt passwords = yes passwd program = /usr/bin/passwd smb passwd file = /usr/local/samba/private/smbpasswd security = user status = yes map to guest = never password level = 4 null passwords = no OS level = 65 preferred master = yes domain master = yes domain logons = yes # Next is from HOWTO add user script = /usr/sbin/adduser -n -g machines -c Win98Machine -d /dev/null -s /bin/false %m$ logon script = scripts\%U.bat domain admin group = @Win2Kadm guest account = ftp dead time = 0 load printers = yes allow hosts = 192.168.0. wins support = yes netbios name = host [printers] available = no printable = yes browseable = no public = no path = /var/spool/samba guest ok = no [homes] available = yes guest ok = no read only = no create mask = 0700 directory mask = 0700 locking = no [netlogon] path = /usr/local/samba/netlogon writeable = no guest ok = no Besides, here is my /etc/sysconfig/network: networking=yes hostname="host.domain" # Do I really need gateway now? I understand that I would need it in case I have another network connected, e.g. Internet gateway="192.168.0.254" gatewaydev="eth0" forward_ipv4="no" /etc/sysconfig/network-scripts/ifcfg-eth0: device="eth0" bootproto="none" ipaddr="192.168.0.1" netmask="255.255.255.0" onboot="yes" I have set up users and machines in passwd, and made a /usr/local/samba/private/smbpasswd. Another thing I tried to do is smbclient -L host -U root, but it always said "BADSERV or BADPASSWD.....". I guess it was just because I entered not-encrypted password, but SAMBA is set to use encrypted passwords. If you have any idea what's wrong with all this, please healp me out as I am sleeping only some 3 hours a day and won't have peace untils it gets working. Gatis From mh at bacher.at Wed Oct 31 00:35:04 2001 From: mh at bacher.at (Martin Hofbauer) Date: Tue Dec 2 02:36:35 2003 Subject: winbind / nss_winbind with Solaris with large amout of uses/groups In-Reply-To: Message-ID: hi Tim ! I have compiled Samba 2.2.2 for Solaris 7 ( Solaris 8 also ) and want to use "winbind". As you know, the solaris support for nss_winbind is not compiled in by default. I have got it to run and it works fine with a small amout of groups. But deploying this samba/winbind version to a Windows network with more than 3000 user and more than 200 groups gives following result: "getent passwd" works fin, also adding "winbind" to /etc/nsswitch.conf and looking through the windows-users owned files is ok ! "getent group" takes about 20 sek, than the first group "Domain Admins" is printed out, but NO OTHER groups/information is seen. ( no other 199 groups are listed) I have notices that the next group will be "Domain User" with this 3000 Users ! I have noticed also that there are performance considurations/discussions with/about winbind. ( bringing winbind to Debug Level 4 or above shows a huge amout of "rpc_parsing" ... ) Do you have any idea to bring this under control? Thank you for every help Martin ------------------------------------------------------------------- Martin Hofbauer IT-Consulting phone : +43 (1) 60 126-34 Bacher Systems EDV GmbH fax : +43 (1) 60 126-4 Wienerbergstr. 11B e-mail: mh@bacher.at A-1101 Vienna, Austria -- From c-g at teamoffset.se Wed Oct 31 00:57:06 2001 From: c-g at teamoffset.se (=?iso-8859-1?Q?Claes=2DG=F6ran?= Hallberg) Date: Tue Dec 2 02:36:35 2003 Subject: Disable plaintext password Message-ID: <3BDFBE53.7333FBF5@teamoffset.se> Hi, I have been using Samba and Win9X with the option Encrypted password=No, and now I wanted to change to Encrypted password=Yes. So I changed the option in Samba, restarted smbd and nmbd. Then I wnt to Win9X registry and changed EnablePlainTeaxtPassword-value to 0. Then I restarted my Windows machine. But I could not log in to Samba anyway. Can anyone help on this? Have a nice day where ever you are c-g hallberg From zhougn at trans-cosmos.com.cn Wed Oct 31 05:09:02 2001 From: zhougn at trans-cosmos.com.cn (=?ISO-8859-1?Q?=D6=DC=B9=FA=C4=FE?=) Date: Tue Dec 2 02:36:35 2003 Subject: (no subject) Message-ID: <77466909388.AAA6940@sun.trans-cosmos.com.cn> samba-ntdom=A3=AC=C4=FA=BA=C3=A3=A1 =D6=C2 =C0=F1=A3=A1 =D6=DC=B9=FA=C4=FE zhougn@trans-cosmos.com.cn From jbeauchamp7 at mindspring.com Wed Oct 31 05:13:04 2001 From: jbeauchamp7 at mindspring.com (James W. Beauchamp) Date: Tue Dec 2 02:36:35 2003 Subject: Disable plaintext password References: <3BDFBE53.7333FBF5@teamoffset.se> Message-ID: <002601c1620e$0a96be40$1501a8c0@kitchen> > Hi, > > I have been using Samba and Win9X with the option Encrypted password=No, > > and now I wanted to change to Encrypted password=Yes. So I changed the > option in Samba, restarted smbd and nmbd. Then I wnt to Win9X registry > and changed > EnablePlainTeaxtPassword-value to 0. Then I restarted my Windows > machine. But I could not log in to Samba anyway. > Can anyone help on this? > > Have a nice day where ever you are > > c-g hallberg > I'm not sure, but you may need to make use of the 'update encrypted' option in your smb.conf. Look at man smb.conf and see what it says about that. I know the parameter is made to be used when migrating from plain text passwords to encrypted passwords. I guess you could always reset the machine account and rejoin the workgroup/domain. I believe this would update the password in smbpasswd to be encrypted but I'm just guessing here - . James > > From webmaster at viitindia.org Wed Oct 31 06:05:35 2001 From: webmaster at viitindia.org (Shekhar) Date: Tue Dec 2 02:36:36 2003 Subject: Win98 can't login Samba 2.2.0 PDC. Last hope, please help References: <002f01c161c1$2fda90c0$6400a8c0@gatis> Message-ID: <002901c16206$8ce55490$010010ac@iis> I guess u haven't added smb users yet. If not try this touch /usr/local/samba/private/smbpasswd /usr/sbin/adduser user1 smbpasswd -a user1 smbpasswd user1 New SMB password: urpass Retype new SMB password: urpass Password changed for user user1. Then try logging in from client machine and LETMEKNOWWHATHAPPENED. Shekhar System Administrator, VIIT Telefax: +91-2112-43476 to 79 Ext: 216 Email: webmaster@viitindia.org Web: www.viitindia.org ----------------------------------------- Check out viitindia.org for new Career services ----- Original Message ----- From: "Gatis Gailis" To: "samba-ntdom" Sent: Wednesday, October 31, 2001 9:34 AM Subject: Win98 can't login Samba 2.2.0 PDC. Last hope, please help > > Hi, I have been trying to setup Samba 2.2.0 as PDC on RedHat 7.1 for about a > week now, day and night, and I still can't get it to work. I have read the > books Samba UNIX&NT Internetworking and RedHat Linux 6 Server and FAQ and > HOWTO about Samba 2.2.x as PDC. > So my plan is to set up a network consisting of 2 machines - Linux and > Win98. To begin with I don't understand some things about linux server: > > 1. Do I need to set up a DNS server on Linux (I guess not, but still..)? > 2. If I make Samba provide WINS service, do I need DNS? > > I use linuxconf to setup Host details and manual suggests to name the host > HOST.DOMAIN, while Samba server is named in smb.conf->workgroup = DOMAIN. So > I have one IP address, 192.168.0.1, for the HOST. I can ping this address > 192.168.0.1 from my win98 machine, but I cannot ping the name HOST (in > TCP/IP properties WINS is pointed to 192.168.0.1 and NetBIOS over TCP/IP > enabled). > > 3. Does it mean that WINS is not working? > > Ok, I make a file lmhosts with entry > 192.168.0.1 HOST > and now I can ping HOST. What I don't understand is where is the domain > server (e.g. what would be the entry in lmhosts), because I cannot ping name > DOMAIN. I see a workgroup icon in Network Neiborhood named DOMAIN, but I > cannot enter it, just says "Servers in this wkgroup not available"; and if I > tell win98 to join DOMAIN, it thinks for a while and then spits "There are > no servers to verify your name/password". Ok, maybe the problem is with > Samba configuration. Here is my smb.conf: > > [global] > unix password sync = yes > server string = Samba > workgroup = domain > encrypt passwords = yes > passwd program = /usr/bin/passwd > smb passwd file = /usr/local/samba/private/smbpasswd > security = user > status = yes > map to guest = never > password level = 4 > null passwords = no > OS level = 65 > preferred master = yes > domain master = yes > domain logons = yes > # Next is from HOWTO > add user script = /usr/sbin/adduser -n -g machines -c Win98Machine -d > /dev/null -s /bin/false %m$ > logon script = scripts\%U.bat > domain admin group = @Win2Kadm > guest account = ftp > dead time = 0 > load printers = yes > allow hosts = 192.168.0. > wins support = yes > netbios name = host > > [printers] > available = no > printable = yes > browseable = no > public = no > path = /var/spool/samba > guest ok = no > > [homes] > available = yes > guest ok = no > read only = no > create mask = 0700 > directory mask = 0700 > locking = no > > [netlogon] > path = /usr/local/samba/netlogon > writeable = no > guest ok = no > > > Besides, here is my /etc/sysconfig/network: > networking=yes > hostname="host.domain" > # Do I really need gateway now? I understand that I would need it in case I > have another network connected, e.g. Internet > gateway="192.168.0.254" > gatewaydev="eth0" > forward_ipv4="no" > > /etc/sysconfig/network-scripts/ifcfg-eth0: > device="eth0" > bootproto="none" > ipaddr="192.168.0.1" > netmask="255.255.255.0" > onboot="yes" > > I have set up users and machines in passwd, and made a > /usr/local/samba/private/smbpasswd. > Another thing I tried to do is smbclient -L host -U root, but it always said > "BADSERV or BADPASSWD.....". I guess it was just because I entered > not-encrypted password, but SAMBA is set to use encrypted passwords. > > If you have any idea what's wrong with all this, please healp me out as I am > sleeping only some 3 hours a day and won't have peace untils it gets > working. > > Gatis > > From ariel at jusbaires.gov.ar Wed Oct 31 06:22:00 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:36 2003 Subject: password expire in samba PDC Message-ID: <016d01c16217$404de0a0$1a3ca8ac@jusbaoires.gov.ar> i tried in the smb.conf [global] unyx password sinc = yes pam password change = yes obey pam restrictions = yes and have compiled samba with pam support (im using redhat 7.2 and samba 2.2.2 rpm version from ftp.samba.org for redhat) if i logon in my linux box (telnet or ssh) with user xxx i have a message displayed "Warning you password expire in xx (5) days" if i put in /etc/shadow the correct value again in ssh or telnet i see "Your password has expired" and the change password appear but if i logon with a win98/Me workstation to my SMB PDC 1) in the case i have xx days for change password i login normally but no message appear 2) if my password expire by ssh or telnet , by SMB login from win98 dont let me saying my password is incorrect. from i know when this is set from a NT PDC SERVER the win98 must be supplied the change password message and let me change it.. but using samba i cant.. any idea?? thx -------------- next part -------------- HTML attachment scrubbed and removed From ariel at icatel.net Wed Oct 31 06:24:00 2001 From: ariel at icatel.net (Ariel Mella) Date: Tue Dec 2 02:36:36 2003 Subject: trusth relations Message-ID: <018401c16217$81954da0$1a3ca8ac@jusbaoires.gov.ar> i have a samba PDC "A" and i want to maintain trusth relationships = betwen another PDC "B" (NT SERVER) to give acces to the users of "A" to = the shares of "B" and the users of "B" acces to the shares of "A". any idea? thx -------------- next part -------------- HTML attachment scrubbed and removed From daniel.botella at teuchos.fr Wed Oct 31 06:54:04 2001 From: daniel.botella at teuchos.fr (Daniel Botella) Date: Tue Dec 2 02:36:36 2003 Subject: Multiple Samba server in Domain Message-ID: <7f2b7c255c3cd517.5c3cd5177f2b7c25@teuchos.fr> Hello, I Have a PDC on my domain wichn manage users with home on directories on it I Would install a second samba server and distibute the user's home among the two servers How (and where ) can I declare to the PDC that one specific user must connect to the specific samba server and mount his home directory on it. From rickera2 at SLU.EDU Wed Oct 31 07:21:09 2001 From: rickera2 at SLU.EDU (Tony Ricker) Date: Tue Dec 2 02:36:36 2003 Subject: Odd behavior when logging into SMB Message-ID: <3BE01535.3E55D2B6@slu.edu> All, I have an issue that when I come in in the morning, I can not log in. It gives me the password is incorrect or access to server has been denied. I find nothing in the logs to tell me what is happening. My way around this is to delete the user entry in /etc/passwd and /etc/samba/smbpasswd and add the user back. Then chown the user folder and then it logs in fine. This happens often. Anyone have this same issue? I am at a loss as to what is causing this to happen so any help is greatly appreciated. Cheers, Tony -- ------------------------------- Tony Ricker Technology Coordinator SLUCare - P.M.O. St. Louis University Phone: 314.977.6844 E-mail: rickera2@slu.edu ------------------------------- "In the beginners mind, there are many possibilities. In the experts mind, there are few" - Shunryu Suzuki ------------------------------- "Think Different" From ariel at jusbaires.gov.ar Wed Oct 31 07:32:04 2001 From: ariel at jusbaires.gov.ar (Ariel Mella) Date: Tue Dec 2 02:36:36 2003 Subject: password expire in samba PDC References: <016d01c16217$404de0a0$1a3ca8ac@jusbaoires.gov.ar> <01103109503903.18502@vg21> Message-ID: <01a901c1621f$da909060$1a3ca8ac@jusbaoires.gov.ar> sorry.. it was a typo in the email transciption... in smb.conf doing testparm its all OK! ............ ----- Original Message ----- From: "Steve" To: "Ariel Mella" Sent: Wednesday, October 31, 2001 11:50 AM Subject: Re: password expire in samba PDC > Maybe if you try 'unix password sync' it might work better. > > On Wednesday 31 October 2001 09:20, you wrote: > > i tried in the smb.conf > > [global] > > unyx password sinc = yes > > pam password change = yes > > obey pam restrictions = yes > > > > and have compiled samba with pam support (im using redhat 7.2 and samba > > 2.2.2 rpm version from ftp.samba.org for redhat) if i logon in my linux box > > (telnet or ssh) with user xxx i have a message displayed "Warning you > > password expire in xx (5) days" if i put in /etc/shadow the correct value > > again in ssh or telnet i see "Your password has expired" and the change > > password appear but if i logon with a win98/Me workstation to my SMB PDC > > 1) in the case i have xx days for change password i login normally but no > > message appear 2) if my password expire by ssh or telnet , by SMB login > > from win98 dont let me saying my password is incorrect. from i know when > > this is set from a NT PDC SERVER the win98 must be supplied the change > > password message and let me change it.. but using samba i cant.. any idea?? > > thx > > ---------------------------------------- > Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1" > Content-Transfer-Encoding: quoted-printable > Content-Description: > ---------------------------------------- > > -- > > Steve Szmidt > V.P. Information > Video Group Distributors, Inc. > From Scott.Copus at wku.edu Wed Oct 31 07:44:11 2001 From: Scott.Copus at wku.edu (Scott Copus) Date: Tue Dec 2 02:36:36 2003 Subject: "encrypt passwords=yes" + PAM ?? Message-ID: <3BE019EE.66287E5F@wku.edu> The man page for smb.conf ("obey pam restrictions" section) says: Note that Samba always ignores PAM for authentication in the case of encrypt passwords = yes . The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB password encryption. Is this ALWAYS true?? Or can this behavior be changed from the source code's "configure" script?? Here's the scenario: If I always have access to a user's clear-text password, then is it even *possible* to use PAM for authentication? Is it not possible to take a known clear-text password and encrypt it (just as smbpasswd does!) and then compare that encrypted password to the password that the samba server gets from the workstation? If I'm missing something here, somebody let me know. thanks for any suggestions! Scott Scott.Copus@wku.edu -------------- next part -------------- HTML attachment scrubbed and removed From samba at denverdata.com Wed Oct 31 07:46:05 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:36 2003 Subject: Passowrd Authentication In-Reply-To: <3BDF4DF5.EF5CF1D3@bartlett.house> Message-ID: Don't forget LDAP :) > -----Original Message----- > From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On > Behalf Of Andrew Bartlett > Sent: Tuesday, October 30, 2001 6:04 PM > To: Leonardo Luiz Padovani da Mata > Cc: Samba; lista sambant > Subject: Re: Passowrd Authentication > > > Leonardo Luiz Padovani da Mata wrote: > > > > What kind of passowrd db samba can use? > > Its own, or PAM for cleartext authentications (not recommended). > > > What kind of Password server samba can use? > > Any other SMB server. > > > Samba supports Mysql? > > Only if you want to get down and very dirty with the code. Possible > solution with PAM and an appropriate PAM module, still requires local > system users. > > > Leonardo > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > Andrew Bartlett abartlet@pcug.org.au > Samba Team member, Build Farm maintainer abartlet@samba.org > Student Network Administrator, Hawker College abartlet@hawkerc.net > http://samba.org http://build.samba.org http://hawkerc.net > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > From Scott.Copus at wku.edu Wed Oct 31 08:43:07 2001 From: Scott.Copus at wku.edu (Scott Copus) Date: Tue Dec 2 02:36:36 2003 Subject: "encrypt passwords=yes" + PAM ?? Message-ID: <3BE02609.4FD0B970@wku.edu> Sorry if this is a duplicate e-mail... The man page for smb.conf ("obey pam restrictions" section) says: Note that Samba always ignores PAM for authentication in the case of encrypt passwords = yes . The reason is that PAM modules cannot support the challenge/response authentication mechanism needed in the presence of SMB password encryption. Is this ALWAYS true?? Or can this behavior be changed from the source code's "configure" script?? Here's the scenario: If I always have access to a user's clear-text password, then is it even *possible* to use PAM for authentication? Is it not possible to take a known clear-text password and encrypt it (just as smbpasswd does!) and then compare that encrypted password to the password that the samba server gets from the workstation? If I'm missing something here, somebody let me know. thanks for any suggestions! Scott Scott.Copus@wku.edu From barroca at dcc.ufmg.br Wed Oct 31 09:32:56 2001 From: barroca at dcc.ufmg.br (Leonardo Luiz Padovani da Mata) Date: Tue Dec 2 02:36:36 2003 Subject: Passowrd Authentication In-Reply-To: Message-ID: The LDAP and PAM are encrypted? Leonardo On Wed, 31 Oct 2001, Doug Douglass wrote: > Don't forget LDAP :) > > > -----Original Message----- > > From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On > > Behalf Of Andrew Bartlett > > Sent: Tuesday, October 30, 2001 6:04 PM > > To: Leonardo Luiz Padovani da Mata > > Cc: Samba; lista sambant > > Subject: Re: Passowrd Authentication > > > > > > Leonardo Luiz Padovani da Mata wrote: > > > > > > What kind of passowrd db samba can use? > > > > Its own, or PAM for cleartext authentications (not recommended). > > > > > What kind of Password server samba can use? > > > > Any other SMB server. > > > > > Samba supports Mysql? > > > > Only if you want to get down and very dirty with the code. Possible > > solution with PAM and an appropriate PAM module, still requires local > > system users. > > > > > Leonardo > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > > Andrew Bartlett abartlet@pcug.org.au > > Samba Team member, Build Farm maintainer abartlet@samba.org > > Student Network Administrator, Hawker College abartlet@hawkerc.net > > http://samba.org http://build.samba.org http://hawkerc.net > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > From greg at kwikfind.com Wed Oct 31 10:05:00 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:36 2003 Subject: NT server tools on Samba Message-ID: Do any of the NT server tools work on Samba 2.2.2 (e.g. usermanager)? If I bring on usermanager on my setup, all I can do is view the accounts. Just about every task I try to perfrom is met with access denied. Thank you. Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. (541)683-8383 fax (541)683-8144 www.leiinc.com From miller at cookbiotech.com Wed Oct 31 10:08:06 2001 From: miller at cookbiotech.com (Miller, Aaron) Date: Tue Dec 2 02:36:36 2003 Subject: Change NT Password? Message-ID: I have searched and searched for a way to change passwords stored on an NT4 PDC from various Linux clients, but have so far failed. I am running winbind for authentication. Does anyone know how to do this? Thanks Aaron From pereti at ump.edu.br Wed Oct 31 10:13:52 2001 From: pereti at ump.edu.br (Bruno Gimenes Pereti) Date: Tue Dec 2 02:36:36 2003 Subject: Limit access for users. Message-ID: <008501c16234$55c91ef0$6300a8c0@Metropolitana.administracao> Hi all, I work in a university and want to control what the students can do. I'm running samba 2.2.1a on a Redhat 7.1. All workstation are W2k pro. What I want exectly is: - Use unchangeable local profiles. There is 3 labs with different applications installed and one configuration influences in the others. It should be unchangeable so the students couldn't set porn images as backgound and more. - Use unchangeable desktop. some of ower students are new to computer and the save everything in the desktop. The desktop is getting unuseable. A centralized administration should be great (Alisson, had you find something). Other advices for educational environment are welcome. Sorry for my english. Thank's a lot. Bruno Gimenes Pereti. From Jean-Francois.Micouleau at dalalu.fr Wed Oct 31 10:40:33 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:36:36 2003 Subject: NT server tools on Samba In-Reply-To: Message-ID: On Wed, 31 Oct 2001, Greg Zartman wrote: > Do any of the NT server tools work on Samba 2.2.2 (e.g. usermanager)? If I > bring on usermanager on my setup, all I can do is view the accounts. Just > about every task I try to perfrom is met with access denied. doesn't work on 2.2.2 I did implement most of the calls in HEAD. I think the only one I did not is removing users from groups. Alas HEAD is broken at the moment. J.F. From edmis at hanza.lv Wed Oct 31 10:42:07 2001 From: edmis at hanza.lv (Edmunds Priede) Date: Tue Dec 2 02:36:36 2003 Subject: file sharing disabled under W2K Message-ID: i have Samba 2.2.2 as PDC and Win2K Pro SP2 as workstation. i have joined Samba domain and can log on from ws . basically everything is fine. when i log on to local domain instead of samba domain , i have file sharing enabled and i can get a list of users from Samba domain. however, when i log on to Samba domain file sharing feature is disabled in windows explorer (no menu item). seems to me that windows does not grant permission to share files in this case. is there a fix? thanks edmunds From Jean-Francois.Micouleau at dalalu.fr Wed Oct 31 10:46:46 2001 From: Jean-Francois.Micouleau at dalalu.fr (Jean Francois Micouleau) Date: Tue Dec 2 02:36:36 2003 Subject: Change NT Password? In-Reply-To: Message-ID: On Wed, 31 Oct 2001, Miller, Aaron wrote: > I have searched and searched for a way to change passwords stored on an NT4 > PDC from various Linux clients, but have so far failed. smbpasswd -r pdc_name user > > I am running winbind for authentication. > > Does anyone know how to do this? > > Thanks > Aaron > > From greg at kwikfind.com Wed Oct 31 11:03:20 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:36 2003 Subject: NT server tools on Samba In-Reply-To: Message-ID: Well, it's good to hear that the functionality is on it's way. Thanks Greg > -----Original Message----- > From: Jean Francois Micouleau [mailto:Jean-Francois.Micouleau@dalalu.fr] > Sent: Wednesday, 31 October 2001 10:30 AM > To: Greg Zartman > Cc: Samba News > Subject: Re: NT server tools on Samba > > > > On Wed, 31 Oct 2001, Greg Zartman wrote: > > > Do any of the NT server tools work on Samba 2.2.2 (e.g. > usermanager)? If I > > bring on usermanager on my setup, all I can do is view the > accounts. Just > > about every task I try to perfrom is met with access denied. > > doesn't work on 2.2.2 > > I did implement most of the calls in HEAD. I think the only one I did not > is removing users from groups. Alas HEAD is broken at the moment. > > J.F. > > > > From jbeauchamp at gesinc.com Wed Oct 31 11:13:03 2001 From: jbeauchamp at gesinc.com (James W. Beauchamp) Date: Tue Dec 2 02:36:36 2003 Subject: Odd behavior when logging into SMB References: <3BE01535.3E55D2B6@slu.edu> Message-ID: <004e01c16258$46643160$1d01a8c0@gesinc.com> Tony: I had a similar issue that ended up being related to name resolution. However in my case my log.smb was filled with GetHostNamebyAddress failed entries. Is this what you have? If so, the solution is to check your DNS configuration and make sure that name resolution is working. (and no having WINS enabled did not change this behavior) There is also a tie in with DHCP as well with this problem but I won't go into it here since that may not be your issue. James ----- Original Message ----- From: "Tony Ricker" To: "Samba" ; "Samba NT-Dom" Sent: Wednesday, October 31, 2001 7:13 AM Subject: Odd behavior when logging into SMB > All, > I have an issue that when I come in in the morning, I can not log > in. It gives me the password is incorrect or access to server has been > denied. I find nothing in the logs to tell me what is happening. My way > around this is to delete the user entry in /etc/passwd and > /etc/samba/smbpasswd and add the user back. Then chown the user folder > and then it logs in fine. This happens often. Anyone have this same > issue? I am at a loss as to what is causing this to happen so any help > is greatly appreciated. > > Cheers, > > Tony > > -- > ------------------------------- > Tony Ricker > Technology Coordinator > SLUCare - P.M.O. > St. Louis University > Phone: 314.977.6844 > E-mail: rickera2@slu.edu > ------------------------------- > "In the beginners mind, there > are many possibilities. In the > experts mind, there are few" > - Shunryu Suzuki > ------------------------------- > "Think Different" > > > From samba at denverdata.com Wed Oct 31 11:25:26 2001 From: samba at denverdata.com (Doug Douglass) Date: Tue Dec 2 02:36:36 2003 Subject: file sharing disabled under W2K In-Reply-To: Message-ID: The issue is what permissions does each account have on the client. When logging in to the local domain versus the PDC domain, according to the OS, you are two different users, even if the user names are the same. So, the local account is probably in the Administrators or Power Users group, while the PDC domain account is not. Adding the domain account to one of these local groups should allow that account to share folders from the client. You may be able to accomplish the same thing by using policies if adding the domain account to the Power Users group is not feasible (dunno, I haven't tried this) HTH, Doug > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of Edmunds Priede > Sent: Wednesday, October 31, 2001 1:32 PM > To: samba-ntdom@lists.samba.org > Subject: file sharing disabled under W2K > > > i have Samba 2.2.2 as PDC and Win2K Pro SP2 as workstation. > i have joined Samba domain and can log on from ws . basically > everything is fine. when i log on to local domain instead of > samba domain , i > have file sharing enabled and i can get a list of users from > Samba domain. however, when i log on to Samba domain > file sharing feature is disabled in windows explorer (no menu > item). seems to me that windows does not grant permission to > share files in this case. is there a fix? > > thanks > edmunds > From james at dattrax.co.uk Wed Oct 31 11:46:19 2001 From: james at dattrax.co.uk (Jim Hauxwell) Date: Tue Dec 2 02:36:36 2003 Subject: ACL Seems to be the problem Message-ID: Hi, How can I turn off the ACL support in samba, and revert back to the old mechanism. I haven't got ACl compiled into the kernal, so I don't think this will work. I'm having ACL problems which I reported here before the weekend, which still haven't been resolved. Jim From mitchlist at home.com Wed Oct 31 12:16:03 2001 From: mitchlist at home.com (mitchlist) Date: Tue Dec 2 02:36:36 2003 Subject: New 2.2.2 question/ACL Lists Message-ID: <311001304.43504@webbox.com> OOOOKay. Here's my somewhat silly question. the 2.2.2 whatsnew says: nt acl support This parameter has been changed to a per-share option, and is very useful in enabling Windows 2000 SP2 to load/save profiles from a Samba share. Here's the dilemmna. I have no NT server. However under win9X networking - access control tab, you can either give share level, on a machine by machine basis, or user level. I have not (am I just being stupid here?) seen ANYTHING that talks about implementing ACL support previously for SAMBA only implementations. Is this what I've been looking for?? Or have I missed it for ages?? Thanks Mitch B From awilliam at whitemice.org Wed Oct 31 13:02:54 2001 From: awilliam at whitemice.org (Adam Williams) Date: Tue Dec 2 02:36:36 2003 Subject: Limit access for users. In-Reply-To: <008501c16234$55c91ef0$6300a8c0@Metropolitana.administracao> References: <008501c16234$55c91ef0$6300a8c0@Metropolitana.administracao> Message-ID: <1004562042.20507.2.camel@estate1.whitemice.org> >I work in a university and want to control what the students can do. I'm >running samba 2.2.1a on a Redhat 7.1. All workstation are W2k pro. >What I want exectly is: >- Use unchangeable local profiles. There is 3 labs with different >applications installed and one configuration influences in the others. It >should be unchangeable so the students couldn't set porn images as backgound >and more. >- Use unchangeable desktop. some of ower students are new to computer and >the save everything in the desktop. The desktop is getting unuseable. >A centralized administration should be great (Alisson, had you find >something). Other advices for educational environment are welcome. Just create a policy file (ntconfig.pol) on the PDC's netlogon share. Workstations will download that file upon logon and apply the restrictions. To create the file use NT/WInY2k (NOT Win9x) poledit.exe From greg at kwikfind.com Wed Oct 31 13:21:03 2001 From: greg at kwikfind.com (Greg Zartman) Date: Tue Dec 2 02:36:36 2003 Subject: New 2.2.2 question/ACL Lists In-Reply-To: <311001304.43504@webbox.com> Message-ID: If all you are using is Win9x, then there is really no advantage to setting up a domain and therefore acl will not be an issue to you. Greg Zartman > -----Original Message----- > From: samba-ntdom-admin@lists.samba.org > [mailto:samba-ntdom-admin@lists.samba.org]On Behalf Of mitchlist > Sent: Wednesday, 31 October 2001 12:05 PM > To: samba-ntdom@lists.samba.org > Cc: samba@lists.samba.org > Subject: New 2.2.2 question/ACL Lists > > > > OOOOKay. Here's my somewhat silly question. > > the 2.2.2 whatsnew says: > nt acl support > This parameter has been changed to a per-share option, and is > very useful in enabling Windows 2000 SP2 to load/save profiles > from a Samba share. > > Here's the dilemmna. > > I have no NT server. However under win9X networking - access > control tab, you can either give share level, on a machine by > machine basis, or user level. > > I have not (am I just being stupid here?) seen ANYTHING > that talks about implementing ACL support previously for SAMBA > only implementations. > > Is this what I've been looking for?? Or have I missed it for > ages?? > Thanks > Mitch B > > > > > > From abartlet at pcug.org.au Wed Oct 31 14:58:06 2001 From: abartlet at pcug.org.au (Andrew Bartlett) Date: Tue Dec 2 02:36:36 2003 Subject: password expire in samba PDC References: <016d01c16217$404de0a0$1a3ca8ac@jusbaoires.gov.ar> Message-ID: <3BE07E06.B41AFDE0@bartlett.house> > Ariel Mella wrote: > > i tried in the smb.conf > [global] > unyx password sinc = yes > pam password change = yes > obey pam restrictions = yes > > and have compiled samba with pam support (im using redhat 7.2 and > samba 2.2.2 rpm version from ftp.samba.org for redhat) > if i logon in my linux box (telnet or ssh) with user xxx i have a > message displayed "Warning you password expire in xx (5) days" > if i put in /etc/shadow the correct value again in ssh or telnet i see > "Your password has expired" and the change password appear > but if i logon with a win98/Me workstation to my SMB PDC > 1) in the case i have xx days for change password i login normally but > no message appear There is no support for this in the Win9X series of clients, Sorry. > 2) if my password expire by ssh or telnet , by SMB login from win98 > dont let me saying my password is incorrect. > from i know when this is set from a NT PDC SERVER the win98 must be > supplied the change password message and let me change it.. but using > samba i cant.. > any idea?? > thx The upcoming Samba 3.0 will return a more interesting error code, but I'm not sure the Win9X client has the capacity to deal with it in any case. Are you saying that it works with an NT PDC for a Win9X cleint? Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Samba Team member, Build Farm maintainer abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net From bolke at xs4all.nl Wed Oct 31 15:12:02 2001 From: bolke at xs4all.nl (Bolke de Bruin) Date: Tue Dec 2 02:36:36 2003 Subject: User groups in samba 2.2.2 Message-ID: Is there any way to get usergroups in w2k? Strange thing is if I do domain admin = @wheel root user root and user both show up as DOMAIN\\wheel but normal users (in different groups) show up as DOMAIN\\users "domain group map" is not functional any more and neither is "groupname map" I am using these groups to apply some settings (like drive mappings etc) and I thought they were working. If not are they working in HEAD? thx in advance Bolke From doverbey at att.com Wed Oct 31 20:37:12 2001 From: doverbey at att.com (Overbey, Alfred D (Dudley), ALCOO) Date: Tue Dec 2 02:36:36 2003 Subject: Help Message-ID: <74745B5500AD8E4B9C48BC9CCECB6E010FB37D@OCCLUST04EVS1.ugd.att.com> I am trying to upgrade from samba 1.9.18p10 to either samba 2.2.1 or samba-2.2.2; besides the additional functionality, I was told that I needed one of these for Win2K functionality. After installing the new version 2.2.1, my client machines can no longer connect to their shares, personal or public shares. I have a smbpasswd file which includes the machine names of the clients along with logins. This file was generated using the convert script. The permissions are 600. When connecting, I receive one of the following messages: "Access is denied." Or "The specified network password is not correct." We are using the registry hack for clear text passwords. This all work fine for the previous version. Would someone kindly tell me what it is that I missed or screwed up? Thanks doverbey@att.com