Samba 1.9.18alpha1 release

Luke Kenneth Casson Leighton lkcl at switchboard.net
Mon Oct 20 11:01:47 GMT 1997 

On Mon, 20 Oct 1997, Samba Bugs wrote:

> We've just released samba-1.9.18alpha1. 

hooray!
 
> - preliminary NT domain logon support. This is still very
> experimental.

it currently supports the _full_ set of domain logon parameters that are 
available for w95 roaming profiles, namely:

	"logon path" (default is \\%L\%U\profile)
	"logon script" (default is NULL)

i am in the process of adding two more parameters:

	"logon home" (default will be \\%L\%U except if you use -DAUTOMOUNT)
	"logon drive" (default will either be H: or NULL)

but i need some help from simeon walker regarding the -DAUTOMOUNT bit.

> You need to compile with NTDOMAIN=1 to use it. Luke will
> probably post some instructions on how to set it up.

thanks, andrew.  i'll just write them now.

ok.

1) do touch /tmp/netlogon

2) do touch /tmp/srvsvc

3) read ENCRYPTION.txt.  compile smbpasswd, create an smbpasswd file etc.

4) get the name of the nt workstation you want to log in (assume it's
called "machine".  do smbpasswd -add nobody machine (assuming that nobody
is your guest account: any dummy account will do in fact: it's just to get
round the fact that smbpasswd -add checks the passwd database which is
_not_ what we want to happen in this case!).  edit your
/usr/local/samba/private/smbpasswd file, looking for the nobody:E0AD... 
entry.  change the username from nobody to MACHINE$.  two things are
important, here: the username (MACHINE$) _must_ be in capital letters; 
the password _must_ be in lower case. 

5) compile with -DNTDOMAIN or -DNTDOMAIN=1.  don't forget this, like i did.

6) put "encrypt passwords = yes" in smb.conf

7) put "domain sid = S-1-5-21-123-456-789-123" or any other number you 
like, as long as it starts with "S-1-5-" and has five further numbers 
separated by "-"s after it.

8) put in any "logon path" and "logon script" parameters you want to.

9) read "http://mailhost.cb1.com/~lkcl/ntdomain.html" and look up some of
the references therein, particularly cifsntdomain.txt: you will find it
generally useful background material, including references to descriptions
of SIDs etc etc. 

10) read "http://mailhost.cb1.com/~lkcl/poems.html" and some of the poems 
therein if you're getting bored of this by now.

11) log in and out of a samba "NT primary domain controller" as many 
times as makes you laugh out loud, until your boss either starts getting 
worried or threatens to sack you.

12) send patches to samba-bugs at samba.anu.edu.au with the subject marked 
NTDOM: at the beginning.  this will direct the message to a specific file 
in the samba web bug track system.

13) send any serious bugs and security reports you find in NT to either 
the NTBUGTRAQ (moderated) or NTSEC (unmoderated) digests.

14) get the very latest code from the cvs web front end: 
http://samba.anu.edu.au/cgi-bin/cvsweb/samba/source


> If you enable
> this then you may find that lots of things break (browsing from NT
> workstations for example)

i found that i could browse a workgr.... sorry, domain SORRY
workgroup-with-an-authentication-database-associated-with-it-which-happens-to-be-something-other-than-a-microsoft-designed-SAM-database
 :-) with just the samba server and the logged in NT workstation in it.  i
don't exactly know why i managed to browse, and andrew didn't.

i've written the MSRPC (i think this is microsoft's name for their
implementation of DCE/RPC by the way but i'm not absolutely certain on
this point) "Net Share Enum" into samba, which returns a list of shares, 
including the comments.

therefore, i think you should find it possible to do NET VIEW \\SAMBA_PDC 
or Ctrl-Esc | Run | "\\samba_pdc" or Ctrl-Esc | Find | Computer | 
"samba-pdc".

if anyone has an NT server 4.0, NT workstation 4.0 and NetMonitor, could 
they kindly set up a dummy account (or temporarily change their 
password), and send me a login trace (from ctrl-alt-delete to logoff), 
doing an access of the NT domain in the network neighbourhood?

have a look in the trace for packets marked as "SRVSVC", "MSRPC" types: 
i'm looking for one called "NetServerEnum", _if_ it exists.  i already
have "NetServerGetInfo" and "NetShareEnum". 

i need the client query and the server response, in order to document and 
then code these two packets.

regards,

luke


<a href="mailto:lkcl at switchboard.net"  > Luke Kenneth Casson Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home Page   </a>
<br><b> "Apply the Laws of Nature to your environment because your
         environment applies the Laws of Nature to you"              </b>

More information about the samba mailing list