[Samba] Switching to another Samba server

David Donahue david.donahue at FIRSTSOLUTION.COM
Fri Nov 15 03:19:00 GMT 2002


Well, the fact that the problem is with the permissions isn't set in
stone, but it's my best assessment at the moment.  Regular websites seem
to work fine in IIS from the Samba share.  But .NET sites seem to be a
different story.  The error comes in the "MyBase.New" line of code in
the .NET site, which I believe is the server trying to maintain a
read/write relationship with the directory that has the website.

Anyway, in Windows, when I right-click on the folder within the Samba
share and view the permissions, it shows me 3 sets of permissions:
Everyone, the WWW Group on the Samba domain, and the WWW User on the
Samba domain.  These correspond to the permissions that are on the Linux
filesystem for this folder, which is chmod'ed to 775 and owned by the
www user and the www group.  However, while Windows understands that
much of the permissions, none of the boxes are actually checked.  It
knows _who_ should have rights, but not _what_ rights they should have.
And checking the boxes doesn't do anything, as they immediately un-check
when I try to apply the changes.

As for the configuration of the Windows box, the WWW user on the Samba
domain is logged into the console with the Samba shares mapped as
drives.  It's ok for this user to stay perpetually logged into the
console.  The share to which it is connecting, and to which the IIS
server's wwwroot points, is Read/Write from Samba's point of view, and
the WWW user owns every file/folder in that directory, recursively.  In
the IIS "Directory Security" settings for the main website, Anonymous
Access is allowed, and the Anonymous user is set to "[Samba domain]\www"
with the correct password set.  "Digest authentication for windows
domain servers" is checked, and greyed to not allow un-checking.
Nothing else is checked.

Also of note is the fact that, ultimately, I would also like to make
virtual directories in IIS that point to domain users' home directories
on the Samba share.  The idea being that users will click on those links
and be presented with Windows login prompts in their browsers which
authenticate them to the server.  That way I can build all kinds of cool
account maintenance tools in .NET and my users can maintain their
accounts on my website.  I somewhat was able to accomplish this... I
made the virtual directories, was presented with the login prompt and,
upon authentication, I was able to see the home directory's contents.
However, I was only able to see things that were world-readable (the
home directory itself was world-readable).

Well, that's it in a nutshell.  



David P. Donahue
david.donahue at firstsolution.com
First Call Computer Solutions 

-----Original Message-----
From: John H Terpstra [mailto:jht at samba.org] 
Sent: Thursday, November 14, 2002 7:43 PM
To: David Donahue
Cc: samba at lists.samba.org
Subject: RE: [Samba] Switching to another Samba server


On Thu, 14 Nov 2002, David Donahue wrote:

> Yup, that definitely did the trick.  Thanks!
>
> By the way, you wouldn't happen to know anything about Microsoft's 
> Services for Unix, would you?  Their newsgroup isn't very populated 
> and little help can be found there. Or, conversely, do you know of any

> good NFS clients for Windows?  Basically, the file permissions 
> difference between Samba and Windows is causing problems with my .NET 
> websites.  An NFS clients that translates the permissions better would

> be ideal, especially if it could mount an NFS share to a local folder 
> on the Windows drive so that Windows can't tell (or doesn't care) the 
> difference (you know, the Unix way... The way it _should_ be).

What is the problem?

Can't you control the difference by using Unix file and directory
permissions? Details please, and I'll try to help.

- John T.

>
>
>
> David P. Donahue
> david.donahue at firstsolution.com
> First Call Computer Solutions
>
> -----Original Message-----
> From: John H Terpstra [mailto:jht at samba.org]
> Sent: Wednesday, November 13, 2002 10:43 PM
> To: David Donahue
> Cc: samba at lists.samba.org
> Subject: RE: [Samba] Switching to another Samba server
>
>
> David,
>
> If this samba server IS your domain controller then you definitely do 
> NOT want "security = server". This option requires you to add 
> "password server = *" so that samba can find the external password 
> server (domain controller).
>
> Instead you want "security = user". That should get rid of the error 
> messages.
>
> - John T.
>
> On Wed, 13 Nov 2002, David Donahue wrote:
>
> > Well, it would appear that the newly created smbpasswd file, in 
> > conjunction with Andrew's advice to export /tmp before running smbd,

> > did the trick... Mostly.  The domain itself seems to be physically 
> > working. Of course, I'll be conducting more tests as I go along. 
> > However, my logs still show that same error about a password server.

> > I'll re-paste it here:
> >
> > > [2002/11/13 07:09:17, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> >
> > It doesn't _seem_ to be causing any problems, but any error in a log

> > file is cause for concern in my book.  Especially when it has the 
> > word
>
> > "password" in it.  Do you have any idea what it could mean, or 
> > perhaps
>
> > could point me in another direction to find it?
> >
> > Again, I can't thank you enough for your offer to help on this one. 
> > And, if you wish, I can stop spamming you with all my problems and 
> > log
>
> > files :)
> >
> >
> >
> > David P. Donahue
> > david.donahue at firstsolution.com
> > First Call Computer Solutions
> >
> >
> >
> > -----Original Message-----
> > From: David Donahue
> > Sent: Wednesday, November 13, 2002 9:11 AM
> > To: 'John H Terpstra'
> > Cc: samba at lists.samba.org
> > Subject: RE: [Samba] Switching to another Samba server
> >
> >
> > >>What is your platform?
> >
> > Mandrake Linux 9.0 (old server is Mandrake Linux 8.1).
> >
> > >>Did you build the samba binaries?
> >
> > 2.2.2, yes.  2.2.6 was built as part of the OS install.  I did a 
> > full install (every package on the list), if that's useful to you.
> >
> > >>If so, what argumentes did you give to configure when you built 
> > >>it?
> >
> > For 2.2.2, none.  Just "./configure;make;make install"
> >
> > >>Which files did you copy from the old server to the new one?
> >
> > smb.conf, smbpasswd, smbusers
> >
> > >>On the new machine are the UIDs the same as on the old one?
> >
> > Identical.  But, as I said, I'll be re-making the smbpasswd file 
> > tonight anyway.  So if there are any discrepencies in users that 
> > I've overlooked, that will fix them.
> >
> >
> >
> > - John T.
> >
> > On Wed, 13 Nov 2002, David Donahue wrote:
> >
> > > I really appreciate your help in this matter.  It would seem that 
> > > I'm still running into some problems with 2.2.6, but this time I 
> > > have lots
> >
> > > and lots of log info that might help.  First, we'll start with my 
> > > smb.conf file:
> > >
> > > ##################################################################
> > > ##
> > > ##
> > > ##
> > > ###
> > > [global]
> > >         workgroup = SAMBA
> > >         security = server
> > >         netbios name = EPYON
> > >         server string = Samba 2.2.6
> > >         interfaces = 192.168.0.10/24
> > >         encrypt passwords = Yes
> > >         passwd program = /usr/bin/passwd %u
> > >         smb passwd file = /etc/samba/smbpasswd
> > >         passwd chat = "*New password:*" %n\r "*New password
> (again):*"
> >
> > > %n\r "*Password changed*"
> > >         unix password sync = Yes
> > >         syslog = 2
> > >         log file = /var/log/samba/log.%m
> > >         time server = Yes
> > >         add user script = /usr/sbin/useradd -d /dev/null -g 100 -s

> > > /bin/false -M %u
> > >         logon script = %U.bat
> > >         logon path = \\epyon\profile\%U
> > >         domain logons = Yes
> > >         os level = 34
> > >         preferred master = Yes
> > >         domain master = Yes
> > >         lock directory = /var/lock/samba/locks
> > >         admin users = root
> > >         hosts allow = 192.168.0.
> > >         hide dot files = No
> > >
> > > [netlogon]
> > >         comment = "Domain Logon Services"
> > >         path = /etc/samba/smblogon
> > >         browseable = No
> > >
> > > [homes]
> > >         comment = "Home Directory for : %u "
> > >         path = /home/%u
> > >         writeable = Yes
> > >         create mask = 0644
> > >         directory mask = 0755
> > >         browseable = No
> > >
> > > [profile]
> > >         comment = "User profiles"
> > >         path = /etc/samba/smbprofile
> > >         writeable = Yes
> > >         create mask = 0600
> > >         directory mask = 0700
> > >         browseable = No
> > >
> > > [cdimage]
> > >         comment = "Mounted CD ISO"
> > >         path = /mnt/cdimage
> > >
> > > [cdimage2]
> > >         comment = "Mounted CD ISO"
> > >         path = /mnt/cdimage2
> > >
> > > [programs]
> > >         comment = "Installed Programs"
> > >         path = /etc/samba/smbprograms
> > >         writeable = Yes
> > >         create mask = 0644
> > >
> > > [share]
> > >         comment = "Public Share"
> > >         path = /etc/samba/smbshare
> > >         writeable = Yes
> > >         create mask = 0666
> > >         directory mask = 0777
> > >
> > > [web]
> > >         comment = "Website"
> > >         path = /home/www/public
> > >         guest ok = yes
> > >         read only = yes
> > >
> > > [all]
> > >         comment = "Root Directory"
> > >         path = /
> > >         writeable = Yes
> > >         create mask = 0644
> > >         directory mask = 0755 
> > > ##################################################################
> > > ##
> > > ##
> > > ##
> > > ###
> > >
> > > This, along with smbpasswd and other samba files, was copied 
> > > directly from the currently running Samba server on my network.  
> > > The
>
> > > only changes made were to the name of the workgroup, the interface

> > > IP and some of the paths that are slightly different on the new 
> > > server.
> > > Note: Is it possible that copying smbpasswd from another computer
> and
> > > not directly creating it on the new computer is causing this?  
> > > This just occurred to me and I can't test it until I get home from

> > > work later today.
> > >
> > > Now, for the log files.  I flushed them and started a new server 
> > > last night, then tried to join the domain this morning, with the 
> > > same results.  Here's the log file for nmbd:
> > >
> > > ##################################################################
> > > ##
> > > ##
> > > ##
> > > ###
> > > [2002/11/12 19:59:01, 0] nmbd/nmbd.c:main(794)
> > >   Netbios nameserver version 2.2.6pre2 started.
> > >   Copyright Andrew Tridgell and the Samba Team 1994-2002
[2002/11/12
> > > 19:59:01, 0] nmbd/nmbd.c:main(826)
> > >   standard input is not a socket, assuming -D option [2002/11/12
> > > 19:59:01, 0] nmbd/nmbd_logonnames.c:add_logon_names(155)
> > >   add_domain_logon_names:
> > >   Attempting to become logon server for workgroup SAMBA on subnet
> > > 192.168.0.10 [2002/11/12 19:59:01, 0]
> > > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(291)
> > >   become_domain_master_browser_bcast:
> > >   Attempting to become domain master browser on workgroup SAMBA on
> > > subnet 192.168.0.10
> > > [2002/11/12 19:59:01, 0]
> > > nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(305)
> > >   become_domain_master_browser_bcast: querying subnet 192.168.0.10
> for
> > > domain master browser on workgroup SAMBA
> > > [2002/11/12 19:59:05, 0]
> > > nmbd/nmbd_logonnames.c:become_logon_server_success(114)
> > >   become_logon_server_success: Samba is now a logon server for
> > workgroup
> > > SAMBA on subnet 192.168.0.10
> > > [2002/11/12 19:59:05, 0]
> > > nmbd/nmbd_responserecordsdb.c:find_response_record(235)
> > >   find_response_record: response packet id 15312 received with no 
> > > matching record. [2002/11/12 19:59:05, 0]
> > > nmbd/nmbd_responserecordsdb.c:find_response_record(235)
> > >   find_response_record: response packet id 15313 received with no 
> > > matching record. [2002/11/12 19:59:09, 0]
> > > nmbd/nmbd_become_dmb.c:become_domain_master_stage2(114)
> > >   *****
> > >
> > >   Samba server EPYON is now a domain master browser for workgroup 
> > > SAMBA on subnet 192.168.0.10
> > >
> > >   *****
> > > [2002/11/12 19:59:24, 0]
> > > nmbd/nmbd_become_lmb.c:become_local_master_stage2(404)
> > >   *****
> > >
> > >   Samba name server EPYON is now a local master browser for 
> > > workgroup SAMBA on subnet 192.168.0.10
> > >
> > >   ***** 
> > > ##################################################################
> > > ##
> > > ##
> > > ##
> > > ###
> > >
> > > and now the log file for smbd:
> > >
> > > ##################################################################
> > > ##
> > > ##
> > > ##
> > > ###
> > > [2002/11/12 19:59:03, 0] smbd/server.c:main(707)
> > >   smbd version 2.2.6pre2 started.
> > >   Copyright Andrew Tridgell and the Samba Team 1992-2002
[2002/11/12
> > > 19:59:03, 0] smbd/server.c:main(751)
> > >   standard input is not a socket, assuming -D option
> > >
> ######################################################################
> > > ##
> > > ###
> > >
> > > and, of course, the log file for the Windows box trying to join 
> > > the
> > > domain:
> > >
> > > ##################################################################
> > > ##
> > > ##
> > > ##
> > > ###
> > > [2002/11/13 07:05:29, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:05:29, 0] smbd/service.c:make_connection(384)
> > >   root logged in as admin user (root privileges)
> > > [2002/11/13 07:05:31, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:05:31, 0] smbd/service.c:make_connection(384)
> > >   root logged in as admin user (root privileges)
> > > [2002/11/13 07:05:32, 0]
> > > rpc_server/srv_samr.c:api_samr_set_userinfo(670)
> > >   api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
> > > [2002/11/13 07:06:02, 0] smbd/service.c:set_current_service(60)
> > >   chdir (/root/tmp) failed
> > > [2002/11/13 07:06:27, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:06:27, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:06:27, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:06:27, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:06:34, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:06:34, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:17, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:17, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:21, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:21, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:22, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:22, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:23, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:23, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:09:24, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:09:24, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > > [2002/11/13 07:10:34, 0] smbd/password.c:server_cryptkey(1054)
> > >   password server not available
> > > [2002/11/13 07:10:34, 0] smbd/service.c:make_connection(603)
> > >   hal (192.168.0.4) Can't change directory to /root/tmp
(Permission
> > > denied)
> > >
> ######################################################################
> > > ##
> > > ###
> > >
> > > As you can see, the client machine generated alot of the same 
> > > error in a short period of time.  The earlier entries (7:05-ish) 
> > > were undoubtedly when I joined the domain, which looked successful

> > > from the
> >
> > > client's side (hence the "root" mentions in the log... I used the 
> > > root
> >
> > > account to physically join the domain).  The later entries
> > > (7:09-ish) would then have been me trying to logon to the domain 
> > > after a reboot.
> >
> > > Neither a normal user, nor root could login to the domain.  It 
> > > always said the domain in unavailable.
> > >
> > > Again, I really appreciate your offer to help on this.  Unless 
> > > told otherwise, I'll be re-creating the smbpasswd file later this 
> > > evening
>
> > > and testing that.  Are there any changes from 2.2.2 to 2.2.6 that 
> > > would require me to change something in my smb.conf file?
> > >
> > >
> > >
> > > David P. Donahue
> > > david.donahue at firstsolution.com
> > > First Call Computer Solutions
> > > A Montana Technology Resource Company
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: John H Terpstra [mailto:jht at samba.org]
> > > Sent: Monday, November 11, 2002 8:03 PM
> > > To: David Donahue
> > > Cc: samba at lists.samba.org
> > > Subject: Re: [Samba] Switching to another Samba server
> > >
> > >
> > > David,
> > >
> > > Suggest you update to samba-2.2.6 or later (there will be an 
> > > update later this week). The /root/tmp issue was a known problem 
> > > with 2.2.2
>
> > > and has been fixed. Best advice is to update to 2.2.6. If you then

> > > still have a problem, email me <jht at samba.org> and I will try to 
> > > assist.
> > >
> > > - John T.
> > >
> > > On Mon, 11 Nov 2002, David Donahue wrote:
> > >
> > > > I've been running Samba 2.2.2 for a while as a domain controller

> > > > on my
> > >
> > > > mostly Windows network.  It's been working great up to this 
> > > > point.
>
> > > > Anyway, I just put together a new Linux server and installed 
> > > > 2.2.2
>
> > > > on it as well.
> > > >
> > > > I copied the conf file and pretty much mirrored everything on 
> > > > the existing server, changed the paths and the "workgroup" field

> > > > in the conf file to match the new server, and ran the software.

> > > > I'm able to join the domain, but when I attempt to login to it 
> > > > after rebooting, it
> > >
> > > > says the domain is not available.  And when I login to the 
> > > > Windows
>
> > > > machine as the local Administrator and try to connect to the 
> > > > domain it
> > >
> > > > says "the server is not configured for transactions."
> > > >
> > > > The log file samba generated for that client's connection 
> > > > repeats attempts to access /root/tmp (I don't know why) and 
> > > > keeps saying that a password server is unavailable.  Any ideas?
> > > >
> > > > Could the problem be some kind of conflict with the current 
> > > > server
>
> > > > on the other machine?  Until the new one is fully working I 
> > > > still have the old one running on the other computer.  
> > > > Admittedly, I don't
> >
> > > > know what every setting in the conf file does.  So is it likely 
> > > > that, for certain fields, identical settings on both machines 
> > > > would cause some kind of conflict during a logon?
> > > >
> > > >
> > > >
> > > > David P. Donahue
> > > > david.donahue at firstsolution.com
> > > > First Call Computer Solutions
> > > > --
> > > > To unsubscribe from this list go to the following URL and read 
> > > > the
> > > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > > >
> > >
> > >
> >
> >
>
>

-- 
John H Terpstra
Email: jht at samba.org




More information about the samba mailing list