On Mon, 23 Dec 2002, Kenneth Illingsworth wrote: > Thank you for replying. You are correct in that the version of SAMBA is 2.2.1 .
Strongly suggest you update to samba-2.2.7a as there have been MANY fixes and updates since 2.2.1. You can obtain the RPM packages from the samba FTP sites. > > I was not aware of the WinXP_SignOrSeal.reg registry update. However, I am aware of >WinXP SP1 which has been applied. I suspect that the WinXP_SignOrSeal.reg registry >update is separate from SP1. I will attempt to obtain the registry update and apply >it to the XP workstation. > > Any direction you can give on this issue would be greatly appreciated. Attached. It can be found in all recent releases of samba in the docs/Registry directory. Send me your smb.conf file to <[EMAIL PROTECTED]> and I will try to help you. - John T. > > Here is an additional observation: From the SAMBA Troubleshooting Guide, I have >encountered the precise anomaly that I am experiencing: > > Symptom: It is possible to "ping" the HOST from the client (on port 7; the echo >port) but the client is unable to obtain the list of shares on HOST. [I can ping >either the IP addr or the NetBIOS name of the server from the workstation]. > > Cause: Traffic on one or more of the NetBIOS-over-TCP ports (137, 138, 139) >are blocked. To verify this, type one of the following commands: > > nbtstat -A 172.17.60.6 > > If this command shows a list of NetBIOS names, then port 137 is open. Otherwise, it >is blocked. [The COFR3 server is listed along with the COFRNY domain as shown in the >separate section below]. > > Resolution: Find the router, firewall, switch or other device that is blocking >ports 137-139 and reconfigure it. UDP traffic must be permitted on ports 137 and 138, >and TCP traffic must be permitted on port 139. [Since this Linux server is a Virtual >Machine, could this be interpreted as an issue with its TCP/IP configuration?]. > > I could not run a traceroute on the workstations NetBIOS name from the Linux server >as it was an unknown host. However, I was able to obtain the following using the >workstations leased IP address: > > traceroute to 172.16.4.251 (172.16.4.251), 30 hops max, 38 byte packets > 1 172.17.60.5 (172.17.60.5) 7.462 ms 0.812 ms 0.678 ms > 2 172.16.4.251 (172.16.4.251) 3.379 ms 23.449 ms 5.059 ms > > >-------------------------------------------------------------------------------------------------------- > Here are the results of the nbstat command above: > > C:\>nbtstat -A 172.17.60.6 > > Local Area Connection: > Node IpAddress: [172.16.4.251] Scope Id: [] > > NetBIOS Remote Machine Name Table > > Name Type Status > --------------------------------------------- > COFR3 <00> UNIQUE Registered > COFR3 <03> UNIQUE Registered > COFR3 <20> UNIQUE Registered > ..__MSBROWSE__.<01> GROUP Registered > COFRNY <00> GROUP Registered > COFRNY <1B> UNIQUE Registered > COFRNY <1C> GROUP Registered > COFRNY <1D> UNIQUE Registered > COFRNY <1E> GROUP Registered > > MAC Address = 00-00-00-00-00-00 > > COFR3 is the NetBIOS name of the server, and COFRNY is the workgroup name that I am >trying to use to set up the domain. > >-------------------------------------------------------------------------------------------------------- > > >>> John H Terpstra <[EMAIL PROTECTED]> 12/23/02 12:48PM >>> > Kenneth, > > You did not mention the samba version. Suspect you are using 2.2.x. > Did you apply the WinXP_SignOrSeal.reg registry update? > You will need to as XP defaults to this and samba-2.2.x does not support > it yet. > > - John T. > > > On Mon, 23 Dec 2002, Kenneth Illingsworth wrote: > > > I followed the procedure to configure SAMBA as a PDC as outlined in >samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is >COFRNY, and I expected a COFRNY.SID to be generated. However, MACHINE.SID was >generated instead. Furthermore, I cannot see the COFRNY domain listed within MS >Networks on my XP workstation. Any ideas on what I did wrong? > > > > Here is the procedure in detail: > > > > [global] > > workgroup = COFRNY > > domain logons = yes > > security = user > > os level = 34 > > local master = yes > > preferred master = yes > > domain master = yes > > > > ------------------------------------------------ > > For Windows NT clients you must also ensure that Samba is using encrypted >passwords: > > > > encrypted passwords = yes > > > > Furthermore, also exclusively for Windows NT clients, create Trust accounts which >allow a machine to log in to the PDC itself. Create a "dummy" account in the >/etc/passwd file with the following entry: > > > > city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null > > > > Note that we have also disabled the password field by placing a * in it. This is >because Samba will use the smbpasswd file to contain the password instead, and we >don't want anyone to telnet into the machine using that account. Additionally, '1000' >is the UID of the account for the encrypted password database. > > > > Next, add the encrypted password using the smbpasswd command, as follows: > > > > # smbpasswd -a -m city-f5pfa29xta > > Added user city-f5pfa29xta$ > > Password changed for user city-f5pfa29xta$ > > > > The -m option specifies that a machine trust account is being generated. The >smbpasswd program will automatically set the initial encrypted password as the >NetBIOS name of the machine in lowercase letters. When specifying this option on the >command line, do not put a dollar sign after the machine name - it will be appended >automatically. Once the encrypted password has been added, Samba is ready to handle >domain logins from a NT client. > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- John H Terpstra Email: [EMAIL PROTECTED]
REGEDIT4 ;Contributor: John H Terpstra ;Updated: December 17, 2002 ;Status: Current ; ;Subject: Registry file update to delete roaming profiles on logout [HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\winlogon "DeleteRoamingCache"=dword:00000001