On Mon, 23 Dec 2002, Kenneth Illingsworth wrote:

> Thank you for replying. You are correct in that the version of SAMBA is 2.2.1 .

Strongly suggest you update to samba-2.2.7a as there have been MANY fixes
and updates since 2.2.1. You can obtain the RPM packages from the samba
FTP sites.

>
> I was not aware of the WinXP_SignOrSeal.reg registry update. However, I am aware of 
>WinXP SP1 which has been applied. I suspect that the WinXP_SignOrSeal.reg registry 
>update is separate from SP1. I will attempt to obtain the registry update and apply 
>it to the XP workstation.
>
> Any direction you can give on this issue would be greatly appreciated.

Attached. It can be found in all recent releases of samba in the
docs/Registry directory.

Send me your smb.conf file to <[EMAIL PROTECTED]> and I will try to help you.

- John T.

>
> Here is an additional observation:  From the SAMBA Troubleshooting Guide, I have 
>encountered the precise anomaly that I am experiencing:
>
> Symptom:      It is possible to "ping" the HOST from the client (on port 7; the echo 
>port) but the client is unable to obtain the list of shares on HOST. [I can ping 
>either the IP addr or the NetBIOS name of the server from the workstation].
>
> Cause:        Traffic on one or more of the NetBIOS-over-TCP ports (137, 138, 139) 
>are blocked. To verify this, type one of the following commands:
>
>       nbtstat -A 172.17.60.6
>
> If this command shows a list of NetBIOS names, then port 137 is open. Otherwise, it 
>is blocked. [The COFR3 server is listed along with the COFRNY domain as shown in the 
>separate section below].
>
> Resolution:   Find the router, firewall, switch or other device that is blocking 
>ports 137-139 and reconfigure it. UDP traffic must be permitted on ports 137 and 138, 
>and TCP traffic must be permitted on port 139. [Since this Linux server is a Virtual 
>Machine, could this be interpreted as an issue with its TCP/IP configuration?].
>
> I could not run a traceroute on the workstations NetBIOS name from the Linux server 
>as it was an unknown host. However, I was able to obtain the following using the 
>workstations leased IP address:
>
> traceroute to 172.16.4.251 (172.16.4.251), 30 hops max, 38 byte packets
>  1  172.17.60.5 (172.17.60.5)  7.462 ms  0.812 ms  0.678 ms
>  2  172.16.4.251 (172.16.4.251)  3.379 ms  23.449 ms  5.059 ms
>
> 
>--------------------------------------------------------------------------------------------------------
> Here are the results of the nbstat command above:
>
> C:\>nbtstat -A 172.17.60.6
>
> Local Area Connection:
> Node IpAddress: [172.16.4.251] Scope Id: []
>
>            NetBIOS Remote Machine Name Table
>
>        Name               Type         Status
>     ---------------------------------------------
>     COFR3          <00>  UNIQUE      Registered
>     COFR3          <03>  UNIQUE      Registered
>     COFR3          <20>  UNIQUE      Registered
>     ..__MSBROWSE__.<01>  GROUP       Registered
>     COFRNY         <00>  GROUP       Registered
>     COFRNY         <1B>  UNIQUE      Registered
>     COFRNY         <1C>  GROUP       Registered
>     COFRNY         <1D>  UNIQUE      Registered
>     COFRNY         <1E>  GROUP       Registered
>
>     MAC Address = 00-00-00-00-00-00
>
> COFR3 is the NetBIOS name of the server, and COFRNY is the workgroup name that I am 
>trying to use to set up the domain.
> 
>--------------------------------------------------------------------------------------------------------
>
> >>> John H Terpstra <[EMAIL PROTECTED]> 12/23/02 12:48PM >>>
> Kenneth,
>
> You did not mention the samba version. Suspect you are using 2.2.x.
> Did you apply the WinXP_SignOrSeal.reg registry update?
> You will need to as XP defaults to this and samba-2.2.x does not support
> it yet.
>
> - John T.
>
>
> On Mon, 23 Dec 2002, Kenneth Illingsworth wrote:
>
> > I followed the procedure to configure SAMBA as a PDC as outlined in 
>samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is 
>COFRNY, and I expected a COFRNY.SID to be generated. However,   MACHINE.SID was 
>generated instead. Furthermore, I cannot see the COFRNY domain listed within MS 
>Networks on my XP workstation. Any ideas on what I did wrong?
> >
> > Here is the procedure in detail:
> >
> > [global]
> > workgroup = COFRNY
> > domain logons = yes
> > security = user
> > os level = 34
> > local master = yes
> > preferred master = yes
> > domain master = yes
> >
> > ------------------------------------------------
> > For Windows NT clients you must also ensure that Samba is using encrypted 
>passwords:
> >
> > encrypted passwords = yes
> >
> > Furthermore, also exclusively for Windows NT clients, create Trust accounts which 
>allow a machine to log in to the PDC itself. Create a "dummy" account in the 
>/etc/passwd file with the following entry:
> >
> > city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null
> >
> > Note that we have also disabled the password field by placing a * in it. This is 
>because Samba will use the smbpasswd file to contain the password instead, and we 
>don't want anyone to telnet into the machine using that account. Additionally, '1000' 
>is the UID of the account for the encrypted password database.
> >
> > Next, add the encrypted password using the smbpasswd command, as follows:
> >
> > # smbpasswd -a -m city-f5pfa29xta
> > Added user city-f5pfa29xta$
> > Password changed for user city-f5pfa29xta$
> >
> > The -m option specifies that a machine trust account is being generated. The 
>smbpasswd program will automatically set the initial encrypted password as the 
>NetBIOS name of the machine in lowercase letters. When specifying this option on the 
>command line, do not put a dollar sign after the machine name - it will be appended 
>automatically. Once the encrypted password has been added, Samba is ready to handle 
>domain logins from a NT client.
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
>
>

-- 
John H Terpstra
Email: [EMAIL PROTECTED]
REGEDIT4



;Contributor:   John H Terpstra

;Updated:       December 17, 2002

;Status:        Current

;

;Subject:       Registry file update to delete roaming profiles on logout



[HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\winlogon

"DeleteRoamingCache"=dword:00000001



Reply via email to