[Samba] On-the-Fly Creation of Machine Trust Accounts Problem
Using Samba 3.0.23a-1.fc5.1 When I try to add XP workstation to the domain using Network ID wizard (from XP) it fails. add machine script is: /usr/sbin/useradd -d /dev/null -g 500 -s /bin/false -M %u What happens is a unix account (in passwd file) is created with LOWER-CASE username. Account is added to smbpasswd in UPPER-CASE. XP reports error "A device attached to the system is not functioning". Manually changing unix account to upper case works. This worked fined using Samba 2.x Any suggestions or which version of Samba should I roll back to?? Thanks Lee Baker "This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient of the message you must not use, disclose, distribute, copy, print or take action in reliance on it. If you have received this email in error please notify the sender and delete the original message from your system". "The views expressed in this email are those of the individual sender, except where the sender specifically states them to be the views of The McAuley Catholic High School". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] On-the-Fly Creation of Machine Trust Accounts Problem
Using Samba 3.0.23a-1.fc5.1 When I try to add XP workstation to the domain using Network ID wizard (from XP) it fails. add machine script is: /usr/sbin/useradd -d /dev/null -g 500 -s /bin/false -M %u What happens is a unix account (in passwd file) is created with LOWER-CASE username. Account is added to smbpasswd in UPPER-CASE. XP reports error "A device attached to the system is not functioning". Manually changing unix account to upper case works. This worked fined using Samba 2.x Any suggestions or which version of Samba should I roll back to?? Thanks Lee Baker "This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient of the message you must not use, disclose, distribute, copy, print or take action in reliance on it. If you have received this email in error please notify the sender and delete the original message from your system". "The views expressed in this email are those of the individual sender, except where the sender specifically states them to be the views of The McAuley Catholic High School". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] urgent kindly reply
You may also want to look at www.nitrobit.com. They have developed a group policy management system that does not require AD server. I am also in the middle of developing a system that is a bit more flexible than the poledit method which I will hopefully be able to document soon. Lee Baker MEng MIEE Music Technology Coordinator The McAuley Catholic High School Specialist College for the Performing Arts Cantley Lane Doncaster DN3 3QF Telephone: 01302 537396 Ext. 254 Mobile: 07092 044794 Fax: 01302 533923 Email: [EMAIL PROTECTED] http://www.pa.mcauley.org.uk Information contained in this email or any attachment may be of a confidential nature which should not be disclosed to, copied or used by anyone other than the addressee. If you receive this email in error, please delete the email from your computer. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gauravg Sent: 15 April 2005 11:24 To: samba@lists.samba.org Subject: [Samba] urgent kindly reply Sir, we are running windows 2003 standard edition with group policies with restricted rights & permission which are given below : Users are not able to install any software. restriction on network setting in local area connection sothat nobody can change the setting. hide the control panel or restrict any setting or should not visible to users except administrator. etc. can we have all these restriction in samba, if yes then in which version & which linux flavour. kindly updata ASAP & oblige. With warm regards Gaurav Gera Lakshya Digital Pvt. Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Password Generator
The OP was asking the question because he is very busy running a 2000 user site and implementing full AD style Group Policies from Samba (something I imagine many people might actually like to benefit from at some point) and didn't want to repeat work done by others in writing a script to work out usernames. The unfortunate part was that he sent the message before 10am and before he'd had his coffee and therefore stupidly wrote password generator and not username generator. Yes he has heard of scriptng and appologises for posting "such nonsense" but even geniuses have their off days - no offence taken! Lee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Landgren Sent: 18 March 2005 09:15 To: samba@lists.samba.org Subject: Re: [Samba] Password Generator On Tue, 15 Mar 2005 22:45:05 +0100 (CET), Tony Earnshaw <[EMAIL PROTECTED]> wrote: > > Aaron J. Zirbes: > > > Are you suggesting you wish to generate easily crackable passwords for > > all your users? I would strongly advise against this. How soon do you > > want your systems broken into? > > > > I would suggest you assign fully randomized passwords (mixed-case + > > numbers and characters), and then set a strict password requirements on > > your domain controller and workstations. Then make sure your users change > > their passwords on their first logon to something they can remember. > > So you never heard of APG and never heard of shell/awk scripting and never > heard of LDAP. Learn about them, before posting such nonsense again. Jeeze Tony, you spread your good humour and grace every where you go, don't you? The OP was asking the question because he didn't know of such things, and was seeking advice. We were all clueless newbies once. This is a very high traffic list: please engage your brain before posting such nonsense again. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Username generator
Can anyone suggest any apps/scripts for bulk generating USERNAMES from real names (e.g. jsmith from John Smith) that would check for duplicated in an existing smbpasswd or passwd file and append a number to the username (e.g. jsmith1, jsmith2). Thanks Lee Baker MEng MIEE Music Technology Coordinator The McAuley Catholic High School Specialist College for the Performing Arts Cantley Lane Doncaster DN3 3QF Telephone: 01302 537396 Ext. 254 Mobile: 07092 044794 Fax: 01302 533923 Email: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] <http://www.pa.mcauley.org.uk/> http://www.pa.mcauley.org.uk Information contained in this email or any attachment may be of a confidential nature which should not be disclosed to, copied or used by anyone other than the addressee. If you receive this email in error, please delete the email from your computer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password Generator
Can anyone suggest any apps/scripts for bulk generating passwords from real names (e.g. jsmith from John Smith) that would check for duplicated in an existing smbpasswd or passwd file and append a number to the username (e.g. jsmith1, jsmith2). Thanks Lee Baker MEng MIEE Music Technology Coordinator Email: <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED] <http://www.pa.mcauley.org.uk/> http://www.pa.mcauley.org.uk Information contained in this email or any attachment may be of a confidential nature which should not be disclosed to, copied or used by anyone other than the addressee. If you receive this email in error, please delete the email from your computer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NetBIOS wildcard queries repeated by wireless access points
I am trying to resolve a problem with NetBIOS wildcard broadcast queries being relayed/repeated by around 50 US Robotics wireless access points. The APs only re-broadcast wildcard queries from our samba3 server - our numerous windows 2003 servers do not appear to use wildcard broadcast queries (if they do, they are not causing the same problems). Any help would be appreciate as this problem is causes massive network problems as all our winxp clients repeatedly reply to each repeated query. Kind regards Lee Baker The initial NetBIOS packet from the samba server: (192.168.5.200 is the samba server, 192.168.2.185 is a USR Access Point) No. TimeSourceDestination Protocol Info 3143 200.215902 192.168.5.200 192.168.5.255 NBNS Name query NB *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> Frame 3143 (92 bytes on wire, 92 bytes captured) Arrival Time: Feb 7, 2005 18:23:30.407103000 Time delta from previous packet: 91.745643000 seconds Time since reference or first frame: 200.215902000 seconds Frame Number: 3143 Packet Length: 92 bytes Capture Length: 92 bytes Ethernet II, Src: 00:0b:db:90:9f:0b, Dst: ff:ff:ff:ff:ff:ff Destination: ff:ff:ff:ff:ff:ff (Broadcast) Source: 00:0b:db:90:9f:0b (192.168.5.200) Type: IP (0x0800) Internet Protocol, Src Addr: 192.168.5.200 (192.168.5.200), Dst Addr: 192.168.5.255 (192.168.5.255) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 00.. = Differentiated Services Codepoint: Default (0x00) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 78 Identification: 0x (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: UDP (0x11) Header checksum: 0xad87 (correct) Source: 192.168.5.200 (192.168.5.200) Destination: 192.168.5.255 (192.168.5.255) User Datagram Protocol, Src Port: 33175 (33175), Dst Port: netbios-ns (137) Source port: 33175 (33175) Destination port: netbios-ns (137) Length: 58 Checksum: 0x4190 (correct) NetBIOS Name Service Transaction ID: 0x6f69 Flags: 0x0110 (Name query) 0... = Response: Message is a query .000 0... = Opcode: Name query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively ...1 = Broadcast: Broadcast packet Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NB, class inet Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector) Type: NB Class: inet The packet relayed by A US Robotics Access Point: No. TimeSourceDestination Protocol Info 3151 200.216628 192.168.5.200 192.168.5.255 NBNS Name query NB *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> Frame 3151 (92 bytes on wire, 92 bytes captured) Arrival Time: Feb 7, 2005 18:23:30.407829000 Time delta from previous packet: 0.000667000 seconds Time since reference or first frame: 200.216628000 seconds Frame Number: 3151 Packet Length: 92 bytes Capture Length: 92 bytes Ethernet II, Src: 00:c0:49:a9:b8:b4, Dst: ff:ff:ff:ff:ff:ff Destination: ff:ff:ff:ff:ff:ff (Broadcast) Source: 00:c0:49:a9:b8:b4 (192.168.2.185) Type: IP (0x0800) Internet Protocol, Src Addr: 192.168.5.200 (192.168.5.200), Dst Addr: 192.168.5.255 (192.168.5.255) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 00.. = Differentiated Services Codepoint: Default (0x00) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 78 Identification: 0x (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fr
[Samba] Multiple Netbios name queries on ports 32944, 33169 and 33171
I've had to set up an iptables filter to drop packets originating from ports 32944, 33169 and 33171 on a samba 3 server as broadcast 'storms' lasting ~3seconds have intermittently been taking down all net communication. Can anyone shed any light on this? The packet capured in ethereal is below. Lee Baker Sorry for not trimming - not sure what's important: No. TimeSourceDestination Protocol Info 60621 2047.389515 192.168.5.200 192.168.5.255 NBNS Name query NB *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> Frame 60621 (92 bytes on wire, 92 bytes captured) Arrival Time: Feb 7, 2005 17:03:26.942953000 Time delta from previous packet: 0.07000 seconds Time since reference or first frame: 2047.389515000 seconds Frame Number: 60621 Packet Length: 92 bytes Capture Length: 92 bytes Ethernet II, Src: 00:c0:49:d8:db:36, Dst: ff:ff:ff:ff:ff:ff Destination: ff:ff:ff:ff:ff:ff (Broadcast) Source: 00:c0:49:d8:db:36 (192.168.45.200) Type: IP (0x0800) Internet Protocol, Src Addr: 192.168.5.200 (192.168.5.200), Dst Addr: 192.168.5.255 (192.168.5.255) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 00.. = Differentiated Services Codepoint: Default (0x00) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 78 Identification: 0x (0) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 61 Protocol: UDP (0x11) Header checksum: 0xb087 (correct) Source: 192.168.5.200 (192.168.5.200) Destination: 192.168.5.255 (192.168.5.255) User Datagram Protocol, Src Port: 33171 (33171), Dst Port: netbios-ns (137) Source port: 33171 (33171) Destination port: netbios-ns (137) Length: 58 Checksum: 0xaf64 (correct) NetBIOS Name Service Transaction ID: 0x0199 Flags: 0x0110 (Name query) 0... = Response: Message is a query .000 0... = Opcode: Name query (0) ..0. = Truncated: Message is not truncated ...1 = Recursion desired: Do query recursively ...1 = Broadcast: Broadcast packet Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>: type NB, class inet Name: *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> (Workstation/Redirector) Type: NB Class: inet ## This is the response from a workstation: No. TimeSourceDestination Protocol Info 60622 2047.389527 192.168.5.100 192.168.5.200 NBNS Name query response NB 192.168.5.100 Frame 60622 (104 bytes on wire, 104 bytes captured) Arrival Time: Feb 7, 2005 17:03:26.942965000 Time delta from previous packet: 0.12000 seconds Time since reference or first frame: 2047.389527000 seconds Frame Number: 60622 Packet Length: 104 bytes Capture Length: 104 bytes Ethernet II, Src: 00:07:e9:1a:80:74, Dst: 00:0b:db:90:9f:0b Destination: 00:0b:db:90:9f:0b (192.168.5.200) Source: 00:07:e9:1a:80:74 (192.168.5.100) Type: IP (0x0800) Internet Protocol, Src Addr: 192.168.5.100 (192.168.5.100), Dst Addr: 192.168.5.200 (192.168.5.200) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 00.. = Differentiated Services Codepoint: Default (0x00) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 90 Identification: 0x6c52 (27730) Flags: 0x00 0... = Reserved bit: Not set .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: UDP (0x11) Header checksum: 0x41c4 (correct) Source: 192.168.5.100 (192.168.5.100) Destination: 192.168.5.200 (192.168.5.200) User Datagram Protocol, Src Port: netbios-ns (137), Dst Port: 33171 (33171) Source port: netbios-ns (137) Destination port: 33171 (33171) Length: 70 Checksum: 0xf1fe (correct) NetBIOS Name Service Transaction ID: 0x0199 Flags: 0x8500 (Name query response, No error) 1... = Response: Message is a response
[Samba] nbns broadcast problem *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00>
I have a samba server that intermittently broadcasts netbios name queries for *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> for around 3 seconds, taking out virtually all other network communication. Here is one of the packets: No. TimeSourceDestination Protocol Info 2385639 1531.790940 192.168.5.200 192.168.5.255 NBNS Name query NB *<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00> Frame 2385639 (92 bytes on wire, 92 bytes captured) Ethernet II, Src: 00:c0:49:d8:da:3c, Dst: ff:ff:ff:ff:ff:ff Internet Protocol, Src Addr: 192.168.5.200 (192.168.5.200), Dst Addr: 192.168.5.255 (192.168.5.255) User Datagram Protocol, Src Port: 32944 (32944), Dst Port: netbios-ns (137) NetBIOS Name Service Any help would be much appreciated. Lee Baker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] logon scripts execute randomly
I have a similar problem since upgrade to Samba 3.0.x - must admit I've not tried debugging the problem yet. Have around 1500 users across ~50 XP (SP2) workstations - problem tends to occur ~2 in every 30 users. Logon script does seem to execute though - it's just the drives that don't map. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of mathias schenker Sent: 29 November 2004 14:33 To: [EMAIL PROTECTED] Subject: [Samba] logon scripts execute randomly I use samba 3.0.9 as a pdc with ldapsam. In the ldap entries, for every user there is a logon script sambaLogonScript. I only use two different scripts for 1000 users and 100 computers. The scripts lehrer.bat and schueler.bat reside in the netlogon share and provide more shares with the net use command. >From the user's perspective, this often works well. sometimes, however, the script is not executed, without further notice, and the users see only their own home directory. more proficient users still can connect to the server and use the other shares, but the less technically minded fail. If it didn't work at all, I could maybe live with it, but this drives me crazy ;-) The domain has only one server, so it shouldn't be a conflict between two servers. has anybody seen this before? google and a search in bugzilla have not yielded much so far. thanks for any input! mathias schenker informatiker gymnasium liestal -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] logon scripts by group
Step 1: Create a NETLOGON share with a group variable in the path e.g. /domain_data/netlogon_shares/%g Step 2: In the [globals] section of your conf file enter the name of your script for 'logon script' (e.g. login.bat) Step 3: On your samba PDC create folders for each group name in /domain_data/netlogon/ (or whatever location you have chosen) make sure that users will have read only access. Step 4: Put your login.bat scripts in each folder (you may want to use symbolic links if many groups use the same script - it will make it easier to edit in future). Hope this helps, Lee Baker -Original Message- Sent: 06 October 2004 16:33 To: [EMAIL PROTECTED] Subject: [Samba] logon scripts by group Hi, I am having a hard time figuring out how to have logon scripts that only execute if the user is a member of a certain group. I had the smart idea of putting the supplemental logon script in a share only available to the group, and then calling it from the normal logon script using "CALL "path_to_script". However it looks like it always executes that CALL even if the user is not part of a group, and I don't want to confuse my users by the text that goes into the DOS window that pops up to run the logon scripts. Also, somehow I feel like there must be a better way to do this, some way to query Samba for group membership as the user logs in. Also, is there a such thing as a logoff script? Or do I need to put those things in postexec scripts? (things like "net use /d *") Thanks for your assistance to this non-Windows user! Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind netlogon scripts
Using an XP workstation joined to Samba PDC domain, when a user tries to log into a trusted win2003 ADS domain from this machine (using winbind) should the user's login script run (as specified in their windows account)? Because at the moment I can't seem to get scripts to run. Lee Baker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain Trust Logins
>Am I using winbind? in what way exactly? As I understand it the Samba server couldn't be a PDC for its own separate domain if I was to use winbind and make it a member of another win2003 domain. Is it possible to use winbind in such a way that it can provide for authentication of uses in a win2003 trusted domain without requiring the samba server to be a member of that domain? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H Terpstra Sent: 01 October 2004 18:38 To: [EMAIL PROTECTED] Subject: Re: [Samba] Domain Trust Logins On Friday 01 October 2004 09:02, Lee Baker wrote: > Config: > Samba 3 trusts a win2003 domain. > XP workstations joined to Samba PDC domain. > > When a user in the 2003 domain tries to login using an XP workstation > and choosing the 2003 domain in the "log onto" box this fails unless the > user also has a Linux user account. > > Is there a way around this? Is this just the way it works? Are you using winbind? If not, that explains your observations. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Trust Logins
Config: Samba 3 trusts a win2003 domain. XP workstations joined to Samba PDC domain. When a user in the 2003 domain tries to login using an XP workstation and choosing the 2003 domain in the "log onto" box this fails unless the user also has a Linux user account. Is there a way around this? Is this just the way it works? Thanks Lee Baker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3 trusting Windows 2003 (Native Mode)
Can anyone offer any help on this at all?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lee Baker Sent: 27 September 2004 12:07 To: [EMAIL PROTECTED] Subject: [Samba] Samba 3 trusting Windows 2003 (Native Mode) I have the following situation: Windows XP (SP2) clients connected to a Samba 3 PDC (3.0.7-2.FC2) on the domain "MNET". Also a separate Windows 2003 AD domain "SCH" (using Native Mode). I want to allow users in the AD domain "SCH" to logon to that domain from the XP clients by using their existing credentials and simply choosing the SCH domain in the XP logon dialogue. ie. Users in domain "SCH" accessing resources in domain "MNET". In order to do this I have attempted to establish a one-way trust - the Samba domain trusting the 2003AD domain. I have setup the trust on the AD server (but not verified it) then on the Samba server "net rpc trustdom establish SCH" I then get the following: Password: [entered password] Could not connect to server WOLF[this is the PDC for the SCH domain] Trust to domain SCH established When I then try to logon to the SCH domain, in the way described above, for most accounts it will fail with a bad password error. However if the user account in the SCH domain is set to force password change on next logon it will work - the user is forced to change password and they are then logged in. Other info: The SCH domain is made up of several 2003 servers running in native mode with server WOLF promoted as the PDC. The Samba server is set to use a WINS server in the SCH domain. The SCH domain PDC can be pinged/nslookup/nmblookup from the Samba server. Any help would be greatly appreciated. Lee Baker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba