Re: [Samba] create new domain SID
Hi, I will try this next week and report if it worked. I already tried this but maybe I made a mistake somewhere (forgotten to stop samba perhaps). Thanks Manfred Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beast wrote: | |> removing secrets.tdb & ldap Sambadomain doesn't help. |> Samba then simply has no SID at all. |> As it creates one during install there should be some |> tool to recreate it. Trust me. ~ stop smbd, nmbd, winbindd ~ rm secrets.tdb and sambaDomain object ~ restart smbd and you will have a new domain sid. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAI63LIR7qMdg1EfYRAi+LAJ9O1NeG4XUO/tze3x2Ed+47NjL+XQCg2NSU YQCa8fnJXRCtmlNPmybh01c= =T/Id -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create new domain SID
The command is not the problem. The SID should be random and unique. A "handcrafted" SID is no good idea. Manfred Beast wrote: * MH - Entwicklung <[EMAIL PROTECTED]> nulis: removing secrets.tdb & ldap Sambadomain doesn't help. Samba then simply has no SID at all. As it creates one during install there should be some tool to recreate it. Did you mean "net setlocalsid " ? Manfred Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MH - Entwicklung wrote: | Hello out there, | | can anybody tell me how to generate a new DOMAIN SID for a | SAMBA 3 Server. I cloned a server and want to give it | a new SID automatically. remove secrets.tdb (and possibly the sambaDomain object in LDAP if you use that). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAIQv0IR7qMdg1EfYRAk3DAJ4k4ZTRKYlsRqB3WneG00ZVSdNSHQCffgme 30sBy3qGGtWlJwNzUt+A/Ds= =/tUI -END PGP SIGNATURE- -- manfred heubach edv und neue medien Hindenburgstr. 47 D-73728 Esslingen Tel. +49 711 9315824 Fax +49 711 9315825 www.heubach-edv.de Informationstechnologie und Telekommunikation für Unternehmen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create new domain SID
removing secrets.tdb & ldap Sambadomain doesn't help. Samba then simply has no SID at all. As it creates one during install there should be some tool to recreate it. Manfred Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MH - Entwicklung wrote: | Hello out there, | | can anybody tell me how to generate a new DOMAIN SID for a | SAMBA 3 Server. I cloned a server and want to give it | a new SID automatically. remove secrets.tdb (and possibly the sambaDomain object in LDAP if you use that). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAIQv0IR7qMdg1EfYRAk3DAJ4k4ZTRKYlsRqB3WneG00ZVSdNSHQCffgme 30sBy3qGGtWlJwNzUt+A/Ds= =/tUI -END PGP SIGNATURE- -- manfred heubach edv und neue medien Hindenburgstr. 47 D-73728 Esslingen Tel. +49 711 9315824 Fax +49 711 9315825 www.heubach-edv.de Informationstechnologie und Telekommunikation für Unternehmen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] create new domain SID
Hello out there, can anybody tell me how to generate a new DOMAIN SID for a SAMBA 3 Server. I cloned a server and want to give it a new SID automatically. Regards Manfred -- manfred heubach edv und neue medien Hindenburgstr. 47 D-73728 Esslingen Tel. +49 711 9315824 Fax +49 711 9315825 www.heubach-edv.de Informationstechnologie und Telekommunikation für Unternehmen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Profiles not working with W2K SP4,Samba 3.0.0beta2 (already posted but got no answer)
Hello, I still have a problem with my Samba installation. Userprofiles don't work under W2K SP4. They work fine with Windows NT 4. When loggin on for the first time the user profile directory is created. After loggin off however no data is written to the profile directory on the Samba PDC. When logging on there ist the following activity in the logs (debug level = 1; log.pc1): => [2003/07/22 14:11:41, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1351) failed to decode PDU [2003/07/22 14:11:41, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. [2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692) pc1 (192.168.0.1) connect to service netlogon initially as user test (uid=1006, gid=1006) (pid 823) [2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692) pc1 (192.168.0.1) connect to service test initially as user test (uid=1006, gid=1006) (pid 823) [2003/07/22 14:11:43, 1] smbd/service.c:make_connection_snum(692) pc1 (192.168.0.1) connect to service test initially as user test (uid=1006, gid=1006) (pid 823) <= When logging off there is just this: [2003/07/22 14:13:50, 1] smbd/service.c:close_cnum(873) pc1 (192.168.0.1) closed connection to service test If I log on at a Windows NT 4 Workstation the log is different (debug level = 1; log.heu2): ==> [2003/07/22 14:17:19, 1] smbd/service.c:make_connection_snum(692) heu2 (192.168.0.2) connect to service profiles initially as user test (uid=1006, gid=1006) (pid 846) [2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692) heu2 (192.168.0.2) connect to service netlogon initially as user test (uid=1006, gid=1006) (pid 846) [2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692) heu2 (192.168.0.2) connect to service test initially as user test (uid=1006, gid=1006) (pid 846) [2003/07/22 14:17:20, 0] smbd/nttrans.c:call_nt_transact_ioctl(1831) call_nt_transact_ioctl(0x90028): Currently not implemented. <== In the logs I can see that W2K SP4 doesn't connect to the profiles share instead there are some errors in the log (failed to do schannel processing, failed to decode PDU). When logging off, Samba is only logging that the connection to the home share and other open shares (The profile share never occurs in the logs) are closed: Logging off from the W2K workstation takes about 1 1/2 minutes. W2K writes the following to the eventlog (german log): => Die Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen werden nicht repliziert, falls Sie ein servergspeichertes Profil haben. Wenden Sie sich an den Administrator. DETAIL - Zugriff verweigert , Buildnummer ((2195)). <= I'm not sure about this message, because it also occurs when logging on and off locally at the machine itself. The registry tweaks I found on google didn't change anything about this message. Also logging off locally takes about 1 1/2 minutes time. Any help is welcome :-) and sorry for my last posting - I accidently hit the "send" button before finishing my text. Best Regards Manfred My smb.conf looks like this: => # Samba config file created using SWAT # from 192.168.0.1 (192.168.0.1) # Date: 2003/07/22 12:24:13 # Global parameters [global] debug level = 4 unix charset = ISO-8859-15 workgroup = DVS server string = %h server (Samba %v) obey pam restrictions = Yes passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 logon path = \\samba\profiles\%u logon drive = h: logon home = \\samba\%u domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 invalid users = root admin users = administrator [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No [netlogon] path = /var/exports/data/netlogon write list = domainadmins [profiles] path = /var/exports/data/profiles read only = No create mask = 0600 directory mask = 0700 profile acls = yes [gl] path = /var/exports/data/gl valid users = @gl, @domainadmins force group = @gl read only = No create mask = 0660 directory mask = 0770 [ma] path = /var/exports/data/ma valid users = @ma, @domainadmins force group = @ma read only = No create mask = 0660 directory mask = 0770 <= the profile directory looks like this:
[Samba] W2K SP4, Samba 3.0.0beta2 and Profiles
Hello, now I still have a problem with my Samba installation. Userprofiles don't work under W2K SP4. They work fine with Windows NT 4. When loggin on for the first time the user profile directory is created. After loggin off however no data is written to the profile directory on the Samba PDC. My smb.conf looks like this: => # Samba config file created using SWAT # from 192.168.0.1 (192.168.0.1) # Date: 2003/07/22 12:24:13 # Global parameters [global] debug level = 4 unix charset = ISO-8859-15 workgroup = DVS server string = %h server (Samba %v) obey pam restrictions = Yes passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 logon path = \\samba\profiles\%u logon drive = h: logon home = \\samba\%u domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 invalid users = root admin users = administrator [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No [netlogon] path = /var/exports/data/netlogon write list = domainadmins [profiles] path = /var/exports/data/profiles read only = No create mask = 0600 directory mask = 0700 profile acls = yes [gl] path = /var/exports/data/gl valid users = @gl, @domainadmins force group = @gl read only = No create mask = 0660 directory mask = 0770 [ma] path = /var/exports/data/ma valid users = @ma, @domainadmins force group = @ma read only = No create mask = 0660 directory mask = 0770 <= the profile directory looks like this: drwxrwxrwx2 root domainusers 4096 Jul 22 13:35 profiles (777 permissions are for testing, they will become 770 again) When logging on there ist the following activity in the logs (log.pc1): => [2003/07/22 14:11:41, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1351) failed to decode PDU [2003/07/22 14:11:41, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. [2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692) pc1 (192.168.0.1) connect to service netlogon initially as user test (uid=1006, gid=1006) (pid 823) [2003/07/22 14:11:42, 1] smbd/service.c:make_connection_snum(692) pc1 (192.168.0.1) connect to service test initially as user test (uid=1006, gid=1006) (pid 823) [2003/07/22 14:11:43, 1] smbd/service.c:make_connection_snum(692) pc1 (192.168.0.1) connect to service test initially as user test (uid=1006, gid=1006) (pid 823) <= When logging off there is just this: [2003/07/22 14:13:50, 1] smbd/service.c:close_cnum(873) pc1 (192.168.0.1) closed connection to service test If I log on at a Windows NT 4 Workstation the log is different (log.heu2): ==> [2003/07/22 14:17:19, 1] smbd/service.c:make_connection_snum(692) heu2 (192.168.0.2) connect to service profiles initially as user test (uid=1006, gid=1006) (pid 846) [2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692) heu2 (192.168.0.2) connect to service netlogon initially as user test (uid=1006, gid=1006) (pid 846) [2003/07/22 14:17:20, 1] smbd/service.c:make_connection_snum(692) heu2 (192.168.0.2) connect to service test initially as user test (uid=1006, gid=1006) (pid 846) [2003/07/22 14:17:20, 0] smbd/nttrans.c:call_nt_transact_ioctl(1831) call_nt_transact_ioctl(0x90028): Currently not implemented. <== In the logs I can see that W2K SP4 doesn't connect to the profiles share instead there are some errors in the log (failed to do schannel processing, failed to decode PDU). Logging off from the W2K workstation takes about 1 1/2 minutes. W2K writes the following to the eventlog (german log): => Die Registrierungsdatei konnte nicht entfernt werden. Ihre Einstellungen werden nicht repliziert, falls Sie ein servergspeichertes Profil haben. Wenden Sie sich an den Administrator. DETAIL - Zugriff verweigert , Buildnummer ((2195)). <= Samba is only logging that the connection to home share is closed: -- manfred heubach edv und neue medien Hindenburgstr. 47 D-73728 Esslingen Tel. +49 711 9315824 Fax +49 711 9315825 www.heubach-edv.de Informationstechnologie und Telekommunikation für Unternehmen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Swat not authenticating root but other users work (PAMProblem?)
Hello, I've got a little problem with Samba 3.0.0beta2-1 on Debian/unstable. SWAT cannot authenticate the user root. In auth.log I see the following entry: Jul 22 10:09:59 samba samba(pam_unix)[3709]: authentication failure; logname= uid=0 euid=0 tty=samba ruser= rhost=0.0.0.0 user=root This only happens to the user root. All other users can use SWAT. Maybe this is a PAM configuration problem? Any ideas ? Regards Manfred -- manfred heubach edv und neue medien Hindenburgstr. 47 D-73728 Esslingen Tel. +49 711 9315824 Fax +49 711 9315825 www.heubach-edv.de Informationstechnologie und Telekommunikation für Unternehmen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Moving Samba installation from one host to another
Dear René, thanks for your answer. I see I should have asked this before I moved Samba. But now I know better for the next time :-) Regards Manfred - Original Message - From: "R.Nieuwenhuizen" <[EMAIL PROTECTED]> To: "MH - Entwicklung" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, June 23, 2003 10:55 AM Subject: Re: [Samba] Moving Samba installation from one host to another > You forgot to to transfer your domain-SID to the new samba-server. > > This can be done by running rpcclient on the old samba-server and run > the "lsaquery" command. This will output the domain-SID. Next you copy > and paste this in to a file called "MACHINE.SID" on the new server (this > file should be placed in the private subdir where secrets.tdb is > located) and remove the secrets.tdb file. If samba is restarted the > domain-SID (from MACHINE.SID) is imported into the secrets.tdb. > > At last you should transport the smbpasswd file (located in the private > subdir) from the old samba-server to the new samba-server. > > Things should now be up and running fine... > > MH - Entwicklung wrote: > > >Hello, > > > >last week I experienced some problems when moving a Samba installation from one > >host to another host. > > > >The old system ran Samba 2.2.8 on a SuSE Linux 7.3 > >The new system is also running Samba 2.2.8 but on Debian Woody > >The Client Systems are all running Win2K SP1. One is running Win2K SP2. One is > >running Win98. > > > >I moved smbpasswd to the new host. I also made sure that all entries in passwd, > >group and shadow existed on the new system. Anyway all computers lost the > >connection to the Domain when switching to the new Samba PDC. I had to remove all > >hosts from the domain and let them join the domain again in order to get it working > >again. Also all Windows SIDS associated with the users had changed. > > > >Any idea what I've done wrong ? > > > >Regards > >Manfred > > > > > > > > > > -- > René Nieuwenhuizen > Afdeling Informatietechnologie > Centraal Planbureau > > Bezoekadres: Van Stolkweg 14, 2585 JR Den Haag > Postadres: Postbus 80510, 2508 GM Den Haag > > T (070) 3383 342 > F (070) 3383 350 > I http://www.cpb.nl/nl/general/org/afdelingen/it/ > > > -- > > Aan dit bericht kunnen geen rechten worden ontleend. > Het bericht is alleen bestemd voor de geadresseerde. > Indien dit bericht niet voor u is bestemd, verzoeken wij u dit onmiddellijk aan > ons te melden en de inhoud van het bericht te vernietigen. > > This message shall not constitute any obligations. > This message is intended solely for the addressee. > If you have received this message in error, please inform us immediately and > delete its contents. > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Moving Samba installation from one host to another
Hello, last week I experienced some problems when moving a Samba installation from one host to another host. The old system ran Samba 2.2.8 on a SuSE Linux 7.3 The new system is also running Samba 2.2.8 but on Debian Woody The Client Systems are all running Win2K SP1. One is running Win2K SP2. One is running Win98. I moved smbpasswd to the new host. I also made sure that all entries in passwd, group and shadow existed on the new system. Anyway all computers lost the connection to the Domain when switching to the new Samba PDC. I had to remove all hosts from the domain and let them join the domain again in order to get it working again. Also all Windows SIDS associated with the users had changed. Any idea what I've done wrong ? Regards Manfred -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
