[Samba] verify smbpasswd run as root when user changes?
Is smbpasswd run as root or local when an XP Pro domain client tries to change password? System Fedora Core 4/SeLinuxSecurity disabled SAMBA 3.0.20 PDC unix password sync=yes passwd backend smbpasswd Problem - Users logged into XP pro cannot change password Detail: When a user tries to change their password they get the error message: You do not have permission to change your password. However - the Linux password is changed and the SAMBA password is not. logging in to Fedora as root and invoking passwd and smbpasswd for the user returns no errors su 'username' and repeating the process (with good password given) passwd - okay smbpasswd - machine 127.0.0.1 rejected the password change: Error was: RAP86: The specified password is invalid. The only difference if you use a bad password - passwd won't allow the change either. So my conclusion thus far is that passwd is being invoked as root but smbpasswd is being invoked as the logged in user and refuses the password change. However, I have no idea what to do now and I cannot set unix passwd sync = no (even though that fixes it) - Please help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] verify smbpasswd run as root when user changes?
Okay - a) yes b) I set pam password change = yes and the problem went away. Why? How did the 'nix password change then? What was broken? Moondance Foxmarnick wrote: Is smbpasswd run as root or local when an XP Pro domain client tries to change password? System Fedora Core 4/SeLinuxSecurity disabled SAMBA 3.0.20 PDC unix password sync=yes passwd backend smbpasswd Problem - Users logged into XP pro cannot change password Detail: When a user tries to change their password they get the error message: You do not have permission to change your password. However - the Linux password is changed and the SAMBA password is not. logging in to Fedora as root and invoking passwd and smbpasswd for the user returns no errors su 'username' and repeating the process (with good password given) passwd - okay smbpasswd - machine 127.0.0.1 rejected the password change: Error was: RAP86: The specified password is invalid. The only difference if you use a bad password - passwd won't allow the change either. So my conclusion thus far is that passwd is being invoked as root but smbpasswd is being invoked as the logged in user and refuses the password change. However, I have no idea what to do now and I cannot set unix passwd sync = no (even though that fixes it) - Please help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd - RAP86 error - 3.0.20
System Fedora Core 4/SeLinuxSecurity disabled SAMBA 3.0.20 unix password sync=yes passwd backend smbpasswd Problem - Users logged into XP pro cannot change password Detail: When a user tries to change their password they get the error message: You do not have permission to change your password. However - the Linux password is changed and the SAMBA password is not. logging in to Fedora as root and invoking passwd and smbpasswd for the user returns no errors su 'username' and repeating the process (with good password given) passwd - okay smbpasswd - machine 127.0.0.1 rejected the password change: Error was: RAP86: The specified password is invalid. The only difference if you use a bad password - passwd won't allow the change either. So my conclusion thus far is that passwd is being invoked as root but smbpasswd is being invoked as the logged in user and refuses the password change. However, I have no idea what to do now and I cannot set unix passwd sync = no (even though that fixes it) - Please help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SIDs and UIDs and RIDs - Oh My!
Mr. Terpstra, Ha, ha hah ha! I love it! Yes! Yes! That is exactly how it feels! As to the Why.. because it's there! (you knew that was coming..) I'm a bit like the White Rabbit though - I'm Late! I'm Late! For a Very Important D..eadline! However, I will download the PDF and devour it tomorrow. So if you hear Angels singing - you'll know I'm connecting dots! Thank you kindly for your patience, -Moondance P.S. - for further irony: I did work on cars w/my dad before I could drive them. It worked out well. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H Terpstra Sent: Saturday, August 13, 2005 10:14 PM To: samba@lists.samba.org Subject: Re: [Samba] SIDs and UIDs and RIDs - Oh My! OK - You are clearly feeling your way. Why try to be a motor mechanic before you can even drive the car? The Samba-3 HOWTO and Reference Guide is the mechanic's reference manual! You need the book that demonstrates how to drive the car! I strongly suggest that you refer to my book Samba-3 by Example - this book contains a series of networks (one of which is sure to suit your needs) with clear, step-by-step instructions to help you to deploy Samba-3. You will find it easier to deal with performing brain-surgery after you have mastered a tonsilectomy! If you work your way through each of the chapters in Samba-3 by Example you will find that the information in the HOWTO will make much more sense to you. You can obtain the PDF on-line from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf Some time early in September you will be able to purchase the dead-tree (printed) version. Cheers, John T. On Saturday 13 August 2005 20:50, Moondance Foxmarnick wrote: Mr. Terpstra, Okay-- I downloaded your current version from the link you posted - and perhaps I did something incorrectly, because your first reference, Chapter 4, begins on page 55 in my PDF version and the quote is located on 57. So I'm afraid we are still not looking at the same version, however I did find the quote. In the book, of course, the only reference towards RID from the index is located in Chapter 11 - Group Mapping. The quote is helpful to me, I did find it in the book (something I did not read as I didn't need to be sold on the concept and so passed over Feature and Benefits) - but to make sure I get it I would like to re-state it in my network terms. My network being a simplistic one - SAMBA is PDC and XPs are all clients; no sub-nets. So since my Win or AD Domain is actually SAMBA, what you're saying is that when I perform a smbpasswd -a xxusernamexx SAMBA creates an unique SID + RID for the user that is mapped to the *nix backend (whatever I chose for the PAM). And just 3 digits (the RID) indicate (for XP clients) which user belonging to which group for the Domain. What about users that belong to multiple groups? If you follow the guidelines I documented you should not ever need to mess with the RIDs. That's the whole point of following standardized procedures as shown in the documentation. Well, except that it would seem from Chapter 11, Group Mapping - MS Windows and UNIX, that we _do_ have to mess with it; if I want stratified user privileges at any rate. I want all users in my students group on Fedora to have nothing more than Domain Users privileges. When I log on - I want Domain Administrator privileges. How is this not messing with the RIDs? However, now I'm questioning that I need this. These are not XP local privileges. Being Domain Administrator on an XP client will not allow me to install programs like the Administrator group that is local to the XP client, right? Currently it would seem only useful in a mixed environment - or for workers that are only trained in using MS domain management tools. I need to re-read Chapter 11. In section 11.2 (Discussion) it would seem I do in order to use ACLs. But then in section 11.4.1, it would seem not. I'm less confused about RIDs, but still uncertain whether I need groupmap or not. Right now all the output of my groupmap list reads out to -1. Whenever my clients log in, I get the results I want but a warning in the logs that NT doesn't like that! when the GID is resolved. I assumed that groupmapping was at fault. I'm building a new server (oddly, we need more than 40Gb space..) and wanted to correct some implementation mistakes as well as upgrade. Now that I have explained it, is this any clearer? If it is, please help me by rewriting or ammending the documentation to remove the confusion. It is certainly clearer. I think eventually I could contribute, but first I need to study the PDF to see if it has changed significantly from the book - especially Chapter 11 as that seems to be turning my brain inside out at the moment. I feel as if I'm just on the verge of having it gel, but I just keep missing something. I'm the How-to document's worst nightmare - I don't know
RE: [Samba] SIDs and UIDs and RIDs - Oh My!
When you say: Every instance in SMB world has to have its own SID Does that mean that on top of every logon, say- for each folder connection, a SID is generated? And if so, is this a temporary SID like a token for the session, or is it stored internally to SAMBA? T.I.A. -Moondance -Original Message- From: Ilia Chipitsine [mailto:[EMAIL PROTECTED] Sent: Sunday, August 14, 2005 2:56 AM To: Jeremy Allison Cc: Moondance Foxmarnick; SAMBA Subject: Re: [Samba] SIDs and UIDs and RIDs - Oh My! On Sat, Aug 13, 2005 at 05:00:16PM -0700, Moondance Foxmarnick wrote: But what the @[EMAIL PROTECTED] is a Relative IDentifier (RID)?!? On page 153 the command to map a windows group to a *nix group - no mention of RIDs. A SID is a 128 bit identifier of a user/group/computer on a network (a GUUID really). It consists of a 96-bit domain id, with a 32-bit relative id (RID) suffix. Official Samba3 Howto is certanly missing such a clear definition :-) I would expand user/group/computer to user/group/computer/domain/interdomaintrust/etc :-) Every instance in SMB world has to have its own SID So for a given RID, you prepend the 96-bit domain id to get the full SID. SIDs are supposed to be structured, but for real users/groups and computers they are of the form described above. Certain (less than 128 bit) SIDs are well known SIDs. Such as the Administrators group. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SIDs and UIDs and RIDs - Oh My!
I'm trying to grasp pg. 154 of the Official SAMBA-3 book by Terpstra and Vernooij and I'm just missing a critical networking concept. I understand that SIDs are the numerical identification of a user for the Windows world. I understand that UIDs are the equivalent for the *nix world. But what the @[EMAIL PROTECTED] is a Relative IDentifier (RID)?!? On page 153 the command to map a windows group to a *nix group - no mention of RIDs. Then on 154 it is stressed that under no circumstances should your *nix groups or users trod on window's assigned RIDs for Domain Admins, Domian Users, et. all. Another example of groupmap - oh look it lists a RID? No mention as to where a RID comes from or can be viewed. Do they mean that I can't have a user in Fedora that is 500? Isn't that a UID? Is a UID a RID? I've used Fedora for a year now and have never typed a RID modifying command. I'm sure this is just so basic. But I don't know it and can't find it and it's critical to understand it. T.I.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SIDs and UIDs and RIDs - Oh My!
So you're saying that part of a SID is a RID and the RID is fixed item deep within the Windows code? And when a Windows user logs on that is also part of the group Domain Users the 513 RID gets appended to the 128 (-3) bit SID? So if I have a *Nix user with the UID of 513, I'll cause a NT doesn't like that message in my logs - but it will still resolve? Or will it not allow the user to log on? And finally - *Nix does not have RIDs - right? I don't think I've used so many question marks in one post before! All I need to know is that if I just don't use the UIDs of 500 - 553 I'll be okay. But I really would like to understand it. -Moondance -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Saturday, August 13, 2005 4:12 PM To: Moondance Foxmarnick Cc: SAMBA Subject: Re: [Samba] SIDs and UIDs and RIDs - Oh My! On Sat, Aug 13, 2005 at 05:00:16PM -0700, Moondance Foxmarnick wrote: But what the @[EMAIL PROTECTED] is a Relative IDentifier (RID)?!? On page 153 the command to map a windows group to a *nix group - no mention of RIDs. A SID is a 128 bit identifier of a user/group/computer on a network (a GUUID really). It consists of a 96-bit domain id, with a 32-bit relative id (RID) suffix. So for a given RID, you prepend the 96-bit domain id to get the full SID. SIDs are supposed to be structured, but for real users/groups and computers they are of the form described above. Certain (less than 128 bit) SIDs are well known SIDs. Such as the Administrators group. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SIDs and UIDs and RIDs - Oh My!
Mr. Terpstra, At the risk of sounding horridly out of date.. my URL for the book would be.. ah.. Borders Books. sigh I'm afraid I like nothing more than curling up in bed with a book. Yes, even your type of books. The physical book does not hum the way my laptop does and therefore is more conducive to absorption. However, let me digest your answer before I continue to trip on my own two feet! smile Give me 20min. -Moondance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SIDs and UIDs and RIDs - Oh My!
] Sent: Saturday, August 13, 2005 4:48 PM To: samba@lists.samba.org Cc: Moondance Foxmarnick Subject: Re: [Samba] SIDs and UIDs and RIDs - Oh My! OK - I'll bite! Clearly you have read the documentation I have written and find it deficient. That's OK! Now, will you help me to fix the deficiency please? I need your help to make the documentation more useful. Below is my side of this challenge you have issued. Please help me over my myopia. On Saturday 13 August 2005 18:00, Moondance Foxmarnick wrote: I'm trying to grasp pg. 154 of the Official SAMBA-3 book by Terpstra and Vernooij and I'm just missing a critical networking concept. Good. Let's fix this now. I presume that we are talking about the current version of this book. Right? Here's the URL: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf If this is NOT the version you checked, please let me know precisely the URL from which you obtained this and the creation date so I can refer to the same document as you have. I understand that SIDs are the numerical identification of a user for the Windows world. Correct. I checked the index for RID. The first reference is in section 4.1 (page 46 in my build) where it says: quote A domain provides a unique network security identifier (SID). Domain user and group security identifiers are comprised of the network SID plus a relative identifier (RID) that is unique to the account. User and group SIDs (the network SID plus the RID) can be used to create access control lists (ACLs) attached to network resources to provide organizational access control. UNIX systems recognize only local security identifiers. /quote So from this it might be interpreted that each Windows account has a unique RID, just as a UNIX user has a unique UID. Every Windows machine and every Windows security domain has a unique SID. A user SID is made up of the machine or domain SID and is catenated with a RID. If that is not your interpretation please help me to understand the source of confusion in the quoted section. I understand that UIDs are the equivalent for the *nix world. A user account that has been created on a Windows workstation will have a locally assigned RID. If an account is created in a Windows NT4 or Active Directory Domain it will be allocated a unique RID within that security context. But what the @[EMAIL PROTECTED] is a Relative IDentifier (RID)?!? A RID is like a UID or a GID. Where UNIX has separate IDs for users and groups, Windows has just one - the RID. But the workstation referred to above has its SID. Every Windows workstation has a unique SID. Every Windows NT4 or ADS domain has a SID also. A user SID is made up of the SID of the security context within which it is created plus the RID. A SID looks like this: S-1-5-21-11009899-23411980-22115678 If the user RID within the context of that SID has the value 879, then the user SID will be: S-1-5-21-11009899-23411980-22115678-879 On page 153 the command to map a windows group to a *nix group - no mention of RIDs. Sorry. I really goofed on that didn't I! Then on 154 it is stressed that under no circumstances should your *nix groups or users trod on window's assigned RIDs for Domain Admins, Domian Users, et. all. Another example of groupmap - oh look it lists a RID? Please explain. What is your point now? No mention as to where a RID comes from or can be viewed. Really? I believe that is was in fact covered in section 4.1 - but if that is not good enough please give me suggested text and a place you would like to see it located within the document (by section number please - not by page number). Do they mean that I can't have a user in Fedora that is 500? Sheesh! Really not clear is it! UIDs are mapped to RIDs. Since Windows allocates RIDs sequentially for users, groups and for trust accounts we have to provide a way of mapping all UNIX users to a RID that is absolutely unique. So Samba does algorithmic mapping. The RIDs are calculated like this: User_RID = UID * 2 + 1000 Group_RID = GID * 2 + 1001 That means that a UID of 500 will produce a RID of 2000. Isn't that a UID? No! I think I have clarified that. Is a UID a RID? No. A UID is a UNIX identifier. A RID is a Windows identifier. Samba provides means to map them, but you can override the algorithmic mapping using the pdbedit and the net utilities. If you do override the mapping, just make sure you get no overlap between Windows user and group RIDs. I've used Fedora for a year now and have never typed a RID modifying command. That is not a crime. No penalty is due. Most admins never need to mess with RIDs. If you follow the guidelines I documented you should not ever need to mess with the RIDs. That's the whole point of following standardized procedures as shown in the documentation. I'm sure this is just so basic. But I don't know it and can't find it and it's critical
[Samba] configure options for 3.x -still experimental?
Hello. I am trying to set up SAMBA 3.x on FC4. SAMBA will be PDC with no other server. I work at a K-12 school, so unless I want 20 episodes of Family Guy in a student's folder, I need to set quotas. I've been looking around for 2 days and I'm stumped. I found something called smbcquotas, but it seems to apply to a mixed NT server environment. I heard rumors of configure options --with-quotas, but couldn't find any documentation in my Terpstra/Vernooij book. Finally I found a reference to it my Using SAMBA book - it says it is experimental! Is that still true? Does no-one use quotas? Or is it a blindingly simple Linux thing that I don't know about? I found un-answered posts through-out the Internet on disk-quotas. What do other people do? T.I.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Move Samba 3.0 PDC to different machine
-Brad Saint's preserve! I thought I was the only one that couldn't find a what-files-to-pull list! Now there are two of us! I am moving from 2.x to 3.0 PDC (my original PDC is trying to set itself on fire) and cannot find a list of files anywhere! I even have the 'Official Samba-3' book. They cover migration.. without covering what files to pull. Here is a list of the files I _have_ pulled (I am also moving from RedHat 9 to Fedora Core 2) For Fedora: Group,group- and group.lock Passwd, passwd- and passwd.lock Shadow, shadow- and shadow.lock For Samba: Smb.conf Smbpasswd Smbusers Fedora is fine, even though I don't know what the - files or the .lock files are. But so far Samba will not let me log anyone in although testparm came up okay (just needed to remove domain admin group). I'm here today (sun.) to do further troubleshooting. I need to get it going today, because this is a school server and come Monday, they need it. My config is simple - only PDC for network, no password backend, no BDC. Very plain vanilla. I know my problem is the smbpasswd list, I just can't readily figure out why. I think I'm missing some files. There is a secrets.tdb file in the old Samba directory, which _may_ be the missing link, but it all needs to be researched for me. Unfortunately, with the orginal server overheating, there is no time to prep. I was planning on migrating (in a controlled fashion) to Samba 3.0 for the ACL support. Now I find myself having to do it now because 3.0 was rolled with Fedora Core 2. Just to increase the level of fun (no, really, I love a challenge grin) I'm learning Linux, Domain networking and SAMBA concurrently. Thank god for message groups and the internet. -Moondance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Otto Sent: Sunday, October 03, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: [Samba] Move Samba 3.0 PDC to different machine Hi Samba List - I've been surfing the web for a while looking for some help with moving an existing Samba 3.0 PDC to a different machine. I don't want to have to reconfigure each machine on my domain. There has got to be a way to backup the full domain controller, reinstall the samba packages on a new Linux machine, and just restore the users database, etc. I'm sure someone has done this already. Anyone know of a good how-to or any additional information I can access? Help is appreciated. Thanks! - Brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Move Samba 3.0 PDC to different machine
-Brad It would seem that I'm up and running. It was the secrets.tdb file that did the trick. I researched enough to know that tdb is a binary database file associated with passwords. 'Using SAMBA' (O'Reilly) references it on page 156 as storage for SIDs. 'Official Samba-3' references it on page 308 as Trivial Database Files (tdb although, since it stopped me from running, it seems more than Trivial) and how important they are to backup (which, kindly there is a utility), but they still do not define secrets.tdb. Perhaps this file is becoming obsolete. I kind-of look upon Samba 3.x as a call to grow up and use a real back-end for passwords. smile Ah! The growing pains! I don't know if this will help you. Most SysAdmins have much more extensive back-end configurations. We're just using the default 2.x method: smbpasswd. I have the feeling that there are files just littered all over my old installation in SAM locations and VAR locations that I should have moved, but we'll see how it goes tomorrow under load. Going with Crossed Fingers because it beats a fire.. lol -Moondance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Moondance Foxmarnick Sent: Sunday, October 03, 2004 5:11 PM To: SAMBA Subject: RE: [Samba] Move Samba 3.0 PDC to different machine -Brad Saint's preserve! I thought I was the only one that couldn't find a what-files-to-pull list! Now there are two of us! I am moving from 2.x to 3.0 PDC (my original PDC is trying to set itself on fire) and cannot find a list of files anywhere! I even have the 'Official Samba-3' book. They cover migration.. without covering what files to pull. Here is a list of the files I _have_ pulled (I am also moving from RedHat 9 to Fedora Core 2) For Fedora: Group,group- and group.lock Passwd, passwd- and passwd.lock Shadow, shadow- and shadow.lock For Samba: Smb.conf Smbpasswd Smbusers Fedora is fine, even though I don't know what the - files or the .lock files are. But so far Samba will not let me log anyone in although testparm came up okay (just needed to remove domain admin group). I'm here today (sun.) to do further troubleshooting. I need to get it going today, because this is a school server and come Monday, they need it. My config is simple - only PDC for network, no password backend, no BDC. Very plain vanilla. I know my problem is the smbpasswd list, I just can't readily figure out why. I think I'm missing some files. There is a secrets.tdb file in the old Samba directory, which _may_ be the missing link, but it all needs to be researched for me. Unfortunately, with the orginal server overheating, there is no time to prep. I was planning on migrating (in a controlled fashion) to Samba 3.0 for the ACL support. Now I find myself having to do it now because 3.0 was rolled with Fedora Core 2. Just to increase the level of fun (no, really, I love a challenge grin) I'm learning Linux, Domain networking and SAMBA concurrently. Thank god for message groups and the internet. -Moondance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Otto Sent: Sunday, October 03, 2004 11:34 AM To: [EMAIL PROTECTED] Subject: [Samba] Move Samba 3.0 PDC to different machine Hi Samba List - I've been surfing the web for a while looking for some help with moving an existing Samba 3.0 PDC to a different machine. I don't want to have to reconfigure each machine on my domain. There has got to be a way to backup the full domain controller, reinstall the samba packages on a new Linux machine, and just restore the users database, etc. I'm sure someone has done this already. Anyone know of a good how-to or any additional information I can access? Help is appreciated. Thanks! - Brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Persistant Z drive in XP - resolved
I have my cake and I'm eating it too! I commented out the logon home = line completely and put in include = /etc/samba/smb.conf.%a. For the Win95 platform I have logon home = \\%L\%u\.win_profile\%m and for the Win2K (includes XP) I have logon home = \\%L\%u Yippee! As for the Z: drive... I just didn't realize that logon drive = was a necessity for XP. Chapter 6 of Using Samba was very helpful. -Moondance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of flinchlock Sent: Thursday, February 26, 2004 4:37 AM To: samba list Subject: Re: [Samba] Persistant Z drive in XP Then my Win98 users won't have roaming profiles, correct? My O'Reilly book defines logon home as setting the directory for all Windows Platforms, and to achieve roaming for 95/98/Me add the /.win_profile. Let me guess. I can't have my cake and eat it too..? There must be some crafty way around this. Can the smb.conf file determine platform and then branch? YUP... http://us2.samba.org/samba/docs/using_samba/ch04.html This is a link to... Using Samba, 2nd Edition By Jay Ts, Robert Eckstein, and David Collier-Brown 2nd Edition, February 2003 O'Reilly Associates, ISBN: 0-596-00256-4 Search for Configuring Samba for Roaming Profiles. This topic talks about how to setup PLATFORM directories, and then have a soft link from machine name to the PLATFORM directory. It handles W95-XP! GREAT reading! :-)) HTH Mike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Persistant Z drive in XP - resolved
Because my book defines logon drive as Sets the drive to be used as a home directory for domain logons by Windows NT/2000/XP clients. With a default of, you guessed it, Z: ! That was why I was winding up with two home directories one on S: (from my bat file) and one on Z: from the default value logon drive. I will take the exit statement to heart and add one in on my file. I do not have one currently. My problem wasn't so much the persistence of Z: as I didn't want it in the first place! grin Anyway, all's well that ends well. Now I'm off to slay my next Dragon! bgrin -Moondance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of flinchlock Sent: Thursday, February 26, 2004 4:00 PM To: samba list Subject: RE: [Samba] Persistant Z drive in XP - resolved Quoting Moondance Foxmarnick As for the Z: drive... I just didn't realize that logon drive = was a necessity for XP. Can you explain why you thing that is true? I HAD a problem where Z: was also persistent. I fixed the problem by making sure logon.bat ended with an exit statement. After 10-60 seconds (really not sure how long), drive Z: would disconnet/disappear. Here is my logon.bat... -- net use /persistent:no net use P: \\mutt\public if not %OS%==Windows_NT goto byebye ifmember NO-CATS\Domain Admins if not errorlevel 1 goto byebye regedit /s \\mutt\netlogon\WinXP_SignOrSeal.reg :byebye exit -- HTH, Mike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Persistant Z drive in XP
Hello. New to SAMBA.(2.2.8 on RH9) Mixed environment of 98 (trying) XP. My net use s: /home command works wonderfully for XP and 98. But XP throws in an extra more home-than-home directory - namely \username\.win_profile on the Z drive. I've tried disconnecting it with: net use Z: /delete, but XP claims to have a process running on it (even after 10 min). This is going to confuse the @$%@ out of my users. What is going on? And more importantly: how do I get it to stop? My SMB.conf file is a-la Using SAMBA from O'reilly press and therefore says: logon path = \\%L\profiles\%u\%m logon script = logon.bat logon home = \\%L\%u\.win_profile\%m with - [netlogon] path = /usr/local/samba/lib/netlogon create mask = 0600 directory mask = 0700 browseable = No [profiles] path = /ovs/home/samba-ntprof browsable = no writable = yes create mask = 0600 directory mask = 0700 [homes] read only = No browseable = No Hopefully, somebody will reply, if only to commiserate. smile -Moondance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Persistant Z drive in XP
logon home = i.e.: Leave the value blank. Then my Win98 users won't have roaming profiles, correct? My O'Reilly book defines logon home as setting the directory for all Windows Platforms, and to achieve roaming for 95/98/Me add the /.win_profile. Let me guess. I can't have my cake and eat it too..? There must be some crafty way around this. Can the smb.conf file determine platform and then branch? Thank you, -Moondance -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H Terpstra Sent: Wednesday, February 25, 2004 8:26 PM To: Moondance Foxmarnick Cc: SAMBA Subject: Re: [Samba] Persistant Z drive in XP On Wed, 25 Feb 2004, Moondance Foxmarnick wrote: Hello. New to SAMBA.(2.2.8 on RH9) Mixed environment of 98 (trying) XP. My net use s: /home command works wonderfully for XP and 98. But XP throws in an extra more home-than-home directory - namely \username\.win_profile on the Z drive. I've tried disconnecting it with: net use Z: /delete, but XP claims to have a process running on it (even after 10 min). This is going to confuse the @$%@ out of my users. What is going on? And more importantly: how do I get it to stop? My SMB.conf file is a-la Using SAMBA from O'reilly press and therefore says: logon path = \\%L\profiles\%u\%m file:///\\%25L\profiles\%25u\%25m logon script = logon.bat logon home = \\%L\%u\. file:///\\%25L\%25u\.win_profile\%25m win_profile\%m logon home = i.e.: Leave the value blank. - John T. with - [netlogon] path = /usr/local/samba/lib/netlogon create mask = 0600 directory mask = 0700 browseable = No [profiles] path = /ovs/home/samba-ntprof browsable = no writable = yes create mask = 0600 directory mask = 0700 [homes] read only = No browseable = No Hopefully, somebody will reply, if only to commiserate. smile -Moondance -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Understanding the guest account
Hello. I am new to both Linux Samba. I am still running Samba 2.2.8a. I have just received new PCs and they are XP based. The rest of my network is Win98 boxes. I have studied Using Samba by O'Reilly press and cannot quite seem to grasp the following: When the guest account is mapped to the default: nobody and my Win98 boxes log in, very frequently (but not always) their home directory will map to / on the Samba box and in My Computer it will show as: nobody on S for the drive description. This is easily stopped - change the guest account to what and add nobody to invalid users. There is no what account. Now I have XP. With no valid guest account, I cannot log onto the Samba PDC. I vaguely understand that 98 and XP use different methods of joining a Domain. (98 really doesn't) But I can't seem to translate this to how to have my cake and eat it too. Or in other words: guest account for XP and proper home drive mapping for 98. Can someone point me in the right direction? T.I.A. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] re-send on nobody
- I had a mix up with my list settings and so missed the posting _and_ any answers! Sorry for the redundancy. I have an annoying problem with my new (and first) SAMBA PDC deployment. Valid users are being connected to the root directory / of my server as nobody. The only way you can discover the user is to troll the log file. Here is my config file as pertains to users: [global] - encrypt passwords=yes ; wins support=yes ; security=user ; domain logons=yes ; oplocks=no ; level2oplocks=no ; logon path=\\%L\profiles\%u\%m ; logon script=logon.bat ; logon drive=S: ; logon home=\\%L\%u\.win_profile\%m ; invalid users = nobody root bin daemon adm sync shutdown ; add user script=/usr/sbin/useradd -d /dev/nu.. -g 100 -s /bin/false -M %u ; log file = /etc/samba/smblog-%m.txt ; log level=2 [netlogon] - path=/usr/local/samba/lib/netlogon ; writable=no ; browsable=no [profiles] - path=/ovs/samba-ntprof ; writable=yes ; browsable=no ; create mask = 0600 ; directory mask = 0700 [homes] - read only=no ; browsable=no ; guest ok=no ; map archive = yes Here is my logon.bat: net use s: /home ; net time \\cap file:///\\cap /set /yes Here is a slice of the log when the user gets mapped to nobody: [2003/10/14 14:22:34, 2] smbd/reply.c:reply_sesssetup_and_X(1007) Defaulting to Lanman password for lgroos [2003/10/14 14:22:34, 1] smbd/service.c:make_connection(636) a18 (192.168.1.48) connect to service netlogon as user lgroos (uid=517, gid=700) (pid 3331) -- then there is the common exchange between the logon.bat file - 5 groups of open_file(246) and close_normal_file(229) groupings every thing is fine at this point and then, for no reason I understand (being a SAMBA newbie) I get this: -- [2003/10/14 14:22:35, 1] smbd/service.c:make_connection(636) a18 (192.168.1.48) connect to service nobody as user lgroos (uid=517, gid=700) (pid 3331) and the logon.bat file gets opened and closed. I've dug around and can not find out what is going on. I have just added nobody to my invalid users list as a final attempt to stop this behavior. To my knowledge the clients are not logging out to cause this to happen. These are all Win98 clients. I have yet to implement policies, but the computers had policies at one point. They do not now. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] nobody logon but guest ok = no
I have an annoying problem with my new (and first) SAMBA PDC deployment. Valid users are being connected to the root directory / of my server as nobody. The only way you can discover the user is to troll the log file. Here is my config file as pertains to users: [global] - encrypt passwords=yes ; wins support=yes ; security=user ; domain logons=yes ; oplocks=no ; level2oplocks=no ; logon path=\\%L\profiles\%u\%m ; logon script=logon.bat ; logon drive=S: ; logon home=\\%L\%u\.win_profile\%m ; invalid users = nobody root bin daemon adm sync shutdown ; add user script=/usr/sbin/useradd -d /dev/nu.. -g 100 -s /bin/false -M %u ; log file = /etc/samba/smblog-%m.txt ; log level=2 [netlogon] - path=/usr/local/samba/lib/netlogon ; writable=no ; browsable=no [profiles] - path=/ovs/samba-ntprof ; writable=yes ; browsable=no ; create mask = 0600 ; directory mask = 0700 [homes] - read only=no ; browsable=no ; guest ok=no ; map archive = yes Here is my logon.bat: net use s: /home ; net time \\cap file:///\\cap /set /yes Here is a slice of the log when the user gets mapped to nobody: [2003/10/14 14:22:34, 2] smbd/reply.c:reply_sesssetup_and_X(1007) Defaulting to Lanman password for lgroos [2003/10/14 14:22:34, 1] smbd/service.c:make_connection(636) a18 (192.168.1.48) connect to service netlogon as user lgroos (uid=517, gid=700) (pid 3331) -- then there is the common exchange between the logon.bat file - 5 groups of open_file(246) and close_normal_file(229) groupings every thing is fine at this point and then, for no reason I understand (being a SAMBA newbie) I get this: -- [2003/10/14 14:22:35, 1] smbd/service.c:make_connection(636) a18 (192.168.1.48) connect to service nobody as user lgroos (uid=517, gid=700) (pid 3331) and the logon.bat file gets opened and closed. I've dug around and can not find out what is going on. I have just added nobody to my invalid users list as a final attempt to stop this behavior. To my knowledge the clients are not logging out to cause this to happen. These are all Win98 clients. I have yet to implement policies, but the computers had policies at one point. They do not now. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Pro connecting to PDC
Did you do the registry hack? They say to do it if you do not get the Welcome to the domain box, but I got that box and then couldn't log in with a user. I applied the hack and re-booted. Logged in without a problem. HKEY_LOCAL_MACHINE - SYSTEM - CurrentControlSet - Services - Netlogon - Parameters - requiresignorseal /change from 1 to 0 At 01:30 PM 9/22/03 -0700, you wrote: I have followed the FAQs and HOW-TOs, including the Sign and Seal registry patch, but I am unable to make this work. RedHat 9.0 Samba 3.0.0rc4 XP Pro SP1 When I setup the PC and join the domain, it gives me the 'Welcome to the Domain' message, but I really don't think that this has worked because of errors in the log file, (yes I can provide, and yes I am using the smb user root). Then when I reboot and attempt to login with a domain user, I get refused with the 'Windows cannot connect to the domain,.' error. In the log file for the machine_name, the last error is 'Can't become connected user'. Higher up (when logging verbosity is cranked up) in the log file, it 'appears' that the computer is attempting to connect to the domain, but it somehow ends up using the 'Guest' account?! I don't know if this is normal. Anyways, sharing appears to be working, because if I log into a local machine account, I cat 'NET USE' a share fine. Anyways, any help or gentle 'nudges' in the correct direction would be appreciated. I can provide smb.conf and log files to whomever wishes them. TIA === Gordon Biner Network Manager West Fraser Mills Ltd. (250) 992-0865 [EMAIL PROTECTED] === 'There are 10 types of people in this world; those who understand binary, and those who don't.' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba