[Samba] logon scripts with kixtart

[Shawn Henderson]

Any body using kixtart with your samba server..?
or anyone have any great scripting tools for logon scripts...
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Your computer account was not found or the password was incorrect

[Shawn Henderson]

Just out of curiosity.. I had a similar problem but only with W2K for
some reason I did not have to create a root smb account but for W2K I
did. Until I figured that out (from this list, thanks all) I got that
same error.
Are you using a root smb account to join the workstations to the network?
Steve Ramage wrote:
Hey guys,
I'm trying to migrate my NT4 Domain and am having some problems. 
Ignoring my other post related to this, I can't get any of my machines 
to be able to login. Alls I ever get is

"Your computer account was not found or the password is incorrect"
I even tried rejoining the domain which works. I leave the domain and 
then rejoin it, it takes a LONG time (might just be cause I'm testing 
this on my old laptop), and it says I've joined, and I reboot and I 
get that error.

These are Windows 2000, Windows XP, and Windows 2003 Clients (No 
Active Directory At all).

The log.smbd doesn't really show anything, except what I assume is my 
machine trying to authenticate, and for whatever reason the username 
is blanked out for trust account.

I think these are the appropriate entries
[2004/12/04 02:12:31, 1] auth/auth_util.c:make_server_info_sam(822)
 User Guest in passdb, but getpwnam() fails!
[2004/12/04 02:12:31, 2] smbd/server.c:exit_server(571)
 Closing connections
[2004/12/04 02:12:31, 1] auth/auth_util.c:make_server_info_sam(822)
 User Guest in passdb, but getpwnam() fails!
[2004/12/04 02:12:31, 2] auth/auth.c:check_ntlm_password(312)
 check_ntlm_password:  Authentication for user [] -> [] FAILED with 
error NT_STATUS_NO_SUCH_USER
[2004/12/04 02:12:31, 1] auth/auth_util.c:make_server_info_sam(822)
 User Guest in passdb, but getpwnam() fails!
[2004/12/04 02:12:42, 2] smbd/server.c:exit_server(571)
 Closing connections

The following is my smb.conf file
-
##
# Samba Configuration File -- Version 0.90b  #
# by Steve R #
# Date: 03-Dec-04#
# System: Fermat #
# Samba Version: 3.0.1   #
##
##
##

# General Options


# Network Options

socket options = TCP_NODELAY IPTOS_LOWDELAY
bind interfaces only = yes
interfaces = eth1, lo
wins support = yes
unix extensions = no
os level = 33
local master = yes
preferred master = yes
domain master = yes
announce as = WinNT
announce version = 4.1
domain logons = yes
#password server = *

# Domain Options

workgroup = SJrX.NET

# System Options

netbios name = fermat
server string = Debian 3.0r1, Running Samba: %v
time server = yes
log level = 2

# Security Options

passdb backend = tdbsam
sjrx:mysql user = samba
sjrx:mysql password = password
sjrx:mysql database = samba
sjrx:domain column='SJrX.NET':
sjrx:fullname column = CONCAT(firstname,' ',surname):
sjrx:lanman pass column = lm_pass:
sjrx:nt pass column = nt_pass:
sjrx:unknown 3 column = NULL
#hide local users = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .

add user script = /usr/sbin/adduser %u
add user to group script = /usr/sbin/adduser %u %g
#del user script = /usr/sbin/deluser %u

#asswd program = /bin/echo hello %u
#asswd chat = *hello* %n
guest ok = no
read only = yes
encrypt passwords = yes
security = user
map to guest = Bad Password
invalid users = russ

# Shares Options

follow symlinks = yes
hide dot files = yes
delete veto files = yes
follow symlinks = yes
wide links = yes
#map archive = yes
#map system = yes
#map hidden = yes
delete readonly = yes
browsable = no
# veto files = /*:DATA*/


# Shares

[home]
comment = %u's home directory
path = /home/%U/
writeable = yes
browsable = yes
[data]
path = /data/
force directory mode = 775
force create mode = 774
directory mode = 510
create mode = 400
comment = Public Folder:
public = yes
browsable = yes
write list = sjr
force group = pub
writeable = no
[dump]
path = /data/dump
public = yes
force user = root
writeable = yes
guest ok = yes
[tm2]
path = /data/tm2/
public = yes
browsable = yes
writeable = no
comment = "MP3's"
[www]
writeable = yes
path = /var/www/
create mode = 510
directory mode = 400
force directory mode = 775
force create mode = 774
force user = www-data
force group = pub
valid users = sjr
write list = sjr
map archive = no
map system = no
map hidden = no
[ftp]
writeable = yes
path = /home/ftp/
create mode = 510
directory mode = 400
force directory mode = 775
force create mode = 774
force user = www-data
force group = ftp
valid users = sjr
write list = sjr
map archive = no
map system = no
map hidden = no
[admin]
writeable = yes
path = /home/admintools/
create mode = 600
directory mode = 700
guest ok = no

Re: [Samba] Re: netlogin scripts

[Shawn Henderson]

If you have allot of users with lots of different positions you could 
also use
logon script = %g.bat

this gives you the ability to group you users for different mappings and 
or different os's
just one more fun way

Ed Kasky wrote:
At 01:28 PM Wednesday, 12/1/2004, Michael Lueck wrote -=>
I would suggest something like this for your smb.conf...
path = /shares/netlogon/%a
The %a makes the netlogon share OS specific so you don't have to 
sense the OS in a global LOGON.BAT, you get one per OS.

We employ:
 logon script = %u.bat
for individual users.  We all have the same OS here but different 
mappings per user.

Just another approach.
Ed
. . . . . . . .
I believe I have no prejudices whatsoever. All I need
to know is that a man is a member of the human race.
That's bad enough for me. -Mark Twain

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question about samba 3.0.9

[Shawn Henderson]

I do this pretty regularly ... I just copy the desktop, mydocuments, 
cookies, favorites. The only thing I tend to loose is the desktop 
shortcut for the quick launch tool bar I can never get it back 
either .. been looking for it for years now...

Richmond Dyes wrote:
I have been setting up my domain server using FC2 and samba 3.0.9. 
First thing, for your information: In the notations in several 
sources, it tells you to user "logon path = \\%L\profiles\%u"  this is 
wrong.  It should be, "logon path = \\%L\profiles\%U".  Now that I 
spent 5 million hours banging my head on a wall with that, how do I 
get he exist desktops on my 2000/XP machines to move to my roaming 
profiles.  When I move a user now, it makes a new desktop.  I want to 
use the user's local desktop, just transfer it to the server.  any ideas?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] using samba through a VPN

[Shawn Henderson]

I am running a similiar setup. I have a main office running a T1 with a 
linux firewall and a samba pdc/dhcp server behind it. On my satelite 
office Im running a dsl connection with a dlink router with a samba 
pdc/firewall/dhcp server behind it. (I never trust those little dsl 
routers). I am using openvpn for this. I set the main pdc accross the T1 
as a wins server and point the satelite office to it.. I am able to 
browse both networks and share files with no problem.  The usernames and 
passwords are the same with both servers and I can use cygwin and ultra 
vnc to remotely manage by computer name .

I would worry about speed if you gonna authenticate across the vpn. 
Especially if you plan on using roaming profiles..

Andrew Gaffney wrote:
I already have an existing network that is managed by a samba PDC. In 
the next few days, I will be linking another small LAN to the existing 
one over the internet using openvpn. I've been told that samba 
(through no fault of its own) doesn't work very well through a VPN.

For the new network, there will be a box with 2 NICs: one for the 
internet and one for the LAN. This box will use openvpn and iptables 
to allow the entire LAN direct access to the PDC (which provides other 
services also) through the VPN tunnel.

I want the workstations in the new network to be able to logon to the 
domain and access the file shares hosted by the samba PDC in the first 
network. Will I be able to do this? Easily? :)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] w2k client addition problems

[Shawn Henderson]

I have a samba 3 domain with 5 xp cients. Unfortuantley I have to add 2 
w2k  clients. I am doing the same thing to add them as I did with the xp 
clients but I am constantly getting  rejected. Sometimes it says Domain 
can not be found and other times it says it doesnt like the password. I 
looked in the logs and only find this
[2004/08/06 17:13:19, 1] smbd/service.c:make_connection(785)
 make_connection: refusing to connect with no session setup
After googleing it I saw something about acl support for w2k sp2 and to 
put the folling line in the smb.conf under the profile share
nt acl support = no

I still cannot connect any help would be appreciated. below is the config.
[global]
workgroup = ALIQUIPPA
domain logons = yes
logon path = \\%L\profiles\%U .pds
logon home = \\%L\%U
logon drive = m:
printcap name = /etc/printcap
load printers = yes
log file = /var/log/samba/%m.log
max log size = 50
security = user
password server = *
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* 
%n\n *passwd:*all*authentication*tokens*updated*successfully*
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = eth1 tun0
remote announce = 192.168.2.255 192.168.1.255
os level = 100
domain master = yes
preferred master = yes
name resolve order = wins lmhosts bcast
wins support = no
wins server = 192.168.1.1
dns proxy = no

[homes]
  comment = Home Directories
  browseable = no
  writable = yes
[public]
   comment = Public Directory
   path = /export/public
   create mode = 0777
   directory mode = 0777
   public = yes
   readonly = no
   writable = yes
   printable = no
[Domain Admins]
valid users = root,wsl,administrator,dbologna
path = /export/admins
[profiles]
comment = User Profiles
path = /export/profiles
create mode = 0600
directory mode = 0700
nt acl support = no
writeable = yes
browseable = yes
force user = %U
valid users = %U
[netlogon]
comment = The domain logon service
path = /export/netlogon
writeable = no
locking = no
[claims]
  comment = Methadone Claims files
  path = /export/claims
  valid users = 
root,wsl,administrator,sshelkons,dbologna,mmclaughlin,towersys




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba over a vpn

[Shawn Henderson]

I do the same. I had a few problems at first but I made the main site my 
 wins server and pointed all the remote site servers and workstations 
to it. Works Great.. Although to speed up the process I made each 
location its own domain with trust relationships.

Greg Andrews wrote:
Howdy All,
Sorry about the last posting. My machine sent the mail in mid keystroke
for some reason.
This may not be the correct list for this sort of question, so please
excuse me if it is not quite right.
I have three sites ( going to become four shortly ) which are connect via
dlink equipment to create a vpn
main site  192.168.0.1/255.255.255.0 with the gateway at .0.6 and the
samba server at .0.5
site1  192.168.1.0/255.255.255.0 with gateway 1.6
site3  192.168.2.0/255.255.255.0 with gateway 2.6
Now the question is can I get windows 9x and xp boxes on the 1.x and 2.x
network to login to the samba box at 0.5. If so how ??
The three sites "see" each other quite nicely ( can ping any machine on
the 0.0 network from either of the other networks ) with 30-40ms access
time.
Will samba work in this scenario ??
Any and all help appreciated
Greg Andrews


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] changing usernames

[Shawn Henderson]

How do I change a username in Linux/Samba
I have a female user who just got married and now is throwing a fit 
because her maiden name is still in her login.

Thanks in advance
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How can Windows 2000 mount a share as a service?

[Shawn Henderson]

you might be able to use cygwin. It will allow to start a linux like 
service when windoze boots. Maybe you could use smbmount on in the 
startup.I use it to start an ssh server and get into all my windoze clients.
http://www.cygwin.com/

Malcolm Baldridge wrote:
I've asked every M$ expert I know, trolled through M$ TechNet, experimented
with SRVANY/INSTSRV login scripts which hard-code username/passwords to
login to a Samba 2.2.8a SMB server.  I've experiment with and without the
"Allow service to interact with Desktop" switch turned on.
I am stuck. :(   I can find no way to mount a share as a service, so that
IIS can serve web-pages from a shared content directed located on a network
drive.
When I run my login script when I'm logged in as the Administrator or
another user, the script works fine.  The share's mounted and available as
the specified drive letter specified in the script.
I'm using just the standard "net use" as follows:
net use z: \\192.168.0.1\Web mypassword /user:webuser
I've fiddled with adding a domain name to the user, to no avail. I've
experimented with using the samba server's "Netbios" name as well as DNS
name, to no avail.
The script only seems to work when SOMEONE is logged into the machine.  When
it's run as a service, no dice.  It just fails with a single digit error
code (5, I think).  The error is opaque and non-descriptive.  It's as if SMB
mounting was specifically prohibited by the OS at some internal bowel juncture.
This is insane.  Surely, people running web-server clusters behind load
balancers don't manually synchronise their content!  My web application
accepts user-uploaded files, so I can't use the "manual resync" method
anyway.  The upload area needs to be shared by all web-server members.
There must be a solution for this very common requirement.  I don't want or
need a "SAN" block-device-level solution, I want a file-level solution.
If anyone can share some ideas or experise, I would be very grateful.  This
must be a solved problem somewhere.
=MB=
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Starting an XP service using samba?

[Shawn Henderson]

I dont know if this a good way or not but I use cygwin and can ssh into 
the winboxes

Todd Snyder wrote:
Hey all..
 
first off, I'm sorry if this is posted somewhere or in the docs ... I've
spent numerous hours searching and not had any luck, so here goes ..
 
We remotely admin a few thousand xp machines ... currently we have to
have a person at a machine enable the telnet service for us (through a
handy front end) so we can connect and check things out.  After some
poking around the samba docs, I'm led to believe that there should be a
way to remotely start a service from the command line.
 
Can anyone tell me if I'm correct, and if so, how?  I've tried doing
smbclient //x.y.z.a/TlntSvr -U username but that doesn't work and thats
the closest I've gotten.  I saw a post from 2000 on another list that
mentioned using rpcclient I think, but nothing further.
 
Any suggestions would be greatly appreciated as it would cut out a lot
of fumbling around/waiting on hold when trying to fix problems.
 
Cheers!
 
t.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] IE -> FF

[Shawn Henderson]

I was also thinking of doing it this way . I have a proxy server in the 
network , I can redirect all users to a site and run a script to do it. 
But that would take the knowledge to create the virus like script and I 
would have to get around the priveledges I have set for my users.
Creating script = learnable
Changing Privs = pain in the rear

Andrew Bartlett wrote:
On Wed, 2004-07-07 at 22:34, Shawn Henderson wrote:
I have a samba server acting as a domain controller. Is there a way that 
I can Have a script that delete the shortcuts on the desktop,quicklaunch 
and startmenu for Internet Exploder. At the same time installing Mozilla 
Fire Fox. Maybe like a little vbscript or something that gets ran from 
the server when they login.

If they are a roaming profiles, then much of these are files in the
Profile.  Installing Firefox could be as simple as adding a link on the
desktop.  

It's probably not a complete solution, but it's a start.
I'll be interested to hear your results, as I push Firefox out to my
network.
Andrew Bartlett
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] IE -> FF

[Shawn Henderson]

I thought of that but there is nothing forcing it to happen. My users 
are very .. uhm lets say computer challenged and I have it set so they 
cannot install anything by them self do to the fact that they will just 
hit ok to anything and I would get killed with spy ware and 
viruses.(lesson learned) It would have to be run as Admin to install. I 
was thinking about just keeping the icons and changing the exe to 
firefox and then I could really sneak it in on em..

Andrew Bartlett wrote:
On Wed, 2004-07-07 at 22:34, Shawn Henderson wrote:
I have a samba server acting as a domain controller. Is there a way that 
I can Have a script that delete the shortcuts on the desktop,quicklaunch 
and startmenu for Internet Exploder. At the same time installing Mozilla 
Fire Fox. Maybe like a little vbscript or something that gets ran from 
the server when they login.

If they are a roaming profiles, then much of these are files in the
Profile.  Installing Firefox could be as simple as adding a link on the
desktop.  

It's probably not a complete solution, but it's a start.
I'll be interested to hear your results, as I push Firefox out to my
network.
Andrew Bartlett
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] IE -> FF

[Shawn Henderson]

I have a samba server acting as a domain controller. Is there a way that 
I can Have a script that delete the shortcuts on the desktop,quicklaunch 
and startmenu for Internet Exploder. At the same time installing Mozilla 
Fire Fox. Maybe like a little vbscript or something that gets ran from 
the server when they login.

Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] logon problems

[Shawn Henderson]

I thought that maybe it was a network problem.  So I put 1 WS and the
> Samba server on a hub by themselves and it is still slow to logon
The problem may be your on a hub. As all the network traffic is 
broadcasted. Try pulling a small switch from somewhere and see the 
difference in speed. Also what is your wins configuration?

Just a thought
Scott Mayo wrote:
I am really not sure if this is a samba problem or what, but is starting 
to annoy me.  Here is what is happening.

Server 1:  Squid,squidguard,dansguardian,iptables (This is firewall/filter)
Server2:  Samba (used for file storage and squid authentification)
Clients are Windows 98.  A few XP's.
Everything has run fine for almost 2 years.  The other day when trying 
to log on to the internet, it would wait about 20 seconds and return me 
to my logon prompt.  This was for almost every user.  I have one generic 
user that got on all the time.  Another user started getting on after 
about 5 tries and was then able to authenticate each time.  The rest 
still did not authenticate.

When I do:
smb_auth -W DOMAIN -p sambasip -d
it makes it to the last and gives an ERR when giving the contents of 
//server/netlogon/proxyauth.  All the rights are correct and it contains 
the word allow, nothing has changed this for 2 years so it should be 
correct.

When I do:
echo "more proxyauth" | smbclient //server/netlogon -U user
It gives me the contents of proxyauth fine.
I have also noticed that logons start to slow down during the day. First 
thing in the morning they are fast, but then a little later it will take 
about 25 seconds before running my logon scripts. School is out, so 
there are only about 5 people actually here, so it is not bogging down 
the network.  I ran a sniffer and all the traffic looks alright.  My 
authentification will work for a while and then later in the day, it 
will stop again.  I take authentification out of squid and then 
everything gets on the net fine.

I thought that maybe it was a network problem.  So I put 1 WS and the 
Samba server on a hub by themselves and it is still slow to logon.  I 
thought that maybe it was the NIC, but I realized that SSHing into my 
firewall has slowed down also.  So this makes me wonder exactly what is 
going on.  If anyone has any ideas of what to look at, I would greatly 
appreciate any advice.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with smbpasswd

[Shawn Henderson]

I just had this problem try smbpasswd -a it sounds kinda goofy but it 
worked for me. But Im not using ldap. It would make sense that samba 
wouldnt find it if your using ldap by using smbpasswd wouldnt you need 
to use smbldap command for changing passwd.
Just a thought

Yunus wrote:
hi list
  i have got a redhat 9 system with samba-3.0.2a installed running as a PDC.
  I am using the smbldap-tools-8.5 from idealx.org.
  now the problem is that  when i try to change change a user password using
  smbpasswd i get this:

[EMAIL PROTECTED] smb-pdc]#>/usr/local/samba/bin/smbpasswd testuser
  New SMB password:
  Retype new SMB password:
  Failed to find entry for user testuser.
  Failed to modify password entry for user testuser
-
  I have another samba server running as PDC on another machine with the same
  configuration without trouble. I don't know whats wrong with this one.
  below is my smb.conf file

[global]
  workgroup = SMB-NT
  netbios name = PDC-SMB-MAGNET
  server string = SAMBA-LDAP PDC Server
  encrypt passwords = Yes
  passwd program = /usr/local/sbin/smbldap-passwd -o %u
  passwd chat = *new*password* %n\n *new*password* %n\n *successfully*
  ldap passwd sync = Yes
  #unix password sync = Yes
  username map = /usr/local/samba/smbusers
  min passwd length = 3
  obey pam restrictions = No
  log file = /var/log/samba/%m.log
  log level = 0 
  max log size = 1
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  mangling method = hash2
  Dos charset = 850
  Unix charset = ISO8859-1
  domain logons = Yes
  os level = 80
  preferred master = Yes
  domain master = True
  dns proxy = No
  wins support = Yes
  ; SAMBA-LDAP declarations
  ldap suffix = dc=magnet,dc=pdc
  ldap user suffix = ou=Users
  ldap group suffix = ou=Groups
  ldap machine suffix = ou=Computers
  ldap admin dn = cn=manager,dc=magnet,dc=pdc
  ldap idmap suffix = ou=Users
  ldap port = 389
  ldap server = 127.0.0.1
  ldap ssl = No
  ;printing = lprng
  ; Deactivate opportunistic locks (wised)
  ; opLocks = False
  ; encoding to french
  ;character set = iso8859-1
  ; using smbldap-tools to add machines
  add user script = /usr/local/sbin/smbldap-useradd -m %u
  #delete user script = /usr/local/sbin/smbldap-userdel "%u"
  add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
  add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
  #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
  add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
  delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
  set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
  ; users and groups allowed to be 'Domain Admins'
  ;admin users = " @"Domain Admins" "
   admin users = root
[homes]
  comment = Home Directories
  valid users = %S
  read only = No
  create mask = 0664
  directory mask = 0775
  browseable = No
[netlogon]
  comment = Network Logon Service
  path = /opt/samba/netlogon
  guest ok = Yes
[profiles]
  path = /opt/samba/profiles
  writeable = yes
  browseable = no
  create mode = 0644
  directory mode = 0755
  guest ok = yes
[printers]
  comment = All Printers
  path = /var/spool/samba
  printable = Yes
  browseable = No
[tmp]
  comment = Temporary file space
  path = /tmp
  read only = No
  guest ok = Yes

#[public]
#comment = public
#path = /home/
#guest ok = Yes
#read only = No
#directory mask = 0775
#create mask = 0664
---
 now i need some help from this list.
  Thanks in advance.
  yunus
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba+obsd+subnets

[Shawn Henderson]

I would take a look at the routing in the Clavister FW. Im not sure on 
this but see what kind of traffic is on port 445 maybe its blocked and u 
 need it.

Leo R. Lundgren wrote:
Hello,
I'm having problems getting my samba setup to work at a little LAN i
partially maintain. I've been reading quite a lot about what I could think
of being related to my problems/setup, and I've also googled my ass off :(
So here I am, resorting to you guys in hope of help =] Sorry to say, but I
don't have much experience, and therefore I'm a bit lost at the moment. Not
sure what exactly to do to straighten this out.
So, my setup is as follows:
GAMMA   192.168.1.2
  |
  | 192.168.1.1
[Clavister FW]
  | 192.168.0.1
  |
ALFA192.168.0.3
Client1-N   DHCP
I've left out a number of irrelevant boxes. Everything of this is connected
through a switch, but is divided in two nets for minor reasons such as
logging etc. I'll call 192.168.0.0 net 0 and the other one net 1.
GAMMA runs OpenBSD 3.5 and Samba 2.2.9. Dmesg attached below.
ALFA is a Win 2003 Server, and Clients 1-N are a mix of mainly WinXP boxes.
The Clavister doesn't filter anything between the two nets, and has
directed broadcasts enabled (as does GAMMA, not sure if that's needed).
Please consider everything belonging to the workgroup THCCA, since that's
what should interest GAMMA :)
The clients and ALFA has their WINS server set to GAMMA, and gamma has it's
wins support on. My samba config for GAMMA is as follows:
---
[global]
remote announce = 192.168.0.255
netbios name = GAMMA
workgroup = THCCA
server string = THCCA GAMMA SMB-server
;;hosts allow = 192.168.
guest account = guest
log level = 2
max log size = 500
security = share
os level = 65
;;domain master = yes
preferred master = yes
wins support = yes
;;encrypt passwords = yes
load printers = no
[Gemensam]
comment = Common storage
path = /var/samba/storage/common
public = yes
only guest = yes
writable = yes
printable = no
---
So, what I want to do is basically make GAMMA part of the workgroup THCCA
on net 0. GAMMA is alone on net 1. At first I tried making GAMMA an LMB
and DMB, but I've now moved on to just using remote announce to try and
make it visible to the 192.168.0 LMB of THCCA, because of my troubles and
the fact that it seems nicer as long as I don't need any clients/smb-
servers residing on net 1. I figure that I the LMB gets aware of GAMMA, and
the WINS is working properly, everything should be fine ^^.
As you can see, there's one share, Gemensam, and it's verified to work well,
as does the server, when I put another browsing client on net 1.
However, GAMMA doesn't register in whoever is the MB of THCCA on the bcast
of net 0, and there are some issues to/part of it that I think are somewhat
basic to solving this (just a guesst though):
1) It seems that whatever UDP traffic GAMMA sends, tcpdump reports bad
   checksum =/
2) Everytime i see samba sending it's remote announce broadcast, nothing is
   returned.
3) I can't see anything going to port 137 on GAMMA, from net 0, which makes
   me wonder why there's no traffic to the WINS server (GAMMA).
I'll start with `tcpdump -n -t -vv -p port 137 or 138 or 139`:
192.168.1.2.138 > 192.168.0.255.138:  udp 223 (ttl 64, id 19089, bad cksum e7!)
192.168.1.2.138 > 192.168.1.255.138:  udp 223 (ttl 64, id 27854, bad cksum e7!)
192.168.1.2.27750 > 192.168.1.214.139: S [bad tcp cksum cb94!] 2289896371:2289896371(0) win 
16384  (DF) (ttl 64, 
id 36328, bad cksum 14!)
192.168.1.214.3173 > 192.168.1.2.139: F [tcp sum ok] 495:495(0) ack 325 win 63916 (DF) 
(ttl 128, id 28179)
192.168.1.2.139 > 192.168.1.214.3173: . [bad tcp cksum 3077!] ack 496 win 17520 (DF) 
(ttl 64, id 24982, bad cksum 14!)
192.168.1.2.139 > 192.168.1.214.3173: F [bad tcp cksum 2f77!] 325:325(0) ack 496 win 
17520 (DF) (ttl 64, id 21299, bad cksum 14!)
192.168.1.214.3173 > 192.168.1.2.139: . [tcp sum ok] ack 326 win 63916 (DF) (ttl 128, 
id 28180)
Some snippets from the tcpdump to illustrate the bad checksum complaints.
I've looked everywhere for info on this, but without luck. As you can see
in the dmesg, there seems to be some weirdness with the xl0 drivers, but
except for samba, this box also serves DNS, XDMCP, Squid, and of course
SSH, which makes me look at other possible causes before thinking that's
the problem. I mean, there has been no problems what so ever except for
with this. Not saying anything though :)
In the first snippet line, samba tries to send a remote announce to the
bcast of net 0, at least I guess that's the case. But there's nothing
returned, never ever. Perhaps there shouldn't be anything returned, or
nothing is returned because the packet gets dropped by the target boxes
because they're faulty (chksum)?
And lastly, what could be the cause of there going no traffic to the samba
WINS? The interface is in promiscious mode, so I should most likely see it
if it was there :/ I see all kinds of smb traff

Re: [Samba] XP DESKTOP ERROR 2

[Shawn Henderson]

I understand the mapping .. if that is the case would that single machine
have a different group for some reason than the other workstations. Today I
added a new user with the same results. The one machine receives the error
on the desktop when the users log on while the other workstations do not .
The only errors in the log are those when the user logs in to the problem
machine. I think I have successfully narrowed it down to the machine and not
the samba server. Although I can not find any indifferences in any of the
machines to zero in on . Any Ideas as to what to look for.. maybe a policies
setting or something? These are all brand new machines right out of the
box..

- Original Message - 
From: "Chris Tepaske" <[EMAIL PROTECTED]>
To: "'Shawn Henderson'" <[EMAIL PROTECTED]>
Sent: Friday, June 04, 2004 5:17 PM
Subject: RE: [Samba] XP DESKTOP ERROR 2


> I don't know if the logs reflect the problem that you are getting. But
what
> want it means is that the primary group that the Unix user account belong
to
> is not mapped to a Samba group. If you map the users primary account the
> error will go away as for the WINS issue I don't know maybe your WINS data
> base is corrupt.
>
> Cheers
>
> Chris Tepaske
>
> -Original Message-
> From: Shawn Henderson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, June 02, 2004 12:57 PM
> To: [EMAIL PROTECTED]
> Subject: [Samba] XP DESKTOP ERROR 2
>
> I sent previously thought I might try again..
>
> I have a samba 3 server hosting approximately 5 clients. I am having
> problems with one. When any user other than administrator logs on the
first
> thing I get on the desktop is ERROR
> ACCESS DENIED
> after clicking ok a few times it goes away and everything is normal. The
> logs are showing me this for the users login in from that workstation. Why
> does samba think this user is a group coming from this workstation..
Please
> help!
>
> Jun  1 12:03:56 methserver smbd[12017]: [2004/06/01 12:03:56, 0]
> rpc_server/srv_util.c:get_domain_user_groups(371)
> Jun  1 12:03:56 methserver smbd[12017]:   get_domain_user_groups: primary
> gid of user [rtonks] is not a Domain group !
> Jun  1 12:03:56 methserver smbd[12017]:   get_domain_user_groups: You
should
> fix it, NT doesn't like that
> Jun  1 12:03:56 methserver nmbd[3426]: [2004/06/01 12:03:56, 0]
> nmbd/nmbd_incomingrequests.c:process_name_release_request(80)
> Jun  1 12:03:56 methserver nmbd[3426]:   process_name_release_request:
> unicast name release request received for name RTONKS<03> from IP
> 192.168.2.7 on subnet UNICAST_SUBNET. Error - should be sent to WINS
server
>
> the samba server is the wins server.. I dont get that..
>
>
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 2 passwords when loging from Windows 98 to samba PDC

[Shawn Henderson]

There is a way to do this .
You can edit the policies using poledit. You can set that no one can log on
to the computers unless authenticated by a server. Here are a few resources
for you to read..
http://www.microsoft.com/resources/documentation/windows/98/all/reskit/en-us/part2/wrkc08.mspx

http://www.zisman.ca/poledit/

I have done this many times its almost like xp or w2k standard network
settings.. But you will have to write a login script to get the win98 to map
to the home folder manually.
Let me know if you need help.
- Original Message - 
From: "Christoph Scheeder" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, June 02, 2004 4:03 AM
Subject: Re: [Samba] 2 passwords when loging from Windows 98 to samba PDC


> Hi,
> AFAIK, you can not obtain what you want with Win98-Clients.
> Why? this is a Limitation of Win98.
> It does not realy get incorporated into a domain,
> it only handles it as a "little bit better workgroup".
> And for that does its own authentication stuff
>   and does not trust the PDC.
> No Mater if the PDC is samba, NT-x or win2k
> Christoph
>
> [EMAIL PROTECTED] schrieb:
>
> > Hello.
> >
> > I have setup a local network where Windows 98
> > workstations authenticates against a samba
> > server PDC running on linux, and it is working.
> >
> > But there is a little annoyance: Windows 98
> > is handling 2 passwords:
> >
> > 1) the network password (used with the samba PDC)
> >
> > 2) the windows password (used with the Windows
> >desktop)
> >
> > Windows users can change their passwords from
> > the workstation, but the desktop password is
> > kept locally. If they change the passwords
> > in one workstation and then login in another
> > workstation, the passwords will be different.
> >
> > I would like to eliminate the need for second
> > password and kepp only the first. Is it possible?
> >
> > If not, I would like to keep the desktop
> > passwords at the samba server. Is that possible?
> >
> > Regards.
> >
> > Romildo
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] XP DESKTOP ERROR 2

[Shawn Henderson]

I sent previously thought I might try again..

I have a samba 3 server hosting approximately 5 clients. I am having problems with 
one. When any user other than administrator logs on the first thing I get on the 
desktop is ERROR 
ACCESS DENIED
after clicking ok a few times it goes away and everything is normal. The logs are 
showing me this for the users login in from that workstation. Why does samba think 
this user is a group coming from this workstation.. Please help!

Jun  1 12:03:56 methserver smbd[12017]: [2004/06/01 12:03:56, 0] 
rpc_server/srv_util.c:get_domain_user_groups(371)
Jun  1 12:03:56 methserver smbd[12017]:   get_domain_user_groups: primary gid of user 
[rtonks] is not a Domain group !
Jun  1 12:03:56 methserver smbd[12017]:   get_domain_user_groups: You should fix it, 
NT doesn't like that
Jun  1 12:03:56 methserver nmbd[3426]: [2004/06/01 12:03:56, 0] 
nmbd/nmbd_incomingrequests.c:process_name_release_request(80)
Jun  1 12:03:56 methserver nmbd[3426]:   process_name_release_request: unicast name 
release request received for name RTONKS<03> from IP 192.168.2.7 on subnet 
UNICAST_SUBNET. Error - should be sent to WINS server

the samba server is the wins server.. I dont get that..

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] XP DESKTOP ERROR 2

[Shawn Henderson]

I sent previously thought I might try again..

I have a samba 3 server hosting approximately 5 clients. I am having problems with 
one. When any user other than administrator logs on the first thing I get on the 
desktop is ERROR 
ACCESS DENIED
after clicking ok a few times it goes away and everything is normal. The logs are 
showing me this for the users login in from that workstation. Why does samba think 
this user is a group coming from this workstation.. Please help!

Jun  1 12:03:56 methserver smbd[12017]: [2004/06/01 12:03:56, 0] 
rpc_server/srv_util.c:get_domain_user_groups(371)
Jun  1 12:03:56 methserver smbd[12017]:   get_domain_user_groups: primary gid of user 
[rtonks] is not a Domain group !
Jun  1 12:03:56 methserver smbd[12017]:   get_domain_user_groups: You should fix it, 
NT doesn't like that
Jun  1 12:03:56 methserver nmbd[3426]: [2004/06/01 12:03:56, 0] 
nmbd/nmbd_incomingrequests.c:process_name_release_request(80)
Jun  1 12:03:56 methserver nmbd[3426]:   process_name_release_request: unicast name 
release request received for name RTONKS<03> from IP 192.168.2.7 on subnet 
UNICAST_SUBNET. Error - should be sent to WINS server

the samba server is the wins server.. I dont get that..

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Lock ups?

[Shawn Henderson]

I don't think it's network related as I have 100 meg full duplex locked
all the way through. Both PC's are plugged into a Cisco 2950 and I see no
itteruption of traffic between the two when a pause occurs.-

I am having the same problem on occasion and I am getting wins errors in my
log... I see you have wins support in the config as I do . Can someone
explain the wins process as it pertains to samba .

- Original Message - 
From: "Chris" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, May 31, 2004 3:20 AM
Subject: [Samba] Lock ups?


> Hi there. I'm reasonably new to Samba but quite experienced with Linux.
>
> The other day I decided to throw a file server together for my house. I
> put together a Linux box with 5 120 gig drives raid 5'd in a rack mount
> box and put it in the basement.
>
> It's running debian and Samba 3.0.2a-1. The Kernel is 2.4.26.
>
> I am then mounting the drive as a mapped network drive under a windows XP
> box that is my main PC.
>
> Initially all seemed good. I filled the raid and started using the PC. I
> am however getting what appear to be "lock ups" regularly when browsing
> the samba share I have created. I'll be browsing happy as larry with music
> also streaming off the share when my explorer window will lock up and the
> music will stop playing. Any attempt to open "My Computer" or any explorer
> window to access the share results in nothing. If I wait 10 seconds to 1
> min it suddenly comes right and everything pootles along again as normal.
>
> If I just stream 1 file off the server then it's fine for (the longest
> I've tried) up to 2 hours. But if I start browsing the shares or opening
> other shared files I get lock ups within 1-5 min. It's very frustrating
> when I'm trying to do multiple things at once.
>
> I ran ethereal on the windows end and when the pauses happen I see SMB
> messages flying round but they seem to be requests for the same bit over
> and over.. Usually as the pause ends I see a close request going from the
> XP box to the Linux server. I can provide ethereal captures if that would
> help.
>
> I am also SSHed into the server and it's not a drive pause as the drive
> and mounted dir are totally responsive under linux while the pause is in
> effect.
>
> I don't think it's network related as I have 100 meg full duplex locked
> all the way through. Both PC's are plugged into a Cisco 2950 and I see no
> itteruption of traffic between the two when a pause occurs.
>
> Below is my SMB conf any suggestions? My GF is going to kill me if her
> photo editing keeps locking up like this. :)
>
> --
> [global]
> server string = %h server (Samba %v)
> netbios name = atari
> wins support = yes
> dns proxy = no
> log file = /var/log/samba/log.%m
> max log size = 1000
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> encrypt passwords = true
> passdb backend = tdbsam guest
> obey pam restrictions = yes
> passwd program = /usr/bin/passwd %u
> socket options =  TCP_NODELAY,  IPTOS_LOWDELAY, SO_KEEPALIVE,
SO_SNDBUF=8192, SO_RCVBUF=8192, SO_RCVBUF, SO_SNDBUF
> [shared]
>comment = Storage
>writable = yes
>locking = yes
>oplocks = True
>create mask = 0700
>directory mask = 0700
>path = /raid-1/shared
>public = yes
>
> --
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] XP desktop error

[Shawn Henderson]

I have 5 XP workstations with Samba acting as the domain controller. All workstation 
work great All users can log on and have access to there private folder.
I have no changed the registry for the desktop to roam with them because the users are 
pretty much fixed. My problem is on one workstation I login with two users and I get 
an error on the desktop access denied. After a few click on "ok" it goes away. I tried 
the other 3 users on same workstation and I do not get this error. I tried the 2 users 
on other workstations and I do not get this error. Why would 2 out of 5 users get an 
error only on one workstation. Any Ideas ???

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows XP Pro and Fedora 1 Home Network

[Shawn Henderson]

Please give copy of smb.conf
- Original Message - 
From: "Stephen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 30, 2004 3:37 PM
Subject: [Samba] Windows XP Pro and Fedora 1 Home Network


> Hey,
> 
> I am new to Linux, and I am caught up in an issue with Samba. I have two
> computers. One is a Win XP Pro and the other is Fedora Core 1 sharing a
> cable modem connection via a D-Link Router. With these to computers I
> want to be able to share files in-between the two of us. With samba I
> can see my XP computer with no problems. I just have to type in a user
> name and password. My problem comes in that the XP computer cannot see
> me at all. When bringing up the XP computer it is listed in Nautilus as
> smb://adam/c/downloads/. I can copy files from the XP computer to my
> Fedora computer but I cannot copy a file from my computer to his
> computer. I saw somewhere on a site that I had to make a registry entry
> for the XP computer which I did with no go. With mapping a network drive
> would I do the \\homewreckers\pub? With the router would I have to   Any
> other suggestions would be wonderful. Sorry if I didn't give enough
> information. 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
> .
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] sponsor

[Shawn Henderson]

My employer would like to put out that they are willing to sponsor any
projects or User Groups with free hosting.
let me know if anyone needs it.
Thanks


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] help

[Shawn Henderson]

I am trying to use samba and swat on 
rh7.0
and I have samba running and can log in from a w2k 
client but cannot from a win98/95 client also I can not get swat running from 
any client here are my configs below I followd the directions from the 
post.http://lists.samba.org/pipermail/samba-binaries/2001-May/000216.html but no 
luck
 
[root@wsl2 samba]# testparmLoad smb config 
files from /etc/samba/smb.confCan't find include file 
/etc/samba/smb.conf.Processing section "[homes]"Processing section 
"[printers]"Processing section "[tmp]"Loaded services file OK.Press 
enter to see a dump of your service 
definitions  security = 
USER    encrypt passwords = 
Yes    update encrypted = 
No    allow trusted domains = 
Yes    hosts equiv 
=    min password length = 
5    map to guest = 
Never    null passwords = 
No    password server 
=    smb passwd file = 
/etc/samba/smbpasswd    root 
directory = /    passwd program = 
/usr/bin/passwd %u    passwd chat = 
*New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*    
passwd chat debug = No    username 
map = /etc/samba/smbusers    password 
level = 0    username level = 
0    unix password sync = 
Yes    restrict anonymous = 
No    use rhosts = 
No    ssl = 
No    ssl hosts 
=    ssl hosts resign 
=    ssl CA certDir 
=    ssl CA certFile 
=    ssl server cert 
=    ssl server key 
=    ssl client cert 
=    ssl client key 
=    ssl require clientcert = 
No    ssl require servercert = 
No    ssl ciphers 
=    ssl version = 
ssl2or3    ssl compatibility = 
No    debug level = 
2    syslog = 
1    syslog only = 
No    log file = 
/var/log/samba/%m.log    max log size 
= 0    debug timestamp = 
Yes    debug hires timestamp = 
No    debug pid = 
No    debug uid = 
No    protocol = 
NT1    read bmpx = 
No    read raw = 
Yes    write raw = 
Yes    nt smb support = 
Yes    nt pipe support = 
Yes    nt acl support = 
Yes    announce version = 
4.2    announce as = 
NT    max mux = 
50    max xmit = 
65535    name resolve order = wins 
lmhosts bcast    max ttl = 
259200    max wins ttl = 
518400    min wins ttl = 
21600    time server = 
No    change notify timeout = 
60    deadtime = 
0    getwd cache = 
Yes    keepalive = 
300    lpq cache time = 
10    max disk size = 
0    max open files = 
1    read prediction = 
No    read size = 
16384    shared mem size = 
1048576    socket options = 
TCP_NODELAY SO_RCVBUF=8192 
SO_SNDBUF=8192    stat cache size = 
50    load printers = 
Yes    printcap name = 
/etc/printcap    printer driver file 
= /etc/samba/printers.def    strip 
dot = No    character set 
=    mangled stack = 
50    stat cache = 
Yes    domain groups 
=    domain admin group 
=    domain guest group 
=    domain admin users 
=    domain guest users 
=    machine password timeout = 
604800    add user script 
=    delete user script 
=    logon script 
=    logon path = \\%N\%U\profile    
logon drive =    logon home = \\%N\%U    
domain logons = No    os level = 
20    lm announce = 
Auto    lm interval = 
60    preferred master = 
No    local master = 
Yes    domain master = 
No    browse list = 
Yes    dns proxy = 
No    wins proxy = 
No    wins server 
=    wins support = 
No    wins hook 
=    kernel oplocks = 
Yes    ole locking compatibility = 
Yes    oplock break wait time = 
10    smbrun = 
/usr/bin/smbrun    config file 
=    auto services 
=    lock directory = 
/var/lock/samba    default service 
=    message command 
=    dfree command 
=    valid chars 
=    remote announce = 
192.168.0.255    remote browse sync 
=    socket address = 
0.0.0.0    homedir map = 
auto.home    time offset = 
0    unix realname = 
No    NIS homedir = 
No    source environment 
=    panic action 
="">    comment 
=    path 
=    revalidate = 
No    username 
=    guest account = 
nobody    invalid users 
=    valid users 
=    admin users 
=    read list 
=    write list 
=    force user 
=    force group 
=    writeable = 
No    create mask = 
0744    force create mode = 
00    security mask = 
-1    force security mode = 
-1    directory mask = 
0755    force directory mode = 
00    directory security mask = 
-1    force directory security mode = 
-1    inherit permissions = 
No    guest only = 
No    guest ok = 
No    only user = 
No    hosts allow = 
192.168.0.    hosts deny 
=    status = 
Yes    max c