Re: [Samba] Samba PDC - WinXP Issues
On Mon, 29 Sep 2003, Simran Hansrai wrote: > Hi Guys, > > I have installed and configure samba on a redhate 8.0 box to act as a > PDC. When I try and add a user to my domain from my WinXP client > machine, I get the following error: How are you doing this? What tool are you using? - John T. > > "The user could not be added because of the following error has occured: > The trust relationship between this workstation and the primary domain > failed." > > I have search google.com and have tried a couple of different things but > none seem to work. > > The following is my entry for my workstations in /etc/passwd: > enermax$:x:534:201:enermax:/dev/null:/bin/false > jeonamur$:x:535:201:jeonamur:/dev/null:/bin/false > > /etc/smbpasswd: > jeonamur$:535:AE7D4C9527EFD952B97F4EB3E2D4130F:3E7FE739CDEB16486F4686B96ED02CBF:[W > ]:LCT-3F78B510: > enermax$:534:DA838D55F99FD0BC6879F19168D4B105:F47AE8F4B8B7E2B13F237B73849D4799:[W > ]:LCT-3F78CF75: > > > - > smb.conf > - > [global] > > ;basic server settings > workgroup = chamkila.org > netbios name = manak > server string = Samba PDC running %v > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 > SO_RCVBUF=8192 > unix password sync = yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* > %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n > *passwd: *all*authentication*tokens*updated*successfully* > add user script = /usr/sbin/adduser -n -g machines -c Machine -d > /dev/null -s /bin/false %m$ > > ;PDC and master browser settings > os level = 64 > preferred master = yes > local master = yes > domain master = yes > domain logons = yes > domain admin group = simran administrator aman > > ;security and logging settings > security = user > status = yes > encrypt passwords = yes > log file = /var/log/samba/log.%m > log level = 2 > max log size = 50 > hosts allow = 127.0.0.1 192.168.0.0/255.255.255.0 > ;user profiles and home directory > > logon home = \\%L\%U\ > logon drive = H: > logon path = \\%L\profiles\%U > logon script = netlogon.bat > > wins support = yes > dns proxy = yes > wins proxy = yes > # shares > [homes] >comment = Home Directories >browseable = no >writeable = yes > [profiles] >path = /home/samba/profiles >writeable = yes >browseable = no >create mask = 0600 >directory mask = 0700 > [netlogon] >comment = Network Logon Service >path = /home/netlogon >read only = yes >browseable = no >write list = tom > > > > Is there something that I am missing? Any suggestions or comments would > be grately appreciated. > > Thanks in advance, > -- > Simran H. > [EMAIL PROTECTED] > > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - WinXP Issues
On Tue, 2003-09-30 at 02:38, Simran Hansrai wrote: > Hi Guys, > > I have installed and configure samba on a redhate 8.0 box to act as a > PDC. When I try and add a user to my domain from my WinXP client > machine, I get the following error: > > "The user could not be added because of the following error has occured: > The trust relationship between this workstation and the primary domain > failed." > > I have search google.com and have tried a couple of different things but > none seem to work. > > The following is my entry for my workstations in /etc/passwd: > enermax$:x:534:201:enermax:/dev/null:/bin/false > jeonamur$:x:535:201:jeonamur:/dev/null:/bin/false > > /etc/smbpasswd: > jeonamur$:535:AE7D4C9527EFD952B97F4EB3E2D4130F:3E7FE739CDEB16486F4686B96ED02CBF:[W > ]:LCT-3F78B510: > enermax$:534:DA838D55F99FD0BC6879F19168D4B105:F47AE8F4B8B7E2B13F237B73849D4799:[W > ]:LCT-3F78CF75: You should either patch the registry on your XP workstations to disable the signing or switch to Samba 3.0. Jelmer -- Jelmer Vernooij - http://jelmer.vernstok.nl/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC not creating roaming profiles
Hi, I tried adding "nt acl support = no" to my share as recommended. This hasn't changed my problem. I have also made sure that my SID is the same on both old and new server. (Perhaps it has changed all together?) The closest I seem to get is the creation of the profile directory, but nothing is stored in there. Even with the 'new' SID I have rejoined them to the DOMAIN, the first time I log in I get a error " Cannot open profile" yet it makes that profile directory in the correct location, yet with nothing in it. Every login after that results in no error and nothing changing on my server's profile for that user. Help needed :P >>> kurt weiss <[EMAIL PROTECTED]> 09/22/03 06:16PM >>> Lee Martin schrieb: > Hi All, > > I've tried pretty much everything I can, I have gotten a step further though. > > When logging onto the domain only the profile directory is created for a user, > unfortuanately with nothing in it. > > >>>From earlier I was asked to have a look at the SID, I have updated my Solaris > > 8 server with the 'smbpasswd -S' command yet this doesn't seem to have sorted > out my problem. stupid question: u have read the SID from the original samba with smbpasswd -S and updated the solaris server with smbpasswd -W - right? > > Yesterday, in desperation I installed ver 2.2.8a back on to my orginal Linux Server > with my old config file, which resulted in the exact same thing. > installed back? so it seems u have lost SID? - did u try to re-join one of the workstatins to the domain? (4 testing) is then the same problem? u have *no* error messages, even on the client? (profile is syncronized at login *and* logoff) > Any help would be greatly appreciated. > > Thanks, > Lee > > "Mark W. Webb" <[EMAIL PROTECTED]> 09/22/03 12:47PM >>> > > I am having a similar problem with samba 3.0 rc4. My roaming profile > gets loaded upon login, but never gets updated upon logout. Just to > debug, I have made all permissions 777 on /home/profile/* and it does > not help. > > any help would be greatly appreciated. > > kurt weiss wrote: > > >>maybe, u do not use the same SID, or the profiles on the clients are >>switched to "local based"?? >> >>Lee Martin schrieb: >> >> >>>Hi All, >>> >>>I have recently moved my PDC from a linux suse 7.0 box to a >>>Solaris 8 server. I have downloaded the samba 2.2.8a and >>>installed it without any errors. >>>I used my old smb.conf and made the neccasry changes to it, I >>>have pasted it below. >>> >>>I don't receive any errors, it just ends up using a local profile and >>>doesn't bother to update it to the server. >>> >>>I have looked at countless documents going through the procedure >>>of setting up the profiles but not any regarding problems. >>> >>>If anyone could help me or at least guide me in the right direction, >>>I would greatly appreciate it. >>> >>>Thanks, >>>Lee >>> >>>smb.conf: >>> >>># Global parameters >>>[global] >>>workgroup = PROE >>>netbios name = CADADM >>>server string = CADADM Samba Server >>>interfaces = 192.9.201.29/24 192.9.202.129/24 >>> >>># PDC Settings >>>encrypt passwords = Yes >>>passwd program = /usr/bin/passwd %u >>>passwd chat = *Enter*NEW*password* %n\n *Reenter*NEW*password* >>>%n\n *Password*Changed* >>>passwd chat debug = Yes >>>unix password sync = Yes >>> >>># Logging Settings >>>log level = 2 >>>log file = /var/samba/log.%m >>>max log size = 100 >>> >>># Time-Sync Settings >>>time service = yes >>>dos filetimes = yes >>> >>># Roaming Profile Settings >>> >>>domain admin group = root @ntadmin >>>add user script = /usr/sbin/useradd -d /dev/null -g 100 -s >>>/bin/false -M %u >>>logon script = startup.bat >>>logon path = \\%N\profiles\%U >>>domain logons = Yes >>>os level = 64 >>>preferred master = Yes >>>domain master = Yes >>>wins support = Yes >>>remote announce = 192.9.202.255 >>>admin users = root >>> >>>[netlogon] >>>comment = PROE domains logon service >>>path = /usr/local/samba/netlogon >>>write list = root >>>browseable = No >>>read only = Yes >>> >>>[profiles] >>>path = /usr/local/samba/ntprofile >>>read only = No >>>create mask = 0600 >>>directory mask = 0700 >>>browseable = Yes >>> >>>end smb.conf: >>> >>> >>> >>> >>>-- >>> >>> >>>DISCLAIMER: >>>The information contained in this communication is confidential and >>>may be legally privileged. It is intended solely for the use of the >>>individual or entity to whom it is addressed and others authorised to >>>receive it. If you are not the intended recipient please inform us of >>>its receipt by you. You are hereby notified that you must not >>>disclose, copy, distribute or take any action in reliance of the >>>contents of this information, which must be immediately deleted. >>> >>>This e-mail was checked by the e-Swee
Re: [Samba] Samba PDC not creating roaming profiles
Hi All, I've tried pretty much everything I can, I have gotten a step further though. When logging onto the domain only the profile directory is created for a user, unfortuanately with nothing in it. >From earlier I was asked to have a look at the SID, I have updated my Solaris 8 server with the 'smbpasswd -S' command yet this doesn't seem to have sorted out my problem. Yesterday, in desperation I installed ver 2.2.8a back on to my orginal Linux Server with my old config file, which resulted in the exact same thing. Any help would be greatly appreciated. Thanks, Lee >>> "Mark W. Webb" <[EMAIL PROTECTED]> 09/22/03 12:47PM >>> I am having a similar problem with samba 3.0 rc4. My roaming profile gets loaded upon login, but never gets updated upon logout. Just to debug, I have made all permissions 777 on /home/profile/* and it does not help. any help would be greatly appreciated. kurt weiss wrote: > maybe, u do not use the same SID, or the profiles on the clients are > switched to "local based"?? > > Lee Martin schrieb: > >> Hi All, >> >> I have recently moved my PDC from a linux suse 7.0 box to a >> Solaris 8 server. I have downloaded the samba 2.2.8a and >> installed it without any errors. >> I used my old smb.conf and made the neccasry changes to it, I >> have pasted it below. >> >> I don't receive any errors, it just ends up using a local profile and >> doesn't bother to update it to the server. >> >> I have looked at countless documents going through the procedure >> of setting up the profiles but not any regarding problems. >> >> If anyone could help me or at least guide me in the right direction, >> I would greatly appreciate it. >> >> Thanks, >> Lee >> >> smb.conf: >> >> # Global parameters >> [global] >> workgroup = PROE >> netbios name = CADADM >> server string = CADADM Samba Server >> interfaces = 192.9.201.29/24 192.9.202.129/24 >> >> # PDC Settings >> encrypt passwords = Yes >> passwd program = /usr/bin/passwd %u >> passwd chat = *Enter*NEW*password* %n\n *Reenter*NEW*password* >> %n\n *Password*Changed* >> passwd chat debug = Yes >> unix password sync = Yes >> >> # Logging Settings >> log level = 2 >> log file = /var/samba/log.%m >> max log size = 100 >> >> # Time-Sync Settings >> time service = yes >> dos filetimes = yes >> >> # Roaming Profile Settings >> >> domain admin group = root @ntadmin >> add user script = /usr/sbin/useradd -d /dev/null -g 100 -s >> /bin/false -M %u >> logon script = startup.bat >> logon path = \\%N\profiles\%U >> domain logons = Yes >> os level = 64 >> preferred master = Yes >> domain master = Yes >> wins support = Yes >> remote announce = 192.9.202.255 >> admin users = root >> >> [netlogon] >> comment = PROE domains logon service >> path = /usr/local/samba/netlogon >> write list = root >> browseable = No >> read only = Yes >> >> [profiles] >> path = /usr/local/samba/ntprofile >> read only = No >> create mask = 0600 >> directory mask = 0700 >> browseable = Yes >> >> end smb.conf: >> >> >> >> >> -- >> >> >> DISCLAIMER: >> The information contained in this communication is confidential and >> may be legally privileged. It is intended solely for the use of the >> individual or entity to whom it is addressed and others authorised to >> receive it. If you are not the intended recipient please inform us of >> its receipt by you. You are hereby notified that you must not >> disclose, copy, distribute or take any action in reliance of the >> contents of this information, which must be immediately deleted. >> >> This e-mail was checked by the e-Sweeper Service. >> For more information visit our website, Baltimore Technologies >> e-Sweeper : >> http:// www.mimesweeper.baltimore.com/products/esweeper/ >> -- >> >> >> > -- This e-mail was checked by the e-Sweeper Service. For more information visit our website, Baltimore Technologies e-Sweeper : http:// www.mimesweeper.baltimore.com/products/esweeper/ -- -- DISCLAIMER: The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient please inform us of its receipt by you. You are hereby notified that you must not disclose, copy, distribute or take any action in reliance of the contents of this information, which must be immediatel
Re: [Samba] Samba PDC not creating roaming profiles
I am having a similar problem with samba 3.0 rc4. My roaming profile gets loaded upon login, but never gets updated upon logout. Just to debug, I have made all permissions 777 on /home/profile/* and it does not help. any help would be greatly appreciated. kurt weiss wrote: maybe, u do not use the same SID, or the profiles on the clients are switched to "local based"?? Lee Martin schrieb: Hi All, I have recently moved my PDC from a linux suse 7.0 box to a Solaris 8 server. I have downloaded the samba 2.2.8a and installed it without any errors. I used my old smb.conf and made the neccasry changes to it, I have pasted it below. I don't receive any errors, it just ends up using a local profile and doesn't bother to update it to the server. I have looked at countless documents going through the procedure of setting up the profiles but not any regarding problems. If anyone could help me or at least guide me in the right direction, I would greatly appreciate it. Thanks, Lee smb.conf: # Global parameters [global] workgroup = PROE netbios name = CADADM server string = CADADM Samba Server interfaces = 192.9.201.29/24 192.9.202.129/24 # PDC Settings encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter*NEW*password* %n\n *Reenter*NEW*password* %n\n *Password*Changed* passwd chat debug = Yes unix password sync = Yes # Logging Settings log level = 2 log file = /var/samba/log.%m max log size = 100 # Time-Sync Settings time service = yes dos filetimes = yes # Roaming Profile Settings domain admin group = root @ntadmin add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon script = startup.bat logon path = \\%N\profiles\%U domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes remote announce = 192.9.202.255 admin users = root [netlogon] comment = PROE domains logon service path = /usr/local/samba/netlogon write list = root browseable = No read only = Yes [profiles] path = /usr/local/samba/ntprofile read only = No create mask = 0600 directory mask = 0700 browseable = Yes end smb.conf: -- DISCLAIMER: The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient please inform us of its receipt by you. You are hereby notified that you must not disclose, copy, distribute or take any action in reliance of the contents of this information, which must be immediately deleted. This e-mail was checked by the e-Sweeper Service. For more information visit our website, Baltimore Technologies e-Sweeper : http:// www.mimesweeper.baltimore.com/products/esweeper/ -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC not creating roaming profiles
maybe, u do not use the same SID, or the profiles on the clients are switched to "local based"?? Lee Martin schrieb: Hi All, I have recently moved my PDC from a linux suse 7.0 box to a Solaris 8 server. I have downloaded the samba 2.2.8a and installed it without any errors. I used my old smb.conf and made the neccasry changes to it, I have pasted it below. I don't receive any errors, it just ends up using a local profile and doesn't bother to update it to the server. I have looked at countless documents going through the procedure of setting up the profiles but not any regarding problems. If anyone could help me or at least guide me in the right direction, I would greatly appreciate it. Thanks, Lee smb.conf: # Global parameters [global] workgroup = PROE netbios name = CADADM server string = CADADM Samba Server interfaces = 192.9.201.29/24 192.9.202.129/24 # PDC Settings encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *Enter*NEW*password* %n\n *Reenter*NEW*password* %n\n *Password*Changed* passwd chat debug = Yes unix password sync = Yes # Logging Settings log level = 2 log file = /var/samba/log.%m max log size = 100 # Time-Sync Settings time service = yes dos filetimes = yes # Roaming Profile Settings domain admin group = root @ntadmin add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u logon script = startup.bat logon path = \\%N\profiles\%U domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes remote announce = 192.9.202.255 admin users = root [netlogon] comment = PROE domains logon service path = /usr/local/samba/netlogon write list = root browseable = No read only = Yes [profiles] path = /usr/local/samba/ntprofile read only = No create mask = 0600 directory mask = 0700 browseable = Yes end smb.conf: -- DISCLAIMER: The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient please inform us of its receipt by you. You are hereby notified that you must not disclose, copy, distribute or take any action in reliance of the contents of this information, which must be immediately deleted. This e-mail was checked by the e-Sweeper Service. For more information visit our website, Baltimore Technologies e-Sweeper : http:// www.mimesweeper.baltimore.com/products/esweeper/ -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba(PDC, machine A) + LDAP (machine B)?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 11 Sep 2003, lskuo wrote: > Because now before creating a samba account, one must > create an unit account, right? right! > My goal is as follows: > > 1. Master LDAP (server A): responsible for the master copy > of the account information > 2. Slave LDAP (server B): synchronizing the database with > the Master LDAP through LDAP's slurpd > 3. Samba PDC server (server C): the option of the ldap > server is pointed to server B. sounds good, thats exactly what i've done here.. > Is it doable for current samba? > I am using FreeBSD 5.0 no easy way.. first upgrade your system to FreeBSD-5.1 (this is the point in time where FreeBSD starts supporting dynamic NSS modules. you need it because nss_ldap is the way to get unix accounts out of an LDAP tree) > If anyone knows how to do it, please instruct me in > details. Thank you very much. okay, i will try it. 1. install/upgrade your system to FreeBSD-5.1 2. use 'cvsup' to get the latest ports-tree \ (not necessary when using binary packages) 3. install openldap21 from ports (net/openldap21-server) 4. configure it 5. install nss_ldap from ports (net/nss_ldap) 6. configure nss_ldap and \ symlink '/usr/local/etc/ldap.[conf|secret]' to '/etc' \ because ist hardcoded in the nss module 7. create '/etc/nsswitch.conf' and insert the follwoing 3 lines: - --snip passwd: files [NOTFOUND=continue] ldap group: files [NOTFOUND=continue] ldap hosts: files dns - --snap 8. install samba from ports (net/samba) it's samba-2.2.8a \ DON'T forget to pass 'WITH_LDAP=yes' to the 'make' command 9. configure samba to use LDAP \ (read the Samba-HOWTO-Collection or 'man 5 smb.conf') 10. copy \ '/usr/ports/net/samba/work/samba-2.2.8a/examples/LDAP/samba.schema' \ to '/usr/local/etc/openldap/schema/samba.schema' and include it in \ your '/usr/local/etc/openldap/slapd.conf' 11. add 'slapd_enable="YES"' to your '/etc/rc.conf' 12. add 'slurpd_enable="YES"' to your '/etc/rc.conf' \ (only on the LDAP Master / PDC) 13. start 'slapd' with '/usr/local/etc/rc.d/slapd.sh start' 14. add the main LDAP entries as mentioned in the OpenLDAP documentation 15. add account entries as mentioned in the Samba-HOWTO-Collection 16. check if FreeBSD recognizes the new added account(s) using 'id' 17. start samba with '/usr/local/etc/rc.d/samba.sh start' 18. try to connect from a windows machine and to join the domain if everything is working you've finished the hard part.. for the LDAP Slaves / BDC's repeat step 1 to 11. for the steps after 11 read the OpenLDAP doc's about replication and read the Samba doc's about setting up an BDC HINT: add 'local4.* /var/log/slapd.log' to '/etc/syslog.conf' and restart syslogd to see the 'slapd' log messages. don't forget to 'touch /var/log/slapd.log' and add '/var/log/slapd.log 640 7 * @T00 J' to '/etc/newsyslog.conf' to get the a new log for every day. happy trying keep on asking if you have further questions.. joerg -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/YdOJSPOsGF+KA+MRAt1qAKDPoW2wBLYMuPAyMdBZLEE3TjgNpwCgmjny Qql6BCXpy29RIU54w5BtfF4= =TCur -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC and NIS
Thanks Jeroen- I check my smbpasswd file, and the names had the $ after them. To be sure, I removed and readded them, using smbpasswd -a -m machinename$, but still no luck Sam > Hi Sam, > > Have you added the machine account to smbpasswd using a $ sign at the end of its > name in the foolowing fashion computername$, I think this might cause your problem. > > Jeroen > > On Wed, 27 Aug 2003 12:00:29 -0400 (EDT) > "Samuel R. Waters" <[EMAIL PROTECTED]> wrote: > > > > > Hi Folks- > > > > I've been trying to set up a Samba PDC, and sync it with our NIS passwd > > file. The goal is to allow a brand new lab of PCs running W2k SP4 to > > login using our existing NIS setup, and be able to access their home > > directories as network drives. I think I've figured out how to do this, > > but I wanted to check and make sure it'd work, in theory at least. I'm > > also having an odd problem with the PDC that I'm hoping someone here might > > have an answer for... > > > > My setup: > > NIS master running Solaris 2.9 and Samba 2.2.8a > > NIS client/file server running Solaris 2.9 and Samba 2.2.8a > > W2k SP4 PC (single machine at the moment, will be a lab full soon) > > > > First, the passwd sync: > > My plan is to grab all the accounts currently in the NIS passwd file, and > > add them to the smbpasswd file on the NIS master, then turn unix password > > syncing on. I'll then set up the NIS master to copy the smbpasswd file to > > the NIS client every time it's updated. > > > > First...will this work? > > Seconddoes it matter that the NIS passwd file isn't in /etc/passwd? > > > > > > Next, the PDC: > > This is the one that's driving me crazy currently. I've set up the PDC on > > the NIS client, and am just trying to use a temporary smbpasswd file with > > a few test and machine accounts on it. The samba server appears to be set > > up correctly-testparm and smbclient seem happy. From the Windows box in > > question, I can connect to the samba server, map shares, and join the > > Windows box to the domain. However, when I try to log into the domain, I > > get the error message "The system cannot log you on to the domain because > > the system's computer account is missing of the password on that account > > is incorrect". I added the account to the smbpasswd file using "smbpasswd > > -a -m machinename", and didn't get an error. I've also tried changing the > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters\RequireSignorSeal > > and the > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\EnablePlainTextPassword > > registry entries, but to no avail. > > > > > > Here's my smb.conf file: > > [global] > > > > domain logons = yes > > guest account = smbguest > > logon drive = u: > > logon home = \\frazi.cs.rit.edu\%U > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 > > SO_SNDBUF=8192 > > workgroup = TESTCS > > netbios name = FRAZI > > server string = %L-Samba %v > > interfaces = 129.21.36.157/255.255.255.0 > > syslog = 3 > > log file = /var/adm/samba/log.%U > > max log size = 50 > > log level = 3 > > announce version = 4.2 > > name resolve order = lmhosts bcast wins > > debug level = 1 > > time server = Yes > > deadtime = 15 > > os level = 99 > > preferred master = Yes > > domain master = Yes > > wins proxy = Yes > > wins support = Yes > > lock dir = /var/spool/locks/samba > > hosts allow = 129.21. > > security = user > > encrypt passwords = yes > > > > [homes] > > comment = Home Directories > > read only = No > > create mask = 0600 > > directory mask = 0700 > > browseable = No > > > > [netlogon] > > path = /home/netlogon > > > > > > > > Here are some of the errors I'm getting from the log.nmbd (they repeat, > > frequently): > > > > [2003/08/27 11:40:16, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) > > process_logon_packet: Logon from 129.21.36.1: code = 0x12 > > [2003/08/27 11:40:16, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) > > process_logon_packet: Logon from 129.21.36.1: code = 0x12 > > [2003/08/27 11:40:35, 0] > > nmbd/nmbd_responserecordsdb.c:find_response_record(235) > > find_response_record: response packet id 36001 received with no matching > > record. > > [2003/08/27 11:40:37, 0] > > nmbd/nmbd_responserecordsdb.c:find_response_record(235) > > find_response_record: response packet id 33097 received with no matching > > record. > > > > > > > > Thanks in advance for any help or suggestions > > > > > > Sam Waters > > > > ___ > > > > Samuel R. Waters[EMAIL PROTECTED] > > System Administrator > > Department of Computer Science
Re: [Samba] Samba PDC and NIS
Hi Sam, Have you added the machine account to smbpasswd using a $ sign at the end of its name in the foolowing fashion computername$, I think this might cause your problem. Jeroen On Wed, 27 Aug 2003 12:00:29 -0400 (EDT) "Samuel R. Waters" <[EMAIL PROTECTED]> wrote: > > Hi Folks- > > I've been trying to set up a Samba PDC, and sync it with our NIS passwd > file. The goal is to allow a brand new lab of PCs running W2k SP4 to > login using our existing NIS setup, and be able to access their home > directories as network drives. I think I've figured out how to do this, > but I wanted to check and make sure it'd work, in theory at least. I'm > also having an odd problem with the PDC that I'm hoping someone here might > have an answer for... > > My setup: > NIS master running Solaris 2.9 and Samba 2.2.8a > NIS client/file server running Solaris 2.9 and Samba 2.2.8a > W2k SP4 PC (single machine at the moment, will be a lab full soon) > > First, the passwd sync: > My plan is to grab all the accounts currently in the NIS passwd file, and > add them to the smbpasswd file on the NIS master, then turn unix password > syncing on. I'll then set up the NIS master to copy the smbpasswd file to > the NIS client every time it's updated. > > First...will this work? > Seconddoes it matter that the NIS passwd file isn't in /etc/passwd? > > > Next, the PDC: > This is the one that's driving me crazy currently. I've set up the PDC on > the NIS client, and am just trying to use a temporary smbpasswd file with > a few test and machine accounts on it. The samba server appears to be set > up correctly-testparm and smbclient seem happy. From the Windows box in > question, I can connect to the samba server, map shares, and join the > Windows box to the domain. However, when I try to log into the domain, I > get the error message "The system cannot log you on to the domain because > the system's computer account is missing of the password on that account > is incorrect". I added the account to the smbpasswd file using "smbpasswd > -a -m machinename", and didn't get an error. I've also tried changing the > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters\RequireSignorSeal > and the > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\EnablePlainTextPassword > registry entries, but to no avail. > > > Here's my smb.conf file: > [global] > > domain logons = yes > guest account = smbguest > logon drive = u: > logon home = \\frazi.cs.rit.edu\%U > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 > SO_SNDBUF=8192 > workgroup = TESTCS > netbios name = FRAZI > server string = %L-Samba %v > interfaces = 129.21.36.157/255.255.255.0 > syslog = 3 > log file = /var/adm/samba/log.%U > max log size = 50 > log level = 3 > announce version = 4.2 > name resolve order = lmhosts bcast wins > debug level = 1 > time server = Yes > deadtime = 15 > os level = 99 > preferred master = Yes > domain master = Yes > wins proxy = Yes > wins support = Yes > lock dir = /var/spool/locks/samba > hosts allow = 129.21. > security = user > encrypt passwords = yes > > [homes] > comment = Home Directories > read only = No > create mask = 0600 > directory mask = 0700 > browseable = No > > [netlogon] > path = /home/netlogon > > > > Here are some of the errors I'm getting from the log.nmbd (they repeat, > frequently): > > [2003/08/27 11:40:16, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) > process_logon_packet: Logon from 129.21.36.1: code = 0x12 > [2003/08/27 11:40:16, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) > process_logon_packet: Logon from 129.21.36.1: code = 0x12 > [2003/08/27 11:40:35, 0] > nmbd/nmbd_responserecordsdb.c:find_response_record(235) > find_response_record: response packet id 36001 received with no matching > record. > [2003/08/27 11:40:37, 0] > nmbd/nmbd_responserecordsdb.c:find_response_record(235) > find_response_record: response packet id 33097 received with no matching > record. > > > > Thanks in advance for any help or suggestions > > > Sam Waters > > ___ > > Samuel R. Waters [EMAIL PROTECTED] > System Administrator > Department of Computer Science(585)475-4934 > Rochester Institute of Technology > > ___ > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/
Re: [Samba] Samba-PDC Problem
On 05.08.2003 16:21 Uhr, "Todd Johnson" <[EMAIL PROTECTED]> wrote: > This is a small section of our networks smb.conf file. We are running > 2.2.8a with NIS and I want samba to emulate a PDC. I have ran down the > Unofficial HowTO on this but still come up with this problem. The > smb.conf file shows we want to use domain logins (domain logins = yes). > The bottom file shows what testparms spits out in the log and domain > logins = no in this case. Does anyone have any ideas where its picking > up the no? > > [global] > netbios name = eagle1 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > server string = BOA Samba > local master = yes > preferred master = yes > domain logons = yes > domain master = yes > workgroup = anc-smb > interfaces = *.*.*.* > logon home = /walrus/%U > log file = /var/log/samba-log.%m > log level = 2 > max log size = 50 > lock directory = /var/lock/samba > printcap name = /etc/printcap > security = user > wins support = yes > dns proxy = yes > os level = 99 > remote announce = *.*.*.* > deadtime = 15 > > Notice where domain logins = yes > > When I do a testparm to see our settings this is a brief section of the > report > > mangled stack = 50 > stat cache = Yes > domain admin group = > domain guest group = > machine password timeout = 604800 > add user script = > delete user script = > logon script = > logon path = \\%L\%Uprofile > logon drive = > logon home = /walrus/%U > domain logons = No > > If the smb.conf file says domain logons = yes then why is it picking it > up as domain logons = No? > > Thoughts? Are you trying to join a XP box or what OS? If it is XP, you have to change a registry key, go to xp-samba.linuxgod.net/Samba.php. Otherwise make sure you have a $ at the end of all machine trust accounts, and are you adding machine trust accounts into smbpasswd manually? Make sure to do smbpasswd -a -m machinename without the $, it will add it. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-PDC Problem
On Tue, 2003-08-05 at 13:21, Todd Johnson wrote: > This is a small section of our networks smb.conf file. We are running > 2.2.8a with NIS and I want samba to emulate a PDC. I have ran down the > Unofficial HowTO on this but still come up with this problem. The > smb.conf file shows we want to use domain logins (domain logins = yes). > The bottom file shows what testparms spits out in the log and domain > logins = no in this case. Does anyone have any ideas where its picking > up the no? > > [global] > netbios name = eagle1 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > server string = BOA Samba > local master = yes > preferred master = yes > domain logons = yes > domain master = yes > workgroup = anc-smb > interfaces = *.*.*.* > logon home = /walrus/%U > log file = /var/log/samba-log.%m > log level = 2 > max log size = 50 > lock directory = /var/lock/samba > printcap name = /etc/printcap > security = user > wins support = yes > dns proxy = yes > os level = 99 > remote announce = *.*.*.* > deadtime = 15 > > Notice where domain logins = yes > > When I do a testparm to see our settings this is a brief section of the > report > > mangled stack = 50 > stat cache = Yes > domain admin group = > domain guest group = > machine password timeout = 604800 > add user script = > delete user script = > logon script = > logon path = \\%L\%Uprofile > logon drive = > logon home = /walrus/%U > domain logons = No > > If the smb.conf file says domain logons = yes then why is it picking it > up as domain logons = No? > > Thoughts? > > -- > Thank you > TJ > _ > > Steven “Todd” Johnson > State of Alaska Dept. of Natural Resources > MicroComputer/Network Specialist > (907) 269-8831 > (907) 269-8920 FAX > [EMAIL PROTECTED] > _ > Are you using swat to do any configurations? I noticed when I use swat it always uses a capital after the = sign e.g. domain logons = Yes, No, but I always edit my smb.conf file and use lowercase letters i.e. domain logons = yes, no. Are you using swat to make any changes? Jon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC
Thanks, robowarp. I did not know that that particular Windows XP issue was addressed in Samba 3. However, as I said, the server is running Debian "Woody", which is Debian's "stable" branch. As I do not wish to run "unstable" packages, I am sticking with the Woody packaged version for this particular box, and the XP registry fixes seem to work just fine. Thanks, Mark. - Original Message - From: <[EMAIL PROTECTED]> To: "Mark Warner" <[EMAIL PROTECTED]> Sent: Friday, July 18, 2003 4:50 PM Subject: Re: [Samba] Samba PDC > youre so cool , but your winxp reg patch is not of need, > at samba 3 > greetz > > Greetings, > > This is my first post to this mailing list. I was recently put in > > charge > > of replacing the unstable, failing Windows 2000 Domain Controller on my > > company's network, since I'm the only "certified" (laugh here) one here. > > So, > > dreading the prospect of configuring a new Windows 2000 Active Directory > > server, I began to look at alternatives. Natually, Samba was presented to > > me > > as a viable alternative. Our company being run almost entirely on Open > > Source software, I thought this would likely work out quite nicely. > > Our network had 2 Windows 2000 Domain Controllers. One of them was > > almost exclusively a Domain Controller (read: no other function), so I > > thought that this would be the most ideal candidate for testing. That, and > > the fact that it was failing to the point of needing a reboot about every > > 3 > > hours. The other DC also functioned as a MS SQL 7 server for our only > > non-open source application, GoldMine; a sales and marketing application. > > So > > I demoted the ailing DC, removed it from the Directory, and powered it > > off. > > I let it sit for a few days, watching the load on the 2nd DC, making sure > > it > > could handle the added load while I was scrubbing the other server. Turns > > out that the "added load" of being the only DC consumed about 2% more > > resources. So I was good to go. > > After installing and configuring a basic Debian Woody system, I set > > out > > to learn just how Samba worked as a PDC. I found tons of documentation, > > which helped, but I never found a single sample config script that even > > began to work for me. I spent at least 2 weeks researching the project. > > The > > result was that I was successful in producing a stable, functional domain > > controller. That project ended on June 4th, and I migrated the rest of the > > network over the following evening. We have a mix of Windows 98 SE, > > Windows > > 2000, and Windows XP computers, most of which went smoothly. The Windows > > XP > > machines had to have some registry modifications made, which I will make a > > note of below. > > About 2 weeks after the project was completed, our Linux administrator > > advised me that I should post our config file onto this mailing list, in > > case anyone else was in need of a known working smb.conf for a domain > > controller. So, without further ado, here it is: > > > > [global] > > workgroup = DOMAIN > > netbios name = SERVER_NAME > > security = user > > encrypt passwords = Yes > > password server = PASSWORD_SERVER > > add user script = /usr/sbin/useradd -d /dev/null -g 100 -s > > /bin/false -M %u > > logon script = login.bat > > logon home = \\SERVER_NAME\%U > > logon drive = U: > > lm announce = yes > > lm interval = 120 > > remote announce = 192.168.0.0/24 > > domain logons = Yes > > os level = 99 > > domain master = yes > > enhanced browsing = true > > local master = yes > > preferred master = true > > wins support = yes > > name resolve order = wins lmhosts hosts bcast > > log file = /var/log/samba/log.%m > > domain admin group = root administrator > > invalid users = root > > > > [homes] > > comment = Home Directories > > browseable = yes > > read only = no > > create mask = 0755\ > > > > [netlogon] > > comment = Network Logon Service > > path = /usr/local/samba/netlogon > > guest ok = yes > > writable = no > > share modes = no > > > > That's it. Short and sweet. > > > > Here are the aforementioned Windows XP registry modifications: > > > > > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serv
Re: [Samba] samba pdc and nt server member
Luca Massarenti írta: I installed samba 2.2.8a as pdc on my red hat 8 linux box and I installed a 2000 server as a member of the samba domain. My 2000 server act as file server and uses samba users but cannot see samba group. How can I pass samba custom groups to miscosoft windows 2000 server? Thanks Luca Massarenti Group support in 2.2.8 is very-very limited, if you need real group support, please consider samba 3.0 beta3 Good Luck Geza Gemes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC and Passwords
Hi, > I have a dilemma here about the user accounts. > > We have all the accounts at a NIS server. My samba PDC is another > machine (different from the NIS server). What are my options for > managing the accounts? > > 1) Central management (LDAP) Yes > 2) Keep different password files (passwd/smbpasswd) Yes > Are there any different options?? Don't think so. > If I use the second option (2 - keep different password files), can I > sync the passwords from Unix to Samba and vice versa? Easily only vice versa. :-) In Details: unix crypt and windows crypt are different. But they are both one-way hashes. So if you want to change both passwords at the same time, you will have to get access to the clear text password to do the encryption. If someone changes his unix password the password is encrypted using unix crypt() on the client machine, then transfered to the NIS master (I think). So it is not possible to install anything central at the nis master. The other way works better: When you change a windows password, the new password (but not the old one) is somehow transfered in clear text to the server (maybe it gets somewhat encrypted for the transport, but the server finally gets the clear text password). Search the archive for my post about this (keyword would be passwdHK.dll). If you want to use the samba server as pdc, password changes via smbpasswd go there. You can use the smb.conf settings unix password sync = yes passwd chat = [...] passwd program = [...] to set the password on the unix side. BUT: samba calls the passwd program as root and expects to be able to change the user's password without knowing the old one. So normally the samba server has to run on the NIS master server. So if your nis master is != your samba server, write a script that can run on your samba server and that is able to change a user's unix password without knowing the old one. We have such a thing running to synchronize the windows password (from a W2K Server) to our NIS master. Hope that helps, Christopher -- == Dipl.-Ing. Christopher Odenbach HNI Rechnerbetrieb [EMAIL PROTECTED] Tel.: +49 5251 60 6215 == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc problem SOLVED
Guten Tag Jay Winks, JW> Is this the only way to solve that problem? dunno, maybe you find a better one? ;P actually its only the first settings you do not need to activate "do not check for user ownership of roaming profiles folders " -- Mit freundlichen Grüssen Yannick Koechlin mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba pdc problem SOLVED
Is this the only way to solve that problem? VR J -Original Message- From: Yannick Koechlin [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2003 9:41 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] samba pdc problem SOLVED Guten Tag Yannick Koechlin, (oh, thats me!) thanks to magnus: http://nic.phys.ethz.ch/readme/45 ---snip--- How to enable Windows XP to join the Samba Domain The following steps have to be done with an administrator or a member of the Administrators group. This steps must be done befor joining the Samba Domain: Start the Administrative Tools (Start / Settings / Control Panel / Administrative Tools). From there start the Local Security Policy. In the Local Security Policy open Local Policies and then Security Options. Disable the following entries: Domain member: Digitally encrypt or sign secure channel data (Always) Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Domain member: Require strong (Windows 2000 or later) session key In the Group Policy Editor (C:\windows\system32\gpedit.msc) enable the following entry: Computer Configuration\Administrative Templates\System\User Profiles\do not check for user ownership of roaming profiles folders Now Windows XP is ready to join the Samba Domain. - am Dienstag, 1. Juli 2003 um 14:00 schrieben Sie: YK> Guten Tag samba samba, YK> i installed a fresh winxp sp1. did the signorseal patch YK> and added the machine to the domain with my root account. YK> but i cant add a domain user to the xp box. YK> when i try to add an user (control planel -> users..) YK> it says something about cann not getting a trusted connection (its YK> in german, sorry...) YK> facts: YK> i have another client running fine. he can login. YK> all the user accounts and machine accounts exist on the samba server YK> any ideas? YK> thanks YK> -- YK> Mit freundlichen Grüssen YK> Yannick Koechlin YK> mailto:[EMAIL PROTECTED] -- Mit freundlichen Grüssen Yannick Koechlin mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc problem SOLVED
Guten Tag Yannick Koechlin, (oh, thats me!) thanks to magnus: http://nic.phys.ethz.ch/readme/45 ---snip--- How to enable Windows XP to join the Samba Domain The following steps have to be done with an administrator or a member of the Administrators group. This steps must be done befor joining the Samba Domain: Start the Administrative Tools (Start / Settings / Control Panel / Administrative Tools). From there start the Local Security Policy. In the Local Security Policy open Local Policies and then Security Options. Disable the following entries: Domain member: Digitally encrypt or sign secure channel data (Always) Domain member: Digitally encrypt secure channel data (when possible) Domain member: Digitally sign secure channel data (when possible) Domain member: Require strong (Windows 2000 or later) session key In the Group Policy Editor (C:\windows\system32\gpedit.msc) enable the following entry: Computer Configuration\Administrative Templates\System\User Profiles\do not check for user ownership of roaming profiles folders Now Windows XP is ready to join the Samba Domain. - am Dienstag, 1. Juli 2003 um 14:00 schrieben Sie: YK> Guten Tag samba samba, YK> i installed a fresh winxp sp1. did the signorseal patch YK> and added the machine to the domain with my root account. YK> but i cant add a domain user to the xp box. YK> when i try to add an user (control planel -> users..) YK> it says something about cann not getting a trusted connection (its in YK> german, sorry...) YK> facts: YK> i have another client running fine. he can login. YK> all the user accounts and machine accounts exist on the samba server YK> any ideas? YK> thanks YK> -- YK> Mit freundlichen Grüssen YK> Yannick Koechlin YK> mailto:[EMAIL PROTECTED] -- Mit freundlichen Grüssen Yannick Koechlin mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc problem
MS> Congratulations, that you came this far. MS> I have a swedish XP SP1(preinstalled from the factory). I can not MS> even add the computer to my domain. send me your config. here is mine: (its a bit bloated...) -- smb.conf [global] workgroup = ARTCORE netbios name = IGOR netbios aliases = config server programme encrypt passwords = Yes username map = /usr/local/etc/usermap.smb log file = /var/sambalog/sambalog.%m max log size = 50 time server = Yes domain logons = Yes os level = 128 preferred master = true domain master = true dns proxy = No wins support = Yes include = /usr/local/etc/smb.conf.%L security = user local master = yes admin users = root character set = ISO8859-15 client code page = 850 kernel oplocks = No guest account = nobody map to guest = Bad User log level = 2 # Optimiert die mit verschiedenen Optionen die # TCP/IP Verbindung. socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY logon script = map.bat logon path = \\server\profile [netlogon] comment = Network Logon Service path = /usr/home/profiles/netlogon writeable = No browseable = No ---EOF smb.conf.server [user_data] comment = %U's private dateien und programme path = /home/%u/smbshare read only = No [profile] comment = Profiles for w2k/winxp path = /home/profiles/%u browseable = No writeable = Yes # nt acl support = no # Zeigt den Ordner nur dem jeweiligen Benutzer # und vergibt auch nur ihm die Rechte dazu. create mask = 0700 directory mask = 0700 # Standardisiert die Sprache, das Tastatur- # Layout. character set = ISO8859-15 client code page = 850 EOF -- Mit freundlichen Grüssen Yannick Koechlin mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc problem
Yannick Koechlin wrote: Guten Tag samba samba, i installed a fresh winxp sp1. did the signorseal patch and added the machine to the domain with my root account. Congratulations, that you came this far. I have a swedish XP SP1(preinstalled from the factory). I can not even add the computer to my domain. /Magnus but i cant add a domain user to the xp box. when i try to add an user (control planel -> users..) it says something about cann not getting a trusted connection (its in german, sorry...) facts: i have another client running fine. he can login. all the user accounts and machine accounts exist on the samba server any ideas? thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA PDC
Am Sam, 2003-06-14 um 10.03 schrieb torsten müller: > Am Sam, 2003-06-14 um 02.13 schrieb Paulo Fonseca Jr.: > > Hi, > > > > I trying to configure my FreeBSD as a network PDC and when I'm running > > smbpasswd to add machine's name I retrieve the message: > > > > command: smbpasswd -m -a marcia$ or > > smbpasswd -m -a marcia > > > > fetch_ldap_pw: no ldap secret retrieve. > > ldap_connect_system: Failed to retrieve password for from secrets.tdb > Hi > You must run smbpasswd -w secret, to save the LDAP-Admin password for ^^ This is the Password for the LDAP-Admin!!! > Samba. > > Greteting from germany > Torsten > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA PDC
Am Sam, 2003-06-14 um 02.13 schrieb Paulo Fonseca Jr.: > Hi, > > I trying to configure my FreeBSD as a network PDC and when I'm running > smbpasswd to add machine's name I retrieve the message: > > command: smbpasswd -m -a marcia$ or > smbpasswd -m -a marcia > > fetch_ldap_pw: no ldap secret retrieve. > ldap_connect_system: Failed to retrieve password for from secrets.tdb Hi You must run smbpasswd -w secret, to save the LDAP-Admin password for Samba. Greteting from germany Torsten > > help! > > Paulo Fonseca Jr. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA PDC
On Fri, 13 Jun 2003, Paulo Fonseca Jr. wrote: > Hi, > > I trying to configure my FreeBSD as a network PDC and when I'm running > smbpasswd to add machine's name I retrieve the message: > > command: smbpasswd -m -a marcia$ or > smbpasswd -m -a marcia > > fetch_ldap_pw: no ldap secret retrieve. > ldap_connect_system: Failed to retrieve password for from secrets.tdb > > help! You need to store the LDAP manager password into secrets.tdb so that Samba can update the LDAP database. See man page for smbpasswd. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC & win2000
On Sun, 8 Jun 2003 16:07:32 +0200, Eddy Appels wrote > Hi, > > I've setup samba as a PDC i think ( followed the PDC-howto ), and > when i try to log in with my win2000 : > > My Computer -> Network Identification tab -> Properties -> Member of > : Domain ( smb.conf = WORKGROUP ), click on OK > > then i get Domain Username and Password ( i enter them and click ok ) > I get : > > Specified domain does not exist > > Is this my win2000 that gives the message or Samba ? > > This is my smb.conf : > > [global] > null passwords = no > log file = /var/log/samba/log.%m > loglevel = 2 > debug timestamp = yes > bind interfaces only = yes > max log size = 250 > interfaces = 10.0.0.0/255.0.0.0 > domain master = yes > add user script = /usr/sbin/adduser -g machines -c NTMachine -d > /dev/null -s /bin/false -n '%m$'delete user script = > /usr/sbin/userdel %m$locking = yesdomain logons = yes > preferred master = yesencrypt passwords = yespassword level > = 0logon path = \\PDC\profile\%Userverstring = Samba on %L > hosts allow = 10. localhostworkgroup = SERVICESsmb passwd > file = /etc/samba/smbpasswdlogon script = %U.batsocket > options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 > read raw = yeswrite raw = yesnetbios name = PDCload > printers = nolocal master = yessecurity = useros level = > 65oplocks = Truedeadtime = 1lock directory = /tmp/samba > > [netlogon] > allow hosts = 10. > max connections = 8 > comment = The domain logon service > path = /home/samba/scripts > browseable = no > > [profile] > comment = User profiles > path = /home/samba/profiles > create mode = 0600 > directory mode = 0700 > writeable = yes > browseable = no > > ?? > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba Your domain name is SERVICES according to your conf file. Change it toe services in your Win2000 box. Tom -- Internet Service Provided By Abyss Communications Internet Service only $10 a month 1-866-842-2977 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC + LDAP
Hello All,
I was successfully added the machine name and username using the smbldap
tool but My windows machine was unable to contact the domain server.
But when I add the same user using smbpasswd command it adds to ldap server
and now I was able to contact the domain server.
I don't want to do this because I have to add that user as machine user
also.
[EMAIL PROTECTED] sathi]# /usr/local/samba/bin/smbpasswd -a test
New SMB password:
Retype new SMB password:
User test does not exist in system password file (usually /etc/passwd).
Cannot add account without a valid local system user.
Failed to modify password entry for user test
[EMAIL PROTECTED] sbin]# /usr/sbin/useradd test
[EMAIL PROTECTED] sbin]# /usr/local/samba/bin/smbpasswd -a test
New SMB password:
Retype new SMB password:
ldap_connect_system: Binding to ldap server as "cn=Manager, dc=xxx, dc=com"
ldap_connect_system: Binding to ldap server as "cn=Manager, dc=xxx, dc=com"
Password changed for user test.
[EMAIL PROTECTED] sbin]#
Is it possible to add the user only in LDAP and authenticate the clients?
Regards,
Sathi
> Sathi schrieb:
>
> > # ./smbldap-useradd.pl -w test
> > ldapadd: update failed: uid=test$,ou=Computers,dc=xxx,dc=com
> > ldap_add: Object class violation (65)
> > additional info: no structural object class provided
> > ./smbldap-useradd.pl: error while adding posix account to machine test$
>
> It's not a bug, it's a feature. ;)
>
> Starting with OpenLDAP 2.1 (or 2.0 with schemacheck=on IIRC), every
> object must have exactly one structural class. If only auxiliary classes
> or more than one structural class are provided, OpenLDAP will refuse to
> create the desired object and shows the above error message.
>
> You should change your "smbldap_tools.pm" and add a structural object
> class that fits your needs. I have chosen to use the "device" object
> class for the domain computers:
>
> from smbldap_tools.pm:
>
> --- snip ---
>
> sub add_posix_machine
> {
> my ($user, $uid, $gid) = @_;
>
>
> my $tmpldif =
> "dn: uid=$user,$computersdn
> objectclass: top
> objectclass: device <- add this
> objectclass: posixAccount
> cn: $user
> uid: $user
> uidNumber: $uid
> gidNumber: $gid
> homeDirectory: /dev/null
> loginShell: /bin/false
> description: Computer
>
> --- snip ---
>
> and in "sub add_samba_machine_mkntpwd":
>
> --- snip ---
>
> "dn: uid=$user,$computersdn
> changetype: modify
> objectclass: top
> objectclass: device <- add this
> objectclass: posixAccount
> objectClass: sambaAccount
> pwdLastSet: 0
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> acctFlags: [W ]
> lmpassword: $lmpassword
> ntpassword: $ntpassword
> rid: $rid
> primaryGroupID: 0
>
> --- snip ---
>
>
> cu,
> Uwe
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc/roving profiles/encrypted passwords
On Sun, 1 Jun 2003, Tom McKellips wrote: > I've read that one and it is good. I also have come across another I believe > is worth reading also. When I read how-to it helps to get different views > from diffrent ones. But take a look at > http://www.mandrakeuser.org/docs/connect/csamba6.html It is also a very well > written doc. I was aware of the Mandrake documentation. Buchan Milne, who is most instrumental in keeping Mandrake documents up to date is also very active on the Samba mailing lists. Buchan and I have very minor philsophical differences, for the rest we share a common set of goals. I respect his continued efforts and his documentation. He deserves a big "thank-you" from all Mandrake users. What we are trying to achieve is a level of documentation that has had the maximum possible input from samba users, that addresses every area of need, and that will out-class all previous standards in comprehensiveness, accuracy and currency. We want Samba-3 to make a king hit! If there is anything at all that we have missed that should be in the HOWTO, or even little tips that you might have, then please share your information with us. Thanks for the feedback. - John T. > > > On Fri, 30 May 2003 22:34:37 + (GMT), John H Terpstra wrote > > On Fri, 30 May 2003, dan kador wrote: > > > > > It is my understanding that roving profiles cannot be implemented > > > without using encrypted passwords. It is also my understanding that > > > encrypted passwords cannot be implemented without pointing smb.conf to a > > > windows password server. > > > > Where did you get that understanding? It is not correct. > > > > 1) You do not need encrypted passwords for roaming profile support > > on MS Windows 9x/Me (so long as plain text passwords support is enabled. > > > > 2) Roaming profiles with MS Windows NT/200x/XP generally involves domain > > logon support and that requires domain membership. Domain > > membership requires encrypted passwords. > > > > 3) Samba does it's own encrypted password support > > > > Suggest you read: > > > > http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf > > > > > I'm trying to set up a samba server on a Linux (RedHat 7.3) to act as a > > > PDC and a provider for roving profiles - when I do things with cleartext > > > (encryption off), I can connect to drives and such fine from Windows > > > 2000 using the typical "net use \\server\share /user:myuser". However, > > > when I connect to the domain, it will not automatically load my profile. > > > I'm thinking it's because of the password encryption, but perhaps I'm > > > wrong. > > > > You need to get the Windows client to join the domain. That does require > > MS encrypted passwords support. > > > > > > > > If anybody can help, I'd be very appreciative! Thanks so much. > > > > Oh? No worries. > > > > - John T. > > -- > > John H Terpstra > > Email: [EMAIL PROTECTED] > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > -- > Internet Service Provided By Abyss Communications > Internet Service only $10 a month > 1-866-842-2977 > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc/roving profiles/encrypted passwords
I've read that one and it is good. I also have come across another I believe is worth reading also. When I read how-to it helps to get different views from diffrent ones. But take a look at http://www.mandrakeuser.org/docs/connect/csamba6.html It is also a very well written doc. On Fri, 30 May 2003 22:34:37 + (GMT), John H Terpstra wrote > On Fri, 30 May 2003, dan kador wrote: > > > It is my understanding that roving profiles cannot be implemented > > without using encrypted passwords. It is also my understanding that > > encrypted passwords cannot be implemented without pointing smb.conf to a > > windows password server. > > Where did you get that understanding? It is not correct. > > 1) You do not need encrypted passwords for roaming profile support > on MS Windows 9x/Me (so long as plain text passwords support is enabled. > > 2) Roaming profiles with MS Windows NT/200x/XP generally involves domain > logon support and that requires domain membership. Domain > membership requires encrypted passwords. > > 3) Samba does it's own encrypted password support > > Suggest you read: > > http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf > > > I'm trying to set up a samba server on a Linux (RedHat 7.3) to act as a > > PDC and a provider for roving profiles - when I do things with cleartext > > (encryption off), I can connect to drives and such fine from Windows > > 2000 using the typical "net use \\server\share /user:myuser". However, > > when I connect to the domain, it will not automatically load my profile. > > I'm thinking it's because of the password encryption, but perhaps I'm > > wrong. > > You need to get the Windows client to join the domain. That does require > MS encrypted passwords support. > > > > > If anybody can help, I'd be very appreciative! Thanks so much. > > Oh? No worries. > > - John T. > -- > John H Terpstra > Email: [EMAIL PROTECTED] > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- Internet Service Provided By Abyss Communications Internet Service only $10 a month 1-866-842-2977 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - LDAP - Roaming profiles - Win XP - OfflineFiles - Slow - High Load
On Sat, 31 May 2003, Daniel Zeiss wrote: > > >>On sambaXP many people spoke about the new Samba Howto. Which one is it? > > > > > > It is available in rapidly changing form from: > > > > http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf > > Thanks for the link, John! You're welcome. > > still my questions remain unanswered. Didnt find a new thing in the > HowTo Collection. Maybe, when you do find answers you could drop me a note with your findings so that this can be included in the HOWTO. I am sure other users will much appreciate your contribution. Thanks. - John T. > > High load at domain logon - how debug / reduce? > > And slow logon, how to increase speed? > > How does folder redirect without OfflineFiles sync work? > > > bye > Daniel > > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - LDAP - Roaming profiles - Win XP - OfflineFiles - Slow - High Load
On sambaXP many people spoke about the new Samba Howto. Which one is it? It is available in rapidly changing form from: http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf Thanks for the link, John! still my questions remain unanswered. Didnt find a new thing in the HowTo Collection. High load at domain logon - how debug / reduce? And slow logon, how to increase speed? How does folder redirect without OfflineFiles sync work? bye Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - LDAP - Roaming profiles - Win XP - OfflineFiles - Slow - High Load
On Sat, 31 May 2003, Daniel Zeiss wrote: > Dear All, > > my Samba installation (see below) is > > * _very slow_ during logon from a Win XP Workstation, > > * one Workstation produces a _high load_ of 97% on the server for ~10 > secs on a P4 2.4Ghz 512MB RAM system > > * makes it impossible to use _redirected folders_, because stupid > Offline Files and syncronisation kicks in. > > Can you help me? > > > Now to the _details_: > > I am running Samba 2.2.8a on a Debian Woody server (P4 2.4 Ghz, 512MB > RAM, IDE RAID) which uses OpenLDAP 2.0.23 as database backend. All on a > switched FastEthernet. > > User login (encrypted passwords), adding workstation to domain, normal > file sharing, getting Default Profile for new users, running logon > script works all great, but > > during login of a user to a Workstation the process is very slow. The > default profile which gets copied is just 8MB, so its not data transfer > which is slowing it down. > Also when a users logs in on the samba server the load rises to 97%. > This is just on a setup with one server and one workstation. I am > planning of deploying 60 clients which will apparently not work with > this setup. > > I have now clue on how to trace the problem. Can you help? > > Third problem is with the roaming profiles. The profiles itself work > great, just I wish to redirect the Personal folder. I read the HowTo on > the SambaDocuWebpage finding the UserShellFolder directive. I did a > NTConfig.POL file with poledit.exe setting this folder to > %LOGONSERVER%\%USERNAME% and also setting some permission stuff. > The file gets read because the permission stuff is done and the Personal > Folder is redirected to the users homedrive on the samba server, BUT > this activates the OfflineFiles mode of WinXP and WinXP tries to > syncronize the files on users logoff. > I found a way to prevent this by setting in some NetCache registry > values the "Enabled" switch to 0, so the syncronisation doesnt take > place but still the Personal Folder will carry the symbol of a folder > were syncronisation is enabled. Also WinXP seems to transfer constant > data with the samba server which increases network and cpu load. > > Is there a better way of doing it? > Is there a better way of doing policies than poledit.exe? > > On sambaXP many people spoke about the new Samba Howto. Which one is it? It is available in rapidly changing form from: http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf > Is it already released? Nope. It will be part of Samba-3 when it is released. - John T. > > Thank you in advance > > Daniel > > P.S.: Do I see it correctly that the GPO on a Win2000/XP ADS setup are > just specific NTConfig.POL files applied to a special workstation or > group of workstations? > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc/roving profiles/encrypted passwords
On Fri, 30 May 2003, dan kador wrote: > It is my understanding that roving profiles cannot be implemented > without using encrypted passwords. It is also my understanding that > encrypted passwords cannot be implemented without pointing smb.conf to a > windows password server. Where did you get that understanding? It is not correct. 1) You do not need encrypted passwords for roaming profile support on MS Windows 9x/Me (so long as plain text passwords support is enabled. 2) Roaming profiles with MS Windows NT/200x/XP generally involves domain logon support and that requires domain membership. Domain membership requires encrypted passwords. 3) Samba does it's own encrypted password support Suggest you read: http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf > I'm trying to set up a samba server on a Linux (RedHat 7.3) to act as a > PDC and a provider for roving profiles - when I do things with cleartext > (encryption off), I can connect to drives and such fine from Windows > 2000 using the typical "net use \\server\share /user:myuser". However, > when I connect to the domain, it will not automatically load my profile. > I'm thinking it's because of the password encryption, but perhaps I'm > wrong. You need to get the Windows client to join the domain. That does require MS encrypted passwords support. > > If anybody can help, I'd be very appreciative! Thanks so much. Oh? No worries. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc/roving profiles/encrypted passwords
I'm not sure that you must have encrypted passwords to implement roving profiles, but I am sure that you don't have to involve a Windows server to use encrypted passwords. Dan -- Original Message -- From: dan kador <[EMAIL PROTECTED]> Date: Fri, 30 May 2003 13:59:42 -0700 (PDT) >It is my understanding that roving profiles cannot be implemented without using >encrypted passwords. It is also my understanding that encrypted passwords cannot be >implemented without pointing smb.conf to a windows password server. > >I'm trying to set up a samba server on a Linux (RedHat 7.3) to act as a PDC and a >provider for roving profiles - when I do things with cleartext (encryption off), I >can connect to drives and such fine from Windows 2000 using the typical "net use >\\server\share /user:myuser". However, when I connect to the domain, it will not >automatically load my profile. I'm thinking it's because of the password encryption, >but perhaps I'm wrong. > >If anybody can help, I'd be very appreciative! Thanks so much. > > >- >Do you Yahoo!? >Free online calendar with sync to Outlook(TM). >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC and MMC - Problems changing password ofservices
On Sat, 2003-03-15 at 01:53, [EMAIL PROTECTED] wrote: > Hy, > > im using Samba as PDC. > When im logging into another W2K machine > with MMC an try to change the password > of a service, windows is bringing up the error: > "A device attached to the system is not functioning." This is the windows equiv of 'NT_STATUS_UNSUCCESSFUL' - about the most useless message we can possibly give :-) We will need to see what's being called, and you would be advised to try again with Samba 3.0 alpha or Samba HEAD > A strange thing is, that some people can change there password > from the client by using ctrl+alt+del "change password" and some > can't do. The error Message ist something like > "The original password is wrong". This is interesting - you should be able to get some idea from the debug logs - particularly of the 3.0 version. (At least I know what to look for in them :-) > I think it has something to do with rpc-call and there authentication, > but i'm absolutly not sure. Only the network and logfile traces will really tell you. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon?
I'm having a similiar problem on my 2.2.7 PDC. If my users are not listed in the domain admin group, then they have very restricted access to the windows registry when the login. Most of their programs will not work at all. I'm not sure at this point what the solution is. I want to see if there is a way to do something like add their DOMAIN user account to the LOCAL machines POWER USER group. I'm going to give it a shot in the morning. Do you have your /home issue fixed yet? I would be happy to help you with that if you are still having problems. If anyone has any ideas or suggestions about my registry permissions, let me know... Thanks, Jason N. On Tue, 2003-02-25 at 05:51, richard wrote: > Hi, Don't know if this is relevant but I read somewhere that including > below in [global] makes Samba do strange things? I believe this is a > "share" parameter? If this helps please post your results. > > profile acls = Yes > > Richard. > > On Tue, 2003-02-25 at 04:48, Nolan Garrett wrote: > > Hi all! First off, I'd like to thank you for the help you've previously > > given me. I'd like to state a few of the problems I am now experiencing, > > and you all can provide insight. I've read all the documentation I can find > > and have surfed the archives for this newsgroup, but to no avail. Any help > > would be greatly appreciated! > > > > (I am using SAMBA 2.2.7) > > > > Issue 1: If I don't have every user listed in the admin users = section that > > I want to allow logon access, they cannot log on. I usually get a domain > > unavailable error. > > > > Issue 2: If I don't set up each user account (w/ domain) on the WinXP > > machine I want to logon to, I get some kind of very, very limited logon. It > > almost seems to be corrupted. > > > > Issue 3: This is my main frustration - I cannot seem to block access to > > other peoples shares! EG user chrisg can access the nolan share, etc. > > > > Final Issue: Not a big problem, but I can't figure out how to set up the > > CUPS drivers for the pdf-generator. > > > > Is it a winbind problem, bad config, or am I just a moron? > > > > Attached is my smb.conf > > > > # Samba config file created using SWAT > > # from gridlock.workgroup.net (192.168.0.5) > > # Date: 2003/02/24 18:08:30 > > > > # Global parameters > > [global] > > netbios name = MAIN > > server string = Samba Server %v > > encrypt passwords = Yes > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password > > * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p > > asswd: *all*authentication*tokens*updated*succesfully* > > unix password sync = Yes > > log level = 1 > > log file = /var/log/samba/log.%m > > max log size = 50 > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU > > F=8192 SO_SNDBUF=8192 > > printcap name = cups > > domain admin group = @admins > > add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin > > /false -M %u > > logon script = %U.bat > > logon path = \\main\profiles\%U > > logon drive = Z: > > logon home = \\main\%U\.profile > > domain logons = Yes > > os level = 99 > > domain master = Yes > > dns proxy = No > > wins support = Yes > > winbind uid = 1-2 > > winbind gid = 1-2 > > ; valid users = ahayes root danielleg chrisg rickg nolan > > admin users = root nolan chrisg rickg danielleg alyssag > > printer admin = nolan root > > hosts allow = 192.168.0. 127. > > ; profile acls = Yes > > printing = cups > > > > [homes] > > comment = Home Directory for %u > > read only = No > > create mask = 0660 > > directory mask = 0770 > > browseable = No > > oplocks = No > > level2 oplocks = No > > > > [netlogon] > > comment = Network Logon Service > > path = /var/lib/samba/netlogon > > write list = root nolan > > > > [profiles] > > path = /var/lib/samba/profiles > > read only = No > > create mask = 0600 > > directory mask = 0700 > > guest ok = Yes > > browseable = No > > csc policy = disable > > > > [printers] > > comment = All Printers > > path = /var/spool/samba > > printer admin = root nolan > > guest ok = Yes > > printable = Yes > > browseable = No > > > > [print$] > > comment = Printer Drivers > > path = /etc/samba/drivers > > write list = root nolan > > > > [pdf-generator] > > comment = PDF Generator (only valid users!) > > path = /var/tmp > > printable = Yes > > print command = /usr/share/samba/scripts/print-pdf %s ~%u %L > > %u %m & > > > > [public] > > comment
Re: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon?
Hi, Don't know if this is relevant but I read somewhere that including below in [global] makes Samba do strange things? I believe this is a "share" parameter? If this helps please post your results. profile acls = Yes Richard. On Tue, 2003-02-25 at 04:48, Nolan Garrett wrote: > Hi all! First off, I'd like to thank you for the help you've previously > given me. I'd like to state a few of the problems I am now experiencing, > and you all can provide insight. I've read all the documentation I can find > and have surfed the archives for this newsgroup, but to no avail. Any help > would be greatly appreciated! > > (I am using SAMBA 2.2.7) > > Issue 1: If I don't have every user listed in the admin users = section that > I want to allow logon access, they cannot log on. I usually get a domain > unavailable error. > > Issue 2: If I don't set up each user account (w/ domain) on the WinXP > machine I want to logon to, I get some kind of very, very limited logon. It > almost seems to be corrupted. > > Issue 3: This is my main frustration - I cannot seem to block access to > other peoples shares! EG user chrisg can access the nolan share, etc. > > Final Issue: Not a big problem, but I can't figure out how to set up the > CUPS drivers for the pdf-generator. > > Is it a winbind problem, bad config, or am I just a moron? > > Attached is my smb.conf > > # Samba config file created using SWAT > # from gridlock.workgroup.net (192.168.0.5) > # Date: 2003/02/24 18:08:30 > > # Global parameters > [global] > netbios name = MAIN > server string = Samba Server %v > encrypt passwords = Yes > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password > * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p > asswd: *all*authentication*tokens*updated*succesfully* > unix password sync = Yes > log level = 1 > log file = /var/log/samba/log.%m > max log size = 50 > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU > F=8192 SO_SNDBUF=8192 > printcap name = cups > domain admin group = @admins > add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin > /false -M %u > logon script = %U.bat > logon path = \\main\profiles\%U > logon drive = Z: > logon home = \\main\%U\.profile > domain logons = Yes > os level = 99 > domain master = Yes > dns proxy = No > wins support = Yes > winbind uid = 1-2 > winbind gid = 1-2 > ; valid users = ahayes root danielleg chrisg rickg nolan > admin users = root nolan chrisg rickg danielleg alyssag > printer admin = nolan root > hosts allow = 192.168.0. 127. > ; profile acls = Yes > printing = cups > > [homes] > comment = Home Directory for %u > read only = No > create mask = 0660 > directory mask = 0770 > browseable = No > oplocks = No > level2 oplocks = No > > [netlogon] > comment = Network Logon Service > path = /var/lib/samba/netlogon > write list = root nolan > > [profiles] > path = /var/lib/samba/profiles > read only = No > create mask = 0600 > directory mask = 0700 > guest ok = Yes > browseable = No > csc policy = disable > > [printers] > comment = All Printers > path = /var/spool/samba > printer admin = root nolan > guest ok = Yes > printable = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /etc/samba/drivers > write list = root nolan > > [pdf-generator] > comment = PDF Generator (only valid users!) > path = /var/tmp > printable = Yes > print command = /usr/share/samba/scripts/print-pdf %s ~%u %L > %u %m & > > [public] > comment = Public > path = /home/samba/public > read only = No > guest ok = Yes > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon?
Rob Savage wrote: > Hey Nolan, > > I can easily give you an answer to I3 > >>Issue 3: This is my main frustration - I cannot seem to block access to >>other peoples shares! EG user chrisg can access the nolan share, etc. >> >> >>[homes] >>comment = Home Directory for %u >>read only = No >>create mask = 0660 >>directory mask = 0770 >>browseable = No >>oplocks = No >>level2 oplocks = No > > Try adding these: > > Valid users = %U > Path = /home/%u > Guest ok = No > --- > Have an excellent day, > > Rob Savage > AFAIK the special homes share needs %S instead of %U in valid users. I don't think it is necessary to specify path (or perhaps even invalid?). Samba will allways respect Unix permissions, so you can also set users home dir to 0700 to block access. Eirik Thorsnes -- Never let a computer know you're in a hurry. -Anonymous -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon?
Hey Nolan, I can easily give you an answer to I3 >Issue 3: This is my main frustration - I cannot seem to block access to >other peoples shares! EG user chrisg can access the nolan share, etc. > > >[homes] >comment = Home Directory for %u >read only = No >create mask = 0660 >directory mask = 0770 >browseable = No >oplocks = No >level2 oplocks = No Try adding these: Valid users = %U Path = /home/%u Guest ok = No --- Have an excellent day, Rob Savage -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nolan Garrett Sent: February 24, 2003 11:49 AM To: [EMAIL PROTECTED] Subject: [Samba] SAMBA PDC User Permissions, Admin Settings, and Logon? Hi all! First off, I'd like to thank you for the help you've previously given me. I'd like to state a few of the problems I am now experiencing, and you all can provide insight. I've read all the documentation I can find and have surfed the archives for this newsgroup, but to no avail. Any help would be greatly appreciated! (I am using SAMBA 2.2.7) Issue 1: If I don't have every user listed in the admin users = section that I want to allow logon access, they cannot log on. I usually get a domain unavailable error. Issue 2: If I don't set up each user account (w/ domain) on the WinXP machine I want to logon to, I get some kind of very, very limited logon. It almost seems to be corrupted. Issue 3: This is my main frustration - I cannot seem to block access to other peoples shares! EG user chrisg can access the nolan share, etc. Final Issue: Not a big problem, but I can't figure out how to set up the CUPS drivers for the pdf-generator. Is it a winbind problem, bad config, or am I just a moron? Attached is my smb.conf # Samba config file created using SWAT # from gridlock.workgroup.net (192.168.0.5) # Date: 2003/02/24 18:08:30 # Global parameters [global] netbios name = MAIN server string = Samba Server %v encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password * %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *p asswd: *all*authentication*tokens*updated*succesfully* unix password sync = Yes log level = 1 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBU F=8192 SO_SNDBUF=8192 printcap name = cups domain admin group = @admins add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin /false -M %u logon script = %U.bat logon path = \\main\profiles\%U logon drive = Z: logon home = \\main\%U\.profile domain logons = Yes os level = 99 domain master = Yes dns proxy = No wins support = Yes winbind uid = 1-2 winbind gid = 1-2 ; valid users = ahayes root danielleg chrisg rickg nolan admin users = root nolan chrisg rickg danielleg alyssag printer admin = nolan root hosts allow = 192.168.0. 127. ; profile acls = Yes printing = cups [homes] comment = Home Directory for %u read only = No create mask = 0660 directory mask = 0770 browseable = No oplocks = No level2 oplocks = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root nolan [profiles] path = /var/lib/samba/profiles read only = No create mask = 0600 directory mask = 0700 guest ok = Yes browseable = No csc policy = disable [printers] comment = All Printers path = /var/spool/samba printer admin = root nolan guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /etc/samba/drivers write list = root nolan [pdf-generator] comment = PDF Generator (only valid users!) path = /var/tmp printable = Yes print command = /usr/share/samba/scripts/print-pdf %s ~%u %L %u %m & [public] comment = Public path = /home/samba/public read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC + Win XP Pro
On 2003.02.22 10:11 STI wrote: Hello, Where can I find a good HowTo to configure a Samba PDC and a Win XP Pro Client. http://hr.uoregon.edu/davidrl/samba.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC shared applications and a default start menuprofile
If I understand your question correctly, the short answer is no. Windows programs need to be installed in order for the drivers, fonts and registry settings associated with that program to be correct. As a test, share the hard drive on one computer. Create an icon on another computer pointing to a program on the shared computer and try to run the program. It's no fun. I hope this helps. Kevin S. Brackett ([EMAIL PROTECTED]) wrote*: > >I have a network of Windows XP desktops, and a Samba PDC server, in an >ideal world i'd like to have single installations of applications on a >samba shared device, and also if possible a default start menu profile >with the applications already added... is such a setup possible? Right now >I'm using roaming profiles... (I think?) If it's possible could some smb.conf >examples or urls pointing to a head start be provided, that would be very >much appreciated.. > >- kevin > >PS, CC: me directly because i'm not subscribed to this list. Thanks :) > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - XP login problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 7 Feb 2003, Alecsandru CHIROSCA wrote: > [2003/02/07 11:12:04, 2] rpc_parse/parse_samr.c:samr_io_userinfo_ctr(5824) > samr_io_userinfo_ctr: unknown switch level 0x1a > [2003/02/07 11:12:04, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(672) > api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. > [2003/02/07 11:12:04, 0] rpc_server/srv_pipe.c:api_rpcTNP(1215) api_rpcTNP: > api_samr_rpc: SAMR_SET_USERINFO failed. > [2003/02/07 11:12:04, 2] smbd/connection.c:utmp_yield(785) utmp_yield: > lp_utmp() NULL > [2003/02/07 11:12:04, 2] smbd/server.c:exit_server(440) Closing connections > > What is the 0x1a swich? Samba is compiled from souces and is working > perfectly with Win98 clients. I can see, mount, work on the shares from > any client (98 or XP) but no domain under XP. The XP client has the > signorseal patch applied and the encryption options (LocalPolicy) > disabled - this is what I could find on the list / howto. The 0x1a is an unknown info level. The client should back down to a lower one that we can decode. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+S9R9IR7qMdg1EfYRAuW6AJ9j6n16WeXhabA2YTqspF/OsdxftACbBvft sJYpWVAmVGUrJNr6NpLhXsg= =qBKp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC, admin user rights
you have to put in the domain admin group / the domain admin user into the local admin group, this will help. William Cooper schrieb: Hello there, I'm trying to setup my samba server as my local PDC, everything seems to be going smooth apart from when I logon as user 'will' who is listed as a admin user (admin users = will in smb.conf), but when I logon to my domain, I am unable to sync the client's time with the server. It seems that I have no admin privileges at all. Clients are Windows 2000 professional SP 3, and the server is FreeBSD 4.7-STABLE running Samba 2.2.7a. Thank you in advance. Regards William Cooper -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc smbpasswd error
[EMAIL PROTECTED] writes: >On Mon, 27 Jan 2003, Kyle Loree wrote: > >> I have gotten samba to allow an xp client to logon to the domain server >> before, my problem now is doing exactly that on a different machine. >> I can browse files, but I get an access is denied error upon join. >> >> [2003/01/27 10:46:21, 0] >> >/SourceCache/samba/samba-21/source/rpc_server/srv_samr.c:api_samr_set_userinfo(670) >> api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. > >The XP client tries an info level that we don't get right. It then backs >down to a different infor levelf for the set_userinfo call. You can >mostly ignore this error. I need to be able to bind to the domain and I have done it before with the same xp machine. You are closer than you think! with sp1 I didn't have to install the signorseal patch either. just change the local security policies. > > >> [2003/01/27 10:46:21, 2] >> >/SourceCache/samba/samba-21/source/passdb/pdb_smbpasswd.c:startsmbfilepwent(170) >> startsmbfilepwent_internal: unable to open file >/var/db/samba/smbpasswd. >> Error was Permission denied > >Are you connected as root? I am connected as admin, on mac 0s x server root cannot connect bad pass or user > >> [2003/01/27 10:46:21, 0] >> >/SourceCache/samba/samba-21/source/passdb/pdb_smbpasswd.c:pdb_getsampwrid(1416) >> unable to open passdb database. The server is running at root level, and changes the chmod on smbpasswd every connect attempt. I either find a way to force samba to believe that admin is root or i need to wipe the system and reinstall. not a favorable option. Kyle Loree Rendek Communications [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba pdc smbpasswd error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 27 Jan 2003, Kyle Loree wrote: > I have gotten samba to allow an xp client to logon to the domain server > before, my problem now is doing exactly that on a different machine. > I can browse files, but I get an access is denied error upon join. > > [2003/01/27 10:46:21, 0] > /SourceCache/samba/samba-21/source/rpc_server/srv_samr.c:api_samr_set_userinfo(670) > api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. The XP client tries an info level that we don't get right. It then backs down to a different infor levelf for the set_userinfo call. You can mostly ignore this error. > [2003/01/27 10:46:21, 2] > /SourceCache/samba/samba-21/source/passdb/pdb_smbpasswd.c:startsmbfilepwent(170) > startsmbfilepwent_internal: unable to open file /var/db/samba/smbpasswd. > Error was Permission denied Are you connected as root? > [2003/01/27 10:46:21, 0] > /SourceCache/samba/samba-21/source/passdb/pdb_smbpasswd.c:pdb_getsampwrid(1416) > unable to open passdb database. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2 "SAMS Teach Yourself Samba in 24 Hours" 2ed "You can never go home again, Oatman, but I guess you can shop there." --John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+NZ11IR7qMdg1EfYRAh4iAKCioQvm19NF+SkYY1u8/WSXnUD2NACgvhzs tJealzWRBCwGwvmVGUHtn9Q= =FFpJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC+LDAP on FreeBSD
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 22 Jan 2003, Ronan Waide wrote:
> On January 22, [EMAIL PROTECTED] said:
> > i made some minor changes to the migrationtools to work properly. (some
> > atrribute types are spelled wrong)
>
> What changes? Seems like it might be worthwhile telling the people on
> this list, if not the people at padl, about the errors.
>
if you set EXTENDED_SCHEMA=1 in migrate_common.ph
you will get some attribute conflicts and some missed attributes..
okay, here is a short diff of the affected file:
- -->
- --- MigrationTools-44/migrate_passwd.pl Sat Jul 6 23:06:45 2002
+++ MigrationTools-44_mod/migrate_passwd.pl Tue Dec 17 17:47:12 2002
@@ -122,19 +122,20 @@
if ($DEFAULT_MAIL_HOST) {
print $HANDLE "mailRoutingAddress:
$user\@$DEFAULT_MAIL_HOST\n";
print $HANDLE "mailHost: $DEFAULT_MAIL_HOST\n";
- - print $HANDLE "objectClass: mailRecipient\n";
+# print $HANDLE "objectClass: mailRecipient\n";
}
print $HANDLE "objectClass: person\n";
print $HANDLE "objectClass: organizationalPerson\n";
print $HANDLE "objectClass: inetOrgPerson\n";
}
- - print $HANDLE "objectClass: account\n";
+# print $HANDLE "objectClass: account\n";
+ print $HANDLE "objectClass: inetLocalMailRecipient\n";
print $HANDLE "objectClass: posixAccount\n";
print $HANDLE "objectClass: top\n";
if ($DEFAULT_REALM) {
- - print $HANDLE "objectClass: kerberosSecurityObject\n";
+ print $HANDLE "objectClass: krb5Principal\n";
}
if ($shadowUsers{$user} ne "") {
@@ -144,7 +145,7 @@
}
if ($DEFAULT_REALM) {
- - print $HANDLE "krbName: $user\@$DEFAULT_REALM\n";
+ print $HANDLE "krb5PrincipalName:
$user\@$DEFAULT_REALM\n";
}
if ($shell) {
<--
this works perfect for me, but i think it is only necessary if you want to
use EXTENDED_SCHEMA=1 (for integrating mail and kerberos information in
yous ldap-tree)
i will try to explain shortly whats wrong in the original.
hope i will remeber right..
1. you need 'objectClass: inetLocalMailRecipient' to use 'mailHost: ' and
'mailRoutingAddress: ' but this conflicts with 'objectClass: account' so
you must disable/comment out this line.
2. i searched the whole net for a schema file with 'objectClass:
kerberosSecurityObject' and 'krb5PrincipalName: ' in it, but i've found
exactly nothing!!
so decided to replace it with the krb5 stuff from krb5-kdc.schema.
you can see it in the diff above.
here is an example user-account out of my ldap-tree:
- -->
dn: uid=tuser,ou=People,dc=xxx,dc=yy
cn: Test User
telephoneNumber: +22(22)222-2
roomNumber: Test User Room
givenName: Test
sn: User
mail: [EMAIL PROTECTED]
mailRoutingAddress: [EMAIL PROTECTED]
mailHost: smtp.xxx.yy
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: inetLocalMailRecipient
objectClass: posixAccount
objectClass: top
objectClass: krb5Principal
objectClass: sambaAccount
userPassword: {crypt}XxXxXxXxXx
krb5PrincipalName: [EMAIL PROTECTED]
loginShell: /bin/csh
uidNumber: 12345
gidNumber: 1234
homeDirectory: /home/tuser
gecos: Test User for LDAP
uid: tuser
pwdLastSet: 9
logonTime: 0
logoffTime: 9
kickoffTime: 9
pwdCanChange: 0
pwdMustChange: 9
rid: 12345
primaryGroupID: 1234
homeDrive: H:
smbHome: \\SAMBA_SERVER\tuser
profilePath: \\SAMBA_SERVER\profiles\tuser
scriptPath: logon.bat
description: Test User
displayName: Test User
lmPassword:
ntPassword:
acctFlags: [U ]
<--
hope that helps a litlle bit.
joerg
btw. i used the Migrationtools version 44. i don't know if there is a
later version wich is already corrected.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+LpxgSPOsGF+KA+MRAoO1AJ40g3Y1O4gCtM7jjiwlmpPK/+i1swCdEoHW
eoGC9vsvxiSHUX2maRv/8hY=
=d+jm
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC+LDAP on FreeBSD
On January 22, [EMAIL PROTECTED] said: > i made some minor changes to the migrationtools to work properly. (some > atrribute types are spelled wrong) What changes? Seems like it might be worthwhile telling the people on this list, if not the people at padl, about the errors. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. "If at first you DO succeed, try not to look surprised" - someone @ mot.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC+LDAP on FreeBSD
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 22 Jan 2003, Ronan Waide wrote: > On January 22, [EMAIL PROTECTED] said: > > 1. What packages/ports do I need to install? Because most papers of LDAP > > online I could find mentioned little about Openssl. However, as I know, > > it's necessary for the option "ldap ssl = start_tls" in Samba . Also, I > > didn't find any ports of nss_ldap, but nss_ldap was mentioned by all > > samba+LDAP combination. What's wrong with that? nss_ladp didn't support > > FreeBSD? Without nss_ladp, can I still achieve my goal: Samba+ LDAP as PDC? > > FreeBSD doesn't support NSS, as I understand it. What the nss_* > modules do is act as lookup sources when the system needs to identify > a user, host, password, group, etc. So on a Linux system, for example, > you can instruct the system to first look in files (/etc/passwd, etc) > then try LDAP, and so on until a match is found or the sources are > exhausted. > > In the case of Samba, this facility is not strictly necessary; Samba's > requirement for working NSS support is solely so it can look up a Unix > account or Group to match the SMB account or group information. You > can get around this by either creating Unix accounts for all your > Samba users, or using one of the non-unix account backends (ldap_nua, > in your case). Note, as far as I know the _nua backends are only > available in Samba 3. > > > 2. Individual configuration/setting for every package. > > Tall order. Do you have a working LDAP setup already? You seem to have > a working Samba setup, so what you want is to migrate the information > in that into LDAP. I can't help you with that, since I've not done > it. I'd suggest browsing the mailing list archives. > > > 3. How to start every service? > > Again, a tall order. I'm not a FreeBSD user, so I can't really help > you on this. > hi, i've done here exactly what you want to do. all these things are a littly bit tricky of course of the lagging support for nss in FreeBSD. i've installed OpenLDAP-2.1.8 manually from source (NOT from ports!!!) samba is version 2.2.7 also from spurce (NOT from ports!!!) everything compiled perfectly and is running without problems. the only disadvantage is that OpenLDAP syslog support isn't working with FreeBSD. but i had no time to get deeper in it to find the problem. for migration of the old accounts (computer and user) i used the LDAP-Migrationtools from www.padl.com for this to work you need perl-ldap from the ports-tree. i made some minor changes to the migrationtools to work properly. (some atrribute types are spelled wrong) the main disadvatage for me is, that every user or computer in the ldap tree MUST have a entry in the system password database!!! also new is, that together with the ldap-backend every computer-account MUST have a unique UID. if you have computer-accounts sharing the same UID but a have different name (as i had) samba is looking up the computers name in the LDAP tree but only for normal operations it is done in this way. if you want to join a domain, it modifies the computer-account via the UID that is found for the computers-name. so if you have computer-accounts sharing the same UID, it modifies the first matching UID found, and didn't check if the name is correct or not. the first time this confused me a lot. also you have to generate the right 'rid' and 'primaryGroupID' for every account. this very important if you use the samba together with ldap. the next thing i found is, that variable substitution isn't working with ldap. if is set "smbHome: \\SAMBA_SERVER\%U" or "profilePath: \\SAMBA_SERVER\profiles\%U" the samba lookup returns exactly these values, without replacing the '%U' with the users name.. okay, thats all for the moment. i hope i didn't forget something important. if there are questions, feel free to ask. joerg -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+LpLASPOsGF+KA+MRAnGNAJ4yv/THt3r4ANfhzU395JQ4kmNixgCeJD2J sZoUNmTKC3M4oJ8y6NNY7+M= =YquR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC+LDAP on FreeBSD
On January 22, [EMAIL PROTECTED] said: > 1. What packages/ports do I need to install? Because most papers of LDAP > online I could find mentioned little about Openssl. However, as I know, > it's necessary for the option "ldap ssl = start_tls" in Samba . Also, I > didn't find any ports of nss_ldap, but nss_ldap was mentioned by all > samba+LDAP combination. What's wrong with that? nss_ladp didn't support > FreeBSD? Without nss_ladp, can I still achieve my goal: Samba+ LDAP as PDC? FreeBSD doesn't support NSS, as I understand it. What the nss_* modules do is act as lookup sources when the system needs to identify a user, host, password, group, etc. So on a Linux system, for example, you can instruct the system to first look in files (/etc/passwd, etc) then try LDAP, and so on until a match is found or the sources are exhausted. In the case of Samba, this facility is not strictly necessary; Samba's requirement for working NSS support is solely so it can look up a Unix account or Group to match the SMB account or group information. You can get around this by either creating Unix accounts for all your Samba users, or using one of the non-unix account backends (ldap_nua, in your case). Note, as far as I know the _nua backends are only available in Samba 3. > 2. Individual configuration/setting for every package. Tall order. Do you have a working LDAP setup already? You seem to have a working Samba setup, so what you want is to migrate the information in that into LDAP. I can't help you with that, since I've not done it. I'd suggest browsing the mailing list archives. > 3. How to start every service? Again, a tall order. I'm not a FreeBSD user, so I can't really help you on this. Cheers, Waider. -- [EMAIL PROTECTED] / Yes, it /is/ very personal of me. buzzard says, "If you are willing to put aside your kneejerk human speciesism, the AIs are perfectly sympathetically 'no worse' than humans." -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with windows XP
> Does Samba PDC work fine with Windows XP ??? In short: yes. > Can you give me an example of PDC config for client XP ?? I'am still using 2.2.5 with these configurables: domain logons = Yes preferred master = True wins support = Yes domain master = True [NETLOGON] comment = Logon drive path = /samba/netlogon read only = No writeable = No guest ok = No On the Windows XP it's nice to have clean profiles ( e.g. not been on other domains yet ). --- and this registry patch --- Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requiresignorseal"=dword: --- Goodluck, WL | Delft Hydraulics - http://www.wldelft.nl | | Systems Group | Leroy(dot)vanLogchem (at) wldelft(dot)nl | -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba pdc, Norton Ghost enterprise edition and joiningthe domain?
On Fri, 2003-01-03 at 20:35, Andrew Bartlett wrote: > On Thu, 2002-12-19 at 00:53, Lars O. Grobe wrote: > > Hi List. > > > > We have a Samba 3.0pre21 PDC set up here on our prim. fileserver. We use > > Windows 2000 SP2 on our PC clients. We install clients with system images > > from disk and than install applications from one central machine running > > Norton Ghost EE. > > > > Ghost has the functionality not only to install the software from the > > "console" on the ghost server, but it is also able to make the clients join > > the domain. So we would not have to go to the client, log in as admin and > > join the domain, but could make this part of our remote installation > > procedure. > > > > However, we have not been able to do this with our samba pdc. Is there > > anybody out there with a similar configuration and attempts to integrate > > Ghost into a Samba-controlled domain? Or are there other (better) ways to > > "remot-join" the domain? somehow i neglected to send my response to the list... > > I would love to see this kind of software work - and work well - with > Samba. It could certainly make some administration jobs much easier. > > Any chance you can do some digging and figure out how ghost is doing > it? Does it require that it be installed on the PDC, or can it run on > any server? (makes it much easier to sniff what's going on if it must > use the net :-) i already did the digging it works fine in my hands. here's the response i mentioned Lars: I'm using ghost to image our desktop systems - it works great... I have it running a syspreped XP image that joins a temporary workgroup on initial load then i apply a machine specific configuration with the AI packages for that particular user, the right computer name, and joins the domain. If you have no need to specify names of computers you could easily use the sysprep commands to join the domain during the client mini-setup. (each one gets a semi-random name) To get the ghost domain joining to work I had to hack the registry and put in a user and password with permission to do domain operations. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NGServer\params there should be two Reg_SZ values Account Password with the appropriate values... best wishes! (easier than the script i think) brad -- Bradley W. Langhorst <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba pdc, Norton Ghost enterprise edition and joiningthe domain?
On Thu, 2002-12-19 at 00:53, Lars O. Grobe wrote: > Hi List. > > We have a Samba 3.0pre21 PDC set up here on our prim. fileserver. We use > Windows 2000 SP2 on our PC clients. We install clients with system images > from disk and than install applications from one central machine running > Norton Ghost EE. > > Ghost has the functionality not only to install the software from the > "console" on the ghost server, but it is also able to make the clients join > the domain. So we would not have to go to the client, log in as admin and > join the domain, but could make this part of our remote installation > procedure. > > However, we have not been able to do this with our samba pdc. Is there > anybody out there with a similar configuration and attempts to integrate > Ghost into a Samba-controlled domain? Or are there other (better) ways to > "remot-join" the domain? I would love to see this kind of software work - and work well - with Samba. It could certainly make some administration jobs much easier. Any chance you can do some digging and figure out how ghost is doing it? Does it require that it be installed on the PDC, or can it run on any server? (makes it much easier to sniff what's going on if it must use the net :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [Samba] SAMBA PDC
On Mon, 23 Dec 2002, Kenneth Illingsworth wrote: > Thank you for replying. You are correct in that the version of SAMBA is 2.2.1 . Strongly suggest you update to samba-2.2.7a as there have been MANY fixes and updates since 2.2.1. You can obtain the RPM packages from the samba FTP sites. > > I was not aware of the WinXP_SignOrSeal.reg registry update. However, I am aware of >WinXP SP1 which has been applied. I suspect that the WinXP_SignOrSeal.reg registry >update is separate from SP1. I will attempt to obtain the registry update and apply >it to the XP workstation. > > Any direction you can give on this issue would be greatly appreciated. Attached. It can be found in all recent releases of samba in the docs/Registry directory. Send me your smb.conf file to <[EMAIL PROTECTED]> and I will try to help you. - John T. > > Here is an additional observation: From the SAMBA Troubleshooting Guide, I have >encountered the precise anomaly that I am experiencing: > > Symptom: It is possible to "ping" the HOST from the client (on port 7; the echo >port) but the client is unable to obtain the list of shares on HOST. [I can ping >either the IP addr or the NetBIOS name of the server from the workstation]. > > Cause:Traffic on one or more of the NetBIOS-over-TCP ports (137, 138, 139) >are blocked. To verify this, type one of the following commands: > > nbtstat -A 172.17.60.6 > > If this command shows a list of NetBIOS names, then port 137 is open. Otherwise, it >is blocked. [The COFR3 server is listed along with the COFRNY domain as shown in the >separate section below]. > > Resolution: Find the router, firewall, switch or other device that is blocking >ports 137-139 and reconfigure it. UDP traffic must be permitted on ports 137 and 138, >and TCP traffic must be permitted on port 139. [Since this Linux server is a Virtual >Machine, could this be interpreted as an issue with its TCP/IP configuration?]. > > I could not run a traceroute on the workstations NetBIOS name from the Linux server >as it was an unknown host. However, I was able to obtain the following using the >workstations leased IP address: > > traceroute to 172.16.4.251 (172.16.4.251), 30 hops max, 38 byte packets > 1 172.17.60.5 (172.17.60.5) 7.462 ms 0.812 ms 0.678 ms > 2 172.16.4.251 (172.16.4.251) 3.379 ms 23.449 ms 5.059 ms > > > > Here are the results of the nbstat command above: > > C:\>nbtstat -A 172.17.60.6 > > Local Area Connection: > Node IpAddress: [172.16.4.251] Scope Id: [] > >NetBIOS Remote Machine Name Table > >Name Type Status > - > COFR3 <00> UNIQUE Registered > COFR3 <03> UNIQUE Registered > COFR3 <20> UNIQUE Registered > ..__MSBROWSE__.<01> GROUP Registered > COFRNY <00> GROUP Registered > COFRNY <1B> UNIQUE Registered > COFRNY <1C> GROUP Registered > COFRNY <1D> UNIQUE Registered > COFRNY <1E> GROUP Registered > > MAC Address = 00-00-00-00-00-00 > > COFR3 is the NetBIOS name of the server, and COFRNY is the workgroup name that I am >trying to use to set up the domain. > > > > >>> John H Terpstra <[EMAIL PROTECTED]> 12/23/02 12:48PM >>> > Kenneth, > > You did not mention the samba version. Suspect you are using 2.2.x. > Did you apply the WinXP_SignOrSeal.reg registry update? > You will need to as XP defaults to this and samba-2.2.x does not support > it yet. > > - John T. > > > On Mon, 23 Dec 2002, Kenneth Illingsworth wrote: > > > I followed the procedure to configure SAMBA as a PDC as outlined in >samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is >COFRNY, and I expected a COFRNY.SID to be generated. However, MACHINE.SID was >generated instead. Furthermore, I cannot see the COFRNY domain listed within MS >Networks on my XP workstation. Any ideas on what I did wrong? > > > > Here is the procedure in detail: > > > > [global] > > workgroup = COFRNY > > domain logons = yes > > security = user > > os level = 34 > > local master = yes > > preferred master = yes > > domain master = yes > > > > > > For Windows NT clients you must also ensure that Samba is using encrypted >passwords: > > > > encrypted passwords = yes > > > > Furthermore, also exclusively for Windows NT clients, create Trust accounts which >allow a machine to log in to the PDC itself. Create a "dummy" account in the >/etc/passwd file with the following entry: > > > > city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null > > > > Note that we have also disabled the password field
Re: [Samba] SAMBA PDC
Thank you for replying. You are correct in that the version of SAMBA is 2.2.1 . I was not aware of the WinXP_SignOrSeal.reg registry update. However, I am aware of WinXP SP1 which has been applied. I suspect that the WinXP_SignOrSeal.reg registry update is separate from SP1. I will attempt to obtain the registry update and apply it to the XP workstation. Any direction you can give on this issue would be greatly appreciated. Here is an additional observation: From the SAMBA Troubleshooting Guide, I have encountered the precise anomaly that I am experiencing: Symptom:It is possible to "ping" the HOST from the client (on port 7; the echo port) but the client is unable to obtain the list of shares on HOST. [I can ping either the IP addr or the NetBIOS name of the server from the workstation]. Cause: Traffic on one or more of the NetBIOS-over-TCP ports (137, 138, 139) are blocked. To verify this, type one of the following commands: nbtstat -A 172.17.60.6 If this command shows a list of NetBIOS names, then port 137 is open. Otherwise, it is blocked. [The COFR3 server is listed along with the COFRNY domain as shown in the separate section below]. Resolution: Find the router, firewall, switch or other device that is blocking ports 137-139 and reconfigure it. UDP traffic must be permitted on ports 137 and 138, and TCP traffic must be permitted on port 139. [Since this Linux server is a Virtual Machine, could this be interpreted as an issue with its TCP/IP configuration?]. I could not run a traceroute on the workstations NetBIOS name from the Linux server as it was an unknown host. However, I was able to obtain the following using the workstations leased IP address: traceroute to 172.16.4.251 (172.16.4.251), 30 hops max, 38 byte packets 1 172.17.60.5 (172.17.60.5) 7.462 ms 0.812 ms 0.678 ms 2 172.16.4.251 (172.16.4.251) 3.379 ms 23.449 ms 5.059 ms Here are the results of the nbstat command above: C:\>nbtstat -A 172.17.60.6 Local Area Connection: Node IpAddress: [172.16.4.251] Scope Id: [] NetBIOS Remote Machine Name Table Name Type Status - COFR3 <00> UNIQUE Registered COFR3 <03> UNIQUE Registered COFR3 <20> UNIQUE Registered ..__MSBROWSE__.<01> GROUP Registered COFRNY <00> GROUP Registered COFRNY <1B> UNIQUE Registered COFRNY <1C> GROUP Registered COFRNY <1D> UNIQUE Registered COFRNY <1E> GROUP Registered MAC Address = 00-00-00-00-00-00 COFR3 is the NetBIOS name of the server, and COFRNY is the workgroup name that I am trying to use to set up the domain. >>> John H Terpstra <[EMAIL PROTECTED]> 12/23/02 12:48PM >>> Kenneth, You did not mention the samba version. Suspect you are using 2.2.x. Did you apply the WinXP_SignOrSeal.reg registry update? You will need to as XP defaults to this and samba-2.2.x does not support it yet. - John T. On Mon, 23 Dec 2002, Kenneth Illingsworth wrote: > I followed the procedure to configure SAMBA as a PDC as outlined in >samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is >COFRNY, and I expected a COFRNY.SID to be generated. However, MACHINE.SID was >generated instead. Furthermore, I cannot see the COFRNY domain listed within MS >Networks on my XP workstation. Any ideas on what I did wrong? > > Here is the procedure in detail: > > [global] > workgroup = COFRNY > domain logons = yes > security = user > os level = 34 > local master = yes > preferred master = yes > domain master = yes > > > For Windows NT clients you must also ensure that Samba is using encrypted passwords: > > encrypted passwords = yes > > Furthermore, also exclusively for Windows NT clients, create Trust accounts which >allow a machine to log in to the PDC itself. Create a "dummy" account in the >/etc/passwd file with the following entry: > > city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null > > Note that we have also disabled the password field by placing a * in it. This is >because Samba will use the smbpasswd file to contain the password instead, and we >don't want anyone to telnet into the machine using that account. Additionally, '1000' >is the UID of the account for the encrypted password database. > > Next, add the encrypted password using the smbpasswd command, as follows: > > # smbpasswd -a -m city-f5pfa29xta > Added user city-f5pfa29xta$ > Password changed for user city-f5pfa29xta$ > > The -m option specifies that a machine trust account is being generated. The >smbpasswd program wi
Re: [Samba] SAMBA PDC
Kenneth, You did not mention the samba version. Suspect you are using 2.2.x. Did you apply the WinXP_SignOrSeal.reg registry update? You will need to as XP defaults to this and samba-2.2.x does not support it yet. - John T. On Mon, 23 Dec 2002, Kenneth Illingsworth wrote: > I followed the procedure to configure SAMBA as a PDC as outlined in >samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is >COFRNY, and I expected a COFRNY.SID to be generated. However, MACHINE.SID was >generated instead. Furthermore, I cannot see the COFRNY domain listed within MS >Networks on my XP workstation. Any ideas on what I did wrong? > > Here is the procedure in detail: > > [global] > workgroup = COFRNY > domain logons = yes > security = user > os level = 34 > local master = yes > preferred master = yes > domain master = yes > > > For Windows NT clients you must also ensure that Samba is using encrypted passwords: > > encrypted passwords = yes > > Furthermore, also exclusively for Windows NT clients, create Trust accounts which >allow a machine to log in to the PDC itself. Create a "dummy" account in the >/etc/passwd file with the following entry: > > city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null > > Note that we have also disabled the password field by placing a * in it. This is >because Samba will use the smbpasswd file to contain the password instead, and we >don't want anyone to telnet into the machine using that account. Additionally, '1000' >is the UID of the account for the encrypted password database. > > Next, add the encrypted password using the smbpasswd command, as follows: > > # smbpasswd -a -m city-f5pfa29xta > Added user city-f5pfa29xta$ > Password changed for user city-f5pfa29xta$ > > The -m option specifies that a machine trust account is being generated. The >smbpasswd program will automatically set the initial encrypted password as the >NetBIOS name of the machine in lowercase letters. When specifying this option on the >command line, do not put a dollar sign after the machine name - it will be appended >automatically. Once the encrypted password has been added, Samba is ready to handle >domain logins from a NT client. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba pdc, Norton Ghost enterprise edition and joinin g the domain?
> You could try a batch file with > > NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER > MYCOMPUTER /JOINDOMAIN > > Then > > NETDOM /Domain:MYDOMAIN MEMBER MYCOMPUTER /JOINDOMAIN > > search microsoft.com for comand line join domain for more info. > > Bob Hi Bob! Thank you, we will try this. The problem is that we need a batch file to do this, wich must be copied to the client and contains username and password of an account with root permissions. This file will be deleted after successful completion, but it's not really nice to do these things... CU Lars. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba pdc, Norton Ghost enterprise edition and joining the domain?
Lars, You could try a batch file with NETDOM /Domain:MYDOMAIN /user:adminuser /password:apassword MEMBER MYCOMPUTER /JOINDOMAIN Then NETDOM /Domain:MYDOMAIN MEMBER MYCOMPUTER /JOINDOMAIN search microsoft.com for comand line join domain for more info. Bob -Original Message- From: Lars O. Grobe [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 18, 2002 7:53 AM To: [EMAIL PROTECTED] Subject: [Samba] Samba pdc, Norton Ghost enterprise edition and joining the domain? Hi List. We have a Samba 3.0pre21 PDC set up here on our prim. fileserver. We use Windows 2000 SP2 on our PC clients. We install clients with system images from disk and than install applications from one central machine running Norton Ghost EE. Ghost has the functionality not only to install the software from the "console" on the ghost server, but it is also able to make the clients join the domain. So we would not have to go to the client, log in as admin and join the domain, but could make this part of our remote installation procedure. However, we have not been able to do this with our samba pdc. Is there anybody out there with a similar configuration and attempts to integrate Ghost into a Samba-controlled domain? Or are there other (better) ways to "remot-join" the domain? Thank You, CU, Lars. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC profile issues with winxp and win9x
I am running Samba 2.2.7. (Resending this, John, because I failed to reply back to the list, properly.) Thanks! -Aaron McCaleb >On Wed, 11 Dec 2002 [EMAIL PROTECTED] wrote: > >Suggest you update to samba-2.2.7a if running a version earlier than >2.2.6. > >- John T. > >> OK, I've tried to "read the fine material" and have read more than one reference >and more than a few >> months worth of threads in the archives, but I am still stumped with this issue. >> >> When using logging on with Win9x, there is a profile error #4, and it complains >that it was not able to >open >> or create a file in the \\regmain\[username]\.profile\Cookies folder on login and >sign out. >> >> On Win XP, it says "The network name is no longer available" even when trying to >join the domain, or if >I >> manage to get a machine to join the domain, then while it is searching for the >server copy of the profile. >> I'm still fighting to get the errors consistent enough to track down further than >that, but that's where I >am, >> right now. >> >> I have profiles chmod to 1777, I have also tried creating the profile directories >by hand, or using the >"build >> profile" script, as noted in another source. I have made sure to chown to the >user, where appropriate. >> >> Here is my smb.conf: >> # Samba config file created using SWAT (But heavily tweaked from there) >> # from 0.0.0.0 (0.0.0.0) >> # Date: 2002/12/11 15:40:00 >> >> # Global parameters >> [global] >> ; Basic server settings >> workgroup = REEDNET >> netbios name = REGMAIN >> >> ; we should act as the domain and local master browser >> os level = 65 >> domain master = yes >> local master = yes >> preferred master = yes >> >> ; security settings (must use security = user [but it's the default] ) >> >> ; encrypted passwords are a requirement for a PDC >> encrypt passwords = yes >> >> ; support domain logons >> domain logons = yes >> >> ; where to store user profiles? >> logon path = \\%L\profiles\%U >> >> ; where is a user's home directory and where should it >> ; be mounted at? >> logon drive = x: >> logon home = \\%L\%U\.profile >> >> ; needed for win9x profiles >> preserve case = yes >> short preserve case = yes >> case sensitive = no >> >> ; specify a generic logon script for all users >> ; this is a relative **DOS** path to (from) the [netlogon] share >> logon script = logon.bat >> >> ; specific password (lack of) requirements for Reed Engineering Group >> min passwd length = 0 >> null passwords = yes >> >> passwd program = /usr/bin/passwd -u %u >> unix password sync = yes >> >> ; Logging options >> log level = 3 >> log file = /usr/local/samba/var/log.%m >> max log size = 50 >> >> ; Tuning options >> deadtime = 15 >> keepalive = 0 >> >> ; Special users and handlers >> domain admin group = root amccaleb >> message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s >> hide local users = no >> admin users = root amccaleb >> wins support = yes >> >> [homes] >> path = %H >> valid users = %S >> read only = no >> guest ok = no >> create mask = 0777 >> directory mask = 0777 >> browseable = yes >> level2 oplocks = yes >> dos filetimes = yes >> >> ; share for storing nt/2k/xp user profiles >> [profiles] >> path=/srv/profiles >> read only = no >> create mask = 0777 >> directory mask = 0777 >> nt acl support = no >> browseable = yes >> >> ; required for logon server >> [netlogon] >> path = /srv/netlogon >> read only = yes >> write list = root amccaleb >> >> > >-- >John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
John H Terpstra wrote: On Wed, 11 Dec 2002, ___cliff rayman___ wrote: John H Terpstra wrote: On Thu, 12 Dec 2002, Bradley W. Langhorst wrote: You might try to set a more DNS friendly domain name. ie: One without the '.' in it. Could be a problem. ok - i tried GENWAXTEST. didn't help. i also removed the netbios name and tried both at the same time. no luck. Are you using LDAP? If so, then you need to put all user and machine accounts into the LDAP database. nope - not using LDAP. thought about it, but i have little experience with it, and i did not want to move up on too many technology fronts at one time. the servers fully qualified name is MARS.GENWAX.TEST. test is like com or org or net. i use my own root names all the time for testing. Providing you are not using LDAP for Samba, use in smb.conf: workgroup = genwax netbios name = mars ok - is genwax.test not a good idea for some reason. are the dots restricted in win XP?? Also, first stop samba, the remove your secrets.tdb file. Also, remove the browse.dat (and if you have one, wins.dat), then restart samba, wait at least 5 minutes before you try to get your MS Windows client to join the domain. Also, I strongly recommend that you run Samba as your WINS server and set in the MS Windows Client TCP/IP config, the IP address of your samba server for the WINS primary _and_ secondary addresses. To enable WINS serving in samba in smb.conf [globals]: wins support = yes i think this was the key. as soon as i added this and modified the windows XP machine to point to it, the error message disappeared. Also, restart the MS Windows machine, and when you log on as the local administrator, do NOT try to browse the network before you join the domain. Additionally, I presume you already have a root account in your smbpasswd file. You will need to use the 'Administrator' account to join the domain, and give it the password you entered when you added 'root' to smbpasswd. Let's see how that goes. very well. thank you very much for the help. and thanks to everyone else who assisted on this project. i think the key was the wins server, although i followed serveral suggestions at the same time, i had tried them at various points previously. i believe giving the XP PRO box a wins server to look at, stopped it from trying to search for the info it needed. - John T. i'm leaving the rest of this post so that others who have the same trouble will find it and the solution in a single post. thanks again!! here are some excerps from the ms help files: snip - Error: This computer could not locate a domain controller for the Active Directory domain displayed in the error message because the Domain Name System (DNS) servers used by this computer for name resolution failed to look up the service (SRV) resource record. Cause: The DNS SRV resource record is not registered in DNS. snip - then: Active Directory uses Domain Name System (DNS) to locate domain controllers, enabling computers joining the network to obtain a domain controller, and then begin the process of network authentication. Computers joining an Active Directory domain must satisfy the following three DNS requirements: The computer must be configured with the IP address of a preferred DNS server. (OK - and DNS works fine) The _ldap._tcp.dc._msdcs.DNSDomainName service (SRV) resource record must exist in DNS. (NOPE-don't have this) snip then: set type=srv _ldap._tcp.dc._msdcs.example.microsoft.com Server: dc1.example.microsoft.com Address: 10.0.0.14 _ldap._tcp.dc._msdcs.example.microsoft.com SRV service location priority = 0 weight = 0 port = 389 svr hostname = dc1.example.microsoft.com _ldap._tcp.dc._msdcs.example.microsoft.com SRV service location priority = 0 weight = 0 port = 389 svr hostname = dc2.example.microsoft.com snip port 389 in my /etc/services file is ldap. i am not sure what is causing it to want to do ldap on my computer and not on anyone else's. the server is mars.genwax.test. the win XP pro SP1 client that i am trying to join to the domain is hpvec2.genwax.test. when i try to join it to the domain by either using the wizard or the change button, this is the only interaction with the server that i see via tcpdump: 22:38:00.439236 hpvec2.genwax.test.1064 > mars.genwax.test.domain: 16+ SRV ? _ldap._tcp.dc._msdcs.GENWAX.TEST. (50) 22:38:00.439664 mars.genwax.test.domain > hpvec2.genwax.test.1064: 16 NXDomain*- 0/1/0 (101) (DF) i need to get this solved, so let me know if there is anything else i can provi
Re: [Samba] samba PDC problems
On Thu, 2002-12-12 at 01:35, ___cliff rayman___ wrote: > snip - > Error: This computer could not locate a domain controller > for the > Active Directory domain displayed in the error message > because the > Domain Name System (DNS) servers used by this computer for > name > resolution failed to look up the service (SRV) resource > record. > Cause: The DNS SRV resource record is not registered in DNS. > port 389 in my /etc/services file is ldap. i am not sure what is > causing it to want > to do ldap on my computer and not on anyone else's. > AD uses ldap for its account db... Was this ever a part of an active directory domain? For some reason it seems like the XP thinks that the domain is an active directory domain... I think that srv record that it refers to is something special that ms does to dns. Is there an active directory domain somewhere else on the network? > i need to get this solved, so let me know if there is anything > else i can provide that will help. just keep working on it - we'll get it straightened out eventually. brad -- Bradley W. Langhorst <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Bradley W. Langhorst wrote: however in order to switch a computer from workgroup to domain mode you first need to leave the GENWAX.TEST workgroup join the "ICANTTHINKOFANAME" workgroup then join the GENWAX.TEST domain... I agree! I noticed this when migrating my W2K Server domain to Samba domain. On clients I had to 1) switch clients from DOMAIN to workgroup TEMPO, reboot 2) power off W2K Server 3) power on Samba PDC 4) Erase *all* profiles in C:\Document and Settings\ (excep Administrator and Default ) 5) switch clients from TEMPO to DOMAIN, reboot I think it is a Windows problem too. -- Jean-Paul ARGUDO -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Wed, 11 Dec 2002, ___cliff rayman___ wrote: > John H Terpstra wrote: > > On Thu, 12 Dec 2002, Bradley W. Langhorst wrote: > > You might try to set a more DNS friendly domain name. ie: One without the > '.' in it. Could be a problem. > > ok - i tried GENWAXTEST. didn't help. i also removed the netbios name and tried >both > at the same time. no luck. Are you using LDAP? If so, then you need to put all user and machine accounts into the LDAP database. > > the servers fully qualified name is MARS.GENWAX.TEST. > test is like com or org or net. i use my own root names all the > time for testing. Providing you are not using LDAP for Samba, use in smb.conf: workgroup = genwax netbios name = mars Also, first stop samba, the remove your secrets.tdb file. Also, remove the browse.dat (and if you have one, wins.dat), then restart samba, wait at least 5 minutes before you try to get your MS Windows client to join the domain. Also, I strongly recommend that you run Samba as your WINS server and set in the MS Windows Client TCP/IP config, the IP address of your samba server for the WINS primary _and_ secondary addresses. To enable WINS serving in samba in smb.conf [globals]: wins support = yes Also, restart the MS Windows machine, and when you log on as the local administrator, do NOT try to browse the network before you join the domain. Additionally, I presume you already have a root account in your smbpasswd file. You will need to use the 'Administrator' account to join the domain, and give it the password you entered when you added 'root' to smbpasswd. Let's see how that goes. - John T. > > here are some excerps from the ms help files: > snip - > Error: This computer could not locate a domain controller for the > Active Directory domain displayed in the error message because the > Domain Name System (DNS) servers used by this computer for name > resolution failed to look up the service (SRV) resource record. > Cause: The DNS SRV resource record is not registered in DNS. > snip - > > then: > Active Directory uses Domain Name System (DNS) to locate domain > controllers, enabling computers joining the network to obtain a > domain controller, and then begin the process of network > authentication. > Computers joining an Active Directory domain must satisfy the > following three DNS requirements: >The computer must be configured with the IP address of a preferred DNS >server. > (OK - and DNS works fine) > >The _ldap._tcp.dc._msdcs.DNSDomainName service (SRV) resource record must >exist > in DNS. (NOPE-don't have this) > snip > then: > set type=srv > _ldap._tcp.dc._msdcs.example.microsoft.com >Server: dc1.example.microsoft.com >Address: 10.0.0.14 > >_ldap._tcp.dc._msdcs.example.microsoft.com SRV service location > priority = 0 > weight = 0 > > port = 389 > svr hostname = dc1.example.microsoft.com >_ldap._tcp.dc._msdcs.example.microsoft.com SRV service location > priority = 0 > > weight = 0 > port = 389 > svr hostname = dc2.example.microsoft.com > snip > > port 389 in my /etc/services file is ldap. i am not sure what is causing it to want > to do ldap on my computer and not on anyone else's. > > the server is mars.genwax.test. the win XP pro SP1 client that i am trying to join >to > the domain is hpvec2.genwax.test. when i try to join it to the domain by either > using the wizard or the change button, this is the only interaction with the server > that i see via tcpdump: > > 22:38:00.439236 hpvec2.genwax.test.1064 > mars.genwax.test.domain: 16+ SRV ? >_ldap._tcp.dc._msdcs.GENWAX.TEST. (50) > 22:38:00.439664 mars.genwax.test.domain > hpvec2.genwax.test.1064: 16 NXDomain*- >0/1/0 (101) (DF) > > i need to get this solved, so let me know if there is anything > else i can provide that will help. > > cliff > > - John T. > > > > On Wed, 2002-12-11 at 23:03, ___cliff rayman___ wrote: > > > ok - did that. joined workgroup WORKGROUP. > rebooted (what else). > then attempted to change to domain GENWAX.TEST. > i received the same error message as previously. > > > > bummer - i thought that would be it. > i assume you get the welcome to WORKGROUP and > welcome to GENWAX.TEST message boxes after you change the machine props? > > > > # server name and group stuff > workgroup = genwax.test > netbios name = filesnew > > > i've never tried this - did you try logging in without the netbios name > param? > > Are your sure your clients are looking at the dns server you mentioned? > you might try putting the ip address i
Re: [Samba] samba PDC problems
thanks for the try sean, but that did not work either. Sean Roulet wrote: I found that opening it in a text editor and moving the Win2K computername entry that couldn't join up to below the root user. (include all unix and windows hash.) -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Thu, 12 Dec 2002, Bradley W. Langhorst wrote: You might try to set a more DNS friendly domain name. ie: One without the '.' in it. Could be a problem. - John T. > On Wed, 2002-12-11 at 23:03, ___cliff rayman___ wrote: > > > > > ok - did that. joined workgroup WORKGROUP. > > rebooted (what else). > > then attempted to change to domain GENWAX.TEST. > > i received the same error message as previously. > > > bummer - i thought that would be it. > i assume you get the welcome to WORKGROUP and > welcome to GENWAX.TEST message boxes after you change the machine props? > > > >># server name and group stuff > > >> workgroup = genwax.test > > >> netbios name = filesnew > > i've never tried this - did you try logging in without the netbios name > param? > > Are your sure your clients are looking at the dns server you mentioned? > you might try putting the ip address into the hosts file on the pro > machine.. > > brad > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Wed, 2002-12-11 at 23:03, ___cliff rayman___ wrote: > > > ok - did that. joined workgroup WORKGROUP. > rebooted (what else). > then attempted to change to domain GENWAX.TEST. > i received the same error message as previously. > bummer - i thought that would be it. i assume you get the welcome to WORKGROUP and welcome to GENWAX.TEST message boxes after you change the machine props? > >># server name and group stuff > >>workgroup = genwax.test > >>netbios name = filesnew i've never tried this - did you try logging in without the netbios name param? Are your sure your clients are looking at the dns server you mentioned? you might try putting the ip address into the hosts file on the pro machine.. brad -- Bradley W. Langhorst <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Thu, 12 Dec 2002, Sean Roulet wrote:
> Hi Cliff,
>
> I don't know if this will work, but short of the DNS error, you seem to be
> having a problem that I encoutered some time ago, (I used to get a "user
> does not exist" error) and I fixed it as follows.
>
> The smbpasswd file contains the usernames and computers.
>
> I found that opening it in a text editor and moving the Win2K computername
> entry that couldn't join up to below the root user. (include all unix and
> windows hash.)
>
> Then I saved the file, and tried again. And it worked. I don't know why
> this is, but it seems that if computers are far down in the list, they
> aren't found by samba. (or windows times out, I don't know which).
I tried this with about 200 entries in the smbpasswd file and found it
made no difference. I suspect something else was spooking you. It would be
nice to know what!
- John T.
>
> Sean
>
> PS: I had posted a question about this to the list zonks ago, but got no
> answers.
>
>
>
> On 12/12/02 12:03 PM, "___cliff rayman___" <[EMAIL PROTECTED]> wrote:
>
> > hi bradley,
> >
> > first off - thanks for the help.
> >
> > Bradley W. Langhorst wrote:
> >
> >> I'm saying that your samba server may be correctly configured...
> >> however in order to switch a computer from workgroup to domain mode
> >> you first need to leave the GENWAX.TEST workgroup
> >> join the "ICANTTHINKOFANAME" workgroup
> >> then join the GENWAX.TEST domain...
> >>
> > ok - did that. joined workgroup WORKGROUP.
> > rebooted (what else).
> > then attempted to change to domain GENWAX.TEST.
> > i received the same error message as previously.
> >
> >>
> >> it's a windows problem.
> >>
> > that's an understatement.
> >
> >>
> >>
> >> brad
> >> On Wed, 2002-12-11 at 21:37, ___cliff rayman___ wrote:
> >>
> >>
> >>> Bradley W. Langhorst wrote:
> >>>
> >>>
> >>>
> On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote:
>
>
>
>
>
> > if i use the workgroup setting of GENWAX.TEST, then i can browse
> > the server, read and write files, and it seems to be working
> > fine. if i try to change to a domain setting of GENWAX.TEST, then
> > it fails with the DNS and SRV record message same as above but
> > with GENWAX.TEST in place of mydomain.
> >
> >
> >
> >
> you can't have the workgroup and the domain with the same name...
>
>
>
>
> >>> ok - but samba is setup as a primary domain controller.
> >>> there are NO other servers on the network, so there is
> >>> not a workgroup and a domain. i assume that all windows
> >>> 95/98/me and XP home clients are going to see the domain as
> >>> a workgroup, and that XP Pro/NT clients will see it as a
> >>> domain and logon accordingly. this is a test server. only
> >>> it, and two pc's are currently hooked to the network for
> >>> testing purposes. one pc has XP home, and calls GENWAX.TEST
> >>> a workgroup, and the other has XP pro. when i tell it to
> >>> connect to the GENWAX.TEST workgroup, it works fine, when
> >>> i tell it to connect as a domain, it fails with the DNS/SRV
> >>> message.
> >>>
> >>> here is a relative snipped from my smb.conf file:
> >>>
> >>> snip
> >>> [global]
> >>>
> >>> # samba build string
> >>> # ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man
> >>> --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient
> >>> && make
> >>>
> >>>
> >>> # server name and group stuff
> >>> workgroup = genwax.test
> >>> netbios name = filesnew
> >>> server string = files server TESTING ONLY
> >>> interfaces = 10.222.222.0/24 127.0.0.1/32
> >>> bind interfaces only = yes
> >>>
> >>> # passwords and domain logions
> >>> encrypt passwords = yes
> >>> unix password sync = true
> >>> pam password change = true
> >>> passwd chat = *password* %n\n*passwd* %n\n*successful*
> >>> domain logons = yes
> >>> domain master = yes
> >>> logon drive = Z:
> >>> logon home = \\%L\%u
> >>>logon path = \\%L\profile\%u
> >>> logon script=logon.bat
> >>> os level = 99
> >>> preferred master = yes
> >>> security = user
> >>> path = /home/%s/samba
> >>>
> >>> # logging directives
> >>> log file = /usr/local/samba/var/logs/%m
> >>> log level = 3
> >>>
> >>> # file and directory masks
> >>> create mask = 0660
> >>> directory mask = 0770
> >>>
> >>> #restrictions
> >>> dont descend = /proc,/dev,/etc
> >>> hosts allow = 10.222.222. 127.0
> >>> hide unreadable = yes
> >>> max smbd processes = 100
> >>> min print space = 1
> >>> # do not allow files with CLSID extensions to be open
> >>> veto files = /*.{*}/
> >>>
> >>>
> >>> # case sensitivity stuff
> >>> mangle case = no
> >>> case sensitive = no
> >>> default case = lower
> >>> preserve case = yes
> >>> short preserve case = yes
> >>> snip
> >>>
> >>> here is a snip from the relevant named file on the same server:
> >>> snip
> >>> venus IN A 10.222.222.2
> >>> marsIN
Re: [Samba] samba PDC problems
Hi Cliff,
I don't know if this will work, but short of the DNS error, you seem to be
having a problem that I encoutered some time ago, (I used to get a "user
does not exist" error) and I fixed it as follows.
The smbpasswd file contains the usernames and computers.
I found that opening it in a text editor and moving the Win2K computername
entry that couldn't join up to below the root user. (include all unix and
windows hash.)
Then I saved the file, and tried again. And it worked. I don't know why
this is, but it seems that if computers are far down in the list, they
aren't found by samba. (or windows times out, I don't know which).
Sean
PS: I had posted a question about this to the list zonks ago, but got no
answers.
On 12/12/02 12:03 PM, "___cliff rayman___" <[EMAIL PROTECTED]> wrote:
> hi bradley,
>
> first off - thanks for the help.
>
> Bradley W. Langhorst wrote:
>
>> I'm saying that your samba server may be correctly configured...
>> however in order to switch a computer from workgroup to domain mode
>> you first need to leave the GENWAX.TEST workgroup
>> join the "ICANTTHINKOFANAME" workgroup
>> then join the GENWAX.TEST domain...
>>
> ok - did that. joined workgroup WORKGROUP.
> rebooted (what else).
> then attempted to change to domain GENWAX.TEST.
> i received the same error message as previously.
>
>>
>> it's a windows problem.
>>
> that's an understatement.
>
>>
>>
>> brad
>> On Wed, 2002-12-11 at 21:37, ___cliff rayman___ wrote:
>>
>>
>>> Bradley W. Langhorst wrote:
>>>
>>>
>>>
On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote:
> if i use the workgroup setting of GENWAX.TEST, then i can browse
> the server, read and write files, and it seems to be working
> fine. if i try to change to a domain setting of GENWAX.TEST, then
> it fails with the DNS and SRV record message same as above but
> with GENWAX.TEST in place of mydomain.
>
>
>
>
you can't have the workgroup and the domain with the same name...
>>> ok - but samba is setup as a primary domain controller.
>>> there are NO other servers on the network, so there is
>>> not a workgroup and a domain. i assume that all windows
>>> 95/98/me and XP home clients are going to see the domain as
>>> a workgroup, and that XP Pro/NT clients will see it as a
>>> domain and logon accordingly. this is a test server. only
>>> it, and two pc's are currently hooked to the network for
>>> testing purposes. one pc has XP home, and calls GENWAX.TEST
>>> a workgroup, and the other has XP pro. when i tell it to
>>> connect to the GENWAX.TEST workgroup, it works fine, when
>>> i tell it to connect as a domain, it fails with the DNS/SRV
>>> message.
>>>
>>> here is a relative snipped from my smb.conf file:
>>>
>>> snip
>>> [global]
>>>
>>> # samba build string
>>> # ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man
>>> --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient
>>> && make
>>>
>>>
>>> # server name and group stuff
>>> workgroup = genwax.test
>>> netbios name = filesnew
>>> server string = files server TESTING ONLY
>>> interfaces = 10.222.222.0/24 127.0.0.1/32
>>> bind interfaces only = yes
>>>
>>> # passwords and domain logions
>>> encrypt passwords = yes
>>> unix password sync = true
>>> pam password change = true
>>> passwd chat = *password* %n\n*passwd* %n\n*successful*
>>> domain logons = yes
>>> domain master = yes
>>> logon drive = Z:
>>> logon home = \\%L\%u
>>>logon path = \\%L\profile\%u
>>> logon script=logon.bat
>>> os level = 99
>>> preferred master = yes
>>> security = user
>>> path = /home/%s/samba
>>>
>>> # logging directives
>>> log file = /usr/local/samba/var/logs/%m
>>> log level = 3
>>>
>>> # file and directory masks
>>> create mask = 0660
>>> directory mask = 0770
>>>
>>> #restrictions
>>> dont descend = /proc,/dev,/etc
>>> hosts allow = 10.222.222. 127.0
>>> hide unreadable = yes
>>> max smbd processes = 100
>>> min print space = 1
>>> # do not allow files with CLSID extensions to be open
>>> veto files = /*.{*}/
>>>
>>>
>>> # case sensitivity stuff
>>> mangle case = no
>>> case sensitive = no
>>> default case = lower
>>> preserve case = yes
>>> short preserve case = yes
>>> snip
>>>
>>> here is a snip from the relevant named file on the same server:
>>> snip
>>> venus IN A 10.222.222.2
>>> marsIN A 10.222.222.3
>>> filesnewIN A 10.222.222.3
>>> hpvec1 IN A 10.222.222.167
>>> hpvec2 IN A 10.222.222.168
>>> snip
>>>
>>> hpvec1 and hpvec2 are XP home and XP pro clients respectively
>>> venus is not running samba currently
>>>
>>> any help would be appreciated.
>>>
>>> --
>>> ___cliff [EMAIL PROTECTED]http://www.genwax.com/
>>>
>>>
Sean Roulet
Technology Ma
Re: [Samba] samba PDC problems
hi bradley,
first off - thanks for the help.
Bradley W. Langhorst wrote:
I'm saying that your samba server may be correctly configured...
however in order to switch a computer from workgroup to domain mode
you first need to leave the GENWAX.TEST workgroup
join the "ICANTTHINKOFANAME" workgroup
then join the GENWAX.TEST domain...
ok - did that. joined workgroup WORKGROUP.
rebooted (what else).
then attempted to change to domain GENWAX.TEST.
i received the same error message as previously.
it's a windows problem.
that's an understatement.
brad
On Wed, 2002-12-11 at 21:37, ___cliff rayman___ wrote:
Bradley W. Langhorst wrote:
On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote:
if i use the workgroup setting of GENWAX.TEST, then i can browse
the server, read and write files, and it seems to be working
fine. if i try to change to a domain setting of GENWAX.TEST, then
it fails with the DNS and SRV record message same as above but
with GENWAX.TEST in place of mydomain.
you can't have the workgroup and the domain with the same name...
ok - but samba is setup as a primary domain controller.
there are NO other servers on the network, so there is
not a workgroup and a domain. i assume that all windows
95/98/me and XP home clients are going to see the domain as
a workgroup, and that XP Pro/NT clients will see it as a
domain and logon accordingly. this is a test server. only
it, and two pc's are currently hooked to the network for
testing purposes. one pc has XP home, and calls GENWAX.TEST
a workgroup, and the other has XP pro. when i tell it to
connect to the GENWAX.TEST workgroup, it works fine, when
i tell it to connect as a domain, it fails with the DNS/SRV
message.
here is a relative snipped from my smb.conf file:
snip
[global]
# samba build string
# ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient && make
# server name and group stuff
workgroup = genwax.test
netbios name = filesnew
server string = files server TESTING ONLY
interfaces = 10.222.222.0/24 127.0.0.1/32
bind interfaces only = yes
# passwords and domain logions
encrypt passwords = yes
unix password sync = true
pam password change = true
passwd chat = *password* %n\n*passwd* %n\n*successful*
domain logons = yes
domain master = yes
logon drive = Z:
logon home = \\%L\%u
logon path = \\%L\profile\%u
logon script=logon.bat
os level = 99
preferred master = yes
security = user
path = /home/%s/samba
# logging directives
log file = /usr/local/samba/var/logs/%m
log level = 3
# file and directory masks
create mask = 0660
directory mask = 0770
#restrictions
dont descend = /proc,/dev,/etc
hosts allow = 10.222.222. 127.0
hide unreadable = yes
max smbd processes = 100
min print space = 1
# do not allow files with CLSID extensions to be open
veto files = /*.{*}/
# case sensitivity stuff
mangle case = no
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
snip
here is a snip from the relevant named file on the same server:
snip
venus IN A 10.222.222.2
marsIN A 10.222.222.3
filesnewIN A 10.222.222.3
hpvec1 IN A 10.222.222.167
hpvec2 IN A 10.222.222.168
snip
hpvec1 and hpvec2 are XP home and XP pro clients respectively
venus is not running samba currently
any help would be appreciated.
--
___cliff [EMAIL PROTECTED]http://www.genwax.com/
--
___cliff [EMAIL PROTECTED]http://www.genwax.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
I'm saying that your samba server may be correctly configured...
however in order to switch a computer from workgroup to domain mode
you first need to leave the GENWAX.TEST workgroup
join the "ICANTTHINKOFANAME" workgroup
then join the GENWAX.TEST domain...
it's a windows problem.
brad
On Wed, 2002-12-11 at 21:37, ___cliff rayman___ wrote:
> Bradley W. Langhorst wrote:
>
> >On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote:
> >
> >
> >
> >>if i use the workgroup setting of GENWAX.TEST, then i can browse
> >>the server, read and write files, and it seems to be working
> >>fine. if i try to change to a domain setting of GENWAX.TEST, then
> >>it fails with the DNS and SRV record message same as above but
> >>with GENWAX.TEST in place of mydomain.
> >>
> >>
> >you can't have the workgroup and the domain with the same name...
> >
> >
> ok - but samba is setup as a primary domain controller.
> there are NO other servers on the network, so there is
> not a workgroup and a domain. i assume that all windows
> 95/98/me and XP home clients are going to see the domain as
> a workgroup, and that XP Pro/NT clients will see it as a
> domain and logon accordingly. this is a test server. only
> it, and two pc's are currently hooked to the network for
> testing purposes. one pc has XP home, and calls GENWAX.TEST
> a workgroup, and the other has XP pro. when i tell it to
> connect to the GENWAX.TEST workgroup, it works fine, when
> i tell it to connect as a domain, it fails with the DNS/SRV
> message.
>
> here is a relative snipped from my smb.conf file:
>
> snip
> [global]
>
> # samba build string
> # ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man
>--with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient && make
>
>
> # server name and group stuff
> workgroup = genwax.test
> netbios name = filesnew
> server string = files server TESTING ONLY
> interfaces = 10.222.222.0/24 127.0.0.1/32
> bind interfaces only = yes
>
> # passwords and domain logions
> encrypt passwords = yes
> unix password sync = true
> pam password change = true
> passwd chat = *password* %n\n*passwd* %n\n*successful*
> domain logons = yes
> domain master = yes
> logon drive = Z:
> logon home = \\%L\%u
> logon path = \\%L\profile\%u
> logon script=logon.bat
> os level = 99
> preferred master = yes
> security = user
> path = /home/%s/samba
>
> # logging directives
> log file = /usr/local/samba/var/logs/%m
> log level = 3
>
> # file and directory masks
> create mask = 0660
> directory mask = 0770
>
> #restrictions
> dont descend = /proc,/dev,/etc
> hosts allow = 10.222.222. 127.0
> hide unreadable = yes
> max smbd processes = 100
> min print space = 1
> # do not allow files with CLSID extensions to be open
> veto files = /*.{*}/
>
>
> # case sensitivity stuff
> mangle case = no
> case sensitive = no
> default case = lower
> preserve case = yes
> short preserve case = yes
> snip
>
> here is a snip from the relevant named file on the same server:
> snip
> venus IN A 10.222.222.2
> marsIN A 10.222.222.3
> filesnewIN A 10.222.222.3
> hpvec1 IN A 10.222.222.167
> hpvec2 IN A 10.222.222.168
> snip
>
> hpvec1 and hpvec2 are XP home and XP pro clients respectively
> venus is not running samba currently
>
> any help would be appreciated.
>
> --
> ___cliff [EMAIL PROTECTED]http://www.genwax.com/
--
Bradley W. Langhorst <[EMAIL PROTECTED]>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Bradley W. Langhorst wrote:
On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote:
if i use the workgroup setting of GENWAX.TEST, then i can browse
the server, read and write files, and it seems to be working
fine. if i try to change to a domain setting of GENWAX.TEST, then
it fails with the DNS and SRV record message same as above but
with GENWAX.TEST in place of mydomain.
you can't have the workgroup and the domain with the same name...
ok - but samba is setup as a primary domain controller.
there are NO other servers on the network, so there is
not a workgroup and a domain. i assume that all windows
95/98/me and XP home clients are going to see the domain as
a workgroup, and that XP Pro/NT clients will see it as a
domain and logon accordingly. this is a test server. only
it, and two pc's are currently hooked to the network for
testing purposes. one pc has XP home, and calls GENWAX.TEST
a workgroup, and the other has XP pro. when i tell it to
connect to the GENWAX.TEST workgroup, it works fine, when
i tell it to connect as a domain, it fails with the DNS/SRV
message.
here is a relative snipped from my smb.conf file:
snip
[global]
# samba build string
# ./configure --prefix=/usr/local/samba_2.2.7 --mandir=/usr/local/man --with-smbmount --with-pam --with-pam_smbpass --with-ssl --with-libsmbclient && make
# server name and group stuff
workgroup = genwax.test
netbios name = filesnew
server string = files server TESTING ONLY
interfaces = 10.222.222.0/24 127.0.0.1/32
bind interfaces only = yes
# passwords and domain logions
encrypt passwords = yes
unix password sync = true
pam password change = true
passwd chat = *password* %n\n*passwd* %n\n*successful*
domain logons = yes
domain master = yes
logon drive = Z:
logon home = \\%L\%u
logon path = \\%L\profile\%u
logon script=logon.bat
os level = 99
preferred master = yes
security = user
path = /home/%s/samba
# logging directives
log file = /usr/local/samba/var/logs/%m
log level = 3
# file and directory masks
create mask = 0660
directory mask = 0770
#restrictions
dont descend = /proc,/dev,/etc
hosts allow = 10.222.222. 127.0
hide unreadable = yes
max smbd processes = 100
min print space = 1
# do not allow files with CLSID extensions to be open
veto files = /*.{*}/
# case sensitivity stuff
mangle case = no
case sensitive = no
default case = lower
preserve case = yes
short preserve case = yes
snip
here is a snip from the relevant named file on the same server:
snip
venus IN A 10.222.222.2
marsIN A 10.222.222.3
filesnewIN A 10.222.222.3
hpvec1 IN A 10.222.222.167
hpvec2 IN A 10.222.222.168
snip
hpvec1 and hpvec2 are XP home and XP pro clients respectively
venus is not running samba currently
any help would be appreciated.
--
___cliff [EMAIL PROTECTED]http://www.genwax.com/
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Wed, 2002-12-11 at 20:24, ___cliff rayman___ wrote: > > if i use the workgroup setting of GENWAX.TEST, then i can browse > the server, read and write files, and it seems to be working > fine. if i try to change to a domain setting of GENWAX.TEST, then > it fails with the DNS and SRV record message same as above but > with GENWAX.TEST in place of mydomain. ah you can't have the workgroup and the domain with the same name... best wishes! brad -- Bradley W. Langhorst <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
Bradley W. Langhorst wrote: On Wed, 2002-12-11 at 17:51, ___cliff rayman___ wrote: hi tim, i am having the same problem. i can use XP and samba 2.2.7 in a workgroup environment, and everything works fine. when i try and join the XP workstation as a domain, i get the same message as you do. i read up on creating a SRV record via bind, which seems easy enough, but i am not sure what prog s/b running on the other end of that service, and how it should be configured. i hope someone with some deep know how understands the problem and what to do here. cliff Tim Nichol wrote: Hi all, I am having trouble setting up samba to act as a PDC. I am fairly new to red hat \ linux, and have just installed RH 7.3 running the default configuration. I updated \ samba to 2.2.7 using the online updating feature and followed a step by step tutorial \ to configure samba to become a PDC. When i try to connect to the domain with windows XP pro, it displays the message "a \ domain controller for the domain mydomain can not be located" when i choose details it says The error was: "DNS request not supported by name server." (error code 0x232C RCODE_NOT_IMPLEMENTED) The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain out without a solution. Please help! I've not seen this problem before... can you browse to the server using it's hostname (not ip address)? on the XP box: Control Panel -> System -> Computer Name -> Change... if i use the workgroup setting of GENWAX.TEST, then i can browse the server, read and write files, and it seems to be working fine. if i try to change to a domain setting of GENWAX.TEST, then it fails with the DNS and SRV record message same as above but with GENWAX.TEST in place of mydomain. -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
On Wed, 2002-12-11 at 17:51, ___cliff rayman___ wrote: > hi tim, > > i am having the same problem. i can use XP and samba 2.2.7 in a workgroup > environment, and everything works fine. when i try and join the XP > workstation > as a domain, i get the same message as you do. > > i read up on creating a SRV record via bind, which seems easy > enough, but i am not sure what prog s/b running on the other end of that > service, and how it should be configured. > > i hope someone with some deep know how understands the problem and what > to do here. > cliff > > Tim Nichol wrote: > > >Hi all, > > > >I am having trouble setting up samba to act as a PDC. I am fairly new to red hat \ > >linux, and have just installed RH 7.3 running the default configuration. I updated >\ > >samba to 2.2.7 using the online updating feature and followed a step by step >tutorial \ > >to configure samba to become a PDC. > > > >When i try to connect to the domain with windows XP pro, it displays the message "a >\ > >domain controller for the domain mydomain can not be located" > > > >when i choose details it says > > > >The error was: "DNS request not supported by name server." > >(error code 0x232C RCODE_NOT_IMPLEMENTED) > > > >The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain > > > > > >The network is simple, one windows XP pro machine with IP 192.168.1.6 and one RH >7.3 \ > >linux machine with IP 192.168.1.5. Connections are working because both machines \ > >succuessfully ping each other. > > > > > >I ran testparm with no errors and have verified the samba server is running >properly \ > >with "smbclient //mymachine/user -U user -W mydomain" > > > >I downloaded and ran the SignOrSeal reg patch for XP, and also disabled the "Domain >\ > >member: Digitally encrypt or sign secure channel data (always)" option in the local >\ > >security. > > > >I have triple checked the tutorial guide with my config file, and have manually \ > >created the required accounts > > > >What could be the problem? I have seen other people on this list with the same \ > >problem, but the threads seem to die out without a solution. Please help! I've not seen this problem before... can you browse to the server using it's hostname (not ip address)? brad > > Bradley W. Langhorst <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC profile issues with winxp and win9x
On Wed, 11 Dec 2002 [EMAIL PROTECTED] wrote: Suggest you update to samba-2.2.7a if running a version earlier than 2.2.6. - John T. > OK, I've tried to "read the fine material" and have read more than one reference and >more than a few > months worth of threads in the archives, but I am still stumped with this issue. > > When using logging on with Win9x, there is a profile error #4, and it complains that >it was not able to open > or create a file in the \\regmain\[username]\.profile\Cookies folder on login and >sign out. > > On Win XP, it says "The network name is no longer available" even when trying to >join the domain, or if I > manage to get a machine to join the domain, then while it is searching for the >server copy of the profile. > I'm still fighting to get the errors consistent enough to track down further than >that, but that's where I am, > right now. > > I have profiles chmod to 1777, I have also tried creating the profile directories by >hand, or using the "build > profile" script, as noted in another source. I have made sure to chown to the user, >where appropriate. > > Here is my smb.conf: > # Samba config file created using SWAT (But heavily tweaked from there) > # from 0.0.0.0 (0.0.0.0) > # Date: 2002/12/11 15:40:00 > > # Global parameters > [global] > ; Basic server settings > workgroup = REEDNET > netbios name = REGMAIN > > ; we should act as the domain and local master browser > os level = 65 > domain master = yes > local master = yes > preferred master = yes > > ; security settings (must use security = user [but it's the default] ) > > ; encrypted passwords are a requirement for a PDC > encrypt passwords = yes > > ; support domain logons > domain logons = yes > > ; where to store user profiles? > logon path = \\%L\profiles\%U > > ; where is a user's home directory and where should it > ; be mounted at? > logon drive = x: > logon home = \\%L\%U\.profile > > ; needed for win9x profiles > preserve case = yes > short preserve case = yes > case sensitive = no > > ; specify a generic logon script for all users > ; this is a relative **DOS** path to (from) the [netlogon] share > logon script = logon.bat > > ; specific password (lack of) requirements for Reed Engineering Group > min passwd length = 0 > null passwords = yes > > passwd program = /usr/bin/passwd -u %u > unix password sync = yes > > ; Logging options > log level = 3 > log file = /usr/local/samba/var/log.%m > max log size = 50 > > ; Tuning options > deadtime = 15 > keepalive = 0 > > ; Special users and handlers > domain admin group = root amccaleb > message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s > hide local users = no > admin users = root amccaleb > wins support = yes > > [homes] > path = %H > valid users = %S > read only = no > guest ok = no > create mask = 0777 > directory mask = 0777 > browseable = yes > level2 oplocks = yes > dos filetimes = yes > > ; share for storing nt/2k/xp user profiles > [profiles] > path=/srv/profiles > read only = no > create mask = 0777 > directory mask = 0777 > nt acl support = no > browseable = yes > > ; required for logon server > [netlogon] > path = /srv/netlogon > read only = yes > write list = root amccaleb > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC problems
hi tim, i am having the same problem. i can use XP and samba 2.2.7 in a workgroup environment, and everything works fine. when i try and join the XP workstation as a domain, i get the same message as you do. i read up on creating a SRV record via bind, which seems easy enough, but i am not sure what prog s/b running on the other end of that service, and how it should be configured. i hope someone with some deep know how understands the problem and what to do here. cliff Tim Nichol wrote: Hi all, I am having trouble setting up samba to act as a PDC. I am fairly new to red hat \ linux, and have just installed RH 7.3 running the default configuration. I updated \ samba to 2.2.7 using the online updating feature and followed a step by step tutorial \ to configure samba to become a PDC. When i try to connect to the domain with windows XP pro, it displays the message "a \ domain controller for the domain mydomain can not be located" when i choose details it says The error was: "DNS request not supported by name server." (error code 0x232C RCODE_NOT_IMPLEMENTED) The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain The network is simple, one windows XP pro machine with IP 192.168.1.6 and one RH 7.3 \ linux machine with IP 192.168.1.5. Connections are working because both machines \ succuessfully ping each other. I ran testparm with no errors and have verified the samba server is running properly \ with "smbclient //mymachine/user -U user -W mydomain" I downloaded and ran the SignOrSeal reg patch for XP, and also disabled the "Domain \ member: Digitally encrypt or sign secure channel data (always)" option in the local \ security. I have triple checked the tutorial guide with my config file, and have manually \ created the required accounts What could be the problem? I have seen other people on this list with the same \ problem, but the threads seem to die out without a solution. Please help! -Tim -- ___cliff [EMAIL PROTECTED]http://www.genwax.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC windoze BDC
On Thu, 2002-11-21 at 05:38, Bill Dossett wrote: > :-( grump grump grump... is there any > way to get NT to authenticate against > samba? Unfortunately I've got SQL server > running and we can't migrate to MYSQL > yet for a while... I'm just trying to > avoid keeping two servers in sync with > accounts and I've got everything else > including samba authenticating via ldap > which is excellent, but unless I can get > NT to authenticate via samba or ldap which > seem to be looking unlikely, I guess I'll > have to - and start testing the alpha 3 stuff > and try and help out with it I guess. > Thanks for the info. NT can authenticate against Samba as a member server. We cannot support NT BDCs at present. > Bradley W. Langhorst wrote: > > On Wed, 2002-11-20 at 09:41, Bill Dossett wrote: > > > >>Hi, > >> > >>During my migration to samba, I had kind of assumed > >>that I could run Samba as a PDC and my windoze server > >>as a BDC to ease the migration path a little and still > >>keep the same domain. I was going to use samba 2.2.5 > >>on the PDC and NT4 sp6 on the BDC. After reading quite > >>a bit, it looks as though this doesn't work? > >> > >>Is there a way to make it work? > > > > not with samba 2 > > > >>Does Samba 3 handle this? > > > > maybe soon > > > >>Is Samba 3 stable for production? > > > > depends on your environment - probably no it is alpha software > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [Samba] Samba PDC windoze BDC
:-( grump grump grump... is there any way to get NT to authenticate against samba? Unfortunately I've got SQL server running and we can't migrate to MYSQL yet for a while... I'm just trying to avoid keeping two servers in sync with accounts and I've got everything else including samba authenticating via ldap which is excellent, but unless I can get NT to authenticate via samba or ldap which seem to be looking unlikely, I guess I'll have to - and start testing the alpha 3 stuff and try and help out with it I guess. Thanks for the info. Cheers Bill Bradley W. Langhorst wrote: On Wed, 2002-11-20 at 09:41, Bill Dossett wrote: Hi, During my migration to samba, I had kind of assumed that I could run Samba as a PDC and my windoze server as a BDC to ease the migration path a little and still keep the same domain. I was going to use samba 2.2.5 on the PDC and NT4 sp6 on the BDC. After reading quite a bit, it looks as though this doesn't work? Is there a way to make it work? not with samba 2 Does Samba 3 handle this? maybe soon Is Samba 3 stable for production? depends on your environment - probably no it is alpha software -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC windoze BDC
On Wed, 2002-11-20 at 09:41, Bill Dossett wrote: > Hi, > > During my migration to samba, I had kind of assumed > that I could run Samba as a PDC and my windoze server > as a BDC to ease the migration path a little and still > keep the same domain. I was going to use samba 2.2.5 > on the PDC and NT4 sp6 on the BDC. After reading quite > a bit, it looks as though this doesn't work? > > Is there a way to make it work? not with samba 2 > Does Samba 3 handle this? maybe soon > Is Samba 3 stable for production? depends on your environment - probably no it is alpha software -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba PDC
You missed a crucial piece of information - what client are you using? If it is XP then you will need to apply a registry change - read http://hr.uoregon.edu/davidrl/samba.html "Use the Group Policy editor (gpedit.msc) and disable the "Domain Member: Digitally encrypt or sign secure channel data". Alternately, you can make the following change to the registry: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]"requiresignorseal"=dword: " Noel -Original Message-From: Liviu Balan [mailto:[EMAIL PROTECTED]]Sent: 11 November 2002 08:47To: [EMAIL PROTECTED]Subject: [Samba] samba PDC Hello I'm trying to replace the windows PDC of my company with a linux one. I've tried doing this with samba...It allows me to join a computer to the specific domain, but it won't allow me to log in, although i've created the users and passwords (useradd and smbpasswd) Can anyone please email me a smb.conf example that works for him/her? Thank you ---Incoming mail is certified Virus Free.Checked by AVG anti-virus system (http://www.grisoft.com).Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002
Re: [Samba] Samba PDC problem: Please help me avoid a mutiny! :-)
On Sunday 10 November 2002 01:02, Andrew Bartlett wrote: > OK. Some details on Samba's internal request processing: > [snip] > > This could happen for any number of reasons, but basically there isn't > much Samba can do - the client closed the connection. You need to look > at why the client has done this, particularly as clients normally don't > (they negotiate down the session, and normally keep a live connection to > the server). > > At this point the standard answer is 'check your networking gear' and > 'grab a sniffer'. See if you can find evidence of lost packets, > retransmits or other things that could cause the client to think the > server had timed out. > > For information on the CIFS protocol, see > http://www.ubiqx.org/cifs/index.html > > For a *very* good sniffer see http://www.ethereal.com > > Andrew Bartlett Thanks very much for the pointers. I'll have to dig into this. I did do some detailed traffic dumps with tcpdump for some of the tests early on, but at the time I wasn't as aware of what to look for. I'll give it another try. Also, I haven't looked into any patterns that might indicate that certain SMC commands are more prone than others to provoke this behavior, or indicate otherwise. As I said, I'm pretty new at this (thanks for the reference to CIFS info as well). I have found it kind of fun to hack some additional DEBUG macros into the code. Open source is great, ain't it? :-) Perhaps a few might be of general interest, such as clarifying that one I mentioned in the previous note. If I learn anything out of this that might be helpful to others, I'll post it here. Thanks again, Ray Simard -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC problem: Please help me avoid a mutiny! :-)
On Sun, 2002-11-10 at 17:45, Ray Simard wrote: > Thank you very much for your reply! > > On Saturday 09 November 2002 21:14, Andrew Bartlett wrote: > >> .. > > > The manifestation is, in nearly all cases, that the PDC sends a message > > > to the workstation and waits for a response. > > > > This protocol doesn't usually work like that. SMB is (for all cases > > except oplocks) a client-initiated protocol - the client is always > > waiting for the server. > > > > What message/reply do you think the server is waiting for? > > > > Andrew Bartlett > > I confess that I'm not really up on the SMB/CIFS protocols (though I am learning a >lot lately). > Here's a fragment from a log which might help. I am not sure how to identify what >the message to the WS is > or what the WS is expected to do in response. I'm turning off wordwrap for >readabillity. > > If I get this right, this is a message being sent to the WS, after which the PDC >looks for a reply. After waiting > for about 50 seconds, Samba gets an EOF back from the WS and does timeout processing >(the third > entry from the bottom in the log fragment I quote here). The line " receive_smb: >length < 0!" is a little misleading: > read_smb_length_return_keepalive returns > -1 whenever it fails to read exactly 4 bytes from the socket, and that's what the >message in the log > is reporting. OK. Some details on Samba's internal request processing: Samba sits on a socket, and uses select() to wait until there is activity to deal with. Whenever there is such activity, it reads 4 bytes - the NBT header and the datagram length. However, it could well be that the the 'activity' wasn't 'incoming packet' but 'connection reset'. That is what is happening here, the read (attempting to read the 4 bytes that *all* packets start with) fails, and samba notices that the connection has been reset. Samba then cleans up, and exits. This could happen for any number of reasons, but basically there isn't much Samba can do - the client closed the connection. You need to look at why the client has done this, particularly as clients normally don't (they negotiate down the session, and normally keep a live connection to the server). At this point the standard answer is 'check your networking gear' and 'grab a sniffer'. See if you can find evidence of lost packets, retransmits or other things that could cause the client to think the server had timed out. For information on the CIFS protocol, see http://www.ubiqx.org/cifs/index.html For a *very* good sniffer see http://www.ethereal.com Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [Samba] Samba PDC problem: Please help me avoid a mutiny! :-)
Thank you very much for your reply! On Saturday 09 November 2002 21:14, Andrew Bartlett wrote: >> .. > > The manifestation is, in nearly all cases, that the PDC sends a message > > to the workstation and waits for a response. > > This protocol doesn't usually work like that. SMB is (for all cases > except oplocks) a client-initiated protocol - the client is always > waiting for the server. > > What message/reply do you think the server is waiting for? > > Andrew Bartlett I confess that I'm not really up on the SMB/CIFS protocols (though I am learning a lot lately). Here's a fragment from a log which might help. I am not sure how to identify what the message to the WS is or what the WS is expected to do in response. I'm turning off wordwrap for readabillity. If I get this right, this is a message being sent to the WS, after which the PDC looks for a reply. After waiting for about 50 seconds, Samba gets an EOF back from the WS and does timeout processing (the third entry from the bottom in the log fragment I quote here). The line " receive_smb: length < 0!" is a little misleading: read_smb_length_return_keepalive returns -1 whenever it fails to read exactly 4 bytes from the socket, and that's what the message in the log is reporting. [2002/10/30 23:52:08.534309, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(275) size=119 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [2002/10/30 23:52:08.534414, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(281) smb_tid=2 smb_pid=27104 smb_uid=103 smb_mid=43778 smt_wct=42 [2002/10/30 23:52:08.534500, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[0]=255 (0xFF) [2002/10/30 23:52:08.534558, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[1]=0 (0x0) [2002/10/30 23:52:08.534614, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[2]=3074 (0xC02) [2002/10/30 23:52:08.534671, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[3]=277 (0x115) [2002/10/30 23:52:08.534728, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[4]=128 (0x80) [2002/10/30 23:52:08.534784, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[5]=0 (0x0) [2002/10/30 23:52:08.534840, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[6]=5216 (0x1460) [2002/10/30 23:52:08.534898, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[7]=62376 (0xF3A8) [2002/10/30 23:52:08.534954, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[8]=49752 (0xC258) [2002/10/30 23:52:08.535276, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[9]=1 (0x1) [2002/10/30 23:52:08.535369, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[10]=60110 (0xEACE) [2002/10/30 23:52:08.535428, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[11]=41307 (0xA15B) [2002/10/30 23:52:08.535486, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[12]=49792 (0xC280) [2002/10/30 23:52:08.535617, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[13]=1 (0x1) [2002/10/30 23:52:08.535682, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[14]=5216 (0x1460) [2002/10/30 23:52:08.535739, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[15]=62376 (0xF3A8) [2002/10/30 23:52:08.535796, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[16]=49752 (0xC258) [2002/10/30 23:52:08.535853, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[17]=1 (0x1) [2002/10/30 23:52:08.535909, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[18]=5216 (0x1460) [2002/10/30 23:52:08.535966, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[19]=62376 (0xF3A8) [2002/10/30 23:52:08.536023, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[20]=49752 (0xC258) [2002/10/30 23:52:08.536083, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[21]=8193 (0x2001) [2002/10/30 23:52:08.536142, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[22]=0 (0x0) [2002/10/30 23:52:08.536199, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[23]=48640 (0xBE00) [2002/10/30 23:52:08.536256, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[24]=1 (0x1) [2002/10/30 23:52:08.536315, 5, pid=15553, effective(13080, 100), real(0, 0)] lib/util.c:show_msg(286) smb_vwv[25]
Re: [Samba] Samba PDC problem: Please help me avoid a mutiny! :-)
On Sun, 2002-11-10 at 15:51, Ray Simard wrote: > I've been beating my head against this one and just can't figure it out. I > hope someone here may have an answer. The employees using the workstations on > this network are getting increasingly upset with this problem. > > The problem is wildly varying logon and logoff times over the network. This is > definitely not a matter of long profile transfers. An individual can log onto > a workstation one time and get on quickly, and another time, have to wait > five minutes or more. There is no apparent pattern that I can discern. No > workstations seem to manifest this problem more than others; no users seem to > have more difficulty with this than others; it seems to make no difference if > the user has logged onto a particular station before, or even if he/she's > logged onto another station at the same time. > The manifestation is, in nearly all cases, that the PDC sends a message to the > workstation and waits for a response. This protocol doesn't usually work like that. SMB is (for all cases except oplocks) a client-initiated protocol - the client is always waiting for the server. What message/reply do you think the server is waiting for? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: [Samba] Samba PDC reliability?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Message: 5 > Date: Tue, 29 Oct 2002 13:30:34 -0700 > From: Beau Sapach <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [Samba] Samba PDC reliability? > > Hello all, > > I'm using Samba 2.2.5 compiled on Solaris 8 for my PDC, I've included my > smb.conf below. My client machines are all winnt4.0 service pack 6, but I > can't get them to log in to the PDC reliably. Very rarely will they log in > properly, I usually get the "Domain controller could not be contacted" error > message. Does anyone have any advice? Thanks! > We have been running samba as a domain controller since the 2.0.x days (I think 2.0.6) on linux (currently 2.2.6 on Mandrake 8.2), never seen this problem (except a similar message when trying to join a machine that thinks it's in the workgroup of the same name ;-)). Ensure your clients 1)Look at your WINS server. This is most easily done via DHCP 2)Don't have IPX/NetBEUI installed 3)Don't have badly-configured firewalls installed, some of which have a default config which prevents wins from working Buchan - -- |Registered Linux User #182071-| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE9v/BurJK6UGDSBKcRAoZ2AJ9IOAtr7tJtdfNgj8gDuzZmU8hxBgCgkXSs ozypTGafYB+O1HBZ5so79GM= =zgPj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC+LDAP: Account restrictions
Yura Pismerov wrote: > > "Bradley W. Langhorst" wrote: > > > > On Tue, 2002-10-29 at 12:37, h g wrote: > > > Hi, > > > > > > I have a Samba PDC with LDAP, How to set user's > > > password to be expired automatically after 186 days. > > > Also, how to enforce password rules such as at least 6 > > > characters? > > not currently possible in samba2 > > "min passwd length" works in 2.2.x though. > As for the LDAP password aging... You can also look at Kerberos as the > password backend for LDAP. Kerberos has his own password aging mechanism > that works perfectly. Not to mention that it does much more sense to > store passwords in a system that was initially (unlike LDAP) designed > for that purpose. Won't work for NTLM passwords. However, with LDAP in Samba 3.0 we do honer the password expiry, and the account policy tdb allows us to set when they should expire. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Fwd: NDN: Re: [Samba] Samba PDC+LDAP: Account restrictions]
I hate this. And I guess I'm not alone... Original Message Subject: NDN: Re: [Samba] Samba PDC+LDAP: Account restrictions Date: Tue, 29 Oct 2002 20:34:13 +0100 From: "Mailer-Daemon" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sorry. Your message could not be delivered to: J. Rönnblom (Mailbox or Conference is full.) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC+LDAP: Account restrictions
"Bradley W. Langhorst" wrote: > > On Tue, 2002-10-29 at 12:37, h g wrote: > > Hi, > > > > I have a Samba PDC with LDAP, How to set user's > > password to be expired automatically after 186 days. > > Also, how to enforce password rules such as at least 6 > > characters? > not currently possible in samba2 "min passwd length" works in 2.2.x though. As for the LDAP password aging... You can also look at Kerberos as the password backend for LDAP. Kerberos has his own password aging mechanism that works perfectly. Not to mention that it does much more sense to store passwords in a system that was initially (unlike LDAP) designed for that purpose. > as far as i know it is working in samba3 > > brad > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC and BDC
Hi, I want to set up Samba servers on our two Linux (Redhat 7.1) machines and get the passwords sync on both of them. How can I go about it. Also, how can i make password restrictions work between Samba and Win98 workstations. Please direct me to a HOW-to or any documentations if any. Thanks, Gurnish -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC+LDAP: Account restrictions
On Tue, 2002-10-29 at 12:37, h g wrote: > Hi, > > I have a Samba PDC with LDAP, How to set user's > password to be expired automatically after 186 days. > Also, how to enforce password rules such as at least 6 > characters? not currently possible in samba2 as far as i know it is working in samba3 brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba PDC and XP Pro Problem. (Not signorseal -fixedthat one some time ago)
On Thu, 2002-10-24 at 09:15, Richard Horton wrote: > > > -Original Message- > > From: Bradley W. Langhorst [mailto:brad@;langhorst.com] > > > [snip] > > yes it does > > does the other user actually have an account on the domain? > > are you sure that the "normal user" is actually logging into > > the domain? > > (ie that user is not in the local password database) > > On the XP laptops, the normal machine user is in the local password cache. I don't know what you mean here... i understand password cache to be some registry location or flat file that just stores the various passwords a user has used to access various network resources. Think the .pwl files from win9x. If you mean that your user is there when you run the local user manager then (i hate to ask) but are you sure you've selected your domain in the "log on to" dropdown? samba doesn't care about who the user as long as that user exists in smbpasswd and has a valid password (ie it doesn't implement any kind of checking about whether a user is allowd to log on from a given workstation) > The new user is a test account I've created which works on the 2k clients. > I've verified on the 2k laptops that an actually log on attempt occurs > against the PDC by changing passwords on both the "normal" and "test" > accounts - this works fine... that means that samba is configured fine... i'm curious to see the logs. brad that sounds to me -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC and XP Pro Problem. (Not signorseal - fixedthat one some time ago)
On Thu, 2002-10-24 at 04:42, Richard Horton wrote: > My PDC is Samba 2.2.3 on Redhat 7.3, clients are a mix of Win 2k and XP > Pro laptops. there are some bugs in 2.2.3 that were fixed in subsequent releases 2.2.6 looks to be very good - maybe worth upgrading (probably won't fix your problem though) > However the XP laptops > if I try logging on as a user other than the normal user for that laptop > then no dice - I get a can not find domain controller error. All the XP > laptops have had the signorseal fix applied, and I'm not using roaming > profiles so that's not the issue (or might be on hindsight... does XP > allow a domain user to log on without a server side profile?) yes it does does the other user actually have an account on the domain? are you sure that the "normal user" is actually logging into the domain? (ie that user is not in the local password database) that's the only thing i can think of that might be your problem. > log file = /var/log/samba/log.smbd try making this log file = /var/log/samba/log.smbd.%m and show what happens when the machine in question fails to log in. > logon home = \\%N\%u\xphome this share seems to be missing - probably not a problem since you're not using roaming profiles... > [netlogon] > path = /usr/local/samba/netlogon > force group = smbusers > browseable = No this looks a little suspicious to me... are you sure that your new user has permission on this share? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+PDC+LDAP (add user script + unix passwd sync)Can't call perl script
On Tue, 21 May 2002, Yannick Tousignant wrote: > Hi, i've compiled samba 2.2.4 on a Redhat 7.1 machine, working > with openldap 2.0.23. I also downloaded smbldap-tools from IDEALX > which i fixed myself to fit my needs. Everything work very fine > when running the scripts in shell mode... but! What shows up in a level 10 debug log? The shell scripts do have the 'x' bit set right? cheers, jerry - Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org --http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca-- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script
Hi everyone, I think some people missunderstood my first message. I'm trying to execute commands with "add user script" and "unix passwd sync" settings in smb.conf. The problem is, thoses commands are working fine when running them in command line, but when executed by samba passing thru smb.conf settings, they fail silently or are half executed. Thanks for you time, Yannick Tousignant > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Yannick Tousignant > Sent: Tuesday, May 21, 2002 4:22 PM > To: [EMAIL PROTECTED] > Subject: [Samba] Samba+PDC+LDAP (add user script + unix passwd sync) > Can't call perl script > > > Hi, i've compiled samba 2.2.4 on a Redhat 7.1 machine, working > with openldap 2.0.23. I also downloaded smbldap-tools from IDEALX > which i fixed myself to fit my needs. Everything work very fine > when running the scripts in shell mode... but! > > > In smb.conf : > = > > add user script = /usr/local/sbin/smbldap-useradd.pl -w %u > > This line don't work and it should, because when running it > in a shell, everything works fine. > > > Again in smb.conf : > === > > unix password sync = yes > passwd program = /usr/local/sbin/passwd.sh %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n > *all*authentication*tokens*updated*successfully* > > I made my own bash script to sync ldap (posix) password while samba > seems to handle samba (LANMAN AND NTHASH) password itself. > > The password change works very fine, but when i try to update the > pwdMustChange to reset his value when a user changed his password, > the pwdMustChange isn't modified like it should be. Again everything > works very fine when running my script in shell mode. > > > Here it is : > -CUT > HERE-- > #!/bin/bash > > echo -n "New password : " > read PASS1 > echo -n "Retype new password : " > read PASS2 > > if [ "$PASS1" = "$PASS2" ] > then > > echo "dn: uid=$1,ou=Users,dc=OKA" > /tmp/ldap.mod > echo "changetype: modify" >> /tmp/ldap.mod > echo "replace: pwdMustChange" >> /tmp/ldap.mod > echo "pwdMustChange: 2147483647" >> /tmp/ldap.mod > echo "" >> /tmp/ldap.mod > > # NOT WORKING...!!! > /usr/local/bin/ldapmodify -v -x -h 127.0.0.1 -D 'cn=ADMIN,dc=OKA' -w > 'secret' -r -f /tmp/ldap.mod > rm -f /tmp/ldap.mod > > # WORKING! > /usr/local/bin/ldappasswd -x -h 127.0.0.1 -D 'cn=ADMIN,dc=OKA' \ > -w 'secret' uid=$1,ou=Users,dc=OKA -s $PASS1 > /dev/null > > echo "all authentication tokens updated successfully" > > else > echo "Passwords do not match" > fi > > #END > -CUT > HERE-- > > > There is something i don't get, first i though maybe samba wasn't > interpreting perl, but when my second script failed.. and after > many hour trying to understand, i'm pretty lost right now! > > Btw, thanks to the samba team, openldap team and idealx > for all the great developpement you've been doing! > > Hope i can find a way to make things work. > > > Yannick Tousignant > === > Gestion Informatique OKA ltée. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script
Yannick Tousignant wrote: >unix password sync = yes >passwd program = /usr/local/sbin/passwd.sh %u >passwd chat = *New*password* %n\n *Retype*new*password* %n\n >*all*authentication*tokens*updated*successfully* > I think your passwd chat is the problem. In RedHat and Mandrake they have this string as two lines in the distributed smb.conf file. There needs to be a space between ...%n\n on the first line and *all*aut... on the second (continued line). I don't know if adding a space at the start of the firtst line will fix it or not. I fixed it by joining the first line with the second line and adding the space; i.e., ...Retype*new*password* %n \n *all*authentication... -- "Don't steal, the Government hates competition!" SCM Enterprise [EMAIL PROTECTED] | http://www.concentric.net/~Smeisner Courtesy of Netscape and Linux 2.4 [running 2.4.18] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script
> Hi, i've compiled samba 2.2.4 on a Redhat 7.1 machine, working > with openldap 2.0.23. I also downloaded smbldap-tools from IDEALX > which i fixed myself to fit my needs. Everything work very fine > when running the scripts in shell mode... but! I had something like this. Check your password chat and make sure you set it to what it actually is when you run it on the shell. I can't remember off-hand what mine at work is, but I will post it tomorrow. The default from the IDEALX howto did not work for me. There's also a problem with smbldap-passwd.pl whereby the wrong ldappasswd command is issued in the script: $ret = system "$ldappasswd $dn -s $pass > /dev/null"; should be: $ret = system "$ldappasswd -s $pass $dn > /dev/null"; Increase your log level and check your logs, because this is how I found out what mine was doing. HTH Phil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba PDC & windows XP
maybe you can find something here : http://www-1.ibm.com/servers/esdd/tutorials/samba/ download the pdf on top right and have a look into client configuration, there is a special section with XP clients cheerz Mark -Original Message- From: Paolo Federici [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 30, 2002 4:32 PM To: Gary Browning; [EMAIL PROTECTED] Subject: Re: [Samba] Samba PDC & windows XP I'm sorry but at this moment I haven't received any useful information... A strange thing is that some times, especially to the morning when I power up my pc, it is connected correctly to the PDC domain!! Unfortunately this works only some time and I do not succeed to understand why... Paolo Federici Gary Browning wrote: > > Hello, > > I am experiencing the same issue whereby Windows 2000 Professional can > connect to my PDC, but Windows XP complains about the PDC being > unavailable or something is wrong with the computer account. I too > have encrypted passwords and have applied the signorseal registry > patch. Also, I did confirm that the machine account got created in > /etc/passwd and did make its way into the smbpasswd file. > > My question to you is, have you gotten this to work under XP or > received any useful information? I would really appreciate the > information if available. > > Thanks so much, > > Gary Browning > > > > > -- > Gary Browning > Office of Information Technologies > Indiana University South Bend > 1700 Mishawaka Avenue, Post Office Box 7111 > South Bend, IN 46634-7111 > ph-574-237-6516 / fax-574-237-4846 > [EMAIL PROTECTED] > http://www.iusb.edu > http://www.iusb.edu/~oit > > -- +--- + | Paolo Federici | | Dipartimento di Ingegneria dell'Informazione | | Parco Area delle Scienze 181/a FAX: +39(0521)905723 | | I-43100 Parma (ITALY) Tel: +39(0521)906221 | | | +--- + -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC & windows XP
I'm sorry but at this moment I haven't received any useful information... A strange thing is that some times, especially to the morning when I power up my pc, it is connected correctly to the PDC domain!! Unfortunately this works only some time and I do not succeed to understand why... Paolo Federici Gary Browning wrote: > > Hello, > > I am experiencing the same issue whereby Windows 2000 Professional can > connect to my PDC, but Windows XP complains about the PDC being > unavailable or something is wrong with the computer account. I too > have encrypted passwords and have applied the signorseal registry > patch. Also, I did confirm that the machine account got created in > /etc/passwd and did make its way into the smbpasswd file. > > My question to you is, have you gotten this to work under XP or > received any useful information? I would really appreciate the > information if available. > > Thanks so much, > > Gary Browning > > > > > -- > Gary Browning > Office of Information Technologies > Indiana University South Bend > 1700 Mishawaka Avenue, Post Office Box 7111 > South Bend, IN 46634-7111 > ph-574-237-6516 / fax-574-237-4846 > [EMAIL PROTECTED] > http://www.iusb.edu > http://www.iusb.edu/~oit > > -- +---+ | Paolo Federici| | Dipartimento di Ingegneria dell'Informazione | | Parco Area delle Scienze 181/a FAX: +39(0521)905723 | | I-43100 Parma (ITALY) Tel: +39(0521)906221 | | | +---+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba & PDC & Concurrent Logins
Hi Martin, Can't give you a complete answer, but can point you to where to look... You have two choices that I can think of: 1) Don't use roaming profiles, and each computer will have its own profile, 2) Make the Roaming Profile mandatory - this will cause it to not save any changes made after logging in- it will just d/l the profile each time. Here's a fairly good explanation: http://networking.earthweb.com/netos/article/0,,12083_625291,00.html There may be other options, but none I can think off of the top of my head. Simon - Original Message - From: "Martin Rode" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 23, 2002 7:18 AM Subject: [Samba] Samba & PDC & Concurrent Logins > Hello Samba Developers, > > we have a little Samba setup here with about 8 clients (W2K, SP2) and > Samba (samba-2.2.3a) installed on a Linux System (Linux version > 2.4.18-pre3-ac1). > > We have PDC enbabled, all users are authenticated by Samba via > smbpasswd. Profiles are kept in /home/profiles/samba//. > > Now the problem: > > A user "eddie" logs on one W2K. Profiles gets copied. Now "eddie" logs > on to another W2K. Profiles gets copied again. "eddie" logs out of the > second W2K, pofiles gets copied back. "eddie" logs out of the first W2K. > Again, profile gets copied back. Now "eddie" wants to log on again in a > W2K. W2K says it cannot open the profile and logs on "eddie" with a > default profile. > > 1) People here are now very careful not to login twice on two maschines > with the same login. But this is not what we want. Is there any solution > to this problem, or should I provide more information on our setup? > > 2) I've noticed a problem when the W2K client does not log out the user. > Then smbd sits there locking /home/profiles/samba//NTUSER.DAT. > Next time the user tries to login, W2K cannot open NTUSER.DAT because it > is locked by the stale smbd. I kill the smbd manually and then the user > can login. > > I'm willing to provide as much information as necessary to get this > problem solved / fixed and I much appreciate any help / hints and > advise. > > With regards, > > ;Martin > > P.S.: I'm no list subscriber, so please reply also privately -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC & windows XP
On Tue, Apr 23, 2002 at 04:49:05PM +0200, Paolo Federici wrote: > It's all as you write me but dont' work... > I had changed the line encrypt passwords = true in encrypt > passwords = yes but don't change anything > > Did you turn off signorseal in the registry? -- David W. Chapman Jr. [EMAIL PROTECTED] Raintree Network Services, Inc. [EMAIL PROTECTED] FreeBSD Committer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC & windows XP
It's all as you write me but dont' work... I had changed the line encrypt passwords = true in encrypt passwords = yes but don't change anything Paolo Federici [EMAIL PROTECTED] wrote: >Your smb.conf should read > >encrypt passwords = yes >smb passwd file = /etc/samba/smbpasswd > >Then open a terminal window and type. "jsmith would a a user name that >lives in the passwd file on the Unix box" >/usr/bin/smbpasswd -a jsmith >/usr/bin/smbpasswd -c jsmith > >Then make sure you smb is running by typing >/etc/init.d/smb start > >Now from you XP machine you should be able to connect the the Samber Server > >Regards >Tony Wood >Senior Network Analyst >DDI: 020,7383, 6395 >Fax:020, 7554, 6395 > > >** >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager ([EMAIL PROTECTED]) > >www.bma.org.uk >** > > -- +---+ | Paolo Federici| | Dipartimento di Ingegneria dell'Informazione | | Parco Area delle Scienze 181/a FAX: +39(0521)905723 | | I-43100 Parma (ITALY) Tel: +39(0521)906221 | | | +---+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC & windows XP
In my smb.conf I find this line : encrypt passwords = true Paolo Davide Dozza wrote: > Are you using encrypted password? > > > Davide > > > Paolo Federici wrote: > >> When I try to login to my Samba 2.2.3a PDC with my Windows XP >> Professional computer, it says that the domain controller is down or >> unavailable or that it cannot find a computer account on the server. >> But when I joined the domain, it created a computer trust account in >> my smbpasswd file and /etc/passwd >> I know it works because my Windows Nt and 2K computer connects to the >> domain fine. >> I have applied signorseal patch too, but without result. >> Can you help me? >> Many thanks >>Paolo Federici >> > > > -- +---+ | Paolo Federici| | Dipartimento di Ingegneria dell'Informazione | | Parco Area delle Scienze 181/a FAX: +39(0521)905723 | | I-43100 Parma (ITALY) Tel: +39(0521)906221 | | | +---+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC & windows XP
Are you using encrypted password? Davide Paolo Federici wrote: > When I try to login to my Samba 2.2.3a PDC with my Windows XP > Professional computer, it says that the domain controller is down or > unavailable or that it cannot find a computer account on the server. > But when I joined the domain, it created a computer trust account in my > smbpasswd file and /etc/passwd > I know it works because my Windows Nt and 2K computer connects to the > domain fine. > I have applied signorseal patch too, but without result. > Can you help me? > Many thanks >Paolo Federici > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC: Windows 9x clients cannot share
Ühel ilusal päeval [10.04.2002] kirjutas Bruce Ferrell <[EMAIL PROTECTED]>: > I've seen this happen when the smbpasswd file and /etc/passwd weren't in > sync. For whatever reason, samba doesn't like it and errors out when > the clients try to get lists. Hello again! I checked and the smpasswd and passwd file are in sync -- well, at least both of those files contain the same users. I mean, every username in /etc/passwd has the corresponding username in /etc/samba/smbpasswd and vice versa. IMHO, those files cannot be more in sync than this. Still i get the same errormessage telling me that the list of users cannot be retrieved from Samba PDC when trying to create shares on Windows '9x clients. I've noticed, that there is an other thread in this Samba mailing list about the similar problem. So what is this? A bug? A feature? This is very annoying to my users (and to me too, because i get hate looks all the day). Is there somebody, who has gotten the damn thing working? Perhaps this is Debian specific. I am using Debian Woody at the moment. Still seeking help, Juhan -- In the early morning hour, when the pub was closing, my grandpa emptied his tankard, stood up and said his famous words: She's always late. Her ancestors arrived on the JuneFlower. http://juku.kicks-ass.net/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
