A non-text attachment was scrubbed... Name: not available Type: x-sun-attachment Size: 2413 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/19970818/faba075a/attachment.bat
----- Begin Included Message ----->From toml@ENGR.ORST.EDU Mon Aug 18 14:00:25 1997X-Mailer: exmh version 2.0gamma 1/27/96 To: jeffreyl@riskdevel.ml.com (Jeffrey Liu) Subject: Re: NT and roaming profiles problem solved Mime-Version: 1.0 Date: Mon, 18 Aug 1997 11:00:14 -0700 From: Tom Lieuallen <toml@ENGR.ORST.EDU>> Hi Tom, > > I didn't get SAMBA to compile with DES encryption enabled. Which library > did you use that includes des.h?I used libdes-3.23.tar.gz -- which I got from ftp://samba.anu.edu.au/pub/libdes> I tried getting PGP, and using the rsaref/des.h but that didn't work. > > According to the SAMBA documentation, turning on encryption in smb.conf > doesn't mean anything unless the DES libraries were part of the compile.This seems to be true. I changed my configuration for encryption and setup the smbpasswd file -- but it wouldn't work at all until I recompiled samba with libdes.> Also, if it's not too much trouble for you, could you send me a copy of > your smb.conf file? Also, you didn't mention if your workstations are > running Windows NT 3.51 or 4.0, if your server is running NT Server 4.0, > and if you are authenticating users with security = user and using the > SAMBA server password map.We have an NT 4.0 server and all NT 4.0 workstations. I refuse to use the smbpasswd file (except for testing) -- I think having two password files (unix and NT) is already too many -- a third just isn't acceptable (for me). So, when I got roaming profiles working, it was with a test server running with security = user and using the smbpasswd file. I also seemed to have success with security = server and setting my security server to the NT server. Nobody said it would work, but my brief tests seemed to work. My test machine was an HP running HPUX 10.20. I'll append my smb.conf file at the end. Let me know if you have any more questions.> Any information you have will be greatly appreciated. > > Jeff > > p.s. attached is a copy of my smb.conf file.toml [global] wins support = no wins server = hera.ENGR.ORST.EDU debug level = 3 security = USER encrypt passwords = yes preserve case = yes short preserve case = yes case sensitive = no log file = /private/samba/var/log/log.%m locking = yes lock directory = /private/samba/var/locks share modes = yes guest account = samba workgroup = ENGINEERING server string = College of Engineering Samba (Unix gateway) preferred master = no [homes] comment = Home Directories browseable = yes read only = no create mode = 0700 [www_cs] comment = CS web pages path = /nfs/or/a2/www_cs browseable = yes public = no writable = yes [www_me] comment = ME web pages path = /nfs/ca/a2/www_me browseable = yes public = no writable = yes [www_engr] comment = ENGR web pages path = /nfs/ca/a2/www browseable = yes public = no writable = yes [classes] comment = Classes path = /nfs/or/a3/classes browseable = yes public = no writable = yes ----- End Included Message -----
----------------------------------------- Key points: The environment which I was able to get roaming profiles: All user workstations are running Windows NT 3.51 The NT Server (PDC) is running NT Server 4.0 Need to use encrypted passwords, and (for me at least) use "security = server" with "password server = <PDC>". ----------------------------------------- (for me). So, when I got roaming profiles working, it was with a test server running with security = user and using the smbpasswd file. I also seemed to have success with security = server and setting my security server to the NT server. Nobody said it would work, but my brief tests seemed to work. ----------------------------------------- so can i just clarify things here, for the documentation: - if you use "security = server", you _do not_ need to have encrypted passwords. - if you use "security = user" you _do_ need to have encrypted passwords which makes a lot of sense to me. the nt machines attempt to make a non-interactive SMB connection for the profile downloading. it fails, because the SMB server (in this instance) requests clear-text passwords, which the client refuses. if someone could confirm to me that "security = server" does not need encrypted passwords, i will update the nt profile documentation, currently being written from these empirical observations. luke
hi jeffrey, just out of interest, did you have to manually create the profile.PDS directory, or did it all work happily? On Tue, 19 Aug 1997, Jeffrey Liu wrote:> >From jeffreyl@riskdevel.ml.com Mon Aug 18 18:29 EDT 1997 > Date: Mon, 18 Aug 1997 18:29:23 -0400 > From: jeffreyl@riskdevel.ml.com (Jeffrey Liu) > To: toml@ENGR.ORST.EDU > Subject: Re: NT and roaming profiles problem solved > Content-Type: X-sun-attachment > Content-Length: 2071 > > > Hi Tom, > > Thanks to your help, I was able to get roaming profiles finally working! > > It was indeed the encrypted password option. > Kudos to you for finding the solution in the NISGINA documentation. >i'm sorry - i installed encrpted passwords at cb1.com because we hadto - i wasn't expecting it to be a requirement!!! i shall document this very shortly. luke
Hi Luke, I manually created the profile directory for each user. Of course, I'm running Windows NT 3.51. It may not apply to Windows NT 4.0. Thanks for your help, Jeff> > hi jeffrey, > > just out of interest, did you have to manually create the profile.PDS > directory, or did it all work happily? > > On Tue, 19 Aug 1997, Jeffrey Liu wrote: > > > >From jeffreyl@riskdevel.ml.com Mon Aug 18 18:29 EDT 1997 > > Date: Mon, 18 Aug 1997 18:29:23 -0400 > > From: jeffreyl@riskdevel.ml.com (Jeffrey Liu) > > To: toml@ENGR.ORST.EDU > > Subject: Re: NT and roaming profiles problem solved > > Content-Type: X-sun-attachment > > Content-Length: 2071 > > > > > > Hi Tom, > > > > Thanks to your help, I was able to get roaming profiles finally working! > > > > It was indeed the encrypted password option. > > Kudos to you for finding the solution in the NISGINA documentation. > > > > > i'm sorry - i installed encrpted passwords at cb1.com because we hadto - > i wasn't expecting it to be a requirement!!! > > i shall document this very shortly. > > luke >