samba - Oct 1997 - Samba 1.9.18alpha1 release

We've just released samba-1.9.18alpha1. 

This version is not intended for general production use. It is
instead a snapshot of what we are working on for the next major
release.

If you are a production site then we recommend you instead use the
1.9.17 series, the latest of which is 1.9.17p3. We will be releasing
1.9.17p4 very shortly.

There is quite a bit of new stuff in 1.9.18alpha1. Not all of it has
had a lot of testing (which is why we are doing an alpha release! we
need some victims to test this code)

We expect to be releasing quite a few more 1.9.18alpha releases over
the next few weeks, particularly as the NT domain logon support
develops. 

Please report problems with this release to
samba-bugs@samba.anu.edu.au. Make sure you make it clear exactly what
version you are running. Don't just say "the latest alpha" as that
could change by the time you press the send key.

New stuff
---------

- fully integrated password encryption support. You now don't need to
use a separate DES library, all the necessary code is built in (in
such a way that it does not come within ITAR restrictions). Encryption
is always compiled in (no compile time option) but you can
enable/disable it in smb.conf

- oplock support. Oplocks are a way for SMB clients to do safe client
side cacheing. This can make many things speed up a lot. This is on by
default. You can disable it on a per-share basis.

- preliminary NT domain logon support. This is still very
experimental. You need to compile with NTDOMAIN=1 to use it. Luke will
probably post some instructions on how to set it up. If you enable
this then you may find that lots of things break (browsing from NT
workstations for example)

- lots of new parsing, list-handling etc code from Chris

- several bug fixes (which will also be in the 1.9.17p4 release). For
example, the "freeze on logout" bug is fixed.

- lots of other minor changes, too numerous to list here (see the cvs
logs for full details)


Hmmm, anything else to mention? Oh yes, you can get it from:

ftp://samba.anu.edu.au/pub/samba/alpha/

On Mon, 20 Oct 1997, Samba Bugs wrote:
> We've just released samba-1.9.18alpha1. 
hooray!
 
> - preliminary NT domain logon support. This is still very
> experimental.
it currently supports the _full_ set of domain logon parameters that are 
available for w95 roaming profiles, namely:

	"logon path" (default is \\%L\%U\profile)
	"logon script" (default is NULL)

i am in the process of adding two more parameters:

	"logon home" (default will be \\%L\%U except if you use -DAUTOMOUNT)
	"logon drive" (default will either be H: or NULL)

but i need some help from simeon walker regarding the -DAUTOMOUNT bit.
> You need to compile with NTDOMAIN=1 to use it. Luke will
> probably post some instructions on how to set it up.
thanks, andrew.  i'll just write them now.

ok.

1) do touch /tmp/netlogon

2) do touch /tmp/srvsvc

3) read ENCRYPTION.txt.  compile smbpasswd, create an smbpasswd file etc.

4) get the name of the nt workstation you want to log in (assume it's
called "machine".  do smbpasswd -add nobody machine (assuming that
nobody
is your guest account: any dummy account will do in fact: it's just to get
round the fact that smbpasswd -add checks the passwd database which is
_not_ what we want to happen in this case!).  edit your
/usr/local/samba/private/smbpasswd file, looking for the nobody:E0AD... 
entry.  change the username from nobody to MACHINE$.  two things are
important, here: the username (MACHINE$) _must_ be in capital letters; 
the password _must_ be in lower case. 

5) compile with -DNTDOMAIN or -DNTDOMAIN=1.  don't forget this, like i did.

6) put "encrypt passwords = yes" in smb.conf

7) put "domain sid = S-1-5-21-123-456-789-123" or any other number you
like, as long as it starts with "S-1-5-" and has five further numbers 
separated by "-"s after it.

8) put in any "logon path" and "logon script" parameters you
want to.

9) read "http://mailhost.cb1.com/~lkcl/ntdomain.html" and look up some
of
the references therein, particularly cifsntdomain.txt: you will find it
generally useful background material, including references to descriptions
of SIDs etc etc. 

10) read "http://mailhost.cb1.com/~lkcl/poems.html" and some of the
poems
therein if you're getting bored of this by now.

11) log in and out of a samba "NT primary domain controller" as many 
times as makes you laugh out loud, until your boss either starts getting 
worried or threatens to sack you.

12) send patches to samba-bugs@samba.anu.edu.au with the subject marked 
NTDOM: at the beginning.  this will direct the message to a specific file 
in the samba web bug track system.

13) send any serious bugs and security reports you find in NT to either 
the NTBUGTRAQ (moderated) or NTSEC (unmoderated) digests.

14) get the very latest code from the cvs web front end: 
http://samba.anu.edu.au/cgi-bin/cvsweb/samba/source

> If you enable
> this then you may find that lots of things break (browsing from NT
> workstations for example)
i found that i could browse a workgr.... sorry, domain SORRY
workgroup-with-an-authentication-database-associated-with-it-which-happens-to-be-something-other-than-a-microsoft-designed-SAM-database
 :-) with just the samba server and the logged in NT workstation in it.  i
don't exactly know why i managed to browse, and andrew didn't.

i've written the MSRPC (i think this is microsoft's name for their
implementation of DCE/RPC by the way but i'm not absolutely certain on
this point) "Net Share Enum" into samba, which returns a list of
shares,
including the comments.

therefore, i think you should find it possible to do NET VIEW \\SAMBA_PDC 
or Ctrl-Esc | Run | "\\samba_pdc" or Ctrl-Esc | Find | Computer | 
"samba-pdc".

if anyone has an NT server 4.0, NT workstation 4.0 and NetMonitor, could 
they kindly set up a dummy account (or temporarily change their 
password), and send me a login trace (from ctrl-alt-delete to logoff), 
doing an access of the NT domain in the network neighbourhood?

have a look in the trace for packets marked as "SRVSVC",
"MSRPC" types:
i'm looking for one called "NetServerEnum", _if_ it exists.  i
already
have "NetServerGetInfo" and "NetShareEnum". 

i need the client query and the server response, in order to document and 
then code these two packets.

regards,

luke


<a href="mailto:lkcl@switchboard.net"  > Luke Kenneth Casson
Leighton </a>
<a href="http://mailhost.cb1.com/~lkcl"> Lynx2.7-friendly Home
Page   </a>
<br><b> "Apply the Laws of Nature to your environment because
your
         environment applies the Laws of Nature to you"             
</b>