samba - Dec 2000 - Setting up virtual samba servers

Using Samba-2.0.7, I am attempting to setup virtual samba servers, and am
experiencing
some difficulty in getting the configuration to operate properly.

I have checked the documentation provided with the source distribution, and
the O'Reilly
book "Using Samba" and have not found any hints on what I need to do
the
resolve the
problem.

I have also checked the "comp.protocols.smb" newsgroup where I found
posts
from other
individuals having the same problem, but did not find any solutions posted
to the newsgroup.

The problem is that the "netbios alias" names do not appear to be
recognized by the
samba server when I specify one of the alias names as the server and
attempt to connect
to a share.

       ie.      netbios aliases = virtual01  virtual02
(in smb.conf  file)

       In a MSDOS window on a PC, I issue the following command and get the
indicated result.

                  net  use   r:  \\virtual01\temp  /user:\root

                  result:      The network path was not found.

When I use the "testparm" command and use the  "-L" flag to
specify the
servername,
the "%L"  variable is not  expanded to reflect the servername.

Can you please provide me with the steps necessary to resolve this problem,
or direct me
to the appropriate documentation?

Attached are samples of the configuration files that I am using.

Thank you for your assistance.

Michael Ewing
UNIX  System Administrator
Berkley Information Services


(See attached file: virtual02.conf)(See attached file: virtual01.conf)(See
attached file: smb.conf)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: virtual02.conf
Type: application/octet-stream
Size: 2609 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20001214/3f449f3e/virtual02.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: virtual01.conf
Type: application/octet-stream
Size: 2607 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20001214/3f449f3e/virtual01.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smb.conf
Type: application/octet-stream
Size: 994 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20001214/3f449f3e/smb.obj

Micheal,

On Thu, 14 Dec 2000 14:12:08 -0600, MEwing@berkleyis.com wrote:
>Using Samba-2.0.7, I am attempting to setup virtual samba servers, 
>and am experiencing some difficulty in getting the configuration to 
>operate properly.
>
>The problem is that the "netbios alias" names do not appear to be
>recognized by the samba server when I specify one of the alias names 
>as the server and attempt to connect to a share.
I guess the problem comes from "config file = " in your smb.conf. This
will completely override everything smbd/nmbd has read until yet. For 
nmbd this means it will run without config file, because while talking 
to nmbd nobody says "I want to talk to VIRTUAL01".

Better use "include = " instead of "config file =". Move all
redundant
parts (IOW: all lines that are both in smb.conf.virtual01 and 
.virtual02) to smb.conf.

Take care: "include =" will probably return with the last thing being 
defined a share, so you will have to rpeat "[global]" after that.

Regards,
        Robert


-- 
---------------------------------------------------------------
Robert.Dahlem@gmx.net           Fax +49-69-432647
---------------------------------------------------------------

Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.

Robert,

Thank you for the pointer on using "include =" rather than
"config file ="
in setting up the virtual
samba servers.     I made this change and the client systems are now able
to connect to the
specified virtual servers.

I am now running into a different problem.   This one involves changing the
user's passwords
on the virtual server that is configured to use the local password file for
authentication.

My first attempt to change the password was through the "SWAT"
interface.
The following
message was returned and displayed on the interface window.

       machine 127.0.0.1 rejected the tconX on the IPC$ share. Error was :
code 0.

       The passwd for 'mae' has NOT been changed.

My next attempt used the "smbpasswd" command with debug mode turned up
to
"3".   From this
session, it appears that the virtual server name is not being recognized.

     /opt/samba/bin>./smbpasswd
     doing parameter log file = /opt/samba/log/log.%M
     doing parameter share modes = yes
     doing parameter getwd cache = yes
     doing parameter local master = no
     doing parameter domain master = no
     doing parameter preferred master = no
     doing parameter os level = 0
     doing parameter wins support = no
     doing parameter wins server = 192.168.1.185
     doing parameter wins proxy = no
     doing parameter announce as = NT
     doing parameter name resolve order = lmhosts wins
     doing parameter revalidate = False
     doing parameter encrypt passwords = yes
     doing parameter password level = 6
     doing parameter include = /opt/samba/lib/%L.conf
     Can't find include file /opt/samba/lib/.conf
     doing parameter hosts allow = 192.168. 127.0.0.1
     doing parameter invalid users = bin daemon sys adm uucp lp hpdb nuucp
www
     doing parameter dont descend
/stand,/dev,/etc,/sbin,/opt,/root,/usr,/net,/export,/tmp
     doing parameter browseable = yes
     doing parameter protocol = NT1
     doing parameter dead time = 15
     doing parameter follow symlinks = yes
     doing parameter wide links = no
     doing parameter mangle case = no
     doing parameter case sensitive = yes
     doing parameter preserve case = yes
     doing parameter short preserve case = yes
     pm_process() returned Yes
     added interface ip=192.168.1.240 bcast=192.168.1.255
nmask=255.255.255.0
     Old SMB password:
     New SMB password:
     Retype new SMB password:
     Connecting to 127.0.0.1 at port 139
     machine 127.0.0.1 rejected the tconX on the IPC$ share. Error was :
code 0.
     Failed to change password for tester

I then tried using the "smbpasswd" command again using the
"-r" flag and
specifying the
virtual server name.   This did not work either.    Following is a portion
of the debug information
that was displayed for the attempt.

     <<< debug information deleted >>>
     Old SMB password:
     New SMB password:
     Retype new SMB password:
     resolve_lmhosts: Attempting lmhosts lookup for name virtual02<0x20>
     Connecting to 192.168.1.240 at port 139
     machine virtual02 rejected the tconX on the IPC$ share. Error was :
code 0.
     Failed to change password for tester

Can you tell me what I need to do, to allow the users that are listed in
the local smbpasswd file
to change their passwords?

Is there any documentation available that provides more detail on setting
up and troubleshooting
the virtual samba server configurations?

Thank you for your assistance.

Michael Ewing
UNIX System Administrator
Berkley Information Services

Robert,

In my current setup, almost all of the options are defined in the master
smb.conf file.
Following is a listing of the only options that are defined in the two
virtual smb.conf
files that I have setup.


     virtual01.conf

          [global]
                security = server
                password server = local_PDC


     virtual02.conf

          [global]
                security = user
                password file = /opt/samba/etc/smbpasswd



The configuration that I am trying to support is as follows.

     Both virtual servers support the same file shares.   The only
difference
     between the servers is how the user is authenticated.    One virtual
server
     uses the local PDC system to authenticate the users' passwords.   The
     second virtual server uses the local smbpasswd file to provide access
     for a limited number of remote users that are not listed in our local
PDC.

     Including the entries for these remote users in the local PDC is an
option
     that is currently NOT available.

Would either of the following solutions work to resolve this issue?

     1.  Include the Samba server's DNS name in the "netbios
alias"
definition
          and setup a configuration file that specifies the local smbpasswd
file.

     2.  Include the   "security =" and the "password file
=" definitions
before the
          "include =" statement in the master smb.conf file.   The
values
should
          then be reassigned when the virtual server config files are
included.

Or,  is it possible to setup the smb.conf file of a regular samba server to
use multiple
authentication methods?    (ie.  The samba server would first check the
local smbpasswd
file then it would check the PDC.)

Here is a separate question about resource shares.

Is it possible to setup the smb.conf file to NOT have the "user's home
directory" and
"printers" shares visible when using the "Network
Neighborhood" utility to
view and
access the shares that are available from the samba server?    I only want
the users
to be able to see the shares that I have been defined for the samba server.
Since I
do not plan to support printing through the samba server, I currently do
not have any
printing options defined.

Thanks for all your help.

Michael Ewing
UNIX System Administrator
Berkley Information Services






                    "Robert
                    Dahlem"              To:    
"MEwing@berkleyis.com"
                    <Robert.Dahle        <MEwing@berkleyis.com>
                    m@gmx.net>           cc:     "samba@samba.org"
<samba@samba.org>
                                         Subject:     RE: Setting up virtual
samba servers
                    12/18/00
                    12:07 PM
                    Please
                    respond to
                    "Robert
                    Dahlem"






Michael,

On Mon, 18 Dec 2000 12:01:09 -0600, MEwing@berkleyis.com wrote:
>Thank you for the pointer on using "include =" rather than
"config
>file =" in setting up the virtual samba servers. I made this change
>and the client systems are now able to connect to the specified
>virtual servers.
>
>I am now running into a different problem.   This one involves
>changing the user's passwords on the virtual server that is
>configured to use the local password file for authentication.
Perhaps you have vital parts of your config in one of the files for the
virtual servers (/opt/samba/lib/smb.conf.%L). Are you sure that
everything what is needed in cases when no server name is known already
is in the master configuration file?

Regards,
        Robert

---------------------------------------------------------------
Robert.Dahlem@gmx.net           Fax +49-69-432647
---------------------------------------------------------------

Robert,

Thanks.    I tried specifying the password server and password file in the
smb.conf file
and it worked.   I had tried that before but for some reason it didn't work
- other issues
may have caused it fail then.
>> >Is it possible to setup the smb.conf file to NOT have the
"user's
>> >home directory" and "printers" shares visible when
using the "Network
>> >Neighborhood" utility to view and access the shares that are
>> >available from the samba server?    I only want the users to be
able
>> >to see the shares that I have been defined for the samba server.
>>
>> Doesn't "browseable = no" help?
I tried this, but it didn't seem to make any difference.

I created a [printers] definition and specified "load printers = no"
and
"browseable = no".  When I went back to the "Network
Neighborhood" the
"Printers" share is still displayed.  I'll keep investigating
this.

Thanks.

Michael Ewing





                    "Robert
                    Dahlem"              To:    
"MEwing@berkleyis.com"
                    <Robert.Dahle        <MEwing@berkleyis.com>
                    m@gmx.net>           cc:     "samba@samba.org"
<samba@samba.org>
                                         Subject:     RE: Setting up virtual
samba servers
                    12/18/00
                    03:24 PM
                    Please
                    respond to
                    "Robert
                    Dahlem"






Micheal,

On Mon, 18 Dec 2000 15:09:27 -0600, MEwing@berkleyis.com wrote:
>In my current setup, almost all of the options are defined in the
>master smb.conf file.
Good.
>Following is a listing of the only options that are defined in the
>two virtual smb.conf files that I have setup.
>
>     virtual01.conf
>          [global]
>                security = server
>                password server = local_PDC
>
>     virtual02.conf
>          [global]
>                security = user
This is default, so it has just documentation purposes. Your server
will run with "security = user" as long as it does not include
virtual01.conf.
>                password file = /opt/samba/etc/smbpasswd
You should move this to the master configuration file: Think of a
situation where the client does not explicitly tell a server name
(remember: the program smbpasswd is a client too!). So where should
Samba search its password database?

>The configuration that I am trying to support is as follows.
>
>     Both virtual servers support the same file shares.   The only
>difference between the servers is how the user is authenticated.
>One virtual server uses the local PDC system to authenticate the
>users' passwords.   The second virtual server uses the local
>smbpasswd file to provide access for a limited number of remote users
>that are not listed in our local PDC.
Are you sure you really need all the virtual stuff? The man page for
smb.conf says:

  "security=server"

    In this mode Samba will try to validate the username/password by
    passing it to another SMB server, such as an NT box. If this fails
    it will revert to "security = user", [...]

So I think you don't need no virtual servers at all. Just configure:

  security = server
  password server = ...
  password file = ...
>Or, is it possible to setup the smb.conf file of a regular samba
>server to use multiple authentication methods?    (ie.  The samba
>server would first check the local smbpasswd file then it would check
>the PDC.)
No, only the other way round. BTW: That's what you described in the
first place. :-)

>Here is a separate question about resource shares.
>Is it possible to setup the smb.conf file to NOT have the "user's
>home directory" and "printers" shares visible when using the
"Network
>Neighborhood" utility to view and access the shares that are
>available from the samba server?    I only want the users to be able
>to see the shares that I have been defined for the samba server.
Doesn't "browseable = no" help?

Regards,
        Robert


--
---------------------------------------------------------------
Robert.Dahlem@gmx.net           Fax +49-69-432647
---------------------------------------------------------------

Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.

Hi Michael,
I have the same behavior here on Samba 2.0.7 on HP-UX 11.0.
My printers section looks as follows:

[printers]
load printers = no
browseable = no

And from an NT workstation I STILL get a Printers share showing up, though
it is empty.
In fact, if I remove the printers section entirely, I STILL get a
printers share show up.

I scanned the debug file, and found the netenum smb call that we reply to to
give back a list of shares to the client, and we (samba) are NOT sending any
information back that indicates that we HAVE a printers share; I am
beginning to suspect that this is a client side aberation....
Don

-----Original Message-----
From: MEwing@berkleyis.com [mailto:MEwing@berkleyis.com]
Sent: Monday, December 18, 2000 4:56 PM
To: Robert Dahlem
Cc: samba@samba.org
Subject: RE: Setting up virtual samba servers




Robert,

Thanks.    I tried specifying the password server and password file in the
smb.conf file
and it worked.   I had tried that before but for some reason it didn't work
- other issues
may have caused it fail then.
>> >Is it possible to setup the smb.conf file to NOT have the
"user's
>> >home directory" and "printers" shares visible when
using the "Network
>> >Neighborhood" utility to view and access the shares that are
>> >available from the samba server?    I only want the users to be
able
>> >to see the shares that I have been defined for the samba server.
>>
>> Doesn't "browseable = no" help?
I tried this, but it didn't seem to make any difference.

I created a [printers] definition and specified "load printers = no"
and
"browseable = no".  When I went back to the "Network
Neighborhood" the
"Printers" share is still displayed.  I'll keep investigating
this.

Thanks.

Michael Ewing




 

                    "Robert

                    Dahlem"              To:    
"MEwing@berkleyis.com"

                    <Robert.Dahle        <MEwing@berkleyis.com>

                    m@gmx.net>           cc:     "samba@samba.org"
<samba@samba.org>       
                                         Subject:     RE: Setting up virtual
samba servers 
                    12/18/00

                    03:24 PM

                    Please

                    respond to

                    "Robert

                    Dahlem"

 

 





Micheal,

On Mon, 18 Dec 2000 15:09:27 -0600, MEwing@berkleyis.com wrote:
>In my current setup, almost all of the options are defined in the
>master smb.conf file.
Good.
>Following is a listing of the only options that are defined in the
>two virtual smb.conf files that I have setup.
>
>     virtual01.conf
>          [global]
>                security = server
>                password server = local_PDC
>
>     virtual02.conf
>          [global]
>                security = user
This is default, so it has just documentation purposes. Your server
will run with "security = user" as long as it does not include
virtual01.conf.
>                password file = /opt/samba/etc/smbpasswd
You should move this to the master configuration file: Think of a
situation where the client does not explicitly tell a server name
(remember: the program smbpasswd is a client too!). So where should
Samba search its password database?

>The configuration that I am trying to support is as follows.
>
>     Both virtual servers support the same file shares.   The only
>difference between the servers is how the user is authenticated.
>One virtual server uses the local PDC system to authenticate the
>users' passwords.   The second virtual server uses the local
>smbpasswd file to provide access for a limited number of remote users
>that are not listed in our local PDC.
Are you sure you really need all the virtual stuff? The man page for
smb.conf says:

  "security=server"

    In this mode Samba will try to validate the username/password by
    passing it to another SMB server, such as an NT box. If this fails
    it will revert to "security = user", [...]

So I think you don't need no virtual servers at all. Just configure:

  security = server
  password server = ...
  password file = ...
>Or, is it possible to setup the smb.conf file of a regular samba
>server to use multiple authentication methods?    (ie.  The samba
>server would first check the local smbpasswd file then it would check
>the PDC.)
No, only the other way round. BTW: That's what you described in the
first place. :-)

>Here is a separate question about resource shares.
>Is it possible to setup the smb.conf file to NOT have the "user's
>home directory" and "printers" shares visible when using the
"Network
>Neighborhood" utility to view and access the shares that are
>available from the samba server?    I only want the users to be able
>to see the shares that I have been defined for the samba server.
Doesn't "browseable = no" help?

Regards,
        Robert


--
---------------------------------------------------------------
Robert.Dahlem@gmx.net           Fax +49-69-432647
---------------------------------------------------------------

Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.