Hello List: I have a Samba 2.0.x server with the folloing configuration: [global] log file = /usr/local/samba/log.%m workgroup = CONSUL domain logons = yes [tmp] comment = Temporary file space path = /tmp read only = yes public = yes valid users = nhctiins [pchome] comment = PC Directories path = /datos/pc/nhctiins public = yes writeable = yes valid users = nhctiins This server has taken control as PDC and Microsoft people is telling it has caused some changes in the MS Exchange server registry. Is there any posibility that this configuration instructs the server to become a PDC? I think that the 'os_level' paramenter should be changed in order become PDC. Regards. NOE HOYOS __________________________________________________ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20020218/d5b3724d/attachment.bin
hello people. has anyone been able to set up a user account in samba's PDC, so that w2000 worstation would recognize that user as an administrator with all consequences (being able to modify registry, etc.) the problem is that i can't tell samba that i'm a domain administrator and can do with the workstation (that is logged into domain) whatever i want Regards, Denis M. Yarkovoy mailto:admin@di-star.net
Follow up to my message just sent. I am able to use Samba PDC with W2K client. I have read the Samba-PDC Howto. Many thanks Rob UTS CRICOS Provider Code: 00099F DISCLAIMER =======================================================================This email message and any accompanying attachments may contain confidential information. If you are not the intended recipient, do not read, use, disseminate, distribute or copy this message or attachments. If you have received this message in error, please notify the sender immediately and delete this message. Any views expressed in this message are those of the individual sender, except where the sender expressly, and with authority, states them to be the views the University of Technology Sydney. Before opening any attachments, please check them for viruses and defects. =======================================================================-------------- next part -------------- HTML attachment scrubbed and removed
Hello I'm trying to replace the windows PDC of my company with a linux one. I've tried doing this with samba...It allows me to join a computer to the specific domain, but it won't allow me to log in, although i've created the users and passwords (useradd and smbpasswd) Can anyone please email me a smb.conf example that works for him/her? Thank you -------------- next part -------------- HTML attachment scrubbed and removed
You missed a crucial piece of information - what client are you using? If it is XP then you will need to apply a registry change - read HYPERLINK "http://hr.uoregon.edu/davidrl/samba.html"http://hr.uoregon.edu/davidrl/samb a.html "Use the Group Policy editor (gpedit.msc) and disable the "Domain Member: Digitally encrypt or sign secure channel data". Alternately, you can make the following change to the registry: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requiresignorseal"=dword:00000000 " Noel -----Original Message----- From: Liviu Balan [mailto:liviub@paginiaurii.ro] Sent: 11 November 2002 08:47 To: samba@lists.samba.org Subject: [Samba] samba PDC Hello I'm trying to replace the windows PDC of my company with a linux one. I've tried doing this with samba...It allows me to join a computer to the specific domain, but it won't allow me to log in, although i've created the users and passwords (useradd and smbpasswd) Can anyone please email me a smb.conf example that works for him/her? Thank you --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.410 / Virus Database: 231 - Release Date: 31/10/2002 -------------- next part -------------- HTML attachment scrubbed and removed
I followed the procedure to configure SAMBA as a PDC as outlined in samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is COFRNY, and I expected a COFRNY.SID to be generated. However, MACHINE.SID was generated instead. Furthermore, I cannot see the COFRNY domain listed within MS Networks on my XP workstation. Any ideas on what I did wrong? Here is the procedure in detail: [global] workgroup = COFRNY domain logons = yes security = user os level = 34 local master = yes preferred master = yes domain master = yes ------------------------------------------------ For Windows NT clients you must also ensure that Samba is using encrypted passwords: encrypted passwords = yes Furthermore, also exclusively for Windows NT clients, create Trust accounts which allow a machine to log in to the PDC itself. Create a "dummy" account in the /etc/passwd file with the following entry: city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null Note that we have also disabled the password field by placing a * in it. This is because Samba will use the smbpasswd file to contain the password instead, and we don't want anyone to telnet into the machine using that account. Additionally, '1000' is the UID of the account for the encrypted password database. Next, add the encrypted password using the smbpasswd command, as follows: # smbpasswd -a -m city-f5pfa29xta Added user city-f5pfa29xta$ Password changed for user city-f5pfa29xta$ The -m option specifies that a machine trust account is being generated. The smbpasswd program will automatically set the initial encrypted password as the NetBIOS name of the machine in lowercase letters. When specifying this option on the command line, do not put a dollar sign after the machine name - it will be appended automatically. Once the encrypted password has been added, Samba is ready to handle domain logins from a NT client.
Thank you for replying. You are correct in that the version of SAMBA is 2.2.1 .
I was not aware of the WinXP_SignOrSeal.reg registry update. However, I am aware
of WinXP SP1 which has been applied. I suspect that the WinXP_SignOrSeal.reg
registry update is separate from SP1. I will attempt to obtain the registry
update and apply it to the XP workstation.
Any direction you can give on this issue would be greatly appreciated.
Here is an additional observation: From the SAMBA Troubleshooting Guide, I have
encountered the precise anomaly that I am experiencing:
Symptom: It is possible to "ping" the HOST from the client (on port 7;
the echo port) but the client is unable to obtain the list of shares on HOST. [I
can ping either the IP addr or the NetBIOS name of the server from the
workstation].
Cause: Traffic on one or more of the NetBIOS-over-TCP ports (137, 138, 139) are
blocked. To verify this, type one of the following commands:
nbtstat -A 172.17.60.6
If this command shows a list of NetBIOS names, then port 137 is open. Otherwise,
it is blocked. [The COFR3 server is listed along with the COFRNY domain as shown
in the separate section below].
Resolution: Find the router, firewall, switch or other device that is blocking
ports 137-139 and reconfigure it. UDP traffic must be permitted on ports 137 and
138, and TCP traffic must be permitted on port 139. [Since this Linux server is
a Virtual Machine, could this be interpreted as an issue with its TCP/IP
configuration?].
I could not run a traceroute on the workstations NetBIOS name from the Linux
server as it was an unknown host. However, I was able to obtain the following
using the workstations leased IP address:
traceroute to 172.16.4.251 (172.16.4.251), 30 hops max, 38 byte packets
1 172.17.60.5 (172.17.60.5) 7.462 ms 0.812 ms 0.678 ms
2 172.16.4.251 (172.16.4.251) 3.379 ms 23.449 ms 5.059 ms
--------------------------------------------------------------------------------------------------------
Here are the results of the nbstat command above:
C:\>nbtstat -A 172.17.60.6
Local Area Connection:
Node IpAddress: [172.16.4.251] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
COFR3 <00> UNIQUE Registered
COFR3 <03> UNIQUE Registered
COFR3 <20> UNIQUE Registered
..__MSBROWSE__.<01> GROUP Registered
COFRNY <00> GROUP Registered
COFRNY <1B> UNIQUE Registered
COFRNY <1C> GROUP Registered
COFRNY <1D> UNIQUE Registered
COFRNY <1E> GROUP Registered
MAC Address = 00-00-00-00-00-00
COFR3 is the NetBIOS name of the server, and COFRNY is the workgroup name that I
am trying to use to set up the domain.
--------------------------------------------------------------------------------------------------------
>>> John H Terpstra <jht@samba.org> 12/23/02 12:48PM >>>
Kenneth,
You did not mention the samba version. Suspect you are using 2.2.x.
Did you apply the WinXP_SignOrSeal.reg registry update?
You will need to as XP defaults to this and samba-2.2.x does not support
it yet.
- John T.
On Mon, 23 Dec 2002, Kenneth Illingsworth wrote:
> I followed the procedure to configure SAMBA as a PDC as outlined in
samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name
is COFRNY, and I expected a COFRNY.SID to be generated. However, MACHINE.SID
was generated instead. Furthermore, I cannot see the COFRNY domain listed within
MS Networks on my XP workstation. Any ideas on what I did wrong?
>
> Here is the procedure in detail:
>
> [global]
> workgroup = COFRNY
> domain logons = yes
> security = user
> os level = 34
> local master = yes
> preferred master = yes
> domain master = yes
>
> ------------------------------------------------
> For Windows NT clients you must also ensure that Samba is using encrypted
passwords:
>
> encrypted passwords = yes
>
> Furthermore, also exclusively for Windows NT clients, create Trust accounts
which allow a machine to log in to the PDC itself. Create a "dummy"
account in the /etc/passwd file with the following entry:
>
> city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null
>
> Note that we have also disabled the password field by placing a * in it.
This is because Samba will use the smbpasswd file to contain the password
instead, and we don't want anyone to telnet into the machine using that
account. Additionally, '1000' is the UID of the account for the
encrypted password database.
>
> Next, add the encrypted password using the smbpasswd command, as follows:
>
> # smbpasswd -a -m city-f5pfa29xta
> Added user city-f5pfa29xta$
> Password changed for user city-f5pfa29xta$
>
> The -m option specifies that a machine trust account is being generated.
The smbpasswd program will automatically set the initial encrypted password as
the NetBIOS name of the machine in lowercase letters. When specifying this
option on the command line, do not put a dollar sign after the machine name - it
will be appended automatically. Once the encrypted password has been added,
Samba is ready to handle domain logins from a NT client.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
--
John H Terpstra
Email: jht@samba.org
On Mon, 23 Dec 2002, Kenneth Illingsworth wrote:> Thank you for replying. You are correct in that the version of SAMBA is 2.2.1 .Strongly suggest you update to samba-2.2.7a as there have been MANY fixes and updates since 2.2.1. You can obtain the RPM packages from the samba FTP sites.> > I was not aware of the WinXP_SignOrSeal.reg registry update. However, I am aware of WinXP SP1 which has been applied. I suspect that the WinXP_SignOrSeal.reg registry update is separate from SP1. I will attempt to obtain the registry update and apply it to the XP workstation. > > Any direction you can give on this issue would be greatly appreciated.Attached. It can be found in all recent releases of samba in the docs/Registry directory. Send me your smb.conf file to <jht@samba.org> and I will try to help you. - John T.> > Here is an additional observation: From the SAMBA Troubleshooting Guide, I have encountered the precise anomaly that I am experiencing: > > Symptom: It is possible to "ping" the HOST from the client (on port 7; the echo port) but the client is unable to obtain the list of shares on HOST. [I can ping either the IP addr or the NetBIOS name of the server from the workstation]. > > Cause: Traffic on one or more of the NetBIOS-over-TCP ports (137, 138, 139) are blocked. To verify this, type one of the following commands: > > nbtstat -A 172.17.60.6 > > If this command shows a list of NetBIOS names, then port 137 is open. Otherwise, it is blocked. [The COFR3 server is listed along with the COFRNY domain as shown in the separate section below]. > > Resolution: Find the router, firewall, switch or other device that is blocking ports 137-139 and reconfigure it. UDP traffic must be permitted on ports 137 and 138, and TCP traffic must be permitted on port 139. [Since this Linux server is a Virtual Machine, could this be interpreted as an issue with its TCP/IP configuration?]. > > I could not run a traceroute on the workstations NetBIOS name from the Linux server as it was an unknown host. However, I was able to obtain the following using the workstations leased IP address: > > traceroute to 172.16.4.251 (172.16.4.251), 30 hops max, 38 byte packets > 1 172.17.60.5 (172.17.60.5) 7.462 ms 0.812 ms 0.678 ms > 2 172.16.4.251 (172.16.4.251) 3.379 ms 23.449 ms 5.059 ms > > -------------------------------------------------------------------------------------------------------- > Here are the results of the nbstat command above: > > C:\>nbtstat -A 172.17.60.6 > > Local Area Connection: > Node IpAddress: [172.16.4.251] Scope Id: [] > > NetBIOS Remote Machine Name Table > > Name Type Status > --------------------------------------------- > COFR3 <00> UNIQUE Registered > COFR3 <03> UNIQUE Registered > COFR3 <20> UNIQUE Registered > ..__MSBROWSE__.<01> GROUP Registered > COFRNY <00> GROUP Registered > COFRNY <1B> UNIQUE Registered > COFRNY <1C> GROUP Registered > COFRNY <1D> UNIQUE Registered > COFRNY <1E> GROUP Registered > > MAC Address = 00-00-00-00-00-00 > > COFR3 is the NetBIOS name of the server, and COFRNY is the workgroup name that I am trying to use to set up the domain. > -------------------------------------------------------------------------------------------------------- > > >>> John H Terpstra <jht@samba.org> 12/23/02 12:48PM >>> > Kenneth, > > You did not mention the samba version. Suspect you are using 2.2.x. > Did you apply the WinXP_SignOrSeal.reg registry update? > You will need to as XP defaults to this and samba-2.2.x does not support > it yet. > > - John T. > > > On Mon, 23 Dec 2002, Kenneth Illingsworth wrote: > > > I followed the procedure to configure SAMBA as a PDC as outlined in samba/swat.cgi/swat/using_samba/ch06_05.html on my Linux server. My domain name is COFRNY, and I expected a COFRNY.SID to be generated. However, MACHINE.SID was generated instead. Furthermore, I cannot see the COFRNY domain listed within MS Networks on my XP workstation. Any ideas on what I did wrong? > > > > Here is the procedure in detail: > > > > [global] > > workgroup = COFRNY > > domain logons = yes > > security = user > > os level = 34 > > local master = yes > > preferred master = yes > > domain master = yes > > > > ------------------------------------------------ > > For Windows NT clients you must also ensure that Samba is using encrypted passwords: > > > > encrypted passwords = yes > > > > Furthermore, also exclusively for Windows NT clients, create Trust accounts which allow a machine to log in to the PDC itself. Create a "dummy" account in the /etc/passwd file with the following entry: > > > > city-f5pfa29xta$:*:1000:900:Trust Account:/dev/null:/dev/null > > > > Note that we have also disabled the password field by placing a * in it. This is because Samba will use the smbpasswd file to contain the password instead, and we don't want anyone to telnet into the machine using that account. Additionally, '1000' is the UID of the account for the encrypted password database. > > > > Next, add the encrypted password using the smbpasswd command, as follows: > > > > # smbpasswd -a -m city-f5pfa29xta > > Added user city-f5pfa29xta$ > > Password changed for user city-f5pfa29xta$ > > > > The -m option specifies that a machine trust account is being generated. The smbpasswd program will automatically set the initial encrypted password as the NetBIOS name of the machine in lowercase letters. When specifying this option on the command line, do not put a dollar sign after the machine name - it will be appended automatically. Once the encrypted password has been added, Samba is ready to handle domain logins from a NT client. > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > >-- John H Terpstra Email: jht@samba.org -------------- next part -------------- REGEDIT4 ;Contributor: John H Terpstra ;Updated: December 17, 2002 ;Status: Current ; ;Subject: Registry file update to delete roaming profiles on logout [HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows NT\CurrentVersion\winlogon "DeleteRoamingCache"=dword:00000001
Hello, is this possible to use a samba server as PDC and authenticate
users against other samba server.
So, there are two samba PDC-s:
one is "local" and another is "remote".
"local" is in same subnet as clients and hosts machine accounts and
local user accounts and is PDC in local domain. "local" is linux.
"remote" is also Samba PDC, on solaris.
Problem is that although i can use "local" shares with my username and
password from windows 2000 computer, I can not login to domain from
windows 2000 workstation, from there only "local" computer accounts
that
have password in "local" smbpasswd can log in.
Unix account information is replicated via nisplus, so this is not a
problem.
configuration from "local" is here:
[global]
workgroup = SOLARIS
client code page = 775
character set = ISO8859-15
netbios name = KOGER
server string = Samba Server
printcap name = /etc/printcap
load printers = no
printing = lprng
log file = /var/log/samba/%m.log
max log size = 0
log level = 3
security = server
password server = raud.ut.ee
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
unix password sync = No
passwd program = /usr/bin/passwd %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
pam password change = no
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 65
domain master = yes
preferred master = yes
domain logons = yes
logon path = \\koger\Profiles\%U
wins support = yes
wins proxy = yes
dns proxy = no
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
guest ok = yes
writable = no
share modes = no
[Profiles]
path = /usr/local/samba/profiles
browseable = no
guest ok = yes
writable = yes
--
Lauri Jesmin (jesmin@ut.ee)
Hi,
I built a samba PDC for some win2k clients, it all works fine, but i got the
feeling some things aren't right.
My first point is that logging on/off takes WAY longer with the PDC, than
just on local accounts, but i can imagine that's a network problem, but to
me it feels like a timeout or something.
The other reason why I think something isn't good is that the local profile
and the profile on the server don't match.
For example I took a new wallpaper with internet explorer (so there is
written a file in the profile called "Microsoft Internet Explorer
wallpaper.bmp") and in the profile on the server it was still the old one,
but local the new wallpaper is written down.
I guess you guys need my smb.conf to locate the issue (if there is one...?),
so i'll post it here.
Greets, Wouter
smb.conf:
[global]
null passwords = no
log file = /var/log/samba/log.%m
loglevel = 2
debug timestamp = yes
bind interfaces only = yes
max log size = 250
interfaces = 192.168.1.0/255.255.255.0
domain master = yes
#add user script = /usr/sbin/adduser -g machines -c NTMachine -d
/dev/null -s /bin/false -n '$
#delete user script = /usr/sbin/userdel %m$
locking = yes
domain logons = yes
preferred master = yes
encrypt passwords = yes
password level = 0
logon path = \\Server\homedir\.profile
serverstring = Zaaijernet server (Samba %v)
socket address = 192.168.1.1
hosts allow = 192.168.1. localhost
workgroup = ZAAIJERNET
username map = /etc/samba/smbusers
smb passwd file = /etc/samba/smbpasswd
logon script = login.bat
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192
SO_RCVBUF=8192
read raw = yes
write raw = yes
netbios name = SERVER
printing = lprng
printcap name = /etc/printcap
use client driver = yes
load printers = yes
local master = yes
security = user
os level = 65
oplocks = True
deadtime = 1
lock directory = /tmp/samba
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes
[netlogon]
allow hosts = 192.168.1.
comment = The domain logon service
path = /samba/scripts
browseable = no
guest ok = yes
public = yes
[homes]
comment = Home Directories
browseable = no
writeable = yes
[homedir]
comment = Homedir
path = %H
public = no
printable = no
create mask = 0600
directory mask = 0700
available = yes
guest only = no
writeable = yes
browseable = yes
only user = no
map archive = no
map system = no
map hidden = no
[homepage]
comment = Homepage
path = %H/.www
public = no
printable = no
create mask = 0644
directory mask = 0755
available = yes
guest only = no
writeable = yes
browseable = yes
only user = no
map archive = no
map system = no
map hidden = no
[fax]
comment = Binnengekomen faxen
path = /var/spool/hylafax/recvq
public = no
writeable = yes
printable = no
available = yes
guest only = no
writeable = no
browseable = yes
only user = no
[ftp]
comment = Anonymous FTP root
path = /home/ftp
public = no
printable = no
create mask = 0644
directory mask = 0755
force user = ftp
force group = ftp
available = yes
guest only = no
writeable = yes
browseable = yes
only user = no
map archive = no
map system = no
map hidden = no
Hello,
I have been trying to set up a PDC with Samba ver 2.27 or so. I'm
positive that my smb.conf file is correct, I can join my win2k boxes to the PDC,
but when I try to log in, I get a "The system cannot log you on because the
machine account for this computer either does not exist or is not
accessible."
What am I overlooking?
Thank you
Thomas Davis
--
____________________________________________
http://www.operamail.com
Get OperaMail Premium today - USD 29.99/year
Powered by Outblaze
Hi,
I trying to configure my FreeBSD as a network PDC and when I'm running
smbpasswd to add machine's name I retrieve the message:
command: smbpasswd -m -a marcia$ or
smbpasswd -m -a marcia
fetch_ldap_pw: no ldap secret retrieve.
ldap_connect_system: Failed to retrieve password for from secrets.tdb
help!!!!!!!!!!!!!!!!!
Paulo Fonseca Jr.
Greetings,
This is my first post to this mailing list. I was recently put in charge
of replacing the unstable, failing Windows 2000 Domain Controller on my
company's network, since I'm the only "certified" (laugh here)
one here. So,
dreading the prospect of configuring a new Windows 2000 Active Directory
server, I began to look at alternatives. Natually, Samba was presented to me
as a viable alternative. Our company being run almost entirely on Open
Source software, I thought this would likely work out quite nicely.
Our network had 2 Windows 2000 Domain Controllers. One of them was
almost exclusively a Domain Controller (read: no other function), so I
thought that this would be the most ideal candidate for testing. That, and
the fact that it was failing to the point of needing a reboot about every 3
hours. The other DC also functioned as a MS SQL 7 server for our only
non-open source application, GoldMine; a sales and marketing application. So
I demoted the ailing DC, removed it from the Directory, and powered it off.
I let it sit for a few days, watching the load on the 2nd DC, making sure it
could handle the added load while I was scrubbing the other server. Turns
out that the "added load" of being the only DC consumed about 2% more
resources. So I was good to go.
After installing and configuring a basic Debian Woody system, I set out
to learn just how Samba worked as a PDC. I found tons of documentation,
which helped, but I never found a single sample config script that even
began to work for me. I spent at least 2 weeks researching the project. The
result was that I was successful in producing a stable, functional domain
controller. That project ended on June 4th, and I migrated the rest of the
network over the following evening. We have a mix of Windows 98 SE, Windows
2000, and Windows XP computers, most of which went smoothly. The Windows XP
machines had to have some registry modifications made, which I will make a
note of below.
About 2 weeks after the project was completed, our Linux administrator
advised me that I should post our config file onto this mailing list, in
case anyone else was in need of a known working smb.conf for a domain
controller. So, without further ado, here it is:
[global]
workgroup = DOMAIN
netbios name = SERVER_NAME
security = user
encrypt passwords = Yes
password server = PASSWORD_SERVER
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s
/bin/false -M %u
logon script = login.bat
logon home = \\SERVER_NAME\%U
logon drive = U:
lm announce = yes
lm interval = 120
remote announce = 192.168.0.0/24
domain logons = Yes
os level = 99
domain master = yes
enhanced browsing = true
local master = yes
preferred master = true
wins support = yes
name resolve order = wins lmhosts hosts bcast
log file = /var/log/samba/log.%m
domain admin group = root administrator
invalid users = root
[homes]
comment = Home Directories
browseable = yes
read only = no
create mask = 0755\
[netlogon]
comment = Network Logon Service
path = /usr/local/samba/netlogon
guest ok = yes
writable = no
share modes = no
That's it. Short and sweet.
Here are the aforementioned Windows XP registry modifications:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\req
uiresignorseal = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sig
nsecurechannel = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sea
lsecurechannel = 0
That's all of 'em.
Thanks for your time, and good luck to those who actually needed this info.
-Mark Warner
Thanks, robowarp. I did not know that that particular Windows XP issue was addressed in Samba 3. However, as I said, the server is running Debian "Woody", which is Debian's "stable" branch. As I do not wish to run "unstable" packages, I am sticking with the Woody packaged version for this particular box, and the XP registry fixes seem to work just fine. Thanks, Mark. ----- Original Message ----- From: <robowarp@gmx.de> To: "Mark Warner" <hammerhed@rapidreporting.com> Sent: Friday, July 18, 2003 4:50 PM Subject: Re: [Samba] Samba PDC> youre so cool , but your winxp reg patch is not of need, > at samba 3 > greetz > > Greetings, > > This is my first post to this mailing list. I was recently put in > > charge > > of replacing the unstable, failing Windows 2000 Domain Controller on my > > company's network, since I'm the only "certified" (laugh here) one here. > > So, > > dreading the prospect of configuring a new Windows 2000 Active Directory > > server, I began to look at alternatives. Natually, Samba was presentedto> > me > > as a viable alternative. Our company being run almost entirely on Open > > Source software, I thought this would likely work out quite nicely. > > Our network had 2 Windows 2000 Domain Controllers. One of them was > > almost exclusively a Domain Controller (read: no other function), so I > > thought that this would be the most ideal candidate for testing. That,and> > the fact that it was failing to the point of needing a reboot aboutevery> > 3 > > hours. The other DC also functioned as a MS SQL 7 server for our only > > non-open source application, GoldMine; a sales and marketingapplication.> > So > > I demoted the ailing DC, removed it from the Directory, and powered it > > off. > > I let it sit for a few days, watching the load on the 2nd DC, makingsure> > it > > could handle the added load while I was scrubbing the other server.Turns> > out that the "added load" of being the only DC consumed about 2% more > > resources. So I was good to go. > > After installing and configuring a basic Debian Woody system, I set > > out > > to learn just how Samba worked as a PDC. I found tons of documentation, > > which helped, but I never found a single sample config script that even > > began to work for me. I spent at least 2 weeks researching the project. > > The > > result was that I was successful in producing a stable, functionaldomain> > controller. That project ended on June 4th, and I migrated the rest ofthe> > network over the following evening. We have a mix of Windows 98 SE, > > Windows > > 2000, and Windows XP computers, most of which went smoothly. The Windows > > XP > > machines had to have some registry modifications made, which I will makea> > note of below. > > About 2 weeks after the project was completed, our Linuxadministrator> > advised me that I should post our config file onto this mailing list, in > > case anyone else was in need of a known working smb.conf for a domain > > controller. So, without further ado, here it is: > > > > [global] > > workgroup = DOMAIN > > netbios name = SERVER_NAME > > security = user > > encrypt passwords = Yes > > password server = PASSWORD_SERVER > > add user script = /usr/sbin/useradd -d /dev/null -g 100 -s > > /bin/false -M %u > > logon script = login.bat > > logon home = \\SERVER_NAME\%U > > logon drive = U: > > lm announce = yes > > lm interval = 120 > > remote announce = 192.168.0.0/24 > > domain logons = Yes > > os level = 99 > > domain master = yes > > enhanced browsing = true > > local master = yes > > preferred master = true > > wins support = yes > > name resolve order = wins lmhosts hosts bcast > > log file = /var/log/samba/log.%m > > domain admin group = root administrator > > invalid users = root > > > > [homes] > > comment = Home Directories > > browseable = yes > > read only = no > > create mask = 0755\ > > > > [netlogon] > > comment = Network Logon Service > > path = /usr/local/samba/netlogon > > guest ok = yes > > writable = no > > share modes = no > > > > That's it. Short and sweet. > > > > Here are the aforementioned Windows XP registry modifications: > > > > >HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\req> > uiresignorseal = 0 > > >HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sig> > nsecurechannel = 0 > > >HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\sea> > lsecurechannel = 0 > > > > That's all of 'em. > > > > Thanks for your time, and good luck to those who actually needed this > > info. > > > > -Mark Warner > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > +++ GMX - Mail, Messaging & more http://www.gmx.net +++ > > Jetzt ein- oder umsteigen und USB-Speicheruhr als Pr?mie sichern!
I'm trying to config Samba PDC using: The Unofficial Samba HOWTO but error apeared: The following error occurred attempting to join the domain MYDOMAIN: The specified network password is not correct I tried: Use Window's Group Policy Editor (gpedit.msc) to make the following changes in the Local Computer Policy\ Computer Configuration\ Windows Settings\ Security Settings\ Local Policies\ Security Options branch: Domain member: Digitally encrypt or sign secure channel data (DISABLE) andDomain member: Digitally sign secure channel data when possible (DISABLE) but nothing! error!!! can anyone help me? tnx a lot! _________________________________________________________________ Charla con tus amigos en l?nea mediante MSN Messenger: http://messenger.yupimsn.com/
are you using the root account and password to connect to the domain?> -----Original Message----- > From: JAVIER BARRACHINA [mailto:jbarrachina@msn.com] > Sent: Sunday, October 19, 2003 6:49 AM > To: samba@lists.samba.org > Subject: [Samba] Samba PDC > > > I'm trying to config Samba PDC using: The Unofficial Samba HOWTO > > but error apeared: > The following error occurred attempting to join the domain > MYDOMAIN: The > specified network password is not correct > > I tried: > Use Window's Group Policy Editor (gpedit.msc) to make the > following changes > in the Local Computer Policy\ Computer Configuration\ Windows > Settings\ > Security Settings\ Local Policies\ Security Options branch: > Domain member: > Digitally encrypt or sign secure channel data (DISABLE) > andDomain member: > Digitally sign secure channel data when possible (DISABLE) > > but nothing! error!!! > can anyone help me? > tnx a lot! > > _________________________________________________________________ > Charla con tus amigos en l?nea mediante MSN Messenger: > http://messenger.yupimsn.com/ > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Yes Chris... I tried with root and other root accounts but nothing! :(>From: "McKeever, Chris" <tech-mail@prupref.com> >To: 'JAVIER BARRACHINA' <jbarrachina@msn.com> >CC: samba@lists.samba.org >Subject: RE: [Samba] Samba PDC >Date: Sun, 19 Oct 2003 10:41:00 -0500 > >are you using the root account and password to connect to the domain? > > > -----Original Message----- > > From: JAVIER BARRACHINA [mailto:jbarrachina@msn.com] > > Sent: Sunday, October 19, 2003 6:49 AM > > To: samba@lists.samba.org > > Subject: [Samba] Samba PDC > > > > > > I'm trying to config Samba PDC using: The Unofficial Samba HOWTO > > > > but error apeared: > > The following error occurred attempting to join the domain > > MYDOMAIN: The > > specified network password is not correct > > > > I tried: > > Use Window's Group Policy Editor (gpedit.msc) to make the > > following changes > > in the Local Computer Policy\ Computer Configuration\ Windows > > Settings\ > > Security Settings\ Local Policies\ Security Options branch: > > Domain member: > > Digitally encrypt or sign secure channel data (DISABLE) > > andDomain member: > > Digitally sign secure channel data when possible (DISABLE) > > > > but nothing! error!!! > > can anyone help me? > > tnx a lot! > > > > _________________________________________________________________ > > Charla con tus amigos en l?nea mediante MSN Messenger: > > http://messenger.yupimsn.com/ > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > >_________________________________________________________________ ?Est?s buscando un auto nuevo? http://messenger.yupimsn.com/
Hi all. how can i do to run a sript in a Samba PDC server (Redhat 9.0, Samba 3.0) each time that someboy connects to a share on the server from a client? The script is a shell script. IT IS NOT THE LOGON SCRIPT. I tried with some parameters like exec, preexec and root preexec, but i got nothing. this is the script: for i in `cat /etc/group |grep $1 | cut -d: -f1` ; do touch /home/$1/._$i done please, somebody hel me with this.. thanks in advance Sebastian ------------ Internet GRATIS es Yahoo! Conexi?n 4004-1010 desde Buenos Aires. Usuario: yahoo; contrase?a: yahoo M?s ciudades: http://conexion.yahoo.com.ar
hi, i use
this to generate logon files
everytime a user connects to share netlogon
i think
rootpreexec = /var/lib/samba/netlogon/login.pl %U %G %m %L
or simular is what you need
regards
## Section - [netlogon]
[netlogon]
sharemodes = No
rootpreexec = /var/lib/samba/netlogon/login.pl %U %G
%m %L
comment = Netlogon Share
browseable = No
path = /var/lib/samba/netlogon
guestok = Yes
writelist = @ntadmin
locking = no
public = no
cscpolicy = disable
----- Original Message -----
From: "Sebastian Davancens" <s_davancens@yahoo.com.ar>
To: <samba@lists.samba.org>
Sent: Thursday, October 23, 2003 10:33 PM
Subject: **SPAM** [Samba] Samba PDC
> Hi all. how can i do to run a sript in a Samba PDC
> server (Redhat 9.0, Samba 3.0) each time that someboy
> connects to a share on the server from a client? The
> script is a shell script. IT IS NOT THE LOGON SCRIPT.
> I tried with some parameters like exec, preexec and
> root preexec, but i got nothing. this is the script:
>
> for i in `cat /etc/group |grep $1 | cut -d: -f1` ; do
> touch /home/$1/._$i
> done
>
> please, somebody hel me with this..
> thanks in advance
> Sebastian
>
>
> ------------
> Internet GRATIS es Yahoo! Conexi?n
> 4004-1010 desde Buenos Aires. Usuario: yahoo; contrase?a: yahoo
> M?s ciudades: http://conexion.yahoo.com.ar
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sebastian Davancens ?rta: | Hi all. how can i do to run a sript in a Samba PDC | server (Redhat 9.0, Samba 3.0) each time that someboy | connects to a share on the server from a client? The | script is a shell script. IT IS NOT THE LOGON SCRIPT. | I tried with some parameters like exec, preexec and | root preexec, but i got nothing. this is the script: | | for i in `cat /etc/group |grep $1 | cut -d: -f1` ; do | touch /home/$1/._$i | done | | please, somebody hel me with this.. | thanks in advance | Sebastian | | | ------------ | Internet GRATIS es Yahoo! Conexi?n | 4004-1010 desde Buenos Aires. Usuario: yahoo; contrase?a: yahoo | M?s ciudades: http://conexion.yahoo.com.ar Specify in the share preexec script = scriptname %U if you want to run the script as the connecting user or root preexec script = scriptname %U if you want to run the script as root (Think twice if you realy need this) or replace preexec with postexec, if you want to run it after the user disconects, in my opinion much less reliable. Good Luck, Geza Gemes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/mD6N/PxuIn+i1pIRAhdSAKCJt15HqrzFO/UFdyz/PwlUPadsvgCfRcIY 5fGy55uoWJup/6tBOyVucfo=ky9P -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Douglas Phillipson ?rta: | | | G?mes G?za wrote: | |> -----BEGIN PGP SIGNED MESSAGE----- |> Hash: SHA1 |> |> Sebastian Davancens ?rta: |> | Hi all. how can i do to run a sript in a Samba PDC |> | server (Redhat 9.0, Samba 3.0) each time that someboy |> | connects to a share on the server from a client? The |> | script is a shell script. IT IS NOT THE LOGON SCRIPT. |> | I tried with some parameters like exec, preexec and |> | root preexec, but i got nothing. this is the script: |> | |> | for i in `cat /etc/group |grep $1 | cut -d: -f1` ; do |> | touch /home/$1/._$i |> | done |> | |> | please, somebody hel me with this.. |> | thanks in advance |> | Sebastian |> | |> | |> | ------------ |> | Internet GRATIS es Yahoo! Conexi?n |> | 4004-1010 desde Buenos Aires. Usuario: yahoo; contrase?a: yahoo |> | M?s ciudades: http://conexion.yahoo.com.ar |> Specify in the share |> preexec script = scriptname %U if you want to run the script as the |> connecting user |> or |> root preexec script = scriptname %U if you want to run the script as |> root (Think twice if you realy need this) |> or replace preexec with postexec, if you want to run it after the user |> disconects, in my opinion much less reliable. |> |> | | I've found that there is a "timeout" time after which a share | disconnects and thus runs the postexec script. The user didn't log off, | the inactivity on the share caused it to disconnect. If the user uses | the share it reconnects but the postexec script runs everytime the share | times out so it's kind of worthless to me. | | Doug P | | This is a real problem, with both preexec, and postexec scripts, the only workaround I can see is to make your script check if the time of the touched files is newer than a specified amount, in which case do not touch them again. Ugly I know, but for now I don't have better ideas. Regards, Geza Gemes -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/mFy3/PxuIn+i1pIRAvc/AJ9azC02WD3mQsImXKwQBE5F4VQYmQCfeLsS JbWoGhxah3Lx2nn7k2mq+Cw=WwXz -----END PGP SIGNATURE-----