I am having a problem which with much help from this list I have gotten 90% complete. I am attempting to create a samba server which will authenticate users as a Domain member server using active directory. The question I have is how can I map a specific container which is not an OU but a CN in the active directory? Any help is appreciated. -- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK
When joining the samba box to a domain: %> net ads join -U <username> %> kinit Admin@DOMAIN.COM %> net ads join -U <username> <LDAP/AD Container of users> The last command fails and when doing an strace you can clearly see that it is expecting an Organizational Unit (OU) vs. a Common Name (CN) which is where the users I need to authenticate are currently residing. Do I need to move these to an OU vs. a CN? Here is the strace output I am refering to: %> strace -o tmp net ads join -U "Admin" "users" (only inclusing pertinant lines with searching for container to map to) write(6, "0C\2\1\5c>\4\36ou=users,dc=DOMAIN,dc=COM"..., 69) = 69 <-- here is the hard coded ou, I am not 100% familiar with the LDAP RFC but on a windows Active Directory there are CN and OU containers See how it is appending the OU=USERS? Edward Brookhouse wrote:>Not sure I understand your question. What are you trying to map? > >-----Original Message----- >From: samba-bounces+ebroo=healthydirections.com@lists.samba.org >[mailto:samba-bounces+ebroo=healthydirections.com@lists.samba.org] On >Behalf Of Jason Gerfen >Sent: Tuesday, September 20, 2005 11:25 AM >To: samba@lists.samba.org >Subject: [Samba] AD Authentication help please? > >I am having a problem which with much help from this list I have gotten >90% complete. I am attempting to create a samba server which will >authenticate users as a Domain member server using active directory. > >The question I have is how can I map a specific container which is not >an OU but a CN in the active directory? > >Any help is appreciated. > > >-- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK
Jason Gerfen
2005-Sep-21 16:22 UTC
OU vs. CN in LDAP?Re: [Samba] AD Authentication help please?
I am sorry to post this again, but I need some help on using Active Directory mapping. Jason Gerfen wrote:> When joining the samba box to a domain: > > %> net ads join -U <username> > %> kinit Admin@DOMAIN.COM > %> net ads join -U <username> <LDAP/AD Container of users> > > The last command fails and when doing an strace you can clearly see > that it is expecting an Organizational Unit (OU) vs. a Common Name > (CN) which is where the users I need to authenticate are currently > residing. > > Do I need to move these to an OU vs. a CN? Here is the strace output > I am refering to: > > %> strace -o tmp net ads join -U "Admin" "users" > > (only inclusing pertinant lines with searching for container to map to) > > write(6, "0C\2\1\5c>\4\36ou=users,dc=DOMAIN,dc=COM"..., 69) = 69 <-- > here is the hard coded ou, I am not 100% familiar with the LDAP RFC > but on a windows Active Directory there are CN and OU containers > > See how it is appending the OU=USERS?This is still the problem, I am able to view users, groups, domains etc using the wbinfo tool wthout problem. However when attempting to map a specific CN container within the Active Directory (Win2k) I recieve this error: ads_join_realm: organizational unit users does not exist (dn:ou=users,dc=COM,dc=COM) After using the ldap tools I find that the "users" container (which is where the users reside that I need to authenticate) is a CN vs. a OU which the net ads join command seems to be expecting (note the strace output from previous post listed above). If there is anyone on this list that has some more insight into this problem please help a brother out. =)> > > Edward Brookhouse wrote: > >> Not sure I understand your question. What are you trying to map? >> >> -----Original Message----- >> From: samba-bounces+ebroo=healthydirections.com@lists.samba.org >> [mailto:samba-bounces+ebroo=healthydirections.com@lists.samba.org] On >> Behalf Of Jason Gerfen >> Sent: Tuesday, September 20, 2005 11:25 AM >> To: samba@lists.samba.org >> Subject: [Samba] AD Authentication help please? >> >> I am having a problem which with much help from this list I have >> gotten 90% complete. I am attempting to create a samba server which >> will authenticate users as a Domain member server using active >> directory. >> >> The question I have is how can I map a specific container which is >> not an OU but a CN in the active directory? >> >> Any help is appreciated. >> >> >> > >-- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK
Strange, I guess that is my misunderstanding of the how it aquires the list of users when running a wbinfo -u command. Yep, here is the output: jason@odin-newb:~> sudo net ads join -U Admin@domain.com Admin@domain.com's password: xxxxxx Using short domain name -- DOMAIN.COM Joined 'ODIN-NEWB' to realm 'DOMAIN.COM' And when I check to see if it is avialable within Active Directory (member server of Win2k domain) I can clearly see the CN=odin-newb,cn=computers,dc=domain,dc=com listed in the appropriate container. My problem at this point is the only users I can view are in a different container. You say you can view all users for all containers right? Well after joining the domain the first time I followed the samba3-howto and attempted to point to a container of users and now those are the only ones I can view. http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html#ads-create-machine-account I am sorry about any confusion. Edward Brookhouse wrote:>I still do not understand what you mean by map ? > >In my setup wbinfo -u shows me 'everything' regardless of the container >it's in. > >It sounds like you think there should be some kind of authentication >mapping but there does not need to be one - > >By adding the computer to the domain - and setting up the kerb conf - >when an auth request hits samba he will hand it to the domain and the >domain should do a recursive search for user objects under >dc=your,dc=toplevel,dc=com > >The only reason you see the ou=Users in your trace is because Admin >lives in ou=Users by default. > >Can you authenticate ? Have you tried? > > > > > >-----Original Message----- >From: Jason Gerfen [mailto:jason.gerfen@scl.utah.edu] >Sent: Wednesday, September 21, 2005 1:46 PM >To: Edward Brookhouse >Subject: Re: [Samba] AD Authentication help please? > >Sorry, I suppose I am leaving things out. > >I am able to see the machine in the computers container after I >successfully joined the domain using the net ads join command. However >while trying (multiple times) to map to the CN=users container in Active > >directory I mapped to an OU=otherUsers which is now what I see when I do > >a wbinfo -u command. > >If what you are saying is correct about the default mapping to the >cn=users I need to revert back to this somehow. > >Edward Brookhouse wrote: > > > >>Try to forget about where the users live for a sec - get the computer >> >> >in > > >>the domain first. Your net ads join command should return a welcome to >>the domain if it does not - use a net rpc join command in the same >>fashion ->> >>Then go look in AD to see if that computer showed up in your Computers >>container - >> >>If It did great .. you should be golden >> >>If not - go back to the net join until it works :) >> >> >> >>-----Original Message----- >>From: Jason Gerfen [mailto:jason.gerfen@scl.utah.edu] >>Sent: Wednesday, September 21, 2005 1:22 PM >>To: Edward Brookhouse >>Subject: Re: [Samba] AD Authentication help please? >> >>Hmm, that might be my problem. I am using the HOWTO and running the >>commands in this order: >> >>%> net ads join -U <username> >>%> kinit <username> >>%> net ads join -U <username> "users" as the container which is not >>found. >> >>Do I need to do a net ads leave command? In order to attempt a new >>mapping for the users container? >> >>Edward Brookhouse wrote: >> >> >> >> >> >>>I'm still confused on what you are saying - here is why: >>> >>># net ads join >>> >>>Should join the 'computer' to the domain - the user should already be >>> >>> >>> >>> >>in >> >> >> >> >>>there -the ou=users is the default implied container where users live, >>>but it should not matter where the users is in the directory - >>> >>>For example - >>> >>>My domain is laid out like: >>> >>>dc=corp,dc=example,dc=com >>> >>>with ou=users being where admin lives >>>but all my other users live in ou=HD,ou=7811 >>> >>>once you do net ads join the computer should show up in the Computers >>>container. >>> >>> >>> >>> >>> >>>-----Original Message----- >>>From: Jason Gerfen [mailto:jason.gerfen@scl.utah.edu] >>>Sent: Tuesday, September 20, 2005 3:35 PM >>>To: Edward Brookhouse; samba@lists.samba.org >>>Subject: Re: [Samba] AD Authentication help please? >>> >>>When joining the samba box to a domain: >>> >>>%> net ads join -U <username> >>>%> kinit Admin@DOMAIN.COM >>>%> net ads join -U <username> <LDAP/AD Container of users> >>> >>>The last command fails and when doing an strace you can clearly see >>> >>> >>> >>> >>that >> >> >> >> >>>it is expecting an Organizational Unit (OU) vs. a Common Name (CN) >>> >>> >>> >>> >>which >> >> >> >> >>>is where the users I need to authenticate are currently residing. >>> >>>Do I need to move these to an OU vs. a CN? Here is the strace output >>> >>> >I > > >>> >>> >>> >>> >> >> >> >> >>>am refering to: >>> >>>%> strace -o tmp net ads join -U "Admin" "users" >>> >>>(only inclusing pertinant lines with searching for container to map >>> >>> >to) > > >>>write(6, "0C\2\1\5c>\4\36ou=users,dc=DOMAIN,dc=COM"..., 69) = 69 <-- >>>here is the hard coded ou, I am not 100% familiar with the LDAP RFC >>> >>> >but > > >>> >>> >>> >>> >> >> >> >> >>>on a windows Active Directory there are CN and OU containers >>> >>>See how it is appending the OU=USERS? >>> >>> >>>Edward Brookhouse wrote: >>> >>> >>> >>> >>> >>> >>> >>>>Not sure I understand your question. What are you trying to map? >>>> >>>>-----Original Message----- >>>>From: samba-bounces+ebroo=healthydirections.com@lists.samba.org >>>>[mailto:samba-bounces+ebroo=healthydirections.com@lists.samba.org] On >>>>Behalf Of Jason Gerfen >>>>Sent: Tuesday, September 20, 2005 11:25 AM >>>>To: samba@lists.samba.org >>>>Subject: [Samba] AD Authentication help please? >>>> >>>>I am having a problem which with much help from this list I have >>>> >>>> >>>> >>>> >>gotten >> >> >> >> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >>>>90% complete. I am attempting to create a samba server which will >>>>authenticate users as a Domain member server using active directory. >>>> >>>>The question I have is how can I map a specific container which is >>>> >>>> >not > > >>>> >>>> >>>> >>>> >> >> >> >> >>>>an OU but a CN in the active directory? >>>> >>>>Any help is appreciated. >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >> >> >> >> > > > >-- Jason Gerfen Student Computing Labs, University Of Utah jason.gerfen@scl.utah.edu J. Willard Marriott Library 295 S 1500 E, Salt Lake City, UT 84112-0860 801-585-9810 "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK
Well I made the changes you suggested but I am still not able to view any other container contents. I even used the net ads cache flush to see if I could get it to work. Thanks for the suggestions. Edward Brookhouse wrote:>Try changing your winbind separator to a + instead of a / > > >Here is my global in smb.conf > >[global] >netbios name = GOETHE >server string = IT Dev Server >realm = CORP.PHILLIPS.COM >workgroup = CORP >password server = 172.17.17.110 >security = ADS >encrypt passwords = yes >socket options = TCP_NODELAY > local master = no > dns proxy = yes > winbind separator = + >winbind uid = 10000-20000 > winbind gid = 10000-20000 > winbind enum groups = yes > winbind enum users = yes > idmap uid = 16777216-33554431 > idmap gid = 16777216-33554431 > template shell = /bin/false > winbind use default domain = no > > > > >Then in my homes definition: > > >[homes] > comment = Home Directories > browseable = no > writable = yes > user = @"CORP+domain users" > > > > >Where 'CORP' is my domain > > > >-----Original Message----- >From: Jason Gerfen [mailto:jason.gerfen@scl.utah.edu] >Sent: Wednesday, September 21, 2005 2:26 PM >To: Edward Brookhouse >Subject: Re: [Samba] AD Authentication help please? > >Here is the krb5.conf > ><KRB5.CONF> >[libdefaults] >default_realm = DOMAIN.COM >clockskew = 300 >dns_lookup_realm = true >dns_lookup_kdc = true >default_tkt_enctypes = des-cbc-crc des-cbc-md5 >default_tgs_enctypes = des-cbc-crc > >[realms] >DOMAIN.COM = { > kdc = 192.168.0.10 > default_domain = domain.com > admin_server = 192.168.0.10 >} > >[logging] >kdc = FILE:/var/log/krb5kdc.log >admin_server = FILE:/var/log/kadmin.log >default = FILE:/var/log/krb5lib.log > >[domain_realm] >.domain.com = DOMAIN.COM >domain.com = DOMAIN.COM > >[appdefaults] >pam = { > ticket_lifetime = 1d > renew_lifetime = 1d > forwardable = true > proxiable = false > retain_after_close = false > minimum_uid = 0 >} > >now the contents of the smb.conf > ><SMB.CONF> >[global] ># ># Network configuration ># > server string = odin-newb > workgroup = DOMAIN.COM > netbios name = ODIN-NEWB > realm = DOMAIN.COM > security = ADS > password server = 192.168.0.10 > ># ># Domain configuation options ># > prefered master = no > local master = no > domain master = no > prefered master = no > domain logons = no > ># ># Security options ># > encrypt passwords = yes > update encrypted = yes > password level = 20 > ># ># Enumeration options ># > winbind separator = / > winbind enum users = yes > winbind enum groups = yes > ># ># User/Group mapping options ># > idmap uid = 15000-20000 > idmap gid = 15000-20000 > ># ># LDAP/AD configuration options ># > ldap admin dn = "cn=XXXXX,ou=users,dc=domain,dc=com" > ldap delete dn = no > > use spnego = yes > ># ># Networking options ># > hide unreadable = no > wins support = no > dns proxy = no > > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > add machine script = /usr/sbin/useradd -c Machine -d >/var/lib/nobody -s /bin/false %m$ > ># ># Miscellaneous options ># > os level = 20 > template shell = /bin/bash > template homedir = /odin/%D/%U > load printers = no > ># ># Logging options ># > log level = 4 > log file = /var/log/samba.log.%m > > >The only container I can view (as far as using the wbinfo -u command) is > >anything in > >LDAP://192.168.0.10/OU=Test,DC=domain,DC=com # I can view these >users > >And the users I need to authenticate are in > >LDAP://192.168.0.10/CN=auth,DC=domain,DC=com > >??? > > >Edward Brookhouse wrote: > > > >>No need to be sorry :) >> >>That link you sent speaks to adding the Computer into a particular >>container - nothing about users. >> >>What is the layout of your domain? Which container can you see? Which >>can you not? >> >>How is your realm setup in krb5.conf ? >> >> >> >> >> >>-----Original Message----- >>From: Jason Gerfen [mailto:jason.gerfen@scl.utah.edu] >>Sent: Wednesday, September 21, 2005 2:10 PM >>To: Edward Brookhouse; samba@lists.samba.org >>Subject: Re: [Samba] AD Authentication help please? >> >>Strange, I guess that is my misunderstanding of the how it aquires the >>list of users when running a wbinfo -u command. >> >>Yep, here is the output: >> >>jason@odin-newb:~> sudo net ads join -U Admin@domain.com >>Admin@domain.com's password: xxxxxx >>Using short domain name -- DOMAIN.COM >>Joined 'ODIN-NEWB' to realm 'DOMAIN.COM' >> >>And when I check to see if it is avialable within Active Directory >>(member server of Win2k domain) I can clearly see the >>CN=odin-newb,cn=computers,dc=domain,dc=com listed in the appropriate >>container. >> >>My problem at this point is the only users I can view are in a >> >> >different > > >>container. You say you can view all users for all containers right? >> >>Well after joining the domain the first time I followed the >> >> >samba3-howto > > >>and attempted to point to a container of users and now those are the >>only ones I can view. >> >>http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-membe >> >> >r > > >>.html#ads-create-machine-account >> >>I am sorry about any confusion. >> >>Edward Brookhouse wrote: >> >> >> >> >> >>>I still do not understand what you mean by map ? >>> >>>In my setup wbinfo -u shows me 'everything' regardless of the >>> >>> >container > > >>>it's in. >>> >>>It sounds like you think there should be some kind of authentication >>>mapping but there does not need to be one - >>> >>>By adding the computer to the domain - and setting up the kerb conf - >>>when an auth request hits samba he will hand it to the domain and the >>>domain should do a recursive search for user objects under >>>dc=your,dc=toplevel,dc=com >>> >>>The only reason you see the ou=Users in your trace is because Admin >>>lives in ou=Users by default. >>> >>>Can you authenticate ? Have you tried? >>> >>> >>> >>> >>> >>>-----Original Message----- >>>From: Jason Gerfen [mailto:jason.gerfen@scl.utah.edu] >>>Sent: Wednesday, September 21, 2005 1:46 PM >>>To: Edward Brookhouse >>>Subject: Re: [Samba] AD Authentication help please? >>> >>>Sorry, I suppose I am leaving things out. >>> >>>I am able to see the machine in the computers container after I >>>successfully joined the domain using the net ads join command. >>> >>> >However > > >>> >>> >>> >>> >> >> >> >> >>>while trying (multiple times) to map to the CN=users container in >>> >>> >>> >>> >>Active >> >> >> >> >>>directory I mapped to an OU=otherUsers which is now what I see when I >>> >>> >>> >>> >>do >> >> >> >> >>>a wbinfo -u command. >>> >>>If what you are saying is correct about the default mapping to the >>>cn=users I need to revert back to this somehow. >>> >>>Edward Brookhouse wrote: >>> >>> >>> >>> >>> >>> >>> >>>>Try to forget about where the users live for a sec - get the computer >>>> >>>> >>>> >>>> >>>> >>>> >>>in >>> >>> >>> >>> >>> >>> >>>>the domain first. Your net ads join command should return a welcome >>>> >>>> >to > > >>>>the domain if it does not - use a net rpc join command in the same >>>>fashion ->>>> >>>>Then go look in AD to see if that computer showed up in your >>>> >>>> >Computers > > >>>>container - >>>> >>>>If It did great .. you should be golden >>>> >>>>If not - go back to the net join until it works :) >>>> >>>> >>>> >>>>-----Original Message----- >>>>From: Jason Gerfen [mailto:jason.gerfen@scl.utah.edu] >>>>Sent: Wednesday, September 21, 2005 1:22 PM >>>>To: Edward Brookhouse >>>>Subject: Re: [Samba] AD Authentication help please? >>>> >>>>Hmm, that might be my problem. I am using the HOWTO and running the >>>>commands in this order: >>>> >>>>%> net ads join -U <username> >>>>%> kinit <username> >>>>%> net ads join -U <username> "users" as the container which is not >>>>found. >>>> >>>>Do I need to do a net ads leave command? In order to attempt a new >>>>mapping for the users container? >>>> >>>>Edward Brookhouse wrote: >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>I'm still confused on what you are saying - here is why: >>>>> >>>>># net ads join >>>>> >>>>>Should join the 'computer' to the domain - the user should already >>>>> >>>>> >be > > >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>in >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>there -the ou=users is the default implied container where users >>>>> >>>>> >>>>> >>>>> >>live, >> >> >> >> >>>>>but it should not matter where the users is in the directory - >>>>> >>>>>For example - >>>>> >>>>>My domain is laid out like: >>>>> >>>>>dc=corp,dc=example,dc=com >>>>> >>>>>with ou=users being where admin lives >>>>>but all my other users live in ou=HD,ou=7811 >>>>> >>>>>once you do net ads join the computer should show up in the >>>>> >>>>> >Computers > > >>>>>container. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>-----Original Message----- >>>>>From: Jason Gerfen [mailto:jason.gerfen@scl.utah.edu] >>>>>Sent: Tuesday, September 20, 2005 3:35 PM >>>>>To: Edward Brookhouse; samba@lists.samba.org >>>>>Subject: Re: [Samba] AD Authentication help please? >>>>> >>>>>When joining the samba box to a domain: >>>>> >>>>>%> net ads join -U <username> >>>>>%> kinit Admin@DOMAIN.COM >>>>>%> net ads join -U <username> <LDAP/AD Container of users> >>>>> >>>>>The last command fails and when doing an strace you can clearly see >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>that >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>it is expecting an Organizational Unit (OU) vs. a Common Name (CN) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>which >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>is where the users I need to authenticate are currently residing. >>>>> >>>>>Do I need to move these to an OU vs. a CN? Here is the strace >>>>> >>>>> >output > > >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>I >>> >>> >>> >>> >>> >>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>am refering to: >>>>> >>>>>%> strace -o tmp net ads join -U "Admin" "users" >>>>> >>>>>(only inclusing pertinant lines with searching for container to map >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>to) >>> >>> >>> >>> >>> >>> >>>>>write(6, "0C\2\1\5c>\4\36ou=users,dc=DOMAIN,dc=COM"..., 69) = 69 >>>>> >>>>> ><-- > > >>>>> >>>>> >>>>> >>>>> >> >> >> >> >>>>>here is the hard coded ou, I am not 100% familiar with the LDAP RFC >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>but >>> >>> >>> >>> >>> >>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>on a windows Active Directory there are CN and OU containers >>>>> >>>>>See how it is appending the OU=USERS? >>>>> >>>>> >>>>>Edward Brookhouse wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>Not sure I understand your question. What are you trying to map? >>>>>> >>>>>>-----Original Message----- >>>>>>From: samba-bounces+ebroo=healthydirections.com@lists.samba.org >>>>>>[mailto:samba-bounces+ebroo=healthydirections.com@lists.samba.org] >>>>>> >>>>>> >>>>>> >>>>>> >>On >> >> >> >> >>>>>>Behalf Of Jason Gerfen >>>>>>Sent: Tuesday, September 20, 2005 11:25 AM >>>>>>To: samba@lists.samba.org >>>>>>Subject: [Samba] AD Authentication help please? >>>>>> >>>>>>I am having a problem which with much help from this list I have >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>gotten >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>>90% complete. I am attempting to create a samba server which will >>>>>>authenticate users as a Domain member server using active >>>>>> >>>>>> >directory. > > >>>>>>The question I have is how can I map a specific container which is >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>not >>> >>> >>> >>> >>> >>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>>>>an OU but a CN in the active directory? >>>>>> >>>>>>Any help is appreciated. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> >>> >>> >> >> >> >> > > > >-- Jason Gerfen "My girlfriend threated to leave me if I went boarding... I will miss her." ~ DIATRIBE aka FBITKK