[Samba] Win2K Machine Accounts No Longer Valid after Samba PDCUpgrade (2.2.2 to 2.2.8a)
My apolgies in posting this again. However I was hoping someone had a suggestion... Symptom: After upgrading our Primary Domain Controller from Samba 2.2.2 to Samba 2.2.8a, users attempting to login from Windows 2000 clients are no longer able to do so. Details: After some research it was discovered that if a Windows 2000 client re-joins the domain served by the upgraded version of Samba, users are then able to, once again, log into this domain. It was also discovered that if the Samba PDC was downgraded to its original version of 2.2.2, any windows 2000 client that re-joined the domain while the Samba PDC was at version 2.2.8a, was still able to log into the domain. As additional information, both versions of the Samba PDC were compiled on SPARC architecture running Solaris 8.0 As the above comments suggest, machine accounts are backward-compatible, but *not* forward-compatible between Samba versions 2.2.2 and 2.2.8a. After researching the Samba mailing lists and newsgroups it is more or less understood that in order to deal with problems of this nature each windows 2000 machine account needs to be recreated. Which is a very time-consuming effort. Is there a better way to deal with this upgrade path? Ideally where I don't have to visit each windows 2000 machine in order to re-create their machine accounts? A migration utility or set of server-side steps perhaps? ...geoff -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiply Domains with Samba
Yes, You can either use the include directive to include a configuration file on the fly, based on the server name the client connects to. e.g. include = %L.conf Better yet, and what works for me currently (not just theory) is to runmultiple smbd / nmbd processes on the same machine, a smbd and nmbd parent process for each interface, whether real or aliased. You do this by specifying different configuration files in the startup script. You configuration files will also need to specify different directories for lock files. As far as the interfaces make sure you use the following directives in each config file. bind interfaces only = yes interfaces = ethx socket address = IP address of ethx If you want to use the same password file, just point to the same one in both configuration files. Backup your password files first...as always ;) Cheers On Thu, 2003-06-05 at 17:07, Fabricio Adorno wrote: I'd like to know if it's possible to have multiply domains in a single machine running samba. Wich version is it available? Thanks for any suggestions. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win2K Machine Accounts No Longer Valid after Samba PDCUpgrade (2.2.2 to 2.2.8a)
Symptom: After upgrading our Primary Domain Controller from Samba 2.2.2 to Samba 2.2.8a, users attempting to login from Windows 2000 clients are no longer able to do so. Details: After some research it was discovered that if a Windows 2000 client re-joins the domain served by the upgraded version of Samba, users are then able to, once again, log into this domain. It was also discovered that if the Samba PDC was downgraded to its original version of 2.2.2, any windows 2000 client that re-joined the domain while the Samba PDC was at version 2.2.8a, was still able to log into the domain. As additional information, both versions of the Samba PDC were compiled on SPARC architecture running Solaris 8.0 As the above comments suggest, machine accounts are backward-compatible, but *not* forward-compatible between Samba versions 2.2.2 and 2.2.8a. After researching the Samba mailing lists and newsgroups it is more or less understood that in order to deal with problems of this nature each windows 2000 machine account needs to be recreated. Which is a very time-consuming effort. Is there a better way to deal with this upgrade path? Ideally where I don't have to visit each windows 2000 machine in order to re-create their machine accounts? A migration utility or set of server-side steps perhaps? Regards, Geoff Stitt signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Limiting Users
I know that the Samba LDAP schema contains an entry for logon times, but I am not sure if it is implemented yet. This implies that you use LDAP as your back end for storing credentials. On Wed, 2003-06-04 at 08:20, Gareth Norman wrote: When using windows NT and Netware there are ways of limiting the logins of users such as only allowing them on between 9am - 5pm and limiting maximum concurrent connection to one. Is there a way of enforcing these restrictions through samba or similar? Many thanks Gareth Norman -- Geoff Stitt signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] %a reports a Windows XP client as having a Win2Karchitecture.
One of the variables available in Samba is %a, which, as you know is the architecture of the remote machine. I tested using this variable with a Windows 2000 and Windows XP client. Unfortunately, the log file reports the Windows XP client is seen as having an architecture of Win2K instead of something like WinXP. The Windows 2000 box shows up fine as Win2K. The reason I am using the %a variable is so roaming profiles can have different paths for different architectures. Thank you, Geoff Stitt signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] %a reports a Windows XP client as having a Win2Karchitecture.
Version 2.2.8. I pulled down the RPM from Samba's download site. Did an rpmbuild -bp to see the source file it used. The WHATSNEW.txt shows that the code was chnage so %a reports the proper architecture for Windows XP (WinXP) and Windows .NET (Win2K3). Still, when I log in from a Windows XP Professional client Win2K is still used. The few lines from the log for this client are as follows. [2003/04/04 13:01:42, 2] smbd/close.c:close_normal_file(229) ittest closed file ittest/Win2K/ntuser.ini (numopen=1) [2003/04/04 13:01:42, 2] smbd/open.c:open_file(246) ittest opened file ittest/Win2K/ntuser.ini read=Yes write=No (numopen=2) [2003/04/04 13:01:42, 2] smbd/close.c:close_normal_file(229) ittest closed file ittest/Win2K/ntuser.ini (numopen=1) [2003/04/04 13:01:42, 2] smbd/open.c:open_file(246) ittest opened file ittest/Win2K/ntuser.ini read=Yes write=No (numopen=2) [2003/04/04 13:01:42, 2] smbd/close.c:close_normal_file(229) ittest closed file ittest/Win2K/ntuser.ini (numopen=1) [2003/04/04 13:01:42, 2] smbd/open.c:open_file(246) ittest opened file ittest/Win2K/ntuser.ini read=Yes write=No (numopen=2) As you can see the Win2K is still present. On Fri, 2003-04-04 at 12:18, John H Terpstra wrote: Geoff, What version of samba are you using? Have you tried 2.2.8? - John T. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] %a reports a Windows XP client as having aWin2Karchitecture.
Sorry, I am not being descriptive enough. In my smb.conf I have the entry logon path = \\%L\profiles\%U\%a Hence the reason why you see iitest\Win2K\ntuser.ini, etc. in the log. The Win2K portion is what is substituted for %a. In fact, when I look in /var/spool/samba/profiles I see the directories ittest\Win2K\,username\Win2K\,etc., which is what I wanted as it keeps profiles for different architectures separate. Thx. On Fri, 2003-04-04 at 15:46, Thomas Bork wrote: Hi Geoff Stitt, you wrote: Still, when I log in from a Windows XP Professional client Win2K is still used. [..] [2003/04/04 13:01:42, 2] smbd/open.c:open_file(246) ittest opened file ittest/Win2K/ntuser.ini read=Yes write=No (numopen=2) Your log says only, that user ittest opened the file ittest/Win2K/ntuser.ini nothing more, nothing less. This has nothing to do with the macro %a. If you want to know, from which share (service) the file was opened, search in the log above for [2003/04/04 22:38:08, 1] smbd/service.c:make_connection(636) ??? (xxx.xxx.xxx.xxx) connect to service ??? as user ittest (uid=?, gid=?) (pid ???) Example from my machine: [2003/04/04 22:38:08, 1] smbd/service.c:make_connection(636) xp (192.168.0.11) connect to service root as user root (uid=0, gid=0) (pid 12321) [2003/04/04 22:38:13, 2] smbd/open.c:open_file(246) Administrator opened file profile/ntuser.ini read=Yes write=No (numopen=2) [2003/04/04 22:38:13, 2] smbd/close.c:close_normal_file(229) root closed file profile/ntuser.ini (numopen=1) I opened \\root\profile\ntuser.ini in my homedir. der tom -- Geoff Stitt Information Technology Dept. SOMA Networks, Inc. 312 Adelaide Street West Suite 700 Toronto, CANADA M5V 1R2 Phone +1 416 977 1414, x1611 Fax +1 416 977 1505 signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
