FreeBSD + samba PDC vs Win2K clients
Hello, Sorry for the multiple posts concerning this topic. I promise that this is my last effort to elicit assistance in this area, if unsuccessful, I'll try using £inux or something. Has *any* list member succesfully got samba (version 2.2.6) running on FreeBSD 4.7 Stable running as a PDC for Win2K clients? If so, and you're able / willing to help me set this up, please let me know. For the benefit of the list membership, I'm willing to move off-list so as to not annoy list members that might be fed up of me filling up archive space with my questions on this topic. Thanks in advance ( and to the list for its patience!) Stacey -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: FreeBSD + samba PDC vs Win2K clients
On Fri, 01 Nov 2002 at 19:18:46 +, Stacey Roberts wrote: Hello, Sorry for the multiple posts concerning this topic. I promise that this is my last effort to elicit assistance in this area, if unsuccessful, I'll try using £inux or something. Has *any* list member succesfully got samba (version 2.2.6) running on FreeBSD 4.7 Stable running as a PDC for Win2K clients? If so, and you're able / willing to help me set this up, please let me know. For the benefit of the list membership, I'm willing to move off-list so as to not annoy list members that might be fed up of me filling up archive space with my questions on this topic. Thanks in advance ( and to the list for its patience!) Stacey -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com Yeah, I just did this recently.. there was an article created via IBM that was quite helpful, I will see if i can dig it up. on a side note though, have you made any changes to the win2k registry or the security profiles? You have to turn off a digital signing on the 2k box to get thigns working.. I dont remember what exactly it was, but i will look later today.. in the mean time i bet a google search on developer works ibm and samba will get you to the article.. -- Andrew Stuart http://www.tekrealm.net I took a course in speed reading and was able to read War and Peace in twenty minutes. It's about Russia. -- Woody Allen To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FreeBSD + samba PDC vs Win2K clients
Stacey Roberts said: Has *any* list member succesfully got samba (version 2.2.6) running on FreeBSD 4.7 Stable running as a PDC for Win2K clients? If so, and you're able / willing to help me set this up, please let me know. Hi Stacey, I did it on 4.6 a few months ago. I'm willing to help but the next couple of weeks are crazy busy for me. For the benefit of the list membership, I'm willing to move off-list so as to not annoy list members that might be fed up of me filling up archive space with my questions on this topic. Just post the success story when you're done! -- Regards, Doug To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FreeBSD + samba PDC vs Win2K clients
Hi Andrew, Thanks for contacting me, Dude., You'd never believe this, but I was following that very IBM article mentioned in your reply and I finally got the Welcome to domain box pop up for me. I clicked OK on that, and the machine went through the You must reboot in order for the changes to take effect bit. The machine back alright, but when I attempted to log as an ordinary user, I got a message saying that no profile could be located, and that a local profile would be used instead. Clicking OK on that, however, brought up another message saying that no *local* profile could be located either., so a Temporary profile will be used. I *can* now see my other *NIX machines on the network, and the user is able to browse the network (love the look of the H drive showing up!) as well. Not sure of the profile errors though.., here's what my smb.conf has concerning this: # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2002/10/30 23:39:22 # Global parameters [global] workgroup = VICKIANDSTACEY netbios name = DEMON server string = Samba Server encrypt passwords = Yes log level = 2 log file = /var/log/log.%m max log size = 50 domain admin group = root wheel logon script = %U.bat logon path = \\%L\Profiles\%U logon drive = H: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes admin users = root wheel hosts allow = 192.168.1. 127. [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon share modes = No [Profiles] path = /usr/local/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No snipped I'm sure I read somewhere that I needn't worry about the fact that I've not actually had to create user profiles on the PDC, since samba creates these when a user logs in for the first time. Please let me know if I'm wrong on this. Thanks again for the kind reply. Stacey -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com Yeah, I just did this recently.. there was an article created via IBM that was quite helpful, I will see if i can dig it up. on a side note though, have you made any changes to the win2k registry or the security profiles? You have to turn off a digital signing on the 2k box to get thigns working.. I dont remember what exactly it was, but i will look later today.. in the mean time i bet a google search on developer works ibm and samba will get you to the article.. -- Andrew Stuart http://www.tekrealm.net I took a course in speed reading and was able to read War and Peace in twenty minutes. It's about Russia. -- Woody Allen -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
RE: FreeBSD + samba PDC vs Win2K clients
I am thinking about doing this at home for *cough* fun, but I have XP as a desktop. Could you post the link to the IBM article in question, I think it would be good for the archives. -Original Message- From: [EMAIL PROTECTED] [mailto:owner-freebsd-questions;FreeBSD.ORG] On Behalf Of Stacey Roberts Sent: Friday, November 01, 2002 12:19 PM To: [EMAIL PROTECTED] Cc: FreeBSD Questions Subject: Re: FreeBSD + samba PDC vs Win2K clients Hi Andrew, Thanks for contacting me, Dude., You'd never believe this, but I was following that very IBM article mentioned in your reply and I finally got the Welcome to domain box pop up for me. I clicked OK on that, and the machine went through the You must reboot in order for the changes to take effect bit. The machine back alright, but when I attempted to log as an ordinary user, I got a message saying that no profile could be located, and that a local profile would be used instead. Clicking OK on that, however, brought up another message saying that no *local* profile could be located either., so a Temporary profile will be used. I *can* now see my other *NIX machines on the network, and the user is able to browse the network (love the look of the H drive showing up!) as well. Not sure of the profile errors though.., here's what my smb.conf has concerning this: # Samba config file created using SWAT # from localhost (127.0.0.1) # Date: 2002/10/30 23:39:22 # Global parameters [global] workgroup = VICKIANDSTACEY netbios name = DEMON server string = Samba Server encrypt passwords = Yes log level = 2 log file = /var/log/log.%m max log size = 50 domain admin group = root @wheel logon script = %U.bat logon path = \\%L\Profiles\%U logon drive = H: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes admin users = root @wheel hosts allow = 192.168.1. 127. [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon share modes = No [Profiles] path = /usr/local/samba/profiles read only = No create mask = 0600 directory mask = 0700 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No snipped I'm sure I read somewhere that I needn't worry about the fact that I've not actually had to create user profiles on the PDC, since samba creates these when a user logs in for the first time. Please let me know if I'm wrong on this. Thanks again for the kind reply. Stacey -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com Yeah, I just did this recently.. there was an article created via IBM that was quite helpful, I will see if i can dig it up. on a side note though, have you made any changes to the win2k registry or the security profiles? You have to turn off a digital signing on the 2k box to get thigns working.. I dont remember what exactly it was, but i will look later today.. in the mean time i bet a google search on developer works ibm and samba will get you to the article.. -- Andrew Stuart http://www.tekrealm.net I took a course in speed reading and was able to read War and Peace in twenty minutes. It's about Russia. -- Woody Allen -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: FreeBSD + samba PDC vs Win2K clients
On my network I have a w2k server and a freebsd box,linux box and win95. I can see the linux and frebsd boxes and browse them from the win95 client but can only see them and not browse from win2k srvr. I am also very interested in this article and would love to see the post as they evolve. Thanks - Original Message - From: Andrew Stuart [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; FreeBSD Questions [EMAIL PROTECTED] Sent: Friday, November 01, 2002 12:03 PM Subject: Re: FreeBSD + samba PDC vs Win2K clients On Fri, 01 Nov 2002 at 19:18:46 +, Stacey Roberts wrote: Hello, Sorry for the multiple posts concerning this topic. I promise that this is my last effort to elicit assistance in this area, if unsuccessful, I'll try using £inux or something. Has *any* list member succesfully got samba (version 2.2.6) running on FreeBSD 4.7 Stable running as a PDC for Win2K clients? If so, and you're able / willing to help me set this up, please let me know. For the benefit of the list membership, I'm willing to move off-list so as to not annoy list members that might be fed up of me filling up archive space with my questions on this topic. Thanks in advance ( and to the list for its patience!) Stacey -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com Yeah, I just did this recently.. there was an article created via IBM that was quite helpful, I will see if i can dig it up. on a side note though, have you made any changes to the win2k registry or the security profiles? You have to turn off a digital signing on the 2k box to get thigns working.. I dont remember what exactly it was, but i will look later today.. in the mean time i bet a google search on developer works ibm and samba will get you to the article.. -- Andrew Stuart http://www.tekrealm.net I took a course in speed reading and was able to read War and Peace in twenty minutes. It's about Russia. -- Woody Allen To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: D. Penev [EMAIL PROTECTED] Cc: FreeBSD Questions [EMAIL PROTECTED] Date: 26 Oct 2002 22:47:48 +0100 Hi, Thanks for the reply. I should mention that I've made some progress with my efforts to set up a samba PDC for my Win2K clients. First of all I am now able to successfully complete all tests in the recommended DIAGNOSTICS.TXT at http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- test 8: On the PC type the command net view \\BIGSERVER Specifically, I am only able to complete this test by using the IP Addr of the samba server in place of its name. Likewise for test 9 that follows. Recapping, I *am* able to serve share dirs to *NIX clients as well as the Win2K boxes, with the caveat that for the Windows boxes, I have to use the IP Addr of the samba server. This is not an issue for other (*NIX) client hosts. Needless to say, I am not as yet able to have the Win2K boxes join the domain as described in Chapter 9. (How to Configure Samba 2.2 as a Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. Joining the Client to the Domain). I still get the MS error when I click OK after entering the domain as defined in smb.conf. Hope this presents somewhat a clearer description of the current status here. Do get back to if you would require more information in assisting me in resolving this. From you description of the problem it's looks like that win2k box can't make resolving of names to ip address. That's why I accent to firewall because according to you logs ipfw block port 137, which is used to resolve NetBIOS names to IP address. I make a little test and block port 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as yours. If that is true (blocking of netbios-ns port) you PDC can't register as domain controler, and workstations when is joined to domain can't find who is PDC for this domain. What are you firewall rules? What's show nbtstat -A YOU_SAMBA_SERVER and nbtstat -c on win2k box? Thanks On Sat, 2002-10-26 at 22:26, D. Penev wrote: On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: Andrew Boothman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], FreeBSD Questions [EMAIL PROTECTED] Date: 21 Oct 2002 19:33:58 +0100 Hello, I'd appreciate some help from anyone who's got samba 2.2.6 running on FreeBSD as a PDC for Win2K client wkstations, please. I'm trying to following the SAMBA How-To at: http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 but fail at the smbclient -L PDC host stage: # smbclient -L -N Demon added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 Packet send failed to 192.168.1.255(137) ERRNO=Permission denied Connection to -N failed # I get these entries in /var/log/security: Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP My IP:2308 net.255:137 out via sis0 You firewall blocks packets to port 137 (netbios-ns). That's why you can access samba server with ip address and not by name. Please help me out here. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the WORKGROUP field in Win2K network properties: The following error occured validating the name my_domainname, This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted. Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
Hi, Here's the relevant lines in my firewall: 00620 allow udp from any to any 137 keep-state out xmit sis0 00621 allow tcp from any to any 137 keep-state out xmit sis0 00623 allow log logamount 10 tcp from Win2KBox to me 137,138 keep-state in recv sis0 setup 00624 allow udp from any to any 138 keep-state out xmit sis0 00625 allow tcp from any to any 138 keep-state out xmit sis0 The output from nbtstat -A SAMBA_SERVER_IP: Host not found The output from nbtstat -c: No names in cache After running both commands, no new entries in /var/log/security appear for packets issued from Win2K box. Hope this helps. Stacey On Sun, 2002-10-27 at 07:15, D. Penev wrote: On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: D. Penev [EMAIL PROTECTED] Cc: FreeBSD Questions [EMAIL PROTECTED] Date: 26 Oct 2002 22:47:48 +0100 Hi, Thanks for the reply. I should mention that I've made some progress with my efforts to set up a samba PDC for my Win2K clients. First of all I am now able to successfully complete all tests in the recommended DIAGNOSTICS.TXT at http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- test 8: On the PC type the command net view \\BIGSERVER Specifically, I am only able to complete this test by using the IP Addr of the samba server in place of its name. Likewise for test 9 that follows. Recapping, I *am* able to serve share dirs to *NIX clients as well as the Win2K boxes, with the caveat that for the Windows boxes, I have to use the IP Addr of the samba server. This is not an issue for other (*NIX) client hosts. Needless to say, I am not as yet able to have the Win2K boxes join the domain as described in Chapter 9. (How to Configure Samba 2.2 as a Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. Joining the Client to the Domain). I still get the MS error when I click OK after entering the domain as defined in smb.conf. Hope this presents somewhat a clearer description of the current status here. Do get back to if you would require more information in assisting me in resolving this. From you description of the problem it's looks like that win2k box can't make resolving of names to ip address. That's why I accent to firewall because according to you logs ipfw block port 137, which is used to resolve NetBIOS names to IP address. I make a little test and block port 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as yours. If that is true (blocking of netbios-ns port) you PDC can't register as domain controler, and workstations when is joined to domain can't find who is PDC for this domain. What are you firewall rules? What's show nbtstat -A YOU_SAMBA_SERVER and nbtstat -c on win2k box? Thanks On Sat, 2002-10-26 at 22:26, D. Penev wrote: On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: Andrew Boothman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], FreeBSD Questions [EMAIL PROTECTED] Date: 21 Oct 2002 19:33:58 +0100 Hello, I'd appreciate some help from anyone who's got samba 2.2.6 running on FreeBSD as a PDC for Win2K client wkstations, please. I'm trying to following the SAMBA How-To at: http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 but fail at the smbclient -L PDC host stage: # smbclient -L -N Demon added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 Packet send failed to 192.168.1.255(137) ERRNO=Permission denied Connection to -N failed # I get these entries in /var/log/security: Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP My IP:2308 net.255:137 out via sis0 You firewall blocks packets to port 137 (netbios-ns). That's why you can access samba server with ip address and not by name. Please help me out here. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the WORKGROUP field in Win2K network properties: The following error occured validating the name my_domainname, This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted. Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
On Sun, Oct 27, 2002 at 10:50:47AM +, Stacey Roberts wrote: Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: D. Penev [EMAIL PROTECTED] Cc: FreeBSD Questions [EMAIL PROTECTED] Date: 27 Oct 2002 10:50:47 + Hi, Here's the relevant lines in my firewall: 00620 allow udp from any to any 137 keep-state out xmit sis0 00621 allow tcp from any to any 137 keep-state out xmit sis0 Add: 00622 allow udp from Win2KBox to any 137,138 keep-state in recv sis0 00623 allow log logamount 10 tcp from Win2KBox to me 137,138 ^^ use any because win2k use broadcast if you don't have wins server keep-state in recv sis0 setup 00624 allow udp from any to any 138 keep-state out xmit sis0 00625 allow tcp from any to any 138 keep-state out xmit sis0 The output from nbtstat -A SAMBA_SERVER_IP: Host not found The output from nbtstat -c: No names in cache After running both commands, no new entries in /var/log/security appear for packets issued from Win2K box. Hope this helps. Stacey On Sun, 2002-10-27 at 07:15, D. Penev wrote: On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: D. Penev [EMAIL PROTECTED] Cc: FreeBSD Questions [EMAIL PROTECTED] Date: 26 Oct 2002 22:47:48 +0100 Hi, Thanks for the reply. I should mention that I've made some progress with my efforts to set up a samba PDC for my Win2K clients. First of all I am now able to successfully complete all tests in the recommended DIAGNOSTICS.TXT at http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- test 8: On the PC type the command net view \\BIGSERVER Specifically, I am only able to complete this test by using the IP Addr of the samba server in place of its name. Likewise for test 9 that follows. Recapping, I *am* able to serve share dirs to *NIX clients as well as the Win2K boxes, with the caveat that for the Windows boxes, I have to use the IP Addr of the samba server. This is not an issue for other (*NIX) client hosts. Needless to say, I am not as yet able to have the Win2K boxes join the domain as described in Chapter 9. (How to Configure Samba 2.2 as a Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. Joining the Client to the Domain). I still get the MS error when I click OK after entering the domain as defined in smb.conf. Hope this presents somewhat a clearer description of the current status here. Do get back to if you would require more information in assisting me in resolving this. From you description of the problem it's looks like that win2k box can't make resolving of names to ip address. That's why I accent to firewall because according to you logs ipfw block port 137, which is used to resolve NetBIOS names to IP address. I make a little test and block port 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as yours. If that is true (blocking of netbios-ns port) you PDC can't register as domain controler, and workstations when is joined to domain can't find who is PDC for this domain. What are you firewall rules? What's show nbtstat -A YOU_SAMBA_SERVER and nbtstat -c on win2k box? Thanks On Sat, 2002-10-26 at 22:26, D. Penev wrote: On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: Andrew Boothman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], FreeBSD Questions [EMAIL PROTECTED] Date: 21 Oct 2002 19:33:58 +0100 Hello, I'd appreciate some help from anyone who's got samba 2.2.6 running on FreeBSD as a PDC for Win2K client wkstations, please. I'm trying to following the SAMBA How-To at: http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 but fail at the smbclient -L PDC host stage: # smbclient -L -N Demon added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 Packet send failed to 192.168.1.255(137) ERRNO=Permission denied Connection to -N failed # I get these entries in /var/log/security: Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP My IP:2308 net.255:137 out via sis0 You firewall blocks packets to port 137 (netbios-ns). That's why you can access samba server with ip address and not by name. Please help me out here. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
Hi, I've got a break-through.., I've been testing with new ipfw options and now I'm able to get past entering the Domain and clicking OK. Now I am getting the Password to log into Domain dialogue box appear. This is the amended rule that appears to make this work: $fwcmd add 00622 allow log udp from $oip to me 137-139 in via $oif $fwcmd add 00624 allow udp from any to any 137-139 out via $oif However, for now, I'm getting: The specified user does not exist when I enter [root] and [root's samba passwd] Any thoughts? Don't think I'm not appreciating your patient efforts to assist me. Cheers! Stacey On Sun, 2002-10-27 at 17:56, D. Penev wrote: On Sun, Oct 27, 2002 at 10:50:47AM +, Stacey Roberts wrote: Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: D. Penev [EMAIL PROTECTED] Cc: FreeBSD Questions [EMAIL PROTECTED] Date: 27 Oct 2002 10:50:47 + Hi, Here's the relevant lines in my firewall: 00620 allow udp from any to any 137 keep-state out xmit sis0 00621 allow tcp from any to any 137 keep-state out xmit sis0 Add: 00622 allow udp from Win2KBox to any 137,138 keep-state in recv sis0 00623 allow log logamount 10 tcp from Win2KBox to me 137,138 ^^ use any because win2k use broadcast if you don't have wins server keep-state in recv sis0 setup 00624 allow udp from any to any 138 keep-state out xmit sis0 00625 allow tcp from any to any 138 keep-state out xmit sis0 The output from nbtstat -A SAMBA_SERVER_IP: Host not found The output from nbtstat -c: No names in cache After running both commands, no new entries in /var/log/security appear for packets issued from Win2K box. Hope this helps. Stacey On Sun, 2002-10-27 at 07:15, D. Penev wrote: On Sat, Oct 26, 2002 at 10:47:48PM +0100, Stacey Roberts wrote: Subject: Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: D. Penev [EMAIL PROTECTED] Cc: FreeBSD Questions [EMAIL PROTECTED] Date: 26 Oct 2002 22:47:48 +0100 Hi, Thanks for the reply. I should mention that I've made some progress with my efforts to set up a samba PDC for my Win2K clients. First of all I am now able to successfully complete all tests in the recommended DIAGNOSTICS.TXT at http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- test 8: On the PC type the command net view \\BIGSERVER Specifically, I am only able to complete this test by using the IP Addr of the samba server in place of its name. Likewise for test 9 that follows. Recapping, I *am* able to serve share dirs to *NIX clients as well as the Win2K boxes, with the caveat that for the Windows boxes, I have to use the IP Addr of the samba server. This is not an issue for other (*NIX) client hosts. Needless to say, I am not as yet able to have the Win2K boxes join the domain as described in Chapter 9. (How to Configure Samba 2.2 as a Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. Joining the Client to the Domain). I still get the MS error when I click OK after entering the domain as defined in smb.conf. Hope this presents somewhat a clearer description of the current status here. Do get back to if you would require more information in assisting me in resolving this. From you description of the problem it's looks like that win2k box can't make resolving of names to ip address. That's why I accent to firewall because according to you logs ipfw block port 137, which is used to resolve NetBIOS names to IP address. I make a little test and block port 137 on my PDC (Samba 2.2.4 on NetBSD) and results are the same as yours. If that is true (blocking of netbios-ns port) you PDC can't register as domain controler, and workstations when is joined to domain can't find who is PDC for this domain. What are you firewall rules? What's show nbtstat -A YOU_SAMBA_SERVER and nbtstat -c on win2k box? Thanks On Sat, 2002-10-26 at 22:26, D. Penev wrote: On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: Andrew Boothman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], FreeBSD Questions [EMAIL PROTECTED] Date: 21 Oct 2002 19:33:58 +0100 Hello, I'd appreciate some help from anyone who's got samba 2.2.6 running on FreeBSD as a PDC for Win2K client wkstations, please. I'm trying to following the SAMBA How-To at: http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 but fail at the smbclient -L PDC host stage: # smbclient -L -N Demon
Re: samba PDC for WIN2K clients?
Hi Andrew I've managed to get past the initial problems I posted about. I am now able to enter the Domain and now clicking OK brings up the Domain Username and Password dialogue box. However, entering username: root / passwd: root's samba passwd brings up The specified user does not exist. As a test, I tried it with root and gibberish for a passwd. This returns: Login Failure: unknown username of bad password. This appears in the logs: # tail /var/log/log.nmbd [2002/10/27 21:30:24, 1] nmbd/nmbd_processlogon.c:process_logon_packet(69) process_logon_packet: Logon from 192.168.1.6: code = 0x12 # The Win2K machine's name is in /etc/passwd (with the $ at the end) as well as in smbpasswd files. I have added a samba account for root (with a different passwd to that of the system) What could be this problem at this stage? Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the WORKGROUP field in Win2K network properties: The following error occured validating the name my_domainname, This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted. Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: samba PDC for WIN2K clients?
Hi Andrew, Sorry about not getting back to you earlier on this. I've already got the machine accounts set in in etc/passwd smbpasswd files. I've been working my way through the smaba recommended DIAGNOSTICS.TXT procedures, and find that I am able to successfully complete all except:- Test 8 - On the PC type the command net view \\BIGSERVER. Here the only way this works is if I use the IP Addr of the samba server instead of its name (FQDN or not). Test 9 - Run the command net use x: \\BIGSERVER\TMP Same as above for this test too. I am only able to run this using the IP Addr from the Win2K box. From test 8 onwards, I am able to see the shared dirs from the Win2K box in Windows Explorer under their respective desginated drives letters. Like I said even with this (limited success) in place, I am still unable to get past selecting Domain in the Identification Changes tab in Network Identification. When I enter the domain name configured in smb.conf and hit OK, I get the Microsoft error detailed in my earlier post. I'd really like to get sorted out, so if you'd require my sending (off-list) you my smb.conf file, or anything else that might prove useful in diagnosing this problem, please let me know. Thanks again for taking the time to respond. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the WORKGROUP field in Win2K network properties: The following error occured validating the name my_domainname, This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted. Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: samba PDC for WIN2K clients?
# [EMAIL PROTECTED] / 2002-10-26 16:00:57 +0100: I've been working my way through the smaba recommended DIAGNOSTICS.TXT procedures, and find that I am able to successfully complete all except:- Test 8 - On the PC type the command net view \\BIGSERVER. Here the only way this works is if I use the IP Addr of the samba server instead of its name (FQDN or not). the name has nothing to do with DNS, so qualifying it won't do you any good. any router or switch between the two boxes? if so, they won't see each other *unless* you enable transport netbios over tcp/ip in the windows network control panel. beware of the security implications. -- If you cc me or take the list(s) out completely I'll most likely ignore your message. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: samba PDC for WIN2K clients?
On Sat, 2002-10-26 at 16:30, Roman Neuhauser wrote: # [EMAIL PROTECTED] / 2002-10-26 16:00:57 +0100: I've been working my way through the smaba recommended DIAGNOSTICS.TXT procedures, and find that I am able to successfully complete all except:- Test 8 - On the PC type the command net view \\BIGSERVER. Here the only way this works is if I use the IP Addr of the samba server instead of its name (FQDN or not). the name has nothing to do with DNS, so qualifying it won't do you any good. any router or switch between the two boxes? if so, they won't see each other *unless* you enable transport netbios over tcp/ip in the windows network control panel. beware of the security implications. At this point, the only device between the Win2K box and the FBSD samba samba server is a dumb 10/100 switch. NBT is already enabled on the Win2K box (by default, I believe). Anything else you recommend I look at? Stacey -- If you cc me or take the list(s) out completely I'll most likely ignore your message. -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: Andrew Boothman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], FreeBSD Questions [EMAIL PROTECTED] Date: 21 Oct 2002 19:33:58 +0100 Hello, I'd appreciate some help from anyone who's got samba 2.2.6 running on FreeBSD as a PDC for Win2K client wkstations, please. I'm trying to following the SAMBA How-To at: http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 but fail at the smbclient -L PDC host stage: # smbclient -L -N Demon added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 Packet send failed to 192.168.1.255(137) ERRNO=Permission denied Connection to -N failed # I get these entries in /var/log/security: Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP My IP:2308 net.255:137 out via sis0 You firewall blocks packets to port 137 (netbios-ns). That's why you can access samba server with ip address and not by name. Please help me out here. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the WORKGROUP field in Win2K network properties: The following error occured validating the name my_domainname, This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted. Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?]
Hi, Thanks for the reply. I should mention that I've made some progress with my efforts to set up a samba PDC for my Win2K clients. First of all I am now able to successfully complete all tests in the recommended DIAGNOSTICS.TXT at http://hr.uoregon.edu/davidrl/DIAGNOSIS.txt, except:- test 8: On the PC type the command net view \\BIGSERVER Specifically, I am only able to complete this test by using the IP Addr of the samba server in place of its name. Likewise for test 9 that follows. Recapping, I *am* able to serve share dirs to *NIX clients as well as the Win2K boxes, with the caveat that for the Windows boxes, I have to use the IP Addr of the samba server. This is not an issue for other (*NIX) client hosts. Needless to say, I am not as yet able to have the Win2K boxes join the domain as described in Chapter 9. (How to Configure Samba 2.2 as a Primary Domain Controller - 9.4.3. Joining the Client to the Domain.4.3. Joining the Client to the Domain). I still get the MS error when I click OK after entering the domain as defined in smb.conf. Hope this presents somewhat a clearer description of the current status here. Do get back to if you would require more information in assisting me in resolving this. Thanks On Sat, 2002-10-26 at 22:26, D. Penev wrote: On Mon, Oct 21, 2002 at 07:33:58PM +0100, Stacey Roberts wrote: Subject: IPFW Rules for samba PDC? [WAS: samba PDC for WIN2K clients?] From: Stacey Roberts [EMAIL PROTECTED] To: Andrew Boothman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], FreeBSD Questions [EMAIL PROTECTED] Date: 21 Oct 2002 19:33:58 +0100 Hello, I'd appreciate some help from anyone who's got samba 2.2.6 running on FreeBSD as a PDC for Win2K client wkstations, please. I'm trying to following the SAMBA How-To at: http://samba.epfl.ch/samba/docs/Samba-HOWTO-Collection.html#AEN60 but fail at the smbclient -L PDC host stage: # smbclient -L -N Demon added interface ip=192.168.1.8 bcast=192.168.1.255 nmask=255.255.255.0 Packet send failed to 192.168.1.255(137) ERRNO=Permission denied Connection to -N failed # I get these entries in /var/log/security: Oct 21 19:31:08 Demon /kernel: ipfw: 910 Deny UDP My IP:2308 net.255:137 out via sis0 You firewall blocks packets to port 137 (netbios-ns). That's why you can access samba server with ip address and not by name. Please help me out here. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the WORKGROUP field in Win2K network properties: The following error occured validating the name my_domainname, This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted. Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: samba PDC for WIN2K clients?
On Mon, Oct 21, 2002 at 06:07:44AM +0100, Stacey Roberts wrote: Subject: Re: samba PDC for WIN2K clients? From: Stacey Roberts [EMAIL PROTECTED] To: Andrew Boothman [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], FreeBSD Questions [EMAIL PROTECTED] Date: 21 Oct 2002 06:07:44 +0100 Hi Andrew, Thanks for getting back to me. I tried getting the machine account added to smbpasswd file, but this fails: # smbpasswd -m -n -a winbox LDAPS option set...! fetch_ldap_pw: no ldap secret retrieved! ldap_connect_system: Failed to retrieve password for from secrets.tdb LDAPS option set...! fetch_ldap_pw: no ldap secret retrieved! ldap_connect_system: Failed to retrieve password for from secrets.tdb Failed to add entry for user winbox$. Failed to modify password entry for user winbox$ # Is the syntax for adding the account correct here? Thanks again, hope to hear from you again soon. Stacey On Mon, 2002-10-21 at 02:32, Andrew Boothman wrote: Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the WORKGROUP field in Win2K network properties: The following error occured validating the name my_domainname, This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., Do you enable NBT on adapter? It seems that win2k box attempt to use dns not wins for resolving names. The standard way to add machine account is to use join to domain function from windows box because if you manual add this account windows box doesn't know what is the password for account. The specified domain either does not exist or could not be contacted. Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com -- Regards, D. Penev To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
samba PDC for WIN2K clients?
Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the WORKGROUP field in Win2K network properties: The following error occured validating the name my_domainname, This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted. Here's what I've got in smb.conf: Global Settings: [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = my_domain # server string is the equivalent of the NT Description field server string = Samba Server hosts allow = 192.168.1 127. domain admin group = wheel security = user encrypt passwords = yes socket options = TCP_NODELAY local master = yes os level = 255 preferred master = yes domain logons = yes # if you enable domain logons then you may want a per-machine or # per user logon script # run a specific logon batch file per workstation (machine) ; logon script = %m.bat # run a specific logon batch file per username ; logon script = %U.bat # Where to store roving profiles (only for Win95 and WinNT) #%L substitutes for this servers netbios name, %U is username #You must uncomment the [Profiles] share below ; logon path = \\%L\Profiles\%U # Windows Internet Name Serving Support Section: # WINS Support - Tells the NMBD component of Samba to enable it's WINS Server wins support = yes [homes] comment = Home Directories browseable = no writeable = yes # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = no writeable = no share modes = no To begin with I added a user in /etc/passwd for one of the machines: winbox$:*:1003:1000:winbox$:/non:/nonexistent Here's what smbstatus gives: # smbstatus Samba version 2.2.6 Service uid gid pid machine -- No locked files # And this is what syslog has: # tail /var/log/log.smbd [2002/10/20 23:36:24, 0] smbd/server.c:main(707) smbd version 2.2.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/20 23:36:24, 0] printing/print_cups.c:cups_printer_fn(110) Unable to connect to CUPS server localhost - Connection refused [2002/10/20 23:36:34, 0] smbd/server.c:main(707) smbd version 2.2.6 started. Copyright Andrew Tridgell and the Samba Team 1992-2002 [2002/10/20 23:36:34, 0] printing/print_cups.c:cups_printer_fn(110) Unable to connect to CUPS server localhost - Connection refused # I've not got printing set up on the FBSD box as yet, so I'm thinking that the above errors for CUPS aren't a problem, but I could be wrong.., I've tried googling, and checking samba's docs (mostly for £inux), and Microsoft help, but I'm not any clearer on how to proceed. I'd appreciate any assistance, pointers to a the secret FBSD doc somewhere that gives at least a minimal setup from which to start.., TIA Stacey -- Stacey Roberts B.Sc (HONS) Computer Science Web: www.vickiandstacey.com signature.asc Description: This is a digitally signed message part
Re: samba PDC for WIN2K clients?
Stacey Roberts wrote: Hello, I've got 2 WIN2K Pro workstations on my home lan that I'd like to enable network logon for. I've been banging my head against a wall for the last four hours trying to get this sorted, but to no avail. I keep getting the same error when trying to enter the Domain name into the WORKGROUP field in Win2K network properties: The following error occured validating the name my_domainname, This condition may be caused by a DNS lookup problem. For more information about troubleshooting common DNS lookup problems see the following Microsoft blah., blah.., blah.., The specified domain either does not exist or could not be contacted. Have you added machine accounts to the FreeBSD box for the client boxes? You need machine accounts that look like clientname$ (dollar sign at end) added both as local accounts and then again with smbpasswd passing whatever the appropriate switch is to create a machine account. I have a FreeBSD box here acting as a PDC so we should be able to find the problem. Andrew. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
