Samba Traffic #1 For 30 Nov 1999

By Peter Samuelson

Table Of Contents


Welcome to the first issue of Kernel Cousin Samba. This KC summarizes various mailing lists associated with Samba ( , a free software package to provide SMB (aka NetBIOS, aka Windows networking) services on Unix and Unix clones (and, more recently, VMS). The flagship components, smbd and nmbd, provide an SMB file/print server and an SMB name server, respectively; smbd also provides domain authentication services designed to replace Windows NT Server.

KC Samba will cover five Samba-related mailing lists:

Mailing List Stats For This Week

We looked at 206 posts in 509133K.

There were 119 different contributors. 33 posted more than once. posted last week too.

The top posters of the week were:

1. Richard Sharpe vs. Windows 2000

14 Nov 1999 - 15 Nov 1999 (23 posts) Archive Link: "Win2000 Pro RC2 can't find the Domain controller"

People: Richard SharpeMatt ChapmanLuke Leighton

Richard Sharpe has been trying to get Windows 2000 (beta) to join a Samba-controlled domain, and this thread is mostly status reports on these efforts over the course of two days or so. First his question to the world at large, or that portion of the world reading samba-ntdom, was "I am trying to get Win 2K RC2 to join a domain. DC is Samba 2.1.0 Prealpha. Win2K does a quuery for Primary Domain Controller, Samba responds, but Win2K keeps querying. Anyone know what the problem is? "

Nobody responded in the next 12 minutes, by which time Richard had more information: "OK, the query is going out to \MAILSLOT\NET\GETDC335, and domain name is in Unicode. The response is not in unicode ..."

Matt Chapman answered Richard's original question a few hours later: "Our QUERYFORPDC response in nmbd/nmbd_processlogon.c is *badly* broken" and "We tend to regurgitate the ntversion we are given. Even blind Freddie can see that we are not a Win2k domain controller, and Win2k doesn't buy it either. ntversion should be hardcoded everywhere (= 1 I think)."

Based on this information, Richard started hacking. In the next few hours he convinced Windows 2000 to prompt for the domain admin's username and password. At this point Matt put in two more ideas for things that needed fixing in this area. Richard noted these and added a third (incorrect response to the "GETDC" RPC), which he fixed.

The next day Richard was still hammering away and reporting under a new thread, "Win2000 joining the domain for Samba 2.1.0 prealpha" ( . He checked in early: "Well, I am getting close." Win2K was still giving him RPC protocol errors, but he had a possible explanation in an error log somewhere.

Matt Chapman, despite having warned the world that he was falling off it for awhile due to exams, jumped in to expand on Richard's theory, and asked if Luke Leighton could add a particular RPC response to Samba. Luke said he would (and did, in the next 11 hours), then the two discussed technical details on what certain RPC protocol numbers probably meant.

Meanwhile Richard had been tracing Windows 2000 logging into an NT4 domain. He posted some decidedly gory details:

Well, with Win2k to NT4.0, we see the 0x2e fail, then Win2K creates \winreg and then goes rummaging through the registry ... This looks like fin :-(

It seems to look for System\CurrentControlSet\services\Netlogon\parameters\ Seems to be looking for RefusePasswordChange. Then it closes and opens \samr ... Then it does an opnum 3E which gets an RPC fault ... Then it opens/creates \samr again and does an ipnum 0x39 which seems to succeed and then an opnum 0x06 and 0x05 and 0x07 which all seem to succeed followed by an 0x32 which also succeeds. Then a couple more creates of \samr, one 3E which fails. Then creates \NETLOGON and tries an opnun 0x28 which fails with a FAULT. Then another of the same which fails, then another open/create of \NETLOGON with an opnum of 0x13 which succeeds ...

Arrr, shit, now I am lost ...

2. Confusion About Browse Masters of Multiple Subnets

14 Nov 1999 - 16 Nov 1999 (9 posts) Archive Link: "O'reilly samba book vs. BROWSING.txt"

People: Volker LendeckeChristopher HertelUsing SambaRichard Sharpe

Giulio Orselo noticed, on samba-technical, that the documentation that comes with the Samba source tree disagrees with the O'Reilly book "Using Samba" in some details on how browse masters for different subnets interact, specifically whether Windows95 clients acting as browse masters can work with Samba or NT browse masters.

Differing opinions surfaced as to which source was correct. Volker Lendecke supported the O'Reilly book, with, "Don't really know, but I think Win9x can NOT synchronize with a DMB." , but Christopher Hertel countered with:

The DMB is supposed to register itself in the WINS (NBNS) server, and the local master is supposed to find the DMB via WINS. The LMB then periodically exchanges updates with the DMB. Wind/95 is supposed to be able to do this. See:

How can you argue with the Microsoft Knowledge Base? So the Samba docs scored a hit. Then Richard Sharpe weighed in, saying he wanted to make sure and get it right in his forthcoming book ("Using Samba, Special Edition"), whereupon Christopher Hertel qualified his earlier statement about the capabilities of the operating system whose name uses a two-digit year: "Note the excessive use of the phrase "supposed to" in my comment above. You might want to test it out. We have seen gaps between documented and empirical behavior before, have we not?"

He also offered to write up clear documentation once the issue was settled.

3. More On Windows 2000 Domains

15 Nov 1999 - 20 Nov 1999 (14 posts) Archive Link: "NT5rc2 -> Samba PDC"

People: Luke LeightonJerry CarterJeremy AllisonJean François MicouleauRichard Sharpe

Luke Leighton noticed that nmbd was getting tripped up on Windows 2000, and took the opportunity to remind the part of the world that reads samba-technical of his hate-hate relationship with Windows95:

nmbd/nmbd_processlogon.c. the code "if (mailslot_name == "\\MAILSLOT\NTLOGON)" is causing problems.

NT5rc2 is sending UNICODE-style (NT-style) GETDC requests on \\MAILSLOT\NETLOGON, making the above-mentioned if statement, which is designed to detect the difference between win95 and nt GETDC requests, wrong.

my default action is to remove the if statement, which of course breaks win95. my feelings towards win95 are well known to most people (and for those people who don't know, i try not to _have_ any feelings for win95, or even to acknowledge its existence. i don't even call it an operating system, these days, i refer to it as a "single-user system").

Richard Sharpe had already hacked around this problem. He planned to commit his hack into both the development code and the 2.0 code. At this, Jerry Carter said, "Can I put a bid in not to commit this to the 2.0 branch. It only encourages people to use 2.0.x as a PDC." Jeremy Allison disagreed: "Committing it will make the merge easier. Remember, we're not trying to punish people for using our recommended, stable release :-)." But it turns out, there is at least one good reason not to encourage people to use Samba 2.0 for NT PDC functionality (aside from its stability): the upgrade path. Jean François Micouleau pointed out three areas where Samba 2.1 would be incompatible with 2.0 in terms of migrating PDC data: the mapping function for RIDs will change; the SID will change (Samba 2.1 supports multiple SIDs); and mapping of groups and users will change. Unsurprisingly, Luke Leighton agreed: "jeremy, i _do_ want to punish / discourage people from using 2.0.X as a PDC! the MSRPC services are old and ugly; the NT to unix mapping system nails us to some smb.conf parameters i just threw in to loadparm.c so i could get things working." He reiterated the dire warnings of guaranteed upgrade headaches for anyone who committed to Samba 2.0.x as domain controller.

The obvious next question is "OK, so when will 2.1 roll out the door so we can have our PDC functionality?" More than one person asked this, but nobody seemed willing to pin himself down to an answer.

4. Memory-Map Option Going Away

16 Nov 1999 - 19 Nov 1999 (5 posts) Archive Link: "Status of mmap functionality?"

People: Jonathan RozesAndrew TridgellJeremy Allison

Jonathan Rozes wondered aloud (on samba-technical) about the mmap option in Samba: "What is the consensus on the mmap functionality in current versions of samba? I haven't seen much talk about it despite it still carrying the "experimental" label. Are people actively working on it or is it dead in the water for the time being? Just how experimental is it?" It seems he was having some trouble with it on Irix.

Two people unenthusiastically said they used it and it seemed to work, if not with a noticeable speed difference. Andrew Tridgell didn't see the point, though. "I think we should remove the mmap option. We aren't actively testing it and it doesn't really give that much of a performance gain, in fact it can slow things down." Jeremy Allison volunteered, so presumably Samba 2.0.7 will not have this option any more.

5. Problems with Samba 2.03 on VMS 7.2

22 Nov 1999 - 24 Nov 1999 (14 posts) Archive Link: "Samba and VMS 7.2"

People: Oliver LaingJohn Malmberg

Oliver Laing managed to get the Samba server to crash VMS 7.2. He had been running it under 7.1 just fine. John Malmberg explained that since part of Samba runs in kernel mode using the SYS.STB library, you must relink it upon upgrading VMS. He was not sure this was the problem, however, since in theory the VMS Image Activator should have refused to run SMBD in the first place, due to the kernel version mismatch.

The next day, having upgraded to Samba 2.03 (from 1.9.x), Oliver reported VMS complaining about "Double deallocation of memory block"; the day after, he had several complaints from memory leaks to files appearing and disappearing on him. He decided to downgrade back to Samba 1.9.x for the time being, since "I ONLY have live systems - cannot afford play machines" . Meanwhile John Malmberg and Paul Blenderman confirmed that at least the crashing bug Should Not HappenTM, but that to keep this from bringing down the whole system, Oliver should set BUGCHECKFATAL to 0: "BUGCHECKFATAL should only be 1 if you are DEBUGGING OpenVMS or a device driver. Very rare for a customer site." John added, of Compaq's VMS support, "In my experience, something that reliably crashes a machine outside of KERNEL mode code will get very fast attention, and your crash is not pointing it's finger at the only KERNEL mode code in SMBD."

6. Work on NT domain trust relationships

19 Nov 1999 - 23 Nov 1999 (9 posts) Archive Link: "Inter-Domain Trust Relationships."

People: Luke LeightonGreg Dickie

Luke Leighton has been working on domain trust relationships. NT domains can be set up to "trust" each other, so that a controller of a "trusted" domain can manage users for the "trusting" domain, and so forth. Specifically, Luke has been working at allowing an NT domain to "trust" a Samba domain (not the other way around, so far). "however... the file permissions are going to be a bit screwed, as i haven't added code to map TRUSTED_DOMAIN\remote_user on to unix users, yet, i.e i need to modify lib/domain_namemap.c to take this into account. at present, i actually don't know what would happen :-) let's see..."

The next day he had a progress update:

there's unfortunately some weird stuff in the "network" response that, if i don't get it right, will stop USRMGR.EXE from being able to set user passwords if you run it from the remote NT box on the samba domain.

... but the method microsoft is using is so unbelievably insecure you don't really want to use it anyway. i'm told that using NTLMv2 makes it more secure, but until i actually implement it, i can't confirm that.

Greg Dickie decided that Luke was having so much fun he might be interested in a to-do list:

If you are looking for more stuff to do I have a couple of ideas:

  1. change the attributes of a service with rpcclient (eg: username)
  2. Add functionality (a la at) to interact with the task scheduler service to add jobs etc.

They went back and forth a bit, but Luke finally concluded, on the second point, that "it's more involved than it seems. there are 4 or 5 svcctl functions, PLUS some Lsa ones too," and "interesting: i didn't know that there even existed LsarCreateAccount() or LsarEnumPrivilegedAccounts() calls!" Greg was visibly shaken: "Don't hurt yourself ;-)"

7. Format(s) of maintained documentation

22 Nov 1999 - 25 Nov 1999 (13 posts) Archive Link: "O'Reilly book"

People: Andrew TridgellDavid Collier-BrownAndy Oram

Andrew Tridgell announced the availability of the "source code" ( for the new O'Reilly book. This is to be maintained by the Samba Team, and Tridge opened the discussion of how to keep the text of the book in synch with other Samba documentation and, of course, in synch with reality. In particular, he said,

We want the following conflicting things:

  1. keep formatting close to original so that O'Reilly can base future print runs direct on our version
  2. have it editable without a GUI editor
  3. diffable format
  4. make it human readable in "raw" format

is all of the above possible? Ideas welcome.

Lots of people had ideas on that one. Several people wanted to keep the book in FrameMaker format and generate all other documentation in other formats directly from that. Others voted for SDF, others for YODL (what is used currently).

David Collier-Brown suggested keeping a text-based format and manually updating O'Reilly's FrameMaker source every now and then. Tridge wasn't having any: "If we have any manual steps in syncing between formats then it just won't happen. I know that right now people might think that manual patching is OK, but think about keeping that up for the next 5 years with Samba reaching version 8.0." David disagreed, saying that "One editable format is a good thing, but it does not need to generate commercial-typesetter-ready copy in the short run: the dead-tree publishing business can survive without it."

Just when we thought the thread had died of indecision and great unrealized ideas, Andy Oram, the man at O'Reilly who edited the recently released book, popped up. His take on the issue: "The ideal solution (at least, to my mind) is to keep the master version in SGML or XML format, maintained in the Samba CVS repository." He explained that the book had originally been in SGML format already, but that O'Reilly had converted it to FrameMaker because at the time they didn't have good SGML tools available. This is changing rapidly, so SGML (specifically the DocBook DTD) looks like a good choice again. Unfortunately the book is not yet in DocBook format, as the O'Reilly people had some trouble with their conversion tools from FrameMaker and have had to do a lot of manual (no pun intended) editing.

If the DocBook (or some other SGML/XML) format works out, it will actually meet all four of Tridge's original criteria. This does depend on whether O'Reilly can produce good print copy directly from the SGML, but Andy believes they can.

8. Profile troubles

22 Nov 1999 - 25 Nov 1999 (11 posts) Archive Link: "Roaming Profile Problem driving me nuts"

People: Jerry CarterMatthias WächterSeth Vidal

There were three short threads about Windows user profiles. (Your editor knows from bitter experience that these can cause a lot of administrative headaches.) In one instance, Glenn McGregor wasn't getting his Windows settings saved; Seth Vidal pointed him to the samba-nt-dom FAQ. It came out that Glenn was using Samba 2.0.6, which doesn't have the necessary support yet. A bit later he was back, having switched to Samba 2.1 prealpha, and things were still not working -- some settings were not being saved. Jerry Carter theorized, "The problem sounds like NT cannot write to the user portion of the registry due to a SID issue."

Still mucking with his profiles, Glenn asked everyone why he was unable to set his system time during login with the NET TIME command. This one turned out to be a client-side permissions issue, though having time server = yes in smb.conf didn't hurt. Matthias Wächter agreed, but added:

But it's better to use a service on your NT box to synchronize the time. You can get freeware solutions for this.

Take a look at and (eventually commercial).

In an unrelated thread ( , Steve Litt had a problem with one Windows98 machine recognizing roaming profiles and one not. As it turned out, the "problem" Windows98 box had its clock set wrong, being in a different time zone from the server.

In yet another thread ( , Carsten Schabacker asked about his Windows machine detecting a "slow link" and offering to use cached profiles rather than freshly downloading them. Thanks to Jerry Carter, we now know that this is a feature you can enable or disable with the NT Policy Editor -- or directly in the registry if you like doing things the hard way.

9. Two small Samba bugs found & fixed

24 Nov 1999 - 25 Nov 1999 (5 posts) Archive Link: "Samba 2.0.6, MKS' touch.exe, and file/dir time stamps"

People: Jeremy AllisonDon McCall

H.-P. Ermert couldn't get the NT `touch' command to update file timestamps on a Samba share. Neither the MKS Toolkit version nor the Cygnus (GNU Fileutils) version worked, and Don McCall reported that the NT "native" touch command didn't work either. Jeremy Allison found a bug where Samba was returning True rather than False, thus appearing to succeed when the user didn't have the proper permission. Jeremy's patch didn't help, though. The next day H.-P. reported having gone through some differences between Samba 2.0.5a (which worked for him) and 2.0.6 (which didn't) and found a "MIN" function that had been changed to "MAX"; when he changed it back, everything worked. Other users also reported success with this patch.

10. Changing passwords on NT services

23 Nov 1999 - 24 Nov 1999 (6 posts) Archive Link: "CVS update: samba/source/include"

People: Luke LeightonStephen WatersPhil Mayers

Luke Leighton was commenting, on samba-ntdom, on a CVS commit he had just made: "attempted a svcset command." His conclusion: "i tried. will need a server-side implementation of service control manager, plus a series of complicated-looking Lsa functions, in order to receive svcctl APIs and decode them one by one." He reminded the world: "network reverse engineering is tedious, tedious..."

Phil Mayers appreciated what hard work Luke was doing, but wondered if anyone was working on splitting Samba up into a more layered architecture, which he felt might make some of these tasks more manageable.

Meanwhile, in response to Stephen Waters' incredulity that it took so much effort "just to tell an NT box to change the username/password for a service? suck-o-rama," Luke gave everyone a taste of what the Samba people working on the NT Domain Services are up against:

yeah. otherwise i can't work out how to decode the passwords. that's the way network reverse engineering works. you bootstrap yourself up by observing, then implementing a client request in your own client, then firing at a server, and then observing and then implementing a server response in your own server, and then moving on to the next request / response.

11. UTMP support still not there

22 Nov 1999 - 23 Nov 1999 (7 posts) Archive Link: "followup on utmp/wtmp logging?"

People: Harald HanneliusDavid LeeDavid Collier-BrownJason Haar

Harald Hannelius raised the question: "Has there been any more talk about the recent question about utmp/wtmp support in samba?"

R.S. van Hook described a simple procedure: using the root preexec and root postexec directives in smb.conf to send login/logout events to a log file, and parsing said file with a short Perl program.

David Lee had the real answer, though. "It was me, I think, who first asked about this some months ago. As far as I recall, there was no response. So I went ahead anyway and have done patches for 2.0.4(b) and 2.0.6 . They seem to work fine on our Solaris 2.6/2.7 systems, which can use the "x" form of utmp/wtmp."

David had to report that, despite reading lots of man pages, he never was able to get "utmp" (as opposed to "utmpx") files to play ball. He asked for help on this one. Then he went into a short discussion about four different patches he had produced for Samba, and the mixed reception they received in terms of being integrated into the main source.

David Collier-Brown had meanwhile suggested, instead: "Optionally, you could write a small stand-alone program that's vendor-specific to update utmp. Perl might be an obvious language to use..." Jason Haar added that the sessreg command, commonly found on Unix systems, already does exactly this -- but then added, " However, note that logouts hardly ever occur. I ended up with 100's of people "logged in" for months before I realised WinBlows has a million-and-one ways of disconnecting from a share - of which only one is a formal logout (that would run postexec). "

12. Tridge Addresses Complaints

25 Nov 1999 - 26 Nov 1999 (5 posts) Archive Link: "maintainence [sic] change proposal"

People: Andrew TridgellPeter PolkinghorneDavid Lee

This is a followup to the previous thread, actually. Some had begun grumbling (good-naturedly) about the difficulty, for "outsiders", of getting new patches integrated into Samba, new functionality considered. (Your editor remembers sending in at least one Samba patch (an AIX integration feature) which vanished into the mists, so he can affirm this.) Andrew Tridgell posted a fully-conceived plan for changing the way the team does business. It is too long to quote here; read the post ( for details. Briefly, though:

Status quo: ( is a mailing list these "outsiders" most often send patches to. These patches end up on a private JitterBug ( -managed site, to which team members have full access but, for various (good) reasons, nobody else can see at all.


Peter Polkinghorne (original "complainant") was happy to hear these ideas, as was David Lee. Discussion will probably continue, so this newsletter may cover more next week.







Sharon And Joy

Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.