Table Of Contents
|1.||26 Feb 2000||(1 post)||VMware Fixes License Violation|
|2.||18 Feb 2000 - 21 Feb 2000||(85 posts)||Windows95 and Beer|
|3.||21 Feb 2000||(8 posts)||LDAP and the Legendary Feature Freeze|
|4.||21 Feb 2000 - 22 Feb 2000||(11 posts)||Auto-Generating RPC Interface Stubs|
|5.||21 Feb 2000 - 23 Feb 2000||(7 posts)||Using Long Usernames|
|6.||22 Feb 2000 - 23 Feb 2000||(12 posts)||More SAMBA_TNG Debugging|
The theme of the week has been Windows95. In the ever-exciting
SAMBA_TNG code branch, Windows95 support has been on back
burner for quite some time. (See BROKEN KCREF for why this might be the case.) Much of
this week's list traffic has been about getting Windows95 to work with
SAMBA_TNG again. Good news for some people out there, to be
sure. [Note that Windows98, from the perspective of a Samba server, is
very nearly identical to Windows95, so generally when we say "Windows95" we
mean both of them.]
Mailing List Stats For This Week
We looked at 454 posts in 883K.
There were 145 different contributors. 53 posted more than once. 44 posted last week too.
The top posters of the week were:
1. VMware Fixes License Violation
26 Feb 2000 (1 post) Archive Link: "Samba in VMware (Was: Another GPL violation?)"
People: Regis Duchesne, , Greg Dickie
Maybe it was Greg Dickie's original e-mail to VMware. Maybe it was our
coverage in BROKEN KCREF. Maybe it was the Linux Weekly News coverage (http://lwn.net/2000/0224/devel.phtml)
of our coverage. One way or another, something got VMware's attention with
regard to their Samba licensing issue. Regis Duchesne of VMware posted this
I just wanted to let you know that your voices have been heard, and that the next release of VMware will do the following:
A file called SAMBA-LICENSE will be always installed in
/usr/doc/vmware by default) when
VMware is installed.
This file contains:
Again, sorry for the delay, but we are at least as busy as you guys are :)
[While we commend VMware for taking the time to deal with this, we are not really surprised. Years ago we used to worry about what would happen when a company tried to violate the GPL either from carelessness or for competitive reasons. Would we notice? Who would sue them? Would the court system uphold the GPL, or could a company just get away with it? More recently it has been demonstrated, in several cases like this one, that we needn't have worried. Companies tend to realize that their reputations are much more important than whatever they might hope to gain by violating open-source licenses.]
2. Windows95 and Beer
18 Feb 2000 - 21 Feb 2000 (85 posts) Archive Link: "TNG works with Win2k, fails with Win98"
People: Pat LoPresti, Lonnie Borntreger, Luke Leighton, Richard Sharpe, Greg Leblanc, Karl Denninger,
Pat LoPresti kicked this one off on
"We have been authenticating Win98
users against Samba 2.0.5a for a long time, but I need a real PDC by
next week (ahem) or the Powers That Be just might start imposing a real
SAMBA_TNG and it
worked fine with Windows 2000, but unfortunately, none of his Windows98
clients could log in. He was more than willing to help track down the
"I have a 55K level 10 debug log of
the entire failed effort; I would be glad to send that and my
smb.conf to any interested parties. I am also a
reasonably competent C hacker with lots of spare time available this
Now it happens that this is a known problem; people have been
complaining off and on for quite some time about
botching the Windows95/Windows98 logon procedure. The person best
qualified to fix this, Luke Leighton, is counted among the
Windows95-haters of the world, and refuses to install that on any of
his machines for testing. Some time ago he offered to fix the problem
but only if someone could get him network traces of a Windows95 machine
logging into an NT domain controller. Lonnie Borntreger noted this,
"I've asked for someone to do
that trace several times in the last 4-6 months, and no-one has stepped
forward and done it."
Pat was puzzled:
"Why is this necessary? I can authenticate 98 against Samba
2.0.x just fine; why is a netmon trace of that process not
sufficient? Or, why can't TNG authenticate 98 machines the same way
specifically need to know EXACTLY what the difference between a win9x
UDP 138 request and an nt one (
SAMQUERY) and i need to know what the
responses are --- from an nt server. samba is not sufficient
for this task."
Richard Sharpe decided to try his hand at debugging the problem,
though not for lack of other things to do. He had network traces and
started reading them.
"Samba-TNG has no
problems with the logon request being sent by Win95, and even returns a
response that Win95 can understand. However, when Win95 tries to
IPC$ using a
Samba-TNG returns a bad password response. This seems to be a problem
with the LM# that Win95 is sending, and perhaps Samba-TNG is expecting
Pat was excited:
"If you get
this working within the week, a case of beer (*) of your choice is on
me. I do not know how I will get it to Australia, but I will find a
Richard and Luke went back and forth a bit hunting the bug. Some eight hours later, Richard found it:
Luke, You IDIOT!
When you cut and paste, you have to make sure you fix up the variable names.
All it was that was preventing Win9X clients from logging in and
accessing Samba TNG was that you were calculating
MIN(nt_chal_len, sizeof(lm_owf)) when that should have
lm_chal_len!! Of course it was zero and as a result
you were passing through an initialized buffer instead of the
In another message, he claimed his case of beer:
Now, from Win98 I get:
You were successfully logged on to SAMBA1 as win95user by \\LINSRV1 with USER privilege.
Make it Sam Bass please. We drink real beer here in Oz :-) Actually, I would not advise sending a case of beer to OZ. Keep it until I get to a conference in the US! Then we can share it among the members of the team who are there.
Pat replied with a partial success report: "OK, current CVS works a lot better, but I still have two problems. First, my Win98 machine still fails to log on the first time I try, but works the second and subsequent times. I am not even re-typing the password; I just click "OK" the second time and it works. If, after it is working, I wait a few minutes *or* try to log on as someone else, it again fails once and then succeeds. Second, my netlogon script is not running for Win98 nor for Win2k (is it even supposed to for the latter?)." He later found and fixed the latter bug: "I think I found the bug. In sampass.c:getsamfile21pwent(), you are checking a bunch of char *'s in the "user" structure against NULL to see if you need to fill them in. The problem is that they aren't NULL, they are just empty; so things like the logon_script field end up empty instead of acquiring their proper values from the smb.conf file. When I fixed this, my logon scripts started working again." He appended a patch, which Luke acknowledged.
As for his one remaining problem, the intermittent login failures,
he and Luke narrowed it down over the course of a few messages.
Ultimately, it turned out to be a problem with Pat's CVS checkout. As
param/loadparm.c it should have
machine_trust_password_timeout = 60*60*24*7, if
there's a line saying
=60, you got a cvs update
just when i was doing some tests :)"
This is indeed
what happened: Pat's Samba server was changing trust account passwords
once a minute instead of once a week. Luke continued:
"however... it seems like you've brought up a
really important point: there is a race condition that can
result in intermittent login failures. hmmm.... hmmm..... how am i
going to fix this? i store the old value, but that's kind-of tacky,
reading new value of
$MACHINE.ACC and old value of
$MACHINE.ACC and checking two logins!"
"thanks for finding this, it would have
been one of those bitch-to-find bugs as it would only come up once a
A reasonable fix, he decided, would be if the server only
changed its trust account password when it wasn't in use. Finding such
a window of opportunity once a week should not be a problem, he
In another thread (http://samba.org/listproc/samba-ntdom/February2000/0882.html)
, Greg Leblanc asked for a recap of the issue so
"I read all the messages, but I'm still
not clear. What is and isn't working with regards to Win9x machines
logging into a TNG PDC? If it's not working, do you guys still need a
netmon trace? I'm at work today with my PDC and 250 workstations, so I
can get any kind of login traces you might want, but that's not to say
that I can make heads or tails of them."
"richard fixed auth over the weekend. someone else
reported printing not working (needs more details).
srvmgr.exe (win95 versions)
don't work, probably related to GETDC request not being right."
As for the GETDC ("get domain dontroller") response, Richard figured
out that apparently you have to return different information depending
on who is asking (NT or Windows95) -- sending back too much information
to Windows95 seems to confuse it.
Karl Denninger reported trouble building
compiler was crashing. Even bad input should never crash your
compiler, though, so when that happens there's either a compiler bug or
a hardware glitch.
Karl also complained that profiles were not working. Luke knew why: "*sigh*. you're now at the stage everyone else is, where the fact that the NETLOGON connection, over which the profile is obtained, is on an anonymous SMB session. therefore, the profile returned is that of the guest user -- for every single user." A short time later he added: "karl just did a reasonably good hack-fix for it :) i'm cvs committing right now."
3. LDAP and the Legendary Feature Freeze
21 Feb 2000 (8 posts) Archive Link: "[RFC] LDAP user management tools"
People: Inge-Håvard Hunstad, Jerry Carter, Luke Leighton, Sander Striker,
Jerry Carter, some time ago, mentioned that he was working on some tools to manage users in an LDAP database. So now Inge-Håvard Hunstad wanted to know how Jerry was getting along on this: "Was the interest so low that it wasn't worth finishing or did you try to implement it and have a tool ready for alpha or beta testing? If the latter is true then I'm willing to try it:)" Jerry answered, "Well...I wrote an initial script and got distracted by other things. Right now we are in the processing of pushing into LDAP very hard. So I've picked it back up. It's not ready for any release yet. Only command line driven at the moment (no GUI stuff)."
But the thread started to get interesting when Luke Leighton joined
in. He looked at Jerry's original post and it reminded him of
something he had thought of before but never implemented:
"a much more, f you're asking my opinion, noteworthy
and fairly easy task, would be to take the
code and add a switch to print html as well as text. that was actually
the original intention, except i never got round to doing the html.
then, making these programs run as a swat-like daemon is absolutely
trivial. hmm. an interesting, intriguing project :)"
Sander Striker thought he saw it coming. "No Luke No. Not a new idea, please... :-)" Luke's response: "it's not, it's an old one (over 2 years), re-voiced." Sander: "Ok. Ok. You win, just put it in the freezer for now, until after the big code freeze. Any ideas on when this is expected?"
As regular readers will recall from BROKEN KCREF,
there have been rumblings about feature-freezing the
branch for some time, and lately even Luke has been amenable to the idea,
with reservations. In this thread, though, he went further than before:
well, i've basically been idling along now for over a week, just tinkering and fixing things that people report. so it's kind-of already in effect.
if i get bored, there's always
samrtdb (which doesn't
affect anyone else but me, it's not enabled by default).
i'm still taking in code clean-ups and mini-useful stuff from elrond, sander and others.
i still have the "reestablish dce/rpc connection" code to do,i haven't even started investigating this, i'm still thinking about it [including whether to do it].
what else.. there's still a surs implementation to do, and that's a simple, simple bit of code -- behind an API, in a separate library anyway.
Sander Striker thought he understood that last sentence. "Heh heh, so you can freeze and still play around :-)" Luke: "damn, someone noticed."
[This is probably as good a place as any to mention that Luke took issue
with our characterization of him in Issue #11 (sm20000210_11.html#0)
, where we said, "One can
tell that he simply doesn't think in terms of release management." What we
meant, of course, is that from recent-past behavior he does
not appear to think in terms of release management. Our perception is
definitely changing, as he has started pushing out alpha releases of
TNG. Besides, the last time he announced an overhaul of a major
Samba subsystem was at least two weeks ago; he must be serious this time. We
must confess that until recently we did not realize Luke had it in him to
behave this way. Frankly, we are impressed.]
4. Auto-Generating RPC Interface Stubs
21 Feb 2000 - 22 Feb 2000 (11 posts) Archive Link: "(M)IDL compiler"
People: Luke Leighton, Sander Striker, Matt Chapman,
For some time, Samba people have talked about the RPC function
SAMBA_TNG. Every distinct RPC call needed
by Samba has two interfaces, the client side and the server side. In
between, there is the wire protocol -- the actual arrangement of bits
that flow across the network. The interfaces have to convert between
the wire protocol and the internal Samba data structures, and currently
each interface has to take care of this individually, causing code
duplication and endless possibilities for bugs.
Luke Leighton has long been wishing for a way of automatically
generating these interface functions from simple templates, which would
be written in an interface definition language (IDL). (This would
correspond roughly to the XDR layer in Sun/ONC RPC.) The problem is
finding or creating a compiler for the IDL. Luke asked the general
"there were a couple of people i know who were interested in
such a project. please speak now (again), on samba-technical, if you
were or are."
aware of the disadvantages of maintaining, manipulating and adding to
56 THOUSAND lines of hand-crafted msrpc marshalling / unmarshalling and
smb-interface code. if 40,000 of that can be replaced with
auto-generated code i will be WELL happy."
Sander Striker replied: "I'm currently working on an implementation of a MIDL (MS Interface Defenition Language) compiler. I still need to work out the details, because MIDL is underspecified. IDL, however, is fully specified; there is an BNF spec available. I'm now trying to incorporate the MS specific features of MIDL into IDL, for which I have a working parser. I will be posting a BNF spec of MIDL here, for MS techies to confirm (please do!). If anyone has already made the effort of creating a BNF spec of MIDL, I would be very grateful if I could use it for the development of the MIDL compiler." [Backus-Naur Format (BNF) is a convention for unambiguously communicating the context-free portion of a language's grammar. In other words, it allows one to specify exactly what components can be put together in what order to make a valid statement in a given language. BNF, along with Extended BNF, is the de facto standard way to express the syntax of a computer language.] He also posted a link to a BNF specification for the original IDL (http://cui.unige.ch/db-research/Enseignement/analyseinfo/IDL/BNFindex.html) . Luke replied:
apparently, according to microsoft's MSDN RPC info, the only things are:
wchar_t- wide char (16-bit) for Unicode strings.
Matt Chapman chipped in with http://www.opengroup.org/onlinepubs/009629399/ for the IDL used in DCE (the Distributed Computing Environment developed at the Open Software Foundation; DCE RPC is the foundation for Microsoft RPC).
Sander was happy to see the Open Group's IDL specification. "Great! This is exactly what I'm looking for. Looks like MIDL and DCE IDL are almost the same. A cpp_quote must be added, but at a first glance I'm pretty satisfied. I'll start working on this one whenever I get home tonight."
5. Using Long Usernames
21 Feb 2000 - 23 Feb 2000 (7 posts) Archive Link: "Long User names"
People: David Bannon, Ondrej Hanak, Luke Leighton,
David Bannon had a question for
"Who knows about length of user name limits ? I have
been using an old (Oct99) NTDom stream version in a production
situation (NT4sp4) and have just found that our IT department is making
student logon names as long as 15 characters."
that users with long usernames were able to log in, but could not map
their home directories.
Luke Leighton thought it might be a limitation of the underlying
Unix system. (Traditional Unix had an eight-character limit on the
lengths of usernames and passwords. This is why
ls -l uses the field widths it does for the names of
users and groups.)
But Ondrej Hanak had more details on the situation at hand:
"Users with too long (e.g. 13 chars) usernames (cause
big change from NT server to SAMBA, all users we accomodated on Linux)
did't have H: drive mapped as others. I can see that user's home of
his/her name in share list, but after effort to connect to this share
error message appeared: "Can't find share name..." I solved this
problem by mapping homes in user's login script
net use h: \\server\homes). Can anybody
explain what's wrong?"
"ah! that is a limitation of NT - 12 chars is the maximum
share length. you can change the location of profiles to
\\server\homedirs\%L\profile and the problem will go
Almost as an afterthought:
upgrade to nt5, and the problem will go away."
6. More SAMBA_TNG Debugging
22 Feb 2000 - 23 Feb 2000 (12 posts) Archive Link: "joining a domain works, but login fails"
People: Lars Kneschke, George Cameron, Pierre Hjälm, Luke Leighton,
Lars Kneschke, maintainer of the Samba-TNG
, was trying to update the FAQ, but got stuck while installing a
fresh copy of
TNG. He posted to
"I can join the domain, using the join dialog
from networksettings(under windows nt). I have not created a
workstation trustaccount with rpcclient before. I created a password
entry for root in smbpasswd and created a unix user for the
workstation. After that i was able to join the domain. But after
reboot i was not able to login. The error message was: computer
account does not exist or the password is wrong. (translated from
german) I can't find something wrong in the log.files."
reported a bus error crash with
George Cameron replied,
there may be a bug in
samedit where it incorrectly uses
pdc's username+password for the local machine, but it works if they
happen to be the same (and as long as you remember to update your
domainuser.map, which I hadn't!)."
As for the
rpcclient crash, he said:
There seems to be a problem in the code page code. If you
comment out the call in
#if 0 codepage_initialise(lp_client_code_page()); #endif
(line 1475 in my version, recently updated), the command line programs should work again, and stop overwriting the binaries with zero-length files :-o
Pierre Hjälm tracked down the actual
"Actually, it's a problem with the
debugging/logging code. Someone (no names) decided it would be a good
idea to take the name for the log file from argv. That works if you
happen to have rpcclient in your PATH but if you have to start it by
giving the whole path to it, it will overwrite the binary."
"that explains why ... *muur*! can
u try 2 fix it and send me a
diff -u patch?
The source file
client/client.c from a recent
TNG checkout appears to still have the bug as we go to
Sharon And Joy
Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at kernel.org. All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.