Table Of Contents
|1.||12 Mar 2000||(3 posts)||Unix Attributes Shell Extension|
|2.||13 Mar 2000||(3 posts)||Disappearing Automounts|
|3.||13 Mar 2000 - 14 Mar 2000||(6 posts)||Samba-TNG Alpha Release (1/4)|
|4.||13 Mar 2000 - 17 Mar 2000||(21 posts)||More Samba-TNG 0.15 Problems|
|5.||15 Mar 2000 - 17 Mar 2000||(11 posts)||Samba-TNG Alpha Release (2/4)|
|6.||15 Mar 2000 - 16 Mar 2000||(5 posts)||Samba 2.0.6 Problems & Solutions|
|7.||17 Mar 2000||(2 posts)||ACL Support Coming Soon|
|8.||17 Mar 2000||(6 posts)||Samba-TNG Alpha Release (3/4)|
|9.||17 Mar 2000 - 18 Mar 2000||(4 posts)||Samba 2.0.7-pre2 Released|
|10.||18 Mar 2000||(1 post)||Samba-TNG Alpha Release (4/4)|
The story this week is alpha releases. Five of them happened within the scope of this week. Jeremy released the second pre-release of Samba 2.0.7, and Luke released four of his Samba-TNG branch. There is still no firm date for 2.0.7 (is there ever?) but it is getting ever nearer. As for Samba-TNG, it is starting to work correctly for more and more people. TNG is still not recommended as a file server; the recommended setup is to use it for domain logins only, and use a stable release for file service.
Mailing List Stats For This Week
We looked at 429 posts in 837K.
There were 207 different contributors. 76 posted more than once. posted last week too.
The top posters of the week were:
1. Unix Attributes Shell Extension
12 Mar 2000 (3 posts) Archive Link: "Unix attributes shell extension"
People: Gunnar Degnbol, , Luke Leighton
Gunnar Degnbol announced a rather cool new utility for Windows (still in development, of course):
After a discussion with Luke Leighton I have written a Windows shell extension for changing Unix file attributes.
The shell extension adds a property page with a lot of checkboxes for files on networked drives (tested with Samba, NT and NetWare 3.20). It does not do anything yet, but most of the shell extension technicalities are there. It can be downloaded from http://www.danbbs.dk/~degnbol/software/uae-0.02.zip.
I have defined two RPC functions,
GetSMBPath(), that are needed for this to work. I
am not sure what kind of RPC connection to make, or where in Samba to
put it in. The IDL file is included with the program.
GetSetUnixAttributes function is based on the NFS
functions GETATTR and SETATTR, but without the NFSisms. If
SetUnixAttributes() returns the old attributes, and
allows attributes (permission, uid etc.) to be set individually,
there is no need for a
GetUnixAttributes(), so I have
In addition to the information returned by
GetSetUnixAttributes() can return the user and group
names, the unix path and the target of a symlink (unix filename).
It should be able to set the permissions and the user and group either as IDs or as names. The context for the IDs/names is supposed to exist in the users head. It should not be able to create symlinks, nor to move files.
I also put a
GetSMBName() function in the IDL file,
to convert a unix file name to a SMB share/pathname. Because of
symlinks it is not possible to make this work for all shared
directories, but a function that works in simple cases (directly
below a shared directory) is still useful.
Win2K has some new new shell interfaces, among them IColumnProvider. It provides extra columns or replaces existing columns in Explorer's detail view.
There was no reply, except to say that he'd gotten the URL wrong. [The URL above has been emended.]
2. Disappearing Automounts
13 Mar 2000 (3 posts) Archive Link: "Samba vs Sun automounter"
People: Dave Collier-Brown, Mike Gerdts,
Dave Collier-Brown came across a potentially useful tidbit.
A moderately-frequently asked question is "why do automounted directories in shares disappear?"
The old answers were:
A new answer (0) was just suggested by a Sun techie: add a "browse" option to the automounter map entry, to make them appear even when they're not mounted.
Could someone with appropriate permissions add this to the FAQ?
Mike Gerdts added, "This option was added in Solaris 2.6. Please note that Solaris 2.5.1 and earlier do not support it."
3. Samba-TNG Alpha Release (1/4)
13 Mar 2000 - 14 Mar 2000 (6 posts) Archive Link: "samba-tng-0.15.tar.gz"
People: Luke Leighton, Karl Denninger, Michael Breuer, Jamie Ffolliott, , Jacob Jensen, Jean-François Micouleau
The roadmap for how the NT domain controller functionality will eventually hit the mass market is an interesting one. The Samba Team generally agrees that the HEAD branch of code is what will eventually become Samba 3.0, and its main release goal is to be a stable domain controller. Currently, though, the MS-RPC code in HEAD is so outdated compared to that in Luke Leighton's Samba-TNG branch that merging the two would be extremely difficult. (Jean-François Micouleau tried once and gave up.)
Jeremy has long said that he would like nothing better than to copy Luke's RPC code straight into the HEAD branch, and would do so except for concerns over the stability of the code. It seems Luke is now addressing those concerns, as he has started pumping out alpha snapshots of the TNG code. The "release notes" for snapshot 0.15:
thanks to elrond for spotting an issue where groups were not being returned in a login. this is likely to fix some of the profile issues reported, plus an nt login of administrator will allow the expected privileges (right to shut down the box, etc).
we're getting there.
we've had one report sayin that printing works (but printer browsing doesn't) using an explicit connection to a known printer.
Karl Denninger elaborated about the printing issue:
"That's me, and it definitely does work. I've printed a
couple thousand pages from Microsoft Office and other applications
(Quicken, etc) since cutting over to TNG. This is from Win2k; Win98
Jacob Jensen asked how he did it. Karl was
"Just put in
\\SERVER\printer-name when it asks you for the name of the
network printer. Attempting to browse for it does NOT work;
you get "printers" as a folder, which doesn't have anything in it (and
that is VERY different behavior then you get under 2.0.6, which also
Meanwhile, Jamie Ffolliott and Michael Breuer reported continuing problems with profiles.
4. More Samba-TNG 0.15 Problems
13 Mar 2000 - 17 Mar 2000 (21 posts) Archive Link: "NT 4 login problems"
People: Luke Leighton, Lars Kneschke, John Weber,
Sean Millichamp posted several log snippets showing problems he was
having with Samba-TNG and a standalone NT server. He had just updated
to the 0.15 alpha release. Luke didn't think the information was
"follow standard procedure,
see TNG faq debug instructions. first thing, send smb.conf. second
thing prepare to recompile with
third thing,, prepare debug logs level 100."
He also had several
theories on what might be wrong, and asked for more information.
Lars Kneschke asked, "Could this be a potential problem? I have installed nt server standalone at home." Later he said that as far as he could tell, NT Server and NT Workstation had the same problems with Samba-TNG.
Sean posted back with his
smb.conf file and sent some
log files directly to Luke, who replied:
i think i've got it. two out of two people who have login
problems are using
netbios name = somethingotherthanthednsname".
try removing "
netbios name = " from the
smb.conf, and let me know if it works."
John Weber burst the
"I have this problem (and I've
posted it recently) and I've always commented out the netbios name
line. So 2 out of 3 who have login problems are using
netbios name = somethingotherthanthednsname"."
Luke then spotted another problem with Sean's
"also, it doesn't help hthat your root
user ntry has no uaccount control bits (it should be marked as
[U ] like the others, to indicate that
it's a user. i don't know how this occurred. manually edit the
smbpasswd file to corret this, ok?"
5. Samba-TNG Alpha Release (2/4)
15 Mar 2000 - 17 Mar 2000 (11 posts) Archive Link: "samba-tng-alpha-0.16.tar.gz"
People: Luke Leighton, Tom Crummey, Elrond, Michael Hulet, , John Weber
Luke's release notes for Samba-TNG Alpha 0.16:
"ok, i noticed some word-order issues in join-to-domain for
the smbpasswd sam database option (i normally use
--with-sam-pwdb=tdb so did not notice this). when you
have a workstation join to a tng domain with smbpasswd file as the sam
database, it should now set the trust account password
correctly, and this will have been noticeably failing before on any
non-intel-word-order machines such as sun ultras and dec alphas
Tom Crummey reported failure joining a domain. He posted various details, but the interesting part was: "The fact that I can continue to log in from another Win 2000 system which joined the domain before Tuesday 7th March with no trouble indicates to me that the workstation account password is being written incorrectly into the smbpasswd file. I was encouraged to see that Luke had found some more word order problems in relation to the smbpasswd file, but unfortunately, there must still be some more."
Elrond suggested that Tom try a particular
command, and Tom posted the output, where the command failed. Elrond
"Okay... That looks like more byte-order
fun... since I realy don't know much in that area... You have to wait
for Luke to look at your log."
John Weber and Clair Roberts, meanwhile, reported success in this
area. Michael Hulet tried running on a Compaq Alpha:
"I joined the new domain with no problems. I
received the "The system cannot log you on to this domain because the
system's computer account in its primary domain is missing or the
password on that account is incorrect" I had a
netbios name = in my smb.conf but removed it and
still the same problem."
Luke repeated his standard
how-to-report-bugs schtick, finishing with:
"examine log.samr for a "
that shows the password being set for the workstation trust account, it
will be a big chunk (516 bytes of trash) of data, followed by the tash
being decoded, and the password should be
the-workstation-name-in-lower-case-unicode. DAMMIT i need nt, this is
6. Samba 2.0.6 Problems & Solutions
15 Mar 2000 - 16 Mar 2000 (5 posts) Archive Link: "Samba 2.0.6"
People: Joachim Backes, Jeremy Allison, Glen Gibb, Herb Lewis,
Joachim Backes had two problems with Samba 2.0.6 running on an SGI Origin 2000 server:
smb.confif have an entry as
log file = /usr/local/samba/var/log.smb-originThen, after samba is started, this log file is created. So far so good. But an additional log file is created called "log.smb" whose name cannot be controlled in the smb.conf file. Any workaround?
Jeremy Allison explained the first problem: "Known issue when compiling with gcc on IRIX (system call structure passing problem). This should be fixed in 2.0.7." Herb Lewis offered an explanation for the second question, and Glen Gibb offered an actual solution: "However, you can change the name of the log file by specify the "-l log_file" option when you start smbd to use another name other than log.smb (or I think you can specify the default name when compiling)."
7. ACL Support Coming Soon
17 Mar 2000 (2 posts) Archive Link: "Not a bug, but a short wish-list..."
People: Jeremy Allison, Bill Jojo,
Frank Rodolf had sent Jeremy Allison private mail asking about
support for ACLs, especially on HP-UX, Solaris and Red Hat Linux.
Jeremy replied to the
"Yes, this is being added (probably for 2.0.8) specifically for
HPUX (and maybe also IRIX and Solaris). Linux & FreeBSD don't have
filesystem ACL support yet so this will have to wait on Linux and
FreeBSD. HP & SGI engineers are specifically working on this (thanks
Jeremy has hinted at this several times
in the past, but never (to our knowledge) given these specifics.
Bill Jojo put in, "FYI: AIX also has ACL support..."
8. Samba-TNG Alpha Release (3/4)
17 Mar 2000 (6 posts) Archive Link: "samba-tng-alpha-1.0.tar.gz"
People: Luke Leighton, Michael Hulet, Seth Vidal, Aaron Brooks,
Yet another TNG alpha release, this one labeled "1.0". The difference between 0.x and 1.x alphas has not been revealed; one suspects it is arbitrary. Anyway, Luke's release notes this time:
using nt5 beta1 (desperate measures, i know), i confirmed that there was a problem with joining-to-domain, which may not be a problem with nt4 because nt5beta1 may use different password-set mechanisms from nt4.
i still have not been able to confirm that non-intel-byte-order password sets will work, although i have added the code to do this.
if anyone is having difficulty with TNG, still, i recommend that
you delete the entire
var/ directory and if you are
using smbpasswd as your SAM back-end, delete the entire
private/ directory, recreate
private/, do a
touch private/smbpasswd and start again.
Michael Hulet posted a partial-success report.
"I was able to join my NT Workstation Service Pack 3 to the new
domain using the create a Computer Account in the Domain checkbox. The
smbpasswd looked correct. Only the root user was able to create a
computer account, however. After rebooting, I still received the
computer account is invalid. I stripped almost everything out
/etc/group and all of a sudden root can log in. I logged
in as myself and it took about 12 minutes to log in. I also lost my
Luke spotted a possible problem
ok, this is a known issue with the
you cannot have the same username as a groupname or vice-versa on the unix side.
if you do, the lookups from unix names to nt names will fail, because nt namespace is expected to be unique, therefore login and access will also fail.
nt namespace uses unique names amongst users, groups, aliases and domains. a name is resolved to a SID and a type, therefore must be unique in order to do this.
make sure that all non-unique names are mapped to unique nt names,
using the domain user/group/alias/builtin map options.
This wasn't something Seth Vidal wanted to hear. "This is going to hit A LOT of people - especially debian and redhat users. Redhat and debian setup usergroups by default (user and group name are the same and is the default group for the user) - this will mean A LOT of munging passwd and group files. is there anyway around this? ugh."
The estimable Aaron Brooks (see Issue #11, Section #5 (sm20000210_11.html#5) ) was alarmed:
IEEEE!!!! I hope there is a way around this... I just finished a very involved (and pretty sweet) system of NETBIOS aliased virtual servers that use heavy macro expansion on their name to do stuff like:
[public_html] copy = root
comment = %L %S directory
force user = %L
force group = %L
path = %H/%S
force create mode = 0755
force directory mode = 0755
read list = @users
write list = root, @%L-prof, @%L-web
valid users = root, @users
Actually this is slightly modified... some of the above lines actually appear in the "root" share. (about half of them) but just so you can see what's happening. This allows me to be pretty flexible. All I do to give someone access to a share is add them to a UNIX group. We do a lot of projects where people work both on the UNIX (mostly Linux) and the NT side of things pretty evenly and having one point of maintenance is really important. Please say that this can be worked around, please....... (stupid NT monolithic namespace!!!!)
Luke had two possible solutions to this problem:
option 1 - use -DSMBPASSFILE
abandon the domain_namemap.c code and use the smbpassgroup code i started writing as a replacement option for this.
what that does is it doesn't use the
/etc/group entries at all.
the expected usage is to have scripts that take
/etc/group and create
only when a user is added to an nt group or an nt alias
/etc/group file be checked, and names validated
to ensure that they are unique.
it's a lot of work: about three weeks full-time, at a guess.
option 2 - add checking into
verify that a name that maps to both a unix name and a unix group, the unix name takes precedence.
this is nasty as hell, because let's say someone tries to create a file with a unix group root, are you going to reject the file create because there is also a username root????
answer: YES! with a damn big warning in the log files saying hey, stupid, map the unix group "root" to something that doesn't clash with the username "root", because i said so, don't argue, just do it.
it increases the complexity of the already-over-complex
how many times have i said i hate
Nobody seemed to have any better ideas, unfortunately.
9. Samba 2.0.7-pre2 Released
17 Mar 2000 - 18 Mar 2000 (4 posts) Archive Link: "Samba 2.0.7pre2 snapshot released."
People: Jeremy Allison, , Giulio Orsero
Jeremy Allison announced the second prerelease for Samba 2.0.7, which is expected Real Soon Now:
This is the second snapshot of the code that should become the official Samba 2.0.7 and is feature complete (ie. I'm only going to accept bug fixes, not more features).
This is not production code, but should work well as a file and print server, and contains fixes for all known Windows 2000 bugs.
Please download and test this code and report back any problems to email@example.com (mailto:firstname.lastname@example.org) . Your help in this will make the official Samba 2.0.7 release better for everyone.
The RPM packaging for this release is not yet complete, so only a source code tarball is being made available.
To everyone who contributed patches, many thinks, and please download and test this code to ensure that the functionality you wanted has been correctly implemented in the code.
Giulio Orsero had a long list of remaining problems. It was basically an update of the list he gave in Issue #11, Section #3 (sm20000210_11.html#3) . Rick Lake submitted two patches for QNX.
10. Samba-TNG Alpha Release (4/4)
18 Mar 2000 (1 post) Archive Link: "samba-tng-alpha-1.1.tar.gz"
People: Luke Leighton,
One more Samba-TNG alpha. Luke has really been pushing these out the door. Release notes:
i fixed a problem with nmbd's GETDC response, it is responding better but still not perfectly (and 2.0.x and cvs main need to be fixed, as well) as there exists no explanation for the correct response to locate a Domain Controller using GETDC.
the upshot of fixing this is that joining an nt workstation to a TNG domain is now _extremely_ fast: a couple of seconds, if that, and USRMGR.EXE comes up very rapidly, too.
i concluded that there is a lot of confusion being caused by using smbpasswd to add users to a domain. the default behaviour on creating a user is to create the user with no password and account "disabled", followed by changing the password. this results in, with smbpasswd, the account being created with the correct password, but the account disabled.
please use samedit. samedit's "createuser username -p userpassword" command goes through a series of instructions that include creating the account (which is automatically disabled when created), followed by setting the password, followed by enabling the account.
i have already disabled smbpasswd -m and -j options: i am considering just disabling smbpasswd altogether, however i know that people are _not_ going to like that, so really should implement smbpasswd in terms of samedit commands.
elrond continues to send in daily patches that ultimately will help merge TNG with cvs main, by getting TNG more cvs-main-like.
if anyone else wishes to assist with this, please notify everyone of your interest by responding to email@example.com, and we can take it from there.
profiles are still not operating correctly, i do not know why, it is beginning to irritate me enough that i am probably going to do something about it.
i now have, from various sources, legitimate versions of NT 5 and NT 4 installed in vmware 2.0 sessions. i am not entirely happy with this: i can only run one vmware session (i am using just xinit not X, i don't like graphical OSes) at a time. my thanks to darryl for his assistance, suggestions, and for providing the entire samba team with vmware licenses: i would be unable to do any work, right now, without vmware, as i only have the one computer.
[btw does anyone, other than me, want to run vmware without having to run X-windows, for example, running linux in console-mode and switching between multiple vmware sessions on alt-f1 to alt-f12?]
password changing. oops! i made a mistake in the Great Convert in january, resulting in passing the wrong parameters over in the samr user password change.
as i modified smbd to call the samr user password change functions instead of accessing smbpasswd directly, this will have affected all user-initiated password changes including win95, dos and wfwg and nt password changes.
so, if you have win95, please try changing a user password and report to the list if it works or not.
i also fixed samedit's "ntpass" command to operate correctly at the same time, because it too was minorly broken.
Sharon And Joy
Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at kernel.org. All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.