Table Of Contents
|1.||18 Apr 2000 - 21 Apr 2000||(20 posts)||User Reports Temperamental NT Logins|
|2.||18 Apr 2000 - 20 Apr 2000||(12 posts)||Problems Deploying pam_ntdom|
|3.||19 Apr 2000 - 20 Apr 2000||(8 posts)||Can I Exchange Exchange?|
|4.||19 Apr 2000 - 20 Apr 2000||(4 posts)||Unresolved Windows 2000 Issue|
|5.||22 Apr 2000||(5 posts)||FAQ: Samba Domain Controllers and Windows 2000|
|6.||22 Apr 2000||(1 post)||Symbolic Links in Linux SMBFS|
Samba 2.0.7 is now out! This release, in the making for several months, includes several new features and a lot of bug fixes, but it came a little too late to cover properly in this issue. Watch this space next week for a summary of bells, whistles, initial user reactions, and (if applicable!) late-breaking caveats. For now, read the Samba 2.0.7 release notes (http://samba.org/samba/whatsnew/samba-2.0.7.html) .
Other than that, it has been something of a quiet week. Even Luke Leighton is lying relatively low, having only managed one alpha release of Samba-TNG....
Mailing List Stats For This Week
We looked at 284 posts in 572K.
There were 150 different contributors. 48 posted more than once. 31 posted last week too.
The top posters of the week were:
1. User Reports Temperamental NT Logins
18 Apr 2000 - 21 Apr 2000 (20 posts) Archive Link: "TNG-2.4.1; 1st domain logon succeeds, none after that"
People: Paul Collins, Michael Breuer, , Luke Leighton
Paul Collins turned to
samba-ntdom for help with his
Samba-TNG-alpha installation. The Samba PDC was behaving predictably
"Domain login succeeds the
first time I try it after the NT box boots. The profile is created on
the server's profile share, and I have access to the PDC's shares. I
can access other user's home shares by providing the relevant username
and password. However, if I log out and then try to log in again as
the same or a different user, I get message about the roaming profile
not being available. I OK this message and then I get the "domain not
available" error. If my cached credentials were used, I can still
access my own home share, but trying to access another user's home
share gives a "network name not found" error."
He gave detailed
configuration info, and uploaded several hundred kilobytes of log files
to a web site for the interested hacker to peruse.
Chris Friday had noticed the same thing. Luke Leighton had the
suggestion to try two configuration parameters,
client schannel=no and
server schannel=no. Paul tried these, and the
situation improved, but he was still getting some failures.
Luke asked whether it made a difference to use usernames with
odd-numbered or even-numbered lengths.
Michael Breuer asked if Paul had configured Samba with the
--with-profiles option; there ensued a short discussion of
whether or not this was necessary, with the general conclusion that
this option was quite unrelated to login profiles, which was what
seemed to be Paul's problem. The problem itself never did get tracked
2. Problems Deploying pam_ntdom
18 Apr 2000 - 20 Apr 2000 (12 posts) Archive Link: "how to get pam_ntdom to work"
People: Pieter Grimmerink, Luke Leighton, Phil Mayers,
Two people tried and failed to compile the
code now included in Samba-TNG. Pieter Grimmerink reported to the
tried to run make
bin/pam_ntdom_auth.so, but this fails
because a lot of variables are not declared. (in the file
pam_ntdom_auth.c) I think this is because it misses the
security/pam_appl.h and other headers in
Luke Leighton pointed him at the PAM
header files, which need to be installed on one's system in order to
compile auth modules. [The Debian Linux package involved is called
libpam0g-dev; for other binary distributions of PAM, look
for components along the lines of "PAM library development files".]
Phil Mayers posted an unrelated compile failure. In his case, it
turned out, he was trying to compile
Samba-TNG. Phil wondered aloud whether he actually needed to run
Samba-TNG to use
pam_ntdom, or if it was just needed for
compiling. Luke's response:
"compile it with
--enable-static etc blah to get libtool to not
generate or use shared libraries. .. however, yes, thinking about it,
pam_ntdom in TNG communicates with
order to get the trust account / shared secret."
"you might be able to
get away with just installing netlogond, samrd and lsarpcd (smbd
not required!) try it, i'd be interested to know if it works
Phil wouldn't, though:
"I'm afraid I'm not going near it with a barge pole. :o) Are
there any problems with
pam_smb, bearing in mind there's a
secure network between the mail server and the PDC?"
wasn't aware of any problems with this.
[The difference between
pam_ntdom is that the former "logs in" to an NT domain the
way Windows95 does; the latter uses an actual permanent domain account
the way Windows NT does. It exactly parallels the
smb.conf parameters "
3. Can I Exchange Exchange?
19 Apr 2000 - 20 Apr 2000 (8 posts) Archive Link: "o/t info request"
People: Mike Hudgell, Greg Leblanc, Sam Couter, Kendrick Vargas,
Mike Hudgell asked the audience of
"does anyone know if there is a product for UNIX
which would act as a cheap drop-in replacement for an Exchange
This is a natural enough question for someone who has
successfully upgraded one or more NT servers to Samba on Unix but still
needs NT around to run the messaging server. (It seems Microsoft
Exchange is not yet available for Unix.)
David Bear recommended Lotus Notes. Greg Leblanc mentioned Novell Groupwise and Netscape iPlanet. "If you put things together, I think that Netscape/iPlanet has all of the features, just not as tightly integrated." Sam Couter didn't see modularity as a bad thing: "That's the UNIX way. Small pieces that do the job that can be used together." He had a less favorable opinion of trying to do everything with one tool, naming a well-known software company as an example of this approach.
Two people pointed out HP OpenMail, which claims to offer all the functionality of Exchange. Kendrick Vargas pointed out, "It's not quite "drop-in" : you have to install a seperate set of MAPI DLL's that can talk to the OpenMail server to allow outlook to see it as an Exchange Server. I played with it a little, but not enough to actively be enthusiastic about it, so YMMV :-) And btw... It's free for linux, unless you want support, and that'll cost you."
4. Unresolved Windows 2000 Issue
19 Apr 2000 - 20 Apr 2000 (4 posts) Archive Link: "Samba 2.0.7pre4 compatibility with w2K?"
People: nofirstname nolastname, Dave Collier-Brown,
Somebody at an IBM lab ran some benchmarks of Samba and Windows 2000. The result: "Half of the W2K clients died when I ran against 2.0.6. When I ran against 2.0.7 pre4, I had probably around 10% of the clients died. The actual number probably doesn't mean anything here, but my observation is that the number of clients died reduced with 2.0.7 pre4. In both 2.0.6 and 2.0.7 tests, almost all the errors occur on Netbench rename and delete operations. I can run the same tests using NT without a single error. I also turned debug on with Samba, I don't see any particular interesting error messages. Does anyone see similar problems or know some fixes?"
Dave Collier-Brown thought he had seen this. "I did a similar test last week with a borrowed lab, and didn't get things to break, but rename is slower than I'd like. The slowness was ufs, not Samba, though. Did the clients die with "... has done an illegal operation" ? My failures were illegal operations, and were specific to a the same machines in most cases." No such luck, it turned out: "My errors did not happen on a particular client. It happened pretty much with all W2K clients, just at different times. Also, not all of the clients would die, just some." So it seems that, as of Samba 2.0.7pre4, there is at least one unresolved issue with Windows 2000.
5. FAQ: Samba Domain Controllers and Windows 2000
22 Apr 2000 (5 posts) Archive Link: "w2k an 2.0.7pre4"
People: Oliver Malang,
Oliver Malang upgraded Windows NT and Samba at the same time and his
domain logons stopped working. He turned to
"should domain logons from W2k to
2.0.7pre4 already work or did I just make a mistake???"
Four people gave the same answer, making this not only a frequently-asked but a frequently-answered question: no, Samba 2.0.x does not support Windows 2000 logons. Samba-TNG does, if you are willing to experiment with it.
6. Symbolic Links in Linux SMBFS
22 Apr 2000 (1 post) Archive Link: "symlink-hack for smbfs under linux"
People: Alexander Oelzant,
Alexander Oelzant announced (on the
samba list) a
potentially useful bit of functionality he had hacked into the Linux
smbfs code (which is not strictly part of Samba but
may be of interest to a lot of Samba users):
I've programmed a quick-and-dirty version of symlinks for
smbfs. This hack uses the system attribute and otherwise
works much like the
ncpfs-hack, that is to say, I write
the magic cookie at the beginning of the file.
Of course the server has to map the system attribute, which samba
notably doesn't do by default.
smb.conf entries of
map system = yes" and
create mask = 750" (or higher) are
Currently I also write a NUL-byte at the end of the symlink; from
the other implementations I assume this would not be necessary, but
for the moment I'm glad I got rid of the oopses (
smb_proc_write gave me
a real pain in 2.0.33 and yes, everything else does need the
memcpy_fromfs so I had to create a similar
smb_proc_write_mem and make it use
memcpy. I still don't get it) and happy to forget
everything about it at least until after easter.
The patches for various Linux kernel versions were reported to live at http://prawda.oeh.net/~aoe/mystuff/ and http://mars.tuwien.ac.at/~aoe/.
Sharon And Joy
Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at kernel.org. All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.