Samba Traffic #20 For 27 Apr 2000

By Peter Samuelson

Table Of Contents

Introduction

Samba 2.0.7 is now out! This release, in the making for several months, includes several new features and a lot of bug fixes, but it came a little too late to cover properly in this issue. Watch this space next week for a summary of bells, whistles, initial user reactions, and (if applicable!) late-breaking caveats. For now, read the Samba 2.0.7 release notes (http://samba.org/samba/whatsnew/samba-2.0.7.html) .

Other than that, it has been something of a quiet week. Even Luke Leighton is lying relatively low, having only managed one alpha release of Samba-TNG....

Mailing List Stats For This Week

We looked at 284 posts in 572K.

There were 150 different contributors. 48 posted more than once. 31 posted last week too.

The top posters of the week were:

1. User Reports Temperamental NT Logins

18 Apr 2000 - 21 Apr 2000 (20 posts) Archive Link: "TNG-2.4.1; 1st domain logon succeeds, none after that"

People: Paul CollinsMichael BreuerLuke Leighton

Paul Collins turned to samba-ntdom for help with his Samba-TNG-alpha installation. The Samba PDC was behaving predictably but strangely: "Domain login succeeds the first time I try it after the NT box boots. The profile is created on the server's profile share, and I have access to the PDC's shares. I can access other user's home shares by providing the relevant username and password. However, if I log out and then try to log in again as the same or a different user, I get message about the roaming profile not being available. I OK this message and then I get the "domain not available" error. If my cached credentials were used, I can still access my own home share, but trying to access another user's home share gives a "network name not found" error." He gave detailed configuration info, and uploaded several hundred kilobytes of log files to a web site for the interested hacker to peruse.

Chris Friday had noticed the same thing. Luke Leighton had the suggestion to try two configuration parameters, client schannel=no and server schannel=no. Paul tried these, and the situation improved, but he was still getting some failures. Luke asked whether it made a difference to use usernames with odd-numbered or even-numbered lengths.

Michael Breuer asked if Paul had configured Samba with the --with-profiles option; there ensued a short discussion of whether or not this was necessary, with the general conclusion that this option was quite unrelated to login profiles, which was what seemed to be Paul's problem. The problem itself never did get tracked down.

2. Problems Deploying pam_ntdom

18 Apr 2000 - 20 Apr 2000 (12 posts) Archive Link: "how to get pam_ntdom to work"

People: Pieter GrimmerinkLuke LeightonPhil Mayers

Two people tried and failed to compile the pam_ntdom code now included in Samba-TNG. Pieter Grimmerink reported to the samba-ntdom list: "I've tried to run make bin/pam_ntdom_auth.so, but this fails because a lot of variables are not declared. (in the file pam_ntdom_auth.c) I think this is because it misses the file security/pam_appl.h and other headers in security." Luke Leighton pointed him at the PAM header files, which need to be installed on one's system in order to compile auth modules. [The Debian Linux package involved is called libpam0g-dev; for other binary distributions of PAM, look for components along the lines of "PAM library development files".]

Phil Mayers posted an unrelated compile failure. In his case, it turned out, he was trying to compile pam_ntdom without Samba-TNG. Phil wondered aloud whether he actually needed to run Samba-TNG to use pam_ntdom, or if it was just needed for compiling. Luke's response: "compile it with --enable-static etc blah to get libtool to not generate or use shared libraries. .. however, yes, thinking about it, pam_ntdom in TNG communicates with lsarpcd in order to get the trust account / shared secret." Luke's conclusion: "you might be able to get away with just installing netlogond, samrd and lsarpcd (smbd not required!) try it, i'd be interested to know if it works as expected." Phil wouldn't, though: "I'm afraid I'm not going near it with a barge pole. :o) Are there any problems with pam_smb, bearing in mind there's a secure network between the mail server and the PDC?" Luke wasn't aware of any problems with this.

[The difference between pam_smb and pam_ntdom is that the former "logs in" to an NT domain the way Windows95 does; the latter uses an actual permanent domain account the way Windows NT does. It exactly parallels the smb.conf parameters "security=server" versus "security=domain".]

3. Can I Exchange Exchange?

19 Apr 2000 - 20 Apr 2000 (8 posts) Archive Link: "o/t info request"

People: Mike HudgellGreg LeblancSam CouterKendrick Vargas

Mike Hudgell asked the audience of samba-ntdom: "does anyone know if there is a product for UNIX which would act as a cheap drop-in replacement for an Exchange Server?" This is a natural enough question for someone who has successfully upgraded one or more NT servers to Samba on Unix but still needs NT around to run the messaging server. (It seems Microsoft Exchange is not yet available for Unix.)

David Bear recommended Lotus Notes. Greg Leblanc mentioned Novell Groupwise and Netscape iPlanet. "If you put things together, I think that Netscape/iPlanet has all of the features, just not as tightly integrated." Sam Couter didn't see modularity as a bad thing: "That's the UNIX way. Small pieces that do the job that can be used together." He had a less favorable opinion of trying to do everything with one tool, naming a well-known software company as an example of this approach.

Two people pointed out HP OpenMail, which claims to offer all the functionality of Exchange. Kendrick Vargas pointed out, "It's not quite "drop-in" : you have to install a seperate set of MAPI DLL's that can talk to the OpenMail server to allow outlook to see it as an Exchange Server. I played with it a little, but not enough to actively be enthusiastic about it, so YMMV :-) And btw... It's free for linux, unless you want support, and that'll cost you."

4. Unresolved Windows 2000 Issue

19 Apr 2000 - 20 Apr 2000 (4 posts) Archive Link: "Samba 2.0.7pre4 compatibility with w2K?"

People: nofirstname nolastnameDave Collier-Brown

Somebody at an IBM lab ran some benchmarks of Samba and Windows 2000. The result: "Half of the W2K clients died when I ran against 2.0.6. When I ran against 2.0.7 pre4, I had probably around 10% of the clients died. The actual number probably doesn't mean anything here, but my observation is that the number of clients died reduced with 2.0.7 pre4. In both 2.0.6 and 2.0.7 tests, almost all the errors occur on Netbench rename and delete operations. I can run the same tests using NT without a single error. I also turned debug on with Samba, I don't see any particular interesting error messages. Does anyone see similar problems or know some fixes?"

Dave Collier-Brown thought he had seen this. "I did a similar test last week with a borrowed lab, and didn't get things to break, but rename is slower than I'd like. The slowness was ufs, not Samba, though. Did the clients die with "... has done an illegal operation" ? My failures were illegal operations, and were specific to a the same machines in most cases." No such luck, it turned out: "My errors did not happen on a particular client. It happened pretty much with all W2K clients, just at different times. Also, not all of the clients would die, just some." So it seems that, as of Samba 2.0.7pre4, there is at least one unresolved issue with Windows 2000.

5. FAQ: Samba Domain Controllers and Windows 2000

22 Apr 2000 (5 posts) Archive Link: "w2k an 2.0.7pre4"

People: Oliver Malang

Oliver Malang upgraded Windows NT and Samba at the same time and his domain logons stopped working. He turned to samba-ntdom for help: "should domain logons from W2k to 2.0.7pre4 already work or did I just make a mistake???"

Four people gave the same answer, making this not only a frequently-asked but a frequently-answered question: no, Samba 2.0.x does not support Windows 2000 logons. Samba-TNG does, if you are willing to experiment with it.

6. Symbolic Links in Linux SMBFS

22 Apr 2000 (1 post) Archive Link: "symlink-hack for smbfs under linux"

People: Alexander Oelzant

Alexander Oelzant announced (on the samba list) a potentially useful bit of functionality he had hacked into the Linux kernel smbfs code (which is not strictly part of Samba but may be of interest to a lot of Samba users):

I've programmed a quick-and-dirty version of symlinks for smbfs. This hack uses the system attribute and otherwise works much like the ncpfs-hack, that is to say, I write the magic cookie at the beginning of the file.

Of course the server has to map the system attribute, which samba notably doesn't do by default. smb.conf entries of "map system = yes" and "create mask = 750" (or higher) are therefore necessary.

Currently I also write a NUL-byte at the end of the symlink; from the other implementations I assume this would not be necessary, but for the moment I'm glad I got rid of the oopses (memcpy vs memcpy_fromfs in smb_proc_write gave me a real pain in 2.0.33 and yes, everything else does need the memcpy_fromfs so I had to create a similar smb_proc_write_mem and make it use memcpy. I still don't get it) and happy to forget everything about it at least until after easter.

The patches for various Linux kernel versions were reported to live at http://prawda.oeh.net/~aoe/mystuff/ and http://mars.tuwien.ac.at/~aoe/.

 

 

 

 

 

 

Sharon And Joy
 

Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at kernel.org. All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.