Samba Traffic #35 For 10 Dec 2000

Editor: Zack Brown

By John Quirk  and  Zack Brown

Samba Homepage ( | Samba List Archives ( | "Using Samba" ( | Samba Tips ( | A Samba Doc Page ( | Samba Meta-FAQ ( | Samba For IRIX FAQ (

Table Of Contents


Want to help write KC Samba? See the KC Authorship page (../author.html) , the KC Samba homepage (index.html) , and the Thread Summary FAQ (../summaryfaq.html) . Send any questions to the KCDevel mailing list. (

Mailing List Stats For This Week

We looked at 125 posts in 510K.

There were 61 different contributors. 19 posted more than once. 0 posted last week too.

The top posters of the week were:

1. Trouble with Roaming profiles

22 Nov 2000 - 6 Dec 2000 (9 posts) Archive Link: "Roaming profiles, permissions"

Summary By John Quirk

People: Jason ToddDavid BannonMichael GlaucheGerald CarterJohn Quirk

(ed. [John Quirk] There have been lots of discussion on the samba-ntdom lists about roaming profiles so we will start with this one.)

Jason Todd started with:

Hi, here are 3 questions I've been fighting with...

Background: I'm running Samba 2.0.7 on RedHat 7.0 (kernel 2.2.16-22smp). This machine is set up as a "PDC" managing domain logons. All client machines are NT 4, varying service packs but I think all are at least SP4, and the problems below even occur on SP6.

1) Problem: Certain users get the message "could not find your profile, contact your network administrator" or something like that, and they are kicked right out after trying to log in. I check the Samba logs, and they are showing connections to the appropriate shares (including the home share). I peeked around in the registry, comparing the users' "profile location" key with that of users experiencing no problems, and couldn't find any discrepancies. However, in C:\WINNT\Profiles, for one problem user in particular (and a few others), there are several "username.###" and "username.###.bak" entries, with ### ranging from 000 upward. Maybe that is a clue to the solution or cause.

2) Problem: I suspect this might be related to #1 above. My own personal account on the domain will not let me change any HKLU registry settings. I think other users are experiencing this one, too. In the domain "logon.bat" file, I have


to map a few network drives. The /PERSISTENT:NO causes the command to return an error about not being able to save a profile registry setting (about saving drive connections). Other peculiarities:

2a) Logging in, I always get the stupid "Welcome to NT" window.

2b) I set a new wallpaper and click OK, it doesn't take.

2c) I set a new desktop color and click OK, it DOES take.

In addition, each client machine keeps listing an "DOMAIN\Account unknown" in its user manager, permissions boxes, etc. I think it believes that "Account Unknown" owns the registry, or at least the HKLU branch.

3) How-to: This one is much simpler, how do I map NT groups to UNIX groups? I've heard rumors of a "domain group map" or similar parameter, but seen no documentation on it or the format of the map file. I simply want to create a UNIX group, such as "power" and then specify that each user in that UNIX group will be a Power User on the NT domain. If this can be done, I'd like to know how, or if it can't yet, that's fine (I suppose :).

David Bannon said in reply to Jasons's problems

A trivial suggestion but : if the local pc is short on diskspace you get this effect. Just a suggestion...

I've seen this in relation to diskspace shortages, starts when the domain profile area is short of space and user profiles cannot be copied to the server. Each logon makes a new entry and then the client soon fills up. Especially if you have lots of users per machine.

This seemed to fix Jason problems and he expanded with:

Thanks to those who supplied feedback to my previous questions. All is well now (mostly). It turns out that it was a disk usage problem after all. I didn't think to check the quotas of the problem users. I set each quota to 200 MB for the /home partition but [explicative] IE 5 ate up all of the space with its cache. I'm a Netscape guy myself...

Anyways, I'm playing around with the registry permissions stuff and I think I found a cheap solution. I noticed that for some reason, most users have "NTUSER.DAT" and "ntuser.dat.LOG" in their ~/profile directory, and other users (myself included) have "ntuser.dat" and "ntuser.dat.LOG" instead (notice the case). I removed the lowercase "ntuser.dat" off my ~/profile directory as well as my "locally" stored profile on one of the client machines then logged into NT. Previously there was just "username" in the WINNT\Profiles directory but now there is "username.000" which seems to be storing ALL of my correct profile information, Desktop, registry, etc. I'm not too concerned by the extra profile directories hanging around. BTW, there are no local accounts on the machine in question, except for the usual (Administrator, Guest, etc.).

Maybe this info can help others with similar problems, or maybe some of you know of better approaches.

Michael Glauche added:

turn on "delete cache on exit" in the ie preferences. helps a lot. ;)

Gerald Carter also suggested:

Set the system policy to ignore the Temporary Internet Files Folder in the profile.

There where serveral sugestions to use a cron job to remove the IE chache files

David Bannon offer the following:

I run a script that sleeps for a minute then removes the whole profile if the user was a student.

Like this :

root postexec = /usr/local/sbin/setprofile %u -R

This way they get the default profile next time they logon and nothing is left on server. Further, local profiles are turned off.

(ed. [John Quirk] Jason's question about mapping NT groups to Unix groups never got answered in this thread.)

2. Possible GPL Violation By LocSoft

28 Nov 2000 - 1 Dec 2000 (4 posts) Archive Link: "iRMX"

Summary By Zack Brown

People: Robert DahlemKevin ColbyGerald CarterSteve Langasek

In samba-technical, Robert Dahlem asked about the iRMX Samba port, at LocSoft Ltd ( , which Gary James had also previously asked about. Robert added, "I just ask because our sales peoble would very much like to charge our customers with 15,000 british pounds for GPLed source code. :-)" Kevin Colby felt that the code was indeed in violation of the GPL, if the product really was based on Samba and not just calling itself "Samba". He gave a pointer to the licencing page ( , which offered source licence "for internal security" only, and he concluded, "I would hope this isn't really Samba." Gerald Carter replied, "Andrew and Jeremy are following up on this off line with their technical contacts." And Steve Langasek put in, after some technical investigation, "There's a free demo download available on their website. If this is based on Samba, it currently bears little resemblance to our code. :) It looks as though their config file is intended to look similar to the one used by Samba, but other than that and the fact that both speak SMB, it looks to be quite a different creature."

3. Problem Join domain with latest CVS

1 Dec 2000 - 4 Dec 2000 (7 posts) Archive Link: "Still having problems with latest CVS and win2k joining a samba controlled domain"

Summary By John Quirk

People: Chris LeavoyAnders C. ThorsenDavid BannonJeremy Allison

Chris Leavoy relayed his experiances with the CVS snapshot

As shown in the subject, I'm still having problems with the latest CVS of samba 2.2. When joining the win2k clients to the domain, I logon using root (which is also in smbpasswd) and after about 30 or a minute it comes up with the message welcome to the domain "workgroup". In those 30-60 seconds, there is around 50 pages of messages in the log.smd with a log level of 3. And at the end of it all, there is some garbage about invalid uid, unable to set uid blah blah, where uid is some weird NEGATIVE number... so it defaults to 0:0 and then "panics" and blurts stuff about an internal error occured. About 10 seconds after the panic message, win2k pops up welcome to the domain. I reboot the win2k machine, and when I try to login to the domain, I get the follow error:

The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect.

Has anyone else experienced this situation, or know what on earth is wrong? Any suggestions or comments on how to resolve this issue is greatly appreciated. If there is any information that I left out that could help isolate the problem, feel free to ask.

I tried this whole thing with a different win2k box, which btw has sp1, and this time I got the error message "unable to log in to the domain because the netlogon services is not started." Well, that's bullshit, because I used the other win2k machine to remote admin, and saw that the netlogon service was indeed started and running. I suspect not, but could this be a samba related problem

He went on to post his smb.conf file. Anders C. Thorsen asked for more detail and went on to offer some possible causes

1. You have map to guest enabled

2. The guest has a funky UID [such as too large or negative.. in case of too large it will become negative]

3. When logging on as root, it's not fully recognised as such, mapped to guest, and the behaviour you describe will occur.

When Chris posted the extra info Anders ask for and this left Anders unsure of what the problem was. David Bannon contributed:

Seriously though, I have heard a number of people saying that a 'complicated' config file confused 2.2. Nobody seems willing to explain what they mean by 'complicated' however. Yours, with the defaults all spelt out might just be what people mean (??).

Just in case (and I don't really believe it will help), could you grab the conf file from the howto, change only those parameters that you need to (and there are only about two ) and try with that ??

Chris replied that this did not help that he had even tried the basic conf from the FAQ. Chris also posted a section of his log files this caught Jeremy Allison attention:

Is this with CVS of 2.2 ? If so, can you please either send in a gdb stack backtrace, or a debug level 10 of the log before this error message.

That ended this version of the thread.

4. Bugs with Samba strings

2 Dec 2000 - 3 Dec 2000 (4 posts) Archive Link: "safe_strcpy errors"

Summary By John Quirk

People: Torsten CurdtGerald Carter

Torsten Curdt reported:

We're running the samba 2.2 CVS from Nov 3rd now for quite a while in production environment. (big hurray for the brave ;)

It works fine as PDC for our W2k Workstations. Fileserving seems to be stable, no problems with joining the domain. All I'm looking forward to is the auth system rewrite. (maybe then we can finally use our ldap server even to auth samba users ;)

The only thing we came across were some string overflow errors when handling the favorites of the profiles. Like:

ERROR: string overflow by 5 in safe_strcpy [/guitar guitars tablature music mp3 olga percussio]

The user was not able to log in when this happened! W2k denied the access! I had to go and clean the favorites directory!

Gerald Carter replied with:

Currently one of the issues that needs to be rewritten in Samba is the static nature of strings (fstrings and pstrings). Both are declared as char arrays with a fixed length. The strcpy, strcat, etc... functions are wrapped as to prevent buffer overflows. The problem is things like what you are experiencing. (although this could be caused by RPC bugs in other parts of the code).

In order to give you an honest answer, we would need to see level 10 debug logs at the time of the error.

Torsten asked if this was a request to which Jerry repied:

Sure. Send me a level 10 debug log of the failure. I need the surrounding information 'cause I need to know what string was being passed in.

No further post on this subject.







Sharon And Joy

Kernel Traffic is grateful to be developed on a computer donated by Professor Greg Benson and Professor Allan Cruse in the Department of Computer Science at the University of San Francisco. This is the same department that invented FlashMob Computing. Kernel Traffic is hosted by the generous folks at All pages on this site are copyright their original authors, and distributed under the terms of the GNU General Public License version 2.0.