PRODUCT: Advanced Server for UNIX -------- PATCH ID: ASUV51B3_393 --------- UPDATED PRODUCT: Advanced Server for UNIX Version 5.1B-3 ---------------- RELEASE DATE: June 2005 ---------------- The Advanced Server for UNIX (ASU) Version ASU 5.1B-3 kit provides enhancements and corrections for problems found in the ASU Version 5.1B-2 software, including ECO1 and in earlier versions of the ASU software. This release note document has the following sections: - New Registry and lanman.ini Parameters - ASU Command Changes - ASU General Changes - ASU General Problem Descriptions and Solutions - ASU and TruCluster Server Version 5.x Problem Descriptions and Solutions - Known Problems - ASU Installation Instructions -------------------------------------- New Registry and lanman.ini Parameters -------------------------------------- New Registry Parameter: A new registry parameter, MemberUseAnyDC, improves connection response times in some cases. Setting MemberUseAnyDC to 1 specifies that an ASU member server should use any available domain controller for validating authentication requests in the member server's domain, instead of using the primary domain controller (PDC) first. This will improve connection response times when a BDC in the network is located closer than the PDC. The default value is 0 (use PDC first). This parameter is located under the following ASU registry key: SYSTEM/CurrentControlSet/Services/Netlogon/Parameters New Registry Parameter: A new registry parameter, FileChangeCheckInterval, enables the ASU server to periodically check for file changes made by UNIX programs or commands. The default value for this parameter is 60, which specifies that the ASU server check for file changes every 60 seconds. To disable FileChangeCheckInterval, set it to 0. This parameter is located under the following ASU registry key: SYSTEM/CurrentControlSet/Services/AdvancedServer/FileServiceParameters New lanman.ini Parameters: Two new parameters have been added to the [lmxserver] section of lanman.ini to control the logging of UNIX password changes by the ASDUPASS utility and also by the ASU server when the SyncUnixPassword registry entry is enabled: o logunixpasswordchgsuccess Setting this parameter to "yes" causes an entry to be logged to /var/adm/syslog.dated/current/auth.log each time a password is successfully changed for a user. o logunixpasswordchgfailure Setting this parameter to "yes" causes an entry to be logged to the same file each time a password could not be changed. The default value of both parameters is "no". You can find success or failure log entries by searching for the strings "Successful password change" or "Failure to change password". New lanman.ini Parameter A new parameter, mapserversessions, under the [lmxserver] section in the lanman.ini file enables the nodes of a cluster to share the server sessions table among the nodes. The default value is "yes". Do not set this parameter to "no" unless directed to by HP support. ------------------- ASU Command Changes ------------------- Command Change: The elfread command has the following new options: o -s Shows the event log settings. o -m size Sets the maximum size of the event log in kilobytes. o -r days Sets the retention period for events, from 1 to 365 days. Setting 0 days means overwrite events as needed and setting -1 or more than 365 days means do not overwrite events (clear the log manually). Command Change: The acladm command has been enhanced to support the -n option with -S and -U. These options output a summary message that specifies either the number of operations that would be performed if -n were not specified or a message that no operations need to be performed. For example: # acladm -n -U 7747 ACL records need to be cleaned ACL store needs to be cleaned # acladm -n -S ACL store is already clean Command Change: The PCCHECK utility has a new option, -escalate, which you can use to collect the system configuration of Windows NT systems. The files are collected in compressed form as a cab file in the pccheck directory. Command Change: The "listcache -S" command has been enhanced to display WINS client statistics. It displays which WINS servers are configured, and provides statistics such as the number of NetBIOS name resolution hits and misses, the number of NetBIOS name conflicts detected, and the number of pending name resolution requests to the primary and secondary WINS servers. Command Change: The "lmstat -n" command now displays the start time of ASU processes. ------------------- ASU General Changes ------------------- Change: ASU now supports locales with an expanding character set, such as the UTF-8 codeset (for example, fi_FI.UTF-8 or ja_JP.UTF-8), for file names and pathnames. ASU does not yet support Unicode characters that can expand into three bytes for user names, domain names, computer names, registry key names, or other text data in the SAM database or registry. Change: The "kill -30 " command (where is the process ID of the target process) can now be used with the knblink or knb name resolver processes to generate a debug log. The debug log is written to a text file called /usr/net/servers/lanman/debug/Debug-knblink-, where is the name of the node on which the process was running. A second "kill -30 " command will disable debug logging. Because debug logging can severely impact ASU performance, this command should be used only for a short period of time. Change: The ASU server now uses user-mode sockets code instead of kernel-mode streams code to send and receive mailslot messages over IP port 138. This increases reliability, and allows the server to support mailslot messages sent to the cluster alias IP address. This new feature is enabled by default. To disable it and restore the original streams code, add the following entry to the transports.ini file: [tcpip] socketdatagrams=no Then restart the ASU server and transports: # net stop server # /sbin/init.d/asutcp stop # /sbin/init.d/asutcp start # net start server Change: When an ASU BDC or member server tried to locate a domain controller for the server's domain, the server would send messages to the NetBIOS name "domainname<00>" as well as "domainname<1c>". The message to "domainname<00>" was unnecessary and has been removed. The ASU server now behaves the same as Windows NT. Change: The ASU server is now able to notify clients of file changes made by UNIX programs and commands, in addition to file changes made by ASU clients, if file change notification is enabled. To enable file change notification, execute the following UNIX command: # regconfig \ SYSTEM/CurrentControlSet/Services/AdvancedServer/FileServiceParameters \ FileChangeNotify REG_DWORD 1 The ASU server must be restarted for this parameter to take effect. ---------------------------------------------- ASU General Problem Descriptions and Solutions ---------------------------------------------- Problem Addressed: The lmx.srv process would sometimes crash due to a memory leak in the I_BrowserrServerEnum RPC, which is used to build the browse list for a domain. This problem has been corrected. Problem Addressed: If Samba V3 was configured as a BDC to an ASU primary domain controller (PDC), the "net rpc vampire" command on the BDC would fail with the following error: failed to fetch domain database NT_STATUS_NOT_SUPPORTED Perhaps domain is a Windows 2000 native domain This problem has been corrected. Problem Addressed: On SUSE LINUX 9.x systems with kernel versions 2.6.4 and higher, executing the touch command on an smbfs mount point exported from an ASU server would give input/output errors. For example: touch: setting times of '/asumnt/d.d' : Input/output error touch: Input/output error This problem has been corrected. Problem Addressed: The ASU TCP/IP transport would log name-in-conflict messages in /var/adm/messages for NetBIOS names ending in <1d>. This was unnecessary and confusing, because name conflicts for NetBIOS names ending in <1d> can occur normally during master browser elections. This problem has been corrected. Problem Addressed: If a user tried to change their ASU password to a password that was shorter than the configured minimum ASU password length, the user would receive the following message on a Windows XP client: The system cannot change your password now because the domain is not available. This problem has been corrected. The message will now be: Your password must be at least characters and cannot repeat of any of your previous passwords. Please type a different password. Type a password which meets these requirements in both text boxes. will be the configured minimum ASU password length, and will be the number of passwords remembered. Problem Addressed: When an ASU share was mounted by a Linux client with kernel version 2.4.25 or above, the following problems would occur: o Copying a file from the ASU server to the Linux client would fail. o Specifying the "ls -l" command on a file from the ASU server would display the wrong file size. These problems have been corrected. Problem Addressed: The asdupass utility now displays the warning message stating that the UNIX and Windows passwords are no longer the same only when both of the following conditions exist: o The Windows password was changed successfully o The UNIX password could not be changed. Problem Addressed: The "lmstat -c" command sometimes displayed more client connections than were actually active if the client had multiple network interface cards (NICs) installed. This problem has been corrected. Problem Addressed: The UNIX permissions of directories were not synchronized to their NT permissions even when the SyncUnixPerms registry parameter was set to 1. This problem has been corrected. ------------------------------------------------------------------------- ASU and TruCluster Server Version 5.x Problem Descriptions and Solutions ------------------------------------------------------------------------ Cluster Problem: When ASU is configured in a cluster to run in multi mode, and it has a trust relationship (trusting domain) with other domain controllers, the ASU domain's trust account's password did not get periodically updated on the trusted domain controller. This problem has been corrected. Cluster Problem: Logging into the ASU domain occasionally failed and the following message was displayed on the user's PC: Unexpected error during logon This problem occurred because the ASU server did not share the server sessions table among the nodes of a cluster. This problem has been corrected. -------------- Known Problems -------------- Known problem: ASU cannot be configured as a member server to a Samba PDC (Samba V3.0.0 and above) nor can a trust be established between an ASU controller and a Samba PDC. The asusetup or joindomain command will succeed, but the ASU NETLOGON service will fail to start, and domain users will not be able to connect to the ASU member server. Attempts to connect will receive the following error message: System error 1326 has occurred. Logon failure: unknown user name or bad password. Known problem: Switching the codeset for an existing ASU server is not recommended without careful consideration. Existing files or directories whose names contain non-ASCII characters may no longer be accessible, or will appear to have junk characters in their names. The workaround is to either rename such files to have only ASCII characters in their names, or to temporarily store such files on a Windows client or server. ----------------------------- ASU Installation Instructions ----------------------------- This kit is a complete software kit that includes the features and functionality of previous ASU software releases, and provides corrections for the problems described in this document. If you are installing the ASU software for the first time, change to the directory where the software was downloaded, enter the following command, and follow the instructions on the screen: # setld -l . If you have ASU, ASDU, or PATHWORKS for DIGITAL UNIX subsets installed, you must use the Tru64 UNIX setld command to deinstall those subsets before you install the subsets in this kit. Follow these steps to use the setld command to deinstall ASU, ASDU, or PATHWORKS subsets and install the ASU Version 5.1B-3 software: 1. Display the installed ASU, ASDU, or PATHWORKS subsets. Enter one of the following commands depending on the software installed: # /usr/sbin/setld -i | grep ASU | grep installed # /usr/sbin/setld -i | grep ASDU | grep installed # /usr/sbin/setld -i | grep PATHWORKS | grep installed 2. Deinstall the ASU, ASDU, or PATHWORKS subsets. Enter the /usr/sbin/setld -d command followed by the name of each subset. For example, to deinstall the ASU Version 5.0 base, transport, and reference page subsets enter: # /usr/sbin/setld -d ASUBASE500 ASUTRAN500 ASUMANPAGE500 While subsets are being deinstalled, you are prompted to save configuration files and the user account and share databases. Save these files and databases if you want to reuse them with the ASU Version 5.1B-3 software. 3. Install the ASU Version 5.1B-3 software. Change to the directory where the ASU Version 5.1B-3 software was downloaded, enter the following command, and follow the instructions on the screen: # setld -l . See the ASU Installation and Administration guide for more information on installing the ASU software. =============================================================== Copyright 2005 Hewlett-Packard Company. All Rights Reserved. Unpublished rights reserved under the copyright laws of the United States. The software contained on this media is proprietary to and embodies the confidential technology of Hewlett-Packard Company. Possession, use, duplication, or dissemination of the software and media is authorized only pursuant to a valid written license from Hewlett-Packard Company.