Re: [Samba] patch request - inherit owner
Thomas Heiligenmann wrote: [EMAIL PROTECTED] schrieb: For the ones who want the full details here it goes: We have one share per service (IT, RD, commercial...). In each service the followin top level directories are created by by admin with the following rights, that can't be changed by users: - archives : One directory per year, with a service private data and a service public data directories, files not needed any more are archived here at the begening of each year. Same rights as bellow, with read write access becoming read access. - service stuff : Service stuff not submited to our quality process. Read write access for domain admins and service users. - service private data : Service private data submited to our quality process. Read write access for domain admins and service users, read access to quality service members. - service public data : Service public data (to share with other services) submited to our quality process. Read write access for domain admins and service users, read access to domain users. - service templates : Service Office and other software documents templates. Read write access for domain admins and the person responsible for the templates update, read access to domain users. I've not found something better than what I exposed at the begining. The problem with inherit owner not working for group owner is that any new created file belongs to the Domain Users (primary group for every user, many users belong to more than one service) with inherited rwx rights thus breaking access rights rules I want. Why not defining it explicitely in smb.conf? I'm happy with the folowing: [mygroupshare] comment = My Group path = /data/shares/mygroup writable = yes valid users = @mygroup @admins create mode = 0660 directory mode = 0770 force directory mode = 2000 force group = mygroup Thomas It's explained in the details part. There is one share per services, but there are people not member of the service accessing the share. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: net groupmap list error
Dear all I am not using ldap , i am using smbpasswd as the password database. and secrets.tdb. so without stopping the smb daemon, can i go ahead with net groupmap cleanup. Regards Niranjan On 11/21/05, mallapadi niranjan [EMAIL PROTECTED] wrote: Hi all I have installed samba 3 and made pdc. i had added root to Domain admins, and a group called sambaclients to Domain users. i had changed the hostname of the system, now when i give the f following command , net groupmap list | sort. i am seeing 2 Domain Admins, Domain Groups, System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-3091284392-2213253635-2044042662-514) - nobody Domain Admins (S-1-5-21-3091284392-2213253635-2044042662-512) - root Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Domain Users (S-1-5-21-3091284392-2213253635-2044042662-513) - sambaclients Domain Users (S-1-5-21-3752786733-469682067-4035343919-513) - -1 Domain Admins (S-1-5-21-3752786733-469682067-4035343919-512) - -1 Domain Guests (S-1-5-21-3752786733-469682067-4035343919-514) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Can i delete 1 Domain Admins, Domain Groups, .. please suggest.. Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] patch request - inherit owner
Craig White wrote: On Mon, 2005-11-21 at 17:36 +0100, [EMAIL PROTECTED] wrote: Gerald (Jerry) Carter wrote: [EMAIL PROTECTED] wrote: | so a patch to add an inherit owner group option | would be very useful. Unix file systems already support this with the group ID bit. Just chmod g+s dirname. Ok it's working. I didn't knew I could have a s without a x, so I was worried about the security as some users have access to a shell on the Samba server. 'x' has different meaning when it comes to a directory. It indicates whether a user of that type can 'descend' into the directory. Craig I know this, but I am moving data from a Windows server to Samba i.e. I have to copy files preserving the creation times and then set up the access rights. And as I tought that s goes with x, and there is not way (well, as least from what I know) to recursievly set the s just to directories (as with the X) I had no solution. Well, seting up the s to the base dir before replicating data should have worked, but I just didn't think enough. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't set ACL on Samba
/Unable to save permission changes on Directory on Server Access is denied. / This is it. The samba log is the one attached in the first post. Regards, Alberto updatemyself . wrote: Ok what the error u r getting while u setting permission from windows..? On 11/21/05, *Albe* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: ok, here they are: /FilesystemSize Used Avail Use% Mounted on /dev/hda1 5.8G 3.1G 2.4G 57% / /dev/hda6 67G 341M 67G 1% /home /dev/sda1 115G 109G 6.2G 95% /mnt/EHD / //dev/hda1 on / type ext3 (rw,acl,user_xattr) none on /proc type proc (rw) none on /proc/bus/usb type usbfs (rw) none on /sys type sysfs (rw) /dev/hda6 on /home type ext3 (rw) /dev/sda1 on /mnt/EHD type reiserfs (rw,acl,user_xattr) / regards albe updatemyself . wrote: it will be better if u can provide.. the following commands.. df -h and mount regards Jerrynikki On 11/21/05, *Albe* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: My samba 3.0.20b is compiled with ads and acl support. Kernel is a 2.6.14.2 http://2.6.14.2, compiled with acl and extended attributes for used filesystems. The system is running a slackware 10.2. I had to rebuild from source attr, acl, libattr, libacl to have compiling with acl support. plus /[EMAIL PROTECTED] EHD]# smbd -b | grep ACL HAVE_SYS_ACL_H HAVE_POSIX_ACLS [EMAIL PROTECTED] EHD]# / I doublechecked that. I also found out that the groups created by the idmap_rid backend do not reflect entirely the real groups in the Active Directory domain. Thanks for the help. Regards, Alberto updatemyself . wrote: hai... Look like that u need to rebuild samba... with --with-acl-support option download src rpm .. install it.. then edit it... before building ur samba RPM if u want more.. help.. feel free to contact... regards jerrrynikki On 11/18/05, *Albe* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi everybody, i'm getting mad configuring samba to join an ADS, resolve domain users and groups and set ACLs via windows explorer on a share mounted with POSIX ACL and extended attributes. At the point where i am, i've managed to get Samba join correctly the domain with idmap_rid backend working fine. I can correctly set (add, remove, modify) file acls and extended attributes via bash, but when i try to simply add a user permission on a file or directory via the windows explorer security settings i get in the log (level 3): [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 2339) conn 0x8353068 [2005/11/17 23:12:22, 3] smbd/dosmode.c:unix_mode(121) unix_mode( WINDOWSRegDefrag.dat) returning 0744 [2005/11/17 23:12:22, 2] smbd/open.c:open_file(372) albe opened file WINDOWSRegDefrag.dat read=No write=No (numopen=1) [2005/11/17 23:12:22, 3] smbd/process.c:process_smb(1114) Transaction 9 of length 244 [2005/11/17 23:12:22, 3] smbd/process.c:switch_message(900) switch message SMBnttrans (pid 2339) conn 0x8353068 [2005/11/17 23:12:22, 3] smbd/ nttrans.c:call_nt_transact_set_security_desc (2081) call_nt_transact_set_security_desc: file = WINDOWSRegDefrag.dat, sent 0x4 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_sid_from_uid_cache (158) fetch sid from uid cache 11334 - S-1-5-21-2707684321-3739850521-1540700870-1334 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_sid_from_gid_cache (232) fetch sid from gid cache 10512 - S-1-5-21-2707684321-3739850521-1540700870-512 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_uid_from_cache(179) fetch uid from cache 11334 - S-1-5-21-2707684321-3739850521-1540700870-1334 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_uid_from_cache(179) fetch uid from cache 11369 - S-1-5-21-2707684321-3739850521-1540700870-1369 [2005/11/17 23:12:22, 3] passdb/lookup_sid.c:fetch_gid_from_cache(253) fetch gid from cache 10512 - S-1-5-21-2707684321-3739850521-1540700870-512 [2005/11/17 23:12:22, 3]
[Samba] home drive mapping
Hi all I have samba 3 . i have configured as PDC, by default the home drive of the user gets mapped in the winodws clients when they login with the username of the server. I don't want the home drive to get mapped. if i remove the home share. The windows clients the user is unable to create a profile, ie local profile not roaming profile. i have not configured the samba to create any profiles, just user should able to login but i don't want to map the home directory.. my smb.conf file is ### # Global parameters [global] workgroup = mydomain.com http://mydomain.com server string = Internet Server interfaces = eth0, lo bind interfaces only = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers unix password sync = Yes log file = /var/log/samba/%m.log max log size = 50 name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /sbin/nologin -d /dev/null '%m'$ domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /sbin/nologin -d /dev/null '%m'$ domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes hosts allow = 192.168.127., 127.0.0.1 http://127.0.0.1 [homes] comment = Home Directories valid users = %S read only = No browseable = No [public] comment = Public Stuff path = /public write list = @sambaclients browseable = No ### Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance Problem / failed to verify PAC server signature
Hi, On Mon, Nov 21, 2005 at 04:42:39PM +0100, Christoph Kaegi wrote: Hello List We run a Solaris9 Server running Samba 3.0.20, Local Users (no winbind) but authenticating against ADS. There are up to 800 concurrent users, mostly Windows XP SP3. When clients access MyDocuments, which is redirected to the Samba share, we observe several Session Setup AndX Requests followed by Session Setup AndX Response, Error: STATUS_LOGON_FAILUREs The delay between the request and the negative response is negligible when less than 200 users are online. But at more than 500 concurrent users, the delay becomes something between 1 to 5 secons. This delays access to MyDocuments quite a bit, considering that there are sometimes up to 10 such requests. So I'm interested in finding the problem and fixing it. The log says: -- 8 -- [2005/11/21 16:09:28, 3] libsmb/clikrb5.c:smb_krb5_verify_checksum(695) smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: Bad encryption type [2005/11/21 16:09:28, 2] libads/authdata.c:check_pac_checksum(666) check_pac_checksum: PAC Verification failed: Bad encryption type (-1765328196) [2005/11/21 16:09:28, 0] libads/authdata.c:decode_pac_data(876) decode_pac_data: failed to verify PAC server signature [2005/11/21 16:09:28, 3] libads/kerberos_verify.c:ads_verify_ticket(416) ads_verify_ticket: failed to decode PAC_DATA: NT_STATUS_ACCESS_DENIED -- 8 -- First of all: are you sure you are running Samba 3.0.20? The PAC verification code is not in any of the 3.0.20/a/b tarball releases (just accidentially in the 3.0.20a subversion tags directory) but only in the 3.0.21 series of pre-releases/rcs. Then you most probably are forced to use DES keys when authenticating with Kerberos on your OS, right? PAC verification must then fail due to a bug in Windows (which fails to put DES-based checksum into the PAC signatures), so we can't verify the signature. What exact Kerberos library are you using (version) ? Nonetheless, failure of the PAC verification is non-critical, we just return to old behaviour and ignore the PAC again, meaning that you can ignore the error messages. Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE LINUX [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpeT4uZUrYGu.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance Problem / failed to verify PAC server signature
On 22.11-10:58, Guenther Deschner wrote: -- 8 -- [2005/11/21 16:09:28, 3] libsmb/clikrb5.c:smb_krb5_verify_checksum(695) smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: Bad encryption type [2005/11/21 16:09:28, 2] libads/authdata.c:check_pac_checksum(666) check_pac_checksum: PAC Verification failed: Bad encryption type (-1765328196) [2005/11/21 16:09:28, 0] libads/authdata.c:decode_pac_data(876) decode_pac_data: failed to verify PAC server signature [2005/11/21 16:09:28, 3] libads/kerberos_verify.c:ads_verify_ticket(416) ads_verify_ticket: failed to decode PAC_DATA: NT_STATUS_ACCESS_DENIED -- 8 -- First of all: are you sure you are running Samba 3.0.20? The PAC verification code is not in any of the 3.0.20/a/b tarball releases (just accidentially in the 3.0.20a subversion tags directory) but only in the 3.0.21 series of pre-releases/rcs. The production Server runs 3.0.20, but the test Server, where I analyzed this and where the logs are coming from is 3.0.21rc1 indeed. Sorry for the confusion. But in both cases, the behaviour on the network is the same (STATUS_LOGON_FAILUREs with a certain delay, depending on load) Then you most probably are forced to use DES keys when authenticating with Kerberos on your OS, right? PAC verification must then fail due to a bug in Windows (which fails to put DES-based checksum into the PAC signatures), so we can't verify the signature. What exact Kerberos library are you using (version) ? Hm, how can I determine, if I use DES keys? I have the following in krb5.conf (if that is what you mean): -- 8 -- default_tkt_enctypes = des-cbc-crc, des-cbc-md5 default_tgs_enctypes = des-cbc-crc, des-cbc-md5 -- 8 -- I derived this from google knowledge, but I'll change this gladly if you tell me it is wrong. Kerberos is MIT Kerbers5 1.4 Nonetheless, failure of the PAC verification is non-critical, we just return to old behaviour and ignore the PAC again, meaning that you can ignore the error messages. Yes, everything is functioning, but we have delays of several minutes for some clients, which is not really acceptable for them anymore. These sesssion setup requests / failures are responsible for the most part of the time it takes to access MyDocuments. So I figured, if we can solve this, the delays should be back in acceptable ranges. What exactly is this PAC, btw.? Thanks very much Chris -- -- Christoph Kaegi [EMAIL PROTECTED] -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cant add new PC to Domain
Dear all I have a Problem about add new Maschine accounts to the Domain. i do whit = useradd -g nogroup -s /bin/false test1$ = smbpasswd -a -m test1$ Added user test1$ ok then i look in to /etc/passwd = test1$:x:1067:65534::/home/test1$:/bin/false and in /etc/samba/smbpasswd = test000$:1066:20BE7AFE63748DF6AAD3B435B51404EE:76082E11433FD5DCA38B1329767AEE57 [W ]:LCT-437CA369: looks ok but i become a Error when i bring my Win2k PC into the Domain Error say: The machine account for this computer either does not exist Whats wrong? MFG flip -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] spnego_gen_negTokenTarg failed: No credentials cache found
Hello everybody! I keep on trying to make my samba installation to work. I have tried a couple threads before but I have not been able to pinpoint the problem. So, yesterday I made a second last attempt to solve the problem before my boss forces me to install Windows2003 since it works out of the box. The scenario is that I'm trying to use Samba (Suse 10) as a fileserver that authenicates against an Active Directory Server 2003 SP1 (all patches). I can bind my server to the domain. I can run wbinfo -g, -t, -u -p without error and get users from AD I can run getent groups passwd and get the users and groups from AD Here are the results from trying to connect to a share with smbclient from localhost: AQMLIN03:/ # smbclient //aqmlin03/gemensam -U roca1 Password: Domain=[ALFA-MOVING] OS=[Unix] Server=[Samba 3.0.20b-3.1-SUSE] tree connect failed: NT_STATUS_ACCESS_DENIED AQMLIN03: # smbclient -k //aqmlin03/gemensam ads_krb5_mk_req: krb5_get_credentials failed for cifs/[EMAIL PROTECTED] (Ticket expired) spnego_gen_negTokenTarg failed: Ticket expired session setup failed: SUCCESS - 0 (From localhost I can't use roca1 as user so this was run as root.) Here are the same smbclient attempts from an OSX client: PROSIT:~ roca1$ smbclient //aqmlin03/gemensam -U roca1 Password: Domain=[ALFA-MOVING] OS=[Unix] Server=[Samba 3.0.20b-3.1-SUSE] tree connect failed: NT_STATUS_ACCESS_DENIED PROSIT:~ roca1$ smbclient -k //aqmlin03/gemensam spnego_gen_negTokenTarg failed: No credentials cache found session setup failed: NT_STATUS_OK When using smbclient -k get the following in log.smbd [2005/11/22 11:06:51, 2] smbd/server.c:exit_server(612) Closing connections Using the smbclient -U i get the following in log.smbd: [2005/11/22 11:08:10, 0] auth/auth_util.c:make_server_info_info3(1173) make_server_info_info3: pdb_init_sam failed! [2005/11/22 11:08:10, 2] auth/auth.c:check_ntlm_password(317) check_ntlm_password: Authentication for user [roca1] - [roca1] FAILED with error NT_STATUS_NO_SUCH_USER [2005/11/22 11:08:10, 2] smbd/service.c:make_connection_snum(311) guest user (from session setup) not permitted to access this share (gemensam) [2005/11/22 11:08:10, 2] smbd/server.c:exit_server(612) Running testparm gives this (and the shares that I cut out): AQMLIN03:/var/log/samba # testparm Load smb config files from /etc/samba/smb.conf Processing section [printers] Processing section [gemensam] Processing section [jÖnkÖping] Processing section [gÖteborg] Processing section [malmÖ] Processing section [oslo] Processing section [stockholm] Processing section [home] Processing section [milldoc] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions [global] workgroup = ALFA-MOVING realm = ALFA-MOVING.SE security = ADS map to guest = Bad User log level = 5 preferred master = No local master = No domain master = No dns proxy = No ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=ALFA-MOVING,dc=SE ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 include = /etc/samba/dhcp.conf The contents of /etc/krb5.conf [libdefaults] default_realm = ALFA-MOVING.SE [realms] ALFA-MOVING.SE = { kdc = 192.168.10.10 kpasswd_server = 192.168.10.10 } [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 7d renew_lifetime = 7d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } The contents of /etc/nsswitch.conf passwd: compat winbind group: compat winbind hosts: files dns wins networks: files dns services: files protocols: files : rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases:files Thank you very much in advance Roland Carlsson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant add new PC to Domain
Is the name of your machine test? Also, you are aware that for each machine account you are creating a home directory? They don't need one and it just makes /home/ cluttered. Also, is there any reason why although you created a machine account for samba called test1 you actually have shown us a machine account for test000? Maybe I'm getting mixed up there but that doesn't seem right to me. flip wrote: Dear all I have a Problem about add new Maschine accounts to the Domain. i do whit = useradd -g nogroup -s /bin/false test1$ = smbpasswd -a -m test1$ Added user test1$ ok then i look in to /etc/passwd = test1$:x:1067:65534::/home/test1$:/bin/false and in /etc/samba/smbpasswd = test000$:1066:20BE7AFE63748DF6AAD3B435B51404EE:76082E11433FD5DCA38B1329767AEE57 [W ]:LCT-437CA369: looks ok but i become a Error when i bring my Win2k PC into the Domain Error say: The machine account for this computer either does not exist Whats wrong? MFG flip -- Lee Ball 08707 45 87 14 effective it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant add new PC to Domain
HI lee sorry wrong line pasted :) etc/samba/smbpasswd = test1$:1064:6490907E52C9AEB8AAD3B435B51404EE:B4319AD17372E18D788BE9FDFD62B431: [W ]:LCT-437C88B6: now looks ok Is the name of your machine test? Also, you are aware that for each machine account you are creating a home directory? They don't need one and it just makes /home/ cluttered. Also, is there any reason why although you created a machine account for samba called test1 you actually have shown us a machine account for test000? Maybe I'm getting mixed up there but that doesn't seem right to me. flip wrote: Dear all I have a Problem about add new Maschine accounts to the Domain. i do whit = useradd -g nogroup -s /bin/false test1$ = smbpasswd -a -m test1$ Added user test1$ ok then i look in to /etc/passwd = test1$:x:1067:65534::/home/test1$:/bin/false and in /etc/samba/smbpasswd = test000$:1066:20BE7AFE63748DF6AAD3B435B51404EE:76082E11433FD5DCA38B1329767 AEE57 [W ]:LCT-437CA369: looks ok but i become a Error when i bring my Win2k PC into the Domain Error say: The machine account for this computer either does not exist Whats wrong? MFG flip -- Lee Ball 08707 45 87 14 effective it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] patch request - inherit owner
On Tue, 2005-11-22 at 09:33 +0100, [EMAIL PROTECTED] wrote: Craig White wrote: On Mon, 2005-11-21 at 17:36 +0100, [EMAIL PROTECTED] wrote: Gerald (Jerry) Carter wrote: [EMAIL PROTECTED] wrote: | so a patch to add an inherit owner group option | would be very useful. Unix file systems already support this with the group ID bit. Just chmod g+s dirname. Ok it's working. I didn't knew I could have a s without a x, so I was worried about the security as some users have access to a shell on the Samba server. 'x' has different meaning when it comes to a directory. It indicates whether a user of that type can 'descend' into the directory. Craig I know this, but I am moving data from a Windows server to Samba i.e. I have to copy files preserving the creation times and then set up the access rights. And as I tought that s goes with x, and there is not way (well, as least from what I know) to recursievly set the s just to directories (as with the X) I had no solution. --- chmod -R g+s /path/to/directory # recursively set guid bit --- Well, seting up the s to the base dir before replicating data should have worked, but I just didn't think enough. --- We all have that problem. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant add new PC to Domain
It sure looks like it joined the domain since there is a password associated with it. Try to use the Wizard to join the machine to the domain again. Note that to join the machine to the domain, you will need to supply a user (Administrator or root) with sufficient privileges to join a machine to the domain. Craig On Tue, 2005-11-22 at 13:20 +0100, flip wrote: HI lee sorry wrong line pasted :) etc/samba/smbpasswd = test1$:1064:6490907E52C9AEB8AAD3B435B51404EE:B4319AD17372E18D788BE9FDFD62B431: [W ]:LCT-437C88B6: now looks ok Is the name of your machine test? Also, you are aware that for each machine account you are creating a home directory? They don't need one and it just makes /home/ cluttered. Also, is there any reason why although you created a machine account for samba called test1 you actually have shown us a machine account for test000? Maybe I'm getting mixed up there but that doesn't seem right to me. flip wrote: Dear all I have a Problem about add new Maschine accounts to the Domain. i do whit = useradd -g nogroup -s /bin/false test1$ = smbpasswd -a -m test1$ Added user test1$ ok then i look in to /etc/passwd = test1$:x:1067:65534::/home/test1$:/bin/false and in /etc/samba/smbpasswd = test000$:1066:20BE7AFE63748DF6AAD3B435B51404EE:76082E11433FD5DCA38B1329767 AEE57 [W ]:LCT-437CA369: looks ok but i become a Error when i bring my Win2k PC into the Domain Error say: The machine account for this computer either does not exist Whats wrong? MFG flip -- Lee Ball 08707 45 87 14 effective it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem joining computer to domain
Tony Austin wrote: I cannot join my WinXP workstation computers to the Samba domain. Using the Computer Name / Change on the XP computer gives me an error saying that the username or password is incorrect - except very occasionally when it works although I do nothing different! I have noticed that on when it works there is a machine record set up in LDAP with Samba data as follows:- dn: uid=leem-q4hw$,ou=People,dc=commtechgroup,dc=co.uk uid: leem-q4hw$ sambaSID: S-1-5-21-1504740027-1884281049-541626052-3090 sambaPrimaryGroupSID: S-1-5-21-1504740027-1884281049-541626052-2107 displayName: leem-q4hw$ objectClass: sambaSamAccount objectClass: account creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk createTimestamp: 20051109143944Z sambaPwdCanChange: 1131547184 sambaPwdMustChange: 2147483647 sambaNTPassword: 7F47D21BE0CCA3F6BA29CDC00277875B sambaPwdLastSet: 1131547184 sambaAcctFlags: [W ] modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk modifyTimestamp: 20051109143944Z But the rest of the time, when it doesn't work, I get an LDAP entry without any Samba data like this:- dn: uid=commaint-df398$,ou=People,dc=commtechgroup,dc=co.uk objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: commaint-df398$ sn: commaint-df398$ uid: commaint-df398$ uidNumber: 1046 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer creatorsName: cn=Manager,dc=commtechgroup,dc=co.uk createTimestamp: 20051116130633Z modifiersName: cn=Manager,dc=commtechgroup,dc=co.uk modifyTimestamp: 20051116130633Z I have experimented with various combinations of root# ./smbldap-useradd -a -w compname$ to see if I can get the record set up with the Samba data, but no luck. I now have 2 servers both of which show the same symptom. Tony Hi Tony, Recently I have come across your problem though i have a similar setup running on different server for a different domain. There are two things that I have observed causing this problem: 1) When the smb nmb server is restarted too many times teh database is getting corrupted. So, I have deleted the samba files frm the /var/spool/samba before restarting the service and added the administrator (root in my case) again. 2) For a weird reason the administrator is not added to the smb backend database. I am using the OpenLDAP backend, and so the password must be added to the secrets.tdb using smbpasswd -w yourpassword (must be ldap binddn password). Also, check the log.smbd and log.your client computer name, that helps a lot in narrowing the problem. cheers, pavan. -- Pavan Krishna L I checked these points, but I don't think it is the cause of the problem in my case. I start by making sure the machine record does not exist in LDAP:- [EMAIL PROTECTED] sbin]# ./smbldap-usershow.pl winxp$ ./smbldap-usershow.pl: user winxp$ doesn't exist I then use the Wizard on machine winxp, entering Administrator as the username and giving the correct password Windows responds unknown username or bad password and /var/log/samba/winxp shows:- [2005/11/22 13:36:02, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1516) ldapsam_modify_entry: Failed to add user dn= uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com with: Already exists [2005/11/22 13:36:02, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1948) ldapsam_add_sam_account: failed to modify/add user with uid = winxp$ (dn = uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com) [2005/11/22 13:36:02, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer winxp$ to passdb. Check permissions? and an entry is added to LDAP:- [EMAIL PROTECTED] sbin]# ./smbldap-usershow.pl winxp$ dn: uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com objectClass: top,inetOrgPerson,posixAccount cn: winxp$ sn: winxp$ uid: winxp$ uidNumber: 1001 gidNumber: 553 homeDirectory: /dev/null loginShell: /bin/false description: Computer Using the Change Name button in Windows gives exactly the same results. Both Windows and Samba seem to be complaining about permissions. Where should I be looking? Tony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Could not login to my XP laptop outside the LAN
Hello, After a successfull installation of a Samba 3.x.x. server as PDC, i join the Samba PDC with a XP SP2 laptop and i open a session for the first time. OK After, i wanted to open a session with this laptop, while having disconnected the cable network, and i had the message: could not open a session, because the domain is not available. Note i am a user with a local profile and (local) administrators rights. What i have to do ? Server side or Client XP side ? Server side: SMB options ? Client side: Key registry or any strategy ? Before with WXP/W2KP and W2K Server, all clients could login outside the LAN (or outside the office). What changed ?. Thank you. JMV. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] slow samba write performance
Hi, I have a problem, problem is slow samba write performance.I tested samba copy and ftp copy, result and machine spec; Samba PC P4 3 ghz / 2 gb Ram 1 x 80 gb HDD(for system) 4 x 250gb sata hdd (software raid /dev/md0)^ 3com gigabit ethernet Windows Pc AMD 2500+ / 5123mn ram 1 x 80 gb hdd (c:\) 1 x 160 gb hdd (d:\) gigabit ethernet test results; windows hdd to hdd copy SourceFile SizeTarget Time c:\713+715MB d:\110sn12.989 kb/sec d:\713+715MB c:\ 59sn 24218 kb/sec Samba Copy c:\713+715MB /dev/md0183sn7808 kb/sec d:\713+715MB /dev/md0183sn7808 kb/sec samba write slow than ftp write /dev/md0 713+715MB c:\ 60sn23814 kb/sec /dev/md0 713+715MB d:\ 86sn16614 kb/sec c:\713+715MB /home144sn9285 kb/sec FTP copy c:\713+715MB /dev/md0 92sn15531 kb/sec d:\713+715MB /dev/md0 80sn17861 kb/sec-ftp copy samba copy %128 /dev/md0 713+715MB c:\ 75sn19051 kb/sec /dev/md0 713+715MB d:\ 86sn15876 kb/sec hdparm /dev/md0 results; Timing cached reads 3980mb in 2.00 sec=1989.88 mb/sec Timed buffered disk reads: 232mb in 3.00 sec=77.33 mb/sec samba settings socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY Why slow samba than ftp? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: slow samba write performance
Depeche wrote: Why slow samba than ftp? AFAIK, on a local intranet (with few dropped packets), ftp's use of upd and low protocol overhead means that you'll be hard-pressed to find any app/protocol that matches or beats it in raw speed. -- rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Client schannel.
Hi all, I'm running on samba-3.0.13-1 ads domain member against winbind to Windows 2003 SP1, with client schannel = No. Is this parameter fixed on new samba-3.0.20a? Can I set client schannel = Yes? Thanks. Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: slow samba write performance
Rex Dieter wrote: Depeche wrote: Why slow samba than ftp? AFAIK, on a local intranet (with few dropped packets), ftp's use of upd and low protocol overhead means that you'll be hard-pressed to find any app/protocol that matches or beats it in raw speed. Exactly, one more reminder that the 1990's are over. When was the last time you saw LAN Times run their yearly NOS wars review comparing the metrics of such products as NetWare, WarpServer, and something called NT Server. Oh yea, they are not even in print anymore. The name of the game today is to make the monopoly protocol for file transfer (SMB) as complicated as possible so that competing free / open source products (SAMBA) have a far harder time producing software which communicates the same language on the wire and can have successful conversations with the closed source SMB implementation and/or only with the competition free / open source implementation itself. When that is the name of the game, and everyone is buying it, and the majority is not looking at or requesting good performance, then what we are looking at today is how things turn out. -- Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Client schannel.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Meli Marco wrote: | Hi all, | I'm running on samba-3.0.13-1 ads domain member | against winbind to Windows 2003 SP1, with client | schannel = No. | Is this parameter fixed on new samba-3.0.20a? | Can I set client schannel = Yes? Things are much better in 3.0.20b. And even better in 3.0.21rc1. The schannel issues are prevelant more in 'security = domain'. Test 3.0.21rc1 if you can and let me know if thigns work better for you. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDg0KDIR7qMdg1EfYRAvIkAKDQ3ncSD2a4Nyab6lfMKKx9xhEz4gCgqFvg pNovE5roGsx2ZdOKAf2MCWo= =mmvf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba produces heavy load on solaris server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dirk Jakobsmeier wrote: | Hello, | | i have problems with to heavy load on our samba | server (2.2.7) on a sun solaris (5.8) server. We | use the server to share data for mechanical cad and | those programs open many, many (e.g. 1400 files in | one model) files at a time and because of this | produce really heavy load on the server (cpu 15%-25% per | smbd process). | | Trying a newer version of samba (3.0.14a) does | not really make this better. | | Are there any changes that i can do to prevent this? See the 3.0.x release notes for some comments on handling large directories. That might help you out. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc There's an anonymous coward in all of us. --anonymous -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDg0LtIR7qMdg1EfYRAvLyAJ9lNmZCraa+C3HVXdxx/Of5+fprzACeJ9xj dU+jZTE4kBwQlHcTu1xELMY= =2dPx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User and Groups Problem with ADS (Win2003) and Solaris 10
Hi, I got samba 2.0.30b running on a Sparc machine with Solaris 10. I installed Kerberos 1.4.2 Openldap stable version 20051018 To compile Samba 2.0.30b with ADS Looks like Kerberos works kinit [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] == works klist == shows ticket I added the server to the domain net join -U Administrator Joined 'SAMBA' to realm 'MYDOMAIN.COM' But after that it starts getting weird: wbinfo -u Returns the users but no domain in front like I saw in many other examples user1 user2 user3 user4 PC1$ PC2$ PC3$ wbinfo -g Returns the groups but also no domain in front group1 group2 group3 smb.conf: [global] workgroup = MYDOMAIN netbios name = SAMBA realm = MYDOMAIN.COM winbind uid = 1-15000 winbind gid = 1-15000 winbind separator = + winbind use default domain = yes security = ADS encrypt passwords = Yes password server = win2003.mydomain.com client use spnego = yes [test1] comment = test1 path = /smbshares/test1 public = Yes valid users = user1, user2, user3 writable = YES [test2] comment = test2 path = /smbshares/test2 public = Yes valid users = @group1 writable = YES [test3] comment = test3 path = /smbshares/test3 public = Yes valid users = @group2 writable = YES Share test1 works if the user1 exists as a unix user otherwise == NT_STATUS_LOGON_FAILURE Share test2 works if the user1 exists as a unix user and is in the group user1 otherwise == NT_STATUS_LOGON_FAILURE If I use net groupmap add unixgroup=group2 ntgroup=Administrators or net groupmap add unixgroup=group2 ntgroup=Administratoren (I am working on a german Win2003 System) And try to log on test3 I get the following error: tree connect failed: NT_STATUS_ACCESS_DENIED net user info user1 Administratoren My guess is that the samba server can't map the windows user to unix users == That is the reason why I can't logon with a user which is not an unix user I guess I have the same problem with the groups they just can't be mapped into new unix groups or on existing unix groups Has anyone any idea, why there seams to be this problem, didn't I understand the concept, is there configuration problem or do I have to RTFM another 100 times? Greetings Max Mustermann Other configure files krb5.conf: [libdefaults] default_realm = MYDOMAIN.COM [realms] MYDOMAIN.COM = { kdc = WIN2003.MYDOMAIN.COM default_domain = MYDOMAIN.COM } [domain_realm] .mydomain.com = MYDOMAIN.COM mydomain.com = MYDOMAIN.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d versions = 10 } [appdefaults] pam = { ticket_lifetime = 1d renew_liftime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } kinit = { renewable = true forwardable= true } gkadmin = { help_url = http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195 } /etc/nsswitch.conf includes the following entries: passwd: files winbind nis group: files winbind nis hosts: files dns nis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't browse \Windows from Linux
I have Samba working nicely on my network, except that there are a few folders, including \Windows, on the XP machine that I can't browse from Linux. I can see and enter the folders, but the contents are null. What is preventing me from getting to these folders? -- Jeffrey Barish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] build_sam_account: smbpasswd database is corrupt! affecting samba group mapping?
Hi, when using pdbedit -L user we get an error build_sam_account: smbpasswd database is corrupt! username user with uid uid is not in unix passwd database! Username not found! This is because a user is not - as it says - in e.g. /etc/passwd. Does this affect the functionality of group mappings in the way that this doesn't work with the mapped unixgroup and in which the user is in?: For example: If you do a group mapping like net groupmap modify ntgroup=Domain Users unixgroup=users so you cannot see the group Domain Users when browsing the domain because of that corruption mentioned in the error message? We use tdbsam as passdb. regards, Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Backup Domain Controllers
Hmm, I was looking. The ntlm authenticator that comes with squid allows multiple domain controllers to load balance or failover between. Does samba support this ? Thanks Ian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ian Barnes Sent: 21 November 2005 08:47 PM To: samba@lists.samba.org Subject: [Samba] Backup Domain Controllers Hi, Our clients have raised a concern about allowing for backup domain controllers in our setup. We are using samba and squid to do ntlmv2 integrated logon. I immediately thought of a PDC BDC relationship, but when I asked them about it, they said they don't have scenario like that. They have regional PDC's and a core PDC. Is there a way to specify multiple servers during startup so that if the first one fails, then it will auto revert to another pdc? We join the domain as follows: # net ads join -S servername -w domain -U username%password After we have joined, we run winbindd and nmbd. Thanks in advance, Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD domain with SDMS issues LDAP Idmap backend
Hi, I have been trying to join a Samba Domain member server to the AD and use LDAP for IDMAP storage. I have run into many strange issues and I was hoping someone can please take time to clarify things for me. I have read quite a bit (I own both the Samba books by Terpstra) and done a lot of Google searching. I think part of my problem is the unusual setup I have, as all the examples in the book/net assume user will have a very small AD and have full control of it. We are a small division and the AD is hosted by our corporate IT. I do have Domain Admin access to our branch of the AD, but not the whole tree. The entire tree has over 8000+ users. My goals: [1] Using winbind authenticate users on Linux servers/workstations - ACCOMPLISHED [2] Using Kerberos so that users are not prompted for login and password when accessing Domain shares - ACCOMPLISHED but still has some issues. [3] Rather than each Linux host maintaining its own idmap db, store everything on a OpenLDAP server - FAILED Here is what I have done so far: [1] OpenLDAP server with three OU's - People, Groups, Idmap [2] Joined a Linux server to AD (net ads join ...) [3] Confirmed that I get list of users when I do wbinfo -u (or getent passwd). - However I do not get ALL the users. As a matter of fact I get many other domains in AD (ex. SA, EU, AP), but not my own Domain (NA). Does anyone know why this would be? Due to this I am unable to test user login, since I do not have account access for another domain. [4] On the OpenLDAP server there seems to be no change in the Idmap, I don't understand why it is not getting populated. If I do a manual ldapsearch, I can access the ldap server and query the directory. I also made sure that the smbpasswd -w my ldap user password is correct. Here is my smb.conf file: [global] workgroup = NA netbios name = SPDUSLISHNODE01 realm = NA.NET.MYCOMPANY.COM http://NA.NET.MYCOMPANY.COM server string = Queue Headnode security = ADS log level = 1 ads:10 passdb:5 auth:10 winbind:8 sam:10 rpc:10 ldap admin dn = cn=spd.ldapadmin,o=mycompany ldap idmap suffix = ou=Idmap ldap suffix = o=mycompany idmap uid = 15-55 idmap gid = 15-55 template shell = /bin/bash template homedir = /home/%U winbind use default domain = yes encrypt passwords = yes password server = SPDUSLISDC010 winbind separator = / socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no wins server = 10.55.56.4 http://10.55.56.4 name resolve order = wins lmhosts bcast My krb5.conf file is similar to the one in Samba-Guide (and I knwo this works since I can join the Linux host to AD directory) Thanks, Vijay Avarachen -- Knowledge is the only wealth that grows as you spend it, and diminishes as you save it. -- ancient Sanskrit saying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance Problem / failed to verify PAC server signature
Christoph Kaegi wrote: On 22.11-10:58, Guenther Deschner wrote: -- 8 -- [2005/11/21 16:09:28, 3] libsmb/clikrb5.c:smb_krb5_verify_checksum(695) smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: Bad encryption type [2005/11/21 16:09:28, 2] libads/authdata.c:check_pac_checksum(666) check_pac_checksum: PAC Verification failed: Bad encryption type (-1765328196) [2005/11/21 16:09:28, 0] libads/authdata.c:decode_pac_data(876) decode_pac_data: failed to verify PAC server signature [2005/11/21 16:09:28, 3] libads/kerberos_verify.c:ads_verify_ticket(416) ads_verify_ticket: failed to decode PAC_DATA: NT_STATUS_ACCESS_DENIED -- 8 -- First of all: are you sure you are running Samba 3.0.20? The PAC verification code is not in any of the 3.0.20/a/b tarball releases (just accidentially in the 3.0.20a subversion tags directory) but only in the 3.0.21 series of pre-releases/rcs. The production Server runs 3.0.20, but the test Server, where I analyzed this and where the logs are coming from is 3.0.21rc1 indeed. Sorry for the confusion. But in both cases, the behaviour on the network is the same (STATUS_LOGON_FAILUREs with a certain delay, depending on load) Then you most probably are forced to use DES keys when authenticating with Kerberos on your OS, right? PAC verification must then fail due to a bug in Windows (which fails to put DES-based checksum into the PAC signatures), so we can't verify the signature. What exact Kerberos library are you using (version) ? Hm, how can I determine, if I use DES keys? I have the following in krb5.conf (if that is what you mean): -- 8 -- default_tkt_enctypes = des-cbc-crc, des-cbc-md5 default_tgs_enctypes = des-cbc-crc, des-cbc-md5 -- 8 -- I derived this from google knowledge, but I'll change this gladly if you tell me it is wrong. Kerberos is MIT Kerbers5 1.4 With Kerberos 1.4 you should include rc4-hmac in the list of enctypes. It is the native mode of windows. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] could not add user/computer winxp$ to passdb:Check permissions?
I've Googled my fingertips off trying to find an answer to this and tried several things without success. I have 2 Samba server setup by different people but both using Samba by Example chapter 6. Neither server will allow Windows computers to join the domain. The Samba log shows: [2005/11/22 13:36:02, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1516) ldapsam_modify_entry: Failed to add user dnuid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com with: Already exists [2005/11/22 13:36:02, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1948) ldapsam_add_sam_account: failed to modify/add user with uid = winxp$ (dn = uid=winxp$,ou=People,dc=phoenixinteriorsltd,dc=com) [2005/11/22 13:36:02, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer winxp$ to passdb. Check permissions? Tony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows AD w/ Windows Services for Unix?
Can anyone verify the functionality of the RPM's for SuSE 9.3 located here? http://us3.samba.org/samba/ftp/Binary_Packages/SuSE/pre/x86_64/9.3/ I am leary of getting an unstable version setup. Thanks in advance. Doug VanLeuven wrote: Jason Gerfen wrote: Doug VanLeuven wrote: Jason Gerfen wrote: I can authenticate users on a default setup of Windows 2000 using 'Security = ADS'. However if I install Windows Services for Unix (http://www.microsoft.com/windowsserversystem/sfu/productinfo/features/default.mspx) I am not able to authenticate or view users from different Organizational Units in the default domain. ??? With a 2000 or 2003 Windows AD controller, I've run SFU 3.0 3.5 on both client and server without side effects. I use: winbind nss info = template sfu security = ADS winbind trusted domains only = yes idmap backend = ad on the samba member servers. Perhaps you mean you're running samba PDC and using SFU on a client workstation? In that case, I would assume, for it to work, you would need to run an ldap backend and extend the schema for SFU. Then fill out the unix values. Anyone ever done that? Regards, Doug Odd, I attempted your suggestions: % testparm Load smb config files from /etc/samba/smb.conf Unknown parameter encountered: winbind nss info Ignoring unknown parameter winbind nss info You must be using an older version of samba. I don't recall exactly when that was introduced. Somewhere around 3.0.14 maybe. Probably wouldn't find the ad loadable module either. They came in at the same time. The first scenario is correct, a ROLE_DOMAIN_MEMBER that authenticates file shares using nsswitch and winbind against the Windows 2000 domain. Prior to the XAD idmap_ad being pushed into samba, I compiled it and included it myself on older versions (and had to patch it too). Prior to samba 3.0 I was using SFU to export NFS shares on windows servers using user and group mapping. Unix had NIS then LDAP for auth. Only way I made the SFU/NIS/LDAP work with samba. You'll need to get current. Regards, Doug -- Jason Gerfen My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Files moved around
I have run into a problem where someone is moving files around on one of the file servers. We found the files and then one of the users moved the files back to the correct place, but the part which scared me is that I can't tell who moved the files around. What settings do I need to have set up for logging so that if this happens in the future I can find out who is doing this. Currently I have recycling setup and it appears to be working, but these files being moved never caused the files to show up in recycling. I know who moved the files back, but there is no indication in my logs or by looking at the ownership of the files that indicates who moved the files back. 'ls -l' indicates that root owns the files and the directories and that the group is 'Domain Users' [global] workgroup = COMP netbios name = COMP01B server string = samba server security = DOMAIN password server = 192.168.2.239 192.168.2.91 obey pam restrictions = yes idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/users/%U template primary group = Domain Users template shell = /bin/bash winbind separator = + hosts allow = 192.168.2. 192.168.5. 127. smb ports = 139 printcap name = /etc/printcap wins server = 192.168.2.239 load printers = yes vfs objects = extd_audit log file = /var/log/samba/%U.%m.log log level = 0 vfs:2 max log size = 50 printer admin = COMP+phwashing phwashing lpq cache time = 20 ;printing = CUPS ;printcap = CUPS dns proxy = no hide dot files = yes veto files = /.*/lost*/ [COMPSHARE] comment = COMPSHARE browseable = yes path = /COMPSHARE read only = no valid users = COMP+phwashing,@COMP+Domain Users write list = @COMP+Domain Users read list = COMP+phwashing,@COMP+Domain Users create mask = 0774 security mask = 0774 force security mode = 770 dos filetimes = yes directory mask = 2777 directory security mask = 0770 force directory security mode = 770 inherit permissions = yes writable = yes guest ok = no veto oplock files = /COMP.*/ vfs object = recycle recycle:versions = yes recycle:touch = yes recycle:repository = .recycle/%U recycle:keeptree = yes recycle:exclude = *.tmp,*.temp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join domain - Samba 3.0.14a on Solaris
Greetings, We've been having an issue here with our Solaris servers running Samba. On our Primary Domain Controller we have been unable to upgrade it past Samba 3.0.14a. If we upgrade to any of the later versions PCs on our network cannot join the domain. Client PCs already in the domain operate just fine. When attempting to join the domain Windows opens an error dialog box that says: The following error occurred attempting to join the domain X: The remote procedure call failed. Has anyone else seen an issue like this? I wanted to check with the list before opening a bug report. Once we roll the server back to 3.0.14a the join works fine. Our other Sun servers are running Samba 3.0.14a on Solaris 9 built with gcc 3.3.2, 64 bit. Thanks, Bob *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with login script not running as one user
Okay, have a small office running Samba on MDK 10.1 and XP workstations: samba-server-3.0.10-0.1.101mdk samba-client-3.0.10-0.1.101mdk samba-vscan-clamav-3.0.10-0.1.101mdk samba-common-3.0.10-0.1.101mdk Using tbdsam as our backend. I recently added a new user, however this user does not run the regular login script for some reason net use h: \\FILESERVER\homes /YES net use p: \\FILESERVER\public /YES net use z: \\FILESERVER\archive /YES The only drive being mapped is the home directory and it's being mapped as Z:, none of the other drives are being mapped. I've checked the samba logs for both the server and workstation in question, also event logs on the workstation itself and don't see anything obvious relating to this problem. We are using roaming profiles for all users and logging in as several other users on this machine has the proper drive mappings from the login script. I've checked user and group ownership on the various files and all seems as expected. It's just this one user that is problematic. Googling hasn't turned up anything useful so far. Suggestions? -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AD domain with SDMS issues LDAP Idmap backend
Ok WTF... idmap is getting populated in OpenLDAP now. :-) I just took a sh*t load of timeand turns out I was wrong about the headcount in AD, its not 8000+ its close to 40,000+ YIKES! Also I noticed that there are some errors in the Samba-3 By Example book. On page 235 (7.3.4.2 http://7.3.4.2section - IDMAP Storage in LDAP using Winbind) , it tells you to set passwd, shadow and group in /etc/nsswitch.conf to file ldap. It should really be files winbind ldap. Or else when you do getent passwd/group, its not gonna see those entries from winbind. Does anyone know if its safe to turn on nscd cause I don't want the ldap server getting pounded. Thanks, Vijay Avarachen On 11/22/05, Vijay Avarachen [EMAIL PROTECTED] wrote: Hi, I have been trying to join a Samba Domain member server to the AD and use LDAP for IDMAP storage. I have run into many strange issues and I was hoping someone can please take time to clarify things for me. I have read quite a bit (I own both the Samba books by Terpstra) and done a lot of Google searching. I think part of my problem is the unusual setup I have, as all the examples in the book/net assume user will have a very small AD and have full control of it. We are a small division and the AD is hosted by our corporate IT. I do have Domain Admin access to our branch of the AD, but not the whole tree. The entire tree has over 8000+ users. My goals: [1] Using winbind authenticate users on Linux servers/workstations - ACCOMPLISHED [2] Using Kerberos so that users are not prompted for login and password when accessing Domain shares - ACCOMPLISHED but still has some issues. [3] Rather than each Linux host maintaining its own idmap db, store everything on a OpenLDAP server - FAILED Here is what I have done so far: [1] OpenLDAP server with three OU's - People, Groups, Idmap [2] Joined a Linux server to AD (net ads join ...) [3] Confirmed that I get list of users when I do wbinfo -u (or getent passwd). - However I do not get ALL the users. As a matter of fact I get many other domains in AD (ex. SA, EU, AP), but not my own Domain (NA). Does anyone know why this would be? Due to this I am unable to test user login, since I do not have account access for another domain. [4] On the OpenLDAP server there seems to be no change in the Idmap, I don't understand why it is not getting populated. If I do a manual ldapsearch, I can access the ldap server and query the directory. I also made sure that the smbpasswd -w my ldap user password is correct. Here is my smb.conf file: [global] workgroup = NA netbios name = SPDUSLISHNODE01 realm = NA.NET.MYCOMPANY.COM http://NA.NET.MYCOMPANY.COM server string = Queue Headnode security = ADS log level = 1 ads:10 passdb:5 auth:10 winbind:8 sam:10 rpc:10 ldap admin dn = cn=spd.ldapadmin,o=mycompany ldap idmap suffix = ou=Idmap ldap suffix = o=mycompany idmap uid = 15-55 idmap gid = 15-55 template shell = /bin/bash template homedir = /home/%U winbind use default domain = yes encrypt passwords = yes password server = SPDUSLISDC010 winbind separator = / socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no wins server = 10.55.56.4 http://10.55.56.4 name resolve order = wins lmhosts bcast My krb5.conf file is similar to the one in Samba-Guide (and I knwo this works since I can join the Linux host to AD directory) Thanks, Vijay Avarachen -- Knowledge is the only wealth that grows as you spend it, and diminishes as you save it. -- ancient Sanskrit saying -- Knowledge is the only wealth that grows as you spend it, and diminishes as you save it. -- ancient Sanskrit saying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mounting smbfs
People, When I try to mount a network share with the following command, using kubuntu 5.10: sudo mount -t smbfs -o username=myusername,passwork=myuserpassword //esotericVAIO/Downloads /mnt/vaioDownloads I get to following error message mount: wrong fs type, bad option, bad superblock on //esotericVAIO/Downloads, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail or so I see the following error message in dmesg smbfs: mount_data version 1919251317 is not supported What does the dmesg mean? Thanks for your time. Chuck Downing Leadville, Colorado, USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AD domain with SDMS issues LDAP Idmap backend
Vijay Avarachen wrote: Ok WTF... idmap is getting populated in OpenLDAP now. :-) I just took a sh*t load of timeand turns out I was wrong about the headcount in AD, its not 8000+ its close to 40,000+ YIKES! You could consider using these in smb.conf: (comments mine) ## WARNING: winbind enum ( = yes) can take a *long* time on a ## large domain! -- Rex winbind enum users = no winbind enum groups = no -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] rpcclient to multiple servers simultaneously
Hello, I have noticed that rpcclient support the ability to maintain connections to multiple servers simultaneously. (http://optics.ph.unimelb.edu.au/help/samba/rpcclient.8.html) My question is what is the samba's version that support this ability and where I can find an example of it's use? Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windowsNT 4.0 and ServicePack 5
Hello when I try to connect from a Windows NT 4.0 and servicePack 5 I get the message Der Netzwerkpfad wird nicht gefunden With ServicePack 6 it is no problem, but on some workstations I cant´t change !!! Is there a possibility (configuration) for ServicePack5 ??? Our samba Version is 2.2.7. In earlier times we had Version 2.0.7 - there was no problem with SP5. Sorry - my bad english, but perhaps you can help me Thanks a Lot Klaus -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Guest account and deleting filed
I have an internal Samba installation where I have security=share, and have everything going to a guest account, which I've made a regular user and password. I can can copy and move files, but I can't delete any files. I was expecting Samba to follow the permissions of the user, which should be able to delete these files. I've enclosed my smb.conf. The internal (guest) user is called samba, and it's default group is dl4ub smb.conf: [global] netbios name = spserv1 server string = Samba os level = 255 local master = yes preferred master = yes security = share username map = /etc/samba/users.map wins support = yes workgroup = SPS1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE log level = 1 guest account = samba max xmit = 65535 read size = 65536 interfaces = net0 bind interfaces only = yes [NETLOGON] comment = Network Logon Service path = /etc/samba/netlogon guest ok = yes guest only = yes hosts allow = 192.1.1. [unix] comment = unix force user = check force group = dl4ub create mode = force create mode = 0660 directory mode = force directory mode = 0770 path = / read only = no guest ok = yes guest only = yes hosts allow = 192.1.1. mangled names = no [RDM-Ingenico] comment = RDM-Ingenico force user = check force group = dl4ub create mode = force create mode = 0660 directory mode = force directory mode = 0770 path = /u/ftprdm read only = no guest ok = yes guest only = yes hosts allow = 192.1.1. mangled names = yes [g] comment = g force user = check force group = dl4ub create mode = force create mode = 0660 directory mode = force directory mode = 0770 path = /u/g read only = no guest ok = yes guest only = yes hosts allow = 192.1.1. mangled names = no [web] comment = web force user = web force group = dl4ub create mode = force create mode = 0664 directory mode = force directory mode = 0775 path = /u/apache/htdocs read only = no guest ok = yes guest only = yes hosts allow = 192.1.1. mangled names = no Thanks, Rick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mounting smbfs
My error, I fat-fingered in the message only. The command should be as below. People, When I try to mount a network share with the following command, using kubuntu 5.10: sudo mount -t smbfs -o username=myusername,password=myuserpassword //esotericVAIO/Downloads /mnt/vaioDownloads I get to following error message mount: wrong fs type, bad option, bad superblock on //esotericVAIO/Downloads, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail or so I see the following error message in dmesg smbfs: mount_data version 1919251317 is not supported What does the dmesg mean? Thanks for your time. Chuck Downing Leadville, Colorado, USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with login script not running as one user
Do you have a valid users= entry on the shares in question? If so, is the problem user a member of that group? That one caught me recently. I forgot to add the user to the group that could see that share. Michael Harondel J. Sibble told me on 11/22/2005 15:19: Okay, have a small office running Samba on MDK 10.1 and XP workstations: samba-server-3.0.10-0.1.101mdk samba-client-3.0.10-0.1.101mdk samba-vscan-clamav-3.0.10-0.1.101mdk samba-common-3.0.10-0.1.101mdk Using tbdsam as our backend. I recently added a new user, however this user does not run the regular login script for some reason net use h: \\FILESERVER\homes /YES net use p: \\FILESERVER\public /YES net use z: \\FILESERVER\archive /YES The only drive being mapped is the home directory and it's being mapped as Z:, none of the other drives are being mapped. I've checked the samba logs for both the server and workstation in question, also event logs on the workstation itself and don't see anything obvious relating to this problem. We are using roaming profiles for all users and logging in as several other users on this machine has the proper drive mappings from the login script. I've checked user and group ownership on the various files and all seems as expected. It's just this one user that is problematic. Googling hasn't turned up anything useful so far. Suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mounting smbfs
sudo mount -t smbfs -o What OS is the machine? If it's XP what happens if you use -t cifs instead? Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't browse \Windows from Linux
I have Samba working nicely on my network, except that there are a few folders, including \Windows, on the XP machine that I can't browse from Linux. I can see and enter the folders, but the contents are null. What is preventing me from getting to these folders? I've seen this problem in the past under Win98 of all things. Under XP I suspect the user you're connecting as may not have access to \Windows - have you tried adding the user Everyone and giving them read/browse access? Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't browse \Windows from Linux
Are they set up for full sharing? Can you see them from another computer other than the Linux box? I'd suspect the problem is in share permissions on the XP box. Michael Jeffrey Barish told me on 11/22/2005 10:08: I have Samba working nicely on my network, except that there are a few folders, including \Windows, on the XP machine that I can't browse from Linux. I can see and enter the folders, but the contents are null. What is preventing me from getting to these folders? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sick Samba 3.0.14a-3 Server - in a world of pain!
I wrote such a generic subject line because I'm stuck and not quite sure where to go... It's a Samba 3.0.14a-3 server running on Debian stable. It uses LDAP authentication and is the primary Domain server on the network. Until around a month ago the server '''seemed''' to be fine, but now I have to massage it to life every morning just so the users can access it (killall -9 smbd, restart samba until most people can see it). The clients are primarly WinXP SP2 machines with a few Win2K and one NT. Here's the symptoms. 1) log.smbd was showing the following errors repeatedly getpeername failed. Error was Transport endpoint is not connected [2005/10/24 08:00:40, 0] lib/util_sock.c:get_peer_addr(1150) I thought this would solve the problem of So after scanning through the mail archives I gleemed that it could be a problem with port issues, so I added smb ports = 139 into the smb.conf and viola the error message dissapeared. However the 'hanging' samba server issue 2) The server hangs, in pieces. It continually spawns smbd processes, however for the clients that cannot connect to the server (forever timing out) will never successfully connect to it until samba is shutdown forcibly. Even then it takes a few times before the system is working again. 3) nmblookup hq (the server name) yeilds nothing. Whilst Wins is working on the clients and nmbd.log shows it is the Wins server, nmblookup on the actual server doesn't work. Not critical, but wondering if it could be related. 4) I cannot find anything in the logs that looks wrong. I possibly need some more diagnostics to figure out the cause. And last, here's a dump of the config file: # Global parameters [global] unix charset = ISO8859-1 workgroup = WORKGROUP server string = HQ interfaces = 192.168.0.0/255.255.0.0 passdb backend = ldapsam:ldap://localhost pam password change = Yes passwd program = /usr/bin/passwd %u unix password sync = Yes log level = 4 log file = /var/log/samba/log.%m max log size = 50 smb ports = 139 announce version = 4.8 load printers = No printcap name = /dev/null add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.bat logon path = \\%L\%U\profile logon drive = p: logon home = \\%L\%U domain logons = Yes os level = 60 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=soapbox ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap,ou=Systems ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=soapbox ldap user suffix = ou=People create mask = 0660 directory mask = 0775 hosts allow = 192.168., 127., 10.0.0. use sendfile = Yes case sensitive = No short preserve case = No veto oplock files = /*.QBW/*.bat/*.mdb/ [share] comment = Shared Directory path = /srv read only = No [companyshared] comment = share path = /srv/companyshared read only = No [homes] comment = Home Directory for '%u' read only = No browseable = No [home] path = /home read only = No browseable = No [profiles] path = /home/samba/profiles/ read only = No create mask = 0600 directory mask = 0700 profile acls = Yes preserve case = No hide files = /desktop.ini/ntuser.ini/NTUSER.*/.*/ browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes browseable = No [printers] comment = All printers path = /var/spool/samba printer admin = root, @ntadmins guest ok = Yes printable = Yes browseable = No [PRINT$] path = /home/samba/printers write list = @wheel, root, administrator, rick, pam create mask = 0644 directory mask = 0755 guest ok = Yes -- Regards, JB Hewitt Business: http://www.stcpl.com.au Blog: http://blade.lansmash.com Best LAN ever: http://www.lansmash.com How to ask a ?: http://www.catb.org/~esr/faqs/smart-questions.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with login script not running as one user
On 22 Nov 2005 at 16:30, Michael Barnes wrote: Do you have a valid users= entry on the shares in question? If so, is the problem user a member of that group? That one caught me recently. I forgot to add the user to the group that could see that share. On the netlogon share? No, that has guest access which is required so all users can access the share, as to the other shares, the new user is a member of the office group which all the users are members of to get access to shared resources. Sadly that's not it. :-( -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with login script not running as one user
On Tue, 2005-11-22 at 13:19 -0800, Harondel J. Sibble wrote: Okay, have a small office running Samba on MDK 10.1 and XP workstations: samba-server-3.0.10-0.1.101mdk samba-client-3.0.10-0.1.101mdk samba-vscan-clamav-3.0.10-0.1.101mdk samba-common-3.0.10-0.1.101mdk Using tbdsam as our backend. I recently added a new user, however this user does not run the regular login script for some reason net use h: \\FILESERVER\homes /YES net use p: \\FILESERVER\public /YES net use z: \\FILESERVER\archive /YES The only drive being mapped is the home directory and it's being mapped as Z:, none of the other drives are being mapped. I've checked the samba logs for both the server and workstation in question, also event logs on the workstation itself and don't see anything obvious relating to this problem. We are using roaming profiles for all users and logging in as several other users on this machine has the proper drive mappings from the login script. I've checked user and group ownership on the various files and all seems as expected. It's just this one user that is problematic. Googling hasn't turned up anything useful so far. Suggestions? - inasmuch as the mounts tend to be persistent, you might not be executing the logon script by any of the users but think you are. Why not put a break or something in the logon script so it stays on screen waiting for input or something so you know that it runs for other users. As far as why it might not be running logon script for valid user possibilities... - tdb permits different logon script per user. have you verified with pdbedit? - computer is properly joined or connected to domain controller and is providing logon from cache - logon script created with unix line breaks instead of Windows line breaks (bad) Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 2.7 to SAMBA 3.0
hi, I want to migrate the samba PDC server release 2.7 to samba PDC server release 3.0 Knowing that we use LDAP for all account and authentification how to migrate also the SID so i have not to reintégrate the machine in the domaine. Are there some tools that does that. If someone have already done so that migration i would happy de know his experience. Thanks. sincerely -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Sick Samba 3.0.14a-3 Server - in a world of pain!
Hi, i know this problem, is not samba but ldap do you have nscd installed? last weekend i had a similar problem, after a /etc/init.d/samba restart my samba produced errors. i had to restarted samba again, restarted ldap still no go. i rebooted the complete server, and... no samba. i removed nscd for the server, stopped samba and ldap i reset the Administrator password with smbpasswd -w and first started ldap, then started samba again. then it was working gain. i think its ldap generating the logon problems, but im not sure. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens JB Hewitt Verzonden: woensdag 23 november 2005 0:36 Aan: samba@lists.samba.org Onderwerp: [Samba] Sick Samba 3.0.14a-3 Server - in a world of pain! I wrote such a generic subject line because I'm stuck and not quite sure where to go... It's a Samba 3.0.14a-3 server running on Debian stable. It uses LDAP authentication and is the primary Domain server on the network. Until around a month ago the server '''seemed''' to be fine, but now I have to massage it to life every morning just so the users can access it (killall -9 smbd, restart samba until most people can see it). The clients are primarly WinXP SP2 machines with a few Win2K and one NT. Here's the symptoms. 1) log.smbd was showing the following errors repeatedly getpeername failed. Error was Transport endpoint is not connected [2005/10/24 08:00:40, 0] lib/util_sock.c:get_peer_addr(1150) I thought this would solve the problem of So after scanning through the mail archives I gleemed that it could be a problem with port issues, so I added smb ports = 139 into the smb.conf and viola the error message dissapeared. However the 'hanging' samba server issue 2) The server hangs, in pieces. It continually spawns smbd processes, however for the clients that cannot connect to the server (forever timing out) will never successfully connect to it until samba is shutdown forcibly. Even then it takes a few times before the system is working again. 3) nmblookup hq (the server name) yeilds nothing. Whilst Wins is working on the clients and nmbd.log shows it is the Wins server, nmblookup on the actual server doesn't work. Not critical, but wondering if it could be related. 4) I cannot find anything in the logs that looks wrong. I possibly need some more diagnostics to figure out the cause. And last, here's a dump of the config file: # Global parameters [global] unix charset = ISO8859-1 workgroup = WORKGROUP server string = HQ interfaces = 192.168.0.0/255.255.0.0 passdb backend = ldapsam:ldap://localhost pam password change = Yes passwd program = /usr/bin/passwd %u unix password sync = Yes log level = 4 log file = /var/log/samba/log.%m max log size = 50 smb ports = 139 announce version = 4.8 load printers = No printcap name = /dev/null add machine script = /usr/sbin/smbldap-useradd -w %u logon script = logon.bat logon path = \\%L\%U\profile logon drive = p: logon home = \\%L\%U domain logons = Yes os level = 60 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=admin,dc=soapbox ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap,ou=Systems ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=soapbox ldap user suffix = ou=People create mask = 0660 directory mask = 0775 hosts allow = 192.168., 127., 10.0.0. use sendfile = Yes case sensitive = No short preserve case = No veto oplock files = /*.QBW/*.bat/*.mdb/ [share] comment = Shared Directory path = /srv read only = No [companyshared] comment = share path = /srv/companyshared read only = No [homes] comment = Home Directory for '%u' read only = No browseable = No [home] path = /home read only = No browseable = No [profiles] path = /home/samba/profiles/ read only = No create mask = 0600 directory mask = 0700 profile acls = Yes preserve case = No hide files = /desktop.ini/ntuser.ini/NTUSER.*/.*/ browseable = No [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes browseable = No [printers] comment = All printers path = /var/spool/samba printer admin = root, @ntadmins guest ok = Yes printable = Yes browseable = No [PRINT$] path = /home/samba/printers write list = @wheel, root, administrator, rick, pam create mask = 0644 directory mask = 0755 guest ok = Yes -- Regards, JB
svn commit: samba r11846 - branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/smbd trunk/source/libads trunk/source/smbd
Author: gd Date: 2005-11-22 10:22:59 + (Tue, 22 Nov 2005) New Revision: 11846 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11846 Log: Destroy the TALLOC_CTX on error in the Kerberos session setup and give a more precise inline comment why PAC verification may fail. Guenther Modified: branches/SAMBA_3_0/source/libads/kerberos_verify.c branches/SAMBA_3_0/source/smbd/sesssetup.c trunk/source/libads/kerberos_verify.c trunk/source/smbd/sesssetup.c Changeset: Modified: branches/SAMBA_3_0/source/libads/kerberos_verify.c === --- branches/SAMBA_3_0/source/libads/kerberos_verify.c 2005-11-22 06:07:26 UTC (rev 11845) +++ branches/SAMBA_3_0/source/libads/kerberos_verify.c 2005-11-22 10:22:59 UTC (rev 11846) @@ -400,9 +400,9 @@ file_save(/tmp/ticket.dat, ticket-data, ticket-length); #endif - /* continue when no PAC is retrieved - (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, - or Kerberos tickets encryped using a DES key) - Guenther */ + /* continue when no PAC is retrieved or we couldn't decode the PAC + (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, or + Kerberos tickets encrypted using a DES key) - Guenther */ got_auth_data = get_auth_data_from_tkt(mem_ctx, auth_data, tkt); if (!got_auth_data) { Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c === --- branches/SAMBA_3_0/source/smbd/sesssetup.c 2005-11-22 06:07:26 UTC (rev 11845) +++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2005-11-22 10:22:59 UTC (rev 11846) @@ -168,6 +168,7 @@ return ERROR_NT(NT_STATUS_NO_MEMORY); if (!spnego_parse_krb5_wrap(*secblob, ticket, tok_id)) { + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -177,6 +178,7 @@ if (!NT_STATUS_IS_OK(ret)) { DEBUG(1,(Failed to verify incoming ticket!\n)); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -188,6 +190,7 @@ data_blob_free(ap_rep); data_blob_free(session_key); SAFE_FREE(client); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } @@ -206,6 +209,7 @@ data_blob_free(ap_rep); data_blob_free(session_key); SAFE_FREE(client); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } } @@ -283,6 +287,7 @@ SAFE_FREE(client); data_blob_free(ap_rep); data_blob_free(session_key); + talloc_destroy(mem_ctx); return ERROR_NT(NT_STATUS_LOGON_FAILURE); } } @@ -302,6 +307,7 @@ data_blob_free(ap_rep); data_blob_free(session_key); passwd_free(pw); + talloc_destroy(mem_ctx); return ERROR_NT(ret); } @@ -314,6 +320,7 @@ data_blob_free(ap_rep); data_blob_free(session_key); passwd_free(pw); + talloc_destroy(mem_ctx); return ERROR_NT(ret); } Modified: trunk/source/libads/kerberos_verify.c === --- trunk/source/libads/kerberos_verify.c 2005-11-22 06:07:26 UTC (rev 11845) +++ trunk/source/libads/kerberos_verify.c 2005-11-22 10:22:59 UTC (rev 11846) @@ -400,9 +400,9 @@ file_save(/tmp/ticket.dat, ticket-data, ticket-length); #endif - /* continue when no PAC is retrieved - (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, - or Kerberos tickets encryped using a DES key) - Guenther */ + /* continue when no PAC is retrieved or we couldn't decode the PAC + (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, or + Kerberos tickets encrypted using a DES key) - Guenther */ got_auth_data = get_auth_data_from_tkt(mem_ctx, auth_data, tkt); if (!got_auth_data) { Modified: trunk/source/smbd/sesssetup.c === --- trunk/source/smbd/sesssetup.c 2005-11-22 06:07:26 UTC (rev 11845) +++ trunk/source/smbd/sesssetup.c 2005-11-22 10:22:59 UTC (rev 11846) @@ -168,6 +168,7 @@ return ERROR_NT(NT_STATUS_NO_MEMORY); if (!spnego_parse_krb5_wrap(*secblob, ticket, tok_id)) { + talloc_destroy(mem_ctx);
svn commit: samba r11848 - in branches/SAMBA_4_0/source/libcli/raw: .
Author: tridge Date: 2005-11-22 13:12:22 + (Tue, 22 Nov 2005) New Revision: 11848 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11848 Log: separate out the info levels common to SMB and SMB2 for raw_search Modified: branches/SAMBA_4_0/source/libcli/raw/rawrequest.c branches/SAMBA_4_0/source/libcli/raw/rawsearch.c Changeset: Sorry, the patch is too large (333 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11848
svn commit: samba r11849 - in branches/SAMBA_4_0/source/libcli/smb2: .
Author: tridge Date: 2005-11-22 13:13:17 + (Tue, 22 Nov 2005) New Revision: 11849 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11849 Log: added mapping between SMB2 and SMB find/search levels Modified: branches/SAMBA_4_0/source/libcli/smb2/find.c branches/SAMBA_4_0/source/libcli/smb2/smb2_calls.h Changeset: Modified: branches/SAMBA_4_0/source/libcli/smb2/find.c === --- branches/SAMBA_4_0/source/libcli/smb2/find.c2005-11-22 13:12:22 UTC (rev 11848) +++ branches/SAMBA_4_0/source/libcli/smb2/find.c2005-11-22 13:13:17 UTC (rev 11849) @@ -82,9 +82,98 @@ sync find request */ NTSTATUS smb2_find(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, - struct smb2_find *io) + struct smb2_find *io) { struct smb2_request *req = smb2_find_send(tree, io); return smb2_find_recv(req, mem_ctx, io); } + +/* + a varient of smb2_find_recv that parses the resulting blob into + smb_search_data structures +*/ +NTSTATUS smb2_find_level_recv(struct smb2_request *req, TALLOC_CTX *mem_ctx, + uint8_t level, uint_t *count, + union smb_search_data **io) +{ + struct smb2_find f; + NTSTATUS status; + DATA_BLOB b; + enum smb_search_level smb_level; + uint_t next_ofs=0; + + switch (level) { + case SMB2_FIND_DIRECTORY_INFO: + smb_level = RAW_SEARCH_DIRECTORY_INFO; + break; + case SMB2_FIND_FULL_DIRECTORY_INFO: + smb_level = RAW_SEARCH_FULL_DIRECTORY_INFO; + break; + case SMB2_FIND_BOTH_DIRECTORY_INFO: + smb_level = RAW_SEARCH_BOTH_DIRECTORY_INFO; + break; + case SMB2_FIND_NAME_INFO: + smb_level = RAW_SEARCH_NAME_INFO; + break; + case SMB2_FIND_ID_FULL_DIRECTORY_INFO: + smb_level = RAW_SEARCH_ID_FULL_DIRECTORY_INFO; + break; + case SMB2_FIND_ID_BOTH_DIRECTORY_INFO: + smb_level = RAW_SEARCH_ID_BOTH_DIRECTORY_INFO; + break; + default: + return NT_STATUS_INVALID_INFO_CLASS; + } + + status = smb2_find_recv(req, mem_ctx, f); + NT_STATUS_NOT_OK_RETURN(status); + + b = f.out.blob; + *io = NULL; + *count = 0; + + do { + union smb_search_data *io2; + + io2 = talloc_realloc(mem_ctx, *io, union smb_search_data, (*count)+1); + if (io2 == NULL) { + data_blob_free(f.out.blob); + talloc_free(*io); + return NT_STATUS_NO_MEMORY; + } + *io = io2; + + status = smb_raw_search_common(*io, smb_level, b, (*io) + (*count), + next_ofs, STR_UNICODE); + + if (NT_STATUS_IS_OK(status) + next_ofs = b.length) { + data_blob_free(f.out.blob); + talloc_free(*io); + return NT_STATUS_INFO_LENGTH_MISMATCH; + } + + (*count)++; + + b = data_blob_const(b.data+next_ofs, b.length - next_ofs); + } while (NT_STATUS_IS_OK(status) next_ofs != 0); + + data_blob_free(f.out.blob); + + return NT_STATUS_OK; +} + +/* + a varient of smb2_find that parses the resulting blob into + smb_search_data structures +*/ +NTSTATUS smb2_find_level(struct smb2_tree *tree, TALLOC_CTX *mem_ctx, +struct smb2_find *f, +uint_t *count, union smb_search_data **io) +{ + struct smb2_request *req; + + req = smb2_find_send(tree, f); + return smb2_find_level_recv(req, mem_ctx, f-in.level, count, io); +} Modified: branches/SAMBA_4_0/source/libcli/smb2/smb2_calls.h === --- branches/SAMBA_4_0/source/libcli/smb2/smb2_calls.h 2005-11-22 13:12:22 UTC (rev 11848) +++ branches/SAMBA_4_0/source/libcli/smb2/smb2_calls.h 2005-11-22 13:13:17 UTC (rev 11849) @@ -279,6 +279,16 @@ } out; }; +/* + SMB2 uses different level numbers for the same old SMB search levels +*/ +#define SMB2_FIND_DIRECTORY_INFO 0x01 +#define SMB2_FIND_FULL_DIRECTORY_INFO0x02 +#define SMB2_FIND_BOTH_DIRECTORY_INFO0x03 +#define SMB2_FIND_NAME_INFO 0x0C +#define SMB2_FIND_ID_BOTH_DIRECTORY_INFO 0x25 +#define SMB2_FIND_ID_FULL_DIRECTORY_INFO 0x26 + struct smb2_find { struct { uint8_t level;
svn commit: samba r11850 - in branches/SAMBA_4_0/source/torture: . smb2
Author: tridge Date: 2005-11-22 13:14:04 + (Tue, 22 Nov 2005) New Revision: 11850 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11850 Log: added a test suite for the SMB2 find calls Added: branches/SAMBA_4_0/source/torture/smb2/find.c Modified: branches/SAMBA_4_0/source/torture/smb2/config.mk branches/SAMBA_4_0/source/torture/torture.c Changeset: Modified: branches/SAMBA_4_0/source/torture/smb2/config.mk === --- branches/SAMBA_4_0/source/torture/smb2/config.mk2005-11-22 13:13:17 UTC (rev 11849) +++ branches/SAMBA_4_0/source/torture/smb2/config.mk2005-11-22 13:14:04 UTC (rev 11850) @@ -7,7 +7,8 @@ scan.o \ util.o \ getinfo.o \ - setinfo.o + setinfo.o \ + find.o REQUIRED_SUBSYSTEMS = \ LIBCLI_SMB2 # End SUBSYSTEM TORTURE_SMB2 Added: branches/SAMBA_4_0/source/torture/smb2/find.c === --- branches/SAMBA_4_0/source/torture/smb2/find.c 2005-11-22 13:13:17 UTC (rev 11849) +++ branches/SAMBA_4_0/source/torture/smb2/find.c 2005-11-22 13:14:04 UTC (rev 11850) @@ -0,0 +1,212 @@ +/* + Unix SMB/CIFS implementation. + + SMB2 find test suite + + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h +#include libcli/smb2/smb2.h +#include libcli/smb2/smb2_calls.h +#include librpc/gen_ndr/security.h + +static struct { + const char *name; + uint16_t level; + NTSTATUS status; + union smb_search_data data; +} levels[] = { +#define LEVEL(x) #x, x + { LEVEL(SMB2_FIND_ID_BOTH_DIRECTORY_INFO) }, + { LEVEL(SMB2_FIND_DIRECTORY_INFO) }, + { LEVEL(SMB2_FIND_FULL_DIRECTORY_INFO) }, + { LEVEL(SMB2_FIND_NAME_INFO) }, + { LEVEL(SMB2_FIND_BOTH_DIRECTORY_INFO) }, + { LEVEL(SMB2_FIND_ID_FULL_DIRECTORY_INFO) }, +}; + +#define FNAME smb2-find.dat + +#define CHECK_VALUE(call_name, stype, field) do { \ + union smb_search_data *d = find_level(SMB2_FIND_ #call_name); \ + if (io.all_info2.out.field != d-stype.field) { \ + printf((%s) %s/%s should be 0x%llx - 0x%llx\n, __location__, \ + #call_name, #field, \ + (uint64_t)io.all_info2.out.field, (uint64_t)d-stype.field); \ + ret = False; \ + }} while (0) + +#define CHECK_STRING(call_name, stype, field1, field2) do { \ + union smb_search_data *d = find_level(SMB2_FIND_ #call_name); \ + if (strcmp(io.all_info2.out.field2.s, d-stype.field1.s) != 0) { \ + printf((%s) %s/%s should be '%s' - '%s'\n, __location__, \ + #call_name, #field2, \ + io.all_info2.out.field2.s, d-stype.field1.s); \ + ret = False; \ + }} while (0) + +#define CHECK_CONST_STRING(call_name, stype, field, str) do { \ + union smb_search_data *d = find_level(SMB2_FIND_ #call_name); \ + if (strcmp(str, d-stype.field.s) != 0) { \ + printf((%s) %s/%s should be '%s' - '%s'\n, __location__, \ + #call_name, #field, \ + str, d-stype.field.s); \ + ret = False; \ + }} while (0) + +static union smb_search_data *find_level(const char *name) +{ + int i; + for (i=0;iARRAY_SIZE(levels);i++) { + if (strcmp(name, levels[i].name) == 0) { + return levels[i].data; + } + } + return NULL; +} + +/* + test find levels +*/ +static BOOL torture_smb2_find_levels(struct smb2_tree *tree) +{ + struct smb2_handle handle; + NTSTATUS status; + int i; + struct smb2_find f; + BOOL ret = True; + union smb_fileinfo io; + + status = smb2_create_complex_file(tree, FNAME, handle); + if (!NT_STATUS_IS_OK(status)) { + return False; + } + + io.generic.level = RAW_FILEINFO_SMB2_ALL_INFORMATION; + io.generic.in.handle = handle; + status = smb2_getinfo_file(tree, tree, io); + if (!NT_STATUS_IS_OK(status)) { + return False; + } + + status = smb2_util_roothandle(tree, handle); + if
svn commit: samba r11851 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2005-11-22 13:33:44 + (Tue, 22 Nov 2005) New Revision: 11851 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11851 Log: Display correct error string. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c trunk/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2005-11-22 13:14:04 UTC (rev 11850) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2005-11-22 13:33:44 UTC (rev 11851) @@ -797,7 +797,7 @@ done: state-response.data.auth.nt_status = NT_STATUS_V(result); fstrcpy(state-response.data.auth.nt_status_string, nt_errstr(result)); - fstrcpy(state-response.data.auth.error_string, nt_errstr(result)); + fstrcpy(state-response.data.auth.error_string, get_friendly_nt_error_msg(result)); state-response.data.auth.pam_error = nt_status_to_pam(result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, Modified: trunk/source/nsswitch/winbindd_pam.c === --- trunk/source/nsswitch/winbindd_pam.c2005-11-22 13:14:04 UTC (rev 11850) +++ trunk/source/nsswitch/winbindd_pam.c2005-11-22 13:33:44 UTC (rev 11851) @@ -797,7 +797,7 @@ done: state-response.data.auth.nt_status = NT_STATUS_V(result); fstrcpy(state-response.data.auth.nt_status_string, nt_errstr(result)); - fstrcpy(state-response.data.auth.error_string, nt_errstr(result)); + fstrcpy(state-response.data.auth.error_string, get_friendly_nt_error_msg(result)); state-response.data.auth.pam_error = nt_status_to_pam(result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,
svn commit: samba r11852 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/rpc_client branches/SAMBA_3_0/source/rpc_parse branches/SAMBA_3_0/source/rpcclient trunk/source/include trunk/sou
Author: gd Date: 2005-11-22 13:58:51 + (Tue, 22 Nov 2005) New Revision: 11852 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11852 Log: Fill in samr_get_dom_pwinfo based on Samba4. Guenther Modified: branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/rpc_client/cli_samr.c branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/rpcclient/cmd_samr.c trunk/source/include/rpc_samr.h trunk/source/rpc_client/cli_samr.c trunk/source/rpc_parse/parse_samr.c trunk/source/rpcclient/cmd_samr.c Changeset: Sorry, the patch is too large (255 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11852
svn commit: samba r11855 - branches/SAMBA_3_0/source/printing trunk/source/printing
Author: jerry Date: 2005-11-22 14:20:02 + (Tue, 22 Nov 2005) New Revision: 11855 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11855 Log: patch from Aruna Prabakar for checking that the spooler si running on HP-UX Modified: branches/SAMBA_3_0/source/printing/print_svid.c trunk/source/printing/print_svid.c Changeset: Modified: branches/SAMBA_3_0/source/printing/print_svid.c === --- branches/SAMBA_3_0/source/printing/print_svid.c 2005-11-22 14:13:56 UTC (rev 11854) +++ branches/SAMBA_3_0/source/printing/print_svid.c 2005-11-22 14:20:02 UTC (rev 11855) @@ -40,10 +40,39 @@ char **lines; int i; +#if defined(HPUX) + DEBUG(5, (reloading hpux printcap cache\n)); +#else DEBUG(5, (reloading sysv printcap cache\n)); +#endif if ((lines = file_lines_pload(/usr/bin/lpstat -v, NULL)) == NULL) + { +#if defined(HPUX) + + /* + * if lpstat -v is NULL then we check if schedular is running if it is + * that means no printers are added on the HP-UX system, if schedular is not + * running we display reload error. + */ + + char **scheduler; +scheduler = file_lines_pload(/usr/bin/lpstat -r, NULL); +if(!strcmp(*scheduler,scheduler is running)){ +DEBUG(3,(No Printers found!!!\n)); + file_lines_free(scheduler); +return True; +} +else{ +DEBUG(3,(Scheduler is not running!!!\n)); + file_lines_free(scheduler); + return False; + } +#else + DEBUG(3,(No Printers found!!!\n)); return False; +#endif + } for (i = 0; lines[i]; i++) { char *name, *tmp; Modified: trunk/source/printing/print_svid.c === --- trunk/source/printing/print_svid.c 2005-11-22 14:13:56 UTC (rev 11854) +++ trunk/source/printing/print_svid.c 2005-11-22 14:20:02 UTC (rev 11855) @@ -40,10 +40,39 @@ char **lines; int i; +#if defined(HPUX) + DEBUG(5, (reloading hpux printcap cache\n)); +#else DEBUG(5, (reloading sysv printcap cache\n)); +#endif if ((lines = file_lines_pload(/usr/bin/lpstat -v, NULL)) == NULL) + { +#if defined(HPUX) + + /* + * if lpstat -v is NULL then we check if schedular is running if it is + * that means no printers are added on the HP-UX system, if schedular is not + * running we display reload error. + */ + + char **scheduler; +scheduler = file_lines_pload(/usr/bin/lpstat -r, NULL); +if(!strcmp(*scheduler,scheduler is running)){ +DEBUG(3,(No Printers found!!!\n)); + file_lines_free(scheduler); +return True; +} +else{ +DEBUG(3,(Scheduler is not running!!!\n)); + file_lines_free(scheduler); + return False; + } +#else + DEBUG(3,(No Printers found!!!\n)); return False; +#endif + } for (i = 0; lines[i]; i++) { char *name, *tmp;
svn commit: samba r11856 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/rpc_parse branches/SAMBA_3_0/source/rpc_server branches/SAMBA_3_0/source/rpcclient trunk/source/include trunk/sou
Author: gd Date: 2005-11-22 14:29:14 + (Tue, 22 Nov 2005) New Revision: 11856 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11856 Log: Replace unknown1 with group_attr. Can anyone remember why we initialize groups only with 0x03 instead of 0x07 ? Guenther Modified: branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/rpcclient/cmd_samr.c trunk/source/include/rpc_samr.h trunk/source/rpc_parse/parse_samr.c trunk/source/rpc_server/srv_samr_nt.c trunk/source/rpcclient/cmd_samr.c Changeset: Modified: branches/SAMBA_3_0/source/include/rpc_samr.h === --- branches/SAMBA_3_0/source/include/rpc_samr.h2005-11-22 14:20:02 UTC (rev 11855) +++ branches/SAMBA_3_0/source/include/rpc_samr.h2005-11-22 14:29:14 UTC (rev 11856) @@ -1065,7 +1065,7 @@ { UNIHDR hdr_acct_name; - uint32 unknown_1; /* 0x 0003 - number of group members? */ + uint32 group_attr; /* 0x 0003 - group attribute */ uint32 num_members; /* 0x 0001 - number of group members? */ UNIHDR hdr_acct_desc; @@ -1085,7 +1085,7 @@ typedef struct samr_group_info3 { - uint32 unknown_1; /* 0x 0003 - number of group members? */ + uint32 group_attr; /* 0x 0003 - group attribute */ } GROUP_INFO3; Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2005-11-22 14:20:02 UTC (rev 11855) +++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2005-11-22 14:29:14 UTC (rev 11856) @@ -2141,7 +2141,7 @@ { DEBUG(5, (init_samr_group_info1\n)); - gr1-unknown_1 = 0x3; + gr1-group_attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT); /* why not | SE_GROUP_ENABLED ? */ gr1-num_members = num_members; init_unistr2(gr1-uni_acct_name, acct_name, UNI_FLAGS_NONE); @@ -2174,7 +2174,7 @@ if(!smb_io_unihdr(hdr_acct_name, gr1-hdr_acct_name, ps, depth)) return False; - if(!prs_uint32(unknown_1, ps, depth, gr1-unknown_1)) + if(!prs_uint32(group_attr, ps, depth, gr1-group_attr)) return False; if(!prs_uint32(num_members, ps, depth, gr1-num_members)) return False; @@ -2238,7 +2238,7 @@ { DEBUG(5, (init_samr_group_info3\n)); - gr3-unknown_1 = 0x3; + gr3-group_attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT); /* why not | SE_GROUP_ENABLED ? */ } /*** @@ -2256,7 +2256,7 @@ if(!prs_align(ps)) return False; - if(!prs_uint32(unknown_1, ps, depth, gr3-unknown_1)) + if(!prs_uint32(group_attr, ps, depth, gr3-group_attr)) return False; return True; Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-11-22 14:20:02 UTC (rev 11855) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-11-22 14:29:14 UTC (rev 11856) @@ -1980,7 +1980,7 @@ continue; gids = TALLOC_REALLOC_ARRAY(p-mem_ctx, gids, DOM_GID, num_gids+1); - gids[num_gids].attr=7; + gids[num_gids].attr= (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_ENABLED); gids[num_gids].g_rid = rid; num_gids += 1; } Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c === --- branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2005-11-22 14:20:02 UTC (rev 11855) +++ branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2005-11-22 14:29:14 UTC (rev 11856) @@ -404,13 +404,22 @@ printf(\tGroup Name:\t%s\n, temp); unistr2_to_ascii(temp, info1-uni_acct_desc, sizeof(temp)-1); printf(\tDescription:\t%s\n, temp); - printf(\tunk1:%d\n, info1-unknown_1); + printf(\tGroup Attribute:%d\n, info1-group_attr); printf(\tNum Members:%d\n, info1-num_members); } / display group info / +static void display_group_info3(GROUP_INFO3 *info3) +{ + printf(\tGroup Attribute:%d\n, info3-group_attr); +} + + +/ + display group info + / static void display_group_info4(GROUP_INFO4 *info4) { fstring desc; @@ -429,6 +438,10 @@
svn commit: samba r11858 - branches/SAMBA_3_0/source/rpc_parse branches/SAMBA_3_0/source/rpcclient trunk/source/rpc_parse trunk/source/rpcclient
Author: gd Date: 2005-11-22 14:38:49 + (Tue, 22 Nov 2005) New Revision: 11858 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11858 Log: Fill in the clientside TRUSTED_DOMAIN_INFO_EX query. Guenther Modified: branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c trunk/source/rpc_parse/parse_lsa.c trunk/source/rpcclient/cmd_lsarpc.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c 2005-11-22 14:32:29 UTC (rev 11857) +++ branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c 2005-11-22 14:38:49 UTC (rev 11858) @@ -3009,6 +3009,44 @@ /*** / +static BOOL lsa_io_trustdom_query_6(const char *desc, TRUSTED_DOMAIN_INFO_EX *info_ex, + prs_struct *ps, int depth) +{ + uint32 dom_sid_ptr; + + if (!smb_io_unihdr(domain_name_hdr, info_ex-domain_name.hdr, ps, depth)) + return False; + + if (!smb_io_unihdr(netbios_name_hdr, info_ex-netbios_name.hdr, ps, depth)) + return False; + + if (!prs_uint32(dom_sid_ptr, ps, depth, dom_sid_ptr)) + return False; + + if (!prs_uint32(trust_direction, ps, depth, info_ex-trust_direction)) + return False; + + if (!prs_uint32(trust_type, ps, depth, info_ex-trust_type)) + return False; + + if (!prs_uint32(trust_attributes, ps, depth, info_ex-trust_attributes)) + return False; + + if (!smb_io_unistr2(domain_name_unistring, info_ex-domain_name.unistring, info_ex-domain_name.hdr.buffer, ps, depth)) + return False; + + if (!smb_io_unistr2(netbios_name_unistring, info_ex-netbios_name.unistring, info_ex-netbios_name.hdr.buffer, ps, depth)) + return False; + + if (!smb_io_dom_sid2(sid, info_ex-sid, ps, depth)) + return False; + + return True; +} + +/*** +/ + static BOOL lsa_io_trustdom_query(const char *desc, prs_struct *ps, int depth, LSA_TRUSTED_DOMAIN_INFO *info) { prs_debug(ps, depth, desc, lsa_io_trustdom_query); @@ -3033,6 +3071,10 @@ if(!lsa_io_trustdom_query_4(password, info-password, ps, depth)) return False; break; + case 6: + if(!lsa_io_trustdom_query_6(info_ex, info-info_ex, ps, depth)) + return False; + break; default: DEBUG(0,(unsupported info-level: %d\n, info-info_class)); return False; Modified: branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c === --- branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c2005-11-22 14:32:29 UTC (rev 11857) +++ branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c2005-11-22 14:38:49 UTC (rev 11858) @@ -771,7 +771,7 @@ static void display_trust_dom_info_3(TRUSTED_DOMAIN_INFO_POSIX_OFFSET *p) { - printf(Posix Offset:\t%d\n, p-posix_offset); + printf(Posix Offset:\t%08x (%d)\n, p-posix_offset, p-posix_offset); } static void display_trust_dom_info_4(TRUSTED_DOMAIN_INFO_PASSWORD *p, const char *password) @@ -800,6 +800,17 @@ data_blob_free(data_old); } +static void display_trust_dom_info_6(TRUSTED_DOMAIN_INFO_EX *i) +{ + printf(Domain Name:\t\t%s\n, unistr2_static(i-domain_name.unistring)); + printf(NetBIOS Name:\t\t%s\n, unistr2_static(i-netbios_name.unistring)); + printf(SID:\t\t\t%s\n, sid_string_static(i-sid.sid)); + printf(Trust Direction:\t0x%08x\n, i-trust_direction); + printf(Trust Type:\t\t0x%08x\n, i-trust_type); + printf(Trust Attributes:\t0x%08x\n, i-trust_attributes); +} + + static void display_trust_dom_info(LSA_TRUSTED_DOMAIN_INFO *info, uint32 info_class, const char *pass) { switch (info_class) { @@ -812,6 +823,9 @@ case 4: display_trust_dom_info_4(info-password, pass); break; + case 6: + display_trust_dom_info_6(info-info_ex); + break; default: printf(unsupported info-class: %d\n, info_class); break; Modified: trunk/source/rpc_parse/parse_lsa.c === --- trunk/source/rpc_parse/parse_lsa.c 2005-11-22 14:32:29 UTC (rev 11857) +++ trunk/source/rpc_parse/parse_lsa.c 2005-11-22 14:38:49 UTC (rev 11858) @@ -3009,6 +3009,44 @@
svn commit: samba r11859 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: gd Date: 2005-11-22 14:41:40 + (Tue, 22 Nov 2005) New Revision: 11859 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11859 Log: Another place where the SE_GROUP constants read better then 7. Guenther Modified: branches/SAMBA_3_0/source/rpc_server/srv_util.c trunk/source/rpc_server/srv_util.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_util.c === --- branches/SAMBA_3_0/source/rpc_server/srv_util.c 2005-11-22 14:38:49 UTC (rev 11858) +++ branches/SAMBA_3_0/source/rpc_server/srv_util.c 2005-11-22 14:41:40 UTC (rev 11859) @@ -102,7 +102,7 @@ for (i=PRIMARY_GROUP_SID_INDEX; i nt_token-num_sids; i++) { if (sid_compare_domain(domain_sid, nt_token-user_sids[i])==0) { sid_peek_rid(nt_token-user_sids[i], (gids[*numgroups].g_rid)); - gids[*numgroups].attr=7; + gids[*numgroups].attr= (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_ENABLED); (*numgroups)++; } } Modified: trunk/source/rpc_server/srv_util.c === --- trunk/source/rpc_server/srv_util.c 2005-11-22 14:38:49 UTC (rev 11858) +++ trunk/source/rpc_server/srv_util.c 2005-11-22 14:41:40 UTC (rev 11859) @@ -102,7 +102,7 @@ for (i=PRIMARY_GROUP_SID_INDEX; i nt_token-num_sids; i++) { if (sid_compare_domain(domain_sid, nt_token-user_sids[i])==0) { sid_peek_rid(nt_token-user_sids[i], (gids[*numgroups].g_rid)); - gids[*numgroups].attr=7; + gids[*numgroups].attr= (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT|SE_GROUP_ENABLED); (*numgroups)++; } }
svn commit: samba r11860 - branches/SAMBA_3_0/source/registry branches/SAMBA_3_0/source/rpc_server trunk/source/registry trunk/source/rpc_server
Author: jerry Date: 2005-11-22 15:52:22 + (Tue, 22 Nov 2005) New Revision: 11860 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11860 Log: BUG 3156: don't use find_service() when explicitly looking for a printer as the username map might get in the way Modified: branches/SAMBA_3_0/source/registry/reg_printing.c branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c trunk/source/registry/reg_printing.c trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/registry/reg_printing.c === --- branches/SAMBA_3_0/source/registry/reg_printing.c 2005-11-22 14:41:40 UTC (rev 11859) +++ branches/SAMBA_3_0/source/registry/reg_printing.c 2005-11-22 15:52:22 UTC (rev 11860) @@ -227,7 +227,16 @@ reg_split_path( printers_key, printername, printerdatakey ); - if ( find_service(printername) == -1 + /* validate the printer name */ + + for (snum=0; snumn_services; snum++) { + if ( !lp_snum_ok(snum) || !lp_print_ok(snum) ) + continue; + if (strequal( lp_servicename(snum), printername ) ) + break; + } + + if ( snum=n_services || !W_ERROR_IS_OK( get_a_printer(NULL, printer, 2, printername) ) ) { return -1; Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-11-22 14:41:40 UTC (rev 11859) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-11-22 15:52:22 UTC (rev 11860) @@ -479,29 +479,30 @@ DEBUGADD(5, (searching for [%s]\n, aprinter )); /* Search all sharenames first as this is easier than pulling - the printer_info_2 off of disk */ + the printer_info_2 off of disk. Don't use find_service() since + that calls out to map_username() */ - snum = find_service(aprinter); - - if ( lp_snum_ok(snum) lp_print_ok(snum) ) { - found = True; - fstrcpy( sname, aprinter ); - } - /* do another loop to look for printernames */ for (snum=0; !found snumn_services; snum++) { - /* no point in checking if this is not a printer or - we aren't allowing printername != sharename */ + /* no point going on if this is not a printer */ - if ( !(lp_snum_ok(snum) -lp_print_ok(snum) -!lp_force_printername(snum)) ) - { + if ( !(lp_snum_ok(snum) lp_print_ok(snum)) ) continue; + + fstrcpy(sname, lp_servicename(snum)); + if ( strequal( aprinter, sname ) ) { + found = True; + break; } + + /* no point looking up the printer object if + we aren't allowing printername != sharename */ + if ( lp_force_printername(snum) ) + continue; + fstrcpy(sname, lp_servicename(snum)); printer = NULL; @@ -524,6 +525,7 @@ if ( strequal(printername, aprinter) ) { found = True; + break; } DEBUGADD(10, (printername: %s\n, printername)); Modified: trunk/source/registry/reg_printing.c === --- trunk/source/registry/reg_printing.c2005-11-22 14:41:40 UTC (rev 11859) +++ trunk/source/registry/reg_printing.c2005-11-22 15:52:22 UTC (rev 11860) @@ -227,7 +227,16 @@ reg_split_path( printers_key, printername, printerdatakey ); - if ( find_service(printername) == -1 + /* validate the printer name */ + + for (snum=0; snumn_services; snum++) { + if ( !lp_snum_ok(snum) || !lp_print_ok(snum) ) + continue; + if (strequal( lp_servicename(snum), printername ) ) + break; + } + + if ( snum=n_services || !W_ERROR_IS_OK( get_a_printer(NULL, printer, 2, printername) ) ) { return -1; Modified: trunk/source/rpc_server/srv_spoolss_nt.c === --- trunk/source/rpc_server/srv_spoolss_nt.c2005-11-22 14:41:40 UTC (rev 11859) +++ trunk/source/rpc_server/srv_spoolss_nt.c2005-11-22 15:52:22 UTC (rev 11860) @@ -479,29 +479,30 @@ DEBUGADD(5, (searching for [%s]\n, aprinter )); /* Search all sharenames first as this is easier than pulling - the printer_info_2 off of disk */ +
svn commit: samba r11861 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-11-22 16:21:52 + (Tue, 22 Nov 2005) New Revision: 11861 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11861 Log: Fix inspired by Thomas Neumann [EMAIL PROTECTED] to ensure that default case applies only to new files and correctly examines 8.3 and long names. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/filename.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/filename.c === --- branches/SAMBA_3_0/source/smbd/filename.c 2005-11-22 15:52:22 UTC (rev 11860) +++ branches/SAMBA_3_0/source/smbd/filename.c 2005-11-22 16:21:52 UTC (rev 11861) @@ -150,9 +150,6 @@ pstrcpy(saved_last_component, name); } - if (!conn-case_preserve || (mangle_is_8_3(name, False, SNUM(conn)) !conn-short_case_preserve)) - strnorm(name, lp_defaultcase(SNUM(conn))); - start = name; pstrcpy(orig_path, name); @@ -301,16 +298,17 @@ return(False); } - /* + /* * Just the last part of the name doesn't exist. -* We may need to strupper() or strlower() it in case -* this conversion is being used for file creation -* purposes. If the filename is of mixed case then -* don't normalise it. +* We need to strupper() or strlower() it as +* this conversion may be used for file creation +* purposes. Fix inspired by Thomas Neumann [EMAIL PROTECTED]. */ - - if (!conn-case_preserve (!strhasupper(start) || !strhaslower(start))) + if (!conn-case_preserve || + (mangle_is_8_3(start, False, SNUM(conn)) +!conn-short_case_preserve)) { strnorm(start, lp_defaultcase(SNUM(conn))); + } /* * check on the mangled stack to see if we can recover the
svn commit: samba r11862 - in trunk/source/smbd: .
Author: jra Date: 2005-11-22 16:21:55 + (Tue, 22 Nov 2005) New Revision: 11862 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11862 Log: Fix inspired by Thomas Neumann [EMAIL PROTECTED] to ensure that default case applies only to new files and correctly examines 8.3 and long names. Jeremy. Modified: trunk/source/smbd/filename.c Changeset: Modified: trunk/source/smbd/filename.c === --- trunk/source/smbd/filename.c2005-11-22 16:21:52 UTC (rev 11861) +++ trunk/source/smbd/filename.c2005-11-22 16:21:55 UTC (rev 11862) @@ -150,9 +150,6 @@ pstrcpy(saved_last_component, name); } - if (!conn-case_preserve || (mangle_is_8_3(name, False, SNUM(conn)) !conn-short_case_preserve)) - strnorm(name, lp_defaultcase(SNUM(conn))); - start = name; pstrcpy(orig_path, name); @@ -301,16 +298,17 @@ return(False); } - /* + /* * Just the last part of the name doesn't exist. -* We may need to strupper() or strlower() it in case -* this conversion is being used for file creation -* purposes. If the filename is of mixed case then -* don't normalise it. +* We need to strupper() or strlower() it as +* this conversion may be used for file creation +* purposes. Fix inspired by Thomas Neumann [EMAIL PROTECTED]. */ - - if (!conn-case_preserve (!strhasupper(start) || !strhaslower(start))) + if (!conn-case_preserve || + (mangle_is_8_3(start, False, SNUM(conn)) +!conn-short_case_preserve)) { strnorm(start, lp_defaultcase(SNUM(conn))); + } /* * check on the mangled stack to see if we can recover the
svn commit: samba r11863 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/passdb trunk/source trunk/source/include trunk/source/
Author: jerry Date: 2005-11-22 17:15:28 + (Tue, 22 Nov 2005) New Revision: 11863 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11863 Log: BUG 3196: patch from Alex Deiter [EMAIL PROTECTED] to compile against the Sun LDAP client libs. But not for AD support; just ldap support Modified: branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/passdb/pdb_nds.c trunk/source/configure.in trunk/source/include/includes.h trunk/source/libads/ldap.c trunk/source/passdb/pdb_nds.c Changeset: Sorry, the patch is too large (275 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11863
svn commit: samba r11864 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jerry Date: 2005-11-22 19:48:33 + (Tue, 22 Nov 2005) New Revision: 11864 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11864 Log: fix build breakage with solaris LDAP patch (my fault) Modified: branches/SAMBA_3_0/source/utils/net_lookup.c trunk/source/utils/net_lookup.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_lookup.c === --- branches/SAMBA_3_0/source/utils/net_lookup.c2005-11-22 17:15:28 UTC (rev 11863) +++ branches/SAMBA_3_0/source/utils/net_lookup.c2005-11-22 19:48:33 UTC (rev 11864) @@ -85,7 +85,7 @@ static int net_lookup_ldap(int argc, const char **argv) { -#ifdef HAVE_LDAP +#ifdef HAVE_ADS char *srvlist; const char *domain; int rc; @@ -127,7 +127,7 @@ } return -1; #endif - DEBUG(1,(No LDAP support\n)); + DEBUG(1,(No ADS support\n)); return -1; } Modified: trunk/source/utils/net_lookup.c === --- trunk/source/utils/net_lookup.c 2005-11-22 17:15:28 UTC (rev 11863) +++ trunk/source/utils/net_lookup.c 2005-11-22 19:48:33 UTC (rev 11864) @@ -85,7 +85,7 @@ static int net_lookup_ldap(int argc, const char **argv) { -#ifdef HAVE_LDAP +#ifdef HAVE_ADS char *srvlist; const char *domain; int rc; @@ -127,7 +127,7 @@ } return -1; #endif - DEBUG(1,(No LDAP support\n)); + DEBUG(1,(No ADS support\n)); return -1; }
svn commit: samba r11865 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra Date: 2005-11-22 20:26:23 + (Tue, 22 Nov 2005) New Revision: 11865 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11865 Log: The only way to stop multiple LDAP searches is to agressively cache results. We now cache them for 10 seconds, down from 30 seconds (however each re-use will refresh the idle timeout). Any set calls will flush the cache. Jeremy. Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-11-22 19:48:33 UTC (rev 11864) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-11-22 20:26:23 UTC (rev 11865) @@ -40,7 +40,7 @@ SA_RIGHT_USER_CHANGE_PASSWORD | \ SA_RIGHT_USER_SET_LOC_COM ) -#define DISP_INFO_CACHE_TIMEOUT 30 +#define DISP_INFO_CACHE_TIMEOUT 10 extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; @@ -303,9 +303,9 @@ Function to free the per SID data. / -static void free_samr_cache(DISP_INFO *disp_info) +static void free_samr_cache(DISP_INFO *disp_info, const char *sid_str) { - DEBUG(10,(free_samr_cache: deleting cache\n)); + DEBUG(10,(free_samr_cache: deleting cache for SID %s\n, sid_str)); if (disp_info-users) { DEBUG(10,(free_samr_cache: deleting users cache\n)); @@ -352,7 +352,9 @@ a timeout. */ if (info-disp_info info-disp_info-di_cache_timeout_event == (smb_event_id_t)0) { - free_samr_cache(info-disp_info); + fstring sid_str; + sid_to_string(sid_str, info-disp_info-sid); + free_samr_cache(info-disp_info, sid_str); } talloc_destroy(info-mem_ctx); @@ -366,16 +368,19 @@ time_t *ev_interval, time_t ev_now) { + fstring sid_str; DISP_INFO *disp_info = (DISP_INFO *)(*private_data); - free_samr_cache(disp_info); + sid_to_string(sid_str, disp_info-sid); + free_samr_cache(disp_info, sid_str); + /* Remove the event. */ smb_unregister_idle_event(disp_info-di_cache_timeout_event); disp_info-di_cache_timeout_event = (smb_event_id_t)0; - DEBUG(10,(disp_info_cache_idle_timeout_handler: caching timed out at %u\n, - (unsigned int)ev_now)); + DEBUG(10,(disp_info_cache_idle_timeout_handler: caching timed out for SID %s at %u\n, + sid_str, (unsigned int)ev_now)); } /*** @@ -384,6 +389,10 @@ static void set_disp_info_cache_timeout(DISP_INFO *disp_info, time_t secs_fromnow) { + fstring sid_str; + + sid_to_string(sid_str, disp_info-sid); + /* Remove any pending timeout and update. */ if (disp_info-di_cache_timeout_event) { @@ -391,8 +400,8 @@ disp_info-di_cache_timeout_event = (smb_event_id_t)0; } - DEBUG(10,(set_disp_info_cache_timeout: caching enumeration for %u seconds\n, - (unsigned int)secs_fromnow )); + DEBUG(10,(set_disp_info_cache_timeout: caching enumeration for SID %s for %u seconds\n, + sid_str, (unsigned int)secs_fromnow )); disp_info-di_cache_timeout_event = smb_register_idle_event(disp_info_cache_idle_timeout_handler, @@ -401,27 +410,23 @@ } /*** - Remove the cache removal idle event handler. - / - -static void clear_disp_info_cache_timeout(DISP_INFO *disp_info) -{ - if (disp_info-di_cache_timeout_event) { - smb_unregister_idle_event(disp_info-di_cache_timeout_event); - disp_info-di_cache_timeout_event = (smb_event_id_t)0; - DEBUG(10,(clear_disp_info_cache_timeout: clearing idle event.\n)); - } -} - -/*** Force flush any cache. We do this on any samr_set_xxx call. + We must also remove the timeout handler. / static void force_flush_samr_cache(DISP_INFO *disp_info) { if (disp_info) { - clear_disp_info_cache_timeout(disp_info); - free_samr_cache(disp_info); + fstring sid_str; + + sid_to_string(sid_str, disp_info-sid); + if (disp_info-di_cache_timeout_event) { + smb_unregister_idle_event(disp_info-di_cache_timeout_event); + disp_info-di_cache_timeout_event = (smb_event_id_t)0; + DEBUG(10,(force_flush_samr_cache:
svn commit: samba r11866 - in trunk/source/rpc_server: .
Author: jra Date: 2005-11-22 20:26:25 + (Tue, 22 Nov 2005) New Revision: 11866 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11866 Log: The only way to stop multiple LDAP searches is to agressively cache results. We now cache them for 10 seconds, down from 30 seconds (however each re-use will refresh the idle timeout). Any set calls will flush the cache. Jeremy. Modified: trunk/source/rpc_server/srv_samr_nt.c Changeset: Modified: trunk/source/rpc_server/srv_samr_nt.c === --- trunk/source/rpc_server/srv_samr_nt.c 2005-11-22 20:26:23 UTC (rev 11865) +++ trunk/source/rpc_server/srv_samr_nt.c 2005-11-22 20:26:25 UTC (rev 11866) @@ -40,7 +40,7 @@ SA_RIGHT_USER_CHANGE_PASSWORD | \ SA_RIGHT_USER_SET_LOC_COM ) -#define DISP_INFO_CACHE_TIMEOUT 30 +#define DISP_INFO_CACHE_TIMEOUT 10 extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; @@ -303,9 +303,9 @@ Function to free the per SID data. / -static void free_samr_cache(DISP_INFO *disp_info) +static void free_samr_cache(DISP_INFO *disp_info, const char *sid_str) { - DEBUG(10,(free_samr_cache: deleting cache\n)); + DEBUG(10,(free_samr_cache: deleting cache for SID %s\n, sid_str)); if (disp_info-users) { DEBUG(10,(free_samr_cache: deleting users cache\n)); @@ -352,7 +352,9 @@ a timeout. */ if (info-disp_info info-disp_info-di_cache_timeout_event == (smb_event_id_t)0) { - free_samr_cache(info-disp_info); + fstring sid_str; + sid_to_string(sid_str, info-disp_info-sid); + free_samr_cache(info-disp_info, sid_str); } talloc_destroy(info-mem_ctx); @@ -366,16 +368,19 @@ time_t *ev_interval, time_t ev_now) { + fstring sid_str; DISP_INFO *disp_info = (DISP_INFO *)(*private_data); - free_samr_cache(disp_info); + sid_to_string(sid_str, disp_info-sid); + free_samr_cache(disp_info, sid_str); + /* Remove the event. */ smb_unregister_idle_event(disp_info-di_cache_timeout_event); disp_info-di_cache_timeout_event = (smb_event_id_t)0; - DEBUG(10,(disp_info_cache_idle_timeout_handler: caching timed out at %u\n, - (unsigned int)ev_now)); + DEBUG(10,(disp_info_cache_idle_timeout_handler: caching timed out for SID %s at %u\n, + sid_str, (unsigned int)ev_now)); } /*** @@ -384,6 +389,10 @@ static void set_disp_info_cache_timeout(DISP_INFO *disp_info, time_t secs_fromnow) { + fstring sid_str; + + sid_to_string(sid_str, disp_info-sid); + /* Remove any pending timeout and update. */ if (disp_info-di_cache_timeout_event) { @@ -391,8 +400,8 @@ disp_info-di_cache_timeout_event = (smb_event_id_t)0; } - DEBUG(10,(set_disp_info_cache_timeout: caching enumeration for %u seconds\n, - (unsigned int)secs_fromnow )); + DEBUG(10,(set_disp_info_cache_timeout: caching enumeration for SID %s for %u seconds\n, + sid_str, (unsigned int)secs_fromnow )); disp_info-di_cache_timeout_event = smb_register_idle_event(disp_info_cache_idle_timeout_handler, @@ -401,27 +410,23 @@ } /*** - Remove the cache removal idle event handler. - / - -static void clear_disp_info_cache_timeout(DISP_INFO *disp_info) -{ - if (disp_info-di_cache_timeout_event) { - smb_unregister_idle_event(disp_info-di_cache_timeout_event); - disp_info-di_cache_timeout_event = (smb_event_id_t)0; - DEBUG(10,(clear_disp_info_cache_timeout: clearing idle event.\n)); - } -} - -/*** Force flush any cache. We do this on any samr_set_xxx call. + We must also remove the timeout handler. / static void force_flush_samr_cache(DISP_INFO *disp_info) { if (disp_info) { - clear_disp_info_cache_timeout(disp_info); - free_samr_cache(disp_info); + fstring sid_str; + + sid_to_string(sid_str, disp_info-sid); + if (disp_info-di_cache_timeout_event) { + smb_unregister_idle_event(disp_info-di_cache_timeout_event); + disp_info-di_cache_timeout_event = (smb_event_id_t)0; + DEBUG(10,(force_flush_samr_cache: clearing idle event for SID %s\n, +
svn commit: samba r11867 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: jerry Date: 2005-11-22 20:48:56 + (Tue, 22 Nov 2005) New Revision: 11867 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11867 Log: attempt at fixing the compile issue with nss_winbind.so on HP-UX caused by Solaris specific return codes Modified: branches/SAMBA_3_0/source/nsswitch/winbind_nss_solaris.c trunk/source/nsswitch/winbind_nss_solaris.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbind_nss_solaris.c === --- branches/SAMBA_3_0/source/nsswitch/winbind_nss_solaris.c2005-11-22 20:26:25 UTC (rev 11866) +++ branches/SAMBA_3_0/source/nsswitch/winbind_nss_solaris.c2005-11-22 20:48:56 UTC (rev 11867) @@ -340,6 +340,7 @@ /* hosts and ipnodes backend */ +#if defined(SUNOS5)/* not compatible with HP-UX */ /* this parser is shared between get*byname and get*byaddr, as key type in request is stored in different locations, I had to provide the @@ -627,4 +628,5 @@ sizeof (host_ops) / sizeof (host_ops[0]))); } -#endif /* SUN_NSS */ +#endif /* defined(SUNOS5) */ +#endif /* defined(HAVE_NSS_COMMON_H) || defined(HPUX) */ Modified: trunk/source/nsswitch/winbind_nss_solaris.c === --- trunk/source/nsswitch/winbind_nss_solaris.c 2005-11-22 20:26:25 UTC (rev 11866) +++ trunk/source/nsswitch/winbind_nss_solaris.c 2005-11-22 20:48:56 UTC (rev 11867) @@ -340,6 +340,7 @@ /* hosts and ipnodes backend */ +#if defined(SUNOS5)/* not compatible with HP-UX */ /* this parser is shared between get*byname and get*byaddr, as key type in request is stored in different locations, I had to provide the @@ -627,4 +628,5 @@ sizeof (host_ops) / sizeof (host_ops[0]))); } -#endif /* SUN_NSS */ +#endif /* defined(SUNOS5) */ +#endif /* defined(HAVE_NSS_COMMON_H) || defined(HPUX) */
svn commit: samba r11868 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: vlendec Date: 2005-11-22 20:55:59 + (Tue, 22 Nov 2005) New Revision: 11868 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11868 Log: Get the wks and user accounts from a file. Abartlet, please don't break this again, it's too darn useful for near-realistic load tests on an RPC infrastructure and can be quite easily expanded to more weird things a workstation might do during a login. Yes, I promise I will document this test, but this must wait until the weekend. I might add simulating a profile download quite soon, we have the information available from the info3. Thanks, Volker Modified: branches/SAMBA_4_0/source/torture/rpc/xplogin.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/xplogin.c === --- branches/SAMBA_4_0/source/torture/rpc/xplogin.c 2005-11-22 20:48:56 UTC (rev 11867) +++ branches/SAMBA_4_0/source/torture/rpc/xplogin.c 2005-11-22 20:55:59 UTC (rev 11868) @@ -1460,6 +1460,8 @@ cli_credentials_set_conf(state-wks_creds); cli_credentials_set_domain(state-wks_creds, wks_domain, CRED_SPECIFIED); + cli_credentials_set_workstation(state-wks_creds, wks_name, + CRED_SPECIFIED); cli_credentials_set_username(state-wks_creds, talloc_asprintf(state, %s$, wks_name), CRED_SPECIFIED); @@ -1477,6 +1479,8 @@ if (state-conn.in.credentials == NULL) goto failed; cli_credentials_set_conf(state-conn.in.credentials); cli_credentials_set_anonymous(state-conn.in.credentials); + cli_credentials_set_workstation(state-conn.in.credentials, wks_name, + CRED_SPECIFIED); state-conn.in.fallback_to_anonymous = False; state-conn.in.workgroup = wks_domain; @@ -1759,6 +1763,100 @@ *count += 1; } +struct pwdentry { + const char *domain; + const char *name; + const char *pass; +}; + +static BOOL read_pwd_file(TALLOC_CTX *mem_ctx, + const char *fname, int *numlines, + struct pwdentry ***result) +{ + char **lines; + int i; + + lines = file_lines_load(fname, numlines, mem_ctx); + if (lines == NULL) { + DEBUG(0, (Could not load file %s: %s\n, + fname, strerror(errno))); + return False; + } + + if (*numlines == 0) { + DEBUG(0, (no entries in file %s\n, fname)); + return False; + } + + *result = talloc_array(mem_ctx, struct pwdentry *, *numlines); + if (*result == NULL) { + DEBUG(0, (talloc failed\n)); + return False; + } + + for (i=0; i(*numlines); i++) { + char *p, *q; + (*result)[i] = talloc_zero(*result, struct pwdentry); + if ((*result)[i] == NULL) { + DEBUG(0, (talloc failed\n)); + return False; + } + + p = lines[i]; + q = strchr(p, '\\'); + if (q != NULL) { + *q = '\0'; + (*result)[i]-domain = lines[i]; + p = q+1; + } else { + (*result)[i]-domain = lp_workgroup(); + } + + q = strchr(p, '%'); + if (q == NULL) { + DEBUG(0, (Invalid entry: %s\n, q)); + return False; + } + + *q = '\0'; + (*result)[i]-name = p; + (*result)[i]-pass = q+1; + } + + return True; +} + +#if 0 +/* Stolen from testjoin.c for easy mass-joining */p +static BOOL joinme(int i) +{ + TALLOC_CTX *mem_ctx; + struct test_join *join_ctx; + struct cli_credentials *machine_credentials; + const char *machine_password; + const char *name; + + mem_ctx = talloc_init(torture_rpc_netlogon); + + name = talloc_asprintf(mem_ctx, wks%3d, i); + + join_ctx = torture_join_domain(name, ACB_WSTRUST, + machine_credentials); + if (!join_ctx) { + talloc_free(mem_ctx); + printf(Failed to join as BDC\n); + return False; + } + + machine_password = cli_credentials_get_password(machine_credentials); + + printf(%s%%%s\n, name, machine_password); + + talloc_free(mem_ctx); + return True; +} +#endif + BOOL torture_rpc_login(void) { TALLOC_CTX *mem_ctx; @@ -1768,13 +1866,42 @@ int i, num_events; int num_finished = 0; struct composite_context **ctx; + struct pwdentry **wks_list; + struct pwdentry **user_list; + int num_wks = 0; + int num_user = 0;
svn commit: samba r11869 - in branches/SAMBA_4_0/source/lib/talloc: .
Author: vlendec Date: 2005-11-22 21:45:05 + (Tue, 22 Nov 2005) New Revision: 11869 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11869 Log: talloc has been ported :-) Modified: branches/SAMBA_4_0/source/lib/talloc/talloc_guide.txt Changeset: Modified: branches/SAMBA_4_0/source/lib/talloc/talloc_guide.txt === --- branches/SAMBA_4_0/source/lib/talloc/talloc_guide.txt 2005-11-22 20:55:59 UTC (rev 11868) +++ branches/SAMBA_4_0/source/lib/talloc/talloc_guide.txt 2005-11-22 21:45:05 UTC (rev 11869) @@ -7,8 +7,9 @@ The most current version of this document is available at http://samba.org/ftp/unpacked/samba4/source/lib/talloc/talloc_guide.txt -If you are used to talloc from Samba3 then please read this carefully, -as talloc has changed a lot. +If you are used to the old talloc from Samba3 before 3.0.20 then please read +this carefully, as talloc has changed a lot. With 3.0.20 (or 3.0.14?) the +Samba4 talloc has been ported back to Samba3, so this guide applies to both. The new talloc is a hierarchical, reference counted memory pool system with destructors. Quite a mounthful really, but not too bad once you
Build status as of Wed Nov 23 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-11-22 00:00:10.0 + +++ /home/build/master/cache/broken_results.txt 2005-11-23 00:00:35.0 + @@ -1,17 +1,17 @@ -Build status as of Tue Nov 22 00:00:02 2005 +Build status as of Wed Nov 23 00:00:02 2005 Build counts: Tree Total Broken Panic -ccache 32 5 0 -distcc 32 4 0 -lorikeet-heimdal 23 23 0 +ccache 35 6 0 +distcc 35 4 0 +lorikeet-heimdal 30 30 0 ppp 18 0 0 -rsync32 1 0 +rsync34 1 0 samba3 0 0 samba-docs 0 0 0 -samba4 34 20 0 -samba_3_034 6 0 -smb-build27 5 0 -talloc 17 9 0 -tdb 14 2 0 +samba4 34 19 0 +samba_3_034 7 0 +smb-build30 5 0 +talloc 32 14 0 +tdb 32 3 0
svn commit: samba r11870 - in branches/SAMBA_4_0/source/lib/stream: .
Author: tridge Date: 2005-11-23 00:30:58 + (Wed, 23 Nov 2005) New Revision: 11870 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11870 Log: fixed the problem volker reported with the RPX-XPLOGIN test. The problem was caused by a callback destroying the packet processing context while that context was being used in packet_recv() This is the first time we have used the ability of talloc destructors to 'refuse' a free request. It works well in this case as it makes the composite API simpler to use for other code, and isolates the complexity of having callbacks destroying the packet context to the packet.c code. Modified: branches/SAMBA_4_0/source/lib/stream/packet.c Changeset: Modified: branches/SAMBA_4_0/source/lib/stream/packet.c === --- branches/SAMBA_4_0/source/lib/stream/packet.c 2005-11-22 21:45:05 UTC (rev 11869) +++ branches/SAMBA_4_0/source/lib/stream/packet.c 2005-11-23 00:30:58 UTC (rev 11870) @@ -47,6 +47,9 @@ BOOL recv_disable; BOOL nofree; + BOOL busy; + BOOL destructor_called; + struct send_element { struct send_element *next, *prev; DATA_BLOB blob; @@ -55,11 +58,34 @@ }; /* + a destructor used when we are processing packets to prevent freeing of this + context while it is being used +*/ +static int packet_destructor(void *p) +{ + struct packet_context *pc = talloc_get_type(p, struct packet_context); + + if (pc-busy) { + pc-destructor_called = True; + /* now we refuse the talloc_free() request. The free will + happen again in the packet_recv() code */ + return -1; + } + + return 0; +} + + +/* initialise a packet receiver */ struct packet_context *packet_init(TALLOC_CTX *mem_ctx) { - return talloc_zero(mem_ctx, struct packet_context); + struct packet_context *pc = talloc_zero(mem_ctx, struct packet_context); + if (pc != NULL) { + talloc_set_destructor(pc, packet_destructor); + } + return pc; } @@ -205,6 +231,7 @@ } } + /* call this when the socket becomes readable to kick off the whole stream parsing process @@ -342,8 +369,17 @@ pc-processing = 1; } + pc-busy = True; + status = pc-callback(pc-private, blob); + pc-busy = False; + + if (pc-destructor_called) { + talloc_free(pc); + return; + } + if (pc-processing) { if (pc-processing 1) { EVENT_FD_READABLE(pc-fde);
svn commit: samba r11871 - in branches/SAMBA_4_0/source/librpc/rpc: .
Author: tridge Date: 2005-11-23 00:51:24 + (Wed, 23 Nov 2005) New Revision: 11871 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11871 Log: fixed a problem volker found with the async bind code, and a callback destroying the dcerpc pipe Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2005-11-23 00:30:58 UTC (rev 11870) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2005-11-23 00:51:24 UTC (rev 11871) @@ -568,10 +568,12 @@ case DCERPC_PKT_BIND_ACK: case DCERPC_PKT_BIND_NAK: dcerpc_bind_recv_data(conn, pkt); + data_blob_free(blob); break; case DCERPC_PKT_ALTER_RESP: dcerpc_alter_recv_data(conn, pkt); + data_blob_free(blob); break; default: @@ -579,8 +581,6 @@ dcerpc_request_recv_data(conn, blob, pkt); break; } - - data_blob_free(blob); } @@ -857,9 +857,12 @@ if (req == NULL) { DEBUG(2,(dcerpc_request: unmatched call_id %u in response packet\n, pkt-call_id)); + data_blob_free(raw_packet); return; } + talloc_steal(req, raw_packet-data); + if (pkt-ptype == DCERPC_PKT_FAULT) { DEBUG(5,(rpc fault: %s\n, dcerpc_errstr(c, pkt-u.fault.status))); req-fault_code = pkt-u.fault.status;
svn commit: samba-web r859 - in trunk/devel: .
Author: tridge Date: 2005-11-23 03:30:41 + (Wed, 23 Nov 2005) New Revision: 859 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=859 Log: added some smbtorture documentation written by Stephen Zarkos ([EMAIL PROTECTED]). Thanks Stephen! Added: trunk/devel/smbtorture-raw-functions.txt Modified: trunk/devel/index.html Changeset: Sorry, the patch is too large (3024 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=859
svn commit: samba r11872 - in branches/SAMBA_4_0/source/librpc/rpc: .
Author: tridge Date: 2005-11-23 07:33:09 + (Wed, 23 Nov 2005) New Revision: 11872 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11872 Log: another attempt at fixing the data_blob_free in async dcerpc bind, after volker gently pointed out that I should be wearing a paper bag over my head for the last attempt :-) Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2005-11-23 00:51:24 UTC (rev 11871) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2005-11-23 07:33:09 UTC (rev 11872) @@ -565,15 +565,19 @@ } switch (pkt.ptype) { - case DCERPC_PKT_BIND_ACK: case DCERPC_PKT_BIND_NAK: - dcerpc_bind_recv_data(conn, pkt); - data_blob_free(blob); + case DCERPC_PKT_BIND_ACK: + if (conn-bind_private) { + talloc_steal(conn-bind_private, blob-data); + dcerpc_bind_recv_data(conn, pkt); + } break; case DCERPC_PKT_ALTER_RESP: - dcerpc_alter_recv_data(conn, pkt); - data_blob_free(blob); + if (conn-alter_private) { + talloc_steal(conn-alter_private, blob-data); + dcerpc_alter_recv_data(conn, pkt); + } break; default: @@ -592,10 +596,6 @@ struct composite_context *c; struct dcerpc_pipe *pipe; - if (conn-bind_private == NULL) { - /* it timed out earlier */ - return; - } c = talloc_get_type(conn-bind_private, struct composite_context); pipe = talloc_get_type(c-private_data, struct dcerpc_pipe); @@ -1526,11 +1526,6 @@ struct composite_context *c; struct dcerpc_pipe *pipe; - if (conn-alter_private == NULL) { - /* it timed out earlier */ - return; - } - c = talloc_get_type(conn-alter_private, struct composite_context); pipe = talloc_get_type(c-private_data, struct dcerpc_pipe);