Re: [Samba] ADS and samba domain member: ads_connect: Cannot resolve network address for KDC in requ
David Shapiro wrote: /etc/host, resolv.conf are fine. nsswitch.conf does not exist on aix systems, but I did add the winbindd entry where aix expects it.I guess we will see if people respond, but I noticed nobody answered this type of question in the past... Not that many people using AIX. Dimitri Yioulos [EMAIL PROTECTED] 2/2/2006 10:18 AM On Thursday February 02 2006 8:49 am, David Shapiro wrote: Is there no fix for thi? Nobody answers this for me or other people asking this question. I really need help with this. Is there anything I can be looking at? I would am not getting past doing a simple kinit [EMAIL PROTECTED] It gives me the Cannot resolve network address for KDC as well. Does ads not like krb5? Does it need krb4? Why doesn't kerberos provide any messages in the logs? Any suggestions on ways to figure out what is going on? I tried truss, but that does not show much other than I do see it looking in /etc/krb5.conf and /usr/local/etc/krb5.conf. I can use tcpdump, but I am not sure what AIX wants krb5.conf in /etc/krb5/krb5.conf. Doesn't hurt to use a symbolic link: cd /etc mkdir krb5 cd /etc/krb5.conf ln -s krb5.conf ../krb5.conf to be looking for? Dimitri Yioulos [EMAIL PROTECTED] 2/1/2006 10:15:49 AM On Wednesday February 01 2006 9:41 am, David Shapiro wrote: Hello, I am having a problem getting my server to join our realm as a domain member server. I have read through google, yahoo, and this list, but I cannot find the answer yet. When I run: net join ads -Uadministrator and try to login it gives the following error: kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/02/01 09:33:46, 0] ../utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm The details of my setup are: aix 5.2.0.7 libiconv-1.9.1 autoconf-2.59 libiodbc-3.52.4 bison-2.0 m4-1.4.3 db-4.4.20 mysql-connector-odbc-3.51.12 krb Not good enough. You need to specify what version Kerberos. Also it looks like you may be using the linux affinity toolkit. Did you compile your own Kerberos? samba-3.0.21a ../configure --prefix=/usr/local/samba --with-ads --with-ldap --with-winbind --with-acl-support --with-utmp --with-quotas --with-sendfile-support openldap-2.3.19 ./configure --enable-crypt --without-cyrus-sasl unixODBC-2.2.11 gcc 3.3.2 /etc/krb5.conf: [libdefaults] default_realm = MYREALM.COM default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 The way it works is this. If you override the defaults if your version of Kerberos doesn't support rc4-hmac (1.3.4), you must not specify it (doh). else if your version of Kerberos supports rc4-hmac (=1.3.4), you must specify rc4-hmac as one of the allowable enctypes else userAccountControl in ldap doesn't get set up in agreement with your manual krb5 spec on net join. My current 1.3.6 and previous versions of Kerberos use these parameters default_tgs_enctypes default_tkt_enctypes permitted_enctypes enctypes not etypes ticket_lifetime = 24000 clockskew = 300 dns_lookup_realm = false dns_lookup_kdc = false [realms] MYREALM.COM = { kdc = myadsserver.mydomain.com default_domain = mydomain.com } [domain_realm] .mydomain.com = MYREALM.COM While it's not be impossible to have a different REALM than domain name, MS doesn't do it and you're asking for extra problems. MS sometimes makes assumptions that have to be worked around. For a first time test, try [libdefaults] default_realm = MYDOMAIN.COM ... {realms] MYDOMAIN.COM = { ... Probably already too late. In krb5.conf, try this: [realms] YOURDOMAIN.COM = { default_domain = yourdomain.com kdc = xxx.xxx.xxx.xxx (my note - use ip address of AD server) admin_server = xxx.xxx.xxx.xxx (my note - use ip address of AD server) } HTH. Dimitri David, Firstly, be mindful that the list is made up of volunteers who do their best to provide answers as quickly as possible. Sometimes you may have to wait a bit longer, but I've always found these folks to be most kind and helpful. Give 'em a chance. I've come up on deadlines, come to the end of my rope, and not had the budget for paid assistance, and asked the same question out of desperation. Always punish myself afterwards. Bad Doug Bad Dog. Now, after that mild rebuke: I have little experience with AIX; my responses are based on my work with Samba on Linux. That said, I believe that you should have nsswitch.conf and resolv.conf files on the system. Are these configured correctly? Is pam.d/login configured correctly? Dimitri Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Set quota per user
Dear The Expert, I am very new with this, I have configured samba as PDC on my RH 3, now I want to set the quota for each /home/user folder .. could any body pls help me.. thanks a lot in advance Regards Winanjaya *** Our outgoing mail has been scanned by MSS. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Set quota per user
204800 / 1024 KBytes = 200MB this is the soft limit. The hard limit is the second number (250MB in this case) This assumes a block size of 1024 Bytes (1KB). The exact numbers may be wrong but you get the picture. You should try to google your way out. Look for example at http://www.linuxnetmag.com/en/issue6/m6quota1.html for more detailed isntructions for suse Winanjaya - PBXSoftwares.com wrote: You wrote: setquota USERNAME 204800 256000 0 0 /home the numbers indicate a 200MB quota. where 200MB come from? .. what 204800 used for and what 256000 used for ? pls advise Thanks a lot in advance Regards Winanjaya - Original Message - From: Stefanos Karasavvidis [EMAIL PROTECTED] To: Winanjaya - PBXSoftwares.com [EMAIL PROTECTED] Sent: Friday, February 03, 2006 4:21 PM Subject: Re: [Samba] Set quota per user You must have quota support on your file system for debian apt-get install quota quotatool then in your fstab (/etc/fstab) you must enable quota on the file system find in this file where your home directory is mounted and add usrquota,grpquota as parameters for example /dev/sdb1 /home ext3defaults,usrquota,grpquota,acl 0 3 Then, for each user you want to set quota, you have to issue the following command setquota USERNAME 204800 256000 0 0 /home the numbers indicate a 200MB quota. See man setquota for details sk Winanjaya - PBXSoftwares.com wrote: Dear The Expert, I am very new with this, I have configured samba as PDC on my RH 3, now I want to set the quota for each /home/user folder .. could any body pls help me.. thanks a lot in advance Regards Winanjaya *** Our outgoing mail has been scanned by MSS. *** *** Your mail has been scanned by MSS. *** *** Our outgoing mail has been scanned by MSS. *** -- == Stefanos Karasavvidis Electronic Computer Engineer, M.Eng. e-mail : [EMAIL PROTECTED] Technical University of Crete, Campus Information Systems Center Address: Akrotiri, Chania, 73100 Tel.: Library Buildings (+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376 Environmental Engineering Buildings (+30) 28210 37766 Fax: (+30) 28210 37571 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] change password on next logon
Dear All, I am running samba as PDC on RH3, Is there Change password on next logon feature in samba? .. please help Thanks Regards Winanjaya *** Our outgoing mail has been scanned by MSS. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Newbie - samba 3 as PDC
winanjaya said... is it possible to make it automatically add machine name to both unix account and smbpasswd? I believe so yes. you need to create certain add user scripts on the samba server though. please do read the two chapters I refer to in my previous post. they will explain what you need to do. and as for your question regarding change password at next logon I believe the pdbedit command may do what you're looking for... http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html#pdbeditthing - Message sent via Madasafish Webmail - http://www.madasafish.com/ Up to 8Mb Broadband now from just £11.99 a month -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Enabling 'idmap backend = ad' for user auth
McGlorfin wrote: I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema extensions applied. Really? I thought installing SFU on the domain controller is/was still required, no? (What's R2?) I'm pretty sure there's an error in my smb.conf. (What else could it be?) Here are the relevant entries from the global section: workgroup = MYDOMAIN realm = MYDOMAIN.LOCAL security = ADS idmap backend = ad idmap uid = 30-3000 idmap gid = 30-3000 ... winbind nss info = template, sfu Not absolutely sure, but docs I've seen say to set this to winbind nss info = sfu Not sure what the template bit is used for. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbldap_open: cannot access LDAP when not root
Hi Andreas, If you are wanting to use srvtools.exe you need to logon to the domain as user root; then you have the permissions to modify. Adrian. From: Andreas Fladischer [EMAIL PROTECTED] To: samba@lists.samba.org Subject: [Samba] smbldap_open: cannot access LDAP when not root Date: Thu, 02 Feb 2006 13:09:37 +0100 hi! my new samba server is running as pdc with samba3.0.21b and ldap.everythink worked well but one thing will not work. i would like to add a group or a user with the windowstool usermanager; if i try to add a new group, it tells me access denied. the logfile show the following: [2006/02/02 12:56:20, 0] lib/smbldap.c:smbldap_open(922) smbldap_open: cannot access LDAP when not root.. i searched a while in the internet but didn't find a solution! i hope someone can help me! thanks in advance andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] trouble with winbind
Hi, I'm running samba, V3.0.20b-3.4-SUSE, on suse el9. I've successfully bound one machine to active directory, I can login to the local box using domain credentials. However, I can't get a second machine to the domain, using the exact same procedures. The machine claims to be bound, wbinfo -t returns checking the trust secret via RPC calls succeeded But, when I run wbinfo --sequence, it returns, APL : DISCONNECTED BIOLINUX : 1 BUILTIN : 1 JHUAPL : DISCONNECTED Kerberos is working, I can do a kinit [EMAIL PROTECTED], and get a ticket. My smb.conf is: [global] workgroup = JHUAPL server string = edna socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 IPTOS_LOWDELAY encrypt password = yes password server = dom1-dc6.dom1.jhuapl.edu realm = DOM1.JHUAPL.EDU netbios name = biolinux security = ads idmap uid = 1-4 idmap gid = 1-4 winbind separator = _ winbind enum users = yes winbind enum groups = yes winbind use default domain = yes username map = /etc/samba/smbusers map to guest = Bad User template shell = /bin/bash Can anyone suggest what I might be doing wrong? I've been googling this for a couple of days, and have run out ideas. Thank You, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to automatically add user and machine name when new user / machine login into samba domain?
Dear All, Hi .. I am very new with this, I plan to run samba as PDC, How to automatically add user and machine name when new user / machine login into samba domain? please advise.. thanks a lot in advance Regards Winanjaya *** Our outgoing mail has been scanned by MSS. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Confused about what I am seeing with domain names
I could not get wbinfo -g/u to work and was seeing a bunch of errors related to to not being able to enumerate groups. I saw somebody use idmap backend = ad and added this since I have been struggling to get ad working (still not working). Now, when I run wbinfo -g/-u, I am getting groups and users, but the domain it shows is different than what I expected. My domain I was using for workgroup line is DOMAIN, for example, but wbinfo -g returns back: DOMAIN_NETWORK/group Is _NETWORK something that samba added, or is theis the name of the domain I should really be using? I did a grep on wbinfo -u for my user, and it returned my user too. If my domain is actually DOMAIN_NETWORK, is it possible my realm is not domain.com but domain_network.com or something weird like that? Should I change my workgroup line to use domain_network? I still can't get my kinit to find my kdc. I am wondering if I clear this up maybe my kdc kinit command will work. Note that I did ask my nt admin to run dns nslookup checks on _ldap.domain.com and _kerberos.domain.com, and those did return the correct results showing domain.com should be my realm. David David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.21b
Does anybody here have a RPM Samba-3.0.21b for Linux Conectiva 10 ? I tried to compile from source but it returned an error . Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Enabling 'idmap backend = ad' for user auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: McGlorfin wrote: I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema extensions applied. Really? I thought installing SFU on the domain controller is/was still required, no? (What's R2?) I'm pretty sure there's an error in my smb.conf. (What else could it be?) Here are the relevant entries from the global section: workgroup = MYDOMAIN realm = MYDOMAIN.LOCAL security = ADS idmap backend = ad idmap uid = 30-3000 idmap gid = 30-3000 ... winbind nss info = template, sfu Not absolutely sure, but docs I've seen say to set this to winbind nss info = sfu Not sure what the template bit is used for. I assume template would be for the standard 'template homedir', et. al. otpions. But we don't actually check for that value in the source code that I can tell. Gunether, Why is 'winbind nss info' a list ? We only ever check for sfu. Were you thinking of chaining options cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFD43OAIR7qMdg1EfYRAjEJAJ9Izl6fpQldCmN+vxVEPIMeRRTDngCXXac/ BYha0N1JE9h0yDsfg0aJvw== =+gMT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap_open: cannot access LDAP when not root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 adrian sender wrote: Hi Andreas, If you are wanting to use srvtools.exe you need to logon to the domain as user root; then you have the permissions to modify. Better to assign privileges. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD43OqIR7qMdg1EfYRAqHvAJ0fpNj4s8sN1GhhBFGfwPsG4fRtFQCfeCtY spBKg7w73sWTeC87uTmOugo= =cBuV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Confused about what I am seeing with domain names
David, Please post your smb.conf / nsswitch.conf/krb5.conf What are you trying to achieve? Joining a samba server to a Windows AD domain? Please provide some more information. Thx. Regards, Nico - Original Message - From: David Shapiro [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 03, 2006 3:49 PM Subject: [Samba] Confused about what I am seeing with domain names I could not get wbinfo -g/u to work and was seeing a bunch of errors related to to not being able to enumerate groups. I saw somebody use idmap backend = ad and added this since I have been struggling to get ad working (still not working). Now, when I run wbinfo -g/-u, I am getting groups and users, but the domain it shows is different than what I expected. My domain I was using for workgroup line is DOMAIN, for example, but wbinfo -g returns back: DOMAIN_NETWORK/group Is _NETWORK something that samba added, or is theis the name of the domain I should really be using? I did a grep on wbinfo -u for my user, and it returned my user too. If my domain is actually DOMAIN_NETWORK, is it possible my realm is not domain.com but domain_network.com or something weird like that? Should I change my workgroup line to use domain_network? I still can't get my kinit to find my kdc. I am wondering if I clear this up maybe my kdc kinit command will work. Note that I did ask my nt admin to run dns nslookup checks on _ldap.domain.com and _kerberos.domain.com, and those did return the correct results showing domain.com should be my realm. David David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] trouble with winbind
Chris, Can you provide the winbind logs of the machine that does not succeed in joining the domain? Have you checked in your Windows server that machine accounts were created? Is your nsswitch.conf setup properly? Thx, Nico - Original Message - From: Chris Stone [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 03, 2006 3:10 PM Subject: [Samba] trouble with winbind Hi, I'm running samba, V3.0.20b-3.4-SUSE, on suse el9. I've successfully bound one machine to active directory, I can login to the local box using domain credentials. However, I can't get a second machine to the domain, using the exact same procedures. The machine claims to be bound, wbinfo -t returns checking the trust secret via RPC calls succeeded But, when I run wbinfo --sequence, it returns, APL : DISCONNECTED BIOLINUX : 1 BUILTIN : 1 JHUAPL : DISCONNECTED Kerberos is working, I can do a kinit [EMAIL PROTECTED], and get a ticket. My smb.conf is: [global] workgroup = JHUAPL server string = edna socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 IPTOS_LOWDELAY encrypt password = yes password server = dom1-dc6.dom1.jhuapl.edu realm = DOM1.JHUAPL.EDU netbios name = biolinux security = ads idmap uid = 1-4 idmap gid = 1-4 winbind separator = _ winbind enum users = yes winbind enum groups = yes winbind use default domain = yes username map = /etc/samba/smbusers map to guest = Bad User template shell = /bin/bash Can anyone suggest what I might be doing wrong? I've been googling this for a couple of days, and have run out ideas. Thank You, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Enabling 'idmap backend = ad' for user auth
Hi Jerry, On Fri, Feb 03, 2006 at 09:15:12AM -0600, Gerald (Jerry) Carter wrote: winbind nss info = template, sfu Not absolutely sure, but docs I've seen say to set this to winbind nss info = sfu Not sure what the template bit is used for. I assume template would be for the standard 'template homedir', et. al. otpions. But we don't actually check for that value in the source code that I can tell. Gunether, Why is 'winbind nss info' a list ? We only ever check for sfu. Were you thinking of chaining options Volker asked me to have a list already at that time to allow his unixinfo work to be actived here later on. Cheers, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE LINUX [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpQe2amZCAr8.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cross domain and user home questions.
Thank you in advance for any help anyone may be able to provide with the following issues I am experiencing. The first is authenticating users across domains. I have successfully configured Samba to use an AD domain, but when I try to authenticate another user form another domain in the same tree, I get various errors. Can anyone shed some light on what I may be doing wrong or help me configure this? Here are the important settings from my smb.conf. [global] workgroup = NA realm = NA.UIS.UNISYS.COM netbios name = servername encrypt passwords = yes security = ADS password server = IPaddress passdb backend = smbpasswd log level = 0 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # winbind separator = + winbind use default domain = no winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash admin users = root, IDs nt acl support = yes map acl inherit = yes As you can see from the config, I am a member of the NA domain. I have no issues with users in this domain and everything works as it should. The problem comes when I try to authenticate users of our other domains... for example EU. Our tree looks like this: UIS.UNISYS.COM |_ NA.UIS.UNISYS.COM |_ EU.UIS.UNISYS.COM |_ etc.. The second issue I have is related to user home directories. I have it set up so that when a user views the SMB shares on the server, they can see their home directory. The problem is that if the directory is not created ahead of time, what they are seeing is not real. The directory is not being created automatically. How can I set this up? Here is the [homes] section of my smb.conf. [homes] comment = Home Directories (RW) valid users = %D\%S browseable = No read only = No create mask = 0660 directory mask = 0770 Thanks again for any help you may provide. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Enabling 'idmap backend = ad' for user auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Guenther Deschner wrote: Gunether, Why is 'winbind nss info' a list ? We only ever check for sfu. Were you thinking of chaining options Volker asked me to have a list already at that time to allow his unixinfo work to be actived here later on. Right. That I remember. But why does the parameter accept a list of values? It seems like it should just accept a single string from a list of discrete values. Just the like the security parameter. cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD43dmIR7qMdg1EfYRAjzHAKCMA8bNIj6iMVW0mr5y5Ks+lcHZ/wCgz6/6 LV+wSfcRiManZmVGFZ8JBLE= =ucwt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple groups accessing subdirectories
Hello, What I want to do is setup a samba directory that two groups can access, however, beneath that main samba directory I want two directories, one that is accessed by all of the users who have access and the other limited to a certain group of users. If you could provide any help on this, I would really appreciate it. Thanks. Luke G. Burns 3M HPC Systems Administrator 3M IT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Enabling 'idmap backend = ad' for user auth
Rex Dieter wrote: McGlorfin wrote: I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema extensions applied. Really? I thought installing SFU on the domain controller is/was still required, no? (What's R2?) Can someone please confirm/deny this? It's important to our site (as the domain admins have been *very* reluctant to install SFU, but if only a Win2k update is involved...) -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] trouble with winbind
Chris, The following error is repeated multiple times in your winbind.log: Client not found in Kerberos database Are you joining these machines as a domain admin or as an account with domain admin priviliges? Is your resolving setup correctly? Are the clocks on your servers synchronized with the DC? Could you try: - kinit [EMAIL PROTECTED] - net ads join -U ADMINISTRATOR What output do these two commands generate on your system? Sample smb.conf for a 'member server' in a 2000/2003 AD domain: -- [global] server string = somebox realm = DOM1.JHUAPL.EDU workgroup = CHOCOWEB password server = dom1-dc6.dom1.jhuapl.edu security = ADS encrypt passwords = true # winbind configuration winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users=yes winbind enum groups=yes --- Sample krb5.conf --- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DOM1.JHUAPL.EDU dns_lookup_realm = false dns_lookup_kdc = false [realms] DOM1.JHUAPL.EDU = { kdc = the.ip.of.your.dc:88 admin_server = the.ip.of.your.dc:749 default_domain = dom1.jhuapl.edu } -- Nsswitch.conf passwd: files winbind shadow: files group: files winbind hosts: files dns winbind -- This should get you going. Can you provide additional feedback on this? Thx. Regards, Nico - Original Message - From: Chris Stone [EMAIL PROTECTED] To: Nico De Wilde [EMAIL PROTECTED] Sent: Friday, February 03, 2006 4:33 PM Subject: Re: [Samba] trouble with winbind Nico, I've attached the winbindd log. I manually created the machine account, with out the account I can't bind, it's an issue with domain privledges. What I don't understand is that I took all of the config files, nsswitch, krb5.conf, and others, from a machine that is bound and has a working winbind:-( biolinux:/var/log/samba # vi /etc/nsswitch.conf # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # compat Use compatibility setup # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the /var/db databases # [NOTFOUND=return] Stop searching if not found so far # # For more information, please read the nsswitch.conf.5 manual page. passwd: files winbind group: files winbind --endsnip Thanks, Chris On Feb 3, 2006, at 9:50 AM, Nico De Wilde wrote: Chris, Can you provide the winbind logs of the machine that does not succeed in joining the domain? Have you checked in your Windows server that machine accounts were created? Is your nsswitch.conf setup properly? Thx, Nico - Original Message - From: Chris Stone [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 03, 2006 3:10 PM Subject: [Samba] trouble with winbind Hi, I'm running samba, V3.0.20b-3.4-SUSE, on suse el9. I've successfully bound one machine to active directory, I can login to the local box using domain credentials. However, I can't get a second machine to the domain, using the exact same procedures. The machine claims to be bound, wbinfo -t returns checking the trust secret via RPC calls succeeded But, when I run wbinfo --sequence, it returns, APL : DISCONNECTED BIOLINUX : 1 BUILTIN : 1 JHUAPL : DISCONNECTED Kerberos is working, I can do a kinit [EMAIL PROTECTED], and get a ticket. My smb.conf is: [global] workgroup = JHUAPL server string = edna socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 IPTOS_LOWDELAY encrypt password = yes password server = dom1-dc6.dom1.jhuapl.edu realm = DOM1.JHUAPL.EDU netbios name = biolinux security = ads idmap uid = 1-4 idmap gid = 1-4 winbind separator = _ winbind enum users = yes winbind enum groups = yes winbind use default domain = yes username map = /etc/samba/smbusers map to guest = Bad User template shell = /bin/bash Can anyone suggest what I might be doing wrong? I've been googling this for a couple of days, and have run out ideas. Thank You, Chris -- To unsubscribe from this list go to the following URL and read
Re: [Samba] Re: Enabling 'idmap backend = ad' for user auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: Rex Dieter wrote: McGlorfin wrote: I'm using Samba 3.0.21a on Fedora Core 3 to authenticate against an AD domain. The box running AD is Win2k3 R2, so AD has the RFC2207 schema extensions applied. Really? I thought installing SFU on the domain controller is/was still required, no? (What's R2?) Can someone please confirm/deny this? It's important to our site (as the domain admins have been *very* reluctant to install SFU, but if only a Win2k update is involved...) My understanding is that Windows 2003 does include the RFC2307 schema as part of AD. But I have not installed R2 to confirm that. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD4351IR7qMdg1EfYRAmbkAKCm9frNCTxcONqKUk5NXDF23HxhZgCguns3 xqUpjveVptES096MOpIAxP4= =Zyw2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Confused about what I am seeing with domain names
David, Can you add the following lines to your krb5.conf: [realms] DOMAIN.COM = { kdc = ip.of.your.dc:88 admin_server = ip.of.your.dc:749 default_domain = domain.com } Regards, Nico - Original Message - From: David Shapiro To: Nico Wilde Sent: Friday, February 03, 2006 4:50 PM Subject: Re: [Samba] Confused about what I am seeing with domain names I am trying to get a aix samba server to join an ads domain. I think I see what the DOMAIN_NETWORK is. wbinfo -D for it shows it is not an ads server whereas the DOMAIN one is an ads server. That one is not showing information because kerberos cannot find the kdc for some reason that I can't figure out. It does have SRV records in dns. Here is the krb5.conf file I am using: mit krb5: [libdefaults] default_realm = DOMAIN.COM [realms] DOMAIN.COM = { kdc = adsserver.domain.com admin_server = adsserver.domain.com } [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [logging] kdc = CONSOLE smb.conf: [global] workgroup = DOMAIN netbios name = sambaserver socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 1-2 idmap gid = 1-2 idmap backend = ad # os level = 65 winbind enum users = yes winbind enum groups = yes #winbind uid = 1-2 #winbind gid = 1-2 winbind separator = / encrypt passwords = yes server string = samba server security = ADS # security = domain realm = DOMAIN.COM password server = adsserver.domain.com preferred master = no log file = /usr/local/samba/var/log.%m log level = 10 max log size = 50 local master = No dns proxy = No wins server = wins02 wins03 wins proxy = no name resolve order = hosts wins lmhosts bcast aio read size = 1 aio write size = 1 template homedir = /home/winnt/%D/%U template shell = /bin/bash [homes] path = /home/%u read only = No David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 9:55:15 AM David, Please post your smb.conf / nsswitch.conf/krb5.conf What are you trying to achieve? Joining a samba server to a Windows AD domain? Please provide some more information. Thx. Regards, Nico - Original Message - From: David Shapiro [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 03, 2006 3:49 PM Subject: [Samba] Confused about what I am seeing with domain names I could not get wbinfo -g/u to work and was seeing a bunch of errors related to to not being able to enumerate groups. I saw somebody use idmap backend = ad and added this since I have been struggling to get ad working (still not working). Now, when I run wbinfo -g/-u, I am getting groups and users, but the domain it shows is different than what I expected. My domain I was using for workgroup line is DOMAIN, for example, but wbinfo -g returns back: DOMAIN_NETWORK/group Is _NETWORK something that samba added, or is theis the name of the domain I should really be using? I did a grep on wbinfo -u for my user, and it returned my user too. If my domain is actually DOMAIN_NETWORK, is it possible my realm is not domain.com but domain_network.com or something weird like that? Should I change my workgroup line to use domain_network? I still can't get my kinit to find my kdc. I am wondering if I clear this up maybe my kdc kinit command will work. Note that I did ask my nt admin to run dns nslookup checks on _ldap.domain.com and _kerberos.domain.com, and those did return the correct results showing domain.com should be my realm. David David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Confused about what I am seeing with domain names - --getdcname fails for ad server
Should I expect to see when I run wbinfo --getdcname=domain it return a domain controller for an ad server? It does return a server name for domain_network, the non-ad server. David Shapiro Unix Team Lead 919-765-2011 David Shapiro 2/3/2006 10:50:51 AM I am trying to get a aix samba server to join an ads domain. I think I see what the DOMAIN_NETWORK is. wbinfo -D for it shows it is not an ads server whereas the DOMAIN one is an ads server. That one is not showing information because kerberos cannot find the kdc for some reason that I can't figure out. It does have SRV records in dns. Here is the krb5.conf file I am using: mit krb5: [libdefaults] default_realm = DOMAIN.COM [realms] DOMAIN.COM = { kdc = adsserver.domain.com admin_server = adsserver.domain.com } [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [logging] kdc = CONSOLE smb.conf: [global] workgroup = DOMAIN netbios name = sambaserver socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 1-2 idmap gid = 1-2 idmap backend = ad # os level = 65 winbind enum users = yes winbind enum groups = yes #winbind uid = 1-2 #winbind gid = 1-2 winbind separator = / encrypt passwords = yes server string = samba server security = ADS # security = domain realm = DOMAIN.COM password server = adsserver.domain.com preferred master = no log file = /usr/local/samba/var/log.%m log level = 10 max log size = 50 local master = No dns proxy = No wins server = wins02 wins03 wins proxy = no name resolve order = hosts wins lmhosts bcast aio read size = 1 aio write size = 1 template homedir = /home/winnt/%D/%U template shell = /bin/bash [homes] path = /home/%u read only = No David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 9:55:15 AM David, Please post your smb.conf / nsswitch.conf/krb5.conf What are you trying to achieve? Joining a samba server to a Windows AD domain? Please provide some more information. Thx. Regards, Nico - Original Message - From: David Shapiro [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 03, 2006 3:49 PM Subject: [Samba] Confused about what I am seeing with domain names I could not get wbinfo -g/u to work and was seeing a bunch of errors related to to not being able to enumerate groups. I saw somebody use idmap backend = ad and added this since I have been struggling to get ad working (still not working). Now, when I run wbinfo -g/-u, I am getting groups and users, but the domain it shows is different than what I expected. My domain I was using for workgroup line is DOMAIN, for example, but wbinfo -g returns back: DOMAIN_NETWORK/group Is _NETWORK something that samba added, or is theis the name of the domain I should really be using? I did a grep on wbinfo -u for my user, and it returned my user too. If my domain is actually DOMAIN_NETWORK, is it possible my realm is not domain.com but domain_network.com or something weird like that? Should I change my workgroup line to use domain_network? I still can't get my kinit to find my kdc. I am wondering if I clear this up maybe my kdc kinit command will work. Note that I did ask my nt admin to run dns nslookup checks on _ldap.domain.com and _kerberos.domain.com, and those did return the correct results showing domain.com should be my realm. David David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Confused about what I am seeing with domain names
I have done that during troubleshooting already to no avail. When I put these changes in now it still reports the infamous: kinit(v5): Cannot resolve network address for KDC in requested realm while getting initial credentials David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 11:05:11 AM David, Can you add the following lines to your krb5.conf: [realms] DOMAIN.COM = { kdc = ip.of.your.dc:88 admin_server = ip.of.your.dc:749 default_domain = domain.com } Regards, Nico - Original Message - From: David Shapiro To: Nico Wilde Sent: Friday, February 03, 2006 4:50 PM Subject: Re: [Samba] Confused about what I am seeing with domain names I am trying to get a aix samba server to join an ads domain. I think I see what the DOMAIN_NETWORK is. wbinfo -D for it shows it is not an ads server whereas the DOMAIN one is an ads server. That one is not showing information because kerberos cannot find the kdc for some reason that I can't figure out. It does have SRV records in dns. Here is the krb5.conf file I am using: mit krb5: [libdefaults] default_realm = DOMAIN.COM [realms] DOMAIN.COM = { kdc = adsserver.domain.com admin_server = adsserver.domain.com } [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [logging] kdc = CONSOLE smb.conf: [global] workgroup = DOMAIN netbios name = sambaserver socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 1-2 idmap gid = 1-2 idmap backend = ad # os level = 65 winbind enum users = yes winbind enum groups = yes #winbind uid = 1-2 #winbind gid = 1-2 winbind separator = / encrypt passwords = yes server string = samba server security = ADS # security = domain realm = DOMAIN.COM password server = adsserver.domain.com preferred master = no log file = /usr/local/samba/var/log.%m log level = 10 max log size = 50 local master = No dns proxy = No wins server = wins02 wins03 wins proxy = no name resolve order = hosts wins lmhosts bcast aio read size = 1 aio write size = 1 template homedir = /home/winnt/%D/%U template shell = /bin/bash [homes] path = /home/%u read only = No David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 9:55:15 AM David, Please post your smb.conf / nsswitch.conf/krb5.conf What are you trying to achieve? Joining a samba server to a Windows AD domain? Please provide some more information. Thx. Regards, Nico - Original Message - From: David Shapiro [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 03, 2006 3:49 PM Subject: [Samba] Confused about what I am seeing with domain names I could not get wbinfo -g/u to work and was seeing a bunch of errors related to to not being able to enumerate groups. I saw somebody use idmap backend = ad and added this since I have been struggling to get ad working (still not working). Now, when I run wbinfo -g/-u, I am getting groups and users, but the domain it shows is different than what I expected. My domain I was using for workgroup line is DOMAIN, for example, but wbinfo -g returns back: DOMAIN_NETWORK/group Is _NETWORK something that samba added, or is theis the name of the domain I should really be using? I did a grep on wbinfo -u for my user, and it returned my user too. If my domain is actually DOMAIN_NETWORK, is it possible my realm is not domain.com but domain_network.com or something weird like that? Should I change my workgroup line to use domain_network? I still can't get my kinit to find my kdc. I am wondering if I clear this up maybe my kdc kinit command will work. Note that I did ask my nt admin to run dns nslookup checks on _ldap.domain.com and _kerberos.domain.com, and those did return the correct results showing domain.com should be my realm. David David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Confused about what I am seeing with domain names
I see you put ip of dc. When I run wbinfo --getdcname DOMAIN it does not return back a dc. The log.winbindd does not show anything even at log level 10: ]: Get DC name for BCBSNC [2006/02/03 11:01:37, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1529) Retrieving response for pid 22330 [2006/02/03 11:03:07, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1529) Retrieving response for pid 22330 [2006/02/03 11:03:07, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1551) Retrieving extra data length=251 [2006/02/03 11:08:07, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1529) Retrieving response for pid 22330 [2006/02/03 11:08:07, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1551) Retrieving extra data length=251 David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 11:05:11 AM David, Can you add the following lines to your krb5.conf: [realms] DOMAIN.COM = { kdc = ip.of.your.dc:88 admin_server = ip.of.your.dc:749 default_domain = domain.com } Regards, Nico - Original Message - From: David Shapiro To: Nico Wilde Sent: Friday, February 03, 2006 4:50 PM Subject: Re: [Samba] Confused about what I am seeing with domain names I am trying to get a aix samba server to join an ads domain. I think I see what the DOMAIN_NETWORK is. wbinfo -D for it shows it is not an ads server whereas the DOMAIN one is an ads server. That one is not showing information because kerberos cannot find the kdc for some reason that I can't figure out. It does have SRV records in dns. Here is the krb5.conf file I am using: mit krb5: [libdefaults] default_realm = DOMAIN.COM [realms] DOMAIN.COM = { kdc = adsserver.domain.com admin_server = adsserver.domain.com } [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [logging] kdc = CONSOLE smb.conf: [global] workgroup = DOMAIN netbios name = sambaserver socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 1-2 idmap gid = 1-2 idmap backend = ad # os level = 65 winbind enum users = yes winbind enum groups = yes #winbind uid = 1-2 #winbind gid = 1-2 winbind separator = / encrypt passwords = yes server string = samba server security = ADS # security = domain realm = DOMAIN.COM password server = adsserver.domain.com preferred master = no log file = /usr/local/samba/var/log.%m log level = 10 max log size = 50 local master = No dns proxy = No wins server = wins02 wins03 wins proxy = no name resolve order = hosts wins lmhosts bcast aio read size = 1 aio write size = 1 template homedir = /home/winnt/%D/%U template shell = /bin/bash [homes] path = /home/%u read only = No David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 9:55:15 AM David, Please post your smb.conf / nsswitch.conf/krb5.conf What are you trying to achieve? Joining a samba server to a Windows AD domain? Please provide some more information. Thx. Regards, Nico - Original Message - From: David Shapiro [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 03, 2006 3:49 PM Subject: [Samba] Confused about what I am seeing with domain names I could not get wbinfo -g/u to work and was seeing a bunch of errors related to to not being able to enumerate groups. I saw somebody use idmap backend = ad and added this since I have been struggling to get ad working (still not working). Now, when I run wbinfo -g/-u, I am getting groups and users, but the domain it shows is different than what I expected. My domain I was using for workgroup line is DOMAIN, for example, but wbinfo -g returns back: DOMAIN_NETWORK/group Is _NETWORK something that samba added, or is theis the name of the domain I should really be using? I did a grep on wbinfo -u for my user, and it returned my user too. If my domain is actually DOMAIN_NETWORK, is it possible my realm is not domain.com but domain_network.com or something weird like that? Should I change my workgroup line to use domain_network? I still can't get my kinit to find my kdc. I am wondering if I clear this up maybe my kdc kinit command will work. Note that I did ask my nt admin to run dns nslookup checks on _ldap.domain.com and _kerberos.domain.com, and those did return the correct results showing domain.com should be my realm. David David Shapiro Unix Team Lead 919-765-2011 --
Re: [Samba] Confused about what I am seeing with domain names
I hope this isn't a silly question: do you have to use pam to get a server to join ad? I did not see that as a absolute requirement. David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 11:05:11 AM David, Can you add the following lines to your krb5.conf: [realms] DOMAIN.COM = { kdc = ip.of.your.dc:88 admin_server = ip.of.your.dc:749 default_domain = domain.com } Regards, Nico - Original Message - From: David Shapiro To: Nico Wilde Sent: Friday, February 03, 2006 4:50 PM Subject: Re: [Samba] Confused about what I am seeing with domain names I am trying to get a aix samba server to join an ads domain. I think I see what the DOMAIN_NETWORK is. wbinfo -D for it shows it is not an ads server whereas the DOMAIN one is an ads server. That one is not showing information because kerberos cannot find the kdc for some reason that I can't figure out. It does have SRV records in dns. Here is the krb5.conf file I am using: mit krb5: [libdefaults] default_realm = DOMAIN.COM [realms] DOMAIN.COM = { kdc = adsserver.domain.com admin_server = adsserver.domain.com } [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [logging] kdc = CONSOLE smb.conf: [global] workgroup = DOMAIN netbios name = sambaserver socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 1-2 idmap gid = 1-2 idmap backend = ad # os level = 65 winbind enum users = yes winbind enum groups = yes #winbind uid = 1-2 #winbind gid = 1-2 winbind separator = / encrypt passwords = yes server string = samba server security = ADS # security = domain realm = DOMAIN.COM password server = adsserver.domain.com preferred master = no log file = /usr/local/samba/var/log.%m log level = 10 max log size = 50 local master = No dns proxy = No wins server = wins02 wins03 wins proxy = no name resolve order = hosts wins lmhosts bcast aio read size = 1 aio write size = 1 template homedir = /home/winnt/%D/%U template shell = /bin/bash [homes] path = /home/%u read only = No David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 9:55:15 AM David, Please post your smb.conf / nsswitch.conf/krb5.conf What are you trying to achieve? Joining a samba server to a Windows AD domain? Please provide some more information. Thx. Regards, Nico - Original Message - From: David Shapiro [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 03, 2006 3:49 PM Subject: [Samba] Confused about what I am seeing with domain names I could not get wbinfo -g/u to work and was seeing a bunch of errors related to to not being able to enumerate groups. I saw somebody use idmap backend = ad and added this since I have been struggling to get ad working (still not working). Now, when I run wbinfo -g/-u, I am getting groups and users, but the domain it shows is different than what I expected. My domain I was using for workgroup line is DOMAIN, for example, but wbinfo -g returns back: DOMAIN_NETWORK/group Is _NETWORK something that samba added, or is theis the name of the domain I should really be using? I did a grep on wbinfo -u for my user, and it returned my user too. If my domain is actually DOMAIN_NETWORK, is it possible my realm is not domain.com but domain_network.com or something weird like that? Should I change my workgroup line to use domain_network? I still can't get my kinit to find my kdc. I am wondering if I clear this up maybe my kdc kinit command will work. Note that I did ask my nt admin to run dns nslookup checks on _ldap.domain.com and _kerberos.domain.com, and those did return the correct results showing domain.com should be my realm. David David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with ADS
Help me. What am I doing wrong ?? # kinit [EMAIL PROTECTED] kinit(v5): Improper format of Kerberos configuration file while initializing Kerberos 5 library My winbind log. eb 3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:04 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:04 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:04 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:04 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:04 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:04 firewall winbindd[29307]: [2006/02/03 13:27:04, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:04 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:06 firewall winbindd[29307]: [2006/02/03 13:27:06, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:06 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:06 firewall winbindd[29307]: [2006/02/03 13:27:06, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:06 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:06 firewall winbindd[29307]: [2006/02/03 13:27:06, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:06 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:10 firewall winbindd[29307]: [2006/02/03 13:27:10, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:10 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:10 firewall winbindd[29307]: [2006/02/03 13:27:10, 0] nsswitch/winbindd.c:request_len_recv(566) Feb 3 13:27:10 firewall winbindd[29307]: request_len_recv: Invalid request size received: 1824 Feb 3 13:27:10 firewall winbindd[29307]: [2006/02/03 13:27:10, 0] nsswitch/winbindd.c:request_len_recv(56 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Confused about what I am seeing with domain names
In an effort to safeguard the privacy of all our communications, we have taken steps to ensure our e-mail communications meet federal and state privacy requirements. Thank you for your understanding. David Shapiro sent you a secured message. The link below will take you to a page where you can securely view the message. Click below to view it, or cut and paste the following URL into your Web browser: https://smail.pdr102072.com/ime?x=4-2550075-1352252-DDVONMN9 Your ability to retrieve this message will expire on Sunday March 05, 2006. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Enabling 'idmap backend = ad' for user auth
Hi, On Fri, Feb 03, 2006 at 09:31:50AM -0600, Gerald (Jerry) Carter wrote: Guenther Deschner wrote: Gunether, Why is 'winbind nss info' a list ? We only ever check for sfu. Were you thinking of chaining options Volker asked me to have a list already at that time to allow his unixinfo work to be actived here later on. Right. That I remember. But why does the parameter accept a list of values? It seems like it should just accept a single string from a list of discrete values. Just the like the security parameter. We thought about to better handle mixed trusted domain setups. Domain A (ADS) = sfu Domain B (NT) = template Domain C (Samba w. Unixinfo) = unixinfo Of course that's referring to unfinished code and this acts just as a placeholder. Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE LINUX [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpIY2GAVeoUf.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Confused about what I am seeing with domain names
I see you put ip of dc. When I run wbinfo --getdcname DOMAIN it does not return back a dc. The log.winbindd does not show anything even at log level 10: ]: Get DC name for DOMAIN [2006/02/03 11:01:37, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1529) Retrieving response for pid 22330 [2006/02/03 11:03:07, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1529) Retrieving response for pid 22330 [2006/02/03 11:03:07, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1551) Retrieving extra data length=251 [2006/02/03 11:08:07, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1529) Retrieving response for pid 22330 [2006/02/03 11:08:07, 10] ../nsswitch/winbindd_cache.c:cache_retrieve_response(1551) Retrieving extra data length=251 David Shapiro Unix Team Lead 919-765-2011 David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 11:05:11 AM David, Can you add the following lines to your krb5.conf: [realms] DOMAIN.COM = { kdc = ip.of.your.dc:88 admin_server = ip.of.your.dc:749 default_domain = domain.com } Regards, Nico - Original Message - From: David Shapiro To: Nico Wilde Sent: Friday, February 03, 2006 4:50 PM Subject: Re: [Samba] Confused about what I am seeing with domain names I am trying to get a aix samba server to join an ads domain. I think I see what the DOMAIN_NETWORK is. wbinfo -D for it shows it is not an ads server whereas the DOMAIN one is an ads server. That one is not showing information because kerberos cannot find the kdc for some reason that I can't figure out. It does have SRV records in dns. Here is the krb5.conf file I am using: mit krb5: [libdefaults] default_realm = DOMAIN.COM [realms] DOMAIN.COM = { kdc = adsserver.domain.com admin_server = adsserver.domain.com } [domain_realm] .domain.com = DOMAIN.COM domain.com = DOMAIN.COM [logging] kdc = CONSOLE smb.conf: [global] workgroup = DOMAIN netbios name = sambaserver socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 idmap uid = 1-2 idmap gid = 1-2 idmap backend = ad # os level = 65 winbind enum users = yes winbind enum groups = yes #winbind uid = 1-2 #winbind gid = 1-2 winbind separator = / encrypt passwords = yes server string = samba server security = ADS # security = domain realm = DOMAIN.COM password server = adsserver.domain.com preferred master = no log file = /usr/local/samba/var/log.%m log level = 10 max log size = 50 local master = No dns proxy = No wins server = wins02 wins03 wins proxy = no name resolve order = hosts wins lmhosts bcast aio read size = 1 aio write size = 1 template homedir = /home/winnt/%D/%U template shell = /bin/bash [homes] path = /home/%u read only = No David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 9:55:15 AM David, Please post your smb.conf / nsswitch.conf/krb5.conf What are you trying to achieve? Joining a samba server to a Windows AD domain? Please provide some more information. Thx. Regards, Nico - Original Message - From: David Shapiro [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Friday, February 03, 2006 3:49 PM Subject: [Samba] Confused about what I am seeing with domain names I could not get wbinfo -g/u to work and was seeing a bunch of errors related to to not being able to enumerate groups. I saw somebody use idmap backend = ad and added this since I have been struggling to get ad working (still not working). Now, when I run wbinfo -g/-u, I am getting groups and users, but the domain it shows is different than what I expected. My domain I was using for workgroup line is DOMAIN, for example, but wbinfo -g returns back: DOMAIN_NETWORK/group Is _NETWORK something that samba added, or is theis the name of the domain I should really be using? I did a grep on wbinfo -u for my user, and it returned my user too. If my domain is actually DOMAIN_NETWORK, is it possible my realm is not domain.com but domain_network.com or something weird like that? Should I change my workgroup line to use domain_network? I still can't get my kinit to find my kdc. I am wondering if I clear this up maybe my kdc kinit command will work. Note that I did ask my nt admin to run dns nslookup checks on _ldap.domain.com and _kerberos.domain.com, and those did return the correct results showing domain.com should be my realm. David David
Re: [Samba] trouble with winbind
I found mention of how to run net ads join with debugging, which got me some good info when I run net ads join with debuglevel=10: namecache_store: storing 1 address for adserver.domain.com#20: 1.2.3.4:0 [2006/02/03 12:19:02, 10] ../lib/gencache.c:gencache_set(127) Adding cache entry with key = NBT/ADSSERVER.DOMAIN.COM#20; value = 1.2.3.4:0 and timeout = Fri Feb 3 12:30:02 2006 (660 seconds ahead) [2006/02/03 12:19:02, 10] ../libsmb/namequery.c:internal_resolve_name(1145) internal_resolve_name: returning 1 addresses: 10.69.147.110:0 [2006/02/03 12:19:02, 10] ../libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/02/03 12:19:02, 4] ../libsmb/namequery.c:get_dc_list(1406) get_dc_list: returning 1 ip addresses in an ordered list [2006/02/03 12:19:02, 4] ../libsmb/namequery.c:get_dc_list(1407) get_dc_list: 10.69.147.110:0 [2006/02/03 12:19:02, 5] ../libads/ldap.c:ads_try_connect(126) ads_try_connect: trying ldap server '1.2.3.4' port 389 [2006/02/03 12:19:02, 3] ../libads/ldap.c:ads_connect(288) Connected to LDAP server 1.2.3.4 [2006/02/03 12:19:02, 3] ../libads/ldap.c:ads_server_info(2541) got ldap server name [EMAIL PROTECTED], using bind path: dc=DOMAIN,dc=COM [2006/02/03 12:19:02, 4] ../libads/ldap.c:ads_server_info(2547) time offset is 114 seconds [2006/02/03 12:19:02, 4] ../libads/sasl.c:ads_sasl_bind(455) Found SASL mechanism GSS-SPNEGO [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2006/02/03 12:19:02, 3] ../libsmb/clikrb5.c:ads_krb5_mk_req(478) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2006/02/03 12:19:02, 0] ../libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/02/03 12:19:02, 0] ../utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm [2006/02/03 12:19:02, 2] ../utils/net.c:main(876) return code = -1 So it looks like it found the adsserver buyt then tried to kinit for the samba server I am trying to join and complained about not being able to resolve the kdc. Did it fail to find a credential cache (I thought I was trying to get one with the join command, so it shouldn't find one) and then tried to get one from the local samba server and is saying it is not resolvable? David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 10:57:23 AM Chris, The following error is repeated multiple times in your winbind.log: Client not found in Kerberos database Are you joining these machines as a domain admin or as an account with domain admin priviliges? Is your resolving setup correctly? Are the clocks on your servers synchronized with the DC? Could you try: - kinit [EMAIL PROTECTED] - net ads join -U ADMINISTRATOR What output do these two commands generate on your system? Sample smb.conf for a 'member server' in a 2000/2003 AD domain: -- [global] server string = somebox realm = DOM1.JHUAPL.EDU workgroup = CHOCOWEB password server = dom1-dc6.dom1.jhuapl.edu security = ADS encrypt passwords = true # winbind configuration winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users=yes winbind enum groups=yes --- Sample krb5.conf --- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DOM1.JHUAPL.EDU dns_lookup_realm = false dns_lookup_kdc = false [realms] DOM1.JHUAPL.EDU = { kdc = the.ip.of.your.dc:88 admin_server = the.ip.of.your.dc:749 default_domain = dom1.jhuapl.edu } -- Nsswitch.conf passwd: files winbind shadow: files group: files winbind hosts: files dns winbind -- This should get you going. Can you provide additional feedback on this? Thx. Regards, Nico - Original Message - From: Chris Stone [EMAIL PROTECTED] To: Nico De Wilde [EMAIL PROTECTED] Sent: Friday, February 03, 2006 4:33 PM Subject: Re: [Samba] trouble with winbind Nico, I've
[Samba] Sharing a Secondary Hard Drive
I just recently installed a second hard drive in my Samba server with the hopes of sharing it with the rest of my home network. It seems like Samba can not get the correct permissions to the drive, however. I have the drive mounted under /media/public, and when I try to map a share directly to it and open the share with a client, I get an NT_STATUS_BAD_NETWORK_NAME error. When I map the share to /media and try the client again, I can see the cdrom folder, but not public. I have also tried scp and ftp using /media/public, and they both work fine, so it doesn't seem like a common case of poor permission settings. Has anyone else ever experienced this or know of a possible cause? I'm running Fedora Core 4 if that helps. Thanks in advance, Justin McCullough -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sharing a Secondary Hard Drive
I installed a second hard drive on my Samba server box with the hopes of creating a share for the rest of my home network. It doesn't seem like Samba is able to read the drive for some reason, however. The new drive is mounted on /media/public. When I create a share directly to the drive and try to connect through the smbclient, I get an NT_STATUS_BAD_NETWORK_NAME error. Moving the share up a level to /media allows smbclient to connect, but the public folder does not even appear and trying to cd into it returns an NT_STATUS_ACCESS_DENIED message. The drive itself seems fine as I'm able to write to it using any of my accounts directly and I can ftp and scp into it, so I am completely stumped. Does any one else have any experience with this or know what may be the cause? I'm running Fedora Core 4 by the way, if that helps. Thanks in advance, Justin McCullough -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] re: trouble with winbind
All, With the help of Nico, this is fixed. He had me do: - kinit [EMAIL PROTECTED] - net ads join -U ADMINISTRATOR Previously, I was not kiniting first, also I was doing net rpc join, I don't know how much difference that made. So, a big thank you to Nico. Chris Stone Hi, I'm running samba, V3.0.20b-3.4-SUSE, on suse el9. I've successfully bound one machine to active directory, I can login to the local box using domain credentials. However, I can't get a second machine to the domain, using the exact same procedures. The machine claims to be bound, wbinfo -t returns checking the trust secret via RPC calls succeeded But, when I run wbinfo --sequence, it returns, APL : DISCONNECTED BIOLINUX : 1 BUILTIN : 1 JHUAPL : DISCONNECTED Kerberos is working, I can do a kinit [EMAIL PROTECTED], and get a ticket. My smb.conf is: [global] workgroup = JHUAPL server string = edna socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 IPTOS_LOWDELAY encrypt password = yes password server = dom1-dc6.dom1.jhuapl.edu realm = DOM1.JHUAPL.EDU netbios name = biolinux security = ads idmap uid = 1-4 idmap gid = 1-4 winbind separator = _ winbind enum users = yes winbind enum groups = yes winbind use default domain = yes username map = /etc/samba/smbusers map to guest = Bad User template shell = /bin/bash Can anyone suggest what I might be doing wrong? I've been googling this for a couple of days, and have run out ideas. Thank You, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] trouble with winbind
On Friday February 03 2006 12:28 pm, David Shapiro wrote: I found mention of how to run net ads join with debugging, which got me some good info when I run net ads join with debuglevel=10: namecache_store: storing 1 address for adserver.domain.com#20: 1.2.3.4:0 [2006/02/03 12:19:02, 10] ../lib/gencache.c:gencache_set(127) Adding cache entry with key = NBT/ADSSERVER.DOMAIN.COM#20; value = 1.2.3.4:0 and timeout = Fri Feb 3 12:30:02 2006 (660 seconds ahead) [2006/02/03 12:19:02, 10] ../libsmb/namequery.c:internal_resolve_name(1145) internal_resolve_name: returning 1 addresses: 10.69.147.110:0 [2006/02/03 12:19:02, 10] ../libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/02/03 12:19:02, 4] ../libsmb/namequery.c:get_dc_list(1406) get_dc_list: returning 1 ip addresses in an ordered list [2006/02/03 12:19:02, 4] ../libsmb/namequery.c:get_dc_list(1407) get_dc_list: 10.69.147.110:0 [2006/02/03 12:19:02, 5] ../libads/ldap.c:ads_try_connect(126) ads_try_connect: trying ldap server '1.2.3.4' port 389 [2006/02/03 12:19:02, 3] ../libads/ldap.c:ads_connect(288) Connected to LDAP server 1.2.3.4 [2006/02/03 12:19:02, 3] ../libads/ldap.c:ads_server_info(2541) got ldap server name [EMAIL PROTECTED], using bind path: dc=DOMAIN,dc=COM [2006/02/03 12:19:02, 4] ../libads/ldap.c:ads_server_info(2547) time offset is 114 seconds [2006/02/03 12:19:02, 4] ../libads/sasl.c:ads_sasl_bind(455) Found SASL mechanism GSS-SPNEGO [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2006/02/03 12:19:02, 3] ../libsmb/clikrb5.c:ads_krb5_mk_req(478) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2006/02/03 12:19:02, 0] ../libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/02/03 12:19:02, 0] ../utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm [2006/02/03 12:19:02, 2] ../utils/net.c:main(876) return code = -1 So it looks like it found the adsserver buyt then tried to kinit for the samba server I am trying to join and complained about not being able to resolve the kdc. Did it fail to find a credential cache (I thought I was trying to get one with the join command, so it shouldn't find one) and then tried to get one from the local samba server and is saying it is not resolvable? David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 10:57:23 AM Chris, The following error is repeated multiple times in your winbind.log: Client not found in Kerberos database Are you joining these machines as a domain admin or as an account with domain admin priviliges? Is your resolving setup correctly? Are the clocks on your servers synchronized with the DC? Could you try: - kinit [EMAIL PROTECTED] - net ads join -U ADMINISTRATOR What output do these two commands generate on your system? Sample smb.conf for a 'member server' in a 2000/2003 AD domain: -- [global] server string = somebox realm = DOM1.JHUAPL.EDU workgroup = CHOCOWEB password server = dom1-dc6.dom1.jhuapl.edu security = ADS encrypt passwords = true # winbind configuration winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users=yes winbind enum groups=yes --- Sample krb5.conf --- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DOM1.JHUAPL.EDU dns_lookup_realm = false dns_lookup_kdc = false [realms] DOM1.JHUAPL.EDU = { kdc = the.ip.of.your.dc:88 admin_server = the.ip.of.your.dc:749 default_domain = dom1.jhuapl.edu } -- Nsswitch.conf passwd: files winbind shadow: files group: files winbind hosts: files dns winbind -- This should get you going. Can you provide additional feedback on this? Thx. Regards, Nico - Original Message -
Re: [Samba] trouble with winbind
Top-posting. Eeek. One thing I think I see is that the system times between the Samba and Ad servers may be out of sync. I believe that if the time difference is significant enough, then the krb encryption codes will not match and access to network resources may be denied. Are both of your servers system times sync via ntp? Dimitri On Friday February 03 2006 12:28 pm, David Shapiro wrote: I found mention of how to run net ads join with debugging, which got me some good info when I run net ads join with debuglevel=10: namecache_store: storing 1 address for adserver.domain.com#20: 1.2.3.4:0 [2006/02/03 12:19:02, 10] ../lib/gencache.c:gencache_set(127) Adding cache entry with key = NBT/ADSSERVER.DOMAIN.COM#20; value = 1.2.3.4:0 and timeout = Fri Feb 3 12:30:02 2006 (660 seconds ahead) [2006/02/03 12:19:02, 10] ../libsmb/namequery.c:internal_resolve_name(1145) internal_resolve_name: returning 1 addresses: 10.69.147.110:0 [2006/02/03 12:19:02, 10] ../libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/02/03 12:19:02, 4] ../libsmb/namequery.c:get_dc_list(1406) get_dc_list: returning 1 ip addresses in an ordered list [2006/02/03 12:19:02, 4] ../libsmb/namequery.c:get_dc_list(1407) get_dc_list: 10.69.147.110:0 [2006/02/03 12:19:02, 5] ../libads/ldap.c:ads_try_connect(126) ads_try_connect: trying ldap server '1.2.3.4' port 389 [2006/02/03 12:19:02, 3] ../libads/ldap.c:ads_connect(288) Connected to LDAP server 1.2.3.4 [2006/02/03 12:19:02, 3] ../libads/ldap.c:ads_server_info(2541) got ldap server name [EMAIL PROTECTED], using bind path: dc=DOMAIN,dc=COM [2006/02/03 12:19:02, 4] ../libads/ldap.c:ads_server_info(2547) time offset is 114 seconds [2006/02/03 12:19:02, 4] ../libads/sasl.c:ads_sasl_bind(455) Found SASL mechanism GSS-SPNEGO [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2006/02/03 12:19:02, 3] ../libsmb/clikrb5.c:ads_krb5_mk_req(478) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2006/02/03 12:19:02, 0] ../libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/02/03 12:19:02, 0] ../utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm [2006/02/03 12:19:02, 2] ../utils/net.c:main(876) return code = -1 So it looks like it found the adsserver buyt then tried to kinit for the samba server I am trying to join and complained about not being able to resolve the kdc. Did it fail to find a credential cache (I thought I was trying to get one with the join command, so it shouldn't find one) and then tried to get one from the local samba server and is saying it is not resolvable? David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 10:57:23 AM Chris, The following error is repeated multiple times in your winbind.log: Client not found in Kerberos database Are you joining these machines as a domain admin or as an account with domain admin priviliges? Is your resolving setup correctly? Are the clocks on your servers synchronized with the DC? Could you try: - kinit [EMAIL PROTECTED] - net ads join -U ADMINISTRATOR What output do these two commands generate on your system? Sample smb.conf for a 'member server' in a 2000/2003 AD domain: -- [global] server string = somebox realm = DOM1.JHUAPL.EDU workgroup = CHOCOWEB password server = dom1-dc6.dom1.jhuapl.edu security = ADS encrypt passwords = true # winbind configuration winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users=yes winbind enum groups=yes --- Sample krb5.conf --- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DOM1.JHUAPL.EDU dns_lookup_realm = false dns_lookup_kdc = false [realms] DOM1.JHUAPL.EDU = { kdc = the.ip.of.your.dc:88 admin_server = the.ip.of.your.dc:749 default_domain = dom1.jhuapl.edu }
Re: [Samba] trouble with winbind
Interesting catch. It does not use ntp on the unix box of the same time source as the dc. However, if I manually set the time on the unix box to match the present nt server, kinit still does not allow me to resolve the network address for the kdc in the requested realm while getting the initial credentials. David Shapiro Unix Team Lead 919-765-2011 Dimitri Yioulos [EMAIL PROTECTED] 2/3/2006 1:05:00 PM Top-posting. Eeek. One thing I think I see is that the system times between the Samba and Ad servers may be out of sync. I believe that if the time difference is significant enough, then the krb encryption codes will not match and access to network resources may be denied. Are both of your servers system times sync via ntp? Dimitri On Friday February 03 2006 12:28 pm, David Shapiro wrote: I found mention of how to run net ads join with debugging, which got me some good info when I run net ads join with debuglevel=10: namecache_store: storing 1 address for adserver.domain.com#20: 1.2.3.4:0 [2006/02/03 12:19:02, 10] ../lib/gencache.c:gencache_set(127) Adding cache entry with key = NBT/ADSSERVER.DOMAIN.COM#20; value = 1.2.3.4:0 and timeout = Fri Feb 3 12:30:02 2006 (660 seconds ahead) [2006/02/03 12:19:02, 10] ../libsmb/namequery.c:internal_resolve_name(1145) internal_resolve_name: returning 1 addresses: 10.69.147.110:0 [2006/02/03 12:19:02, 10] ../libsmb/namequery.c:remove_duplicate_addrs2(320) remove_duplicate_addrs2: looking for duplicate address/port pairs [2006/02/03 12:19:02, 4] ../libsmb/namequery.c:get_dc_list(1406) get_dc_list: returning 1 ip addresses in an ordered list [2006/02/03 12:19:02, 4] ../libsmb/namequery.c:get_dc_list(1407) get_dc_list: 10.69.147.110:0 [2006/02/03 12:19:02, 5] ../libads/ldap.c:ads_try_connect(126) ads_try_connect: trying ldap server '1.2.3.4' port 389 [2006/02/03 12:19:02, 3] ../libads/ldap.c:ads_connect(288) Connected to LDAP server 1.2.3.4 [2006/02/03 12:19:02, 3] ../libads/ldap.c:ads_server_info(2541) got ldap server name [EMAIL PROTECTED], using bind path: dc=DOMAIN,dc=COM [2006/02/03 12:19:02, 4] ../libads/ldap.c:ads_server_info(2547) time offset is 114 seconds [2006/02/03 12:19:02, 4] ../libads/sasl.c:ads_sasl_bind(455) Found SASL mechanism GSS-SPNEGO [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2006/02/03 12:19:02, 3] ../libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2006/02/03 12:19:02, 3] ../libsmb/clikrb5.c:ads_krb5_mk_req(478) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2006/02/03 12:19:02, 0] ../libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/02/03 12:19:02, 0] ../utils/net_ads.c:ads_startup(191) ads_connect: Cannot resolve network address for KDC in requested realm [2006/02/03 12:19:02, 2] ../utils/net.c:main(876) return code = -1 So it looks like it found the adsserver buyt then tried to kinit for the samba server I am trying to join and complained about not being able to resolve the kdc. Did it fail to find a credential cache (I thought I was trying to get one with the join command, so it shouldn't find one) and then tried to get one from the local samba server and is saying it is not resolvable? David Shapiro Unix Team Lead 919-765-2011 Nico De Wilde [EMAIL PROTECTED] 2/3/2006 10:57:23 AM Chris, The following error is repeated multiple times in your winbind.log: Client not found in Kerberos database Are you joining these machines as a domain admin or as an account with domain admin priviliges? Is your resolving setup correctly? Are the clocks on your servers synchronized with the DC? Could you try: - kinit [EMAIL PROTECTED] - net ads join -U ADMINISTRATOR What output do these two commands generate on your system? Sample smb.conf for a 'member server' in a 2000/2003 AD domain: -- [global] server string = somebox realm = DOM1.JHUAPL.EDU workgroup = CHOCOWEB password server = dom1-dc6.dom1.jhuapl.edu security = ADS encrypt passwords = true # winbind configuration winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users=yes winbind enum groups=yes --- Sample krb5.conf --- [logging]
[Samba] because of ldap migration or bug 1345?
Since one week ago we managed to change the samba PDC authentication scheme to openldap, but we are having problems with the home directories from some XP clients. After some time those homes are blocked and the users can not even list the contents (access denied). Here some lines from the relevent samba log file: [2006/02/03 12:46:19, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 13680) [2006/02/03 12:46:19, 4] smbd/uid.c:change_to_user(186) change_to_user: Skipping user change - already user [2006/02/03 12:46:19, 5] smbd/filename.c:unix_convert(114) unix_convert called on file [2006/02/03 12:46:19, 5] smbd/files.c:file_new(122) allocated file structure 6829, fnum = 10925 (1 used) [2006/02/03 12:46:19, 3] smbd/open.c:open_directory(1356) open_directory: unable to stat name = .. Error was Conseguido [2006/02/03 12:46:19, 5] smbd/files.c:file_free(385) freed files structure 10925 (0 used) [2006/02/03 12:46:19, 3] smbd/error.c:error_packet(118) error packet at smbd/trans2.c() cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED is this happening because of the same bug 1345? (https://bugzilla.samba.org/show_bug.cgi?id=1345) or is it relate to ldap? We have samba 3.0.5-2 under Red Hat 9.0. Thanks, Pablo Chamorro C. -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems listing over 2000 files using smbmount from a windows share
Hy people, I have a strage problem here, i have sles8 with samba 2.2, and whe i mount a windows ntfs share on my linux box i dont see all the files that the share has, because if i list the files using ftp or on the proper local machine and i count the files i have 3500, and when i list then on my linux box on the mounted smbfs i only see 2000, sometimes i get 0 files listed, i have tried mounting the share with samba 3.0 in a debian box with exactly the same result... , the thing is if i try moving a file that i cant see i can move it and use it with no probss... :¿. strange thing?? can someone help me out here? the windows share is a w2003. thnX! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Using samba volume with C# FileSystemWatcher class
I'm trying to monitor changes to the contents of a directory using the FileSystemWatcher class of MS Visual Studio C#. Here is my setup: Unix (Sun OS) with an nfs share pointing to a sub-directory on the local disk Windows XP (sp2) with the nfs share set up and mapped to the T: drive designator. Using My Computer, I can open a window to the nfs share and see all of the files in the shared (unix) directory. This tells me that samba is set up correctly and functioning. So I wrote a small application (Visual Studio 2003) in C# that is supposed to watch the remote directory for changes to its contents. If I look at the C: drive (local disk on my PC), my application is successfully notified about changes to files on the C: drive. However when I change the code to look at the T: drive, my app never sees any of the changes I make to the directory contents on the T: drive. Does this sound familiar? Is there any other way besides using the FileSystemWatcher class to determine if the files on the nfs disk have changed via an application running on the PC? Thanks. Gary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Enabling 'idmap backend = ad' for user auth
eric roseme wrote: I posted this last August: http://marc.theaimsgroup.com/?l=sambam=112388794720837w=2 Just to summarize (someone asked what R2 is): R2 appears to be an interim W2003 update to keep everyone happy while waiting for Longhorn/Vista server. The big news for Samba is that R2 has the RFC2307 attributes already included in the AD schema, Thanks, that's good news. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using samba volume with C# FileSystemWatcher class
On Fri, Feb 03, 2006 at 02:30:11PM -0500, Rice, Gary wrote: I'm trying to monitor changes to the contents of a directory using the FileSystemWatcher class of MS Visual Studio C#. Here is my setup: Unix (Sun OS) with an nfs share pointing to a sub-directory on the local disk Windows XP (sp2) with the nfs share set up and mapped to the T: drive designator. Using My Computer, I can open a window to the nfs share and see all of the files in the shared (unix) directory. This tells me that samba is set up correctly and functioning. So I wrote a small application (Visual Studio 2003) in C# that is supposed to watch the remote directory for changes to its contents. If I look at the C: drive (local disk on my PC), my application is successfully notified about changes to files on the C: drive. However when I change the code to look at the T: drive, my app never sees any of the changes I make to the directory contents on the T: drive. Does this sound familiar? Is there any other way besides using the FileSystemWatcher class to determine if the files on the nfs disk have changed via an application running on the PC? Samba currently supports ChangeNotify (which is how file system notification works) at the level of the current directory being watched *only*. Currently we generate a something changed, we don't know what message when we detect an update. Until I integrate Samba with inotify (which is a Linux specific feature) this is the best we can do. If you're expecting change notification on individual files (ie. file \foo changed) or on sub-directories of the monitored directory (ie. you're monitoring \\server\share\dir1 and something changes in \\server\share\dir1\dir2 then you're not going to see that). The reason is there's no easy way on POSIX to make that work. It's an incredibly expensive operation. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems viewing shares on a SAMBA/Windows 2003 ADS setup
Greetings, I've set up a Fedora Core 4 server to be a file server, among other things, to a mostly-Windows network. The Windows server I'm using to authenticate against is a fully-patched Windows 2003 Small Business server. I've used as many tutorials online that I can find. However, once the server joins the domain and a share has been created, I am bombarded with constant login prompts to view the share, no matter what the username/password I use. I'm never able to map/view the share. I've gotten the box to join the Windows domain: [EMAIL PROTECTED] ~]# net ads join -U username username's password: [2006/02/03 14:18:39, 0] libads/ldap.c:ads_add_machine_acct(1405) ads_add_machine_acct: Host account for server already exists - modifying old account Using short domain name -- DOMAIN Joined 'SERVER' to realm 'DOMAIN.LOCAL' I've been able to initialize the user: [EMAIL PROTECTED] ~]# kinit username Password for [EMAIL PROTECTED]: [EMAIL PROTECTED] ~]# I've been able to view the klist data: [EMAIL PROTECTED] ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 02/03/06 14:23:17 02/04/06 00:23:19 krbtgt/ [EMAIL PROTECTED] renew until 02/04/06 14:23:17 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached I've been able to use smbclient to view a default admin share on another server (IE: smbclient //servername/c$). I've used wbinfo -u and wbinfo -g to view the live list of domain users and groups. I can view net ads information as such: [EMAIL PROTECTED] ~]# net ads info LDAP server: 10.34.1.20 LDAP server name: ad-server Realm: DOMAIN.LOCAL Bind Path: dc=DOMAIN,dc=LOCAL LDAP port: 389 Server time: Fri, 03 Feb 2006 14:35:00 GMT KDC server: 10.34.1.20 Server time offset: 0 No matter what I've tried to do, I cannot view the shares on the Samba server from any other Windows box. I've dug through every web link I can find online. Every link I can dig up through Google now is marked as read. Below are my configuration files. Any ideas? I would appreciate any help. Thanks, Ryan Server Information ( /proc/version ): Fedora Core 4 Linux version 2.6.14-1.1656_FC4smp ([EMAIL PROTECTED]) (gcc version 4.0.2 20051125 (Red Hat 4.0.2-8)) #1 SMP Thu Jan 5 22:26:33 EST 2006 /etc/samba/smb.conf: Version: 3.0.14a-2 #=== Global Settings = [global] workgroup = domain server string = Resources Device log file = /var/log/samba/smb.%m.log max log size = 500 realm = DOMAIN.LOCAL password server = ad-server.domain.local security = ADS encrypt passwords = yes client signing = yes #use kerberos keytab = true socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 winbind uid = 1-2 winbind gid = 1-2 winbind separator = + winbind enum users = yes winbind enum groups = yes idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = yes winbind nested groups = yes # winbind trusted domains only = no #ldap idmap suffix = ou=Idmap,dc=domain,dc=local local master = no domain master = no preferred master = no dns proxy = no # Share Definitions == [ZeeDrive] comment = General User Drive path = /path/to/share public = yes browseable = yes writeable = yes valid users = @domain users force user = %S /etc/krb5.conf Version: krb5-libs-1.4-3 [libdefaults] default_realm = DOMAIN.LOCAL default_keytab_name = FILE:/etc/krb5.keytab default_lookup_realm = true default_lookup_kdc = true [realms] DOMAIN.LOCAL = { kdc = ad-server.domain.local } [domain_realms] .domain.local = DOMAIN.LOCAL Repeating Error Log Message from /var/log/samba/smb.X.X.X.X.log This error is generated every time I try to view the share information on the samba server: [2006/02/03 14:49:59, 1] libads/kerberos_verify.c:ads_verify_ticket(324) ads_verify_ticket: krb5_get_server_rcache failed (Permission denied in replay cache code) [2006/02/03 14:49:59, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! No other logs are generating any worth-while errors. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Enabling 'idmap backend = ad' for user auth
There's been a lot of good discussion so far re Wink3 R2, but not much on actually using the RFC2207-compliant schema therein. So is anybody using Samba to do authentication against AD in Win2k3 R2? TIA, McG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Enabling 'idmap backend = ad' for user auth
eric roseme wrote: I have not tried loading our POSIX ID's onto R2, but I doubt it will work with Samba as-is because the attribute names have changed from SFU. SFU pre-fixed the RFC2307 attributes with msSFU-30 (thus not following the RFC) but R2 actually uses the correct attribute names. Samba is making requests to AD using the OIDs of the attributes (in 3.0.21a, at least). I've confirmed that the SFU OIDs are different from the RFC2307 OIDs, so Samba apparently needs to be patched/enhanced to fully support RFC2307. SFU schema OID root: 1.2.840.113556.1.6.18.1 RFC2307 schema OID root: 1.3.6.1.1.1 -McG -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a Secondary Hard Drive
On Fri, 3 Feb 2006, Justin McCullough wrote: I installed a second hard drive on my Samba server box with the hopes of creating a share for the rest of my home network. It doesn't seem like Samba is able to read the drive for some reason, however. The new drive is mounted on /media/public. When I create a share directly to the drive and try to connect through the smbclient, I get an NT_STATUS_BAD_NETWORK_NAME error. Moving the share up a level to /media allows smbclient to connect, but the public folder does not even appear and trying to cd into it returns an NT_STATUS_ACCESS_DENIED message. The drive itself seems fine as I'm able to write to it using any of my accounts directly and I can ftp and scp into it, so I am completely stumped. Does any one else have any experience with this or know what may be the cause? I'm running Fedora Core 4 by the way, if that helps. Justin, You might want to look into what the permissions are on the UNIX side of things. You say that you can use any of your accounts directly using UNIX tools, but are the same users used for Samba, or is there a forced user in the smb.conf file? Just something to look into . . . Thanks in advance, Justin McCullough -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -Sean Elble -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a Secondary Hard Drive
I installed a second hard drive on my Samba server box with the hopes of creating a share for the rest of my home network. It doesn't seem like Samba is able to read the drive for some reason, however. The new drive is mounted on /media/public. When I create a share directly to the drive and try to connect through the smbclient, I get an NT_STATUS_BAD_NETWORK_NAME error. Moving the share up a level to /media allows smbclient to connect, but the public folder does not even appear and trying to cd into it returns an NT_STATUS_ACCESS_DENIED message. The drive itself seems fine as I'm able to write to it using any of my accounts directly and I can ftp and scp into it, so I am completely stumped. Does any one else have any experience with this or know what may be the cause? I'm running Fedora Core 4 by the way, if that helps. I never have problems sharing drives like this, except when I forget to change the default permissions on the directory I'm sharing. Try chmod 777 /media and but first do something similar to the root of the drive itself. If you just set this up and created the share, most likely the drive or mount point was created with default permissions, which won't be r/w to the world. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ad and samba and a share - pam needed?
Okay, I think I am finally joined to a domain in ad with aix server ( I dumped mit kerberos and used heimdal instead, which worked great. I can wbinfo -u/-g users and groups and I see everything in my ad realm. I was trying to do a test share, but I am not sure why I cannot connect: My user exists on the unix box and the same name exists on the ad server. The share was: [samba] path = /usr/local/samba/test valid users = DOMAIN/mylogin I tried to type chown DOMAIN/mylogin /usr/local/samba/test, but that does not work. Did I need pam to allow me to do things like this? David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a Secondary Hard Drive
Justin McCullough wrote: I just recently installed a second hard drive in my Samba server with the hopes of sharing it with the rest of my home network. It seems like Samba can not get the correct permissions to the drive, however. I have the drive mounted under /media/public, and when I try to map a share directly to it and open the share with a client, I get an NT_STATUS_BAD_NETWORK_NAME error. When I map the share to /media and try the client again, I can see the cdrom folder, but not public. I have also tried scp and ftp using /media/public, and they both work fine, so it doesn't seem like a common case of poor permission settings. Has anyone else ever experienced this or know of a possible cause? I'm running Fedora Core 4 if that helps. Thanks in advance, Justin McCullough Have you exported the new drive under NFS yet? Joe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WINS hint please
Hi, I have four subnets. Three have a single Samba WINS. One has a Server 2003 WINS. I have no control over the router connect the subnets. I have control over the Samba servers and the S2003. I'd like to have subnet browse lists of all subnets visible on all subnets to all the workstations. Right now I only have each subnet's browse list visible on its subnet, Except for the samba WINS servers which are visible on the subnets that have the Samba servers but not the S2003 subnet. Samba server firewalls have ports 42,135,137,138,139,445 all open all protocols. Thanks Craig Jackson Here's the Samba WINS config: [global] workgroup = ASKK1 server string = JAC-1 netbios name = JAC-1 wins support = yes local master = yes preferred master = yes os level = 65 remote browse sync = 192.168.1.30 192.168.2.30 192.168.3.22 remote announce = 192.168.191.30 192.168.2.30 192.168.3.22 browseable = yes browse list = yes dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = share encrypt passwords = true passdb backend = tdbsam guest invalid users = root socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 hosts allow = 192.168. localhost ; hosts deny = 192.168.220.102 interfaces = 192.168.4.30/255.255.255.0 bind interfaces only = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 4
On Thu, 2006-02-02 at 12:39 +1300, Rhys Goodwin wrote: Hey Guys, I know it's only TP1 and maybe? this isn't the best place to ask but where do I start? For now, user questions on Samba4 are best directed to the samba-technical list. I'm more likely to notice them there. I've download the debian experimental Samba 4 TP1 package and installed it. The debian installer did the provisioning and I've set up dns. I set up a share and it all seems to work fine with the built-in administrator account. But what now? how do I join computers to the domaind? You should be able to join them from the client, as you do to Samba4. There are no scripts required. Do I still need something like nss/pam ldap to enumerate UNIX users? Currently the best option is to manually add matching unix users. This will be improved. how do I manage the directory? How do I login to the directory with generic directory browser. eg. what would then DN be? for my test domain of tammy.abartlet.net, administrator is: CN=Administrator,CN=Users,DC=tammy,DC=abartlet,DC=net We welcome reports of which admin utilities work and which fail, as our LDAP support isn't complete yet. Is SWAT operational at this stage? How would I go about accessing it. Or am I missing something obvious?? It should be listening on port 901. It doesn't do very much at the moment, but that's where you will find it. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA netbois lookup issues
Hi all! I am from the Windows world and am trying to migrate to Linux and have done a fairly good job so far. My recent challenge is that I have built a Samba file/print server that works very well on my internal network but when I VPN into the network remotely I am unable to access the server via it's server name. What is driving me crazy is the fact that the last of my Windows servers is a file/print server as well and I am able to access it without issues. Is this a simple NetBios Port change or is this something else that I am missing? If anyone has some pointers as to what I can do to resolve this issue I would be grateful. Thank you James Taylor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple groups accessing subdirectories
On Fri, Feb 03, 2006 at 09:12:57AM -0600, [EMAIL PROTECTED] wrote: Hello, What I want to do is setup a samba directory that two groups can access, however, beneath that main samba directory I want two directories, one that is accessed by all of the users who have access and the other limited to a certain group of users. If you could provide any help on this, I would really appreciate it. Thanks. Do this with POSIX ACLs. On the main directory, set permissions as follows : owner: not important group: group1: rwx group: group2: rwx other: --- (no access) Make the first directory have identical permissions to the main directory, for the second directory, simply make the owning group the group you want to have access, and give them appropriate permissions. To make sure smbd creates files and directories in these areas with the correct permissions, firstly set the SGID bit on these directories to get BSD semantics (created files and directories have the same group owner as their containing directory) and then set the following smb.conf options for that share : inherit acls = yes inherit owner = yes That will keep the user and group ownerships in those directories constant no matter who edits the files. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trying to mount with minimalist smb.conf
I am trying to mount a share on a remote machine using a miminal smb.conf as suggested in the Samba HOWTO. Nmbd and smbd are running on the target machine. The calling machine (server?) has the name of the target (linda2) in /etc/smbshares. When I try to mount I get the error message: Got a positive name query response from 127.0.0.1 ( 192.168.0.4 ) Connecting to 192.168.0.4 at port 445 Anonymous login successful 13986: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed What do I need to do on either the target machine or the server to allow access? My entire smb.conf is: [global] workgroup = LANET server string = Samba Server log file = /var/log/samba.%m max log size = 50 dns proxy = No hosts allow = 192.168.0., 127. [homes] comment = Home Directories read only = No browseable = No [lba] path = /home/lba -- Larry Alkoff N2LA - Austin TX Using Thunderbird on Slackware Linux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Cross domain and user home questions.
I am desperate here guys... can anyone offer me any advice? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Trimble, Ronald D Sent: Friday, February 03, 2006 10:01 AM To: samba@lists.samba.org Subject: [Samba] Cross domain and user home questions. Thank you in advance for any help anyone may be able to provide with the following issues I am experiencing. The first is authenticating users across domains. I have successfully configured Samba to use an AD domain, but when I try to authenticate another user form another domain in the same tree, I get various errors. Can anyone shed some light on what I may be doing wrong or help me configure this? Here are the important settings from my smb.conf. [global] workgroup = NA realm = NA.UIS.UNISYS.COM netbios name = servername encrypt passwords = yes security = ADS password server = IPaddress passdb backend = smbpasswd log level = 0 syslog = 0 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # winbind separator = + winbind use default domain = no winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash admin users = root, IDs nt acl support = yes map acl inherit = yes As you can see from the config, I am a member of the NA domain. I have no issues with users in this domain and everything works as it should. The problem comes when I try to authenticate users of our other domains... for example EU. Our tree looks like this: UIS.UNISYS.COM |_ NA.UIS.UNISYS.COM |_ EU.UIS.UNISYS.COM |_ etc.. The second issue I have is related to user home directories. I have it set up so that when a user views the SMB shares on the server, they can see their home directory. The problem is that if the directory is not created ahead of time, what they are seeing is not real. The directory is not being created automatically. How can I set this up? Here is the [homes] section of my smb.conf. [homes] comment = Home Directories (RW) valid users = %D\%S browseable = No read only = No create mask = 0660 directory mask = 0770 Thanks again for any help you may provide. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a Secondary Hard Drive
At 03:10 PM 2/3/2006 +, Joe Cipale wrote: Justin McCullough wrote: I just recently installed a second hard drive in my Samba server with the hopes of sharing it with the rest of my home network. It seems like Samba can not get the correct permissions to the drive, however. I have the drive mounted under /media/public, and when I try to map a share directly to it and open the share with a client, I get an NT_STATUS_BAD_NETWORK_NAME error. When I map the share to /media and try the client again, I can see the cdrom folder, but not public. I have also tried scp and ftp using /media/public, and they both work fine, so it doesn't seem like a common case of poor permission settings. Has anyone else ever experienced this or know of a possible cause? I'm running Fedora Core 4 if that helps. Thanks in advance, Justin McCullough Have you exported the new drive under NFS yet? Done what now? Under Samba? To access it from an NT box?? I never have done any exporting. Just declare it a share in my samba conf file and -- oh yeah! You have to restart the daemons! rcsmb restart (or reload? never can remember) rcnmb restart Silly thing won't reload the conf file until you do that. Joe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba [Warfare] Tuez-les tous; Dieu reconnai^tra les siens. (More literally, this is Kill them all; God will recognize his own.) ? Amalric Arnaud, during the seige of Be'ziers (1209 AD)? --... ...-- -.. . -. . --.- --.- -... [EMAIL PROTECTED] (remove nospam) N9QQB (amateur radio) HEY YOU (loud shouting) WEB ADDRESS http//www.mixweb.com/tpeters 43° 7' 17.2 N by 88° 6' 28.9 W, Elevation 815', Grid Square EN53wc WAN/LAN/Telcom Analyst, Tech Writer, MCP, CCNA, Registered Linux User 385531 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] user must logon to change password
Dear All, I turned ON the Samba Policy Control user must logon to change password by runing below pdbedit command [EMAIL PROTECTED] samba]# pdbedit -P user must logon to change password account policy value for user must logon to change password is 0 [EMAIL PROTECTED] samba]# pdbedit -P user must logon to change password -C 1 account policy value for user must logon to change password was 0 account policy value for user must logon to change password is now 1 [EMAIL PROTECTED] samba]# pdbedit -P user must logon to change password account policy value for user must logon to change password is 1 I created user1 [EMAIL PROTECTED] samba]# pdbedit -a user1 new password: retype new password: Unix username:user1 NT username: Account Flags:[U ] User SID: S-1-5-21-2389550245-4160606791-3118586259-2004 Primary Group SID:S-1-5-21-2389550245-4160606791-3118586259-2005 Full Name: Home Directory: \\samba\user1 HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\samba\user1\profile Domain: LINUX Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 03:45:51 GMT Kickoff time: Sat, 14 Dec 1901 03:45:51 GMT Password last set:Sat, 04 Feb 2006 11:19:58 GMT Password can change: Sat, 04 Feb 2006 11:19:58 GMT Password must change: Sat, 14 Dec 1901 03:45:51 GMT [EMAIL PROTECTED] samba]# pdbedit -Lv -u user1 Unix username:user1 NT username: Account Flags:[U ] User SID: S-1-5-21-2389550245-4160606791-3118586259-2004 Primary Group SID:S-1-5-21-2389550245-4160606791-3118586259-2005 Full Name: Home Directory: \\samba\user1 HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\samba\user1\profile Domain: LINUX Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 03:45:51 GMT Kickoff time: Sat, 14 Dec 1901 03:45:51 GMT Password last set:Sat, 04 Feb 2006 11:19:58 GMT Password can change: Sat, 04 Feb 2006 11:19:58 GMT Password must change: Sat, 14 Dec 1901 03:45:51 GMT [EMAIL PROTECTED] samba]# when login from Windows 2000 Prof as user1 .. why it did not ask me to change my password .. ? .. please advise Many thanks in advance Regards Winanjaya *** Our outgoing mail has been scanned by MSS. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user must logon to change password
Dear All, This is my last progress: I added passdb = tdbsam into my [global] and it works I meant now It will ask me to change my password (because it has expired and must be changed) I changed it successfully but after that I met message Unable to log you on because of an account restriction and go back to login screen again, I enter my user id and my new password and it passed me back to change my password with reason the password has expired and must be changed. below is the last version of my /etc/samba/smb.conf please help.. thanks a lot in advance Regards Winanjaya [global] workgroup = LINUX server string = Samba Server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 65 preferred master = yes domain logons = yes logon drive = H: logon script = logon.bat wins support = yes dns proxy = no time server = yes passdb backend = tdbsam add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon writable = no public = no [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [tmp] comment = Temporary file space path = /tmp read only = no public = yes [public] path = /home/public public = yes only guest = no writable = yes read only = no browsable = yes printable = no === - Original Message - From: Winanjaya - PBXSoftwares.com [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Saturday, February 04, 2006 11:24 AM Subject: [Samba] user must logon to change password Dear All, I turned ON the Samba Policy Control user must logon to change password by runing below pdbedit command [EMAIL PROTECTED] samba]# pdbedit -P user must logon to change password account policy value for user must logon to change password is 0 [EMAIL PROTECTED] samba]# pdbedit -P user must logon to change password -C 1 account policy value for user must logon to change password was 0 account policy value for user must logon to change password is now 1 [EMAIL PROTECTED] samba]# pdbedit -P user must logon to change password account policy value for user must logon to change password is 1 I created user1 [EMAIL PROTECTED] samba]# pdbedit -a user1 new password: retype new password: Unix username:user1 NT username: Account Flags:[U ] User SID: S-1-5-21-2389550245-4160606791-3118586259-2004 Primary Group SID:S-1-5-21-2389550245-4160606791-3118586259-2005 Full Name: Home Directory: \\samba\user1 HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\samba\user1\profile Domain: LINUX Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 03:45:51 GMT Kickoff time: Sat, 14 Dec 1901 03:45:51 GMT Password last set:Sat, 04 Feb 2006 11:19:58 GMT Password can change: Sat, 04 Feb 2006 11:19:58 GMT Password must change: Sat, 14 Dec 1901 03:45:51 GMT [EMAIL PROTECTED] samba]# pdbedit -Lv -u user1 Unix username:user1 NT username: Account Flags:[U ] User SID: S-1-5-21-2389550245-4160606791-3118586259-2004 Primary Group SID:S-1-5-21-2389550245-4160606791-3118586259-2005 Full Name: Home Directory: \\samba\user1 HomeDir Drive:H: Logon Script: logon.bat Profile Path: \\samba\user1\profile Domain: LINUX Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Sat, 14 Dec 1901 03:45:51 GMT Kickoff time: Sat, 14 Dec 1901 03:45:51 GMT Password last set:Sat, 04 Feb 2006 11:19:58 GMT Password can change: Sat, 04 Feb 2006 11:19:58 GMT Password must change: Sat, 14 Dec 1901 03:45:51 GMT [EMAIL PROTECTED] samba]# when login from Windows 2000 Prof as user1 .. why it did not ask me to change my password .. ? .. please advise Many thanks in advance Regards Winanjaya *** Our outgoing mail has been scanned by MSS. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba *** Your mail has been scanned by MSS. *** *** Our outgoing mail has been scanned by MSS. *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind setup problem
I have a samba (version 3.0.14a-Debian) running an NT style domain and want to add a member file server implementing winbind. When I use wbinfo -u it returns a list of all my domain users. When I use wbinfo -g it returns 3 results: DOMAIN#power users, DOMAIN#administrators, DOMAIN##backup operators, but nothing else (There is a group mob on the PDC that is the primary group for all the domain users). When I run getent passwd I only get users from /etc/passwd, nothing from my domain. Can anyone offer me advice on how to troubleshoot this? IT Administrator iMedia Asia Pacific -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
directory caching
Hi, Whenever I access a file from a PC, the directory is cached and if I subsequently add a directory or a file the PC won't see the new structure. Is there a way to change that? Thanks, Lukas PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r13304 - in trunk/source/python: .
Author: gd Date: 2006-02-03 13:11:38 + (Fri, 03 Feb 2006) New Revision: 13304 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13304 Log: Fix python build (trunk only). Guenther Modified: trunk/source/python/py_lsa.c Changeset: Modified: trunk/source/python/py_lsa.c === --- trunk/source/python/py_lsa.c2006-02-03 07:19:42 UTC (rev 13303) +++ trunk/source/python/py_lsa.c2006-02-03 13:11:38 UTC (rev 13304) @@ -186,8 +186,8 @@ } ntstatus = rpccli_lsa_lookup_names( - hnd-cli, mem_ctx, hnd-pol, num_names, names, sids, - name_types); + hnd-cli, mem_ctx, hnd-pol, num_names, names, + NULL, sids, name_types); if (!NT_STATUS_IS_OK(ntstatus) NT_STATUS_V(ntstatus) != 0x107) { PyErr_SetObject(lsa_ntstatus, py_ntstatus_tuple(ntstatus));
svn commit: samba-web r909 - in trunk/news: calendar style
Author: deryck Date: 2006-02-03 14:58:45 + (Fri, 03 Feb 2006) New Revision: 909 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=909 Log: Adding Volker's dates to Team calendar. deryck Added: trunk/news/calendar/cebit_06.txt trunk/news/calendar/guug_06.txt Modified: trunk/news/calendar/index.html trunk/news/calendar/showDate.js trunk/news/style/news.css Changeset: Added: trunk/news/calendar/cebit_06.txt === --- trunk/news/calendar/cebit_06.txt2006-01-31 19:04:03 UTC (rev 908) +++ trunk/news/calendar/cebit_06.txt2006-02-03 14:58:45 UTC (rev 909) @@ -0,0 +1,9 @@ +March 9-10, Hannover, Germany + +Volker Lendecke will be giving a Samba4 status update +twice during CeBIT. Info on the March 9 talk is available +at http://www.ix-konferenz.de/stundenplan.php?konferenzid=7st=Programm%FCbersicht. +For more on the March 10 talk, see +http://www.linux-events.de/LinuxPark_2006/LinuxForum/vortraege.html. + +For more on CeBIT, see http://www.cebit.de/. Added: trunk/news/calendar/guug_06.txt === --- trunk/news/calendar/guug_06.txt 2006-01-31 19:04:03 UTC (rev 908) +++ trunk/news/calendar/guug_06.txt 2006-02-03 14:58:45 UTC (rev 909) @@ -0,0 +1,7 @@ +March 23, Osnabruuml;ck, Germany + +Samba Team member Volker Lendecke will be giving +a Samba 3 status update at the German Unix User +Group meeting. For more on Volker's talk, see +http://www.guug.de/veranstaltungen/ffg2006/abstracts.html#3_5_1. +For more on the conference, see http://www.guug.de/veranstaltungen/ffg2006/. Modified: trunk/news/calendar/index.html === --- trunk/news/calendar/index.html 2006-01-31 19:04:03 UTC (rev 908) +++ trunk/news/calendar/index.html 2006-02-03 14:58:45 UTC (rev 909) @@ -201,8 +201,8 @@ td6/td td7/td td8/td - td9/td - td10/td + tda href=cebit_06.txt onclick=showDate(6); return false9/a/td + tda href=cebit_06.txt onclick=showDate(6); return false10/a/td td11/td /tr tr @@ -219,7 +219,7 @@ td20/td tda href=ukuug_06.txt onclick=showDate(4); return false21/a/td tda href=ukuug_06.txt onclick=showDate(4); return false22/a/td - tda href=ukuug_06.txt onclick=showDate(4); return false23/a/td + tda href=guug_06.txt onclick=showDate(7); return false23/a/td td24/td td25/td /tr Modified: trunk/news/calendar/showDate.js === --- trunk/news/calendar/showDate.js 2006-01-31 19:04:03 UTC (rev 908) +++ trunk/news/calendar/showDate.js 2006-02-03 14:58:45 UTC (rev 909) @@ -5,6 +5,8 @@ allEvents[3] = 'pApril 24-26, Goettingen, Germany/ppSamba eXPerience 2006 is an international conference focused exclusively on Samba. The conference features presentations and a Samba tutorial. The Samba Team will be on hand as well./ppFor more info, please see a href=http://www.sambaxp.org/;http://www.sambaxp.org//a./p'; allEvents[4] = 'p21-23 March, Durham, UK/ppSamba Team member Jerry Carter will be leading a Samba tutorial at UKUUG\'s annual Large Installation Systems Administration (LISA) conference. The tutorial will be a full-day class for those currently managing Samba servers or planning to deploy new servers this year./ppFor more info, see a href=http://www.ukuug.org/events/spring2006/;http://www.ukuug.org/events/spring2006//a./p'; allEvents[5] = 'pMay 30-June 3, Boston, MA/ppTeam member Jerry Carter will be teaching courses on LDAP and Ethereal at the 2006 USENIX Annual Technical Conference. For more info, see a href=http://www.usenix.org/events/usenix06/;http://www.usenix.org/events/usenix06//a./p'; +allEvents[6] = 'pMarch 9-10, Hannover, Germany/ppVolker Lendecke will be giving a Samba4 status update twice during CeBIT. Info on the March 9 talk is available at a href=http://www.ix-konferenz.de/stundenplan.php?konferenzid=7st=Programm%FCbersicht;here/a. For more on the March 10 talk, see a href=http://www.linux-events.de/LinuxPark_2006/LinuxForum/vortraege.html;this events page/a./ppFor more on CeBIT, see a href=http://www.cebit.de/;http://www.cebit.de//a./p'; +allEvents[7] = 'p21-23 March, Durham, UK/ppSamba Team member Jerry Carter will be leading a Samba tutorial at UKUUG\'s annual Large Installation Systems Administration (LISA) conference. The tutorial will be a full-day class for those currently managing Samba servers or planning to deploy new servers this year./ppFor more info, see a
svn commit: samba r13305 - in trunk/source/smbd: .
Author: vlendec Date: 2006-02-03 15:38:31 + (Fri, 03 Feb 2006) New Revision: 13305 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13305 Log: 192.168.234.100 is a NT4 machine that exports [temp] as read-only restricted at the share level. I negotiate lanman1 to get dos error codes. [EMAIL PROTECTED]:/etc smbclient //192.168.234.100/temp -Uvl%asdf -W windows -c 'put hosts \pipe\samr' Domain=[WINDOWS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] NT_STATUS_ACCESS_DENIED opening remote file \\pipe\samr [EMAIL PROTECTED]:/etc smbclient //192.168.234.100/temp -Uvl%asdf -W windows -m lanman1 -c 'put hosts \pipe\samr' ERRDOS - ERRnoaccess (Access denied.) opening remote file \\pipe\samr Without this patch Samba misbehaves in the same situation: [EMAIL PROTECTED]:/etc smbclient //192.168.234.1/tmp -Uvl%asdf -W windows -c 'put hosts \pipe\samr' -m lanman1 ERRSRV - ERRaccess ( ... stuff deleted ) opening remote file \\pipe\samr With this patch we get ERRDOS - ERRnoaccess (Access denied.) opening remote file \\pipe\samr which is correct I think. Jeremy, please check. Modified: trunk/source/smbd/open.c Changeset: Modified: trunk/source/smbd/open.c === --- trunk/source/smbd/open.c2006-02-03 13:11:38 UTC (rev 13304) +++ trunk/source/smbd/open.c2006-02-03 15:38:31 UTC (rev 13305) @@ -227,7 +227,6 @@ /* It's a read-only share - fail if we wanted to write. */ if(accmode != O_RDONLY) { DEBUG(3,(Permission denied opening %s\n,fname)); - check_for_pipe(fname); return False; } else if(flags O_CREAT) { /* We don't want to write - but we must make sure that
svn commit: samba r13306 - branches/SAMBA_3_0/packaging/Debian/debian-unstable trunk/packaging/Debian/debian-unstable
Author: lmuelle Date: 2006-02-03 15:39:07 + (Fri, 03 Feb 2006) New Revision: 13306 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13306 Log: Do not call netbios_setup() if this file is sourced by sh or bash. Modified: branches/SAMBA_3_0/packaging/Debian/debian-unstable/samba-common.dhcp trunk/packaging/Debian/debian-unstable/samba-common.dhcp Changeset: Modified: branches/SAMBA_3_0/packaging/Debian/debian-unstable/samba-common.dhcp === --- branches/SAMBA_3_0/packaging/Debian/debian-unstable/samba-common.dhcp 2006-02-03 15:38:31 UTC (rev 13305) +++ branches/SAMBA_3_0/packaging/Debian/debian-unstable/samba-common.dhcp 2006-02-03 15:39:07 UTC (rev 13306) @@ -58,4 +58,8 @@ fi } -netbios_setup +# Only call netbios_setup if we're not sourced. +case $0 in + *bin/sh|*bin/bash) : ;; + *) netbios_setup ;; +esac Modified: trunk/packaging/Debian/debian-unstable/samba-common.dhcp === --- trunk/packaging/Debian/debian-unstable/samba-common.dhcp2006-02-03 15:38:31 UTC (rev 13305) +++ trunk/packaging/Debian/debian-unstable/samba-common.dhcp2006-02-03 15:39:07 UTC (rev 13306) @@ -58,4 +58,8 @@ fi } -netbios_setup +# Only call netbios_setup if we're not sourced. +case $0 in + *bin/sh|*bin/bash) : ;; + *) netbios_setup ;; +esac
svn commit: samba r13307 - in branches/SAMBA_4_0/source/ldap_server/devdocs: .
Author: idra Date: 2006-02-03 15:58:41 + (Fri, 03 Feb 2006) New Revision: 13307 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13307 Log: docs Added: branches/SAMBA_4_0/source/ldap_server/devdocs/rfc3296.txt Changeset: Sorry, the patch is too large (792 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13307
Re: svn commit: samba r13305 - in trunk/source/smbd: .
On Fri, Feb 03, 2006 at 03:38:31PM +, [EMAIL PROTECTED] wrote: Author: vlendec Date: 2006-02-03 15:38:31 + (Fri, 03 Feb 2006) New Revision: 13305 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13305 Log: 192.168.234.100 is a NT4 machine that exports [temp] as read-only restricted at the share level. I negotiate lanman1 to get dos error codes. [EMAIL PROTECTED]:/etc smbclient //192.168.234.100/temp -Uvl%asdf -W windows -c 'put hosts \pipe\samr' Domain=[WINDOWS] OS=[Windows NT 4.0] Server=[NT LAN Manager 4.0] NT_STATUS_ACCESS_DENIED opening remote file \\pipe\samr [EMAIL PROTECTED]:/etc smbclient //192.168.234.100/temp -Uvl%asdf -W windows -m lanman1 -c 'put hosts \pipe\samr' ERRDOS - ERRnoaccess (Access denied.) opening remote file \\pipe\samr Without this patch Samba misbehaves in the same situation: [EMAIL PROTECTED]:/etc smbclient //192.168.234.1/tmp -Uvl%asdf -W windows -c 'put hosts \pipe\samr' -m lanman1 ERRSRV - ERRaccess ( ... stuff deleted ) opening remote file \\pipe\samr With this patch we get ERRDOS - ERRnoaccess (Access denied.) opening remote file \\pipe\samr which is correct I think. Jeremy, please check. Ok, doesn't look completely correct to me This looks like something we need to check before the open. I'll look into moving it so we still behave correctly. Jeremy.
svn commit: samba r13308 - in trunk/source/smbd: .
Author: vlendec Date: 2006-02-03 18:45:48 + (Fri, 03 Feb 2006) New Revision: 13308 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13308 Log: Awaiting a proper fix Modified: trunk/source/smbd/open.c Changeset: Modified: trunk/source/smbd/open.c === --- trunk/source/smbd/open.c2006-02-03 15:58:41 UTC (rev 13307) +++ trunk/source/smbd/open.c2006-02-03 18:45:48 UTC (rev 13308) @@ -227,6 +227,7 @@ /* It's a read-only share - fail if we wanted to write. */ if(accmode != O_RDONLY) { DEBUG(3,(Permission denied opening %s\n,fname)); + check_for_pipe(fname); return False; } else if(flags O_CREAT) { /* We don't want to write - but we must make sure that
svn commit: samba r13309 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: vlendec Date: 2006-02-03 19:24:52 + (Fri, 03 Feb 2006) New Revision: 13309 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13309 Log: If the sid in the winbind name2sid cache is not valid (NT_STATUS_NONE_MAPPED), we have S-0-0 as a SID in the cache. This leads to ugly level 0 messages from string_to_sid. Avoid them. Volker Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c trunk/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-02-03 18:45:48 UTC (rev 13308) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-02-03 19:24:52 UTC (rev 13309) @@ -960,8 +960,10 @@ if (!centry) goto do_query; *type = (enum SID_NAME_USE)centry_uint32(centry); - centry_sid(centry, sid); status = centry-status; + if (NT_STATUS_IS_OK(status)) { + centry_sid(centry, sid); + } DEBUG(10,(name_to_sid: [Cached] - cached name for domain %s status %s\n, domain-name, get_friendly_nt_error_msg(status) )); Modified: trunk/source/nsswitch/winbindd_cache.c === --- trunk/source/nsswitch/winbindd_cache.c 2006-02-03 18:45:48 UTC (rev 13308) +++ trunk/source/nsswitch/winbindd_cache.c 2006-02-03 19:24:52 UTC (rev 13309) @@ -1176,8 +1176,10 @@ if (!centry) goto do_query; *type = (enum SID_NAME_USE)centry_uint32(centry); - centry_sid(centry, sid); status = centry-status; + if (NT_STATUS_IS_OK(status)) { + centry_sid(centry, sid); + } DEBUG(10,(name_to_sid: [Cached] - cached name for domain %s status %s\n, domain-name, get_friendly_nt_error_msg(status) ));
svn commit: samba r13310 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/lib branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/libsmb branches/SAMBA_3_0/source/nsswitch branches
Author: jerry Date: 2006-02-03 21:19:24 + (Fri, 03 Feb 2006) New Revision: 13310 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13310 Log: first round of server affinity patches for winbindd net ads join Modified: branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/lib/gencache.c branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/namequery.c branches/SAMBA_3_0/source/libsmb/namequery_dc.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/passdb/secrets.c trunk/source/include/smb.h trunk/source/lib/gencache.c trunk/source/libads/ldap.c trunk/source/libsmb/cliconnect.c trunk/source/libsmb/namequery.c trunk/source/libsmb/namequery_dc.c trunk/source/nsswitch/winbindd_cm.c trunk/source/passdb/secrets.c Changeset: Sorry, the patch is too large (1375 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13310
svn commit: samba r13311 - in trunk/examples: libsmbclient libsmbclient/smbwrapper logon/mklogon misc
Author: jerry Date: 2006-02-03 21:34:55 + (Fri, 03 Feb 2006) New Revision: 13311 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13311 Log: janitor for Derrell Added: trunk/examples/libsmbclient/smbwrapper/bsd-strlcat.c trunk/examples/libsmbclient/smbwrapper/bsd-strlcpy.c trunk/examples/libsmbclient/smbwrapper/bsd-strlfunc.h trunk/examples/libsmbclient/teststat2.c Modified: trunk/examples/libsmbclient/smbwrapper/Makefile trunk/examples/libsmbclient/smbwrapper/smbsh.c trunk/examples/libsmbclient/smbwrapper/smbw.c trunk/examples/libsmbclient/smbwrapper/smbw.h trunk/examples/libsmbclient/smbwrapper/smbw_dir.c trunk/examples/libsmbclient/smbwrapper/wrapper.c trunk/examples/libsmbclient/smbwrapper/wrapper.h trunk/examples/libsmbclient/testbrowse.c trunk/examples/libsmbclient/testbrowse2.c trunk/examples/logon/mklogon/mklogon.conf trunk/examples/logon/mklogon/mklogon.pl trunk/examples/misc/adssearch.pl Changeset: Sorry, the patch is too large (2030 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13311
svn commit: samba r13312 - in trunk: . source/web
Author: jerry Date: 2006-02-03 21:35:40 + (Fri, 03 Feb 2006) New Revision: 13312 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13312 Log: playiung janitor for me Modified: trunk/MAINTAINERS trunk/source/web/diagnose.c trunk/source/web/swat.c Changeset: Sorry, the patch is too large (392 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13312
svn commit: samba r13313 - in trunk/packaging: . Solaris
Author: jerry Date: 2006-02-03 21:37:01 + (Fri, 03 Feb 2006) New Revision: 13313 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13313 Log: packaging merge from 3.0 Added: trunk/packaging/sysv/ Modified: trunk/packaging/Solaris/makepkg.sh Changeset: Modified: trunk/packaging/Solaris/makepkg.sh === --- trunk/packaging/Solaris/makepkg.sh 2006-02-03 21:35:40 UTC (rev 13312) +++ trunk/packaging/Solaris/makepkg.sh 2006-02-03 21:37:01 UTC (rev 13313) @@ -14,7 +14,7 @@ VFSLIBS=audit.so default_quota.so extd_audit.so full_audit.so readonly.so shadow_copy.so cap.so expand_msdfs.so fake_perms.so netatalk.so recycle.so DATFILES=lowcase.dat upcase.dat valid.dat CHARSETLIBS=CP437.so CP850.so -AUTHLIBS=auth_script.so +AUTHLIBS=script.so add_dynamic_entries() { Copied: trunk/packaging/sysv (from rev 13312, branches/SAMBA_3_0/packaging/sysv)
svn commit: samba r13315 - in trunk/source/smbd: .
Author: jra Date: 2006-02-03 22:10:39 + (Fri, 03 Feb 2006) New Revision: 13315 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13315 Log: This code has been causing problems since 1.9.x I think. Remove check_for_pipe() - Volker was completely correct. If it gets re-added it will be in a old open call path, not in the generic code path. Jeremy. Modified: trunk/source/smbd/open.c Changeset: Modified: trunk/source/smbd/open.c === --- trunk/source/smbd/open.c2006-02-03 22:10:37 UTC (rev 13314) +++ trunk/source/smbd/open.c2006-02-03 22:10:39 UTC (rev 13315) @@ -74,24 +74,7 @@ return fd_close_posix(conn, fsp); } - / - Check a filename for the pipe string. -/ - -static void check_for_pipe(const char *fname) -{ - /* special case of pipe opens */ - char s[10]; - StrnCpy(s,fname,sizeof(s)-1); - strlower_m(s); - if (strstr(s,pipe/)) { - DEBUG(3,(Rejecting named pipe open for %s\n,fname)); - set_saved_error_triple(ERRSRV, ERRaccess, NT_STATUS_ACCESS_DENIED); - } -} - -/ Change the ownership of a file to that of the parent directory. Do this by fd if possible. / @@ -227,7 +210,6 @@ /* It's a read-only share - fail if we wanted to write. */ if(accmode != O_RDONLY) { DEBUG(3,(Permission denied opening %s\n,fname)); - check_for_pipe(fname); return False; } else if(flags O_CREAT) { /* We don't want to write - but we must make sure that @@ -293,7 +275,6 @@ DEBUG(3,(Error opening file %s (%s) (local_flags=%d) (flags=%d)\n, fname,strerror(errno),local_flags,flags)); - check_for_pipe(fname); return False; }
svn commit: samba r13314 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2006-02-03 22:10:37 + (Fri, 03 Feb 2006) New Revision: 13314 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13314 Log: This code has been causing problems since 1.9.x I think. Remove check_for_pipe() - Volker was completely correct. If it gets re-added it will be in a old open call path, not in the generic code path. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/open.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/open.c === --- branches/SAMBA_3_0/source/smbd/open.c 2006-02-03 21:37:01 UTC (rev 13313) +++ branches/SAMBA_3_0/source/smbd/open.c 2006-02-03 22:10:37 UTC (rev 13314) @@ -73,24 +73,7 @@ return fd_close_posix(conn, fsp); } - / - Check a filename for the pipe string. -/ - -static void check_for_pipe(const char *fname) -{ - /* special case of pipe opens */ - char s[10]; - StrnCpy(s,fname,sizeof(s)-1); - strlower_m(s); - if (strstr(s,pipe/)) { - DEBUG(3,(Rejecting named pipe open for %s\n,fname)); - set_saved_error_triple(ERRSRV, ERRaccess, NT_STATUS_ACCESS_DENIED); - } -} - -/ Change the ownership of a file to that of the parent directory. Do this by fd if possible. / @@ -226,7 +209,6 @@ /* It's a read-only share - fail if we wanted to write. */ if(accmode != O_RDONLY) { DEBUG(3,(Permission denied opening %s\n,fname)); - check_for_pipe(fname); return False; } else if(flags O_CREAT) { /* We don't want to write - but we must make sure that @@ -292,7 +274,6 @@ DEBUG(3,(Error opening file %s (%s) (local_flags=%d) (flags=%d)\n, fname,strerror(errno),local_flags,flags)); - check_for_pipe(fname); return False; }
svn commit: samba r13316 - in branches/SAMBA_3_0/source: . auth groupdb include intl lib libads libmsrpc libsmb nsswitch pam_smbpass param passdb printing python rpc_client rpc_parse rpc_server rpccli
Author: jerry Date: 2006-02-03 22:19:41 + (Fri, 03 Feb 2006) New Revision: 13316 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13316 Log: Let the carnage begin Sync with trunk as off r13315 Added: branches/SAMBA_3_0/source/include/event.h branches/SAMBA_3_0/source/include/gpo.h branches/SAMBA_3_0/source/lib/events.c branches/SAMBA_3_0/source/lib/sharesec.c branches/SAMBA_3_0/source/libads/gpo.c branches/SAMBA_3_0/source/libads/gpo_util.c branches/SAMBA_3_0/source/libads/krb5_errs.c branches/SAMBA_3_0/source/libsmb/gpo.c branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c branches/SAMBA_3_0/source/nsswitch/winbindd_creds.c branches/SAMBA_3_0/source/passdb/util_unixsids.c branches/SAMBA_3_0/source/smbd/share_access.c branches/SAMBA_3_0/source/utils/net_ads_gpo.c branches/SAMBA_3_0/source/utils/net_rpc_shell.c branches/SAMBA_3_0/source/utils/net_sam.c branches/SAMBA_3_0/source/utils/net_usershare.c branches/SAMBA_3_0/source/utils/net_util.c branches/SAMBA_3_0/source/utils/netlookup.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/auth/auth.c branches/SAMBA_3_0/source/auth/auth_builtin.c branches/SAMBA_3_0/source/auth/auth_compat.c branches/SAMBA_3_0/source/auth/auth_domain.c branches/SAMBA_3_0/source/auth/auth_ntlmssp.c branches/SAMBA_3_0/source/auth/auth_rhosts.c branches/SAMBA_3_0/source/auth/auth_sam.c branches/SAMBA_3_0/source/auth/auth_script.c branches/SAMBA_3_0/source/auth/auth_server.c branches/SAMBA_3_0/source/auth/auth_unix.c branches/SAMBA_3_0/source/auth/auth_util.c branches/SAMBA_3_0/source/auth/auth_winbind.c branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/groupdb/mapping.c branches/SAMBA_3_0/source/include/ads.h branches/SAMBA_3_0/source/include/auth.h branches/SAMBA_3_0/source/include/doserr.h branches/SAMBA_3_0/source/include/idmap.h branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/include/local.h branches/SAMBA_3_0/source/include/messages.h branches/SAMBA_3_0/source/include/nt_status.h branches/SAMBA_3_0/source/include/passdb.h branches/SAMBA_3_0/source/include/rpc_dfs.h branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/include/rpc_netlogon.h branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/include/secrets.h branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/include/smbldap.h branches/SAMBA_3_0/source/intl/lang_tdb.c branches/SAMBA_3_0/source/lib/dummysmbd.c branches/SAMBA_3_0/source/lib/genrand.c branches/SAMBA_3_0/source/lib/messages.c branches/SAMBA_3_0/source/lib/pam_errors.c branches/SAMBA_3_0/source/lib/pidfile.c branches/SAMBA_3_0/source/lib/readline.c branches/SAMBA_3_0/source/lib/secdesc.c branches/SAMBA_3_0/source/lib/smbldap.c branches/SAMBA_3_0/source/lib/smbldap_util.c branches/SAMBA_3_0/source/lib/system_smbd.c branches/SAMBA_3_0/source/lib/username.c branches/SAMBA_3_0/source/lib/util.c branches/SAMBA_3_0/source/lib/util_file.c branches/SAMBA_3_0/source/lib/util_pw.c branches/SAMBA_3_0/source/lib/util_sid.c branches/SAMBA_3_0/source/lib/util_str.c branches/SAMBA_3_0/source/lib/util_unistr.c branches/SAMBA_3_0/source/libads/kerberos.c branches/SAMBA_3_0/source/libads/krb5_setpw.c branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/libads/sasl.c branches/SAMBA_3_0/source/libmsrpc/cac_lsarpc.c branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/clidfs.c branches/SAMBA_3_0/source/libsmb/clientgen.c branches/SAMBA_3_0/source/libsmb/clikrb5.c branches/SAMBA_3_0/source/libsmb/clilist.c branches/SAMBA_3_0/source/libsmb/clispnego.c branches/SAMBA_3_0/source/libsmb/conncache.c branches/SAMBA_3_0/source/libsmb/errormap.c branches/SAMBA_3_0/source/libsmb/libsmbclient.c branches/SAMBA_3_0/source/libsmb/passchange.c branches/SAMBA_3_0/source/nsswitch/pam_winbind.c branches/SAMBA_3_0/source/nsswitch/pam_winbind.h branches/SAMBA_3_0/source/nsswitch/wb_client.c branches/SAMBA_3_0/source/nsswitch/wbinfo.c branches/SAMBA_3_0/source/nsswitch/winbindd.c branches/SAMBA_3_0/source/nsswitch/winbindd.h branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0/source/nsswitch/winbindd_group.c branches/SAMBA_3_0/source/nsswitch/winbindd_misc.c branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c branches/SAMBA_3_0/source/nsswitch/winbindd_reconnect.c branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c
svn commit: samba r13317 - in branches/SAMBA_4_0/source: lib/messaging libnet
Author: abartlet Date: 2006-02-03 22:30:30 + (Fri, 03 Feb 2006) New Revision: 13317 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13317 Log: Create a new function messaging_client_init() which can be used when we don't have a server messaging context. We should replace the datagram messages with stream sockets in this case, so we don't have to create a unique socket. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/messaging/irpc.h branches/SAMBA_4_0/source/lib/messaging/messaging.c branches/SAMBA_4_0/source/libnet/libnet_lookup.c Changeset: Modified: branches/SAMBA_4_0/source/lib/messaging/irpc.h === --- branches/SAMBA_4_0/source/lib/messaging/irpc.h 2006-02-03 22:19:41 UTC (rev 13316) +++ branches/SAMBA_4_0/source/lib/messaging/irpc.h 2006-02-03 22:30:30 UTC (rev 13317) @@ -86,6 +86,8 @@ void (*fn)(struct messaging_context *, void *, uint32_t, uint32_t, DATA_BLOB *)); struct messaging_context *messaging_init(TALLOC_CTX *mem_ctx, uint32_t server_id, struct event_context *ev); +struct messaging_context *messaging_client_init(TALLOC_CTX *mem_ctx, +struct event_context *ev); NTSTATUS messaging_send_ptr(struct messaging_context *msg, uint32_t server, uint32_t msg_type, void *ptr); void messaging_deregister(struct messaging_context *msg, uint32_t msg_type, void *private); Modified: branches/SAMBA_4_0/source/lib/messaging/messaging.c === --- branches/SAMBA_4_0/source/lib/messaging/messaging.c 2006-02-03 22:19:41 UTC (rev 13316) +++ branches/SAMBA_4_0/source/lib/messaging/messaging.c 2006-02-03 22:30:30 UTC (rev 13317) @@ -459,7 +459,14 @@ return msg; } - +/* + A hack, for the short term until we get 'client only' messaging in place +*/ +struct messaging_context *messaging_client_init(TALLOC_CTX *mem_ctx, + struct event_context *ev) +{ + return messaging_init(mem_ctx, random() % 0x1000, ev); +} /* a list of registered irpc server functions */ Modified: branches/SAMBA_4_0/source/libnet/libnet_lookup.c === --- branches/SAMBA_4_0/source/libnet/libnet_lookup.c2006-02-03 22:19:41 UTC (rev 13316) +++ branches/SAMBA_4_0/source/libnet/libnet_lookup.c2006-02-03 22:30:30 UTC (rev 13317) @@ -167,7 +167,7 @@ TALLOC_CTX *mem_ctx, struct libnet_LookupDCs *io) { - struct messaging_context *msg_ctx = messaging_init(mem_ctx, random() % 0x1000, ctx-event_ctx); + struct messaging_context *msg_ctx = messaging_client_init(mem_ctx, ctx-event_ctx); struct composite_context *c; c = finddcs_send(mem_ctx, io-in.domain_name,
svn commit: samba r13318 - in branches/SAMBA_3_0/source/smbd: .
Author: jerry Date: 2006-02-03 22:42:49 + (Fri, 03 Feb 2006) New Revision: 13318 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13318 Log: remove an unused file Removed: branches/SAMBA_3_0/source/smbd/tdbutil.c Changeset: Deleted: branches/SAMBA_3_0/source/smbd/tdbutil.c === --- branches/SAMBA_3_0/source/smbd/tdbutil.c2006-02-03 22:30:30 UTC (rev 13317) +++ branches/SAMBA_3_0/source/smbd/tdbutil.c2006-02-03 22:42:49 UTC (rev 13318) @@ -1,85 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Main SMB server routines - Copyright (C) Jeremy Allison 2003 - Copyright (C) Gerald (Jerry) Carter 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include includes.h - - -/** - logging function used by smbd to detect and remove corrupted tdb's -**/ - -void smbd_tdb_log(TDB_CONTEXT *tdb, int level, const char *format, ...) -{ - va_list ap; - char *ptr = NULL; - BOOL decrement_smbd_count; - - va_start(ap, format); - vasprintf(ptr, format, ap); - va_end(ap); - - if (!ptr || !*ptr) - return; - - DEBUG(level, (tdb(%s): %s, tdb-name ? tdb-name : unnamed, ptr)); - - if (tdb-ecode == TDB_ERR_CORRUPT) { - int ret; - - DEBUG(0,(tdb_log: TDB %s is corrupt. Removing file and stopping this process.\n, - tdb-name )); - - become_root(); - ret = unlink(tdb-name); - if ( ret ) { - DEBUG(0,(ERROR: %s\n, strerror(errno))); - } - unbecome_root(); - - - /* if its not connections.tdb, then make sure we decrement the - smbd count. If connections.tdb is bad, there's nothing we - can do and everything will eventually shut down or clean - up anyways */ - - if ( strcmp(tdb-name, lock_path(connections.tdb)) == 0 ) - decrement_smbd_count = False; - else - decrement_smbd_count = True; - - /* now die */ - - smb_panic2(corrupt tdb\n, decrement_smbd_count ); - } - - if (tdb-ecode == TDB_ERR_IO) - { - if ( strcmp(tdb-name, lock_path(connections.tdb)) == 0 ) - decrement_smbd_count = False; - else - decrement_smbd_count = True; - - smb_panic2( i/o error on tdb.\n, decrement_smbd_count ); - } - - SAFE_FREE(ptr); -} -
svn commit: samba r13319 - in trunk/source/web: .
Author: jerry Date: 2006-02-03 22:43:16 + (Fri, 03 Feb 2006) New Revision: 13319 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13319 Log: fix the build...changes to remote_password_change() API Modified: trunk/source/web/swat.c Changeset: Modified: trunk/source/web/swat.c === --- trunk/source/web/swat.c 2006-02-03 22:42:49 UTC (rev 13318) +++ trunk/source/web/swat.c 2006-02-03 22:43:16 UTC (rev 13319) @@ -982,7 +982,7 @@ const char *old_passwd, const char *new_passwd, int local_flags) { - BOOL ret = False; + NTSTATUS ret; pstring err_str; pstring msg_str; @@ -996,7 +996,7 @@ new_passwd, err_str, sizeof(err_str)); if(*err_str) printf(%s\np, err_str); - return ret; + return NT_STATUS_IS_OK(ret); } if(!initialize_password_db(True)) { @@ -1012,7 +1012,7 @@ if(*err_str) printf(%s\np, err_str); - return ret; + return NT_STATUS_IS_OK(ret); } /
svn commit: samba r13320 - in branches/SAMBA_4_0/source/setup: .
Author: abartlet Date: 2006-02-03 23:07:58 + (Fri, 03 Feb 2006) New Revision: 13320 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13320 Log: Fix kpasswd's use of the local HDB. /dev/null was a bad idea, we want 'no filename' instead. Andrew Bartlett Modified: branches/SAMBA_4_0/source/setup/secrets.ldif Changeset: Modified: branches/SAMBA_4_0/source/setup/secrets.ldif === --- branches/SAMBA_4_0/source/setup/secrets.ldif2006-02-03 22:43:16 UTC (rev 13319) +++ branches/SAMBA_4_0/source/setup/secrets.ldif2006-02-03 23:07:58 UTC (rev 13320) @@ -51,5 +51,5 @@ whenChanged: ${LDAPTIME} objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw -krb5Keytab: HDB:ldb:sam.ldb:/dev/null -#The /dev/null here is a HACK, but it matches the Heimdal format. +krb5Keytab: HDB:ldb:sam.ldb: +#The trailing : here is a HACK, but it matches the Heimdal format.
svn commit: samba r13321 - in branches/SAMBA_4_0/source/kdc: .
Author: abartlet Date: 2006-02-03 23:19:00 + (Fri, 03 Feb 2006) New Revision: 13321 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13321 Log: Bind to each interface and to the 0.0.0.0 interface on the KDC. This was pointed out by Maurice Massar. It ensures we get the addresses for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over localhost). Also never run the KDC unless we are a DC. Andrew Bartlett Modified: branches/SAMBA_4_0/source/kdc/kdc.c Changeset: Modified: branches/SAMBA_4_0/source/kdc/kdc.c === --- branches/SAMBA_4_0/source/kdc/kdc.c 2006-02-03 23:07:58 UTC (rev 13320) +++ branches/SAMBA_4_0/source/kdc/kdc.c 2006-02-03 23:19:00 UTC (rev 13321) @@ -33,6 +33,8 @@ #include lib/messaging/irpc.h #include lib/stream/packet.h +#include librpc/gen_ndr/samr.h + /* hold all the info needed to send a reply */ struct kdc_reply { struct kdc_reply *next, *prev; @@ -499,22 +501,22 @@ int num_interfaces = iface_count(); TALLOC_CTX *tmp_ctx = talloc_new(kdc); NTSTATUS status; + + int i; + + for (i=0; inum_interfaces; i++) { + const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i)); + status = kdc_add_socket(kdc, address); + NT_STATUS_NOT_OK_RETURN(status); + } /* if we are allowing incoming packets from any address, then we need to bind to the wildcard address */ if (!lp_bind_interfaces_only()) { status = kdc_add_socket(kdc, 0.0.0.0); NT_STATUS_NOT_OK_RETURN(status); - } else { - int i; - - for (i=0; inum_interfaces; i++) { - const char *address = talloc_strdup(tmp_ctx, iface_n_ip(i)); - status = kdc_add_socket(kdc, address); - NT_STATUS_NOT_OK_RETURN(status); - } } - + talloc_free(tmp_ctx); return NT_STATUS_OK; @@ -529,6 +531,19 @@ NTSTATUS status; krb5_error_code ret; + switch (lp_server_role()) { + case ROLE_STANDALONE: + task_server_terminate(task, kdc: no KDC required in standalone configuration); + return; + case ROLE_DOMAIN_MEMBER: + task_server_terminate(task, kdc: no KDC required in member server configuration); + return; + case ROLE_DOMAIN_PDC: + case ROLE_DOMAIN_BDC: + /* Yes, we want a KDC */ + break; + } + if (iface_count() == 0) { task_server_terminate(task, kdc: no network interfaces configured); return;
svn commit: samba r13322 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2006-02-03 23:31:56 + (Fri, 03 Feb 2006) New Revision: 13322 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13322 Log: Fix warning time_t != int. Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/namequery.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/namequery.c === --- branches/SAMBA_3_0/source/libsmb/namequery.c2006-02-03 23:19:00 UTC (rev 13321) +++ branches/SAMBA_3_0/source/libsmb/namequery.c2006-02-03 23:31:56 UTC (rev 13322) @@ -67,8 +67,8 @@ expire = time( NULL ) + SAF_TTL; - DEBUG(10,(saf_store: domain = [%s], server = [%s], expire = [%d]\n, - domain, servername, expire )); + DEBUG(10,(saf_store: domain = [%s], server = [%s], expire = [%u]\n, + domain, servername, (unsigned int)expire )); ret = gencache_set( key, servername, expire );
svn commit: samba r13323 - in trunk/source/libsmb: .
Author: jra Date: 2006-02-03 23:31:59 + (Fri, 03 Feb 2006) New Revision: 13323 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13323 Log: Fix warning time_t != int. Jeremy. Modified: trunk/source/libsmb/namequery.c Changeset: Modified: trunk/source/libsmb/namequery.c === --- trunk/source/libsmb/namequery.c 2006-02-03 23:31:56 UTC (rev 13322) +++ trunk/source/libsmb/namequery.c 2006-02-03 23:31:59 UTC (rev 13323) @@ -67,8 +67,8 @@ expire = time( NULL ) + SAF_TTL; - DEBUG(10,(saf_store: domain = [%s], server = [%s], expire = [%d]\n, - domain, servername, expire )); + DEBUG(10,(saf_store: domain = [%s], server = [%s], expire = [%u]\n, + domain, servername, (unsigned int)expire )); ret = gencache_set( key, servername, expire );
Build status as of Sat Feb 4 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-02-03 00:00:05.0 + +++ /home/build/master/cache/broken_results.txt 2006-02-04 00:00:06.0 + @@ -1,17 +1,17 @@ -Build status as of Fri Feb 3 00:00:01 2006 +Build status as of Sat Feb 4 00:00:02 2006 Build counts: Tree Total Broken Panic ccache 6 2 0 distcc 10 2 0 -lorikeet-heimdal 10 10 0 -ppp 17 0 0 -rsync33 3 0 +lorikeet-heimdal 9 9 0 +ppp 16 0 0 +rsync32 4 0 samba2 0 0 samba-docs 0 0 0 samba4 34 22 2 -samba_3_033 6 0 -smb-build23 4 0 +samba_3_033 8 0 +smb-build24 4 0 talloc 5 3 0 tdb 31 3 0
svn commit: samba r13324 - in branches/SAMBA_4_0/source/lib/ldb: . common include ldb_sqlite3 ldb_tdb tools
Author: idra Date: 2006-02-04 00:38:48 + (Sat, 04 Feb 2006) New Revision: 13324 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13324 Log: From now on check attribute names obey rfc2251 Also add a way to provide utf8 compliant functions by registering them with ldb_set_utf8_fns() Next comes code to register samba internal utf8 functions. Simo. Modified: branches/SAMBA_4_0/source/lib/ldb/Makefile.in branches/SAMBA_4_0/source/lib/ldb/common/ldb.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_ldif.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_msg.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbtest.c Changeset: Sorry, the patch is too large (518 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13324
svn commit: samba r13325 - in branches/SAMBA_4_0/source/lib: . ldb/include
Author: idra Date: 2006-02-04 01:27:47 + (Sat, 04 Feb 2006) New Revision: 13325 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13325 Log: let samba register it's own utf8 aware functions in ldb Modified: branches/SAMBA_4_0/source/lib/db_wrap.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h Changeset: Modified: branches/SAMBA_4_0/source/lib/db_wrap.c === --- branches/SAMBA_4_0/source/lib/db_wrap.c 2006-02-04 00:38:48 UTC (rev 13324) +++ branches/SAMBA_4_0/source/lib/db_wrap.c 2006-02-04 01:27:47 UTC (rev 13325) @@ -55,6 +55,16 @@ free(s); } +static int wrap_caseless_cmp(void *context, const char *s1, const char *s2) +{ + return strcasecmp_m(s1, s2); +} + +static char *wrap_casefold(void *context, void *mem_ctx, const char *s) +{ + return strupper_talloc(mem_ctx, s); +} + /* wrapped connection to a ldb database to close just talloc_free() the returned ldb_context @@ -123,6 +133,8 @@ ldb_set_debug(ldb, ldb_wrap_debug, NULL); + ldb_set_utf8_fns(ldb, NULL, wrap_caseless_cmp, wrap_casefold); + return ldb; } Modified: branches/SAMBA_4_0/source/lib/ldb/include/ldb.h === --- branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2006-02-04 00:38:48 UTC (rev 13324) +++ branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2006-02-04 01:27:47 UTC (rev 13325) @@ -1113,6 +1113,14 @@ void *context); /** + this allows the user to set custom utf8 function for error reporting +*/ +void ldb_set_utf8_fns(struct ldb_context *ldb, + void *context, + int (*cmp)(void *, const char *, const char *), + char *(*casefold)(void *, void *, const char *)); + +/** this sets up debug to print messages on stderr */ int ldb_set_debug_stderr(struct ldb_context *ldb);
svn commit: samba r13326 - in branches/SAMBA_3_0/packaging/RHEL: .
Author: jerry Date: 2006-02-04 04:05:25 + (Sat, 04 Feb 2006) New Revision: 13326 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13326 Log: fix bad path in RHEL spec file; going to have to rebuild Fedora packages Modified: branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl Changeset: Modified: branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl === --- branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl 2006-02-04 01:27:47 UTC (rev 13325) +++ branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl 2006-02-04 04:05:25 UTC (rev 13326) @@ -108,7 +108,7 @@ --localstatedir=/var \ --with-configdir=%{_sysconfdir}/samba \ --with-libdir=%{_libdir}/samba \ ---with-lockdir=/var/cache/samba \ +--with-lockdir=/var/lib/samba \ --with-logfilebase=/var/log/samba \ --with-mandir=%{_mandir} \ --with-piddir=/var/run \ @@ -167,7 +167,7 @@ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/rc.d/init.d mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/{samba,sysconfig} mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d -mkdir -p $RPM_BUILD_ROOT/var/cache/samba/winbindd_privileged +mkdir -p $RPM_BUILD_ROOT/var/lib/samba/winbindd_privileged mkdir -p $RPM_BUILD_ROOT/var/{log,run/winbindd,spool}/samba cd source @@ -257,10 +257,19 @@ %post /sbin/chkconfig --add smb +## deal with an upgrade from a broken 3.0.21a.1 RPM +if [ $1 -eq 2 ]; then + if [ ! -d /var/lib/samba -a -d /var/cache/samba ]; then + mv /var/cache/samba/* /var/lib/samba/ + rm -f /var/cache/samba +fi +fi + + %preun if [ $1 = 0 ] ; then /sbin/chkconfig --del smb -rm -rf /var/log/samba/* /var/cache/samba/* +# rm -rf /var/log/samba/* /var/cache/samba/* /sbin/service smb stop /dev/null 21 fi exit 0
svn commit: samba r13327 - in branches/SAMBA_3_0: .
Author: jht Date: 2006-02-04 05:42:29 + (Sat, 04 Feb 2006) New Revision: 13327 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13327 Log: Update install.html location fix typo. Modified: branches/SAMBA_3_0/README Changeset: Modified: branches/SAMBA_3_0/README === --- branches/SAMBA_3_0/README 2006-02-04 04:05:25 UTC (rev 13326) +++ branches/SAMBA_3_0/README 2006-02-04 05:42:29 UTC (rev 13327) @@ -1,4 +1,4 @@ -This is thre release version of Samba, the free SMB and CIFS client and +This is the release version of Samba, the free SMB and CIFS client and server for UNIX and other operating systems. Samba is maintained by the Samba Team, who support the original author, Andrew Tridgell. @@ -6,7 +6,7 @@ about the configuration and use of Samba. NOTE: Installation instructions may be found in - docs/htmldocs/Samba-HOWTO-Collection/install.html + docs/htmldocs/Samba3-HOWTO/install.html This software is freely distributable under the GNU public license, a copy of which you should have received with this software (in a file
svn commit: samba r13328 - in branches/SAMBA_4_0/source/lib: . ldb/common ldb/include ldb/tools
Author: idra Date: 2006-02-04 05:59:48 + (Sat, 04 Feb 2006) New Revision: 13328 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13328 Log: After the attribute name check cleanup it turned up ldb_caseless_cmp() was used just in one places and by mistake, as there we should have been using ldb_attr_cmp() Remove ldb_caseless_cmp() ... going on with the cleanup and utf8 compliance effort. Simo. Modified: branches/SAMBA_4_0/source/lib/db_wrap.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.c Changeset: Modified: branches/SAMBA_4_0/source/lib/db_wrap.c === --- branches/SAMBA_4_0/source/lib/db_wrap.c 2006-02-04 05:42:29 UTC (rev 13327) +++ branches/SAMBA_4_0/source/lib/db_wrap.c 2006-02-04 05:59:48 UTC (rev 13328) @@ -55,13 +55,8 @@ free(s); } -static int wrap_caseless_cmp(void *context, const char *s1, const char *s2) +char *wrap_casefold(void *context, void *mem_ctx, const char *s) { - return strcasecmp_m(s1, s2); -} - -static char *wrap_casefold(void *context, void *mem_ctx, const char *s) -{ return strupper_talloc(mem_ctx, s); } @@ -133,7 +128,7 @@ ldb_set_debug(ldb, ldb_wrap_debug, NULL); - ldb_set_utf8_fns(ldb, NULL, wrap_caseless_cmp, wrap_casefold); + ldb_set_utf8_fns(ldb, NULL, wrap_casefold); return ldb; } Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2006-02-04 05:42:29 UTC (rev 13327) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c 2006-02-04 05:59:48 UTC (rev 13328) @@ -502,9 +502,8 @@ const struct ldb_attrib_handler *h; /* compare names (attribute names are guaranteed to be ASCII only) */ - ret = ldb_caseless_cmp(ldb, - base-components[n0].name, - dn-components[n1].name); + ret = ldb_attr_cmp(base-components[n0].name, + dn-components[n1].name); if (ret) { return ret; } Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c 2006-02-04 05:42:29 UTC (rev 13327) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c 2006-02-04 05:59:48 UTC (rev 13328) @@ -42,13 +42,10 @@ */ void ldb_set_utf8_fns(struct ldb_context *ldb, void *context, - int (*cmp)(void *, const char *, const char *), char *(*casefold)(void *, void *, const char *)) { if (context) ldb-utf8_fns.context = context; - if (cmp) - ldb-utf8_fns.caseless_cmp = cmp; if (casefold) ldb-utf8_fns.casefold = casefold; } @@ -71,19 +68,9 @@ return ret; } -/* - a caseless compare, optimised for 7 bit - NOTE: doesn't handle UTF8 -*/ - -int ldb_caseless_cmp_default(void *context, const char *s1, const char *s2) -{ - return strcasecmp(s1,s2); -} - void ldb_set_utf8_default(struct ldb_context *ldb) { - ldb_set_utf8_fns(ldb, NULL, ldb_caseless_cmp_default, ldb_casefold_default); + ldb_set_utf8_fns(ldb, NULL, ldb_casefold_default); } char *ldb_casefold(struct ldb_context *ldb, void *mem_ctx, const char *s) @@ -91,11 +78,6 @@ return ldb-utf8_fns.casefold(ldb-utf8_fns.context, mem_ctx, s); } -int ldb_caseless_cmp(struct ldb_context *ldb, const char *s1, const char *s2) -{ - return ldb-utf8_fns.caseless_cmp(ldb-utf8_fns.context, s1, s2); -} - /* check the attribute name is valid according to rfc2251 returns 1 if the name is ok Modified: branches/SAMBA_4_0/source/lib/ldb/include/ldb.h === --- branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2006-02-04 05:42:29 UTC (rev 13327) +++ branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2006-02-04 05:59:48 UTC (rev 13328) @@ -214,7 +214,6 @@ */ struct ldb_utf8_fns { void *context; - int (*caseless_cmp)(void *context, const char *s1, const char *s2); char *(*casefold)(void *context, void *mem_ctx, const char *s); }; @@ -749,21 +748,6 @@ char *ldb_casefold(struct ldb_context *ldb, void *mem_ctx, const char *s); /** - Compare two strings, without regard to case. - - \param ldb the ldb context - \param s1 the first string to compare - \param s2 the second string to compare - - \return 0 if the strings are the same, non-zero if there are any - differences except for case.
svn commit: samba r13329 - in branches/SAMBA_3_0/source: include libsmb locking
Author: jra Date: 2006-02-04 06:31:04 + (Sat, 04 Feb 2006) New Revision: 13329 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13329 Log: Fix libsmbsharemodes.so to work with the stored delete token. Less trouble than I thought plus it didn't need an interface change (thank goodness !). Jeremy. Modified: branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/libsmb/smb_share_modes.c branches/SAMBA_3_0/source/locking/locking.c Changeset: Modified: branches/SAMBA_3_0/source/include/smb.h === --- branches/SAMBA_3_0/source/include/smb.h 2006-02-04 05:59:48 UTC (rev 13328) +++ branches/SAMBA_3_0/source/include/smb.h 2006-02-04 06:31:04 UTC (rev 13329) @@ -670,6 +670,31 @@ BOOL modified; }; +/* + * Internal structure of locking.tdb share mode db. + * Used by locking.c and libsmbsharemodes.c + */ + +struct locking_data { + union { + struct { + int num_share_mode_entries; + BOOL delete_on_close; + BOOL initial_delete_on_close; /* Only set at NTCreateX if file was created. */ + uint32 delete_token_size; /* Only valid if either of +the two previous fields +are True. */ + } s; + struct share_mode_entry dummy; /* Needed for alignment. */ + } u; + /* The following four entries are implicit + struct share_mode_entry modes[num_share_mode_entries]; + char unix_token[delete_token_size] (divisible by 4). + char share_name[]; + char file_name[]; +*/ +}; + #define NT_HASH_LEN 16 #define LM_HASH_LEN 16 Modified: branches/SAMBA_3_0/source/libsmb/smb_share_modes.c === --- branches/SAMBA_3_0/source/libsmb/smb_share_modes.c 2006-02-04 05:59:48 UTC (rev 13328) +++ branches/SAMBA_3_0/source/libsmb/smb_share_modes.c 2006-02-04 06:31:04 UTC (rev 13329) @@ -2,7 +2,7 @@ Samba share mode database library external interface library. Used by non-Samba products needing access to the Samba share mode db. - Copyright (C) Jeremy Allison 2005. + Copyright (C) Jeremy Allison 2005 - 2006 sharemodes_procid functions (C) Copyright (C) Volker Lendecke 2005 @@ -25,6 +25,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/* + * Version 2 - interface changed to handle the token added for correct + * delete on close semantics. + */ + #include includes.h #include smb_share_modes.h @@ -115,9 +120,7 @@ return tdb_chainunlock(db_ctx-smb_tdb, get_locking_key(dev, ino)); } -/* Internal structure of Samba share mode db. */ -/* FIXME ! This should be moved into a Samba include file. */ - +#if 0 struct locking_data { union { struct { @@ -132,12 +135,14 @@ char file_name[]; */ }; +#endif /* * Check if an external smb_share_mode_entry and an internal share_mode entry match. */ -static int share_mode_entry_equal(const struct smb_share_mode_entry *e_entry, const struct share_mode_entry *entry) +static int share_mode_entry_equal(const struct smb_share_mode_entry *e_entry, + const struct share_mode_entry *entry) { return (sharemodes_procid_equal(e_entry-pid, entry-pid) e_entry-file_id == (uint32_t)entry-share_file_id @@ -153,7 +158,8 @@ * Create an internal Samba share_mode entry from an external smb_share_mode_entry. */ -static void create_share_mode_entry(struct share_mode_entry *out, const struct smb_share_mode_entry *in) +static void create_share_mode_entry(struct share_mode_entry *out, + const struct smb_share_mode_entry *in) { memset(out, '\0', sizeof(struct share_mode_entry)); @@ -281,9 +287,11 @@ return -1; } ld = (struct locking_data *)db_data.dptr; + memset(ld, '\0', sizeof(struct locking_data)); ld-u.s.num_share_mode_entries = 1; ld-u.s.delete_on_close = 0; ld-u.s.initial_delete_on_close = 0; + ld-u.s.delete_token_size = 0; shares = (struct share_mode_entry *)(db_data.dptr + sizeof(struct share_mode_entry)); create_share_mode_entry(shares, new_entry); @@ -328,7 +336,7 @@ ld = (struct locking_data *)new_data_p; ld-u.s.num_share_mode_entries++; - /* Append the original filename */ + /* Append the original delete_token and filenames. */ memcpy(new_data_p +
svn commit: samba r13330 - in trunk/source: include libsmb locking
Author: jra Date: 2006-02-04 06:31:07 + (Sat, 04 Feb 2006) New Revision: 13330 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13330 Log: Fix libsmbsharemodes.so to work with the stored delete token. Less trouble than I thought plus it didn't need an interface change (thank goodness !). Jeremy. Modified: trunk/source/include/smb.h trunk/source/libsmb/smb_share_modes.c trunk/source/locking/locking.c Changeset: Modified: trunk/source/include/smb.h === --- trunk/source/include/smb.h 2006-02-04 06:31:04 UTC (rev 13329) +++ trunk/source/include/smb.h 2006-02-04 06:31:07 UTC (rev 13330) @@ -672,6 +672,31 @@ BOOL modified; }; +/* + * Internal structure of locking.tdb share mode db. + * Used by locking.c and libsmbsharemodes.c + */ + +struct locking_data { + union { + struct { + int num_share_mode_entries; + BOOL delete_on_close; + BOOL initial_delete_on_close; /* Only set at NTCreateX if file was created. */ + uint32 delete_token_size; /* Only valid if either of +the two previous fields +are True. */ + } s; + struct share_mode_entry dummy; /* Needed for alignment. */ + } u; + /* The following four entries are implicit + struct share_mode_entry modes[num_share_mode_entries]; + char unix_token[delete_token_size] (divisible by 4). + char share_name[]; + char file_name[]; +*/ +}; + #define NT_HASH_LEN 16 #define LM_HASH_LEN 16 Modified: trunk/source/libsmb/smb_share_modes.c === --- trunk/source/libsmb/smb_share_modes.c 2006-02-04 06:31:04 UTC (rev 13329) +++ trunk/source/libsmb/smb_share_modes.c 2006-02-04 06:31:07 UTC (rev 13330) @@ -2,7 +2,7 @@ Samba share mode database library external interface library. Used by non-Samba products needing access to the Samba share mode db. - Copyright (C) Jeremy Allison 2005. + Copyright (C) Jeremy Allison 2005 - 2006 sharemodes_procid functions (C) Copyright (C) Volker Lendecke 2005 @@ -25,6 +25,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +/* + * Version 2 - interface changed to handle the token added for correct + * delete on close semantics. + */ + #include includes.h #include smb_share_modes.h @@ -115,9 +120,7 @@ return tdb_chainunlock(db_ctx-smb_tdb, get_locking_key(dev, ino)); } -/* Internal structure of Samba share mode db. */ -/* FIXME ! This should be moved into a Samba include file. */ - +#if 0 struct locking_data { union { struct { @@ -132,12 +135,14 @@ char file_name[]; */ }; +#endif /* * Check if an external smb_share_mode_entry and an internal share_mode entry match. */ -static int share_mode_entry_equal(const struct smb_share_mode_entry *e_entry, const struct share_mode_entry *entry) +static int share_mode_entry_equal(const struct smb_share_mode_entry *e_entry, + const struct share_mode_entry *entry) { return (sharemodes_procid_equal(e_entry-pid, entry-pid) e_entry-file_id == (uint32_t)entry-share_file_id @@ -153,7 +158,8 @@ * Create an internal Samba share_mode entry from an external smb_share_mode_entry. */ -static void create_share_mode_entry(struct share_mode_entry *out, const struct smb_share_mode_entry *in) +static void create_share_mode_entry(struct share_mode_entry *out, + const struct smb_share_mode_entry *in) { memset(out, '\0', sizeof(struct share_mode_entry)); @@ -281,9 +287,11 @@ return -1; } ld = (struct locking_data *)db_data.dptr; + memset(ld, '\0', sizeof(struct locking_data)); ld-u.s.num_share_mode_entries = 1; ld-u.s.delete_on_close = 0; ld-u.s.initial_delete_on_close = 0; + ld-u.s.delete_token_size = 0; shares = (struct share_mode_entry *)(db_data.dptr + sizeof(struct share_mode_entry)); create_share_mode_entry(shares, new_entry); @@ -328,7 +336,7 @@ ld = (struct locking_data *)new_data_p; ld-u.s.num_share_mode_entries++; - /* Append the original filename */ + /* Append the original delete_token and filenames. */ memcpy(new_data_p + ((ld-u.s.num_share_mode_entries+1)*sizeof(struct share_mode_entry)), db_data.dptr + ((orig_num_share_modes+1)*sizeof(struct
svn commit: samba r13331 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2006-02-04 06:36:02 + (Sat, 04 Feb 2006) New Revision: 13331 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13331 Log: No I didn't have to change the interface version... Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/smb_share_modes.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/smb_share_modes.c === --- branches/SAMBA_3_0/source/libsmb/smb_share_modes.c 2006-02-04 06:31:07 UTC (rev 13330) +++ branches/SAMBA_3_0/source/libsmb/smb_share_modes.c 2006-02-04 06:36:02 UTC (rev 13331) @@ -25,11 +25,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -/* - * Version 2 - interface changed to handle the token added for correct - * delete on close semantics. - */ - #include includes.h #include smb_share_modes.h @@ -120,23 +115,6 @@ return tdb_chainunlock(db_ctx-smb_tdb, get_locking_key(dev, ino)); } -#if 0 -struct locking_data { - union { - struct { - int num_share_mode_entries; - BOOL delete_on_close; - BOOL initial_delete_on_close; - } s; - struct share_mode_entry dummy; /* Needed for alignment. */ - } u; - /* the following two entries are implicit - struct share_mode_entry modes[num_share_mode_entries]; - char file_name[]; - */ -}; -#endif - /* * Check if an external smb_share_mode_entry and an internal share_mode entry match. */
svn commit: samba r13332 - in trunk/source/libsmb: .
Author: jra Date: 2006-02-04 06:36:05 + (Sat, 04 Feb 2006) New Revision: 13332 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13332 Log: No I didn't have to change the interface version... Jeremy. Modified: trunk/source/libsmb/smb_share_modes.c Changeset: Modified: trunk/source/libsmb/smb_share_modes.c === --- trunk/source/libsmb/smb_share_modes.c 2006-02-04 06:36:02 UTC (rev 13331) +++ trunk/source/libsmb/smb_share_modes.c 2006-02-04 06:36:05 UTC (rev 13332) @@ -25,11 +25,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ -/* - * Version 2 - interface changed to handle the token added for correct - * delete on close semantics. - */ - #include includes.h #include smb_share_modes.h @@ -120,23 +115,6 @@ return tdb_chainunlock(db_ctx-smb_tdb, get_locking_key(dev, ino)); } -#if 0 -struct locking_data { - union { - struct { - int num_share_mode_entries; - BOOL delete_on_close; - BOOL initial_delete_on_close; - } s; - struct share_mode_entry dummy; /* Needed for alignment. */ - } u; - /* the following two entries are implicit - struct share_mode_entry modes[num_share_mode_entries]; - char file_name[]; - */ -}; -#endif - /* * Check if an external smb_share_mode_entry and an internal share_mode entry match. */
svn commit: samba r13333 - in branches/SAMBA_4_0/source/lib: . ldb/common ldb/include ldb/ldb_sqlite3 ldb/ldb_tdb ldb/tools
Author: idra Date: 2006-02-04 06:57:28 + (Sat, 04 Feb 2006) New Revision: 1 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=1 Log: revert previous commit I will use ldb_caseless_cmp in attrib_handlers to correctly support utf8 comparisons add an ldb_attr_Casefold function for attribute names and use it instead of casefold in the right places Modified: branches/SAMBA_4_0/source/lib/db_wrap.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_dn.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_utf8.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.c Changeset: Sorry, the patch is too large (273 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=1
svn commit: samba r13334 - in branches/SAMBA_4_0/source/librpc/rpc: .
Author: abartlet Date: 2006-02-04 07:56:30 + (Sat, 04 Feb 2006) New Revision: 13334 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13334 Log: Add comments describing what these functions do. We still need many more, but it is a start... Andrew Bartlett Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c 2006-02-04 06:57:28 UTC (rev 1) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c 2006-02-04 07:56:30 UTC (rev 13334) @@ -164,6 +164,18 @@ bind_auth_next_step(c); } +/** + Bind to a DCE/RPC pipe, async + @param mem_ctx TALLOC_CTX for the allocation of the composite_context + @param p The dcerpc_pipe to bind (must already be connected) + @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates) + @param credentials The credentials of the account to connect with + @param auth_type Select the authentication scheme to use + @param auth_level Chooses between unprotected (connect), signed or sealed + @param service The service (used by Kerberos to select the service principal to contact) + @retval A composite context describing the partial state of the bind +*/ + struct composite_context *dcerpc_bind_auth_send(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p, const struct dcerpc_interface_table *table, @@ -316,8 +328,15 @@ return result; } -/* - setup GENSEC on a DCE-RPC pipe +/** + Perform a GENSEC authenticated bind to a DCE/RPC pipe, sync + @param p The dcerpc_pipe to bind (must already be connected) + @param table The interface table to use (the DCE/RPC bind both selects and interface and authenticates) + @param credentials The credentials of the account to connect with + @param auth_type Select the authentication scheme to use + @param auth_level Chooses between unprotected (connect), signed or sealed + @param service The service (used by Kerberos to select the service principal to contact) + @retval NTSTATUS status code */ NTSTATUS dcerpc_bind_auth(struct dcerpc_pipe *p, const struct dcerpc_interface_table *table,
svn commit: samba r13335 - in branches/SAMBA_4_0/source/lib: . ldb/common ldb/include ldb/ldb_tdb
Author: idra Date: 2006-02-04 07:57:57 + (Sat, 04 Feb 2006) New Revision: 13335 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13335 Log: Fix the build and add an utf8 safe ldb_hadler_fold function based on ldb_casefold Modified: branches/SAMBA_4_0/source/lib/db_wrap.c branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c Changeset: Modified: branches/SAMBA_4_0/source/lib/db_wrap.c === --- branches/SAMBA_4_0/source/lib/db_wrap.c 2006-02-04 07:56:30 UTC (rev 13334) +++ branches/SAMBA_4_0/source/lib/db_wrap.c 2006-02-04 07:57:57 UTC (rev 13335) @@ -55,12 +55,12 @@ free(s); } -static int wrap_caseless_cmp(void *context, const char *s1, const char *s2) +int wrap_caseless_cmp(void *context, const char *s1, const char *s2) { return strcasecmp_m(s1, s2); } -static char *wrap_casefold(void *context, void *mem_ctx, const char *s) +char *wrap_casefold(void *context, void *mem_ctx, const char *s) { return strupper_talloc(mem_ctx, s); } Modified: branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c === --- branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c 2006-02-04 07:56:30 UTC (rev 13334) +++ branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c 2006-02-04 07:57:57 UTC (rev 13335) @@ -46,32 +46,60 @@ /* a case folding copy handler, removing leading and trailing spaces and multiple internal spaces + + We exploit the fact that utf8 never uses the space octet except for + the space itself */ static int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, const struct ldb_val *in, struct ldb_val *out) { - uint8_t *s1, *s2; - out-data = talloc_size(mem_ctx, strlen((char *)in-data)+1); + char *s, *t; + int l; + if (!in || !out || !(in-data)) { + return -1; + } + + out-data = (uint8_t *)ldb_casefold(ldb, mem_ctx, (const char *)(in-data)); if (out-data == NULL) { - ldb_oom(ldb); + ldb_debug(ldb, LDB_DEBUG_ERROR, ldb_handler_fold: unable to casefold string [%s], in-data); return -1; } - s1 = in-data; - s2 = out-data; - while (*s1 == ' ') s1++; - while (*s1) { - *s2 = toupper(*s1); - if (s1[0] == ' ') { - while (s1[0] == s1[1]) s1++; + + s = (char *)(out-data); + + /* remove trailing spaces if any */ + l = strlen(s); + while (s[l - 1] == ' ') l--; + s[l] = '\0'; + + /* remove leading spaces if any */ + if (*s == ' ') { + for (t = s; *s == ' '; s++) ; + + /* remove leading spaces by moving down the string */ + memmove(t, s, l); + + s = t; + } + + /* check middle spaces */ + while ((t = strchr(s, ' ')) != NULL) { + for (s = t; *s == ' '; s++) ; + + if ((s - t) 1) { + l = strlen(s); + + /* remove all spaces but one by moving down the string */ + memmove(t + 1, s, l); } - s2++; s1++; } - *s2 = 0; + out-length = strlen((char *)out-data); return 0; } + /* canonicalise a ldap Integer rfc2252 specifies it should be in decimal form @@ -114,8 +142,8 @@ } /* - compare two case insensitive strings, ignoring multiple whitespace - and leading and trailing whitespace + compare two case insensitive strings, ignoring multiple whitespaces + and leading and trailing whitespaces see rfc2252 section 8.1 */ static int ldb_comparison_fold(struct ldb_context *ldb, void *mem_ctx, Modified: branches/SAMBA_4_0/source/lib/ldb/include/ldb.h === --- branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2006-02-04 07:56:30 UTC (rev 13334) +++ branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2006-02-04 07:57:57 UTC (rev 13335) @@ -970,6 +970,7 @@ case; non-zero if there are any differences */ int ldb_attr_cmp(const char *attr1, const char *attr2); +char *ldb_attr_casefold(void *mem_ctx, const char *s); int ldb_attr_dn(const char *attr); char *ldb_dn_escape_value(void *mem_ctx, struct ldb_val value); Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2006-02-04 07:56:30 UTC (rev 13334) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2006-02-04 07:57:57 UTC (rev 13335) @@ -106,7 +106,7 @@ const struct ldb_attrib_handler *h;