[Samba] Unable to access and browse a DFS tree
Please help me understand why I am unable to connect to and browse the newly configured DFS tree that I installed on my Samba server according to the instructions found in Chapter 18. Hosting a Microsoft Distributed File System Tree of the official how-to. Irrespective of whether I try to access the dfs file tree from either the local file browser (and choosing the SMB tree) or from windows, I get a login dialog box and I do not understand why this is the case. Moreover, no userid/password from either the Samba server or the Windows machine with the share works. I compiled samba (version 3.0.21b) with the option --with-msdfs. Below I include smb.conf and fstab, showing how the share gets mounted via smbfs, as well as an 'ls' showing the access rights and ownership of the directory. The remote share on the Windows machine grants read access to everyone. Thanks for your help in advance, Theo --- smb.conf --- [global] dos charset = ISO-8859-1 unix charset = ISO-8859-1 display charset = ISO-8859-1 workgroup = VERKSTAD server string = Kanter Samba Server interfaces = eth0, 192.168.0.100/24 security = SHARE encrypt passwords = No guest account = theo log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups os level = 33 dns proxy = No wins support = Yes host msdfs = Yes hosts allow = 192.168.0., 127.0.0.1 [dfs] comment = DFS Share path = /export/dfsroot msdfs root = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printer admin = root guest ok = Yes printable = Yes use client driver = Yes browseable = No [print$] comment = Printer Drivers path = /etc/samba/drivers write list = root [myshare] comment = Theo's stuff path = /home/samba valid users = root, theo read only = No create mask = 0765 guest ok = Yes [mystore] comment = Theo's store path = /store valid users = root, theo read only = No create mask = 0765 guest ok = Yes [cdrom] comment = Samba server's CD-ROM path = /mnt/cdrom guest ok = Yes locking = No preexec = /bin/mount /mnt/cdrom postexec = /bin/umount /mnt/cdrom # more /etc/fstab # # /etc/fstab: static file system information # # file systemdirtypeoptionsdump pass /dev/hda6 /reiserfs defaults 1 0 /dev/hda5 swap swap defaults 0 0 /dev/hda7 /var reiserfs defaults 1 0 /dev/hda8 /homereiserfs defaults 1 0 /dev/hda1 /bootreiserfs defaults 1 0 /dev/hdb1 /store reiserfs defaults 1 0 /dev/cdroms/cdrom0 /mnt/cdrom iso9660 ro,user,noauto,unhide 0 0 /dev/floppy/0 /mnt/floppy vfat user,noauto,unhide0 0 proc /procproc defaults 0 0 devpts /dev/pts devptsdefaults 0 0 //lustigknopp/media /mnt/samba/lustigknopp/media smbfs credentials=/home/theo/.smbpasswd 0 0 # End of file # # # ls -l /export total 0 drwxr-xr-x 2 root root 72 Feb 8 18:23 dfsroot # ls -l /export/dfsroot/ total 0 lrwxrwxrwx 1 root root 23 Feb 8 18:23 linka - msdfs:lustigknopp\media # -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba - cups rights problem
Hi, wel, i didn't solve it, i just let my users print multiple times and if they want lots of prints, i print it for them. What you can do, ( i didn't ) is add the Domain users to the printer operators But if 1 users change the printer settings it goes to all users. I also have people unable to delete each other's jobs while they are allowed in CUPS. this is correct behavor, Windows Rights are set this way, no cups rights. you can add a group to the printers to give some persons delete rights, maybe you can resolve the printing of multiple copies also, but i didnt had the time to get on to this. ( see the security tap of the printer ( go to \\servername\ printers and faxes \ ) Hope this info helped you a bit. Louis -Oorspronkelijk bericht- Van: www-data [mailto:[EMAIL PROTECTED] Namens Jérôme Warnier Verzonden: vrijdag 10 februari 2006 10:54 Aan: [EMAIL PROTECTED] Onderwerp: Samba - cups rights problem Did you solve your problem? I think I have the same here, about the number of copies. How did you solve that in the end? I also have people unable to delete each other's jobs while they are allowed in CUPS. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, We are discussing removing the capability to chaining passdb backends. It's a decent idea but overly complicates things IMO and unless it has wide spread use, we'll probably axe it soon (voting is starting up on the samba-tecnnical ml now). To give you an example of what I mean, is anyone using something like: passdb backend = smbpasswd ldapsam If you haven't been using this type of configuration, don't start now in case is does get removed in the next release. I have used 'passdb backend = tdbsam smbpasswd' several times though only for the purpose of migrating to a different backend. So long as there is another way to migrate from one backend to another I don't suppose it would matter. -- Mike Rambo [EMAIL PROTECTED] There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. --Ed Howdershelt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade to 3.0.14 breaks NT4 client login
Our office is a mix of XP and NT4 clients. I've been running Fedora Core 3 for some time with samba-3.0.10-1.fc3.i386.rpm with no problems. When I upgraded to Fedora Core 4 with samba-3.0.14a-2.i386.rpm NT4 clients can no longer authenticate. [2006/02/08 14:17:22, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: unix authentication for user [zzz] FAILED with error NT_STATUS_WRONG_PASSWORD If I map using a XP client with the same user all is well. I hope this is just a config setting that has changed. I also tried samba-3.0.21b-3.i386.rpm from samba.org and it failed as well. Thanks Richard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] chown DOMAIN+mylogin /dir fails (Please help)
When I tried to run the commands you suggested, I got the following:
lsuser -R WINBIND ALL
Invalid -R option WINBIND
Usage: lsuser [-R load_module] [ -c | -f ] [ -a attr attr ... ] { ALL
| user1,user2 ... }
The WINBIND entry that I copied from the nsswitch directory after the
make install is in /usr/lib/security. Why does it not think this is a
valid module?
David
David Shapiro
Unix Team Lead
919-765-2011
Doug VanLeuven [EMAIL PROTECTED] 2/9/2006 11:03:38 PM
David Shapiro wrote:
What can I look at to understand why chown keeps saying user does
not
exist.
wbinfo -u/-g returns the user information
klist -v shows kerberos is working
net ads join works fine
wbinfo -t shows secret is fine
aix does not have getent so I can't run getent passwd -- is there
something equivalent on aix?
Closest you're going to get is lsuser -R load_module
lsuser -R NIS ALL
lsuser -R LDAP ALL
lsuser -R WINBIND ALL
and of course lsgroup -R load_module
/usr/lib/security/methods.cfg has:
WINBIND:
program = /usr/lib/security/WINBIND (set with chmod 444)
options =authonly
Authonly means it's not capable of supplying any user information.
I don't know that's true anymore.
Look in source/nsswitch/winbind_nss_aix.c
Available methods are at the end of the file.
Not all methods are implemented, and not all methods implemented
return a valid answere.
Regards, Doug
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to access and browse a DFS tree
I'll will answer my own message in the hope that might be of use to someone else who is also puzzled by the phrase Users on DFS-aware clients can now browse the DFS tree at the end of Chapter 18. You cannot *now* browse the DFS tree. This is only true when adding a few extra lines, granting access to the local dfs share. [dfs] comment = DFS Share path = /export/dfsroot valid users = root, theo read only = No create mask = 0765 guest ok = Yes msdfs root = Yes --theo Theo Kanter wrote: Please help me understand why I am unable to connect to and browse the newly configured DFS tree that I installed on my Samba server according to the instructions found in Chapter 18. Hosting a Microsoft Distributed File System Tree of the official how-to. Irrespective of whether I try to access the dfs file tree from either the local file browser (and choosing the SMB tree) or from windows, I get a login dialog box and I do not understand why this is the case. Moreover, no userid/password from either the Samba server or the Windows machine with the share works. I compiled samba (version 3.0.21b) with the option --with-msdfs. Below I include smb.conf and fstab, showing how the share gets mounted via smbfs, as well as an 'ls' showing the access rights and ownership of the directory. The remote share on the Windows machine grants read access to everyone. Thanks for your help in advance, Theo --- smb.conf --- [global] dos charset = ISO-8859-1 unix charset = ISO-8859-1 display charset = ISO-8859-1 workgroup = VERKSTAD server string = Kanter Samba Server interfaces = eth0, 192.168.0.100/24 security = SHARE encrypt passwords = No guest account = theo log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups os level = 33 dns proxy = No wins support = Yes host msdfs = Yes hosts allow = 192.168.0., 127.0.0.1 [dfs] comment = DFS Share path = /export/dfsroot msdfs root = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printer admin = root guest ok = Yes printable = Yes use client driver = Yes browseable = No [print$] comment = Printer Drivers path = /etc/samba/drivers write list = root [myshare] comment = Theo's stuff path = /home/samba valid users = root, theo read only = No create mask = 0765 guest ok = Yes [mystore] comment = Theo's store path = /store valid users = root, theo read only = No create mask = 0765 guest ok = Yes [cdrom] comment = Samba server's CD-ROM path = /mnt/cdrom guest ok = Yes locking = No preexec = /bin/mount /mnt/cdrom postexec = /bin/umount /mnt/cdrom # more /etc/fstab # # /etc/fstab: static file system information # # file systemdirtypeoptionsdump pass /dev/hda6 /reiserfs defaults 1 0 /dev/hda5 swap swap defaults 0 0 /dev/hda7 /var reiserfs defaults 1 0 /dev/hda8 /homereiserfs defaults 1 0 /dev/hda1 /bootreiserfs defaults 1 0 /dev/hdb1 /store reiserfs defaults 1 0 /dev/cdroms/cdrom0 /mnt/cdrom iso9660 ro,user,noauto,unhide 0 0 /dev/floppy/0 /mnt/floppy vfat user,noauto,unhide0 0 proc /procproc defaults 0 0 devpts /dev/pts devptsdefaults 0 0 //lustigknopp/media /mnt/samba/lustigknopp/media smbfs credentials=/home/theo/.smbpasswd 0 0 # End of file # # # ls -l /export total 0 drwxr-xr-x 2 root root 72 Feb 8 18:23 dfsroot # ls -l /export/dfsroot/ total 0 lrwxrwxrwx 1 root root 23 Feb 8 18:23 linka - msdfs:lustigknopp\media # -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WINBIND security methods does not load
I cannot load WINBIND for some reason anymore since some time yesterday morning. I used to not be able to remove WINBIND or copy over it because it would say it is in use, but now I can, which shows it is not in use. In addition, lsuser -R WINBIND does not load the module. What can I do to help determine why this is not loading? David David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient chown and chmod problem
Hi, I'm trying to change permisions (chmod) or owner (chown) of a file through smbclient conected to a samba server (version: samba-3.0.4-1). I always receive the following error message: Pushing string of 'unlimited' length into non-SMB buffer! hpcinf03:/etc/samba# smbclient //hserint2/HomesUsuarios -U inform Password: Domain=[HGUV] OS=[Unix] Server=[Samba 3.0.4] smb: \ cd bperez smb: \bperez\ chown bperez inf prueba.xls Pushing string of 'unlimited' length into non-SMB buffer! smb: \bperez\ chmod 775 prueba.xls Pushing string of 'unlimited' length into non-SMB buffer! man of smbclient said that these commands depends on the server supporting the CIFS UNIX extensions and will fail if the server does not. By default this command is in smb.conf: unix extensions = yes so I understand it has to work. Do I have to do something to enable CIFS UNIX extensions on my samba server ? Does anyone can give me any clue ?? Thanks in advanced. Grettings, Fernando. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Collen Blijenberg wrote: Does removing passdb backends include the mysql backend ?? The pdb_*sql modules have already been removed. This has been discussed before. See https://bugzilla.samba.org/show_bug.cgi?id=3375 or do you mean the capability of useing more then 1 passdb ? I'm referring to using more than one passdb at the same time. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD7KXiIR7qMdg1EfYRAissAKC9KnQH/QjnzuuzOgez3XFFi99ZkgCgkrSe mzDA+IQRbyjHoPsi25G4nCU= =f7Nl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fwd: WINBIND security methods does not load
Hmm, I am not sure why this worked, but I moved my WINBIND stanza in /usr/lib/security/methods.cfg up in the file prior to the PAM stanza, and save it. After this, I was able to load the module. Any ideas on why this worked? David David Shapiro Unix Team Lead 919-765-2011 David Shapiro 2/10/2006 9:32:14 AM I cannot load WINBIND for some reason anymore since some time yesterday morning. I used to not be able to remove WINBIND or copy over it because it would say it is in use, but now I can, which shows it is not in use. In addition, lsuser -R WINBIND does not load the module. What can I do to help determine why this is not loading? David David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] horrifying slow samba.
Hi all,
We have a linux data server here, which used to be a workgroup member.
Everything was fine then. Now we hav a new sbs server here, so the data
server had to be made into a domain member. To do that i followed this
manual.
The thing is now, that the samba shares on the data server are slow as
h**l
What can be the problem ? Any ideas are welcome !
Code:
[global]
netbios name = DATASVR
server string = DATASVR
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind gid = 1-2
workgroup = GOVALOKAAL
os level = 20
winbind enum groups = yes
socket address = 10.0.0.200
password server = *
preferred master = no
winbind separator = +
max log size = 50
log file = /var/log/samba3/log.%m
encrypt passwords = yes
dns proxy = no
realm = GOVA.LOKAAL
security = ADS
wins server = 10.0.0.201
wins proxy = no
workgroup = govalokaal
[stuff]
comment = stuffpath = /raid/stuff
writable = yes
and the krb5 config :
Code:
datasvr etc # cat krb5.conf
[libdefaults]
default_realm = GOVA.LOKAAL
[realms]
GOVA.LOKAAL = {
kdc = adserver.gova.lokaal
}
datasvr etc #
the hosts file :
Code:
datasvr etc # cat hosts
127.0.0.1 localhost
10.0.0.201 adserver.gova.lokaal adserver
To enable samba to be a domain member i used the following manual :
http://forums.gentoo.org/viewtopic-t-114837-postdays-0-postorder-asc-sta
rt-0.html
http://forums.gentoo.org/viewtopic-t-114837-postdays-0-postorder-asc-st
art-0.html
thanks a lot !
martijn
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Error Messages in /var/log/messages
Thanks for the information. The ports 139 and 445 are both open. Using SuSE 9.2 Professional. I guess I'll look more information on the FW and see what I can do. -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Thursday, February 09, 2006 11:50 PM To: samba@lists.samba.org Subject: Re: [Samba] Error Messages in /var/log/messages On Thu, 2006-02-09 at 16:08 -0500, Jesse Spangenberger wrote: Here's the output: Feb 9 15:51:26 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51248 DF PROTO=TCP SPT=1964 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2065 DF PROTO=TCP SPT=1136 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:51:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2066 DF PROTO=TCP SPT=1137 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:51:46 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:00:c5:fa:6d:6c:08:00 SRC=192.168.2.51 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=38844 DF PROTO=TCP SPT=2924 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055C01010402) Feb 9 15:52:55 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:09:5b:e6:1a:27:08:00 SRC=192.168.1.254 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2068 DF PROTO=TCP SPT=1184 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:53:07 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:40:ca:86:d5:17:08:00 SRC=192.168.1.53 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30142 DF PROTO=TCP SPT=2912 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:55:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2094 DF PROTO=TCP SPT=1138 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:55:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2095 DF PROTO=TCP SPT=1139 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:55:57 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:00:c5:fa:6d:6c:08:00 SRC=192.168.2.51 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=126 ID=39419 DF PROTO=TCP SPT=2949 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204055C01010402) Feb 9 15:56:23 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:40:2b:67:5b:a7:08:00 SRC=192.168.1.54 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=51404 DF PROTO=TCP SPT=1967 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:56:55 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:09:5b:e6:1a:27:08:00 SRC=192.168.1.254 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2095 DF PROTO=TCP SPT=1186 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:57:07 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:40:ca:86:d5:17:08:00 SRC=192.168.1.53 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=30188 DF PROTO=TCP SPT=2915 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:59:01 SSI001 /usr/sbin/cron[3387]: (root) CMD ( rm -f /var/spool/cron/lastrun/cron.hourly) Feb 9 15:59:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2123 DF PROTO=TCP SPT=1141 DPT=139 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:59:28 SSI001 kernel: SFW2-INext-ACC-TCP IN=eth0 OUT= MAC=00:0f:ea:73:88:12:00:12:3f:a1:fd:1b:08:00 SRC=192.168.1.61 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=2124 DF PROTO=TCP SPT=1140 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402) Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0] lib/util_sock.c:get_peer_addr(1136) Feb 9 15:59:28 SSI001 smbd[3389]: getpeername failed. Error was Transport endpoint is not connected Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0] lib/util_sock.c:get_peer_addr(1136) Feb 9 15:59:28 SSI001 smbd[3389]: getpeername failed. Error was Transport endpoint is not connected Feb 9 15:59:28 SSI001 smbd[3389]: [2006/02/09 15:59:28, 0] lib/util_sock.c:write_socket_data(430) Feb 9 15:59:28
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gunther Schlegel wrote: Gerald, We are discussing removing the capability to chaining passdb backends. It's a decent idea but overly complicates things IMO and unless it has wide spread use, we'll probably axe it soon (voting is starting up on the samba-tecnnical ml now). At least I use it: passdb backend = ldapsam:ldap://someserver.riege.de, tdbsam , guest On the other hand as far as I remember it put tdbsam in it because I just wanted to separate root from the ldap tree, as otherwise I would have a global root account on way too much servers. Though I suppose this is not necessary anymore with the new role capabilities in samba 3.0.20? ( I still use 3.0.10/14 ). So I guess I do nt need this anymore after an upgrade. Yeah. The current recommendation post 3.0.11 is to use the privileges rather than a root account. So I think it is still acceptable to remove the chaining feature. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD7LSDIR7qMdg1EfYRAv4KAJ96e0cvvrQxS9Pnp06wqfNwjsxgvwCgozb9 l5Tbj80ZTXzD4h62sbzkkI0= =KXvY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Rambo wrote: I have used 'passdb backend = tdbsam smbpasswd' several times though only for the purpose of migrating to a different backend. So long as there is another way to migrate from one backend to another I don't suppose it would matter. Migration is a concern. The current proposal would to use an intermediate form for dumping one passdb to a file. And then importing the dump into another. Pretyy much the same idea used by database tools. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD7LTRIR7qMdg1EfYRAj9qAJ9znZlO9dAEB2kx0wrPDMTIEe9fzgCgilbV qjn7A0s/ueeWRHSkuW//ZpA= =9JaE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, LDAP, and unix account
Hi every one! Until now, I used samba as a simple public share server... and now, I would like to use it with many account. I know it's possible, but I would like something particular: I would like to have SAMBA account independent from the unix account system! Here is how I think my system: all files on the server will be owned by a unix account dedicated to samba storage, but I would like to set owner and access right from user of the samba acount system. I also would like to be able to set up right on each directory from windows and being able to get the samba account list from windows without creating a PDC with samba and registering each pc to this domain Is it possible, or Do I have to create a PDC? Franck thanks to every one for your answers ! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Autocreate user home directories.
I am trying to set up our samba server to automatically create a users home directory when they browse to it from a Windows computer. Is there a way to do this? I was looking at the root preexec option to try and do this, but I am not sure how to go about it. Has anybody done this? Can someone please help me out? Thanks, Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Question on AIX 5.2, Samba and NT domains
Environment: AIX 5.2 Samba 3.0.21b (compiled at this site with Visualage C/C++ 6.0) configure was run as: ./configure --prefix=/usr/local/samba --with-pam --with-acl-support --with-aio-support --with-winbind Windows environment is a mix of Windows NT domain and Novell file servers. Does anybody know of a single document or set of documents that have a cookbook approach to creating/modifying the necessary AIX files to work with Samba with pam, winbind and NSS support as a member server? If I have userids in the NT domain that are longer than 8 characters, am I effed when trying to get them to seamlessly access Samba? AIX 5.2 and below do not allow a username or group name to have a value longer than 8 characters. Do I need a username map file for the long usernames? As far as I can tell, the issue of long names in NT versus limitations of some OS versions is never discussed. The Samba3-HOWTO document(s) in Chapter 23 talk about the compile process creating the file libnss_winbind.so. Something changed between document and Makefile because I get a file named WINBIND automatically created. In that same chapter, it goes on to talk about verifying winbind. I can run the wbinfo -u and wbinfo -g commands just find and it returns the the users and gorups in the NT domain that Samba joined. Then the document talks about using getent to see both local (AIX) and PDC users and groups. Unfortunately, I don't have that one in executable form. I can see the getent source in the testsuite/nsswitch directory but when I compile just that program all that it returns in the local users, nothing from the PDC. If I am using Samba as a member server, do I even need to worry about integrating PAM and winbindd? Another few nit's in the Samba-HOWTO in The Samba Checklist: (1) When I run the smbclient -L sambasrvrname (as root), it asks for a password. When I give it the root password, it comes back with session setup failed: NT_STATUS_LOGON_FAILURE. When I just press enter in response to the password request, it responds that it connected anonymously and returns the necessary data. (2) The nmblookup command in step 4 needs to be clarified a bit more. When I look at a print of the web page, it sure looks like the BIGSERVER and the __SAMBA__ are run together. For that matter, I had to go the web page source to be certain that the __ was a double underscore and not a single. Given the way some laser printer formatting works, it is entirely possible that it could have been a single underscore. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Browse list propagation
I am still trying to find out why my WinXP clients don't get a browse list except when they are directly connected to a subnet of the Samba server. I now find that Win2000 clients work fine in this respect. The reason is they request server info over port 139 whether local or in a remote subnet and always get a correct answer from Samba. The WinXP clients request over 139 locally but only over 445 when they are remote (Remote means connected via a router here. I do not know how they know whether they are remote or not, but they do.) It would seem that if port 445 gave the right answers then the XP clients would also function ?? I have now got some bad WINS entries in the Samba server. Can anyone tell me how to flush them (editing /var/cache/samba/wins.dat doesn't seem to do anything). Thanks, Bob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Using Samba PDC for Policies
Hi Does anyone have any experience with a Samba PDC to apply group policies to the computers on the domain? Or know any shortcuts to prevent me from having to apply individual policies at each local machine? (Samba version 2.2.2) Thanks Pat -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Adding domain computer account to local group
Hello, I'm trying to add a domain computer account to a local group in a Windows Server 2003. I couldn't do that because I get an error saying that the information returned by the object selector is incomplete. If I add a domain group or user to a local group, it works fine. That W2k3 is a member of my Samba domain. My Samba version is 3.0.20b-1woody1, backported to Debian Woody. I also tested with 3.0.21b-1 and got the same error. I need that because I'm installing 4 Windows Server 2003 for terminal services, so I need that all those 4 computers belong to a local group in my license server. If you guys know how to connect my terminal servers to a license server other way, that's ok for me. TIA -- Marlon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
On Friday 10 February 2006 10:44, Gerald (Jerry) Carter wrote: Migration is a concern. The current proposal would to use an intermediate form for dumping one passdb to a file. And then importing the dump into another. Pretyy much the same idea used by database tools. What about the undocumented guest value? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgraded from 3.0.9 - 3.0.21b - Now adding machines a problem
I recently upgraded my samba pdc from version 3.0.9 to version 3.0.21b
to try and fix a browse issue with Windows 2003 Server and linux samba
servers. The browse issue was fixed, but now I am having problems
adding machines to the network. I run slackware 10.0 linux with an
openldap backend which has worked fine until now. I also upgraded the
samba tools from idealx.org to the latest version. First when I went to
add a machine it would bomb out and when I would check the ldap
directory I noticed it had the posix machine info but not the samba
machine info. To add the machine I am using the command
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'
in my smb.conf as specified in the example. I then looked at the
smbldap-useradd script and realized that the add_samba_machine call from
the tools.pm file was never getting called anywhere in the scripts so
maybe this is incorrect but I added the following to the smbldap-useradd
script:
if (defined($Options{'w'})) {
if (!add_samba_machine($userName,$userUidNumber,$Options{'t'})) {
die $0: error while adding samba account\n;
}
}
right under the following:
# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {
#print About to create machine $userName:\n;
if (!add_posix_machine
($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
die $0: error while adding posix account\n;
}
so that the rest of the ldap info was getting filled in. It still would
bomb out on me with the error The user name could not be found but it
did make a difference. Leaving the new ldap entry alone I would then
try and add the machine again and it would work so I am not sure what is
wrong. I checked the machine entry in ldap before and after and nothing
much seems to have changed. I checked the samba logs and the user
adding to the domain comes back as authenticated so I am at a loss as to
why it would fail the first time and not the second.
Now most likely I am doing something else wrong as I can't imagine I
should have to change the scripts but I haven't come across what it is.
Has anyone seen this behavior before?
Any help is greatly appreciated thanks.
Dan,
Below is the global section of my smb.conf:
[global]
workgroup=MYDOMAIN
netbios name=MYDOMAIN_PDC
admin users = administrator
server string = MY PDC
security = user
load printers = yes
; printcap name = /etc/printcap
; print command = lpr -r -P%p %s
; printing = lprng
; printcap name = cups
; printing = cups
; show add printer wizard = yes
log file = /var/log/samba/log.%m
max log size = 1
ldap ssl = on
passdb backend = ldapsam:ldaps://ldap.home.mydomain.org:636
ldap admin dn = uid=root,ou=users,dc=home,dc=mydomain,dc=org
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap machine suffix = ou=users
ldap suffix = dc=home,dc=mydomain,dc=org
ldap delete dn = no
add user script = /usr/local/sbin/smbldap-useradd -m '%u'
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/local/sbin/smbldap-groupdel '%g'
add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u'
'%g'
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
'%u' '%g'
set primary group script = /usr/local/sbin/smbldap-usermod -g '%u' '%g'
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'
ldap passwd sync = Yes
idmap uid = 15000-2
idmap gid = 15000-2
idmap backend = ldap:ldaps://ldap.mydomain.org:636
username map = /etc/samba/smbusers
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 128
domain master = yes
domain logons = yes
local master = yes
preferred master = yes
logon script = logon.bat
encrypt passwords = yes
unix password sync = no
passwd program = /usr/local/sbin/smbldap-passwd -o %u
logon path = c:\Documents and Settings\%U
remote announce = 10.1.0.255
remote browse sync = 10.1.0.255
wins support = yes
map to guest = Never
nt acl support = true
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Upgraded from 3.0.9 - 3.0.21b - Now adding machines aproblem
Yes, I had a similar problem when I upgraded from 3.0.9 - 3.0.21b.
After upgrading I could not add machines. It would find the PDC and then
prompt me for a user/password, I would enter it and I got user not found
error message. If I typed the password incorrect then I would get
Username/Password incorrect error message. My logs showed that I was
authenticating OK. So only thing I could think of is that the samba ID's
are getting mangled or something along those lines. I did not have much
time to play around with it so I downgraded back to 3.0.9 and what would
you know, it started working again.
Anybody have a fix for this? Is this a bug? Or a depreciated argument in
the conf files that have been overlooked?
-SNIP SMB.CONF-
[global]
interfaces = 192.168.4.14/32
workgroup = FFPW
netbios name = PDC-SRV
server string = SAMBA-LDAP PDC SERVER
encrypt passwords = true
passdb backend = ldapsam:ldap://host.domain.tld.net/
passwd program = /usr/usr/sbin/smbldap-passwd -o %u
passwd chat = *new*password %n\n *new*password* %n\n *successfully*
unix password sync = No
ldap suffix = dc=ffplus,dc=net
ldap machine suffix = ou=Computers,ou=Users,ou=f800
ldap user suffix = ou=Staff,ou=Users,ou=f800
ldap group suffix = ou=Groups,ou=f800
ldap admin dn = cn=directory manager
ldap ssl = No
ldap user suffix = ou=Staff,ou=Users,ou=f800,dc=ffplus,dc=net
log file = /var/log/samba/%m.log
log level = 2
domain logons = Yes
os level = 255
preferred master = Yes
domain master = True
wins support = Yes
nt acl support = no
logon drive = U:
logon script = %U.bat
load printers = Yes
printing = cups
printcap name = /etc/samba/printers.list
use client driver = no
admin users = @Domain Admins
add user script = /usr/sbin/smbldap-useradd -a -m %u
delete user script = /usr/sbin/smbldap-userdel -r %u
add group script = /usr/sbin/smbldap-groupadd -p %g
delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u
add machine script = /usr/sbin/smbldap-useradd -w %u
[netlogon]
path = /netlogon
public = no
writeable = no
browsable = no
guest ok = yes
[homes]
comment = Home Directories
valid users = %S
writeable = Yes
read only = No
create mask = 755
directory mask = 0775
browseable = No
[profiles]
path = \\%L\%U\profile
read only = No
writeable = Yes
browseable = no
profile acls = Yes
guest ok = yes
[tmp]
comment = Temporary file space
path = /tmp
readonly = no
guest ok = yes
[filestor]
comment = Misc User Files/Application Data
path = /net/file_stor/
valid users = @Domain Admins, @Domain Users
public = no
writeable = yes
printable = no
create mask = 0700
[backups]
comment = server backup files
path = /net/backups/
valid users = @Domain Admins
public = no
writeable = yes
printable = no
create mask = 0765
[applications]
comment = Storage for software applications
path = /applications/
valid users = @XP_Power_Users, @Domain Admins
public = no
guest ok = no
writeable = yes
printable = no
create mask = 755
[ProfileDir]
comment = Root of all Homes for admin tasks
path = /net/users
valid users = @Domain Admins
public = no
writeable = yes
printable = no
create mask = 0666
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writeable = no
printable = yes
printer admin = @Domain Admins, @XP_Power_Users
[print$]
comment = Printer Drivers
path = /etc/samba/drivers
browsable = yes
guest ok = no
read only = yes
write list = @Domain Admins, @XP_Power_Users
END SMB.CONF
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Dan
Sent: Friday, February 10, 2006 11:20 AM
To: samba@lists.samba.org
Subject: [Samba] Upgraded from 3.0.9 - 3.0.21b - Now adding machines
aproblem
I recently upgraded my samba pdc from version 3.0.9 to version 3.0.21b
to try and fix a browse issue with Windows 2003 Server and linux samba
servers. The browse issue was fixed, but now I am having problems
adding machines to the network. I run slackware 10.0 linux with an
openldap backend which has worked fine until now. I also upgraded the
samba tools from idealx.org to the latest version. First when I went to
add a machine it would bomb out and when I would check the ldap
directory I noticed it had the posix machine info but not the samba
machine info. To add the machine I am using the command
add machine script = /usr/local/sbin/smbldap-useradd -t 0 -w '%u'
in my smb.conf as specified in the example. I then looked at the
smbldap-useradd script and realized that the add_samba_machine call from
the tools.pm file was never getting called anywhere in the scripts so
maybe this is incorrect but I added the following to the smbldap-useradd
script:
if (defined($Options{'w'})) {
if (!add_samba_machine($userName,$userUidNumber,$Options{'t'})) {
[Samba] Domain controller: LDAP server signing requirements +pam
We have got Samba 3.0.21b working fine when browsing from 2003AD clients works fine. Weve comfigured pam and if we change the setting on the 2003 domain for Domain controller: LDAP server signing requirements to none it works fine if its at requires signing pam doesnt work is there anyway round this? as setting this to none will not be an option. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] POLL: Does anyone actually use multiple passdb backends on the same server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris wrote: On Friday 10 February 2006 10:44, Gerald (Jerry) Carter wrote: Migration is a concern. The current proposal would to use an intermediate form for dumping one passdb to a file. And then importing the dump into another. Pretyy much the same idea used by database tools. What about the undocumented guest value? The guest account will be an internal token created at run time base on the value of the 'guest account' global parameter in smb.conf. There will be no need for it to exist as a separate passdb module any more. cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD7PE/IR7qMdg1EfYRAsFeAKDv1kbbr9UbiwVu59bt6ugZHpU1hgCdGORD 7CpSeXUyTDzQx1lkaVAPkFQ= =STxL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] chown DOMAIN+mylogin /dir fails (Please help)
David Shapiro wrote: I only see winbind_nss_aix.po, but I do not see the .c file. NIS ALL works, but LDAP and WINBIND both do not. Hi Dave, I'm having to work from memory as the work I did on AIX ended last June. In addidtion, when I formulated the phase transitions from samba 2.x nt40 style member to samba 3.x AD member, it was 2003 and at that time, winbindd on AIX wouldn't support returning sufficient information to allow managing user and group accounts using the -R option to chuser, chgroup, mkuser, mkgroup, rmuser, rmgroup. That's why the writeups say /usr/lib/security/methods.cfg WINBIND: options=authonly and KRB5A: options=authonly So NIS and LDAP can be used to maintain the user and group attributes but winbind and kerberos were only used to authenticate an existing user defined locally or in NIS/LDAP, where LDAP is the AIX native LDAP security model. If NIS works and LDAP and WINBIND don't, it looks like you've implemented NIS but not LDAP and WINBIND is configured to authonly. If winbind's capable of returning sufficient information to satisfy lsuser, remove the authonly option. I figured you'd look thru winbind_nss_aix.c and make a determiniation whether or not that was possible with your version of samba. Regards, Doug David Shapiro Unix Team Lead 919-765-2011 Doug VanLeuven [EMAIL PROTECTED] 2/9/2006 11:03:38 PM David Shapiro wrote: What can I look at to understand why chown keeps saying user does not exist. wbinfo -u/-g returns the user information klist -v shows kerberos is working net ads join works fine wbinfo -t shows secret is fine aix does not have getent so I can't run getent passwd -- is there something equivalent on aix? Closest you're going to get is lsuser -R load_module lsuser -R NIS ALL lsuser -R LDAP ALL lsuser -R WINBIND ALL and of course lsgroup -R load_module /usr/lib/security/methods.cfg has: WINBIND: program = /usr/lib/security/WINBIND (set with chmod 444) options =authonly Authonly means it's not capable of supplying any user information. I don't know that's true anymore. Look in source/nsswitch/winbind_nss_aix.c Available methods are at the end of the file. Not all methods are implemented, and not all methods implemented return a valid answere. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fwd: WINBIND security methods does not load
David Shapiro wrote: Hmm, I am not sure why this worked, but I moved my WINBIND stanza in /usr/lib/security/methods.cfg up in the file prior to the PAM stanza, and save it. After this, I was able to load the module. Any ideas on why this worked? Because aix will scan methods.cfg sequentially starting with the first entry and use the first one that satisfies the options defined in /etc/security. You don't really need pam and it makes a lot of sense to get pam working on aix without samba first if you want to go that way. Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind can see some groups but not others
* detertj detertj [060208 14:45]: Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the 'ccsd-staff' group via getent and wbinfo -g, but i don't see the 'ccsd-dept-www' group via either. -- snip -- Anyone know what's wrong or have an idea of how to debug? Thanks I just stumbled on the explanation and solution: 'wbinfo -g' and 'getent group' use the samaccountname attribute of the group object, but for my 'missing' groups, the samaccountname attrib value was not the same as the 'cn' and 'name' attribs value. Once I set the samAccountName value to be the same as the cn, the 'missing' groups were no longer missing from 'wbinfo -g' or 'getent group'. The 'missing' groups had been created by me via a script using ldap. At the time i created them, i didn't know that i needed to also set the 'samaccountname' attribute, so it was getting automagically set with a seemingly arbitrary value. The MsAD-UG app never give any indication that the 2 weren't in synch. -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem using 'winbind nss info =' statement
When winbind is configured without the 'winbind nss info =' statement (i.e. such that winbind maintains its own local map of SIDs - UID/GIDs), the following works fine: # cd ~detertj # getent passwd detertj detertj:x:10008:1:detertj:/home/MSOE/detertj:/bin/bash but when i try to make winbind use sfu for the mapping of SID - UID/GID, username lookups are failing: # cd ~detertj -bash: cd: ~detertj: No such file or directory # getent passwd detertj # However, either way, when trying to use nss info = sfu, or not, wbinfo is able to do look ups just fine: # wbinfo -n detertj S-1-5-21-2143970516-726479814-926709054-4514 User (1) # wbinfo -u | grep -i detertj detertj # wbinfo -s S-1-5-21-2143970516-726479814-926709054-4514 MSOE+detertj 1 # Since i successfully use nss_ldap on other boxen, relying on sfu from MsAD, I'm inclined to believe that the problem isn't with sfu on the MsAD DCs. Btw, this is with samba and winbind v3.0.21a. Here's the pertinent smb.conf verbage when I'm NOT using 'nss info = sfu': winbind enum groups = yes winbind enum users = yes winbind separator = + winbind nested groups = yes winbind use default domain = yes idmap gid = 1-35000 idmap uid = 1-35000 template homedir = /home/%D/%U template shell = /bin/bash Here's the pertinent smb.conf verbage when I'm trying to use 'nss info = sfu': winbind enum groups = yes winbind enum users = yes winbind separator = + winbind nested groups = yes winbind use default domain = yes winbind nss info = sfu idmap backend = idmap_ad template homedir = /home/%D/%U template shell = /bin/bash BTW, lookups failed with nss info set to sfu, regardless of whether I specified the 'idmap uid' and 'idmap gid' statements (are they needed when using nss info = sfu?). Any ideas what's wrong or what to try? aTdHvAaNnKcSe -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] chown DOMAIN+mylogin /dir fails (Please help)
Thanks for the info. Should I expect su - DOMAIN+mylogin to work? I can now do chown/chgrp commands. When I run su - DOMAIN+mylogin, I get in messages: Feb 10 17:39:59 svcanimp su: BAD SU from root to _010 at /dev/pts/5 and the message: 3004-503 Cannot set process credentials. goes out to stdout. David David Shapiro Unix Team Lead 919-765-2011 Doug VanLeuven [EMAIL PROTECTED] 2/10/2006 3:22:37 PM David Shapiro wrote: I only see winbind_nss_aix.po, but I do not see the .c file. NIS ALL works, but LDAP and WINBIND both do not. Hi Dave, I'm having to work from memory as the work I did on AIX ended last June. In addidtion, when I formulated the phase transitions from samba 2.x nt40 style member to samba 3.x AD member, it was 2003 and at that time, winbindd on AIX wouldn't support returning sufficient information to allow managing user and group accounts using the -R option to chuser, chgroup, mkuser, mkgroup, rmuser, rmgroup. That's why the writeups say /usr/lib/security/methods.cfg WINBIND: options=authonly and KRB5A: options=authonly So NIS and LDAP can be used to maintain the user and group attributes but winbind and kerberos were only used to authenticate an existing user defined locally or in NIS/LDAP, where LDAP is the AIX native LDAP security model. If NIS works and LDAP and WINBIND don't, it looks like you've implemented NIS but not LDAP and WINBIND is configured to authonly. If winbind's capable of returning sufficient information to satisfy lsuser, remove the authonly option. I figured you'd look thru winbind_nss_aix.c and make a determiniation whether or not that was possible with your version of samba. Regards, Doug David Shapiro Unix Team Lead 919-765-2011 Doug VanLeuven [EMAIL PROTECTED] 2/9/2006 11:03:38 PM David Shapiro wrote: What can I look at to understand why chown keeps saying user does not exist. wbinfo -u/-g returns the user information klist -v shows kerberos is working net ads join works fine wbinfo -t shows secret is fine aix does not have getent so I can't run getent passwd -- is there something equivalent on aix? Closest you're going to get is lsuser -R load_module lsuser -R NIS ALL lsuser -R LDAP ALL lsuser -R WINBIND ALL and of course lsgroup -R load_module /usr/lib/security/methods.cfg has: WINBIND: program = /usr/lib/security/WINBIND (set with chmod 444) options =authonly Authonly means it's not capable of supplying any user information. I don't know that's true anymore. Look in source/nsswitch/winbind_nss_aix.c Available methods are at the end of the file. Not all methods are implemented, and not all methods implemented return a valid answere. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question on AIX 5.2, Samba and NT domains
Welcome to the nightmare. Well, I have gleemed the following: After your make install, go into nsswitch directory in source and copy WINBIND to /usr/lib/security. Next, add to /usr/lib/security/methods.cfg WINBIND: programs=/usr/lib/security/WINBIND Make sure this is before PAM: if that is in there. You should then be able to lsuser DOMAIN+user and do other commands too. I know that the lenght seems to be an issue (home directory does not work for me yet (DOMAIN+user 8). I also have not had luck getting any idmap_backend options to work (they all core dump winbindd). I have seen no good samba document either, although some mention to a dead link at redbooks was out there, so maybe somewhere on redbooks ibm site there is a doc. David David Shapiro Unix Team Lead 919-765-2011 Kent Wick [EMAIL PROTECTED] 2/10/2006 12:33:08 PM Environment: AIX 5.2 Samba 3.0.21b (compiled at this site with Visualage C/C++ 6.0) configure was run as: ./configure --prefix=/usr/local/samba --with-pam --with-acl-support --with-aio-support --with-winbind Windows environment is a mix of Windows NT domain and Novell file servers. Does anybody know of a single document or set of documents that have a cookbook approach to creating/modifying the necessary AIX files to work with Samba with pam, winbind and NSS support as a member server? If I have userids in the NT domain that are longer than 8 characters, am I effed when trying to get them to seamlessly access Samba? AIX 5.2 and below do not allow a username or group name to have a value longer than 8 characters. Do I need a username map file for the long usernames? As far as I can tell, the issue of long names in NT versus limitations of some OS versions is never discussed. The Samba3-HOWTO document(s) in Chapter 23 talk about the compile process creating the file libnss_winbind.so. Something changed between document and Makefile because I get a file named WINBIND automatically created. In that same chapter, it goes on to talk about verifying winbind. I can run the wbinfo -u and wbinfo -g commands just find and it returns the the users and gorups in the NT domain that Samba joined. Then the document talks about using getent to see both local (AIX) and PDC users and groups. Unfortunately, I don't have that one in executable form. I can see the getent source in the testsuite/nsswitch directory but when I compile just that program all that it returns in the local users, nothing from the PDC. If I am using Samba as a member server, do I even need to worry about integrating PAM and winbindd? Another few nit's in the Samba-HOWTO in The Samba Checklist: (1) When I run the smbclient -L sambasrvrname (as root), it asks for a password. When I give it the root password, it comes back with session setup failed: NT_STATUS_LOGON_FAILURE. When I just press enter in response to the password request, it responds that it connected anonymously and returns the necessary data. (2) The nmblookup command in step 4 needs to be clarified a bit more. When I look at a print of the web page, it sure looks like the BIGSERVER and the __SAMBA__ are run together. For that matter, I had to go the web page source to be certain that the __ was a double underscore and not a single. Given the way some laser printer formatting works, it is entirely possible that it could have been a single underscore. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] horrifying slow samba.
set enum groups to no might help.
David Shapiro
Unix Team Lead
919-765-2011
Martijn Hazenberg [EMAIL PROTECTED] 2/10/2006 9:07:10 AM
Hi all,
We have a linux data server here, which used to be a workgroup member.
Everything was fine then. Now we hav a new sbs server here, so the
data
server had to be made into a domain member. To do that i followed this
manual.
The thing is now, that the samba shares on the data server are slow as
h**l
What can be the problem ? Any ideas are welcome !
Code:
[global]
netbios name = DATASVR
server string = DATASVR
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind gid = 1-2
workgroup = GOVALOKAAL
os level = 20
winbind enum groups = yes
socket address = 10.0.0.200
password server = *
preferred master = no
winbind separator = +
max log size = 50
log file = /var/log/samba3/log.%m
encrypt passwords = yes
dns proxy = no
realm = GOVA.LOKAAL
security = ADS
wins server = 10.0.0.201
wins proxy = no
workgroup = govalokaal
[stuff]
comment = stuffpath = /raid/stuff
writable = yes
and the krb5 config :
Code:
datasvr etc # cat krb5.conf
[libdefaults]
default_realm = GOVA.LOKAAL
[realms]
GOVA.LOKAAL = {
kdc = adserver.gova.lokaal
}
datasvr etc #
the hosts file :
Code:
datasvr etc # cat hosts
127.0.0.1 localhost
10.0.0.201 adserver.gova.lokaal adserver
To enable samba to be a domain member i used the following manual :
http://forums.gentoo.org/viewtopic-t-114837-postdays-0-postorder-asc-sta
rt-0.html
http://forums.gentoo.org/viewtopic-t-114837-postdays-0-postorder-asc-st
art-0.html
thanks a lot !
martijn
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] chown DOMAIN+mylogin /dir fails (Please help)
What is the KRB5A option going to provide? David Shapiro Unix Team Lead 919-765-2011 Doug VanLeuven [EMAIL PROTECTED] 2/10/2006 3:22:37 PM David Shapiro wrote: I only see winbind_nss_aix.po, but I do not see the .c file. NIS ALL works, but LDAP and WINBIND both do not. Hi Dave, I'm having to work from memory as the work I did on AIX ended last June. In addidtion, when I formulated the phase transitions from samba 2.x nt40 style member to samba 3.x AD member, it was 2003 and at that time, winbindd on AIX wouldn't support returning sufficient information to allow managing user and group accounts using the -R option to chuser, chgroup, mkuser, mkgroup, rmuser, rmgroup. That's why the writeups say /usr/lib/security/methods.cfg WINBIND: options=authonly and KRB5A: options=authonly So NIS and LDAP can be used to maintain the user and group attributes but winbind and kerberos were only used to authenticate an existing user defined locally or in NIS/LDAP, where LDAP is the AIX native LDAP security model. If NIS works and LDAP and WINBIND don't, it looks like you've implemented NIS but not LDAP and WINBIND is configured to authonly. If winbind's capable of returning sufficient information to satisfy lsuser, remove the authonly option. I figured you'd look thru winbind_nss_aix.c and make a determiniation whether or not that was possible with your version of samba. Regards, Doug David Shapiro Unix Team Lead 919-765-2011 Doug VanLeuven [EMAIL PROTECTED] 2/9/2006 11:03:38 PM David Shapiro wrote: What can I look at to understand why chown keeps saying user does not exist. wbinfo -u/-g returns the user information klist -v shows kerberos is working net ads join works fine wbinfo -t shows secret is fine aix does not have getent so I can't run getent passwd -- is there something equivalent on aix? Closest you're going to get is lsuser -R load_module lsuser -R NIS ALL lsuser -R LDAP ALL lsuser -R WINBIND ALL and of course lsgroup -R load_module /usr/lib/security/methods.cfg has: WINBIND: program = /usr/lib/security/WINBIND (set with chmod 444) options =authonly Authonly means it's not capable of supplying any user information. I don't know that's true anymore. Look in source/nsswitch/winbind_nss_aix.c Available methods are at the end of the file. Not all methods are implemented, and not all methods implemented return a valid answere. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Failing with LDAP backend
Hi, I am using Samba 3.0.20 on Mandriva 2006 x86_64. I am trying to set up Samba to use OpenLDAP backend, I have OpenLDAP configured and running. I used smbpasswd -w [password] to store the password for the LDAP admin dn. My OpenLDAP version is 2.3.6. When I add passwd backend = ldapsam:ldap://myserver to my smb.conf and restart Samba, smbd fails. I turned the logging up to 10 to see what is going on, it finds the ldap server, searches for sambaDomain, then the connection is closed. Then it opens a new connection, establishes TLS, tries to do a bind and then panics. [2006/02/04 11:57:29, 0] lib/fault.c:fault_report(36) === [2006/02/04 11:57:29, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 15126 (3.0.20) Please read the appendix Bugs of the Samba HOWTO collection [2006/02/04 11:57:29, 0] lib/fault.c:fault_report(39) === [2006/02/04 11:57:29, 0] lib/util.c:smb_panic2(1548) PANIC: internal error [2006/02/04 11:57:29, 0] lib/util.c:smb_panic2(1556) BACKTRACE: 25 stack frames: #0 smbd(smb_panic2+0x189) [0x55734383] #1 smbd(smb_panic+0xe) [0x557341f8] #2 smbd [0x5571dbbc] #3 smbd [0x5571dc14] #4 /lib64/tls/libc.so.6 [0x2c1a1b60] #5 /usr/lib64/libldap-2.3.so.0(ldap_count_values+0xb) [0x2abdeeab] #6 smbd [0x557ba2fd] #7 smbd(smbldap_has_control+0x2a) [0x557ba410] #8 smbd [0x557b8a80] #9 smbd [0x557b8cfa] #10 smbd [0x557b8ef1] #11 smbd [0x557b924b] #12 smbd(smbldap_search+0x2f) [0x557b92d3] #13 smbd(smbldap_search_suffix+0x49) [0x557b9ba9] #14 smbd(smbldap_search_domain_info+0xcf) [0x557bac62] #15 smbd(pdb_init_ldapsam+0xe3) [0x55709bd1] #16 smbd [0x556f9d99] #17 smbd(make_pdb_context_list+0x14e) [0x556fa331] #18 smbd [0x556fa5df] #19 smbd(pdb_getsampwsid+0x1c) [0x556fa72a] #20 smbd [0x557779ce] #21 smbd(init_guest_info+0x1f) [0x55777bd7] #22 smbd(main+0x2dd) [0x557bc655] #23 /lib64/tls/libc.so.6(__libc_start_main+0xda) [0x2c18f4fa] #24 smbd [0x555a92ca] Can someone tell me what I am doing wrong? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + ldap, acounts expiring? but pdbedit says otherwise
Apologies if this is a RTFM issue... My first question is: anyone know of code that can assist in going through samba logfiles (looking for errors, etc.)? I have what appears to be a password expiration problem. User X has been able to mount a shared drive off the samba box using his login/password. Suddenly it doesn't appear to work: he can run net use Z: \\server\share from his XP box, it tries to mount the drive, pops up with an invalid user/pw type of error, prompts for credentials. Enter what had been valid credentials, doesn't work. I ssh over to samba box, run pdbedit -L -v, his account expiration stuff looks like this: Logon time: 0 Logoff time: Mon, 18 Jan 2038 19:14:07 GMT Kickoff time: Mon, 18 Jan 2038 19:14:07 GMT Password last set:Wed, 11 Jan 2006 00:11:57 GMT Password can change: 0 Password must change: Fri, 11 Jan 2008 00:11:57 GMT Also, if I slapcat the ldap morass into a file and check the expiration time it's also in the future: sambaPwdMustChange: 1200039117 - by my calculation the same date as listed above. We tried again, no soap. Reset password on server using the smbldap-password command, drive mounts fine. You could say that he was typing in the wrong password, but for one he administers a bunch of machines and is used to typing in passwords, and for two I had to run through all my users over the course of a couple of days and have them reset their passwords, same type of thing. Is there any other place I should be looking for something that would cause credentials not to work? I thought PAM, but all the account cruft is in LDAP and the data therein looks good (e.g. this user doesn't have an entry in /etc/password or /etc/shadow also). XP weirdness? It's probably worth mentioning that we don't do any kind of policy management on XP, stock xp pro installs from CD. Samba 3.0.20b openldap-2.2.13-4 idealx tools 0.9.1 Red Hat AS4 If that matters. Thanks for any hints or clues where to look! -- Joe Mailander [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Autocreate user home directories.
homes]
root preexec = [ ! -e /home/%U ] { /bin/cp -a /etc/skel
/home/%U; /bin/chown -R %U.%G /home/%U; }
create mask = 0600
directory mask = 0700
read only = no
valid users = EXAMPLE\%S
David Shapiro
Unix Team Lead
919-765-2011
Trimble, Ronald D [EMAIL PROTECTED] 2/10/2006 12:11:10
PM
I am trying to set up our samba server to automatically create a users
home directory when they browse to it from a Windows computer. Is
there
a way to do this? I was looking at the root preexec option to try and
do this, but I am not sure how to go about it. Has anybody done this?
Can someone please help me out?
Thanks,
Ron
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Autocreate user home directories.
[homes] root preexec = [ ! -e /home/%U ] { /bin/cp -a /etc/skel
/home/%U; /bin/chown -R %U.%G /home/%U; } create mask =
0600directory mask = 0700 read only = no valid users =
EXAMPLE\%SI think I chopped a piece off, so I am sending again.
David Shapiro
Unix Team Lead
919-765-2011
Trimble, Ronald D [EMAIL PROTECTED] 2/10/2006 12:11:10
PM
I am trying to set up our samba server to automatically create a users
home directory when they browse to it from a Windows computer. Is
there
a way to do this? I was looking at the root preexec option to try and
do this, but I am not sure how to go about it. Has anybody done this?
Can someone please help me out?
Thanks,
Ron
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r13429 - in branches/tmp/vl-posixacls: examples/misc packaging/Debian/debian-sarge packaging/Debian/debian-sarge/patches packaging/RHEL source source/include source/lib source/libads
Author: vlendec Date: 2006-02-10 15:02:01 + (Fri, 10 Feb 2006) New Revision: 13429 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13429 Log: merge -r13390:13428 from 3_0 Removed: branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/patches/VERSION.patch branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/patches/version-fix-vscan.patch Modified: branches/tmp/vl-posixacls/examples/misc/adssearch.pl branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/changelog branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/patches/fhs.patch branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/rules branches/tmp/vl-posixacls/packaging/Debian/debian-sarge/samba.files branches/tmp/vl-posixacls/packaging/RHEL/samba.spec.tmpl branches/tmp/vl-posixacls/source/Makefile.in branches/tmp/vl-posixacls/source/configure.in branches/tmp/vl-posixacls/source/include/ntdomain.h branches/tmp/vl-posixacls/source/include/rpc_dce.h branches/tmp/vl-posixacls/source/include/rpc_netlogon.h branches/tmp/vl-posixacls/source/include/rpc_samr.h branches/tmp/vl-posixacls/source/lib/events.c branches/tmp/vl-posixacls/source/lib/time.c branches/tmp/vl-posixacls/source/lib/util_str.c branches/tmp/vl-posixacls/source/libads/ldap.c branches/tmp/vl-posixacls/source/libsmb/credentials.c branches/tmp/vl-posixacls/source/libsmb/smbdes.c branches/tmp/vl-posixacls/source/libsmb/smbencrypt.c branches/tmp/vl-posixacls/source/locking/locking.c branches/tmp/vl-posixacls/source/nsswitch/pam_winbind.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_cache.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_cm.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_dual.c branches/tmp/vl-posixacls/source/nsswitch/winbindd_pam.c branches/tmp/vl-posixacls/source/param/loadparm.c branches/tmp/vl-posixacls/source/passdb/secrets.c branches/tmp/vl-posixacls/source/printing/print_iprint.c branches/tmp/vl-posixacls/source/rpc_parse/parse_net.c branches/tmp/vl-posixacls/source/rpc_parse/parse_rpc.c branches/tmp/vl-posixacls/source/rpc_parse/parse_samr.c branches/tmp/vl-posixacls/source/rpc_server/srv_netlog.c branches/tmp/vl-posixacls/source/rpc_server/srv_netlog_nt.c branches/tmp/vl-posixacls/source/rpc_server/srv_samr_nt.c branches/tmp/vl-posixacls/source/rpc_server/srv_svcctl_nt.c branches/tmp/vl-posixacls/source/rpcclient/rpcclient.c branches/tmp/vl-posixacls/source/services/services_db.c branches/tmp/vl-posixacls/source/smbd/notify_hash.c Changeset: Sorry, the patch is too large (1647 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13429
svn commit: samba r13430 - in branches/tmp/vl-posixacls/source: include lib modules smbd
Author: vlendec Date: 2006-02-10 15:12:28 + (Fri, 10 Feb 2006) New Revision: 13430 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13430 Log: Step 1: Replace SMB_ACL_TAG_T by 'struct smb_acl_tag'. Using a struct ensures extensibility and enforces a functional interface during the compile. The other types will be handled accordingly. This only compiles for posix acls, and I did not run it once. Jeremy, what do you think? Volker Modified: branches/tmp/vl-posixacls/source/include/smb_acls.h branches/tmp/vl-posixacls/source/include/vfs.h branches/tmp/vl-posixacls/source/include/vfs_macros.h branches/tmp/vl-posixacls/source/lib/sysacls.c branches/tmp/vl-posixacls/source/modules/vfs_full_audit.c branches/tmp/vl-posixacls/source/smbd/posix_acls.c branches/tmp/vl-posixacls/source/smbd/trans2.c branches/tmp/vl-posixacls/source/smbd/vfs-wrap.c branches/tmp/vl-posixacls/source/smbd/vfs.c Changeset: Sorry, the patch is too large (1330 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13430
svn commit: samba r13431 - in branches/tmp/vl-posixacls/source: include lib modules smbd
Author: vlendec Date: 2006-02-10 17:42:31 + (Fri, 10 Feb 2006) New Revision: 13431 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13431 Log: Get rid of SMB_ACL_PERMSET_T, this is mode_t! Modified: branches/tmp/vl-posixacls/source/include/smb_acls.h branches/tmp/vl-posixacls/source/include/vfs.h branches/tmp/vl-posixacls/source/include/vfs_macros.h branches/tmp/vl-posixacls/source/lib/sysacls.c branches/tmp/vl-posixacls/source/modules/vfs_full_audit.c branches/tmp/vl-posixacls/source/smbd/posix_acls.c branches/tmp/vl-posixacls/source/smbd/trans2.c branches/tmp/vl-posixacls/source/smbd/vfs-wrap.c branches/tmp/vl-posixacls/source/smbd/vfs.c Changeset: Sorry, the patch is too large (1436 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13431
svn commit: samba r13432 - in trunk/source: include rpc_parse
Author: jra
Date: 2006-02-10 17:55:41 + (Fri, 10 Feb 2006)
New Revision: 13432
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13432
Log:
Get ready to implement NET_SAM_LOGON_EX.
Jeremy.
Modified:
trunk/source/include/rpc_netlogon.h
trunk/source/rpc_parse/parse_net.c
Changeset:
Modified: trunk/source/include/rpc_netlogon.h
===
--- trunk/source/include/rpc_netlogon.h 2006-02-10 17:42:31 UTC (rev 13431)
+++ trunk/source/include/rpc_netlogon.h 2006-02-10 17:55:41 UTC (rev 13432)
@@ -41,6 +41,7 @@
#define NET_DSR_GETDCNAME 0x14
#define NET_AUTH3 0x1a
#define NET_DSR_GETSITENAME0x1c
+#define NET_SAMLOGON_EX0x27
/* Secure Channel types. used in NetrServerAuthenticate negotiation */
#define SEC_CHAN_WKSTA 2
@@ -571,12 +572,26 @@
NET_ID_INFO_CTR *ctr;
} DOM_SAM_INFO;
+/* SAM_INFO - sam logon/off id structure - no creds */
+typedef struct sam_info_ex {
+ DOM_CLNT_INFO2 client;
+ uint16 logon_level;
+ NET_ID_INFO_CTR *ctr;
+} DOM_SAM_INFO_EX;
+
/* NET_Q_SAM_LOGON */
typedef struct net_q_sam_logon_info {
DOM_SAM_INFO sam_id;
uint16 validation_level;
} NET_Q_SAM_LOGON;
+/* NET_Q_SAM_LOGON_EX */
+typedef struct net_q_sam_logon_info_ex {
+ DOM_SAM_INFO_EX sam_id;
+ uint16 validation_level;
+ uint32 flags;
+} NET_Q_SAM_LOGON_EX;
+
/* NET_R_SAM_LOGON */
typedef struct net_r_sam_logon_info {
uint32 buffer_creds; /* undocumented buffer pointer */
@@ -590,7 +605,18 @@
NTSTATUS status; /* return code */
} NET_R_SAM_LOGON;
+/* NET_R_SAM_LOGON_EX */
+typedef struct net_r_sam_logon_info_ex {
+ uint16 switch_value; /* 3 - indicates type of USER INFO */
+ NET_USER_INFO_3 *user;
+ uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */
+ uint32 flags;
+
+ NTSTATUS status; /* return code */
+} NET_R_SAM_LOGON_EX;
+
+
/* NET_Q_SAM_LOGOFF */
typedef struct net_q_sam_logoff_info {
DOM_SAM_INFO sam_id;
Modified: trunk/source/rpc_parse/parse_net.c
===
--- trunk/source/rpc_parse/parse_net.c 2006-02-10 17:42:31 UTC (rev 13431)
+++ trunk/source/rpc_parse/parse_net.c 2006-02-10 17:55:41 UTC (rev 13432)
@@ -1366,6 +1366,35 @@
return True;
}
+/***
+ Reads or writes a DOM_SAM_INFO_EX structure.
+ /
+
+static BOOL smb_io_sam_info_ex(const char *desc, DOM_SAM_INFO_EX *sam,
prs_struct *ps, int depth)
+{
+ if (sam == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, smb_io_sam_info_ex);
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!smb_io_clnt_info2(, sam-client, ps, depth))
+ return False;
+
+ if(!prs_uint16(logon_level , ps, depth, sam-logon_level))
+ return False;
+
+ if (sam-logon_level != 0) {
+ if(!net_io_id_info_ctr(logon_info, sam-ctr, ps, depth))
+ return False;
+ }
+
+ return True;
+}
+
/*
Inits a NET_USER_INFO_3 structure.
@@ -1835,6 +1864,79 @@
Reads or writes a structure.
/
+BOOL net_io_q_sam_logon_ex(const char *desc, NET_Q_SAM_LOGON_EX *q_l,
prs_struct *ps, int depth)
+{
+ if (q_l == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, net_io_q_sam_logon_ex);
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!smb_io_sam_info_ex(, q_l-sam_id, ps, depth))
+ return False;
+
+ if(!prs_align_uint16(ps))
+ return False;
+
+ if(!prs_uint16(validation_level, ps, depth, q_l-validation_level))
+ return False;
+
+ if(!prs_uint32(flags , ps, depth, q_l-flags))
+ return False;
+
+ return True;
+}
+
+/***
+ Reads or writes a structure.
+/
+
+BOOL net_io_r_sam_logon_ex(const char *desc, NET_R_SAM_LOGON_EX *r_l,
prs_struct *ps, int depth)
+{
+ if (r_l == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, net_io_r_sam_logon_ex);
+ depth++;
+
+ if(!prs_uint16(switch_value, ps, depth, r_l-switch_value))
+ return False;
+ if(!prs_align(ps))
+ return False;
+
+#if 1 /* W2k always needs this - even for bad passwd. JRA */
+ if(!net_io_user_info3(, r_l-user, ps, depth, r_l-switch_value,
False))
+ return False;
+#else
+ if (r_l-switch_value
svn commit: samba r13433 - in branches/SAMBA_3_0/source: include rpc_parse
Author: jra
Date: 2006-02-10 17:55:44 + (Fri, 10 Feb 2006)
New Revision: 13433
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13433
Log:
Get ready to implement NET_SAM_LOGON_EX.
Jeremy.
Modified:
branches/SAMBA_3_0/source/include/rpc_netlogon.h
branches/SAMBA_3_0/source/rpc_parse/parse_net.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h
===
--- branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-10 17:55:41 UTC
(rev 13432)
+++ branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-10 17:55:44 UTC
(rev 13433)
@@ -41,6 +41,7 @@
#define NET_DSR_GETDCNAME 0x14
#define NET_AUTH3 0x1a
#define NET_DSR_GETSITENAME0x1c
+#define NET_SAMLOGON_EX0x27
/* Secure Channel types. used in NetrServerAuthenticate negotiation */
#define SEC_CHAN_WKSTA 2
@@ -571,12 +572,26 @@
NET_ID_INFO_CTR *ctr;
} DOM_SAM_INFO;
+/* SAM_INFO - sam logon/off id structure - no creds */
+typedef struct sam_info_ex {
+ DOM_CLNT_INFO2 client;
+ uint16 logon_level;
+ NET_ID_INFO_CTR *ctr;
+} DOM_SAM_INFO_EX;
+
/* NET_Q_SAM_LOGON */
typedef struct net_q_sam_logon_info {
DOM_SAM_INFO sam_id;
uint16 validation_level;
} NET_Q_SAM_LOGON;
+/* NET_Q_SAM_LOGON_EX */
+typedef struct net_q_sam_logon_info_ex {
+ DOM_SAM_INFO_EX sam_id;
+ uint16 validation_level;
+ uint32 flags;
+} NET_Q_SAM_LOGON_EX;
+
/* NET_R_SAM_LOGON */
typedef struct net_r_sam_logon_info {
uint32 buffer_creds; /* undocumented buffer pointer */
@@ -590,7 +605,18 @@
NTSTATUS status; /* return code */
} NET_R_SAM_LOGON;
+/* NET_R_SAM_LOGON_EX */
+typedef struct net_r_sam_logon_info_ex {
+ uint16 switch_value; /* 3 - indicates type of USER INFO */
+ NET_USER_INFO_3 *user;
+ uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */
+ uint32 flags;
+
+ NTSTATUS status; /* return code */
+} NET_R_SAM_LOGON_EX;
+
+
/* NET_Q_SAM_LOGOFF */
typedef struct net_q_sam_logoff_info {
DOM_SAM_INFO sam_id;
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_net.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-10 17:55:41 UTC
(rev 13432)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-10 17:55:44 UTC
(rev 13433)
@@ -1366,6 +1366,35 @@
return True;
}
+/***
+ Reads or writes a DOM_SAM_INFO_EX structure.
+ /
+
+static BOOL smb_io_sam_info_ex(const char *desc, DOM_SAM_INFO_EX *sam,
prs_struct *ps, int depth)
+{
+ if (sam == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, smb_io_sam_info_ex);
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!smb_io_clnt_info2(, sam-client, ps, depth))
+ return False;
+
+ if(!prs_uint16(logon_level , ps, depth, sam-logon_level))
+ return False;
+
+ if (sam-logon_level != 0) {
+ if(!net_io_id_info_ctr(logon_info, sam-ctr, ps, depth))
+ return False;
+ }
+
+ return True;
+}
+
/*
Inits a NET_USER_INFO_3 structure.
@@ -1835,6 +1864,79 @@
Reads or writes a structure.
/
+BOOL net_io_q_sam_logon_ex(const char *desc, NET_Q_SAM_LOGON_EX *q_l,
prs_struct *ps, int depth)
+{
+ if (q_l == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, net_io_q_sam_logon_ex);
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!smb_io_sam_info_ex(, q_l-sam_id, ps, depth))
+ return False;
+
+ if(!prs_align_uint16(ps))
+ return False;
+
+ if(!prs_uint16(validation_level, ps, depth, q_l-validation_level))
+ return False;
+
+ if(!prs_uint32(flags , ps, depth, q_l-flags))
+ return False;
+
+ return True;
+}
+
+/***
+ Reads or writes a structure.
+/
+
+BOOL net_io_r_sam_logon_ex(const char *desc, NET_R_SAM_LOGON_EX *r_l,
prs_struct *ps, int depth)
+{
+ if (r_l == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, net_io_r_sam_logon_ex);
+ depth++;
+
+ if(!prs_uint16(switch_value, ps, depth, r_l-switch_value))
+ return False;
+ if(!prs_align(ps))
+ return False;
+
+#if 1 /* W2k always needs this - even for bad passwd. JRA */
+
svn commit: samba r13434 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra
Date: 2006-02-10 18:05:55 + (Fri, 10 Feb 2006)
New Revision: 13434
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13434
Log:
Add stub for NET_SAM_LOGON_EX.
Jeremy.
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_netlog.c
branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_netlog.c 2006-02-10 17:55:44 UTC
(rev 13433)
+++ branches/SAMBA_3_0/source/rpc_server/srv_netlog.c 2006-02-10 18:05:55 UTC
(rev 13434)
@@ -210,7 +210,7 @@
return False;
}
-return True;
+ return True;
}
/*
@@ -307,6 +307,37 @@
}
/*
+ api_net_sam_logon_ex:
+ */
+
+static BOOL api_net_sam_logon_ex(pipes_struct *p)
+{
+ NET_Q_SAM_LOGON_EX q_u;
+ NET_R_SAM_LOGON_EX r_u;
+ prs_struct *data = p-in_data.data;
+ prs_struct *rdata = p-out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!net_io_q_sam_logon_ex(, q_u, data, 0)) {
+ DEBUG(0, (api_net_sam_logon_ex: Failed to unmarshall
NET_Q_SAM_LOGON_EX.\n));
+ return False;
+ }
+
+ r_u.status = _net_sam_logon_ex(p, q_u, r_u);
+
+ /* store the response in the SMB stream */
+ if(!net_io_r_sam_logon_ex(, r_u, rdata, 0)) {
+ DEBUG(0,(api_net_sam_logon_ex: Failed to marshall
NET_R_SAM_LOGON_EX.\n));
+ return False;
+ }
+
+ return True;
+}
+
+
+/*
api_ds_enum_dom_trusts:
*/
@@ -356,6 +387,7 @@
{ NET_LOGON_CTRL2 , NET_LOGON_CTRL2 , api_net_logon_ctrl2},
{ NET_TRUST_DOM_LIST, NET_TRUST_DOM_LIST, api_net_trust_dom_list },
{ NET_LOGON_CTRL, NET_LOGON_CTRL, api_net_logon_ctrl },
+ { NET_SAMLOGON_EX , NET_SAMLOGON_EX , api_net_sam_logon_ex },
#if 0 /* JERRY */
{ DS_ENUM_DOM_TRUSTS, DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts }
#endif /* JERRY */
Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10
17:55:44 UTC (rev 13433)
+++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10
18:05:55 UTC (rev 13434)
@@ -907,6 +907,16 @@
}
/*
+ _net_sam_logon_ex
+ */
+
+NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u,
NET_R_SAM_LOGON_EX *r_u)
+{
+ setup_fault_pdu(p, NT_STATUS(0x1c010002));
+ return NT_STATUS(0x1c010002);
+}
+
+/*
_ds_enum_dom_trusts
*/
#if 0 /* JERRY -- not correct */
svn commit: samba r13435 - in trunk/source/rpc_server: .
Author: jra
Date: 2006-02-10 18:05:56 + (Fri, 10 Feb 2006)
New Revision: 13435
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13435
Log:
Add stub for NET_SAM_LOGON_EX.
Jeremy.
Modified:
trunk/source/rpc_server/srv_netlog.c
trunk/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_netlog.c
===
--- trunk/source/rpc_server/srv_netlog.c2006-02-10 18:05:55 UTC (rev
13434)
+++ trunk/source/rpc_server/srv_netlog.c2006-02-10 18:05:56 UTC (rev
13435)
@@ -210,7 +210,7 @@
return False;
}
-return True;
+ return True;
}
/*
@@ -307,6 +307,37 @@
}
/*
+ api_net_sam_logon_ex:
+ */
+
+static BOOL api_net_sam_logon_ex(pipes_struct *p)
+{
+ NET_Q_SAM_LOGON_EX q_u;
+ NET_R_SAM_LOGON_EX r_u;
+ prs_struct *data = p-in_data.data;
+ prs_struct *rdata = p-out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!net_io_q_sam_logon_ex(, q_u, data, 0)) {
+ DEBUG(0, (api_net_sam_logon_ex: Failed to unmarshall
NET_Q_SAM_LOGON_EX.\n));
+ return False;
+ }
+
+ r_u.status = _net_sam_logon_ex(p, q_u, r_u);
+
+ /* store the response in the SMB stream */
+ if(!net_io_r_sam_logon_ex(, r_u, rdata, 0)) {
+ DEBUG(0,(api_net_sam_logon_ex: Failed to marshall
NET_R_SAM_LOGON_EX.\n));
+ return False;
+ }
+
+ return True;
+}
+
+
+/*
api_ds_enum_dom_trusts:
*/
@@ -356,6 +387,7 @@
{ NET_LOGON_CTRL2 , NET_LOGON_CTRL2 , api_net_logon_ctrl2},
{ NET_TRUST_DOM_LIST, NET_TRUST_DOM_LIST, api_net_trust_dom_list },
{ NET_LOGON_CTRL, NET_LOGON_CTRL, api_net_logon_ctrl },
+ { NET_SAMLOGON_EX , NET_SAMLOGON_EX , api_net_sam_logon_ex },
#if 0 /* JERRY */
{ DS_ENUM_DOM_TRUSTS, DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts }
#endif /* JERRY */
Modified: trunk/source/rpc_server/srv_netlog_nt.c
===
--- trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:05:55 UTC (rev
13434)
+++ trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:05:56 UTC (rev
13435)
@@ -907,6 +907,16 @@
}
/*
+ _net_sam_logon_ex
+ */
+
+NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u,
NET_R_SAM_LOGON_EX *r_u)
+{
+ setup_fault_pdu(p, NT_STATUS(0x1c010002));
+ return NT_STATUS(0x1c010002);
+}
+
+/*
_ds_enum_dom_trusts
*/
#if 0 /* JERRY -- not correct */
svn commit: samba r13436 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra
Date: 2006-02-10 18:51:18 + (Fri, 10 Feb 2006)
New Revision: 13436
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13436
Log:
Add in NET_SAM_LOGON_EX. Still needs testing.
Jeremy
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10
18:05:56 UTC (rev 13435)
+++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10
18:51:18 UTC (rev 13436)
@@ -614,7 +614,10 @@
_net_sam_logon
*/
-NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON
*r_u)
+static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
+ NET_Q_SAM_LOGON *q_u,
+ NET_R_SAM_LOGON *r_u,
+ BOOL process_creds)
{
NTSTATUS status = NT_STATUS_OK;
NET_USER_INFO_3 *usr_info = NULL;
@@ -648,8 +651,10 @@
if (!get_valid_user_struct(p-vuid))
return NT_STATUS_NO_SUCH_USER;
- if (!p-dc || !p-dc-authenticated) {
- return NT_STATUS_INVALID_HANDLE;
+ if (process_creds) {
+ if (!p-dc || !p-dc-authenticated) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
}
if ( (lp_server_schannel() == True) (p-auth.auth_type !=
PIPE_AUTH_TYPE_SCHANNEL) ) {
@@ -661,12 +666,14 @@
return NT_STATUS_ACCESS_DENIED;
}
- /* checks and updates credentials. creates reply credentials */
- if (!creds_server_step(p-dc, q_u-sam_id.client.cred,
r_u-srv_creds)) {
- DEBUG(2,(_net_sam_logon: creds_server_step failed. Rejecting
auth
- request from client %s machine account %s\n,
- p-dc-remote_machine, p-dc-mach_acct ));
- return NT_STATUS_INVALID_PARAMETER;
+ if (process_creds) {
+ /* checks and updates credentials. creates reply credentials */
+ if (!creds_server_step(p-dc, q_u-sam_id.client.cred,
r_u-srv_creds)) {
+ DEBUG(2,(_net_sam_logon: creds_server_step failed.
Rejecting auth
+ request from client %s machine account %s\n,
+ p-dc-remote_machine, p-dc-mach_acct ));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
}
/* find the username */
@@ -907,13 +914,48 @@
}
/*
- _net_sam_logon_ex
+ _net_sam_logon
*/
+NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON
*r_u)
+{
+ return _net_sam_logon_internal(p, q_u, r_u, True);
+}
+
+/*
+ _net_sam_logon_ex - no credential chaining. Map into net sam logon.
+ */
+
NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u,
NET_R_SAM_LOGON_EX *r_u)
{
- setup_fault_pdu(p, NT_STATUS(0x1c010002));
- return NT_STATUS(0x1c010002);
+ NET_Q_SAM_LOGON q;
+ NET_R_SAM_LOGON r;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Only allow this if the pipe is protected. */
+ /* FIXME ! */
+
+ /* Map a NET_Q_SAM_LOGON_EX to NET_Q_SAM_LOGON. */
+ q.validation_level = q_u-validation_level;
+
+ /* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */
+ q.sam_id.logon_level = q_u-sam_id.logon_level;
+ q.sam_id.ctr = q_u-sam_id.ctr;
+
+ r_u-status = _net_sam_logon_internal(p, q, r, False);
+
+ if (!NT_STATUS_IS_OK(r_u-status)) {
+ return r_u-status;
+ }
+
+ /* Map the NET_R_SAM_LOGON to NET_R_SAM_LOGON_EX. */
+ r_u-switch_value = r.switch_value;
+ r_u-user = r.user;
+ r_u-auth_resp = r.auth_resp;
+ r_u-flags = 0; /* FIXME ! */
+ return r_u-status;
}
/*
svn commit: samba r13437 - in trunk/source/rpc_server: .
Author: jra
Date: 2006-02-10 18:51:20 + (Fri, 10 Feb 2006)
New Revision: 13437
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13437
Log:
Add in NET_SAM_LOGON_EX. Still needs testing.
Jeremy
Modified:
trunk/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_netlog_nt.c
===
--- trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:51:18 UTC (rev
13436)
+++ trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:51:20 UTC (rev
13437)
@@ -614,7 +614,10 @@
_net_sam_logon
*/
-NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON
*r_u)
+static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
+ NET_Q_SAM_LOGON *q_u,
+ NET_R_SAM_LOGON *r_u,
+ BOOL process_creds)
{
NTSTATUS status = NT_STATUS_OK;
NET_USER_INFO_3 *usr_info = NULL;
@@ -648,8 +651,10 @@
if (!get_valid_user_struct(p-vuid))
return NT_STATUS_NO_SUCH_USER;
- if (!p-dc || !p-dc-authenticated) {
- return NT_STATUS_INVALID_HANDLE;
+ if (process_creds) {
+ if (!p-dc || !p-dc-authenticated) {
+ return NT_STATUS_INVALID_HANDLE;
+ }
}
if ( (lp_server_schannel() == True) (p-auth.auth_type !=
PIPE_AUTH_TYPE_SCHANNEL) ) {
@@ -661,12 +666,14 @@
return NT_STATUS_ACCESS_DENIED;
}
- /* checks and updates credentials. creates reply credentials */
- if (!creds_server_step(p-dc, q_u-sam_id.client.cred,
r_u-srv_creds)) {
- DEBUG(2,(_net_sam_logon: creds_server_step failed. Rejecting
auth
- request from client %s machine account %s\n,
- p-dc-remote_machine, p-dc-mach_acct ));
- return NT_STATUS_INVALID_PARAMETER;
+ if (process_creds) {
+ /* checks and updates credentials. creates reply credentials */
+ if (!creds_server_step(p-dc, q_u-sam_id.client.cred,
r_u-srv_creds)) {
+ DEBUG(2,(_net_sam_logon: creds_server_step failed.
Rejecting auth
+ request from client %s machine account %s\n,
+ p-dc-remote_machine, p-dc-mach_acct ));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
}
/* find the username */
@@ -907,13 +914,48 @@
}
/*
- _net_sam_logon_ex
+ _net_sam_logon
*/
+NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON
*r_u)
+{
+ return _net_sam_logon_internal(p, q_u, r_u, True);
+}
+
+/*
+ _net_sam_logon_ex - no credential chaining. Map into net sam logon.
+ */
+
NTSTATUS _net_sam_logon_ex(pipes_struct *p, NET_Q_SAM_LOGON_EX *q_u,
NET_R_SAM_LOGON_EX *r_u)
{
- setup_fault_pdu(p, NT_STATUS(0x1c010002));
- return NT_STATUS(0x1c010002);
+ NET_Q_SAM_LOGON q;
+ NET_R_SAM_LOGON r;
+
+ ZERO_STRUCT(q);
+ ZERO_STRUCT(r);
+
+ /* Only allow this if the pipe is protected. */
+ /* FIXME ! */
+
+ /* Map a NET_Q_SAM_LOGON_EX to NET_Q_SAM_LOGON. */
+ q.validation_level = q_u-validation_level;
+
+ /* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */
+ q.sam_id.logon_level = q_u-sam_id.logon_level;
+ q.sam_id.ctr = q_u-sam_id.ctr;
+
+ r_u-status = _net_sam_logon_internal(p, q, r, False);
+
+ if (!NT_STATUS_IS_OK(r_u-status)) {
+ return r_u-status;
+ }
+
+ /* Map the NET_R_SAM_LOGON to NET_R_SAM_LOGON_EX. */
+ r_u-switch_value = r.switch_value;
+ r_u-user = r.user;
+ r_u-auth_resp = r.auth_resp;
+ r_u-flags = 0; /* FIXME ! */
+ return r_u-status;
}
/*
svn commit: samba r13438 - in trunk/source: include rpc_parse rpc_server
Author: jra
Date: 2006-02-10 19:16:48 + (Fri, 10 Feb 2006)
New Revision: 13438
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13438
Log:
Fix NET_SAM_LOGON_EX.
Jeremy.
Modified:
trunk/source/include/rpc_netlogon.h
trunk/source/rpc_parse/parse_misc.c
trunk/source/rpc_parse/parse_net.c
trunk/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: trunk/source/include/rpc_netlogon.h
===
--- trunk/source/include/rpc_netlogon.h 2006-02-10 18:51:20 UTC (rev 13437)
+++ trunk/source/include/rpc_netlogon.h 2006-02-10 19:16:48 UTC (rev 13438)
@@ -574,7 +574,7 @@
/* SAM_INFO - sam logon/off id structure - no creds */
typedef struct sam_info_ex {
- DOM_CLNT_INFO2 client;
+ DOM_CLNT_SRVclient;
uint16 logon_level;
NET_ID_INFO_CTR *ctr;
} DOM_SAM_INFO_EX;
Modified: trunk/source/rpc_parse/parse_misc.c
===
--- trunk/source/rpc_parse/parse_misc.c 2006-02-10 18:51:20 UTC (rev 13437)
+++ trunk/source/rpc_parse/parse_misc.c 2006-02-10 19:16:48 UTC (rev 13438)
@@ -1368,7 +1368,7 @@
Inits or writes a DOM_CLNT_SRV structure.
/
-static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *logcln, prs_struct
*ps, int depth)
+BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *logcln, prs_struct *ps,
int depth)
{
if (logcln == NULL)
return False;
Modified: trunk/source/rpc_parse/parse_net.c
===
--- trunk/source/rpc_parse/parse_net.c 2006-02-10 18:51:20 UTC (rev 13437)
+++ trunk/source/rpc_parse/parse_net.c 2006-02-10 19:16:48 UTC (rev 13438)
@@ -1381,7 +1381,7 @@
if(!prs_align(ps))
return False;
- if(!smb_io_clnt_info2(, sam-client, ps, depth))
+ if(!smb_io_clnt_srv(, sam-client, ps, depth))
return False;
if(!prs_uint16(logon_level , ps, depth, sam-logon_level))
Modified: trunk/source/rpc_server/srv_netlog_nt.c
===
--- trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 18:51:20 UTC (rev
13437)
+++ trunk/source/rpc_server/srv_netlog_nt.c 2006-02-10 19:16:48 UTC (rev
13438)
@@ -941,6 +941,7 @@
q.validation_level = q_u-validation_level;
/* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */
+ q.sam_id.client.login = q_u-sam_id.client;
q.sam_id.logon_level = q_u-sam_id.logon_level;
q.sam_id.ctr = q_u-sam_id.ctr;
svn commit: samba r13439 - in branches/SAMBA_3_0/source: include rpc_parse rpc_server
Author: jra
Date: 2006-02-10 19:16:50 + (Fri, 10 Feb 2006)
New Revision: 13439
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13439
Log:
Fix NET_SAM_LOGON_EX.
Jeremy.
Modified:
branches/SAMBA_3_0/source/include/rpc_netlogon.h
branches/SAMBA_3_0/source/rpc_parse/parse_misc.c
branches/SAMBA_3_0/source/rpc_parse/parse_net.c
branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h
===
--- branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-10 19:16:48 UTC
(rev 13438)
+++ branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-10 19:16:50 UTC
(rev 13439)
@@ -574,7 +574,7 @@
/* SAM_INFO - sam logon/off id structure - no creds */
typedef struct sam_info_ex {
- DOM_CLNT_INFO2 client;
+ DOM_CLNT_SRVclient;
uint16 logon_level;
NET_ID_INFO_CTR *ctr;
} DOM_SAM_INFO_EX;
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_misc.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_misc.c2006-02-10 19:16:48 UTC
(rev 13438)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_misc.c2006-02-10 19:16:50 UTC
(rev 13439)
@@ -1368,7 +1368,7 @@
Inits or writes a DOM_CLNT_SRV structure.
/
-static BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *logcln, prs_struct
*ps, int depth)
+BOOL smb_io_clnt_srv(const char *desc, DOM_CLNT_SRV *logcln, prs_struct *ps,
int depth)
{
if (logcln == NULL)
return False;
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_net.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-10 19:16:48 UTC
(rev 13438)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-10 19:16:50 UTC
(rev 13439)
@@ -1381,7 +1381,7 @@
if(!prs_align(ps))
return False;
- if(!smb_io_clnt_info2(, sam-client, ps, depth))
+ if(!smb_io_clnt_srv(, sam-client, ps, depth))
return False;
if(!prs_uint16(logon_level , ps, depth, sam-logon_level))
Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10
19:16:48 UTC (rev 13438)
+++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10
19:16:50 UTC (rev 13439)
@@ -941,6 +941,7 @@
q.validation_level = q_u-validation_level;
/* Map a DOM_SAM_INFO_EX into a DOM_SAM_INFO with no creds. */
+ q.sam_id.client.login = q_u-sam_id.client;
q.sam_id.logon_level = q_u-sam_id.logon_level;
q.sam_id.ctr = q_u-sam_id.ctr;
svn commit: samba r13440 - in trunk/source/rpc_server: .
Author: vlendec
Date: 2006-02-10 21:16:30 + (Fri, 10 Feb 2006)
New Revision: 13440
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13440
Log:
Substitute one of our three (!) routines to get a group's members. This
particular incarnation was just to count the group members for
query_group_info level 1.
Volker
Modified:
trunk/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_samr_nt.c
===
--- trunk/source/rpc_server/srv_samr_nt.c 2006-02-10 19:16:50 UTC (rev
13439)
+++ trunk/source/rpc_server/srv_samr_nt.c 2006-02-10 21:16:30 UTC (rev
13440)
@@ -3621,70 +3621,6 @@
return NT_STATUS_OK;
}
-static void add_uid_to_array_unique(uid_t uid, uid_t **uids, int *num)
-{
- int i;
-
- for (i=0; i*num; i++) {
- if ((*uids)[i] == uid)
- return;
- }
-
- *uids = SMB_REALLOC_ARRAY(*uids, uid_t, *num+1);
-
- if (*uids == NULL)
- return;
-
- (*uids)[*num] = uid;
- *num += 1;
-}
-
-
-static BOOL get_memberuids(gid_t gid, uid_t **uids, int *num)
-{
- struct group *grp;
- char **gr;
- struct sys_pwent *userlist, *user;
-
- *uids = NULL;
- *num = 0;
-
- /* We only look at our own sam, so don't care about imported stuff */
-
- winbind_off();
-
- if ((grp = getgrgid(gid)) == NULL) {
- winbind_on();
- return False;
- }
-
- /* Primary group members */
-
- userlist = getpwent_list();
-
- for (user = userlist; user != NULL; user = user-next) {
- if (user-pw_gid != gid)
- continue;
- add_uid_to_array_unique(user-pw_uid, uids, num);
- }
-
- pwent_free(userlist);
-
- /* Secondary group members */
-
- for (gr = grp-gr_mem; (*gr != NULL) ((*gr)[0] != '\0'); gr += 1) {
- struct passwd *pw = getpwnam(*gr);
-
- if (pw == NULL)
- continue;
- add_uid_to_array_unique(pw-pw_uid, uids, num);
- }
-
- winbind_on();
-
- return True;
-}
-
/*
_samr_query_groupmem
*/
@@ -4476,9 +4412,6 @@
{
DOM_SID group_sid;
GROUP_MAP map;
- DOM_SID *sids=NULL;
- uid_t *uids;
- int num=0;
GROUP_INFO_CTR *ctr;
uint32 acc_granted;
BOOL ret;
@@ -4501,14 +4434,25 @@
return NT_STATUS_NO_MEMORY;
switch (q_u-switch_level) {
- case 1:
+ case 1: {
+ uint32 *members;
+ size_t num_members;
+
ctr-switch_value1 = 1;
- if(!get_memberuids(map.gid, uids, num))
- return NT_STATUS_NO_SUCH_GROUP;
- SAFE_FREE(uids);
- init_samr_group_info1(ctr-group.info1, map.nt_name,
map.comment, num);
- SAFE_FREE(sids);
+
+ become_root();
+ r_u-status = pdb_enum_group_members(
+ p-mem_ctx, group_sid, members, num_members);
+ unbecome_root();
+
+ if (!NT_STATUS_IS_OK(r_u-status)) {
+ return r_u-status;
+ }
+
+ init_samr_group_info1(ctr-group.info1, map.nt_name,
+ map.comment, num_members);
break;
+ }
case 3:
ctr-switch_value1 = 3;
init_samr_group_info3(ctr-group.info3);
svn commit: samba r13441 - in trunk/source: auth lib smbd
Author: vlendec
Date: 2006-02-10 23:00:35 + (Fri, 10 Feb 2006)
New Revision: 13441
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13441
Log:
For the well-known reasons user_in_group is broken (winbind can't always
reliably tell). Replace two uses by an appropriate check going via
create_token_from_username.
Sounds expensive and probably is, but user_in_group is potentially much more
expensive as it lists all group members and checks for membership. Potentially
even much more expensive.
The change in auth_sam is for the + in the list of allowed
workstations. This only makes sense on for workstations defined locally
anyway, thus unix_in_group-unix_in_user_group.
Volker
Modified:
trunk/source/auth/auth_sam.c
trunk/source/auth/auth_util.c
trunk/source/lib/username.c
trunk/source/smbd/posix_acls.c
trunk/source/smbd/service.c
Changeset:
Modified: trunk/source/auth/auth_sam.c
===
--- trunk/source/auth/auth_sam.c2006-02-10 21:16:30 UTC (rev 13440)
+++ trunk/source/auth/auth_sam.c2006-02-10 23:00:35 UTC (rev 13441)
@@ -192,7 +192,7 @@
if (tok[0] == '+') {
DEBUG(10,(sam_account_ok: checking for
workstation %s in group: %s\n,
machine_name, tok + 1));
- if (user_in_group(machine_name, tok + 1)) {
+ if (user_in_unix_group(machine_name, tok + 1)) {
invalid_ws = False;
break;
}
Modified: trunk/source/auth/auth_util.c
===
--- trunk/source/auth/auth_util.c 2006-02-10 21:16:30 UTC (rev 13440)
+++ trunk/source/auth/auth_util.c 2006-02-10 23:00:35 UTC (rev 13441)
@@ -1021,6 +1021,46 @@
}
/***
+ Build upon create_token_from_username:
+
+ Expensive helper function to figure out whether a user given its name is
+ member of a particular group.
+
+ (Justification: Before this function existed, the callers of this function
+ called user_in_group() which was potentially even more expensive as
+ it lists all group members which can be *huge* -- vl )
+
+***/
+BOOL username_in_group(const char *username, const DOM_SID *group_sid)
+{
+ NTSTATUS status;
+ uid_t uid;
+ gid_t gid;
+ char *found_username;
+ struct nt_user_token *token;
+ BOOL result;
+
+ TALLOC_CTX *mem_ctx;
+
+ mem_ctx = talloc_new(NULL);
+ if (mem_ctx == NULL) {
+ DEBUG(0, (talloc_new failed\n));
+ return False;
+ }
+
+ status = create_token_from_username(mem_ctx, username, False,
+ uid, gid, found_username,
+ token);
+
+ result = nt_token_check_sid(group_sid, token);
+
+ talloc_free(mem_ctx);
+ return result;
+
+}
+
+
+/***
Make (and fill) a user_info struct from a Kerberos PAC logon_info by
conversion to a SAM_ACCOUNT
***/
Modified: trunk/source/lib/username.c
===
--- trunk/source/lib/username.c 2006-02-10 21:16:30 UTC (rev 13440)
+++ trunk/source/lib/username.c 2006-02-10 23:00:35 UTC (rev 13441)
@@ -529,7 +529,7 @@
Check if a user is in a group list. Ask winbind first, then use UNIX.
/
-BOOL user_in_group(const char *user, const char *gname)
+static BOOL user_in_group(const char *user, const char *gname)
{
BOOL winbind_answered = False;
BOOL ret;
Modified: trunk/source/smbd/posix_acls.c
===
--- trunk/source/smbd/posix_acls.c 2006-02-10 21:16:30 UTC (rev 13440)
+++ trunk/source/smbd/posix_acls.c 2006-02-10 23:00:35 UTC (rev 13441)
@@ -1015,7 +1015,6 @@
static BOOL uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
{
fstring u_name;
- fstring g_name;
/* Everyone always matches every uid. */
@@ -1028,14 +1027,7 @@
return True;
fstrcpy(u_name, uidtoname(uid_ace-unix_ug.uid));
- fstrcpy(g_name, gidtoname(group_ace-unix_ug.gid));
-
- /*
-* Due to the winbind interfaces we need to do this via names,
-* not uids/gids.
-*/
-
- return user_in_group(u_name, g_name);
+ return username_in_group(u_name, group_ace-trustee);
}
svn commit: samba r13442 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/nsswitch branches/SAMBA_3_0/source/rpc_client branches/SAMBA_3_0/source/rpc_parse branches/SAMBA_3_0/source/rpc_s
Author: gd Date: 2006-02-10 23:09:00 + (Fri, 10 Feb 2006) New Revision: 13442 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13442 Log: Implement samr_chgpasswd_user3 server-side. Guenther Modified: branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0/source/rpc_client/cli_samr.c branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/rpcclient/cmd_samr.c branches/SAMBA_3_0/source/smbd/chgpasswd.c trunk/source/include/rpc_samr.h trunk/source/nsswitch/winbindd_pam.c trunk/source/rpc_client/cli_samr.c trunk/source/rpc_parse/parse_samr.c trunk/source/rpc_server/srv_samr.c trunk/source/rpc_server/srv_samr_nt.c trunk/source/rpcclient/cmd_samr.c trunk/source/smbd/chgpasswd.c Changeset: Sorry, the patch is too large (1369 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13442
svn commit: samba r13443 - branches/SAMBA_3_0/source/smbd trunk/source/smbd
Author: gd
Date: 2006-02-10 23:23:10 + (Fri, 10 Feb 2006)
New Revision: 13443
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13443
Log:
Fix the build.
Guenther
Modified:
branches/SAMBA_3_0/source/smbd/lanman.c
trunk/source/smbd/lanman.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/lanman.c
===
--- branches/SAMBA_3_0/source/smbd/lanman.c 2006-02-10 23:09:00 UTC (rev
13442)
+++ branches/SAMBA_3_0/source/smbd/lanman.c 2006-02-10 23:23:10 UTC (rev
13443)
@@ -2214,7 +2214,7 @@
if
(NT_STATUS_IS_OK(check_plaintext_password(user,password,server_info))) {
become_root();
- if
(NT_STATUS_IS_OK(change_oem_password(server_info-sam_account, pass1, pass2,
False))) {
+ if
(NT_STATUS_IS_OK(change_oem_password(server_info-sam_account, pass1, pass2,
False, NULL))) {
SSVAL(*rparam,0,NERR_Success);
}
unbecome_root();
@@ -2297,7 +2297,7 @@
(void)map_username(user);
- if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar
*)data[516], NULL, NULL))) {
+ if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar
*)data[516], NULL, NULL, NULL))) {
SSVAL(*rparam,0,NERR_Success);
}
Modified: trunk/source/smbd/lanman.c
===
--- trunk/source/smbd/lanman.c 2006-02-10 23:09:00 UTC (rev 13442)
+++ trunk/source/smbd/lanman.c 2006-02-10 23:23:10 UTC (rev 13443)
@@ -2214,7 +2214,7 @@
if
(NT_STATUS_IS_OK(check_plaintext_password(user,password,server_info))) {
become_root();
- if
(NT_STATUS_IS_OK(change_oem_password(server_info-sam_account, pass1, pass2,
False))) {
+ if
(NT_STATUS_IS_OK(change_oem_password(server_info-sam_account, pass1, pass2,
False, NULL))) {
SSVAL(*rparam,0,NERR_Success);
}
unbecome_root();
@@ -2297,7 +2297,7 @@
(void)map_username(user);
- if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar
*)data[516], NULL, NULL))) {
+ if (NT_STATUS_IS_OK(pass_oem_change(user, (uchar*) data, (uchar
*)data[516], NULL, NULL, NULL))) {
SSVAL(*rparam,0,NERR_Success);
}
svn commit: samba r13444 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/rpc_server branches/SAMBA_3_0/source/smbd trunk/source/include trunk/source/rpc_server trunk/source/smbd
Author: gd
Date: 2006-02-10 23:41:41 + (Fri, 10 Feb 2006)
New Revision: 13444
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13444
Log:
Add REJECT_REASON_OTHER for samr_chgpasswd_user3
Guenther
Modified:
branches/SAMBA_3_0/source/include/rpc_samr.h
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
branches/SAMBA_3_0/source/smbd/chgpasswd.c
trunk/source/include/rpc_samr.h
trunk/source/rpc_server/srv_samr_nt.c
trunk/source/smbd/chgpasswd.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_samr.h
===
--- branches/SAMBA_3_0/source/include/rpc_samr.h2006-02-10 23:23:10 UTC
(rev 13443)
+++ branches/SAMBA_3_0/source/include/rpc_samr.h2006-02-10 23:41:41 UTC
(rev 13444)
@@ -1848,6 +1848,7 @@
} SAMR_Q_CHGPASSWD_USER3;
+#define REJECT_REASON_OTHER0x
#define REJECT_REASON_TOO_SHORT0x0001
#define REJECT_REASON_IN_HISTORY 0x0002
#define REJECT_REASON_NOT_COMPLEX 0x0005
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-02-10 23:23:10 UTC
(rev 13443)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2006-02-10 23:41:41 UTC
(rev 13444)
@@ -1505,7 +1505,8 @@
r_u-status = pass_oem_change(user_name, q_u-lm_newpass.pass,
q_u-lm_oldhash.hash,
q_u-nt_newpass.pass,
q_u-nt_oldhash.hash, reject_reason);
- if (NT_STATUS_EQUAL(r_u-status, NT_STATUS_PASSWORD_RESTRICTION)) {
+ if (NT_STATUS_EQUAL(r_u-status, NT_STATUS_PASSWORD_RESTRICTION) ||
+ NT_STATUS_EQUAL(r_u-status, NT_STATUS_ACCOUNT_RESTRICTION)) {
uint32 min_pass_len,pass_hist,password_properties;
time_t u_expire, u_min_age;
Modified: branches/SAMBA_3_0/source/smbd/chgpasswd.c
===
--- branches/SAMBA_3_0/source/smbd/chgpasswd.c 2006-02-10 23:23:10 UTC (rev
13443)
+++ branches/SAMBA_3_0/source/smbd/chgpasswd.c 2006-02-10 23:41:41 UTC (rev
13444)
@@ -1016,6 +1016,10 @@
time_t last_change_time = pdb_get_pass_last_set_time(hnd);
time_t can_change_time = pdb_get_pass_can_change_time(hnd);
+ if (samr_reject_reason) {
+ *samr_reject_reason = Undefined;
+ }
+
if (pdb_get_account_policy(AP_MIN_PASSWORD_AGE, min_age)) {
/*
* Windows calculates the minimum password age check
@@ -1026,6 +1030,9 @@
DEBUG(1, (user %s cannot change password now, must
wait until %s\n, username,
http_timestring(last_change_time+min_age)));
+ if (samr_reject_reason) {
+ *samr_reject_reason = REJECT_REASON_OTHER;
+ }
return NT_STATUS_ACCOUNT_RESTRICTION;
}
} else {
@@ -1033,6 +1040,9 @@
DEBUG(1, (user %s cannot change password now, must
wait until %s\n, username,
http_timestring(can_change_time)));
+ if (samr_reject_reason) {
+ *samr_reject_reason = REJECT_REASON_OTHER;
+ }
return NT_STATUS_ACCOUNT_RESTRICTION;
}
}
Modified: trunk/source/include/rpc_samr.h
===
--- trunk/source/include/rpc_samr.h 2006-02-10 23:23:10 UTC (rev 13443)
+++ trunk/source/include/rpc_samr.h 2006-02-10 23:41:41 UTC (rev 13444)
@@ -1848,6 +1848,7 @@
} SAMR_Q_CHGPASSWD_USER3;
+#define REJECT_REASON_OTHER0x
#define REJECT_REASON_TOO_SHORT0x0001
#define REJECT_REASON_IN_HISTORY 0x0002
#define REJECT_REASON_NOT_COMPLEX 0x0005
Modified: trunk/source/rpc_server/srv_samr_nt.c
===
--- trunk/source/rpc_server/srv_samr_nt.c 2006-02-10 23:23:10 UTC (rev
13443)
+++ trunk/source/rpc_server/srv_samr_nt.c 2006-02-10 23:41:41 UTC (rev
13444)
@@ -1505,7 +1505,8 @@
r_u-status = pass_oem_change(user_name, q_u-lm_newpass.pass,
q_u-lm_oldhash.hash,
q_u-nt_newpass.pass,
q_u-nt_oldhash.hash, reject_reason);
- if (NT_STATUS_EQUAL(r_u-status, NT_STATUS_PASSWORD_RESTRICTION)) {
+ if (NT_STATUS_EQUAL(r_u-status, NT_STATUS_PASSWORD_RESTRICTION) ||
+ NT_STATUS_EQUAL(r_u-status, NT_STATUS_ACCOUNT_RESTRICTION)) {
uint32 min_pass_len,pass_hist,password_properties;
time_t u_expire, u_min_age;
Modified:
svn commit: samba r13445 - branches/SAMBA_3_0/source/rpc_parse trunk/source/rpc_parse
Author: gd
Date: 2006-02-10 23:49:52 + (Fri, 10 Feb 2006)
New Revision: 13445
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13445
Log:
We already made the decision whether to include the dominfo and
changereject.
Guenther
Modified:
branches/SAMBA_3_0/source/rpc_parse/parse_samr.c
trunk/source/rpc_parse/parse_samr.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2006-02-10 23:41:41 UTC
(rev 13444)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2006-02-10 23:49:52 UTC
(rev 13445)
@@ -7422,16 +7422,14 @@
r_u-reject = 0;
r_u-ptr_reject = 0;
- if (NT_STATUS_EQUAL(r_u-status, NT_STATUS_PASSWORD_RESTRICTION)) {
- if (info) {
- r_u-info = info;
- r_u-ptr_info = 1;
- }
- if (reject) {
- r_u-reject = reject;
- r_u-ptr_reject = 1;
- }
+ if (info) {
+ r_u-info = info;
+ r_u-ptr_info = 1;
}
+ if (reject (reject-reject_reason != Undefined)) {
+ r_u-reject = reject;
+ r_u-ptr_reject = 1;
+ }
}
/***
Modified: trunk/source/rpc_parse/parse_samr.c
===
--- trunk/source/rpc_parse/parse_samr.c 2006-02-10 23:41:41 UTC (rev 13444)
+++ trunk/source/rpc_parse/parse_samr.c 2006-02-10 23:49:52 UTC (rev 13445)
@@ -7422,16 +7422,14 @@
r_u-reject = 0;
r_u-ptr_reject = 0;
- if (NT_STATUS_EQUAL(r_u-status, NT_STATUS_PASSWORD_RESTRICTION)) {
- if (info) {
- r_u-info = info;
- r_u-ptr_info = 1;
- }
- if (reject) {
- r_u-reject = reject;
- r_u-ptr_reject = 1;
- }
+ if (info) {
+ r_u-info = info;
+ r_u-ptr_info = 1;
}
+ if (reject (reject-reject_reason != Undefined)) {
+ r_u-reject = reject;
+ r_u-ptr_reject = 1;
+ }
}
/***
svn commit: samba r13446 - in trunk/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-10 23:52:51 + (Fri, 10 Feb 2006) New Revision: 13446 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13446 Log: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3. Jeremy. Modified: trunk/source/include/rpc_lsa.h trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_server/srv_lsa.c trunk/source/rpc_server/srv_lsa_nt.c trunk/source/rpc_server/srv_netlog_nt.c Changeset: Sorry, the patch is too large (935 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13446
svn commit: samba r13447 - in branches/SAMBA_3_0/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-10 23:52:53 + (Fri, 10 Feb 2006) New Revision: 13447 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13447 Log: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Sorry, the patch is too large (935 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13447
svn commit: samba r13448 - branches/SAMBA_3_0/source/rpcclient trunk/source/rpcclient
Author: gd
Date: 2006-02-10 23:54:45 + (Fri, 10 Feb 2006)
New Revision: 13448
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13448
Log:
Fix the build (again).
Guenther
Modified:
branches/SAMBA_3_0/source/rpcclient/cmd_samr.c
trunk/source/rpcclient/cmd_samr.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpcclient/cmd_samr.c
===
--- branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2006-02-10 23:52:53 UTC
(rev 13447)
+++ branches/SAMBA_3_0/source/rpcclient/cmd_samr.c 2006-02-10 23:54:45 UTC
(rev 13448)
@@ -2021,6 +2021,6 @@
{ getdompwinfo, RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo,
NULL, PI_SAMR, NULL, Retrieve domain password info, },
{ lookupdomain, RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain,
NULL, PI_SAMR, NULL, Lookup Domain Name, },
- { chgpasswd3, RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd,
NULL, PI_SAMR, NULL, Change user password, },
+ { chgpasswd3, RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3,
NULL, PI_SAMR, NULL, Change user password, },
{ NULL }
};
Modified: trunk/source/rpcclient/cmd_samr.c
===
--- trunk/source/rpcclient/cmd_samr.c 2006-02-10 23:52:53 UTC (rev 13447)
+++ trunk/source/rpcclient/cmd_samr.c 2006-02-10 23:54:45 UTC (rev 13448)
@@ -2021,6 +2021,6 @@
{ getdompwinfo, RPC_RTYPE_NTSTATUS, cmd_samr_get_dom_pwinfo,
NULL, PI_SAMR, NULL, Retrieve domain password info, },
{ lookupdomain, RPC_RTYPE_NTSTATUS, cmd_samr_lookup_domain,
NULL, PI_SAMR, NULL, Lookup Domain Name, },
- { chgpasswd3, RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd,
NULL, PI_SAMR, NULL, Change user password, },
+ { chgpasswd3, RPC_RTYPE_NTSTATUS, cmd_samr_chgpasswd3,
NULL, PI_SAMR, NULL, Change user password, },
{ NULL }
};
Build status as of Sat Feb 11 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-02-10 00:01:23.0 + +++ /home/build/master/cache/broken_results.txt 2006-02-11 00:00:51.0 + @@ -1,17 +1,17 @@ -Build status as of Fri Feb 10 00:00:02 2006 +Build status as of Sat Feb 11 00:00:02 2006 Build counts: Tree Total Broken Panic ccache 6 2 0 distcc 8 2 0 lorikeet-heimdal 16 16 0 -ppp 16 0 0 +ppp 15 0 0 rsync31 4 0 samba2 0 0 samba-docs 0 0 0 -samba4 33 21 2 -samba_3_032 9 0 -smb-build23 4 0 +samba4 32 20 2 +samba_3_032 18 0 +smb-build20 4 0 talloc 29 11 0 tdb 4 1 0
svn commit: samba r13449 - in branches/SAMBA_3_0/source: include rpc_server
Author: jra
Date: 2006-02-11 00:04:39 + (Sat, 11 Feb 2006)
New Revision: 13449
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13449
Log:
Ensure we don't crash if no dc struct on pipe.
Jeremy.
Modified:
branches/SAMBA_3_0/source/include/rpc_lsa.h
branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h
===
--- branches/SAMBA_3_0/source/include/rpc_lsa.h 2006-02-10 23:54:45 UTC (rev
13448)
+++ branches/SAMBA_3_0/source/include/rpc_lsa.h 2006-02-11 00:04:39 UTC (rev
13449)
@@ -78,7 +78,10 @@
#define LSA_OPENTRUSTDOMBYNAME 0x37
#define LSA_LOOKUPSIDS20x39
+#define LSA_LOOKUPNAMES2 0x3a
+#define LSA_LOOKUPNAMES3 0x44
#define LSA_LOOKUPSIDS30x4c
+#define LSA_LOOKUPNAMES4 0x4d
/* these are here to get a compile! */
#define LSA_LOOKUPRIDS 0xFD
Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-02-10 23:54:45 UTC
(rev 13448)
+++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-02-11 00:04:39 UTC
(rev 13449)
@@ -858,6 +858,11 @@
}
/* No policy handle on this call. Restrict to crypto connections. */
+ if (p-auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
+ DEBUG(0,(_lsa_lookup_sids3: client %s not using schannel for
netlogon\n,
+ get_remote_machine_name() ));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
if (num_sids MAX_LOOKUP_SIDS) {
DEBUG(5,(_lsa_lookup_sids3: limit of %d exceeded, requested
%d\n,
Modified: branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-10
23:54:45 UTC (rev 13448)
+++ branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c2006-02-11
00:04:39 UTC (rev 13449)
@@ -937,7 +937,7 @@
/* Only allow this if the pipe is protected. */
if (p-auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
DEBUG(0,(_net_sam_logon_ex: client %s not using schannel for
netlogon\n,
- p-dc-remote_machine ));
+ get_remote_machine_name() ));
return NT_STATUS_INVALID_PARAMETER;
}
svn commit: samba r13450 - in trunk/source: include rpc_server
Author: jra
Date: 2006-02-11 00:04:59 + (Sat, 11 Feb 2006)
New Revision: 13450
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13450
Log:
Ensure we don't crash if no dc struct on pipe.
Jeremy.
Modified:
trunk/source/include/rpc_lsa.h
trunk/source/rpc_server/srv_lsa_nt.c
trunk/source/rpc_server/srv_netlog_nt.c
Changeset:
Modified: trunk/source/include/rpc_lsa.h
===
--- trunk/source/include/rpc_lsa.h 2006-02-11 00:04:39 UTC (rev 13449)
+++ trunk/source/include/rpc_lsa.h 2006-02-11 00:04:59 UTC (rev 13450)
@@ -78,7 +78,10 @@
#define LSA_OPENTRUSTDOMBYNAME 0x37
#define LSA_LOOKUPSIDS20x39
+#define LSA_LOOKUPNAMES2 0x3a
+#define LSA_LOOKUPNAMES3 0x44
#define LSA_LOOKUPSIDS30x4c
+#define LSA_LOOKUPNAMES4 0x4d
/* these are here to get a compile! */
#define LSA_LOOKUPRIDS 0xFD
Modified: trunk/source/rpc_server/srv_lsa_nt.c
===
--- trunk/source/rpc_server/srv_lsa_nt.c2006-02-11 00:04:39 UTC (rev
13449)
+++ trunk/source/rpc_server/srv_lsa_nt.c2006-02-11 00:04:59 UTC (rev
13450)
@@ -858,6 +858,11 @@
}
/* No policy handle on this call. Restrict to crypto connections. */
+ if (p-auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
+ DEBUG(0,(_lsa_lookup_sids3: client %s not using schannel for
netlogon\n,
+ get_remote_machine_name() ));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
if (num_sids MAX_LOOKUP_SIDS) {
DEBUG(5,(_lsa_lookup_sids3: limit of %d exceeded, requested
%d\n,
Modified: trunk/source/rpc_server/srv_netlog_nt.c
===
--- trunk/source/rpc_server/srv_netlog_nt.c 2006-02-11 00:04:39 UTC (rev
13449)
+++ trunk/source/rpc_server/srv_netlog_nt.c 2006-02-11 00:04:59 UTC (rev
13450)
@@ -937,7 +937,7 @@
/* Only allow this if the pipe is protected. */
if (p-auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
DEBUG(0,(_net_sam_logon_ex: client %s not using schannel for
netlogon\n,
- p-dc-remote_machine ));
+ get_remote_machine_name() ));
return NT_STATUS_INVALID_PARAMETER;
}
svn commit: samba r13451 - branches/SAMBA_3_0/source/rpc_client trunk/source/rpc_client
Author: gd Date: 2006-02-11 00:08:57 + (Sat, 11 Feb 2006) New Revision: 13451 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13451 Log: Fix build warning. Guenther Modified: branches/SAMBA_3_0/source/rpc_client/cli_samr.c trunk/source/rpc_client/cli_samr.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_client/cli_samr.c === --- branches/SAMBA_3_0/source/rpc_client/cli_samr.c 2006-02-11 00:04:59 UTC (rev 13450) +++ branches/SAMBA_3_0/source/rpc_client/cli_samr.c 2006-02-11 00:08:57 UTC (rev 13451) @@ -1259,7 +1259,6 @@ prs_struct qbuf, rbuf; SAMR_Q_CHGPASSWD_USER3 q; SAMR_R_CHGPASSWD_USER3 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uchar new_nt_password[516]; uchar new_lm_password[516]; @@ -1323,11 +1322,7 @@ /* Return output parameters */ - result = r.status; - - done: - - return result; + return r.status; } /* This function returns the bizzare set of (max_entries, max_size) required Modified: trunk/source/rpc_client/cli_samr.c === --- trunk/source/rpc_client/cli_samr.c 2006-02-11 00:04:59 UTC (rev 13450) +++ trunk/source/rpc_client/cli_samr.c 2006-02-11 00:08:57 UTC (rev 13451) @@ -1259,7 +1259,6 @@ prs_struct qbuf, rbuf; SAMR_Q_CHGPASSWD_USER3 q; SAMR_R_CHGPASSWD_USER3 r; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; uchar new_nt_password[516]; uchar new_lm_password[516]; @@ -1323,11 +1322,7 @@ /* Return output parameters */ - result = r.status; - - done: - - return result; + return r.status; } /* This function returns the bizzare set of (max_entries, max_size) required
svn commit: samba r13452 - in trunk/source: . lib passdb
Author: vlendec Date: 2006-02-11 00:24:38 + (Sat, 11 Feb 2006) New Revision: 13452 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13452 Log: Convert user_in_unix_group to use getgroups_unix_user(), don't list a whole group. - Remove the second groupmember-listing function. Now the only one left is where we are explicitly asked by samr. Volker Removed: trunk/source/lib/util_getent.c Modified: trunk/source/Makefile.in trunk/source/lib/system_smbd.c trunk/source/lib/username.c trunk/source/passdb/pdb_interface.c Changeset: Sorry, the patch is too large (615 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13452
svn commit: samba r13453 - in branches/tmp/deryck-samba4-swat/source: . auth auth/credentials auth/gensec auth/ntlmssp build/m4 build/smb_build dsdb/samdb dsdb/samdb/ldb_modules gtk/man heimdal/lib/gs
Author: tpot Date: 2006-02-11 01:00:39 + (Sat, 11 Feb 2006) New Revision: 13453 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13453 Log: Merge up to r13451 from branches/SAMBA_4_0/source. Added: branches/tmp/deryck-samba4-swat/source/gtk/man/gepdump.1.xml branches/tmp/deryck-samba4-swat/source/gtk/man/gwcrontab.1.xml branches/tmp/deryck-samba4-swat/source/ldap_server/devdocs/Index branches/tmp/deryck-samba4-swat/source/ldap_server/devdocs/ldapext-ldapv3-vlv-04.txt branches/tmp/deryck-samba4-swat/source/ldap_server/devdocs/rfc3296.txt branches/tmp/deryck-samba4-swat/source/lib/ldb/Doxyfile branches/tmp/deryck-samba4-swat/source/lib/ldb/examples.dox branches/tmp/deryck-samba4-swat/source/lib/ldb/mainpage.dox branches/tmp/deryck-samba4-swat/source/lib/ldb/man/oLschema2ldif.1.xml branches/tmp/deryck-samba4-swat/source/lib/ldb/modules/asq.c branches/tmp/deryck-samba4-swat/source/libcli/finddcs.c branches/tmp/deryck-samba4-swat/source/libnet/libnet_site.c branches/tmp/deryck-samba4-swat/source/libnet/libnet_site.h branches/tmp/deryck-samba4-swat/source/ntvfs/ipc/ipc.h branches/tmp/deryck-samba4-swat/source/ntvfs/ipc/np_echo.c branches/tmp/deryck-samba4-swat/source/script/tests/test_cifsdd.sh branches/tmp/deryck-samba4-swat/source/script/tests/test_smbclient.sh branches/tmp/deryck-samba4-swat/source/script/tests/tests_client.sh branches/tmp/deryck-samba4-swat/source/smbd/smbd.8.xml branches/tmp/deryck-samba4-swat/source/torture/nbt/browse.c branches/tmp/deryck-samba4-swat/source/utils/man/getntacl.1.xml Removed: branches/tmp/deryck-samba4-swat/source/auth/credentials/credentials_gensec.c branches/tmp/deryck-samba4-swat/source/gtk/man/gepdump.1.xml branches/tmp/deryck-samba4-swat/source/gtk/man/gwcrontab.1.xml branches/tmp/deryck-samba4-swat/source/lib/ldb/Doxyfile branches/tmp/deryck-samba4-swat/source/lib/ldb/examples.dox branches/tmp/deryck-samba4-swat/source/lib/ldb/mainpage.dox branches/tmp/deryck-samba4-swat/source/lib/ldb/man/oLschema2ldif.1.xml branches/tmp/deryck-samba4-swat/source/lib/ldb/modules/asq.c branches/tmp/deryck-samba4-swat/source/libcli/finddcs.c branches/tmp/deryck-samba4-swat/source/libnet/libnet_site.c branches/tmp/deryck-samba4-swat/source/libnet/libnet_site.h branches/tmp/deryck-samba4-swat/source/smbd/smbd.8.xml branches/tmp/deryck-samba4-swat/source/torture/rap/ branches/tmp/deryck-samba4-swat/source/utils/man/getntacl.1.xml Modified: branches/tmp/deryck-samba4-swat/source/auth/auth_sam.c branches/tmp/deryck-samba4-swat/source/auth/credentials/config.mk branches/tmp/deryck-samba4-swat/source/auth/credentials/credentials.c branches/tmp/deryck-samba4-swat/source/auth/credentials/credentials.h branches/tmp/deryck-samba4-swat/source/auth/credentials/credentials_ntlm.c branches/tmp/deryck-samba4-swat/source/auth/gensec/gensec.c branches/tmp/deryck-samba4-swat/source/auth/gensec/gensec.h branches/tmp/deryck-samba4-swat/source/auth/gensec/gensec_gssapi.c branches/tmp/deryck-samba4-swat/source/auth/gensec/gensec_krb5.c branches/tmp/deryck-samba4-swat/source/auth/gensec/schannel.c branches/tmp/deryck-samba4-swat/source/auth/gensec/schannel_sign.c branches/tmp/deryck-samba4-swat/source/auth/gensec/schannel_state.c branches/tmp/deryck-samba4-swat/source/auth/gensec/spnego.c branches/tmp/deryck-samba4-swat/source/auth/ntlmssp/ntlmssp.h branches/tmp/deryck-samba4-swat/source/auth/ntlmssp/ntlmssp_parse.c branches/tmp/deryck-samba4-swat/source/auth/ntlmssp/ntlmssp_server.c branches/tmp/deryck-samba4-swat/source/build/m4/check_cc.m4 branches/tmp/deryck-samba4-swat/source/build/m4/check_path.m4 branches/tmp/deryck-samba4-swat/source/build/m4/env.m4 branches/tmp/deryck-samba4-swat/source/build/m4/rewrite.m4 branches/tmp/deryck-samba4-swat/source/build/smb_build/makefile.pm branches/tmp/deryck-samba4-swat/source/dsdb/samdb/cracknames.c branches/tmp/deryck-samba4-swat/source/dsdb/samdb/ldb_modules/kludge_acl.c branches/tmp/deryck-samba4-swat/source/dsdb/samdb/ldb_modules/password_hash.c branches/tmp/deryck-samba4-swat/source/dsdb/samdb/ldb_modules/rootdse.c branches/tmp/deryck-samba4-swat/source/dsdb/samdb/ldb_modules/samldb.c branches/tmp/deryck-samba4-swat/source/dynconfig.c branches/tmp/deryck-samba4-swat/source/heimdal/lib/gssapi/init_sec_context.c branches/tmp/deryck-samba4-swat/source/include/debug.h branches/tmp/deryck-samba4-swat/source/include/dynconfig.h branches/tmp/deryck-samba4-swat/source/include/system/filesys.h branches/tmp/deryck-samba4-swat/source/kdc/hdb-ldb.c branches/tmp/deryck-samba4-swat/source/kdc/kdc.c branches/tmp/deryck-samba4-swat/source/ldap_server/ldap_bind.c branches/tmp/deryck-samba4-swat/source/lib/charset/charcnv.c branches/tmp/deryck-samba4-swat/source/lib/cmdline/popt_common.c
svn commit: samba r13454 - in trunk/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-11 02:46:39 + (Sat, 11 Feb 2006) New Revision: 13454 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13454 Log: Prepare to add lookupnames2. Jeremy. Modified: trunk/source/include/rpc_lsa.h trunk/source/include/rpc_misc.h trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_parse/parse_misc.c trunk/source/rpc_server/srv_lsa_nt.c Changeset: Sorry, the patch is too large (435 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13454
svn commit: samba r13455 - in branches/SAMBA_3_0/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-11 02:46:41 + (Sat, 11 Feb 2006) New Revision: 13455 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13455 Log: Prepare to add lookupnames2. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/include/rpc_misc.h branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c branches/SAMBA_3_0/source/rpc_parse/parse_misc.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c Changeset: Sorry, the patch is too large (435 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13455
svn commit: samba r13456 - in branches/SAMBA_3_0/source: include rpc_server
Author: jra
Date: 2006-02-11 04:25:06 + (Sat, 11 Feb 2006)
New Revision: 13456
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13456
Log:
Add lsa_lookup_names2.
Jeremy.
Modified:
branches/SAMBA_3_0/source/include/rpc_lsa.h
branches/SAMBA_3_0/source/rpc_server/srv_lsa.c
branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h
===
--- branches/SAMBA_3_0/source/include/rpc_lsa.h 2006-02-11 02:46:41 UTC (rev
13455)
+++ branches/SAMBA_3_0/source/include/rpc_lsa.h 2006-02-11 04:25:06 UTC (rev
13456)
@@ -567,7 +567,7 @@
} LSA_Q_LOOKUP_NAMES2;
-/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
+/* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */
typedef struct lsa_r_lookup_names2
{
uint32 ptr_dom_ref;
Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_lsa.c 2006-02-11 02:46:41 UTC
(rev 13455)
+++ branches/SAMBA_3_0/source/rpc_server/srv_lsa.c 2006-02-11 04:25:06 UTC
(rev 13456)
@@ -976,6 +976,37 @@
return True;
}
+/***
+ api_lsa_lookup_names2
+ ***/
+
+static BOOL api_lsa_lookup_names2(pipes_struct *p)
+{
+ LSA_Q_LOOKUP_NAMES2 q_u;
+ LSA_R_LOOKUP_NAMES2 r_u;
+ prs_struct *data = p-in_data.data;
+ prs_struct *rdata = p-out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ /* grab the info class and policy handle */
+ if(!lsa_io_q_lookup_names2(, q_u, data, 0)) {
+ DEBUG(0,(api_lsa_lookup_names2: failed to unmarshall
LSA_Q_LOOKUP_NAMES2.\n));
+ return False;
+ }
+
+ r_u.status = _lsa_lookup_names2(p, q_u, r_u);
+
+ /* store the response in the SMB stream */
+ if(!lsa_io_r_lookup_names2(, r_u, rdata, 0)) {
+ DEBUG(0,(api_lsa_lookup_names2: Failed to marshall
LSA_R_LOOKUP_NAMES2.\n));
+ return False;
+ }
+
+ return True;
+}
+
#if 0 /* AD DC work in ongoing in Samba 4 */
/***
@@ -1046,6 +1077,7 @@
{ LSA_SETSECRET , LSA_SETSECRET , api_lsa_set_secret },
{ LSA_DELETEOBJECT, LSA_DELETEOBJECT, api_lsa_delete_object },
{ LSA_LOOKUPSIDS2 , LSA_LOOKUPSIDS2 , api_lsa_lookup_sids2 },
+ { LSA_LOOKUPNAMES2, LSA_LOOKUPNAMES2, api_lsa_lookup_names2 },
{ LSA_LOOKUPSIDS3 , LSA_LOOKUPSIDS3 , api_lsa_lookup_sids3 }
#if 0 /* AD DC work in ongoing in Samba 4 */
/* be careful of the adding of new RPC's. See commentrs below about
Modified: branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-02-11 02:46:41 UTC
(rev 13455)
+++ branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c 2006-02-11 04:25:06 UTC
(rev 13456)
@@ -225,6 +225,25 @@
}
/***
+ init_reply_lookup_names2
+ ***/
+
+static void init_reply_lookup_names2(LSA_R_LOOKUP_NAMES2 *r_l,
+DOM_R_REF *ref, uint32 num_entries,
+DOM_RID2 *rid, uint32 mapped_count)
+{
+ r_l-ptr_dom_ref = 1;
+ r_l-dom_ref = ref;
+
+ r_l-num_entries = num_entries;
+ r_l-ptr_entries = 1;
+ r_l-num_entries2 = num_entries;
+ r_l-dom_rid = rid;
+
+ r_l-mapped_count = mapped_count;
+}
+
+/***
Init_reply_lookup_sids.
***/
@@ -939,6 +958,76 @@
}
/***
+lsa_reply_lookup_names2
+ ***/
+
+NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u,
LSA_R_LOOKUP_NAMES2 *r_u)
+{
+ struct lsa_info *handle;
+ UNISTR2 *names = q_u-uni_name;
+ int num_entries = q_u-num_entries;
+ DOM_R_REF *ref;
+ DOM_RID *rids;
+ DOM_RID2 *rids2;
+ int i;
+ uint32 mapped_count = 0;
+ int flags = 0;
+
+ if (num_entries MAX_LOOKUP_SIDS) {
+ num_entries = MAX_LOOKUP_SIDS;
+ DEBUG(5,(_lsa_lookup_names: truncating name lookup list to
%d\n, num_entries));
+ }
+
+ /* Probably the lookup_level is some sort of bitmask. */
+ if (q_u-lookup_level == 1) {
+
svn commit: samba r13457 - in trunk/source: include rpc_server
Author: jra
Date: 2006-02-11 04:25:13 + (Sat, 11 Feb 2006)
New Revision: 13457
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13457
Log:
Add lsa_lookup_names2.
Jeremy.
Modified:
trunk/source/include/rpc_lsa.h
trunk/source/rpc_server/srv_lsa.c
trunk/source/rpc_server/srv_lsa_nt.c
Changeset:
Modified: trunk/source/include/rpc_lsa.h
===
--- trunk/source/include/rpc_lsa.h 2006-02-11 04:25:06 UTC (rev 13456)
+++ trunk/source/include/rpc_lsa.h 2006-02-11 04:25:13 UTC (rev 13457)
@@ -567,7 +567,7 @@
} LSA_Q_LOOKUP_NAMES2;
-/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
+/* LSA_R_LOOKUP_NAMES2 - response to LSA Lookup NAMEs by name 2 */
typedef struct lsa_r_lookup_names2
{
uint32 ptr_dom_ref;
Modified: trunk/source/rpc_server/srv_lsa.c
===
--- trunk/source/rpc_server/srv_lsa.c 2006-02-11 04:25:06 UTC (rev 13456)
+++ trunk/source/rpc_server/srv_lsa.c 2006-02-11 04:25:13 UTC (rev 13457)
@@ -976,6 +976,37 @@
return True;
}
+/***
+ api_lsa_lookup_names2
+ ***/
+
+static BOOL api_lsa_lookup_names2(pipes_struct *p)
+{
+ LSA_Q_LOOKUP_NAMES2 q_u;
+ LSA_R_LOOKUP_NAMES2 r_u;
+ prs_struct *data = p-in_data.data;
+ prs_struct *rdata = p-out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ /* grab the info class and policy handle */
+ if(!lsa_io_q_lookup_names2(, q_u, data, 0)) {
+ DEBUG(0,(api_lsa_lookup_names2: failed to unmarshall
LSA_Q_LOOKUP_NAMES2.\n));
+ return False;
+ }
+
+ r_u.status = _lsa_lookup_names2(p, q_u, r_u);
+
+ /* store the response in the SMB stream */
+ if(!lsa_io_r_lookup_names2(, r_u, rdata, 0)) {
+ DEBUG(0,(api_lsa_lookup_names2: Failed to marshall
LSA_R_LOOKUP_NAMES2.\n));
+ return False;
+ }
+
+ return True;
+}
+
#if 0 /* AD DC work in ongoing in Samba 4 */
/***
@@ -1046,6 +1077,7 @@
{ LSA_SETSECRET , LSA_SETSECRET , api_lsa_set_secret },
{ LSA_DELETEOBJECT, LSA_DELETEOBJECT, api_lsa_delete_object },
{ LSA_LOOKUPSIDS2 , LSA_LOOKUPSIDS2 , api_lsa_lookup_sids2 },
+ { LSA_LOOKUPNAMES2, LSA_LOOKUPNAMES2, api_lsa_lookup_names2 },
{ LSA_LOOKUPSIDS3 , LSA_LOOKUPSIDS3 , api_lsa_lookup_sids3 }
#if 0 /* AD DC work in ongoing in Samba 4 */
/* be careful of the adding of new RPC's. See commentrs below about
Modified: trunk/source/rpc_server/srv_lsa_nt.c
===
--- trunk/source/rpc_server/srv_lsa_nt.c2006-02-11 04:25:06 UTC (rev
13456)
+++ trunk/source/rpc_server/srv_lsa_nt.c2006-02-11 04:25:13 UTC (rev
13457)
@@ -225,6 +225,25 @@
}
/***
+ init_reply_lookup_names2
+ ***/
+
+static void init_reply_lookup_names2(LSA_R_LOOKUP_NAMES2 *r_l,
+DOM_R_REF *ref, uint32 num_entries,
+DOM_RID2 *rid, uint32 mapped_count)
+{
+ r_l-ptr_dom_ref = 1;
+ r_l-dom_ref = ref;
+
+ r_l-num_entries = num_entries;
+ r_l-ptr_entries = 1;
+ r_l-num_entries2 = num_entries;
+ r_l-dom_rid = rid;
+
+ r_l-mapped_count = mapped_count;
+}
+
+/***
Init_reply_lookup_sids.
***/
@@ -939,6 +958,76 @@
}
/***
+lsa_reply_lookup_names2
+ ***/
+
+NTSTATUS _lsa_lookup_names2(pipes_struct *p, LSA_Q_LOOKUP_NAMES2 *q_u,
LSA_R_LOOKUP_NAMES2 *r_u)
+{
+ struct lsa_info *handle;
+ UNISTR2 *names = q_u-uni_name;
+ int num_entries = q_u-num_entries;
+ DOM_R_REF *ref;
+ DOM_RID *rids;
+ DOM_RID2 *rids2;
+ int i;
+ uint32 mapped_count = 0;
+ int flags = 0;
+
+ if (num_entries MAX_LOOKUP_SIDS) {
+ num_entries = MAX_LOOKUP_SIDS;
+ DEBUG(5,(_lsa_lookup_names: truncating name lookup list to
%d\n, num_entries));
+ }
+
+ /* Probably the lookup_level is some sort of bitmask. */
+ if (q_u-lookup_level == 1) {
+ flags = LOOKUP_NAME_ALL;
+ }
+
+ ref = TALLOC_ZERO_P(p-mem_ctx, DOM_R_REF);
+ rids = TALLOC_ZERO_ARRAY(p-mem_ctx, DOM_RID,
svn commit: samba r13458 - in branches/SAMBA_3_0/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-11 05:36:27 + (Sat, 11 Feb 2006) New Revision: 13458 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13458 Log: Add parsing functions - but stub internals for lookupnames3 and 4. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/rpc_parse/parse_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa.c branches/SAMBA_3_0/source/rpc_server/srv_lsa_nt.c Changeset: Sorry, the patch is too large (549 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13458
svn commit: samba r13459 - in trunk/source: include rpc_parse rpc_server
Author: jra Date: 2006-02-11 05:36:29 + (Sat, 11 Feb 2006) New Revision: 13459 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13459 Log: Add parsing functions - but stub internals for lookupnames3 and 4. Jeremy. Modified: trunk/source/include/rpc_lsa.h trunk/source/rpc_parse/parse_lsa.c trunk/source/rpc_server/srv_lsa.c trunk/source/rpc_server/srv_lsa_nt.c Changeset: Sorry, the patch is too large (549 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13459
