Re: [Samba] Problem with adding printer drivers in Windows XP

[Martin Zielinski]

Jerry,

I'd really need your crystal ball sometimes!

Yes, Tom isn't part of a domain (security = user as default), so he 
can't su to a SAVAGEPHP\administrator or so -  and there is a use 
client driver = yes in the [printers] section of his smb.conf (which 
has been attached to the original post).


If the access rights are ok, this should be the reason and I should have
known.

Tom?

Respect,
Martin

Ryan Novosielski wrote:

Gerald (Jerry) Carter wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom wrote:

 


Well, I'm trying to add drivers to the server through the Properties
dialog box for my printer. Right click on the printer, left click
Properties, Advanced tab, New Driver button type of thing. Except that
the New Driver button is greyed out. I've checked and my user has the
SePrintOperatorPrivilege rights assigned to him but it still does not
work.




* jerry gazes into his crystal ball and then steps up to the mic

Do you have 'use client driver = yes' ?  If so, disable it
(the default setting).
  


This is a rhetorical question, because I do not know the answer -- does 
this user need to be a member of Domain Admins?


Tom, try net groupmap list and see what group is mapped to Domain 
Admins -- is the user you're connecting as a member of that group? If 
not, does making sure that they are make a difference? I'd also ask you 
to check to make sure privileges are turned on, but if they weren't, 
attempting to add PrintOperatorPrivilege would have failed with 
NT_STATUS_NO_SUCH_PRIVILEGE or equivalent.


BTW, do you have a [print$] defined, with the proper tree created 
beneath it? The directories all have to be there first. Check your logs 
for red flags, if there are any. Generally things break farther down the 
line, though, so I'm pretty sure it's Samba permissions.





--
Martin Zielinski [EMAIL PROTECTED]
Software Development
SEH Computertechnik GmbH www.seh.de
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Volker Lendecke]

On Thu, May 11, 2006 at 04:41:42PM -0700, Gerald (Jerry) Carter wrote:
 - --with-ldapsam only enable the 'ldap server' and
 'ldap port' options in smb.conf.  The ldapsam_compat
 implementation internally is completely different.
 
 I think I'm convinced now that the configure option
 should go.

Thanks a lot for bringing this up on the lists :-)

This could clean up quite a good bit of pdb_ldap.c

Volker


pgpc2bAM1jsjf.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] passdb and samba v3.0.23pre1

[Volker Lendecke]

On Fri, May 12, 2006 at 12:52:59AM -0400, Ryan Novosielski wrote:
 Is there any other way to duplicate this functionality? I have a feeling 
 this one is going to hurt as far as removing the ability to migrate a 
 population of users over to a new passdb backend. Seems it would all 
 have to be done in one fell swoop with the new behavior.

In examples/LDAP/convertSambaAccount you find a perl script
to convert your LDAP database.

Volker


pgpUnfcfsOrgf.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] passdb and samba v3.0.23pre1

[Volker Lendecke]

On Fri, May 12, 2006 at 08:58:53AM +0200, Volker Lendecke wrote:
 In examples/LDAP/convertSambaAccount you find a perl script
 to convert your LDAP database.

oops, wrong thread ;-)

Volker


pgpHpNzyTtM4K.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] V4 TP2

[Per Qvindesland]

Hello List,

Sorry but  I am woundering if anyone know how well TP2 is working of 
version 4, I am dying to test it out but I currently don't have any 
available machines to test it out on.


Regards
Per Qvindesland
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] permissions change from windows doesn't work

[Ángel Galindo Muñoz]

Hi!

	This is a reply to an old mail, from one year ago ( 
http://lists.samba.org/archive/samba/2005-June/107570.html ). But this 
also replies to 
http://lists.samba.org/archive/samba/2003-October/075334.html and 
http://lists.samba.org/archive/samba/2003-November/002488.html .


	This issue is a Microsoft Windows missfunction. Microsoft Windows 
clients just can't remember which credentials use to do that work. There 
are several actions which does correctly: can connect, can view 
permissions and can use the first security dialog, but when you try to 
go to the Advanced tab , this does some action in which it fools and 
doesn't know which credentials use. Once I raised the log level (log 
level = 4) and saw that the client is trying to use the SID of the local 
user (the ones from the client machine). This works fine if your windows 
connect to shares on a Microsoft Domain, but fails connecting to shares 
published from Stand-Alone servers.


	I think that this is the same problem which doesn't let Admin Users 
change ownership of files.


	There is a WORKAROUND for the first problem: Just authenticate this 
way: If your user is vincent, then just use the credencials 
whateveryouwant\vincent (with the correct password for vincent 
user). Then when the dialog asks again for valid credencials then give 
him again whateveryouwant\vincent and the corrct password. This works.



	This is a missfunction. Call it a bug, if you want. Microsoft Support 
says (explicitly) that this is done this way by design (m nice).



	The second problem (changing ownership) can be solved using smbcacls, 
which works fine ... but not recursively.



Best regards,

--
Angel Galindo Muñoz
University of Barcelona, Spain




Pierre Dehaen wrote:

Hi again,

FYI here are some links talking about the same problem (but no answer):
http://lists.samba.org/archive/samba/2003-October/075334.html
http://lists.samba.org/archive/samba/2003-November/002488.html
http://www.mcse.ms/message436146.html

Note that on WinNT4 I can partially add permissions to a file: I see the users 
when I click on Show users and I can use them but I cannot see the groups 
that are available on the Samba server.


Note also that I see exactly the same when I try to connect a W2K to another 
W2K (both standalone computers): although I'm connected to the share with 
a username of the server, from the client I cannot change the permissions on 
any file of the server !!!


So I have a basic question now: Is it simply possible, from a W2K/XP, to 
change the permissions of a file on a share of a standalone server, i.e. 
without both computers being member of a domain ? I can see a possible 
commercial reason (from who you know) for this not being allowed, but is 
there also a technical reason ? Note that some of the above links show the 
same behavior within a domain... so I'm lost.


Thanks for any help,
Pierre

On 28 Jun 2005 at 17:35, Pierre Dehaen wrote:


Hi, 

After three days of googling, searching in this list, reading parts of the 
pdf, and testing, I  surrender: please help ! 

Summary: 
I'm running 3.0.10a (binary from www.sunfreeware.com) on Solaris 
2.6 in standalone  mode (security=user). I use ACLs on files. I cannot, 
from windows (w2k, wxp pro), add  a user to the permissions of a file. 



Details: 
- The binary was compiled --with-acl-support as smbd -b|grep ACL 
and the  sunfreeware site confirm. 

- Solaris UFS supports ACLs. 

- I don't use winbindd 

- This is my smb.conf: 
[global] 
   workgroup = UNIX 
   server string = Samba Server 3.0 
   interfaces = x.x.x.x 
   map to guest = Bad User 
   username map = /usr/local/samba/private/users.map 
   log level = 4 
   log file = /usr/local/samba/var/log.%m 
   max log size = 500 
   deadtime = 30 
   keepalive = 0 
   dns proxy = No 
   ldap ssl = no 
   idmap uid = 1-2 
   idmap gid = 1-2 

- The users.map did not exist at the beginning, but, as the PDF 
examples have one, I  created it with: 
   root = Administrator 

- My users do exist on Solaris and are the same as the Windows users. 

- The users were added on Samba with smbpasswd -a. 

- My groups are mapped: 
   # net groupmap list | sort 
   Account Operators (S-1-5-32-548) - -1 
   Administrators (S-1-5-32-544) - -1 
   Backup Operators (S-1-5-32-551) - -1 
   Domain Admins (S-1-5-21-3464024308-2102256894-3995807409-512) - root 
   Domain Guests (S-1-5-21-3464024308-2102256894-3995807409-514) - nobody 
   Domain Users (S-1-5-21-3464024308-2102256894-3995807409-513) - staff 
   Engineer (S-1-5-21-3464024308-2102256894-3995807409-1305) - engineer 
   Guests (S-1-5-32-546) - -1 
   Inter (S-1-5-21-3464024308-2102256894-3995807409-1323) - inter 
   Power Users (S-1-5-32-547) - -1 
   Print Operators (S-1-5-32-550) - -1 
   Replicators (S-1-5-32-552) - -1 
   System Operators (S-1-5-32-549) - -1 
   Users (S-1-5-32-545) - -1 

- A share is defined: 
[home1] 
   path = /export/home1 
   read 

[Samba] Re: printer admin deprecated: please explain

[Franz Pfoertsch]

Ryan Novosielski wrote:

 Franz Pfoertsch wrote:
 I am Running a printserver using SLES9 SP3 with Samba 3.0.20b and
 cups 1.1.20
I filled in a windows group, I haven't a special user, I have a special
Windows-Group.


winbind separator = +
printer admin = @BROSE+COB_CUPS_Printer_Admin 


regards
Franz


 Since the update to Samba 3.0.20 every start of a client program tells me
 WARNING: The printer admin option is deprecated

 Ok, I understood I should use

  net rpc rights grant User or Group SePrintOperatorPrivilege -U ..

 But I haven't any adminuser to grant this rights.

 In my environment I put the machine into the AD by
  kinit UserWithPermissionsToJoinIntoTheDomain@DOMAIN
  net ads join - joined

 and all permission granted by the printer admin option.

 Is there any other way to get SePrintOperator without a other strong
 user?

 regards
 Franz
   
 How can you not have an admin user -- who do you have defined under
 printer admin? Or were you not using this definition at all and that
 is a spurious error message? If you ARE using printer admin = someone,
 then you'd just grant the rights to that same user.
 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] passdb and samba v3.0.23pre1

[Collen Blijenberg]

Pdb_multi is part of the pdb_sql project on sourceforge.
but there is no speed in the development..

Cheers

Collen


Someone outside of Samba was working on a pdb_multi.
But IMO it is best to migrate all at once.

  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Collen Blijenberg]

Quite a list, but no non we use.
might i do a sugestion ?

all with all, there are a lot of changes is the up coming release.
not only these parameters en config options, but also the removal of the 
sql backends

that multi passwd backend thing..

isn't it smarter , or it makes more sense to push these rather big 
changes through the 3.1 release

???

Cheers,

Collen

Gerald (Jerry) Carter wrote:
  

Here's a short list of parameters I'd like to remove
from smb.conf.

hosts equiv
read bmpx
wins partners
ldap server
ldap port
homedir map
nis homedir
magic script
magic output

Comments?



I'd also like to kill the following configure options

--with-nisplus-home
--with-ldapsam
--with-automount
--with-dce-dfs



  

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with adding printer drivers in Windows XP

[Tom]

I've tried it both ways, neither works.

Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom wrote:


Well, I'm trying to add drivers to the server through the Properties
dialog box for my printer. Right click on the printer, left click
Properties, Advanced tab, New Driver button type of thing. Except that
the New Driver button is greyed out. I've checked and my user has the
SePrintOperatorPrivilege rights assigned to him but it still does not
work.


* jerry gazes into his crystal ball and then steps up to the mic

Do you have 'use client driver = yes' ?  If so, disable it
(the default setting).




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEY6G0IR7qMdg1EfYRAuxvAJ4rc7/SPUUyoGJOMuoxtS7QeU5ECgCgo61i
xIqRXVnrdIGzlcElPUlfFdM=
=9Yg8
-END PGP SIGNATURE-



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with adding printer drivers in Windows XP

[Tom]

Well, for giggles I put 'use client driver' back to 'No' in the 
smb.conf; still doesn't work. Do I need to change 'security = user' to 
'security = domain'?


I've been through all the troubleshooting steps posted in the archives. 
None have worked. Either I've missed something in those archives or mine 
is a new problem. Either way, the crystal ball doesn't seem to be working.


Thanks for the help,

Tom

Martin Zielinski wrote:

Jerry,

I'd really need your crystal ball sometimes!

Yes, Tom isn't part of a domain (security = user as default), so he 
can't su to a SAVAGEPHP\administrator or so -  and there is a use 
client driver = yes in the [printers] section of his smb.conf (which 
has been attached to the original post).


If the access rights are ok, this should be the reason and I should have
known.

Tom?

Respect,
Martin

Ryan Novosielski wrote:

Gerald (Jerry) Carter wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom wrote:

 


Well, I'm trying to add drivers to the server through the Properties
dialog box for my printer. Right click on the printer, left click
Properties, Advanced tab, New Driver button type of thing. Except that
the New Driver button is greyed out. I've checked and my user has the
SePrintOperatorPrivilege rights assigned to him but it still does not
work.




* jerry gazes into his crystal ball and then steps up to the mic

Do you have 'use client driver = yes' ?  If so, disable it
(the default setting).
  


This is a rhetorical question, because I do not know the answer -- 
does this user need to be a member of Domain Admins?


Tom, try net groupmap list and see what group is mapped to Domain 
Admins -- is the user you're connecting as a member of that group? If 
not, does making sure that they are make a difference? I'd also ask 
you to check to make sure privileges are turned on, but if they 
weren't, attempting to add PrintOperatorPrivilege would have failed 
with NT_STATUS_NO_SUCH_PRIVILEGE or equivalent.


BTW, do you have a [print$] defined, with the proper tree created 
beneath it? The directories all have to be there first. Check your 
logs for red flags, if there are any. Generally things break farther 
down the line, though, so I'm pretty sure it's Samba permissions.







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Can one set limits on new core dump?

[Doug VanLeuven]

Hi all,
Is there anyway to limit the new core dumping panics?
Can't find anything on it.  (If I'd only looked in that ...)
Was my mistake, but winbindd filled up an entire volume
and froze out every process writing to that drive.
I started it from a shell and my soft limit is
already zero. (ulimit -S -c 0)

FC4 2.6.16-1.2069 smp, gcc 4.0.2-8
samba 3.0.23pre2-SVN-build-15162

Regards, Doug

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with adding printer drivers in Windows XP

[Martin Zielinski]

Ok Tom,

last try! Hope this is it!

From the smb.conf:

show add printer wizard = No

Please set it to yes.

I could reproduce your grayed-out condition and it went away when this 
parameter was set to yes.


~ Martin


Tom wrote:
Well, for giggles I put 'use client driver' back to 'No' in the 
smb.conf; still doesn't work. Do I need to change 'security = user' to 
'security = domain'?


I've been through all the troubleshooting steps posted in the archives. 
None have worked. Either I've missed something in those archives or mine 
is a new problem. Either way, the crystal ball doesn't seem to be working.


Thanks for the help,

Tom

Martin Zielinski wrote:


Jerry,

I'd really need your crystal ball sometimes!

Yes, Tom isn't part of a domain (security = user as default), so he 
can't su to a SAVAGEPHP\administrator or so -  and there is a use 
client driver = yes in the [printers] section of his smb.conf (which 
has been attached to the original post).


If the access rights are ok, this should be the reason and I should have
known.

Tom?

Respect,
Martin

Ryan Novosielski wrote:


Gerald (Jerry) Carter wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom wrote:

 


Well, I'm trying to add drivers to the server through the Properties
dialog box for my printer. Right click on the printer, left click
Properties, Advanced tab, New Driver button type of thing. Except that
the New Driver button is greyed out. I've checked and my user has the
SePrintOperatorPrivilege rights assigned to him but it still does not
work.





* jerry gazes into his crystal ball and then steps up to the mic

Do you have 'use client driver = yes' ?  If so, disable it
(the default setting).
  



This is a rhetorical question, because I do not know the answer -- 
does this user need to be a member of Domain Admins?


Tom, try net groupmap list and see what group is mapped to Domain 
Admins -- is the user you're connecting as a member of that group? 
If not, does making sure that they are make a difference? I'd also 
ask you to check to make sure privileges are turned on, but if they 
weren't, attempting to add PrintOperatorPrivilege would have failed 
with NT_STATUS_NO_SUCH_PRIVILEGE or equivalent.


BTW, do you have a [print$] defined, with the proper tree created 
beneath it? The directories all have to be there first. Check your 
logs for red flags, if there are any. Generally things break farther 
down the line, though, so I'm pretty sure it's Samba permissions.










--
Martin Zielinski [EMAIL PROTECTED]
Software Development
SEH Computertechnik GmbH www.seh.de
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can one set limits on new core dump?

[Jeff Saxton]

man ulimit
hint: ulimit -c

Doug VanLeuven wrote:

Hi all,
Is there anyway to limit the new core dumping panics?
Can't find anything on it.  (If I'd only looked in that ...)
Was my mistake, but winbindd filled up an entire volume
and froze out every process writing to that drive.
I started it from a shell and my soft limit is
already zero. (ulimit -S -c 0)

FC4 2.6.16-1.2069 smp, gcc 4.0.2-8
samba 3.0.23pre2-SVN-build-15162

Regards, Doug



--
Jeff Saxton
SenSage, Inc.
55 Hawthorne Street Suite 700
San Francisco, CA 94105
Phone:  415.808.5900
Fax:415.371.1385
Direct: 415-808-5921
Cell:   650-235-0776
mailto:[EMAIL PROTECTED]

Enterprise Security Analytics

SenSage, the leading provider of enterprise security analytics, offers
unparalleled performance and a scalable means for organizations to centrally
aggregate, efficiently analyze, dynamically monitor and cost-effectively
store massive volumes of event log data.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with adding printer drivers in Windows XP

[Tom]

Holy crap! It's alive!

There were I believe 2 articles I read that said to set that to No; and 
since I didn't find any that said it should be Yes, I had forgotten 
about it.


Many many thanks Martin!

Tom

Martin Zielinski wrote:

Ok Tom,

last try! Hope this is it!

 From the smb.conf:

show add printer wizard = No

Please set it to yes.

I could reproduce your grayed-out condition and it went away when this 
parameter was set to yes.


~ Martin


Tom wrote:
Well, for giggles I put 'use client driver' back to 'No' in the 
smb.conf; still doesn't work. Do I need to change 'security = user' to 
'security = domain'?


I've been through all the troubleshooting steps posted in the 
archives. None have worked. Either I've missed something in those 
archives or mine is a new problem. Either way, the crystal ball 
doesn't seem to be working.


Thanks for the help,

Tom

Martin Zielinski wrote:


Jerry,

I'd really need your crystal ball sometimes!

Yes, Tom isn't part of a domain (security = user as default), so he 
can't su to a SAVAGEPHP\administrator or so -  and there is a use 
client driver = yes in the [printers] section of his smb.conf (which 
has been attached to the original post).


If the access rights are ok, this should be the reason and I should have
known.

Tom?

Respect,
Martin

Ryan Novosielski wrote:


Gerald (Jerry) Carter wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom wrote:

 


Well, I'm trying to add drivers to the server through the Properties
dialog box for my printer. Right click on the printer, left click
Properties, Advanced tab, New Driver button type of thing. Except 
that

the New Driver button is greyed out. I've checked and my user has the
SePrintOperatorPrivilege rights assigned to him but it still does not
work.





* jerry gazes into his crystal ball and then steps up to the mic

Do you have 'use client driver = yes' ?  If so, disable it
(the default setting).
  



This is a rhetorical question, because I do not know the answer -- 
does this user need to be a member of Domain Admins?


Tom, try net groupmap list and see what group is mapped to Domain 
Admins -- is the user you're connecting as a member of that group? 
If not, does making sure that they are make a difference? I'd also 
ask you to check to make sure privileges are turned on, but if they 
weren't, attempting to add PrintOperatorPrivilege would have failed 
with NT_STATUS_NO_SUCH_PRIVILEGE or equivalent.


BTW, do you have a [print$] defined, with the proper tree created 
beneath it? The directories all have to be there first. Check your 
logs for red flags, if there are any. Generally things break farther 
down the line, though, so I'm pretty sure it's Samba permissions.












--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (Fwd) Re: permissions change from windows doesn't work

[Pierre Dehaen]

On 12 May 2006 at 10:08, Ángel Galindo Muñoz wrote:

   There is a WORKAROUND for the first problem: Just authenticate this
 way: If your user is vincent, then just use the credencials
 whateveryouwant\vincent (with the correct password for vincent
 user). Then when the dialog asks again for valid credencials then give
 him again whateveryouwant\vincent and the corrct password. This works.

Angel... you are the man !

It works great, even on XP SP2 when I follow your trick ! It is not a Samba
bug because the problem is the same with a Windows standalone server.
IMHO it is not a bug, but well a feature to force you to buy Windows servers.

I was a bit surprised by the number of answers/comments (exactly 0) I
received when I exposed the problem years ago. Either nobody knew the
answer, either nobody wanted to answer, either nobody used standalone
servers (with ACLs). But in my case that is still used in some situations.

Thank you so much, I spent days on this problem and then surrendered.
Pierre


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: newbie question reguarding kerberos tickets

[Doug Tucker]

I'm not sure I follow.  By client, you mean my samba server that is
joined to AD?  I've been running without a ticket at all for 2 weeks
now, and have yet to see a single problem.  What type of bad behaviour
should I be looking for?  We're using win2k3 AD, samba 3.0.22, and all
winXP desktop clients.  Sorry if I'm being a pain, I'm just a bit
confused here, as I can't find any documentation on this subject.  All I
see is in the installation instructions that you have to do the kinit
[EMAIL PROTECTED] and log in which gives you a ticket.  My issue is my windows
guys aren't very bright and didn't even know that their AD ran anything
called kerberos, and don't know how to change the ticket lifetime.
That concerned me because I don't want to have to set up a cron to auto
login every 24hours, so I put it on the backburner, the ticket expired,
I come back and everything is still working fine.  Which got me thinking
about it's validity, which started me down this path I have digressed
to, just deleting the ticket, rebooting the machine to remove anything
from memory, resume testing, and the whole thing still works like a
charm.  And so far, all I'm getting here from this user group is
everyone seems to feel like this ticket is necessary, yet no one is
taking a shot at why I'm working just fine.  I'm just concerned about
going production if this is really necessary, but so far from what I've
seen, the ticket is not needed at all.  Anyone else try running in this
type of environment without one?


On Thu, 2006-05-11 at 21:17 -0700, Doug VanLeuven wrote:
 When using domain logons, after resuming from a hibernate that
 exceeded the lifetime of the Kerberos ticket, the client doesn't
 immediately renew the ticket.  It will auto renew, but I've not
 determined the amount of time it takes.
 Is there a way to force the client to renew the ticket?  Short of
 rebooting, that is.  Things don't work very well until it's renewed.
 Trying to go green.  Samba client and/or XP/2000 client?
 
 Regards, Doug
 
 
 simo wrote:
  Samba stores the machine password and obtains tickets from the KDC when
  needed.
  
  Simo.
  
  On Thu, 2006-05-11 at 16:53 -0500, Doug Tucker wrote:
  Thanks.  But again, is the ticket even needed?  I deleted the darn
  thing, rebooted to make sure it wasn't cached in memory somewhere, and
  everything seems to be working perfectly.  If it is indeed needed, and I
  need to extend the period, is there any directions on how to do that on
  the windows side?
 
 
  On Thu, 2006-05-11 at 23:07 +0200, Blaž Primc wrote:
  Hi,
 
  the period for which the ticket is valid can be set in Windows Server.
 
  Best regards, Blaž.
 
  Doug Tucker wrote:
  I recently joined a samba 3.0.22 server to AD.  When I did the kinit,
  the AD gave me a 24 hour ticket with a 1 week renewal.  Setting -r and
  -l to 365d did not change anything, the ticket still came back the same.
  However, my question is in reguard to whether this is really even
  needed?  First, I deleted the ticket, and everything seemed to continue
  to work perfectly.  Now, I let the ticket expire for a couple of weeks
  now, and yet, the samba server is working fine and users still
  authenticate against AD just fine.  Am I missing something, or is the
  creation of that ticket not even needed?  Thank you for your assistance.
 
  doug...
 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: newbie question reguarding kerberos tickets

[simo]

Doug,
you don't need any login to make samba work in an AD environment.
At the join samba creates a machine account in a domain, and stores the
machine password in the secrets.tdb file. When samba needs to do some
operation with the domain it just need to use that account to request
tickets from the KDC.
It is just like any other windows host out there.

Simo.

On Fri, 2006-05-12 at 08:23 -0500, Doug Tucker wrote:
 I'm not sure I follow.  By client, you mean my samba server that is
 joined to AD?  I've been running without a ticket at all for 2 weeks
 now, and have yet to see a single problem.  What type of bad behaviour
 should I be looking for?  We're using win2k3 AD, samba 3.0.22, and all
 winXP desktop clients.  Sorry if I'm being a pain, I'm just a bit
 confused here, as I can't find any documentation on this subject.  All I
 see is in the installation instructions that you have to do the kinit
 [EMAIL PROTECTED] and log in which gives you a ticket.  My issue is my windows
 guys aren't very bright and didn't even know that their AD ran anything
 called kerberos, and don't know how to change the ticket lifetime.
 That concerned me because I don't want to have to set up a cron to auto
 login every 24hours, so I put it on the backburner, the ticket expired,
 I come back and everything is still working fine.  Which got me thinking
 about it's validity, which started me down this path I have digressed
 to, just deleting the ticket, rebooting the machine to remove anything
 from memory, resume testing, and the whole thing still works like a
 charm.  And so far, all I'm getting here from this user group is
 everyone seems to feel like this ticket is necessary, yet no one is
 taking a shot at why I'm working just fine.  I'm just concerned about
 going production if this is really necessary, but so far from what I've
 seen, the ticket is not needed at all.  Anyone else try running in this
 type of environment without one?
 
 
 On Thu, 2006-05-11 at 21:17 -0700, Doug VanLeuven wrote:
  When using domain logons, after resuming from a hibernate that
  exceeded the lifetime of the Kerberos ticket, the client doesn't
  immediately renew the ticket.  It will auto renew, but I've not
  determined the amount of time it takes.
  Is there a way to force the client to renew the ticket?  Short of
  rebooting, that is.  Things don't work very well until it's renewed.
  Trying to go green.  Samba client and/or XP/2000 client?
  
  Regards, Doug
  
  
  simo wrote:
   Samba stores the machine password and obtains tickets from the KDC when
   needed.
   
   Simo.
   
   On Thu, 2006-05-11 at 16:53 -0500, Doug Tucker wrote:
   Thanks.  But again, is the ticket even needed?  I deleted the darn
   thing, rebooted to make sure it wasn't cached in memory somewhere, and
   everything seems to be working perfectly.  If it is indeed needed, and I
   need to extend the period, is there any directions on how to do that on
   the windows side?
  
  
   On Thu, 2006-05-11 at 23:07 +0200, Blaž Primc wrote:
   Hi,
  
   the period for which the ticket is valid can be set in Windows Server.
  
   Best regards, Blaž.
  
   Doug Tucker wrote:
   I recently joined a samba 3.0.22 server to AD.  When I did the kinit,
   the AD gave me a 24 hour ticket with a 1 week renewal.  Setting -r and
   -l to 365d did not change anything, the ticket still came back the 
   same.
   However, my question is in reguard to whether this is really even
   needed?  First, I deleted the ticket, and everything seemed to continue
   to work perfectly.  Now, I let the ticket expire for a couple of weeks
   now, and yet, the samba server is working fine and users still
   authenticate against AD just fine.  Am I missing something, or is the
   creation of that ticket not even needed?  Thank you for your 
   assistance.
  
   doug...
  
  
-- 
Simo Sorce
Samba Team GPL Compliance Officer
email: [EMAIL PROTECTED]
http://samba.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Robert M. Martel]

On 05/11/2006 10:51 AM, Gerald (Jerry) Carter wrote:
...

I'd also like to kill the following configure options

--with-nisplus-home
--with-ldapsam
--with-automount
--with-dce-dfs



	I've not seen anyone else speak up, but we are still making use of 
--with-nisplus-home and --with-automount here.


-Bob Martel

--
***
Bob Martel,System Administrator  I met someone who looks a lot like you
Levin College of Urban Affairs   She does the things you do
Cleveland State University   But she is an IBM
(216) 687-2214
[EMAIL PROTECTED]-Jeff Lynne
***
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can one set limits on new core dump?

[Doug VanLeuven]

Sorry Jeff, been there, done that, if you'd read the whole post.


Jeff Saxton wrote:

man ulimit
hint: ulimit -c

Doug VanLeuven wrote:

Hi all,
Is there anyway to limit the new core dumping panics?
Can't find anything on it.  (If I'd only looked in that ...)
Was my mistake, but winbindd filled up an entire volume
and froze out every process writing to that drive.
I started it from a shell and my soft limit is
already zero. (ulimit -S -c 0)

  ^^


FC4 2.6.16-1.2069 smp, gcc 4.0.2-8
samba 3.0.23pre2-SVN-build-15162

Regards, Doug





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: newbie question reguarding kerberos tickets

[Doug Tucker]

Great!  Thanks to everyone for the help, keep up the good work!

On Fri, 2006-05-12 at 09:42 -0400, simo wrote:
 Doug,
 you don't need any login to make samba work in an AD environment.
 At the join samba creates a machine account in a domain, and stores
 the
 machine password in the secrets.tdb file. When samba needs to do some
 operation with the domain it just need to use that account to request
 tickets from the KDC.
 It is just like any other windows host out there.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can one set limits on new core dump?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

James,

This was your change right ?


Doug, I'm more interested in why winbindd is seg
faulting in the SAMBA_3_0 tree.  Can you give me more
details?



cheers, jerry

Doug VanLeuven wrote:
 Sorry Jeff, been there, done that, if you'd read the whole post.
 
 
 Jeff Saxton wrote:
 man ulimit
 hint: ulimit -c

 Doug VanLeuven wrote:
 Hi all,
 Is there anyway to limit the new core dumping panics?
 Can't find anything on it.  (If I'd only looked in that ...)
 Was my mistake, but winbindd filled up an entire volume
 and froze out every process writing to that drive.
 I started it from a shell and my soft limit is
 already zero. (ulimit -S -c 0)
   ^^

 FC4 2.6.16-1.2069 smp, gcc 4.0.2-8
 samba 3.0.23pre2-SVN-build-15162

 Regards, Doug


 


- --
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEZJi2IR7qMdg1EfYRAlO+AJ0S+ZK2nQdjqGykHsZzmnJHBfJf1gCcDElY
DXjzwAdrOrf/Eh23lXwDMtA=
=06ek
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PDC with 2 NICs problem

[Roy McMorran]

Hello Samba List,

I'm running a Samba 3.0.22 PDC on Solaris 9.  Things got a bit peculiar 
when I added a 2nd network interface.


The two subnets are a primary network that carries all the client 
traffic and a tape-backup/admin network that is not accessible to any 
clients, ie.

aaa.bbb.ccc.241 - bge0 - primary network (address suppressed)
192.168.254.254 - bge1 - admin/backup network

I've configured Samba (I think) to ignore the admin network...

   socket address = aaa.bbb.ccc.241
   interfaces = bge0 lo0
   bind interfaces only = true
   hosts allow = aaa.bbb.ccc. , 127.

However, some devices are getting the notion that there is a PDC at 
192.168.254.254 and are trying to contact it (which of course they 
cannot).  For instance (this is a NetApp that is a domain member):


grunthos cifs testdc
...
Testing all Primary Domain Controllers
found 2 unique addresses

Fri May 12 09:56:55 EDT [auth.dc.trace.DCConnection.statusMsg:info]: 
AUTH: TraceDC- Found 2 BDC addresses through WINS.
Fri May 12 09:56:55 EDT [auth.dc.trace.DCConnection.statusMsg:info]: 
AUTH: TraceDC- Found 2 PDC addresses through WINS.

found PDC TRILLIAN at aaa.bbb.ccc.241
Not able to communicate with PDC 192.168.254.254
trying 192.168.254.254...Fri May 12 09:57:07 EDT 
[auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get 
Domain Controller name for 192.168.254.254: Timed out waiting for reply.

...

I'd expect it to find only aaa.bbb.ccc.241 - Any idea what am I missing 
here?


The PDC is also the WINS server, in case that matters.

Thanks,

--

Roy McMorran
Systems Administrator
MDI Biological Laboratory
[EMAIL PROTECTED]


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Collen
,
 Quite a list, but no non we use.
 might i do a sugestion ?
 
 all with all, there are a lot of changes is the up 
 coming release.  not only these parameters en config
 options, but also the removal of the sql backends
 that multi passwd backend thing..
 
 isn't it smarter , or it makes more sense to push these rather big
 changes through the 3.1 release

There are no 3.1 releases anymore.  We tried that once, but found
it better to keep a single production, development tree.
This has been discussed a lot on the samba-technical list.
You might want to search the archives for background.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEZJlkIR7qMdg1EfYRAq7dAKCYYpGX6q6DPbtE/9BCm6pBw+GPhACfaXo3
3kAqxoiKmQA3mFCJau8aXLw=
=zDN/
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba errors - No buffer space available

[eric roseme]

Ryan Novosielski wrote:

Allen, Bill wrote:


I am new to Samba, having just taken over management of a HPUX system in
a mainly Windows environment.  The system is running Samba 3.0.7.  I am
getting the following errors, repeatedly, in my log.smbd.  What does it
mean?  Is this actually a problem or normal chatter for Samba?  If it is
a problem, what should I do to correct it?

 
[2006/05/03 07:41:38, 0] lib/util_sock.c:set_socket_options(202)

  Failed to set socket option SO_KEEPALIVE (Error Invalid argument)
[2006/05/03 07:41:38, 0] lib/util_sock.c:set_socket_options(202)
  Failed to set socket option TCP_NODELAY (Error Invalid argument)
[2006/05/03 07:41:38, 0] lib/util_sock.c:get_peer_addr(1000)
  getpeername failed. Error was Invalid argument
[2006/05/03 07:41:39, 0] smbd/server.c:open_sockets_smbd(382)
  open_sockets_smbd: accept: No buffer space available

 Thanks for any help or advice,

Bill

 
  


When you find out, let me know. :) It's been that way for ages on my 
system. The two socket option messages are related to header related 
problems, if I'm not mistaken, but it's really not a big deal. Do you 
have either of those defined in smb.conf?


As far as the buffer thing... this concerned me for along time. I can't 
remember whether this got any better or worse, but there's a lot wrong 
with 3.0.7 on HP-UX. I would not run anything earlier than 3.0.14 on an 
HP-UX system.


Are you running Opensource Samba or HP CIFS Server?  For HP CIFS, you 
should not see the socket option errors, but the buffer space log entry 
could be any number of things.  Ryan is correct - you should be up on 
3.0.14 (HP CIFS Server A.02.02.01).


Make sure that you have your nfiles, nflocks, and nprocs set correctly - 
see the most recent Admin Guide on page 258 
(http://docs.hp.com/en/B8725-90101/B8725-90101.pdf).  We may have 
located a locking problem (!) that could cause the entry, but it is at a 
site that connects with smbclient.  Also, if your users are connecting 
and disconnecting often (like at a school - everybody disconnects and 
connects on the hour) then that could do it too.


I have not seen a case where the buffer space log entry has accompanied 
a problem on the server.  I enquire about this from every site that 
reports it, but so far, no one has seen a problem.  If you see it 
differently, then please let me know.


Eric Roseme
Hewlett-Packard

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: newbie question reguarding kerberos tickets

[Doug VanLeuven]

Simo,
I'm Doug 2.  Do you know how to initiate speedy renewal of
the tickets for the instance of a hibernated client that
sleeps thru and well past the lifetime of the ticket?

I agree that the ticket renewal happens automagically.
But for a while after waking up, the client can't access
the shares and it's enough of an issue with users to force
turning off hibernation and run them 24 hrs a day.

Sorry for being off-topic to the original post.  Trigger word was
ticket lifetime.

Doug2

simo wrote:

Doug,
you don't need any login to make samba work in an AD environment.
At the join samba creates a machine account in a domain, and stores the
machine password in the secrets.tdb file. When samba needs to do some
operation with the domain it just need to use that account to request
tickets from the KDC.
It is just like any other windows host out there.

Simo.

On Fri, 2006-05-12 at 08:23 -0500, Doug Tucker wrote:

I'm not sure I follow.  By client, you mean my samba server that is
joined to AD?  I've been running without a ticket at all for 2 weeks
now, and have yet to see a single problem.  What type of bad behaviour
should I be looking for?  We're using win2k3 AD, samba 3.0.22, and all
winXP desktop clients.  Sorry if I'm being a pain, I'm just a bit
confused here, as I can't find any documentation on this subject.  All I
see is in the installation instructions that you have to do the kinit
[EMAIL PROTECTED] and log in which gives you a ticket.  My issue is my windows
guys aren't very bright and didn't even know that their AD ran anything
called kerberos, and don't know how to change the ticket lifetime.
That concerned me because I don't want to have to set up a cron to auto
login every 24hours, so I put it on the backburner, the ticket expired,
I come back and everything is still working fine.  Which got me thinking
about it's validity, which started me down this path I have digressed
to, just deleting the ticket, rebooting the machine to remove anything
from memory, resume testing, and the whole thing still works like a
charm.  And so far, all I'm getting here from this user group is
everyone seems to feel like this ticket is necessary, yet no one is
taking a shot at why I'm working just fine.  I'm just concerned about
going production if this is really necessary, but so far from what I've
seen, the ticket is not needed at all.  Anyone else try running in this
type of environment without one?


On Thu, 2006-05-11 at 21:17 -0700, Doug VanLeuven wrote:

When using domain logons, after resuming from a hibernate that
exceeded the lifetime of the Kerberos ticket, the client doesn't
immediately renew the ticket.  It will auto renew, but I've not
determined the amount of time it takes.
Is there a way to force the client to renew the ticket?  Short of
rebooting, that is.  Things don't work very well until it's renewed.
Trying to go green.  Samba client and/or XP/2000 client?

Regards, Doug


simo wrote:

Samba stores the machine password and obtains tickets from the KDC when
needed.

Simo.

On Thu, 2006-05-11 at 16:53 -0500, Doug Tucker wrote:

Thanks.  But again, is the ticket even needed?  I deleted the darn
thing, rebooted to make sure it wasn't cached in memory somewhere, and
everything seems to be working perfectly.  If it is indeed needed, and I
need to extend the period, is there any directions on how to do that on
the windows side?


On Thu, 2006-05-11 at 23:07 +0200, Blaž Primc wrote:

Hi,

the period for which the ticket is valid can be set in Windows Server.

Best regards, Blaž.

Doug Tucker wrote:

I recently joined a samba 3.0.22 server to AD.  When I did the kinit,
the AD gave me a 24 hour ticket with a 1 week renewal.  Setting -r and
-l to 365d did not change anything, the ticket still came back the same.
However, my question is in reguard to whether this is really even
needed?  First, I deleted the ticket, and everything seemed to continue
to work perfectly.  Now, I let the ticket expire for a couple of weeks
now, and yet, the samba server is working fine and users still
authenticate against AD just fine.  Am I missing something, or is the
creation of that ticket not even needed?  Thank you for your assistance.

doug...




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: printer admin deprecated: please explain

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yeah, but you can assign privileges to groups also. Check out the
following relevant commands:

net groupmap
net rpc rights

You can do things exactly the way you had been, just via different
framework.

  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - User Support Spec. III
 |$| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630


Franz Pfoertsch wrote:
 Ryan Novosielski wrote:
 
 Franz Pfoertsch wrote:
 I am Running a printserver using SLES9 SP3 with Samba 3.0.20b and
 cups 1.1.20
 I filled in a windows group, I haven't a special user, I have a special
 Windows-Group.
 
 
 winbind separator = +
 printer admin = @BROSE+COB_CUPS_Printer_Admin 
 
 
 regards
 Franz
 
 
 Since the update to Samba 3.0.20 every start of a client program tells me
 WARNING: The printer admin option is deprecated

 Ok, I understood I should use

  net rpc rights grant User or Group SePrintOperatorPrivilege -U ..

 But I haven't any adminuser to grant this rights.

 In my environment I put the machine into the AD by
  kinit UserWithPermissionsToJoinIntoTheDomain@DOMAIN
  net ads join - joined

 and all permission granted by the printer admin option.

 Is there any other way to get SePrintOperator without a other strong
 user?

 regards
 Franz
   
 How can you not have an admin user -- who do you have defined under
 printer admin? Or were you not using this definition at all and that
 is a spurious error message? If you ARE using printer admin = someone,
 then you'd just grant the rights to that same user.

 
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEZKkcmb+gadEcsb4RAhcPAJ9vSMCvrKspDLSuWkQxu26jtbdELACeP2sx
fOSdJauMyKvjbpi+Y3hAoOI=
=4OkH
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba errors - No buffer space available

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

eric roseme wrote:
 Ryan Novosielski wrote:
 Allen, Bill wrote:

 I am new to Samba, having just taken over management of a HPUX system in
 a mainly Windows environment.  The system is running Samba 3.0.7.  I am
 getting the following errors, repeatedly, in my log.smbd.  What does it
 mean?  Is this actually a problem or normal chatter for Samba?  If it is
 a problem, what should I do to correct it?

  
 [2006/05/03 07:41:38, 0] lib/util_sock.c:set_socket_options(202)
   Failed to set socket option SO_KEEPALIVE (Error Invalid argument)
 [2006/05/03 07:41:38, 0] lib/util_sock.c:set_socket_options(202)
   Failed to set socket option TCP_NODELAY (Error Invalid argument)
 [2006/05/03 07:41:38, 0] lib/util_sock.c:get_peer_addr(1000)
   getpeername failed. Error was Invalid argument
 [2006/05/03 07:41:39, 0] smbd/server.c:open_sockets_smbd(382)
   open_sockets_smbd: accept: No buffer space available

  Thanks for any help or advice,

 Bill

  
   

 When you find out, let me know. :) It's been that way for ages on my
 system. The two socket option messages are related to header related
 problems, if I'm not mistaken, but it's really not a big deal. Do you
 have either of those defined in smb.conf?

 As far as the buffer thing... this concerned me for along time. I
 can't remember whether this got any better or worse, but there's a lot
 wrong with 3.0.7 on HP-UX. I would not run anything earlier than
 3.0.14 on an HP-UX system.

 Are you running Opensource Samba or HP CIFS Server?  For HP CIFS, you
 should not see the socket option errors, but the buffer space log entry
 could be any number of things.  Ryan is correct - you should be up on
 3.0.14 (HP CIFS Server A.02.02.01).

Eric,

How are you getting rid of the TCP_NODELAY message? I have this message
on my machines still, even though I'm using a configure script that was
adapted from the CIFS Server build, if I'm not mistaken. Are you
patching the source as well?

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - User Support Spec. III
 |$| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEZK2dmb+gadEcsb4RAq1fAJsEpXoYXxlivVJbHuwEieHNioaHBACfaLE6
qgHVwMaT0AnF8ysCgXUuPQE=
=p1V2
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Robert Schetterer]

Hi Jerry ,
isnt it fine to have a parameter if you want to talk to ldap bound to a 
different port, and isnt ldap server making it more clear ?
Or is this just the entry in the conf and such a function can be defined 
elsewhere?

Regards

Collen Blijenberg schrieb:

Quite a list, but no non we use.
might i do a sugestion ?

all with all, there are a lot of changes is the up coming release.
not only these parameters en config options, but also the removal of the 
sql backends

that multi passwd backend thing..

isn't it smarter , or it makes more sense to push these rather big 
changes through the 3.1 release

???

Cheers,

Collen

Gerald (Jerry) Carter wrote:
 

Here's a short list of parameters I'd like to remove
from smb.conf.

hosts equiv
read bmpx
wins partners
ldap server
ldap port
homedir map
nis homedir
magic script
magic output

Comments?



I'd also like to kill the following configure options

--with-nisplus-home
--with-ldapsam
--with-automount
--with-dce-dfs



  


--
Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht
und ist - aktuelle Virenscanner vorausgesetzt - sauber.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] printer spool full

[Joe]

Running FreeBSD 5.2.1 with Samba 3.0.4.  When we have a
large amount of jobs sent to the spool /var runs out of
space.  Samba is deleting the jobs as they are printed
but the printer cannot keep up in all cases and /var
fills up.  Print jobs get lost in this case.  Is there
any way to detect var filling up and preventing jobs
from being lost?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Directory being dupicated

[Ásgeir Halldórsson]

Hi 

 

I am having a strange problem samba is creating a duplicate folder 
in reverse case for example both uppercase folder to lower case this is a quite 
a busy samba server serving web pages for 4 iis web servers

 

Config

[global]

 max mux = 2147483547

 workgroup = xxx

server string = xxx

 interfaces = xxx

 security = SHARE

 encrypt passwords = Yes

 obey pam restrictions = No

 pam password change = Yes

 passwd program = /usr/bin/passwd %u

 passwd chat = *New*password* %n\n *Retype*new*password* %n\n 
*passwd:*updated*successfully*

 log file = /disk1/log/%m.log

 max log size = 0

socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_SNDBUF=18432 
SO_RCVBUF=16384

load printers = No

 preferred master = No

 domain master = No

 dns proxy = No

 hosts allow = xxx

dos charset = 850

 unix charset = ISO8859-1

 case sensitive = no

 stat cache = Yes

 stat cache size = 1

 

[samba]

 comment = www_root

 path = /disk1/www_root

 public = yes

 create mask = 0666

 read only = No

 writeable = Yes

 guest ok = Yes

 force user = samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can one set limits on new core dump?

[Doug VanLeuven]

Jerry,
Mostly my fault.  I switched over from idmap_ad from xos
to the relatively new option idmap backend = ad several months ago
around svn 12802 or maybe even earlier.  Didn't delete the
old ad.so in lib/idmap so I could go back if I wanted.
Then forgot about it.

I've been running svn 12802 without any issue, but last night
I went to svn 15162 and filled up the volume with core dumps
while I was getting some coffee.
Everything is OK now that I deleted it.

Of course, you might be curious why it loaded?  I still have
some cores and panic output.

And of course I'm curious why you're overriding my ulimit,
and what I might do to override your override during normal
operations.

Regards, Doug

Gerald (Jerry) Carter wrote:

Doug, I'm more interested in why winbindd is seg
faulting in the SAMBA_3_0 tree.  Can you give me more
details?





Doug VanLeuven wrote:

Sorry Jeff, been there, done that, if you'd read the whole post.


Jeff Saxton wrote:

man ulimit
hint: ulimit -c

Doug VanLeuven wrote:

Hi all,
Is there anyway to limit the new core dumping panics?
Can't find anything on it.  (If I'd only looked in that ...)
Was my mistake, but winbindd filled up an entire volume
and froze out every process writing to that drive.
I started it from a shell and my soft limit is
already zero. (ulimit -S -c 0)

  ^^

FC4 2.6.16-1.2069 smp, gcc 4.0.2-8
samba 3.0.23pre2-SVN-build-15162

Regards, Doug




- --
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEZJi2IR7qMdg1EfYRAlO+AJ0S+ZK2nQdjqGykHsZzmnJHBfJf1gCcDElY
DXjzwAdrOrf/Eh23lXwDMtA=
=06ek
-END PGP SIGNATURE-


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with automagic Windows drivers

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Do you have a [homes] share defined? Attempting to connect here first
will normally force a login. As will guest ok = no, but that may not be
desirable in your environment.

  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - User Support Spec. III
 |$| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630


John Oliver wrote:
 On Tue, May 09, 2006 at 06:27:48PM -0400, Ryan Novosielski wrote:
 Make sure you look at granting rights to the user. Check out 'net rpc
 rights'.
 
 What user would I be granting rights to?
 
 This is a workgroup environment.  No domain controller.  I have been
 unable to get asked for a username/password when trying to connect to
 the printer.
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEZLZymb+gadEcsb4RAvT3AJ4ja4rc51BCrXsZfKKhoO15vvwgHQCgwCPS
O8Mb+9huqpt8YGqShc4W74s=
=edWu
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Robert,

 I've not seen anyone else speak up, but we are still 
 making use of --with-nisplus-home and --with-automount here.

I'm actually surprised those still work.  Hmmm
I would really love to get rid of some of the NIS code.
You are really running NIS+ without the compatibility
mode?





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEZLIdIR7qMdg1EfYRAtQ6AJ42xXL13kg2yGKkJ+ZwtNEVDMX9nQCfTFlZ
Q6qVKbGJiHYrfm1n/htVP5c=
=8RZ2
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Robert Schetterer wrote:
 Hi Jerry ,
 isnt it fine to have a parameter if you want to talk to ldap bound to a
 different port, and isnt ldap server making it more clear ?
 Or is this just the entry in the conf and such a function can be defined
 elsewhere?

The ldapsamba and ldapsam_compat code accept an ldap URI.
SO the correct way to specify an alternative port is
'passdb backend = ldapsam:ldap://localhost:4389/'.

But again, this really is not related to the --with-ldapsam
option which is only for 2.2 compatible smb.conf settings.
People should have had time to move to the 3.0 syntax by now.
It's been over 2  1/2 years since 3.0.0 was released and
over 1  1/2 since 2.2 was discontinued.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
What man is a man who does not make the world better?  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEZLNLIR7qMdg1EfYRAspDAKC9kAqTdtoaGYF8sTZuhNWN9k1FZQCgoz/6
/9uZ7UfzCggvBEK+shBkork=
=zhxB
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Jim Summers]

Robert M. Martel wrote:

On 05/11/2006 10:51 AM, Gerald (Jerry) Carter wrote:
...

I'd also like to kill the following configure options

--with-nisplus-home
--with-ldapsam
--with-automount
--with-dce-dfs



I've not seen anyone else speak up, but we are still making use of 
--with-nisplus-home and --with-automount here.


I am also building with the --with-automount.  But, not sure it is really used 
in the running processes.




-Bob Martel



--
Jim Summers
School of Computer Science-University of Oklahoma
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Switching Ldap Servers

[Mike Cauble]

Jim Summers wrote:


Mike Cauble wrote:


Jim,

I recently did the same thing, here is what I found:



Hi Mike,

Thanks for the response.  Here is what I discovered  while testing 
this morning:





When I migrated my ldap, some machines couldn't connect even thought 
they had an account on the domain. Here are some of the reasons


sambaPwdLastSet  must have a valid value (ie. 1146061069) I can't 
remember but all the date fields ( sambaPwdMustChange, 
sambaPwdCanChange) may have to have a valid value



I guess they are valid, they at least match what is in the old ldap.


Some of my sambaPwdLastSet fields had 0 as a value and couldn't login 
when I gave them a date value that fixed the problem.




check your old ldap machine entries against the new ldap entries
sambaSID, sambaNTPassword must match, make sure sambaAcctFlags  has a 
[W]



I have compared the values of the attributes and they match.



objectClass: sambaSamAccount - I have seen this discussed as 
something that has changed you might want to check this


You might remove and re-add a machine then look at it's ldap entry 
and compare with another machine account's old ldap entry.



I did the remove and add process.  There were three attributes that 
were updated:


sambaPwdCanChange,
sambaPwdLastSet,
sambaNTPassword

and the machine was joined and all is well.

So I am now wondering which or all of these values could I use from 
the newly added machine entry and use to update the the rest of my 
machine entries? I do not look forward to having to do the remove/add 
process for each machine.


From what I have read, the sambaNTPassword is the MD4() of the 
password?  And I am guessing the password is the password of the admin 
that is used when joining the domain?


Which may not be right, because when I look at the NTpassword for 
various working machines they are all different, but since I do not 
know how the MD4 works it may be the same password just a different 
crypt'd value based on some random seed.


I am going to take the value of the NTpassword from my working machine 
entry and set it on a non-working entry and see if that machine will 
then attach to the domain without having to do the remove/add process.


Do you think this might work? Thoughts / suggestions?


Each machine has or should have a unique password, so substituting 
another machine password won't work.


What version of Samba are you running?
What ldap backend are/were you running?

Here is one thing I did.

I have a machine on my network called testmachine$
I created an ldif file like this one below.
This values came from the old ldap

example.ldif
---
dn: uid=testmachine$,ou=Computers,dc=lufkin,dc=com
changetype: modify
replace: sambaSID
sambaSID: S-1-5-21-2781067772-1786132867-2942848841-15320

dn: uid=testmachine$,ou=Computers,dc=xyzcorp,dc=com
changetype: modify
replace: sambaNTPassword
sambaNTPassword: F6A32EA7F65BBD4199F2C33A3AF2DD66

This is the password my machine currently uses.

You will have to delete testmachine$ and then create a machine account 
manually for testmachine$.
The sambaNTPassword and the number after the last - in the SID should 
be different on the account you manually created.

Exmaple:
After creating my machine account manually I now have for testmachine$:
sambaNTPassword: 9B54520D9DD7BEE9A4A3DEDE41412AEB
and a sambaSID: S-1-5-21-2781067772-1786132867-2942848841-2343

I then did an ldapmodify using the above ldif file to change the machine 
password and the SID to one that testmachine$ expects.


Make sure sambaPwdLastSet has a value other than 0 and sambaAcctFlags 
has a value of W


You should be able to log in.

 Mike



Thanks again,




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Possible printcap bug, 3.0.23pre1

[Ryan Novosielski]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Noticed the following when conducting torture tests today:

[2006/05/12 14:04:24, 0] printing/pcap.c:pcap_cache_reload(159)
  Unable to open printcap file /etc/printcap for read!

...which to me, was interesting, because I was not under the impression
I was using load printers. Apparently, at some point, it became the
default. That's fine, but I don't want it, so I turned it off. However,
I still get the error. I see the only other option that is in place now is:

printcap cache time = 750

Should this really have any effect if you have load printers turned
off? Who cares if you can't read the /etc/printcap if you aren't
supposed to be using it for anything? At any rate, adjusting it to 0 did
not help anything. My final solution was to set printcap name =
/dev/null Probably not the desired solution.

Comments?
- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - User Support Spec. III
 |$| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEZNBcmb+gadEcsb4RArnRAJsGtSVd2JLtBz9wtH7DnKU9I7sz2wCggyNR
Gi1ti7+7OUQyIgi68Jb5XTo=
=c4H4
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jim Summers wrote:
 Robert M. Martel wrote:
 On 05/11/2006 10:51 AM, Gerald (Jerry) Carter wrote:
 ...
 I'd also like to kill the following configure options

 --with-nisplus-home
 --with-ldapsam
 --with-automount
 --with-dce-dfs


 I've not seen anyone else speak up, but we are still making use of
 --with-nisplus-home and --with-automount here.
 
 I am also building with the --with-automount.  But, not sure it is
 really used in the running processes.

Unless you are using the 'nis homedir' option, probably not.





jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEZN8wIR7qMdg1EfYRAviEAKCkPs8ksfK0wO2eAxVViSyU1H3d9QCfaa0m
Kw0ITFRcRjpYphXvt2P46ME=
=Wru5
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: proposed list of parameter to remove in 3.0.23

[Jim Summers]

Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jim Summers wrote:

Robert M. Martel wrote:

On 05/11/2006 10:51 AM, Gerald (Jerry) Carter wrote:
...

I'd also like to kill the following configure options

--with-nisplus-home
--with-ldapsam
--with-automount
--with-dce-dfs


I've not seen anyone else speak up, but we are still making use of
--with-nisplus-home and --with-automount here.

I am also building with the --with-automount.  But, not sure it is
really used in the running processes.


Unless you are using the 'nis homedir' option, probably not.


Definitely a not then.  I will rebuild without to double verify.

Thanks







jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEZN8wIR7qMdg1EfYRAviEAKCkPs8ksfK0wO2eAxVViSyU1H3d9QCfaa0m
Kw0ITFRcRjpYphXvt2P46ME=
=Wru5
-END PGP SIGNATURE-


--
Jim Summers
School of Computer Science-University of Oklahoma
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0.22 and OS/2 connectivity

[Peter Brown]

Hi All

I have a Linksys NSLU2 device which is used to hook USB2 drives upto my 
network as network attached storage.


The Linksys firmware upgrade for this device includes samba 3.0.11 which 
is a non-starter regarding OS/2 connectivity.


There is an alternative firmware based on the Linksys firmware called 
Unslung from http://www.nslu2-linux.org/


The Unslung firmware allows unslinging the operating system from 
firmware to disk and allows upgrade and additional packages.


Having followed the instructions carefully I managed to Unsling the 
NSLU2 and apply the samba 3.0.22 upgrade available for this system.


After a bit of hunting around I managed to find the smb.conf parameter 
that allows OS/2 based systems to access samba shares and can now read 
from the shares fine.


What I cannot do is write easily to any of the shares; ie Selecting a 
folder on my local drive and dragging it to a shared folder on the NSLU2 
results in this OS/2  error:-


SYS0266 : The specified file was not copied


Inspecting the shared folder reveals that the folder has been created 
but is empty - no file copying performed.



I investigated command line alternatives to copying files using xcopy 
with some strange results.


In these screensnaps S: is a mapped drive of the nslu2 share /disk2 aka 
For everyone



[S:\Pete]xcopy i:\temp temp /s /e /v /h /t /r
The current target for XCOPY, temp,
can be a directory or file name and must be specified.  Respond Y
if the target is a directory or N if the target is a file name.

Does temp specify a directory (Y/N)? y
SYS1693: The system cannot create the directory.


0 file(s) copied.


[S:\Pete]



If I make a directory, change to that directory and then perform an 
xcopy it works:-


[S:\Pete\temp]xcopy j:\temp\* /s /e /v /h /t /r
The extended attributes for the file or directory were
discarded because the target file system does not support them.

The extended attributes for the file or directory were
discarded because the target file system does not support them.


Source files are being read...

J:\temp\History.txt
J:\temp\ide.txt
J:\temp\OS2_Install.exe
J:\temp\OS2_UnZip.exe
J:\temp\WDSibyl.dat

5 file(s) copied.


[S:\Pete\temp]



But if the source contains a subdirectory I get an error and the whole 
process stops:-



[S:\Pete\temp]md PostArmor

[S:\Pete\temp]cd PostArmor

[S:\Pete\temp\PostArmor]xcopy j:\PostArmor\* /s /e /v /h /t /r
The extended attributes for the file or directory were
discarded because the target file system does not support them.

The extended attributes for the file or directory were
discarded because the target file system does not support them.


Source files are being read...

SYS1248: A subdirectory or file S:\Pete\temp\PostArmor\docs already exists.


0 file(s) copied.


[S:\Pete\temp\PostArmor]



I tried getting around that error with the xcopy /o parameter:-


[S:\Pete\temp\PostArmor]xcopy j:\PostArmor\* /s /e /v /h /t /r /o
The extended attributes for the file or directory were
discarded because the target file system does not support them.

The extended attributes for the file or directory were
discarded because the target file system does not support them.


Source files are being read...

The extended attributes for the file or directory were
discarded because the target file system does not support them.

SYS1248: A subdirectory or file S:\Pete\temp\PostArmor\docs\images 
already exists.



0 file(s) copied.



Needless to say whatever I have done to the samba configuration does not 
seem to upset Windows2000 - I can startup my VPC w2k installation and 
have no problems at all accessing the nslu2 shares for reading and 
writing...


I am now starting to wonder if there is something a little flaky as 
regards samba 3.0.22 and OS/2 connectivity? - or is there some secret 
parameter I've missed in the smb.conf file?


Any/All help appreciated.

Pete
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba ADS problem

[jasmine mary]

Hi 

I am working with the implementation of Samba(3.0.7) against AD. I compliled
Samba after compiling LDAP, kerberos.I can execute the following commands
successfully.

wbinfo -u, -g -t
netads info, testjoin
getent passwd group

But i cant use chown to use the owner as AD user, even after shutting down
the nscd daemon.

I am giving the my smb.conf file

[global]
workgroup = SE
realm = SE.JASMINE.ORG
security = ADS
password server = SE.JASMINE.ORG
log level = 3
log file = /var/log/samba/%m
wins server = ackdc02-coa.jasmine.org
idmap uid = 1-2
idmap gid = 1-2

[jmj]
path = /home/jselvaraj

When i try to get the jmj share, i am getting the error that The referenced
account is currently locked out and may not be logged in. Even i am not
specifying the valid users attribute for the jmj share, i am getting this
error. If i set the valid user as selara, the account is locked at the
windows while i am accessing the share. Is it the problem with WINDOWS AD
side or My Samba Server side?

Please help me out of this problem.

Jasmine








--
View this message in context: 
http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4365961
Sent from the Samba - General forum at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: proposed list of parameter to remove in 3.0.23

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

These have been removed in the current SAMBA_3_0 tree

configure.in:
--with-ldapsam

loadparm.c
wins partners
ldap server
ldap port
hosts equiv

Also removed auth/auth_rhosts.c





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEZQAOIR7qMdg1EfYRAh1PAKCXJlWO734Cx9u4YBTjSVQzbL47JgCfUtUW
3rLOZMybhdRJoS9MOpmbuqM=
=TnhY
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Performance issue on AIX when deleting files in adirectory with a large number of files

[Jeremy Allison]

On Thu, May 11, 2006 at 04:06:37PM -0700, Jeremy Allison wrote:
 On Thu, May 11, 2006 at 03:54:17PM -0700, Jeremy Allison wrote:
  
  Do you see the change notify replies happening followed by the
  change notify setups ? I bet I know what it is
  
  Because AIX doesn't have kernel change notify when the change
  notify setup comes (which happens after every delete) it causes a
  directory rescan at that point - after *each* delete !
 
 I think I can code around this. The key is to ensure that
 setting change notify timeout to zero turns off change
 notify except for renames and deletes. Also make it a per-share
 parameter so it can be set to zero for large directories...
 
 Give me a day or so on this.

Ok - here is the patch. Bill - if you could test this on
AIX by setting the (now per-share) parameter :

change notify timeout = 0 

on the share definition that holds a large number of files,
you might find a speed up. I can see the effect it has here
when I disable the kernel and FAM based change notify.

Jeremy.
Index: smbd/service.c
===
--- smbd/service.c  (revision 15550)
+++ smbd/service.c  (working copy)
@@ -930,6 +930,9 @@
dbgtext( (pid %d)\n, (int)sys_getpid() );
}

+   /* Setup the minimum value for a change notify wait time (seconds). */
+   set_change_notify_timeout(lp_change_notify_timeout(snum));
+
/* we've finished with the user stuff - go back to root */
change_to_root_user();
return(conn);
Index: smbd/notify.c
===
--- smbd/notify.c   (revision 15550)
+++ smbd/notify.c   (working copy)
@@ -135,9 +135,21 @@
 }
 
 /
- Return true if there are pending change notifies.
+ Set the current change notify timeout to the lowest value across all service
+ values.
 /
 
+void set_change_notify_timeout(int val)
+{
+   if (val  0) {
+   cnotify-select_time = MIN(cnotify-select_time, val);
+   }
+}
+
+/
+ Longest time to sleep for before doing a change notify scan.
+/
+
 int change_notify_timeout(void)
 {
return cnotify-select_time;
Index: smbd/notify_hash.c
===
--- smbd/notify_hash.c  (revision 15550)
+++ smbd/notify_hash.c  (working copy)
@@ -81,6 +81,11 @@
 return True;
 }
 
+   if (lp_change_notify_timeout(SNUM(conn)) = 0) {
+   /* It change notify timeout has been disabled, never scan the 
directory. */
+   return True;
+   }
+
/*
 * If we are to watch for changes that are only stored
 * in inodes of files, not in the directory inode, we must
@@ -179,10 +184,18 @@
 {
struct change_data *data = (struct change_data *)datap;
struct change_data data2;
+   int cnto = lp_change_notify_timeout(SNUM(conn));
 
-   if (t  t  data-last_check_time + lp_change_notify_timeout())
+   if (t  cnto = 0) {
+   /* Change notify turned off on this share.
+* Only scan when (t==0) - we think something changed. */
return False;
+   }
 
+   if (t  t  data-last_check_time + cnto) {
+   return False;
+   }
+
if (!change_to_user(conn,vuid))
return True;
if (!set_current_service(conn,FLAG_CASELESS_PATHNAMES,True)) {
@@ -201,8 +214,9 @@
return True;
}
 
-   if (t)
+   if (t) {
data-last_check_time = t;
+   }
 
change_to_root_user();
 
@@ -229,7 +243,7 @@
cnotify.register_notify = hash_register_notify;
cnotify.check_notify = hash_check_notify;
cnotify.remove_notify = hash_remove_notify;
-   cnotify.select_time = lp_change_notify_timeout();
+   cnotify.select_time = 60; /* Start with 1 minute default. */
cnotify.notification_fd = -1;
 
return cnotify;
Index: param/loadparm.c
===
--- param/loadparm.c(revision 15550)
+++ param/loadparm.c(working copy)
@@ -220,7 +220,6 @@
int lm_interval;
int announce_as;/* This is initialised in init_globals */
int machine_password_timeout;
-   int change_notify_timeout;
int map_to_guest;
int oplock_break_wait_time;
int winbind_cache_time;
@@ -449,6 +448,7 @@
int iAioReadSize;
int iAioWriteSize;
int iMap_readonly;
+   int ichange_notify_timeout;
param_opt_struct *param_opt;
 
char dummy[3];  /* for alignment */
@@ 

svn commit: samba r15542 - branches/SAMBA_3_0/source/passdb trunk/source/passdb

[gd]

Author: gd
Date: 2006-05-12 13:29:51 + (Fri, 12 May 2006)
New Revision: 15542

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15542

Log:
Close the LDAP connection and free the struct, regardless whether the
simple bind operation was successful or not.

Guenther

Modified:
   branches/SAMBA_3_0/source/passdb/pdb_nds.c
   trunk/source/passdb/pdb_nds.c


Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_nds.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_nds.c  2006-05-11 23:07:34 UTC (rev 
15541)
+++ branches/SAMBA_3_0/source/passdb/pdb_nds.c  2006-05-12 13:29:51 UTC (rev 
15542)
@@ -817,9 +817,9 @@
 
/* Attempt simple bind with real or bogus password */
rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
+   ldap_unbind(ld);
if (rc == LDAP_SUCCESS) {
DEBUG(5,(pdb_nds_update_login_attempts: 
ldap_simple_bind_s Successful for %s\n, username));
-   ldap_unbind(ld);
} else {
NTSTATUS nt_status = 
NT_STATUS_ACCOUNT_RESTRICTION;
DEBUG(5,(pdb_nds_update_login_attempts: 
ldap_simple_bind_s Failed for %s\n, username));

Modified: trunk/source/passdb/pdb_nds.c
===
--- trunk/source/passdb/pdb_nds.c   2006-05-11 23:07:34 UTC (rev 15541)
+++ trunk/source/passdb/pdb_nds.c   2006-05-12 13:29:51 UTC (rev 15542)
@@ -817,9 +817,9 @@
 
/* Attempt simple bind with real or bogus password */
rc = ldap_simple_bind_s(ld, dn, clear_text_pw);
+   ldap_unbind(ld);
if (rc == LDAP_SUCCESS) {
DEBUG(5,(pdb_nds_update_login_attempts: 
ldap_simple_bind_s Successful for %s\n, username));
-   ldap_unbind(ld);
} else {
NTSTATUS nt_status = 
NT_STATUS_ACCOUNT_RESTRICTION;
DEBUG(5,(pdb_nds_update_login_attempts: 
ldap_simple_bind_s Failed for %s\n, username));

svn commit: samba r15543 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/libsmb branches/SAMBA_3_0/source/nsswitch branches/SAM

[jerry]

Author: jerry
Date: 2006-05-12 15:17:35 + (Fri, 12 May 2006)
New Revision: 15543

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15543

Log:
New implementation of 'net ads join' to be more like Windows XP.
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.

The points of interest are

* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
  ADS_STRUCT-config information
* Remove ldap_initialized() from sam/idmap_ad.c and
  libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
  using the machine account after the join

Thanks to Guenther and Simo for the review.

Still to do:

* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
  'kinit -k' (although we might be able to just use the sAMAccountName
  instead)
* Re-add support for pre-creating the machine account in 
  a specific OU




Added:
   branches/SAMBA_3_0/source/include/ads_cldap.h
   branches/SAMBA_3_0/source/libads/cldap.c
   trunk/source/include/ads_cldap.h
   trunk/source/libads/cldap.c
Removed:
   branches/SAMBA_3_0/source/utils/net_ads_cldap.c
   trunk/source/utils/net_ads_cldap.c
Modified:
   branches/SAMBA_3_0/source/Makefile.in
   branches/SAMBA_3_0/source/include/ads.h
   branches/SAMBA_3_0/source/include/includes.h
   branches/SAMBA_3_0/source/libads/ads_struct.c
   branches/SAMBA_3_0/source/libads/ldap.c
   branches/SAMBA_3_0/source/libsmb/namequery.c
   branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c
   branches/SAMBA_3_0/source/printing/nt_printing.c
   branches/SAMBA_3_0/source/sam/idmap_ad.c
   branches/SAMBA_3_0/source/utils/net.c
   branches/SAMBA_3_0/source/utils/net.h
   branches/SAMBA_3_0/source/utils/net_ads.c
   branches/SAMBA_3_0/source/utils/net_rpc.c
   branches/SAMBA_3_0/source/utils/net_rpc_join.c
   trunk/source/Makefile.in
   trunk/source/include/ads.h
   trunk/source/include/includes.h
   trunk/source/libads/ads_struct.c
   trunk/source/libads/ldap.c
   trunk/source/libsmb/namequery.c
   trunk/source/nsswitch/winbindd_cm.c
   trunk/source/printing/nt_printing.c
   trunk/source/sam/idmap_ad.c
   trunk/source/utils/net.c
   trunk/source/utils/net.h
   trunk/source/utils/net_ads.c
   trunk/source/utils/net_rpc.c
   trunk/source/utils/net_rpc_join.c


Changeset:
Sorry, the patch is too large (5445 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15543

svn commit: samba r15544 - branches/SAMBA_3_0/source/libads trunk/source/libads

[jerry]

Author: jerry
Date: 2006-05-12 16:38:51 + (Fri, 12 May 2006)
New Revision: 15544

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15544

Log:
make sure to define NS_PACKETSZ for Bind 4 interfaces (fix build on us4)
Modified:
   branches/SAMBA_3_0/source/libads/dns.c
   trunk/source/libads/dns.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/dns.c
===
--- branches/SAMBA_3_0/source/libads/dns.c  2006-05-12 15:17:35 UTC (rev 
15543)
+++ branches/SAMBA_3_0/source/libads/dns.c  2006-05-12 16:38:51 UTC (rev 
15544)
@@ -47,7 +47,12 @@
 #define NS_HFIXEDSZ HFIXEDSZ
 #  else
 #define NS_HFIXEDSZ sizeof(HEADER)
-#  endif
+#  endif   /* HFIXEDSZ */
+#  ifdef PACKETSZ
+#define NS_PACKETSZPACKETSZ
+#  else/* 512 is usually the default */
+#define NS_PACKETSZ512
+#  endif   /* PACKETSZ */
 #  define T_SRV33
 #endif
 

Modified: trunk/source/libads/dns.c
===
--- trunk/source/libads/dns.c   2006-05-12 15:17:35 UTC (rev 15543)
+++ trunk/source/libads/dns.c   2006-05-12 16:38:51 UTC (rev 15544)
@@ -47,7 +47,12 @@
 #define NS_HFIXEDSZ HFIXEDSZ
 #  else
 #define NS_HFIXEDSZ sizeof(HEADER)
-#  endif
+#  endif   /* HFIXEDSZ */
+#  ifdef PACKETSZ
+#define NS_PACKETSZPACKETSZ
+#  else/* 512 is usually the default */
+#define NS_PACKETSZ512
+#  endif   /* PACKETSZ */
 #  define T_SRV33
 #endif
 

svn commit: samba r15545 - in trunk/source/libndr: .

[jerry]

Author: jerry
Date: 2006-05-12 16:40:00 + (Fri, 12 May 2006)
New Revision: 15545

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15545

Log:
ignore *.po and *.po32 files
Modified:
   trunk/source/libndr/


Changeset:

Property changes on: trunk/source/libndr
___
Name: svn:ignore
   + *.po
*.po32

svn commit: samba r15546 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch

[gd]

Author: gd
Date: 2006-05-12 19:16:10 + (Fri, 12 May 2006)
New Revision: 15546

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15546

Log:
When debugging is enabled be just a little more verbose in logging in
pam_winbind.

Guenther

Modified:
   branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
   trunk/source/nsswitch/pam_winbind.c


Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===
--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-05-12 16:40:00 UTC 
(rev 15545)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-05-12 19:16:10 UTC 
(rev 15546)
@@ -877,7 +877,7 @@
goto out;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_authenticate);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_authenticate 
(flags: 0x%04x), flags);
 
/* Get the username */
retval = pam_get_user(pamh, username, NULL);
@@ -946,7 +946,7 @@
return PAM_SYSTEM_ERR;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_setcred);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_setcred (flags: 
0x%04x), flags);
 
if (flags  PAM_DELETE_CRED) {
return pam_sm_close_session(pamh, flags, argc, argv);
@@ -973,7 +973,7 @@
return PAM_SYSTEM_ERR;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_acct_mgmt);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_acct_mgmt (flags: 
0x%04x), flags);
 
 
/* Get the username */
@@ -1040,7 +1040,7 @@
return PAM_SYSTEM_ERR;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_open_session 
handler);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_open_session 
handler (flags: 0x%04x), flags);
 
return PAM_SUCCESS;
 }
@@ -1059,7 +1059,7 @@
goto out;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_close_session 
handler);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_close_session 
handler (flags: 0x%04x), flags);
 
if (!(flags  PAM_DELETE_CRED)) {
retval = PAM_SUCCESS;
@@ -1151,7 +1151,7 @@
goto out;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_chauthtok);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_chauthtok (flags: 
0x%04x), flags);
 
/* clearing offline bit for the auth in the password change */
ctrl = ~WINBIND_CACHED_LOGIN;

Modified: trunk/source/nsswitch/pam_winbind.c
===
--- trunk/source/nsswitch/pam_winbind.c 2006-05-12 16:40:00 UTC (rev 15545)
+++ trunk/source/nsswitch/pam_winbind.c 2006-05-12 19:16:10 UTC (rev 15546)
@@ -877,7 +877,7 @@
goto out;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_authenticate);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_authenticate 
(flags: 0x%04x), flags);
 
/* Get the username */
retval = pam_get_user(pamh, username, NULL);
@@ -946,7 +946,7 @@
return PAM_SYSTEM_ERR;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_setcred);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_setcred (flags: 
0x%04x), flags);
 
if (flags  PAM_DELETE_CRED) {
return pam_sm_close_session(pamh, flags, argc, argv);
@@ -973,7 +973,7 @@
return PAM_SYSTEM_ERR;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_acct_mgmt);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_acct_mgmt (flags: 
0x%04x), flags);
 
 
/* Get the username */
@@ -1040,7 +1040,7 @@
return PAM_SYSTEM_ERR;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_open_session 
handler);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_open_session 
handler (flags: 0x%04x), flags);
 
return PAM_SUCCESS;
 }
@@ -1059,7 +1059,7 @@
goto out;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_close_session 
handler);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_close_session 
handler (flags: 0x%04x), flags);
 
if (!(flags  PAM_DELETE_CRED)) {
retval = PAM_SUCCESS;
@@ -1151,7 +1151,7 @@
goto out;
}
 
-   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_chauthtok);
+   _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_chauthtok (flags: 
0x%04x), flags);
 
/* clearing offline bit for the auth in the password change */
ctrl = ~WINBIND_CACHED_LOGIN;

svn commit: samba r15547 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/param branches/SAMBA_3_0/source/passdb trunk/source trunk/source/param trunk/source/passdb

[jerry]

Author: jerry
Date: 2006-05-12 20:40:22 + (Fri, 12 May 2006)
New Revision: 15547

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15547

Log:
say goodbye to --with-ldapsam (although the ldapsam_compat passdb backend still 
exists
Modified:
   branches/SAMBA_3_0/source/configure.in
   branches/SAMBA_3_0/source/param/loadparm.c
   branches/SAMBA_3_0/source/passdb/pdb_ldap.c
   trunk/source/configure.in
   trunk/source/param/loadparm.c
   trunk/source/passdb/pdb_ldap.c


Changeset:
Modified: branches/SAMBA_3_0/source/configure.in
===
--- branches/SAMBA_3_0/source/configure.in  2006-05-12 19:16:10 UTC (rev 
15546)
+++ branches/SAMBA_3_0/source/configure.in  2006-05-12 20:40:22 UTC (rev 
15547)
@@ -3936,37 +3936,7 @@
 fi
 fi
 
-
-
-##
-## TESTS FOR SAM BACKENDS.  KEEP THESE GROUPED TOGETHER
-##
-
-
 #
-# check for a LDAP password database configuration backwards compatibility
-AC_MSG_CHECKING(whether to use LDAP SAM 2.2 compatible configuration)
-AC_ARG_WITH(ldapsam,
-[  --with-ldapsam  Include LDAP SAM 2.2 compatible configuration 
(default=no)],
-[ case $withval in
-  yes)
-AC_MSG_RESULT(yes)
-AC_DEFINE(WITH_LDAP_SAMCONFIG,1,[Whether to include 2.2 compatible LDAP 
SAM configuration])
-;;
-  *)
-AC_MSG_RESULT(no)
-;;
-  esac ],
-  AC_MSG_RESULT(no)
-)
-
-
-##
-## END OF TESTS FOR SAM BACKENDS.  
-##
-
-
-#
 # check for a NISPLUS_HOME support 
 AC_MSG_CHECKING(whether to use NISPLUS_HOME)
 AC_ARG_WITH(nisplus-home,

Modified: branches/SAMBA_3_0/source/param/loadparm.c
===
--- branches/SAMBA_3_0/source/param/loadparm.c  2006-05-12 19:16:10 UTC (rev 
15546)
+++ branches/SAMBA_3_0/source/param/loadparm.c  2006-05-12 20:40:22 UTC (rev 
15547)
@@ -234,10 +234,6 @@
char *szLdapUserSuffix;
char *szLdapIdmapSuffix;
char *szLdapGroupSuffix;
-#ifdef WITH_LDAP_SAMCONFIG
-   int ldap_port;
-   char *szLdapServer;
-#endif
int ldap_ssl;
char *szLdapSuffix;
char *szLdapAdminDn;
@@ -671,12 +667,6 @@
 };
 
 static const struct enum_list enum_ldap_ssl[] = {
-#ifdef WITH_LDAP_SAMCONFIG
-   {LDAP_SSL_ON, Yes},
-   {LDAP_SSL_ON, yes},
-   {LDAP_SSL_ON, on},
-   {LDAP_SSL_ON, On},
-#endif
{LDAP_SSL_OFF, no},
{LDAP_SSL_OFF, No},
{LDAP_SSL_OFF, off},
@@ -1172,10 +1162,6 @@
 
{N_(Ldap Options), P_SEP, P_SEPARATOR}, 
 
-#ifdef WITH_LDAP_SAMCONFIG
-   {ldap server, P_STRING, P_GLOBAL, Globals.szLdapServer, NULL, NULL, 
FLAG_ADVANCED}, 
-   {ldap port, P_INTEGER, P_GLOBAL, Globals.ldap_port, NULL, NULL, 
FLAG_ADVANCED}, 
-#endif
{ldap admin dn, P_STRING, P_GLOBAL, Globals.szLdapAdminDn, NULL, 
NULL, FLAG_ADVANCED}, 
{ldap delete dn, P_BOOL, P_GLOBAL, Globals.ldap_delete_dn, NULL, 
NULL, FLAG_ADVANCED}, 
{ldap group suffix, P_STRING, P_GLOBAL, Globals.szLdapGroupSuffix, 
NULL, NULL, FLAG_ADVANCED}, 
@@ -1574,13 +1560,7 @@
   a large number of sites (tridge) */
Globals.bHostnameLookups = False;
 
-#ifdef WITH_LDAP_SAMCONFIG
-   string_set(Globals.szLdapServer, localhost);
-   Globals.ldap_port = 636;
-   string_set(Globals.szPassdbBackend, ldapsam_compat);
-#else
string_set(Globals.szPassdbBackend, smbpasswd);
-#endif /* WITH_LDAP_SAMCONFIG */
string_set(Globals.szLdapSuffix, );
string_set(Globals.szLdapMachineSuffix, );
string_set(Globals.szLdapUserSuffix, );
@@ -1857,10 +1837,6 @@
 FN_GLOBAL_LIST(lp_idmap_backend, Globals.szIdmapBackend)
 FN_GLOBAL_BOOL(lp_passdb_expand_explicit, Globals.bPassdbExpandExplicit)
 
-#ifdef WITH_LDAP_SAMCONFIG
-FN_GLOBAL_STRING(lp_ldap_server, Globals.szLdapServer)
-FN_GLOBAL_INTEGER(lp_ldap_port, Globals.ldap_port)
-#endif
 FN_GLOBAL_STRING(lp_ldap_suffix, Globals.szLdapSuffix)
 FN_GLOBAL_STRING(lp_ldap_admin_dn, Globals.szLdapAdminDn)
 FN_GLOBAL_INTEGER(lp_ldap_ssl, Globals.ldap_ssl)

Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-05-12 19:16:10 UTC (rev 
15546)
+++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-05-12 20:40:22 UTC (rev 
15547)
@@ -5427,23 +5427,6 @@
struct ldapsam_privates *ldap_state;
char *uri = talloc_strdup( NULL, location );
 
-#ifdef WITH_LDAP_SAMCONFIG
-   if (!uri) {
-   int ldap_port = 

svn commit: samba r15548 - branches/SAMBA_3_0/source/param trunk/source/param

[jerry]

Author: jerry
Date: 2006-05-12 20:45:30 + (Fri, 12 May 2006)
New Revision: 15548

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15548

Log:
remove unused 'wins partners'
Modified:
   branches/SAMBA_3_0/source/param/loadparm.c
   trunk/source/param/loadparm.c


Changeset:
Modified: branches/SAMBA_3_0/source/param/loadparm.c
===
--- branches/SAMBA_3_0/source/param/loadparm.c  2006-05-12 20:40:22 UTC (rev 
15547)
+++ branches/SAMBA_3_0/source/param/loadparm.c  2006-05-12 20:45:30 UTC (rev 
15548)
@@ -163,7 +163,6 @@
char *szUsernameMapScript;
char *szCheckPasswordScript;
char *szWINSHook;
-   char *szWINSPartners;
char *szUtmpDir;
char *szWtmpDir;
BOOL bUtmp;
@@ -1140,7 +1139,6 @@
{wins server, P_LIST, P_GLOBAL, Globals.szWINSservers, NULL, NULL, 
FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, 
{wins support, P_BOOL, P_GLOBAL, Globals.bWINSsupport, NULL, NULL, 
FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, 
{wins hook, P_STRING, P_GLOBAL, Globals.szWINSHook, NULL, NULL, 
FLAG_ADVANCED}, 
-   {wins partners, P_STRING, P_GLOBAL, Globals.szWINSPartners, NULL, 
NULL, FLAG_ADVANCED | FLAG_WIZARD}, 
 
{N_(Locking Options), P_SEP, P_SEPARATOR}, 
 
@@ -1821,7 +1819,6 @@
 FN_GLOBAL_STRING(lp_check_password_script, Globals.szCheckPasswordScript)
 
 FN_GLOBAL_STRING(lp_wins_hook, Globals.szWINSHook)
-FN_GLOBAL_STRING(lp_wins_partners, Globals.szWINSPartners)
 FN_GLOBAL_CONST_STRING(lp_template_homedir, Globals.szTemplateHomedir)
 FN_GLOBAL_CONST_STRING(lp_template_shell, Globals.szTemplateShell)
 FN_GLOBAL_CONST_STRING(lp_winbind_separator, Globals.szWinbindSeparator)

Modified: trunk/source/param/loadparm.c
===
--- trunk/source/param/loadparm.c   2006-05-12 20:40:22 UTC (rev 15547)
+++ trunk/source/param/loadparm.c   2006-05-12 20:45:30 UTC (rev 15548)
@@ -163,7 +163,6 @@
char *szUsernameMapScript;
char *szCheckPasswordScript;
char *szWINSHook;
-   char *szWINSPartners;
char *szUtmpDir;
char *szWtmpDir;
BOOL bUtmp;
@@ -1140,7 +1139,6 @@
{wins server, P_LIST, P_GLOBAL, Globals.szWINSservers, NULL, NULL, 
FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, 
{wins support, P_BOOL, P_GLOBAL, Globals.bWINSsupport, NULL, NULL, 
FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, 
{wins hook, P_STRING, P_GLOBAL, Globals.szWINSHook, NULL, NULL, 
FLAG_ADVANCED}, 
-   {wins partners, P_STRING, P_GLOBAL, Globals.szWINSPartners, NULL, 
NULL, FLAG_ADVANCED | FLAG_WIZARD}, 
 
{N_(Locking Options), P_SEP, P_SEPARATOR}, 
 
@@ -1821,7 +1819,6 @@
 FN_GLOBAL_STRING(lp_check_password_script, Globals.szCheckPasswordScript)
 
 FN_GLOBAL_STRING(lp_wins_hook, Globals.szWINSHook)
-FN_GLOBAL_STRING(lp_wins_partners, Globals.szWINSPartners)
 FN_GLOBAL_CONST_STRING(lp_template_homedir, Globals.szTemplateHomedir)
 FN_GLOBAL_CONST_STRING(lp_template_shell, Globals.szTemplateShell)
 FN_GLOBAL_CONST_STRING(lp_winbind_separator, Globals.szWinbindSeparator)

svn commit: samba r15549 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/auth branches/SAMBA_3_0/source/param branches/SAMBA_3_0/source/utils trunk/source trunk/source/auth trunk/source/param tr

[jerry]

Author: jerry
Date: 2006-05-12 21:00:52 + (Fri, 12 May 2006)
New Revision: 15549

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15549

Log:
removing rhosts and 'hosts equiv' authentication features
Removed:
   branches/SAMBA_3_0/source/auth/auth_rhosts.c
   trunk/source/auth/auth_rhosts.c
Modified:
   branches/SAMBA_3_0/source/Makefile.in
   branches/SAMBA_3_0/source/configure.in
   branches/SAMBA_3_0/source/param/loadparm.c
   branches/SAMBA_3_0/source/utils/testparm.c
   trunk/source/Makefile.in
   trunk/source/configure.in
   trunk/source/param/loadparm.c
   trunk/source/utils/testparm.c


Changeset:
Sorry, the patch is too large (789 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15549

svn commit: samba r15550 - branches/SAMBA_3_0/source trunk/source

[jerry]

Author: jerry
Date: 2006-05-12 21:31:52 + (Fri, 12 May 2006)
New Revision: 15550

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15550

Log:
make sure to pick up the -lresolv libs on systems without -lldap to pull it in
Modified:
   branches/SAMBA_3_0/source/configure.in
   trunk/source/configure.in


Changeset:
Modified: branches/SAMBA_3_0/source/configure.in
===
--- branches/SAMBA_3_0/source/configure.in  2006-05-12 21:00:52 UTC (rev 
15549)
+++ branches/SAMBA_3_0/source/configure.in  2006-05-12 21:31:52 UTC (rev 
15550)
@@ -1531,8 +1531,10 @@
 fi
 
 #
-# we might need the resolv library on some systems
+# needed for SRV lookups
 AC_CHECK_LIB(resolv, dn_expand)
+AC_CHECK_LIB(resolv, _dn_expand)
+AC_CHECK_LIB(resolv, __dn_expand)
 
 #
 # Check for the functions putprpwnam, set_auth_parameters,

Modified: trunk/source/configure.in
===
--- trunk/source/configure.in   2006-05-12 21:00:52 UTC (rev 15549)
+++ trunk/source/configure.in   2006-05-12 21:31:52 UTC (rev 15550)
@@ -1531,8 +1531,10 @@
 fi
 
 #
-# we might need the resolv library on some systems
+# needed for SRV lookups
 AC_CHECK_LIB(resolv, dn_expand)
+AC_CHECK_LIB(resolv, _dn_expand)
+AC_CHECK_LIB(resolv, __dn_expand)
 
 #
 # Check for the functions putprpwnam, set_auth_parameters,

svn commit: samba-docs r954 - in trunk/smbdotconf: ldap security

[jerry]

Author: jerry
Date: 2006-05-12 21:39:31 + (Fri, 12 May 2006)
New Revision: 954

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=954

Log:
removing docs for removed parameters
Removed:
   trunk/smbdotconf/ldap/ldapport.xml
   trunk/smbdotconf/ldap/ldapserver.xml
   trunk/smbdotconf/security/hostsequiv.xml


Changeset:
Deleted: trunk/smbdotconf/ldap/ldapport.xml
===
--- trunk/smbdotconf/ldap/ldapport.xml  2006-05-10 01:06:57 UTC (rev 953)
+++ trunk/smbdotconf/ldap/ldapport.xml  2006-05-12 21:39:31 UTC (rev 954)
@@ -1,19 +0,0 @@
-samba:parameter name=ldap port
-type=integer
- context=G
- xmlns:samba=http://www.samba.org/samba/DTD/samba-doc;
-description
-   para
-   This parameter is only available if Samba has been configure to include 
the 
-   command moreinfo=none--with-ldapsam/command option at compile 
time.
-   /para
-
-   para
-   This option is used to control the tcp port number used to contact the 
-   smbconfoption name=ldap server/. The default is to use the stand 
LDAPS port 636.
-   /para
-/description
-relatedldap ssl/related
-value type=default636commentif ldap ssl = on/comment/value
-value type=default389commentif ldap ssl = off/comment/value
-/samba:parameter

Deleted: trunk/smbdotconf/ldap/ldapserver.xml
===
--- trunk/smbdotconf/ldap/ldapserver.xml2006-05-10 01:06:57 UTC (rev 
953)
+++ trunk/smbdotconf/ldap/ldapserver.xml2006-05-12 21:39:31 UTC (rev 
954)
@@ -1,15 +0,0 @@
-samba:parameter name=ldap server
- context=G
-type=string
- xmlns:samba=http://www.samba.org/samba/DTD/samba-doc;
-description
-   paraThis parameter is only available if Samba has been
-   configure to include the command 
moreinfo=none--with-ldapsam/command 
-   option at compile time./para
-
-   paraThis parameter should contain the FQDN of the ldap directory
-   server which should be queried to locate user account information.
-/para
-/description
-value type=defaultlocalhost/value
-/samba:parameter

Deleted: trunk/smbdotconf/security/hostsequiv.xml
===
--- trunk/smbdotconf/security/hostsequiv.xml2006-05-10 01:06:57 UTC (rev 
953)
+++ trunk/smbdotconf/security/hostsequiv.xml2006-05-12 21:39:31 UTC (rev 
954)
@@ -1,29 +0,0 @@
-samba:parameter name=hosts equiv
- context=G
-type=string
- advanced=1 developer=1
-xmlns:samba=http://www.samba.org/samba/DTD/samba-doc;
-description
-paraIf this global parameter is a non-null string, 
-it specifies the name of a file to read for the names of hosts 
-and users who will be allowed access without specifying a password.
-/para
-   
-paraThis is not be confused with smbconfoption name=hosts allow/ 
which is about hosts 
-access to services and is more useful for guest services. parameter 
moreinfo=none
-hosts equiv/parameter may be useful for NT clients which will 
-not supply passwords to Samba./para
-
-noteparaThe use of parameter moreinfo=nonehosts equiv
-/parameter can be a major security hole. This is because you are 
-trusting the PC to supply the correct username. It is very easy to 
-get a PC to supply a false username. I recommend that the 
-parameter moreinfo=nonehosts equiv/parameter option be only used if 
you really 
-know what you are doing, or perhaps on a home network where you trust 
-your spouse and kids. And only if you emphasisreally/emphasis trust 
-   them :-)./para/note
-/description
-   
-value type=defaultcommentno host equivalences/comment/value
-value type=examplehosts equiv = /etc/hosts.equiv/value
-/samba:parameter

svn commit: samba r15551 - in branches/SAMBA_4_0/source: . build/smb_build

[jelmer]

Author: jelmer
Date: 2006-05-12 22:21:44 + (Fri, 12 May 2006)
New Revision: 15551

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15551

Log:
Fix clash between config.pm and globally installed Config.pm on 
case-insensitive filesystems. Patch by John Malmberg tweaked by me

Modified:
   branches/SAMBA_4_0/source/build/smb_build/input.pm
   branches/SAMBA_4_0/source/build/smb_build/main.pl
   branches/SAMBA_4_0/source/configure.in


Changeset:
Modified: branches/SAMBA_4_0/source/build/smb_build/input.pm
===
--- branches/SAMBA_4_0/source/build/smb_build/input.pm  2006-05-12 21:31:52 UTC 
(rev 15550)
+++ branches/SAMBA_4_0/source/build/smb_build/input.pm  2006-05-12 22:21:44 UTC 
(rev 15551)
@@ -5,7 +5,7 @@
 #  Copyright (C) Jelmer Vernooij 2004
 #  Released under the GNU GPL
 
-use config;
+use smb_build::config;
 use strict;
 package smb_build::input;
 

Modified: branches/SAMBA_4_0/source/build/smb_build/main.pl
===
--- branches/SAMBA_4_0/source/build/smb_build/main.pl   2006-05-12 21:31:52 UTC 
(rev 15550)
+++ branches/SAMBA_4_0/source/build/smb_build/main.pl   2006-05-12 22:21:44 UTC 
(rev 15551)
@@ -13,7 +13,7 @@
 use smb_build::env;
 use smb_build::cflags;
 use smb_build::summary;
-use config;
+use smb_build::config;
 use strict;
 
 my $INPUT = {};

Modified: branches/SAMBA_4_0/source/configure.in
===
--- branches/SAMBA_4_0/source/configure.in  2006-05-12 21:31:52 UTC (rev 
15550)
+++ branches/SAMBA_4_0/source/configure.in  2006-05-12 22:21:44 UTC (rev 
15551)
@@ -88,8 +88,8 @@
 
 AC_SUBST(ac_default_prefix)
 
-echo configure: creating config.pm
-cat config.pmCEOF
+echo configure: creating build/smb_build/config.pm
+cat ${srcdir}/build/smb_build/config.pmCEOF
 # config.pm - Autogenerate by configure. DO NOT EDIT!
 
 package config;

svn commit: samba-web r986 - in trunk/news/advocacy: .

[deryck]

Author: deryck
Date: 2006-05-12 22:25:07 + (Fri, 12 May 2006)
New Revision: 986

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=986

Log:
Add news item on PostPath's alternative to Exchange,
which is using Samba.

deryck
Added:
   trunk/news/advocacy/samba_helps_postpath.html


Changeset:
Added: trunk/news/advocacy/samba_helps_postpath.html
===
--- trunk/news/advocacy/samba_helps_postpath.html   2006-05-09 15:46:55 UTC 
(rev 985)
+++ trunk/news/advocacy/samba_helps_postpath.html   2006-05-12 22:25:07 UTC 
(rev 986)
@@ -0,0 +1,15 @@
+h3a name=samba_helps_postpathSamba Helps Enable Exchange 
Alternative/a/h3 
+
+div class=article
+  pa href=http://www.postpath.com/;PostPath/a has created a
+  protocol-compatible drop-in alternative to Exchange./p
+  
+  blockquoteIt provides granular backup and restore, on or offsite 
+  redundancy, 5X Exchange performance, and AJAX web access./blockquote
+  
+  pThe best part is that the company 
+  a href=http://www.postpath.com/solutions/lean/opensource;leveraged 
Samba
+  and other Open Source software/a to do it./p 
+/div
+
+   

svn commit: samba-web r987 - in trunk/news: advocacy announcements

[deryck]

Author: deryck
Date: 2006-05-12 22:28:56 + (Fri, 12 May 2006)
New Revision: 987

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=987

Log:
Story should go in announcements. not advocacy.

deryck


Added:
   trunk/news/announcements/samba_helps_postpath.html
Removed:
   trunk/news/advocacy/samba_helps_postpath.html


Changeset:
Deleted: trunk/news/advocacy/samba_helps_postpath.html
===
--- trunk/news/advocacy/samba_helps_postpath.html   2006-05-12 22:25:07 UTC 
(rev 986)
+++ trunk/news/advocacy/samba_helps_postpath.html   2006-05-12 22:28:56 UTC 
(rev 987)
@@ -1,15 +0,0 @@
-h3a name=samba_helps_postpathSamba Helps Enable Exchange 
Alternative/a/h3 
-
-div class=article
-  pa href=http://www.postpath.com/;PostPath/a has created a
-  protocol-compatible drop-in alternative to Exchange./p
-  
-  blockquoteIt provides granular backup and restore, on or offsite 
-  redundancy, 5X Exchange performance, and AJAX web access./blockquote
-  
-  pThe best part is that the company 
-  a href=http://www.postpath.com/solutions/lean/opensource;leveraged 
Samba
-  and other Open Source software/a to do it./p 
-/div
-
-   

Copied: trunk/news/announcements/samba_helps_postpath.html (from rev 986, 
trunk/news/advocacy/samba_helps_postpath.html)

svn commit: samba r15552 - branches/SAMBA_3_0/source/client trunk/source/client

[gd]

Author: gd
Date: 2006-05-12 23:05:01 + (Fri, 12 May 2006)
New Revision: 15552

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15552

Log:
Fix segfault...

Guenther

Modified:
   branches/SAMBA_3_0/source/client/smbspool.c
   trunk/source/client/smbspool.c


Changeset:
Modified: branches/SAMBA_3_0/source/client/smbspool.c
===
--- branches/SAMBA_3_0/source/client/smbspool.c 2006-05-12 22:21:44 UTC (rev 
15551)
+++ branches/SAMBA_3_0/source/client/smbspool.c 2006-05-12 23:05:01 UTC (rev 
15552)
@@ -213,6 +213,8 @@
 
   in_client = True;   /* Make sure that we tell lp_load we are */
 
+  load_case_tables();
+
   if (!lp_load(dyn_CONFIGFILE, True, False, False, True))
   {
 fprintf(stderr, ERROR: Can't load %s - run testparm to debug it\n, 
dyn_CONFIGFILE);

Modified: trunk/source/client/smbspool.c
===
--- trunk/source/client/smbspool.c  2006-05-12 22:21:44 UTC (rev 15551)
+++ trunk/source/client/smbspool.c  2006-05-12 23:05:01 UTC (rev 15552)
@@ -213,6 +213,8 @@
 
   in_client = True;   /* Make sure that we tell lp_load we are */
 
+  load_case_tables();
+
   if (!lp_load(dyn_CONFIGFILE, True, False, False, True))
   {
 fprintf(stderr, ERROR: Can't load %s - run testparm to debug it\n, 
dyn_CONFIGFILE);

svn commit: samba r15553 - branches/SAMBA_3_0/source/rpcclient trunk/source/rpcclient

[gd]

Author: gd
Date: 2006-05-12 23:08:31 + (Fri, 12 May 2006)
New Revision: 15553

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15553

Log:
minor rpcclient cleanup: length is already set in data_blob.

Guenther

Modified:
   branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c
   trunk/source/rpcclient/cmd_lsarpc.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c
===
--- branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c2006-05-12 23:05:01 UTC 
(rev 15552)
+++ branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c2006-05-12 23:08:31 UTC 
(rev 15553)
@@ -859,10 +859,7 @@
DATA_BLOB data_old = data_blob(NULL, p-old_password.length);
 
memcpy(data.data, p-password.data, p-password.length);
-   data.length = p-password.length;
-   
memcpy(data_old.data, p-old_password.data, p-old_password.length);
-   data_old.length = p-old_password.length;

pwd = decrypt_trustdom_secret(password, data);
pwd_old = decrypt_trustdom_secret(password, data_old);

Modified: trunk/source/rpcclient/cmd_lsarpc.c
===
--- trunk/source/rpcclient/cmd_lsarpc.c 2006-05-12 23:05:01 UTC (rev 15552)
+++ trunk/source/rpcclient/cmd_lsarpc.c 2006-05-12 23:08:31 UTC (rev 15553)
@@ -859,10 +859,7 @@
DATA_BLOB data_old = data_blob(NULL, p-old_password.length);
 
memcpy(data.data, p-password.data, p-password.length);
-   data.length = p-password.length;
-   
memcpy(data_old.data, p-old_password.data, p-old_password.length);
-   data_old.length = p-old_password.length;

pwd = decrypt_trustdom_secret(password, data);
pwd_old = decrypt_trustdom_secret(password, data_old);

svn commit: samba r15555 - in branches/SAMBA_3_0/source: param smbd

[jra]

Author: jra
Date: 2006-05-12 23:10:01 + (Fri, 12 May 2006)
New Revision: 1

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=1

Log:
Make change notify timeout a per-share parameter - used
when there's no kernel or FAM change notify. If set to zero
this will turn off change notify for the share except when
we ourselves change something (renames / deletes etc. ).
Designed to help on large directory shares where a new
changenotify is issued between each delete. This will
be fixed correctly when we move to internal change notify
(eg. back-port Samba4 changenotify).
Jeremy.

Modified:
   branches/SAMBA_3_0/source/param/loadparm.c
   branches/SAMBA_3_0/source/smbd/notify.c
   branches/SAMBA_3_0/source/smbd/notify_hash.c
   branches/SAMBA_3_0/source/smbd/service.c


Changeset:
Modified: branches/SAMBA_3_0/source/param/loadparm.c
===
--- branches/SAMBA_3_0/source/param/loadparm.c  2006-05-12 23:09:55 UTC (rev 
15554)
+++ branches/SAMBA_3_0/source/param/loadparm.c  2006-05-12 23:10:01 UTC (rev 
1)
@@ -220,7 +220,6 @@
int lm_interval;
int announce_as;/* This is initialised in init_globals */
int machine_password_timeout;
-   int change_notify_timeout;
int map_to_guest;
int oplock_break_wait_time;
int winbind_cache_time;
@@ -449,6 +448,7 @@
int iAioReadSize;
int iAioWriteSize;
int iMap_readonly;
+   int ichange_notify_timeout;
param_opt_struct *param_opt;
 
char dummy[3];  /* for alignment */
@@ -587,6 +587,7 @@
0,  /* iAioReadSize */
0,  /* iAioWriteSize */
MAP_READONLY_YES,   /* iMap_readonly */
+   60, /* ichange_notify_timeout = 1 minute default. */

NULL,   /* Parametric options */
 
@@ -996,7 +997,7 @@
{N_(Tuning Options), P_SEP, P_SEPARATOR}, 
 
{block size, P_INTEGER, P_LOCAL, sDefault.iBlock_size, NULL, NULL, 
FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, 
-   {change notify timeout, P_INTEGER, P_GLOBAL, 
Globals.change_notify_timeout, NULL, NULL, FLAG_ADVANCED}, 
+   {change notify timeout, P_INTEGER, P_LOCAL, 
sDefault.ichange_notify_timeout, NULL, NULL, FLAG_ADVANCED}, 
{deadtime, P_INTEGER, P_GLOBAL, Globals.deadtime, NULL, NULL, 
FLAG_ADVANCED}, 
{getwd cache, P_BOOL, P_GLOBAL, use_getwd_cache, NULL, NULL, 
FLAG_ADVANCED}, 
{keepalive, P_INTEGER, P_GLOBAL, keepalive, NULL, NULL, 
FLAG_ADVANCED}, 
@@ -1507,7 +1508,6 @@
Globals.max_wins_ttl = 60 * 60 * 24 * 6;/* 6 days default. */
Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */
Globals.machine_password_timeout = 60 * 60 * 24 * 7;/* 7 days 
default. */
-   Globals.change_notify_timeout = 60; /* 1 minute default. */
Globals.bKernelChangeNotify = True; /* On if we have it. */
Globals.bFamChangeNotify = True;/* On if we have it. */
Globals.lm_announce = 2;/* = Auto: send only if LM clients 
found */
@@ -1934,7 +1934,6 @@
 FN_GLOBAL_INTEGER(lp_lm_announce, Globals.lm_announce)
 FN_GLOBAL_INTEGER(lp_lm_interval, Globals.lm_interval)
 FN_GLOBAL_INTEGER(lp_machine_password_timeout, 
Globals.machine_password_timeout)
-FN_GLOBAL_INTEGER(lp_change_notify_timeout, Globals.change_notify_timeout)
 FN_GLOBAL_INTEGER(lp_map_to_guest, Globals.map_to_guest)
 FN_GLOBAL_INTEGER(lp_oplock_break_wait_time, Globals.oplock_break_wait_time)
 FN_GLOBAL_INTEGER(lp_lock_spin_count, Globals.iLockSpinCount)
@@ -2066,6 +2065,7 @@
 FN_LOCAL_INTEGER(lp_aio_read_size, iAioReadSize)
 FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize)
 FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly)
+FN_LOCAL_INTEGER(lp_change_notify_timeout, ichange_notify_timeout)
 FN_LOCAL_CHAR(lp_magicchar, magic_char)
 FN_GLOBAL_INTEGER(lp_winbind_cache_time, Globals.winbind_cache_time)
 FN_GLOBAL_LIST(lp_winbind_nss_info, Globals.szWinbindNssInfo)

Modified: branches/SAMBA_3_0/source/smbd/notify.c
===
--- branches/SAMBA_3_0/source/smbd/notify.c 2006-05-12 23:09:55 UTC (rev 
15554)
+++ branches/SAMBA_3_0/source/smbd/notify.c 2006-05-12 23:10:01 UTC (rev 
1)
@@ -135,9 +135,21 @@
 }
 
 /
- Return true if there are pending change notifies.
+ Set the current change notify timeout to the lowest value across all service
+ values.
 /
 
+void set_change_notify_timeout(int val)
+{
+   if (val  0) {
+   cnotify-select_time = MIN(cnotify-select_time, val);
+   }
+}
+
+/
+ Longest time to sleep for before doing a change notify 

svn commit: samba r15556 - in branches/SAMBA_3_0/source/rpcclient: .

[jra]

Author: jra
Date: 2006-05-12 23:13:36 + (Fri, 12 May 2006)
New Revision: 15556

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15556

Log:
Better fix for leading // or \\ from David R. Linn
[EMAIL PROTECTED].
Jeremy.

Modified:
   branches/SAMBA_3_0/source/rpcclient/rpcclient.c


Changeset:
Modified: branches/SAMBA_3_0/source/rpcclient/rpcclient.c
===
--- branches/SAMBA_3_0/source/rpcclient/rpcclient.c 2006-05-12 23:10:01 UTC 
(rev 1)
+++ branches/SAMBA_3_0/source/rpcclient/rpcclient.c 2006-05-12 23:13:36 UTC 
(rev 15556)
@@ -787,8 +787,8 @@
}
}

-   if ((server[0] == '/' || server[0] == '\\') 
-   (server[1] == '/' || server[1] == '\\')) {
+   if ((server[0] == '/'  server[1] == '/') ||
+   (server[0] == '\\'  server[1] ==  '\\')) {
server += 2;
}
 

svn commit: samba r15557 - in trunk/source/rpcclient: .

[jra]

Author: jra
Date: 2006-05-12 23:13:39 + (Fri, 12 May 2006)
New Revision: 15557

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15557

Log:
Better fix for leading // or \\ from David R. Linn
[EMAIL PROTECTED].
Jeremy.

Modified:
   trunk/source/rpcclient/rpcclient.c


Changeset:
Modified: trunk/source/rpcclient/rpcclient.c
===
--- trunk/source/rpcclient/rpcclient.c  2006-05-12 23:13:36 UTC (rev 15556)
+++ trunk/source/rpcclient/rpcclient.c  2006-05-12 23:13:39 UTC (rev 15557)
@@ -789,8 +789,8 @@
}
}

-   if ((server[0] == '/' || server[0] == '\\') 
-   (server[1] == '/' || server[1] == '\\')) {
+   if ((server[0] == '/'  server[1] == '/') ||
+   (server[0] == '\\'  server[1] ==  '\\')) {
server += 2;
}
 

svn commit: samba r15558 - branches/SAMBA_3_0/source/libads trunk/source/libads

[gd]

Author: gd
Date: 2006-05-12 23:20:39 + (Fri, 12 May 2006)
New Revision: 15558

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15558

Log:
Do not wait endless for a CLDAP reply when the LDAP server is
unavailable; use ldap timeout handling.

Jerry, please check.

Guenther

Modified:
   branches/SAMBA_3_0/source/libads/cldap.c
   trunk/source/libads/cldap.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/cldap.c
===
--- branches/SAMBA_3_0/source/libads/cldap.c2006-05-12 23:13:39 UTC (rev 
15557)
+++ branches/SAMBA_3_0/source/libads/cldap.c2006-05-12 23:20:39 UTC (rev 
15558)
@@ -165,7 +165,17 @@
return 0;
 }
 
-
+static SIG_ATOMIC_T gotalarm;
+   

+/***
+ Signal function to tell us we timed out.
+/
+   

+static void gotalarm_sig(void)
+{
+   gotalarm = 1;
+}
+   

 /*
   receive a cldap netlogon reply
 */
@@ -180,8 +190,18 @@
 
blob = data_blob(NULL, 8192);
 
+   /* Setup timeout */
+   gotalarm = 0;
+   CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
+   alarm(lp_ldap_timeout());
+   /* End setup timeout. */
+ 
ret = read(sock, blob.data, blob.length);
 
+   /* Teardown timeout. */
+   CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
+   alarm(0);
+
if (ret = 0) {
d_fprintf(stderr, no reply received to cldap netlogon\n);
return -1;

Modified: trunk/source/libads/cldap.c
===
--- trunk/source/libads/cldap.c 2006-05-12 23:13:39 UTC (rev 15557)
+++ trunk/source/libads/cldap.c 2006-05-12 23:20:39 UTC (rev 15558)
@@ -165,7 +165,17 @@
return 0;
 }
 
-
+static SIG_ATOMIC_T gotalarm;
+   

+/***
+ Signal function to tell us we timed out.
+/
+   

+static void gotalarm_sig(void)
+{
+   gotalarm = 1;
+}
+   

 /*
   receive a cldap netlogon reply
 */
@@ -180,8 +190,18 @@
 
blob = data_blob(NULL, 8192);
 
+   /* Setup timeout */
+   gotalarm = 0;
+   CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
+   alarm(lp_ldap_timeout());
+   /* End setup timeout. */
+ 
ret = read(sock, blob.data, blob.length);
 
+   /* Teardown timeout. */
+   CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
+   alarm(0);
+
if (ret = 0) {
d_fprintf(stderr, no reply received to cldap netlogon\n);
return -1;

Re: svn commit: samba r15558 - branches/SAMBA_3_0/source/libads trunk/source/libads

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
 Author: gd
 Date: 2006-05-12 23:20:39 + (Fri, 12 May 2006)
 New Revision: 15558
 
 WebSVN: 
 http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15558
 
 Log:
 Do not wait endless for a CLDAP reply when the LDAP server is
 unavailable; use ldap timeout handling.
 
 Jerry, please check.

Good catch.   Looks right to me.



cheers, jerry

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEZRk7IR7qMdg1EfYRAmMcAJ9IIneDY5pMoSgnvmMb9frm2ZEmgACeJhMd
xX+3bJpfm2LiayV76tGw2zI=
=6qNd
-END PGP SIGNATURE-

Build status as of Sat May 13 00:00:06 2006

[build]

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2006-05-12 
00:01:00.0 +
+++ /home/build/master/cache/broken_results.txt 2006-05-13 00:01:35.0 
+
@@ -1,17 +1,17 @@
-Build status as of Fri May 12 00:00:01 2006
+Build status as of Sat May 13 00:00:06 2006
 
 Build counts:
 Tree Total  Broken Panic 
 ccache   35 3  0 
 distcc   35 3  0 
-lorikeet-heimdal 33 23 0 
+lorikeet-heimdal 33 22 0 
 ppp  20 0  0 
 rsync35 2  0 
 samba4  0  0 
 samba-docs   0  0  0 
-samba4   40 24 4 
+samba4   39 23 3 
 samba_3_036 11 0 
 smb-build28 0  0 
 talloc   32 15 0 
-tdb  31 3  0 
+tdb  32 4  0 
 

svn commit: samba r15559 - branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/utils trunk/source/libads trunk/source/utils

[gd]

Author: gd
Date: 2006-05-13 01:29:04 + (Sat, 13 May 2006)
New Revision: 15559

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15559

Log:
Smaller fixes for the new cldap code:
* replace printf to stderr with DEBUG statements as they get printed in
  daemons
* net ads lookup return code

Guenther

Modified:
   branches/SAMBA_3_0/source/libads/cldap.c
   branches/SAMBA_3_0/source/utils/net_ads.c
   trunk/source/libads/cldap.c
   trunk/source/utils/net_ads.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/cldap.c
===
--- branches/SAMBA_3_0/source/libads/cldap.c2006-05-12 23:20:39 UTC (rev 
15558)
+++ branches/SAMBA_3_0/source/libads/cldap.c2006-05-13 01:29:04 UTC (rev 
15559)
@@ -66,7 +66,7 @@
uint8 len = (uint8)*(ptr++);
 
if ((pret - ret + len + 1) = MAX_DNS_LABEL) {
-   d_fprintf(stderr, DC returning too long DNS 
name\n);
+   DEBUG(1,(DC returning too long DNS name\n));
return 0;
}
 
@@ -151,13 +151,13 @@
asn1_pop_tag(data);
 
if (data.has_error) {
-   d_fprintf(stderr, Failed to build cldap netlogon at offset 
%d\n, (int)data.ofs);
+   DEBUG(2,(Failed to build cldap netlogon at offset %d\n, 
(int)data.ofs));
asn1_free(data);
return -1;
}
 
if (write(sock, data.data, data.length) != (ssize_t)data.length) {
-   d_fprintf(stderr, failed to send cldap query (%s)\n, 
strerror(errno));
+   DEBUG(2,(failed to send cldap query (%s)\n, strerror(errno)));
}
 
asn1_free(data);
@@ -203,7 +203,7 @@
alarm(0);
 
if (ret = 0) {
-   d_fprintf(stderr, no reply received to cldap netlogon\n);
+   DEBUG(1,(no reply received to cldap netlogon\n));
return -1;
}
blob.length = ret;
@@ -225,7 +225,7 @@
asn1_end_tag(data);
 
if (data.has_error) {
-   d_fprintf(stderr, Failed to parse cldap reply\n);
+   DEBUG(1,(Failed to parse cldap reply\n));
return -1;
}
 

Modified: branches/SAMBA_3_0/source/utils/net_ads.c
===
--- branches/SAMBA_3_0/source/utils/net_ads.c   2006-05-12 23:20:39 UTC (rev 
15558)
+++ branches/SAMBA_3_0/source/utils/net_ads.c   2006-05-13 01:29:04 UTC (rev 
15559)
@@ -83,7 +83,6 @@
 */
 static int net_ads_cldap_netlogon(ADS_STRUCT *ads)
 {
-   int ret;
struct cldap_netlogon_reply reply;
 
if ( !ads_cldap_netlogon( inet_ntoa(ads-ldap_ip), ads-server.realm, 
reply ) ) {
@@ -147,7 +146,7 @@
d_printf(LMNT Token: %.2x\n, reply.lmnt_token);
d_printf(LM20 Token: %.2x\n, reply.lm20_token);
 
-   return ret;
+   return 0;
 }
 
 

Modified: trunk/source/libads/cldap.c
===
--- trunk/source/libads/cldap.c 2006-05-12 23:20:39 UTC (rev 15558)
+++ trunk/source/libads/cldap.c 2006-05-13 01:29:04 UTC (rev 15559)
@@ -66,7 +66,7 @@
uint8 len = (uint8)*(ptr++);
 
if ((pret - ret + len + 1) = MAX_DNS_LABEL) {
-   d_fprintf(stderr, DC returning too long DNS 
name\n);
+   DEBUG(1,(DC returning too long DNS name\n));
return 0;
}
 
@@ -151,13 +151,13 @@
asn1_pop_tag(data);
 
if (data.has_error) {
-   d_fprintf(stderr, Failed to build cldap netlogon at offset 
%d\n, (int)data.ofs);
+   DEBUG(2,(Failed to build cldap netlogon at offset %d\n, 
(int)data.ofs));
asn1_free(data);
return -1;
}
 
if (write(sock, data.data, data.length) != (ssize_t)data.length) {
-   d_fprintf(stderr, failed to send cldap query (%s)\n, 
strerror(errno));
+   DEBUG(2,(failed to send cldap query (%s)\n, strerror(errno)));
}
 
asn1_free(data);
@@ -203,7 +203,7 @@
alarm(0);
 
if (ret = 0) {
-   d_fprintf(stderr, no reply received to cldap netlogon\n);
+   DEBUG(1,(no reply received to cldap netlogon\n));
return -1;
}
blob.length = ret;
@@ -225,7 +225,7 @@
asn1_end_tag(data);
 
if (data.has_error) {
-   d_fprintf(stderr, Failed to parse cldap reply\n);
+   DEBUG(1,(Failed to parse cldap reply\n));
return -1;
}
 

Modified: trunk/source/utils/net_ads.c
===
--- trunk/source/utils/net_ads.c2006-05-12 23:20:39 UTC (rev 15558)
+++ trunk/source/utils/net_ads.c2006-05-13 01:29:04 UTC 

svn commit: samba r15560 - branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/utils trunk/source/libads trunk/source/utils

[jerry]

Author: jerry
Date: 2006-05-13 04:39:19 + (Sat, 13 May 2006)
New Revision: 15560

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15560

Log:
Since the hotel doesn't have Sci-Fi and no Doctor Who

Re-add the capability to specify an OU in which to create
the machine account.  Done via LDAP prior to the RPC join.




Modified:
   branches/SAMBA_3_0/source/libads/ldap.c
   branches/SAMBA_3_0/source/utils/net_ads.c
   trunk/source/libads/ldap.c
   trunk/source/utils/net_ads.c


Changeset:
Sorry, the patch is too large (787 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15560

Re: svn commit: samba r15560 - branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/utils trunk/source/libads trunk/source/utils

[Jeremy Allison]

On Sat, May 13, 2006 at 04:39:20AM +, [EMAIL PROTECTED] wrote:
 Author: jerry
 Date: 2006-05-13 04:39:19 + (Sat, 13 May 2006)
 New Revision: 15560
 
 WebSVN: 
 http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15560
 
 Log:
 Since the hotel doesn't have Sci-Fi and no Doctor Who

Man - you're missing the second part of the lost child...

That one's really good !

Jeremy.

svn commit: samba r15561 - branches/SAMBA_3_0/source/utils trunk/source/utils

[jerry]

Author: jerry
Date: 2006-05-13 05:06:20 + (Sat, 13 May 2006)
New Revision: 15561

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15561

Log:
Should re-fix older systems without RC4-HMAC support


Modified:
   branches/SAMBA_3_0/source/utils/net_ads.c
   trunk/source/utils/net_ads.c


Changeset:
Modified: branches/SAMBA_3_0/source/utils/net_ads.c
===
--- branches/SAMBA_3_0/source/utils/net_ads.c   2006-05-13 04:39:19 UTC (rev 
15560)
+++ branches/SAMBA_3_0/source/utils/net_ads.c   2006-05-13 05:06:20 UTC (rev 
15561)
@@ -917,7 +917,7 @@
uint32 user_rid;
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
-   uint32 acb_info = ACB_WSTRUST;
+   uint32 acb_info = ACB_WSTRUST | ACB_PWNOEXP;
uchar pwbuf[516];
SAM_USERINFO_CTR ctr;
SAM_USER_INFO_24 p24;
@@ -949,6 +949,10 @@
strlower_m(acct_name);
const_acct_name = acct_name;
 
+#ifndef ENCTYPE_ARCFOUR_HMAC
+   acb_info |= ACB_USE_DES_KEY_ONLY;
+#endif
+
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, domain_pol,
acct_name, acb_info, 0xe005000b, user_pol, user_rid);
 
@@ -1073,17 +1077,15 @@
 static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s )
 {
ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
-   char *host_upn, *new_dn, *controlstr;
+   char *host_upn, *new_dn;
ADS_MODLIST mods;
const char *servicePrincipalName[3] = {NULL, NULL, NULL};
char *psp;
-   unsigned acct_control;
fstring my_fqdn;
LDAPMessage *res = NULL;
char *dn_string = NULL;
const char *machine_name = global_myname();
int count;
-   uint32 account_type;

if ( !machine_name ) {
return ADS_ERROR(LDAP_NO_MEMORY);
@@ -1129,16 +1131,6 @@
if (!(host_upn = talloc_asprintf(ctx, [EMAIL PROTECTED], 
servicePrincipalName[0], ads_s-config.realm)))
goto done;
 
-   /* set the account control string now */
-   
-   acct_control = account_type | UF_DONT_EXPIRE_PASSWD;
-#ifndef ENCTYPE_ARCFOUR_HMAC
-   acct_control |= UF_USE_DES_KEY_ONLY;
-#endif
-   if (!(controlstr = talloc_asprintf(ctx, %u, acct_control))) {
-   goto done;
-   }
-
/* now do the mods */

if (!(mods = ads_init_mods(ctx))) {
@@ -1153,7 +1145,6 @@
ads_mod_str(ctx, mods, userPrincipalName, host_upn);
ads_mod_str(ctx, mods, operatingSystem, Samba);
ads_mod_str(ctx, mods, operatingSystemVersion, SAMBA_VERSION_STRING);
-   ads_mod_str(ctx, mods, userAccountControl, controlstr);
 #endif
 
status = ads_gen_mod(ads_s, new_dn, mods);

Modified: trunk/source/utils/net_ads.c
===
--- trunk/source/utils/net_ads.c2006-05-13 04:39:19 UTC (rev 15560)
+++ trunk/source/utils/net_ads.c2006-05-13 05:06:20 UTC (rev 15561)
@@ -917,7 +917,7 @@
uint32 user_rid;
uint32 num_rids, *name_types, *user_rids;
uint32 flags = 0x3e8;
-   uint32 acb_info = ACB_WSTRUST;
+   uint32 acb_info = ACB_WSTRUST | ACB_PWNOEXP;
uchar pwbuf[516];
SAM_USERINFO_CTR ctr;
SAM_USER_INFO_24 p24;
@@ -949,6 +949,10 @@
strlower_m(acct_name);
const_acct_name = acct_name;
 
+#ifndef ENCTYPE_ARCFOUR_HMAC
+   acb_info |= ACB_USE_DES_KEY_ONLY;
+#endif
+
status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, domain_pol,
acct_name, acb_info, 0xe005000b, user_pol, user_rid);
 
@@ -1073,17 +1077,15 @@
 static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s )
 {
ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN);
-   char *host_upn, *new_dn, *controlstr;
+   char *host_upn, *new_dn;
ADS_MODLIST mods;
const char *servicePrincipalName[3] = {NULL, NULL, NULL};
char *psp;
-   unsigned acct_control;
fstring my_fqdn;
LDAPMessage *res = NULL;
char *dn_string = NULL;
const char *machine_name = global_myname();
int count;
-   uint32 account_type;

if ( !machine_name ) {
return ADS_ERROR(LDAP_NO_MEMORY);
@@ -1129,16 +1131,6 @@
if (!(host_upn = talloc_asprintf(ctx, [EMAIL PROTECTED], 
servicePrincipalName[0], ads_s-config.realm)))
goto done;
 
-   /* set the account control string now */
-   
-   acct_control = account_type | UF_DONT_EXPIRE_PASSWD;
-#ifndef ENCTYPE_ARCFOUR_HMAC
-   acct_control |= UF_USE_DES_KEY_ONLY;
-#endif
-   if (!(controlstr = talloc_asprintf(ctx, %u, acct_control))) {
-   goto done;
-   }
-
/* now do the mods */

if (!(mods = ads_init_mods(ctx))) {
@@ -1153,7 +1145,6 @@
ads_mod_str(ctx, mods, userPrincipalName,