Re: [Samba] Problem with adding printer drivers in Windows XP
Jerry, I'd really need your crystal ball sometimes! Yes, Tom isn't part of a domain (security = user as default), so he can't su to a SAVAGEPHP\administrator or so - and there is a use client driver = yes in the [printers] section of his smb.conf (which has been attached to the original post). If the access rights are ok, this should be the reason and I should have known. Tom? Respect, Martin Ryan Novosielski wrote: Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom wrote: Well, I'm trying to add drivers to the server through the Properties dialog box for my printer. Right click on the printer, left click Properties, Advanced tab, New Driver button type of thing. Except that the New Driver button is greyed out. I've checked and my user has the SePrintOperatorPrivilege rights assigned to him but it still does not work. * jerry gazes into his crystal ball and then steps up to the mic Do you have 'use client driver = yes' ? If so, disable it (the default setting). This is a rhetorical question, because I do not know the answer -- does this user need to be a member of Domain Admins? Tom, try net groupmap list and see what group is mapped to Domain Admins -- is the user you're connecting as a member of that group? If not, does making sure that they are make a difference? I'd also ask you to check to make sure privileges are turned on, but if they weren't, attempting to add PrintOperatorPrivilege would have failed with NT_STATUS_NO_SUCH_PRIVILEGE or equivalent. BTW, do you have a [print$] defined, with the proper tree created beneath it? The directories all have to be there first. Check your logs for red flags, if there are any. Generally things break farther down the line, though, so I'm pretty sure it's Samba permissions. -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
On Thu, May 11, 2006 at 04:41:42PM -0700, Gerald (Jerry) Carter wrote: - --with-ldapsam only enable the 'ldap server' and 'ldap port' options in smb.conf. The ldapsam_compat implementation internally is completely different. I think I'm convinced now that the configure option should go. Thanks a lot for bringing this up on the lists :-) This could clean up quite a good bit of pdb_ldap.c Volker pgpc2bAM1jsjf.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passdb and samba v3.0.23pre1
On Fri, May 12, 2006 at 12:52:59AM -0400, Ryan Novosielski wrote: Is there any other way to duplicate this functionality? I have a feeling this one is going to hurt as far as removing the ability to migrate a population of users over to a new passdb backend. Seems it would all have to be done in one fell swoop with the new behavior. In examples/LDAP/convertSambaAccount you find a perl script to convert your LDAP database. Volker pgpUnfcfsOrgf.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passdb and samba v3.0.23pre1
On Fri, May 12, 2006 at 08:58:53AM +0200, Volker Lendecke wrote: In examples/LDAP/convertSambaAccount you find a perl script to convert your LDAP database. oops, wrong thread ;-) Volker pgpHpNzyTtM4K.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] V4 TP2
Hello List, Sorry but I am woundering if anyone know how well TP2 is working of version 4, I am dying to test it out but I currently don't have any available machines to test it out on. Regards Per Qvindesland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] permissions change from windows doesn't work
Hi! This is a reply to an old mail, from one year ago ( http://lists.samba.org/archive/samba/2005-June/107570.html ). But this also replies to http://lists.samba.org/archive/samba/2003-October/075334.html and http://lists.samba.org/archive/samba/2003-November/002488.html . This issue is a Microsoft Windows missfunction. Microsoft Windows clients just can't remember which credentials use to do that work. There are several actions which does correctly: can connect, can view permissions and can use the first security dialog, but when you try to go to the Advanced tab , this does some action in which it fools and doesn't know which credentials use. Once I raised the log level (log level = 4) and saw that the client is trying to use the SID of the local user (the ones from the client machine). This works fine if your windows connect to shares on a Microsoft Domain, but fails connecting to shares published from Stand-Alone servers. I think that this is the same problem which doesn't let Admin Users change ownership of files. There is a WORKAROUND for the first problem: Just authenticate this way: If your user is vincent, then just use the credencials whateveryouwant\vincent (with the correct password for vincent user). Then when the dialog asks again for valid credencials then give him again whateveryouwant\vincent and the corrct password. This works. This is a missfunction. Call it a bug, if you want. Microsoft Support says (explicitly) that this is done this way by design (m nice). The second problem (changing ownership) can be solved using smbcacls, which works fine ... but not recursively. Best regards, -- Angel Galindo Muñoz University of Barcelona, Spain Pierre Dehaen wrote: Hi again, FYI here are some links talking about the same problem (but no answer): http://lists.samba.org/archive/samba/2003-October/075334.html http://lists.samba.org/archive/samba/2003-November/002488.html http://www.mcse.ms/message436146.html Note that on WinNT4 I can partially add permissions to a file: I see the users when I click on Show users and I can use them but I cannot see the groups that are available on the Samba server. Note also that I see exactly the same when I try to connect a W2K to another W2K (both standalone computers): although I'm connected to the share with a username of the server, from the client I cannot change the permissions on any file of the server !!! So I have a basic question now: Is it simply possible, from a W2K/XP, to change the permissions of a file on a share of a standalone server, i.e. without both computers being member of a domain ? I can see a possible commercial reason (from who you know) for this not being allowed, but is there also a technical reason ? Note that some of the above links show the same behavior within a domain... so I'm lost. Thanks for any help, Pierre On 28 Jun 2005 at 17:35, Pierre Dehaen wrote: Hi, After three days of googling, searching in this list, reading parts of the pdf, and testing, I surrender: please help ! Summary: I'm running 3.0.10a (binary from www.sunfreeware.com) on Solaris 2.6 in standalone mode (security=user). I use ACLs on files. I cannot, from windows (w2k, wxp pro), add a user to the permissions of a file. Details: - The binary was compiled --with-acl-support as smbd -b|grep ACL and the sunfreeware site confirm. - Solaris UFS supports ACLs. - I don't use winbindd - This is my smb.conf: [global] workgroup = UNIX server string = Samba Server 3.0 interfaces = x.x.x.x map to guest = Bad User username map = /usr/local/samba/private/users.map log level = 4 log file = /usr/local/samba/var/log.%m max log size = 500 deadtime = 30 keepalive = 0 dns proxy = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 - The users.map did not exist at the beginning, but, as the PDF examples have one, I created it with: root = Administrator - My users do exist on Solaris and are the same as the Windows users. - The users were added on Samba with smbpasswd -a. - My groups are mapped: # net groupmap list | sort Account Operators (S-1-5-32-548) - -1 Administrators (S-1-5-32-544) - -1 Backup Operators (S-1-5-32-551) - -1 Domain Admins (S-1-5-21-3464024308-2102256894-3995807409-512) - root Domain Guests (S-1-5-21-3464024308-2102256894-3995807409-514) - nobody Domain Users (S-1-5-21-3464024308-2102256894-3995807409-513) - staff Engineer (S-1-5-21-3464024308-2102256894-3995807409-1305) - engineer Guests (S-1-5-32-546) - -1 Inter (S-1-5-21-3464024308-2102256894-3995807409-1323) - inter Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Replicators (S-1-5-32-552) - -1 System Operators (S-1-5-32-549) - -1 Users (S-1-5-32-545) - -1 - A share is defined: [home1] path = /export/home1 read
[Samba] Re: printer admin deprecated: please explain
Ryan Novosielski wrote: Franz Pfoertsch wrote: I am Running a printserver using SLES9 SP3 with Samba 3.0.20b and cups 1.1.20 I filled in a windows group, I haven't a special user, I have a special Windows-Group. winbind separator = + printer admin = @BROSE+COB_CUPS_Printer_Admin regards Franz Since the update to Samba 3.0.20 every start of a client program tells me WARNING: The printer admin option is deprecated Ok, I understood I should use net rpc rights grant User or Group SePrintOperatorPrivilege -U .. But I haven't any adminuser to grant this rights. In my environment I put the machine into the AD by kinit UserWithPermissionsToJoinIntoTheDomain@DOMAIN net ads join - joined and all permission granted by the printer admin option. Is there any other way to get SePrintOperator without a other strong user? regards Franz How can you not have an admin user -- who do you have defined under printer admin? Or were you not using this definition at all and that is a spurious error message? If you ARE using printer admin = someone, then you'd just grant the rights to that same user. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] passdb and samba v3.0.23pre1
Pdb_multi is part of the pdb_sql project on sourceforge. but there is no speed in the development.. Cheers Collen Someone outside of Samba was working on a pdb_multi. But IMO it is best to migrate all at once. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
Quite a list, but no non we use. might i do a sugestion ? all with all, there are a lot of changes is the up coming release. not only these parameters en config options, but also the removal of the sql backends that multi passwd backend thing.. isn't it smarter , or it makes more sense to push these rather big changes through the 3.1 release ??? Cheers, Collen Gerald (Jerry) Carter wrote: Here's a short list of parameters I'd like to remove from smb.conf. hosts equiv read bmpx wins partners ldap server ldap port homedir map nis homedir magic script magic output Comments? I'd also like to kill the following configure options --with-nisplus-home --with-ldapsam --with-automount --with-dce-dfs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with adding printer drivers in Windows XP
I've tried it both ways, neither works. Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom wrote: Well, I'm trying to add drivers to the server through the Properties dialog box for my printer. Right click on the printer, left click Properties, Advanced tab, New Driver button type of thing. Except that the New Driver button is greyed out. I've checked and my user has the SePrintOperatorPrivilege rights assigned to him but it still does not work. * jerry gazes into his crystal ball and then steps up to the mic Do you have 'use client driver = yes' ? If so, disable it (the default setting). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEY6G0IR7qMdg1EfYRAuxvAJ4rc7/SPUUyoGJOMuoxtS7QeU5ECgCgo61i xIqRXVnrdIGzlcElPUlfFdM= =9Yg8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with adding printer drivers in Windows XP
Well, for giggles I put 'use client driver' back to 'No' in the smb.conf; still doesn't work. Do I need to change 'security = user' to 'security = domain'? I've been through all the troubleshooting steps posted in the archives. None have worked. Either I've missed something in those archives or mine is a new problem. Either way, the crystal ball doesn't seem to be working. Thanks for the help, Tom Martin Zielinski wrote: Jerry, I'd really need your crystal ball sometimes! Yes, Tom isn't part of a domain (security = user as default), so he can't su to a SAVAGEPHP\administrator or so - and there is a use client driver = yes in the [printers] section of his smb.conf (which has been attached to the original post). If the access rights are ok, this should be the reason and I should have known. Tom? Respect, Martin Ryan Novosielski wrote: Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom wrote: Well, I'm trying to add drivers to the server through the Properties dialog box for my printer. Right click on the printer, left click Properties, Advanced tab, New Driver button type of thing. Except that the New Driver button is greyed out. I've checked and my user has the SePrintOperatorPrivilege rights assigned to him but it still does not work. * jerry gazes into his crystal ball and then steps up to the mic Do you have 'use client driver = yes' ? If so, disable it (the default setting). This is a rhetorical question, because I do not know the answer -- does this user need to be a member of Domain Admins? Tom, try net groupmap list and see what group is mapped to Domain Admins -- is the user you're connecting as a member of that group? If not, does making sure that they are make a difference? I'd also ask you to check to make sure privileges are turned on, but if they weren't, attempting to add PrintOperatorPrivilege would have failed with NT_STATUS_NO_SUCH_PRIVILEGE or equivalent. BTW, do you have a [print$] defined, with the proper tree created beneath it? The directories all have to be there first. Check your logs for red flags, if there are any. Generally things break farther down the line, though, so I'm pretty sure it's Samba permissions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can one set limits on new core dump?
Hi all, Is there anyway to limit the new core dumping panics? Can't find anything on it. (If I'd only looked in that ...) Was my mistake, but winbindd filled up an entire volume and froze out every process writing to that drive. I started it from a shell and my soft limit is already zero. (ulimit -S -c 0) FC4 2.6.16-1.2069 smp, gcc 4.0.2-8 samba 3.0.23pre2-SVN-build-15162 Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with adding printer drivers in Windows XP
Ok Tom, last try! Hope this is it! From the smb.conf: show add printer wizard = No Please set it to yes. I could reproduce your grayed-out condition and it went away when this parameter was set to yes. ~ Martin Tom wrote: Well, for giggles I put 'use client driver' back to 'No' in the smb.conf; still doesn't work. Do I need to change 'security = user' to 'security = domain'? I've been through all the troubleshooting steps posted in the archives. None have worked. Either I've missed something in those archives or mine is a new problem. Either way, the crystal ball doesn't seem to be working. Thanks for the help, Tom Martin Zielinski wrote: Jerry, I'd really need your crystal ball sometimes! Yes, Tom isn't part of a domain (security = user as default), so he can't su to a SAVAGEPHP\administrator or so - and there is a use client driver = yes in the [printers] section of his smb.conf (which has been attached to the original post). If the access rights are ok, this should be the reason and I should have known. Tom? Respect, Martin Ryan Novosielski wrote: Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom wrote: Well, I'm trying to add drivers to the server through the Properties dialog box for my printer. Right click on the printer, left click Properties, Advanced tab, New Driver button type of thing. Except that the New Driver button is greyed out. I've checked and my user has the SePrintOperatorPrivilege rights assigned to him but it still does not work. * jerry gazes into his crystal ball and then steps up to the mic Do you have 'use client driver = yes' ? If so, disable it (the default setting). This is a rhetorical question, because I do not know the answer -- does this user need to be a member of Domain Admins? Tom, try net groupmap list and see what group is mapped to Domain Admins -- is the user you're connecting as a member of that group? If not, does making sure that they are make a difference? I'd also ask you to check to make sure privileges are turned on, but if they weren't, attempting to add PrintOperatorPrivilege would have failed with NT_STATUS_NO_SUCH_PRIVILEGE or equivalent. BTW, do you have a [print$] defined, with the proper tree created beneath it? The directories all have to be there first. Check your logs for red flags, if there are any. Generally things break farther down the line, though, so I'm pretty sure it's Samba permissions. -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can one set limits on new core dump?
man ulimit hint: ulimit -c Doug VanLeuven wrote: Hi all, Is there anyway to limit the new core dumping panics? Can't find anything on it. (If I'd only looked in that ...) Was my mistake, but winbindd filled up an entire volume and froze out every process writing to that drive. I started it from a shell and my soft limit is already zero. (ulimit -S -c 0) FC4 2.6.16-1.2069 smp, gcc 4.0.2-8 samba 3.0.23pre2-SVN-build-15162 Regards, Doug -- Jeff Saxton SenSage, Inc. 55 Hawthorne Street Suite 700 San Francisco, CA 94105 Phone: 415.808.5900 Fax:415.371.1385 Direct: 415-808-5921 Cell: 650-235-0776 mailto:[EMAIL PROTECTED] Enterprise Security Analytics SenSage, the leading provider of enterprise security analytics, offers unparalleled performance and a scalable means for organizations to centrally aggregate, efficiently analyze, dynamically monitor and cost-effectively store massive volumes of event log data. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with adding printer drivers in Windows XP
Holy crap! It's alive! There were I believe 2 articles I read that said to set that to No; and since I didn't find any that said it should be Yes, I had forgotten about it. Many many thanks Martin! Tom Martin Zielinski wrote: Ok Tom, last try! Hope this is it! From the smb.conf: show add printer wizard = No Please set it to yes. I could reproduce your grayed-out condition and it went away when this parameter was set to yes. ~ Martin Tom wrote: Well, for giggles I put 'use client driver' back to 'No' in the smb.conf; still doesn't work. Do I need to change 'security = user' to 'security = domain'? I've been through all the troubleshooting steps posted in the archives. None have worked. Either I've missed something in those archives or mine is a new problem. Either way, the crystal ball doesn't seem to be working. Thanks for the help, Tom Martin Zielinski wrote: Jerry, I'd really need your crystal ball sometimes! Yes, Tom isn't part of a domain (security = user as default), so he can't su to a SAVAGEPHP\administrator or so - and there is a use client driver = yes in the [printers] section of his smb.conf (which has been attached to the original post). If the access rights are ok, this should be the reason and I should have known. Tom? Respect, Martin Ryan Novosielski wrote: Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom wrote: Well, I'm trying to add drivers to the server through the Properties dialog box for my printer. Right click on the printer, left click Properties, Advanced tab, New Driver button type of thing. Except that the New Driver button is greyed out. I've checked and my user has the SePrintOperatorPrivilege rights assigned to him but it still does not work. * jerry gazes into his crystal ball and then steps up to the mic Do you have 'use client driver = yes' ? If so, disable it (the default setting). This is a rhetorical question, because I do not know the answer -- does this user need to be a member of Domain Admins? Tom, try net groupmap list and see what group is mapped to Domain Admins -- is the user you're connecting as a member of that group? If not, does making sure that they are make a difference? I'd also ask you to check to make sure privileges are turned on, but if they weren't, attempting to add PrintOperatorPrivilege would have failed with NT_STATUS_NO_SUCH_PRIVILEGE or equivalent. BTW, do you have a [print$] defined, with the proper tree created beneath it? The directories all have to be there first. Check your logs for red flags, if there are any. Generally things break farther down the line, though, so I'm pretty sure it's Samba permissions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (Fwd) Re: permissions change from windows doesn't work
On 12 May 2006 at 10:08, Ángel Galindo Muñoz wrote: There is a WORKAROUND for the first problem: Just authenticate this way: If your user is vincent, then just use the credencials whateveryouwant\vincent (with the correct password for vincent user). Then when the dialog asks again for valid credencials then give him again whateveryouwant\vincent and the corrct password. This works. Angel... you are the man ! It works great, even on XP SP2 when I follow your trick ! It is not a Samba bug because the problem is the same with a Windows standalone server. IMHO it is not a bug, but well a feature to force you to buy Windows servers. I was a bit surprised by the number of answers/comments (exactly 0) I received when I exposed the problem years ago. Either nobody knew the answer, either nobody wanted to answer, either nobody used standalone servers (with ACLs). But in my case that is still used in some situations. Thank you so much, I spent days on this problem and then surrendered. Pierre -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: newbie question reguarding kerberos tickets
I'm not sure I follow. By client, you mean my samba server that is joined to AD? I've been running without a ticket at all for 2 weeks now, and have yet to see a single problem. What type of bad behaviour should I be looking for? We're using win2k3 AD, samba 3.0.22, and all winXP desktop clients. Sorry if I'm being a pain, I'm just a bit confused here, as I can't find any documentation on this subject. All I see is in the installation instructions that you have to do the kinit [EMAIL PROTECTED] and log in which gives you a ticket. My issue is my windows guys aren't very bright and didn't even know that their AD ran anything called kerberos, and don't know how to change the ticket lifetime. That concerned me because I don't want to have to set up a cron to auto login every 24hours, so I put it on the backburner, the ticket expired, I come back and everything is still working fine. Which got me thinking about it's validity, which started me down this path I have digressed to, just deleting the ticket, rebooting the machine to remove anything from memory, resume testing, and the whole thing still works like a charm. And so far, all I'm getting here from this user group is everyone seems to feel like this ticket is necessary, yet no one is taking a shot at why I'm working just fine. I'm just concerned about going production if this is really necessary, but so far from what I've seen, the ticket is not needed at all. Anyone else try running in this type of environment without one? On Thu, 2006-05-11 at 21:17 -0700, Doug VanLeuven wrote: When using domain logons, after resuming from a hibernate that exceeded the lifetime of the Kerberos ticket, the client doesn't immediately renew the ticket. It will auto renew, but I've not determined the amount of time it takes. Is there a way to force the client to renew the ticket? Short of rebooting, that is. Things don't work very well until it's renewed. Trying to go green. Samba client and/or XP/2000 client? Regards, Doug simo wrote: Samba stores the machine password and obtains tickets from the KDC when needed. Simo. On Thu, 2006-05-11 at 16:53 -0500, Doug Tucker wrote: Thanks. But again, is the ticket even needed? I deleted the darn thing, rebooted to make sure it wasn't cached in memory somewhere, and everything seems to be working perfectly. If it is indeed needed, and I need to extend the period, is there any directions on how to do that on the windows side? On Thu, 2006-05-11 at 23:07 +0200, Blaž Primc wrote: Hi, the period for which the ticket is valid can be set in Windows Server. Best regards, Blaž. Doug Tucker wrote: I recently joined a samba 3.0.22 server to AD. When I did the kinit, the AD gave me a 24 hour ticket with a 1 week renewal. Setting -r and -l to 365d did not change anything, the ticket still came back the same. However, my question is in reguard to whether this is really even needed? First, I deleted the ticket, and everything seemed to continue to work perfectly. Now, I let the ticket expire for a couple of weeks now, and yet, the samba server is working fine and users still authenticate against AD just fine. Am I missing something, or is the creation of that ticket not even needed? Thank you for your assistance. doug... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: newbie question reguarding kerberos tickets
Doug, you don't need any login to make samba work in an AD environment. At the join samba creates a machine account in a domain, and stores the machine password in the secrets.tdb file. When samba needs to do some operation with the domain it just need to use that account to request tickets from the KDC. It is just like any other windows host out there. Simo. On Fri, 2006-05-12 at 08:23 -0500, Doug Tucker wrote: I'm not sure I follow. By client, you mean my samba server that is joined to AD? I've been running without a ticket at all for 2 weeks now, and have yet to see a single problem. What type of bad behaviour should I be looking for? We're using win2k3 AD, samba 3.0.22, and all winXP desktop clients. Sorry if I'm being a pain, I'm just a bit confused here, as I can't find any documentation on this subject. All I see is in the installation instructions that you have to do the kinit [EMAIL PROTECTED] and log in which gives you a ticket. My issue is my windows guys aren't very bright and didn't even know that their AD ran anything called kerberos, and don't know how to change the ticket lifetime. That concerned me because I don't want to have to set up a cron to auto login every 24hours, so I put it on the backburner, the ticket expired, I come back and everything is still working fine. Which got me thinking about it's validity, which started me down this path I have digressed to, just deleting the ticket, rebooting the machine to remove anything from memory, resume testing, and the whole thing still works like a charm. And so far, all I'm getting here from this user group is everyone seems to feel like this ticket is necessary, yet no one is taking a shot at why I'm working just fine. I'm just concerned about going production if this is really necessary, but so far from what I've seen, the ticket is not needed at all. Anyone else try running in this type of environment without one? On Thu, 2006-05-11 at 21:17 -0700, Doug VanLeuven wrote: When using domain logons, after resuming from a hibernate that exceeded the lifetime of the Kerberos ticket, the client doesn't immediately renew the ticket. It will auto renew, but I've not determined the amount of time it takes. Is there a way to force the client to renew the ticket? Short of rebooting, that is. Things don't work very well until it's renewed. Trying to go green. Samba client and/or XP/2000 client? Regards, Doug simo wrote: Samba stores the machine password and obtains tickets from the KDC when needed. Simo. On Thu, 2006-05-11 at 16:53 -0500, Doug Tucker wrote: Thanks. But again, is the ticket even needed? I deleted the darn thing, rebooted to make sure it wasn't cached in memory somewhere, and everything seems to be working perfectly. If it is indeed needed, and I need to extend the period, is there any directions on how to do that on the windows side? On Thu, 2006-05-11 at 23:07 +0200, Blaž Primc wrote: Hi, the period for which the ticket is valid can be set in Windows Server. Best regards, Blaž. Doug Tucker wrote: I recently joined a samba 3.0.22 server to AD. When I did the kinit, the AD gave me a 24 hour ticket with a 1 week renewal. Setting -r and -l to 365d did not change anything, the ticket still came back the same. However, my question is in reguard to whether this is really even needed? First, I deleted the ticket, and everything seemed to continue to work perfectly. Now, I let the ticket expire for a couple of weeks now, and yet, the samba server is working fine and users still authenticate against AD just fine. Am I missing something, or is the creation of that ticket not even needed? Thank you for your assistance. doug... -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
On 05/11/2006 10:51 AM, Gerald (Jerry) Carter wrote: ... I'd also like to kill the following configure options --with-nisplus-home --with-ldapsam --with-automount --with-dce-dfs I've not seen anyone else speak up, but we are still making use of --with-nisplus-home and --with-automount here. -Bob Martel -- *** Bob Martel,System Administrator I met someone who looks a lot like you Levin College of Urban Affairs She does the things you do Cleveland State University But she is an IBM (216) 687-2214 [EMAIL PROTECTED]-Jeff Lynne *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can one set limits on new core dump?
Sorry Jeff, been there, done that, if you'd read the whole post. Jeff Saxton wrote: man ulimit hint: ulimit -c Doug VanLeuven wrote: Hi all, Is there anyway to limit the new core dumping panics? Can't find anything on it. (If I'd only looked in that ...) Was my mistake, but winbindd filled up an entire volume and froze out every process writing to that drive. I started it from a shell and my soft limit is already zero. (ulimit -S -c 0) ^^ FC4 2.6.16-1.2069 smp, gcc 4.0.2-8 samba 3.0.23pre2-SVN-build-15162 Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: newbie question reguarding kerberos tickets
Great! Thanks to everyone for the help, keep up the good work! On Fri, 2006-05-12 at 09:42 -0400, simo wrote: Doug, you don't need any login to make samba work in an AD environment. At the join samba creates a machine account in a domain, and stores the machine password in the secrets.tdb file. When samba needs to do some operation with the domain it just need to use that account to request tickets from the KDC. It is just like any other windows host out there. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can one set limits on new core dump?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James, This was your change right ? Doug, I'm more interested in why winbindd is seg faulting in the SAMBA_3_0 tree. Can you give me more details? cheers, jerry Doug VanLeuven wrote: Sorry Jeff, been there, done that, if you'd read the whole post. Jeff Saxton wrote: man ulimit hint: ulimit -c Doug VanLeuven wrote: Hi all, Is there anyway to limit the new core dumping panics? Can't find anything on it. (If I'd only looked in that ...) Was my mistake, but winbindd filled up an entire volume and froze out every process writing to that drive. I started it from a shell and my soft limit is already zero. (ulimit -S -c 0) ^^ FC4 2.6.16-1.2069 smp, gcc 4.0.2-8 samba 3.0.23pre2-SVN-build-15162 Regards, Doug - -- = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEZJi2IR7qMdg1EfYRAlO+AJ0S+ZK2nQdjqGykHsZzmnJHBfJf1gCcDElY DXjzwAdrOrf/Eh23lXwDMtA= =06ek -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC with 2 NICs problem
Hello Samba List, I'm running a Samba 3.0.22 PDC on Solaris 9. Things got a bit peculiar when I added a 2nd network interface. The two subnets are a primary network that carries all the client traffic and a tape-backup/admin network that is not accessible to any clients, ie. aaa.bbb.ccc.241 - bge0 - primary network (address suppressed) 192.168.254.254 - bge1 - admin/backup network I've configured Samba (I think) to ignore the admin network... socket address = aaa.bbb.ccc.241 interfaces = bge0 lo0 bind interfaces only = true hosts allow = aaa.bbb.ccc. , 127. However, some devices are getting the notion that there is a PDC at 192.168.254.254 and are trying to contact it (which of course they cannot). For instance (this is a NetApp that is a domain member): grunthos cifs testdc ... Testing all Primary Domain Controllers found 2 unique addresses Fri May 12 09:56:55 EDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 2 BDC addresses through WINS. Fri May 12 09:56:55 EDT [auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- Found 2 PDC addresses through WINS. found PDC TRILLIAN at aaa.bbb.ccc.241 Not able to communicate with PDC 192.168.254.254 trying 192.168.254.254...Fri May 12 09:57:07 EDT [auth.dc.GetDCName.failed:error]: AUTH: Error 0x0 while trying to get Domain Controller name for 192.168.254.254: Timed out waiting for reply. ... I'd expect it to find only aaa.bbb.ccc.241 - Any idea what am I missing here? The PDC is also the WINS server, in case that matters. Thanks, -- Roy McMorran Systems Administrator MDI Biological Laboratory [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Collen , Quite a list, but no non we use. might i do a sugestion ? all with all, there are a lot of changes is the up coming release. not only these parameters en config options, but also the removal of the sql backends that multi passwd backend thing.. isn't it smarter , or it makes more sense to push these rather big changes through the 3.1 release There are no 3.1 releases anymore. We tried that once, but found it better to keep a single production, development tree. This has been discussed a lot on the samba-technical list. You might want to search the archives for background. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEZJlkIR7qMdg1EfYRAq7dAKCYYpGX6q6DPbtE/9BCm6pBw+GPhACfaXo3 3kAqxoiKmQA3mFCJau8aXLw= =zDN/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba errors - No buffer space available
Ryan Novosielski wrote: Allen, Bill wrote: I am new to Samba, having just taken over management of a HPUX system in a mainly Windows environment. The system is running Samba 3.0.7. I am getting the following errors, repeatedly, in my log.smbd. What does it mean? Is this actually a problem or normal chatter for Samba? If it is a problem, what should I do to correct it? [2006/05/03 07:41:38, 0] lib/util_sock.c:set_socket_options(202) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) [2006/05/03 07:41:38, 0] lib/util_sock.c:set_socket_options(202) Failed to set socket option TCP_NODELAY (Error Invalid argument) [2006/05/03 07:41:38, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Invalid argument [2006/05/03 07:41:39, 0] smbd/server.c:open_sockets_smbd(382) open_sockets_smbd: accept: No buffer space available Thanks for any help or advice, Bill When you find out, let me know. :) It's been that way for ages on my system. The two socket option messages are related to header related problems, if I'm not mistaken, but it's really not a big deal. Do you have either of those defined in smb.conf? As far as the buffer thing... this concerned me for along time. I can't remember whether this got any better or worse, but there's a lot wrong with 3.0.7 on HP-UX. I would not run anything earlier than 3.0.14 on an HP-UX system. Are you running Opensource Samba or HP CIFS Server? For HP CIFS, you should not see the socket option errors, but the buffer space log entry could be any number of things. Ryan is correct - you should be up on 3.0.14 (HP CIFS Server A.02.02.01). Make sure that you have your nfiles, nflocks, and nprocs set correctly - see the most recent Admin Guide on page 258 (http://docs.hp.com/en/B8725-90101/B8725-90101.pdf). We may have located a locking problem (!) that could cause the entry, but it is at a site that connects with smbclient. Also, if your users are connecting and disconnecting often (like at a school - everybody disconnects and connects on the hour) then that could do it too. I have not seen a case where the buffer space log entry has accompanied a problem on the server. I enquire about this from every site that reports it, but so far, no one has seen a problem. If you see it differently, then please let me know. Eric Roseme Hewlett-Packard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: newbie question reguarding kerberos tickets
Simo, I'm Doug 2. Do you know how to initiate speedy renewal of the tickets for the instance of a hibernated client that sleeps thru and well past the lifetime of the ticket? I agree that the ticket renewal happens automagically. But for a while after waking up, the client can't access the shares and it's enough of an issue with users to force turning off hibernation and run them 24 hrs a day. Sorry for being off-topic to the original post. Trigger word was ticket lifetime. Doug2 simo wrote: Doug, you don't need any login to make samba work in an AD environment. At the join samba creates a machine account in a domain, and stores the machine password in the secrets.tdb file. When samba needs to do some operation with the domain it just need to use that account to request tickets from the KDC. It is just like any other windows host out there. Simo. On Fri, 2006-05-12 at 08:23 -0500, Doug Tucker wrote: I'm not sure I follow. By client, you mean my samba server that is joined to AD? I've been running without a ticket at all for 2 weeks now, and have yet to see a single problem. What type of bad behaviour should I be looking for? We're using win2k3 AD, samba 3.0.22, and all winXP desktop clients. Sorry if I'm being a pain, I'm just a bit confused here, as I can't find any documentation on this subject. All I see is in the installation instructions that you have to do the kinit [EMAIL PROTECTED] and log in which gives you a ticket. My issue is my windows guys aren't very bright and didn't even know that their AD ran anything called kerberos, and don't know how to change the ticket lifetime. That concerned me because I don't want to have to set up a cron to auto login every 24hours, so I put it on the backburner, the ticket expired, I come back and everything is still working fine. Which got me thinking about it's validity, which started me down this path I have digressed to, just deleting the ticket, rebooting the machine to remove anything from memory, resume testing, and the whole thing still works like a charm. And so far, all I'm getting here from this user group is everyone seems to feel like this ticket is necessary, yet no one is taking a shot at why I'm working just fine. I'm just concerned about going production if this is really necessary, but so far from what I've seen, the ticket is not needed at all. Anyone else try running in this type of environment without one? On Thu, 2006-05-11 at 21:17 -0700, Doug VanLeuven wrote: When using domain logons, after resuming from a hibernate that exceeded the lifetime of the Kerberos ticket, the client doesn't immediately renew the ticket. It will auto renew, but I've not determined the amount of time it takes. Is there a way to force the client to renew the ticket? Short of rebooting, that is. Things don't work very well until it's renewed. Trying to go green. Samba client and/or XP/2000 client? Regards, Doug simo wrote: Samba stores the machine password and obtains tickets from the KDC when needed. Simo. On Thu, 2006-05-11 at 16:53 -0500, Doug Tucker wrote: Thanks. But again, is the ticket even needed? I deleted the darn thing, rebooted to make sure it wasn't cached in memory somewhere, and everything seems to be working perfectly. If it is indeed needed, and I need to extend the period, is there any directions on how to do that on the windows side? On Thu, 2006-05-11 at 23:07 +0200, Blaž Primc wrote: Hi, the period for which the ticket is valid can be set in Windows Server. Best regards, Blaž. Doug Tucker wrote: I recently joined a samba 3.0.22 server to AD. When I did the kinit, the AD gave me a 24 hour ticket with a 1 week renewal. Setting -r and -l to 365d did not change anything, the ticket still came back the same. However, my question is in reguard to whether this is really even needed? First, I deleted the ticket, and everything seemed to continue to work perfectly. Now, I let the ticket expire for a couple of weeks now, and yet, the samba server is working fine and users still authenticate against AD just fine. Am I missing something, or is the creation of that ticket not even needed? Thank you for your assistance. doug... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: printer admin deprecated: please explain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yeah, but you can assign privileges to groups also. Check out the following relevant commands: net groupmap net rpc rights You can do things exactly the way you had been, just via different framework. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 Franz Pfoertsch wrote: Ryan Novosielski wrote: Franz Pfoertsch wrote: I am Running a printserver using SLES9 SP3 with Samba 3.0.20b and cups 1.1.20 I filled in a windows group, I haven't a special user, I have a special Windows-Group. winbind separator = + printer admin = @BROSE+COB_CUPS_Printer_Admin regards Franz Since the update to Samba 3.0.20 every start of a client program tells me WARNING: The printer admin option is deprecated Ok, I understood I should use net rpc rights grant User or Group SePrintOperatorPrivilege -U .. But I haven't any adminuser to grant this rights. In my environment I put the machine into the AD by kinit UserWithPermissionsToJoinIntoTheDomain@DOMAIN net ads join - joined and all permission granted by the printer admin option. Is there any other way to get SePrintOperator without a other strong user? regards Franz How can you not have an admin user -- who do you have defined under printer admin? Or were you not using this definition at all and that is a spurious error message? If you ARE using printer admin = someone, then you'd just grant the rights to that same user. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEZKkcmb+gadEcsb4RAhcPAJ9vSMCvrKspDLSuWkQxu26jtbdELACeP2sx fOSdJauMyKvjbpi+Y3hAoOI= =4OkH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba errors - No buffer space available
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 eric roseme wrote: Ryan Novosielski wrote: Allen, Bill wrote: I am new to Samba, having just taken over management of a HPUX system in a mainly Windows environment. The system is running Samba 3.0.7. I am getting the following errors, repeatedly, in my log.smbd. What does it mean? Is this actually a problem or normal chatter for Samba? If it is a problem, what should I do to correct it? [2006/05/03 07:41:38, 0] lib/util_sock.c:set_socket_options(202) Failed to set socket option SO_KEEPALIVE (Error Invalid argument) [2006/05/03 07:41:38, 0] lib/util_sock.c:set_socket_options(202) Failed to set socket option TCP_NODELAY (Error Invalid argument) [2006/05/03 07:41:38, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Invalid argument [2006/05/03 07:41:39, 0] smbd/server.c:open_sockets_smbd(382) open_sockets_smbd: accept: No buffer space available Thanks for any help or advice, Bill When you find out, let me know. :) It's been that way for ages on my system. The two socket option messages are related to header related problems, if I'm not mistaken, but it's really not a big deal. Do you have either of those defined in smb.conf? As far as the buffer thing... this concerned me for along time. I can't remember whether this got any better or worse, but there's a lot wrong with 3.0.7 on HP-UX. I would not run anything earlier than 3.0.14 on an HP-UX system. Are you running Opensource Samba or HP CIFS Server? For HP CIFS, you should not see the socket option errors, but the buffer space log entry could be any number of things. Ryan is correct - you should be up on 3.0.14 (HP CIFS Server A.02.02.01). Eric, How are you getting rid of the TCP_NODELAY message? I have this message on my machines still, even though I'm using a configure script that was adapted from the CIFS Server build, if I'm not mistaken. Are you patching the source as well? - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEZK2dmb+gadEcsb4RAq1fAJsEpXoYXxlivVJbHuwEieHNioaHBACfaLE6 qgHVwMaT0AnF8ysCgXUuPQE= =p1V2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
Hi Jerry , isnt it fine to have a parameter if you want to talk to ldap bound to a different port, and isnt ldap server making it more clear ? Or is this just the entry in the conf and such a function can be defined elsewhere? Regards Collen Blijenberg schrieb: Quite a list, but no non we use. might i do a sugestion ? all with all, there are a lot of changes is the up coming release. not only these parameters en config options, but also the removal of the sql backends that multi passwd backend thing.. isn't it smarter , or it makes more sense to push these rather big changes through the 3.1 release ??? Cheers, Collen Gerald (Jerry) Carter wrote: Here's a short list of parameters I'd like to remove from smb.conf. hosts equiv read bmpx wins partners ldap server ldap port homedir map nis homedir magic script magic output Comments? I'd also like to kill the following configure options --with-nisplus-home --with-ldapsam --with-automount --with-dce-dfs -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] printer spool full
Running FreeBSD 5.2.1 with Samba 3.0.4. When we have a large amount of jobs sent to the spool /var runs out of space. Samba is deleting the jobs as they are printed but the printer cannot keep up in all cases and /var fills up. Print jobs get lost in this case. Is there any way to detect var filling up and preventing jobs from being lost? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Directory being dupicated
Hi I am having a strange problem samba is creating a duplicate folder in reverse case for example both uppercase folder to lower case this is a quite a busy samba server serving web pages for 4 iis web servers Config [global] max mux = 2147483547 workgroup = xxx server string = xxx interfaces = xxx security = SHARE encrypt passwords = Yes obey pam restrictions = No pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*updated*successfully* log file = /disk1/log/%m.log max log size = 0 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_SNDBUF=18432 SO_RCVBUF=16384 load printers = No preferred master = No domain master = No dns proxy = No hosts allow = xxx dos charset = 850 unix charset = ISO8859-1 case sensitive = no stat cache = Yes stat cache size = 1 [samba] comment = www_root path = /disk1/www_root public = yes create mask = 0666 read only = No writeable = Yes guest ok = Yes force user = samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can one set limits on new core dump?
Jerry, Mostly my fault. I switched over from idmap_ad from xos to the relatively new option idmap backend = ad several months ago around svn 12802 or maybe even earlier. Didn't delete the old ad.so in lib/idmap so I could go back if I wanted. Then forgot about it. I've been running svn 12802 without any issue, but last night I went to svn 15162 and filled up the volume with core dumps while I was getting some coffee. Everything is OK now that I deleted it. Of course, you might be curious why it loaded? I still have some cores and panic output. And of course I'm curious why you're overriding my ulimit, and what I might do to override your override during normal operations. Regards, Doug Gerald (Jerry) Carter wrote: Doug, I'm more interested in why winbindd is seg faulting in the SAMBA_3_0 tree. Can you give me more details? Doug VanLeuven wrote: Sorry Jeff, been there, done that, if you'd read the whole post. Jeff Saxton wrote: man ulimit hint: ulimit -c Doug VanLeuven wrote: Hi all, Is there anyway to limit the new core dumping panics? Can't find anything on it. (If I'd only looked in that ...) Was my mistake, but winbindd filled up an entire volume and froze out every process writing to that drive. I started it from a shell and my soft limit is already zero. (ulimit -S -c 0) ^^ FC4 2.6.16-1.2069 smp, gcc 4.0.2-8 samba 3.0.23pre2-SVN-build-15162 Regards, Doug - -- = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEZJi2IR7qMdg1EfYRAlO+AJ0S+ZK2nQdjqGykHsZzmnJHBfJf1gCcDElY DXjzwAdrOrf/Eh23lXwDMtA= =06ek -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with automagic Windows drivers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Do you have a [homes] share defined? Attempting to connect here first will normally force a login. As will guest ok = no, but that may not be desirable in your environment. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 John Oliver wrote: On Tue, May 09, 2006 at 06:27:48PM -0400, Ryan Novosielski wrote: Make sure you look at granting rights to the user. Check out 'net rpc rights'. What user would I be granting rights to? This is a workgroup environment. No domain controller. I have been unable to get asked for a username/password when trying to connect to the printer. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEZLZymb+gadEcsb4RAvT3AJ4ja4rc51BCrXsZfKKhoO15vvwgHQCgwCPS O8Mb+9huqpt8YGqShc4W74s= =edWu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, I've not seen anyone else speak up, but we are still making use of --with-nisplus-home and --with-automount here. I'm actually surprised those still work. Hmmm I would really love to get rid of some of the NIS code. You are really running NIS+ without the compatibility mode? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEZLIdIR7qMdg1EfYRAtQ6AJ42xXL13kg2yGKkJ+ZwtNEVDMX9nQCfTFlZ Q6qVKbGJiHYrfm1n/htVP5c= =8RZ2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert Schetterer wrote: Hi Jerry , isnt it fine to have a parameter if you want to talk to ldap bound to a different port, and isnt ldap server making it more clear ? Or is this just the entry in the conf and such a function can be defined elsewhere? The ldapsamba and ldapsam_compat code accept an ldap URI. SO the correct way to specify an alternative port is 'passdb backend = ldapsam:ldap://localhost:4389/'. But again, this really is not related to the --with-ldapsam option which is only for 2.2 compatible smb.conf settings. People should have had time to move to the 3.0 syntax by now. It's been over 2 1/2 years since 3.0.0 was released and over 1 1/2 since 2.2 was discontinued. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEZLNLIR7qMdg1EfYRAspDAKC9kAqTdtoaGYF8sTZuhNWN9k1FZQCgoz/6 /9uZ7UfzCggvBEK+shBkork= =zhxB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
Robert M. Martel wrote: On 05/11/2006 10:51 AM, Gerald (Jerry) Carter wrote: ... I'd also like to kill the following configure options --with-nisplus-home --with-ldapsam --with-automount --with-dce-dfs I've not seen anyone else speak up, but we are still making use of --with-nisplus-home and --with-automount here. I am also building with the --with-automount. But, not sure it is really used in the running processes. -Bob Martel -- Jim Summers School of Computer Science-University of Oklahoma - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Switching Ldap Servers
Jim Summers wrote: Mike Cauble wrote: Jim, I recently did the same thing, here is what I found: Hi Mike, Thanks for the response. Here is what I discovered while testing this morning: When I migrated my ldap, some machines couldn't connect even thought they had an account on the domain. Here are some of the reasons sambaPwdLastSet must have a valid value (ie. 1146061069) I can't remember but all the date fields ( sambaPwdMustChange, sambaPwdCanChange) may have to have a valid value I guess they are valid, they at least match what is in the old ldap. Some of my sambaPwdLastSet fields had 0 as a value and couldn't login when I gave them a date value that fixed the problem. check your old ldap machine entries against the new ldap entries sambaSID, sambaNTPassword must match, make sure sambaAcctFlags has a [W] I have compared the values of the attributes and they match. objectClass: sambaSamAccount - I have seen this discussed as something that has changed you might want to check this You might remove and re-add a machine then look at it's ldap entry and compare with another machine account's old ldap entry. I did the remove and add process. There were three attributes that were updated: sambaPwdCanChange, sambaPwdLastSet, sambaNTPassword and the machine was joined and all is well. So I am now wondering which or all of these values could I use from the newly added machine entry and use to update the the rest of my machine entries? I do not look forward to having to do the remove/add process for each machine. From what I have read, the sambaNTPassword is the MD4() of the password? And I am guessing the password is the password of the admin that is used when joining the domain? Which may not be right, because when I look at the NTpassword for various working machines they are all different, but since I do not know how the MD4 works it may be the same password just a different crypt'd value based on some random seed. I am going to take the value of the NTpassword from my working machine entry and set it on a non-working entry and see if that machine will then attach to the domain without having to do the remove/add process. Do you think this might work? Thoughts / suggestions? Each machine has or should have a unique password, so substituting another machine password won't work. What version of Samba are you running? What ldap backend are/were you running? Here is one thing I did. I have a machine on my network called testmachine$ I created an ldif file like this one below. This values came from the old ldap example.ldif --- dn: uid=testmachine$,ou=Computers,dc=lufkin,dc=com changetype: modify replace: sambaSID sambaSID: S-1-5-21-2781067772-1786132867-2942848841-15320 dn: uid=testmachine$,ou=Computers,dc=xyzcorp,dc=com changetype: modify replace: sambaNTPassword sambaNTPassword: F6A32EA7F65BBD4199F2C33A3AF2DD66 This is the password my machine currently uses. You will have to delete testmachine$ and then create a machine account manually for testmachine$. The sambaNTPassword and the number after the last - in the SID should be different on the account you manually created. Exmaple: After creating my machine account manually I now have for testmachine$: sambaNTPassword: 9B54520D9DD7BEE9A4A3DEDE41412AEB and a sambaSID: S-1-5-21-2781067772-1786132867-2942848841-2343 I then did an ldapmodify using the above ldif file to change the machine password and the SID to one that testmachine$ expects. Make sure sambaPwdLastSet has a value other than 0 and sambaAcctFlags has a value of W You should be able to log in. Mike Thanks again, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Possible printcap bug, 3.0.23pre1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Noticed the following when conducting torture tests today: [2006/05/12 14:04:24, 0] printing/pcap.c:pcap_cache_reload(159) Unable to open printcap file /etc/printcap for read! ...which to me, was interesting, because I was not under the impression I was using load printers. Apparently, at some point, it became the default. That's fine, but I don't want it, so I turned it off. However, I still get the error. I see the only other option that is in place now is: printcap cache time = 750 Should this really have any effect if you have load printers turned off? Who cares if you can't read the /etc/printcap if you aren't supposed to be using it for anything? At any rate, adjusting it to 0 did not help anything. My final solution was to set printcap name = /dev/null Probably not the desired solution. Comments? - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (MingW32) iD8DBQFEZNBcmb+gadEcsb4RArnRAJsGtSVd2JLtBz9wtH7DnKU9I7sz2wCggyNR Gi1ti7+7OUQyIgi68Jb5XTo= =c4H4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Summers wrote: Robert M. Martel wrote: On 05/11/2006 10:51 AM, Gerald (Jerry) Carter wrote: ... I'd also like to kill the following configure options --with-nisplus-home --with-ldapsam --with-automount --with-dce-dfs I've not seen anyone else speak up, but we are still making use of --with-nisplus-home and --with-automount here. I am also building with the --with-automount. But, not sure it is really used in the running processes. Unless you are using the 'nis homedir' option, probably not. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEZN8wIR7qMdg1EfYRAviEAKCkPs8ksfK0wO2eAxVViSyU1H3d9QCfaa0m Kw0ITFRcRjpYphXvt2P46ME= =Wru5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: proposed list of parameter to remove in 3.0.23
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jim Summers wrote: Robert M. Martel wrote: On 05/11/2006 10:51 AM, Gerald (Jerry) Carter wrote: ... I'd also like to kill the following configure options --with-nisplus-home --with-ldapsam --with-automount --with-dce-dfs I've not seen anyone else speak up, but we are still making use of --with-nisplus-home and --with-automount here. I am also building with the --with-automount. But, not sure it is really used in the running processes. Unless you are using the 'nis homedir' option, probably not. Definitely a not then. I will rebuild without to double verify. Thanks jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEZN8wIR7qMdg1EfYRAviEAKCkPs8ksfK0wO2eAxVViSyU1H3d9QCfaa0m Kw0ITFRcRjpYphXvt2P46ME= =Wru5 -END PGP SIGNATURE- -- Jim Summers School of Computer Science-University of Oklahoma - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.22 and OS/2 connectivity
Hi All I have a Linksys NSLU2 device which is used to hook USB2 drives upto my network as network attached storage. The Linksys firmware upgrade for this device includes samba 3.0.11 which is a non-starter regarding OS/2 connectivity. There is an alternative firmware based on the Linksys firmware called Unslung from http://www.nslu2-linux.org/ The Unslung firmware allows unslinging the operating system from firmware to disk and allows upgrade and additional packages. Having followed the instructions carefully I managed to Unsling the NSLU2 and apply the samba 3.0.22 upgrade available for this system. After a bit of hunting around I managed to find the smb.conf parameter that allows OS/2 based systems to access samba shares and can now read from the shares fine. What I cannot do is write easily to any of the shares; ie Selecting a folder on my local drive and dragging it to a shared folder on the NSLU2 results in this OS/2 error:- SYS0266 : The specified file was not copied Inspecting the shared folder reveals that the folder has been created but is empty - no file copying performed. I investigated command line alternatives to copying files using xcopy with some strange results. In these screensnaps S: is a mapped drive of the nslu2 share /disk2 aka For everyone [S:\Pete]xcopy i:\temp temp /s /e /v /h /t /r The current target for XCOPY, temp, can be a directory or file name and must be specified. Respond Y if the target is a directory or N if the target is a file name. Does temp specify a directory (Y/N)? y SYS1693: The system cannot create the directory. 0 file(s) copied. [S:\Pete] If I make a directory, change to that directory and then perform an xcopy it works:- [S:\Pete\temp]xcopy j:\temp\* /s /e /v /h /t /r The extended attributes for the file or directory were discarded because the target file system does not support them. The extended attributes for the file or directory were discarded because the target file system does not support them. Source files are being read... J:\temp\History.txt J:\temp\ide.txt J:\temp\OS2_Install.exe J:\temp\OS2_UnZip.exe J:\temp\WDSibyl.dat 5 file(s) copied. [S:\Pete\temp] But if the source contains a subdirectory I get an error and the whole process stops:- [S:\Pete\temp]md PostArmor [S:\Pete\temp]cd PostArmor [S:\Pete\temp\PostArmor]xcopy j:\PostArmor\* /s /e /v /h /t /r The extended attributes for the file or directory were discarded because the target file system does not support them. The extended attributes for the file or directory were discarded because the target file system does not support them. Source files are being read... SYS1248: A subdirectory or file S:\Pete\temp\PostArmor\docs already exists. 0 file(s) copied. [S:\Pete\temp\PostArmor] I tried getting around that error with the xcopy /o parameter:- [S:\Pete\temp\PostArmor]xcopy j:\PostArmor\* /s /e /v /h /t /r /o The extended attributes for the file or directory were discarded because the target file system does not support them. The extended attributes for the file or directory were discarded because the target file system does not support them. Source files are being read... The extended attributes for the file or directory were discarded because the target file system does not support them. SYS1248: A subdirectory or file S:\Pete\temp\PostArmor\docs\images already exists. 0 file(s) copied. Needless to say whatever I have done to the samba configuration does not seem to upset Windows2000 - I can startup my VPC w2k installation and have no problems at all accessing the nslu2 shares for reading and writing... I am now starting to wonder if there is something a little flaky as regards samba 3.0.22 and OS/2 connectivity? - or is there some secret parameter I've missed in the smb.conf file? Any/All help appreciated. Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS problem
Hi I am working with the implementation of Samba(3.0.7) against AD. I compliled Samba after compiling LDAP, kerberos.I can execute the following commands successfully. wbinfo -u, -g -t netads info, testjoin getent passwd group But i cant use chown to use the owner as AD user, even after shutting down the nscd daemon. I am giving the my smb.conf file [global] workgroup = SE realm = SE.JASMINE.ORG security = ADS password server = SE.JASMINE.ORG log level = 3 log file = /var/log/samba/%m wins server = ackdc02-coa.jasmine.org idmap uid = 1-2 idmap gid = 1-2 [jmj] path = /home/jselvaraj When i try to get the jmj share, i am getting the error that The referenced account is currently locked out and may not be logged in. Even i am not specifying the valid users attribute for the jmj share, i am getting this error. If i set the valid user as selara, the account is locked at the windows while i am accessing the share. Is it the problem with WINDOWS AD side or My Samba Server side? Please help me out of this problem. Jasmine -- View this message in context: http://www.nabble.com/Samba-ADS-problem-t1610406.html#a4365961 Sent from the Samba - General forum at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: proposed list of parameter to remove in 3.0.23
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 These have been removed in the current SAMBA_3_0 tree configure.in: --with-ldapsam loadparm.c wins partners ldap server ldap port hosts equiv Also removed auth/auth_rhosts.c cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEZQAOIR7qMdg1EfYRAh1PAKCXJlWO734Cx9u4YBTjSVQzbL47JgCfUtUW 3rLOZMybhdRJoS9MOpmbuqM= =TnhY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Performance issue on AIX when deleting files in adirectory with a large number of files
On Thu, May 11, 2006 at 04:06:37PM -0700, Jeremy Allison wrote: On Thu, May 11, 2006 at 03:54:17PM -0700, Jeremy Allison wrote: Do you see the change notify replies happening followed by the change notify setups ? I bet I know what it is Because AIX doesn't have kernel change notify when the change notify setup comes (which happens after every delete) it causes a directory rescan at that point - after *each* delete ! I think I can code around this. The key is to ensure that setting change notify timeout to zero turns off change notify except for renames and deletes. Also make it a per-share parameter so it can be set to zero for large directories... Give me a day or so on this. Ok - here is the patch. Bill - if you could test this on AIX by setting the (now per-share) parameter : change notify timeout = 0 on the share definition that holds a large number of files, you might find a speed up. I can see the effect it has here when I disable the kernel and FAM based change notify. Jeremy. Index: smbd/service.c === --- smbd/service.c (revision 15550) +++ smbd/service.c (working copy) @@ -930,6 +930,9 @@ dbgtext( (pid %d)\n, (int)sys_getpid() ); } + /* Setup the minimum value for a change notify wait time (seconds). */ + set_change_notify_timeout(lp_change_notify_timeout(snum)); + /* we've finished with the user stuff - go back to root */ change_to_root_user(); return(conn); Index: smbd/notify.c === --- smbd/notify.c (revision 15550) +++ smbd/notify.c (working copy) @@ -135,9 +135,21 @@ } / - Return true if there are pending change notifies. + Set the current change notify timeout to the lowest value across all service + values. / +void set_change_notify_timeout(int val) +{ + if (val 0) { + cnotify-select_time = MIN(cnotify-select_time, val); + } +} + +/ + Longest time to sleep for before doing a change notify scan. +/ + int change_notify_timeout(void) { return cnotify-select_time; Index: smbd/notify_hash.c === --- smbd/notify_hash.c (revision 15550) +++ smbd/notify_hash.c (working copy) @@ -81,6 +81,11 @@ return True; } + if (lp_change_notify_timeout(SNUM(conn)) = 0) { + /* It change notify timeout has been disabled, never scan the directory. */ + return True; + } + /* * If we are to watch for changes that are only stored * in inodes of files, not in the directory inode, we must @@ -179,10 +184,18 @@ { struct change_data *data = (struct change_data *)datap; struct change_data data2; + int cnto = lp_change_notify_timeout(SNUM(conn)); - if (t t data-last_check_time + lp_change_notify_timeout()) + if (t cnto = 0) { + /* Change notify turned off on this share. +* Only scan when (t==0) - we think something changed. */ return False; + } + if (t t data-last_check_time + cnto) { + return False; + } + if (!change_to_user(conn,vuid)) return True; if (!set_current_service(conn,FLAG_CASELESS_PATHNAMES,True)) { @@ -201,8 +214,9 @@ return True; } - if (t) + if (t) { data-last_check_time = t; + } change_to_root_user(); @@ -229,7 +243,7 @@ cnotify.register_notify = hash_register_notify; cnotify.check_notify = hash_check_notify; cnotify.remove_notify = hash_remove_notify; - cnotify.select_time = lp_change_notify_timeout(); + cnotify.select_time = 60; /* Start with 1 minute default. */ cnotify.notification_fd = -1; return cnotify; Index: param/loadparm.c === --- param/loadparm.c(revision 15550) +++ param/loadparm.c(working copy) @@ -220,7 +220,6 @@ int lm_interval; int announce_as;/* This is initialised in init_globals */ int machine_password_timeout; - int change_notify_timeout; int map_to_guest; int oplock_break_wait_time; int winbind_cache_time; @@ -449,6 +448,7 @@ int iAioReadSize; int iAioWriteSize; int iMap_readonly; + int ichange_notify_timeout; param_opt_struct *param_opt; char dummy[3]; /* for alignment */ @@
svn commit: samba r15542 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: gd Date: 2006-05-12 13:29:51 + (Fri, 12 May 2006) New Revision: 15542 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15542 Log: Close the LDAP connection and free the struct, regardless whether the simple bind operation was successful or not. Guenther Modified: branches/SAMBA_3_0/source/passdb/pdb_nds.c trunk/source/passdb/pdb_nds.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_nds.c === --- branches/SAMBA_3_0/source/passdb/pdb_nds.c 2006-05-11 23:07:34 UTC (rev 15541) +++ branches/SAMBA_3_0/source/passdb/pdb_nds.c 2006-05-12 13:29:51 UTC (rev 15542) @@ -817,9 +817,9 @@ /* Attempt simple bind with real or bogus password */ rc = ldap_simple_bind_s(ld, dn, clear_text_pw); + ldap_unbind(ld); if (rc == LDAP_SUCCESS) { DEBUG(5,(pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n, username)); - ldap_unbind(ld); } else { NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION; DEBUG(5,(pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n, username)); Modified: trunk/source/passdb/pdb_nds.c === --- trunk/source/passdb/pdb_nds.c 2006-05-11 23:07:34 UTC (rev 15541) +++ trunk/source/passdb/pdb_nds.c 2006-05-12 13:29:51 UTC (rev 15542) @@ -817,9 +817,9 @@ /* Attempt simple bind with real or bogus password */ rc = ldap_simple_bind_s(ld, dn, clear_text_pw); + ldap_unbind(ld); if (rc == LDAP_SUCCESS) { DEBUG(5,(pdb_nds_update_login_attempts: ldap_simple_bind_s Successful for %s\n, username)); - ldap_unbind(ld); } else { NTSTATUS nt_status = NT_STATUS_ACCOUNT_RESTRICTION; DEBUG(5,(pdb_nds_update_login_attempts: ldap_simple_bind_s Failed for %s\n, username));
svn commit: samba r15543 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/libsmb branches/SAMBA_3_0/source/nsswitch branches/SAM
Author: jerry Date: 2006-05-12 15:17:35 + (Fri, 12 May 2006) New Revision: 15543 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15543 Log: New implementation of 'net ads join' to be more like Windows XP. The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT-config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU Added: branches/SAMBA_3_0/source/include/ads_cldap.h branches/SAMBA_3_0/source/libads/cldap.c trunk/source/include/ads_cldap.h trunk/source/libads/cldap.c Removed: branches/SAMBA_3_0/source/utils/net_ads_cldap.c trunk/source/utils/net_ads_cldap.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/include/ads.h branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/libads/ads_struct.c branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/libsmb/namequery.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/printing/nt_printing.c branches/SAMBA_3_0/source/sam/idmap_ad.c branches/SAMBA_3_0/source/utils/net.c branches/SAMBA_3_0/source/utils/net.h branches/SAMBA_3_0/source/utils/net_ads.c branches/SAMBA_3_0/source/utils/net_rpc.c branches/SAMBA_3_0/source/utils/net_rpc_join.c trunk/source/Makefile.in trunk/source/include/ads.h trunk/source/include/includes.h trunk/source/libads/ads_struct.c trunk/source/libads/ldap.c trunk/source/libsmb/namequery.c trunk/source/nsswitch/winbindd_cm.c trunk/source/printing/nt_printing.c trunk/source/sam/idmap_ad.c trunk/source/utils/net.c trunk/source/utils/net.h trunk/source/utils/net_ads.c trunk/source/utils/net_rpc.c trunk/source/utils/net_rpc_join.c Changeset: Sorry, the patch is too large (5445 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15543
svn commit: samba r15544 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: jerry Date: 2006-05-12 16:38:51 + (Fri, 12 May 2006) New Revision: 15544 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15544 Log: make sure to define NS_PACKETSZ for Bind 4 interfaces (fix build on us4) Modified: branches/SAMBA_3_0/source/libads/dns.c trunk/source/libads/dns.c Changeset: Modified: branches/SAMBA_3_0/source/libads/dns.c === --- branches/SAMBA_3_0/source/libads/dns.c 2006-05-12 15:17:35 UTC (rev 15543) +++ branches/SAMBA_3_0/source/libads/dns.c 2006-05-12 16:38:51 UTC (rev 15544) @@ -47,7 +47,12 @@ #define NS_HFIXEDSZ HFIXEDSZ # else #define NS_HFIXEDSZ sizeof(HEADER) -# endif +# endif /* HFIXEDSZ */ +# ifdef PACKETSZ +#define NS_PACKETSZPACKETSZ +# else/* 512 is usually the default */ +#define NS_PACKETSZ512 +# endif /* PACKETSZ */ # define T_SRV33 #endif Modified: trunk/source/libads/dns.c === --- trunk/source/libads/dns.c 2006-05-12 15:17:35 UTC (rev 15543) +++ trunk/source/libads/dns.c 2006-05-12 16:38:51 UTC (rev 15544) @@ -47,7 +47,12 @@ #define NS_HFIXEDSZ HFIXEDSZ # else #define NS_HFIXEDSZ sizeof(HEADER) -# endif +# endif /* HFIXEDSZ */ +# ifdef PACKETSZ +#define NS_PACKETSZPACKETSZ +# else/* 512 is usually the default */ +#define NS_PACKETSZ512 +# endif /* PACKETSZ */ # define T_SRV33 #endif
svn commit: samba r15545 - in trunk/source/libndr: .
Author: jerry Date: 2006-05-12 16:40:00 + (Fri, 12 May 2006) New Revision: 15545 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15545 Log: ignore *.po and *.po32 files Modified: trunk/source/libndr/ Changeset: Property changes on: trunk/source/libndr ___ Name: svn:ignore + *.po *.po32
svn commit: samba r15546 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-05-12 19:16:10 + (Fri, 12 May 2006) New Revision: 15546 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15546 Log: When debugging is enabled be just a little more verbose in logging in pam_winbind. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c trunk/source/nsswitch/pam_winbind.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-05-12 16:40:00 UTC (rev 15545) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-05-12 19:16:10 UTC (rev 15546) @@ -877,7 +877,7 @@ goto out; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_authenticate); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_authenticate (flags: 0x%04x), flags); /* Get the username */ retval = pam_get_user(pamh, username, NULL); @@ -946,7 +946,7 @@ return PAM_SYSTEM_ERR; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_setcred); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_setcred (flags: 0x%04x), flags); if (flags PAM_DELETE_CRED) { return pam_sm_close_session(pamh, flags, argc, argv); @@ -973,7 +973,7 @@ return PAM_SYSTEM_ERR; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_acct_mgmt); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_acct_mgmt (flags: 0x%04x), flags); /* Get the username */ @@ -1040,7 +1040,7 @@ return PAM_SYSTEM_ERR; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_open_session handler); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_open_session handler (flags: 0x%04x), flags); return PAM_SUCCESS; } @@ -1059,7 +1059,7 @@ goto out; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_close_session handler); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_close_session handler (flags: 0x%04x), flags); if (!(flags PAM_DELETE_CRED)) { retval = PAM_SUCCESS; @@ -1151,7 +1151,7 @@ goto out; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_chauthtok); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_chauthtok (flags: 0x%04x), flags); /* clearing offline bit for the auth in the password change */ ctrl = ~WINBIND_CACHED_LOGIN; Modified: trunk/source/nsswitch/pam_winbind.c === --- trunk/source/nsswitch/pam_winbind.c 2006-05-12 16:40:00 UTC (rev 15545) +++ trunk/source/nsswitch/pam_winbind.c 2006-05-12 19:16:10 UTC (rev 15546) @@ -877,7 +877,7 @@ goto out; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_authenticate); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_authenticate (flags: 0x%04x), flags); /* Get the username */ retval = pam_get_user(pamh, username, NULL); @@ -946,7 +946,7 @@ return PAM_SYSTEM_ERR; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_setcred); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_setcred (flags: 0x%04x), flags); if (flags PAM_DELETE_CRED) { return pam_sm_close_session(pamh, flags, argc, argv); @@ -973,7 +973,7 @@ return PAM_SYSTEM_ERR; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_acct_mgmt); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_acct_mgmt (flags: 0x%04x), flags); /* Get the username */ @@ -1040,7 +1040,7 @@ return PAM_SYSTEM_ERR; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_open_session handler); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_open_session handler (flags: 0x%04x), flags); return PAM_SUCCESS; } @@ -1059,7 +1059,7 @@ goto out; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_close_session handler); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_close_session handler (flags: 0x%04x), flags); if (!(flags PAM_DELETE_CRED)) { retval = PAM_SUCCESS; @@ -1151,7 +1151,7 @@ goto out; } - _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_chauthtok); + _pam_log_debug(ctrl, LOG_DEBUG,pam_winbind: pam_sm_chauthtok (flags: 0x%04x), flags); /* clearing offline bit for the auth in the password change */ ctrl = ~WINBIND_CACHED_LOGIN;
svn commit: samba r15547 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/param branches/SAMBA_3_0/source/passdb trunk/source trunk/source/param trunk/source/passdb
Author: jerry Date: 2006-05-12 20:40:22 + (Fri, 12 May 2006) New Revision: 15547 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15547 Log: say goodbye to --with-ldapsam (although the ldapsam_compat passdb backend still exists Modified: branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c trunk/source/configure.in trunk/source/param/loadparm.c trunk/source/passdb/pdb_ldap.c Changeset: Modified: branches/SAMBA_3_0/source/configure.in === --- branches/SAMBA_3_0/source/configure.in 2006-05-12 19:16:10 UTC (rev 15546) +++ branches/SAMBA_3_0/source/configure.in 2006-05-12 20:40:22 UTC (rev 15547) @@ -3936,37 +3936,7 @@ fi fi - - -## -## TESTS FOR SAM BACKENDS. KEEP THESE GROUPED TOGETHER -## - - # -# check for a LDAP password database configuration backwards compatibility -AC_MSG_CHECKING(whether to use LDAP SAM 2.2 compatible configuration) -AC_ARG_WITH(ldapsam, -[ --with-ldapsam Include LDAP SAM 2.2 compatible configuration (default=no)], -[ case $withval in - yes) -AC_MSG_RESULT(yes) -AC_DEFINE(WITH_LDAP_SAMCONFIG,1,[Whether to include 2.2 compatible LDAP SAM configuration]) -;; - *) -AC_MSG_RESULT(no) -;; - esac ], - AC_MSG_RESULT(no) -) - - -## -## END OF TESTS FOR SAM BACKENDS. -## - - -# # check for a NISPLUS_HOME support AC_MSG_CHECKING(whether to use NISPLUS_HOME) AC_ARG_WITH(nisplus-home, Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2006-05-12 19:16:10 UTC (rev 15546) +++ branches/SAMBA_3_0/source/param/loadparm.c 2006-05-12 20:40:22 UTC (rev 15547) @@ -234,10 +234,6 @@ char *szLdapUserSuffix; char *szLdapIdmapSuffix; char *szLdapGroupSuffix; -#ifdef WITH_LDAP_SAMCONFIG - int ldap_port; - char *szLdapServer; -#endif int ldap_ssl; char *szLdapSuffix; char *szLdapAdminDn; @@ -671,12 +667,6 @@ }; static const struct enum_list enum_ldap_ssl[] = { -#ifdef WITH_LDAP_SAMCONFIG - {LDAP_SSL_ON, Yes}, - {LDAP_SSL_ON, yes}, - {LDAP_SSL_ON, on}, - {LDAP_SSL_ON, On}, -#endif {LDAP_SSL_OFF, no}, {LDAP_SSL_OFF, No}, {LDAP_SSL_OFF, off}, @@ -1172,10 +1162,6 @@ {N_(Ldap Options), P_SEP, P_SEPARATOR}, -#ifdef WITH_LDAP_SAMCONFIG - {ldap server, P_STRING, P_GLOBAL, Globals.szLdapServer, NULL, NULL, FLAG_ADVANCED}, - {ldap port, P_INTEGER, P_GLOBAL, Globals.ldap_port, NULL, NULL, FLAG_ADVANCED}, -#endif {ldap admin dn, P_STRING, P_GLOBAL, Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED}, {ldap delete dn, P_BOOL, P_GLOBAL, Globals.ldap_delete_dn, NULL, NULL, FLAG_ADVANCED}, {ldap group suffix, P_STRING, P_GLOBAL, Globals.szLdapGroupSuffix, NULL, NULL, FLAG_ADVANCED}, @@ -1574,13 +1560,7 @@ a large number of sites (tridge) */ Globals.bHostnameLookups = False; -#ifdef WITH_LDAP_SAMCONFIG - string_set(Globals.szLdapServer, localhost); - Globals.ldap_port = 636; - string_set(Globals.szPassdbBackend, ldapsam_compat); -#else string_set(Globals.szPassdbBackend, smbpasswd); -#endif /* WITH_LDAP_SAMCONFIG */ string_set(Globals.szLdapSuffix, ); string_set(Globals.szLdapMachineSuffix, ); string_set(Globals.szLdapUserSuffix, ); @@ -1857,10 +1837,6 @@ FN_GLOBAL_LIST(lp_idmap_backend, Globals.szIdmapBackend) FN_GLOBAL_BOOL(lp_passdb_expand_explicit, Globals.bPassdbExpandExplicit) -#ifdef WITH_LDAP_SAMCONFIG -FN_GLOBAL_STRING(lp_ldap_server, Globals.szLdapServer) -FN_GLOBAL_INTEGER(lp_ldap_port, Globals.ldap_port) -#endif FN_GLOBAL_STRING(lp_ldap_suffix, Globals.szLdapSuffix) FN_GLOBAL_STRING(lp_ldap_admin_dn, Globals.szLdapAdminDn) FN_GLOBAL_INTEGER(lp_ldap_ssl, Globals.ldap_ssl) Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c === --- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-05-12 19:16:10 UTC (rev 15546) +++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-05-12 20:40:22 UTC (rev 15547) @@ -5427,23 +5427,6 @@ struct ldapsam_privates *ldap_state; char *uri = talloc_strdup( NULL, location ); -#ifdef WITH_LDAP_SAMCONFIG - if (!uri) { - int ldap_port =
svn commit: samba r15548 - branches/SAMBA_3_0/source/param trunk/source/param
Author: jerry Date: 2006-05-12 20:45:30 + (Fri, 12 May 2006) New Revision: 15548 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15548 Log: remove unused 'wins partners' Modified: branches/SAMBA_3_0/source/param/loadparm.c trunk/source/param/loadparm.c Changeset: Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2006-05-12 20:40:22 UTC (rev 15547) +++ branches/SAMBA_3_0/source/param/loadparm.c 2006-05-12 20:45:30 UTC (rev 15548) @@ -163,7 +163,6 @@ char *szUsernameMapScript; char *szCheckPasswordScript; char *szWINSHook; - char *szWINSPartners; char *szUtmpDir; char *szWtmpDir; BOOL bUtmp; @@ -1140,7 +1139,6 @@ {wins server, P_LIST, P_GLOBAL, Globals.szWINSservers, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, {wins support, P_BOOL, P_GLOBAL, Globals.bWINSsupport, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, {wins hook, P_STRING, P_GLOBAL, Globals.szWINSHook, NULL, NULL, FLAG_ADVANCED}, - {wins partners, P_STRING, P_GLOBAL, Globals.szWINSPartners, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, {N_(Locking Options), P_SEP, P_SEPARATOR}, @@ -1821,7 +1819,6 @@ FN_GLOBAL_STRING(lp_check_password_script, Globals.szCheckPasswordScript) FN_GLOBAL_STRING(lp_wins_hook, Globals.szWINSHook) -FN_GLOBAL_STRING(lp_wins_partners, Globals.szWINSPartners) FN_GLOBAL_CONST_STRING(lp_template_homedir, Globals.szTemplateHomedir) FN_GLOBAL_CONST_STRING(lp_template_shell, Globals.szTemplateShell) FN_GLOBAL_CONST_STRING(lp_winbind_separator, Globals.szWinbindSeparator) Modified: trunk/source/param/loadparm.c === --- trunk/source/param/loadparm.c 2006-05-12 20:40:22 UTC (rev 15547) +++ trunk/source/param/loadparm.c 2006-05-12 20:45:30 UTC (rev 15548) @@ -163,7 +163,6 @@ char *szUsernameMapScript; char *szCheckPasswordScript; char *szWINSHook; - char *szWINSPartners; char *szUtmpDir; char *szWtmpDir; BOOL bUtmp; @@ -1140,7 +1139,6 @@ {wins server, P_LIST, P_GLOBAL, Globals.szWINSservers, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, {wins support, P_BOOL, P_GLOBAL, Globals.bWINSsupport, NULL, NULL, FLAG_BASIC | FLAG_ADVANCED | FLAG_WIZARD}, {wins hook, P_STRING, P_GLOBAL, Globals.szWINSHook, NULL, NULL, FLAG_ADVANCED}, - {wins partners, P_STRING, P_GLOBAL, Globals.szWINSPartners, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, {N_(Locking Options), P_SEP, P_SEPARATOR}, @@ -1821,7 +1819,6 @@ FN_GLOBAL_STRING(lp_check_password_script, Globals.szCheckPasswordScript) FN_GLOBAL_STRING(lp_wins_hook, Globals.szWINSHook) -FN_GLOBAL_STRING(lp_wins_partners, Globals.szWINSPartners) FN_GLOBAL_CONST_STRING(lp_template_homedir, Globals.szTemplateHomedir) FN_GLOBAL_CONST_STRING(lp_template_shell, Globals.szTemplateShell) FN_GLOBAL_CONST_STRING(lp_winbind_separator, Globals.szWinbindSeparator)
svn commit: samba r15549 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/auth branches/SAMBA_3_0/source/param branches/SAMBA_3_0/source/utils trunk/source trunk/source/auth trunk/source/param tr
Author: jerry Date: 2006-05-12 21:00:52 + (Fri, 12 May 2006) New Revision: 15549 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15549 Log: removing rhosts and 'hosts equiv' authentication features Removed: branches/SAMBA_3_0/source/auth/auth_rhosts.c trunk/source/auth/auth_rhosts.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/utils/testparm.c trunk/source/Makefile.in trunk/source/configure.in trunk/source/param/loadparm.c trunk/source/utils/testparm.c Changeset: Sorry, the patch is too large (789 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15549
svn commit: samba r15550 - branches/SAMBA_3_0/source trunk/source
Author: jerry Date: 2006-05-12 21:31:52 + (Fri, 12 May 2006) New Revision: 15550 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15550 Log: make sure to pick up the -lresolv libs on systems without -lldap to pull it in Modified: branches/SAMBA_3_0/source/configure.in trunk/source/configure.in Changeset: Modified: branches/SAMBA_3_0/source/configure.in === --- branches/SAMBA_3_0/source/configure.in 2006-05-12 21:00:52 UTC (rev 15549) +++ branches/SAMBA_3_0/source/configure.in 2006-05-12 21:31:52 UTC (rev 15550) @@ -1531,8 +1531,10 @@ fi # -# we might need the resolv library on some systems +# needed for SRV lookups AC_CHECK_LIB(resolv, dn_expand) +AC_CHECK_LIB(resolv, _dn_expand) +AC_CHECK_LIB(resolv, __dn_expand) # # Check for the functions putprpwnam, set_auth_parameters, Modified: trunk/source/configure.in === --- trunk/source/configure.in 2006-05-12 21:00:52 UTC (rev 15549) +++ trunk/source/configure.in 2006-05-12 21:31:52 UTC (rev 15550) @@ -1531,8 +1531,10 @@ fi # -# we might need the resolv library on some systems +# needed for SRV lookups AC_CHECK_LIB(resolv, dn_expand) +AC_CHECK_LIB(resolv, _dn_expand) +AC_CHECK_LIB(resolv, __dn_expand) # # Check for the functions putprpwnam, set_auth_parameters,
svn commit: samba-docs r954 - in trunk/smbdotconf: ldap security
Author: jerry Date: 2006-05-12 21:39:31 + (Fri, 12 May 2006) New Revision: 954 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=954 Log: removing docs for removed parameters Removed: trunk/smbdotconf/ldap/ldapport.xml trunk/smbdotconf/ldap/ldapserver.xml trunk/smbdotconf/security/hostsequiv.xml Changeset: Deleted: trunk/smbdotconf/ldap/ldapport.xml === --- trunk/smbdotconf/ldap/ldapport.xml 2006-05-10 01:06:57 UTC (rev 953) +++ trunk/smbdotconf/ldap/ldapport.xml 2006-05-12 21:39:31 UTC (rev 954) @@ -1,19 +0,0 @@ -samba:parameter name=ldap port -type=integer - context=G - xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; -description - para - This parameter is only available if Samba has been configure to include the - command moreinfo=none--with-ldapsam/command option at compile time. - /para - - para - This option is used to control the tcp port number used to contact the - smbconfoption name=ldap server/. The default is to use the stand LDAPS port 636. - /para -/description -relatedldap ssl/related -value type=default636commentif ldap ssl = on/comment/value -value type=default389commentif ldap ssl = off/comment/value -/samba:parameter Deleted: trunk/smbdotconf/ldap/ldapserver.xml === --- trunk/smbdotconf/ldap/ldapserver.xml2006-05-10 01:06:57 UTC (rev 953) +++ trunk/smbdotconf/ldap/ldapserver.xml2006-05-12 21:39:31 UTC (rev 954) @@ -1,15 +0,0 @@ -samba:parameter name=ldap server - context=G -type=string - xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; -description - paraThis parameter is only available if Samba has been - configure to include the command moreinfo=none--with-ldapsam/command - option at compile time./para - - paraThis parameter should contain the FQDN of the ldap directory - server which should be queried to locate user account information. -/para -/description -value type=defaultlocalhost/value -/samba:parameter Deleted: trunk/smbdotconf/security/hostsequiv.xml === --- trunk/smbdotconf/security/hostsequiv.xml2006-05-10 01:06:57 UTC (rev 953) +++ trunk/smbdotconf/security/hostsequiv.xml2006-05-12 21:39:31 UTC (rev 954) @@ -1,29 +0,0 @@ -samba:parameter name=hosts equiv - context=G -type=string - advanced=1 developer=1 -xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; -description -paraIf this global parameter is a non-null string, -it specifies the name of a file to read for the names of hosts -and users who will be allowed access without specifying a password. -/para - -paraThis is not be confused with smbconfoption name=hosts allow/ which is about hosts -access to services and is more useful for guest services. parameter moreinfo=none -hosts equiv/parameter may be useful for NT clients which will -not supply passwords to Samba./para - -noteparaThe use of parameter moreinfo=nonehosts equiv -/parameter can be a major security hole. This is because you are -trusting the PC to supply the correct username. It is very easy to -get a PC to supply a false username. I recommend that the -parameter moreinfo=nonehosts equiv/parameter option be only used if you really -know what you are doing, or perhaps on a home network where you trust -your spouse and kids. And only if you emphasisreally/emphasis trust - them :-)./para/note -/description - -value type=defaultcommentno host equivalences/comment/value -value type=examplehosts equiv = /etc/hosts.equiv/value -/samba:parameter
svn commit: samba r15551 - in branches/SAMBA_4_0/source: . build/smb_build
Author: jelmer Date: 2006-05-12 22:21:44 + (Fri, 12 May 2006) New Revision: 15551 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15551 Log: Fix clash between config.pm and globally installed Config.pm on case-insensitive filesystems. Patch by John Malmberg tweaked by me Modified: branches/SAMBA_4_0/source/build/smb_build/input.pm branches/SAMBA_4_0/source/build/smb_build/main.pl branches/SAMBA_4_0/source/configure.in Changeset: Modified: branches/SAMBA_4_0/source/build/smb_build/input.pm === --- branches/SAMBA_4_0/source/build/smb_build/input.pm 2006-05-12 21:31:52 UTC (rev 15550) +++ branches/SAMBA_4_0/source/build/smb_build/input.pm 2006-05-12 22:21:44 UTC (rev 15551) @@ -5,7 +5,7 @@ # Copyright (C) Jelmer Vernooij 2004 # Released under the GNU GPL -use config; +use smb_build::config; use strict; package smb_build::input; Modified: branches/SAMBA_4_0/source/build/smb_build/main.pl === --- branches/SAMBA_4_0/source/build/smb_build/main.pl 2006-05-12 21:31:52 UTC (rev 15550) +++ branches/SAMBA_4_0/source/build/smb_build/main.pl 2006-05-12 22:21:44 UTC (rev 15551) @@ -13,7 +13,7 @@ use smb_build::env; use smb_build::cflags; use smb_build::summary; -use config; +use smb_build::config; use strict; my $INPUT = {}; Modified: branches/SAMBA_4_0/source/configure.in === --- branches/SAMBA_4_0/source/configure.in 2006-05-12 21:31:52 UTC (rev 15550) +++ branches/SAMBA_4_0/source/configure.in 2006-05-12 22:21:44 UTC (rev 15551) @@ -88,8 +88,8 @@ AC_SUBST(ac_default_prefix) -echo configure: creating config.pm -cat config.pmCEOF +echo configure: creating build/smb_build/config.pm +cat ${srcdir}/build/smb_build/config.pmCEOF # config.pm - Autogenerate by configure. DO NOT EDIT! package config;
svn commit: samba-web r986 - in trunk/news/advocacy: .
Author: deryck Date: 2006-05-12 22:25:07 + (Fri, 12 May 2006) New Revision: 986 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=986 Log: Add news item on PostPath's alternative to Exchange, which is using Samba. deryck Added: trunk/news/advocacy/samba_helps_postpath.html Changeset: Added: trunk/news/advocacy/samba_helps_postpath.html === --- trunk/news/advocacy/samba_helps_postpath.html 2006-05-09 15:46:55 UTC (rev 985) +++ trunk/news/advocacy/samba_helps_postpath.html 2006-05-12 22:25:07 UTC (rev 986) @@ -0,0 +1,15 @@ +h3a name=samba_helps_postpathSamba Helps Enable Exchange Alternative/a/h3 + +div class=article + pa href=http://www.postpath.com/;PostPath/a has created a + protocol-compatible drop-in alternative to Exchange./p + + blockquoteIt provides granular backup and restore, on or offsite + redundancy, 5X Exchange performance, and AJAX web access./blockquote + + pThe best part is that the company + a href=http://www.postpath.com/solutions/lean/opensource;leveraged Samba + and other Open Source software/a to do it./p +/div + +
svn commit: samba-web r987 - in trunk/news: advocacy announcements
Author: deryck Date: 2006-05-12 22:28:56 + (Fri, 12 May 2006) New Revision: 987 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=987 Log: Story should go in announcements. not advocacy. deryck Added: trunk/news/announcements/samba_helps_postpath.html Removed: trunk/news/advocacy/samba_helps_postpath.html Changeset: Deleted: trunk/news/advocacy/samba_helps_postpath.html === --- trunk/news/advocacy/samba_helps_postpath.html 2006-05-12 22:25:07 UTC (rev 986) +++ trunk/news/advocacy/samba_helps_postpath.html 2006-05-12 22:28:56 UTC (rev 987) @@ -1,15 +0,0 @@ -h3a name=samba_helps_postpathSamba Helps Enable Exchange Alternative/a/h3 - -div class=article - pa href=http://www.postpath.com/;PostPath/a has created a - protocol-compatible drop-in alternative to Exchange./p - - blockquoteIt provides granular backup and restore, on or offsite - redundancy, 5X Exchange performance, and AJAX web access./blockquote - - pThe best part is that the company - a href=http://www.postpath.com/solutions/lean/opensource;leveraged Samba - and other Open Source software/a to do it./p -/div - - Copied: trunk/news/announcements/samba_helps_postpath.html (from rev 986, trunk/news/advocacy/samba_helps_postpath.html)
svn commit: samba r15552 - branches/SAMBA_3_0/source/client trunk/source/client
Author: gd Date: 2006-05-12 23:05:01 + (Fri, 12 May 2006) New Revision: 15552 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15552 Log: Fix segfault... Guenther Modified: branches/SAMBA_3_0/source/client/smbspool.c trunk/source/client/smbspool.c Changeset: Modified: branches/SAMBA_3_0/source/client/smbspool.c === --- branches/SAMBA_3_0/source/client/smbspool.c 2006-05-12 22:21:44 UTC (rev 15551) +++ branches/SAMBA_3_0/source/client/smbspool.c 2006-05-12 23:05:01 UTC (rev 15552) @@ -213,6 +213,8 @@ in_client = True; /* Make sure that we tell lp_load we are */ + load_case_tables(); + if (!lp_load(dyn_CONFIGFILE, True, False, False, True)) { fprintf(stderr, ERROR: Can't load %s - run testparm to debug it\n, dyn_CONFIGFILE); Modified: trunk/source/client/smbspool.c === --- trunk/source/client/smbspool.c 2006-05-12 22:21:44 UTC (rev 15551) +++ trunk/source/client/smbspool.c 2006-05-12 23:05:01 UTC (rev 15552) @@ -213,6 +213,8 @@ in_client = True; /* Make sure that we tell lp_load we are */ + load_case_tables(); + if (!lp_load(dyn_CONFIGFILE, True, False, False, True)) { fprintf(stderr, ERROR: Can't load %s - run testparm to debug it\n, dyn_CONFIGFILE);
svn commit: samba r15553 - branches/SAMBA_3_0/source/rpcclient trunk/source/rpcclient
Author: gd Date: 2006-05-12 23:08:31 + (Fri, 12 May 2006) New Revision: 15553 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15553 Log: minor rpcclient cleanup: length is already set in data_blob. Guenther Modified: branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c trunk/source/rpcclient/cmd_lsarpc.c Changeset: Modified: branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c === --- branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c2006-05-12 23:05:01 UTC (rev 15552) +++ branches/SAMBA_3_0/source/rpcclient/cmd_lsarpc.c2006-05-12 23:08:31 UTC (rev 15553) @@ -859,10 +859,7 @@ DATA_BLOB data_old = data_blob(NULL, p-old_password.length); memcpy(data.data, p-password.data, p-password.length); - data.length = p-password.length; - memcpy(data_old.data, p-old_password.data, p-old_password.length); - data_old.length = p-old_password.length; pwd = decrypt_trustdom_secret(password, data); pwd_old = decrypt_trustdom_secret(password, data_old); Modified: trunk/source/rpcclient/cmd_lsarpc.c === --- trunk/source/rpcclient/cmd_lsarpc.c 2006-05-12 23:05:01 UTC (rev 15552) +++ trunk/source/rpcclient/cmd_lsarpc.c 2006-05-12 23:08:31 UTC (rev 15553) @@ -859,10 +859,7 @@ DATA_BLOB data_old = data_blob(NULL, p-old_password.length); memcpy(data.data, p-password.data, p-password.length); - data.length = p-password.length; - memcpy(data_old.data, p-old_password.data, p-old_password.length); - data_old.length = p-old_password.length; pwd = decrypt_trustdom_secret(password, data); pwd_old = decrypt_trustdom_secret(password, data_old);
svn commit: samba r15555 - in branches/SAMBA_3_0/source: param smbd
Author: jra Date: 2006-05-12 23:10:01 + (Fri, 12 May 2006) New Revision: 1 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=1 Log: Make change notify timeout a per-share parameter - used when there's no kernel or FAM change notify. If set to zero this will turn off change notify for the share except when we ourselves change something (renames / deletes etc. ). Designed to help on large directory shares where a new changenotify is issued between each delete. This will be fixed correctly when we move to internal change notify (eg. back-port Samba4 changenotify). Jeremy. Modified: branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/smbd/notify.c branches/SAMBA_3_0/source/smbd/notify_hash.c branches/SAMBA_3_0/source/smbd/service.c Changeset: Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2006-05-12 23:09:55 UTC (rev 15554) +++ branches/SAMBA_3_0/source/param/loadparm.c 2006-05-12 23:10:01 UTC (rev 1) @@ -220,7 +220,6 @@ int lm_interval; int announce_as;/* This is initialised in init_globals */ int machine_password_timeout; - int change_notify_timeout; int map_to_guest; int oplock_break_wait_time; int winbind_cache_time; @@ -449,6 +448,7 @@ int iAioReadSize; int iAioWriteSize; int iMap_readonly; + int ichange_notify_timeout; param_opt_struct *param_opt; char dummy[3]; /* for alignment */ @@ -587,6 +587,7 @@ 0, /* iAioReadSize */ 0, /* iAioWriteSize */ MAP_READONLY_YES, /* iMap_readonly */ + 60, /* ichange_notify_timeout = 1 minute default. */ NULL, /* Parametric options */ @@ -996,7 +997,7 @@ {N_(Tuning Options), P_SEP, P_SEPARATOR}, {block size, P_INTEGER, P_LOCAL, sDefault.iBlock_size, NULL, NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL}, - {change notify timeout, P_INTEGER, P_GLOBAL, Globals.change_notify_timeout, NULL, NULL, FLAG_ADVANCED}, + {change notify timeout, P_INTEGER, P_LOCAL, sDefault.ichange_notify_timeout, NULL, NULL, FLAG_ADVANCED}, {deadtime, P_INTEGER, P_GLOBAL, Globals.deadtime, NULL, NULL, FLAG_ADVANCED}, {getwd cache, P_BOOL, P_GLOBAL, use_getwd_cache, NULL, NULL, FLAG_ADVANCED}, {keepalive, P_INTEGER, P_GLOBAL, keepalive, NULL, NULL, FLAG_ADVANCED}, @@ -1507,7 +1508,6 @@ Globals.max_wins_ttl = 60 * 60 * 24 * 6;/* 6 days default. */ Globals.min_wins_ttl = 60 * 60 * 6; /* 6 hours default. */ Globals.machine_password_timeout = 60 * 60 * 24 * 7;/* 7 days default. */ - Globals.change_notify_timeout = 60; /* 1 minute default. */ Globals.bKernelChangeNotify = True; /* On if we have it. */ Globals.bFamChangeNotify = True;/* On if we have it. */ Globals.lm_announce = 2;/* = Auto: send only if LM clients found */ @@ -1934,7 +1934,6 @@ FN_GLOBAL_INTEGER(lp_lm_announce, Globals.lm_announce) FN_GLOBAL_INTEGER(lp_lm_interval, Globals.lm_interval) FN_GLOBAL_INTEGER(lp_machine_password_timeout, Globals.machine_password_timeout) -FN_GLOBAL_INTEGER(lp_change_notify_timeout, Globals.change_notify_timeout) FN_GLOBAL_INTEGER(lp_map_to_guest, Globals.map_to_guest) FN_GLOBAL_INTEGER(lp_oplock_break_wait_time, Globals.oplock_break_wait_time) FN_GLOBAL_INTEGER(lp_lock_spin_count, Globals.iLockSpinCount) @@ -2066,6 +2065,7 @@ FN_LOCAL_INTEGER(lp_aio_read_size, iAioReadSize) FN_LOCAL_INTEGER(lp_aio_write_size, iAioWriteSize) FN_LOCAL_INTEGER(lp_map_readonly, iMap_readonly) +FN_LOCAL_INTEGER(lp_change_notify_timeout, ichange_notify_timeout) FN_LOCAL_CHAR(lp_magicchar, magic_char) FN_GLOBAL_INTEGER(lp_winbind_cache_time, Globals.winbind_cache_time) FN_GLOBAL_LIST(lp_winbind_nss_info, Globals.szWinbindNssInfo) Modified: branches/SAMBA_3_0/source/smbd/notify.c === --- branches/SAMBA_3_0/source/smbd/notify.c 2006-05-12 23:09:55 UTC (rev 15554) +++ branches/SAMBA_3_0/source/smbd/notify.c 2006-05-12 23:10:01 UTC (rev 1) @@ -135,9 +135,21 @@ } / - Return true if there are pending change notifies. + Set the current change notify timeout to the lowest value across all service + values. / +void set_change_notify_timeout(int val) +{ + if (val 0) { + cnotify-select_time = MIN(cnotify-select_time, val); + } +} + +/ + Longest time to sleep for before doing a change notify
svn commit: samba r15556 - in branches/SAMBA_3_0/source/rpcclient: .
Author: jra Date: 2006-05-12 23:13:36 + (Fri, 12 May 2006) New Revision: 15556 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15556 Log: Better fix for leading // or \\ from David R. Linn [EMAIL PROTECTED]. Jeremy. Modified: branches/SAMBA_3_0/source/rpcclient/rpcclient.c Changeset: Modified: branches/SAMBA_3_0/source/rpcclient/rpcclient.c === --- branches/SAMBA_3_0/source/rpcclient/rpcclient.c 2006-05-12 23:10:01 UTC (rev 1) +++ branches/SAMBA_3_0/source/rpcclient/rpcclient.c 2006-05-12 23:13:36 UTC (rev 15556) @@ -787,8 +787,8 @@ } } - if ((server[0] == '/' || server[0] == '\\') - (server[1] == '/' || server[1] == '\\')) { + if ((server[0] == '/' server[1] == '/') || + (server[0] == '\\' server[1] == '\\')) { server += 2; }
svn commit: samba r15557 - in trunk/source/rpcclient: .
Author: jra Date: 2006-05-12 23:13:39 + (Fri, 12 May 2006) New Revision: 15557 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15557 Log: Better fix for leading // or \\ from David R. Linn [EMAIL PROTECTED]. Jeremy. Modified: trunk/source/rpcclient/rpcclient.c Changeset: Modified: trunk/source/rpcclient/rpcclient.c === --- trunk/source/rpcclient/rpcclient.c 2006-05-12 23:13:36 UTC (rev 15556) +++ trunk/source/rpcclient/rpcclient.c 2006-05-12 23:13:39 UTC (rev 15557) @@ -789,8 +789,8 @@ } } - if ((server[0] == '/' || server[0] == '\\') - (server[1] == '/' || server[1] == '\\')) { + if ((server[0] == '/' server[1] == '/') || + (server[0] == '\\' server[1] == '\\')) { server += 2; }
svn commit: samba r15558 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: gd Date: 2006-05-12 23:20:39 + (Fri, 12 May 2006) New Revision: 15558 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15558 Log: Do not wait endless for a CLDAP reply when the LDAP server is unavailable; use ldap timeout handling. Jerry, please check. Guenther Modified: branches/SAMBA_3_0/source/libads/cldap.c trunk/source/libads/cldap.c Changeset: Modified: branches/SAMBA_3_0/source/libads/cldap.c === --- branches/SAMBA_3_0/source/libads/cldap.c2006-05-12 23:13:39 UTC (rev 15557) +++ branches/SAMBA_3_0/source/libads/cldap.c2006-05-12 23:20:39 UTC (rev 15558) @@ -165,7 +165,17 @@ return 0; } - +static SIG_ATOMIC_T gotalarm; + +/*** + Signal function to tell us we timed out. +/ + +static void gotalarm_sig(void) +{ + gotalarm = 1; +} + /* receive a cldap netlogon reply */ @@ -180,8 +190,18 @@ blob = data_blob(NULL, 8192); + /* Setup timeout */ + gotalarm = 0; + CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); + alarm(lp_ldap_timeout()); + /* End setup timeout. */ + ret = read(sock, blob.data, blob.length); + /* Teardown timeout. */ + CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); + alarm(0); + if (ret = 0) { d_fprintf(stderr, no reply received to cldap netlogon\n); return -1; Modified: trunk/source/libads/cldap.c === --- trunk/source/libads/cldap.c 2006-05-12 23:13:39 UTC (rev 15557) +++ trunk/source/libads/cldap.c 2006-05-12 23:20:39 UTC (rev 15558) @@ -165,7 +165,17 @@ return 0; } - +static SIG_ATOMIC_T gotalarm; + +/*** + Signal function to tell us we timed out. +/ + +static void gotalarm_sig(void) +{ + gotalarm = 1; +} + /* receive a cldap netlogon reply */ @@ -180,8 +190,18 @@ blob = data_blob(NULL, 8192); + /* Setup timeout */ + gotalarm = 0; + CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); + alarm(lp_ldap_timeout()); + /* End setup timeout. */ + ret = read(sock, blob.data, blob.length); + /* Teardown timeout. */ + CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); + alarm(0); + if (ret = 0) { d_fprintf(stderr, no reply received to cldap netlogon\n); return -1;
Re: svn commit: samba r15558 - branches/SAMBA_3_0/source/libads trunk/source/libads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Author: gd Date: 2006-05-12 23:20:39 + (Fri, 12 May 2006) New Revision: 15558 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15558 Log: Do not wait endless for a CLDAP reply when the LDAP server is unavailable; use ldap timeout handling. Jerry, please check. Good catch. Looks right to me. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEZRk7IR7qMdg1EfYRAmMcAJ9IIneDY5pMoSgnvmMb9frm2ZEmgACeJhMd xX+3bJpfm2LiayV76tGw2zI= =6qNd -END PGP SIGNATURE-
Build status as of Sat May 13 00:00:06 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-05-12 00:01:00.0 + +++ /home/build/master/cache/broken_results.txt 2006-05-13 00:01:35.0 + @@ -1,17 +1,17 @@ -Build status as of Fri May 12 00:00:01 2006 +Build status as of Sat May 13 00:00:06 2006 Build counts: Tree Total Broken Panic ccache 35 3 0 distcc 35 3 0 -lorikeet-heimdal 33 23 0 +lorikeet-heimdal 33 22 0 ppp 20 0 0 rsync35 2 0 samba4 0 0 samba-docs 0 0 0 -samba4 40 24 4 +samba4 39 23 3 samba_3_036 11 0 smb-build28 0 0 talloc 32 15 0 -tdb 31 3 0 +tdb 32 4 0
svn commit: samba r15559 - branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/utils trunk/source/libads trunk/source/utils
Author: gd Date: 2006-05-13 01:29:04 + (Sat, 13 May 2006) New Revision: 15559 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15559 Log: Smaller fixes for the new cldap code: * replace printf to stderr with DEBUG statements as they get printed in daemons * net ads lookup return code Guenther Modified: branches/SAMBA_3_0/source/libads/cldap.c branches/SAMBA_3_0/source/utils/net_ads.c trunk/source/libads/cldap.c trunk/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0/source/libads/cldap.c === --- branches/SAMBA_3_0/source/libads/cldap.c2006-05-12 23:20:39 UTC (rev 15558) +++ branches/SAMBA_3_0/source/libads/cldap.c2006-05-13 01:29:04 UTC (rev 15559) @@ -66,7 +66,7 @@ uint8 len = (uint8)*(ptr++); if ((pret - ret + len + 1) = MAX_DNS_LABEL) { - d_fprintf(stderr, DC returning too long DNS name\n); + DEBUG(1,(DC returning too long DNS name\n)); return 0; } @@ -151,13 +151,13 @@ asn1_pop_tag(data); if (data.has_error) { - d_fprintf(stderr, Failed to build cldap netlogon at offset %d\n, (int)data.ofs); + DEBUG(2,(Failed to build cldap netlogon at offset %d\n, (int)data.ofs)); asn1_free(data); return -1; } if (write(sock, data.data, data.length) != (ssize_t)data.length) { - d_fprintf(stderr, failed to send cldap query (%s)\n, strerror(errno)); + DEBUG(2,(failed to send cldap query (%s)\n, strerror(errno))); } asn1_free(data); @@ -203,7 +203,7 @@ alarm(0); if (ret = 0) { - d_fprintf(stderr, no reply received to cldap netlogon\n); + DEBUG(1,(no reply received to cldap netlogon\n)); return -1; } blob.length = ret; @@ -225,7 +225,7 @@ asn1_end_tag(data); if (data.has_error) { - d_fprintf(stderr, Failed to parse cldap reply\n); + DEBUG(1,(Failed to parse cldap reply\n)); return -1; } Modified: branches/SAMBA_3_0/source/utils/net_ads.c === --- branches/SAMBA_3_0/source/utils/net_ads.c 2006-05-12 23:20:39 UTC (rev 15558) +++ branches/SAMBA_3_0/source/utils/net_ads.c 2006-05-13 01:29:04 UTC (rev 15559) @@ -83,7 +83,6 @@ */ static int net_ads_cldap_netlogon(ADS_STRUCT *ads) { - int ret; struct cldap_netlogon_reply reply; if ( !ads_cldap_netlogon( inet_ntoa(ads-ldap_ip), ads-server.realm, reply ) ) { @@ -147,7 +146,7 @@ d_printf(LMNT Token: %.2x\n, reply.lmnt_token); d_printf(LM20 Token: %.2x\n, reply.lm20_token); - return ret; + return 0; } Modified: trunk/source/libads/cldap.c === --- trunk/source/libads/cldap.c 2006-05-12 23:20:39 UTC (rev 15558) +++ trunk/source/libads/cldap.c 2006-05-13 01:29:04 UTC (rev 15559) @@ -66,7 +66,7 @@ uint8 len = (uint8)*(ptr++); if ((pret - ret + len + 1) = MAX_DNS_LABEL) { - d_fprintf(stderr, DC returning too long DNS name\n); + DEBUG(1,(DC returning too long DNS name\n)); return 0; } @@ -151,13 +151,13 @@ asn1_pop_tag(data); if (data.has_error) { - d_fprintf(stderr, Failed to build cldap netlogon at offset %d\n, (int)data.ofs); + DEBUG(2,(Failed to build cldap netlogon at offset %d\n, (int)data.ofs)); asn1_free(data); return -1; } if (write(sock, data.data, data.length) != (ssize_t)data.length) { - d_fprintf(stderr, failed to send cldap query (%s)\n, strerror(errno)); + DEBUG(2,(failed to send cldap query (%s)\n, strerror(errno))); } asn1_free(data); @@ -203,7 +203,7 @@ alarm(0); if (ret = 0) { - d_fprintf(stderr, no reply received to cldap netlogon\n); + DEBUG(1,(no reply received to cldap netlogon\n)); return -1; } blob.length = ret; @@ -225,7 +225,7 @@ asn1_end_tag(data); if (data.has_error) { - d_fprintf(stderr, Failed to parse cldap reply\n); + DEBUG(1,(Failed to parse cldap reply\n)); return -1; } Modified: trunk/source/utils/net_ads.c === --- trunk/source/utils/net_ads.c2006-05-12 23:20:39 UTC (rev 15558) +++ trunk/source/utils/net_ads.c2006-05-13 01:29:04 UTC
svn commit: samba r15560 - branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/utils trunk/source/libads trunk/source/utils
Author: jerry Date: 2006-05-13 04:39:19 + (Sat, 13 May 2006) New Revision: 15560 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15560 Log: Since the hotel doesn't have Sci-Fi and no Doctor Who Re-add the capability to specify an OU in which to create the machine account. Done via LDAP prior to the RPC join. Modified: branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/utils/net_ads.c trunk/source/libads/ldap.c trunk/source/utils/net_ads.c Changeset: Sorry, the patch is too large (787 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15560
Re: svn commit: samba r15560 - branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/utils trunk/source/libads trunk/source/utils
On Sat, May 13, 2006 at 04:39:20AM +, [EMAIL PROTECTED] wrote: Author: jerry Date: 2006-05-13 04:39:19 + (Sat, 13 May 2006) New Revision: 15560 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15560 Log: Since the hotel doesn't have Sci-Fi and no Doctor Who Man - you're missing the second part of the lost child... That one's really good ! Jeremy.
svn commit: samba r15561 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: jerry Date: 2006-05-13 05:06:20 + (Sat, 13 May 2006) New Revision: 15561 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15561 Log: Should re-fix older systems without RC4-HMAC support Modified: branches/SAMBA_3_0/source/utils/net_ads.c trunk/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_ads.c === --- branches/SAMBA_3_0/source/utils/net_ads.c 2006-05-13 04:39:19 UTC (rev 15560) +++ branches/SAMBA_3_0/source/utils/net_ads.c 2006-05-13 05:06:20 UTC (rev 15561) @@ -917,7 +917,7 @@ uint32 user_rid; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; - uint32 acb_info = ACB_WSTRUST; + uint32 acb_info = ACB_WSTRUST | ACB_PWNOEXP; uchar pwbuf[516]; SAM_USERINFO_CTR ctr; SAM_USER_INFO_24 p24; @@ -949,6 +949,10 @@ strlower_m(acct_name); const_acct_name = acct_name; +#ifndef ENCTYPE_ARCFOUR_HMAC + acb_info |= ACB_USE_DES_KEY_ONLY; +#endif + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, domain_pol, acct_name, acb_info, 0xe005000b, user_pol, user_rid); @@ -1073,17 +1077,15 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) { ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *host_upn, *new_dn, *controlstr; + char *host_upn, *new_dn; ADS_MODLIST mods; const char *servicePrincipalName[3] = {NULL, NULL, NULL}; char *psp; - unsigned acct_control; fstring my_fqdn; LDAPMessage *res = NULL; char *dn_string = NULL; const char *machine_name = global_myname(); int count; - uint32 account_type; if ( !machine_name ) { return ADS_ERROR(LDAP_NO_MEMORY); @@ -1129,16 +1131,6 @@ if (!(host_upn = talloc_asprintf(ctx, [EMAIL PROTECTED], servicePrincipalName[0], ads_s-config.realm))) goto done; - /* set the account control string now */ - - acct_control = account_type | UF_DONT_EXPIRE_PASSWD; -#ifndef ENCTYPE_ARCFOUR_HMAC - acct_control |= UF_USE_DES_KEY_ONLY; -#endif - if (!(controlstr = talloc_asprintf(ctx, %u, acct_control))) { - goto done; - } - /* now do the mods */ if (!(mods = ads_init_mods(ctx))) { @@ -1153,7 +1145,6 @@ ads_mod_str(ctx, mods, userPrincipalName, host_upn); ads_mod_str(ctx, mods, operatingSystem, Samba); ads_mod_str(ctx, mods, operatingSystemVersion, SAMBA_VERSION_STRING); - ads_mod_str(ctx, mods, userAccountControl, controlstr); #endif status = ads_gen_mod(ads_s, new_dn, mods); Modified: trunk/source/utils/net_ads.c === --- trunk/source/utils/net_ads.c2006-05-13 04:39:19 UTC (rev 15560) +++ trunk/source/utils/net_ads.c2006-05-13 05:06:20 UTC (rev 15561) @@ -917,7 +917,7 @@ uint32 user_rid; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; - uint32 acb_info = ACB_WSTRUST; + uint32 acb_info = ACB_WSTRUST | ACB_PWNOEXP; uchar pwbuf[516]; SAM_USERINFO_CTR ctr; SAM_USER_INFO_24 p24; @@ -949,6 +949,10 @@ strlower_m(acct_name); const_acct_name = acct_name; +#ifndef ENCTYPE_ARCFOUR_HMAC + acb_info |= ACB_USE_DES_KEY_ONLY; +#endif + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, domain_pol, acct_name, acb_info, 0xe005000b, user_pol, user_rid); @@ -1073,17 +1077,15 @@ static ADS_STATUS net_set_machine_spn(TALLOC_CTX *ctx, ADS_STRUCT *ads_s ) { ADS_STATUS status = ADS_ERROR(LDAP_SERVER_DOWN); - char *host_upn, *new_dn, *controlstr; + char *host_upn, *new_dn; ADS_MODLIST mods; const char *servicePrincipalName[3] = {NULL, NULL, NULL}; char *psp; - unsigned acct_control; fstring my_fqdn; LDAPMessage *res = NULL; char *dn_string = NULL; const char *machine_name = global_myname(); int count; - uint32 account_type; if ( !machine_name ) { return ADS_ERROR(LDAP_NO_MEMORY); @@ -1129,16 +1131,6 @@ if (!(host_upn = talloc_asprintf(ctx, [EMAIL PROTECTED], servicePrincipalName[0], ads_s-config.realm))) goto done; - /* set the account control string now */ - - acct_control = account_type | UF_DONT_EXPIRE_PASSWD; -#ifndef ENCTYPE_ARCFOUR_HMAC - acct_control |= UF_USE_DES_KEY_ONLY; -#endif - if (!(controlstr = talloc_asprintf(ctx, %u, acct_control))) { - goto done; - } - /* now do the mods */ if (!(mods = ads_init_mods(ctx))) { @@ -1153,7 +1145,6 @@ ads_mod_str(ctx, mods, userPrincipalName,