[Samba] openbsd and domain controller NOT WORKING
Good day list, I hope, you will pay attention to my small problem (big problem for me). I'm totally new to samba, so I don't know exactly, where the problem is. Situation - I need to setup samba as a domain controller (and fast!). Server - openbsd 3.9, samba 3.0.21. There are my configs: smb.conf --- cat /etc/samba/smb.conf [global] workgroup = mydomain passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers syslog = 2 name resolve order = wins bcast hosts add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody '%u' logon script = scripts\login.bat logon path = logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes printing = CUPS [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/samba/data/%U valid users = %S read only = No [stuff] comment = All Stuff path = /home/samba/data/stuff ;valid users = %G read only = No --- cat /etc/samba/smbusers root = Administrator muchacha = Administrator aur = aurk1 jus = jusk2 dal = dalk3 rom = romd1 mon = mond2 ant = antnb --- cat /etc/samba/smbpasswd root:0:3EB2601FBF81B43923B0A8F6F116C5B1:89A8C23F1100C5D0483335155A6F3D6A:[U ]:LCT-447CCFDF: aur:1002:49881D6221BF97DCAAD3B435B51404EE:7626426E298A56ED35661E77DA3B2FE9:[U ]:LCT-447CC8C1: jus:1003:DE8890B4A1C7DDECAAD3B435B51404EE:51C7DE2EE1A936E86E56764F54E47C74:[U ]:LCT-447CC8C8: dal:1004:E4C95B3CABC1DFF2AAD3B435B51404EE:C36BA0ADEC8116F037B1C5098D06C869:[U ]:LCT-447CC8CF: rom:1005:4403416CEA8AEB15AAD3B435B51404EE:A263BBF7D9D8311DD09F43947A4A3032:[U ]:LCT-447CC8D7: mon:1006:EFABEA5881F25971AAD3B435B51404EE:392E82C1805FAB45F933D66F7EEF6081:[U ]:LCT-447CC8DF: So I think users are added. System users also exists. Looks like everything is working, I mean every user can have their home directories \\server\aur accessible with their password. Common share is also available by those users passwords. In the server I also can acces some dirs with the users: smbclient -U aur //local/host/aur Password: Domain=[MYDOMAIN] OS=[UNIX] Server=[Samba 3.0.21b] smb:\ ls . .. .cshrc .login smbstatus show me: Samba version 3.0.21b PID Username Group Machine --- 15436 jus users arch1(192.168.1.35) 18667 rom users arch3(192.168.1.34) Service pid machine Connected at --- stuff15436 arch1 Wed May 31 05:42:45 2006 jus 15436 arch1 Wed May 31 05:42:51 2006 stuff18667 arch3 Wed May 31 06:10:31 2006 No locked files I need the domain controller, that users would be able to login. For now, I can't log on to domain. I know, I missed understood something, but I was trying to log into domain with all possible users, for example aur, aurk1. Also, is it important windows computer name? Also I've script #!/bin/ksh # Map Windows Domain Groups to UNIX groups net groupmap modify ntgroup=Domain Admins unixgroup=wheel net groupmap modify ntgroup=Domain Users unixgroup=users net groupmap modify ntgroup=Domain Guests unixgroup=nobody # Add Functional Domain Groups net groupmap add ntgroup=Architektai unixgroup=users type=d Please, give any advice, or just say what I'm missing here. I know, I don't understand domain setup correctly, but I have no time for reading all manual in samba.org. I've also tried to as in example here: http://us5.samba.org/samba/docs/man/Samba-Guide/small.html But the result was the same: Every time I try to log on to domain, I have this error: The user name could not be found. testparm says, that role is ok: testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [stuff] Loaded services file OK. WARNING: passdb expand explicit = yes is deprecated Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions Please, give any advice. Thank you for you time. -- Tautvydas P.S. Sorry for my English. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can one set limits on new core dump?
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James, This was your change right ? Doug, I'm more interested in why winbindd is seg faulting in the SAMBA_3_0 tree. Can you give me more details? Jerry, I was wrong before. Please read. Sometime in the last 8 months, idmap_ad doesn't build by default anymore. My memory being what it is, I wouldn't swear it ever did, but I thought it used to. samba Version 3.0.23pre2-SVN-build-15864 FC4 - Linux 2.6.16-1.2096_FC4smp gcc-4.0.2-8.fc4 Configure.log configure:48191: checking how to build idmap_ldap configure:48219: result: static configure:48228: checking how to build idmap_tdb configure:48256: result: static configure:48265: checking how to build idmap_rid configure:48297: result: not configure:48302: checking how to build idmap_ad configure:48330: result: not if I define it static, with --with-static-modules=idmap_ad I get a build error: sam/idmap.o(.text+0x2d7): In function `idmap_init': idmap.c: undefined reference to `idmap_ad_init' collect2: ld returned 1 exit status make: *** [bin/net] Error 1 make: *** Waiting for unfinished jobs pam_smbpass/support.c: In function '_smb_verify_password': pam_smbpass/support.c:401: warning: pointer targets in passing argument 2 of 'si d_to_uid' differ in signedness Linking bin/testparm sam/idmap.o(.text+0x2d7): In function `idmap_init': idmap.c: undefined reference to `idmap_ad_init' collect2: ld returned 1 exit status make: *** [bin/winbindd] Error 1 if I define it shared, with --with-shared-modules=idmap_ad I get a clean build, but then I start core dumping again. May 31 01:19:14 gate winbindd[5355]: [2006/05/31 01:19:14, 0] lib/fault.c:fault_report(41) May 31 01:19:14 gate winbindd[5355]: === May 31 01:19:14 gate winbindd[5355]: [2006/05/31 01:19:14, 0] lib/fault.c:fault_report(42) May 31 01:19:14 gate winbindd[5355]: INTERNAL ERROR: Signal 6 in pid 5355 (3.0.23pre2-SVN-build-15864) May 31 01:19:14 gate winbindd[5355]: Please read the Trouble-Shooting section of the Samba3-HOWTO May 31 01:19:14 gate winbindd[5355]: [2006/05/31 01:19:14, 0] lib/fault.c:fault_report(44) May 31 01:19:14 gate winbindd[5355]: May 31 01:19:14 gate winbindd[5355]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf May 31 01:19:14 gate winbindd[5355]: [2006/05/31 01:19:14, 0] lib/fault.c:fault_report(45) May 31 01:19:14 gate winbindd[5355]: === May 31 01:19:14 gate winbindd[5355]: [2006/05/31 01:19:14, 0] lib/util.c:smb_panic(1592) May 31 01:19:14 gate winbindd[5355]: PANIC (pid 5355): internal error May 31 01:19:14 gate winbindd[5355]: [2006/05/31 01:19:14, 0] lib/util.c:log_stack_trace(1699) May 31 01:19:14 gate winbindd[5355]: BACKTRACE: 27 stack frames: May 31 01:19:14 gate winbindd[5355]:#0 /usr/local/samba3/sbin/winbindd(log_stack_trace+0x26) [0xdd5496] May 31 01:19:14 gate winbindd[5355]:#1 /usr/local/samba3/sbin/winbindd(smb_panic+0x5e) [0xdd535e] May 31 01:19:14 gate winbindd[5355]:#2 /usr/local/samba3/sbin/winbindd [0xdc3cac] May 31 01:19:14 gate winbindd[5355]:#3 /usr/local/samba3/sbin/winbindd [0xdc3cba] May 31 01:19:14 gate winbindd[5355]:#4 [0x2cf420] May 31 01:19:14 gate winbindd[5355]:#5 /lib/libc.so.6(abort+0xf8) [0x3b2678] May 31 01:19:14 gate winbindd[5355]:#6 /usr/local/samba3/sbin/winbindd [0xdda5cf] May 31 01:19:14 gate winbindd[5355]:#7 /usr/local/samba3/sbin/winbindd(talloc_free+0x2a) [0xddacc0] May 31 01:19:14 gate winbindd[5355]:#8 /usr/local/samba3/sbin/winbindd(ads_check_posix_schema_mapping+0x711) [0xea8726] May 31 01:19:14 gate winbindd[5355]:#9 /usr/local/samba3/sbin/winbindd [0xd7fb76] May 31 01:19:14 gate winbindd[5355]:#10 /usr/local/samba3/sbin/winbindd [0xd823ae] May 31 01:19:14 gate winbindd[5355]:#11 /usr/local/samba3/sbin/winbindd [0xd6d43f] May 31 01:19:14 gate winbindd[5355]:#12 /usr/local/samba3/sbin/winbindd [0xd6d8e6] May 31 01:19:14 gate winbindd[5355]:#13 /usr/local/samba3/sbin/winbindd [0xd704ba] May 31 01:19:14 gate winbindd[5355]:#14 /usr/local/samba3/sbin/winbindd(winbindd_dual_list_trusted_domains+0x98) [0xd78336] May 31 01:19:14 gate winbindd[5355]:#15 /usr/local/samba3/sbin/winbindd [0xd841c9] May 31 01:19:14 gate winbindd[5355]:#16 /usr/local/samba3/sbin/winbindd [0xd854c4] May 31 01:19:14 gate winbindd[5355]:#17 /usr/local/samba3/sbin/winbindd [0xd83e2c] May 31 01:19:14 gate winbindd[5355]:#18 /usr/local/samba3/sbin/winbindd(async_request+0x14e) [0xd83a96] May 31 01:19:14 gate winbindd[5355]:#19 /usr/local/samba3/sbin/winbindd(init_child_connection+0x219) [0xd6a439] May 31 01:19:14 gate winbindd[5355]:#20 /usr/local/samba3/sbin/winbindd(async_domain_request+0xf3) [0xd83f76] May 31 01:19:14 gate winbindd[5355]:#21 /usr/local/samba3/sbin/winbindd [0xd69ec3] May 31 01:19:14 gate
RE: [Samba] Can one set limits on new core dump?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Doug VanLeuven Sent: 31 May 2006 09:56 /usr/local/samba3/sbin/winbindd [0xdda5cf] May 31 01:19:14 gate winbindd[5355]:#7 /usr/local/samba3/sbin/winbindd(talloc_free+0x2a) [0xddacc0] May 31 01:19:14 gate winbindd[5355]:#8 /usr/local/samba3/sbin/winbindd(ads_check_posix_schema_mapping +0x711) [0xea8726] May 31 01:19:14 gate winbindd[5355]:#9 This looks very much like a buglet in the new rfc2307 code that I mailed gd about the other day. The SysAdmins here have blocked my access to bugzilla at the moment so I can't file patches the right way. :-( Bob Gautier _ This email (including any attachments to it) is confidential, legally privileged, subject to copyright and is sent for the personal attention of the intended recipient only. If you have received this email in error, please advise us immediately and delete it. You are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although we have taken reasonable precautions to ensure no viruses are present in this email, we cannot accept responsibility for any loss or damage arising from the viruses in this email or attachments. We exclude any liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided in this email or its attachments, unless that information is subsequently confirmed in writing. If this email contains an offer, that should be considered as an invitation to treat. _ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with winbind
Hello, I have a debian server with samba and winbind 3.0.14a. This server was joined to a windows domain. (PDC Windows NT4) When I try to get windows users with wbinfo -u, I have this error : Error looking up domain users. smb.conf file : [global] workgroup = domaine security = DOMAIN netbios name = nom server string = Serveur de fichier wins server = *.*.*.* winbind uid = 1-2 winbind gid = 1-2 encrypt passwords = yes password server = controleur de domaine winbind uid = 1-2 winbind gid = 1-2 winbindenum users = yes winbindenum groups = yes template shell = /bin/false [homes] comment = Home Directory browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 Winbindd log : winbindd version 3.0.14a-Debian started. Copyright The Samba Team 2000-2004 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] Processing section [homes] adding IPC service adding IPC service added interface ip= added interface ip= Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Added domain DT S-0-0 cm_get_ipc_userpass: No auth-user defined bind_rpc_pipe: transfer syntax differs rpc_pipe_bind: check_bind_response failed. cli_nt_session_open: rpc bind to \PIPE\lsarpc failed rpc: trusted_domains cm_get_ipc_userpass: No auth-user defined Added domain CABLOG S-1-5-21-2114653816-828388678-116079390 Added domain DTT S-1-5-21-2066556833-490628793-1601773907 Added domain DGMT S-1-5-21-2062771020-360318863-1843927889 Added domain DAMGM S-1-5-21-2039163245-687421222-561332275 Added domain SES S-1-5-21-2034437564-2136697980-1822381206 Added domain DGUHC S-1-5-21-2029089813-1112409138-226366656 Added domain TEST S-1-5-21-1954155775-1610957053-336686690 Added domain CABMETT S-1-5-21-15296-1085931942-888221323 Added domain DGPA S-1-5-21-125376681-1420513705-1230779191 Added domain CGPC S-1-5-21-114899144-1718052673-777934057 Added domain SIC S-1-5-21-113796826-39130958-1829272640 Added domain MIILOS S-1-5-21-82779875-1687896728-1829272640 Added domain DSCR S-1-5-21-68842957-1011941955-1381133839 Added domain SG S-1-5-21-49494143-632293237-1230779191 Added domain DRAST S-1-5-21-46415174-971138297-457192195 Added domain SPE S-1-5-21-41034656-1638360388-1822381206 Added domain DPS S-1-5-21-31408706-1629690792-2042955738 Added domain DR S-1-5-21-2144601217-442196626-1381133839 Added domain DAFAG S-1-5-21-2138249453-1853437234-667646791 Added domain DAEI S-1-5-21-2128623502-1590714872-829631973 Added domain DTMPL S-1-5-21-2126277046-122500015-382417117 Added domain RITAC S-1-5-21-2123242984-696341304-226366656 Added domain CETPB S-1-5-21-9395636-1261903606-1011632211 Added domain INTRANET S-1-5-21-858271965-1473476929-464344438 Added domain BUILTIN S-1-5-32 Added domain DT-FICS S-1-5-21-1254192237-2473297329-3152707237 rpc: trusted_domains [ 2591]: request interface version [ 2591]: request location of privileged pipe [ 2591]: list users cm_get_ipc_userpass: No auth-user defined Could not open a connection to INTRANET for \PIPE\samr (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds resolve_lmhosts: Attempting lmhosts lookup for name CETPB0x1c resolve_wins: Attempting wins lookup for name CETPB0x1c resolve_wins: using WINS server x.x.x.x and tag '*' Negative name query response, rcode 0x03: The name requested does not exist. name_resolve_bcast: Attempting broadcast lookup for name CETPB0x1c Connection to for domain DT (pipe \PIPE\NETLOGON) has died or was never started (fd == -1) cm_get_ipc_userpass: No auth-user defined Thanks for your help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can one set limits on new core dump?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Doug VanLeuven wrote: Jerry, I was wrong before. Please read. Sometime in the last 8 months, idmap_ad doesn't build by default anymore. My memory being what it is, I wouldn't swear it ever did, but I thought it used to. I don't believe it was ever built by default. It was included in some packages by default, but never a basic ./configure make make install. if I define it static, with --with-static-modules=idmap_ad I get a build error: It should be built as a shared module if I define it shared, with --with-shared-modules=idmap_ad I get a clean build, but then I start core dumping again. May 31 01:19:14 gate winbindd[5355]: [2006/05/31 01:19:14, 0] lib/fault.c:fault_report(41) May 31 01:19:14 gate winbindd[5355]: === May 31 01:19:14 gate winbindd[5355]: [2006/05/31 01:19:14, 0] lib/fault.c:fault_report(42) May 31 01:19:14 gate winbindd[5355]: INTERNAL ERROR: Signal 6 in pid 5355 (3.0.23pre2-SVN-build-15864) Looks like an abort in the talloc code called by the sfu idmap support. I agree this would be guenther's code. Can you add some comments to the bug report Bob mentioned? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEfYCeIR7qMdg1EfYRArXGAKDuTXDDf/HJlCcHPbvCi2KA77HKYgCdHN6R 3cA7CNLh6fprAxubINsXHlo= =4ajo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Called NTLMSSP after state machine was 'done'
Andrew, After some more tests, I am having the sense that using 'use_ntlm_negotiate on' is slowing down Squid. I don´t have any data to support this, though. Are there any reports about it? Thanks in advance, Carlos. 2006/5/4, Carlos Zottmann [EMAIL PROTECTED]: Hi !! I have set 'use_ntlm_negotiate on' in squid.conf and it seems to have solved the problem. I am not using this proxy server in the production environment yet, but in the tests we conducted the problem didn´t show up anymore ... Thanks!! Carlos. 2006/5/3, Carlos Zottmann [EMAIL PROTECTED]: Hi !! Thanks for the answer, Andrew ... I have used both IE 6.0 and Firefox 1.5.0.2, and got the same problem with both. I will set 'use_ntlm_negotiate' in squid.conf and will let you know the results .. Thanks again !! Carlos. 2006/5/3, Andrew Bartlett [EMAIL PROTECTED]: On Tue, 2006-05-02 at 17:46 -0300, Carlos Zottmann wrote: Hi !! I am installing Squid-2.5 Stable 13, on a FedoraCore 5 x86_64 machine, doing ntlm authentication through Samba 3.0.22, wich was installed via rpm. Everything is working fine except that the browser every now and then asks for the username and password. Which browser? I have done some basic samba tests, like wbinfo -t, wbinfo -u and wbinfo -g, and everthing worked ok. Looking at squid´s cache.log , I found the following error: [2006/05/02 11:33:00, 1] libsmb/ntlmssp.c:ntlmssp _update(231) Called NTLMSSP after state machine was 'done' Have anyone run into this yet? I wonder if the issue is due to some change at our end. We may have broken support where 'use_ntlm_negotiate' isn't set (in the squid configuration). This option permits better security in any case, so give it a try. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ http://samba.org/%7Eabartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQBEWHQHz4A8Wyi0NrsRAsg4AKCUlXThk6RMQYgEEBZ2SSIFvKsuJgCfdJSZ AG5sUyIVIOobjSnMytQ2xN8= =/4LS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot delete files from samba share
Hi all, Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable to delete files on a samba share using an XP client. We were previously able to delete these files when using 2.2.8a. The problem occurs when we have a particular sub-set of permissions. Directory permissions on UNIX are set to 775 and ownerhips to usera : group1. This should mean that either usera or anyone who belongs to group1 should be able to delete any file within the directory irrespective of what the file permissions and ownerships are. From UNIX this is the case. Using an XP client on samba 2.2.8a this is the case. On samba 3.0.22 this is not the case. We have an application which writes files into the top level directory of the samba directory with permissions 544.The ownerships of the file are userb (i.e. different from the directory owner). group1 (i.e. the same as the directory). If a third user, userc who is a member of group1 (there is a force group directive on the share as well) comes along and attempts to delete the file through the samba share, the delete fails. Experimentation has shown the delete works if the file is writable by the user (e.g 744 cf 544) or the file is owned by the user trying to delete it. We have upgraded only a few of our servers to 3.0.22 and we have been able to reproduce the problem.I have attached a script which run as root on UNIX sets up a test share and appropriated file/dir permissions. Other details about are installation are given below UNIX OS: Solaris 8, Solaris 9 PDC: Windows 2003 If anyone has any suggestions as to how this issue can be resolved, I would be grateful to hear from them cheers Neil #!/bin/ksh # TEST_DIR = UNIX directory being shared out ( The 'samba dir') TEST_DIR=/smb_debug # TEST_FILE = file used to demonstrate the problem export TEST_FILE=${TEST_DIR}/test # SMB_CONF = path to smb.conf SMB_CONF=/path/to/your/smb.conf # SHARENAME = the name for the samba share SHARENAME=neil # GROUP = the group ownership on the 'samba dir'. Membership of this group # should permit files to be deleted from this directory. GROUP=group1 # USER1 = the username attempting to delete files from the samba share. They # must belong to ${GROUP} USER1=usera # USER2 = The user ownership on the 'samba dir' USER2=userb # USER3 = The user ownership on ${TEST_FILE} USER3=userc # On UNIX, make the directory shared out by samba if it does not exist [[ ! -d ${TEST_DIR} ]] mkdir ${TEST_DIR} # Create the samba share if required egrep \\[${SHARENAME}\\] ${SMB_CONF} - 2- || { cat _EOT1__ ${SMB_CONF} [${SHARENAME}] path = ${TEST_DIR} comment = Test share for permissions issue valid users = @${GROUP} read only = no create mask = 755 force group = ${GROUP} _EOT1__ } # Make the 'samba directory' owned by an account other than that which deletes # the file. Make the group ownership ${GROUP}. Make the permissions such that # members of ${GROUP} can delete (and create) files within ${TEST_DIR}. chown ${USER2}:${GROUP} ${TEST_DIR} chmod 775 ${TEST_DIR} # Create the file we want to delete touch ${TEST_FILE} # Set file ownerships perms so it is not writable chmod 544 ${TEST_FILE} chown ${USER3}:${GROUP} ${TEST_FILE} # Show the permissions echo Initial permissions are as follows\n ls -ld ${TEST_DIR} ${TEST_FILE} # As $USER1 show that we can delete the file from UNIX echo \n Deleting ${TEST_FILE} su - ${USER1} -c rm -f ${TEST_FILE} - 2- if [[ ! -f ${TEST_FILE} ]];then echo Test file deleted\n else echo Failed to delete test file\n fi # Re-create the file again touch ${TEST_FILE} chmod 544 ${TEST_FILE} chown ${USER3}:${GROUP} ${TEST_FILE} # Show the permissions echo Permissions following file re-creation are as follows\n ls -ld ${TEST_DIR} ${TEST_FILE} echo \nNow attempt to delete the file using a windows client The information contained in this message may be CONFIDENTIAL and is intended for the addressee only. Any unauthorised use, dissemination of the information, or copying of this message is prohibited. If you are not the addressee, please notify the sender immediately by return e-mail and delete this message. Although this e-mail and any attachments are believed to be free of any virus, or other defect which might affect any computer or system into which they are received and opened, it is the responsibility of the recipient to ensure that they are virus free and no responsibility is accepted by MG for any loss or damage from receipt or use thereof. Please note that all e-mail messages are subject to interception for lawful business purposes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Character encoding problem in file names
On 5/30/06, Jeremy Allison [EMAIL PROTECTED] wrote: Is this with smbfs or cifsfs ? smbfs is unsupported. Apparently it's smbfs, because when using 'mount -t cifs' with '-o iocharset=utf8' everything seems to work fine. Is smbmount strictly connected to smbfs or is there smbmount for cifs? Anyways, now that I realized to try mounting the share with cifs, it works as I wanted it to. Thanks for the help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba ldap: deleting then adding a machine account
Hello samba users, I've set up a test PDC samba server, using LDAP backend. It worked fine during the firsts tests, but for trying purpose, I deleted the client machine account using smbldap-userdel. re-adding the machine account, I cannot login anymore using the win2k client. What can be done? samba server: fedora core 4, samba 3.14a. ldap server: ubuntu breezy, openldap 2.2.26-3 thanks -- Network System Engineer Goelaan SA, Switzerland Tel. +41-22-960 98 20 Fax +41-22-960 98 21 http://www.goelaan.ch -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to use 'valid users' from Active Directory
I am able to return users and groups using wbinfo -g and -u. Samaba will even allow users to connect that are in our domain. The problem exist while trying to narrow down permissions to a share. [public] comment = Public Stuff path = /home/ public = yes read only = no valid users = @UFAD\_IFAS-FRE-USERS_autoGS This does not work. It prompts the end user for a username/password but it won't take anything. A share like the following does work but doesn't bother asking the end user for credentials because the username/password is already been entered to login to the AD domain. [homes] comment = %U Home Directory browseable = no path = %H valid users = %U writable = yes create mode = 0664 directory mode = 0775 I have also attached my smb.conf incase I missed something else. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] policies
Am going thru the learning curve on using samba as a primary controller. Samba is up and running just fine. However, I'm a bit confused on the ntlogin.pol thing. I'm gathering, if all the workstations are winxp, I need to do this?? Go to the Windows 200x/XP menu Start-Programs-Administrative Tools and select the MMC snap-in called Active Directory Users and Computers Select the domain or organizational unit I don't see the mmc snap-in. Or should I still be using poledit on samba 3.1? If so, if someone has a source for the 3 common adm files, I'd appreciate it. common.adm etc.. Any other comments would be welcome. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] printing fails for SPOOLSS OpenPrinterEx request
Hi, I have a problem with my printing setup of a windows XP client with a samba server. The windows driver seems to use different ways of smb/printer communication for printing in normal/duplex mode and for printing brochures. The latter failes silently. normal/duplex printing uses: SMB Open Print File Request brochure printing starts with: SPOOLSS OpenPrinterEx request I recorded the network transmission during printing and received the following for brochure printing (which fails): Source DestProtocol Info client server SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE server client SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED client server SMB Session Setup AndX Request, NTLMSSP_AUTH, User: \ server client SMB Session Setup AndX Response client server SMB Tree Connect AndX Request, Path: \\JACKDAW\IPC$ server client SMB Tree Connect AndX Response client server SMB NT Create AndX Request, Path: \spoolss server client SMB NT Create AndX Response, FID: 0x7168 client server DCERPC Bind: call_id: 1 UUID: SPOOLSS server client SMB Write AndX Response, FID: 0x7168, 72 bytes client server SMB Read AndX Request, FID: 0x7168, 1024 bytes at offset 0 server client DCERPC Bind_ack: call_id: 1 accept max_xmit: 4280 max_recv: 4280 client server SPOOLSS OpenPrinterEx request, \\jackdaw\test server client SPOOLSS OpenPrinterEx response client server SPOOLSS GetPrinter request, level 2 server client SPOOLSS GetPrinter response, level 2, Insufficient buffer client server SPOOLSS GetPrinter request, level 2 server client SPOOLSS GetPrinter response, level 2 client server SPOOLSS OpenPrinterEx request, \\jackdaw\test server client SPOOLSS OpenPrinterEx response client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server SPOOLSS GetPrinter request, level 2 server client TCP netbios-ssn plato-lm [ACK] Seq=1621 Ack=5111 Win=32767 Len=0 server client SMB Pipe TransactNmPipe Response, FID: 0x7168 client server SMB Read AndX Request, FID: 0x7168, 3112 bytes at offset 0 server client TCP [TCP segment of a reassembled PDU] server client TCP [TCP segment of a reassembled PDU] client server TCP plato-lm netbios-ssn [ACK] Seq=6498 Ack=5625 Win=65535 Len=0 server client SPOOLSS GetPrinter response, level 2 client server SPOOLSS OpenPrinterEx request, \\jackdaw\test server client SPOOLSS OpenPrinterEx response client server SPOOLSS GetPrinter request, level 0 server client SPOOLSS GetPrinter response, level 0 client server SPOOLSS GetPrinter request, level 2 server client SPOOLSS GetPrinter response, level 2, Insufficient buffer snip - the same goes on ... Successful printing in normal (or duplex) modes results in the following traffic: Source DestProtocol Info client server SMB Open Print File Request server client SMB Open Print File Response, FID: 0x1be7 client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server SMB Write Request, FID: 0x1be7, 9274 bytes at offset 0 server client TCP netbios-ssn plato-lm [ACK] Seq=41 Ack=2974 Win=32767 Len=0 server client TCP netbios-ssn plato-lm [ACK] Seq=41 Ack=5894 Win=32767 Len=0 server client TCP netbios-ssn plato-lm [ACK] Seq=41 Ack=8814 Win=32767 Len=0 server client SMB Write Response, 9274 bytes client server TCP plato-lm netbios-ssn [ACK] Seq=9380 Ack=82 Win=64664 Len=0 client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server TCP [TCP segment of a reassembled PDU] client server SMB Write Request, FID: 0x1be7, 8223 bytes at offset 9274 server client TCP netbios-ssn plato-lm [ACK] Seq=82 Ack=12300 Win=32767 Len=0 server client TCP netbios-ssn plato-lm [ACK] Seq=82 Ack=15220 Win=32767 Len=0 server client TCP netbios-ssn plato-lm [ACK] Seq=82 Ack=17655 Win=32767 Len=0 server client SMB Write Response, 8223 bytes client server SMB Close Print File Request, FID: 0x1be7 server client SMB Close Print File Response client server TCP plato-lm netbios-ssn [ACK] Seq=17696 Ack=162 Win=64584 Len=0 printing is finished here (successfully) The failing brochure printing reaches cups, but gets ignored without an error message (even for debug loglevel). There is no
RE: [Samba] winbind + consistent uid gid
It looks like this is what we want to do. We have more than one domain in our forest, but people should log in from only one domain to our Linux Boxes. So it should work still right? Winbind/NSS uses RID based IDMAP: The IDMAP_RID facility is new to Samba version 3.0.8. It was added to make life easier for a number of sites that are committed to use of MS ADS, that do not apply an ADS schema extension, and that do not have an installed an LDAP directory server just for the purpose of maintaining an IDMAP table. If you have a single ADS domain (not a forest of domains, and not multiple domain trees) and you want a simple cookie-cutter solution to the IDMAP table problem, then IDMAP_RID is an obvious choice. This facility requires the allocation of the idmap uid and the idmap gid ranges, and within the idmap uid it is possible to allocate a subset of this range for automatic mapping of the relative identifier (RID) portion of the SID directly to the base of the UID plus the RID value. For example, if the idmap uid range is 1000-1 and the idmap backend = idmap_rid:DOMAIN_NAME=1000-5000, and a SID is encountered that has the value S-1-5-21-34567898-12529001-32973135-1234, the resulting UID will be 1000 + 1234 = 2234. We are running samba 3.0.10 on our CentOS 4.2 boxes. I think we have the smb.conf file correct, but we are getting this message in our logs. May 30 15:01:22 Cent01 winbindd[2861]: [2006/05/30 15:01:22, 0] sam/idmap.c:idmap_init(142) May 30 15:01:22 Cent01 winbindd[2861]: idmap_init: could not load remote backend 'idmap_rid' May 30 15:01:22 Cent01 winbind: winbindd startup succeeded According to the documentation on the samba.org website, this feature should be available since 3.0.8. My feeling is that Red Hat just didn't compile in the idmap_rid. Does the log seems to say that to you as well? If that is the case, is it possible to add that library as some kind of RPM without having to compile samba from source, or is there a RPM that will work on CentOS 4.2 that has idmap_rid? We are going to do this on over 100 boxes, and want the process to be a simple as possible. Sam Adams General Dynamics - Network Systems Phone: 210.536.5945 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Gasch Sent: Tuesday, May 30, 2006 1:27 AM To: Emmanuel Blindauer Cc: samba@lists.samba.org Subject: Re: [Samba] winbind + consistent uid gid Putting idmap backend = idmap_rid:DOMNAME=1000-100 in the smb.conf file seemed promising, but it didn't work for me. that´s not the only thing you have to do please refer to the samba guide about how to setup idmap_rid correctly it´s working for me fine on several servers greez Emmanuel Blindauer wrote: You'll have to use ldap for storing the mapping idmap backend = ldap:ldap://your.ldap.server and uses smbpasswd -w to store the pass to access the ldap server Emmanuel Le Mercredi 24 Mai 2006 17:48, Adams Samuel D Contr AFRL/HEDR a écrit : I am trying to get out Linux boxes to authenticate against our AD domain. We have that part working just fine using Kerberos and winbind. The problem is when we use NFS on multiple machines. As you could guess, the UIDs and GIDs are not consistent across all of the machines. From what I have been reading on the internet, this seems to be common problem, but all the solutions that I have found don't seem to work for me. Putting idmap backend = idmap_rid:DOMNAME=1000-100 in the smb.conf file seemed promising, but it didn't work for me. Do you have any recommendations to get this to work? It is kind of critical to have a distributed file system. It is not an option to modify out AD severs. Sam Adams General Dynamics - Network Systems Phone: 210.536.5945 -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Robocopy
Hello, I have a FC4 server running samba and winbind 3.0.20b. To make backups I use robocopy in a scheduled task, and randomly, it fails with the error: ERROR 5 (0x0005) Getting File System Type of Source \\OFI\f$\ file:///\\OFI\f$\ . Access is denied. NOTE: NTFS Security will NOT be copied - Source may not be NTFS. Source : \\OFI\f$\ Dest : \\SRVBackup\OFI_bkp\Ofis\OFI\ Files : *.* Exc Dirs : NT ORANT ORAINST RECYCLER Options : *.* /S /E /PURGE /MIR /NP /R:30 /W:20 ERROR 5 (0x0005) Accessing Source Directory \\OFI\f$\ Access is denied. Thanks for your help. Rafa Yáñez -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining into ads
Hi, it try to join ads with samba 3.0.22 (SLES9 SP3) and got: holu0001:~ # kinit admin [EMAIL PROTECTED] Password: kinit: NOTICE: ticket renewable lifetime is 1 week holu0001:~ # net ads join [2006/05/31 17:42:21, 0] libads/ldap.c:ads_add_machine_acct(1507) Warning: ads_set_machine_sd: Unexpected information received ads_set_machine_password: Message stream modified holu0001:~ # logout It worked for month! I joined aprox: 15 samba servers but now it didn't work. It there something wrong with the AD (W2K3) or with my samba config? regards Franz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with job removal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I use: printing = lprng print command = /opt/LPRng/bin/lpr -P%p -U%U -J'%J' -r %s lpq command = /opt/LPRng/bin/lpq -P%p lprm command = /opt/LPRng/bin/lprm -P%p -U%U %j lppause command = /opt/LPRng/sbin/lpc -U%U hold %p %j lpresume command = /opt/LPRng/sbin/lpc -U%U release %p %j queuepause command = /opt/LPRng/sbin/lpc -U%U -P%p stop queueresume command = /opt/LPRng/sbin/lpc -U%U -P%p start Arthur Guez wrote: Hi, We've been stuck with this problem for a while now and we believe I tried enough potential solutions to justify my posting here. We're using samba 3.0.14a in Sarge in order to allow printing from Windows workstations (The authentication works with AD+Kerberos+Winbind) to a set of shared printers. Printing works perfectly but we would like to allow users to have control over the jobs (most importantly remove jobs) they submit and them only. Unfortunately this does not seem to work with any of the configurations we've tried. When a job is cancelled, it is replaced in the windows queue by a job called remote downlevel document Here are the relevant sections of our smb.conf file: (without any of the hacks we attempted) [printers] comment = All Printers path = /var/spool/lpd printable = yes printing = lprng load printers = yes printcap name = /etc/printcap guest ok = no print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j lppause command = /usr/sbin/lpc hold %p %j lpresume command =/usr/sbin/lpc release %p %j queuepause command = /usr/sbin/lpc stop %p queueresume command = /usr/sbin/lpc start %p One of the things we've tried to do was to replace the lrprng commands called by samba with setuid programs which call the same commands but specify the user using the -U option. This works for lpr as desired but for some unknown reason it seems that the program that should be called instead of lprm is only called at times when a user tries to remove a remote downlevel document. (When called on a normal job, it gets turned into a remote downlevel, but the program is NOT called) Here is the same file as above, configured for the above method: (we're using the default lpd.perms) [printers] comment = All Printers path = /var/spool/lpd printable = yes printing = lprng load printers = yes printcap name = /etc/printcap guest ok = no print command = /usr/bin/setlpr [EMAIL PROTECTED] %p %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/setlprm [EMAIL PROTECTED] %p %j ... and the programs look like this: (they are setuid) setuid(0) system(lprm -U%s -P%s %s, arg1, arg2, arg3); Also, we tried to modify the source, but we were surprised by the fact that samba is doing so much permission checking, isn't that the role of lprng ? Any kind of help would be greatly appreciated, thanks in advance. Arthur NOTE: Our users are of the form CAMPUS\username. I don't know if the backslash can cause a problem, but without using the -U option, the owner appears as CAMPUS\username in lpq but just username in the windows queue, and then CAMPUS\username in the windows queue when it is a remote downlevel document. When using our programs with the -U option it's just username everywhere. - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEfcDqmb+gadEcsb4RAjtXAKCeTMo2B9gNNU5YuVO+jxnVRiF55ACfUHwn sYk/+9zfW03evo5OojAVkS0= =uIzu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can one set limits on new core dump?
Gautier, B (Bob) wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Doug VanLeuven Sent: 31 May 2006 09:56 /usr/local/samba3/sbin/winbindd [0xdda5cf] May 31 01:19:14 gate winbindd[5355]:#7 /usr/local/samba3/sbin/winbindd(talloc_free+0x2a) [0xddacc0] May 31 01:19:14 gate winbindd[5355]:#8 /usr/local/samba3/sbin/winbindd(ads_check_posix_schema_mapping +0x711) [0xea8726] May 31 01:19:14 gate winbindd[5355]:#9 This looks very much like a buglet in the new rfc2307 code that I mailed gd about the other day. The SysAdmins here have blocked my access to bugzilla at the moment so I can't file patches the right way. :-( Jerry asked me to comment in the bug report. I could forward the patch. Can you give me the bug report number. I found 3751, but don't know if it's appropriate there. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can one set limits on new core dump?
Hi, On Wed, May 31, 2006 at 09:42:13AM -0700, Doug VanLeuven wrote: Gautier, B (Bob) wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ] On Behalf Of Doug VanLeuven Sent: 31 May 2006 09:56 /usr/local/samba3/sbin/winbindd [0xdda5cf] May 31 01:19:14 gate winbindd[5355]:#7 /usr/local/samba3/sbin/winbindd(talloc_free+0x2a) [0xddacc0] May 31 01:19:14 gate winbindd[5355]:#8 /usr/local/samba3/sbin/winbindd(ads_check_posix_schema_mapping +0x711) [0xea8726] May 31 01:19:14 gate winbindd[5355]:#9 This looks very much like a buglet in the new rfc2307 code that I mailed gd about the other day. The SysAdmins here have blocked my access to bugzilla at the moment so I can't file patches the right way. :-( Jerry asked me to comment in the bug report. I could forward the patch. Can you give me the bug report number. I found 3751, but don't know if it's appropriate there. I just fixed this today in subversion (http://websvn.samba.org/cgi-bin/viewcvs.cgi?rev=15980view=rev) Let me know if you still see problems with that. Thanks, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE Labs[EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpqWkW3tuTs1.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem joining into ads
Hi, On Wed, May 31, 2006 at 05:58:03PM +0200, Franz Pfoertsch wrote: Hi, it try to join ads with samba 3.0.22 (SLES9 SP3) and got: holu0001:~ # kinit admin [EMAIL PROTECTED] Password: kinit: NOTICE: ticket renewable lifetime is 1 week holu0001:~ # net ads join [2006/05/31 17:42:21, 0] libads/ldap.c:ads_add_machine_acct(1507) Warning: ads_set_machine_sd: Unexpected information received ads_set_machine_password: Message stream modified holu0001:~ # logout It worked for month! I joined aprox: 15 samba servers but now it didn't work. Can you please send the output of the join command with -d 10 ? Thanks, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE Labs[EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpx1MAfExRsP.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with job removal
Thanks for your input. Actually we tried using samba version 3.0.22 and changing the winbind separator to a +, and now it works fine. Altough the deleting is something slow, but that might be normal. Arthur On 5/31/06, Ryan Novosielski [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I use: printing = lprng print command = /opt/LPRng/bin/lpr -P%p -U%U -J'%J' -r %s lpq command = /opt/LPRng/bin/lpq -P%p lprm command = /opt/LPRng/bin/lprm -P%p -U%U %j lppause command = /opt/LPRng/sbin/lpc -U%U hold %p %j lpresume command = /opt/LPRng/sbin/lpc -U%U release %p %j queuepause command = /opt/LPRng/sbin/lpc -U%U -P%p stop queueresume command = /opt/LPRng/sbin/lpc -U%U -P%p start Arthur Guez wrote: Hi, We've been stuck with this problem for a while now and we believe I tried enough potential solutions to justify my posting here. We're using samba 3.0.14a in Sarge in order to allow printing from Windows workstations (The authentication works with AD+Kerberos+Winbind) to a set of shared printers. Printing works perfectly but we would like to allow users to have control over the jobs (most importantly remove jobs) they submit and them only. Unfortunately this does not seem to work with any of the configurations we've tried. When a job is cancelled, it is replaced in the windows queue by a job called remote downlevel document Here are the relevant sections of our smb.conf file: (without any of the hacks we attempted) [printers] comment = All Printers path = /var/spool/lpd printable = yes printing = lprng load printers = yes printcap name = /etc/printcap guest ok = no print command = /usr/bin/lpr -P%p -r %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j lppause command = /usr/sbin/lpc hold %p %j lpresume command =/usr/sbin/lpc release %p %j queuepause command = /usr/sbin/lpc stop %p queueresume command = /usr/sbin/lpc start %p One of the things we've tried to do was to replace the lrprng commands called by samba with setuid programs which call the same commands but specify the user using the -U option. This works for lpr as desired but for some unknown reason it seems that the program that should be called instead of lprm is only called at times when a user tries to remove a remote downlevel document. (When called on a normal job, it gets turned into a remote downlevel, but the program is NOT called) Here is the same file as above, configured for the above method: (we're using the default lpd.perms) [printers] comment = All Printers path = /var/spool/lpd printable = yes printing = lprng load printers = yes printcap name = /etc/printcap guest ok = no print command = /usr/bin/setlpr [EMAIL PROTECTED] %p %s lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/setlprm [EMAIL PROTECTED] %p %j ... and the programs look like this: (they are setuid) setuid(0) system(lprm -U%s -P%s %s, arg1, arg2, arg3); Also, we tried to modify the source, but we were surprised by the fact that samba is doing so much permission checking, isn't that the role of lprng ? Any kind of help would be greatly appreciated, thanks in advance. Arthur NOTE: Our users are of the form CAMPUS\username. I don't know if the backslash can cause a problem, but without using the -U option, the owner appears as CAMPUS\username in lpq but just username in the windows queue, and then CAMPUS\username in the windows queue when it is a remote downlevel document. When using our programs with the -U option it's just username everywhere. - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEfcDqmb+gadEcsb4RAjtXAKCeTMo2B9gNNU5YuVO+jxnVRiF55ACfUHwn sYk/+9zfW03evo5OojAVkS0= =uIzu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] authentication against /etc/passwd?
Security = share to allow samba to authenticate against the local passwd files correct? -- Jas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication against /etc/passwd?
On Wed, May 31, 2006 at 12:10:30PM -0600, Jason Gerfen wrote: Security = share to allow samba to authenticate against the local passwd files correct? You probably mean 'encrypt passwords = no'. Volker pgpVyUxdYPuB3.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-populate
Hi: after run smbldap-populate has not created unix users and group. Is possible DEBUG smbldap-populate command? TIA SO:Solaris 10 x86 __ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! ¡Abrí tu cuenta ya! - http://correo.yahoo.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication against /etc/passwd?
Security = share to allow samba to authenticate against the local passwd files correct? AFAIK, SAMBA can't authenticate against local /etc/passwd, since SAMBA needs the LM or NTLM hashes of the password which, of course, are not stored in /etc/passwd or /etc/shadow. Usually, UNIX passwords are hashed with MD5, or encrypted with Blowfish, then stored into /etc/shadow, but no LM or NTLM hashes are calculated and stored in that file You must use a backend that supports storing LM and NTLM hashes, such as ldapsam or tdb. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind + consistent uid gid
you're right! red hat did not add this feature in some versoins (not sure if they did at all). we had the same trouble on RH EL3 - now we use packages from sernet greez Adams Samuel D Contr AFRL/HEDR wrote: It looks like this is what we want to do. We have more than one domain in our forest, but people should log in from only one domain to our Linux Boxes. So it should work still right? Winbind/NSS uses RID based IDMAP: The IDMAP_RID facility is new to Samba version 3.0.8. It was added to make life easier for a number of sites that are committed to use of MS ADS, that do not apply an ADS schema extension, and that do not have an installed an LDAP directory server just for the purpose of maintaining an IDMAP table. If you have a single ADS domain (not a forest of domains, and not multiple domain trees) and you want a simple cookie-cutter solution to the IDMAP table problem, then IDMAP_RID is an obvious choice. This facility requires the allocation of the idmap uid and the idmap gid ranges, and within the idmap uid it is possible to allocate a subset of this range for automatic mapping of the relative identifier (RID) portion of the SID directly to the base of the UID plus the RID value. For example, if the idmap uid range is 1000-1 and the idmap backend = idmap_rid:DOMAIN_NAME=1000-5000, and a SID is encountered that has the value S-1-5-21-34567898-12529001-32973135-1234, the resulting UID will be 1000 + 1234 = 2234. We are running samba 3.0.10 on our CentOS 4.2 boxes. I think we have the smb.conf file correct, but we are getting this message in our logs. May 30 15:01:22 Cent01 winbindd[2861]: [2006/05/30 15:01:22, 0] sam/idmap.c:idmap_init(142) May 30 15:01:22 Cent01 winbindd[2861]: idmap_init: could not load remote backend 'idmap_rid' May 30 15:01:22 Cent01 winbind: winbindd startup succeeded According to the documentation on the samba.org website, this feature should be available since 3.0.8. My feeling is that Red Hat just didn't compile in the idmap_rid. Does the log seems to say that to you as well? If that is the case, is it possible to add that library as some kind of RPM without having to compile samba from source, or is there a RPM that will work on CentOS 4.2 that has idmap_rid? We are going to do this on over 100 boxes, and want the process to be a simple as possible. Sam Adams General Dynamics - Network Systems Phone: 210.536.5945 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Gasch Sent: Tuesday, May 30, 2006 1:27 AM To: Emmanuel Blindauer Cc: samba@lists.samba.org Subject: Re: [Samba] winbind + consistent uid gid Putting idmap backend = idmap_rid:DOMNAME=1000-100 in the smb.conf file seemed promising, but it didn't work for me. that´s not the only thing you have to do please refer to the samba guide about how to setup idmap_rid correctly it´s working for me fine on several servers greez Emmanuel Blindauer wrote: You'll have to use ldap for storing the mapping idmap backend = ldap:ldap://your.ldap.server and uses smbpasswd -w to store the pass to access the ldap server Emmanuel Le Mercredi 24 Mai 2006 17:48, Adams Samuel D Contr AFRL/HEDR a écrit : I am trying to get out Linux boxes to authenticate against our AD domain. We have that part working just fine using Kerberos and winbind. The problem is when we use NFS on multiple machines. As you could guess, the UIDs and GIDs are not consistent across all of the machines. From what I have been reading on the internet, this seems to be common problem, but all the solutions that I have found don't seem to work for me. Putting idmap backend = idmap_rid:DOMNAME=1000-100 in the smb.conf file seemed promising, but it didn't work for me. Do you have any recommendations to get this to work? It is kind of critical to have a distributed file system. It is not an option to modify out AD severs. Sam Adams General Dynamics - Network Systems Phone: 210.536.5945 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot delete files from samba share
sounds like you're hitting map readonly please play with it and see man smb.conf greez [EMAIL PROTECTED] wrote: Hi all, Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable to delete files on a samba share using an XP client. We were previously able to delete these files when using 2.2.8a. The problem occurs when we have a particular sub-set of permissions. Directory permissions on UNIX are set to 775 and ownerhips to usera : group1. This should mean that either usera or anyone who belongs to group1 should be able to delete any file within the directory irrespective of what the file permissions and ownerships are. From UNIX this is the case. Using an XP client on samba 2.2.8a this is the case. On samba 3.0.22 this is not the case. We have an application which writes files into the top level directory of the samba directory with permissions 544.The ownerships of the file are userb (i.e. different from the directory owner). group1 (i.e. the same as the directory). If a third user, userc who is a member of group1 (there is a force group directive on the share as well) comes along and attempts to delete the file through the samba share, the delete fails. Experimentation has shown the delete works if the file is writable by the user (e.g 744 cf 544) or the file is owned by the user trying to delete it. We have upgraded only a few of our servers to 3.0.22 and we have been able to reproduce the problem.I have attached a script which run as root on UNIX sets up a test share and appropriated file/dir permissions. Other details about are installation are given below UNIX OS: Solaris 8, Solaris 9 PDC: Windows 2003 If anyone has any suggestions as to how this issue can be resolved, I would be grateful to hear from them cheers Neil #!/bin/ksh # TEST_DIR = UNIX directory being shared out ( The 'samba dir') TEST_DIR=/smb_debug # TEST_FILE = file used to demonstrate the problem export TEST_FILE=${TEST_DIR}/test # SMB_CONF = path to smb.conf SMB_CONF=/path/to/your/smb.conf # SHARENAME = the name for the samba share SHARENAME=neil # GROUP = the group ownership on the 'samba dir'. Membership of this group # should permit files to be deleted from this directory. GROUP=group1 # USER1 = the username attempting to delete files from the samba share. They # must belong to ${GROUP} USER1=usera # USER2 = The user ownership on the 'samba dir' USER2=userb # USER3 = The user ownership on ${TEST_FILE} USER3=userc # On UNIX, make the directory shared out by samba if it does not exist [[ ! -d ${TEST_DIR} ]] mkdir ${TEST_DIR} # Create the samba share if required egrep \\[${SHARENAME}\\] ${SMB_CONF} - 2- || { cat _EOT1__ ${SMB_CONF} [${SHARENAME}] path = ${TEST_DIR} comment = Test share for permissions issue valid users = @${GROUP} read only = no create mask = 755 force group = ${GROUP} _EOT1__ } # Make the 'samba directory' owned by an account other than that which deletes # the file. Make the group ownership ${GROUP}. Make the permissions such that # members of ${GROUP} can delete (and create) files within ${TEST_DIR}. chown ${USER2}:${GROUP} ${TEST_DIR} chmod 775 ${TEST_DIR} # Create the file we want to delete touch ${TEST_FILE} # Set file ownerships perms so it is not writable chmod 544 ${TEST_FILE} chown ${USER3}:${GROUP} ${TEST_FILE} # Show the permissions echo Initial permissions are as follows\n ls -ld ${TEST_DIR} ${TEST_FILE} # As $USER1 show that we can delete the file from UNIX echo \n Deleting ${TEST_FILE} su - ${USER1} -c rm -f ${TEST_FILE} - 2- if [[ ! -f ${TEST_FILE} ]];then echo Test file deleted\n else echo Failed to delete test file\n fi # Re-create the file again touch ${TEST_FILE} chmod 544 ${TEST_FILE} chown ${USER3}:${GROUP} ${TEST_FILE} # Show the permissions echo Permissions following file re-creation are as follows\n ls -ld ${TEST_DIR} ${TEST_FILE} echo \nNow attempt to delete the file using a windows client The information contained in this message may be CONFIDENTIAL and is intended for the addressee only. Any unauthorised use, dissemination of the information, or copying of this message is prohibited. If you are not the addressee, please notify the sender immediately by return e-mail and delete this message. Although this e-mail and any attachments are believed to be free of any virus, or other defect which might affect any computer or system into which they are received and opened, it is the responsibility of the recipient to ensure that they are virus free and no responsibility is accepted by MG for any loss or damage from receipt or use thereof. Please note that all e-mail messages are subject to interception for lawful business purposes. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication against /etc/passwd?
AFAIK, SAMBA can't authenticate against local /etc/passwd, since SAMBA this topic has been discussed fairly often on this list. according to the threads (i didn't ever try it) volker is right greez Felipe Alfaro Solana wrote: Security = share to allow samba to authenticate against the local passwd files correct? AFAIK, SAMBA can't authenticate against local /etc/passwd, since SAMBA needs the LM or NTLM hashes of the password which, of course, are not stored in /etc/passwd or /etc/shadow. Usually, UNIX passwords are hashed with MD5, or encrypted with Blowfish, then stored into /etc/shadow, but no LM or NTLM hashes are calculated and stored in that file You must use a backend that supports storing LM and NTLM hashes, such as ldapsam or tdb. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot delete a file, but I can create and edit it !!
Hi, I am having a problem after upgrading from 2.2.1 to 3.0.13, we also changed domains from NT 4 to Active Directory. The problem appears to be with ACL's. Samba is working fine and the ACL's seem to be working fine as well but I am running into a problem when trying to delete a file. For example, a user has a directory and his Unix permissions are 755, but he has an ACL configured that specifies my group should be able to rwx on his directory. In Samba, I can create a file in his directory (which tells me the acl's are working) and I can edit it and save it as well. However, I cannot rename it or delete it. And, he can only read the file. He cannot edit, rename it or delete it either. I am the owner of the file, I should be able to delete it, right? BTW, I am able to create and delete directories just fine!! I have tried to enable map acl inherit, inherit acls, inherit permissions, etc But nothing seems to be able to fix it. This is a production environment that is down so any help would be appreciated ! Thanks, Tom. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Second SAMBA Server different NETBIOS alias and shares for ClearCase
I have a SAMBA Server utilizing an LDAP backend for user authentication and it works great unless I use ClearCase. When ClearCase is used the compilation time for our code is slowed down to a crawl and the ClearCase application is rendered nearly useless. As a test fix my boss wants me to create a second SAMBA server to be used for only the ClearCase server. I don't know if this will work, but I may be able to accomplish my task if I set the os level lower than my primary SAMBA server set the SID to the same as my existing server. I then change the netbios alias to clearcase. I'll then add my views and vobs through either NFS or SANS client to the ClearCase SAMBA server. This way if a workstation using ClearCase needs to use the \\clearcase\views share it will utilize the ClearCase SAMBA server not the primary server. All authentication should remain through my LDAP server since I did not change the SIDs for my server or user accounts. If this plan sound feasible please let me know. If it sounds like I may break my existing architecture let me know. If you have better suggestions I am looking for any help. Thank you for your time, Patrick Hoferer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can one set limits on new core dump?
Guenther Deschner wrote: I just fixed this today in subversion (http://websvn.samba.org/cgi-bin/viewcvs.cgi?rev=15980view=rev) Let me know if you still see problems with that. Hi, Updated to svn 15985, running 1/2 hour now, no more core dumps. Thanks Guenther! Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Second SAMBA Server different NETBIOS alias and shares for ClearCase
Hoferer, Patrick K. wrote: I have a SAMBA Server utilizing an LDAP backend for user authentication and it works great unless I use ClearCase. When ClearCase is used the compilation time for our code is slowed down to a crawl and the ClearCase application is rendered nearly useless. As a test fix my boss wants me to create a second SAMBA server to be used for only the ClearCase server. I don't know if this will work, but I may be able to accomplish my task if I set the os level lower than my primary SAMBA server set the SID to the same as my existing server. I then change the netbios alias to clearcase. I'll then add my views and vobs through either NFS or SANS client to the ClearCase SAMBA server. This way if a workstation using ClearCase needs to use the \\clearcase\views share it will utilize the ClearCase SAMBA server not the primary server. All authentication should remain through my LDAP server since I did not change the SIDs for my server or user accounts. If this plan sound feasible please let me know. If it sounds like I may break my existing architecture let me know. If you have better suggestions I am looking for any help. Thank you for your time, Patrick Hoferer I don't think you're being very clear. In Windows terms, you log into a domain, not a server. It sounds like you want to maintain the same authentication but split an application off onto a different server to improve performance. However, it's not clear if you want to use Samba or NFS to share the files. I'm going to assume that the new server will be providing file services through Samba. If you want the ClearCase server to use the same authentication, just make it a member server in your existing domain. Stop the ClearCase Samba shares on the old server and start them on the new one. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Second SAMBA Server different NETBIOS alias and shares for ClearCase
You're totally right about my poor terminology. I need to do is join the CC SAMBA server to the Primary SAMBA Server's authentication. I have the HowTo Guide and it has a step by step on joining as a Domain Member Server. I'll test it out. ...RTM...Pat. Thank you for your help. :) -Original Message- From: Gary Dale [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 31, 2006 4:20 PM To: Hoferer, Patrick K. Cc: samba@lists.samba.org; Bailey, Alonza; Kdeiss, Raymond E. Subject: Re: [Samba] Second SAMBA Server different NETBIOS alias and shares for ClearCase Hoferer, Patrick K. wrote: I have a SAMBA Server utilizing an LDAP backend for user authentication and it works great unless I use ClearCase. When ClearCase is used the compilation time for our code is slowed down to a crawl and the ClearCase application is rendered nearly useless. As a test fix my boss wants me to create a second SAMBA server to be used for only the ClearCase server. I don't know if this will work, but I may be able to accomplish my task if I set the os level lower than my primary SAMBA server set the SID to the same as my existing server. I then change the netbios alias to clearcase. I'll then add my views and vobs through either NFS or SANS client to the ClearCase SAMBA server. This way if a workstation using ClearCase needs to use the \\clearcase\views share it will utilize the ClearCase SAMBA server not the primary server. All authentication should remain through my LDAP server since I did not change the SIDs for my server or user accounts. If this plan sound feasible please let me know. If it sounds like I may break my existing architecture let me know. If you have better suggestions I am looking for any help. Thank you for your time, Patrick Hoferer I don't think you're being very clear. In Windows terms, you log into a domain, not a server. It sounds like you want to maintain the same authentication but split an application off onto a different server to improve performance. However, it's not clear if you want to use Samba or NFS to share the files. I'm going to assume that the new server will be providing file services through Samba. If you want the ClearCase server to use the same authentication, just make it a member server in your existing domain. Stop the ClearCase Samba shares on the old server and start them on the new one. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Second SAMBA Server different NETBIOS alias and shares for ClearCase
You can also try SWAT. It has a wizard for this purpose. Hoferer, Patrick K. wrote: You're totally right about my poor terminology. I need to do is join the CC SAMBA server to the Primary SAMBA Server's authentication. I have the HowTo Guide and it has a step by step on joining as a Domain Member Server. I'll test it out. ...RTM...Pat. Thank you for your help. :) -Original Message- From: Gary Dale [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 31, 2006 4:20 PM To: Hoferer, Patrick K. Cc: samba@lists.samba.org; Bailey, Alonza; Kdeiss, Raymond E. Subject: Re: [Samba] Second SAMBA Server different NETBIOS alias and shares for ClearCase Hoferer, Patrick K. wrote: I have a SAMBA Server utilizing an LDAP backend for user authentication and it works great unless I use ClearCase. When ClearCase is used the compilation time for our code is slowed down to a crawl and the ClearCase application is rendered nearly useless. As a test fix my boss wants me to create a second SAMBA server to be used for only the ClearCase server. I don't know if this will work, but I may be able to accomplish my task if I set the os level lower than my primary SAMBA server set the SID to the same as my existing server. I then change the netbios alias to clearcase. I'll then add my views and vobs through either NFS or SANS client to the ClearCase SAMBA server. This way if a workstation using ClearCase needs to use the \\clearcase\views share it will utilize the ClearCase SAMBA server not the primary server. All authentication should remain through my LDAP server since I did not change the SIDs for my server or user accounts. If this plan sound feasible please let me know. If it sounds like I may break my existing architecture let me know. If you have better suggestions I am looking for any help. Thank you for your time, Patrick Hoferer I don't think you're being very clear. In Windows terms, you log into a domain, not a server. It sounds like you want to maintain the same authentication but split an application off onto a different server to improve performance. However, it's not clear if you want to use Samba or NFS to share the files. I'm going to assume that the new server will be providing file services through Samba. If you want the ClearCase server to use the same authentication, just make it a member server in your existing domain. Stop the ClearCase Samba shares on the old server and start them on the new one. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot delete files from samba share
Hi Neil, Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable to delete files on a samba share using an XP client. We were previously able to delete these files when using 2.2.8a. This sounds remarkably similar to the problem I was having, where I could create files, modify them, but not delete them: http://lists.samba.org/archive/samba/2006-May/120521.html If you work out a way to fix this, do let me know! Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot delete files from samba share
On Wed, May 31, 2006 at 02:06:53PM +0100, [EMAIL PROTECTED] wrote: Following an upgrade from samba 2.2.8a to 3.0.22 we have been unable to delete files on a samba share using an XP client. We were previously able to delete these files when using 2.2.8a. The problem occurs when we have a particular sub-set of permissions. Directory permissions on UNIX are set to 775 and ownerhips to usera : group1. This should mean that either usera or anyone who belongs to group1 should be able to delete any file within the directory irrespective of what the file permissions and ownerships are. From UNIX this is the case. Using an XP client on samba 2.2.8a this is the case. On samba 3.0.22 this is not the case. We have an application which writes files into the top level directory of the samba directory with permissions 544.The ownerships of the file are userb (i.e. different from the directory owner). group1 (i.e. the same as the directory). If a third user, userc who is a member of group1 (there is a force group directive on the share as well) comes along and attempts to delete the file through the samba share, the delete fails. Experimentation has shown the delete works if the file is writable by the user (e.g 744 cf 544) or the file is owned by the user trying to delete it. We have upgraded only a few of our servers to 3.0.22 and we have been able to reproduce the problem.I have attached a script which run as root on UNIX sets up a test share and appropriated file/dir permissions. Other details about are installation are given below UNIX OS: Solaris 8, Solaris 9 PDC: Windows 2003 If anyone has any suggestions as to how this issue can be resolved, I would be grateful to hear from them Can you send me a debug level 10 log from the smbd when you attempt to delete the file along with the name of the file you're trying to delete. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to use 'valid users' from Active Directory
I am able to return users and groups using wbinfo -g and -u. Samaba will even allow users to connect that are in our domain. The problem exist while trying to narrow down permissions to a share. [public] comment = Public Stuff path = /home/ public = yes read only = no valid users = @UFAD\_IFAS-FRE-USERS_autoGS Is this a group? Have you tried with a specific user? Did you try removing the quotes? This works for me: valid users = @DOMAIN\user But I haven't tried it with an AD group. If you can't get it to work with an individual user then it's probably a problem with your configuration. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot delete a file, but I can create and edit it !!
In Samba, I can create a file in his directory (which tells me the acl's are working) and I can edit it and save it as well. However, I cannot rename it or delete it. And, he can only read the file. He cannot edit, rename it or delete it either. I am the owner of the file, I should be able to delete it, right? BTW, I am able to create and delete directories just fine!! This sounds like the exact same problem I'm having - I just tried it and I can indeed delete the directories I create, but not the files. This is sounding more and more like a bug - you'll probably want to follow the thread above called Cannot delete files from samba share as I suspect it's the same problem. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot delete files from samba share
Can you send me a debug level 10 log from the smbd when you attempt to delete the file along with the name of the file you're trying to delete. Hi Jeremy, Have you had a chance to check the debug level 10 log I sent you when I was having this problem? This seems like exactly the same issue, and there's now a third person having this problem (see the message from s b a couple of threads after this one.) It's looking more and more like it could be a bug in Samba...especially as it allows you to delete directories and not files, even though they have the same permissions! Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot delete files from samba share
On Thu, Jun 01, 2006 at 10:01:07AM +1000, Adam Nielsen wrote: Can you send me a debug level 10 log from the smbd when you attempt to delete the file along with the name of the file you're trying to delete. Hi Jeremy, Have you had a chance to check the debug level 10 log I sent you when I was having this problem? This seems like exactly the same issue, and there's now a third person having this problem (see the message from s b a couple of threads after this one.) It's looking more and more like it could be a bug in Samba...especially as it allows you to delete directories and not files, even though they have the same permissions! Nope - I forgot about the debug level 10 log :-(. In my defense, things get busy around here. Now I've (obviously :-) got more time can you resend with the version of Samba you reproduced it on and the name of the file you're trying to delete. Let's start this from scratch again ! (sorry :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot delete files from samba share
Nope - I forgot about the debug level 10 log :-(. In my defense, things get busy around here. Now I've (obviously :-) got more time can you resend with the version of Samba you reproduced it on and the name of the file you're trying to delete. Let's start this from scratch again ! (sorry :-). No problem, I'm just happy you're trying to help :-) I'll forward you my original message off-list now - nothing has changed since then. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and DOS Attributes
*** I sent this Email first before registering, this may be a duplicate, if so... Sorry...*** I am trying to run a critical DOS (xBASE - Foxpro) application on a Suse Linux Enterpise Server with Samba 3x... I have turned off Oplocks2, but left oplocks on( without it, performance is miserable). Various commands issued through the DOS Program, Record and File Locking, Copying Files, etc.. are causing Samba to change the file attribute in the share to Read Only (Clients can't write to the files). A simple chmod -R 770 clears the problem until it comes back again. The DOS attributes don't change, even though Samba has the file as Read Only, the DOS attribute (looking from a command prompt), is still Read/Write...? Samba doesn't seem to like working with DOS, Are there any options I can set or change, or am I missing something basic. Any suggestions will be appreciated... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Fw: debug level 10 log
On Wed, May 31, 2006 at 05:23:15PM -0700, Jeremy Allison wrote: I don't see the debug message : DEBUG(10,(check_posix_acl_group_write: ret = %d before check_stat:\n, ret)); which is in the code just after we've checked all the POSIX ACL entries which makes me think the code jumped directly to the check_stat: label which means Samba isn't using POSIX ACLs in the binary. Did you specify --with-posix-acls when you built Samba ? The other thing you can try is setting acl check permissions = no on that share (or globally). This will stop Samba checking at open time if the file can be deleted. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: debug level 10 log
The other thing you can try is setting acl check permissions = no on that share (or globally). This will stop Samba checking at open time if the file can be deleted. That made a difference - if that option is set then I can delete the file. What is strange though is that a directory with the same permissions can always be deleted. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: debug level 10 log
On Thu, Jun 01, 2006 at 10:34:23AM +1000, Adam Nielsen wrote: The other thing you can try is setting acl check permissions = no on that share (or globally). This will stop Samba checking at open time if the file can be deleted. That made a difference - if that option is set then I can delete the file. Ok, so it's not reading the ACLs on your file correctly - looks like either the POSIX ACLs are not being detected or used in configure or there's some bug. It looks from the logs like the ACL code isn't turned on. Try adding some simple debug level zero's in the code path in check_posix_acl_group_write() to see if it's being executed correctly. What Samba version are you using ? What is strange though is that a directory with the same permissions can always be deleted. Actually not unusual as Windows doesn't do the open with delete intent for directories as it does with files - so this code doesn't get executed. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: debug level 10 log
we have the same problem with the directory structure where I work. If you ever find a solution, please let me know. I know that if you set a sticky bit and the permissions are right, it doesn't allow the directory to be deleted. We had trouble using it with group permissions though. --Ken Adam Nielsen wrote: The other thing you can try is setting acl check permissions = no on that share (or globally). This will stop Samba checking at open time if the file can be deleted. That made a difference - if that option is set then I can delete the file. What is strange though is that a directory with the same permissions can always be deleted. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printing fails for SPOOLSS OpenPrinterEx request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: I have a problem with my printing setup of a windows XP client with a samba server. The windows driver seems to use different ways of smb/printer communication for printing in normal/duplex mode and for printing brochures. The latter failes silently. normal/duplex printing uses: SMB Open Print File Request brochure printing starts with: SPOOLSS OpenPrinterEx request This doesn't make sense to me. Are you serving the driver from the Samba box? or installing it locally? In windows client(s) the printer is configured to be connected to a local port (\\servername\printername) and works without problems for anything except brochure printing. Sounds like you are trying to force lanman printing. I would recommend against this if possible. But if you really want it, you can disable MS-RPC printing globally on the Samba server using 'disable spoolss = yes' I tried to turn on default devmode and use client driver in smb.conf. None of these changed the behaviour. This setup was known to work with the previous server machine, I used. It was a debian sarge woody installation. But this machine is not available for testing anymore ... Does anyone have any ideas, what I could try, to get brochure printing to work again? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEfkglIR7qMdg1EfYRAofDAJ9SpsKM3mK+8nu/5NLFiM8m6JCxGACg0OSL /RAAzMc4vd5Q68bXHwM+Ajo= =E8aA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User Manager
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Johnson wrote: I think something is broken in 23rc1 with LDAP as the backend. testparm did not reveal any issues with my config file, but all I get is hundreds of messages in the smbd.log file that it couldn't connect to the LDAP servers. If I roll it back to 3.0.22, LDAP works fine. Did something drastically change in 23rc1 for LDAP? I noticed the configure option changed and I tried it with auto and specifying --with-ldap, but with the same results. A lot changed but I'm not seeing these issues. Are you sure the build is good? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEfkhuIR7qMdg1EfYRAiSnAKCw8Pfwa6wwijzkfPMhg5WvUSXfQQCg1HYx HQIZQv8Lkpsa0KUveEvuPu8= =hm1R -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: ODS-5 issues: broken utime
John E. Malmberg wrote: For HP Samba V3 evaluation release, it should be currently using the CRTL utime(). That's what I figured. DECC$EFS_FILE_TIMESTAMPS causes different fields in on an ODS-5 volume to be exposed by the CRTL. These fields more closely track what UNIX expects. There are also volume settings that need to be made, and increasing the resolution of the timers can impact file system performance. As some Perl scripts may be expecting traditional OpenVMS behavior, for the normal running of Perl, there is no reason to force a setting of DECC$EFS_FILE_TIMESTAMPS. Wouldn't Samba be quite a different matter, then? I'd expect most applications that use VMS Samba would be running on non-VMS systems, so non-VMS semantics are perfectly appropriate. So it sounds like setting DECC$EFS_FILE_TIMESTAMPS would be a good thing. I do not understand this issue. If the directory is invisible, then that should be hiding the files. They still should be accessed explicitly by path name though. If I performed an ls on a hidden directory explicitly referenced by path name (e.g. ls .hidden,) no files would be found! The only way I could see files in it was to perform ls on each file explicitly (e.g. ls .hidden/foo .hidden/bar). This is an issue where the CRTL unlink() works differently than the UNIX unlink(). The UNIX unlink() only pays attention to the write permissions on the directory where the file resides, not the permissions on the file it self. Right. I understand why it has to work that way. But what I do question is whether Samba should be aware of the D bit at all. Just as x is forced on for all files served from a samba share on a Windows host because Windows has no concept of x, why shouldn't D be either ignored or forced on? Currently the only known work around is to place an ACL on the file to always allow delete by the application. See the PERL vms.c source where it adds a temporary ACL on the file to attempt to delete it. Perl has the advantage of being able to add ACLs as needed. However, when a samba client application creates a read-only file, how is it supposed to make the file deletable? Also the implementation of the DOS readonly attribute can not be properly implemented on OpenVMS and possibly on UNIX. That hasn't caused me problems ... yet. I'm not complaining that DOS readonly doesn't map properly. I just don't understand why chmod 444 (or even chmod 000) must be interpreted as removing the D bit, given the undesirable semantics that result. After all, if the client doesn't even know the D bit is there, why should chmod do anything with it at all? If a samba client really needs to prevent files from being deleted, it can be done in the usual way, by taking away write permission from the directory on which the files reside. All in all, implementing the READONLY attribute as an ACL is probably the best compromise for functionality, as long as it is realized that the ACL may not be honored on the OpenVMS host the same way that a Microsoft Windows system. Sounds good if it all works transparently. But this would have to be managed by Samba itself. It's a bit beyond me to make such extensive changes. Does the DECC$RENAME_NO_INHERIT fix this? Even if it does (and it seems like it should) it is a 7.3 feature, right? Since JYC's Samba supports 7.1 and greater, it doesn't seem like something we can rely on. Have you seen any of these issues with the HP Evaluation release? In an ideal world, we'd have time to evaluate the HP Evaluation release alongside JYC's 2.2.8 release. However, it doesn't look like it's close enough to being ready for production use to grab our interest at this time. Ben PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r15976 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-05-31 09:25:44 + (Wed, 31 May 2006) New Revision: 15976 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15976 Log: Set our internal domains to online by default in winbindd. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c trunk/source/nsswitch/winbindd_util.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2006-05-31 01:31:01 UTC (rev 15975) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2006-05-31 09:25:44 UTC (rev 15976) @@ -162,7 +162,7 @@ domain-sequence_number = DOM_SEQUENCE_NONE; domain-last_seq_check = 0; domain-initialized = False; - domain-online = False; + domain-online = is_internal_domain(sid); if (sid) { sid_copy(domain-sid, sid); } Modified: trunk/source/nsswitch/winbindd_util.c === --- trunk/source/nsswitch/winbindd_util.c 2006-05-31 01:31:01 UTC (rev 15975) +++ trunk/source/nsswitch/winbindd_util.c 2006-05-31 09:25:44 UTC (rev 15976) @@ -162,7 +162,7 @@ domain-sequence_number = DOM_SEQUENCE_NONE; domain-last_seq_check = 0; domain-initialized = False; - domain-online = False; + domain-online = is_internal_domain(sid); if (sid) { sid_copy(domain-sid, sid); }
svn commit: samba r15977 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-05-31 10:09:31 + (Wed, 31 May 2006) New Revision: 15977 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15977 Log: Fillup the password_policy method in winbindd for winbindd_passdb. This should make pam_winbind work again on a Samba PDC (and fix Bug #3800). Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c trunk/source/nsswitch/winbindd_passdb.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c2006-05-31 09:25:44 UTC (rev 15976) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c2006-05-31 10:09:31 UTC (rev 15977) @@ -443,8 +443,47 @@ TALLOC_CTX *mem_ctx, SAM_UNK_INFO_1 *policy) { - /* actually we have that */ - return NT_STATUS_NOT_IMPLEMENTED; + uint32 min_pass_len,pass_hist,password_properties; + time_t u_expire, u_min_age; + NTTIME nt_expire, nt_min_age; + uint32 account_policy_temp; + + if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + min_pass_len = account_policy_temp; + + if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + pass_hist = account_policy_temp; + + if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + password_properties = account_policy_temp; + + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_expire = account_policy_temp; + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_min_age = account_policy_temp; + + unix_to_nt_time_abs(nt_expire, u_expire); + unix_to_nt_time_abs(nt_min_age, u_min_age); + + init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, + password_properties, nt_expire, nt_min_age); + + return NT_STATUS_OK; } /* get a list of trusted domains */ Modified: trunk/source/nsswitch/winbindd_passdb.c === --- trunk/source/nsswitch/winbindd_passdb.c 2006-05-31 09:25:44 UTC (rev 15976) +++ trunk/source/nsswitch/winbindd_passdb.c 2006-05-31 10:09:31 UTC (rev 15977) @@ -455,8 +455,47 @@ TALLOC_CTX *mem_ctx, SAM_UNK_INFO_1 *policy) { - /* actually we have that */ - return NT_STATUS_NOT_IMPLEMENTED; + uint32 min_pass_len,pass_hist,password_properties; + time_t u_expire, u_min_age; + NTTIME nt_expire, nt_min_age; + uint32 account_policy_temp; + + if ((policy = TALLOC_ZERO_P(mem_ctx, SAM_UNK_INFO_1)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_LEN, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + min_pass_len = account_policy_temp; + + if (!pdb_get_account_policy(AP_PASSWORD_HISTORY, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + pass_hist = account_policy_temp; + + if (!pdb_get_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + password_properties = account_policy_temp; + + if (!pdb_get_account_policy(AP_MAX_PASSWORD_AGE, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_expire = account_policy_temp; + + if (!pdb_get_account_policy(AP_MIN_PASSWORD_AGE, account_policy_temp)) { + return NT_STATUS_ACCESS_DENIED; + } + u_min_age = account_policy_temp; + + unix_to_nt_time_abs(nt_expire, u_expire); + unix_to_nt_time_abs(nt_min_age, u_min_age); + + init_unk_info1(policy, (uint16)min_pass_len, (uint16)pass_hist, + password_properties, nt_expire, nt_min_age); + + return NT_STATUS_OK; } /* get a list of trusted domains */
svn commit: samba r15978 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: metze Date: 2006-05-31 10:17:05 + (Wed, 31 May 2006) New Revision: 15978 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15978 Log: - pass the error code back to the caller... - we were giving OPERATIONS_ERROR in all cases:-( - we now pass ALREADY_EXIST fine to the caller, and the code in libnet_site.c is happy again. - this bug wasn't noticed for a long time because the ldb_ildap code always passed SUCCESS to it's caller metze Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2006-05-31 10:09:31 UTC (rev 15977) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2006-05-31 10:17:05 UTC (rev 15978) @@ -262,7 +262,7 @@ ret = ltdb_check_special_dn(module, msg); if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + return ret; } if (ltdb_cache_load(module) != 0) { @@ -271,7 +271,7 @@ ret = ltdb_store(module, msg, TDB_INSERT); if (ret != LDB_SUCCESS) { - return LDB_ERR_OPERATIONS_ERROR; + return ret; } ret = ltdb_modified(module, msg-dn);
svn commit: samba r15979 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: metze Date: 2006-05-31 10:22:38 + (Wed, 31 May 2006) New Revision: 15979 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15979 Log: some farmating... metze Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2006-05-31 10:17:05 UTC (rev 15978) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2006-05-31 10:22:38 UTC (rev 15979) @@ -313,7 +313,6 @@ if (ltdb_ac-callback) { ret = ltdb_ac-callback(module-ldb, ltdb_ac-context, NULL); } - done: req-async.handle-state = LDB_ASYNC_DONE; return ret; @@ -419,9 +418,9 @@ goto done; } - if (ltdb_ac-callback) + if (ltdb_ac-callback) { ret = ltdb_ac-callback(module-ldb, ltdb_ac-context, NULL); - + } done: req-async.handle-state = LDB_ASYNC_DONE; return ret; @@ -784,9 +783,9 @@ goto done; } - if (ltdb_ac-callback) + if (ltdb_ac-callback) { ret = ltdb_ac-callback(module-ldb, ltdb_ac-context, NULL); - + } done: req-async.handle-state = LDB_ASYNC_DONE; return ret; @@ -855,9 +854,9 @@ goto done; } - if (ltdb_ac-callback) + if (ltdb_ac-callback) { ret = ltdb_ac-callback(module-ldb, ltdb_ac-context, NULL); - + } done: req-async.handle-state = LDB_ASYNC_DONE; return ret;
svn commit: samba r15980 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: gd Date: 2006-05-31 10:32:12 + (Wed, 31 May 2006) New Revision: 15980 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15980 Log: Correctly destroy talloc_ctx when the LDAP posix attribute query has failed. Noticed by Bob Gautier. Guenther Modified: branches/SAMBA_3_0/source/libads/ldap_schema.c trunk/source/libads/ldap_schema.c Changeset: Modified: branches/SAMBA_3_0/source/libads/ldap_schema.c === --- branches/SAMBA_3_0/source/libads/ldap_schema.c 2006-05-31 10:22:38 UTC (rev 15979) +++ branches/SAMBA_3_0/source/libads/ldap_schema.c 2006-05-31 10:32:12 UTC (rev 15980) @@ -303,14 +303,15 @@ } } - talloc_destroy(ctx); + if (!ads-schema.posix_uidnumber_attr || + !ads-schema.posix_gidnumber_attr || + !ads-schema.posix_homedir_attr || + !ads-schema.posix_shell_attr || + !ads-schema.posix_gecos_attr) { + status = ADS_ERROR(LDAP_NO_MEMORY); + goto done; + } - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_uidnumber_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_gidnumber_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_homedir_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_shell_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_gecos_attr); - status = ADS_ERROR(LDAP_SUCCESS); ads-schema.map_type = map_type; Modified: trunk/source/libads/ldap_schema.c === --- trunk/source/libads/ldap_schema.c 2006-05-31 10:22:38 UTC (rev 15979) +++ trunk/source/libads/ldap_schema.c 2006-05-31 10:32:12 UTC (rev 15980) @@ -303,14 +303,15 @@ } } - talloc_destroy(ctx); + if (!ads-schema.posix_uidnumber_attr || + !ads-schema.posix_gidnumber_attr || + !ads-schema.posix_homedir_attr || + !ads-schema.posix_shell_attr || + !ads-schema.posix_gecos_attr) { + status = ADS_ERROR(LDAP_NO_MEMORY); + goto done; + } - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_uidnumber_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_gidnumber_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_homedir_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_shell_attr); - ADS_ERROR_HAVE_NO_MEMORY(ads-schema.posix_gecos_attr); - status = ADS_ERROR(LDAP_SUCCESS); ads-schema.map_type = map_type;
svn commit: samba r15981 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: metze Date: 2006-05-31 10:36:48 + (Wed, 31 May 2006) New Revision: 15981 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15981 Log: we need to initialize 'ret' before 'goto failed' metze Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2006-05-31 10:32:12 UTC (rev 15980) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c 2006-05-31 10:36:48 UTC (rev 15981) @@ -606,9 +606,8 @@ ret = ltdb_unpack_data(module, tdb_data, msg2); if (ret == -1) { - talloc_free(tdb_key.dptr); - free(tdb_data.dptr); - return LDB_ERR_OTHER; + ret = LDB_ERR_OTHER; + goto failed; } if (!msg2-dn) { @@ -654,8 +653,10 @@ vals = talloc_realloc(msg2-elements, el2-values, struct ldb_val, el2-num_values + el-num_values); - if (vals == NULL) + if (vals == NULL) { + ret = LDB_ERR_OTHER; goto failed; + } for (j=0;jel-num_values;j++) { vals[el2-num_values + j] = @@ -675,6 +676,7 @@ /* add the replacement element, if not empty */ if (msg-elements[i].num_values != 0 msg_add_element(ldb, msg2, msg-elements[i]) != 0) { + ret = LDB_ERR_OTHER; goto failed; } break; @@ -682,7 +684,10 @@ case LDB_FLAG_MOD_DELETE: dn = ldb_dn_linearize(msg2, msg-dn); - if (dn == NULL) goto failed; + if (dn == NULL) { + ret = LDB_ERR_OTHER; + goto failed; + } /* we could be being asked to delete all values or just some values */ @@ -707,6 +712,7 @@ goto failed; } if (ltdb_index_del_value(module, dn, msg-elements[i], j) != 0) { + ret = LDB_ERR_OTHER; goto failed; } }
Re: svn commit: samba r15978 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
On Wed, 2006-05-31 at 10:17 +, [EMAIL PROTECTED] wrote: Author: metze Date: 2006-05-31 10:17:05 + (Wed, 31 May 2006) New Revision: 15978 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15978 Log: - pass the error code back to the caller... - we were giving OPERATIONS_ERROR in all cases:-( - we now pass ALREADY_EXIST fine to the caller, and the code in libnet_site.c is happy again. - this bug wasn't noticed for a long time because the ldb_ildap code always passed SUCCESS to it's caller Thanks metze, and no it wasn't a long time, it was my work around the async code that added this bug :-/ I really need to come out with a better error passing method for ldb async, the current one is too prone to errors imo. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org
svn commit: samba r15982 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-05-31 15:39:12 + (Wed, 31 May 2006) New Revision: 15982 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15982 Log: Fix confusing order of DEBUG statements in winbindds pam_auth. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c trunk/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-05-31 10:36:48 UTC (rev 15981) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-05-31 15:39:12 UTC (rev 15982) @@ -552,9 +552,6 @@ goto failed; } - DEBUG(10,(winbindd_raw_kerberos_login: winbindd validated ticket of %s\n, - local_service)); - if (!pac_data) { DEBUG(3,(winbindd_raw_kerberos_login: no pac data\n)); result = NT_STATUS_INVALID_PARAMETER; @@ -568,7 +565,10 @@ goto failed; } + DEBUG(10,(winbindd_raw_kerberos_login: winbindd validated ticket of %s\n, + local_service)); + /* last step: * put results together */ Modified: trunk/source/nsswitch/winbindd_pam.c === --- trunk/source/nsswitch/winbindd_pam.c2006-05-31 10:36:48 UTC (rev 15981) +++ trunk/source/nsswitch/winbindd_pam.c2006-05-31 15:39:12 UTC (rev 15982) @@ -552,9 +552,6 @@ goto failed; } - DEBUG(10,(winbindd_raw_kerberos_login: winbindd validated ticket of %s\n, - local_service)); - if (!pac_data) { DEBUG(3,(winbindd_raw_kerberos_login: no pac data\n)); result = NT_STATUS_INVALID_PARAMETER; @@ -568,7 +565,10 @@ goto failed; } + DEBUG(10,(winbindd_raw_kerberos_login: winbindd validated ticket of %s\n, + local_service)); + /* last step: * put results together */
svn commit: samba r15983 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-05-31 15:41:54 + (Wed, 31 May 2006) New Revision: 15983 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15983 Log: Honour the krb5 principal name change (of the new ads join code) in the kerberized winbind pam_auth. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c trunk/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-05-31 15:39:12 UTC (rev 15982) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-05-31 15:41:54 UTC (rev 15983) @@ -512,7 +512,7 @@ } strlower_m(client_princ); - local_service = talloc_asprintf(state-mem_ctx, HOST/[EMAIL PROTECTED], client_princ, lp_realm()); + local_service = talloc_asprintf(state-mem_ctx, [EMAIL PROTECTED], client_princ, lp_realm()); if (local_service == NULL) { DEBUG(0,(winbindd_raw_kerberos_login: out of memory\n)); result = NT_STATUS_NO_MEMORY; Modified: trunk/source/nsswitch/winbindd_pam.c === --- trunk/source/nsswitch/winbindd_pam.c2006-05-31 15:39:12 UTC (rev 15982) +++ trunk/source/nsswitch/winbindd_pam.c2006-05-31 15:41:54 UTC (rev 15983) @@ -512,7 +512,7 @@ } strlower_m(client_princ); - local_service = talloc_asprintf(state-mem_ctx, HOST/[EMAIL PROTECTED], client_princ, lp_realm()); + local_service = talloc_asprintf(state-mem_ctx, [EMAIL PROTECTED], client_princ, lp_realm()); if (local_service == NULL) { DEBUG(0,(winbindd_raw_kerberos_login: out of memory\n)); result = NT_STATUS_NO_MEMORY;
svn commit: samba r15984 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-05-31 15:45:19 + (Wed, 31 May 2006) New Revision: 15984 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15984 Log: Correctly handle the case when there is no configuration file for pam_winbind. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c trunk/source/nsswitch/pam_winbind.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-05-31 15:41:54 UTC (rev 15983) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-05-31 15:45:19 UTC (rev 15984) @@ -48,7 +48,7 @@ int ctrl = 0; const char *config_file = NULL; - if (d == NULL || *d == NULL) { + if (d == NULL) { goto config_from_pam; } Modified: trunk/source/nsswitch/pam_winbind.c === --- trunk/source/nsswitch/pam_winbind.c 2006-05-31 15:41:54 UTC (rev 15983) +++ trunk/source/nsswitch/pam_winbind.c 2006-05-31 15:45:19 UTC (rev 15984) @@ -48,7 +48,7 @@ int ctrl = 0; const char *config_file = NULL; - if (d == NULL || *d == NULL) { + if (d == NULL) { goto config_from_pam; }
svn commit: samba-web r994 - in trunk/news/announcements: .
Author: deryck Date: 2006-05-31 16:04:43 + (Wed, 31 May 2006) New Revision: 994 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=994 Log: Add link to sambaXP 2006 archive. deryck Added: trunk/news/announcements/sambaxp_06_archive.html Changeset: Added: trunk/news/announcements/sambaxp_06_archive.html === --- trunk/news/announcements/sambaxp_06_archive.html2006-05-30 17:13:47 UTC (rev 993) +++ trunk/news/announcements/sambaxp_06_archive.html2006-05-31 16:04:43 UTC (rev 994) @@ -0,0 +1,11 @@ +h3a name=sambaxp_06_archiveSamba Experience 06 Archive/a/h3 + +div class=article + pa href=http://sambaxp.org/index.php?id=92;Slides, pictures, and + audio from Samba eXPerience 2006/a are available from the sambaXP site + archives. Follow the links to emarchive/em and empictures/em in + the sidebar on the left-hand side of the page. Lots of good material + here, both for those who attended and for those who couldn't make it./p +/div + +
svn commit: samba r15985 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd Date: 2006-05-31 17:15:33 + (Wed, 31 May 2006) New Revision: 15985 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15985 Log: Adding own-domain switch to wbinfo which is handy from time to time. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/wbinfo.c trunk/source/nsswitch/wbinfo.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/wbinfo.c === --- branches/SAMBA_3_0/source/nsswitch/wbinfo.c 2006-05-31 15:45:19 UTC (rev 15984) +++ branches/SAMBA_3_0/source/nsswitch/wbinfo.c 2006-05-31 17:15:33 UTC (rev 15985) @@ -332,7 +332,15 @@ return True; } +/* List own domain */ +static BOOL wbinfo_list_own_domain(void) +{ + d_printf(%s\n, get_winbind_domain()); + + return True; +} + /* show sequence numbers */ static BOOL wbinfo_show_sequence(const char *domain) { @@ -1080,7 +1088,8 @@ OPT_ALLOCATE_UID, OPT_ALLOCATE_GID, OPT_SEPARATOR, - OPT_LIST_ALL_DOMAINS + OPT_LIST_ALL_DOMAINS, + OPT_LIST_OWN_DOMAIN }; int main(int argc, char **argv) @@ -1116,6 +1125,7 @@ { check-secret, 't', POPT_ARG_NONE, 0, 't', Check shared secret }, { trusted-domains, 'm', POPT_ARG_NONE, 0, 'm', List trusted domains }, { all-domains, 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, List all domains (trusted and own domain) }, + { own-domain, 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, List own domain }, { sequence, 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, Show sequence numbers of all domains }, { domain-info, 'D', POPT_ARG_STRING, string_arg, 'D', Show most of the info we have about the domain }, { user-info, 'i', POPT_ARG_STRING, string_arg, 'i', Get user info, USER }, @@ -1396,6 +1406,12 @@ if (!wbinfo_list_domains(True)) { goto done; } + break; + case OPT_LIST_OWN_DOMAIN: + if (!wbinfo_list_own_domain()) { + goto done; + } + break; /* generic configuration options */ case OPT_DOMAIN_NAME: break; Modified: trunk/source/nsswitch/wbinfo.c === --- trunk/source/nsswitch/wbinfo.c 2006-05-31 15:45:19 UTC (rev 15984) +++ trunk/source/nsswitch/wbinfo.c 2006-05-31 17:15:33 UTC (rev 15985) @@ -332,7 +332,15 @@ return True; } +/* List own domain */ +static BOOL wbinfo_list_own_domain(void) +{ + d_printf(%s\n, get_winbind_domain()); + + return True; +} + /* show sequence numbers */ static BOOL wbinfo_show_sequence(const char *domain) { @@ -1138,7 +1146,8 @@ OPT_ALLOCATE_UID, OPT_ALLOCATE_GID, OPT_SEPARATOR, - OPT_LIST_ALL_DOMAINS + OPT_LIST_ALL_DOMAINS, + OPT_LIST_OWN_DOMAIN }; int main(int argc, char **argv) @@ -1175,6 +1184,7 @@ { check-secret, 't', POPT_ARG_NONE, 0, 't', Check shared secret }, { trusted-domains, 'm', POPT_ARG_NONE, 0, 'm', List trusted domains }, { all-domains, 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, List all domains (trusted and own domain) }, + { own-domain, 0, POPT_ARG_NONE, 0, OPT_LIST_OWN_DOMAIN, List own domain }, { sequence, 0, POPT_ARG_NONE, 0, OPT_SEQUENCE, Show sequence numbers of all domains }, { domain-info, 'D', POPT_ARG_STRING, string_arg, 'D', Show most of the info we have about the domain }, { user-info, 'i', POPT_ARG_STRING, string_arg, 'i', Get user info, USER }, @@ -1461,6 +1471,12 @@ if (!wbinfo_list_domains(True)) { goto done; } + break; + case OPT_LIST_OWN_DOMAIN: + if (!wbinfo_list_own_domain()) { + goto done; + } + break; /* generic configuration options */ case OPT_DOMAIN_NAME: break;
svn commit: samba r15986 - in branches/SAMBA_4_0/source/lib/replace: .
Author: jelmer Date: 2006-05-31 17:34:04 + (Wed, 31 May 2006) New Revision: 15986 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15986 Log: Declare struct tm Modified: branches/SAMBA_4_0/source/lib/replace/replace.h Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/replace.h === --- branches/SAMBA_4_0/source/lib/replace/replace.h 2006-05-31 17:15:33 UTC (rev 15985) +++ branches/SAMBA_4_0/source/lib/replace/replace.h 2006-05-31 17:34:04 UTC (rev 15986) @@ -113,6 +113,7 @@ #endif #ifndef HAVE_TIMEGM +struct tm; time_t timegm(struct tm *tm); #endif
svn commit: samba r15987 - in branches/SOC/bnh: .
Author: brad Date: 2006-06-01 03:21:22 + (Thu, 01 Jun 2006) New Revision: 15987 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=15987 Log: common.vbs is the start of a library. Right now it sets up stdin and stdout, and has a class to handle command line options. Added library handling to the user and share scripts. They also use the library option handling class. Added: branches/SOC/bnh/common.vbs Modified: branches/SOC/bnh/ads_adduser.vbs branches/SOC/bnh/ads_deluser.vbs branches/SOC/bnh/smb_addshare.vbs branches/SOC/bnh/smb_delshare.vbs Changeset: Modified: branches/SOC/bnh/ads_adduser.vbs === --- branches/SOC/bnh/ads_adduser.vbs2006-05-31 17:34:04 UTC (rev 15986) +++ branches/SOC/bnh/ads_adduser.vbs2006-06-01 03:21:22 UTC (rev 15987) @@ -1,46 +1,58 @@ -Const ADS_UF_ACCOUNTDISABLE=2 +const READ_ONLY = 1 +const USAGE_STATEMENT = Usage: cscript ads_adduser.vbs /username:username /password:password +const ADS_UF_ACCOUNTDISABLE = 2 -Set stdout = WScript.StdOut -Set stdin = WScript.StdIn +' This function returns the contents of a file. +' When passed the name of a .vbs script and passed to execute, the contents +' of the script are visible within the relevant scope of this script. +function include(library_filename) + dim filesystem_object, file + set filesystem_object = createobject(scripting.filesystemobject) + set file = filesystem_object.opentextfile(library_filename, READ_ONLY) -'Check passed in parameters. -Set argv = WScript.Arguments.Named + include = file.readall + set file = nothing + set filesystem_object = nothing +end function -if WScript.Arguments.Count = 2 Then - username = argv.Item(username) - password = argv.Item(password) - - If Not argv.Exists(username) Then - stdout.Write You must specify a username (/username:username) - WScript.Quit - ElseIf Not argv.Exists(password) Then - stdout.Write You must specify a password (/password:password) - WScript.Quit - End If -Else - stdout.Write Usage: cscript ads_adduser.vbs /username:username /password:password - WScript.Quit -End If +execute include(common.vbs) -'Bind to the DC. -Set rootDSE = GetObject(LDAP://rootDSE) -Set container = GetObject(LDAP://CN=Users, _ - rootDSE.Get(defaultNamingContext)) +' Required command line options +dim required_options, provided_options -'Create the user account. -Set userAccount = container.Create(User, CN= username) -userAccount.Put sAMAccountName, username -userAccount.SetInfo +required_options = array(username, password) +set provided_options = wscript.arguments.named -'Get user account info. -Set userAccount = GetObject _ - (LDAP://CN= username ,CN=Users, _ - rootDSE.Get(defaultNamingContext)) +set setup_options = new setup_object +setup_options.check_options provided_options, required_options -'Set the password and enable the account. -userAccount.SetPassword password -userAccountControl = userAccount.Get(userAccountControl) -userAccount.Put userAccountControl, _ - userAccountControl XOR ADS_UF_ACCOUNTDISABLE -userAccount.SetInfo +if setup_options.error_code = RTN_ERR then + setup_options.list_missing_options + stdout.writeline USAGE_STATEMENT + wscript.quit(setup_options.error_code) +end if +username = provided_options.item(username) +password = provided_options.item(password) + +' Bind to the DC. +set rootDSE = getobject(LDAP://rootDSE) +set container = getobject(LDAP://CN=Users, _ + rootDSE.get(defaultNamingContext)) + +' Create the user account. +set user_account = container.create(User, CN= username) +user_account.put sAMAccountName, username +user_account.setinfo + +' Get user account info. +set user_account = getobject _ + (LDAP://CN= username ,CN=Users, _ + rootDSE.get(defaultNamingContext)) + +' Set the password and enable the account. +user_account.setpassword password +useraccountcontrol = user_account.get(userAccountControl) +user_account.put userAccountControl, _ + useraccountcontrol XOR ADS_UF_ACCOUNTDISABLE +user_account.setinfo Modified: branches/SOC/bnh/ads_deluser.vbs === --- branches/SOC/bnh/ads_deluser.vbs2006-05-31 17:34:04 UTC (rev 15986) +++ branches/SOC/bnh/ads_deluser.vbs2006-06-01 03:21:22 UTC (rev 15987) @@ -1,20 +1,42 @@ -Set stdout = WScript.StdOut -Set stdin = WScript.StdIn +const READ_ONLY = 1 +const USAGE_STATEMENT = Usage: cscript ads_deluser.vbs /username:username -' Check passed in parameters. -Set argv = WScript.Arguments.Named +' This function returns the contents of a file. +' When passed the name of a .vbs script and passed to execute, the contents +' of the script are visible within the relevant scope of this script. +function
svn commit: samba-docs r963 - in trunk/smbdotconf/ldap: .
Author: jerry Date: 2006-06-01 03:30:43 + (Thu, 01 Jun 2006) New Revision: 963 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=963 Log: BUG 780: fix typo Modified: trunk/smbdotconf/ldap/ldapgroupsuffix.xml Changeset: Modified: trunk/smbdotconf/ldap/ldapgroupsuffix.xml === --- trunk/smbdotconf/ldap/ldapgroupsuffix.xml 2006-05-27 16:56:17 UTC (rev 962) +++ trunk/smbdotconf/ldap/ldapgroupsuffix.xml 2006-06-01 03:30:43 UTC (rev 963) @@ -4,7 +4,7 @@ advanced=1 developer=1 xmlns:samba=http://www.samba.org/samba/DTD/samba-doc; description - paraThis parameters specifies the suffix that is + paraThis parameter specifies the suffix that is used for groups when these are added to the LDAP directory. If this parameter is unset, the value of smbconfoption name=ldap suffix/ will be used instead. The suffix string is pre-pended to the