[Samba] Re: User/Group HWM ignored when converting idmap from tdb to LDAP
simo [EMAIL PROTECTED] writes: 3.0.22. Sorry, obviously that should have been part of my original post! :-) Any chance you can try with 3.0.24 and report a bug in bugzilla if it is still the case? Tested today - bug still exists in 3.0.24 compiled from official samba sources. https://bugzilla.samba.org/show_bug.cgi?id=4405 has been added. Regards, \EF -- Erik ForsbergOpenSource-based Thin Client Technology Systems Analyst/DeveloperPhone: +46-13-21 46 00 Cendio ABWeb: http://www.cendio.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [PATCH] typo type
Very silly patch. I like the english joke :) type: Index: nsswitch/nss_info_template.c === --- nsswitch/nss_info_template.c(revision 21498) +++ nsswitch/nss_info_template.c(working copy) @@ -42,7 +42,7 @@ char **homedir, char **shell, char **gecos, - uint32 *gid ) + gid_t *gid ) { if ( !homedir || !shell || !gecos ) return NT_STATUS_INVALID_PARAMETER; typo: Index: nsswitch/nss_info.c === --- nsswitch/nss_info.c (revision 21498) +++ nsswitch/nss_info.c (working copy) @@ -136,7 +136,7 @@ struct nss_function_entry *nss_backend; struct nss_domain_entry *nss_domain; - /* The template backend should alqays be registered as it + /* The template backend should always be registered as it is a static module */ if ( (nss_backend = nss_get_backend( template )) == NULL ) { freddy77 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] nss_info_template.c problem with templates
In source/nsswitch/nss_info_template.c templates (lp_template_homedir and lp_template_shell) are not parsed for substitution. All other function calls pass lp_template_homedir/shell to talloc_sub_specified. I found a workaround using winbind nss info = ad Frediano Ziglio -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Simple Samba PDC on Debian GNU/Linux 4.0 (Etch)
Hi, I've tried to distil my experiences setting up a basic tdbasm based PDC on Debian on my blog. I'd appreciate peoples comments if I've gotten anything wrong or am using a more complex approach than is neccesary. http://blog.aplpi.com/index.php/2007/02/22/simple-samba-pdc-on-debian-40-etch/ I'm hoping to document the basic of using policies and automatic installing printer drivers too at some stage in the future using some of the tips from this list ... but I'm still digesting the data :) Thanks, -stephen -- Stephen Mulcahy, Applepie Solutions Ltd, Innovation in Business Center, GMIT, Dublin Rd, Galway, Ireland. mailto:[EMAIL PROTECTED] mobile:+353.87.2930252 office:+353.91.751262 http://www.aplpi.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] incompatibility between roaming profiles and winxp clients that didn't create them
[samba v3.0.24, gentoo w/ kernel 2.6.15] I'm hoping someone has some insight into the following problem that I've recently encountered: Basically, winxp seems to be creating roaming profiles that are incompatible with another winxp client. I've got two sets of winxp clients, which I'll call 'new' and 'old'. Profiles created (and perfectly usable) by the old clients don't work on the new clients, and profiles created (and usable) by the new clients won't work on the old clients. The catch is that as far as I can tell, I've configured the old clients and the new clients in exactly the same way. It may be that I've neglected to do something on the new clients that I did on the old. I didn't religiously document the process of configuring them, but I only remember doing the 'signorseal' registry tweak and the gpedit.msc tweak (see below for details). More detail: I've had a samba/ldap PDC running successfully for quite some time now (6+ months). Users can login to the domain, profiles are loaded and saved correctly to the PDC server, home drives are mapped correctly, the logon.bat is executed. Everything working great. But I just setup two new winxp machines (sp2, fully updated, etc..) and while I can login as any of the domain users, neither machine successfully loads the user's roaming profile. But it doesn't complain about anything either! The weird thing is that some desktop configuration stuff just plain doesn't work. For instance, any attempt to enable the quicklaunch menu on the taskbar is ignored (quicklaunch is enabled in the roaming profile). Ditto for enabling 'auto-hide' for the task bar. Also, I can change theme attributes for the desktop (colors, etc..) and they'll act like they've changed, but won't persist across a login/logout -- and yet there are no complaints about the profile when I log out, implying that winxp was able to save them to the PDC server just fine. I've applied the 'signorseal' registry hack to all winxp clients. I've also used gpedit.msc to enable 'Do not check for user ownership of Roaming Profile Folders'. So as far as I know, I've established the same config on all of my winxp clients. But the new ones are misbehaving. Or, rather, it's more accurate to say that the new ones and the old ones aren't playing nice together, when it comes to creating/saving/loading the roaming profiles. I created a brand new user (on the linux side via smbldap-useradd), and logged in as that user on the new winxp clients. A new roaming profile is created and works perfectly. That same (new) user does not have its profile loaded correctly on an existing (old) winxp client. No complaints from winxp, mind you, it just doesn't provide a fully functional desktop after login. It took a really long time to login the first time with the new user on an old client, but the login happens very quickly on subsequent tries. Logoff is quick, with no error messages about anything. This is precisely the same behavior I see when logging in as an 'old' user on a 'new' client. Needless to say, I'm using the same samba PDC for the whole thing. It's samba v3.0.24. Here's the profiles section from my smb.conf: [profiles] path = /var/lib/samba/profiles browseable = no writeable = yes create mask = 0600 directory mask = 0700 profile acls = yes csc policy = disable hide files = /desktop.ini/ntuser.ini/NTUSER.*/ (note: I've been informed that the 'signorseal' registry tweak is no longer necessary, so I'm about to remove that and test things, but I don't expect it to have any effect, since none of the winxp clients are complaining about establishing a connection with the PDC server.) I've browsed through the list archives and obviously there are a ton of roaming profiled related posts, but I haven't seen anything yet that seems to describe this particular problem. My apologies if there's a thread that deals with this - just point me at it if that's the case. Any help with this would be greatly appreciated! Thanks, David Hostetler -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Disapearing Drives: Urgent help needed
I need help on this urgently. Does anyone have any ideas? Is mine the only place that is experiencing this problem? The suits are making noises about getting a windows server in here, I don't want to see that happen, but I don't know how to fix this very serious Samba problem. + Ok, Unfortunately, this doesn't work. I've tried all manner of optimizing WINS settings on the file-server as well as on the clients, this problem seems to be getting worse and I feel like I'm just plugging leaks in the dike with my fingers! When the drive disappears, the samba logs show no errors or even connection attempts, and here's what shows up on a tcpdump: 12:26:41.025409 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 3364121045:3364121171(126) ack 1939213 win 64417 NBT Session Packet: Session Message 12:26:41.025949 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 1:40(39) ack 126 win 18194 NBT Session Packet: Session Message 12:26:41.026751 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 126:252(126) ack 40 win 64378 NBT Session Packet: Session Message 12:26:41.026863 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 40:79(39) ack 252 win 18194 NBT Session Packet: Session Message 12:26:41.034295 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 252:378(126) ack 79 win 64339 NBT Session Packet: Session Message 12:26:41.034388 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 79:118(39) ack 378 win 18194 NBT Session Packet: Session Message 12:26:41.044727 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 378:504(126) ack 118 win 64300 NBT Session Packet: Session Message 12:26:41.044816 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 118:157(39) ack 504 win 18194 NBT Session Packet: Session Message 12:26:41.045349 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 504:630(126) ack 157 win 64261 NBT Session Packet: Session Message 12:26:41.045449 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 157:196(39) ack 630 win 18194 NBT Session Packet: Session Message 12:26:41.054110 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 630:756(126) ack 196 win 64222 NBT Session Packet: Session Message 12:26:41.054372 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 196:235(39) ack 756 win 18194 NBT Session Packet: Session Message 12:26:41.055076 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 756:882(126) ack 235 win 64183 NBT Session Packet: Session Message 12:26:41.055192 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 235:274(39) ack 882 win 18194 NBT Session Packet: Session Message 12:26:41.065061 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 882:1008(126) ack 274 win 64144 NBT Session Packet: Session Message 12:26:41.065170 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 274:313(39) ack 1008 win 18194 NBT Session Packet: Session Message 12:26:41.065785 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 1008:1134(126) ack 313 win 64105 NBT Session Packet: Session Message 12:26:41.065891 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 313:352(39) ack 1134 win 18194 NBT Session Packet: Session Message 12:26:41.074449 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 1134:1260(126) ack 352 win 65535 NBT Session Packet: Session Message 12:26:41.074556 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 352:391(39) ack 1260 win 18194 NBT Session Packet: Session Message 12:26:41.075035 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 1260:1386(126) ack 391 win 65496 NBT Session Packet: Session Message 12:26:41.075143 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 391:430(39) ack 1386 win 18194 NBT Session Packet: Session Message 12:26:41.084052 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 1386:1512(126) ack 430 win 65457 NBT Session Packet: Session Message 12:26:41.084150 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 430:469(39) ack 1512 win 18194 NBT Session Packet: Session Message 12:26:41.084737 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 1512:1638(126) ack 469 win 65418 NBT Session Packet: Session Message 12:26:41.084835 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 469:508(39) ack Ron Garcia-Vidal wrote: Wow, I can only be sure by playing the waiting game, but the WINS server parameter was pointing to a machine that I'd retired long ago! This could very well be the culprit! Thank you so much for the tip.
Re: [Samba] incompatibility between roaming profiles and winxp clients that didn't create them
David Hostetler wrote: Basically, winxp seems to be creating roaming profiles that are incompatible with another winxp client. This doesn't help, but since either the November Microsoft Patch Tuesday we've seen the exact same thing across 19 different Samba PDC's running RHES4 with Samba 3.0.10. In some of the forums I've been reading, I've seen the same problem mentioned, but by people running Windows 2k3 server, so I don't think it's a Samba/Windows 2k3 PDC/AD issue, I suspect it's a client-side problem introduced from some update. I've been searching for a solution, but I haven't found one yet. It's not a fix, but it has helped some of our machines to install the User Hive Profile Cleanup Service. On some machines, it has fixed the problem, other machines, not. http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582displaylang=en I don't have hard numbers, but every Patch Tuesday since November, we've seen additional machines having the same problems, either wednesday, thursday or friday, after updating. Eric Feldhusen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disapearing Drives: Urgent help needed
Ron Garcia-Vidal wrote: I need help on this urgently. Does anyone have any ideas? Is mine the only place that is experiencing this problem? The suits are making noises about getting a windows server in here, I don't want to see that happen, but I don't know how to fix this very serious Samba problem. + I don't have much of a clue as to what wrong with your system and this won't figure out the problem, but hey - anything to get things back to normal ( and keep Windows out.) Do you have a valid backup of the system before making the upgrade that broke things? You could reinstall the last working version of samba and do a restore of the pertinent samba config dirs files. Make a tarball of what you have now just in case the restore makes things worse. I had at one time totally hammered samba while messing with it. Fortunately, I did the tarball thing and saved myself. -- Toby Bluhm Midwest Instruments Inc. 30825 Aurora Road Suite 100 Solon Ohio 44139 440-424-2250 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Performance issue with Vista
Hi, I tested a little bit Samba with Windows vista and found serious performance issue regarding reading large files from Samba server. Computers that I tested Samba with were all identical computers equipped with 2,8 GHz Pentium D processors, 1 GB memory and 1 Gbit/s LAN. All computers have only external USB hard drives so that it is easier to change from operating system to another. First I tested performance with 160 MB tar.gz file and there were no problems. SMBClient from another Linux computer reads and writes about 45 MB/s. Performance on Vista Client was higher than this. Write was just a little bit under 50 MB/s and read 48 MB/s. Then I moved to larger files to make sure that I would get results that simulate better the environment, where I need Samba myself (Saving and reading 500-1000 MB images from and to Photoshop) . I chose 690MB Knoppix image. Read and write from SMBclient were 27 to 28 MB/s at average. Writing from Vista bursts at 50 MB/s and minimum was 28 MB/s leading to over 30 MB/s average. _Then to the problem_: Reading from Samba share gave bursts of 6 MB/s and repeated drops to 0,5 MB/s. I have same kind of problem also at home (at the moment 100 MB/s network) using same version of samba and nearly identical configuration file. SMBClient reads and writes ok but performance from Windows XP is poor (but in this case both reading and writing) Has anyone else encountered same behaviour and is there any workarounds for this. Linux systems that I use are Debian Sarge 3.1r5 and Samba version is 3.0.14a-3s. Thanks in advance, Mikko Pukki smb.conf global settings: [global] workgroup = * server string = %h server (Samba %v) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File Locking
Hi- I'm running Samba on OpenSuse10.2 and have shared some drives with Windows clients. The clients are accessing a bunch of MS Word files on the server and we have experienced a lot of weird file locking problems. Sometimes MS Word will open the file as Read-Only which is creating a bit of a headache. I would like to turn off file locking completely on the Samba side and was wondering what I needed to add to the .conf file. Is this enough? oplocks = No level2 oplocks = No Also, if I turn off the file locking on Samba and not on the clients via the registry, what kind of behaviour might I expect? Thanks for any input. -Alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Locking
On Thu, 2007-02-22 at 09:31 -0500, Alan Cheers wrote: Hi- I'm running Samba on OpenSuse10.2 and have shared some drives with Windows clients. The clients are accessing a bunch of MS Word files on the server and we have experienced a lot of weird file locking problems. Sometimes MS Word will open the file as Read-Only which is creating a bit of a headache. I would like to turn off file locking completely on the Samba side and was wondering what I needed to add to the .conf file. Is this enough? oplocks = No level2 oplocks = No Also, if I turn off the file locking on Samba and not on the clients via the registry, what kind of behaviour might I expect? No, oplocks are only a performance tweak, but turning them off will not disable file locking. As per the the smb.conf man file, (and though I hesitate to even tell you this.) locking = no is what you are asking for. However, I caution that a Minor Headache is nothing compared to the trouble you are asking for with this approach. locking=no should never be used on a filesystem that isn't read-only to begin with! It would be better, rather, to try to discover the source of your woe. Maybe, when you find a workstation that refuses to open a file read-write, you can try to run smbstatus on the server to find which computer is keeping a lock on that file. Thanks for any input. -Alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Disapearing Drives: Urgent help needed
I BELIEVE this might be a client issue. I'm not really up to speed on Samba yet, but there are some settings on XP that can affect this. If so, switching to a Windows server won't fix it. On the XP Client, command window: C:\WINDOWS|► net config server Server Name \\ Server Comment Software version Windows 2002 Server is active on NetbiosSmb () Server hidden No Maximum Logged On Users 10 Maximum open files per session16384 Idle session time (min) 15 The command completed successfully. Idle session time is 15 minutes. While this sounds like it will disconnect clients connecting TO the XP machine, I think it works both ways. Change it by: C:\WINDOWS|► net config server /AUTODISCONNECT:-1 The output should change to: Idle session time (min) -1 If this doesn't work try the registry: [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters] KeepAliveTime=dword:0030 KeepAliveInterval=dword:1000 30 ms or, 5 minutes From http://support.microsoft.com/kb/314053: KeepAliveInterval Key: Tcpip\Parameters Value Type: REG_DWORD - Time in milliseconds Valid Range: 1 - 0x Default: 1000 (one second) Description: This parameter determines the interval that separates keepalive retransmissions until a response is received. After a response is received, KeepAliveTime again controls the delay until the next keepalive transmission. The connection is aborted after the number of retransmissions that are specified by TcpMaxDataRetransmissions are unanswered. KeepAliveTime Key: Tcpip\Parameters Value Type: REG_DWORD - Time in milliseconds Valid Range: 1 - 0x Default: 7,200,000 (two hours) Description: The parameter controls how frequently TCP tries to verify that an idle connection is still intact by sending a keepalive packet. If the remote computer is still reachable and functioning, the remote computer acknowledges the keepalive transmission. By default, keepalive packets are not sent. A program can turn on this feature on a connection Let us know! Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Garcia-Vidal Sent: Thursday, February 22, 2007 5:06 AM To: samba@lists.samba.org Subject: [Samba] Disapearing Drives: Urgent help needed I need help on this urgently. Does anyone have any ideas? Is mine the only place that is experiencing this problem? The suits are making noises about getting a windows server in here, I don't want to see that happen, but I don't know how to fix this very serious Samba problem. + Ok, Unfortunately, this doesn't work. I've tried all manner of optimizing WINS settings on the file-server as well as on the clients, this problem seems to be getting worse and I feel like I'm just plugging leaks in the dike with my fingers! When the drive disappears, the samba logs show no errors or even connection attempts, and here's what shows up on a tcpdump: 12:26:41.025409 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 3364121045:3364121171(126) ack 1939213 win 64417 NBT Session Packet: Session Message 12:26:41.025949 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 1:40(39) ack 126 win 18194 NBT Session Packet: Session Message 12:26:41.026751 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 126:252(126) ack 40 win 64378 NBT Session Packet: Session Message 12:26:41.026863 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 40:79(39) ack 252 win 18194 NBT Session Packet: Session Message 12:26:41.034295 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 252:378(126) ack 79 win 64339 NBT Session Packet: Session Message 12:26:41.034388 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 79:118(39) ack 378 win 18194 NBT Session Packet: Session Message 12:26:41.044727 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 378:504(126) ack 118 win 64300 NBT Session Packet: Session Message 12:26:41.044816 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 118:157(39) ack 504 win 18194 NBT Session Packet: Session Message 12:26:41.045349 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 504:630(126) ack 157 win 64261 NBT Session Packet: Session Message 12:26:41.045449 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 157:196(39) ack 630 win 18194 NBT Session Packet: Session Message 12:26:41.054110 IP tmc152.millburncorp.com.3046 tmcsamba1.millburncorp.com.netbios-ssn: P 630:756(126) ack 196 win 64222 NBT Session Packet: Session Message 12:26:41.054372 IP tmcsamba1.millburncorp.com.netbios-ssn tmc152.millburncorp.com.3046: P 196:235(39) ack 756 win 18194 NBT Session
Re: [Samba] [PATCH] typo type
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZIGLIO, Frediano, VF-IT wrote: Very silly patch. I like the english joke :) type: Index: nsswitch/nss_info_template.c === --- nsswitch/nss_info_template.c(revision 21498) +++ nsswitch/nss_info_template.c(working copy) @@ -42,7 +42,7 @@ char **homedir, char **shell, char **gecos, - uint32 *gid ) + gid_t *gid ) { if ( !homedir || !shell || !gecos ) return NT_STATUS_INVALID_PARAMETER; Frediano, The only problem is that the gid is parsed as a uint32 through the winbindd code (in the request structure). Did you experience a problem due to this? Or just stating that the gid_t type is more approriate (which I agree with but that isa larger change) The main problem in using gid_t is that we need a data type of known size on both 32bit and 64bit compiles so that for example /lib32/libnss_winbind.so can talk to a 64bit winbindd running on the saying system. Index: nsswitch/nss_info.c === --- nsswitch/nss_info.c (revision 21498) +++ nsswitch/nss_info.c (working copy) @@ -136,7 +136,7 @@ struct nss_function_entry *nss_backend; struct nss_domain_entry *nss_domain; - /* The template backend should alqays be registered as it + /* The template backend should always be registered as it is a static module */ Thanks. Fixing this now. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF3dJ+IR7qMdg1EfYRAnkXAJ4+As5xbcmhODHPClneMZunwEw4UQCePINn cWG225hNUjjpTNgsL7SQ3TA= =ng+F -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nss_info_template.c problem with templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ZIGLIO, Frediano, VF-IT wrote: In source/nsswitch/nss_info_template.c templates (lp_template_homedir and lp_template_shell) are not parsed for substitution. All other function calls pass lp_template_homedir/shell to talloc_sub_specified. I found a workaround using winbind nss info = ad Thanks. I'll fix this. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF3dSkIR7qMdg1EfYRAuD/AJoCFMD2OLkDuPyVPY4j25S/tKznSgCgr3h5 paWc4J0rNRsd5IZK+tnWKn4= =47cr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Samba Authentication
Hi, i have installed a PDC authenticated with LDAP in a network with Linux and Win XP hosts. My intention is to authenticate (throught TLS) every user or at least the machines wich are trying to get access to the resources. LDAP and Samba are in the same machine so the communication is by the 389 port. Besides, LDAP communication with the network is by ldap ssl. I have tried a lot of configurations, but i have not found the right one. I want that every Win host sends a TLS certificate to Samba in order to the server to authenticate them, and if it fails, the user could not log into the machine. I have to say that with Linux hosts it is working the way i want. So the TLS configuration in LDAP is right. Windows is not UNIX; it works the way Windows works, not the way you want it to work. If you want to authenticate Windows user's against an LDAP DSA you must setup Samba as a PDC and join the machines to the domain. Anyone knows if i can get this? No. or even better, Can anyone tell me wich would be the basic configuration options to get it? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disapearing Drives: Urgent help needed
On 2/6/07, Ron Garcia-Vidal [EMAIL PROTECTED] wrote: Wow, I can only be sure by playing the waiting game, but the WINS server parameter was pointing to a machine that I'd retired long ago! This could very well be the culprit! Thank you so much for the tip. I'll post back if this problem disappears for a few days. Where is the WINS server now? What does the nmbd log have to say? Are your clients pointing to the WINS server as well? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Samba Authentication
On 2/22/2007 Adam Tauno Williams ([EMAIL PROTECTED]) wrote: Windows is not UNIX; it works the way Windows works, not the way you want it to work. If you want to authenticate Windows user's against an LDAP DSA you must setup Samba as a PDC and join the machines to the domain. Or use the pGINA... www.pgina.org/?page_id=3 -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows cannot obtain the domain controller name foryour computer network error on XP Pro SP2 clients for Samba 3.0.23dPDC
Hi, I've noticed that any policy I created - the default machine part seems to be processed but the default user part does not get processed - which I suspect is back to the 1054 event I'm seeing in the application event logs. I've enabled usernev debug logging to try and get to the bottom of this - the snippet around the event failure relating to user policy processing is as follows USERENV(280.5b4) 18:45:52:468 ProcessGPOs: USERENV(280.5b4) 18:45:52:468 ProcessGPOs: USERENV(280.5b4) 18:45:52:468 ProcessGPOs: Starting user Group Policy (Background) processing... USERENV(280.5b4) 18:45:52:468 ProcessGPOs: USERENV(280.5b4) 18:45:52:468 ProcessGPOs: USERENV(280.5b4) 18:45:52:468 EnterCriticalPolicySectionEx: Entering with timeout 60 and flags 0x0 USERENV(280.5b4) 18:45:52:468 EnterCriticalPolicySectionEx: User critical section has been claimed. Handle = 0x93c USERENV(280.5b4) 18:45:52:468 EnterCriticalPolicySectionEx: Leaving successfully. USERENV(280.5b4) 18:45:52:468 GetUserGuid: Failed to get user guid with 1355. USERENV(280.5b4) 18:45:52:468 GetUserGuid: Failed to get user guid with 1355. USERENV(280.5b4) 18:45:52:468 ProcessGPOs: Machine role is 1. USERENV(280.5b4) 18:45:52:468 ProcessGPOs: The DC for domain DUCK is not available. aborting USERENV(280.5b4) 18:45:52:468 ProcessGPOs: No WMI logging done in this policy cycle. USERENV(280.5b4) 18:45:52:468 ProcessGPOs: Processing failed with error 1355. USERENV(280.5b4) 18:45:52:468 LeaveCriticalPolicySection: Critical section 0x93c has been released. USERENV(280.5b4) 18:45:52:468 ProcessGPOs: User Group Policy has been applied. USERENV(280.5b4) 18:45:52:468 ProcessGPOs: Leaving with 0. I'm unfamiliar with Windows UserEnv logging so this could all be normal but USERENV(280.5b4) 18:45:52:468 ProcessGPOs: The DC for domain DUCK is not available. aborting looks suspect to me. The domain I'm using is APLPI - not DUCK. DUCK is the PDC for the domain. Is this a normal message or does something have the nebtios name of the PDC and domain name mixed up. Anyone have any thoughts on this? Microsoft discuss this in http://support.microsoft.com/kb/840669 - I'm not sure if its the same problem and I'm not sure I want to go chasing Microsoft support about this. Thanks for your help, -stephen stephen mulcahy wrote: stephen mulcahy wrote: In the interests of getting to the bottom of this I went and configured Samba on another system as a PDC for a second domain. I then joined yet another machine to this domain (of the same spec and configuration as the systems I'd previous experienced problems with) and diligently examined the event log for any errors ... noting that there were no event id 1054 's reported this time. Hi, In the interests of verifying my theories I went and reinstalled one of our office systems from scratch with Windows XP SP2 and then ran Microsoft Update to bring the system entirely up to date. I then went and joined it back to my Samba domain and restarted. What do I see on reboot only my good friend event 1054. So it looks like some recent change of Microsoft's is causing this error (since I don't see it on less up to date systems). *sigh* - I'm now thoroughly out of ideas but don't know what the implications of this are other than that it seems to prevent at least part of my NTConfig.POL being parsed. I'm surprised no-one else has come across this (or am I the only crazy installing all of Microsoft's updates on my clients? :). -stephen -- Stephen Mulcahy, Applepie Solutions Ltd, Innovation in Business Center, GMIT, Dublin Rd, Galway, Ireland. mailto:[EMAIL PROTECTED] mobile:+353.87.2930252 office:+353.91.751262 http://www.aplpi.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] Net groupmap list puzzler
Hi, I think at first you have to do a net groupmap add all the well known Groups. System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Users (S-1-5-21-3732367786-856876144-3282938955-513) - -1 Domain Admins (S-1-5-21-3732367786-856876144-3282938955-512) - -1 Power Users (S-1-5-32-547) - -1 Domain Guests (S-1-5-21-3732367786-856876144-3282938955-514) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 This is my example working with suse groupadd ntadmins groupadd domusers net groupmap add ntgroup=“Domain Admins“ unixgroup=ntadmins rid=512 type=domain net groupmap add ntgroup=“Domain Users“ unixgroup=domusers rid=513 type=domain This case go through all groups you need mapping the groups with the right rid. after done this a net groupmap list must be shown this way: Domain Users (S-1-5-21-3732367786-856876144-3282938955-513) - domusers Domain Admins (S-1-5-21-3732367786-856876144-3282938955-512) - ntadmins Domain Guests (S-1-5-21-3732367786-856876144-3282938955-514) - nobody To grant the rights to the group with the rid 512 Domain Admins you gotta do a rpc right grant for this group and set in the global of your smb.conf enable privileges=yes greetings daniel Original-Nachricht Datum: Tue, 20 Feb 2007 13:50:14 -0600 Von: Craig Jackson [EMAIL PROTECTED] An: samba@lists.samba.org CC: Betreff: [Samba] Net groupmap list puzzler Hi Dudes, I have a samba Version 3.0.23d that has successfully joined our Server 2003 ADS domain. # wbinfo -u shows the users # wbinfo -g shows the groups And I can chown/grp directories to NT users groups. However, # net groupmap list only shows Administrators (S-1-5-32-544) - BUILTIN\administrators Users (S-1-5-32-545) - BUILTIN\users So if I try to map groups, this is what happens. # net groupmap modify ntgroup=Domain Admins unixgroup=domadmins # NT Group Domain Admins doesn't exist in mapping DB One other problem. I get permission denied when I try to Modify ACLs. The ext3 file system is mounted with acl and nt acl support = yes is in the share section defined. Please help with a hint. I have Googled and read the Samba Chapter 12/13 on the net command to no avail. Thanks. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] smbldap-populate - failed to add entry: modifications
Hello, did you write the ldap Admin in your smb.conf? did you made a smbpasswd -w yourladpadminpasswort? smbpasswd -a root? This has to be done before populate Original-Nachricht Datum: Mon, 12 Feb 2007 14:10:28 +0700 Von: bppi [EMAIL PROTECTED] An: samba@lists.samba.org CC: Betreff: [Samba] smbldap-populate - failed to add entry: modifications hai. i have problem similiar that u have. when i use smbldap populate, it required auth...error code 471 provide pass for root and it says user root doesnt exist please help me -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Feel free - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: www.gmx.net/de/go/mailfooter/topmail-out -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.23d, smbpasswd, and NO PASSWORD behaviour
We've recently started using samba-3.0.23d on Mandriva 2007.0 linux systems and we've noticed a change in behaviour of smbpasswd when a non-root user tries to change their password from NO PASSWORD. Here's an example smbpasswd entry (all one line): testuser:12345:NO PASSWORDX: NO PASSWORDX:[NU ]:LCT-: The possibly related settings in our smb.conf are: encrypt passwords = yes security = user unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *password:* %n\n *password* %n\n *successfully* null passwords = no Since null passwords = no a user with NO PASSWORD should not be able to login to the samba account. That's working as expected. In past versions of samba, testuser could login to the linux account, run smbpasswd, enter an empty old password, and set a new password. Now when we try this we get this failure: [EMAIL PROTECTED] ~]$ smbpasswd Old SMB password: New SMB password: Retype new SMB password: Could not connect to machine 127.0.0.1: NT_STATUS_LOGON_FAILURE Failed to change password for testuser Does anyone know why this failure is happening now? Was the behaviour of smbpasswd changed intentionally? If so, in what samba version did this change happen? Is there an alternative way to achieve the smbpasswd behaviour that we had in the past? Thanks, -- Todd Pfaff [EMAIL PROTECTED] Research High-Performance Computing Support McMaster University, Hamilton, Ontario, Canada http://www.rhpcs.mcmaster.ca/~pfaff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT not logging in with root
Hello, I am trying to set up a samba server for a few shared directories on AIX 5.3. It is running in a Windows 2000 domain. It now seems to share properly, but swat does not accept any login ID. I set up swat with the /etc/services and /etc/inetd.conf entries as per the manual. When I use a browser to http://myserver:901; I get a login box for name and password, but it does not accept the root password. My system is configured to authenticate with ADS, but I am not using winbindd as I still want to maintain permissions with the local Unix users and groups. The swat log file shows the error: auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root ! Here is the global section of my smb.conf: [global] workgroup = MYDOMAIN realm = MYDOMAIN.COM server string = Samba Server security = ADS log file = /var/log/samba/log.%m max log size = 50 local master = No dns proxy = No hosts allow = 172.16.2., 172.16.100., 127. username map = /opt/pware/samba/3.0.24/lib/usermap.conf Thanks. ---Hillel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [PATCH] typo type
On Thu, 2007-02-22 at 12:12 +0100, ZIGLIO, Frediano, VF-IT wrote: Very silly patch. I like the english joke :) I suggest re-posting to samba-technical, where it is more likely to be noticed. (The type may well have been deliberate, so I need someone else to look at it) Thanks, -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to I clean up Samba to start over?
I've been working on setting up Samba, but after playing around with it for some time and probably messing things up I'm getting all sorts of permission problems. Plus, when I look in Webmin, I find duplicate and triplicate listings of Samba groups. What I would like to is wipe it clean and try and start over since I now know a lot more about what works and what doesn't. But how do I do this? Boaz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to I clean up Samba to start over?
I've been working on setting up Samba, but after playing around with it for some time and probably messing things up I'm getting all sorts of permission problems. Plus, when I look in Webmin, I find duplicate and triplicate listings of Samba groups. What I would like to is wipe it clean and try and start over since I now know a lot more about what works and what doesn't. But how do I do this? Boaz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Lastest upgrade of smb on RedHat doesn't work
The latest upgrade of from samba 3.0.9 to samba 3.0.10 has caused problems on my samba server. On the Windows computers you can no longer see the WINS server ( the RedHat server) in the Network Neighborhood, say server1. The printers that we have added through the network neighborhood no longer work. One has to search for the full name of the server ( server1.xxx.xxx.edu) with the Search program on Windows. The server appears and the user will find that he is automatically logged into the server and all the printers are available. If one adds new printers from this connection, the printers work. The next time that the user logs in the printers that are queues on server1.xxx.xxx.edu work; the printers on server1 do not. I can't have my users trading back and forth. Is there a patch for the latest upgrade? Or how can I downgrade back to 3.0.10. Other things that I see - On the computer that works as expected: pam_smb-1.1.7-1 samba-common-3.0.9-1.3E.10 samba-3.0.9-1.3E.10 redhat-config-samba-1.0.16-5 samba-client-3.0.9-1.3E.10 # uname -r 2.4.21-47.0.1.EL On the upgraded computer: pam_smb-1.1.7-5 gnome-vfs2-smb-2.8.2-8.2 system-config-samba-1.2.21-1 samba-3.0.10-1.4E.11 samba-client-3.0.10-1.4E.11 samba-common-3.0.10-1.4E.11 samba-swat-3.0.10-1.4E.11 # uname -r 2.6.9-42.0.8.ELsmp Using smbclient -L server -N on the system that was upgraded gives me: Server Comment ---- CHEMPS chemps - Chemistry Samba Server GC407-JIANG Personal laptop WorkgroupMaster ---- CHEMISTRYCHEMPS DLAB GC207-COSTELLO ROSEPETRUCK GC244-NTSVR1 Using the same command on the system that was not upgraded, I get: Server Comment ---- DELL-GC139 Dell Optiplex - GC139 GC012B Dell GC017 GC031-DELL2 GC032-RAY GC049-BURGESSgc049-burgess GC049-LC gc049-LC GC104-PAULINE GC105-NANCY GC109-DELL1 GC109-DELL2 GC109-DELL3 GC109A gc109a GC117dell GC117C GC117B_3rdDell GC123-DELL GC135-NICHOLSgc135-Nichols GC138-D3000 GC138-L610 GC140-DONDon Pryor GC141gc141 GC142A TDH's GC computer GC147-DELL GC151-DELL GC151-HOUJuzhi Hou GC167dell GC167-GX620 GEOPSGeops - Samba Server for Geological Sciences HURRICANEsamba 3.0.2, LDC for MacMillan KITT MM221-ICCI ICCI WorkgroupMaster ---- AD CES167PS871 BIOMED BM16MMBL81 CHEM MM220 CHEM-TESTGC166-RESRV CHEMISTRYFHD-HLAN964 CONTROLS APOGEE2 GEOLOGY GEOPS MACMILLANQUAHOG MSHOME MM313-DELL MYGROUP OKSANA PP PREZ GC103-DELL RSGISXIPE UEL OESLAPTOP WORKGROUPGC006IMAC Using smbstatus on the system that is upgraded, I get: smbstatus Samba version 3.0.10-1.4E.11 PID Username Group Machine --- 8090 user1chemusers gc321- (128.148.x) 8323 user2chemusers gc229-fmpro2 (128.148.x) 8144 user3 basuuhnak gc439- (128.148.x) 7298 user4 chemusers gc313- (128.148.x) 7341 user5 chemusers gc166-mm (128.148.x) 7303 user6stockroom gc221- (128.148.x) Service pid machine Connected at --- IPC$ 8323 gc229-fmpro2 Thu Feb 22 16:17:02 2007 user5 7341 gc166-mm Thu Feb 22 15:22:47 2007 user3 8144 gc439 Thu Feb 22 16:09:28 2007 user18090 gc321 Thu Feb 22 16:05:30 2007 user4 7298 gc313 Thu Feb 22 15:20:25 2007 user67303 gc221 Thu Feb 22 15:38:53 2007 user6 7303 gc221 Thu Feb 22 15:20:33 2007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hide Unreadable and user ACLs
I'm not sure if this is a bug or Working As Designed. I'm hoping someone can clarify for me. Brief environment: SLES 9, SP3; samba-3.0.20b-3.4 We use Posix ACLs for a more granular control of permissions on our shares. We also use hide unreadable = yes for one share (we'd prefer to use it for more but we can't due to this issue). With hide unreadable = yes, if a _group_ ACL entry has the read permission to a file or folder, and a user is a member of the group, the file or folder is visible. However, if a _user_ ACL entry has the read permission to a file or folder, the file or folder is *still hidden* to the user. Is this a known issue, working as intended, or a bug? If it's a bug, how would I go about reporting it? Edward L. Hannaford -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: incompatibility between roaming profiles and winxp clients that didn't create them
Eric, thanks for the reply. I've been experimenting with the profiles all day and discovered a few things, but nothing that really solves the problem. I did try the UHPC tool that you mentioned. Interestingly I did in fact have a whole slew of event logs of exactly the kind mentioned in the UHPC readme, but installing the service doesn't seem to have had any effect on the incompatible profile problem. I also played around with more of the profile-related options in gpedit.msc (like 'wait for remote user profile', and 'always wait for the network at computer startup and logon'. These also don't seem to have had any effect (positive or negative). I discovered that it doesn't seem to be the profile files themselves that are the problem. I did the following (for a particular user): 1) change the profile type to 'local' for a particular user 2) manually replace the local profile folder (which gets created after step 1) with the PDC's profile directory for the user 3) login as the user The profile gets loaded without complaint, and everything seems to work normally. It seemed to work going in either direction as well - that is, getting a new winxp client to load an old profile and an old winxp client to load a new profile. However, while I'm able to login on any client, and the profile seems to get loaded (and windows claims the profile is of type 'roaming' and status 'roaming'), changes to the user's environment/desktop don't seem to transfer to/from the roaming profile, for either new or old clients. They both seem to be just happily loading the 'cached' local copy. I don't know if that's actually what's happening - especially since I enabled stuff in gpedit.msc that should raise some kind of alarm if windows isn't communicating successfully with the PDC (and defaulting back to the cached local profile). The step that seems to be reliably screwing up is when winxp tries to create the local cached profile -- even if it's caching a roaming profile that it specifically created (i.e. the client trying to cache it locally is the same client that only moments before wrote the profile to an empty profile folder on the PDC). Sorry to be so wordy again, but I just want to leave a trail of what I'm seeing, in case someone strolls by who has the elusive tiny piece of knowledge that will solve this. cheers, David Hostetler Eric J. Feldhusen wrote: David Hostetler wrote: Basically, winxp seems to be creating roaming profiles that are incompatible with another winxp client. This doesn't help, but since either the November Microsoft Patch Tuesday we've seen the exact same thing across 19 different Samba PDC's running RHES4 with Samba 3.0.10. In some of the forums I've been reading, I've seen the same problem mentioned, but by people running Windows 2k3 server, so I don't think it's a Samba/Windows 2k3 PDC/AD issue, I suspect it's a client-side problem introduced from some update. I've been searching for a solution, but I haven't found one yet. It's not a fix, but it has helped some of our machines to install the User Hive Profile Cleanup Service. On some machines, it has fixed the problem, other machines, not. http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582displaylang=en I don't have hard numbers, but every Patch Tuesday since November, we've seen additional machines having the same problems, either wednesday, thursday or friday, after updating. Eric Feldhusen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + Bonding = Terrible Performance
Hello, Please CC replies I'm not subscribed. Performance with samba and only samba degrades terribly when we use the bonding driver to aggregate two ethernet cards. Instead of a steady file copy it seems to go in spurts. If I pull out one of the network cables (doesn't matter which) performance resumes to full speed. I can pull the cable in the middle of a transfer and it will go to half speed, or I can restart the transfer. It is *ALWAYS* slower when both cards are active. An 80MB file might take approx 50 seconds with both active and 15 with only one active. The switch is a DGS-1224T which supports trunking/channel bonding and other servers haven't show problems. Again, NFS, scp, ssh, netperf all remain unaffected regardless of 1 or 2 cards active. Samba IS bound to the bond0 interface and only that interface. I haven't been able to find much on google/forums about this since it seems to be a very specific interaction between bonding and samba. Configuration details below. Very minor editing to remove identifying IP info. Debian Samba 3.0.23d-4 using Debian testing. Hardware is a stock hp proliant ml110 with a d-link gigabit ethernet card added (for the bond). Any ideas? sage:~# ifconfig bond0 Link encap:Ethernet HWaddr 00:18:71:77:94:3D inet addr:xxx.xxx.17.9 Bcast:xxx.xxx.17.255 Mask:255.255.255.0 inet6 addr: fe80::218:71ff:fe77:943d/64 Scope:Link UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:140981609 errors:0 dropped:0 overruns:0 frame:0 TX packets:128574116 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2043177198 (1.9 GiB) TX bytes:3171479660 (2.9 GiB) eth0 Link encap:Ethernet HWaddr 00:18:71:77:94:3D inet6 addr: fe80::218:71ff:fe77:943d/64 Scope:Link UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1 RX packets:97516848 errors:0 dropped:0 overruns:0 frame:0 TX packets:61109354 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4018776902 (3.7 GiB) TX bytes:1263090953 (1.1 GiB) Interrupt:169 eth1 Link encap:Ethernet HWaddr 00:18:71:77:94:3D inet6 addr: fe80::218:71ff:fe77:943d/64 Scope:Link UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:43464760 errors:0 dropped:0 overruns:0 frame:0 TX packets:67464762 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2319367442 (2.1 GiB) TX bytes:1908388707 (1.7 GiB) Interrupt:177 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1705911 errors:0 dropped:0 overruns:0 frame:0 TX packets:1705911 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4002868337 (3.7 GiB) TX bytes:4002868337 (3.7 GiB) Shares excluded because it doesnt seem to be share dependant sage:/etc/samba# cat smb.conf [global] # identity server string = File Server netbios name = SAGE workgroup = MYDOMAIN # Networking interfaces = 127.0.0.1/8 bond0 bind interfaces only = yes hosts allow = xxx.xxx.17.0/24 10.0.18.0/24 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = wins bcast hosts # Domain Setup security = DOMAIN password server = JUNIOR domain master = no preferred master = yes os level = 45 # WINS wins support = yes # Time support time server = Yes ea support = yes map acl inherit = yes # logon drive = H #Logging. Default Level 1 #log file = /var/log/samba/log.%m log level = all:3 smb:3 auth:4 sam:3 # vfs:10 #smb:6 #2G max log size = 10 #Currently known debug classes: # all # tdb # printdrivers # lanman # smb # rpc_parse # rpc_srv # rpc_cli # passdb # sam # auth # winbind # vfs # idmap # quota # acls # Ignore AppleTalk crap veto files = /.AppleDB/.AppleDouble/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary Items/ # Printers load printers = yes # use client driver = yes printing = cups printcap name = cups sage:/etc/samba# smbd -V Version 3.0.23d sage:/etc/samba# nmbd -V Version 3.0.23d sage:/etc/samba# sage:/etc/samba# uname -a Linux sage 2.6.18-3-686 #1 SMP Mon Dec 4 16:41:14 UTC 2006 i686 GNU/Linux sage:/etc/samba# cat
[Samba] Windows 98 caching too much
Hi, We have an old Win98 box at work that is used for programming GALs and EEPROMs, however we find that if the file is modified on the Unix side the Win98 box doesn't notice. This is rather annoying when you are iterating a design as you can imagine! One work around is to open a DOS box and 'type' the file - this seems to force it to re-get the file. Does anyone have any suggestions for how I could force it to not cache? File performance is not an issue on the Win98 box as all it is used for is GAL/EEPROM programming. Thanks. smb.conf is as follows.. [global] workgroup = GENESIS server string = Cain hostname lookups = yes security = user encrypt passwords = yes null passwords = yes csc policy = documents log file = /var/log/samba/log.%m log level = 2 max log size = 50 wins support = Yes load printers = Yes use client driver = Yes os level = 65 socket options = TCP_NODELAY dns proxy = yes dos filemode = yes nt acl support = no time server = yes dos filetimes = yes dos filetime resolution = yes fstype = FAT fam change notify = no [projects] comment = Project source code path = /usr/local/Genesis/work writeable = Yes guest ok = Yes force create mode = 0775 force directory mode = 0775 -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpDTj9ozBcWn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RH Enterprise Question
Hi, If one of the users go into my network places. Right click on the printer. Left click on install. This will install the driver automatically. Do I change The path = /your/path And copy the drivers into that path? Do I chmod 775 /your/path? -Original Message- From: Dale Schroeder [mailto:[EMAIL PROTECTED] Sent: Saturday, 10 February 2007 1:23 AM To: Danny Ho; samba@lists.samba.org Subject: Re: [Samba] RH Enterprise Question Danny, These are the options that I explicitly set to make Samba/CUPS printing work for me. Note: These may or may not be what you want. [global] load printers = Yes show add printer wizard = Yes printing = cups printcap name = cups use client driver = No [printers] comment = All Printers path = /your/path public = Yes guest ok = Yes browseable = No printable = Yes admin users = @DOMAIN\Domain Admins, DOMAIN\dale writeable = No [print$] comment = Printer Driver Download Area path = /your/path browseable = Yes guest ok = No read only = Yes write list = @DOMAIN\Domain Admins, DOMAIN\dale admin users = @DOMAIN\Domain Admins, DOMAIN\dale As you can see, we are on a domain, and the permissions that I used on the directory that contains the print drivers are 775 and owned by root:domain users. If you are using the postscript drivers in CUPS, have you tried printing from within Linux to verify that CUPS is OK? Since the steps were not intuitive for me, the first time I set this up took a lot of trial and error. I hope this gives a clue as to what might work for you. Good luck, Dale Danny Ho wrote: I modifed the smb.conf then kill -1 processid for smb and nmbd but is still not showing up my printers in xp. -Original Message- From: Dale Schroeder [mailto:[EMAIL PROTECTED] Sent: Friday, 9 February 2007 3:46 AM To: Danny Ho Subject: Re: [Samba] RH Enterprise Question Danny, Every configuration that I've seen that uses printing = cups also sets printcap name = cups. See if that helps you. Good luck, Dale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + Bonding = Terrible Performance
Have you tried changing 'socket options' in your smb.conf file? You may need to tune that for your setup, it does make a difference at least in a system with 1 NIC in it. However, I have no experience with bonding and Samba. Eric Bambach wrote: Hello, Please CC replies I'm not subscribed. Performance with samba and only samba degrades terribly when we use the bonding driver to aggregate two ethernet cards. Instead of a steady file copy it seems to go in spurts. If I pull out one of the network cables (doesn't matter which) performance resumes to full speed. I can pull the cable in the middle of a transfer and it will go to half speed, or I can restart the transfer. It is *ALWAYS* slower when both cards are active. An 80MB file might take approx 50 seconds with both active and 15 with only one active. The switch is a DGS-1224T which supports trunking/channel bonding and other servers haven't show problems. Again, NFS, scp, ssh, netperf all remain unaffected regardless of 1 or 2 cards active. Samba IS bound to the bond0 interface and only that interface. I haven't been able to find much on google/forums about this since it seems to be a very specific interaction between bonding and samba. Configuration details below. Very minor editing to remove identifying IP info. Debian Samba 3.0.23d-4 using Debian testing. Hardware is a stock hp proliant ml110 with a d-link gigabit ethernet card added (for the bond). Any ideas? sage:~# ifconfig bond0 Link encap:Ethernet HWaddr 00:18:71:77:94:3D inet addr:xxx.xxx.17.9 Bcast:xxx.xxx.17.255 Mask:255.255.255.0 inet6 addr: fe80::218:71ff:fe77:943d/64 Scope:Link UP BROADCAST RUNNING MASTER MULTICAST MTU:1500 Metric:1 RX packets:140981609 errors:0 dropped:0 overruns:0 frame:0 TX packets:128574116 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2043177198 (1.9 GiB) TX bytes:3171479660 (2.9 GiB) eth0 Link encap:Ethernet HWaddr 00:18:71:77:94:3D inet6 addr: fe80::218:71ff:fe77:943d/64 Scope:Link UP BROADCAST SLAVE MULTICAST MTU:1500 Metric:1 RX packets:97516848 errors:0 dropped:0 overruns:0 frame:0 TX packets:61109354 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4018776902 (3.7 GiB) TX bytes:1263090953 (1.1 GiB) Interrupt:169 eth1 Link encap:Ethernet HWaddr 00:18:71:77:94:3D inet6 addr: fe80::218:71ff:fe77:943d/64 Scope:Link UP BROADCAST RUNNING SLAVE MULTICAST MTU:1500 Metric:1 RX packets:43464760 errors:0 dropped:0 overruns:0 frame:0 TX packets:67464762 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2319367442 (2.1 GiB) TX bytes:1908388707 (1.7 GiB) Interrupt:177 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1705911 errors:0 dropped:0 overruns:0 frame:0 TX packets:1705911 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4002868337 (3.7 GiB) TX bytes:4002868337 (3.7 GiB) Shares excluded because it doesnt seem to be share dependant sage:/etc/samba# cat smb.conf [global] # identity server string = File Server netbios name = SAGE workgroup = MYDOMAIN # Networking interfaces = 127.0.0.1/8 bond0 bind interfaces only = yes hosts allow = xxx.xxx.17.0/24 10.0.18.0/24 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 name resolve order = wins bcast hosts # Domain Setup security = DOMAIN password server = JUNIOR domain master = no preferred master = yes os level = 45 # WINS wins support = yes # Time support time server = Yes ea support = yes map acl inherit = yes # logon drive = H #Logging. Default Level 1 #log file = /var/log/samba/log.%m log level = all:3 smb:3 auth:4 sam:3 # vfs:10 #smb:6 #2G max log size = 10 #Currently known debug classes: # all # tdb # printdrivers # lanman # smb # rpc_parse # rpc_srv # rpc_cli # passdb # sam # auth # winbind # vfs # idmap # quota # acls # Ignore AppleTalk crap veto files = /.AppleDB/.AppleDouble/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary Items/ # Printers load printers = yes # use client driver = yes printing = cups printcap name = cups sage:/etc/samba# smbd -V Version 3.0.23d sage:/etc/samba# nmbd -V
RE: Samba and OpenOffice - save file
K L, Usha (STSD) wrote: CIFS (Samba) IFT kit on OpenVMS will be released shortly and that kit would work on VMS V8.3 IA64 and ALPHA VMS V8.3. With no real reason other than ennui that it won't work on a VAX. -- Brian Tillman The information contained in, or attached to, this e-mail, may contain confidential information and is intended solely for the use of the individual or entity to whom they are addressed and may be subject to legal privilege. If you have received this e-mail in error you should notify the sender immediately by reply e-mail, delete the message from your system and notify your system manager. Please do not copy it for any purpose, or disclose its contents to any other person. The views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused, directly or indirectly, by any virus transmitted in this email. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Samba and OpenOffice - save file
dhruva wrote: HP is considering making a IFT/EFT release shortly of Samba on VMS based on 3.0.24 code base. That would work on VMS 8.3 IA64 (and ALPHA VMS 8.3) shortly. Maybe, you could try that. We're using VMS 8.3 on IA64, but our Alpha will stay on 7.3-2, at least for some more time, because it's a development machine, and our users still have older versions. Thanks for this hint, but unfortunately, that doesn't help. Albrecht PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Samba and OpenOffice - save file
HP is considering making a IFT/EFT release shortly of Samba on VMS based on 3.0.24 code base. That would work on VMS 8.3 IA64 (and ALPHA VMS 8.3) shortly. Maybe, you could try that. We're using VMS 8.3 on IA64, but our Alpha will stay on 7.3-2, at least for some more time, because it's a development machine, and our users still have older versions. Thanks for this hint, but unfortunately, that doesn't help. Me neither. Indeed the lack of 7.3-2 support is a complete show-stopper for me as I have a series of turn-key accredited systems locked to 7.3-2. I have no IA64 systems. So it is no-go for me unless I end up doing a mixed-version cluster with the sole purpose of running Samba - and I don't even know if a 7.3-2/8.3 cluster will work, not to mention being supported! Can anyone enlighten me as to exactly which features in 8.3 are required? Cheers Bernhard PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Samba and OpenOffice - save file
We have a working cluster of VAX running VMS 6.1, AXP running 7.2, another running 7.3 and IA64 running 8.2. Everything works well, although such is not supported. VMS 6.1 can not access ODS-5, otherwise no issues. We are using the CIFS field test software as well as SAMBA 2.2.8 and 1.9.17. CIFS works on 7.3 and 8.2. There are items missing, such as SWAT, and performance is SAMBA typical on VMS. Performance wise, 1.9.17 seems to be the fastest, but lacks SWAT and has several issues due to changes in SMB, etc. Sincerely, Robert F. Thomas 355 Providence Highway Westwood, MA USA 02090 ( Office Phone - (781) 329-9200 * mail to: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fabricius, Bernhard Sent: Thursday, February 22, 2007 8:15 AM To: samba-vms@lists.samba.org Cc: Albrecht Schlosser Subject: RE: Samba and OpenOffice - save file HP is considering making a IFT/EFT release shortly of Samba on VMS based on 3.0.24 code base. That would work on VMS 8.3 IA64 (and ALPHA VMS 8.3) shortly. Maybe, you could try that. We're using VMS 8.3 on IA64, but our Alpha will stay on 7.3-2, at least for some more time, because it's a development machine, and our users still have older versions. Thanks for this hint, but unfortunately, that doesn't help. Me neither. Indeed the lack of 7.3-2 support is a complete show-stopper for me as I have a series of turn-key accredited systems locked to 7.3-2. I have no IA64 systems. So it is no-go for me unless I end up doing a mixed-version cluster with the sole purpose of running Samba - and I don't even know if a 7.3-2/8.3 cluster will work, not to mention being supported! Can anyone enlighten me as to exactly which features in 8.3 are required? Cheers Bernhard PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: Samba and OpenOffice - save file
Howdy, I did try sending an email to [EMAIL PROTECTED], but no reply. We have had several problems, including printing to a VMS queue, VAMPIREing accounts and migrating passwords from Advanced server, and other more minor issues of security and browsing. It would be useful if there was a website that listed what does and doesn't work - the above might be things that are known not to work, so it might well be wasting your and my time by reporting these. Is there a definitive list? Is there a mechanism for reporting issues? I have a large number of log files (debug level 8) - are these of use to anyone in engineering?? Cheers, Paul Jerrom +64(0)21 550059 +64 (0)9 845 0200 [EMAIL PROTECTED] http://www.NotionZ.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of K L, Usha (STSD) Sent: Friday, 23 February 2007 1:01 a.m. To: Paul Jerrom; Tillman, Brian (AGRE); samba-vms@lists.samba.org Subject: RE: Samba and OpenOffice - save file Hi Don't feel left out, it doesn't work anywhere. Please let us know the problem you are facing with Samba on Alpha/integrity. We shall look into it. CIFS (Samba) IFT kit on OpenVMS will be released shortly and that kit would work on VMS V8.3 IA64 and ALPHA VMS V8.3. Regards Usha -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Jerrom Sent: Wednesday, February 21, 2007 9:30 PM To: 'Tillman, Brian (AGRE)'; samba-vms@lists.samba.org Subject: RE: Samba and OpenOffice - save file Don't feel left out, it doesn't work anywhere. Paul Jerrom +64(0)21 550059 +64 (0)9 845 0200 [EMAIL PROTECTED] http://www.NotionZ.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tillman, Brian (AGRE) Sent: Thursday, 22 February 2007 3:56 a.m. To: samba-vms@lists.samba.org Subject: RE: Samba and OpenOffice - save file dhruva wrote: HP is considering making a IFT/EFT release shortly of Samba on VMS based on 3.0.24 code base. That would work on VMS 8.3 IA64 (and ALPHA VMS 8.3) shortly. Maybe, you could try that. We OpenVMS VAX users need Samba there, too, and not some old moth-eaten version. If it runs on OpenVMS on these two platforms, it should be made to run on VAXes as well. -- Brian Tillman The information contained in, or attached to, this e-mail, may contain confidential information and is intended solely for the use of the individual or entity to whom they are addressed and may be subject to legal privilege. If you have received this e-mail in error you should notify the sender immediately by reply e-mail, delete the message from your system and notify your system manager. Please do not copy it for any purpose, or disclose its contents to any other person. The views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused, directly or indirectly, by any virus transmitted in this email. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Samba and OpenOffice - save file
Paul Jerrom wrote: Howdy, I did try sending an email to [EMAIL PROTECTED], but no reply. We have had several problems, including printing to a VMS queue, VAMPIREing accounts and migrating passwords from Advanced server, and other more minor issues of security and browsing. Sorry for the me too, but I've also received no reply to email sent to [EMAIL PROTECTED], regarding my problems getting SAMBA/CIFS to run on Alpha V8.3. It would be useful if there was a website that listed what does and doesn't work - the above might be things that are known not to work, so it might well be wasting your and my time by reporting these. Is there a definitive list? Is there a mechanism for reporting issues? I was told that the above email address was the proper mechanism for issue reporting, but that seems to be incorrect. Perhaps the gentleman from hp who responded in this thread can give us the correct contact information. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r21499 - in branches/SAMBA_4_0/source/rpc_server/lsa: .
Author: metze Date: 2007-02-22 13:15:49 + (Thu, 22 Feb 2007) New Revision: 21499 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21499 Log: fill in the correct forest dns name metze Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c === --- branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2007-02-22 02:11:28 UTC (rev 21498) +++ branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c 2007-02-22 13:15:49 UTC (rev 21499) @@ -53,10 +53,12 @@ struct sidmap_context *sidmap; uint32_t access_mask; struct ldb_dn *domain_dn; + struct ldb_dn *forest_dn; struct ldb_dn *builtin_dn; struct ldb_dn *system_dn; const char *domain_name; const char *domain_dns; + const char *forest_dns; struct dom_sid *domain_sid; struct GUID domain_guid; struct dom_sid *builtin_sid; @@ -281,6 +283,7 @@ NULL }; struct ldb_result *ref_res; + struct ldb_result *forest_ref_res; const char *ref_attrs[] = { nETBIOSName, dnsRoot, @@ -313,6 +316,13 @@ return NT_STATUS_NO_MEMORY; } + /* work out the forest root_dn - useful for so many calls its worth + fetching here */ + state-forest_dn = samdb_root_dn(state-sam_ldb); + if (!state-forest_dn) { + return NT_STATUS_NO_MEMORY; + } + ret = ldb_search(state-sam_ldb, state-domain_dn, LDB_SCOPE_BASE, NULL, dom_attrs, dom_res); if (ret != LDB_SUCCESS) { @@ -367,6 +377,29 @@ talloc_free(ref_res); + ret = ldb_search_exp_fmt(state-sam_ldb, state, forest_ref_res, +partitions_basedn, LDB_SCOPE_SUBTREE, ref_attrs, +((objectclass=crossRef)(ncName=%s)), +ldb_dn_get_linearized(state-forest_dn)); + + if (ret != LDB_SUCCESS) { + talloc_free(forest_ref_res); + return NT_STATUS_INVALID_SYSTEM_SERVICE; + } + if (ref_res-count != 1) { + talloc_free(forest_ref_res); + return NT_STATUS_NO_SUCH_DOMAIN; + } + + state-forest_dns = ldb_msg_find_attr_as_string(forest_ref_res-msgs[0], dnsRoot, NULL); + if (!state-forest_dns) { + talloc_free(forest_ref_res); + return NT_STATUS_NO_SUCH_DOMAIN; + } + talloc_steal(state, state-forest_dns); + + talloc_free(forest_ref_res); + /* work out the builtin_dn - useful for so many calls its worth fetching here */ state-builtin_dn = samdb_search_dn(state-sam_ldb, state, state-domain_dn, (objectClass=builtinDomain)); @@ -460,7 +493,7 @@ domain = state-domain_name; dns_domain = state-domain_dns; - forest = state-domain_dns; + forest = state-forest_dns; domain_guid = state-domain_guid; flags |= DS_ROLE_PRIMARY_DOMAIN_GUID_PRESENT; @@ -575,7 +608,7 @@ info-name.string = state-domain_name; info-sid = state-domain_sid; info-dns_domain.string = state-domain_dns; - info-dns_forest.string = state-domain_dns; + info-dns_forest.string = state-forest_dns; info-domain_guid = state-domain_guid; return NT_STATUS_OK;
svn commit: samba r21500 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: gd Date: 2007-02-22 13:35:01 + (Thu, 22 Feb 2007) New Revision: 21500 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21500 Log: Fix inappropriate creation of a krb5 ticket refreshing event when a user changed a password via pam_chauthtok. Only do this if a) a user logs on using an expired password (or a password that needs to be changed immediately) or b) the user itself changes his password. Also make sure to delete the in-memory krb5 credential cache (when a user did not request a FILE based cred cache). Finally honor the krb5 settings in the first pam authentication in the chauthtok block (PAM_PRELIM_CHECK). This circumvents confusion when NTLM samlogon authentication is still possible with the old password after the password has been already changed (on w2k3 sp1 dcs). Guenther Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c branches/SAMBA_3_0/source/nsswitch/pam_winbind.h branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.c branches/SAMBA_3_0_25/source/nsswitch/pam_winbind.h branches/SAMBA_3_0_25/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c === --- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-02-22 13:15:49 UTC (rev 21499) +++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2007-02-22 13:35:01 UTC (rev 21500) @@ -198,6 +198,7 @@ _PAM_LOG_STATE_DATA_STRING(pamh, ctrl, PAM_WINBIND_LOGONSERVER); _PAM_LOG_STATE_DATA_STRING(pamh, ctrl, PAM_WINBIND_PROFILEPATH); _PAM_LOG_STATE_DATA_STRING(pamh, ctrl, PAM_WINBIND_NEW_AUTHTOK_REQD); /* Use atoi to get PAM result code */ + _PAM_LOG_STATE_DATA_STRING(pamh, ctrl, PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH); _PAM_LOG_STATE_DATA_POINTER(pamh, ctrl, PAM_WINBIND_PWD_LAST_SET); } @@ -1564,6 +1565,8 @@ if (retval == PAM_NEW_AUTHTOK_REQD || retval == PAM_AUTHTOK_EXPIRED) { + char *new_authtok_required_during_auth = NULL; + if (!asprintf(new_authtok_required, %d, retval)) { retval = PAM_BUF_ERR; goto out; @@ -1572,6 +1575,15 @@ pam_set_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD, new_authtok_required, _pam_winbind_cleanup_func); retval = PAM_SUCCESS; + + if (!asprintf(new_authtok_required_during_auth, %d, True)) { + retval = PAM_BUF_ERR; + goto out; + } + + pam_set_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH, +new_authtok_required_during_auth, _pam_winbind_cleanup_func); + goto out; } @@ -1851,8 +1863,51 @@ return retval; } +/** + * evaluate whether we need to re-authenticate with kerberos after a password change + * + * @param pamh PAM handle + * @param ctrl PAM winbind options. + * @param user The username + * + * @return boolean Returns True if required, False if not. + */ +static BOOL _pam_require_krb5_auth_after_chauthtok(pam_handle_t *pamh, int ctrl, const char *user) +{ + /* Make sure that we only do this if +* a) the chauthtok got initiated during a logon attempt (authenticate-acct_mgmt-chauthtok) +* b) any later password change via the passwd command if done by the user itself +*/ + + char *new_authtok_reqd_during_auth = NULL; + struct passwd *pwd = NULL; + + if (!(ctrl WINBIND_KRB5_AUTH)) { + return False; + } + + _pam_get_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH, new_authtok_reqd_during_auth); + pam_set_data(pamh, PAM_WINBIND_NEW_AUTHTOK_REQD_DURING_AUTH, NULL, NULL); + + if (new_authtok_reqd_during_auth) { + return True; + } + + pwd = getpwnam(user); + if (!pwd) { + return False; + } + + if (getuid() == pwd-pw_uid) { + return True; + } + + return False; +} + + PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) @@ -1948,9 +2003,6 @@ goto out; } - /* We don't need krb5 env set for password change test. */ - ctrl = ~WINBIND_KRB5_AUTH; - /* verify that this is the password for this user */ ret = winbind_auth_request(pamh, ctrl, user, pass_old, @@ -2042,10 +2094,8 @@ goto out; } - /* just in case we need krb5 creds after a password change over msrpc */ + if (_pam_require_krb5_auth_after_chauthtok(pamh, ctrl, user)) { - if (ctrl WINBIND_KRB5_AUTH) { - const char *member =
svn commit: samba r21501 - in branches/SAMBA_4_0/source/libcli/ldap: .
Author: metze Date: 2007-02-22 14:29:04 + (Thu, 22 Feb 2007) New Revision: 21501 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21501 Log: ugly but the windows 2000 mmc deturns decoding error without this metze Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2007-02-22 13:35:01 UTC (rev 21500) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2007-02-22 14:29:04 UTC (rev 21501) @@ -237,6 +237,10 @@ ldap_encode_response(data, r-response); if (r-SASL.secblob) { asn1_write_ContextSimple(data, 7, r-SASL.secblob); + } else { + /* ugly but the windows 2000 mmc deturns decoding error without this */ + DATA_BLOB zero = data_blob(NULL, 0); + asn1_write_ContextSimple(data, 7, zero); } asn1_pop_tag(data); break;
svn commit: samba r21502 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: metze Date: 2007-02-22 15:25:55 + (Thu, 22 Feb 2007) New Revision: 21502 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21502 Log: add a very useful option become dc:donnot leave=yes with this you can join a domain as dc for testing:-) You still need to setup some dns entries... and add the ldap/ servicePrincipalName's abartlet: it's wrong to include ldap/ in the list of host=, we should change this... metze Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c Changeset: Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c === --- branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c 2007-02-22 14:29:04 UTC (rev 21501) +++ branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c 2007-02-22 15:25:55 UTC (rev 21502) @@ -812,6 +812,11 @@ goto cleanup; } + if (lp_parm_bool(-1, become dc, donnot leave, False)) { + talloc_free(s); + return ret; + } + cleanup: ZERO_STRUCT(u); u.in.domain_dns_name= torture_join_dom_dns_name(s-tj);
svn commit: samba r21503 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: metze Date: 2007-02-22 15:53:06 + (Thu, 22 Feb 2007) New Revision: 21503 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21503 Log: add usefull function to get the site dn for the local server metze Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/samdb.c === --- branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-02-22 15:25:55 UTC (rev 21502) +++ branches/SAMBA_4_0/source/dsdb/samdb/samdb.c2007-02-22 15:53:06 UTC (rev 21503) @@ -1384,6 +1384,23 @@ } /* + work out the server dn for the current open ldb +*/ +struct ldb_dn *samdb_server_site_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx) +{ + struct ldb_dn *server_dn; + struct ldb_dn *server_site_dn; + + server_dn = samdb_server_dn(ldb, mem_ctx); + if (!server_dn) return NULL; + + server_site_dn = ldb_dn_get_parent(mem_ctx, server_dn); + + talloc_free(server_dn); + return server_site_dn; +} + +/* work out if we are the PDC for the domain of the current open ldb */ BOOL samdb_is_pdc(struct ldb_context *ldb)
svn commit: samba r21504 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: metze Date: 2007-02-22 16:26:18 + (Thu, 22 Feb 2007) New Revision: 21504 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21504 Log: for simo... metze Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c Changeset: Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c === --- branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c 2007-02-22 15:53:06 UTC (rev 21503) +++ branches/SAMBA_4_0/source/torture/libnet/libnet_BecomeDC.c 2007-02-22 16:26:18 UTC (rev 21504) @@ -812,7 +812,7 @@ goto cleanup; } - if (lp_parm_bool(-1, become dc, donnot leave, False)) { + if (lp_parm_bool(-1, become dc, do not unjoin, false)) { talloc_free(s); return ret; }
svn commit: samba r21505 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: jerry Date: 2007-02-22 17:21:27 + (Thu, 22 Feb 2007) New Revision: 21505 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21505 Log: make sure mlock()'d memory is aligned on a page boundary Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h branches/SAMBA_3_0_25/source/nsswitch/winbindd_cred_cache.c branches/SAMBA_3_0_25/source/nsswitch/winbindd_nss.h Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c2007-02-22 16:26:18 UTC (rev 21504) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cred_cache.c2007-02-22 17:21:27 UTC (rev 21505) @@ -471,6 +471,8 @@ #if !defined(HAVE_MLOCK) return NT_STATUS_OK; #else + int psize = getpagesize(); + /* new_entry-nt_hash is the base pointer for the block of memory pointed into by new_entry-lm_hash and new_entry-pass (if we're storing plaintext). */ @@ -480,17 +482,29 @@ memcredp-len += strlen(pass)+1; } - memcredp-nt_hash = (unsigned char *)TALLOC_ZERO(memcredp, memcredp-len); - if (!memcredp-nt_hash) { + /* On non-linux platforms, mlock()'d memory must be aligned on + a page boundary so allocate a bit more so we can offset + enough */ + + memcredp-len += psize; + + memcredp-buffer = (unsigned char*)TALLOC_ZERO(memcredp, memcredp-len); + + if (!memcredp-buffer) { return NT_STATUS_NO_MEMORY; } + + /* point the nt_hash at the page boundary in the buffer */ + + memcredp-nt_hash = memcredp-buffer + + (psize - ((uint32)memcredp-buffer % psize)); memcredp-lm_hash = memcredp-nt_hash + NT_HASH_LEN; + #ifdef DEBUG_PASSWORD DEBUG(10,(mlocking memory: %p\n, memcredp-nt_hash)); #endif - - if ((mlock(memcredp-nt_hash, memcredp-len)) == -1) { + if ((mlock(memcredp-nt_hash, memcredp-len-psize)) == -1) { DEBUG(0,(failed to mlock memory: %s (%d)\n, strerror(errno), errno)); return map_nt_error_from_unix(errno); @@ -522,13 +536,16 @@ #if !defined(HAVE_MUNLOCK) return NT_STATUS_OK; #else - if (munlock(memcredp-nt_hash, memcredp-len) == -1) { + int psize = getpagesize(); + + if (munlock(memcredp-buffer, memcredp-len - psize) == -1) { DEBUG(0,(failed to munlock memory: %s (%d)\n, strerror(errno), errno)); return map_nt_error_from_unix(errno); } - memset(memcredp-nt_hash, '\0', memcredp-len); - TALLOC_FREE(memcredp-nt_hash); + memset(memcredp-buffer, '\0', memcredp-len); + TALLOC_FREE(memcredp-buffer); + memcredp-nt_hash = NULL; memcredp-lm_hash = NULL; memcredp-pass = NULL; memcredp-len = 0; Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h === --- branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2007-02-22 16:26:18 UTC (rev 21504) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2007-02-22 17:21:27 UTC (rev 21505) @@ -469,6 +469,8 @@ uid_t uid; int ref_count; size_t len; + unsigned char *buffer; /* buffer block containing the + following 3 */ unsigned char *nt_hash; /* Base pointer for the following 2 */ unsigned char *lm_hash; char *pass; Modified: branches/SAMBA_3_0_25/source/nsswitch/winbindd_cred_cache.c === --- branches/SAMBA_3_0_25/source/nsswitch/winbindd_cred_cache.c 2007-02-22 16:26:18 UTC (rev 21504) +++ branches/SAMBA_3_0_25/source/nsswitch/winbindd_cred_cache.c 2007-02-22 17:21:27 UTC (rev 21505) @@ -471,6 +471,8 @@ #if !defined(HAVE_MLOCK) return NT_STATUS_OK; #else + int psize = getpagesize(); + /* new_entry-nt_hash is the base pointer for the block of memory pointed into by new_entry-lm_hash and new_entry-pass (if we're storing plaintext). */ @@ -480,17 +482,29 @@ memcredp-len += strlen(pass)+1; } - memcredp-nt_hash = (unsigned char *)TALLOC_ZERO(memcredp, memcredp-len); - if (!memcredp-nt_hash) { + /* On non-linux platforms, mlock()'d memory must be aligned on + a page boundary so allocate a bit more so we can offset + enough */ + + memcredp-len += psize; + + memcredp-buffer = (unsigned char*)TALLOC_ZERO(memcredp, memcredp-len); + + if (!memcredp-buffer) {
Rev 70: merged tridge's code in http://samba.org/~tridge/psomogyi/
revno: 70 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Peter Somogyi [EMAIL PROTECTED] branch nick: ctdb timestamp: Thu 2007-02-22 18:25:18 +0100 message: merged tridge's code added: lib/tdb/common/common-20070220022425-m1wibgjq7n5hahs6-1 lib/tdb/common/dump.c dump.c-20070220022425-m1wibgjq7n5hahs6-2 lib/tdb/common/error.c error.c-20070220022425-m1wibgjq7n5hahs6-3 lib/tdb/common/freelist.c freelist.c-20070220022425-m1wibgjq7n5hahs6-4 lib/tdb/common/freelistcheck.c freelistcheck.c-20070220022425-m1wibgjq7n5hahs6-5 lib/tdb/common/io.cio.c-20070220022425-m1wibgjq7n5hahs6-6 lib/tdb/common/lock.c lock.c-20070220022425-m1wibgjq7n5hahs6-7 lib/tdb/common/open.c open.c-20070220022425-m1wibgjq7n5hahs6-8 lib/tdb/common/tdb.c tdb.c-20070220022425-m1wibgjq7n5hahs6-9 lib/tdb/common/tdb_private.h tdb_private.h-20070220022425-m1wibgjq7n5hahs6-10 lib/tdb/common/transaction.c transaction.c-20070220022425-m1wibgjq7n5hahs6-11 lib/tdb/common/traverse.c traverse.c-20070220022425-m1wibgjq7n5hahs6-12 tests/bench-ssh.sh benchssh.sh-20070220022243-k2evfudau0j1bwmn-1 modified: .bzrignore bzrignore-20061117235536-slq8jlz2b5161dfm-1 ctdb_bench.c ctdb_bench.c-20061219052637-2liagoglohxb6p7s-1 tcp/tcp_connect.c tcp_connect.c-20061128004937-x70q1cu5xzg5g2tm-1 revno: 44.1.21 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Tue 2007-02-20 14:57:13 +1100 message: added --num-msgs option added TCP_NODELAY on tcp sockets revno: 44.1.20 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Tue 2007-02-20 13:24:45 +1100 message: added rest of tdb (missed in earlier commit) revno: 44.1.19 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Tue 2007-02-20 13:23:43 +1100 message: ignored some files revno: 44.1.18 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Tue 2007-02-20 13:23:01 +1100 message: added a benchmark script that launches via ssh revno: 44.1.17 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Tue 2007-02-20 13:22:18 +1100 message: support hostnames for node names Diff too large for email (4096, the limit is 1000).
svn commit: samba r21506 - in branches/SAMBA_3_0/source/param: .
Author: lmuelle Date: 2007-02-22 17:52:23 + (Thu, 22 Feb 2007) New Revision: 21506 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21506 Log: Allow old pre 3.0.22 multi passdb backend configurations to work with post 3.0.23. This implementation considers spaces in ldapsam configs. Such configs are trunkated after the closing quote. Modified: branches/SAMBA_3_0/source/param/loadparm.c Changeset: Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2007-02-22 17:21:27 UTC (rev 21505) +++ branches/SAMBA_3_0/source/param/loadparm.c 2007-02-22 17:52:23 UTC (rev 21506) @@ -1821,7 +1821,49 @@ FN_GLOBAL_STRING(lp_nis_home_map_name, Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version, Globals.szAnnounceVersion) FN_GLOBAL_LIST(lp_netbios_aliases, Globals.szNetbiosAliases) -FN_GLOBAL_STRING(lp_passdb_backend, Globals.szPassdbBackend) +/* FN_GLOBAL_STRING(lp_passdb_backend, Globals.szPassdbBackend) + * lp_passdb_backend() should be replace by the this macro again after + * some releases. + * */ +const char *lp_passdb_backend() +{ + char *delim, *quote; + int pos, i; + + delim = strchr( Globals.szPassdbBackend, ' '); + /* no space at all */ + if (delim == NULL) { + goto out; + } + + quote = strchr(Globals.szPassdbBackend, ''); + /* no quote char or non in the first part */ + if (quote == NULL || quote delim) { + *delim = '\0'; + goto warn; + } + + quote = strchr(quote+1, ''); + if (quote == NULL) { + DEBUG(0, (WARNING: Your 'passdb backend' configuration is invalid due to a missing second \ char.\n)); + goto out; + } else if (*(quote+1) == '\0') { + /* space, fitting quote char, and one backend only */ + goto out; + } else { + /* terminate string after the fitting quote char */ + *(quote+1) = '\0'; + } + +warn: + DEBUG(0, (WARNING: Your 'passdb backend' configuration includes multiple backends. This\n + is deprecated since Samba 3.0.23. Please check WHATSNEW.txt or the section 'Passdb\n + Changes' from the ChangeNotes as part of the Samba HOWTO collection. The first part\n + (%s) of your configuration is used instead.\n, Globals.szPassdbBackend)); + +out: + return Globals.szPassdbBackend; +} FN_GLOBAL_LIST(lp_preload_modules, Globals.szPreloadModules) FN_GLOBAL_STRING(lp_panic_action, Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, Globals.szAddUserScript)
svn commit: samba r21507 - in branches: SAMBA_3_0/source/passdb SAMBA_3_0/source/rpc_parse SAMBA_3_0/source/rpc_server SAMBA_3_0_25/source/passdb SAMBA_3_0_25/source/rpc_parse SAMBA_3_0_25/source/rpc_
Author: jerry Date: 2007-02-22 20:52:27 + (Thu, 22 Feb 2007) New Revision: 21507 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21507 Log: Fix some cannot access LDAP when no root bugs. The two culprits were * pdb_get_account_policy() * pdb_get_group_sid() Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_25/source/passdb/pdb_interface.c branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_interface.c === --- branches/SAMBA_3_0/source/passdb/pdb_interface.c2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0/source/passdb/pdb_interface.c2007-02-22 20:52:27 UTC (rev 21507) @@ -987,13 +987,25 @@ BOOL pdb_get_account_policy(int policy_index, uint32 *value) { struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb-get_account_policy(pdb, policy_index, value)); + NTSTATUS status; + + become_root(); + status = pdb-get_account_policy(pdb, policy_index, value); + unbecome_root(); + + return NT_STATUS_IS_OK(status); } BOOL pdb_set_account_policy(int policy_index, uint32 value) { struct pdb_methods *pdb = pdb_get_methods(); - return NT_STATUS_IS_OK(pdb-set_account_policy(pdb, policy_index, value)); + NTSTATUS status; + + become_root(); + status = pdb-set_account_policy(pdb, policy_index, value); + unbecome_root(); + + return NT_STATUS_IS_OK(status); } BOOL pdb_get_seq_num(time_t *seq_num) Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c === --- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2007-02-22 20:52:27 UTC (rev 21507) @@ -6331,8 +6331,10 @@ return NT_STATUS_UNSUCCESSFUL; } + become_root(); group_sid = pdb_get_group_sid(pw); - + unbecome_root(); + if (!sid_peek_check_rid(domain_sid, group_sid, group_rid)) { fstring group_sid_string; fstring domain_sid_string; Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2007-02-22 20:52:27 UTC (rev 21507) @@ -2179,6 +2179,7 @@ uint32 acc_granted; BOOL ret; NTSTATUS result; + BOOL success = False; /* * from the SID in the request: @@ -2223,9 +2224,15 @@ sids = NULL; + /* make both calls inside the root block */ become_root(); result = pdb_enum_group_memberships(p-mem_ctx, sam_pass, sids, unix_gids, num_groups); + if ( NT_STATUS_IS_OK(result) ) { + success = sid_peek_check_rid(get_global_sam_sid(), +pdb_get_group_sid(sam_pass), +primary_group_rid); + } unbecome_root(); if (!NT_STATUS_IS_OK(result)) { @@ -2234,15 +2241,7 @@ return result; } - gids = NULL; - num_gids = 0; - - dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| - SE_GROUP_ENABLED); - - if (!sid_peek_check_rid(get_global_sam_sid(), - pdb_get_group_sid(sam_pass), - primary_group_rid)) { + if ( !success ) { DEBUG(5, (Group sid %s for user %s not in our domain\n, sid_string_static(pdb_get_group_sid(sam_pass)), pdb_get_username(sam_pass))); @@ -2250,8 +2249,12 @@ return NT_STATUS_INTERNAL_DB_CORRUPTION; } + gids = NULL; + num_gids = 0; + + dom_gid.attr = (SE_GROUP_MANDATORY|SE_GROUP_ENABLED_BY_DEFAULT| + SE_GROUP_ENABLED); dom_gid.g_rid = primary_group_rid; - ADD_TO_ARRAY(p-mem_ctx, DOM_GID, dom_gid, gids, num_gids); for (i=0; inum_groups; i++) { Modified: branches/SAMBA_3_0_25/source/passdb/pdb_interface.c === --- branches/SAMBA_3_0_25/source/passdb/pdb_interface.c 2007-02-22 17:52:23 UTC (rev 21506) +++ branches/SAMBA_3_0_25/source/passdb/pdb_interface.c 2007-02-22 20:52:27 UTC (rev 21507) @@ -987,13 +987,25 @@ BOOL pdb_get_account_policy(int policy_index, uint32 *value) { struct
svn commit: samba r21508 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_25/source/nsswitch
Author: idra Date: 2007-02-22 21:59:54 + (Thu, 22 Feb 2007) New Revision: 21508 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21508 Log: Fix memleak in new idmap_tdb, thanks Herb. Jerry please check. Simo. Modified: branches/SAMBA_3_0/source/nsswitch/idmap_tdb.c branches/SAMBA_3_0_25/source/nsswitch/idmap_tdb.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_tdb.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_tdb.c 2007-02-22 20:52:27 UTC (rev 21507) +++ branches/SAMBA_3_0/source/nsswitch/idmap_tdb.c 2007-02-22 21:59:54 UTC (rev 21508) @@ -1049,19 +1049,11 @@ /* Delete previous mappings. */ - data = tdb_fetch(ctx-tdb, ksid); - if (data.dptr) { - DEBUG(10, (Deleting existing mapping %s - %s\n, ksid.dptr, kid.dptr )); - tdb_delete(ctx-tdb, ksid); - SAFE_FREE(data.dptr); - } + DEBUG(10, (Deleting existing mapping %s - %s\n, ksid.dptr, kid.dptr )); + tdb_delete(ctx-tdb, ksid); - data = tdb_fetch(ctx-tdb, kid); - if (data.dptr) { - DEBUG(10,(Deleting existing mapping %s - %s\n, kid.dptr, ksid.dptr )); - tdb_delete(ctx-tdb, kid); - SAFE_FREE(data.dptr); - } + DEBUG(10,(Deleting existing mapping %s - %s\n, kid.dptr, ksid.dptr )); + tdb_delete(ctx-tdb, kid); tdb_chainunlock(ctx-tdb, ksid); ret = NT_STATUS_OK; Modified: branches/SAMBA_3_0_25/source/nsswitch/idmap_tdb.c === --- branches/SAMBA_3_0_25/source/nsswitch/idmap_tdb.c 2007-02-22 20:52:27 UTC (rev 21507) +++ branches/SAMBA_3_0_25/source/nsswitch/idmap_tdb.c 2007-02-22 21:59:54 UTC (rev 21508) @@ -1049,19 +1049,11 @@ /* Delete previous mappings. */ - data = tdb_fetch(ctx-tdb, ksid); - if (data.dptr) { - DEBUG(10, (Deleting existing mapping %s - %s\n, ksid.dptr, kid.dptr )); - tdb_delete(ctx-tdb, ksid); - SAFE_FREE(data.dptr); - } + DEBUG(10, (Deleting existing mapping %s - %s\n, ksid.dptr, kid.dptr )); + tdb_delete(ctx-tdb, ksid); - data = tdb_fetch(ctx-tdb, kid); - if (data.dptr) { - DEBUG(10,(Deleting existing mapping %s - %s\n, kid.dptr, ksid.dptr )); - tdb_delete(ctx-tdb, kid); - SAFE_FREE(data.dptr); - } + DEBUG(10,(Deleting existing mapping %s - %s\n, kid.dptr, ksid.dptr )); + tdb_delete(ctx-tdb, kid); tdb_chainunlock(ctx-tdb, ksid); ret = NT_STATUS_OK;
svn commit: samba r21509 - in branches: SAMBA_3_0/source/param SAMBA_3_0_25/source/param
Author: lmuelle Date: 2007-02-22 23:12:36 + (Thu, 22 Feb 2007) New Revision: 21509 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21509 Log: Merge lp_passdb_backend() from rev 21506 to 3_0_25. Slightly change the DEBUG 0 message as suggested by Volker on samba-technical. Modified: branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0_25/source/param/loadparm.c Changeset: Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2007-02-22 21:59:54 UTC (rev 21508) +++ branches/SAMBA_3_0/source/param/loadparm.c 2007-02-22 23:12:36 UTC (rev 21509) @@ -1858,8 +1858,8 @@ warn: DEBUG(0, (WARNING: Your 'passdb backend' configuration includes multiple backends. This\n is deprecated since Samba 3.0.23. Please check WHATSNEW.txt or the section 'Passdb\n - Changes' from the ChangeNotes as part of the Samba HOWTO collection. The first part\n - (%s) of your configuration is used instead.\n, Globals.szPassdbBackend)); + Changes' from the ChangeNotes as part of the Samba HOWTO collection. Only the first\n + backend (%s) is used. The rest is ignored.\n, Globals.szPassdbBackend)); out: return Globals.szPassdbBackend; Modified: branches/SAMBA_3_0_25/source/param/loadparm.c === --- branches/SAMBA_3_0_25/source/param/loadparm.c 2007-02-22 21:59:54 UTC (rev 21508) +++ branches/SAMBA_3_0_25/source/param/loadparm.c 2007-02-22 23:12:36 UTC (rev 21509) @@ -1820,7 +1820,49 @@ FN_GLOBAL_STRING(lp_nis_home_map_name, Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version, Globals.szAnnounceVersion) FN_GLOBAL_LIST(lp_netbios_aliases, Globals.szNetbiosAliases) -FN_GLOBAL_STRING(lp_passdb_backend, Globals.szPassdbBackend) +/* FN_GLOBAL_STRING(lp_passdb_backend, Globals.szPassdbBackend) + * lp_passdb_backend() should be replace by the this macro again after + * some releases. + * */ +const char *lp_passdb_backend() +{ + char *delim, *quote; + int pos, i; + + delim = strchr( Globals.szPassdbBackend, ' '); + /* no space at all */ + if (delim == NULL) { + goto out; + } + + quote = strchr(Globals.szPassdbBackend, ''); + /* no quote char or non in the first part */ + if (quote == NULL || quote delim) { + *delim = '\0'; + goto warn; + } + + quote = strchr(quote+1, ''); + if (quote == NULL) { + DEBUG(0, (WARNING: Your 'passdb backend' configuration is invalid due to a missing second \ char.\n)); + goto out; + } else if (*(quote+1) == '\0') { + /* space, fitting quote char, and one backend only */ + goto out; + } else { + /* terminate string after the fitting quote char */ + *(quote+1) = '\0'; + } + +warn: + DEBUG(0, (WARNING: Your 'passdb backend' configuration includes multiple backends. This\n + is deprecated since Samba 3.0.23. Please check WHATSNEW.txt or the section 'Passdb\n + Changes' from the ChangeNotes as part of the Samba HOWTO collection. Only the first\n + backend (%s) is used. The rest is ignored.\n, Globals.szPassdbBackend)); + +out: + return Globals.szPassdbBackend; +} FN_GLOBAL_LIST(lp_preload_modules, Globals.szPreloadModules) FN_GLOBAL_STRING(lp_panic_action, Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, Globals.szAddUserScript)
Build status as of Fri Feb 23 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-02-22 00:00:52.0 + +++ /home/build/master/cache/broken_results.txt 2007-02-23 00:00:24.0 + @@ -1,4 +1,4 @@ -Build status as of Thu Feb 22 00:00:02 2007 +Build status as of Fri Feb 23 00:00:02 2007 Build counts: Tree Total Broken Panic @@ -9,12 +9,12 @@ distcc 3 0 0 ldb 34 5 0 libreplace 32 2 0 -lorikeet-heimdal 31 17 0 +lorikeet-heimdal 31 16 0 ppp 16 0 0 rsync36 6 0 samba0 0 0 samba-docs 0 0 0 -samba4 40 27 0 +samba4 41 35 15 samba_3_042 14 1 smb-build32 32 0 talloc 36 1 0
svn commit: samba r21510 - in branches/SAMBA_4_0/source/libcli/util: .
Author: metze Date: 2007-02-23 07:32:13 + (Fri, 23 Feb 2007) New Revision: 21510 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21510 Log: make it possible to push tags with length 0xFF metze Modified: branches/SAMBA_4_0/source/libcli/util/asn1.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/util/asn1.c === --- branches/SAMBA_4_0/source/libcli/util/asn1.c2007-02-22 23:12:36 UTC (rev 21509) +++ branches/SAMBA_4_0/source/libcli/util/asn1.c2007-02-23 07:32:13 UTC (rev 21510) @@ -89,7 +89,18 @@ /* yes, this is ugly. We don't know in advance how many bytes the length of a tag will take, so we assumed 1 byte. If we were wrong then we need to correct our mistake */ - if (len 0x) { + if (len 0xFF) { + data-data[nesting-start] = 0x84; + if (!asn1_write_uint8(data, 0)) return False; + if (!asn1_write_uint8(data, 0)) return False; + if (!asn1_write_uint8(data, 0)) return False; + if (!asn1_write_uint8(data, 0)) return False; + memmove(data-data+nesting-start+5, data-data+nesting-start+1, len); + data-data[nesting-start+1] = (len24) 0xFF; + data-data[nesting-start+2] = (len16) 0xFF; + data-data[nesting-start+3] = (len8) 0xFF; + data-data[nesting-start+4] = len0xff; + } else if (len 0x) { data-data[nesting-start] = 0x83; if (!asn1_write_uint8(data, 0)) return False; if (!asn1_write_uint8(data, 0)) return False;
svn commit: samba r21511 - in branches/SAMBA_4_0/source: ldap_server libcli/ldap
Author: metze Date: 2007-02-23 07:46:51 + (Fri, 23 Feb 2007) New Revision: 21511 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21511 Log: this seems to be the nicer fix for the problem with the windows 2000 LDAP client metze Modified: branches/SAMBA_4_0/source/ldap_server/ldap_bind.c branches/SAMBA_4_0/source/libcli/ldap/ldap.c Changeset: Modified: branches/SAMBA_4_0/source/ldap_server/ldap_bind.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_bind.c 2007-02-23 07:32:13 UTC (rev 21510) +++ branches/SAMBA_4_0/source/ldap_server/ldap_bind.c 2007-02-23 07:46:51 UTC (rev 21511) @@ -185,14 +185,10 @@ status = gensec_update(conn-gensec, reply, input, output); - /* TODO: gensec should really handle the difference between NULL and length=0 better! */ - if (output.data) { - resp-SASL.secblob = talloc(reply, DATA_BLOB); - NT_STATUS_HAVE_NO_MEMORY(resp-SASL.secblob); - *resp-SASL.secblob = output; - } else { - resp-SASL.secblob = NULL; - } + /* Windows 2000 mmc doesn't like secblob == NULL and reports a decoding error */ + resp-SASL.secblob = talloc(reply, DATA_BLOB); + NT_STATUS_HAVE_NO_MEMORY(resp-SASL.secblob); + *resp-SASL.secblob = output; } else { resp-SASL.secblob = NULL; } Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2007-02-23 07:32:13 UTC (rev 21510) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2007-02-23 07:46:51 UTC (rev 21511) @@ -237,10 +237,6 @@ ldap_encode_response(data, r-response); if (r-SASL.secblob) { asn1_write_ContextSimple(data, 7, r-SASL.secblob); - } else { - /* ugly but the windows 2000 mmc deturns decoding error without this */ - DATA_BLOB zero = data_blob(NULL, 0); - asn1_write_ContextSimple(data, 7, zero); } asn1_pop_tag(data); break;
svn commit: samba r21512 - in branches/SAMBA_4_0/source/rpc_server/drsuapi: .
Author: metze Date: 2007-02-23 07:56:29 + (Fri, 23 Feb 2007) New Revision: 21512 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=21512 Log: finish DsBind() in the DRSUAPI server: - fill in our on bind_info struct correctly - remember the local and remote DsBindInfo28 struct - remember the remote bind_buid w2k3 now tries replicate using DsGetNCChanges() from us, after the NET-API-BECOME-DC test created the domain controller and replicated all data. (But we still give a DCERPC fault in DsGetNCChanges()...) metze Modified: branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.h Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c === --- branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c 2007-02-23 07:46:51 UTC (rev 21511) +++ branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c 2007-02-23 07:56:29 UTC (rev 21512) @@ -27,6 +27,7 @@ #include rpc_server/common/common.h #include rpc_server/drsuapi/dcesrv_drsuapi.h #include dsdb/samdb/samdb.h +#include lib/ldb/include/ldb_errors.h /* drsuapi_DsBind @@ -38,38 +39,160 @@ struct dcesrv_handle *handle; struct drsuapi_DsBindInfoCtr *bind_info; struct GUID site_guid; + struct ldb_result *site_res; + struct ldb_dn *server_site_dn; + static const char *site_attrs[] = { objectGUID, NULL }; + struct ldb_result *ntds_res; + struct ldb_dn *ntds_dn; + static const char *ntds_attrs[] = { ms-DS-ReplicationEpoch, NULL }; + uint32_t u1; + uint32_t repl_epoch; + int ret; r-out.bind_info = NULL; ZERO_STRUCTP(r-out.bind_handle); - b_state = talloc(dce_call-conn, struct drsuapi_bind_state); + b_state = talloc_zero(mem_ctx, struct drsuapi_bind_state); W_ERROR_HAVE_NO_MEMORY(b_state); + /* +* connect to the samdb +*/ b_state-sam_ctx = samdb_connect(b_state, dce_call-conn-auth_state.session_info); if (!b_state-sam_ctx) { - talloc_free(b_state); return WERR_FOOBAR; } - handle = dcesrv_handle_new(dce_call-context, DRSUAPI_BIND_HANDLE); - if (!handle) { - talloc_free(b_state); - return WERR_NOMEM; + /* +* find out the guid of our own site +*/ + server_site_dn = samdb_server_site_dn(b_state-sam_ctx, mem_ctx); + W_ERROR_HAVE_NO_MEMORY(server_site_dn); + + ret = ldb_search_exp_fmt(b_state-sam_ctx, mem_ctx, site_res, +server_site_dn, LDB_SCOPE_BASE, site_attrs, +(objectClass=*)); + if (ret != LDB_SUCCESS) { + return WERR_DS_DRA_INTERNAL_ERROR; } + if (site_res-count != 1) { + return WERR_DS_DRA_INTERNAL_ERROR; + } + site_guid = samdb_result_guid(site_res-msgs[0], objectGUID); - handle-data = talloc_steal(handle, b_state); + /* +* lookup the local servers Replication Epoch +*/ + ntds_dn = samdb_ntds_settings_dn(b_state-sam_ctx); + W_ERROR_HAVE_NO_MEMORY(ntds_dn); + ret = ldb_search_exp_fmt(b_state-sam_ctx, mem_ctx, ntds_res, +ntds_dn, LDB_SCOPE_BASE, ntds_attrs, +(objectClass=*)); + if (ret != LDB_SUCCESS) { + return WERR_DS_DRA_INTERNAL_ERROR; + } + if (ntds_res-count != 1) { + return WERR_DS_DRA_INTERNAL_ERROR; + } + repl_epoch = samdb_result_uint(ntds_res-msgs[0], ms-DS-ReplicationEpoch, 0); + + /* +* TODO: find out what this is... +*/ + u1 = 0; + + /* +* store the clients bind_guid +*/ + if (r-in.bind_guid) { + b_state-remote_bind_guid = *r-in.bind_guid; + } + + /* +* store the clients bind_info +*/ + if (r-in.bind_info) { + switch (r-in.bind_info-length) { + case 24: { + struct drsuapi_DsBindInfo24 *info24; + info24 = r-in.bind_info-info.info24; + b_state-remote_info28.supported_extensions = info24-supported_extensions; + b_state-remote_info28.site_guid= info24-site_guid; + b_state-remote_info28.u1 = info24-u1; + b_state-remote_info28.repl_epoch = 0; + break; + } + case 28: + b_state-remote_info28 = r-in.bind_info-info.info28; + break; + } + } + + /* +* fill in our local bind info 28 +*/ +