[Samba] wbinfo -u (security = ads) does not show computers after upgrade to 3.0.25b any more
Hi after an upgrade from 3.0.21c to 3.0.25b wbinfo -u only shows the Users DOMAIN\user and not the computers, like they did before In the logs I see [2006/02/17 09:10:46, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DOMAIN\RMPC014$ is invalid on this system We use idmap domains = DOMAIN idmap config DOMAIN:backend = nss idmap config DOMAIN:readonly = yes because we use the Unix-User and Group information from NIS I am not sure, if we should ignore the message form above, or if something is missconfigured :-) regards Hansjörg -- _ Deutsches Zentrum fuer Luft- und Raumfahrt e.V. in der Helmholtz-Gemeinschaft Institut fuer Robotik und Mechatronik Dr. Hansjörg Maurer LAN- und Systemmanager Münchner Strasse 20 82234 Wessling Germany Telefon: 08153/28-2431 Telefax: 08153/28-1134 E-Mail: [EMAIL PROTECTED] Internet: http://www.robotic.dlr.de/ __ There are 10 types of people in this world, those who understand binary and those who don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Basic Overview of Active Directory with Samba Install
On Thu, 2007-07-26 at 09:19 -0500, Jeffrey M. Johnson wrote: I apologize for posting such a newb question, but I am having problems configuring Samba for use in an Active Directory and after searching the archives... I am trying to configure Samba 3.0.25 as a node in out AD setup. Since I am writing here you can guess it is not working. Is there a basic how to for this topic out there, I am figuring I missed a simple and basic step along the way. http://us3.samba.org/samba/docs/man/Samba-Guide/unixclients.html#adssdm http://us3.samba.org/samba/docs/man/Samba-Guide/kerberos.html -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba 4 svn23995 live CD release (maybe tp6?) dsa.msc works!
Whatever, I will try it within next 2 week. 在 2007-07-26四的 07:17 +0200,Ludek Finstrle写道: So, which part of documentation I should start from? What information normally user need? I don't know. What is the normal user (is it the one using windows :oD )? I think the doc should be pointed to network admins. Or probably I just teach them how to build from samba source, setup dns server, join windows into domain and use dsa.msc? It'll be very useful to describe your way. You can write down the doc you have used (URLs, files, etc), the problems you have encoutered and solved, ... Thanks, Luf 在 2007-07-24二的 11:55 +0200,Ludek Finstrle写道: Regarding the documentation, I affraid my lousy english make user become more confuse. Sorry for that. Don't affraid. A lot of people have problem with english. It's better to have some documentation instead of no one. It's easiear (less time consuming) to correct existing doc ;o) I think a lot of people will appreciate the documentation. Please. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Basic Overview of Active Directory with Samba Install
For those of you waiting for my write-up on this topic, the 2 or 3 projects i've had in the wind have all landed at once (don't they always) so i'm finding it difficult to make time. i think what i will do, rather than take on a major re-write of sections of the HOWTO (and the more i look at it, the less i can see that needs changing) i will put together a Samba for Windows Admins on the Wiki, with particular attention paid to integrating Samba with ADS. Or perhaps i should call it Samba for Dummies ;) But just to let everyone know, it is weighing on my conscience that i haven't done anything actually useful yet. My Samba installations work great though :) m. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jeffrey M. Johnson Sent: Thursday, 26 July 2007 10:19 PM To: samba@lists.samba.org Subject: [Samba] Basic Overview of Active Directory with Samba Install I apologize for posting such a newb question, but I am having problems configuring Samba for use in an Active Directory and after searching the archives... I am trying to configure Samba 3.0.25 as a node in out AD setup. Since I am writing here you can guess it is not working. Is there a basic how to for this topic out there, I am figuring I missed a simple and basic step along the way. Jeffrey M. Johnson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting rid of old network
Just had this problem. Check your interfaces line in your smb.conf -- I fixed mine by changing from an IP to eth0 - substitute your actual eth device. -=Ray Anders Norrbring wrote: I can't get rid of an old network I had configured on my Samba server, it was PDC on two subnets, and one of those nets are now gone. Still Samba tries to become PDC on the subnet (192.168.100.10). So, in my logs I get hundreds of these messages; [2007/07/26 22:38:57, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488) get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP 192.168.100.10 failed. Cannot get workgroup name. How can I clear that out? Anders. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] creating samba accounts on first login
Hello all! I am trying to setup a small lab of centos5 computers for students attending my university. The lab machines authenticate against a mysql database using pam_mysql. All the home directories of the students are kept on a samba server and mounted to the lab computers in /home. The samba server and all the lab machines have the same passwd file and they are kept updated through scripts. If the person logging in has a samba username/password and already has a home directory on the samba server then everything works fine, authentication works great, they get thier files, no one else has rights to them. Its a perfect situation. My problem occurs when a new user wishes to login for the first time. I am currently stuck on trying to do two things: 1. Create home directories on the samba mount for the new user. (I was able to do this if root on the lab machine is not not squashed but this is a security problem) 2. sync the password used for authentication to the smbpasswd file on the samba server. This may be a problem with my config files, to tell you the truth I really dont understand exactly how to configure things in /etc/samba/smb.conf I am trying to use pam_mount to trigger the samba file on the samba server which then in turn has a line that uses pam_mkhomedir.so to create the home directories on first login. I am also trying to use pam_smbpass.so to sync the username and password to the smbpasswd file. here is my pam file for login: authrequisite pam_nologin.so session requiredpam_env.so readenv=1 authoptionalpam_smbpass.so migrate debug audit authsufficient pam_unix.so use_first_pass authrequiredpam_mount.so authrequiredpam_mysql.so ***Auth Stuff*** authoptionalpam_group.so account include common-account session include common-session session required pam_limits.so passwordincludecommon-password Please note: The reason I have the pam_smbpass line above the pam_unix line is because I need the pam_unix line to be sufficient so that local root logins are possible. If anyone has any suggestions or a better way to get the same result please let me know :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting rid of old network
I can't get rid of an old network I had configured on my Samba server, it was PDC on two subnets, and one of those nets are now gone. Still Samba tries to become PDC on the subnet (192.168.100.10). So, in my logs I get hundreds of these messages; [2007/07/26 22:38:57, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488) get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP 192.168.100.10 failed. Cannot get workgroup name. How can I clear that out? Anders. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: 2 questions about start_tls (was: Re: [Samba] TLS and ldap referals)
When I shutdown the PDC, logon to a windows client and update my password I get a domain unavailable error as expected. When I restart the master and do it again, evrything is OK. Therefore I guess the referal is chased and TLS is used, or did I miss something? I miserably screwed up my test. Sorry for the noise. It appears that I'm unable to make my BDC chase referrals (with or without TLS) though an ldapmodify gives me the correct referrals. I'm going back to docs ... [...] From man smb.conf: [...] Default: ldap ssl = start_tls This still puzzles me. In certain situations (e.g. SSL certificate problem) when I put explicitely ldap ssl = start_tls in my smb.conf I have [2007/07/26 16:43:28, 0] lib/smbldap.c:smb_ldap_start_tls(546) Failed to issue the StartTLS instruction: Connect error When I remove it everything is fine. Do I misunderstand the word Default? Regards, Thierry. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Subversion VFS Module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Huldt wrote: I read about a Subversion VFS Module at http://www.samba.org/samba/projects/summercode06.html Is this still moving? Nope. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGqLqEIR7qMdg1EfYRApPEAKDCJxGWb9WqvdBOvTEhErcV83uCQACdEDK1 /2LsAWROdoMXe4Y54nbdIcU= =fq8i -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: samba 4 svn23995 live CD release (maybe tp6?) dsa.msc works!
Whatever, I'll try this within this or next month. 在 2007-07-26四的 07:17 +0200,Ludek Finstrle写道: So, which part of documentation I should start from? What information normally user need? I don't know. What is the normal user (is it the one using windows :oD )? I think the doc should be pointed to network admins. Or probably I just teach them how to build from samba source, setup dns server, join windows into domain and use dsa.msc? It'll be very useful to describe your way. You can write down the doc you have used (URLs, files, etc), the problems you have encoutered and solved, ... Thanks, Luf 在 2007-07-24二的 11:55 +0200,Ludek Finstrle写道: Regarding the documentation, I affraid my lousy english make user become more confuse. Sorry for that. Don't affraid. A lot of people have problem with english. It's better to have some documentation instead of no one. It's easiear (less time consuming) to correct existing doc ;o) I think a lot of people will appreciate the documentation. Please. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC: Windows xp sp2 reboots when login onto domain
Dear all, I have installed Debian Etch (Samba 3.0.24) in PDC role, with 2 Windows XP SP2 clients. When I try to join the domain in any of the clients, the machine suddenly reboots (both). Both are fresh Windows installs. This is my smb.conf file. Any ideas? # Begin smb.conf # # /etc/samba/smb.conf # Samba configuration file # last updated: 25072007 by mendi [global] ### Basic Server Settings ### netbios name = BF server string = BlueFactory Samba Server workgroup = BLUEFACTORY ### PDC and master browsing settings ### security = user encrypt passwords = true domain logons = yes os level = 64 local master = yes preferred master = yes domain master = yes browse list = yes wins support = yes ### Security and performance ### syslog = 0 log file = /var/log/samba/bluefactory.log log level = 2 max log size = 5 # In Kilobytes hosts allow = 127.0.0.1 192.168.0.0/24 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 client schannel = yes server schannel = yes client signing = yes server signing = yes ### Pass backend ### passdb backend = tdbsam username map = /etc/samba/smbusers ### User Profiles and Home directories ### logon script = netlogon.cmd logon drive = Z:# Drive letter for home directory logon home = \\%L\%U\.profile # Profile location for 95/98. Only used by these. logon path = \\%L\profiles\%U # Profile location for NT/2000/XP ### Automatic machine account creation ### add machine script = /etc/samba/scripts/smb-addMachine %u ### UNIX and Windows account syncing ### add user script = /etc/samba/scripts/smb-addUser %u delete user script = /etc/samba/scripts/smb-rmUser %u add group script = /etc/samba/scripts/smb-addGroup %g delete group script = /etc/samba/scripts/smb-rmGroup %g add user to group script = /etc/samba/scripts/smb-addUserToGroup %u %g delete user from group script = /etc/samba/scripts/smb-rmUserFromGroup %u %g ### UNIX and Windows password syncing ### pam password change = yes # Los compartidos homes y netlogon son necesarios para el domino # [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 hide dot files = Yes # Manda un mensaje de bienvenida a los usuarios preexec = /etc/samba/scripts/smb-userLogin %u %m %S %I postexec = /etc/samba/scripts/smb-userLogout %u %m %S %I [netlogon] comment = Network Logon Service path = /mnt/raid/netlogon browseable = no writable = no preexec = /etc/samba/scripts/smb-userLogin %u %m %S %I postexec = /etc/samba/scripts/smb-userLogout %u %m %S %I [profiles] comment = Roaming Profile Share path = /mnt/raid/profiles browseable = yes guest ok = yes writable = yes read only = no # This stands for client-side caching policy, and specifies how # clients capable of offline caching will cache the files in the # share. The valid values are: manual, documents, programs, disable. # For example, shares containing roaming profiles can have offline # caching disabled using csc policy = disable. csc policy = disable # Esto es importante para versiones nuevas de Windows XP y 2000 profile acls = yes create mask = 0600 directory mask = 0700 preexec = /etc/samba/scripts/smb-userLogin %u %m %S %I postexec = /etc/samba/scripts/smb-userLogout %u %m %S %I [data] comment = Datos privados de BlueFactory path = /mnt/raid/pool browseable = no valid users = @bluefactory, @invitados read only = yes write list = @bluefactory force group = bluefactory create mask = 0664 directory mask = 2775 preexec = /etc/samba/scripts/smb-userLogin %u %m %S %I postexec = /etc/samba/scripts/smb-userLogout %u %m %S %I # End smb.conf # Cheers, Mendi signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't see clients in network neighborhood
Thanks for the help Fixed the bug by changing the browse setting from 65 to 20. -- Ismail On 7/26/07, Felipe Augusto van de Wiel [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ismail Settenda wrote, On 25-07-2007 10:07: Small bug here succesfully setup a samba file server as a domain controller . Thing is I can't see the clients in network neighborhood - only the file server. This seems to also be causing problems for central admin programs, which is a real concern. Can any one shed light on this? It would be better if we could check your config and or any logs, anyway, have you tried to use smbtree? Usually, it is a matter of time, try to set your DC as a 'preferred master' and 'local master', that would make your DC take care of browse lists, make sure you also have properly configured WINS and other name resourse in your network. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGqLmzCj65ZxU4gPQRCDcvAJ9DzYPAjpKKIarIRfpuDYNzq3t3GwCeK0N7 AU+DL3psa9EZ7G7qFszYtLg= =+GlF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unix password sync causes domain joining problem?
Hello, Today I've been trying to set up new test based on 3.0.25b. In some ways I've managed to join Windows machines to domain but not linux machine. All the time I get: test1:/etc# /opt/samba-3.0.25b/bin/net rpc join -U giedz%qwerty [2007/07/26 19:11:21, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(304) error setting trust account password: NT_STATUS_ACCESS_DENIED Unable to join domain GIEDZ. test1:/etc# I checked test1.log file and got: [2007/07/26 17:19:59, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/07/26 17:19:59, 10] lib/gencache.c:gencache_get(226) Returning valid cache entry: key = ACCT_POL/password history, value = 0 , timeout = Thu Jul 26 17:26:37 2007 [2007/07/26 17:19:59, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user test1$ [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is test1$ [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is TEST1$ [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in test1$ [2007/07/26 17:19:59, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [test1$]! [2007/07/26 17:19:59, 1] rpc_server/srv_samr_nt.c:set_user_info_pw(3410) chgpasswd: Username does not exist in system !?! [2007/07/26 17:19:59, 3] smbd/chgpasswd.c:chgpasswd(462) chgpasswd: Password change (as_root=Yes) for user: test1$ [2007/07/26 17:19:59, 0] smbd/chgpasswd.c:chgpasswd(521) chgpasswd: user test1$ doesn't exist in the UNIX password database. [2007/07/26 17:19:59, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (1001, 513) - sec_ctx_stack_ndx = 0 [2007/07/26 17:19:59, 5] rpc_parse/parse_prs.c:prs_debug(84) 00 samr_io_r_set_userinfo [2007/07/26 17:19:59, 5] rpc_parse/parse_prs.c:prs_ntstatus(769) status: NT_STATUS_ACCESS_DENIED Really strange...why UNIX password database since I have LDAP. In my smb.conf file I have: ldap passwd sync = No unix password sync = Yes passwd program = /opt/samba-3.0.25b/bin/spasswd.pl -u %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n Looks normal. However unix password sync = Yes prevents me from joining linux machine to domain. When I remove the line I can join domain well. I also found that if unix password sync = Yes my LDAP gets queries regarding test1$ (machine name) in ou=people tree which seems like a mistake/bug? Jul 26 17:19:59 zastest slapd[27192]: conn=82 op=1 SRCH base=ou=people,dc=giedz,dc=pl scope=1 deref=0 filter=((objec tClass=posixAccount)(uid=test1$)) Jul 26 17:19:59 zastest slapd[27192]: conn=82 op=1 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory login Shell gecos description objectClass Jul 26 17:19:59 zastest slapd[27192]: conn=82 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= or maybe I do something wrong? Can you please correct me or confirm this strange behaviour. Regards, Marcin -- ARISE M.Giedz, T.Żebruń sp.j. http: www.arise.pl mail: [EMAIL PROTECTED] tel: +48 502 537 157 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with Winbind and PAM
sorry here the configs
# /etc/pam.d/common-account - authorization settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authorization modules that define
# the central access policy for use on the system. The default is to
# only deny service to users whose accounts are expired in /etc/shadow.
#
account sufficient pam_winbind.so
account requiredpam_unix.so
# /etc/pam.d/common-auth - authentication settings common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of the authentication modules that define
# the central authentication scheme for use on the system
# (e.g., /etc/shadow, LDAP, Kerberos, etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
authsufficient pam_winbind.so
authrequiredpam_unix.so nullok_secure
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive). The default is pam_unix.
#
session requiredpam_mkhomedir.so skel=/etc/skel umask=0222
session sufficient pam_winbind.so
session requiredpam_unix.so
Original-Nachricht
Datum: Thu, 26 Jul 2007 06:29:17 -0500
Von: Gerald Jerry Carter - [EMAIL PROTECTED] [EMAIL PROTECTED]
An: [EMAIL PROTECTED]
CC: samba@lists.samba.org
Betreff: Re: [Samba] Samba with Winbind and PAM (trusted: samba.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
sry after reboot
getent passwd works
but login doesn't
i get an Authentication failed error
I don't remember you mentioning any changes to /etc/pam.{d/*,conf}.
cheers, jerry
=
Samba--- http://www.samba.org
Centeris --- http://www.centeris.com
What man is a man who does not make the world better? --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGqIVvIR7qMdg1EfYRAnKXAJ9aWr8MntA42q8nL1EXjMAnOOH0EQCgwDe2
Cxmx2lquZU4A2TkVne5sTr8=
=dGKK
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Using Unix/LDAP Log in Credentials for Security = User Share Authentication
All, I'm new to Samba so this may be a very easy fix, but I've not been able to find it anywhere online or in the /Samba-3 By Example/ book. I'm currently testing Samba 3.0.23c with an OpenLDAP v3 backend on CentOS 5. I am able to get OpenLDAP installed and running for authentication and can get Samba installed and configured well enough to request and accept a LDAP user name/password when browsing to a share. However, I would like Samba to just use the user name/password that I've used as my login credentials for this step as well. Currently when I browse to the share I am met with a dialog box that states: You must log in to access [EMAIL PROTECTED]/test. The dialog has a spot for user name, domain, and password. The user name and domain are filled in with the correct information, but the password is not. When I enter my log in password it lets me into the share correctly. When I log into a Windows 2000 machine using the same credentials I am able to browse the share exactly as I would like to on the Linux box. Also, both the Windows 2000 and Linux box were able to join the domain TEST and have accounts in the LDAP directory. Below is a copy of my smb.conf file (copied and edited from /Samba-3 By Example)/: [global] unix charset= LOCALE workgroup= TEST netbios name= CENTOS security= user interfaces= eth0, lo bind interfaces only= Yes passdb backend= ldapsam:ldap://192.168.3.240 username map= /etc/samba/smbusers log level= 1 syslog= 0 log file= /var/log/samba/%m max log size= 50 smb ports= 139 445 name resolve order= wins bcast hosts time server= Yes show add printer wizard= No add user script= /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script= /var/lib/samba/sbin/smbldap-userdel.pl -a -m '%u' add group script= /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script= /var/lib/samba/sbin/smbldap-groupdel.pl -p '%g' add user to group script= /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script= /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script= /var/lib/samba/sbin/smbldap-groupmod.pl -g '%g' '%u' add machine script= /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon script= scripts\logon.bat logon path= \\%L\profiles\%U logon drive= W: domain logons= Yes wins support= Yes ldap suffix= dc=braysing,dc=com ldap machine suffix= ou=user ldap user suffix= ou=user ldap group suffix= ou=Groups ldap idmap suffix= ou=Idmap ldap admin dn= ldap base dn uid idmap backend= ldap:ldap://192.168.3.240 idmap uid= 1-2 idmap gid= 1-2 map acl inherit= Yes printing= cups [IPC$] path = /tmp hosts allow = 192.168.3., 127. hosts deny = 0.0.0.0/0 [homes] comment= Home Directories valid users= %S read only= No browseable= No [printers] comment= SMB Print Spool path= /var/spool/samba guest ok= Yes printable= Yes browseable= No [apps] comment= Application Files path= /apps admin users= Administrator read only= No [netlogon] comment= Network Logon Service path= /var/lib/samba/netlogon guest ok= Yes locking= No [profiles] comment= Profile Share path= /var/lib/samba/profiles read only= No profile acls= Yes [print$] comment= Printer Drivers path= /var/lib/samba/drivers browseable= Yes guest ok= No read only= Yes write list= Administrator [test] comment= Test Share path= /u1 browseable= Yes guest ok= No read only= No Thanks in advance for all of your help. Brandon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with Winbind and PAM
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
sry after reboot
getent passwd works
but login doesn't
i get an Authentication failed error
I don't remember you mentioning any changes to /etc/pam.{d/*,conf}.
cheers, jerry
=
Samba--- http://www.samba.org
Centeris --- http://www.centeris.com
What man is a man who does not make the world better? --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGqIVvIR7qMdg1EfYRAnKXAJ9aWr8MntA42q8nL1EXjMAnOOH0EQCgwDe2
Cxmx2lquZU4A2TkVne5sTr8=
=dGKK
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Basic Overview of Active Directory with Samba Install
I apologize for posting such a newb question, but I am having problems configuring Samba for use in an Active Directory and after searching the archives... I am trying to configure Samba 3.0.25 as a node in out AD setup. Since I am writing here you can guess it is not working. Is there a basic how to for this topic out there, I am figuring I missed a simple and basic step along the way. Jeffrey M. Johnson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting rid of old network
Ray Anderson skrev: Just had this problem. Check your interfaces line in your smb.conf -- I fixed mine by changing from an IP to eth0 - substitute your actual eth device. -=Ray Anders Norrbring wrote: I can't get rid of an old network I had configured on my Samba server, it was PDC on two subnets, and one of those nets are now gone. Still Samba tries to become PDC on the subnet (192.168.100.10). So, in my logs I get hundreds of these messages; [2007/07/26 22:38:57, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488) get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP 192.168.100.10 failed. Cannot get workgroup name. How can I clear that out? Anders. Nope.. That didn't do it.. nmbd still tries to query the non-existant network; [2007/07/27 07:06:27, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488) get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP 192.168.100.10 failed. Cannot get workgroup name. It must be cached somewhere in a Samba binary file.. And it must be possible to clean it out, but I can't find how.. Anders. Anders. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
unpaid
PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r24054 - in branches: SAMBA_3_2/source/lib/replace/test SAMBA_3_2_0/source/lib/replace/test SAMBA_4_0/source/lib/replace/test
Author: vlendec
Date: 2007-07-26 07:48:14 + (Thu, 26 Jul 2007)
New Revision: 24054
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24054
Log:
Fix some warnings
Modified:
branches/SAMBA_3_2/source/lib/replace/test/testsuite.c
branches/SAMBA_3_2_0/source/lib/replace/test/testsuite.c
branches/SAMBA_4_0/source/lib/replace/test/testsuite.c
Changeset:
Modified: branches/SAMBA_3_2/source/lib/replace/test/testsuite.c
===
--- branches/SAMBA_3_2/source/lib/replace/test/testsuite.c 2007-07-26
07:27:46 UTC (rev 24053)
+++ branches/SAMBA_3_2/source/lib/replace/test/testsuite.c 2007-07-26
07:48:14 UTC (rev 24054)
@@ -519,7 +519,7 @@
{
printf(test: strtoll\n);
-#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(int64_t, %lld,
strtoll,str,base,res,diff,errnoo)
+#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(long long int,
%lld, strtoll,str,base,res,diff,errnoo)
TEST_STRTOLL(15, 10, 15LL, 2, 0);
TEST_STRTOLL( 15,10, 15LL, 4, 0);
@@ -618,7 +618,7 @@
{
printf(test: strtoull\n);
-#define TEST_STRTOULL(str,base,res,diff,errnoo)
TEST_STRTO_X(uint64_t,%llu,strtoull,str,base,res,diff,errnoo)
+#define TEST_STRTOULL(str,base,res,diff,errnoo) TEST_STRTO_X(long long
unsigned int,%llu,strtoull,str,base,res,diff,errnoo)
TEST_STRTOULL(15, 10, 15LLU, 2, 0);
TEST_STRTOULL( 15, 10, 15LLU, 4, 0);
Modified: branches/SAMBA_3_2_0/source/lib/replace/test/testsuite.c
===
--- branches/SAMBA_3_2_0/source/lib/replace/test/testsuite.c2007-07-26
07:27:46 UTC (rev 24053)
+++ branches/SAMBA_3_2_0/source/lib/replace/test/testsuite.c2007-07-26
07:48:14 UTC (rev 24054)
@@ -519,7 +519,7 @@
{
printf(test: strtoll\n);
-#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(int64_t, %lld,
strtoll,str,base,res,diff,errnoo)
+#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(long long int,
%lld, strtoll,str,base,res,diff,errnoo)
TEST_STRTOLL(15, 10, 15LL, 2, 0);
TEST_STRTOLL( 15,10, 15LL, 4, 0);
@@ -618,7 +618,7 @@
{
printf(test: strtoull\n);
-#define TEST_STRTOULL(str,base,res,diff,errnoo)
TEST_STRTO_X(uint64_t,%llu,strtoull,str,base,res,diff,errnoo)
+#define TEST_STRTOULL(str,base,res,diff,errnoo) TEST_STRTO_X(long long
unsigned int,%llu,strtoull,str,base,res,diff,errnoo)
TEST_STRTOULL(15, 10, 15LLU, 2, 0);
TEST_STRTOULL( 15, 10, 15LLU, 4, 0);
Modified: branches/SAMBA_4_0/source/lib/replace/test/testsuite.c
===
--- branches/SAMBA_4_0/source/lib/replace/test/testsuite.c 2007-07-26
07:27:46 UTC (rev 24053)
+++ branches/SAMBA_4_0/source/lib/replace/test/testsuite.c 2007-07-26
07:48:14 UTC (rev 24054)
@@ -519,7 +519,7 @@
{
printf(test: strtoll\n);
-#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(int64_t, %lld,
strtoll,str,base,res,diff,errnoo)
+#define TEST_STRTOLL(str,base,res,diff,errnoo) TEST_STRTO_X(long long int,
%lld, strtoll,str,base,res,diff,errnoo)
TEST_STRTOLL(15, 10, 15LL, 2, 0);
TEST_STRTOLL( 15,10, 15LL, 4, 0);
@@ -618,7 +618,7 @@
{
printf(test: strtoull\n);
-#define TEST_STRTOULL(str,base,res,diff,errnoo)
TEST_STRTO_X(uint64_t,%llu,strtoull,str,base,res,diff,errnoo)
+#define TEST_STRTOULL(str,base,res,diff,errnoo) TEST_STRTO_X(long long
unsigned int,%llu,strtoull,str,base,res,diff,errnoo)
TEST_STRTOULL(15, 10, 15LLU, 2, 0);
TEST_STRTOULL( 15, 10, 15LLU, 4, 0);
svn commit: samba r24058 - in branches: SAMBA_3_2/source/libads SAMBA_3_2_0/source/libads
Author: vlendec
Date: 2007-07-26 17:27:03 + (Thu, 26 Jul 2007)
New Revision: 24058
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24058
Log:
Fix some memory leaks in ads_secrets_verify_ticket.
Jeremy, G?\195?\188nther, please review!
Thanks,
Volker
Modified:
branches/SAMBA_3_2/source/libads/kerberos_verify.c
branches/SAMBA_3_2_0/source/libads/kerberos_verify.c
Changeset:
Modified: branches/SAMBA_3_2/source/libads/kerberos_verify.c
===
--- branches/SAMBA_3_2/source/libads/kerberos_verify.c 2007-07-26 16:39:48 UTC
(rev 24057)
+++ branches/SAMBA_3_2/source/libads/kerberos_verify.c 2007-07-26 17:27:03 UTC
(rev 24058)
@@ -274,6 +274,7 @@
auth_ok = True;
krb5_copy_keyblock(context, key, keyblock);
krb5_free_keyblock(context, key);
+ SAFE_FREE(key);
break;
}
@@ -285,10 +286,12 @@
if (ret == KRB5KRB_AP_ERR_TKT_NYV ||
ret == KRB5KRB_AP_ERR_TKT_EXPIRED ||
ret == KRB5KRB_AP_ERR_SKEW) {
+ SAFE_FREE(key);
break;
}
krb5_free_keyblock(context, key);
+ SAFE_FREE(key);
}
Modified: branches/SAMBA_3_2_0/source/libads/kerberos_verify.c
===
--- branches/SAMBA_3_2_0/source/libads/kerberos_verify.c2007-07-26
16:39:48 UTC (rev 24057)
+++ branches/SAMBA_3_2_0/source/libads/kerberos_verify.c2007-07-26
17:27:03 UTC (rev 24058)
@@ -274,6 +274,7 @@
auth_ok = True;
krb5_copy_keyblock(context, key, keyblock);
krb5_free_keyblock(context, key);
+ SAFE_FREE(key);
break;
}
@@ -285,10 +286,12 @@
if (ret == KRB5KRB_AP_ERR_TKT_NYV ||
ret == KRB5KRB_AP_ERR_TKT_EXPIRED ||
ret == KRB5KRB_AP_ERR_SKEW) {
+ SAFE_FREE(key);
break;
}
krb5_free_keyblock(context, key);
+ SAFE_FREE(key);
}
svn commit: samba-web r1135 - in trunk/cifs: .
Author: sfrench Date: 2007-07-26 21:20:01 + (Thu, 26 Jul 2007) New Revision: 1135 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1135 Log: Update with link to new cifs backport version 1.50 Modified: trunk/cifs/cifs_download.html Changeset: Modified: trunk/cifs/cifs_download.html === --- trunk/cifs/cifs_download.html 2007-07-26 21:19:39 UTC (rev 1134) +++ trunk/cifs/cifs_download.html 2007-07-26 21:20:01 UTC (rev 1135) @@ -34,7 +34,7 @@ TDcifs.ko kernel module (source code)/TD TD width=76A href=http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.34a-SLES9.tar.gz;fs/cifs/ src 1.34a/A/TD TD width=270A href=ftp://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.34-RHEL4a.tar.gz;fs/cifs src 1.34a/A/TD - TDA href=http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.34a.tar.gz;fs/cifs src 1.34a/A/TD + TDA href=http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.50.tar.gz;fs/cifs src 1.50/A/TD /TR TR TDcifs.ko kernel module (prebuilt for x86 default kernel)/TD @@ -122,4 +122,4 @@ /DIV /DIV /BODY -/HTML \ No newline at end of file +/HTML
svn commit: samba-web r1134 - in trunk: .
Author: sfrench Date: 2007-07-26 21:19:39 + (Thu, 26 Jul 2007) New Revision: 1134 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1134 Log: Update link to new cifs version (1.50). Modified: trunk/Linux_CIFS_client.html Changeset: Modified: trunk/Linux_CIFS_client.html === --- trunk/Linux_CIFS_client.html2007-07-26 21:11:19 UTC (rev 1133) +++ trunk/Linux_CIFS_client.html2007-07-26 21:19:39 UTC (rev 1134) @@ -14,14 +14,11 @@ PBRBRnbsp; /P PLATEST UPDATES – cifs user's guide documentation is now -available on samba.org. cifs vfs version 1.48 is accepted into -mainline kernel (2.6.21) which includes spectacularly better write -performance for some common small sequential write workloads. cifs -1.49 includes support for ipv6 and also much better mkdir performance -to Samba 3.0.25 (which leverages the newest CIFS POSIX protocol -extensions). A backported version of cifs 1.48 which builds on old -kernel versions is also available. cifs vfs 1.49 is current in the -cifs-2.6.git tree./P +available on samba.org. cifs vfs version 1.50 is accepted into +mainline kernel (2.6.23-rc1) and includes improved POSIX delete +as well as bug fixes (e.g. for NTLMv2 signing). +A backported version of cifs 1.50 which builds on old +kernel versions is also available./P TABLE WIDTH=100% BORDER=0 CELLPADDING=2 CELLSPACING=2 TR TD COLSPAN=2 BGCOLOR=#ee @@ -83,9 +80,7 @@ the other features being planned for future releases.nbsp;nbsp; The CIFS VFS has been tested with Linux 2.4.14 and later as well as regular testing on Linux 2.6 (and has been in the kernel source - starting with Linux kernel 2.5.42. The CIFS client is no longer - considered quot;expirementalquot; in Linux versions after 2.6.7 - (cifs version 1.19) or later. Testing has been done on various + starting with Linux kernel 2.5.42. Testing has been done on various hardware architectures including x86 and even big endian zSeries hardware.nbsp;nbsp; The cifs and smbfs file systems can coexist on the same system and do not conflict. BRnbsp; @@ -94,8 +89,8 @@ compile on 2.4 kernels, not just older 2.6. kernel versions). To download replacement files for the fs/cifs directory which includes a relatively recent version of the cifs vfs which has - been backported to build on various earlier kernels click A HREF=http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.48a.tar.gz;cifs - 1.48a for 2.6 kernels/A (released April 4th, 2007)./P + been backported to build on various earlier kernels (2.6.14 or later) click A HREF=http://pserver.samba.org/samba/ftp/cifs-cvs/cifs-1.50.tar.gz;cifs + 1.50 for 2.6 kernels/A (released July 25th, 2007)./P PCIFS VFS is licensed under the A HREF=http://www.gnu.org/copyleft/gpl.html;GNU General Public License/A version 2 or later.nbsp;/P /TD @@ -111,4 +106,4 @@ PBRBR /P /BODY -/HTML \ No newline at end of file +/HTML
svn commit: samba r24059 - in branches/SAMBA_4_0/source: rpc_server/samr torture/rpc
Author: abartlet Date: 2007-07-27 02:07:17 + (Fri, 27 Jul 2007) New Revision: 24059 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24059 Log: Fix bug 4822 reported by Matthias Walln?\195?\182fer [EMAIL PROTECTED]. Any SAMR client (usrmgr.exe in this case) that attempted to set a property to a zero length string found instead the the old value was kept. In fixing this, rework the macros to be cleaner (add the always-present .string) to every macro, and remove the use of the samdb_modify() and samdb_replace() wrappers where possible. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c branches/SAMBA_4_0/source/torture/rpc/samr.c Changeset: Sorry, the patch is too large (673 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24059
svn commit: samba r24057 - in branches/SAMBA_3_2/source/utils: .
Author: vlendec
Date: 2007-07-26 16:39:48 + (Thu, 26 Jul 2007)
New Revision: 24057
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24057
Log:
Fix some uninitialized variables found by the IBM checker
Modified:
branches/SAMBA_3_2/source/utils/net_rpc_registry.c
Changeset:
Modified: branches/SAMBA_3_2/source/utils/net_rpc_registry.c
===
--- branches/SAMBA_3_2/source/utils/net_rpc_registry.c 2007-07-26 16:01:12 UTC
(rev 24056)
+++ branches/SAMBA_3_2/source/utils/net_rpc_registry.c 2007-07-26 16:39:48 UTC
(rev 24057)
@@ -70,6 +70,8 @@
NTSTATUS status;
struct winreg_String key;
+ ZERO_STRUCT(key);
+
if (!reg_hive_key(name, hive, key.name)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -330,6 +332,8 @@
return werror_to_ntstatus(err);
}
+ ZERO_STRUCT(name_string);
+
name_string.name = name;
result = rpccli_winreg_SetValue(pipe_hnd, blob.data, key_hnd,
name_string, value-type,
@@ -417,6 +421,8 @@
NTSTATUS status;
struct winreg_String valuename;
+ ZERO_STRUCT(valuename);
+
status = registry_openkey(mem_ctx, pipe_hnd, argv[0], REG_KEY_WRITE,
hive_hnd, key_hnd);
if (!NT_STATUS_IS_OK(status)) {
@@ -467,6 +473,9 @@
enum winreg_CreateAction action;
NTSTATUS status;
+ ZERO_STRUCT(key);
+ ZERO_STRUCT(keyclass);
+
if (!reg_hive_key(argv[0], hive, key.name)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -533,6 +542,8 @@
struct winreg_String key;
NTSTATUS status;
+ ZERO_STRUCT(key);
+
if (!reg_hive_key(argv[0], hive, key.name)) {
return NT_STATUS_INVALID_PARAMETER;
}
svn commit: samba r24056 - in branches/SAMBA_3_2/source/smbd: .
Author: vlendec Date: 2007-07-26 16:01:12 + (Thu, 26 Jul 2007) New Revision: 24056 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24056 Log: Another big one: This converts reply_sesssetup_and_X to the new API. As usual, its history can be found on http://samba.org/~vlendec/sesssetup/. This very obviously needs close review. Volker Modified: branches/SAMBA_3_2/source/smbd/process.c branches/SAMBA_3_2/source/smbd/sesssetup.c Changeset: Sorry, the patch is too large (999 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24056
svn commit: samba r24055 - in branches: SAMBA_3_0 SAMBA_3_0_25 SAMBA_3_0_26 SAMBA_3_2 SAMBA_3_2_0
Author: jerry Date: 2007-07-26 12:08:13 + (Thu, 26 Jul 2007) New Revision: 24055 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24055 Log: Remove a reference to the outdated samba-docs mailing list. This entire README really needs to be overhauled at some point. Modified: branches/SAMBA_3_0/README branches/SAMBA_3_0_25/README branches/SAMBA_3_0_26/README branches/SAMBA_3_2/README branches/SAMBA_3_2_0/README Changeset: Modified: branches/SAMBA_3_0/README === --- branches/SAMBA_3_0/README 2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_0/README 2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST Modified: branches/SAMBA_3_0_25/README === --- branches/SAMBA_3_0_25/README2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_0_25/README2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST Modified: branches/SAMBA_3_0_26/README === --- branches/SAMBA_3_0_26/README2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_0_26/README2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST Modified: branches/SAMBA_3_2/README === --- branches/SAMBA_3_2/README 2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_2/README 2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST Modified: branches/SAMBA_3_2_0/README === --- branches/SAMBA_3_2_0/README 2007-07-26 07:48:14 UTC (rev 24054) +++ branches/SAMBA_3_2_0/README 2007-07-26 12:08:13 UTC (rev 24055) @@ -134,9 +134,9 @@ A list of Samba documentation in languages other than English is available on the web page. -If you would like to help with the documentation (and we _need_ help!) -then have a look at the mailing list samba-docs, archived at -http://lists.samba.org/listinfo/samba-docs/ +If you would like to help with the documentation, please coodinate +on the [EMAIL PROTECTED] mailing list. See the next section for details +on subscribing to samba mailing lists. MAILING LIST
Build status as of Fri Jul 27 00:00:01 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-07-26 00:00:46.0 + +++ /home/build/master/cache/broken_results.txt 2007-07-27 00:00:32.0 + @@ -1,10 +1,10 @@ -Build status as of Thu Jul 26 00:00:02 2007 +Build status as of Fri Jul 27 00:00:01 2007 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 35 8 0 +ccache 34 8 0 ctdb 0 0 0 distcc 2 0 0 ldb 35 4 0 @@ -16,9 +16,9 @@ rsync36 13 0 samba-docs 0 0 0 samba-gtk3 3 0 -samba4 33 30 6 +samba4 32 30 4 samba_3_236 21 0 smb-build33 33 0 -talloc 36 1 0 -tdb 34 3 0 +talloc 35 1 0 +tdb 35 3 0
svn commit: samba-web r1133 - in trunk: .
Author: sfrench Date: 2007-07-26 21:11:19 + (Thu, 26 Jul 2007) New Revision: 1133 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1133 Log: Add link to CIFS Unix Extensions wiki Modified: trunk/CIFS_POSIX_extensions.html Changeset: Modified: trunk/CIFS_POSIX_extensions.html === --- trunk/CIFS_POSIX_extensions.html2007-07-09 17:12:37 UTC (rev 1132) +++ trunk/CIFS_POSIX_extensions.html2007-07-26 21:11:19 UTC (rev 1133) @@ -1,7 +1,7 @@ !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN !-- saved from url=(0049)http://www.samba.org/samba/Linux_CIFS_client.html -- HTMLHEAD -TITLECIFS POSIX Protocol/TITLE +TITLECIFS POSIX Protocol/TITLE META http-equiv=Content-Type content=text/html; charset=iso-8859-1 META content=IBM WebSphere Studio Homepage Builder V6.0.2 for Windows name=GENERATOR META http-equiv=Content-Style-Type content=text/css @@ -9,7 +9,7 @@ BODY onload=document.mirrorForm.mirrorLocation.selectedIndex=0BR BR nbsp; -PLATEST UPDATES - CIFS POSIX Extensions presented at the 2006 Storage Developer Conference hosted by SNIA./P +PLATEST UPDATES - CIFS POSIX Extensions presented at the 2007 Ottawa Linux Symposium and at Connectathon. Overview of the most current version will be presented at 2007 Storage Developer Conference in September/P TABLE cellSpacing=2 cellPadding=2 width=100% border=0 CAPTION /CAPTION @@ -28,18 +28,20 @@ TR TD vAlign=top width=20% bgColor=#ee!-- Menu (Left Column) --!-- Menu -- CENTERIMG alt=http://us1.samba.org/samba/images/cifs-rail.jpg; src=samba/images/cifs-rail.jpg/CENTER - A href=http://en.wikipedia.org/wiki/CIFS;What is the CIFS Protocol?A - PA - href=mailto:[EMAIL PROTECTED]@us.ibm.comQuestions to developers/Anbsp;/P - UL -LIA href=ftp://ftp.microsoft.com/developr/drg/cifs/; Older Specifications/A - LIA href=http://ubiqx.org/cifs/References.html;Miscellaneous references to SMB/CIFS and loosely related protocols/A - LIA href=http://samba.org/samba/ftp/cifs-cvs/snia-developer-2006-cifs-extensions.pdf;Presentations/A -LIA href=http://www.snia.org/tech_activities/CIFS/CIFS-TR-1p00_FINAL.pdf;SNIA +P +UL +LIA href=http://en.wikipedia.org/wiki/CIFS;What is the CIFS Protocol?/A +LIA href=http://wiki.samba.org/index.php/UNIX_Extensions;Unix Extensions Documentation (wiki)/A +LIA href=ftp://ftp.microsoft.com/developr/drg/cifs/; Older Specifications/A +LIA href=http://ubiqx.org/cifs/References.html;Miscellaneous references to SMB/CIFS and loosely related protocols/A +LIA href=http://samba.org/samba/ftp/cifs-cvs/snia-developer-2006-cifs-extensions.pdf;Presentations/A +LIA href=http://www.snia.org/tech_activities/CIFS/CIFS-TR-1p00_FINAL.pdf;SNIA CIFS Specification/Anbsp; - LIA href=http://www.ietf.org/internet-drafts/draft-crhertel-smb-url-11.txt;SMB URL Specification/Anbsp; +LIA href=http://www.ietf.org/internet-drafts/draft-crhertel-smb-url-11.txt;SMB URL Specification/Anbsp; LIA href=http://www.ubiqx.org/cifs/;Implementing CIFS (Online Book)/Anbsp; - /UL + /UL/P +PA href=mailto:[EMAIL PROTECTED]@us.ibm.comQuestions to developers/Anbsp;/P + /TD TD vAlign=top bgColor=#ff!-- Main Contents -- PThe CIFS POSIX Extensions are protocol extensions to enable POSIX compliant
svn commit: samba r24060 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules dsdb/schema setup
Author: abartlet
Date: 2007-07-27 03:08:15 + (Fri, 27 Jul 2007)
New Revision: 24060
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24060
Log:
Fix bug #4806 by Matthias Walln?\195?\182fer [EMAIL PROTECTED]: We need to
include the attribute allowedChildClassesEffective for MMC to allow
the creation of containers.
This may need further refinement, but it seems to work for now.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
branches/SAMBA_4_0/source/dsdb/schema/schema.h
branches/SAMBA_4_0/source/dsdb/schema/schema_init.c
branches/SAMBA_4_0/source/setup/provision_users_modify.ldif
Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
2007-07-27 02:07:17 UTC (rev 24059)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
2007-07-27 03:08:15 UTC (rev 24060)
@@ -107,13 +107,15 @@
enum user_is user_type;
bool allowedAttributes;
bool allowedAttributesEffective;
+ bool allowedChildClasses;
+ bool allowedChildClassesEffective;
const char **attrs;
};
/* read all objectClasses */
static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct
ldb_message *msg,
-const char *attrName)
+ const char *attrName)
{
struct ldb_message_element *oc_el;
struct ldb_message_element *allowedAttributes;
@@ -129,12 +131,13 @@
we alter the element array in ldb_msg_add_empty() */
oc_el = ldb_msg_find_element(msg, objectClass);
- for (i=0; i oc_el-num_values; i++) {
+ for (i=0; oc_el i oc_el-num_values; i++) {
class = dsdb_class_by_lDAPDisplayName(schema, (const char
*)oc_el-values[i].data);
if (!class) {
/* We don't know this class? what is going on? */
continue;
}
+
for (j=0; class-mayContain class-mayContain[j]; j++) {
ldb_msg_add_string(msg, attrName, class-mayContain[j]);
}
@@ -169,7 +172,58 @@
return 0;
}
+/* read all objectClasses */
+static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message
*msg,
+ const char *attrName)
+{
+ struct ldb_message_element *oc_el;
+ struct ldb_message_element *allowedClasses;
+ const struct dsdb_schema *schema = dsdb_get_schema(ldb);
+ const struct dsdb_class *class;
+ int i, j, ret;
+ ret = ldb_msg_add_empty(msg, attrName, 0, allowedClasses);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ /* To ensure that oc_el is valid, we must look for it after
+ we alter the element array in ldb_msg_add_empty() */
+ oc_el = ldb_msg_find_element(msg, objectClass);
+
+ for (i=0; oc_el i oc_el-num_values; i++) {
+ class = dsdb_class_by_lDAPDisplayName(schema, (const char
*)oc_el-values[i].data);
+ if (!class) {
+ /* We don't know this class? what is going on? */
+ continue;
+ }
+
+ for (j=0; class-possibleInferiors
class-possibleInferiors[j]; j++) {
+ ldb_msg_add_string(msg, attrName,
class-possibleInferiors[j]);
+ }
+ }
+
+ if (allowedClasses-num_values 1) {
+ qsort(allowedClasses-values,
+ allowedClasses-num_values,
+ sizeof(*allowedClasses-values),
+ (comparison_fn_t)data_blob_cmp);
+
+ for (i=1 ; i allowedClasses-num_values; i++) {
+ struct ldb_val *val1 = allowedClasses-values[i-1];
+ struct ldb_val *val2 = allowedClasses-values[i];
+ if (data_blob_cmp(val1, val2) == 0) {
+ memmove(val1, val2, (allowedClasses-num_values
- i) * sizeof( struct ldb_val));
+ allowedClasses-num_values--;
+ i--;
+ }
+ }
+ }
+
+ return 0;
+
+}
+
/* find all attributes allowed by all these objectClasses */
static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct
ldb_reply *ares)
@@ -194,8 +248,15 @@
ret = kludge_acl_allowedAttributes(ldb, ares-message,
allowedAttributes);
if (ret != LDB_SUCCESS) {
return ret;
+
}
}
+ if (ac-allowedChildClasses) {
+ ret = kludge_acl_childClasses(ldb, ares-message,
allowedChildClasses);
+ if (ret
svn commit: samba r24053 - in branches/SAMBA_4_0/source: rpc_server/samr torture/rpc
Author: abartlet
Date: 2007-07-26 07:27:46 + (Thu, 26 Jul 2007)
New Revision: 24053
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24053
Log:
Ensure we filter EnumDomainUsers with the supplied mask.
Should fix another part (list of domains in usrmgr incorrectly
including accounts) of bug #4815 by [EMAIL PROTECTED]
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c
branches/SAMBA_4_0/source/torture/rpc/samr.c
Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c
===
--- branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-26
03:50:24 UTC (rev 24052)
+++ branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c 2007-07-26
07:27:46 UTC (rev 24053)
@@ -1428,9 +1428,9 @@
struct dcesrv_handle *h;
struct samr_domain_state *d_state;
struct ldb_message **res;
- int count, i, first;
+ int count, num_filtered_entries, i, first;
struct samr_SamEntry *entries;
- const char * const attrs[3] = { objectSid, sAMAccountName, NULL };
+ const char * const attrs[] = { objectSid, sAMAccountName,
userAccountControl, NULL };
*r-out.resume_handle = 0;
r-out.sam = NULL;
@@ -1456,27 +1456,31 @@
if (!entries) {
return NT_STATUS_NO_MEMORY;
}
+ num_filtered_entries = 0;
for (i=0;icount;i++) {
- entries[i].idx = samdb_result_rid_from_sid(mem_ctx, res[i],
objectSid, 0);
- entries[i].name.string = samdb_result_string(res[i],
sAMAccountName, );
+ /* Check if a mask has been requested */
+ if (r-in.acct_flags
+((samdb_result_acct_flags(res[i],
+userAccountControl)
r-in.acct_flags) == 0)) {
+ continue;
+ }
+ entries[num_filtered_entries].idx =
samdb_result_rid_from_sid(mem_ctx, res[i], objectSid, 0);
+ entries[num_filtered_entries].name.string =
samdb_result_string(res[i], sAMAccountName, );
+ num_filtered_entries++;
}
/* sort the results by rid */
- qsort(entries, count, sizeof(struct samr_SamEntry),
+ qsort(entries, num_filtered_entries, sizeof(struct samr_SamEntry),
(comparison_fn_t)compare_SamEntry);
/* find the first entry to return */
for (first=0;
-firstcount entries[first].idx = *r-in.resume_handle;
+firstnum_filtered_entries entries[first].idx =
*r-in.resume_handle;
first++) ;
- if (first == count) {
- return NT_STATUS_OK;
- }
-
/* return the rest, limit by max_size. Note that we
use the w2k3 element size value of 54 */
- r-out.num_entries = count - first;
+ r-out.num_entries = num_filtered_entries - first;
r-out.num_entries = MIN(r-out.num_entries,
1+(r-in.max_size/SAMR_ENUM_USERS_MULTIPLIER));
@@ -1488,7 +1492,11 @@
r-out.sam-entries = entries+first;
r-out.sam-count = r-out.num_entries;
- if (r-out.num_entries count - first) {
+ if (first == num_filtered_entries) {
+ return NT_STATUS_OK;
+ }
+
+ if (r-out.num_entries num_filtered_entries - first) {
*r-out.resume_handle = entries[first+r-out.num_entries-1].idx;
return STATUS_MORE_ENTRIES;
}
Modified: branches/SAMBA_4_0/source/torture/rpc/samr.c
===
--- branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-26 03:50:24 UTC
(rev 24052)
+++ branches/SAMBA_4_0/source/torture/rpc/samr.c2007-07-26 07:27:46 UTC
(rev 24053)
@@ -2861,43 +2861,101 @@
return ret;
}
-static BOOL test_EnumDomainUsers(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
-struct policy_handle *handle)
+static BOOL check_mask(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle, uint32_t rid,
+ uint32_t acct_flag_mask)
{
NTSTATUS status;
- struct samr_EnumDomainUsers r;
- uint32_t resume_handle=0;
- int i;
+ struct samr_OpenUser r;
+ struct samr_QueryUserInfo q;
+ struct policy_handle user_handle;
BOOL ret = True;
- struct samr_LookupNames n;
- struct samr_LookupRids lr ;
- printf(Testing EnumDomainUsers\n);
+ printf(Testing OpenUser(%u)\n, rid);
r.in.domain_handle = handle;
- r.in.resume_handle = resume_handle;
- r.in.acct_flags = 0;
- r.in.max_size = (uint32_t)-1;
- r.out.resume_handle = resume_handle;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ r.in.rid = rid;
+ r.out.user_handle = user_handle;
