Re: Re-2: [Samba] limit login
Volker Lendecke wrote:
On Wed, Sep 05, 2007 at 12:14:25PM +, [EMAIL PROTECTED] wrote:
yes please this would fix problems with have with user
loggin on at one end of the site then at the other later.
Just to make sure:
You are aware that once someone has logged in an
administrator has to reset that account. This is *NOT*
automatic if the user logs out from his first
workstation. That functionality is impossible to achieve for
us, Windows does not tell us when the user logs out.
Maybe I'm being naïve, or maybe it's just that I don't need this
functionality for anything, but I'd solve it by running regularly (every
hour, every ten minutes, whatever you determine appropriate) something
like this script:
#!/bin/bash
smbstatus -b | awk '{print nobody = $2}' /etc/samba/smb.usermap
Then set username map = /etc/samba/smb.usermap in smb.conf. This should
cause any user who have a share mapped not to be able to authenticate
because their password is tested with the user nobody - until they are
logged out AND the script is run again.
Untested, and in need of refining, loose the top lines from smbstatus -b
for instance, but a start?
-BT
--
Bjørn Tore Sund Phone: 555-84894 Email: [EMAIL PROTECTED]
IT department VIP: 81724 Support: http://bs.uib.no
Univ. of Bergen
When in fear and when in doubt, run in circles, scream and shout.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-2: [Samba] limit login
Greeting Pascal,
Here a code I have made yesterday. It's surely not a great piece of
code, but it's work with Windows client.
First in the netlogon section of your smb.conf, add the line:
root preexec = /pathof the scripts/test.sh %u %m
I don't have try this script with the log level with another value than
0. ( log level = 0 passdb:4 auth:4 vfs:2). The result of smbstatus was
different. Create now a script named test.sh. A error I can see is the
out.txt if multiple user log in the same tome. Maybe change this by %u.txt.
-BEGIN--
#! /bin/bash
username=$1
machine=$2
if `smbstatus -Sp | grep ${username} | grep -v ${machine}
1/dev/null 21`
then
#echo Deja connecte
smbstatus -Sp | grep ${machine} 1/dev/null 21 out.txt
PID =`gawk -F: '{ print $1 }' out.txt | cut -d -f1`
kill $PID
else
#echo Nouvelle connexion
exit 0
fi
-END--
au plaisir,
Robert
--
Cybionet - Solution reseautique
http://www.cybionet.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind and LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel L. Miller wrote: I've been having a miserable time trying to get Winbind working. All of the literature I've found seems to indicate it just works - which I'd love - but it hasn't gone that way for me. Because I'm already using LDAP, it seemed to make sense to use the LDAP support for Winbind. But Winbind continues to give errors and generally be unhappy. Besides using the current schema, and setting the idmap parameters in smb.conf - is there another magic trick to getting it to work? That's pretty much it. The idmap suffix container has to already exist and be writeable by the ldap admin dn. I'd suggest you get Winbind working with the tdb backend first though to make sure you understand how things work. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG3+L3IR7qMdg1EfYRAuT0AJsEMbYhFcQkKsL6F9KOLvJvaIm85ACgubRc JTsSOvQcCb4sbY8bZJmkE5o= =G+ZB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-2: [Samba] limit login
You are aware that once someone has logged in an
administrator has to reset that account. This is *NOT*
automatic if the user logs out from his first
workstation. That functionality is impossible to achieve for
us, Windows does not tell us when the user logs out.
Maybe I'm being naïve, or maybe it's just that I don't need this
functionality for anything, but I'd solve it by running regularly (every
hour, every ten minutes, whatever you determine appropriate) something
like this script:
#!/bin/bash
smbstatus -b | awk '{print nobody = $2}' /etc/samba/smb.usermap
No, this does not work.
Then set username map = /etc/samba/smb.usermap in smb.conf. This should
cause any user who have a share mapped not to be able to authenticate
because their password is tested with the user nobody - until they are
logged out AND the script is run again.
Untested, and in need of refining, loose the top lines from smbstatus -b
for instance, but a start?
The output of smbstatus is not terribly useful for this kind of purpose.
You may see users listed after they have disconnected and you have to
deal with that connections may drop and be recreated (deadtime, etc...)
- none of which is tightly coupled with a logon/logoff event. smbstatus
doesn't provide sufficient information to solve the
sign-on-to-single-workstation problem.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File sharing and Active Directory
Hi, my question is pretty complicated. I have a server SLES 10 with Samba 3.0.22, with authentication from a Windows 2003 server via Active Directory. I would like to configure a share of a folder in which can access only the users of a pre-determined (security) group. But I cannot figure how configure Samba to do this... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File sharing and Active Directory
I have a server SLES 10 with Samba 3.0.22, with authentication from a
Windows 2003 server via Active Directory.
I would like to configure a share of a folder in which can access only
the users of a pre-determined (security) group.
But I cannot figure how configure Samba to do this...
The traditional way of valid users = @{groupname} or just right click
on the share and set the permissions from an XP or later client.
--
Adam Tauno Williams, Network Systems Administrator
Consultant - http://www.whitemiceconsulting.com
Developer - http://www.opengroupware.org
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems with VFS_FAKE_PERMS
Hi, I want to use the module VFS_FAKE_PERMS for roaming profiles. When I use the option writeable = yes (see config [1]) the user profiles are write back the server (but they shouldn't, right?). If I delete the writeable-option (see [2]) windows brings an error when logging off: Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. (Event ID: 1504) [1] [profiles] path = path-to-profile-folder browseable = no writeable = yes guest ok = yes vfs objects = fake_perms [2] [profiles] path = path-to-profile-folder browseable = no guest ok = yes vfs objects = fake_perms Any ideas? Thanks, Alex -- * Alexander Födisch - Central IT Department- Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 D-04103 Leipzig Germany Phone: +49 (0)341 3550-168 +49 (0)341 3550-154 Fax:+49 (0)341 3550-119 Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with VFS_FAKE_PERMS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Födisch wrote: Hi, I want to use the module VFS_FAKE_PERMS for roaming profiles. When I use the option writeable = yes (see config [1]) the user profiles are write back the server (but they shouldn't, right?). If I delete the writeable-option (see [2]) windows brings an error when logging off: Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. (Event ID: 1504) [1] [profiles] path = path-to-profile-folder browseable = no writeable = yes guest ok = yes vfs objects = fake_perms [2] [profiles] path = path-to-profile-folder browseable = no guest ok = yes vfs objects = fake_perms Any ideas? AFAICR, you can instead change something in the profiles themselves to make them mandatory and make Windows uninterested in writing them back to to server (something with changing the extension on NTUSER.DAT or something). This may solve your problem, but perhaps someone who knows better will chime in. - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4Ag6mb+gadEcsb4RAnZpAJsFF192mhyWyujmFtMbJKt80jW3ywCgjeFn cHzt6BLPTKAVFWoumMjHYt8= =RxT2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-2: [Samba] limit login
I think that combining 'root preexec' with a script and 'utmp = Yes'
allows easily these checks.
the w command shows who is connect through smb. The script check this
before allow/deny the user.
On 9/6/07, Adam Tauno Williams [EMAIL PROTECTED] wrote:
You are aware that once someone has logged in an
administrator has to reset that account. This is *NOT*
automatic if the user logs out from his first
workstation. That functionality is impossible to achieve for
us, Windows does not tell us when the user logs out.
Maybe I'm being naïve, or maybe it's just that I don't need this
functionality for anything, but I'd solve it by running regularly (every
hour, every ten minutes, whatever you determine appropriate) something
like this script:
#!/bin/bash
smbstatus -b | awk '{print nobody = $2}' /etc/samba/smb.usermap
No, this does not work.
Then set username map = /etc/samba/smb.usermap in smb.conf. This should
cause any user who have a share mapped not to be able to authenticate
because their password is tested with the user nobody - until they are
logged out AND the script is run again.
Untested, and in need of refining, loose the top lines from smbstatus -b
for instance, but a start?
The output of smbstatus is not terribly useful for this kind of purpose.
You may see users listed after they have disconnected and you have to
deal with that connections may drop and be recreated (deadtime, etc...)
- none of which is tightly coupled with a logon/logoff event. smbstatus
doesn't provide sufficient information to solve the
sign-on-to-single-workstation problem.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with VFS_FAKE_PERMS
On Thu, 2007-06-09 at 10:01 -0400, Ryan Novosielski wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Födisch wrote: Hi, I want to use the module VFS_FAKE_PERMS for roaming profiles. When I use the option writeable = yes (see config [1]) the user profiles are write back the server (but they shouldn't, right?). If I delete the writeable-option (see [2]) windows brings an error when logging off: Windows cannot update your roaming profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. (Event ID: 1504) Do you have posix acl's set oon your filesystem. something like: setfacl -R -m group:YOURDOMAIN+domain admins:rwx profiles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Glitches adding homedir profiles to a samba share with AD MMC?
Hi all, We have a mixed network environment with Samba servers providing file storage for windows, Linux and MAC 0SX users. Authentication is handled by Active Directory on Win2K SP. On our campus we allow computer lab teachers to add users via the Active Directory MMC. However we have a couple of issues which make this far from seamless: After users are added to AD, the lab admin will add a home directory path to the users profile using the MMC. The path will be something like \\sambaserver\students\2009\%username%(the %username% variable expands to the username of the profiles owner) We are presented with an error message letting us know that the user directory couldn't be created because Domain Admins don't have sufficient privleages to create the directory, although AD will update the path in the user profile. When we look at the Share in samba however we see that the directory _was_ created, but that it is owned by root rather than the user. We then must log on the SAMBA server and chown the directory to be owned by the proper user and group. I am hoping I can adjust permission in such a way that I won't have to go back in and clean up things after a new user has been added through AD. Thanks for any ideas! John The relevant portion of smb.conf looks like this: [ALLSTUDENTS] path = /home/ALLSTUDENTS # valid users = %S readonly = no writable = yes printable = no create mode = 0700 directory mode = 0700 admin users = @VANGUARD\domain admins @VANGUARD\mcmcomputer admins vfs objects = recycle recycle: config-files = /etc/samba/samba-recycle.conf The top level of the share /home/ALLSTUDENTS under linux all have 755 permissions drwxr-xr-x 184 root root 12288 2007-09-01 18:21 2008 drwxr-xr-x 187 root root 12288 2007-09-01 18:26 2009 drwxr-xr-x 196 root root 12288 2007-09-01 19:19 2010 drwxr-xr-x 206 root root 12288 2007-09-01 17:32 2011 drwxr-xr-x 152 root root 4096 2007-09-01 18:14 2012 drwxr-xr-x 130 root root 4096 2007-09-06 07:22 2013 drwxr-xr-x 139 root root 4096 2007-09-05 19:53 2014 drwxr-xr-x 121 root root 12288 2007-09-05 19:52 2015 drwxr-xr-x 2 root root 4096 2007-09-01 15:54 2016 drwxr-xr-x 2 root root 4096 2007-08-02 13:41 2017 drwxr-xr-x 2 root root 4096 2007-08-02 13:41 2018 drwxr-xr-x 2 root root 4096 2007-08-02 13:41 2019 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] UPDATE - NT_STATUS_ACCESS_DENIED making remote directory
Well, I've discovered something and I'm not sure how to make it stop doing it. When a user logs in they get an automatically assigned group of domain users which doesn't actually exist in any of the file permissions. I've tried setting group = %G and force group = %G but neither one is working. If anyone knows how to suppress this, I'd be greatly appreciative. Vital Stats - AMD 64-bit CPU, Ubuntu 7.0.4 (Feisty Fawn), Samba 3.0.24, Win2003 AD Domain If I've left anything out, please feel free to ask. This *was* working yesterday until my Kerberos ticket expired. (growl) Anyway, now that Kerberos appears to be working again, all of my users still only have read access - no write access. The temp test works fine. Exactly as expected - full access. Nothing should have changed in the last 24 hours on the AD side so I'm not sure why all of a sudden I'm getting read only access for my user shares. Samba the authentication seems to be working. I get sensible and complete results when I do a wbinfo -u and -g. When I try mapping the share and doing stuff from the actual Ubuntu server, I see that no user is allowed write access to their own home directory. I was hoping that one of you folk might have some insight. [global] workgroup = COX realm = ELCSB.NET server string = bakserve2 security = DOMAIN log level = 3 log file = /var/log/samba/%m max log size = 50 printcap name = cups disable spoolss = Yes show add printer wizard = No os level = 33 preferred master = No local master = No domain master = No wins server = 129.119.81.20 idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind cache time = 10 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes [homes] comment = Home Directories path = /home/%U user = %U valid users = COX\%S read only = No create mask = 0770 directory mask = 0770 writeable = Yes browseable = Yes [temp] comment = Temp Test path = /tmp writeable = Yes browseable = Yes read only = No Thanks, Ms. Jimi Thompson, CISSP Manager of Web Operations SMU Cox School of Business Contemplate the mangled bodies of your countrymen and then ask yourself, What should be the reward of such sacrifices... If ye love wealth better than freedom, the tranquility of servitude than the animating contest of freedom, go from us in peace. We ask not your counsels or arms. Crouch down and lick the hands that feed you. May your chains sit lightly upon you, and may posterity forget that ye were our countrymen. - Samuel Adams This from our founding fathers. I wonder what they'd think of the Patriot Act the Emergency Powers Act. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Core Dump Issue
I have a samba 3.023c server with winbind joined to a windows 2003 AD domain. The issue I'm having is from the windows computers, I can't connect to shares on the samba server using the administrator account. It works just fine with normal domain users. When I try to connect with the admin account, I the smbd process that forked to handle the request core dumps. The same thing happens when I try to user smbclient //localhost/share -U administrator. The administrator account is mapped to root in smbusers, I have it like this on multiple other servers with no issues. I'm thinking maybe something got cached wrong in some tdb file maybe? Anyone have any ideas of what might be wrong? Let me know if I need to provide any other logs. check_ntlm_password: PAM Account for user [TESTDOMAIN +administrator] succeeded [2007/09/06 11:59:34, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [Administrator] - [root] - [TESTDOMAIN+administrator] succeeded [2007/09/06 11:59:34, 5] auth/auth_util.c:free_user_info(1866) attempting to free (and zero) a user_info structure [2007/09/06 11:59:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015) fetch gid from cache 1 - S-1-5-21-2816653866-3993825973-103212075-513 [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(41) === [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 17245 (3.0.23c-2.el5.2.0.2) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(45)) [EMAIL PROTECTED]:~ $ cat file check_ntlm_password: PAM Account for user [TESTDOMAIN +administrator] succeeded [2007/09/06 11:59:34, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [Administrator] - [root] - [TESTDOMAIN+administrator] succeeded [2007/09/06 11:59:34, 5] auth/auth_util.c:free_user_info(1866) attempting to free (and zero) a user_info structure [2007/09/06 11:59:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache(1015) fetch gid from cache 1 - S-1-5-21-2816653866-3993825973-103212075-513 [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(41) === [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 17245 (3.0.23c-2.el5.2.0.2) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(45)) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Defaulting Groups and AD
Vital Stats - AMD 64-bit CPU, Ubuntu 7.0.4 (Feisty Fawn), Samba 3.0.24, Win2003 AD Domain I'm not sure how to make it stop doing it. When a user logs in they get an automatically assigned group of domain users which doesn't actually exist in any of the file permissions. I've tried setting group = %G and force group = %G but neither one is working. If anyone knows how to suppress this, I'd be greatly appreciative. As things stand, users can map the share but now everything is write only, despite specifically being stipulated at writeable. TIA, Ms. Jimi Thompson, CISSP Manager of Web Operations SMU Cox School of Business Contemplate the mangled bodies of your countrymen and then ask yourself, What should be the reward of such sacrifices... If ye love wealth better than freedom, the tranquility of servitude than the animating contest of freedom, go from us in peace. We ask not your counsels or arms. Crouch down and lick the hands that feed you. May your chains sit lightly upon you, and may posterity forget that ye were our countrymen. - Samuel Adams This from our founding fathers. I wonder what they'd think of the Patriot Act the Emergency Powers Act. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can't add machine to domain after samba update
Hi all. We have big problem with adding new machine to our domain. 2 weeks ago we upgrade our machine to Debian 4 (etch). Than we automatic update our samba to version 3.0.24 (from debian package). We use LDAP backend for samba. When we try add Windows XP or Windows 2000 to our domain, we got this error message on client: Security database is corrupted. On server we have in log file log.smbd this error messages: [2007/09/06 22:06:46, 1] passdb/pdb_ldap.c:ldapsam_enum_group_memberships(2582) Unable to find the member's gid! [2007/09/06 22:06:46, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/09/06 22:06:46, 0] auth/auth_sam.c:check_sam_security(352) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_INTERNAL_DB_CORRUPTION' [2007/09/06 22:06:46, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [ourdomain] was for this SAM. [2007/09/06 22:06:46, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [administrator] - [user] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION [2007/09/06 22:06:46, 3] smbd/error.c:error_packet(146) error packet at smbd/sesssetup.c(99) cmd=115 (SMBsesssetupX) NT_STATUS_INTERNAL_DB_CORRUPTION After samba update we had some problem with groups in LDAP and we need change last 3 digits in our samba groups SID. For ou=Computers we use group Domain Computers with gid 553. Thank you for any answer. Regards Janicko -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Defaulting Groups and AD
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jimi, Vital Stats - AMD 64-bit CPU, Ubuntu 7.0.4 (Feisty Fawn), Samba 3.0.24, Win2003 AD Domain I'm not sure how to make it stop doing it. When a user logs in they get an automatically assigned group of domain users which doesn't actually exist in any of the file permissions. I've tried setting group = %G and force group = %G but neither one is working. That says force the group membership to the user's primary group which is pointless. Not sure what you are trying to do. If you are runnign winbindd (assuming so), then just add domain users the acl permissions? Or some other domain group that you want. If anyone knows how to suppress this, I'd be greatly Suppress what? appreciative. As things stand, users can map the share but now everything is write only, despite specifically being stipulated at writeable. You always get the most restrictive permission set between smb.conf, share permissions, and file system permissions. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4GbtIR7qMdg1EfYRAgGyAJwKPXop49hm8wa/i0BM1G+5CcD6yQCgj5BL 5lhcPlqpkTY5N9jF1lWgwzw= =M2Ku -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-4.0.0alpha1 - AC authetication
Hi to all, I just installed samba-4.0.0alpha1 on RedHat ES 4 in hope it will solve my problem to authenticate users against Active Directory 2003. But the problem is smb.conf for this type of scenario. Does anyone have smb.conf only to authenticate users against Active Directory. q1. do I need still have kerberos server? q2. how to start samba as deamon (smb -D) or is there any document how to do it? Thank you in advance. Angelina -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't add machine to domain after samba update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Janicko Zeppelin wrote: Hi all. We have big problem with adding new machine to our domain. 2 weeks ago we upgrade our machine to Debian 4 (etch). Than we automatic update our samba to version 3.0.24 (from debian package). We use LDAP backend for samba. When we try add Windows XP or Windows 2000 to our domain, we got this error message on client: Security database is corrupted. On server we have in log file log.smbd this error messages: ... Unable to find the member's gid! check_ntlm_password: Authentication for user [administrator] - [user] FAILED with error NT_STATUS_INTERNAL_DB_CORRUPTION Are the entries with sambaSamAccount also posixAccount objects? or do you have the gidNumber for user attributes restricted somehow? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4GkIIR7qMdg1EfYRArPxAKDOKfyR/PtEYMa7578ETt1CC1t9oQCgmUN9 w+EiR5/xf6aV5EEqEkqMCCA= =XFtF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with slow printing
Hello, My name is Shane Drinkwater. I have had a problem since samba-3.0.25 with printing being very, very slow. It takes about 15- 30 seconds for the print dialog box to appear. After selecting OK the print happens in a reasonable time. File serving performance seems to be similar to previous revs of samba. I did read the Problems with slow printing (and name resolving?) thread. I do not have any printers that have been discontinued, plus new workstations are seeing the same slowness in printing. Has anyone else seen this or have a hint as to what is happening?? I am running on Red Hat Enterprise 5 with samba-3.0.25b/Cups 1.2.4 My smb.conf [global] netbios name = medusa netbios aliases = insuranceSrv wellnessSrv accountingSrv backupSrv lisSrv personnelSrv hercules security = domain large readwrite = yes encrypt passwords = yes workgroup = CSQ server string = central file server printing = cups printcap name = cups load printers = yes domain master = no local master = no map to guest = bad user name resolve order = wins bcast host preferred master = no log file = /var/log/samba/%m.log socket options = TCP_NODELAY SO_SNDBUF=16384 SO_RCVBUF=16384 wins server = 172.27.1.17 #===Winbindd Stuff == #===Winbindd Stuff == password server = * winbind uid = 1-2 winbind gid = 1-2 winbind separator = + template shell = /bin/bash template homedir = /home/%D/%U winbind cache time = 60 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes [printers] comment = All Printers path = /var/spool/samba public = yes guest ok = yes writable = yes printable = yes [print$] comment = Printer Driver Download Area path = /home/samba/printerdrivers guest ok = yes browseable = yes read only = yes write list = @CSQ+shane,@CSQ+Administrator,@CSQ+Programmers [NT-apps] path = /home/samba/ntapps create mode = 777 directory mode = 777 writable = yes public = yes [public] path = /home/samba/public writable = yes public = yes create mask = 0777 directory mask = 0777 [cedi] path = /home/samba/cedi/cedi dos filetime resolution = yes # oplocks = false # level2 oplocks = false valid users = @CSQ+Programmers,@CSQ+Domain Admins,@CSQ+Domain Users write list = @CSQ+Programmers,@CSQ+Domain Admins,@CSQ+Domain Users create mode = 777 directory mode = 777 [cediarc] path = /home/samba/cedi/cediarc # oplocks = false # level2 oplocks = false valid users = @CSQ+Programmers,@CSQ+Domain Admins,@CSQ+Domain Users write list = @CSQ+Programmers,@CSQ+Domain Admins,@CSQ+Domain Users create mode = 777 directory mode = 777 Thank you for your time Shane NOTICE: This email may contain legally privileged information. The information is for the use of only the intended recipient(s) even if addressed incorrectly. If you are not the intended recipient, please notify the sender that you have received it in error and then delete it along with any attachments. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem with Defaulting Groups and AD
Jerry, I'm really frustrated with SAMBA. All I want to do is have my users authenticate using the domain controller, keep them restricted to their own individual folder and disk quota, and have them back up their workstations. The weird group membership that SAMBA is defaulting is pretty much screwing the pooch for me. Trying to over ride the SAMBA default group membership to set it to what I know it needs to be in order for the Unix file permissions to work isn't pointless. It's hard to back up to a server that doesn't think you have write permissions. If you can tell me what I need to do to make it work, I'd be quite happy. Thanks, Ms. Jimi Thompson, CISSP Manager of Web Operations SMU Cox School of Business Contemplate the mangled bodies of your countrymen and then ask yourself, What should be the reward of such sacrifices... If ye love wealth better than freedom, the tranquility of servitude than the animating contest of freedom, go from us in peace. We ask not your counsels or arms. Crouch down and lick the hands that feed you. May your chains sit lightly upon you, and may posterity forget that ye were our countrymen. - Samuel Adams This from our founding fathers. I wonder what they'd think of the Patriot Act the Emergency Powers Act. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Thursday, September 06, 2007 3:46 PM To: Thompson, Jimi Cc: samba@lists.samba.org Subject: Re: [Samba] Problem with Defaulting Groups and AD -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jimi, Vital Stats - AMD 64-bit CPU, Ubuntu 7.0.4 (Feisty Fawn), Samba 3.0.24, Win2003 AD Domain I'm not sure how to make it stop doing it. When a user logs in they get an automatically assigned group of domain users which doesn't actually exist in any of the file permissions. I've tried setting group = %G and force group = %G but neither one is working. That says force the group membership to the user's primary group which is pointless. Not sure what you are trying to do. If you are runnign winbindd (assuming so), then just add domain users the acl permissions? Or some other domain group that you want. If anyone knows how to suppress this, I'd be greatly Suppress what? appreciative. As things stand, users can map the share but now everything is write only, despite specifically being stipulated at writeable. You always get the most restrictive permission set between smb.conf, share permissions, and file system permissions. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG4GbtIR7qMdg1EfYRAgGyAJwKPXop49hm8wa/i0BM1G+5CcD6yQCgj5BL 5lhcPlqpkTY5N9jF1lWgwzw= =M2Ku -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] DNS registration pushing up wrong IP?
Hi there I've just had a samba-3.0.25a server (can't see any reference to this been fixed in b or c) become non-available to users, and after some serious head-scratching realized there was nothing wrong with the server - the Active Directory DNS was pointing to the wrong IP! This CentOS4.5 box actually runs two instances of Samba (and one winbind) in ADS mode. One associated with eth0 and the other with eth0:2. It has been working fine for months, but somehow after a power outage something occurred that meant the hostname associated with eth0:2 suddenly had two A records - the IPs from eth0 *and* eth0:2. So we had the situation where the server was working for some users some of the time, and others not - depending on what IP they resolved to first. So anyway, it sounds like there is some condition under which Samba is (re-)registering the wrong IP address during a DNS update? It doesn't appear to happen very often: I have 28 servers world-wide with this same eth0, eth0:2 trick and this is the first time I've seen it. -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Why won't %username% variable work when adding users to samba share?
Hi all, We have a mixed network environment with Samba servers providing file storage for windows, Linux and MAC 0SX users. Authentication is handled by Active Directory on Win2K SP. On our campus we allow computer lab teachers to add users via the Active Directory MMC. However we have a couple of issues which make this far from seamless: After users are added to AD, the lab admin will add a home directory path to the users profile using the MMC. The path will be something like \\sambaserver\students\2009\%username%(the %username% variable expands to the username of the profiles owner) We are presented with an error message letting us know that the user directory couldn't be created because Domain Admins don't have sufficient privleages to create the directory, although AD will update the path in the user profile. When we look at the Share in samba however we see that the directory _was_ created, but that it is owned by root rather than the user. We then must log on the SAMBA server and chown the directory to be owned by the proper user and group. I am hoping I can adjust permission in such a way that I won't have to go back in and clean up things after a new user has been added through AD. Thanks for any ideas! John The relevant portion of smb.conf looks like this: [ALLSTUDENTS] path = /home/ALLSTUDENTS # valid users = %S readonly = no writable = yes printable = no create mode = 0700 directory mode = 0700 admin users = @VANGUARD\domain admins @VANGUARD\mcmcomputer admins vfs objects = recycle recycle: config-files = /etc/samba/samba-recycle.conf The top level of the share /home/ALLSTUDENTS under linux all have 755 permissions drwxr-xr-x 184 root root 12288 2007-09-01 18:21 2008 drwxr-xr-x 187 root root 12288 2007-09-01 18:26 2009 drwxr-xr-x 196 root root 12288 2007-09-01 19:19 2010 drwxr-xr-x 206 root root 12288 2007-09-01 17:32 2011 drwxr-xr-x 152 root root 4096 2007-09-01 18:14 2012 drwxr-xr-x 130 root root 4096 2007-09-06 07:22 2013 drwxr-xr-x 139 root root 4096 2007-09-05 19:53 2014 drwxr-xr-x 121 root root 12288 2007-09-05 19:52 2015 drwxr-xr-x 2 root root 4096 2007-09-01 15:54 2016 drwxr-xr-x 2 root root 4096 2007-08-02 13:41 2017 drwxr-xr-x 2 root root 4096 2007-08-02 13:41 2018 drwxr-xr-x 2 root root 4096 2007-08-02 13:41 2019 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with Defaulting Groups and AD
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thompson, Jimi wrote: Jerry, I'm really frustrated with SAMBA. All I want to do is have my users I'd like to point out here that you're really frustrated with the default group assigned by Windows Active Directory authenticate using the domain controller, keep them restricted to their own individual folder and disk quota, and have them back up their workstations. The weird group membership that SAMBA is defaulting is pretty much screwing the pooch for me. Trying to over ride the SAMBA default group domain users is not a weird group. It is the default group assigned by every Windows Active Directory everywhere. membership to set it to what I know it needs to be in order for the Unix file permissions to work isn't pointless. It's hard to back up to a Gerry didn't say your goal was pointless, he said your configuration parameter as stated was pointless. server that doesn't think you have write permissions. If you can tell me what I need to do to make it work, I'd be quite happy. Consult the documentation and add a mapping for domain users to an actual group that would have write permission. Try force group = an actual group the users belong to Thanks, Ms. Jimi Thompson, CISSP Manager of Web Operations SMU Cox School of Business CISSP - Certified Information Systems Security Professional I'll control myself. Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFG4JyoFqWysr/jOHMRAtdCAJ9BPPTDNUhvOcgcNQvBnr9fhXE51gCgy+3+ pudEDdx2pRf8zGuAyQuc1nY= =jlsu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-4.0.0alpha1 - AC authetication
On Fri, 2007-09-07 at 00:52 +0400, Angelina Paunovic wrote: Hi to all, I just installed samba-4.0.0alpha1 on RedHat ES 4 in hope it will solve my problem to authenticate users against Active Directory 2003. Much as I'm very glad to see folks trying out Samba4, I don't think it will help you with that. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Core Dump Issue
I removed the root = administrator line in the smbusers file and it is working fine now, no core dump. Any thoughts of why this would have happened? On Sep 6, 2007, at 1:05 PM, Cody Jarrett wrote: I have a samba 3.023c server with winbind joined to a windows 2003 AD domain. The issue I'm having is from the windows computers, I can't connect to shares on the samba server using the administrator account. It works just fine with normal domain users. When I try to connect with the admin account, I the smbd process that forked to handle the request core dumps. The same thing happens when I try to user smbclient //localhost/share -U administrator. The administrator account is mapped to root in smbusers, I have it like this on multiple other servers with no issues. I'm thinking maybe something got cached wrong in some tdb file maybe? Anyone have any ideas of what might be wrong? Let me know if I need to provide any other logs. check_ntlm_password: PAM Account for user [TESTDOMAIN +administrator] succeeded [2007/09/06 11:59:34, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [Administrator] - [root] - [TESTDOMAIN+administrator] succeeded [2007/09/06 11:59:34, 5] auth/auth_util.c:free_user_info(1866) attempting to free (and zero) a user_info structure [2007/09/06 11:59:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache (1015) fetch gid from cache 1 - S-1-5-21-2816653866-3993825973-103212075-513 [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(41) === [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 17245 (3.0.23c-2.el5.2.0.2) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(45)) [EMAIL PROTECTED]:~ $ cat file check_ntlm_password: PAM Account for user [TESTDOMAIN +administrator] succeeded [2007/09/06 11:59:34, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [Administrator] - [root] - [TESTDOMAIN+administrator] succeeded [2007/09/06 11:59:34, 5] auth/auth_util.c:free_user_info(1866) attempting to free (and zero) a user_info structure [2007/09/06 11:59:34, 3] passdb/lookup_sid.c:fetch_gid_from_cache (1015) fetch gid from cache 1 - S-1-5-21-2816653866-3993825973-103212075-513 [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(41) === [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 17245 (3.0.23c-2.el5.2.0.2) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/09/06 11:59:34, 0] lib/fault.c:fault_report(45)) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r24974 - in branches/SAMBA_3_2/source/script/tests: .
Author: metze Date: 2007-09-06 10:51:17 + (Thu, 06 Sep 2007) New Revision: 24974 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24974 Log: catch SIGINT and SIGQUIT like SIGTERM metze Modified: branches/SAMBA_3_2/source/script/tests/timelimit.c Changeset: Modified: branches/SAMBA_3_2/source/script/tests/timelimit.c === --- branches/SAMBA_3_2/source/script/tests/timelimit.c 2007-09-06 04:01:52 UTC (rev 24973) +++ branches/SAMBA_3_2/source/script/tests/timelimit.c 2007-09-06 10:51:17 UTC (rev 24974) @@ -80,6 +80,8 @@ } signal(SIGTERM, sig_term); + signal(SIGINT, sig_term); + signal(SIGQUIT, sig_term); signal(SIGUSR1, sig_usr1); signal(SIGALRM, sig_alrm_term); alarm(maxtime);
svn commit: samba r24975 - in branches/SAMBA_3_2_0/source/script/tests: .
Author: metze Date: 2007-09-06 10:52:21 + (Thu, 06 Sep 2007) New Revision: 24975 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24975 Log: catch SIGINT and SIGQUIT like SIGTERM metze Modified: branches/SAMBA_3_2_0/source/script/tests/timelimit.c Changeset: Modified: branches/SAMBA_3_2_0/source/script/tests/timelimit.c === --- branches/SAMBA_3_2_0/source/script/tests/timelimit.c2007-09-06 10:51:17 UTC (rev 24974) +++ branches/SAMBA_3_2_0/source/script/tests/timelimit.c2007-09-06 10:52:21 UTC (rev 24975) @@ -80,6 +80,8 @@ } signal(SIGTERM, sig_term); + signal(SIGINT, sig_term); + signal(SIGQUIT, sig_term); signal(SIGUSR1, sig_usr1); signal(SIGALRM, sig_alrm_term); alarm(maxtime);
svn commit: samba r24976 - in branches/SAMBA_3_2_0/source/nsswitch: .
Author: metze
Date: 2007-09-06 11:07:13 + (Thu, 06 Sep 2007)
New Revision: 24976
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24976
Log:
move domain_init_recv() near the functions that uses it
metze
Modified:
branches/SAMBA_3_2_0/source/nsswitch/winbindd_dual.c
Changeset:
Modified: branches/SAMBA_3_2_0/source/nsswitch/winbindd_dual.c
===
--- branches/SAMBA_3_2_0/source/nsswitch/winbindd_dual.c2007-09-06
10:52:21 UTC (rev 24975)
+++ branches/SAMBA_3_2_0/source/nsswitch/winbindd_dual.c2007-09-06
11:07:13 UTC (rev 24976)
@@ -357,6 +357,22 @@
init_child_connection(domain, domain_init_recv, state);
}
+static void domain_init_recv(void *private_data_data, BOOL success)
+{
+ struct domain_request_state *state =
+ talloc_get_type_abort(private_data_data, struct
domain_request_state);
+
+ if (!success) {
+ DEBUG(5, (Domain init returned an error\n));
+ state-continuation(state-private_data_data, False);
+ return;
+ }
+
+ async_request(state-mem_ctx, state-domain-child,
+ state-request, state-response,
+ state-continuation, state-private_data_data);
+}
+
static void recvfrom_child(void *private_data_data, BOOL success)
{
struct winbindd_cli_state *state =
@@ -392,22 +408,7 @@
recvfrom_child, state);
}
-static void domain_init_recv(void *private_data_data, BOOL success)
-{
- struct domain_request_state *state =
- talloc_get_type_abort(private_data_data, struct
domain_request_state);
- if (!success) {
- DEBUG(5, (Domain init returned an error\n));
- state-continuation(state-private_data_data, False);
- return;
- }
-
- async_request(state-mem_ctx, state-domain-child,
- state-request, state-response,
- state-continuation, state-private_data_data);
-}
-
struct winbindd_child_dispatch_table {
enum winbindd_cmd cmd;
enum winbindd_result (*fn)(struct winbindd_domain *domain,
svn commit: samba r24977 - in branches/SAMBA_3_2/source/nsswitch: .
Author: mimir
Date: 2007-09-06 11:07:58 + (Thu, 06 Sep 2007)
New Revision: 24977
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24977
Log:
Ensure negative caching for name2sid, sid2name and rids2names
mappings.
rafal
Modified:
branches/SAMBA_3_2/source/nsswitch/winbindd_cache.c
Changeset:
Modified: branches/SAMBA_3_2/source/nsswitch/winbindd_cache.c
===
--- branches/SAMBA_3_2/source/nsswitch/winbindd_cache.c 2007-09-06 11:07:13 UTC
(rev 24976)
+++ branches/SAMBA_3_2/source/nsswitch/winbindd_cache.c 2007-09-06 11:07:58 UTC
(rev 24977)
@@ -353,6 +353,19 @@
return True;
}
+
+/*
+ pull a NTSTATUS from a cache entry
+*/
+static NTSTATUS centry_ntstatus(struct cache_entry *centry)
+{
+ NTSTATUS status;
+
+ status = NT_STATUS(centry_uint32(centry));
+ return status;
+}
+
+
/* the server is considered down if it can't give us a sequence number */
static BOOL wcache_server_down(struct winbindd_domain *domain)
{
@@ -587,7 +600,7 @@
return NULL;
}
- centry-status = NT_STATUS(centry_uint32(centry));
+ centry-status = centry_ntstatus(centry);
centry-sequence_number = centry_uint32(centry);
return centry;
@@ -746,7 +759,18 @@
centry_put_string(centry, sid_to_string(sid_string, sid));
}
+
/*
+ put NTSTATUS into a centry
+*/
+static void centry_put_ntstatus(struct cache_entry *centry, NTSTATUS status)
+{
+ uint32 status_value = NT_STATUS_V(status);
+ centry_put_uint32(centry, status_value);
+}
+
+
+/*
push a NTTIME into a centry
*/
static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
@@ -784,7 +808,7 @@
centry-data = SMB_XMALLOC_ARRAY(uint8, centry-len);
centry-ofs = 0;
centry-sequence_number = domain-sequence_number;
- centry_put_uint32(centry, NT_STATUS_V(status));
+ centry_put_ntstatus(centry, status);
centry_put_uint32(centry, centry-sequence_number);
return centry;
}
@@ -842,18 +866,16 @@
struct cache_entry *centry;
fstring sid_string;
- if (is_null_sid(sid)) {
- return;
- }
-
centry = centry_start(domain, status);
if (!centry)
return;
+
if (NT_STATUS_IS_OK(status)) {
centry_put_uint32(centry, type);
centry_put_string(centry, domain_name);
centry_put_string(centry, name);
}
+
centry_end(centry, SN/%s, sid_to_string(sid_string, sid));
DEBUG(10,(wcache_save_sid_to_name: %s - %s (%s)\n, sid_string,
name, nt_errstr(status)));
@@ -1376,9 +1398,10 @@
centry = wcache_fetch(cache, domain, NS/%s/%s, domain_name, uname);
if (!centry)
goto do_query;
- *type = (enum lsa_SidType)centry_uint32(centry);
+
status = centry-status;
if (NT_STATUS_IS_OK(status)) {
+ *type = (enum lsa_SidType)centry_uint32(centry);
centry_sid(centry, mem_ctx, sid);
}
@@ -1411,17 +1434,18 @@
/* and save it */
refresh_sequence_number(domain, False);
- if (domain-online !is_null_sid(sid)) {
+ if (domain-online
+ (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status,
NT_STATUS_NONE_MAPPED))) {
wcache_save_name_to_sid(domain, status, domain_name, name, sid,
*type);
- }
- /* Only save the reverse mapping if this was not a UPN */
- if (NT_STATUS_IS_OK(status) !strchr(name, '@')) {
- strupper_m(CONST_DISCARD(char *,domain_name));
- strlower_m(CONST_DISCARD(char *,name));
- wcache_save_sid_to_name(domain, status, sid, domain_name, name,
*type);
+ /* Only save the reverse mapping if this was not a UPN */
+ if (!strchr(name, '@')) {
+ strupper_m(CONST_DISCARD(char *,domain_name));
+ strlower_m(CONST_DISCARD(char *,name));
+ wcache_save_sid_to_name(domain, status, sid,
domain_name, name, *type);
+ }
}
-
+
return status;
}
@@ -1445,12 +1469,13 @@
centry = wcache_fetch(cache, domain, SN/%s, sid_to_string(sid_string,
sid));
if (!centry)
goto do_query;
- if (NT_STATUS_IS_OK(centry-status)) {
+
+ status = centry-status;
+ if (NT_STATUS_IS_OK(status)) {
*type = (enum lsa_SidType)centry_uint32(centry);
*domain_name = centry_string(centry, mem_ctx);
*name = centry_string(centry, mem_ctx);
}
- status = centry-status;
DEBUG(10,(sid_to_name: [Cached] - cached name for domain %s status:
%s\n,
domain-name, nt_errstr(status) ));
@@ -1547,15 +1572,23 @@
char *dom;
have_mapped =
svn commit: samba r24978 - in branches/SAMBA_3_2/source/nsswitch: .
Author: metze
Date: 2007-09-06 11:08:44 + (Thu, 06 Sep 2007)
New Revision: 24978
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24978
Log:
move domain_init_recv() near the functions that uses it
metze
Modified:
branches/SAMBA_3_2/source/nsswitch/winbindd_dual.c
Changeset:
Modified: branches/SAMBA_3_2/source/nsswitch/winbindd_dual.c
===
--- branches/SAMBA_3_2/source/nsswitch/winbindd_dual.c 2007-09-06 11:07:58 UTC
(rev 24977)
+++ branches/SAMBA_3_2/source/nsswitch/winbindd_dual.c 2007-09-06 11:08:44 UTC
(rev 24978)
@@ -357,6 +357,22 @@
init_child_connection(domain, domain_init_recv, state);
}
+static void domain_init_recv(void *private_data_data, BOOL success)
+{
+ struct domain_request_state *state =
+ talloc_get_type_abort(private_data_data, struct
domain_request_state);
+
+ if (!success) {
+ DEBUG(5, (Domain init returned an error\n));
+ state-continuation(state-private_data_data, False);
+ return;
+ }
+
+ async_request(state-mem_ctx, state-domain-child,
+ state-request, state-response,
+ state-continuation, state-private_data_data);
+}
+
static void recvfrom_child(void *private_data_data, BOOL success)
{
struct winbindd_cli_state *state =
@@ -392,22 +408,7 @@
recvfrom_child, state);
}
-static void domain_init_recv(void *private_data_data, BOOL success)
-{
- struct domain_request_state *state =
- talloc_get_type_abort(private_data_data, struct
domain_request_state);
- if (!success) {
- DEBUG(5, (Domain init returned an error\n));
- state-continuation(state-private_data_data, False);
- return;
- }
-
- async_request(state-mem_ctx, state-domain-child,
- state-request, state-response,
- state-continuation, state-private_data_data);
-}
-
struct winbindd_child_dispatch_table {
enum winbindd_cmd cmd;
enum winbindd_result (*fn)(struct winbindd_domain *domain,
svn commit: samba r24979 - in branches/SAMBA_3_2_0/source/nsswitch: .
Author: mimir
Date: 2007-09-06 12:45:12 + (Thu, 06 Sep 2007)
New Revision: 24979
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24979
Log:
Ensure negative caching for name2sid, sid2name and rids2names
mappings.
rafal
Modified:
branches/SAMBA_3_2_0/source/nsswitch/winbindd_cache.c
Changeset:
Modified: branches/SAMBA_3_2_0/source/nsswitch/winbindd_cache.c
===
--- branches/SAMBA_3_2_0/source/nsswitch/winbindd_cache.c 2007-09-06
11:08:44 UTC (rev 24978)
+++ branches/SAMBA_3_2_0/source/nsswitch/winbindd_cache.c 2007-09-06
12:45:12 UTC (rev 24979)
@@ -353,6 +353,19 @@
return True;
}
+
+/*
+ pull a NTSTATUS from a cache entry
+*/
+static NTSTATUS centry_ntstatus(struct cache_entry *centry)
+{
+ NTSTATUS status;
+
+ status = NT_STATUS(centry_uint32(centry));
+ return status;
+}
+
+
/* the server is considered down if it can't give us a sequence number */
static BOOL wcache_server_down(struct winbindd_domain *domain)
{
@@ -587,7 +600,7 @@
return NULL;
}
- centry-status = NT_STATUS(centry_uint32(centry));
+ centry-status = centry_ntstatus(centry);
centry-sequence_number = centry_uint32(centry);
return centry;
@@ -746,7 +759,18 @@
centry_put_string(centry, sid_to_string(sid_string, sid));
}
+
/*
+ put NTSTATUS into a centry
+*/
+static void centry_put_ntstatus(struct cache_entry *centry, NTSTATUS status)
+{
+ uint32 status_value = NT_STATUS_V(status);
+ centry_put_uint32(centry, status_value);
+}
+
+
+/*
push a NTTIME into a centry
*/
static void centry_put_nttime(struct cache_entry *centry, NTTIME nt)
@@ -784,7 +808,7 @@
centry-data = SMB_XMALLOC_ARRAY(uint8, centry-len);
centry-ofs = 0;
centry-sequence_number = domain-sequence_number;
- centry_put_uint32(centry, NT_STATUS_V(status));
+ centry_put_ntstatus(centry, status);
centry_put_uint32(centry, centry-sequence_number);
return centry;
}
@@ -842,18 +866,16 @@
struct cache_entry *centry;
fstring sid_string;
- if (is_null_sid(sid)) {
- return;
- }
-
centry = centry_start(domain, status);
if (!centry)
return;
+
if (NT_STATUS_IS_OK(status)) {
centry_put_uint32(centry, type);
centry_put_string(centry, domain_name);
centry_put_string(centry, name);
}
+
centry_end(centry, SN/%s, sid_to_string(sid_string, sid));
DEBUG(10,(wcache_save_sid_to_name: %s - %s (%s)\n, sid_string,
name, nt_errstr(status)));
@@ -1376,9 +1398,10 @@
centry = wcache_fetch(cache, domain, NS/%s/%s, domain_name, uname);
if (!centry)
goto do_query;
- *type = (enum lsa_SidType)centry_uint32(centry);
+
status = centry-status;
if (NT_STATUS_IS_OK(status)) {
+ *type = (enum lsa_SidType)centry_uint32(centry);
centry_sid(centry, mem_ctx, sid);
}
@@ -1411,17 +1434,18 @@
/* and save it */
refresh_sequence_number(domain, False);
- if (domain-online !is_null_sid(sid)) {
+ if (domain-online
+ (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status,
NT_STATUS_NONE_MAPPED))) {
wcache_save_name_to_sid(domain, status, domain_name, name, sid,
*type);
- }
- /* Only save the reverse mapping if this was not a UPN */
- if (NT_STATUS_IS_OK(status) !strchr(name, '@')) {
- strupper_m(CONST_DISCARD(char *,domain_name));
- strlower_m(CONST_DISCARD(char *,name));
- wcache_save_sid_to_name(domain, status, sid, domain_name, name,
*type);
+ /* Only save the reverse mapping if this was not a UPN */
+ if (!strchr(name, '@')) {
+ strupper_m(CONST_DISCARD(char *,domain_name));
+ strlower_m(CONST_DISCARD(char *,name));
+ wcache_save_sid_to_name(domain, status, sid,
domain_name, name, *type);
+ }
}
-
+
return status;
}
@@ -1445,12 +1469,13 @@
centry = wcache_fetch(cache, domain, SN/%s, sid_to_string(sid_string,
sid));
if (!centry)
goto do_query;
- if (NT_STATUS_IS_OK(centry-status)) {
+
+ status = centry-status;
+ if (NT_STATUS_IS_OK(status)) {
*type = (enum lsa_SidType)centry_uint32(centry);
*domain_name = centry_string(centry, mem_ctx);
*name = centry_string(centry, mem_ctx);
}
- status = centry-status;
DEBUG(10,(sid_to_name: [Cached] - cached name for domain %s status:
%s\n,
domain-name, nt_errstr(status) ));
@@ -1547,15 +1572,23 @@
char *dom;
svn commit: samba r24980 - in branches/SAMBA_3_2_0/source/libsmb: .
Author: derrell Date: 2007-09-06 13:20:56 + (Thu, 06 Sep 2007) New Revision: 24980 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24980 Log: - Use the formal syntax for calling functions through pointers. I've wanted to make this change for ages, but now with the issue of open requiring it, this is the time to just do all of them. Derrell Modified: branches/SAMBA_3_2_0/source/libsmb/libsmb_compat.c branches/SAMBA_3_2_0/source/libsmb/libsmbclient.c Changeset: Sorry, the patch is too large (593 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24980
svn commit: samba r24981 - in branches/SAMBA_3_2/source/libsmb: .
Author: derrell Date: 2007-09-06 13:21:31 + (Thu, 06 Sep 2007) New Revision: 24981 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24981 Log: - Use the formal syntax for calling functions through pointers. I've wanted to make this change for ages, but now with the issue of open requiring it, this is the time to just do all of them. Derrell Modified: branches/SAMBA_3_2/source/libsmb/libsmb_compat.c branches/SAMBA_3_2/source/libsmb/libsmbclient.c Changeset: Sorry, the patch is too large (593 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24981
svn commit: samba r24982 - in branches/SAMBA_3_0_25/source/libsmb: .
Author: derrell Date: 2007-09-06 13:23:24 + (Thu, 06 Sep 2007) New Revision: 24982 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24982 Log: - Use the formal syntax for calling functions through pointers. I've wanted to make this change for ages, but now with the issue of open requiring it, this is the time to just do all of them. Derrell Modified: branches/SAMBA_3_0_25/source/libsmb/libsmb_compat.c branches/SAMBA_3_0_25/source/libsmb/libsmbclient.c Changeset: Sorry, the patch is too large (593 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24982
svn commit: samba r24983 - in branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR: .
Author: metze Date: 2007-09-06 13:48:01 + (Thu, 06 Sep 2007) New Revision: 24983 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24983 Log: setup the correct talloc name for structures used in the generated server stubs metze Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm Changeset: Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm === --- branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm 2007-09-06 13:23:24 UTC (rev 24982) +++ branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm 2007-09-06 13:48:01 UTC (rev 24983) @@ -111,7 +111,10 @@ return NT_STATUS_NET_WRITE_FAULT; } - *r = talloc_size(mem_ctx, ndr_table_$name.calls[opnum].struct_size); + *r = talloc_named(mem_ctx, + ndr_table_$name.calls[opnum].struct_size, + \struct %s\, + ndr_table_$name.calls[opnum].name); NT_STATUS_HAVE_NO_MEMORY(*r); /* unravel the NDR for the packet */
svn commit: samba r24983 - in branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR: .
Author: metze Date: 2007-09-06 13:48:01 + (Thu, 06 Sep 2007) New Revision: 24983 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24983 Log: setup the correct talloc name for structures used in the generated server stubs metze Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm Changeset: Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm === --- branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm 2007-09-06 13:23:24 UTC (rev 24982) +++ branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Server.pm 2007-09-06 13:48:01 UTC (rev 24983) @@ -111,7 +111,10 @@ return NT_STATUS_NET_WRITE_FAULT; } - *r = talloc_size(mem_ctx, ndr_table_$name.calls[opnum].struct_size); + *r = talloc_named(mem_ctx, + ndr_table_$name.calls[opnum].struct_size, + \struct %s\, + ndr_table_$name.calls[opnum].name); NT_STATUS_HAVE_NO_MEMORY(*r); /* unravel the NDR for the packet */
Build status as of Fri Sep 7 00:00:03 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-09-06 00:01:02.0 + +++ /home/build/master/cache/broken_results.txt 2007-09-07 00:01:59.0 + @@ -1,4 +1,4 @@ -Build status as of Thu Sep 6 00:00:03 2007 +Build status as of Fri Sep 7 00:00:03 2007 Build counts: Tree Total Broken Panic @@ -7,7 +7,7 @@ ccache 27 9 0 ctdb 0 0 0 distcc 2 0 0 -ldb 26 4 0 +ldb 25 4 0 libreplace 25 8 0 lorikeet-heimdal 22 11 0 pidl 14 4 0 @@ -20,5 +20,5 @@ samba_3_228 17 0 smb-build24 24 0 talloc 27 1 0 -tdb 25 3 0 +tdb 26 3 0
svn commit: samba r24985 - in branches/SAMBA_4_0: . swat
Author: abartlet Date: 2007-09-07 03:08:44 + (Fri, 07 Sep 2007) New Revision: 24985 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=24985 Log: Start to revert us back to the old-style SWAT, while trying not to loose some of the fixes in the meantime. Andrew Bartlett Added: branches/SAMBA_4_0/swat/ branches/SAMBA_4_0/swat/install/ branches/SAMBA_4_0/swat/scripting/ Removed: branches/SAMBA_4_0/swat/install/ branches/SAMBA_4_0/swat/scripting/ Modified: branches/SAMBA_4_0/swat/login.esp Changeset: Copied: branches/SAMBA_4_0/swat (from rev 24975, branches/SAMBA_4_0_RELEASE_TP3/swat) Copied: branches/SAMBA_4_0/swat/install (from rev 24973, branches/SAMBA_4_0/webapps/install) Modified: branches/SAMBA_4_0/swat/login.esp === --- branches/SAMBA_4_0_RELEASE_TP3/swat/login.esp 2007-09-06 10:52:21 UTC (rev 24975) +++ branches/SAMBA_4_0/swat/login.esp 2007-09-07 03:08:44 UTC (rev 24985) @@ -39,6 +39,7 @@ session.authinfo.domain = auth.domain; session.authinfo.credentials = creds; session.authinfo.session_info = auth.session_info; + session.authinfo.user_class = auth.user_class; /* if the user was asking for the login page, then now redirect them to the main page. Otherwise just Copied: branches/SAMBA_4_0/swat/scripting (from rev 24973, branches/SAMBA_4_0/webapps/scripting)
