R: [Samba] unauthorized acess attempt
I'M SORRY The log file is MESSAGES /var/log/messages AND NOT /var/log/maillog... As I reported in my last email ! Actually there is no error message in /var/log/maillog -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] Per conto di Gianluca Culot Inviato: mercoledì 19 dicembre 2007 10.16 A: [EMAIL PROTECTED]; '[EMAIL PROTECTED] Samba. Org' Oggetto: R: [Samba] unauthorized acess attempt The dovecot logs to syslog to the /var/log/maillog # Syslog facility to use if you're logging to syslog. Usually if you don't # want to use mail, you'll use local0..local7. Also other standard # facilities are supported. syslog_facility = mail And in SYSLOG.CONF mail.* /var/log/maillog The message I reported in taken from /var/log/maillog So... Actualy I do not receive any Error message from dovecot... Looks like dovecot rely on the error message of winbind and doesn't log any more message... Possible? Strange ? -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] Per conto di [EMAIL PROTECTED] Inviato: sabato 15 dicembre 2007 15.16 A: '[EMAIL PROTECTED] Samba. Org' Oggetto: Re: [Samba] unauthorized acess attempt Gianluca Culot wrote: Hello list I'm facing a little security problem I get A LOT (3 a minute) a such a message mail dovecot-auth: pam_winbind(dovecot): request failed: No such user, PAM error was unknown user (13), NT error was NT_STATUS_NO_SUCH_USER I'd like to know which is the user name used in such attempts How can I get such info without raising log level to an inacceptable level (which would cause my log file to explode !?! ) Have you looked at your dovecot logs to see who's trying to login at that time? Don Piven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] unauthorized acess attempt
Hello Jeremy Sorry for my late answer. Your message went unseen and I got really busy with some urgent projects. About my box (freebsd6 + samba + dovecot + postfix) samba-3.0.26a_2,1 dovecot-1.0.7 postfix-2.3.13,1 I'm building from ports, and as it is a production machine I'd like to let it be managed by ports, as I usually run portupgrade to update the packages. Anyway Are you sure it is a bug ? This message is not generated at regular times, and not always near user activity. I get A LOT of such a message even at full night, with no user activity at all. I suspect it is not a bug but a foreign user trying to gain access to my mail server trying random passwords for a user. BUT I CANNOT READ the account being tampered... Maybe I could adjust the log level... But please consider this box manages something like 5000 emails/day... I cannot rise the log level too much ! And I cannot put it in a idle state any way ! Thanks -Messaggio originale- Da: Jeremy Allison [mailto:[EMAIL PROTECTED] Inviato: venerdì 14 dicembre 2007 19.08 A: Gianluca Culot Cc: '[EMAIL PROTECTED] Samba. Org' Oggetto: Re: [Samba] unauthorized acess attempt On Fri, Dec 14, 2007 at 04:26:13PM +0100, Gianluca Culot wrote: Hello list I'm facing a little security problem I get A LOT (3 a minute) a such a message mail dovecot-auth: pam_winbind(dovecot): request failed: No such user, PAM error was unknown user (13), NT error was NT_STATUS_NO_SUCH_USER I'd like to know which is the user name used in such attempts How can I get such info without raising log level to an inacceptable level (which would cause my log file to explode !?! ) This needs a patch I think. I'll look into this. Can you log a bug at bugzilla.samba.org please ? If you can build from source, I can send you something you can use quicker than waiting for an official release :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] unauthorized acess attempt
The dovecot logs to syslog to the /var/log/maillog # Syslog facility to use if you're logging to syslog. Usually if you don't # want to use mail, you'll use local0..local7. Also other standard # facilities are supported. syslog_facility = mail And in SYSLOG.CONF mail.* /var/log/maillog The message I reported in taken from /var/log/maillog So... Actualy I do not receive any Error message from dovecot... Looks like dovecot rely on the error message of winbind and doesn't log any more message... Possible? Strange ? -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] Per conto di [EMAIL PROTECTED] Inviato: sabato 15 dicembre 2007 15.16 A: '[EMAIL PROTECTED] Samba. Org' Oggetto: Re: [Samba] unauthorized acess attempt Gianluca Culot wrote: Hello list I'm facing a little security problem I get A LOT (3 a minute) a such a message mail dovecot-auth: pam_winbind(dovecot): request failed: No such user, PAM error was unknown user (13), NT error was NT_STATUS_NO_SUCH_USER I'd like to know which is the user name used in such attempts How can I get such info without raising log level to an inacceptable level (which would cause my log file to explode !?! ) Have you looked at your dovecot logs to see who's trying to login at that time? Don Piven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Enabling Profiles
use pdbedit -Lv user to determine if there is a profile path, if there ist no path specified, profile for this user is disabled, maybe I'm wrong, but I think so. It doesn't depend on the password backend, definitly. regards Am Dienstag, 18. Dezember 2007 16:21:40 schrieb Net Warrior: HI there guys. Sorry for disturbing you with a very basic question, log time ago, searching in the archives I found that profiles can be enabled or disabled for everyone, and that cannot be enabled for a gorup of users or a specific user. I read the how-tos, they explain very well how to manage them, but could not find that doubt, nor even I could not find that thread in the arvhives. Can some tell me if that behavior still applies? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ACL and Samba
On Tue, Dec 18, 2007 at 10:15:42PM -0200, Felipe Tocchetto wrote: I am facing a strange problem that I could not solve, so, maybe you can help me. Look at this situation: I created a new directory with those ACLs (through Samba using Windows XP) [EMAIL PROTECTED] /home/smb/adm]# getfacl teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- My ACLs are right, ok, now I will copy a XLS file to that folder: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::rw- group:suporte:rwx group:administ:rwx mask::rwx other::--- OK, the samba server inhert the permissions and the ACLs, everything is fine until now. But when I edit this file with MS Excel, and save it, look what happen to the ACLs: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::--- group:suporte:rwx mask::rwx other::--- The ACL entry group:administ:rwx just have gone after I save the file. It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through Ports. Anybody knows what is wrong? I'm not sure if it is the cause, but what are your default ACLs for the directory in question? When you copy in a file from Windows, I think that it will preserve its permissions, but if you edit and save, you are actually creating a new file, which will be created based on the defaults for that location/user. Check the output of 'gefacl -d teste'. -- greg byshenk - [EMAIL PROTECTED] - Leiden, NL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ACL and Samba
Hey Greg, thanks your reply: I put the defaults acls in my previous email, take a look: [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- The default acls have the entries: group:suporte:rwx group:administ:rwx But after I edit the file, one of these disapear. I read something about a samba bug: https://bugzilla.samba.org/show_bug.cgi?id=2346 But it has been fixed a long time ago. Any tips? On Dec 19, 2007 8:50 AM, Greg Byshenk [EMAIL PROTECTED] wrote: On Tue, Dec 18, 2007 at 10:15:42PM -0200, Felipe Tocchetto wrote: I am facing a strange problem that I could not solve, so, maybe you can help me. Look at this situation: I created a new directory with those ACLs (through Samba using Windows XP) [EMAIL PROTECTED] /home/smb/adm]# getfacl teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- My ACLs are right, ok, now I will copy a XLS file to that folder: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::rw- group:suporte:rwx group:administ:rwx mask::rwx other::--- OK, the samba server inhert the permissions and the ACLs, everything is fine until now. But when I edit this file with MS Excel, and save it, look what happen to the ACLs: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::--- group:suporte:rwx mask::rwx other::--- The ACL entry group:administ:rwx just have gone after I save the file. It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through Ports. Anybody knows what is wrong? I'm not sure if it is the cause, but what are your default ACLs for the directory in question? When you copy in a file from Windows, I think that it will preserve its permissions, but if you edit and save, you are actually creating a new file, which will be created based on the defaults for that location/user. Check the output of 'gefacl -d teste'. -- greg byshenk - [EMAIL PROTECTED] - Leiden, NL -- Felipe Tocchetto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] speed and connection problems after samba upgrade - RH 5 - RH 5.1, samba 3.0.23c - 3.0.25b
Hi, recently we upgraded a central RHEL 5 fileserver to the latest RH EL 5.1 rpms, including samba. (samba-3.0.23c-2.el5.2 update to samba-3.0.25b-1.el5_1.4) Now some users have the problem, that opening a word or excel file saved on a samba share takes up to 30 seconds. Today I could verify this on the users desktop XP PC. This problem occures only from time to time, so it may be also a problem on the client side or the networkswitch, so I did a test download from an ftp server (ftp-stud.fht-esslingen.de) and I can download files with up to 6MBytes(!) - that's o.k. Copying files from the server (e.g. an 600MB iso) takes about 60 seconds - that's also o.k. But opening smal files on the server takes sometimes that long ... My question is: Could it be, that the update includes some changes in timeouts or locking funtions? Which options may I check? Or are there some cachefiles to be checked? The logfile has no obvious hints for me right now... Thanks for any hints and tips! Best regards Götz -- Götz Reinicke IT Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail [EMAIL PROTECTED] Filmakademie Baden-Württemberg GmbH Mathildenstr. 20 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzender des Aufsichtsrats: Dr. Christoph Palmer, MdL, Minister a.D. Geschäftsführer: Prof. Thomas Schadt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] File name symbols
Hi! So, anybody? :( Is it possible to make samba creating files with byte-to-byte, not translated, names? /aTan I have following situation: 3.0.27a works perfectly, speedy NAS server in AD domain But we decided to make backup of a whole users file junk to this speedy NAS. Near all files have names in russian. What I see: unix charset = UTF8 makes characters in file names as :d0:c1 for one (ok, understandable), but unix charset = koi8r makes only one-byte :ee. Filesystem accepts bytes, not chars from some charset in filenames. The problem in long file names - 3 chars instead of one! Many files in our archive have longer than 100-byte names. Why convert bytes, if they are accepted by filesystem? Can it be controlled from smb.conf ? /aTan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] IDMAP RID problems and documentation
Hello List, After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of the new syntax for IDMAP. But I failed, Also there is a lack on documentation how to us it. (Yes there is a man, but it contains limited explanation and examples). What do I want? What (I think a lot of people wants) I have two samba domain members and a Windows 2003 DC without R2 / SFU shema extension. So I want make use of the RID facility. Same GID/ UID mappings on all samba servers in the domain, with support of BUILTIN groups, and without installing schema extensions on the DC. I assume that RID was designed for this scenario Can anyone assist me and everyone on list struggling with the same problems, how to proper configure SAMBA for this scenario? Old syntax works, but lack support for BUILT-IN groups, and gives following complaints in syslog Module '/usr/lib/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION and: lib/util_str.c:safe_strcpy_fn(659) Dec 19 13:12:47 s-0009 winbindd[5454]: ERROR: string overflow by 1 (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255) in safe_strcpy [Added timed event async_request_timeout: 8843878 The new syntax I tried: idmap domains= DOMAIN-NL idmap config DOMAIN:default = yes idmap configDOMAIN:backend = rid idmap config DOMAIN:base_rid = 1000 idmap config DOMAIN:range= 1000-100 # For BUILTIN GROUPS idmap alloc backend = tdb idmap alloc config:range= 800-999 After restarting samba/ winbind, it fails after 2-3 minutus wbinfo -u and wbinfo -g works ok getent group works also ok, but getent passwd does not shown domain users anymore. Leave ADS cleaning up all tdb's and rejoining ADS did not provide the solution. I also tried several other options but all failed the same way. idmap domains= BUILTIN, DOMAIN idmap config DOMAIN:default = yes idmap configDOMAIN:backend = rid idmap config DOMAIN:base_rid = 1000 idmap config DOMAIN:range= 1000-100 idmap config BUILTIN:backend= tdb idmap config BUILTIN:base_rid = 800 idmap config BUILTIN:range = 800-999 OS: CentOS 4.6 Samba version: CentOS/ RH 3.0.25b (with backported fixes from 3.0.28) and samba 3.0.28 No nscd running Snipped of /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind Full smb.conf Global parameters [global] workgroup = DOMAIN-NL security = ADS netbiosname = s-0009-a realm = CORP.DOMAIN.NL server string = SAMBA DOOS Loglevel = 10 interfaces = eth2 lo bind interfaces only = yes preferred master = no domain master = no allow trusted domains = no winbind separator = / # Officially supported old syntax idmap backend = rid idmap uid = 1000-100 idmap gid = 1000-100 # New syntax equivilent to pre3.0.25 tdb # idmap domains = DOMAIN-NL # idmap config DOMAIN-NL:default = yes # idmap config DOMAIN-NL:backend = tdb # idmap configDOMAIN-NL:range = 1000 - 100 # idmap alloc backend = tdb # idmap alloc config:range = 1000 - 100 # New syntax rid # idmap domains = DOMAIN-NL # idmap config DOMAIN-NL:default = yes # idmap config DOMAIN-NL:backend= rid # idmap config DOMAIN-NL:base_rid= 1000 # idmap config DOMAIN-NL:range = 1000-100 # idmap config BUILTIN:backend= tdb # idmap config BUILTIN:base_rid = 800 # idmap config BUILTIN:range = 800-999 # idmap alloc backend = tdb # idmap alloc config:range= 800-999 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes winbind nested groups = yes template homedir = /home/domain-nl/%U template shell = /bin/bash wins server = 192.168.0.51 load printers = no printing = cups printcap name = cups show add printer wizard = yes use client driver = yes [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes printer admin = @Domain Admins # Printer shares [print$] comment = Printer Driver Download Area path = /var/lib/samba/drivers browseable = yes guest ok = yes read only = no write list = @ntadmin, @Domain Admins, root admin users = @Domain Admins, @ntadmin, root,
[Samba] Invalid request size nsswitch/winbindd
Hello list I've seen there is a discussion about this error Dec 19 10:30:00 antares winbindd[90393]: [2007/12/19 10:30:00, 0] nsswitch/winbindd.c:request_len_recv(544) Dec 19 10:30:00 antares winbindd[90393]: request_len_recv: Invalid request size received: 2084 (expected 2088) but the suggested remedy of sttoping and starting samba granting all winbindd processes died doesn't work for me I'm running e freebsd 6 box with samba-3.0.28,1 I ALWAYS portupgraded, never built custom packages or from sources. a completely similar box (portupgraded in the same way and running the SAME samba version) doesn't report this error both samba are attached and referring to the same domain. actually this error doesn't seem to bring any problem to the user and server operations... but it is reported VERY frequently ! any suggestion ? -- Gianluca Culot DMS Multimedia Via delle Arti e dei Mestieri, 6 20050 Sulbiate (Mi) - Italy Tel: +39 039 5968925 Fax: +39 039 3309813 mailto:[EMAIL PROTECTED] www.dmsware.com http://www.dmsware.com/ Ai sensi del D.Lgs. 196/2003 si precisa che le informazioni contenute in questo messaggio sono riservate ed a uso esclusivo del destinatario. Qualora il messaggio Le fosse pervenuto per errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a terzi, dandocene gentilmente comunicazione. Il mittente comunica che il presente messaggio ed ogni suo allegato, al momento dellinvio, era esente da ogni tipo di virus, worm, trojan e/o ogni altri tipo di codice software dannoso. Questo messaggio e i suoi allegati potrebbero essere stati infettati durante la trasmissione. Leggendo il messaggio e/o aprendo gli allegati, il Destinatario si prende la piena responsabilità nei confronti di ogni azione protettiva o di rimedio per la rimozione di virus ed altri difetti. DMS Multimedia non potrà essere considerata responsabile per qualsivoglia danno o perdita derivata qualunque modo da questo messaggio o dai suoi allegati. The information in this electronic mail message, including any attachments, is confidential and may be legally privileged. It is intended solely for the addressee(s). Access to this Internet electronic mail message by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The sender believes that this E-mail and any attachments were free of any virus, worm, Trojan horse, and/or malicious code when sent. This message and its attachments could have been infected during transmission. By reading the message and opening the attachments, the recipient accepts full responsibility for taking protective and remedial action about viruses and other defects.DMS Multimedia is not liable for any loss or damage arising in any way from this message or its attachments -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ACL and Samba
On Wed, Dec 19, 2007 at 08:57:41AM -0200, Felipe Tocchetto wrote: I put the defaults acls in my previous email, take a look: [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- The default acls have the entries: group:suporte:rwx group:administ:rwx Sorry, my mistake (they were there, but I misread). But after I edit the file, one of these disapear. I read something about a samba bug: https://bugzilla.samba.org/show_bug.cgi?id=2346 But it has been fixed a long time ago. Any tips? Not certain. Are there any masks set in your smb.conf? If you create a new file within Excel, what are the permissions on it? I've just tested this myself, and cannot recreate the problem. I can copy in an Excel file, edit it (WinXP SP2), and save it, and I get the correct ACLs on the server. Server is very slightly different than yours, but not much: FreeBSD 6.3-PRERELEASE (Nov 12 2007) samba-3.0.26a_1,1 Also, you could try turning up the log level and then looking for errors. -greg On Dec 19, 2007 8:50 AM, Greg Byshenk [EMAIL PROTECTED] wrote: On Tue, Dec 18, 2007 at 10:15:42PM -0200, Felipe Tocchetto wrote: I am facing a strange problem that I could not solve, so, maybe you can help me. Look at this situation: I created a new directory with those ACLs (through Samba using Windows XP) [EMAIL PROTECTED] /home/smb/adm]# getfacl teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- My ACLs are right, ok, now I will copy a XLS file to that folder: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::rw- group:suporte:rwx group:administ:rwx mask::rwx other::--- OK, the samba server inhert the permissions and the ACLs, everything is fine until now. But when I edit this file with MS Excel, and save it, look what happen to the ACLs: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::--- group:suporte:rwx mask::rwx other::--- The ACL entry group:administ:rwx just have gone after I save the file. It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through Ports. Anybody knows what is wrong? I'm not sure if it is the cause, but what are your default ACLs for the directory in question? When you copy in a file from Windows, I think that it will preserve its permissions, but if you edit and save, you are actually creating a new file, which will be created based on the defaults for that location/user. Check the output of 'gefacl -d teste'. -- greg byshenk - [EMAIL PROTECTED] - Leiden, NL -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Invalid request size nsswitch/winbindd
On Wed, Dec 19, 2007 at 02:24:37PM +0100, Gianluca Culot wrote: Hello list I've seen there is a discussion about this error Dec 19 10:30:00 antares winbindd[90393]: [2007/12/19 10:30:00, 0] nsswitch/winbindd.c:request_len_recv(544) Dec 19 10:30:00 antares winbindd[90393]: request_len_recv: Invalid request size received: 2084 (expected 2088) but the suggested remedy of sttoping and starting samba granting all winbindd processes died doesn't work for me I'm running e freebsd 6 box with samba-3.0.28,1 I ALWAYS portupgraded, never built custom packages or from sources. a completely similar box (portupgraded in the same way and running the SAME samba version) doesn't report this error both samba are attached and referring to the same domain. actually this error doesn't seem to bring any problem to the user and server operations... but it is reported VERY frequently ! any suggestion ? Reboot your box. It's not only smbd, all processes in the system potentially can trigger this error. Volker pgpSWz67diuJD.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Invalid request size nsswitch/winbindd
On Wed, 2007-12-19 at 14:24 +0100, Gianluca Culot wrote: actually this error doesn't seem to bring any problem to the user and server operations... but it is reported VERY frequently ! any suggestion ? Every service that query user information using nss_winbindd may need to be restarted when you upgrade winbindd. You can either restart every service one by one or reboot the box. Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] IDMAP RID problems and documentation
John wrote: Hello List, After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of the new syntax for IDMAP. But I failed, Also there is a lack on documentation how to us it. (Yes there is a man, but it contains limited explanation and examples). What do I want? What (I think a lot of people wants) I have two samba domain members and a Windows 2003 DC without R2 / SFU shema extension. So I want make use of the RID facility. Same GID/ UID mappings on all samba servers in the domain, with support of BUILTIN groups, and without installing schema extensions on the DC. I assume that RID was designed for this scenario Can anyone assist me and everyone on list struggling with the same problems, how to proper configure SAMBA for this scenario? Old syntax works, but lack support for BUILT-IN groups, and gives following complaints in syslog Module '/usr/lib/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION and: lib/util_str.c:safe_strcpy_fn(659) Dec 19 13:12:47 s-0009 winbindd[5454]: ERROR: string overflow by 1 (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255) in safe_strcpy [Added timed event async_request_timeout: 8843878 I have just fixed one of our Samba servers this morning after an the upgrade from CentOS 5 - 5.1 broke winbind resolution. The below winbind config worked for me. [global] workgroup = COMM server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 dns proxy = No cups options = raw password server = amachine.us.domain.co.uk realm = US.DOMAIN.CO.UK security = ads # OLD IDMAP settings # idmap uid = 16777216-33554431 # idmap gid = 16777216-33554431 # idmap backend = rid:US=16777216-33554431 # NEW IDMAP settings idmap domains = US idmap config US: default = yes idmap config US: backend = rid idmap config US: range = 16777216-33554431 idmap alloc config: range = 16777216-33554431 template shell = /sbin/nologin winbind use default domain = yes allow trusted domains = no host msdfs = no winbind enum users = no winbind enum groups = no wins server = 192.168.1.10 Hope this helps Dean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
I have a centos box using kernel 2.6.9-42.0.2.ELsmp that had a samba server running very nicely until 2 days ago. Out of the blue, users can't access any shares. We have 5 users and 6 shares, one of which is an MS access database that gets the most use. I thought the smbpasswd database may be corrupt so I replaced it with a backup, but no go. I deleted the smbpasswd database, readded users, that didn't work either. Checking the samba logs, I found this series of errors when trying to get to any samba share: [2007/12/19 08:28:18, 1] smbd/session.c:session_claim(143) pam_session rejected the session for tom [smb/19550/113] [2007/12/19 08:28:18, 1] smbd/password.c:register_vuid(310) Failed to claim session for vuid=113 [2007/12/19 08:29:08, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2007/12/19 08:29:08, 1] smbd/session.c:session_claim(143) pam_session rejected the session for tom [smb/21374/104] [2007/12/19 08:29:08, 1] smbd/password.c:register_vuid(310) Failed to claim session for vuid=104 I can 'smbclient -L' to the workstations, and all other services (httpd, sendmail, squid) are running as usual. From my limited experience, it seems authentication is whacked, but I can't flesh it out. ANy help is appreciated. -- Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] IDMAP RID problems and documentation
On Wed, 2007-12-19 at 13:58 +, Plant, Dean wrote: # NEW IDMAP settings idmap domains = US idmap config US: default = yes idmap config US: backend = rid idmap config US: range = 16777216-33554431 idmap alloc config: range = 16777216-33554431 ^^^ You don't need an alloc config range when using the RID backend, but if you want to use (eg for trusted domains) then you *ABSOLUTELY DON'T* want it to *conflict* with the same range used for the RID backend. Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] kernel log (smbfs): smb_proc_readdir_long: error=-2, breaking
On 12/18/2007, Simon Jolle ([EMAIL PROTECTED]) wrote: filesystem type: smbfs Not sure if this will fix your problem, but fyi... http://samba.org/samba/smbfs/ -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA under window?
.. Original Message ... On Wed, 19 Dec 2007 14:17:25 +1100 Curtis Maloney [EMAIL PROTECTED] wrote: hce wrote: Yes, you are right, there are many solutions if you are a computer skilled people or at least can play anothing on the computers. I am a linux user myself, I can do whatever you want to play from my linux box, I don't even need windows. But what about those who can only run window file system, and only simply copy or delete files from the window file systm, who has no idea to intall and run window ssh, scp or ftp? (please don't ask me again why I should support them.) So, instead of developing a point-and-drool remote configuration tool, or a simple web configuration interface, you'd rather go the complex path of mounting remote file systems? WHY WHY WHY are you so fixed on mounting file systems, instead of investigating other options to allow untrained users to change the configuration? Hell, asking your average Windows user to edit or produce a plain text file can be difficult enough. I give up... you seem hell bent on mounting remote file systems, so I'll leave you to figure it out. What it seems this gentleman wants to do is to use a piece of client software, not Samba -- I will state unequivocally that Samba is to give Linux machines the ability to talk Windows, not for any other purpose that would cause one to want to install it on Windows (for example, it does NOT allow Wndows to talk Linux). I think something like DriveX or or WebDAV or something like that is really what he wants. Something that will mount an SFTP area as a filesystem on Windows. This is not Samba, so beyond offering anecdotal advice, this is the wrong mailing list. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] write list and valid users
We finally got our server to migrate to the new domain. Now when we access a share anyone can write to it. I removed the write list and valid users list and restarted samba... anyone can still access and write to it. Can some one school me on samba permissions? here is the share info drwxrwsrwx 10 user group4096 Dec 19 08:16 dev [dev] path = /apps/dev create mask = 666 directory mask = 2777 valid user = removed for security (a bunch of domain groups) write list = removed for security (a bunch of domain groups) writeable = yes -- Jason Greene -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] force create mode not enforced from linux client
My Samba v3.0.25b (in CentOS v5.1) has the smb.conf shown below. What I'm seeing is that force create mode is not enforced when accessed by a Linux CIFS client (Fedora 7). On the server, user steve has a home directory of /home/steve, and the public directory is /home/samba/public. The shares are mounted from the client fstab like this: //nemesis/steve /mnt/cifs/myhome cifs credentials=/etc/fstab.cifs0 0 //nemesis/public /mnt/cifs/public cifs credentials=/etc/fstab.cifs0 0 This is the view of a file on this client: $ ll testfile -rw-r--r-- 1 steve users 21 2007-12-19 09:11 testfile When this file is copied to either share its permissions should be changed by the force create mode parameter in each share definition. Now the test file is copied to each share. I use the '-p' switch, which preserves the timestamp and permissions. The Samba server should override these permissions as specified in each share, right? $ cp -p testfile /mnt/cifs/myhome/ cp: setting permissions for `/mnt/cifs/myhome/testfile': Permission denied $ cp -p testfile /mnt/cifs/public/ cp: cannot create regular file `/mnt/cifs/public/testfile': Permission denied The copy correctly complains about the permissions, since they are enforced on the server. But look which permissions are enforced: $ ll /mnt/cifs/myhome/testfile /mnt/cifs/public/testfile -rwx-- 1 steve users 21 2007-12-19 09:11 /mnt/cifs/myhome/testfile -rw--w--w- 1 steve users 21 2007-12-19 09:11 /mnt/cifs/public/testfile Here we see that the user share has the permissions correctly enforced while the public share does not (should be 666). After deleting the copies on the server, I'll copy the files again, but without the '-p' switch. $ cp testfile /mnt/cifs/myhome/ $ cp testfile /mnt/cifs/public/ $ ll /mnt/cifs/myhome/testfile /mnt/cifs/public/testfile -rwxr--r-- 1 steve users 21 2007-12-19 09:32 /mnt/cifs/myhome/testfile -rw-rw-rw- 1 steve users 21 2007-12-19 09:32 /mnt/cifs/public/testfile Now we see that the file on the user share has incorrect permissions (should be 777) but the permissions on the public share are correctly enforced. Can someone please tell what it takes to actually enforce the permissions specified by the force create mode parameter? Thanks. [global] workgroup = TESTWG server string = Test Samba 3.0.2x interfaces = lo eth0 bind interfaces only = True hosts deny = all hosts allow = 127.0.0.1 192.168.0. dns proxy = yes netbios name = nemesis name resolve order = hosts wins bcast wins support = yes max log size = 1024 log file = /var/log/samba/%m.log security = user passdb backend = tdbsam null passwords = yes guest account = smbguest encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd os level = 65 local master = yes domain master = yes preferred master = yes time server = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [homes] comment = Home Directory path = %H valid users = %S create mask = 0700 directory mask = 0700 volume = %U writeable = Yes browseable = No hide dot files = Yes [public] comment = All Users path = /home/samba/public create mask = 0666 force create mode = 0666 directory mask = 0777 force directory mode = 0777 guest ok = Yes writeable = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems adding a NTSp6a machine to a SAMBA PDC Domain + LDAP: sambaPrimaryGroupSID
Hello everybody I have configure a Samba PDC machine, using LDAP as password backend. The scripts smbldap-tools are used to create the accounts in the LDAP. I can add Windows XP machines to the domain without problems. But today, I tried to add a Windows NT Server SP6a machine to the domain, and there is the next error: smbldap_get_single_attribute: [sambaLogonHours] = [does not exist] [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528) smbldap_make_mod: adding attribute |sambaLogonHours| value | FF| [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(519) smbldap_make_mod: deleting attribute |sambaAcctFlags| values | [DW ]| [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528) smbldap_make_mod: adding attribute |sambaAcctFlags| value | [W ]| [2007/12/19 14:38:03, 5] lib/smbldap.c:smbldap_modify(1377) smbldap_modify: dn = [uid=windowsntldap $,ou=machines,ou=samba,dc=itdeusto,dc=local] [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_modify(1397) Failed to modify dn: uid=windowsntldap $,ou=machines,ou=samba,dc=x,dc=local, error: 20 (Type or value exists) (modify/add: sambaPrimaryGroupSID: value #0 already exists) [2007/12/19 14:38:03, 5] rpc_parse/parse_prs.c:prs_debug(84) 00 samr_io_r_set_userinfo The smbd proccess have a problem trying to modify the LDAP entry that have been created I have been using the Samba version that came with CentOS 5.1 (samba-3.0.25b) I also have a tcpdump file from the Samba - LDAP comunication and I can see the same error: attributeOrValueExists (modify/add: sambaPrimaryGroupSID: value #0 already exists) I don't know what is the problem. Can someone help me?. Thank you very much Greetings Carlos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] IDMAP RID problems and documentation
simo wrote: On Wed, 2007-12-19 at 13:58 +, Plant, Dean wrote: # NEW IDMAP settings idmap domains = US idmap config US: default = yes idmap config US: backend = rid idmap config US: range = 16777216-33554431 idmap alloc config: range = 16777216-33554431 ^^^ You don't need an alloc config range when using the RID backend, but if you want to use (eg for trusted domains) then you *ABSOLUTELY DON'T* want it to *conflict* with the same range used for the RID backend. Ok, point noted. I have removed that option and all is still working. Thanks. Dean Although -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with samba 3.0.28/Solaris 8/smbclient
On Tue, Dec 18, 2007 at 07:15:23AM -0600, Kenneth Marshall wrote: On Mon, Dec 17, 2007 at 01:26:51PM -0600, Kenneth Marshall wrote: Dear Samba users, I am trying to update our local samba packages to 3.0.28. They are built against heimdal-1.0.1 and openldap-2.3.38. The Redhat Enterprise Linux 3 and 4 packages are working fine so far in my limited testing. The problem with heimdal and net ads join... has been fixed on all 3 platforms. On the Solaris 8 server, the net ads join... works correctly and the machine registers with the domain. The problem is that the smbclient segfaults on the ls command. A put command worked correctly. Here is what a truss returned: 21056: ioctl(1, TCGETA, 0xFFBECFA4)= 0 21056: write(1, s m b : \ k \ k t m \.., 14) = 14 21056: read(0, 0xFFBED3E3, 1) (sleeping...) 21056: signotifywait() (sleeping...) 21056: door_return(0x, 0, 0x, 0) (sleeping...) 21056: lwp_cond_wait(0xFF3834E8, 0xFF3834F8, 0xFF37CD80) (sleeping...) 21056: read(0, l, 1)= 1 21056: write(1, l, 1) = 1 21056: read(0, s, 1)= 1 21056: write(1, s, 1) = 1 21056: read(0, \r, 1)= 1 21056: write(1, \n, 1) = 1 21056: ioctl(0, TCSETSW, 0xFF345C28) = 0 21056: sigaction(SIGINT, 0xFFBED4C0, 0xFFBED5C0) = 0 21056: sigaction(SIGTERM, 0xFFBED4C0, 0xFFBED5C0) = 0 21056: sigaction(SIGQUIT, 0xFFBED4C0, 0xFFBED5C0) = 0 21056: sigaction(SIGALRM, 0xFFBED4C0, 0xFFBED5C0) = 0 21056: sigaction(SIGTSTP, 0xFFBED4C0, 0xFFBED5C0) = 0 21056: sigaction(SIGTTOU, 0xFFBED4C0, 0xFFBED5C0) = 0 21056: sigaction(SIGTTIN, 0xFFBED4C0, 0xFFBED5C0) = 0 21056: sigaction(SIGWINCH, 0xFFBED4C0, 0xFFBED5C0) = 0 21056: time() = 1197919173 21056: write(6, \0\0\0 bFF S M B 2\0\0\0.., 102) = 102 21056: poll(0xFFBEAF18, 1, 2) = 1 21056: read(6, \0\003AC, 4) = 4 21056: poll(0xFFBEAF88, 1, 2) = 1 21056: read(6, FF S M B 2\0\0\0\08801C8.., 940) = 940 21056: open(/usr/share/lib/zoneinfo/US/Central, O_RDONLY) = 8 21056: read(8, T Z i f\0\0\0\0\0\0\0\0.., 8192) = 1279 21056: close(8)= 0 21056: stat64(/usr/site/samba-3.0.28/lib/C.msg, 0xFFBEA948) Err#2 ENOENT 21056: Incurred fault #6, FLTBOUNDS %pc = 0xFE833218 21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000 21056: Received signal #11, SIGSEGV [default] 21056:siginfo: SIGSEGV SEGV_MAPERR addr=0x40498000 21056: *** process killed *** Here is a gdb backtrace: (gdb) run -U 'AD\ktm' //storage.rice.edu/home -D k/ktm Starting program: /build/samba-3.0.28/sunos5/bin/smbclient -U 'AD\ktm' //storage.rice.edu/home -D k/ktm [New LWP 1] [New LWP 2] [New LWP 3] params.c:OpenConfFile() - Unable to open configuration file /usr/site/samba-3.0.28/lib/smb.conf: No such file or directory [New LWP 4] [New LWP 5] /build/samba-3.0.28/sunos5/bin/smbclient: Can't load /usr/site/samba-3.0.28/lib/smb.conf - run testparm to debug it Password: Domain=[AD] OS=[BlueArc Titan 4.3.990q] Server=[BlueArc Titan 4.3.990q] smb: \k\ktm\ ls Program received signal SIGSEGV, Segmentation fault. 0xfe833218 in strlen () from /usr/lib/libc.so.1 (gdb) bt #0 0xfe833218 in strlen () from /usr/lib/libc.so.1 #1 0xfedcadcc in wait_for_process () from /usr/site/samba-3.0.28/ext/libroken.so.18 #2 0xfedcadcc in wait_for_process () from /usr/site/samba-3.0.28/ext/libroken.so.18 Previous frame identical to this frame (corrupt stack?) (gdb) I am building a debug version of the heimdal 1.0.1 libraries to try and get some more information, but I wanted to post a preliminary message to see if this is a know issue or not and whether there are some other debugging measures that could be tried. Cheers, Ken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Dear Samba users, As promised here s the backtrace from the debug version of the Heimdal 1.0.1 libraries: Starting program: /build/samba-3.0.28/sunos5/bin/smbclient -U 'ADRICE\ktm' //storage.rice.edu/home -D k/ktm [New LWP 1] [New LWP 2] [New LWP 3] params.c:OpenConfFile() - Unable to open configuration file /usr/site/samba-3.0.28/lib/smb.conf: No such file or directory [New LWP 4] [New LWP 5] /build/samba-3.0.28/sunos5/bin/smbclient: Can't load /usr/site/samba-3.0.28/lib/smb.conf - run testparm to debug it Password: Domain=[ADRICE] OS=[BlueArc Titan 4.3.990q]
[Samba] (UPDATE) Problems adding a NTSp6a machine to a SAMBA PDC Domain + LDAP: sambaPrimaryGroupSID
I have the problem also with 3.0.28. I have attach the relevant log file section El 19/12/2007, a las 15:23, Carlos Terrón escribió: Hello everybody I have configure a Samba PDC machine, using LDAP as password backend. The scripts smbldap-tools are used to create the accounts in the LDAP. I can add Windows XP machines to the domain without problems. But today, I tried to add a Windows NT Server SP6a machine to the domain, and there is the next error: smbldap_get_single_attribute: [sambaLogonHours] = [does not exist] [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528) smbldap_make_mod: adding attribute |sambaLogonHours| value | FF| [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(519) smbldap_make_mod: deleting attribute |sambaAcctFlags| values | [DW ]| [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_make_mod(528) smbldap_make_mod: adding attribute |sambaAcctFlags| value | [W ]| [2007/12/19 14:38:03, 5] lib/smbldap.c:smbldap_modify(1377) smbldap_modify: dn = [uid=windowsntldap $,ou=machines,ou=samba,dc=itdeusto,dc=local] [2007/12/19 14:38:03, 10] lib/smbldap.c:smbldap_modify(1397) Failed to modify dn: uid=windowsntldap $,ou=machines,ou=samba,dc=x,dc=local, error: 20 (Type or value exists) (modify/add: sambaPrimaryGroupSID: value #0 already exists) [2007/12/19 14:38:03, 5] rpc_parse/parse_prs.c:prs_debug(84) 00 samr_io_r_set_userinfo The smbd proccess have a problem trying to modify the LDAP entry that have been created I have been using the Samba version that came with CentOS 5.1 (samba-3.0.25b) I also have a tcpdump file from the Samba - LDAP comunication and I can see the same error: attributeOrValueExists (modify/add: sambaPrimaryGroupSID: value #0 already exists) I don't know what is the problem. Can someone help me?. Thank you very much Greetings Carlos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] IDMAP RID problems and documentation
Plant, Dean, on 12/19/2007 8:58 AM, said the following: John wrote: Hello List, After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of the new syntax for IDMAP. But I failed, Also there is a lack on documentation how to us it. (Yes there is a man, but it contains limited explanation and examples). What do I want? What (I think a lot of people wants) I have two samba domain members and a Windows 2003 DC without R2 / SFU shema extension. So I want make use of the RID facility. Same GID/ UID mappings on all samba servers in the domain, with support of BUILTIN groups, and without installing schema extensions on the DC. I assume that RID was designed for this scenario Can anyone assist me and everyone on list struggling with the same problems, how to proper configure SAMBA for this scenario? Old syntax works, but lack support for BUILT-IN groups, and gives following complaints in syslog Module '/usr/lib/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION and: lib/util_str.c:safe_strcpy_fn(659) Dec 19 13:12:47 s-0009 winbindd[5454]: ERROR: string overflow by 1 (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255) in safe_strcpy [Added timed event async_request_timeout: 8843878 I have just fixed one of our Samba servers this morning after an the upgrade from CentOS 5 - 5.1 broke winbind resolution. The below winbind config worked for me. I'm curious - what exactly CHANGED (or, what did you have to change)? [global] workgroup = COMM server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 dns proxy = No cups options = raw password server = amachine.us.domain.co.uk realm = US.DOMAIN.CO.UK security = ads # OLD IDMAP settings # idmap uid = 16777216-33554431 # idmap gid = 16777216-33554431 # idmap backend = rid:US=16777216-33554431 # NEW IDMAP settings idmap domains = US idmap config US: default = yes idmap config US: backend = rid idmap config US: range = 16777216-33554431 idmap alloc config: range = 16777216-33554431 template shell = /sbin/nologin winbind use default domain = yes allow trusted domains = no host msdfs = no winbind enum users = no winbind enum groups = no wins server = 192.168.1.10 Hope this helps Dean -- Best regards, Charles Marcus I.T. Director Media Brokers International 678.514.6200 x224 678.514.6299 fax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Invalid request size nsswitch/winbindd
On 12/19/2007, Volker Lendecke ([EMAIL PROTECTED]) wrote: Reboot your box. It's not only smbd, all processes in the system potentially can trigger this error. Just to be clear - you're saying that anytime Samba is upgraded, I should REBOOT?? -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Invalid request size nsswitch/winbindd
On Wed, 2007-12-19 at 11:37 -0500, Charles Marcus wrote: On 12/19/2007, Volker Lendecke ([EMAIL PROTECTED]) wrote: Reboot your box. It's not only smbd, all processes in the system potentially can trigger this error. Just to be clear - you're saying that anytime Samba is upgraded, I should REBOOT?? No, you just have to restart services that use nss_winbindd because the winbindd protocol may change, rebooting is the easiest way, but is not required. Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Invalid request size nsswitch/winbindd
On Wed, Dec 19, 2007 at 11:37:36AM -0500, Charles Marcus wrote: On 12/19/2007, Volker Lendecke ([EMAIL PROTECTED]) wrote: Reboot your box. It's not only smbd, all processes in the system potentially can trigger this error. Just to be clear - you're saying that anytime Samba is upgraded, I should REBOOT?? Well, I think almost everything uses nss. So it's not a Samba thing, it's a problem that the nss subsystem does not reload the shared libraries when they change. For example if you install a new libnss_ldap.so, you have exactly the same problem. Volker pgpJ2X66wV11z.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA ADS integration - windows user account rights
Bert Verhaeghe wrote: Hi all, first of all is it possible to join a Linux machine to AD using a windows user account that is not a member of the group Domain Admins? Cause when I do this I get the following error while executing `net ads join -d 3 -U syncuser`: #net ads join -d 3 -U syncuser [2007/12/11 13:47:12, 3] param/loadparm.c:lp_load(4953) lp_load: refreshing parameters [2007/12/11 13:47:12, 3] param/loadparm.c:init_globals(1418) Initialising global parameters [2007/12/11 13:47:12, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2007/12/11 13:47:12, 3] param/loadparm.c:do_section(3695) Processing section [global] [2007/12/11 13:47:12, 2] lib/interface.c:add_interface(81) added interface ip=10.0.0.3 bcast=10.0.0.255 nmask=255.255.255.0 octopussync's password: [2007/12/11 13:47:17, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: , DC [2007/12/11 13:47:17, 3] libsmb/namequery.c:resolve_lmhosts(939) resolve_lmhosts: Attempting lmhosts lookup for name DC0x20 [2007/12/11 13:47:17, 3] libsmb/namequery.c:resolve_wins(836) resolve_wins: Attempting wins lookup for name DC0x20 [2007/12/11 13:47:17, 3] libsmb/namequery.c:resolve_wins(839) resolve_wins: WINS server resolution selected and no WINS servers listed. [2007/12/11 13:47:17, 3] libsmb/namequery.c:resolve_hosts(1002) resolve_hosts: Attempting host lookup for name DC0x20 [2007/12/11 13:47:17, 3] libads/ldap.c:ads_connect(287) Connected to LDAP server 10.0.0.1 [2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(210) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2007/12/11 13:47:17, 3] libads/sasl.c:ads_sasl_spnego_bind(219) ads_sasl_spnego_bind: got server principal name [EMAIL PROTECTED] [2007/12/11 13:47:17, 3] libsmb/clikrb5.c:ads_krb5_mk_req(552) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2007/12/11 13:47:17, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 11 Dec 2007 23:47:05 UTC [2007/12/11 13:47:17, 3] libsmb/cliconnect.c:cli_start_connection(1426) Connecting to host= DC.domain.local [2007/12/11 13:47:17, 3] lib/util_sock.c:open_socket_out(874) Connecting to 10.0.0.1 at port 445 [2007/12/11 13:47:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(721) Doing spnego session setup (blob length=107) [2007/12/11 13:47:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 48018 1 2 2 [2007/12/11 13:47:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554 1 2 2 [2007/12/11 13:47:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 2 840 113554 1 2 2 3 [2007/12/11 13:47:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(746) got OID=1 3 6 1 4 1 311 2 2 10 [2007/12/11 13:47:17, 3] libsmb/cliconnect.c:cli_session_setup_spnego(754) got principal=dc [EMAIL PROTECTED] [2007/12/11 13:47:17, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(546) Doing kerberos session setup [2007/12/11 13:47:17, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(488) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration Tue, 11 Dec 2007 23:47:05 UTC [2007/12/11 13:47:17, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine DC.domain.local pipe \lsarpc fnum 0x400c bind request returned ok. [2007/12/11 13:47:17, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2007/12/11 13:47:17, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine DC.domain.local pipe \samr fnum 0x400a bind request returned ok. Failed to set password for machine account (NT_STATUS_ACCESS_DENIED) Failed to join domain! [2007/12/11 13:47:17, 2] utils/net.c:main(988) return code = -1 But when the user is added to the Domain Admins group, the join is successful. And if the latter is possible, which permissions should the windows user account have? Thx in advance bert Hi Bert, I do not know about the Domain Admins group angle, but if you want to know what the minimal user rights necessary for a net ads join are, then this whitepaper explains it. It says HP CIFS Server, but holds true for Opensource Samba as well. http://www.docs.hp.com/en/7212/ADSJoinMinimumPerms.pdf Eric Roseme Hewlett-Packard -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with samba 3.0.28/Solaris 8/smbclient
On Wed, Dec 19, 2007 at 09:35:15AM -0600, Kenneth Marshall wrote: Is there anything else I can do to help track this problem down? Is anyone else running Samba 3.0.28 on Solaris 8? With Heimdal Kerberos or with MIT Kerberos? I would appreciate any feedback. I'd be surprised if this is kerberos specific. Can we see a tcpdump of smbclient doing its job up to the crash? Volker pgpmBHEuxB9q8.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] IDMAP RID problems and documentation
Charles Marcus wrote: Plant, Dean, on 12/19/2007 8:58 AM, said the following: John wrote: Hello List, After upgrading to 3.0.25b (Also tried 3.0.28) I tried to make use of the new syntax for IDMAP. But I failed, Also there is a lack on documentation how to us it. (Yes there is a man, but it contains limited explanation and examples). What do I want? What (I think a lot of people wants) I have two samba domain members and a Windows 2003 DC without R2 / SFU shema extension. So I want make use of the RID facility. Same GID/ UID mappings on all samba servers in the domain, with support of BUILTIN groups, and without installing schema extensions on the DC. I assume that RID was designed for this scenario Can anyone assist me and everyone on list struggling with the same problems, how to proper configure SAMBA for this scenario? Old syntax works, but lack support for BUILT-IN groups, and gives following complaints in syslog Module '/usr/lib/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION and: lib/util_str.c:safe_strcpy_fn(659) Dec 19 13:12:47 s-0009 winbindd[5454]: ERROR: string overflow by 1 (256 - 255) in safe_strcpy [ERROR: string overflow by 1 (256 - 255) in safe_strcpy [Added timed event async_request_timeout: 8843878 I have just fixed one of our Samba servers this morning after an the upgrade from CentOS 5 - 5.1 broke winbind resolution. The below winbind config worked for me. I'm curious - what exactly CHANGED (or, what did you have to change)? We had been running with these idmap settings for an AD integrated file server. idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 idmap backend = rid:US=16777216-33554431 After the upgrade to CentOS 5.1 our winbind mappings were lost and group permissions were no longer working. Reading the Samba release notes and trawling the net I found the below settings, although as it has been pointed out the idmap alloc config is not required. With these settings all winbind mappings were restored and everything seems to be working as normal. idmap domains = US idmap config US: default = yes idmap config US: backend = rid idmap config US: range = 16777216-33554431 idmap alloc config: range = 16777216-33554431 Dean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems printing
Hello! I've a samba version 3.0.25a and cups version 1.2.7 running on a solaris box. I'm using samba to share drivers and printrers to windows xp and 2k clients. OK. Some days i got samba stoped and my logs has a lot of this messages: create_policy_hnd: ERROR: too many handles (1025) on this pipe. Last week a change log level to 10 to a specific client and I got 218 printer handles in use. But sometimes this number increase very quick and samba stop to responde. Then after restart the service all come back to normal. I think 218 handles opened is a number very high. Because In other situations i can see just 4 or 5 handles opened. here is the log file: http://www.cgtee.gov.br/se1003.log.n10.128handles In additional, sudenlly, others printers and clients, some times, show same problem even using different drivers. Here is the drivers used for the printer: http://printer.konicaminolta.com/support/current_printers/mc2430dl_sup.htm#drivers I'm using drivers for windows XP/2k. I hope someone can help me. thaks a lot! -- Att. Lutieri G. B. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File name symbols
On Wed, Dec 19, 2007 at 02:32:27PM +0300, Vitaly Protsko wrote: Hi! So, anybody? :( Is it possible to make samba creating files with byte-to-byte, not translated, names? From Linux CIFS or from smbclient yes. You need UNIX extensions turned on an they'll use POSIX pathnames. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with date created attribute
How did you copy the files? If you stat them in bsd are the date attribs right? Mark. On 18 Dec 2007, at 00:51, David Lee [EMAIL PROTECTED] wrote: I'm having trouble with files moved to my FreeBSD Samba server from either Mac OS X or Windows. When I move the files the date the files were originally created do not get copied. I looked into FreeBSD to see if a date created attribute was supported; from the stat man pages and the field specifier 'B' it seems so, but I can't confirm for sure. Is there a solution for this or is it not possible? Thanks - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication issue?
I have a centos box using kernel 2.6.9-42.0.2.ELsmp that had a samba server running very nicely until 2 days ago. Out of the blue, users can't access any shares. We have 5 users and 6 shares, one of which is an MS access database that gets the most use. I thought the smbpasswd database may be corrupt so I replaced it with a backup, but no go. I deleted the smbpasswd database, re-added users, that didn't work either. Checking a users samba log, I found this series of errors when trying to get to any samba share: [2007/12/19 13:16:15, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2007/12/19 13:16:15, 1] smbd/session.c:session_claim(143) pam_session rejected the session for tom [smb/32352/109] [2007/12/19 13:16:15, 1] smbd/password.c:register_vuid(310) Failed to claim session for vuid=109 [2007/12/19 13:16:31, 0] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: session setup failed : System error [2007/12/19 13:16:31, 1] smbd/session.c:session_claim(143) pam_session rejected the session for tom [smb/32359/109] [2007/12/19 13:16:31, 1] smbd/password.c:register_vuid(310) Failed to claim session for vuid=109 The smbd.log shows this: [2007/12/19 13:16:08, 0] lib/util_sock.c:get_peer_addr(1232) getpeername failed. Error was Transport endpoint is not connected I can 'smbclient -L' to the workstations, and all other services (httpd, sendmail, squid) are running as usual. I can smbmount from the linux machine to a workstation and use the files in the shares, but can't get from teh workstations to the linux box. From my limited experience, it seems authentication is whacked, but I can't flesh it out. Any help is appreciated. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] editpostfix setup
Hi, i've setup the samba environment like described in the wiki: http://wiki.samba.org/index.php/Ldapsam_Editposix I can now easily add windows user / machines when using the policies for Administrator. I have also setup unix account session auth via libpam_ldap, libnss_ldap like described here: http://www.gentoo.org/doc/en/ldap-howto.xml Some things i dont understand: 1. How is the unix password set for the windows users? When i su winusername it is not accepting the win password. I also tried editing the unix password via ldap-account-manager but also with no luck. Is a unix password set in general when creating new accounts? With my unixuseraccounts migrated to ldap via migrationsscipt (the ones used in the gentoo article) it is possible to su username. 2. How do I make a sambadomain user out of such a migrated unix user? 3. When creating accounts the user homes per default points to /home/domainname/user. How can I change that? Thanks for any reply/feedback for my configs Gunnar my smb.conf: --- [global] #pdc netbios name = TIGGER workgroup = th-domain domain logons = yes #path logon home = \\%N\%U logon path = \\%N\%U\.winprofile #password encrypt passwords = true passdb backend = ldapsam #ldap ldap suffix = dc=th-domain,dc=lan ldapsam:trusted = yes ldapsam:editposix = yes ldap admin dn = cn=admin,dc=th-domain,dc=lan ldap delete dn = yes ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap user suffix = ou=peoples ldap idmap suffix = ou=idmap #idmap idmap domains = th-domain idmap config th-domain:backend = ldap idmap config th-domain:readonly = no idmap config th-domain:default = yes idmap config th-domain:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan idmap config th-domain:ldap_user_dn = cn=admin,dc=th-domain,dc=lan idmap config th-domain:ldap_url = ldap://localhost idmap config th-domain:range = 5-50 idmap alloc backend = ldap idmap alloc config:ldap_base_dn = ou=idmap,dc=th-domain,dc=lan idmap alloc config:ldap_user_dn = cn=admin,dc=th-domain,dc=lan idmap alloc config:ldap_url = ldap://localhost idmap alloc config:range = 5-50 #logging log level = 1 --- my nsswitch/pam /etc/ldap.conf --- ssl off suffix dc=th-domain,dc=lan uri ldap://localhost pam_password exop rootbinddn cn=root,dc=th-domain,dc=lan ldap_version 3 pam_filter objectclass=posixAccount pam_login_attribute uid pam_member_attribute memberuid nss_base_passwd ou=peoples,dc=th-domain,dc=lan nss_base_shadow ou=peoples,dc=th-domain,dc=lan nss_base_group ou=groups,dc=th-domain,dc=lan nss_base_hosts ou=hosts,dc=th-domain,dc=lan scope one -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Tearing my hair out:
Sherwood Botsford wrote: I have a samba 2.2.8a PDC, no windows servers at all. The local network works. Conan, the PDC also acts as a WINS server. Postie, the DHCP server sets: option netbios-name-servers 192.168.1.241 ; option netbios-node-type 2 ; All clients have lmhosts file with: 192.168.1.241 conan #pre #dom:sjsa 192.168.1.242 postie #pre Last week I needed to reinstall a computer, named pixel On server I ran smbpasswd -a -m pixel to reset the machine account password. Pixel runs Win2k SP4 I go to Pixel and move it to the domain. Usual signin and password of domain administrator. Long Pause. Welcome to SJSA domain Reboot. Now if I try to log in to a domain account, I get the message: The system cannot log you on to this domain because the system computer account in its primary domain is missing or the password on that account is incorrect. Looking in pixel.log I see: [2007/12/11 10:41:25, 0] smbd/password.c:domain_client_validate(1558) domain_client_validate: could not fetch trust account password for domain SJSA Looking further, this is a common message in the log files, occuring just before shares connect normally. Not sure what else to look for. Problem solved. I had two hosts with the same UID in both master.passwd and in smbpasswd. So in this case both jabberwocky$ and pixel$ had UID's of 5100. How did this happen? Easy. All machines are group 5000. I use the last octet of the IP to give them a unique UID. Jabberwocky was turfed. In recycling the IP I failed to remove the old name from master.passwd and smbpasswd. (So many places: DNS DHCP Password smbpasswd hosts.yp Sigh. Anyway, posting this so that the Next Guy can find it faster. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA under window?
hce wrote: On Dec 19, 2007 12:27 PM, Curtis Maloney [EMAIL PROTECTED] wrote: hce wrote: It is actually to mount a dumb linux device to a window file system, just like to mount an usb stick to the window file system. Yes, if the linux device (without samba on it) can be mounted by a window file syste, then the window can config the linux device, modify data and transfer data to it. So, your actual goal is to allow remote configuration of these Linux devices? Why must it be done via mounting them like a disk? There are many simpler options that would require less code. Please let me know if above explanation is still insufficient. You keep talking about mounting these devices... I don't see why you're so hung up on this approach. Why must they be treated like a disk? Why can't you, for instance, have them accept config updates via a simple web interface? Or use dropbear and scp the files into place? Or put a FTP server on them? Why take the very complex route of mounting a remote filesystem? Yes, you are right, there are many solutions if you are a computer skilled people or at least can play anothing on the computers. I am a linux user myself, I can do whatever you want to play from my linux box, I don't even need windows. But what about those who can only run window file system, and only simply copy or delete files from the window file systm, who has no idea to intall and run window ssh, scp or ftp? (please don't ask me again why I should support them.) My questions were: (a) if we have some solution to install Samba to a window system or not; You don't need to install samba on a windows system to access a remote samba share. You just use your regular windows explorer to do that. (b) if there is small size of mini samba I can use to port it to a small linux device? I happen to know there was a port of an early version of samba (version 2.0.10 stripped down) to a system that operates on embedded devices, such as a large set of wireless access points/routers using a certain broadcom board. Google for samba + openwrt. I'm not sure your small linux systems use the same architecture, but it's at least a good starting point IMHO. Clearly (a) has been answed, (b) is still not sure. Thank you. Kind Regards, Jim Hopefully i was able to help. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Enabling Profiles
mailto:[EMAIL PROTECTED]odi wrote: use pdbedit -Lv user to determine if there is a profile path, if there ist no path specified, profile for this user is disabled, maybe I'm wrong, but I think so. It doesn't depend on the password backend, definitly. Actually that sounds about right, I've never really used pdbedit as all of the fancy setups I have been involved with are LDAP based. I didn't realise you could set a profile path property with other backends. regards Am Dienstag, 18. Dezember 2007 16:21:40 schrieb Net Warrior: HI there guys. Sorry for disturbing you with a very basic question, log time ago, searching in the archives I found that profiles can be enabled or disabled for everyone, and that cannot be enabled for a gorup of users or a specific user. I read the how-tos, they explain very well how to manage them, but could not find that doubt, nor even I could not find that thread in the arvhives. Can some tell me if that behavior still applies? Thanks in advance *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] write list and valid users
Jason Greene wrote: We finally got our server to migrate to the new domain. Now when we access a share anyone can write to it. I removed the write list and valid users list and restarted samba... anyone can still access and write to it. Can some one school me on samba permissions? I don't want to sound like a jerk, but this is fairly clearly explained in the man page. here is the share info drwxrwsrwx 10 user group4096 Dec 19 08:16 dev [dev] path = /apps/dev create mask = 666 directory mask = 2777 valid user = removed for security (a bunch of domain groups) write list = removed for security (a bunch of domain groups) write list: This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. writeable = yes writeable: Inverted synonym for read only. read only: If this parameter is yes, then users of a service may not create or modify files in the service's directory. As you can see, setting writeable = yes allows anyone who connects to write to the share (depending on unix permissions). write list will overrule the read only (writeable) setting on a share for certain users. If you remove the writeable = yes line it will default to read only and only users in the write list will be able to make changes. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Big problems with 3.0.24-6etch6 Debian packages
Hi, Am Dienstag, den 27.11.2007, 09:58 +0100 schrieb Marco De Vitis: Hi, I'm using Samba as a PDC with roaming profiles on a Debian Etch machine, the clients are Windows XP/2000 machines. I just installed security upgrades with aptitude, and this upgraded all samba 3.0.24-6etch4 packages to 3.0.24-6etch6 (except for samba-doc which was upgraded to 3.0.24-6etch7). Immediately after the upgrade, my users could not load their profiles at login anymore. Errors popped out regarding problems loading insignificant files from their profiles, such as cookies, links to recently opened files, Java cache files, etc. This caused Windows to open up a new temporary profile, making everyone lose their settings. PANIC!! I now downgraded back to all 3.0.24-6etch4 packages, and things seem to be working fine again. What's happening with Samba packages for Debian Etch? I saw a security announce yesterday by Steve Kemp, but it's a bit confusing, for Etch it lists some 6etch6 packages and some 6etch7 others. Are the current packages broken? And... is there anyone officially working on more up-to-date Samba packages for Debian Etch? Or will we have to live with 3.0.24 until the next Debian stable upgrade? From time to time we still have broken profiles although I've downgraded our machine back to a working debian package on 27th Nov. to avoid more damage. At the moment a samba 3.0.24-6etch9 is installed. But it seems that the broken samba package has crashed the profiles of those users, which were logged in when the broken package was installed. Those users have problems to load their profiles. At the first login the default profile is loaded, because the client has problems to sync files from the server. The user has to log out and start a second login, which works fine then. In some hard cases we have to remove the local and the server profile to get it working again. Any idea how to fix this? It's a kind of horror the get up to ten calls a day to fix roaming profiles. Ciao! Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] write list and valid users
We found the problem... It was the fact that we had valid user = and it needs to be valid users = then we needed to remove writeable = yes and change it to browseable = yes Thanks for the responses Jason On 12/19/07, Michael Heydon [EMAIL PROTECTED] wrote: Jason Greene wrote: We finally got our server to migrate to the new domain. Now when we access a share anyone can write to it. I removed the write list and valid users list and restarted samba... anyone can still access and write to it. Can some one school me on samba permissions? I don't want to sound like a jerk, but this is fairly clearly explained in the man page. here is the share info drwxrwsrwx 10 user group4096 Dec 19 08:16 dev [dev] path = /apps/dev create mask = 666 directory mask = 2777 valid user = removed for security (a bunch of domain groups) write list = removed for security (a bunch of domain groups) write list: This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. writeable = yes writeable: Inverted synonym for read only. read only: If this parameter is yes, then users of a service may not create or modify files in the service's directory. As you can see, setting writeable = yes allows anyone who connects to write to the share (depending on unix permissions). write list will overrule the read only (writeable) setting on a share for certain users. If you remove the writeable = yes line it will default to read only and only users in the write list will be able to make changes. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Jason Greene -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] write list and valid users
The way we handle this is to ignore he valid user and write list settings. Our shares look like this: [Shares] path=/home/shares browseable = yes writable = yes force create mode = 0770 force directory mode = 2770 Then we chown and set unix permissions on subdirectories of /home/shares that restrict the folder access to groups. The minor drawback is that users can see that other departments exist, but they can only enter their own folders. But we allow remote sftp access, so we need to use the Unix permissions anyway. Michael Heydon wrote: Jason Greene wrote: We finally got our server to migrate to the new domain. Now when we access a share anyone can write to it. I removed the write list and valid users list and restarted samba... anyone can still access and write to it. Can some one school me on samba permissions? I don't want to sound like a jerk, but this is fairly clearly explained in the man page. here is the share info drwxrwsrwx 10 user group4096 Dec 19 08:16 dev [dev] path = /apps/dev create mask = 666 directory mask = 2777 valid user = removed for security (a bunch of domain groups) write list = removed for security (a bunch of domain groups) write list: This is a list of users that are given read-write access to a service. If the connecting user is in this list then they will be given write access, no matter what the read only option is set to. writeable = yes writeable: Inverted synonym for read only. read only: If this parameter is yes, then users of a service may not create or modify files in the service's directory. As you can see, setting writeable = yes allows anyone who connects to write to the share (depending on unix permissions). write list will overrule the read only (writeable) setting on a share for certain users. If you remove the writeable = yes line it will default to read only and only users in the write list will be able to make changes. *Michael Heydon - IT Administrator * [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with date created attribute
Thanks for the reply. After a bit of digging I found that FreeBSD does support a 'created' timestamp field for a file, but it seems (and I could be mistaken) that Samba doesn't take advantage of it. An example: When I copy over a file it will not copy the 'created' timestamp from the original, but Samba will copy the 'modified' timestamp. Once the file is on the FreeBSD server Samba clones the last 'modified' timestamp into the 'created' timestamp field. So there are two field's with the same values. When you view the file attributes on Samba from a windows or mac machine the 'created' timestamp and the 'modified' timestamp are always the same. Luckily, I when you view the fields in FreeBSD itself, the new 'created' timestamp doesn't change even if you modify/view/access the file. (Just as it should). But the date created is now set to the original (precopy) 'modified' timestamp, instead of the 'created' timestamp. So if we look at the file attributes on Samba from a windows or mac machine, I noticed that both 'created' and 'modified' fields are always the same, even if from FreeBSD's point of view it's not. It seems that Samba doesn't take advantage of this attribute in FreeBSD. Am I mistaken? Any suggestions? Oh btw I've tried this on two different Samba servers. Same result. Mark Adams [EMAIL PROTECTED] wrote: How did you copy the files? If you stat them in bsd are the date attribs right? Mark. On 18 Dec 2007, at 00:51, David Lee wrote: I'm having trouble with files moved to my FreeBSD Samba server from either Mac OS X or Windows. When I move the files the date the files were originally created do not get copied. I looked into FreeBSD to see if a date created attribute was supported; from the stat man pages and the field specifier 'B' it seems so, but I can't confirm for sure. Is there a solution for this or is it not possible? Thanks - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba - Looking for last minute shopping deals? Find them fast with Yahoo! Search. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with date created attribute
On Wed, Dec 19, 2007 at 03:48:24PM -0800, David Lee wrote: Thanks for the reply. After a bit of digging I found that FreeBSD does support a 'created' timestamp field for a file, but it seems (and I could be mistaken) that Samba doesn't take advantage of it. We've got the internal infrastructure to use this, but the code isn't filled in yet. If you can point me at the relevent man pages I'll try and get this done for 3.2 official. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pdb_multi - any docs?
I've just been looking at pdb_multi to use as a method of transitioning a client's samba server to LDAP. Unfortunately it appears to be rather undocumented... Is there any info out there on using it? Does the 0.2 release work on Samba 3.0.24? It says it's for 3.0.23 Does it work reliably enough that I can just slip it in there overnight and not have to worry about the client's PCs not letting them on the next day? Is anyone even using it? TB ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] write list and valid users
On Dec 19, 2007 6:26 PM, Sam Bayne [EMAIL PROTECTED] wrote: The way we handle this is to ignore he valid user and write list settings. Our shares look like this: [Shares] path=/home/shares browseable = yes writable = yes force create mode = 0770 force directory mode = 2770 Then we chown and set unix permissions on subdirectories of /home/shares that restrict the folder access to groups. I do that as well because I all my users have windows and linux accounts and if the unix permissions are not correct then they will be able to see the files on the linux side anyways... The minor drawback is that users can see that other departments exist, but they can only enter their own folders. I think you can hide these with the hide unreadable option of smb.conf John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] performance problem with windows 2003 client
I've run into an odd (at least to me) performance issue between a samba server and windows 2003. The windows side is w2k3 w/ SP2 on an HP DL585 with HP EVA SAN storage. Linux is CentOS 5 on a Sun X4200 with samba package samba-3.0.25b-1.el5_1.4and a FUSE mounted filesystem (glusterFS). Watching the network tab of task manager while pulling a few large files from the samba server to the fast drive on the windows end I see an oscillation between 50% (of gigabit) and 0%. A trace captured on the linux side and analyzed in wireshark corroborates, periods of high throughput alternating with periods of near-inactivity. The periods are roughly of equal length, usually between 4 and 8 seconds. As far as I can tell during the slow periods windows slows down on sending ACKs and issuing andx requests, it looks like samba continues to answer requests quickly, but windows doesn't send them at the same rate. I don't see the TCP window dropping to less than the size of a frame at any time. I assume this is windows client-side behavior, I'm not even sure if it's samba-specific at all, but I don't have any windows file server that I expect would be able to push 50MB/s consistently to test against. I get close to 60MB/s using a CIFS mount locally on the samba server. Any suggestions or recommendations would be appreciated. -Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with ACL and Samba
Greeting Felipe, Here a solution for your problem (I hope so). It works for me with MSOffice 2000/2003. First you need to set the POSIX rights before ACL(EA). These rights will be the base for your real permissions. - Create your folder, and set 2775 or 2770 permissions. - The assign the owner and group to root:root (you will understand shortly why). - Now you are ready to set the ACL(EA) permissions. The use of the 2775 permissions will gave access to the folder and his subdirectory for the share of the files. Or use directly the 2770 permissions to limit access and share immediately your files in the folder. The SGID define in this permission allow the group to never be change, whatever the group of the owner who create a new file ou change a existing file. The owner has no importance, because it will be change at the creation ou modification of the file (it is the goal to know who have made the change). The share configuration, I suggest you something like this. The only parameters very important is force create mode = 660 and directory mode = 770. [workspace] comment = Whatever path = /pat/to/my/folder browseable = yes read only = no force create mode = 660 directory mode = 770 csc policy = disable Best Regards Robert -- Cybionet - Solution reseautique http://www.cybionet.com Dear All I am facing a strange problem that I could not solve, so, maybe you can help me. Look at this situation: I created a new directory with those ACLs (through Samba using Windows XP) [EMAIL PROTECTED] /home/smb/adm]# getfacl teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- [EMAIL PROTECTED] /home/smb/adm]# getfacl -d teste #file:teste #owner:1002 #group:1006 user::rwx group::rwx group:suporte:rwx group:administ:rwx mask::rwx other::--- My ACLs are right, ok, now I will copy a XLS file to that folder: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::rw- group:suporte:rwx group:administ:rwx mask::rwx other::--- OK, the samba server inhert the permissions and the ACLs, everything is fine until now. But when I edit this file with MS Excel, and save it, look what happen to the ACLs: [EMAIL PROTECTED] /home/smb/adm]# getfacl teste/excel-test.xls #file:teste/excel-test.xls #owner:1002 #group:1006 user::rwx group::--- group:suporte:rwx mask::rwx other::--- The ACL entry group:administ:rwx just have gone after I save the file. It happens with Windows XP, Vista, Office 2003 and 2007. My samba version is Samba version 3.0.26a, my SO is FreeBSD 6.2. I installed samba through Ports. Anybody knows what is wrong? Thanks a lot! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA under window?
On Dec 20, 2007 9:14 AM, Hugo Monteiro [EMAIL PROTECTED] wrote: hce wrote: On Dec 19, 2007 12:27 PM, Curtis Maloney [EMAIL PROTECTED] wrote: hce wrote: It is actually to mount a dumb linux device to a window file system, just like to mount an usb stick to the window file system. Yes, if the linux device (without samba on it) can be mounted by a window file syste, then the window can config the linux device, modify data and transfer data to it. So, your actual goal is to allow remote configuration of these Linux devices? Why must it be done via mounting them like a disk? There are many simpler options that would require less code. Please let me know if above explanation is still insufficient. You keep talking about mounting these devices... I don't see why you're so hung up on this approach. Why must they be treated like a disk? Why can't you, for instance, have them accept config updates via a simple web interface? Or use dropbear and scp the files into place? Or put a FTP server on them? Why take the very complex route of mounting a remote filesystem? Yes, you are right, there are many solutions if you are a computer skilled people or at least can play anothing on the computers. I am a linux user myself, I can do whatever you want to play from my linux box, I don't even need windows. But what about those who can only run window file system, and only simply copy or delete files from the window file systm, who has no idea to intall and run window ssh, scp or ftp? (please don't ask me again why I should support them.) My questions were: (a) if we have some solution to install Samba to a window system or not; You don't need to install samba on a windows system to access a remote samba share. You just use your regular windows explorer to do that. (b) if there is small size of mini samba I can use to port it to a small linux device? I happen to know there was a port of an early version of samba (version 2.0.10 stripped down) to a system that operates on embedded devices, such as a large set of wireless access points/routers using a certain broadcom board. Google for samba + openwrt. I'm not sure your small linux systems use the same architecture, but it's at least a good starting point IMHO. Thanks Hugo, it is good to know and I'll try this. Also thanks for all other responses, your professional comments are greate approciated. Thank you. Kind Regards, Jim Clearly (a) has been answed, (b) is still not sure. Thank you. Kind Regards, Jim Hopefully i was able to help. Regards, Hugo Monteiro. -- ci.fct.unl.pt:~# cat .signature Hugo Monteiro Email: [EMAIL PROTECTED] Telefone : +351 212948300 Ext.15307 Centro de Informática Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa Quinta da Torre 2829-516 Caparica Portugal Telefone: +351 212948596 Fax: +351 212948548 www.ci.fct.unl.pt [EMAIL PROTECTED] ci.fct.unl.pt:~# _ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA under window?
hce wrote: On Dec 20, 2007 9:14 AM, Hugo Monteiro [EMAIL PROTECTED] wrote: I happen to know there was a port of an early version of samba (version 2.0.10 stripped down) to a system that operates on embedded devices, such as a large set of wireless access points/routers using a certain broadcom board. Google for samba + openwrt. I'm not sure your small linux systems use the same architecture, but it's at least a good starting point IMHO. Thanks Hugo, it is good to know and I'll try this. Also thanks for all other responses, your professional comments are greate approciated. I have a port of samba 3.0.25b for embedded devices running openwrt. It takes anywhere from 500K to about 4 MB depending on what you need and the architecture you built it for. I'll be out of touch for about a week; if you still need it let me know around New Years. --Yan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unanswered question
How long does one have to typically wait for an answer to a post? Tomorrow my message will have been up a week, and I've gotten no replies. It was about whether a file, while it was being written to, could subsequently be opened by another client for reading. I used a DVR with chasing play as an example. Didn't seem like that difficult of a question, but maybe it isn't geeky enough for some. (Or perhaps the answer is No and people are too embarrassed to admit Samba can't do it.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unanswered question
On Wed, 2007-12-19 at 20:20 -0800, Michael Dykstra wrote: How long does one have to typically wait for an answer to a post? Tomorrow my message will have been up a week, and I've gotten no replies. It was about whether a file, while it was being written to, could subsequently be opened by another client for reading. I used a DVR with chasing play as an example. Didn't seem like that difficult of a question, but maybe it isn't geeky enough for some. (Or perhaps the answer is No and people are too embarrassed to admit Samba can't do it.) Or perhaps the question is naive and the answer is: it depends. Samba supports locking, so if the application that is writing to a file locks it then you may be out of luck. From a protocol and server point of view, however, there is absolutely no limitation on concurrent file reading/writing. Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Call timed out: server did not respond...
Hello All, I don't know how, but I managed to get my no logon server found error to go away, but now I am experiencing another problem. When I run net join ads -d 3 I get the following error message. I know it's authenticating, because if I enter an incorrect password it says The username or password was not correct. So it's accessing the correct server, but then timing out for some reason. [2007/12/19 21:21:26, 3] param/loadparm.c:lp_load(5031) lp_load: refreshing parameters [2007/12/19 21:21:26, 3] param/loadparm.c:init_globals(1430) Initialising global parameters [2007/12/19 21:21:26, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2007/12/19 21:21:26, 3] param/loadparm.c:do_section(3770) Processing section [global] [2007/12/19 21:21:26, 2] lib/interface.c:add_interface(81) added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0 [2007/12/19 21:21:26, 3] libsmb/namequery.c:get_dc_list(1489) get_dc_list: preferred server list: , 10.0.0.10 [2007/12/19 21:21:26, 1] libads/cldap.c:recv_cldap_netlogon(219) no reply received to cldap netlogon [2007/12/19 21:21:26, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 10.0.0.10 failed. [2007/12/19 21:21:26, 3] libsmb/namequery.c:resolve_lmhosts(966) resolve_lmhosts: Attempting lmhosts lookup for name S20x1b [2007/12/19 21:21:26, 3] libsmb/namequery.c:resolve_wins(863) resolve_wins: Attempting wins lookup for name S20x1b [2007/12/19 21:21:26, 3] libsmb/namequery.c:resolve_wins(902) resolve_wins: using WINS server 10.0.0.10 and tag '*' [2007/12/19 21:21:26, 2] libsmb/namequery.c:name_query(604) Got a positive name query response from 10.0.0.10 ( 10.0.0.10 ) [2007/12/19 21:21:26, 3] libsmb/cliconnect.c:cli_start_connection(1509) Connecting to host=LEOPARD [2007/12/19 21:21:26, 3] lib/util_sock.c:open_socket_out(874) Connecting to 10.0.0.10 at port 445 [2007/12/19 21:21:26, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine LEOPARD pipe \lsarpc fnum 0x73f7 bind request returned ok. [2007/12/19 21:21:26, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine LEOPARD pipe \NETLOGON fnum 0x73f8 bind request returned ok. [2007/12/19 21:21:36, 0] libsmb/clientgen.c:cli_receive_smb(112) Receiving SMB: Server stopped responding [2007/12/19 21:21:36, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine LEOPARD pipe \NETLOGON fnum 0x73f8returned critical error. Error was Call timed out: server did not respond after 1 milliseconds [2007/12/19 21:21:36, 3] libsmb/trusts_util.c:just_change_the_password(57) just_change_the_password: unable to setup creds (NT_STATUS_IO_TIMEOUT)! [2007/12/19 21:21:36, 1] utils/net_rpc.c:run_rpc_command(170) rpc command function failed! (NT_STATUS_IO_TIMEOUT) [2007/12/19 21:21:36, 1] libsmb/clientgen.c:cli_rpc_pipe_close(387) cli_rpc_pipe_close: cli_close failed on pipe \NETLOGON, fnum 0x73f8 to machine LEOPARD. Error was Call timed out: server did not respond after 1 milliseconds Password: [2007/12/19 21:21:41, 3] libsmb/cliconnect.c:cli_start_connection(1509) Connecting to host=LEOPARD [2007/12/19 21:21:41, 3] lib/util_sock.c:open_socket_out(874) Connecting to 10.0.0.10 at port 445 [2007/12/19 21:21:41, 3] libsmb/cliconnect.c:cli_session_setup_spnego(793) Doing spnego session setup (blob length=58) [2007/12/19 21:21:41, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818) got OID=1 3 6 1 4 1 311 2 2 10 [2007/12/19 21:21:41, 3] libsmb/cliconnect.c:cli_session_setup_spnego(826) got principal=NONE [2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018) Got challenge flags: [2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60898215 [2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040) NTLMSSP: Set final flags: [2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 [2007/12/19 21:21:41, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2007/12/19 21:21:41, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 [2007/12/19 21:21:42, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine LEOPARD pipe \lsarpc fnum 0x73df bind request returned ok. [2007/12/19 21:21:42, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224) lsa_io_sec_qos: length c does not match size 8 [2007/12/19 21:21:42, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081) rpc_pipe_bind: Remote machine LEOPARD pipe \samr fnum 0x73e0 bind request returned ok. [2007/12/19 21:21:52, 0] libsmb/clientgen.c:cli_receive_smb(112) Receiving SMB: Server stopped responding [2007/12/19 21:21:52, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) rpc_api_pipe: Remote machine LEOPARD pipe \samr fnum 0x73e0returned critical error. Error was Call timed out: server did not respond after 1
svn commit: samba r26533 - in branches/SAMBA_4_0/source/lib/replace: .
Author: metze Date: 2007-12-19 08:18:57 + (Wed, 19 Dec 2007) New Revision: 26533 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26533 Log: libreplace: hopefully fix the share library/module build on darwin metze Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 2007-12-19 00:46:43 UTC (rev 26532) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_ld.m4 2007-12-19 08:18:57 UTC (rev 26533) @@ -164,7 +164,7 @@ LD_SHLIB_DISALLOW_UNDEF_FLAG=-warning_unresolved ;; *darwin*) - LD_SHLIB_DISALLOW_UNDEF_FLAG=-undefined warning + LD_SHLIB_DISALLOW_UNDEF_FLAG=-undefined error ;; esac @@ -268,7 +268,7 @@ LD_SHLIB_ALLOW_UNDEF_FLAG=-expect_unresolved '*' ;; *darwin*) - LD_SHLIB_ALLOW_UNDEF_FLAG=-undefined suppress + LD_SHLIB_ALLOW_UNDEF_FLAG=-undefined dynamic_lookup ;; esac
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-723-g7b52864
The branch, v3-2-test has been updated via 7b528647879bb55c9c85243a3e2906c09490edc9 (commit) via 6ccbf67a0c6f117978df55d4e2565d34fddf9317 (commit) via 289151393a43c7f0c2baafdd79d1163fc80aad6a (commit) from 4056bb8645821fba95d6e9ca4d82e2d5084c1e5c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 7b528647879bb55c9c85243a3e2906c09490edc9 Author: Günther Deschner [EMAIL PROTECTED] Date: Tue Dec 18 13:38:14 2007 +0100 Merge WERR_NO_SUCH_LOGON_SESSION from Samba4. Guenther commit 6ccbf67a0c6f117978df55d4e2565d34fddf9317 Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Dec 19 10:58:58 2007 +0100 Add and use some keystr functions using talloc_tos() in secrets api. Guenther commit 289151393a43c7f0c2baafdd79d1163fc80aad6a Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Dec 19 11:08:27 2007 +0100 Add cmd_wkssvc_enumeratecomputernames to rpcclient. Guenther --- Summary of changes: source/include/doserr.h |1 + source/libsmb/doserr.c|1 + source/passdb/secrets.c | 167 ++--- source/rpcclient/cmd_wkssvc.c | 37 + 4 files changed, 162 insertions(+), 44 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/doserr.h b/source/include/doserr.h index a22eda2..079a566 100644 --- a/source/include/doserr.h +++ b/source/include/doserr.h @@ -204,6 +204,7 @@ #define WERR_SERVICE_NEVER_STARTED W_ERROR(1077) #define WERR_MACHINE_LOCKED W_ERROR(1271) #define WERR_NO_LOGON_SERVERS W_ERROR(1311) +#define WERR_NO_SUCH_LOGON_SESSION W_ERROR(1312) #define WERR_LOGON_FAILURE W_ERROR(1326) #define WERR_NO_SUCH_DOMAIN W_ERROR(1355) #define WERR_INVALID_SECURITY_DESCRIPTOR W_ERROR(1338) diff --git a/source/libsmb/doserr.c b/source/libsmb/doserr.c index 84cc898..5bdd85d 100644 --- a/source/libsmb/doserr.c +++ b/source/libsmb/doserr.c @@ -60,6 +60,7 @@ werror_code_struct dos_errs[] = { WERR_DEST_NOT_FOUND, WERR_DEST_NOT_FOUND }, { WERR_NOT_LOCAL_DOMAIN, WERR_NOT_LOCAL_DOMAIN }, { WERR_NO_LOGON_SERVERS, WERR_NO_LOGON_SERVERS }, + { WERR_NO_SUCH_LOGON_SESSION, WERR_NO_SUCH_LOGON_SESSION }, { WERR_PRINTER_DRIVER_IN_USE, WERR_PRINTER_DRIVER_IN_USE }, { WERR_STATUS_MORE_ENTRIES , WERR_STATUS_MORE_ENTRIES }, { WERR_DFS_NO_SUCH_VOL, WERR_DFS_NO_SUCH_VOL }, diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index 0ea3887..8e0afe7 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -132,14 +132,31 @@ bool secrets_delete(const char *key) return tdb_trans_delete(tdb, string_tdb_data(key)) == 0; } +/** + * Form a key for fetching the domain sid + * + * @param domain domain name + * + * @return keystring + **/ +static const char *domain_sid_keystr(const char *domain) +{ + char *keystr; + + keystr = talloc_asprintf(talloc_tos(), %s/%s, +SECRETS_DOMAIN_SID, domain); + SMB_ASSERT(keystr != NULL); + + strupper_m(keystr); + + return keystr; +} + bool secrets_store_domain_sid(const char *domain, const DOM_SID *sid) { - fstring key; bool ret; - slprintf(key, sizeof(key)-1, %s/%s, SECRETS_DOMAIN_SID, domain); - strupper_m(key); - ret = secrets_store(key, sid, sizeof(DOM_SID)); + ret = secrets_store(domain_sid_keystr(domain), sid, sizeof(DOM_SID)); /* Force a re-query, in case we modified our domain */ if (ret) @@ -150,12 +167,9 @@ bool secrets_store_domain_sid(const char *domain, const DOM_SID *sid) bool secrets_fetch_domain_sid(const char *domain, DOM_SID *sid) { DOM_SID *dyn_sid; - fstring key; size_t size = 0; - slprintf(key, sizeof(key)-1, %s/%s, SECRETS_DOMAIN_SID, domain); - strupper_m(key); - dyn_sid = (DOM_SID *)secrets_fetch(key, size); + dyn_sid = (DOM_SID *)secrets_fetch(domain_sid_keystr(domain), size); if (dyn_sid == NULL) return False; @@ -214,6 +228,67 @@ bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid) } /** + * Form a key for fetching the machine trust account sec channel type + * + * @param domain domain name + * + * @return keystring + **/ +static const char *machine_sec_channel_type_keystr(const char *domain) +{ + char *keystr; + + keystr = talloc_asprintf(talloc_tos(), %s/%s, +SECRETS_MACHINE_SEC_CHANNEL_TYPE, domain); + SMB_ASSERT(keystr != NULL); + + strupper_m(keystr); + + return keystr; +} + +/** + * Form a key for fetching the machine trust account last change time + * + * @param domain domain name + * + * @return keystring + **/ +static const char *machine_last_change_time_keystr(const char *domain)
svn commit: samba r26534 - in branches/SAMBA_4_0/source/scripting/python: .
Author: metze Date: 2007-12-19 11:34:36 + (Wed, 19 Dec 2007) New Revision: 26534 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26534 Log: configure: using == in shell scripts isn't portable Thanks to Bj?\195?\182rn Jacke [EMAIL PROTECTED] for reporting this. metze Modified: branches/SAMBA_4_0/source/scripting/python/config.m4 Changeset: Modified: branches/SAMBA_4_0/source/scripting/python/config.m4 === --- branches/SAMBA_4_0/source/scripting/python/config.m42007-12-19 08:18:57 UTC (rev 26533) +++ branches/SAMBA_4_0/source/scripting/python/config.m42007-12-19 11:34:36 UTC (rev 26534) @@ -65,7 +65,7 @@ py_version=`$PYTHON -c from distutils.sysconfig import *; \ from string import join; \ print join(get_config_vars('VERSION'))` - if test $py_version == [None]; then + if test $py_version = [None]; then if test -n $PYTHON_VERSION; then py_version=$PYTHON_VERSION else
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-725-g93f3a11
The branch, v3-2-test has been updated via 93f3a1172af2f1a20f0c4c26ec8be999546d95f8 (commit) from b8db804e07cc19d406ba3892d6eecbe16132a89a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 93f3a1172af2f1a20f0c4c26ec8be999546d95f8 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 16:30:01 2007 +0100 Today is not my day... dmapi.c certainly did compile now... --- Summary of changes: source/Makefile.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/Makefile.in b/source/Makefile.in index 81c8330..599b050 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -284,7 +284,7 @@ TALLOC_OBJ = lib/talloc/talloc.o LIB_WITHOUT_PROTO_OBJ = $(LIBREPLACE_OBJ) $(SOCKET_WRAPPER_OBJ) $(NSS_WRAPPER_OBJ) $(TALLOC_OBJ) \ lib/messages.o librpc/gen_ndr/ndr_messaging.o lib/messages_local.o \ lib/messages_ctdbd.o lib/packet.o lib/ctdbd_conn.o lib/talloc_stack.o \ - lib/interfaces.o lib/rbtree.o lib/cache.o + lib/interfaces.o lib/rbtree.o lib/memcache.o LIB_WITH_PROTO_OBJ = $(VERSION_OBJ) lib/charcnv.o lib/debug.o lib/fault.o \ lib/interface.o lib/md4.o \ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-724-gb8db804
The branch, v3-2-test has been updated via b8db804e07cc19d406ba3892d6eecbe16132a89a (commit) from 7b528647879bb55c9c85243a3e2906c09490edc9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit b8db804e07cc19d406ba3892d6eecbe16132a89a Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 15:45:22 2007 +0100 Rename cache.[ch] to memcache.[ch] cache.h conflicts with an XFS DMAPI include on opi :-( --- Summary of changes: source/include/includes.h |2 +- source/include/{cache.h = memcache.h} |4 ++-- source/lib/{cache.c = memcache.c} |2 +- 3 files changed, 4 insertions(+), 4 deletions(-) rename source/include/{cache.h = memcache.h} (96%) rename source/lib/{cache.c = memcache.c} (99%) Changeset truncated at 500 lines: diff --git a/source/include/includes.h b/source/include/includes.h index a45176a..fdeff34 100644 --- a/source/include/includes.h +++ b/source/include/includes.h @@ -719,7 +719,7 @@ typedef char fstring[FSTRING_LEN]; #include packet.h #include ctdbd_conn.h #include talloc_stack.h -#include cache.h +#include memcache.h /* used in net.c */ struct functable { diff --git a/source/include/cache.h b/source/include/memcache.h similarity index 96% rename from source/include/cache.h rename to source/include/memcache.h index 460a33b..f849f8a 100644 --- a/source/include/cache.h +++ b/source/include/memcache.h @@ -17,8 +17,8 @@ along with this program. If not, see http://www.gnu.org/licenses/. */ -#ifndef __CACHE_H__ -#define __CACHE_H__ +#ifndef __MEMCACHE_H__ +#define __MEMCACHE_H__ #include includes.h diff --git a/source/lib/cache.c b/source/lib/memcache.c similarity index 99% rename from source/lib/cache.c rename to source/lib/memcache.c index baf2fe3..1763006 100644 --- a/source/lib/cache.c +++ b/source/lib/memcache.c @@ -17,7 +17,7 @@ along with this program. If not, see http://www.gnu.org/licenses/. */ -#include cache.h +#include memcache.h #include rbtree.h struct memcache_element { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28-50-g01b5cda
The branch, v3-0-test has been updated via 01b5cdaac8a92635886a920772f2168734048e16 (commit) via 4795fd7d0f7d2eb1528e28f7c5512c24932936eb (commit) from 0b98572fa3e7854be8dcb709b85c78c1aea26111 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 01b5cdaac8a92635886a920772f2168734048e16 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 16:48:18 2007 +0100 Some paranoia checks commit 4795fd7d0f7d2eb1528e28f7c5512c24932936eb Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 16:48:04 2007 +0100 Zero the tdb key, there might be padding This leads to uninitialized variable warnings if nmbd is run under valgrind. --- Summary of changes: source/libsmb/unexpected.c | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/unexpected.c b/source/libsmb/unexpected.c index 97d6071..0e4e033 100644 --- a/source/libsmb/unexpected.c +++ b/source/libsmb/unexpected.c @@ -59,6 +59,8 @@ void unexpected_packet(struct packet_struct *p) len = build_packet(buf, p); + ZERO_STRUCT(key); /* needed for potential alignment */ + key.packet_type = p-packet_type; key.timestamp = p-timestamp; key.count = count++; @@ -81,6 +83,10 @@ static int traverse_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *st { struct unexpected_key key; + if (kbuf.dsize != sizeof(key)) { + tdb_delete(ttdb, kbuf); + } + memcpy(key, kbuf.dptr, sizeof(key)); if (lastt - key.timestamp NMBD_UNEXPECTED_TIMEOUT) { @@ -120,6 +126,10 @@ static int traverse_match(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void struct unexpected_key key; struct packet_struct *p; + if (kbuf.dsize != sizeof(key)) { + return 0; + } + memcpy(key, kbuf.dptr, sizeof(key)); if (key.packet_type != match_type) return 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-727-gff644cf
The branch, v3-2-test has been updated via ff644cfa1b123e9d0f8f4817504e5b209b85dedd (commit) via 9ec4f91f35696e5a00e24fe9ae2dd06119482c80 (commit) from 93f3a1172af2f1a20f0c4c26ec8be999546d95f8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit ff644cfa1b123e9d0f8f4817504e5b209b85dedd Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 16:48:18 2007 +0100 Some paranoia checks commit 9ec4f91f35696e5a00e24fe9ae2dd06119482c80 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 16:48:04 2007 +0100 Zero the tdb key, there might be padding This leads to uninitialized variable warnings if nmbd is run under valgrind. --- Summary of changes: source/libsmb/unexpected.c | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/unexpected.c b/source/libsmb/unexpected.c index 92a609c..5fbc33c 100644 --- a/source/libsmb/unexpected.c +++ b/source/libsmb/unexpected.c @@ -63,6 +63,8 @@ void unexpected_packet(struct packet_struct *p) len = build_packet(buf[6], sizeof(buf)-6, p) + 6; + ZERO_STRUCT(key); /* needed for potential alignment */ + key.packet_type = p-packet_type; key.timestamp = p-timestamp; key.count = count++; @@ -86,6 +88,10 @@ static int traverse_fn(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, void *st { struct unexpected_key key; + if (kbuf.dsize != sizeof(key)) { + tdb_delete(ttdb, kbuf); + } + memcpy(key, kbuf.dptr, sizeof(key)); if (lastt - key.timestamp NMBD_UNEXPECTED_TIMEOUT) { @@ -134,6 +140,10 @@ static int traverse_match(TDB_CONTEXT *ttdb, TDB_DATA kbuf, TDB_DATA dbuf, int port; struct packet_struct *p; + if (kbuf.dsize != sizeof(key)) { + return 0; + } + memcpy(key, kbuf.dptr, sizeof(key)); if (key.packet_type != state-match_type) return 0; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28-51-g3cf02ba
The branch, v3-0-test has been updated via 3cf02ba9781ff8c841f56945d70241a3c11f0f28 (commit) from 01b5cdaac8a92635886a920772f2168734048e16 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit 3cf02ba9781ff8c841f56945d70241a3c11f0f28 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 17:05:26 2007 +0100 packet_struct is used in several places as raw memory - Fix more uninitialized variable warnings --- Summary of changes: source/libsmb/nmblib.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/nmblib.c b/source/libsmb/nmblib.c index 5280dfd..641473b 100644 --- a/source/libsmb/nmblib.c +++ b/source/libsmb/nmblib.c @@ -702,6 +702,8 @@ struct packet_struct *parse_packet(char *buf,int length, if (!p) return(NULL); + ZERO_STRUCTP(p);/* initialize for possible padding */ + p-next = NULL; p-prev = NULL; p-ip = lastip; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-728-g0af02db
The branch, v3-2-test has been updated via 0af02db6f2f84a8ce5d614e5baec27f20b413c26 (commit) from ff644cfa1b123e9d0f8f4817504e5b209b85dedd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 0af02db6f2f84a8ce5d614e5baec27f20b413c26 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 17:05:26 2007 +0100 packet_struct is used in several places as raw memory - Fix more uninitialized variable warnings --- Summary of changes: source/libsmb/nmblib.c |2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/nmblib.c b/source/libsmb/nmblib.c index 2ff925e..15a9a93 100644 --- a/source/libsmb/nmblib.c +++ b/source/libsmb/nmblib.c @@ -740,6 +740,8 @@ struct packet_struct *parse_packet(char *buf,int length, if (!p) return(NULL); + ZERO_STRUCTP(p);/* initialize for possible padding */ + p-next = NULL; p-prev = NULL; p-ip = ip; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-729-g5b72828
The branch, v3-2-test has been updated via 5b72828600fb057a7aeb5f1a6fb6c23c23f28cd8 (commit) from 0af02db6f2f84a8ce5d614e5baec27f20b413c26 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 5b72828600fb057a7aeb5f1a6fb6c23c23f28cd8 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 13:48:49 2007 +0100 Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-716-g12cce3b On Tue, Dec 18, 2007 at 06:04:32PM -0600, Jeremy Allison wrote: Fix valgrind error in dbwrap_rbt where rec_priv-node was being accessed after free. VALOKER PLEASE CHECK THIS VERY CAREFULLY This is a correct fix in that it fixes the valgrind error, but it looks inelegant to me. I think if I understood this code better I could craft a more subtle fix. Still looking at it Thanks a lot. Fully correct. What about the attached little simplification? Volker --- Summary of changes: source/lib/dbwrap_rbt.c | 18 -- 1 files changed, 8 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/dbwrap_rbt.c b/source/lib/dbwrap_rbt.c index 468b940..93d73f2 100644 --- a/source/lib/dbwrap_rbt.c +++ b/source/lib/dbwrap_rbt.c @@ -68,8 +68,6 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag) TDB_DATA this_key, this_val; - bool del_old_keyval = false; - if (rec_priv-node != NULL) { /* @@ -97,7 +95,11 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag) */ rb_erase(rec_priv-node-rb_node, rec_priv-db_ctx-tree); - del_old_keyval = true; + + /* +* Keep the existing node around for a while: If the record +* existed before, we reference the key data in there. +*/ } node = (struct db_rbt_node *)SMB_MALLOC( @@ -105,9 +107,7 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag) + data.dsize); if (node == NULL) { - if (del_old_keyval) { - SAFE_FREE(rec_priv-node); - } + SAFE_FREE(rec_priv-node); return NT_STATUS_NO_MEMORY; } @@ -119,11 +119,9 @@ static NTSTATUS db_rbt_store(struct db_record *rec, TDB_DATA data, int flag) db_rbt_parse_node(node, this_key, this_val); memcpy(this_key.dptr, rec-key.dptr, node-keysize); - memcpy(this_val.dptr, data.dptr, node-valuesize); + SAFE_FREE(rec_priv-node); - if (del_old_keyval) { - SAFE_FREE(rec_priv-node); - } + memcpy(this_val.dptr, data.dptr, node-valuesize); parent = NULL; p = rec_priv-db_ctx-tree.rb_node; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-731-ge5bd328
The branch, v3-2-test has been updated via e5bd32812dd1e864e51c2199fd90d71813517f68 (commit) via 7799e18994354b2705ee8c64ae8c75e062ace460 (commit) from 5b72828600fb057a7aeb5f1a6fb6c23c23f28cd8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit e5bd32812dd1e864e51c2199fd90d71813517f68 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 20:27:47 2007 +0100 Fix a no prototype warning commit 7799e18994354b2705ee8c64ae8c75e062ace460 Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 20:24:33 2007 +0100 Fix debug messages When warning that client plaintext auth is not enabled where the server requested them we should not talk about client use plaintext auth --- Summary of changes: source/client/dnsbrowse.c |1 + source/libsmb/cliconnect.c | 17 + 2 files changed, 10 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source/client/dnsbrowse.c b/source/client/dnsbrowse.c index c4819ce..5e3a4de 100644 --- a/source/client/dnsbrowse.c +++ b/source/client/dnsbrowse.c @@ -18,6 +18,7 @@ */ #include includes.h +#include client/client_proto.h #ifdef WITH_DNSSD_SUPPORT diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c index 52ff699..d370808 100644 --- a/source/libsmb/cliconnect.c +++ b/source/libsmb/cliconnect.c @@ -959,8 +959,8 @@ NTSTATUS cli_session_setup(struct cli_state *cli, if ((cli-sec_mode NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0 !lp_client_plaintext_auth() (*pass)) { - DEBUG(1, (Server requested plaintext password but 'client use plaintext auth' - is disabled\n)); + DEBUG(1, (Server requested plaintext password but + 'client plaintext auth' is disabled\n)); return NT_STATUS_ACCESS_DENIED; } @@ -986,8 +986,8 @@ NTSTATUS cli_session_setup(struct cli_state *cli, if ((cli-sec_mode NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) == 0) { if (!lp_client_plaintext_auth() (*pass)) { - DEBUG(1, (Server requested plaintext password but 'client use plaintext auth' - is disabled\n)); + DEBUG(1, (Server requested plaintext password but + 'client plaintext auth' is disabled\n)); return NT_STATUS_ACCESS_DENIED; } return cli_session_setup_plaintext(cli, user, pass, workgroup); @@ -1086,8 +1086,9 @@ bool cli_send_tconX(struct cli_state *cli, } else { if((cli-sec_mode (NEGOTIATE_SECURITY_USER_LEVEL|NEGOTIATE_SECURITY_CHALLENGE_RESPONSE)) == 0) { if (!lp_client_plaintext_auth() (*pass)) { - DEBUG(1, (Server requested plaintext password but 'client use plaintext auth' - is disabled\n)); + DEBUG(1, (Server requested plaintext + password but 'client plaintext + auth' is disabled\n)); return False; } @@ -1798,8 +1799,8 @@ NTSTATUS cli_raw_tcon(struct cli_state *cli, char *p; if (!lp_client_plaintext_auth() (*pass)) { - DEBUG(1, (Server requested plaintext password but 'client use plaintext auth' - is disabled\n)); + DEBUG(1, (Server requested plaintext password but 'client + plaintext auth' is disabled\n)); return NT_STATUS_ACCESS_DENIED; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-732-g735f593
The branch, v3-2-test has been updated via 735f59315497113aebadcf9ad387e3dbfffa284a (commit) from e5bd32812dd1e864e51c2199fd90d71813517f68 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 735f59315497113aebadcf9ad387e3dbfffa284a Author: Volker Lendecke [EMAIL PROTECTED] Date: Wed Dec 19 15:02:59 2007 +0100 Remove Get_Pwnam and its associated static variable All callers are replaced by Get_Pwnam_alloc --- Summary of changes: source/auth/auth_unix.c |3 +- source/lib/substitute.c | 26 +--- source/lib/username.c | 49 +++--- source/param/loadparm.c |6 - source/passdb/pdb_interface.c |3 +- source/rpc_server/srv_samr_nt.c |8 - source/smbd/chgpasswd.c |6 - source/smbd/map_username.c |2 +- source/smbd/password.c |5 +++- source/smbd/service.c | 11 ++-- source/utils/net_rpc_samsync.c |4 +- source/winbindd/idmap_nss.c | 10 --- 12 files changed, 67 insertions(+), 66 deletions(-) Changeset truncated at 500 lines: diff --git a/source/auth/auth_unix.c b/source/auth/auth_unix.c index 4fca5bc..58c7652 100644 --- a/source/auth/auth_unix.c +++ b/source/auth/auth_unix.c @@ -92,7 +92,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, struct passwd *pass = NULL; become_root(); - pass = Get_Pwnam(user_info-internal_username); + pass = Get_Pwnam_alloc(talloc_tos(), user_info-internal_username); /** @todo This call assumes a ASCII password, no charset transformation is @@ -123,6 +123,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, } } + TALLOC_FREE(pass); return nt_status; } diff --git a/source/lib/substitute.c b/source/lib/substitute.c index e06917c..80feee9 100644 --- a/source/lib/substitute.c +++ b/source/lib/substitute.c @@ -408,7 +408,7 @@ static const char *automount_path(const char *user_name) /* use the passwd entry as the default */ /* this will be the default if WITH_AUTOMOUNT is not used or fails */ - server_path = talloc_strdup(ctx, get_user_home_dir(user_name)); + server_path = talloc_strdup(ctx, get_user_home_dir(ctx, user_name)); if (!server_path) { return ; } @@ -541,7 +541,6 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name, { char *b, *p, *s, *r, *a_string; fstring pidstr, vnnstr; - struct passwd *pass; char addr[INET6_ADDRSTRLEN]; const char *local_machine_name = get_local_machine_name(); @@ -571,15 +570,21 @@ char *alloc_sub_basic(const char *smb_name, const char *domain_name, } a_string = realloc_string_sub(a_string, %U, r); break; - case 'G' : + case 'G' : { + struct passwd *pass; r = SMB_STRDUP(smb_name); if (r == NULL) { goto error; } - if ((pass = Get_Pwnam(r))!=NULL) { - a_string = realloc_string_sub(a_string, %G, gidtoname(pass-pw_gid)); - } + pass = Get_Pwnam_alloc(talloc_tos(), r); + if (pass != NULL) { + a_string = realloc_string_sub( + a_string, %G, + gidtoname(pass-pw_gid)); + } + TALLOC_FREE(pass); break; + } case 'D' : r = strdup_upper(domain_name); if (r == NULL) { @@ -766,7 +771,7 @@ static char *alloc_sub_advanced(const char *servicename, const char *user, const char *str) { char *a_string, *ret_string; - char *b, *p, *s, *h; + char *b, *p, *s; a_string = SMB_STRDUP(str); if (a_string == NULL) { @@ -782,10 +787,13 @@ static char *alloc_sub_advanced(const char *servicename, const char *user, case 'N' : a_string = realloc_string_sub(a_string, %N, automount_server(user)); break; - case 'H': - if ((h = get_user_home_dir(user))) + case 'H': { + char *h; + if ((h = get_user_home_dir(talloc_tos(), user))) a_string = realloc_string_sub(a_string, %H, h); +
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-747-gb5f600f
The branch, v3-2-test has been updated via b5f600fab53c9d159a958c59795db3ba4a8acc63 (commit) via 15caf58c81ce6b68eefa03c8f8510c2ecb5fdeb3 (commit) via 36e2a814ba50feefa34c76353c0f5dec1d7cfff4 (commit) via 40a1438e17c462990e6b71b544c39f093236d5be (commit) via 1c4f74551f48429ee3af2022101a97679e25cdea (commit) via f6db5a0d0571130f765d8a0fb4e20e61cc8b2487 (commit) via 04258231dc654df077638edb7cb08542e39b7547 (commit) via d6043c1066322d2c567aedc5eae1a9d46c8fc396 (commit) via 7afeb1c6cb1bdb58d1e61c54ae215d947d8dc3ea (commit) via e0672a46a2e5e655da32499ca7f52a9156e9b7f0 (commit) via 50c82cc1456736fa634fb656e63555319742f725 (commit) via b0ae830bf57dcaec00b2a2eabfec7221a3b7f791 (commit) via d579a7f84fd47a3f00215725cecd65b21a5ff2e0 (commit) via bdb208124bd703edee03ac4d2a4ec45ecdfc135e (commit) via d7e2e93758f6598a0459db3255300558618f066e (commit) from 735f59315497113aebadcf9ad387e3dbfffa284a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit b5f600fab53c9d159a958c59795db3ba4a8acc63 Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 5 09:53:10 2007 +0100 Change the prototype of the vfs function get_nt_acl(). Up to now, get_nt_acl() took a files_struct pointer (fsp) and a file name. All the underlying functions should need and now do need (after the previous preparatory work), is a connection_struct and a file name. The connection_struct is already there in the vfs_handle passed to the vfs functions. So the files_struct argument can be eliminated. This eliminates the need of calling open_file_stat in a couple of places to produce the fsp needed. Michael commit 15caf58c81ce6b68eefa03c8f8510c2ecb5fdeb3 Author: Michael Adam [EMAIL PROTECTED] Date: Tue Dec 4 09:45:14 2007 +0100 Prepare the afs acl module for the api change in get_nt_acl(). This makes both of afsacl_[f]get_nt_acl() more specific, eliminating the need for afs_get_nt_acl(). Instead, split afs_to_nt_acl. Michael commit 36e2a814ba50feefa34c76353c0f5dec1d7cfff4 Author: Michael Adam [EMAIL PROTECTED] Date: Mon Dec 3 18:31:03 2007 +0100 Prepare the aix2 acl module for the api change in get_nt_acl(). This makes both of aixjfs2_[f]get_nt_acl() more specific, eliminating the need for aixjfs2_get_nt_acl_common(). Michael commit 40a1438e17c462990e6b71b544c39f093236d5be Author: Michael Adam [EMAIL PROTECTED] Date: Mon Dec 3 18:24:56 2007 +0100 Change aixjfs2_get_nfs4_acl() to take file name instead of fsp. In preparation of the api change in api change in get_nt_acl(). Michael commit 1c4f74551f48429ee3af2022101a97679e25cdea Author: Michael Adam [EMAIL PROTECTED] Date: Tue Dec 4 08:25:21 2007 +0100 Fix two debug statements: Add missing printf parameter. Michael commit f6db5a0d0571130f765d8a0fb4e20e61cc8b2487 Author: Michael Adam [EMAIL PROTECTED] Date: Tue Dec 4 08:19:40 2007 +0100 Reformatting: wrap long lines and remove trailing spaces. Michael commit 04258231dc654df077638edb7cb08542e39b7547 Author: Michael Adam [EMAIL PROTECTED] Date: Fri Nov 16 18:33:39 2007 +0100 Prepare the zfs acl module for the api change in get_nt_acl(). Michael commit d6043c1066322d2c567aedc5eae1a9d46c8fc396 Author: Michael Adam [EMAIL PROTECTED] Date: Fri Nov 16 18:33:39 2007 +0100 Prepare the gpfs acl module for the api change in get_nt_acl(). This moves functionality from gpfsacl_get_nt_acl_common() back to gpfsacl_get_nt_acl() and gpfsacl_fget_nt_acl(), making both these functions more specific (calling the corresponding fsp- and non-fsp functions). gpfsacl_get_nt_acl_common(). is removed. Michael commit 7afeb1c6cb1bdb58d1e61c54ae215d947d8dc3ea Author: Michael Adam [EMAIL PROTECTED] Date: Thu Nov 15 00:46:20 2007 +0100 Split smb_get_nt_acl_nfs4 into two (f- and non-f-variant). This is the next step in preparation of a get_nt_acl prototype change. Michael commit e0672a46a2e5e655da32499ca7f52a9156e9b7f0 Author: Michael Adam [EMAIL PROTECTED] Date: Fri Nov 9 01:01:55 2007 +0100 Split smbacl4_GetFileOwner into two (f- and non-f-variant). This is in preparation of a get_nt_acl prototype change. commit 50c82cc1456736fa634fb656e63555319742f725 Author: Michael Adam [EMAIL PROTECTED] Date: Tue Nov 6 08:01:31 2007 +0100 Split get_nt_acl() into two functions: fsp- and non-fsp variant. Replace smbd/posix_acls.c:get_nt_acl() by two funcions: posix_get_nt_acl() and posix_fget_nt_acl(). The first takes a connection struct and a file name instead of a files_struct pointer. This is in preparation of changing the vfs api for SMB_VFS_GET_NT_ACL. Michael commit
svn commit: samba r26535 - in branches/SAMBA_4_0: . source/scripting/python/samba source/setup
Author: jelmer Date: 2007-12-19 23:27:24 + (Wed, 19 Dec 2007) New Revision: 26535 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26535 Log: Get rid of all-knowing ProvisionSettings object. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/scripting/python/samba/provision.py branches/SAMBA_4_0/source/setup/provision.py Changeset: Sorry, the patch is too large (879 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26535
svn commit: samba r26536 - in branches/SAMBA_4_0: . source/scripting/python/samba source/scripting/python/samba/tests source/selftest
Author: jelmer Date: 2007-12-19 23:27:31 + (Wed, 19 Dec 2007) New Revision: 26536 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26536 Log: More tests for provisioning code. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/scripting/python/samba/__init__.py branches/SAMBA_4_0/source/scripting/python/samba/provision.py branches/SAMBA_4_0/source/scripting/python/samba/tests/__init__.py branches/SAMBA_4_0/source/scripting/python/samba/tests/provision.py branches/SAMBA_4_0/source/scripting/python/samba/upgrade.py branches/SAMBA_4_0/source/selftest/samba4_tests.sh Changeset: Property changes on: branches/SAMBA_4_0 ___ Name: bzr:revision-info ...skipped... Name: bzr:revision-id:v3-trunk0 ...skipped... Modified: branches/SAMBA_4_0/source/scripting/python/samba/__init__.py === --- branches/SAMBA_4_0/source/scripting/python/samba/__init__.py 2007-12-19 23:27:24 UTC (rev 26535) +++ branches/SAMBA_4_0/source/scripting/python/samba/__init__.py 2007-12-19 23:27:31 UTC (rev 26536) @@ -92,7 +92,9 @@ res = self.search(basedn, scope, expression, [attribute]) if len(res) != 1 or res[0][attribute] is None: return None -return res[0][attribute] +values = set(res[0][attribute]) +assert len(values) == 1 +return values.pop() def erase(self): Erase an ldb, removing all records. Modified: branches/SAMBA_4_0/source/scripting/python/samba/provision.py === --- branches/SAMBA_4_0/source/scripting/python/samba/provision.py 2007-12-19 23:27:24 UTC (rev 26535) +++ branches/SAMBA_4_0/source/scripting/python/samba/provision.py 2007-12-19 23:27:31 UTC (rev 26536) @@ -73,11 +73,6 @@ raise Exception(Unable to find user/group for %s % arguments[1]) -def hostname(): -return first part of hostname. -return gethostname().split(.)[0] - - def open_ldb(session_info, credentials, lp, dbname): assert session_info is not None try: @@ -742,7 +737,6 @@ }) - def provision_ldapbase(setup_dir, message, paths): Write out a DNS zone file, from the info in the current database. message(Setting up LDAP base entry: %s % domaindn) Modified: branches/SAMBA_4_0/source/scripting/python/samba/tests/__init__.py === --- branches/SAMBA_4_0/source/scripting/python/samba/tests/__init__.py 2007-12-19 23:27:24 UTC (rev 26535) +++ branches/SAMBA_4_0/source/scripting/python/samba/tests/__init__.py 2007-12-19 23:27:31 UTC (rev 26536) @@ -20,6 +20,7 @@ import os import ldb import samba +import tempfile import unittest class LdbTestCase(unittest.TestCase): @@ -35,6 +36,15 @@ self.ldb = samba.Ldb(self.filename) +class TestCaseInTempDir(unittest.TestCase): +def setUp(self): +super(TestCaseInTempDir, self).setUp() +self.tempdir = tempfile.mkdtemp() + +def tearDown(self): +super(TestCaseInTempDir, self).tearDown() + + class SubstituteVarTestCase(unittest.TestCase): def test_empty(self): self.assertEquals(, samba.substitute_var(, {})) @@ -52,3 +62,11 @@ def test_unknown_var(self): self.assertEquals(foo ${bla} gsff, samba.substitute_var(foo ${bla} gsff, {bar: bla})) + + +class LdbExtensionTests(TestCaseInTempDir): +def test_searchone(self): +l = samba.Ldb(self.tempdir + /searchone.ldb) +l.add({dn: ldb.Dn(l, foo=dc), bar: bla}) +self.assertEquals(bla, l.searchone(ldb.Dn(l, foo=dc), bar)) + Modified: branches/SAMBA_4_0/source/scripting/python/samba/tests/provision.py === --- branches/SAMBA_4_0/source/scripting/python/samba/tests/provision.py 2007-12-19 23:27:24 UTC (rev 26535) +++ branches/SAMBA_4_0/source/scripting/python/samba/tests/provision.py 2007-12-19 23:27:31 UTC (rev 26536) @@ -17,13 +17,22 @@ # along with this program. If not, see http://www.gnu.org/licenses/. # -import unittest -import samba.provision +import os +from samba.provision import setup_secretsdb +import samba.tests +from ldb import Dn -class ProvisionTestCase(unittest.TestCase): +setup_dir = setup + +class ProvisionTestCase(samba.tests.TestCaseInTempDir): def test_setup_secretsdb(self): -raise NotImplementedError(self.test_setup_secretsdb) +ldb = setup_secretsdb(os.path.join(self.tempdir, secrets.ldb), + setup_dir, None, None, None) +self.assertEquals(LSA Secrets, + ldb.searchone(Dn(ldb, CN=LSA Secrets), CN)) + +class Disabled: def test_setup_templatesdb(self): raise NotImplementedError(self.test_setup_templatesdb) Modified:
svn commit: samba r26537 - in branches/SAMBA_4_0: . source/lib/ldb source/lib/ldb/tests/python
Author: jelmer Date: 2007-12-19 23:27:34 + (Wed, 19 Dec 2007) New Revision: 26537 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26537 Log: Support ldb.add({'dn': 'dc=foo,bar=bla', ...}). Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/lib/ldb/ldb.i branches/SAMBA_4_0/source/lib/ldb/ldb.py branches/SAMBA_4_0/source/lib/ldb/ldb_wrap.c branches/SAMBA_4_0/source/lib/ldb/tests/python/api.py Changeset: Sorry, the patch is too large (582 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26537
svn commit: samba r26538 - in branches/SAMBA_4_0: . source/scripting/python/samba source/scripting/python/samba/tests
Author: jelmer Date: 2007-12-19 23:27:38 + (Wed, 19 Dec 2007) New Revision: 26538 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26538 Log: Pass path generation function around rather than base directory. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/scripting/python/samba/__init__.py branches/SAMBA_4_0/source/scripting/python/samba/provision.py branches/SAMBA_4_0/source/scripting/python/samba/samdb.py branches/SAMBA_4_0/source/scripting/python/samba/tests/__init__.py branches/SAMBA_4_0/source/scripting/python/samba/tests/provision.py branches/SAMBA_4_0/source/scripting/python/samba/upgrade.py Changeset: Sorry, the patch is too large (734 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26538
svn commit: samba r26539 - in branches/SAMBA_4_0: . source/auth source/auth/gensec source/client source/cluster/ctdb source/cluster/ctdb/tools source/dsdb/repl source/dsdb/samdb/ldb_modules source/dsd
Author: jelmer Date: 2007-12-19 23:27:42 + (Wed, 19 Dec 2007) New Revision: 26539 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26539 Log: Remove unnecessary statics. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/auth/auth.c branches/SAMBA_4_0/source/auth/gensec/cyrus_sasl.c branches/SAMBA_4_0/source/auth/gensec/schannel_sign.c branches/SAMBA_4_0/source/client/cifsdd.c branches/SAMBA_4_0/source/cluster/ctdb/brlock_ctdb.c branches/SAMBA_4_0/source/cluster/ctdb/tools/ctdb.c branches/SAMBA_4_0/source/dsdb/repl/drepl_partitions.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/local_password.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/naming_fsmo.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/pdc_fsmo.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c branches/SAMBA_4_0/source/dsdb/schema/schema_init.c branches/SAMBA_4_0/source/heimdal/kdc/digest.c branches/SAMBA_4_0/source/lib/ldb/common/ldb.c branches/SAMBA_4_0/source/lib/ldb/ldb_map/ldb_map.c branches/SAMBA_4_0/source/lib/ldb/modules/paged_searches.c branches/SAMBA_4_0/source/lib/replace/inet_ntop.c branches/SAMBA_4_0/source/lib/replace/inet_pton.c branches/SAMBA_4_0/source/lib/replace/timegm.c branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c branches/SAMBA_4_0/source/libnet/libnet_become_dc.c branches/SAMBA_4_0/source/libnet/libnet_unbecome_dc.c branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c branches/SAMBA_4_0/source/scripting/ejs/ejsnet/net_user.c branches/SAMBA_4_0/source/torture/ldap/uptodatevector.c branches/SAMBA_4_0/source/torture/nbt/winsreplication.c branches/SAMBA_4_0/source/torture/smbtorture.c branches/SAMBA_4_0/source/utils/ntlm_auth.c branches/SAMBA_4_0/source/utils/testparm.c Changeset: Sorry, the patch is too large (1006 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26539
Build status as of Thu Dec 20 00:00:01 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-12-19 00:01:08.0 + +++ /home/build/master/cache/broken_results.txt 2007-12-20 00:00:29.0 + @@ -1,4 +1,4 @@ -Build status as of Wed Dec 19 00:00:02 2007 +Build status as of Thu Dec 20 00:00:01 2007 Build counts: Tree Total Broken Panic @@ -8,7 +8,7 @@ ctdb 0 0 0 distcc 1 0 0 ldb 29 15 0 -libreplace 28 15 0 +libreplace 28 16 0 lorikeet-heimdal 25 15 0 pidl 18 5 0 ppp 10 8 0 @@ -18,8 +18,8 @@ samba-gtk4 4 0 samba4 26 20 2 samba_3_21 0 0 -samba_3_2_test 27 17 0 +samba_3_2_test 27 16 0 smb-build27 26 0 -talloc 29 14 0 -tdb 29 9 0 +talloc 29 13 0 +tdb 29 7 0
svn commit: samba r26540 - in branches/SAMBA_4_0: . source/auth source/auth/gensec source/client source/cluster/ctdb source/cluster/ctdb/tools source/dsdb/repl source/dsdb/samdb/ldb_modules source/dsd
Author: jelmer Date: 2007-12-20 00:02:15 + (Thu, 20 Dec 2007) New Revision: 26540 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26540 Log: Revert my previous commit after concerns raised by Andrew. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/auth/auth.c branches/SAMBA_4_0/source/auth/gensec/cyrus_sasl.c branches/SAMBA_4_0/source/auth/gensec/schannel_sign.c branches/SAMBA_4_0/source/client/cifsdd.c branches/SAMBA_4_0/source/cluster/ctdb/brlock_ctdb.c branches/SAMBA_4_0/source/cluster/ctdb/tools/ctdb.c branches/SAMBA_4_0/source/dsdb/repl/drepl_partitions.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/local_password.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/naming_fsmo.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/objectclass.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/pdc_fsmo.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/ranged_results.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/repl_meta_data.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/schema_fsmo.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/simple_ldap_map.c branches/SAMBA_4_0/source/dsdb/schema/schema_init.c branches/SAMBA_4_0/source/heimdal/kdc/digest.c branches/SAMBA_4_0/source/lib/ldb/common/ldb.c branches/SAMBA_4_0/source/lib/ldb/ldb_map/ldb_map.c branches/SAMBA_4_0/source/lib/ldb/modules/paged_searches.c branches/SAMBA_4_0/source/lib/replace/inet_ntop.c branches/SAMBA_4_0/source/lib/replace/inet_pton.c branches/SAMBA_4_0/source/lib/replace/timegm.c branches/SAMBA_4_0/source/libcli/ldap/ldap_bind.c branches/SAMBA_4_0/source/libnet/libnet_become_dc.c branches/SAMBA_4_0/source/libnet/libnet_unbecome_dc.c branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c branches/SAMBA_4_0/source/scripting/ejs/ejsnet/net_user.c branches/SAMBA_4_0/source/torture/ldap/uptodatevector.c branches/SAMBA_4_0/source/torture/nbt/winsreplication.c branches/SAMBA_4_0/source/torture/smbtorture.c branches/SAMBA_4_0/source/utils/ntlm_auth.c branches/SAMBA_4_0/source/utils/testparm.c Changeset: Sorry, the patch is too large (1006 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26540
svn commit: samba-web r1164 - in trunk: . history news/releases
Author: jelmer Date: 2007-12-20 00:26:05 + (Thu, 20 Dec 2007) New Revision: 1164 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1164 Log: Add release notes for samba 4 alpha2. Added: trunk/history/samba-4.0.0alpha2.html trunk/news/releases/4.0.0alpha2.html Modified: trunk/ Changeset: Property changes on: trunk ___ Name: bzr:revision-info ...skipped... Name: bzr:file-ids ...skipped... Name: bzr:revision-id:v3-trunk0 ...skipped... Added: trunk/history/samba-4.0.0alpha2.html === --- trunk/history/samba-4.0.0alpha2.html2007-12-14 12:18:11 UTC (rev 1163) +++ trunk/history/samba-4.0.0alpha2.html2007-12-20 00:26:05 UTC (rev 1164) @@ -0,0 +1,148 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Release Notes Archive/title +/head + +body + + H2Samba 4.0.0alpha2 Available for Download/H2 + +p +pre +What's new in Samba 4 alpha2 + + +Samba 4 is the ambitious next version of the Samba suite that is being +developed in parallel to the stable 3.0 series. The main emphasis in +this branch is support for the Active Directory logon protocols used +by Windows 2000 and above. + +Samba 4 is currently not yet in a state where it is usable in +production environments. Note the WARNINGS below, and the STATUS file, +which aims to document what should and should not work. + +Samba4 alpha2 follows on from our first alpha release, made in +September, and the Technology Preview series we have offered for some +time now. + +WARNINGS + + +Samba4 alpha2 is not a final Samba release. That is more a reference +to Samba4's lack of the features we expect you will need than a +statement of code quality, but clearly it hasn't seen a broad +deployment yet. If you were to upgrade Samba3 (or indeed Windows) to +Samba4, you would find many things work, but that other key features +you may have relied on simply are not there yet. + +For example, while Samba 3.0 is an excellent member of a Active +Directory domain, Samba4 is happier as a domain controller: (This is +where we have done most of the research and development). + +While Samba4 is subjected to an awesome battery of tests on an +automated basis, and we have found Samba4 to be very stable in it's +behaviour, we have to recommend against upgrading production servers +from Samba 3 to Samba 4 at this stage. If you are upgrading an +experimental server, or looking to develop and test Samba, you should +backup all configuration and data. + +NEW FEATURES + + +Samba4 supports the server-side of the Active Directory logon environment +used by Windows 2000 and later, so we can do full domain join +and domain logon operations with these clients. + +Our Domain Controller (DC) implementation includes our own built-in +LDAP server and Kerberos Key Distribution Center (KDC) as well as the +Samba3-like logon services provided over CIFS. We correctly generate +the infamous Kerberos PAC, and include it with the Kerberos tickets we +issue. + +The new VFS features in Samba 4 adapts the filesystem on the server to +match the Windows client semantics, allowing Samba 4 to better match +windows behaviour and application expectations. This includes file +annotation information (in streams) and NT ACLs in particular. The +VFS is backed with an extensive automated test suite. + +A new scripting interface has been added to Samba 4, allowing +Python programs to interface to Samba's internals. + +The Samba 4 architecture is based around an LDAP-like database that +can use a range of modular backends. One of the backends supports +standards compliant LDAP servers (including OpenLDAP), and we are +working on modules to map between AD-like behaviours and this backend. +We are aiming for Samba 4 to be powerful frontend to large +directories. + +CHANGES SINCE Alpha 1 += + +In the time since Samba4 Alpha1 was released in September 2007, Samba has +continued to evolve, but you may particularly notice these areas: + + MMC Support: The Active Directory Users and Computers console now + handles group membership correctly. + + member/memberOf: These and other linked attributes are now kept in + sync + + subtree renames: Renaming a subtree of LDAP objects is now possible, + with all linked attributes being kept consistent. + + Python Bindings: Bindings for a future move to Python as the + internal scripting language have been created. + + Shared library use: In support of projects such as OpenChange, + which depend on Samba4, more of Samba4 is built as shared libraries. + +These are just some of the highlights of the work done in the past few +months. More details can be found in our SVN history. + +
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-748-g6d765e0
The branch, v3-2-test has been updated via 6d765e0de523211a2d0b43a2c4c4117f5f0c662f (commit) from b5f600fab53c9d159a958c59795db3ba4a8acc63 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 6d765e0de523211a2d0b43a2c4c4117f5f0c662f Author: Michael Adam [EMAIL PROTECTED] Date: Wed Dec 19 17:53:14 2007 +0100 Only retrieve password policies in pam_auth when WBFLAG_PAM_GET_PWD_POLICY is set. This essentially re-establishes r14496 (2155bb0535656f294bd054d6a0a7d16a9a71c31b) which was undone in r17723 (43bd8c00abb38eb23a1497a255d194fb1bbb) for reasons that are unclear to me. Maybe I am being too naive. Now we do again only retrieve the password policy when called from the pam_winbind module. This fixes logons delegated to AD trusted domain controllers: We need to connect to the sam to retrieve the password policy. But auhtenticated session setup is not possible when contacting the trusted domain dc and afterwards, SamrConnect also fails with whatever credentials and method used. Michael --- Summary of changes: source/nsswitch/pam_winbind.c |1 + source/nsswitch/winbind_struct_protocol.h |2 +- source/winbindd/winbindd_pam.c| 15 +-- 3 files changed, 11 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source/nsswitch/pam_winbind.c b/source/nsswitch/pam_winbind.c index f00db39..4d01907 100644 --- a/source/nsswitch/pam_winbind.c +++ b/source/nsswitch/pam_winbind.c @@ -1201,6 +1201,7 @@ static int winbind_auth_request(pam_handle_t * pamh, request.data.auth.uid = -1; request.flags = WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_GET_PWD_POLICY | WBFLAG_PAM_CONTACT_TRUSTDOM; if (ctrl (WINBIND_KRB5_AUTH|WINBIND_CACHED_LOGIN)) { diff --git a/source/nsswitch/winbind_struct_protocol.h b/source/nsswitch/winbind_struct_protocol.h index 5b663c6..12ca1e5 100644 --- a/source/nsswitch/winbind_struct_protocol.h +++ b/source/nsswitch/winbind_struct_protocol.h @@ -194,7 +194,7 @@ typedef struct winbindd_gr { #define WBFLAG_PAM_KRB50x1000 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000 #define WBFLAG_PAM_CACHED_LOGIN0x4000 -#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 /* not used */ +#define WBFLAG_PAM_GET_PWD_POLICY 0x8000 /* generic request flags */ #define WBFLAG_QUERY_ONLY 0x0020 /* not used */ diff --git a/source/winbindd/winbindd_pam.c b/source/winbindd/winbindd_pam.c index 5133239..7a9014a 100644 --- a/source/winbindd/winbindd_pam.c +++ b/source/winbindd/winbindd_pam.c @@ -1593,13 +1593,16 @@ process_result: } } - result = fillup_password_policy(domain, state); - if (!NT_STATUS_IS_OK(result) -!NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) - { - DEBUG(10,(Failed to get password policies: %s\n, nt_errstr(result))); - goto done; + if (state-request.flags WBFLAG_PAM_GET_PWD_POLICY) { + result = fillup_password_policy(domain, state); + + if (!NT_STATUS_IS_OK(result) +!NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED) ) + { + DEBUG(10,(Failed to get password policies: %s\n, nt_errstr(result))); + goto done; + } } result = NT_STATUS_OK; -- Samba Shared Repository
svn commit: samba r26541 - in branches/SAMBA_4_0_RELEASE/source: .
Author: abartlet Date: 2007-12-20 03:44:06 + (Thu, 20 Dec 2007) New Revision: 26541 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26541 Log: Mark this as the release Modified: branches/SAMBA_4_0_RELEASE/source/VERSION Changeset: Modified: branches/SAMBA_4_0_RELEASE/source/VERSION === --- branches/SAMBA_4_0_RELEASE/source/VERSION 2007-12-20 00:02:15 UTC (rev 26540) +++ branches/SAMBA_4_0_RELEASE/source/VERSION 2007-12-20 03:44:06 UTC (rev 26541) @@ -89,7 +89,7 @@ # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # - 3.0.0-SVN-build-199 # -SAMBA_VERSION_IS_SVN_SNAPSHOT=yes +SAMBA_VERSION_IS_SVN_SNAPSHOT=no # This is for specifying a release nickname#
svn commit: samba r26542 - in tags: .
Author: abartlet Date: 2007-12-20 03:56:41 + (Thu, 20 Dec 2007) New Revision: 26542 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26542 Log: Tag alpha2 release. Andrew Bartlett Added: tags/release-4-0-0alpha2/ Changeset: Copied: tags/release-4-0-0alpha2 (from rev 26541, branches/SAMBA_4_0_RELEASE)
svn commit: samba r26543 - in tags: .
Author: abartlet Date: 2007-12-20 04:03:33 + (Thu, 20 Dec 2007) New Revision: 26543 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26543 Log: Tag Samba4 alpha1 release Andrew Bartlett Added: tags/release-4-0-0alpha1/ Changeset: Copied: tags/release-4-0-0alpha1 (from rev 26542, branches/SAMBA_4_0_RELEASE_ALPHA1)
svn commit: samba r26544 - in tags: .
Author: abartlet Date: 2007-12-20 04:10:28 + (Thu, 20 Dec 2007) New Revision: 26544 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=26544 Log: Tag Samba4 tp5 release. Andrew Bartlett Added: tags/release-4-0-0tp5/ Changeset: Copied: tags/release-4-0-0tp5 (from rev 26543, branches/SAMBA_4_0_RELEASE_TP5)
[SCM] Samba Shared Repository - branch v3-2-test updated - initial-v3-2-unstable-753-g5de89dd
The branch, v3-2-test has been updated via 5de89dd6e0a8a56a5a0f998e3b1d3538367db7d6 (commit) via 36db6755103f01cb74bf4194fc81ca6d4b5320e4 (commit) via 555173eb3f6511e88798d6ef3d1fed0c219a9921 (commit) via d5d9e4084cfb3db3bebff0334b93f376022ef5d3 (commit) via 9fead46b54519b3df78a869dbc99207046587d6a (commit) from 6d765e0de523211a2d0b43a2c4c4117f5f0c662f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 5de89dd6e0a8a56a5a0f998e3b1d3538367db7d6 Author: James Peach [EMAIL PROTECTED] Date: Wed Dec 19 22:39:40 2007 -0800 Remove unused variable 'didmsg'. commit 36db6755103f01cb74bf4194fc81ca6d4b5320e4 Author: James Peach [EMAIL PROTECTED] Date: Wed Dec 19 22:33:43 2007 -0800 Fix a couple of warnings in mDNS registration. One of these is an actual bug where we pass a pointer instead of a pointer to a pointer. commit 555173eb3f6511e88798d6ef3d1fed0c219a9921 Author: James Peach [EMAIL PROTECTED] Date: Mon Oct 15 14:03:40 2007 -0700 Add filesystem capabilities bitmask to statfs info. This patch adds Darwin support for the Samba statfs VFS call. It also adds a filesystem capabilities bitmask to the information returned by the call. commit d5d9e4084cfb3db3bebff0334b93f376022ef5d3 Author: James Peach [EMAIL PROTECTED] Date: Mon Oct 15 14:01:12 2007 -0700 Expose per-fsp extension talloc context. This patch supplements the fsp extension API with an operation to retrieve the malloc zone pointer for that fsp. commit 9fead46b54519b3df78a869dbc99207046587d6a Author: James Peach [EMAIL PROTECTED] Date: Mon Oct 15 13:59:37 2007 -0700 Release per-fsp data on file closure. --- Summary of changes: source/include/vfs.h | 11 + source/modules/vfs_readahead.c |4 -- source/smbd/dnsregister.c |3 +- source/smbd/files.c|5 ++ source/smbd/statvfs.c | 85 source/smbd/vfs.c | 16 +++- 6 files changed, 116 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/vfs.h b/source/include/vfs.h index e1669a2..5a3ec58 100644 --- a/source/include/vfs.h +++ b/source/include/vfs.h @@ -577,14 +577,25 @@ typedef struct vfs_statvfs_struct { SMB_BIG_UINT FsIdentifier; /* fsid */ /* NB Namelen comes from FILE_SYSTEM_ATTRIBUTE_INFO call */ /* NB flags can come from FILE_SYSTEM_DEVICE_INFO call */ + + int FsCapabilities; } vfs_statvfs_struct; +/* Add a new FSP extension of the given type. Returns a pointer to the + * extenstion data. + */ #define VFS_ADD_FSP_EXTENSION(handle, fsp, type) \ vfs_add_fsp_extension_notype(handle, (fsp), sizeof(type)) +/* Return a pointer to the existing FSP extension data. */ #define VFS_FETCH_FSP_EXTENSION(handle, fsp) \ vfs_fetch_fsp_extension(handle, (fsp)) +/* Return the talloc context associated with an FSP extension. */ +#define VFS_MEMCTX_FSP_EXTENSION(handle, fsp) \ +vfs_memctx_fsp_extension(handle, (fsp)) + +/* Remove and destroy an FSP extension. */ #define VFS_REMOVE_FSP_EXTENSION(handle, fsp) \ vfs_remove_fsp_extension((handle), (fsp)) diff --git a/source/modules/vfs_readahead.c b/source/modules/vfs_readahead.c index 5b663a7..8fdd616 100644 --- a/source/modules/vfs_readahead.c +++ b/source/modules/vfs_readahead.c @@ -17,10 +17,6 @@ #include includes.h -#if !defined(HAVE_LINUX_READAHEAD) !defined(HAVE_POSIX_FADVISE) -static bool didmsg; -#endif - struct readahead_data { SMB_OFF_T off_bound; SMB_OFF_T len; diff --git a/source/smbd/dnsregister.c b/source/smbd/dnsregister.c index 44bd39f..2319097 100644 --- a/source/smbd/dnsregister.c +++ b/source/smbd/dnsregister.c @@ -41,7 +41,6 @@ struct dns_reg_state { void dns_register_close(struct dns_reg_state **dns_state_ptr) { - int mdnsd_conn_fd; struct dns_reg_state *dns_state = *dns_state_ptr; if (dns_state == NULL) { @@ -74,7 +73,7 @@ static void dns_register_smbd_retry(struct event_context *ctx, /* Clear previous registration state to force new * registration attempt. Clears event handler. */ - dns_register_close(dns_state); + dns_register_close(dns_state); } static void schedule_dns_register_smbd_retry(struct dns_reg_state *dns_state, diff --git a/source/smbd/files.c b/source/smbd/files.c index 179963d..95f01b8 100644 --- a/source/smbd/files.c +++ b/source/smbd/files.c @@ -460,6 +460,11 @@ void file_free(files_struct *fsp) ZERO_STRUCT(fsp_fi_cache); } + /* Drop all remaining extensions. */ + while (fsp-vfs_extension) { + vfs_remove_fsp_extension(fsp-vfs_extension-owner, fsp); + } + SAFE_FREE(fsp); } diff