[Samba] Urgent... winbind and keytab file creation
Hi, I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf: use kerberos keytabe = true and as mentioned in man smb.conf i have set in krb5.conf default_keytab_name = FILE:/etc/krb5/krb5.keytab after a net join ads the krb5.keytab file is not created? do i have to create it myself? Is this not really implemented? What am I doing wrong? Help would be really apreciated. Thanks and Regards, Oliver Weinmann Unix/Linux Administrator VEGA IT GmbH Europaplatz 5 D-64293 Darmstadt Germany Tel : +49 (0) 6151 8257 744 Fax : +49 (0)6151 8257-799 Email : [EMAIL PROTECTED] Web : www.vega-group.com Register court/Registergericht: Darmstadt, HRB No. 4096, Managing Directors/Geschäftsführer: Philip Cartmell, Susan Bygrave, John Lewis Notice of Confidentiality This transmission is intended for the named addressee only. It contains information which may be confidential and which may also be privileged. Unless you are the named addressee (or authorised to receive it for the addressee) you may not copy or use it, or disclose it to anyone else. If you have received this transmission in error please notify the sender immediately. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Urgent... winbind and keytab file creation
not yet? does it create a keytab file? i tested the same thing on rhel4 with MIT kerberos and here it creates the krb5.keytab file under /etc/krb5.keytab i then linked it to /etc/krb5/krb5.keytab and now i can see all the keys with klist -k, but i can't use them: [EMAIL PROTECTED] etc]# klist -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal -- 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 host/[EMAIL PROTECTED] 2 [EMAIL PROTECTED] 2 [EMAIL PROTECTED] 2 [EMAIL PROTECTED] [EMAIL PROTECTED] etc]# kinit -k host/rhel4wbtest2.vegagroup.net kinit(v5): Cannot find KDC for requested realm while getting initial credentials -Original Message- From: Guenther Deschner [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 11:39 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: Hi, I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf: use kerberos keytabe = true and as mentioned in man smb.conf i have set in krb5.conf default_keytab_name = FILE:/etc/krb5/krb5.keytab after a net join ads the krb5.keytab file is not created? do i have to create it myself? Is this not really implemented? What am I doing wrong? Have you tried net ads keytab create ? Guenther - -- Günther DeschnerGPG-ID: 8EE11688 Red Hat [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH81Q/SOk3aI7hFogRAo9oAJ9olnYtnTFteNgF6jVpK/xdh9be8gCeNHVP WjEvra9U//Tj25Y8hFjnDwg= =peli -END PGP SIGNATURE- __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent... winbind and keytab file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: Hi, I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf: use kerberos keytabe = true and as mentioned in man smb.conf i have set in krb5.conf default_keytab_name = FILE:/etc/krb5/krb5.keytab after a net join ads the krb5.keytab file is not created? do i have to create it myself? Is this not really implemented? What am I doing wrong? Have you tried net ads keytab create ? Guenther - -- Günther DeschnerGPG-ID: 8EE11688 Red Hat [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH81Q/SOk3aI7hFogRAo9oAJ9olnYtnTFteNgF6jVpK/xdh9be8gCeNHVP WjEvra9U//Tj25Y8hFjnDwg= =peli -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
winbind default encryption type for kerberos / RE: [Samba] Urgent... winbind and keytab file creation
Yes the net ads keytab create created the keytab file now. But in the logs i can see that the encryption type used is not good: Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: error reading keys for host/rhel4wbtest2.vegagroup.net from /etc/krb5/krb5.keytab: Bad encryption type Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: authentication fails for `tuser' does winbind by default use: rc4-hmac? -Original Message- From: Guenther Deschner [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 11:39 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: Hi, I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf: use kerberos keytabe = true and as mentioned in man smb.conf i have set in krb5.conf default_keytab_name = FILE:/etc/krb5/krb5.keytab after a net join ads the krb5.keytab file is not created? do i have to create it myself? Is this not really implemented? What am I doing wrong? Have you tried net ads keytab create ? Guenther - -- Günther DeschnerGPG-ID: 8EE11688 Red Hat [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFH81Q/SOk3aI7hFogRAo9oAJ9olnYtnTFteNgF6jVpK/xdh9be8gCeNHVP WjEvra9U//Tj25Y8hFjnDwg= =peli -END PGP SIGNATURE- __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with pdbedit logon hours and usrmgr.exe
PLEASE HELP!! I have got strange problem on samba-3.0.28-0.fc7 with logon hours and passwords policies .I use tdbsam backend. After changing time form winter to summer client's (windows XP) cannot login after 8:00AM ( time zone Warszawa/Poland UTC ). Linux and windows clients correctly changed time to summer (+1 hour)!!. Logon hours are set : from Monday -to-Friday 8:00 AM to 4:00PM I use usrmgr.exe form windows NT/2000 to set logon hours. My samba is PDC and clients use netlogon script .cmd NET TIME \\SERWER /SET /YES to set time. But even if time on linux and windows was eg. 8:30 AM they still can't login I used net user /domain command form windows to check logon time but it was OK And after 8:00AM then should normally login and work !!! I have resolved this problem when in usrmgr.exe in logon hours I have set from 8:00AM to 7:00AM (-1 hour) and then they can login after 8:AM!!?? When in usrmgr.exe i set correct hour 8:00AM then cant' login after 8:00AM . So why i must turn back time -1 hour in usrmgr.exe when really clock on windows and Linux shows correct time ??!!! PLEASE HELP!! C:\Documents and Settings\hubertnet user /domain fujitsu Nazwa użytkownika fujitsu Pełna nazwa Komentarz Komentarz użytkownika Kod kraju 000 (Domyślne ustawienia systemu) Konto jest aktywne Tak Wygasanie kontaNigdy Hasło ostatnio ustawiano 4/2/2008 12:52 PM Ważność hasła wygasa 7/1/2008 12:52 PM Hasło może być zmieniane 6/21/2008 12:52 PM Wymagane jest hasłoTak Użytkownik może zmieniać hasło Tak Dozwolone stacje robocze SM17,SM8,SM9 Skrypt logowania skanery.CMD Profil użytkownika Katalog macierzysty Ostatnie logowanie Nigdy Dozwolone godziny logowaniaPoniedzialek 8:00 AM - 4:00 PM Wtorek 8:00 AM - 4:00 PM Sroda 8:00 AM - 4:00 PM Czwartek 8:00 AM - 4:00 PM Piatek 8:00 AM - 4:00 PM Pdbedit -Lv fujitsu Unix username:fujitsu NT username: Account Flags:[U ] User SID: S-1-5-21-2794518228-724393910-221713885-2114 Primary Group SID:S-1-5-21-2794518228-724393910-221713885-513 Full Name: Home Directory: HomeDir Drive: Logon Script: skanery.CMD Profile Path: Domain: GEODEZJA Account desc: Workstations: SM17,SM8,SM9 Munged dial: Logon time: 0 Logoff time: never Kickoff time: 0 Password last set:Śr, 02 IV 2008 12:52:38 CEST Password can change: So, 21 VI 2008 12:52:38 CEST Password must change: Wt, 01 VII 2008 12:52:38 CEST Last bad password : 0 Bad password count : 0 Logon hours : 00807F00807F00807F00807F00807F Damian Jonak na ringu w obronie pasa Mistrza Świata! Już 19 kwietnia w Katowicach. Zobacz więcej - Kliknij: http://klik.wp.pl/?adr=http%3A%2F%2Fcorto.www.wp.pl%2Fas%2Fjonak.htmlsid=297 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent... winbind and keytab file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: | Hi, | | I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf: | | use kerberos keytabe = true DOn't use this if you use Samba to joined the domain. It is really on;y useful for non-MS realms. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH84WZIR7qMdg1EfYRAk6iAJ0d04pZey+cqgyzfOGbB6cmW+nhWwCgpOjV U+A6DB3LB7IZMlqBxWv0u6s= =MlpW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: winbind default encryption type for kerberos / RE: [Samba] Urgent... winbind and keytab file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: | Yes the net ads keytab create created the keytab file now. But in the logs i can see that the encryption type used is not good: | | Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: error reading keys for host/rhel4wbtest2.vegagroup.net from /etc/krb5/krb5.keytab: Bad encryption type | Apr 2 12:37:18 rhel4wbtest1 sshd[4542]: pam_krb5: authentication fails for `tuser' You probably need the single DES keys here. Run ktutil and list -e to make sure you have the right enctypes in the keytab file. | does winbind by default use: rc4-hmac? In newer versions, Yes. ut why use pam_krb5 at all ? Why not simply use pam_winbind? jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH84XFIR7qMdg1EfYRAjdFAKCHNeKcXSErQ2D1dKLwyLjKPG2ZhACfQv0c MEqiTLo9diBsElEYBIybG9o= =3kjk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with cups print job name
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Newbigin wrote: | For some time I had been running samba 3.0.10 from RHEL4. I have a samba | - cups - pdf printer set up which uses the user supplied job name for | the output file. The job name was formatted like this smbprn.1020 | Microsoft Word - Test.doc. | | Since then, RHEL have updated to samba 3.0.25. The job name supplied to | cups is now a random string of characters like smbprn.1512.hFG4Qi. | | Does anyone know if there is there a way to get the old behavior back? No. The current behavior is by design and was specifically done to fix manage CUPS print jobs from Windows clients. jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH84Y8IR7qMdg1EfYRAoXGAJ95U9pl/5TLDrwQTJCI83NS5FO6AwCgrj1W MkrJrMNWUV35t+LSelwWWZg= =QoB5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam allow users to change password without notice!!!
I use tdbsam . I use pdbedit -P password hisotry -C 3 pdbedit -P min password length -C 5 -P maximum password age -C 7776000 (90 days) -P minimum password age -C 6912000 (80 days) -P user must logon to change password -C 2 (on) So my passwords need to be changed every 90 days and user can change it after 80 days . I use this policies 6months and everything was ok. Windows xp users after logon was informed that they must chang password for xx days and they can change it after 80 days. But after changing time from winter to summer pdbedit work very strange!! Today I have discover terrible thing. pdbedit -Lv show me that every user changed password but windows doesn't show any notice about password change !!! The worst think is that password history doesn't worked and allow all users to write down the same password!! Nobody even know that change his own password because windows doesnt' show any notice, any window !!! They normally login as everyday do but pdbedit changed password last set entry to today date !!! Pdbedit -Lv shows that password was set eg today and next time they can change passord for 80 days But password is the same !!! PLEASE HELP!!! What should I do to force samba and pdbedit to change passwords correct and force to admonish password history !!!?? Unix username:fujitsu NT username: Account Flags:[U ] User SID: S-1-5-21-2794518228-724393910-221713885-2114 Primary Group SID:S-1-5-21-2794518228-724393910-221713885-513 Logon time: 0 Logoff time: never Kickoff time: 0 Password last set:Śr, 02 IV 2008 12:52:38 CEST Password can change: So, 21 VI 2008 12:52:38 CEST Password must change: Wt, 01 VII 2008 12:52:38 CEST Last bad password : 0 Bad password count : 0 Logon hours : 00807F00807F00807F00807F00807F My smb.conf [global] workgroup = geodezja server string = Samba Server %v interfaces = eth2 lo 10.10.10.1 bind interfaces only = Yes ; encrypt passwords = Yes update encrypted = Yes ; client plaintext auth = Yes log level = 2 vfs:3 auth:2 passdb:3 log file = /var/log/samba/%U.%m.log ; max log size = 5000 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 # DRUKOWANIE printer admin = root,@domadm load printers = yes printing = cups cups options = raw logon script = %G.CMD logon path = logon home = domain logons = yes os level = 128 preferred master = yes domain master = yes ; local master = yes remote browse sync = none remote announce = none dns proxy = No wins support = yes name resolve order = wins bcast host lmhosts hosts allow = 10.10.10.1/255.255.255.0 ; unix password sync = no security = user ; password level = 0 ; null passwords = no ; deadtime = 0 ; map to guest = never create mask = 0777 nt acl support = no time server = yes ; enable privileges = yes passdb backend = tdbsam username map = /etc/samba/smbusers Cracow Screen Festival (CSF) Kraków, 2-4 maja 2008 Koncerty oraz sztuka videografii w przestrzeni miejskiej! Bryan Ferry, Underworld, The Raveonettes, Mattafix http://klik.wp.pl/?adr=http%3A%2F%2Fcorto.www.wp.pl%2Fas%2Fkrakow_festiwal.htmlsid=296 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Urgent... winbind and keytab file creation
Hi and thanks for you answer. here is the output about the encryption used: [EMAIL PROTECTED] krb5]# klist -e -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal -- 2 host/[EMAIL PROTECTED] (DES cbc mode with CRC-32) 2 host/[EMAIL PROTECTED] (DES cbc mode with RSA-MD5) 2 host/[EMAIL PROTECTED] (ArcFour with HMAC/md5) 2 host/[EMAIL PROTECTED] (DES cbc mode with CRC-32) 2 host/[EMAIL PROTECTED] (DES cbc mode with RSA-MD5) 2 host/[EMAIL PROTECTED] (ArcFour with HMAC/md5) 2 [EMAIL PROTECTED] (DES cbc mode with CRC-32) 2 [EMAIL PROTECTED] (DES cbc mode with RSA-MD5) 2 [EMAIL PROTECTED] (ArcFour with HMAC/md5) i have to use pam_krb5 because i need to mount nfs shares with kerberos security. So when a user logs in he gets a valid TGT and is able to mount the share. if the keytab created cannot be used for this... can i somehow delete the host principal created by winbind, create a new one, that will work for pam_krb5 and let winbind use the newly created one? -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 15:10 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: | Hi, | | I'm running winbind (3.0.28a) on SLES9 with heimdal Kerberos. Everything works fine so far. Now i need to have the host keytab generated by winbind to be in the default /etc/krb5/krb5.keytab in order to use nfs with kerberos security. The problem is i have set the parameter in smb.conf: | | use kerberos keytabe = true DOn't use this if you use Samba to joined the domain. It is really on;y useful for non-MS realms. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH84WZIR7qMdg1EfYRAk6iAJ0d04pZey+cqgyzfOGbB6cmW+nhWwCgpOjV U+A6DB3LB7IZMlqBxWv0u6s= =MlpW -END PGP SIGNATURE- __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.22 - net setlocalsid with no effect
Hi Doug, *, Sorry for my late answer - I discovered your mail, which never reached my box, on gmane.. Douglas VanLeuven schrieb: Friedrich Strohmaier wrote: [..] I can't tell what you're trying to do from what you've described. It looks like you set the local machine sid and it worked. It was the SID of the machine acting as PDC .. The local machine sid will be different than the domain sid. That's aparently the one problem I have (which is solving a different one..) :o)) A profile based on the local machine sid won't be a roaming profile it will be a local profile. As long as the local SID differs from the Domain SID?.. [..] root# net setlocalsid SID_WANTED root# root# net getlocalsid SID for domain DOMAIN is: SID_WANTED This output reflects, what I want to have but[1].. Result: Client with Roamingprofile based on SID_WANTED is not able to connect to DOMAIN but has access to shares. OOOoops! If the local user name and password are the same as the domain name and password, depending on the security model, it's an old trick to allow access to shares in a workgroup without being a domain member. Which is sort of what you describe. exactly More Tests found here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetComma nd.html#netmisc1 root# net rpc info Domain Name: DOMAIN Domain SID: SID_NOT_WANTED .. [1] differs from this one Sequence number: 1206493306 Num users: 37 Num domain groups: 0 Num local groups: 0 I would think zero groups with 37 users is a hint to a problem. May be, for I did not join the workstations to the _new_ domain's SID_NOT_WANTED but probably that's a completely different thing. The problem seems to be, that the Domain SID set by setlocalsid and confirmed by getlocalsid doesn't really arrive as the domain SID. That means that the How To described here: http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id2600168 does not work as expected in my configuration for any reason. Thanx for Your answer. -- Friedrich beste Grüße/best regards von der/from the Sonnenalb - Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent... winbind and keytab file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: Hi and thanks for you answer. here is the output about the encryption used: [EMAIL PROTECTED] krb5]# klist -e -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal Enctypes look fine. i have to use pam_krb5 because i need to mount nfs shares with kerberos security. So when a user logs in he gets a valid TGT and is able to mount the share. pam_winbind will do that for you as well. if the keytab created cannot be used for this... can i somehow delete the host principal created by winbind, create a new one, that will work for pam_krb5 and let winbind use the newly created one? jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH843HIR7qMdg1EfYRAmDhAKC9ZLpFfsiBRZGqOS1uJDdke7r4qwCePF6D mYwG/R3TyRnd9DHFhhFLUpE= =Iu9j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Urgent... winbind and keytab file creation
how? when i use pam_winbind to login and automount to mount a users home with kerberos security i dont get a TGT at login. So this doesn't seem to work with pam_winbind or? -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 15:45 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: Hi and thanks for you answer. here is the output about the encryption used: [EMAIL PROTECTED] krb5]# klist -e -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal Enctypes look fine. i have to use pam_krb5 because i need to mount nfs shares with kerberos security. So when a user logs in he gets a valid TGT and is able to mount the share. pam_winbind will do that for you as well. if the keytab created cannot be used for this... can i somehow delete the host principal created by winbind, create a new one, that will work for pam_krb5 and let winbind use the newly created one? jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH843HIR7qMdg1EfYRAmDhAKC9ZLpFfsiBRZGqOS1uJDdke7r4qwCePF6D mYwG/R3TyRnd9DHFhhFLUpE= =Iu9j -END PGP SIGNATURE- __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent... winbind and keytab file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: how? when i use pam_winbind to login and automount to mount a users home with kerberos security i dont get a TGT at login. So this doesn't seem to work with pam_winbind or? Install examples/pam_winbind/pam_winbind.conf to /etc/security/ and enable the krb5_auth option. Also set winbind refresh tickets = yes in smb.conf. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH85NJIR7qMdg1EfYRArVHAJ4sn70tRJV6uM7coc9id1CjgUMlHQCfcJ7k XPb8CJDfP62ida5MuNjbEn4= =/0bH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Urgent... winbind and keytab file creation
Sounds cool. i made the changes. When i login as an ad user i don't get a ticket? Is there anything else i need to set? Cheers -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 16:08 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: how? when i use pam_winbind to login and automount to mount a users home with kerberos security i dont get a TGT at login. So this doesn't seem to work with pam_winbind or? Install examples/pam_winbind/pam_winbind.conf to /etc/security/ and enable the krb5_auth option. Also set winbind refresh tickets = yes in smb.conf. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH85NJIR7qMdg1EfYRArVHAJ4sn70tRJV6uM7coc9id1CjgUMlHQCfcJ7k XPb8CJDfP62ida5MuNjbEn4= =/0bH -END PGP SIGNATURE- __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Urgent... winbind and keytab file creation
Ok. i got it. I had to change the parameter for: krb5_ccache_type = FILE now the users get a cached ticket at login. COOL :) but when the automount daemon tries to mount their home it fails: Apr 2 16:41:09 rhel4wbtest2 rpc.gssd[1793]: WARNING: Failed to create krb5 context for user with uid 82967 for server ds-san-02.vegagroup.net Apr 2 16:41:12 rhel4wbtest2 rpc.gssd[1793]: rpcsec_gss: gss_init_sec_context: (major) Miscellaneous failure - (minor) No credentials found with supported encryption types Cheers, Oli -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oliver Weinmann Sent: 02 April 2008 16:31 To: Gerald (Jerry) Carter Cc: samba@lists.samba.org Subject: RE: [Samba] Urgent... winbind and keytab file creation Sounds cool. i made the changes. When i login as an ad user i don't get a ticket? Is there anything else i need to set? Cheers -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 16:08 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: how? when i use pam_winbind to login and automount to mount a users home with kerberos security i dont get a TGT at login. So this doesn't seem to work with pam_winbind or? Install examples/pam_winbind/pam_winbind.conf to /etc/security/ and enable the krb5_auth option. Also set winbind refresh tickets = yes in smb.conf. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH85NJIR7qMdg1EfYRArVHAJ4sn70tRJV6uM7coc9id1CjgUMlHQCfcJ7k XPb8CJDfP62ida5MuNjbEn4= =/0bH -END PGP SIGNATURE- __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] renaming a computer fail on a samba domain using ldap backend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Replying to myself : Add the following conf line to smb.conf: rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' ioguix a écrit : Hello, I am trying to rename a computer on my samba domain but it fails telling me I hadn't rights to do it. Obviously, I use the same admin account (root) than the one which add this computer on the domain some seconds before. I am using samba 3.0.24 on Debian etch with a openldap SAM backend and smbldap-tools scripts using these conf params : ~~ add user script = /usr/sbin/smbldap-useradd -c Samba user account -m -s /bin/false '%u' add machine script = /usr/sbin/smbldap-useradd -c Samba computer account -g 515 -w -s /bin/false '%u' add group script = /usr/sbin/smbldap-groupadd '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user script = /usr/sbin/smbldap-userdel '%u' delete group script = /usr/sbin/smbldap-groupdel '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' ~~ So far, I can add a computer on a domain, but I can't rename it. I tried to rename the computer using smbldap-usermod before updating it in WinXP, but obviously, it fails telling me the user is unknown. The only way I found is to add a computer with the new name to the domain using smbldap-useradd, leaving the domain from WinXP, renaming it under WinXP, re-join the domain, then drop the old computer account. Here the content of log.root when I try to rename the computer (using log file = /var/log/samba/log.%U and log level = 3) http://pastebin.org/26701 The ACCESS denied is at line 771 : set_user_info_21: failed to rename account: NT_STATUS_ACCESS_DENIED I could give a more verbose log file, but this one is pretty huge... So, where did I fail ? Do we can rename a computer on a samba domain ? Feel free to ask me anything more you need to help me :) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH853fxWGfaAgowiIRAv69AJwKCpGF6nOgeTAqJPO+PTTFc89vSACfRXhi boB8PEzyPb1m8LHv15laWTc= =CgVf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] renaming a computer fail on a samba domain using ldap backend
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Replying to myself : Add the following conf line to smb.conf: rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold' ioguix a écrit : Hello, I am trying to rename a computer on my samba domain but it fails telling me I hadn't rights to do it. Obviously, I use the same admin account (root) than the one which add this computer on the domain some seconds before. I am using samba 3.0.24 on Debian etch with a openldap SAM backend and smbldap-tools scripts using these conf params : ~~ add user script = /usr/sbin/smbldap-useradd -c Samba user account -m -s /bin/false '%u' add machine script = /usr/sbin/smbldap-useradd -c Samba computer account -g 515 -w -s /bin/false '%u' add group script = /usr/sbin/smbldap-groupadd '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user script = /usr/sbin/smbldap-userdel '%u' delete group script = /usr/sbin/smbldap-groupdel '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' ~~ So far, I can add a computer on a domain, but I can't rename it. I tried to rename the computer using smbldap-usermod before updating it in WinXP, but obviously, it fails telling me the user is unknown. The only way I found is to add a computer with the new name to the domain using smbldap-useradd, leaving the domain from WinXP, renaming it under WinXP, re-join the domain, then drop the old computer account. Here the content of log.root when I try to rename the computer (using log file = /var/log/samba/log.%U and log level = 3) http://pastebin.org/26701 The ACCESS denied is at line 771 : set_user_info_21: failed to rename account: NT_STATUS_ACCESS_DENIED I could give a more verbose log file, but this one is pretty huge... So, where did I fail ? Do we can rename a computer on a samba domain ? Feel free to ask me anything more you need to help me :) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH853fxWGfaAgowiIRAv69AJwKCpGF6nOgeTAqJPO+PTTFc89vSACfRXhi boB8PEzyPb1m8LHv15laWTc= =CgVf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent... winbind and keytab file creation
Hi I have recently figured that nfs supports only only des-cbc-crc:normal. encryption type. Regards On Wed, Apr 2, 2008 at 8:11 PM, Oliver Weinmann [EMAIL PROTECTED] wrote: Ok. i got it. I had to change the parameter for: krb5_ccache_type = FILE now the users get a cached ticket at login. COOL :) but when the automount daemon tries to mount their home it fails: Apr 2 16:41:09 rhel4wbtest2 rpc.gssd[1793]: WARNING: Failed to create krb5 context for user with uid 82967 for server ds-san-02.vegagroup.net Apr 2 16:41:12 rhel4wbtest2 rpc.gssd[1793]: rpcsec_gss: gss_init_sec_context: (major) Miscellaneous failure - (minor) No credentials found with supported encryption types Cheers, Oli -Original Message- From: [EMAIL PROTECTED] [mailto:samba-bounces+oliver.weinmann samba-bounces%2Boliver.weinmann= [EMAIL PROTECTED] On Behalf Of Oliver Weinmann Sent: 02 April 2008 16:31 To: Gerald (Jerry) Carter Cc: samba@lists.samba.org Subject: RE: [Samba] Urgent... winbind and keytab file creation Sounds cool. i made the changes. When i login as an ad user i don't get a ticket? Is there anything else i need to set? Cheers -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: 02 April 2008 16:08 To: Oliver Weinmann Cc: samba@lists.samba.org Subject: Re: [Samba] Urgent... winbind and keytab file creation -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: how? when i use pam_winbind to login and automount to mount a users home with kerberos security i dont get a TGT at login. So this doesn't seem to work with pam_winbind or? Install examples/pam_winbind/pam_winbind.conf to /etc/security/ and enable the krb5_auth option. Also set winbind refresh tickets = yes in smb.conf. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH85NJIR7qMdg1EfYRArVHAJ4sn70tRJV6uM7coc9id1CjgUMlHQCfcJ7k XPb8CJDfP62ida5MuNjbEn4= =/0bH -END PGP SIGNATURE- __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent... winbind and keytab file creation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: Ok. i got it. I had to change the parameter for: krb5_ccache_type = FILE now the users get a cached ticket at login. COOL :) but when the automount daemon tries to mount their home it fails: Apr 2 16:41:09 rhel4wbtest2 rpc.gssd[1793]: WARNING: Failed to create krb5 context for user with uid 82967 for server ds-san-02.vegagroup.net Apr 2 16:41:12 rhel4wbtest2 rpc.gssd[1793]: rpcsec_gss: gss_init_sec_context: (major) Miscellaneous failure - (minor) No credentials found with supported encryption types I expect the nfsv4 service is trying to use 3des or aes. I always set these enc types in /etc/krb5.conf [libdefaults] default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH86i/IR7qMdg1EfYRAiQcAJ9PoxRrBKYjWxhDcqc8pKsRAok8nQCeMIOF Y9bRg2KlV5qXK9u65e0WK6U= =Cgv+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] smbldap-useradd -w won't create machine account
Shouldn't it? I mean...Taking a look to the output produced by smbldap-useradd -? it says -w is a windows machine account (otherwise, posix stuff only) or something similar... I don't have the exact output right now. As far as I understand, it should add all the Samba stuff needed for Windows. And I'm having the same (or similar) problems... http://lists.samba.org/archive/samba/2008-February/138442.html http://lists.samba.org/archive/samba/2008-February/138639.html http://lists-archives.org/samba/36168-samba-ldap-question.html http://lists.samba.org/archive/samba/2008-March/139288.html Well... at least I think they can be similar... Maybe I'm just really wrong and each time than someone is experiencing problems adding a Windows machine to an Ldap server, I keep saying Me too, me too!!... although they are actually different problems... I hope not... 2008/4/1, [EMAIL PROTECTED] [EMAIL PROTECTED]: Samba will add sambaSAMAccount when you add the workstation to the domain. sambaldaptools not add the samba shema for that. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 01/04/2008 16:17:13 : I can't get smbldap-useradd to add the sambaSamAccount workstation attributes. For example: smbldap-useradd -w 'test_machine$' # test_machine$, People, desktop.hmdc.harvard.edu dn: uid=test_machine$,ou=People,dc=desktop,dc=hmdc,dc=harvard,dc=edu objectClass: top objectClass: account objectClass: posixAccount cn: test_machine$ uid: test_machine$ uidNumber: 1010 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer Has anyone else experienced this? It thinks it's creating a machine account, but it doesn't add sambaSamAccount, or sambaAcctFlags [W ]. More info: # rpm -qi smbldap-tools Name: smbldap-toolsRelocations: (not relocatable) Version : 0.9.4 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ Release : 1.el5.rf Build Date: Sat 22 Sep 2007 01:35:45 AM EDT Install Date: Tue 25 Mar 2008 11:43:42 AM EDT Build Host: lisse.leuven.wieers.com Group : System Environment/Base Source RPM: smbldap-tools-0.9.4-1.el5.rf.src.rpm Size: 525573 License: GPL Signature : DSA/SHA1, Sat 22 Sep 2007 02:51:47 PM EDT, Key ID a20e52146b8d79e6 Packager: Dag Wieers [EMAIL PROTECTED] URL : http://sourceforge.net/projects/smbldap-tools/ Summary : User and group administration tools for Samba-OpenLDAP Thanks, c -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Urgent... winbind and keytab file creation
On Wed, 2008-04-02 at 10:39 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Oliver Weinmann wrote: Ok. i got it. I had to change the parameter for: krb5_ccache_type = FILE now the users get a cached ticket at login. COOL :) but when the automount daemon tries to mount their home it fails: Apr 2 16:41:09 rhel4wbtest2 rpc.gssd[1793]: WARNING: Failed to create krb5 context for user with uid 82967 for server ds-san-02.vegagroup.net Apr 2 16:41:12 rhel4wbtest2 rpc.gssd[1793]: rpcsec_gss: gss_init_sec_context: (major) Miscellaneous failure - (minor) No credentials found with supported encryption types I expect the nfsv4 service is trying to use 3des or aes. I always set these enc types in /etc/krb5.conf [libdefaults] default_tgs_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 default_tkt_enctypes = RC4-HMAC DES-CBC-CRC DES-CBC-MD5 preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC Currently linux nfs server requires that both server and client use ONLY des keys Any other combination will simply fail. There are kernel patches reaching upstream that are adding 3des and aes but not yet rc4-hmac IIRC. Simo. -- Simo Sorce Samba Team GPL Compliance Officer [EMAIL PROTECTED] Senior Software Engineer at Red Hat Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] smbldap-useradd -w won't create machine account
No? Then how do you say we must do? Because I also tried to do that from Windows, and it doesn't work... I mean... right click on my pc and add machine to domain... and still doesn't work :S Quoting myself form: http://lists.samba.org/archive/samba/2008-February/138639.html The linux server is the host called and the windows client is the host enano When I try to join the domain JOME from Windows, I am prompted for a user that has permission to create things in the domain. I fill the textboxes with root and the rootpass, and in the samba.log file of the server (if the debug level is 2 or higher), it appears: authentication for user [root] - [root] - [root] succeeded. After this, the machine (enano$) is properly created (if doesn't exist) in the Ldap schema (a new entry called enano$ appears in ou=Hosts,dc=jome) as shown in the diagram above.The thing is that everything seems to be fine until in the windows machine a error window dialog appears with a very ugly red signal, saying (username not found). I think it must be something wrong with the user root, because if I try a username that is really non-existent (john, for instance) or if I mistype the password, the message that appears in windows is different (in my computer appears in Spanish, but it's something like session starting error: username not found or wrong password)... I've tried to put a higher debug level in samba (smb.conf- debug level=3) and between several other messages, it appears: [2008/02/22 15:33:37, 3] passdb/pdb_interface.c:pdb_default_create_user(354) pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER 2008/4/2, Christopher Perry [EMAIL PROTECTED]: the problem, as it turns out, is that you can't expect the command line to add the sambaSamAccount objectClass. the only way to get that added is by adding the windows machine to the domain, and samba will create that object class using the script. it must pass something magical to the script. don't ask me why, it seems counter intuitive. Hector Blanco wrote: Shouldn't it? I mean...Taking a look to the output produced by smbldap-useradd -? it says -w is a windows machine account (otherwise, posix stuff only) or something similar... I don't have the exact output right now. As far as I understand, it should add all the Samba stuff needed for Windows. And I'm having the same (or similar) problems... http://lists.samba.org/archive/samba/2008-February/138442.html http://lists.samba.org/archive/samba/2008-February/138639.html http://lists-archives.org/samba/36168-samba-ldap-question.html http://lists.samba.org/archive/samba/2008-March/139288.html Well... at least I think they can be similar... Maybe I'm just really wrong and each time than someone is experiencing problems adding a Windows machine to an Ldap server, I keep saying Me too, me too!!... although they are actually different problems... I hope not... 2008/4/1, [EMAIL PROTECTED] [EMAIL PROTECTED]: Samba will add sambaSAMAccount when you add the workstation to the domain. sambaldaptools not add the samba shema for that. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 01/04/2008 16:17:13 : I can't get smbldap-useradd to add the sambaSamAccount workstation attributes. For example: smbldap-useradd -w 'test_machine$' # test_machine$, People, desktop.hmdc.harvard.edu dn: uid=test_machine$,ou=People,dc=desktop,dc=hmdc,dc=harvard,dc=edu objectClass: top objectClass: account objectClass: posixAccount cn: test_machine$ uid: test_machine$ uidNumber: 1010 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer Has anyone else experienced this? It thinks it's creating a machine account, but it doesn't add sambaSamAccount, or sambaAcctFlags [W ]. More info: # rpm -qi smbldap-tools Name: smbldap-toolsRelocations: (not relocatable) Version : 0.9.4 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ Release : 1.el5.rf Build Date: Sat 22 Sep 2007 01:35:45 AM EDT Install Date: Tue 25 Mar 2008 11:43:42 AM EDT Build Host: lisse.leuven.wieers.com Group : System Environment/Base Source RPM: smbldap-tools-0.9.4-1.el5.rf.src.rpm Size: 525573 License: GPL Signature : DSA/SHA1, Sat 22 Sep 2007 02:51:47 PM EDT, Key ID a20e52146b8d79e6 Packager: Dag Wieers [EMAIL PROTECTED] URL
Re: RE [Samba] smbldap-useradd -w won't create machine account
On Wed, Apr 2, 2008 at 12:03 PM, Hector Blanco [EMAIL PROTECTED] wrote: No? Then how do you say we must do? Because I also tried to do that from Windows, and it doesn't work... I mean... right click on my pc and add machine to domain... and still doesn't work :S I had this in the past. At one point I think I fixed it but I found the easiest way around this (that always works) is to use LAM (or some other tool to create the required stuff in ldap directly). http://lam.sourceforge.net/ John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] smbldap-useradd -w won't create machine account
samba uses nss_ldap for the check during the add - ie it uses smbldap to add and then uses nssldap to check the account was created. The problem arises if the nssldap isn't configured properly. if you do getent passwd on the samba host, does it work? do you see ldap users or only local (/etc/passwd)? /etc/ldap.conf or /etc/openldap/ldap.conf is the culprit On 02/04/2008, John Drescher [EMAIL PROTECTED] wrote: On Wed, Apr 2, 2008 at 12:03 PM, Hector Blanco [EMAIL PROTECTED] wrote: No? Then how do you say we must do? Because I also tried to do that from Windows, and it doesn't work... I mean... right click on my pc and add machine to domain... and still doesn't work :S I had this in the past. At one point I think I fixed it but I found the easiest way around this (that always works) is to use LAM (or some other tool to create the required stuff in ldap directly). http://lam.sourceforge.net/ John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] smbldap-useradd -w won't create machine account
I see both. The thing is that the machine is properly created, but the Samba parts doesn't appear. Is like if smbldap-adduser worked only partially :S 2008/4/2, Quinn Fissler [EMAIL PROTECTED]: samba uses nss_ldap for the check during the add - ie it uses smbldap to add and then uses nssldap to check the account was created. The problem arises if the nssldap isn't configured properly. if you do getent passwd on the samba host, does it work? do you see ldap users or only local (/etc/passwd)? /etc/ldap.conf or /etc/openldap/ldap.conf is the culprit On 02/04/2008, John Drescher [EMAIL PROTECTED] wrote: On Wed, Apr 2, 2008 at 12:03 PM, Hector Blanco [EMAIL PROTECTED] wrote: No? Then how do you say we must do? Because I also tried to do that from Windows, and it doesn't work... I mean... right click on my pc and add machine to domain... and still doesn't work :S I had this in the past. At one point I think I fixed it but I found the easiest way around this (that always works) is to use LAM (or some other tool to create the required stuff in ldap directly). http://lam.sourceforge.net/ John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] weird election with non-existant machine
Forced Election: In workgroup WORKGROUP when announced server was: SYSTEM-1 (192.168.1.248) : 50 Time(s) SYSTEM-2 (192.168.1.183) : 2 Time(s) SYSTEM-3 (192.168.1.248) : 1 Time(s) Cannot get workgroup name from domain name browser: 192.168.1.153 : 96 Time(s) 192.168.1.153 was a mac running Leopard. It has not been on the network for a month, but this keeps happening. Does anyone have an idea where this address might be cached? Thanks, - Joel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] user account status
I used smbpasswd -d username to disable an account. How can I see the status of the account as being disabled? Is there something similar to the passwd -S username command which tells me the account status? When I view the smbpasswd file the user I disabled appears unchanged, not like the /etc/shadow file that replaces the password with two !! when an account is disabled. Thanks Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] smbldap-useradd -w won't create machine account
Hector Blanco wrote: Shouldn't it? I mean...Taking a look to the output produced by smbldap-useradd -? it says -w is a windows machine account (otherwise, posix stuff only) or something similar... I don't have the exact output right now. As far as I understand, it should add all the Samba stuff needed for Windows. And I'm having the same (or similar) problems... http://lists.samba.org/archive/samba/2008-February/138442.html http://lists.samba.org/archive/samba/2008-February/138639.html http://lists-archives.org/samba/36168-samba-ldap-question.html http://lists.samba.org/archive/samba/2008-March/139288.html Well... at least I think they can be similar... Maybe I'm just really wrong and each time than someone is experiencing problems adding a Windows machine to an Ldap server, I keep saying Me too, me too!!... although they are actually different problems... I hope not... 2008/4/1, [EMAIL PROTECTED] [EMAIL PROTECTED]: Samba will add sambaSAMAccount when you add the workstation to the domain. sambaldaptools not add the samba shema for that. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 01/04/2008 16:17:13 : I can't get smbldap-useradd to add the sambaSamAccount workstation attributes. For example: smbldap-useradd -w 'test_machine$' # test_machine$, People, desktop.hmdc.harvard.edu dn: uid=test_machine$,ou=People,dc=desktop,dc=hmdc,dc=harvard,dc=edu objectClass: top objectClass: account objectClass: posixAccount cn: test_machine$ uid: test_machine$ uidNumber: 1010 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer Has anyone else experienced this? It thinks it's creating a machine account, but it doesn't add sambaSamAccount, or sambaAcctFlags [W ]. More info: # rpm -qi smbldap-tools Name: smbldap-toolsRelocations: (not relocatable) Version : 0.9.4 Vendor: Dag Apt Repository, http://dag.wieers.com/apt/ Release : 1.el5.rf Build Date: Sat 22 Sep 2007 01:35:45 AM EDT Install Date: Tue 25 Mar 2008 11:43:42 AM EDT Build Host: lisse.leuven.wieers.com Group : System Environment/Base Source RPM: smbldap-tools-0.9.4-1.el5.rf.src.rpm Size: 525573 License: GPL Signature : DSA/SHA1, Sat 22 Sep 2007 02:51:47 PM EDT, Key ID a20e52146b8d79e6 Packager: Dag Wieers [EMAIL PROTECTED] URL : http://sourceforge.net/projects/smbldap-tools/ Summary : User and group administration tools for Samba-OpenLDAP Thanks, c -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba ou=people? Shouldn't that be in the Machines or Computers unit instead? I think it might have to be a machine account, no? Also, do you have a corresponding samba account to mate to the ldap entry? My LDAP-fu is weak as of late, please disregard this if I'm completely off base. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user account status
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 pdbedit -Lv username -- there are some other formats that might be of interest. Most specifically though, looking at the smbpasswd file, you SHOULD see a D in the [] flags field. Marc Fromm wrote: I used smbpasswd -d username to disable an account. How can I see the status of the account as being disabled? Is there something similar to the passwd -S username command which tells me the account status? When I view the smbpasswd file the user I disabled appears unchanged, not like the /etc/shadow file that replaces the password with two !! when an account is disabled. Thanks Marc - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH87pMmb+gadEcsb4RAmA3AKCA5qZYX1EgGbcpQKpB9BL9yzkznQCfWykf M/8LbrrrQVXyyAI/zcUE28A= =7sr6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] smbldap-useradd -w won't create machine account
On Wed, Apr 2, 2008 at 12:22 PM, Quinn Fissler [EMAIL PROTECTED] wrote: samba uses nss_ldap for the check during the add - ie it uses smbldap to add and then uses nssldap to check the account was created. The problem arises if the nssldap isn't configured properly. if you do getent passwd on the samba host, does it work? do you see ldap users or only local (/etc/passwd)? This works and I do see both the users from /etc/passwd and ldap. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PANIC: internal error
I have a samba server that has been running for quite a while, without any problems. Last week, out of the blue, everybody lost connections. I restarted winbind and samba and all was well. It happened again, and again all it took was a restart. It happened over the weekend then again on Monday, when I noticed winbind was gone and just restarted that. When i happened again today I looked into why. Winbind is dying with an internal error. Here's what it looks like in the messages file: Apr 2 11:25:50 Server winbindd[16996]: [2008/04/02 11:25:50, 0] lib/fault.c:fault_report(36) Apr 2 11:25:50 Server winbindd[16996]: === Apr 2 11:25:50 Server winbindd[16996]: [2008/04/02 11:25:50, 0] lib/fault.c:fault_report(37) Apr 2 11:25:50 Server winbindd[16996]: INTERNAL ERROR: Signal 6 in pid 16996 (3.0.20b-2.1) Apr 2 11:25:50 Server winbindd[16996]: Please read the Trouble-Shooting section of the Samba3-HOWTO Apr 2 11:25:50 Server winbindd[16996]: [2008/04/02 11:25:50, 0] lib/fault.c:fault_report(39) Apr 2 11:25:50 Server winbindd[16996]: Apr 2 11:25:50 Server winbindd[16996]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Apr 2 11:25:50 Server winbindd[16996]: [2008/04/02 11:25:50, 0] lib/fault.c:fault_report(40) Apr 2 11:25:50 Server winbindd[16996]: === Apr 2 11:25:50 Server winbindd[16996]: [2008/04/02 11:25:50, 0] lib/util.c:smb_panic2(1570) Apr 2 11:25:50 Server winbindd[16996]: PANIC: internal error Apr 2 11:25:50 Server winbindd[16996]: [2008/04/02 11:25:50, 0] lib/util.c:smb_panic2(1578) Apr 2 11:25:50 Server winbindd[16996]: BACKTRACE: 30 stack frames: Apr 2 11:25:50 Server winbindd[16996]:#0 winbindd(smb_panic2+0x14f) [0x93e7cf] Apr 2 11:25:50 Server winbindd[16996]:#1 winbindd(smb_panic+0x27) [0x93e677] Apr 2 11:25:50 Server winbindd[16996]:#2 winbindd [0x928786] Apr 2 11:25:50 Server winbindd[16996]:#3 /lib/tls/libc.so.6 [0x1b60d8] Apr 2 11:25:50 Server winbindd[16996]:#4 /lib/tls/libc.so.6(abort+0x1d5) [0x1b7705] Apr 2 11:25:50 Server winbindd[16996]:#5 winbindd [0x96515b] Apr 2 11:25:50 Server winbindd[16996]:#6 winbindd [0x9653c9] Apr 2 11:25:50 Server winbindd[16996]:#7 winbindd(cli_krb5_get_ticket+0x230) [0x965850] Apr 2 11:25:50 Server winbindd[16996]:#8 winbindd(spnego_gen_negTokenTarg+0x53) [0x966553] Apr 2 11:25:50 Server winbindd[16996]:#9 winbindd [0xa0952a] Apr 2 11:25:50 Server winbindd[16996]:#10 winbindd [0xa0984e] Apr 2 11:25:50 Server winbindd[16996]:#11 winbindd(ads_sasl_bind+0x150) [0xa0a070] Apr 2 11:25:50 Server winbindd[16996]:#12 winbindd(ads_connect+0x1ba) [0xa02a3a] Apr 2 11:25:50 Server winbindd[16996]:#13 winbindd(ads_do_search_retry+0xf6) [0xa0fd96] Apr 2 11:25:50 Server winbindd[16996]:#14 winbindd(ads_search_retry+0x3f) [0xa1005f] Apr 2 11:25:50 Server winbindd[16996]:#15 winbindd [0x8e5e56] Apr 2 11:25:50 Server winbindd[16996]:#16 winbindd [0x8d6c2c] Apr 2 11:25:50 Server winbindd[16996]:#17 winbindd(winbindd_dual_userinfo+0x137) [0x8cb7b7] Apr 2 11:25:50 Server winbindd[16996]:#18 winbindd [0x8e949d] Apr 2 11:25:50 Server winbindd[16996]:#19 winbindd [0x8e98fe] Apr 2 11:25:50 Server winbindd[16996]:#20 winbindd [0x8e8fc0] Apr 2 11:25:50 Server winbindd[16996]:#21 winbindd(async_request+0x88) [0x8e8b98] Apr 2 11:25:50 Server winbindd[16996]:#22 winbindd(init_child_connection+0x179) [0x8d1789] Apr 2 11:25:50 Server winbindd[16996]:#23 winbindd(async_domain_request+0xb6) [0x8e90e6] Apr 2 11:25:50 Server winbindd[16996]:#24 winbindd [0x8d11db] Apr 2 11:25:50 Server winbindd[16996]:#25 winbindd(rescan_trusted_domains+0x48) [0x8d15f8] Apr 2 11:25:50 Server winbindd[16996]:#26 winbindd [0x8ca601] Apr 2 11:25:50 Server winbindd[16996]:#27 winbindd(main+0x505) [0x8cb0f5] Apr 2 11:25:50 Server winbindd[16996]:#28 /lib/tls/libc.so.6(__libc_start_main+0xda) [0x1a379a] Apr 2 11:25:50 Server winbindd[16996]:#29 winbindd [0x8c8f72] Apr 2 11:25:50 Server winbindd[16996]: Since this is a daily occurance, its rather annoying, for me and the users. Of course my boss wants to know why this is suddenly happening on an otherwise stable server (I'd like to know that too). I'm running Samba version 3.0.20b-2.1 on Red Hat Enterprise Linux ES release 3 (Taroon Update 7) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] weird election with non-existant machine
JJB wrote: Forced Election: In workgroup WORKGROUP when announced server was: SYSTEM-1 (192.168.1.248) : 50 Time(s) SYSTEM-2 (192.168.1.183) : 2 Time(s) SYSTEM-3 (192.168.1.248) : 1 Time(s) Cannot get workgroup name from domain name browser: 192.168.1.153 : 96 Time(s) 192.168.1.153 was a mac running Leopard. It has not been on the network for a month, but this keeps happening. Does anyone have an idea where this address might be cached? Thanks, - Joel Depends on your distro, but in Slackware, when compiled without --with-hfs, it's like /var/cache/samba or /var/lib/samba. I'm fairly sure that it should be in the /var directory. Try doing a 'lsof' and see if the samba process has anything open from there that isn't a log file. IIRC, it should be a DBD. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP different Group SID -- not supported for NETLOGON calls
Cesar Amaya wrote: Hello list, I have two Samba-LDAP DC's each in different networks, domain AMECC_SAL (192.168.40.0/24) and domain AMECC_GUA (192.168.42./24). I have established a inter-domain trust relationship in both directions. My problem comes when I try to log into a machine in the AMECC_SAL domain using any user from the AMECC_GUA domain. The machine´s name in which I want to sign in is cc03. The log for the machine account says: # tail -f cc03.log [2008/03/31 16:55:17, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158) init_group_from_ldap: Entry found for group: 515 [2008/03/31 16:55:35, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [ricky] - [ricky] - [ricky] succeeded [2008/03/31 16:55:35, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon_internal(1004) _net_sam_logon: user AMECC_GUA\ricky has user sid S-1-5-21-2494724867-3922152549-500773586-3022 but group sid S-1-5-21-3360583363-2600074294-2199971840-513. The conflicting domain portions are not supported for NETLOGON calls Part of the pdbedit -L -v says: Unix username:ricky NT username: ricky Account Flags:[U ] User SID: S-1-5-21-2494724867-3922152549-500773586-3022 init_group_from_ldap: Entry found for group: 513 init_group_from_ldap: Entry found for group: 513 Primary Group SID:S-1-5-21-2494724867-3922152549-500773586-513 from this output we can tell that Primary Group SID is different from that group sid of cc03.log file: S-1-5-21-3360583363-2600074294-2199971840-513. I am using the following software: FreeBSD 7.0 Release, samba-3.0.28,1, openldap-2.3.41 and smbldap-tools-0.9.4_2. Please can any one give some help??? Thank you very much. I think this error is because the service nns_ldap is not runing. I got this error nss_ldap: could not search LDAP server - Server is unavailable -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.22 - net setlocalsid with no effect
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Friedrich Strohmaier wrote: | Hi Doug, *, | | Sorry for my late answer - I discovered your mail, which never reached | my box, on gmane.. | | Douglas VanLeuven schrieb: | Friedrich Strohmaier wrote: | | [..] | | I can't tell what you're trying to do from what you've described. | It looks like you set the local machine sid and it worked. | | It was the SID of the machine acting as PDC .. | | The local machine sid will be different than the domain sid. | | That's aparently the one problem I have (which is solving a different | one..) :o)) | | A profile based on the local machine sid won't be a roaming profile it | will be a local profile. | | As long as the local SID differs from the Domain SID?.. | | | [..] | | root# net setlocalsid SID_WANTED | root# | | root# net getlocalsid | SID for domain DOMAIN is: SID_WANTED Might try ~ net rpc getsid Which is supposed to fetch the domain sid into the local secrets.tdb I've never used these commands. I've always viewed them as either useful for recovery from crash without backup, or setting the SID of a backup samba PDC. For a workstation, even if you manage to get the SID's to agree with a prior install, the machine password on the PDC and on the workstation wouldn't agree. If it's new workstation name, there won't be an account for the workstation on the PDC. Why not simply ~ net rpc join and allow the normal mechanisms to work? Regards, Doug -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFH89lNFqWysr/jOHMRApZEAKDE3hUJcF5kRh6S9bYFw0pM6cbHrACgynPv vz7S21UU/gm6SHnfuCeKp+4= =I+qL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user account status
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Please keep replies on-list. For smbpasswd, they are not listed anyplace else. I believe they are manufactured from the smb.conf entries for profile path and home directory. I believe for other backends, they are contained in the file and only generated if blank. =R Marc Fromm wrote: Thanks for the tip. Can you tell me where the home directory and profile path actually are located as listed from the pdbedit -Lv? Home Directory: \\finaid46\adrian Profile Path: \\finaid46\adrian\profile Marc Fromm Information Technology Specialist II Financial Aid Department Western Washington University Phone: 360-650-3351 Fax: 360-788-0251 -Original Message- From: Ryan Novosielski [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2008 9:55 AM To: Marc Fromm Cc: samba@lists.samba.org Subject: Re: [Samba] user account status pdbedit -Lv username -- there are some other formats that might be of interest. Most specifically though, looking at the smbpasswd file, you SHOULD see a D in the [] flags field. Marc Fromm wrote: I used smbpasswd -d username to disable an account. How can I see the status of the account as being disabled? Is there something similar to the passwd -S username command which tells me the account status? When I view the smbpasswd file the user I disabled appears unchanged, not like the /etc/shadow file that replaces the password with two !! when an account is disabled. Thanks Marc - -- _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Systems Programmer II |$| |__| | | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH89lemb+gadEcsb4RAhzAAJ0dqZTAdXXIwaAG2E3pkX8A4K6+MgCfTf3f 62Kh2PcVOA2wocM98ZFMHlQ= =nTUf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] weird election with non-existant machine
Search for a file called wins.dat, remove it, restart samba and go for a coffee. JJB escreveu: Forced Election: 192.168.1.153 was a mac running Leopard. It has not been on the network for a month, but this keeps happening. Does anyone have an idea where this address might be cached? -- Marcio Merlone -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC, OpenLDAP, and passwd chat
Your password must be at least 5 characters, cannot repeat any of your previous 0 passwords and must be at least 0 days old. Please type a different password. Type a password that meets these requirements in both text boxes. ...instead of the requirements set forth in OpenLDAP (minimum 6 chars, can't use previous 6 passwords, etc) as demonstrated below is an issue. Where is it pulling these requirements from, The message comes from the security policy set on Samba via the pdbedit command. Setting a security policy via pdbedit is covered in the pdbedit man page. and how can I get it to relay messages from OpenLDAP (e.g., the 'password fails quality checking' message) back to the user? You can't. Yes, this epically sucks. I'd be *thrilled* to know if you come up with any universal way to enforce password strength re-use rules. Currently I know of only one - Active Directory. :( -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] weird election with non-existant machine
Marcio Merlone wrote: Search for a file called wins.dat, remove it, restart samba and go for a coffee. JJB escreveu: Forced Election: 192.168.1.153 was a mac running Leopard. It has not been on the network for a month, but this keeps happening. Does anyone have an idea where this address might be cached? Thanks, we will try that! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Smbpasswd help101
Hi, I am using samba 3 came with redhat 5.1 , samba-3.0.25b-0.el5.4 Please help to answer these questions 1/ How can I can smb.conf to use /etc/samba/smbpasswd file ? 2/ What is the default 'security' on samba 3 user ? 3/ Does the lines start with a ; (semi-colo) are default configuration ? example ; security = user This email contains confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Facing the problem while cloning the samba repository
Hi, I am trying to clone the samba repository using git and I get the following error. $ git-clone git://git.samba.org/samba.git samba Initialized empty Git repository in /data/koteswar/samba/.git/ git.samba.org[0: 131.204.22.100]: errno=Connection refused fatal: unable to connect a socket (Connection refused) fetch-pack from 'git://git.samba.org/samba.git' failed. Can you please help me out what is causing the error...? Regards, Koti. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Faster, longer EDcure!
Doesn't matter whats the problem - we have pilz to cure everything! http://rnfjabkvmmwq.blogspot.com PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0pre2-394-g2ba0037
The branch, v3-2-stable has been updated via 2ba0037a3bb1e0692e5c35b11dd632590735d869 (commit) via 7ab5d6f0251ee1d10e9393911c2f120b94f784fe (commit) via 37aa01f033e6fdeb970d8357db6ea4498fe83d1f (commit) from f8cc8e873508b358633dcdcf945b34587eef0950 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 2ba0037a3bb1e0692e5c35b11dd632590735d869 Author: Jeremy Allison [EMAIL PROTECTED] Date: Fri Mar 28 17:32:52 2008 -0700 Fix missing ''. Jeremy. (cherry picked from commit 251df53811e4272b629575a4b50c29a99715ccf9) commit 7ab5d6f0251ee1d10e9393911c2f120b94f784fe Author: Jeremy Allison [EMAIL PROTECTED] Date: Fri Mar 28 17:31:06 2008 -0700 Only allow sendfile on non-stream fsp's. Should fix make test for streams as sendfile isn't implemented in the streams vfs modules yet. Jeremy. (cherry picked from commit eef53e9603d4f3d892ffe00b061def5d717ca481) commit 37aa01f033e6fdeb970d8357db6ea4498fe83d1f Author: Jeremy Allison [EMAIL PROTECTED] Date: Fri Mar 28 10:12:07 2008 -0700 Fix bug #5326 - OS/2 servers give strange high word replies for print jobs. Jeremy. (cherry picked from commit d090d25cb702965b3d5e4635a26a06f2b62d235d) --- Summary of changes: source/libsmb/clireadwrite.c |4 +++- source/smbd/reply.c |4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/clireadwrite.c b/source/libsmb/clireadwrite.c index 668a269..e79fd90 100644 --- a/source/libsmb/clireadwrite.c +++ b/source/libsmb/clireadwrite.c @@ -745,7 +745,9 @@ ssize_t cli_write(struct cli_state *cli, break; bwritten += SVAL(cli-inbuf, smb_vwv2); - bwritten += (((int)(SVAL(cli-inbuf, smb_vwv4)))16); + if (writesize 0x) { + bwritten += (((int)(SVAL(cli-inbuf, smb_vwv4)))16); + } } while (received issued cli_receive_smb(cli)) { diff --git a/source/smbd/reply.c b/source/smbd/reply.c index b3f0fc5..427fadc 100644 --- a/source/smbd/reply.c +++ b/source/smbd/reply.c @@ -2656,7 +2656,7 @@ void send_file_readbraw(connection_struct *conn, * reply_readbraw has already checked the length. */ - if ( (chain_size == 0) (nread 0) + if ( (chain_size == 0) (nread 0) (fsp-base_fsp == NULL) (fsp-wcp == NULL) lp_use_sendfile(SNUM(conn)) ) { char header[4]; DATA_BLOB header_blob; @@ -3131,7 +3131,7 @@ static void send_file_readX(connection_struct *conn, struct smb_request *req, */ if ((chain_size == 0) (CVAL(req-inbuf,smb_vwv0) == 0xFF) - !is_encrypted_packet(req-inbuf) + !is_encrypted_packet(req-inbuf) (fsp-base_fsp == NULL) lp_use_sendfile(SNUM(conn)) (fsp-wcp == NULL) ) { uint8 headerbuf[smb_size + 12 * 2]; DATA_BLOB header; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-619-g0058ab3
The branch, v3-2-test has been updated via 0058ab30de943f134792e3d66051206086987110 (commit) from 0970369ca0cb9ae465cff40e5c75739824daf1d0 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 0058ab30de943f134792e3d66051206086987110 Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Apr 2 11:14:15 2008 +0200 Make sure to hand down the domain name in libnetapi NetUnjoinDomain. Guenther --- Summary of changes: source/lib/netapi/joindomain.c | 18 +++--- 1 files changed, 11 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/netapi/joindomain.c b/source/lib/netapi/joindomain.c index 9c0e8aa..ed8327e 100644 --- a/source/lib/netapi/joindomain.c +++ b/source/lib/netapi/joindomain.c @@ -238,6 +238,7 @@ static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx, { struct libnet_UnjoinCtx *r = NULL; struct dom_sid domain_sid; + const char *domain = NULL; WERROR werr; if (!secrets_fetch_domain_sid(lp_workgroup(), domain_sid)) { @@ -247,26 +248,28 @@ static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx, werr = libnet_init_UnjoinCtx(mem_ctx, r); W_ERROR_NOT_OK_RETURN(werr); + if (lp_realm()) { + domain = lp_realm(); + } else { + domain = lp_workgroup(); + } + if (server_name) { r-in.dc_name = talloc_strdup(mem_ctx, server_name); W_ERROR_HAVE_NO_MEMORY(r-in.dc_name); } else { NTSTATUS status; - const char *domain = NULL; struct netr_DsRGetDCNameInfo *info = NULL; uint32_t flags = DS_DIRECTORY_SERVICE_REQUIRED | DS_WRITABLE_REQUIRED | DS_RETURN_DNS_NAME; - if (lp_realm()) { - domain = lp_realm(); - } else { - domain = lp_workgroup(); - } status = dsgetdcname(mem_ctx, domain, NULL, NULL, flags, info); if (!NT_STATUS_IS_OK(status)) { libnetapi_set_error_string(mem_ctx, - %s, get_friendly_nt_error_msg(status)); + failed to find DC for domain %s: %s, + domain, + get_friendly_nt_error_msg(status)); return ntstatus_to_werror(status); } r-in.dc_name = talloc_strdup(mem_ctx, @@ -284,6 +287,7 @@ static WERROR NetUnjoinDomainLocal(struct libnetapi_ctx *mem_ctx, W_ERROR_HAVE_NO_MEMORY(r-in.admin_password); } + r-in.domain_name = domain; r-in.unjoin_flags = unjoin_flags; r-in.modify_config = true; r-in.debug = true; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-620-g4714bae
The branch, v3-2-test has been updated via 4714bae0dbbb2ad010c2929f83de6bca84cfac46 (commit) from 0058ab30de943f134792e3d66051206086987110 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 4714bae0dbbb2ad010c2929f83de6bca84cfac46 Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Apr 2 11:18:10 2008 +0200 Some fixes for netdomjoin-gui and support for browsing/joining OUs. Guenther --- Summary of changes: .../examples/netdomjoin-gui/netdomjoin-gui.c | 547 ++-- 1 files changed, 390 insertions(+), 157 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c b/source/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c index a3719c7..a4daf4f 100644 --- a/source/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c +++ b/source/lib/netapi/examples/netdomjoin-gui/netdomjoin-gui.c @@ -63,14 +63,17 @@ typedef struct join_state { GtkWidget *entry_account; GtkWidget *entry_password; GtkWidget *entry_domain; + GtkWidget *entry_ou_list; GtkWidget *entry_workgroup; GtkWidget *button_ok; GtkWidget *button_apply; GtkWidget *button_ok_creds; + GtkWidget *button_get_ous; GtkWidget *label_reboot; GtkWidget *label_current_name_buffer; GtkWidget *label_current_name_type; GtkWidget *label_full_computer_name; + GtkWidget *label_winbind; uint16_t name_type_initial; uint16_t name_type_new; char *name_buffer_initial; @@ -111,10 +114,40 @@ static gboolean callback_delete_event(GtkWidget *widget, static void callback_do_close(GtkWidget *widget, gpointer data) { - debug(Closing now...\n); + debug(callback_do_close called\n); + gtk_widget_destroy(data); } +static void callback_do_freeauth(GtkWidget *widget, +gpointer data) +{ + struct join_state *state = (struct join_state *)data; + + debug(callback_do_freeauth called\n); + + SAFE_FREE(state-account); + SAFE_FREE(state-password); + + if (state-window_creds_prompt) { + gtk_widget_destroy(state-window_creds_prompt); + } +} + +static void callback_do_freeauth_and_close(GtkWidget *widget, + gpointer data) +{ + struct join_state *state = (struct join_state *)data; + + debug(callback_do_freeauth_and_close called\n); + + SAFE_FREE(state-account); + SAFE_FREE(state-password); + + gtk_widget_destroy(state-window_creds_prompt); + gtk_widget_destroy(state-window_do_change); +} + static void free_join_state(struct join_state *s) { SAFE_FREE(s-name_buffer_initial); @@ -155,6 +188,8 @@ static void callback_apply_description_change(GtkWidget *widget, GTK_BUTTONS_OK, Failed to change computer description: %s., libnetapi_get_error_string(state-ctx, status)); + gtk_window_set_modal(GTK_WINDOW(dialog), TRUE); + g_signal_connect_swapped(dialog, response, G_CALLBACK(gtk_widget_destroy), dialog); @@ -183,6 +218,7 @@ static void callback_do_exit(GtkWidget *widget, GTK_MESSAGE_QUESTION, GTK_BUTTONS_YES_NO, You must restart your computer before the new settings will take effect.); + gtk_window_set_modal(GTK_WINDOW(dialog), TRUE); result = gtk_dialog_run(GTK_DIALOG(dialog)); switch (result) { case GTK_RESPONSE_YES: @@ -214,6 +250,7 @@ static void callback_do_reboot(GtkWidget *widget, GTK_MESSAGE_INFO, GTK_BUTTONS_OK, You must restart this computer for the changes to take effect.); + gtk_window_set_modal(GTK_WINDOW(dialog), TRUE); #if 0 g_signal_connect_swapped(dialog, response, G_CALLBACK(gtk_widget_destroy), @@ -269,10 +306,14 @@ static void callback_return_username(GtkWidget *widget, { const gchar *entry_text; struct join_state *state = (struct join_state *)data; + debug(callback_return_username called\n); if (!widget) { return; } entry_text = gtk_entry_get_text(GTK_ENTRY(widget)); + if (!entry_text) { + return; + } debug(callback_return_username: %s\n, entry_text); SAFE_FREE(state-account);
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-618-g0970369
The branch, v3-2-test has been updated via 0970369ca0cb9ae465cff40e5c75739824daf1d0 (commit) from 547eacf6058d2bc5b41b266b70f8f4747aca4eae (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 0970369ca0cb9ae465cff40e5c75739824daf1d0 Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Apr 2 02:29:48 2008 +0200 Fix NETLOGON credential chain with Windows 2008 all over the place. In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther --- Summary of changes: source/auth/auth_domain.c|2 +- source/include/rpc_dce.h | 44 ++--- source/libnet/libnet_join.c |3 +- source/libsmb/trusts_util.c |2 +- source/rpc_client/cli_netlogon.c | 11 + source/rpc_client/cli_pipe.c |4 +- source/rpcclient/rpcclient.c |2 +- source/utils/net_rpc_join.c |4 +- source/utils/net_rpc_samsync.c |2 +- source/winbindd/winbindd_cm.c|6 + 10 files changed, 61 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/source/auth/auth_domain.c b/source/auth/auth_domain.c index c9aa064..f526677 100644 --- a/source/auth/auth_domain.c +++ b/source/auth/auth_domain.c @@ -126,7 +126,7 @@ machine %s. Error was : %s.\n, dc_name, nt_errstr(result))); if (!lp_client_schannel()) { /* We need to set up a creds chain on an unauthenticated netlogon pipe. */ - uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; uint32 sec_chan_type = 0; unsigned char machine_pwd[16]; const char *account_name; diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h index ec08eb5..33ab365 100644 --- a/source/include/rpc_dce.h +++ b/source/include/rpc_dce.h @@ -101,12 +101,48 @@ enum RPC_PKT_TYPE { /* The 7 here seems to be required to get Win2k not to downgrade us to NT4. Actually, anything other than 1ff would seem to do... */ #define NETLOGON_NEG_AUTH2_FLAGS 0x000701ff +/* + (NETLOGON_NEG_ACCOUNT_LOCKOUT | +NETLOGON_NEG_PERSISTENT_SAMREPL | +NETLOGON_NEG_ARCFOUR | +NETLOGON_NEG_PROMOTION_COUNT | +NETLOGON_NEG_CHANGELOG_BDC | +NETLOGON_NEG_FULL_SYNC_REPL | +NETLOGON_NEG_MULTIPLE_SIDS | +NETLOGON_NEG_REDO | +NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | +NETLOGON_NEG_DNS_DOMAIN_TRUSTS | +NETLOGON_NEG_PASSWORD_SET2 | +NETLOGON_NEG_GETDOMAININFO) +*/ #define NETLOGON_NEG_DOMAIN_TRUST_ACCOUNT 0x2010b000 - -/* these are the flags that ADS clients use */ -#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL) -#define NETLOGON_NEG_SELECT_AUTH2_FLAGS ((lp_security() == SEC_ADS) ? NETLOGON_NEG_AUTH2_ADS_FLAGS : NETLOGON_NEG_AUTH2_FLAGS) +/* these are the flags that ADS clients use */ +#define NETLOGON_NEG_AUTH2_ADS_FLAGS 0x600f +/* + (NETLOGON_NEG_ACCOUNT_LOCKOUT | +NETLOGON_NEG_PERSISTENT_SAMREPL | +NETLOGON_NEG_ARCFOUR | +NETLOGON_NEG_PROMOTION_COUNT | +NETLOGON_NEG_CHANGELOG_BDC | +NETLOGON_NEG_FULL_SYNC_REPL | +NETLOGON_NEG_MULTIPLE_SIDS | +NETLOGON_NEG_REDO | +NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL | +NETLOGON_NEG_SEND_PASSWORD_INFO_PDC | +NETLOGON_NEG_GENERIC_PASSTHROUGH | +NETLOGON_NEG_CONCURRENT_RPC | +NETLOGON_NEG_AVOID_ACCOUNT_DB_REPL | +NETLOGON_NEG_AVOID_SECURITYAUTH_DB_REPL | +NETLOGON_NEG_128BIT | +NETLOGON_NEG_TRANSITIVE_TRUSTS | +NETLOGON_NEG_DNS_DOMAIN_TRUSTS | +NETLOGON_NEG_PASSWORD_SET2 | +NETLOGON_NEG_GETDOMAININFO | +NETLOGON_NEG_CROSS_FOREST_TRUSTS | +NETLOGON_NEG_AUTHENTICATED_RPC_LSASS | +NETLOGON_NEG_SCHANNEL) +*/ enum schannel_direction { SENDER_IS_INITIATOR, diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c index 90e1b59..16db032 100644 --- a/source/libnet/libnet_join.c +++ b/source/libnet/libnet_join.c @@ -930,8 +930,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, const char *machine_name, const char *dc_name) { - uint32_t neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS | -NETLOGON_NEG_SCHANNEL; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; struct cli_state
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-622-gb12edbe
The branch, v3-2-test has been updated via b12edbeffee1f7d1fd971cde9189e5137ddeb35b (commit) via 8a1a9f967db25d3928f19e46d60af249f934f323 (commit) from 4714bae0dbbb2ad010c2929f83de6bca84cfac46 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit b12edbeffee1f7d1fd971cde9189e5137ddeb35b Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Apr 2 12:29:24 2008 +0200 Fix net rpc trustdom establish for win2k8 trusts. When establishing trusts to a windows 2008 dc, the NetServerEnum2 RAP call fails with some exotic RAP failure. Let's just try a netlogon getdcname call in that case to convince ourselve we're talking to a proper machine. Rafael, looks ok? Guenther commit 8a1a9f967db25d3928f19e46d60af249f934f323 Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Apr 2 12:23:07 2008 +0200 Apply some const in clirap. Guenther --- Summary of changes: source/libsmb/clirap2.c |2 +- source/utils/net_rpc.c | 66 +-- 2 files changed, 53 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/clirap2.c b/source/libsmb/clirap2.c index d579564..9cc8110 100644 --- a/source/libsmb/clirap2.c +++ b/source/libsmb/clirap2.c @@ -1469,7 +1469,7 @@ int cli_NetShareDelete(struct cli_state *cli, const char * share_name ) * / -bool cli_get_pdc_name(struct cli_state *cli, char *workgroup, char **pdc_name) +bool cli_get_pdc_name(struct cli_state *cli, const char *workgroup, char **pdc_name) { char *rparam = NULL; char *rdata = NULL; diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c index 25c1f42..0d47b65 100644 --- a/source/utils/net_rpc.c +++ b/source/utils/net_rpc.c @@ -5841,7 +5841,49 @@ static int rpc_trustdom_del(int argc, const char **argv) return -1; } } - + +static NTSTATUS rpc_trustdom_get_pdc(struct cli_state *cli, +TALLOC_CTX *mem_ctx, +const char *domain_name) +{ + char *dc_name = NULL; + const char *buffer = NULL; + struct rpc_pipe_client *netr; + NTSTATUS status; + + /* Use NetServerEnum2 */ + + if (cli_get_pdc_name(cli, domain_name, dc_name)) { + SAFE_FREE(dc_name); + return NT_STATUS_OK; + } + + DEBUG(1,(NetServerEnum2 error: Couldn't find primary domain controller\ +for domain %s\n, domain_name)); + + /* Try netr_GetDcName */ + + netr = cli_rpc_pipe_open_noauth(cli, PI_NETLOGON, status); + if (!netr) { + return status; + } + + status = rpccli_netr_GetDcName(netr, mem_ctx, + cli-desthost, + domain_name, + buffer, + NULL); + cli_rpc_pipe_close(netr); + + if (NT_STATUS_IS_OK(status)) { + return status; + } + + DEBUG(1,(netr_GetDcName error: Couldn't find primary domain controller\ +for domain %s\n, domain_name)); + + return status; +} /** * Establish trust relationship to a trusting domain. @@ -5866,7 +5908,6 @@ static int rpc_trustdom_establish(int argc, const char **argv) char* domain_name; char* acct_name; fstring pdc_name; - char *dc_name; union lsa_PolicyInformation *info = NULL; /* @@ -5927,18 +5968,6 @@ static int rpc_trustdom_establish(int argc, const char **argv) return -1; } - /* -* Use NetServerEnum2 to make sure we're talking to a proper server -*/ - - if (!cli_get_pdc_name(cli, domain_name, dc_name)) { - DEBUG(0, (NetServerEnum2 error: Couldn't find primary domain controller\ -for domain %s\n, domain_name)); - cli_shutdown(cli); - return -1; - } - SAFE_FREE(dc_name); - if (!(mem_ctx = talloc_init(establishing trust relationship to domain %s, domain_name))) { DEBUG(0, (talloc_init() failed\n)); @@ -5946,6 +5975,15 @@ static int rpc_trustdom_establish(int argc, const char **argv) return -1; } + /* Make sure we're talking to a proper server */ + + nt_status = rpc_trustdom_get_pdc(cli, mem_ctx, domain_name); + if (!NT_STATUS_IS_OK(nt_status)) { + cli_shutdown(cli); + talloc_destroy(mem_ctx); + return -1; + } + /* * Call LsaOpenPolicy and LsaQueryInfo */ -- Samba
Re: [SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-622-gb12edbe
On Wed, Apr 02, 2008 at 05:54:27AM -0500, G??nther Deschner wrote: The branch, v3-2-test has been updated via b12edbeffee1f7d1fd971cde9189e5137ddeb35b (commit) via 8a1a9f967db25d3928f19e46d60af249f934f323 (commit) from 4714bae0dbbb2ad010c2929f83de6bca84cfac46 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit b12edbeffee1f7d1fd971cde9189e5137ddeb35b Author: GĂźnther Deschner [EMAIL PROTECTED] Date: Wed Apr 2 12:29:24 2008 +0200 Fix net rpc trustdom establish for win2k8 trusts. When establishing trusts to a windows 2008 dc, the NetServerEnum2 RAP call fails with some exotic RAP failure. Let's just try a netlogon getdcname call in that case to convince ourselve we're talking to a proper machine. Rafael, looks ok? Yep, though (as we discussed on #samba-technical) we should probably drop doing RAP call here or provide fallback perhaps. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org Likewise Software http://www.likewisesoftware.com signature.asc Description: Digital signature
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha3-17-gd777a83
The branch, v4-0-test has been updated via d777a83b8478bf09a45eccde38036eccbd219df8 (commit) via 9692a48aeb1c22a86a98ca736f173b2332a87480 (commit) via 4d1fb503de31c5c81eb22cdd0a61eae5e4813b40 (commit) via e67d8c7b6a5035c64d96ff92494ae38f7b6d8205 (commit) via ba91b609f5a6e2dd93b931a155cbce0c27ebd6d6 (commit) via 873941d8a8dca8e7ace83f9af9939e4264f78c96 (commit) via d4272bc6bcfcd71fa93edb25bb33d6458e8b33cd (commit) via c46b7e90e347da76156ddcae4866adb88e9fec21 (commit) via 03226035aaa8d4fc68996b08bc6beb43feabbd3a (commit) via 2dc2bb800dab3f7dbdba01f5ca5076edd1a2b0f3 (commit) from 696b58f5dd8370b7ee0670c7a3e5db10234b41ff (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit d777a83b8478bf09a45eccde38036eccbd219df8 Merge: 9692a48aeb1c22a86a98ca736f173b2332a87480 696b58f5dd8370b7ee0670c7a3e5db10234b41ff Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 16:53:10 2008 +0200 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into tmp commit 9692a48aeb1c22a86a98ca736f173b2332a87480 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 16:08:21 2008 +0200 Include right perl directory when installed. commit 4d1fb503de31c5c81eb22cdd0a61eae5e4813b40 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 16:05:54 2008 +0200 Install samba-hostconfig library. commit e67d8c7b6a5035c64d96ff92494ae38f7b6d8205 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 16:03:31 2008 +0200 Install pidl to the same directory as Samba. commit ba91b609f5a6e2dd93b931a155cbce0c27ebd6d6 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 15:53:45 2008 +0200 Fix dependency on samba-hostconfig. commit 873941d8a8dca8e7ace83f9af9939e4264f78c96 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 15:26:00 2008 +0200 Add context pointer to secrets functions. commit d4272bc6bcfcd71fa93edb25bb33d6458e8b33cd Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 15:17:18 2008 +0200 Add userdata argument to reseed callback function. commit c46b7e90e347da76156ddcae4866adb88e9fec21 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 15:08:30 2008 +0200 Rename libsamba-config to libsamba-hostconfig. commit 03226035aaa8d4fc68996b08bc6beb43feabbd3a Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 15:03:24 2008 +0200 Add README file explaining param/. commit 2dc2bb800dab3f7dbdba01f5ca5076edd1a2b0f3 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 14:51:06 2008 +0200 Move ini-like file parser to the utility library. --- Summary of changes: source/client/config.mk|4 +- source/configure.ac|2 +- source/heimdal_build/config.mk |2 +- source/ldap_server/config.mk |2 +- source/lib/policy/config.mk|4 +- source/lib/registry/config.mk |8 +- source/lib/tls/config.mk |2 +- source/lib/util/config.mk |3 +- source/lib/util/genrand.c |8 +- source/lib/util/tests/genrand.c|4 +- source/lib/util/util.h | 10 +- source/libcli/auth/config.mk |2 +- source/libcli/config.mk|6 +- source/librpc/config.mk|6 +- source/librpc/ndr.pc.in|2 +- source/nbt_server/config.mk|2 +- source/nsswitch/config.mk |2 +- source/param/README|4 + source/param/config.mk |8 +- source/param/params.c | 587 .../{samba-config.pc.in = samba-hostconfig.pc.in} |6 +- source/param/secrets.c | 33 +- source/param/secrets.h |3 +- source/pidl/config.mk |5 +- source/pidl/pidl |2 +- source/scripting/ejs/config.mk |2 +- source/smbd/config.mk |2 +- source/smbd/process_model.mk |2 +- source/smbd/process_standard.c |3 - source/smbd/server.c |2 +- source/torture/config.mk |8 +- source/utils/config.mk |8 +- source/utils/net/config.mk |2 +- 33 files changed, 78 insertions(+), 668 deletions(-) create mode 100644 source/param/README delete
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha3-29-g2763fc6
The branch, v4-0-test has been updated via 2763fc6294aa35018d4317dd9eebcba969e70333 (commit) via 0e371cf169e9a607fcbb3e65437ab9413935dd52 (commit) via 8c3591d98f42a75d68d698f7b4be8f2e0284522f (commit) via 3e8aecbc2ee3c0bb32aa83c5035a758f16f344cb (commit) via 92e71c19f4e1d3ca123a083942ec578d21f7012c (commit) via 71aa38842c270d52d39b805bf7ce29e25e062024 (commit) via 3ca14fdf74d2510049bbdbbd2a5be341412cda1b (commit) via 7b434df67aefc667993f0ebd955af9c1c258f153 (commit) via 2243e24024f09ff9c9c7d0eb735c3b39c9d84424 (commit) via 47ffbbf67435904754469544390b67d34c958343 (commit) via 0528e30cf7c8a18c757e8cd9ddd6bea235ae4f1f (commit) via 7bfe359c73aac96f8e983e8d5e9621235cf79a3a (commit) from d777a83b8478bf09a45eccde38036eccbd219df8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 2763fc6294aa35018d4317dd9eebcba969e70333 Merge: 0e371cf169e9a607fcbb3e65437ab9413935dd52 d777a83b8478bf09a45eccde38036eccbd219df8 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 19:02:01 2008 +0200 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into openchange commit 0e371cf169e9a607fcbb3e65437ab9413935dd52 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 16:47:17 2008 +0200 Reintroduce header previously autogenerated but ignored by git. Also fixed extra include in regpatch. commit 8c3591d98f42a75d68d698f7b4be8f2e0284522f Merge: 3e8aecbc2ee3c0bb32aa83c5035a758f16f344cb 696b58f5dd8370b7ee0670c7a3e5db10234b41ff Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 14:33:56 2008 +0200 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into openchange commit 3e8aecbc2ee3c0bb32aa83c5035a758f16f344cb Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 14:23:22 2008 +0200 Remove no longer installed files. commit 92e71c19f4e1d3ca123a083942ec578d21f7012c Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 14:18:31 2008 +0200 Move handle utility functions to public header, remove more public headers. commit 71aa38842c270d52d39b805bf7ce29e25e062024 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 14:10:16 2008 +0200 Trim down installed headers some more. commit 3ca14fdf74d2510049bbdbbd2a5be341412cda1b Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 13:59:48 2008 +0200 Merge hive.h into registry.h commit 7b434df67aefc667993f0ebd955af9c1c258f153 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 13:58:05 2008 +0200 Merge patchfile.h into registry.h commit 2243e24024f09ff9c9c7d0eb735c3b39c9d84424 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 13:41:10 2008 +0200 Reduce the number of installed headers. commit 47ffbbf67435904754469544390b67d34c958343 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 04:53:27 2008 +0200 Install public header files again and include required prototypes. commit 0528e30cf7c8a18c757e8cd9ddd6bea235ae4f1f Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 00:01:04 2008 +0200 Don't write public functions to protoheaders. Since the public functions can be used by external parties we should make changing their signature as hard as possible. It's also a lot easier to document functions in manually written headers. commit 7bfe359c73aac96f8e983e8d5e9621235cf79a3a Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Tue Apr 1 16:18:31 2008 +0200 Add warning to public headers. --- Summary of changes: .gitignore |3 - source/auth/auth.c | 17 +- source/auth/auth.h | 59 +- source/auth/auth_anonymous.c|1 + source/auth/auth_developer.c|1 + source/auth/auth_sam.c |1 + source/auth/auth_simple.c |1 + source/auth/auth_unix.c |1 + source/auth/auth_util.c |2 +- source/auth/auth_winbind.c |2 + source/auth/config.mk |4 +- source/auth/credentials/config.mk |2 +- source/auth/credentials/credentials.c | 70 +++--- source/auth/credentials/credentials.h | 113 +- source/auth/credentials/credentials_files.c | 14 +- source/auth/credentials/credentials_krb5.c | 27 +- source/auth/credentials/credentials_ntlm.c |4 +- source/auth/gensec/config.mk|2 +- source/auth/gensec/cyrus_sasl.c |1 + source/auth/gensec/gensec.c | 47 ++-- source/auth/gensec/gensec.h | 92 +++- source/auth/gensec/gensec_gssapi.c |2 + source/auth/gensec/gensec_krb5.c
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha3-30-gfc50e78
The branch, v4-0-test has been updated via fc50e78e2631e8253571bc236302e2859e4d1559 (commit) from 2763fc6294aa35018d4317dd9eebcba969e70333 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit fc50e78e2631e8253571bc236302e2859e4d1559 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Wed Apr 2 19:05:31 2008 +0200 Re-add params file to git. --- Summary of changes: source/lib/util/params.c | 587 ++ 1 files changed, 587 insertions(+), 0 deletions(-) create mode 100644 source/lib/util/params.c Changeset truncated at 500 lines: diff --git a/source/lib/util/params.c b/source/lib/util/params.c new file mode 100644 index 000..3a9e2b9 --- /dev/null +++ b/source/lib/util/params.c @@ -0,0 +1,587 @@ +/* -- ** + * Microsoft Network Services for Unix, AKA., Andrew Tridgell's SAMBA. + * + * This module Copyright (C) 1990-1998 Karl Auer + * + * Rewritten almost completely by Christopher R. Hertel + * at the University of Minnesota, September, 1997. + * This module Copyright (C) 1997-1998 by the University of Minnesota + * -- ** + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see http://www.gnu.org/licenses/. + * + * -- ** + * + * Module name: params + * + * -- ** + * + * This module performs lexical analysis and initial parsing of a + * Windows-like parameter file. It recognizes and handles four token + * types: section-name, parameter-name, parameter-value, and + * end-of-file. Comments and line continuation are handled + * internally. + * + * The entry point to the module is function pm_process(). This + * function opens the source file, calls the Parse() function to parse + * the input, and then closes the file when either the EOF is reached + * or a fatal error is encountered. + * + * A sample parameter file might look like this: + * + * [section one] + * parameter one = value string + * parameter two = another value + * [section two] + * new parameter = some value or t'other + * + * The parameter file is divided into sections by section headers: + * section names enclosed in square brackets (eg. [section one]). + * Each section contains parameter lines, each of which consist of a + * parameter name and value delimited by an equal sign. Roughly, the + * syntax is: + * + *file:== { section } EOF + * + *section :== section header { parameter line } + * + *section header :== '[' NAME ']' + * + *parameter line :== NAME '=' VALUE '\n' + * + * Blank lines and comment lines are ignored. Comment lines are lines + * beginning with either a semicolon (';') or a pound sign ('#'). + * + * All whitespace in section names and parameter names is compressed + * to single spaces. Leading and trailing whitespace is stipped from + * both names and values. + * + * Only the first equals sign in a parameter line is significant. + * Parameter values may contain equals signs, square brackets and + * semicolons. Internal whitespace is retained in parameter values, + * with the exception of the '\r' character, which is stripped for + * historic reasons. Parameter names may not start with a left square + * bracket, an equal sign, a pound sign, or a semicolon, because these + * are used to identify other tokens. + * + * -- ** + */ + +#include includes.h +#include system/locale.h + +/* -- ** + * Constants... + */ + +#define BUFR_INC 1024 + + +/* we can't use FILE* due to the 256 fd limit - use this cheap hack + instead */ +typedef struct { + char *buf; + char *p; + size_t size; + char *bufr; + int bSize; +} myFILE; + +static int mygetc(myFILE *f) +{ + if (f-p = f-buf+f-size) return EOF; +/* be sure to return chars 127 as positive values */ + return (int)( *(f-p++) 0x00FF ); +} +
[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-28a-16-gcd6d910
The branch, v3-0-test has been updated via cd6d910c4dd44a07dd7b8f197d6ea5a441fbefa1 (commit) from 4648c1ab78ccf00893c10a024928f165101c8e12 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log - commit cd6d910c4dd44a07dd7b8f197d6ea5a441fbefa1 Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Apr 2 11:23:38 2008 -0700 Fix MSDFS bug noticed by Ofir Azoulay [EMAIL PROTECTED]. There is no reason to ensure the target host is ourselves, and this breaks MS clients in some cases. Jeremy. --- Summary of changes: source/smbd/msdfs.c | 27 --- 1 files changed, 0 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/msdfs.c b/source/smbd/msdfs.c index 74acf3d..982d0ae 100644 --- a/source/smbd/msdfs.c +++ b/source/smbd/msdfs.c @@ -106,26 +106,6 @@ static NTSTATUS parse_dfs_path(const char *pathname, fstrcpy(pdp-hostname,temp); DEBUG(10,(parse_dfs_path: hostname: %s\n,pdp-hostname)); - /* If we got a hostname, is it ours (or an IP address) ? */ - if (!is_myname_or_ipaddr(pdp-hostname)) { - /* Repair path. */ - *p = sepchar; - DEBUG(10,(parse_dfs_path: hostname %s isn't ours. Try local path from path %s\n, - pdp-hostname, temp)); - /* -* Possibly client sent a local path by mistake. -* Try and convert to a local path. -*/ - - pdp-hostname[0] = '\0'; - pdp-servicename[0] = '\0'; - - p = temp; - DEBUG(10,(parse_dfs_path: trying to convert %s to a local path\n, - temp)); - goto local_path; - } - /* Parse out servicename. */ temp = p+1; p = strchr_m(temp,sepchar); @@ -610,13 +590,6 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx, return status; } - /* Verify hostname in path */ - if (!is_myname_or_ipaddr(dp.hostname)) { - DEBUG(3, (get_referred_path: Invalid hostname %s in path %s\n, - dp.hostname, dfs_path)); - return NT_STATUS_NOT_FOUND; - } - fstrcpy(jucn-service_name, dp.servicename); pstrcpy(jucn-volume_name, dp.reqpath); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-623-gc19fdf4
The branch, v3-2-test has been updated via c19fdf43d16ce9fba3e8e12e6192bac31837715e (commit) from b12edbeffee1f7d1fd971cde9189e5137ddeb35b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit c19fdf43d16ce9fba3e8e12e6192bac31837715e Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Apr 2 11:23:36 2008 -0700 Fix MSDFS bug noticed by Ofir Azoulay [EMAIL PROTECTED]. There is no reason to ensure the target host is ourselves, and this breaks MS clients in some cases. Jeremy. --- Summary of changes: source/smbd/msdfs.c | 30 -- 1 files changed, 0 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/source/smbd/msdfs.c b/source/smbd/msdfs.c index 8ffa0f7..fb757a5 100644 --- a/source/smbd/msdfs.c +++ b/source/smbd/msdfs.c @@ -127,28 +127,6 @@ static NTSTATUS parse_dfs_path(const char *pathname, DEBUG(10,(parse_dfs_path: hostname: %s\n,pdp-hostname)); - /* If we got a hostname, is it ours (or an IP address) ? */ - if (!is_myname_or_ipaddr(pdp-hostname)) { - /* Repair path. */ - *p = sepchar; - DEBUG(10,(parse_dfs_path: hostname %s isn't ours. - Try local path from path %s\n, - pdp-hostname, temp)); - /* -* Possibly client sent a local path by mistake. -* Try and convert to a local path. -*/ - - pdp-hostname = eos_ptr; /* */ - pdp-servicename = eos_ptr; /* */ - - p = temp; - DEBUG(10,(parse_dfs_path: trying to convert %s - to a local path\n, - temp)); - goto local_path; - } - /* Parse out servicename. */ temp = p+1; p = strchr_m(temp,sepchar); @@ -751,14 +729,6 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx, return status; } - /* Verify hostname in path */ - if (!is_myname_or_ipaddr(pdp-hostname)) { - DEBUG(3, (get_referred_path: Invalid hostname %s in path %s\n, - pdp-hostname, dfs_path)); - TALLOC_FREE(pdp); - return NT_STATUS_NOT_FOUND; - } - jucn-service_name = talloc_strdup(ctx, pdp-servicename); jucn-volume_name = talloc_strdup(ctx, pdp-reqpath); if (!jucn-service_name || !jucn-volume_name) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha3-41-g8c27941
The branch, v4-0-test has been updated via 8c27941171999d2d42834b92a2693aca0435d345 (commit) via 206b7d387c6d17e5cc40fd45b489abac9235a7a4 (commit) via 018eb64f038210279b90925e6a981c067aef4be9 (commit) via ac5e5fee1db2999053dee82d1fcf97ca8799c9b5 (commit) via 2908a77fa5c32e92665775a5785345f704202f0a (commit) via 25cbb1b76720a271984ad5c023e45476094562f1 (commit) via 033db9730f1aa6d1941fbb83f55578aaa75e28bd (commit) via 3e3563f2840e7cd795f5fc157003af3c932cb4d1 (commit) via 02c7913bf29ab8cc7e9ce3efe854c02a3c3200cc (commit) via 0e66e443ad42f9644aafc1858ac8d01c7c699337 (commit) via 38413ed4b6957e5f72e78a04f479c6a5d8b69ef5 (commit) from fc50e78e2631e8253571bc236302e2859e4d1559 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 8c27941171999d2d42834b92a2693aca0435d345 Author: Kai Blin [EMAIL PROTECTED] Date: Fri Mar 28 23:36:05 2008 +0100 WHATSNEW: Added information about the new idmap system commit 206b7d387c6d17e5cc40fd45b489abac9235a7a4 Author: Kai Blin [EMAIL PROTECTED] Date: Tue Apr 1 00:17:00 2008 +0200 provision: Set up id mappings in the idmap db, only map Administrator. commit 018eb64f038210279b90925e6a981c067aef4be9 Author: Kai Blin [EMAIL PROTECTED] Date: Tue Apr 1 00:05:02 2008 +0200 idmap: Also store sid type in the idmap db commit ac5e5fee1db2999053dee82d1fcf97ca8799c9b5 Author: Kai Blin [EMAIL PROTECTED] Date: Fri Mar 28 23:29:01 2008 +0100 ntvfs: Use wbclient for pvfs_acl and pvfs_acl_nfs4 commit 2908a77fa5c32e92665775a5785345f704202f0a Author: Kai Blin [EMAIL PROTECTED] Date: Fri Mar 28 11:00:52 2008 +0100 ntvfs: Use wbclient in vsf_unixuid, not sidmap commit 25cbb1b76720a271984ad5c023e45476094562f1 Author: Kai Blin [EMAIL PROTECTED] Date: Sat Mar 22 08:33:26 2008 +0100 rpc_server: Remove references to sidmap from the lsa pipe code. commit 033db9730f1aa6d1941fbb83f55578aaa75e28bd Author: Kai Blin [EMAIL PROTECTED] Date: Wed Mar 19 19:34:32 2008 +0100 rpc_server: Use wbclient instead of sidmap in unixinfo pipe commit 3e3563f2840e7cd795f5fc157003af3c932cb4d1 Author: Kai Blin [EMAIL PROTECTED] Date: Sat Mar 29 01:42:06 2008 +0100 wbclient: Add an async winbind client library. commit 02c7913bf29ab8cc7e9ce3efe854c02a3c3200cc Author: Kai Blin [EMAIL PROTECTED] Date: Sat Mar 29 00:25:16 2008 +0100 winbind: Bump down the debuglevel. commit 0e66e443ad42f9644aafc1858ac8d01c7c699337 Author: Kai Blin [EMAIL PROTECTED] Date: Sat Mar 29 00:31:37 2008 +0100 IRPC: Add include guards for the header. commit 38413ed4b6957e5f72e78a04f479c6a5d8b69ef5 Author: Kai Blin [EMAIL PROTECTED] Date: Fri Mar 21 22:27:02 2008 +0100 util: Add talloc_get_type_abort() call. --- Summary of changes: WHATSNEW.txt |5 + source/headermap.txt |4 + source/lib/messaging/irpc.h |4 + source/lib/util/util.c | 15 ++ source/lib/util/util.h |7 + source/libcli/config.mk |1 + source/libcli/wbclient/config.mk |6 + source/libcli/wbclient/wbclient.c| 210 ++ source/libcli/wbclient/wbclient.h| 50 ++ source/librpc/idl/lsa.idl|2 +- source/librpc/idl/winbind.idl| 34 - source/ntvfs/posix/pvfs_acl.c| 100 ++--- source/ntvfs/posix/pvfs_acl_nfs4.c | 106 ++ source/ntvfs/posix/vfs_posix.c |6 +- source/ntvfs/posix/vfs_posix.h |3 +- source/ntvfs/unixuid/vfs_unixuid.c | 72 ++--- source/rpc_server/config.mk |3 +- source/rpc_server/lsa/lsa.h |1 - source/rpc_server/lsa/lsa_init.c |5 - source/rpc_server/lsa/lsa_lookup.c |5 +- source/rpc_server/unixinfo/dcesrv_unixinfo.c | 160 +++- source/scripting/python/samba/idmap.py | 73 + source/scripting/python/samba/provision.py | 98 ++-- source/scripting/python/samba/samdb.py | 19 --- source/winbind/idmap.c | 145 +- source/winbind/idmap.h | 20 +--- source/winbind/wb_irpc.c | 70 + source/winbind/wb_xids2sids.c|4 +- 28 files changed, 942 insertions(+), 286 deletions(-) create mode 100644 source/libcli/wbclient/config.mk create mode 100644 source/libcli/wbclient/wbclient.c create mode 100644 source/libcli/wbclient/wbclient.h create mode 100644 source/scripting/python/samba/idmap.py Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha3-42-g21fcf7c
The branch, v4-0-test has been updated via 21fcf7c419658b3ae296428ca7a4ccf2288c17fe (commit) from 8c27941171999d2d42834b92a2693aca0435d345 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 21fcf7c419658b3ae296428ca7a4ccf2288c17fe Author: Kai Blin [EMAIL PROTECTED] Date: Thu Apr 3 00:01:34 2008 +0200 provision: Remove backup group mapping Some distros seem to neither have a backup nor a staff group. --- Summary of changes: source/scripting/python/samba/provision.py | 13 +++-- 1 files changed, 3 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/source/scripting/python/samba/provision.py b/source/scripting/python/samba/provision.py index a8ced61..6917aa1 100644 --- a/source/scripting/python/samba/provision.py +++ b/source/scripting/python/samba/provision.py @@ -399,7 +399,7 @@ def load_or_make_smbconf(smbconf, setup_path, hostname, domain, realm, serverrol return lp def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, -users_gid, wheel_gid, backup_gid): +users_gid, wheel_gid): setup reasonable name mappings for sam names to unix names. :param samdb: SamDB object. @@ -409,8 +409,7 @@ def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, :param root_uid: uid of the UNIX root user. :param nobody_uid: uid of the UNIX nobody user. :param users_gid: gid of the UNIX users group. -:param wheel_gid: gid of the UNIX wheel group. -:param backup_gid: gid of the UNIX backup group. +:param wheel_gid: gid of the UNIX wheel group. # add some foreign sids if they are not present already samdb.add_foreign(domaindn, S-1-5-7, Anonymous) samdb.add_foreign(domaindn, S-1-1-0, World) @@ -420,7 +419,6 @@ def setup_name_mappings(samdb, idmap, sid, domaindn, root_uid, nobody_uid, idmap.setup_name_mapping(S-1-5-7, idmap.TYPE_UID, nobody_uid) idmap.setup_name_mapping(S-1-5-32-544, idmap.TYPE_GID, wheel_gid) -idmap.setup_name_mapping(S-1-5-32-551, idmap.TYPE_GID, backup_gid) idmap.setup_name_mapping(sid + -500, idmap.TYPE_UID, root_uid) idmap.setup_name_mapping(sid + -513, idmap.TYPE_GID, users_gid) @@ -927,10 +925,6 @@ def provision(setup_dir, message, session_info, wheel_gid = findnss(grp.getgrnam, [wheel, adm])[2] else: wheel_gid = findnss(grp.getgrnam, [wheel])[2] -if backup is None: -backup_gid = findnss(grp.getgrnam, [backup, staff])[2] -else: -backup_gid = findnss(grp.getgrnam, [backup])[2] if aci is None: aci = # no aci for local ldb @@ -1023,8 +1017,7 @@ def provision(setup_dir, message, session_info, if samdb_fill == FILL_FULL: setup_name_mappings(samdb, idmap, str(domainsid), names.domaindn, root_uid=root_uid, nobody_uid=nobody_uid, -users_gid=users_gid, wheel_gid=wheel_gid, -backup_gid=backup_gid) +users_gid=users_gid, wheel_gid=wheel_gid) message(Setting up sam.ldb rootDSE marking as synchronized) setup_modify_ldif(samdb, setup_path(provision_rootdse_modify.ldif)) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-624-gf606912
The branch, v3-2-test has been updated via f6069126e5e6d239b1ae00e897a420227f923e3f (commit) from c19fdf43d16ce9fba3e8e12e6192bac31837715e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit f6069126e5e6d239b1ae00e897a420227f923e3f Author: Simo Sorce [EMAIL PROTECTED] Date: Tue Apr 1 18:25:47 2008 -0400 Fix trusted users on a DC that uses the old idmap syntax. There was no default backend therefore on IDs were mapped by default. --- Summary of changes: source/winbindd/idmap.c | 70 +++ 1 files changed, 70 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/winbindd/idmap.c b/source/winbindd/idmap.c index c1b4e10..10807e6 100644 --- a/source/winbindd/idmap.c +++ b/source/winbindd/idmap.c @@ -522,6 +522,76 @@ NTSTATUS idmap_init(void) talloc_free(config_option); } + /* on DCs we need to add idmap_tdb as the default backend if compat is +* defined (when the old implicit configuration is used) +* This is not done in the previous loop a on member server we exclude +* the local domain. But on a DC the local domain is the only domain +* available therefore we are left with no default domain */ + if (((lp_server_role() == ROLE_DOMAIN_PDC) || +(lp_server_role() == ROLE_DOMAIN_BDC)) +((num_domains == 0) (compat == 1))) { + + dom = TALLOC_ZERO_P(idmap_ctx, struct idmap_domain); + IDMAP_CHECK_ALLOC(dom); + + dom-name = talloc_strdup(dom, __default__); + IDMAP_CHECK_ALLOC(dom-name); + + dom-default_domain = True; + dom-readonly = False; + + /* get the backend methods for this domain */ + dom-methods = get_methods(backends, compat_backend); + + if ( ! dom-methods) { + ret = smb_probe_module(idmap, compat_backend); + if (NT_STATUS_IS_OK(ret)) { + dom-methods = get_methods(backends, + compat_backend); + } + } + if ( ! dom-methods) { + DEBUG(0, (ERROR: Could not get methods for + backend %s\n, compat_backend)); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* now that we have methods, +* set the destructor for this domain */ + talloc_set_destructor(dom, close_domain_destructor); + + dom-params = talloc_strdup(dom, compat_params); + IDMAP_CHECK_ALLOC(dom-params); + + /* Finally instance a backend copy for this domain */ + ret = dom-methods-init(dom); + if ( ! NT_STATUS_IS_OK(ret)) { + DEBUG(0, (ERROR: Initialization failed for backend + %s (domain %s), deferred!\n, + compat_backend, dom-name)); + } + idmap_domains = talloc_realloc(idmap_ctx, idmap_domains, + struct idmap_domain *, 2); + if ( ! idmap_domains) { + DEBUG(0, (Out of memory!\n)); + ret = NT_STATUS_NO_MEMORY; + goto done; + } + idmap_domains[num_domains] = dom; + + def_dom_num = num_domains; + + /* Bump counter to next available slot */ + + num_domains++; + + DEBUG(10, (Domain %s - Backend %s - %sdefault - %sreadonly\n, + dom-name, compat_backend, + dom-default_domain?:not , + dom-readonly?:not )); + } + /* automatically add idmap_nss backend if needed */ if ((lp_server_role() == ROLE_DOMAIN_MEMBER) ( ! pri_dom_is_in_list) -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-626-gea3cfad
The branch, v3-2-test has been updated via ea3cfadc2504c891b4784719bd8e6debcc38c879 (commit) via 9e15ce03ca66a0b5ffdb39dd2faaad6e0f967e31 (commit) from f6069126e5e6d239b1ae00e897a420227f923e3f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit ea3cfadc2504c891b4784719bd8e6debcc38c879 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Apr 3 00:23:50 2008 +0200 Fix rpccli_lsa_lookup_sids_noalloc. When looking up e.g. a trusted doamin account, there is just no name. Michael, please check. Guenther commit 9e15ce03ca66a0b5ffdb39dd2faaad6e0f967e31 Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Apr 2 15:26:27 2008 +0200 Add NT_STATUS_RPC_CANNOT_SUPPORT. Guenther --- Summary of changes: source/include/nterr.h |1 + source/libsmb/nterr.c |1 + source/rpc_client/cli_lsarpc.c | 14 +++--- 3 files changed, 13 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/nterr.h b/source/include/nterr.h index 5749c4e..612cf6e 100644 --- a/source/include/nterr.h +++ b/source/include/nterr.h @@ -566,5 +566,6 @@ #define NT_STATUS_DOWNGRADE_DETECTED NT_STATUS(0xC000 | 0x0388) #define NT_STATUS_NO_SUCH_JOB NT_STATUS(0xC000 | 0xEDE) /* scheduler */ #define NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED NT_STATUS(0xC000 | 0x20004) +#define NT_STATUS_RPC_CANNOT_SUPPORT NT_STATUS(0xC000 | 0x20041) #endif /* _NTERR_H */ diff --git a/source/libsmb/nterr.c b/source/libsmb/nterr.c index 608fe9d..fc63403 100644 --- a/source/libsmb/nterr.c +++ b/source/libsmb/nterr.c @@ -539,6 +539,7 @@ static const nt_err_code_struct nt_errs[] = { STATUS_MORE_ENTRIES, STATUS_MORE_ENTRIES }, { STATUS_SOME_UNMAPPED, STATUS_SOME_UNMAPPED }, { STATUS_NO_MORE_FILES, STATUS_NO_MORE_FILES }, + { NT_STATUS_RPC_CANNOT_SUPPORT, NT_STATUS_RPC_CANNOT_SUPPORT }, { NULL, NT_STATUS(0) } }; diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c index 3d57e22..37387a0 100644 --- a/source/rpc_client/cli_lsarpc.c +++ b/source/rpc_client/cli_lsarpc.c @@ -203,11 +203,19 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli, dom_name = ref_domains-domains[dom_idx].name.string; name = lsa_names.names[i].name.string; - (names)[i] = talloc_strdup(mem_ctx, name); + if (name) { + (names)[i] = talloc_strdup(mem_ctx, name); + if ((names)[i] == NULL) { + DEBUG(0, (cli_lsa_lookup_sids_noalloc(): out of memory\n)); + result = NT_STATUS_UNSUCCESSFUL; + goto done; + } + } else { + (names)[i] = NULL; + } (domains)[i] = talloc_strdup(mem_ctx, dom_name); (types)[i] = lsa_names.names[i].sid_type; - - if (((names)[i] == NULL) || ((domains)[i] == NULL)) { + if (((domains)[i] == NULL)) { DEBUG(0, (cli_lsa_lookup_sids_noalloc(): out of memory\n)); result = NT_STATUS_UNSUCCESSFUL; goto done; -- Samba Shared Repository
Build status as of Thu Apr 3 00:00:02 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-04-02 00:00:44.0 + +++ /home/build/master/cache/broken_results.txt 2008-04-03 00:00:49.0 + @@ -1,4 +1,4 @@ -Build status as of Wed Apr 2 00:00:01 2008 +Build status as of Thu Apr 3 00:00:02 2008 Build counts: Tree Total Broken Panic @@ -6,17 +6,17 @@ ccache 29 9 0 ctdb 0 0 0 distcc 1 0 0 -ldb 29 12 0 +ldb 29 13 0 libreplace 28 10 0 lorikeet-heimdal 23 19 0 pidl 16 14 0 ppp 9 0 0 -rsync29 12 0 +rsync29 13 0 samba-docs 0 0 0 samba-gtk4 4 0 -samba_3_2_test 29 15 0 -samba_4_0_test 27 19 0 +samba_3_2_test 28 16 0 +samba_4_0_test 27 22 0 smb-build27 3 0 -talloc 29 6 0 -tdb 29 12 0 +talloc 29 7 0 +tdb 29 13 0
[SCM] UNNAMED PROJECT - branch master updated - 4c006c675d577d4a45f4db2929af6d50bc28dd9e
The branch, master has been updated via 4c006c675d577d4a45f4db2929af6d50bc28dd9e (commit) from 794ed5852c09deaffd1817f8a443b4711ed4d06f (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 4c006c675d577d4a45f4db2929af6d50bc28dd9e Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Thu Apr 3 10:58:51 2008 +1100 From Chris Cowan Add support in AIX to track the PID of a client that connects to the unix domain socket --- Summary of changes: server/ctdb_daemon.c |9 + 1 files changed, 9 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_daemon.c b/server/ctdb_daemon.c index 900d4e8..3ba5998 100644 --- a/server/ctdb_daemon.c +++ b/server/ctdb_daemon.c @@ -529,8 +529,13 @@ static void ctdb_accept_client(struct event_context *ev, struct fd_event *fde, int fd; struct ctdb_context *ctdb = talloc_get_type(private_data, struct ctdb_context); struct ctdb_client *client; +#ifdef _AIX + struct peercred_struct cr; + socklen_t crl = sizeof(struct peercred_struct); +#else struct ucred cr; socklen_t crl = sizeof(struct ucred); +#endif memset(addr, 0, sizeof(addr)); len = sizeof(addr); @@ -543,7 +548,11 @@ static void ctdb_accept_client(struct event_context *ev, struct fd_event *fde, set_close_on_exec(fd); client = talloc_zero(ctdb, struct ctdb_client); +#ifdef _AIX + if (getsockopt(fd, SOL_SOCKET, SO_PEERID, cr, crl) == 0) { +#else if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, cr, crl) == 0) { +#endif talloc_asprintf(client, struct ctdb_client: pid:%u, (unsigned)cr.pid); } -- UNNAMED PROJECT
[SCM] Samba GTK+ frontends branch, master, updated. 86aaae79af5ce5aad89b1a9145dd6787c772a8ae
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project Samba GTK+ frontends. The branch, master has been updated via 86aaae79af5ce5aad89b1a9145dd6787c772a8ae (commit) via 7ca20a356059aecf1443c187a2eb7ecf56c8b465 (commit) via 1245d469b4576bfa45b3123109d7c9804061901d (commit) from ec4f87e2632e728ded332e5af60e2e37dc9dd8c7 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - --- Summary of changes: .gitignore |4 + gtkldb.py| 184 ++ tools/gregedit.c | 138 +++- 3 files changed, 240 insertions(+), 86 deletions(-) create mode 100644 .gitignore create mode 100755 gtkldb.py hooks/post-receive -- Samba GTK+ frontends
[SCM] Samba GTK+ frontends branch, master, updated. bb16484a143fbd2476b5d9e162077e211db99c56
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project Samba GTK+ frontends. The branch, master has been updated via bb16484a143fbd2476b5d9e162077e211db99c56 (commit) via 0e8f4ab45fad314e957ee6519ac47373648993eb (commit) via 2e5c57c4c2ab984751b3bfa650cdd663898841ab (commit) via ed2b5a0f55f398b7e7300c7a42ef8a71fe90e881 (commit) from 86aaae79af5ce5aad89b1a9145dd6787c772a8ae (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit bb16484a143fbd2476b5d9e162077e211db99c56 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Thu Apr 3 02:31:15 2008 +0200 Add rule for creating soname symlink. commit 0e8f4ab45fad314e957ee6519ac47373648993eb Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Thu Apr 3 02:27:18 2008 +0200 Ignore generated files. commit 2e5c57c4c2ab984751b3bfa650cdd663898841ab Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Thu Apr 3 02:25:59 2008 +0200 Update to new Samba (post alpha3). commit ed2b5a0f55f398b7e7300c7a42ef8a71fe90e881 Author: Jelmer Vernooij [EMAIL PROTECTED] Date: Sun Mar 9 15:05:20 2008 +0100 Ignore backup files. --- Summary of changes: .gitignore | 12 + Makefile | 10 ++- Makefile.settings.in |3 -- common/gtk-smb.c |1 + common/gtk-smb.h |1 + common/gtk_events.c |4 +- common/select.c |9 --- common/select.h |7 - configure.ac |1 - tools/gepdump.c |7 +++-- tools/gregedit.c | 63 - tools/gwcrontab.c|6 ++-- tools/gwsam.c|6 ++-- tools/gwsvcctl.c |6 +++- 14 files changed, 79 insertions(+), 57 deletions(-) hooks/post-receive -- Samba GTK+ frontends
[SCM] UNNAMED PROJECT - branch master updated - 10e585413c217d9b9c32ff3d2fb3d8f24183c458
The branch, master has been updated via 10e585413c217d9b9c32ff3d2fb3d8f24183c458 (commit) from 4c006c675d577d4a45f4db2929af6d50bc28dd9e (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 10e585413c217d9b9c32ff3d2fb3d8f24183c458 Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Thu Apr 3 16:35:23 2008 +1100 we allocated one byte too little in the blob we need to send as the control to the server. --- Summary of changes: tools/ctdb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/tools/ctdb.c b/tools/ctdb.c index df4b703..397e67a 100644 --- a/tools/ctdb.c +++ b/tools/ctdb.c @@ -524,7 +524,7 @@ static int control_addip(struct ctdb_context *ctdb, int argc, const char **argv) return -1; } - len = offsetof(struct ctdb_control_ip_iface, iface) + strlen(argv[1]); + len = offsetof(struct ctdb_control_ip_iface, iface) + strlen(argv[1]) + 1; pub = talloc_size(ctdb, len); CTDB_NO_MEMORY(ctdb, pub); -- UNNAMED PROJECT