Re: [Samba] issue with tesparam
From: Harry Jede [mailto:walk2...@arcor.de] Sent: 04 October 2011 23:06 OS: Debian squeeze Samba: 3.5.6 # testparm --section-name=global -s 21|grep ALIX returns nothing # grep ALIX /etc/samba/smb.conf netbios name = ALIX works The example testparm command you give works for me on CentOS 5.2 with samba3-3.4.9-42.el5 and on CentOS 5.6 with samba3-3.5.11-44.el5. Build the command up slowly and try to identify where it is failing: # testparm -s # Do you get any output? # testparm --section-name=global -s # Do you get the right section? # testparm --section-name=global -s | grep ALIX # Does grep work? Moray. To err is human; to purr, feline. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] issue with tesparam
On 10:57:22 wrote Moray Henderson: The example testparm command you give works for me on CentOS 5.2 with samba3-3.4.9-42.el5 and on CentOS 5.6 with samba3-3.5.11-44.el5. Build the command up slowly and try to identify where it is failing: # testparm -s # Do you get any output? # testparm --section-name=global -s # Do you get the right section? Yes # testparm --section-name=global -s | grep ALIX # Does grep work? Yes I have some other bugs/issues found with the Debian Samba packages :-( . In backports is a 3.5.11 package. So I will try this. If it has the same problems I compile my own one and go with upstream in the future. Moray. To err is human; to purr, feline. -- Regars Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [mount.cifs] Mapping Windows ACLs SIDs to POSIX ACL ?
Hi folks, This may sound like a really stupid question, but I could not find any way to somehow map remote Windows ACLs into POSIX ACLs (mapping users and group SIDs to Unix mapped ids) when mounting a remote share (mount.cifs) on a Linux box. Is is something not currently implemented ? The smbcacls tool can show the actual ACLs remotely, but this information is not exposed to the mounted filesystem apparently. The acl feature of the client seem to be an extension to CIFS allowing to handle POSIX ACLs, not something allowing a mapping. Any insightful remark or documentation would be welcome! [ Note: the only potential issue when mapping would be related to deny ACLs (AceType == ACCESS_DENIED_ACE_TYPE) ; something which is not mappable to POSIX ACL. ] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] access denied problem
I need to make available to everybody a samba share called temp with total read and write permission. I have tried lots of different options, but my last smb.conf file looks like this: [temp] path = /mnt/fc9/temp security = share guest ok = yes public = yes writable = yes force user = damian The global section only says: [global] workgroups = grupo I restart Samba and when I access temp from a Windows machine, I can view its contents, create new files on it and modify them. However, I cannot read or modify any of the files already created there (directly on the Linux file server), by any user. Directory temp belongs to root. I've changed its access permissions up to 777 and still no way of opening or modifying any of its contents that were created on Linux (access denied), even if those files themselves have their permissions changed to 777. Any hints? Damián. - Visite nosso site: www.itautec.com Siga nosso perfil: www.twitter.com/itautec Curta nossa página: www.facebook.com/itautec Curta nosso canal: www.youtube.com/itautec - 0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [mount.cifs] Mapping Windows ACLs SIDs to POSIX ACL ?
On Thu, Oct 6, 2011 at 4:40 AM, Xavier Roche roche+k...@exalead.com wrote: Hi folks, This may sound like a really stupid question, but I could not find any way to somehow map remote Windows ACLs into POSIX ACLs (mapping users and group SIDs to Unix mapped ids) when mounting a remote share (mount.cifs) on a Linux box. Is is something not currently implemented ? The smbcacls tool can show the actual ACLs remotely, but this information is not exposed to the mounted filesystem apparently. The acl feature of the client seem to be an extension to CIFS allowing to handle POSIX ACLs, not something allowing a mapping. Any insightful remark or documentation would be welcome! [ Note: the only potential issue when mapping would be related to deny ACLs (AceType == ACCESS_DENIED_ACE_TYPE) ; something which is not mappable to POSIX ACL. ] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba , Currently cifs client maps DACL to Linux permission model but not to POSIX ACL model. You will need a kernel built with cifs_cifsacl config option (because it is still maexperimental) and current cifs-utils package. The manpages in that cifs-utils package will have info on how to use mount option cifsacl and how to setup id mapping (using winbind). The current cifs-utils package has two binaries, getcifsacl and setcifsacl, modeled after smbcacls. Hope that helps. You may direct any further questions/concerns to linux-c...@vger.kernel.org mailing list. Regards, Shirish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Subversion working copy via Samba
Hello, I don't know is this a Samba or Subversion (or my faulty config) related issue so I'll start here. I'd like to clarify that the need to have just one working copy (and not one per user on his/her local disk) is vital here. My situation: - CentOS6, - Active Directory-enabled environment - Server is connected to AD, users are synced up - All users are in AD group Production which is available as a local group on the server via Winbind - There's a /data/html on an ACL-enabled EXT3 volume, ACL entry: # file: data/html # owner: root # group: production # flags: -s- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:other::r-x Samba: [html] # stop SVN working copies from going belly-up delete readonly = yes path = /data/html read only = No browseable = Yes force group = production valid users = @production force create mode = 0664 force directory mode = 0775 inherit acls = Yes Target: - check out a working copy to this directory - allow only members of @Production to access it - allow various Subversion clients to be used via Samba on the working copy - allow for using SVN directly on the server (not via Samba, MUCH faster for large operations like checkout) without the need to fix permissions afterward (seamlessly) Now, I get most of it done: - I login via SSH and do a checkout - access the share via Samba (Linux, Fedora 14), it works - can commit/update/delete on either side, no issues But, as soon as my co-worker on Win7/TortoiseSVN deleted a file (via Samba), he gets (Q:\ points to this share): Commit succeeded, but other errors follow: Error bumping revisions post-commit (details follow): In directory 'Q:\webs\censored\trunk\images' Error processing command 'committed' in 'Q:\webs\censored\trunk\images' Can't set file 'Q:\webs\censored\trunk\images\.svn\prop-base\avatar_small.png.svn-base' read-write: Access is denied. and from then on, the working copy is so badly damaged (locked, missing files/directories), etc. that I haven't found a way to fix it. Examining the permissions on the file in question, it seems Subversion sets the access mode to r--r--r-- as to avoid tampering (?) and the Windows client isn't able to change it. The other reason might be that one user is changing the file another user owns, but they're in the same group. So, my question is: is there anybody out there who has a similar setup which in fact runs OK? Also, am I missing something obvious here (except for the weird SVN usage pattern)? Thanks, -- Dado -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Force group syntax for multiple groups
Hi All, What is the syntax of option force group for multiple groups? Is there any one can help me on this? I really appreciate it. I want to give the permission the shared directory to multiple groups but I don't know what is its syntax. I already tried force group = group1, group2, group3 but it did not work. Thanks Anh. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Force group syntax for multiple groups
On Thu, Oct 6, 2011 at 11:13 AM, Le, Anh anh...@cognex.com wrote: Hi All, What is the syntax of option force group for multiple groups? Is there any one can help me on this? I really appreciate it. I want to give the permission the shared directory to multiple groups but I don't know what is its syntax. I already tried force group = group1, group2, group3 but it did not work. this isn't for user group coaxing, it's for plain old POSIX primary permissions. there can only be one primary group. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Porting samba setup to backup server
I must set up a backup server for failover and have used tdbbackup to create backup files from the functioning primary server. I then copied the files to the backup server and used tdbbackup to restore all the databases, along with copying the smb.conf and other text files from /etc/samba. This does not seem to work and I was hoping someone could assist. Primary server is RHEL 5.4 with Samba 3.3.8-0.52.el5_5.2, and the backup server is also RHEL 5.4 but has Samba 3.5.4-0.83.el5_7.2 (different version as used yum install samba3x months apart and different versions were installed from the RedHat repository). Thanks for any help. Ken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Access denied on shares, why?
Hi! I've strange access problem. I'm migrating samba server from Suse to Ubuntu, and seems like it won't work like expected. All the time problem is that normal users without admin rights can't access shares. They can access their own home directories, but not common shares which are limited to some groups. Running samba 3.5.11. Below is output from few commands, config file and 2 snippets of logs as links (too big to include to this email). Logs are quite long, but with log level 2 there was nothing relevant, and loglevel 3 prints out a lots of log :-( If I have forgot to give some relevant information, don't hesitate to ask. All hints are welcome, I'me getting desperate with this. tavasti@mydomain:~$ smbclient //mydomainserver/asiakkaat -USome-User%passwd Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.11] tree connect failed: NT_STATUS_ACCESS_DENIED tavasti@mydomain:~$ id Some-User uid=1017(Some-User) gid=1001(staff) groups=1001(staff),1004(some),05(other) Log from this: http://tavasti.fi/~tavasti/misc/samba_2011-10-06_1.log pdbedit -Lv shows: --- Unix username:Some-User NT username: Account Flags:[U ] User SID: S-1-5-21-332992484-2805335912-4147396850-3034 Primary Group SID:S-1-5-21-332992484-2805335912-4147396850-513 Full Name:Some-User Surname Home Directory: HomeDir Drive: Logon Script: logon.bat Profile Path: Domain: MYDOMAIN Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Wed, 06 Feb 2036 17:06:39 EET Kickoff time: Wed, 06 Feb 2036 17:06:39 EET Password last set:Wed, 05 Oct 2011 16:13:14 EEST Password can change: Wed, 05 Oct 2011 16:13:14 EEST Password must change: never Last bad password : 0 Bad password count : 0 Logon hours : FF --- root@mydomain:~# net -l groupmap list Domain Users SID : S-1-5-21-332992484-2805335912-4147396850-513 Unix gid : 50 Unix group: staff Group type: Domain Group Comment : Domain Unix group Domain Admins SID : S-1-5-21-332992484-2805335912-4147396850-3001 Unix gid : 1000 Unix group: ntadmins Group type: Domain Group Comment : Domain Unix group Tried to add user to group manually: root@mydomain:/var/log/samba_local# net rpc group addmem Domain Users Some-User Enter root's password: Could not add Some-User to Domain Users: NT_STATUS_ACCESS_DENIED Log from this: http://tavasti.fi/~tavasti/misc/samba_2011-10-06_2.log Config: -- [global] log level = 3 passwd chat = *New*password* %n\n *Retype*new*password* %n\n \ obey pam restrictions = yes socket options = TCP_NODELAY domain master = Yes time server = yes encrypt passwords = yes #passdb backend = smbpasswd passdb backend = tdbsam:/etc/samba_local/passdb.tdb logon home = passwd program = /usr/bin/passwd %u wins support = Yes unix extensions = no dns proxy = Yes oplocks = yes netbios name = mydomainserver cups options = raw server string = MYDOMAIN logon script = logon.bat ldap suffix = unix password sync = yes local master = Yes workgroup = MYDOMAIN logon path = os level = 65 security = user preferred master = Yes add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %u pam password change = yes domain logons = Yes admin users = root Mika tavasti [homes] browseable = No comment = Kotihakemistot writeable = yes valid users = %S,@staff,@root inherit acls = Yes create mode = 0660 directory mode = 0770 [profiles] browseable = No comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon browseable = no writable = no #share modes = no [yleiset] writeable = yes write list = @ntadmins,@staff path = /shares/Yleiset force directory mode = 2770 force group = staff force create mode = 0770 valid users = @ntadmins,@staff create mode = 0770 directory mode = 2770 -- -- M. Tavasti / tava...@tavasti.fi / +358-40-5078254 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] access denied problem
On Thu, Oct 06, 2011 at 09:34:09AM -0300, Damian Rodriguez Sanchez wrote: I need to make available to everybody a samba share called temp with total read and write permission. I have tried lots of different options, but my last smb.conf file looks like this: [temp] path = /mnt/fc9/temp security = share guest ok = yes public = yes writable = yes force user = damian The global section only says: [global] workgroups = grupo I restart Samba and when I access temp from a Windows machine, I can view its contents, create new files on it and modify them. However, I cannot read or modify any of the files already created there (directly on the Linux file server), by any user. Directory temp belongs to root. I've changed its access permissions up to 777 and still no way of opening or modifying any of its contents that were created on Linux (access denied), even if those files themselves have their permissions changed to 777. Any hints? You'll need to post a log showing the ACCESS_DENIED errors you're getting. FYI. security = share is deprecated, please don't use it. There's nothing that it does that can't be done with normal user-level security. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba always expanding nested groups
I am having a problem with Samba still core dumping on AIX 6.1 when my AD user
has 13 groups I am a member of.
I have the following directives set
winbind nested groups = no
winbind expand groups = 0
With this configuration I thought that Samba wouldn't try to find all the
groups that my original 13 groups are also members of, however samba continues
to core dump on sys_setgroups. Am I missing something in the configuration or
my understanding of the directives listed above?
On AIX 7.1 changing the new tunable has shown to work flawlessly but IBM has
said there is no plans to back port this tunable into AIX 6.1.
I applied the following patch are recompiled with no help.
From 1958f6034916746363fcbfa504c84dc6a13be495 Mon Sep 17 00:00:00 2001
From: Volker Lendecke v...@samba.org
Date: Wed, 23 Feb 2011 17:09:58 +0100
Subject: [PATCH] s3: Respect winbind nested groups in wb_gettoken_gotgroups
---
source3/winbindd/wb_gettoken.c |5 +
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c
index f2fbe4c..27d8c9a 100644
--- a/source3/winbindd/wb_gettoken.c
+++ b/source3/winbindd/wb_gettoken.c
@@ -103,6 +103,11 @@ static void wb_gettoken_gotgroups(struct tevent_req
*subreq)
state-num_sids += 1;
state-sids = sids;
+ if (!lp_winbind_nested_groups()) {
+ tevent_req_done(req);
+ return;
+ }
+
/*
* Expand our domain's aliases
*/
--
1.7.0.4
I also recompiled commenting out the panic when the number of groups exceeds
NGROUPS_MAX (which is hard coded to 128 in AIX 6.1).
Thanks
-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On
Behalf Of Peacock,Josh
Sent: Monday, October 03, 2011 11:55 AM
To: samba@lists.samba.org
Subject: [Samba] samba always expanding nested groups
Volker was working with someone back in Feb on this issue and sent a patch to
him but was wondering if that worked and if there was an official fix in the
works.
What is happening is even after setting winbind expand groups = 0 the 13
groups currently assigned to my user are expanding into 220 groups. This also
breaks smbd by causing a panic and throwing the sys_set_groups error. Running
on AIX 6.1 TL 6 SP 5. I have tried this on 3.5.8 and 3.6.0.
Also AIX has made maximum number of groups per user a system parameter tunable
between 128 and 2048 in AIX 7.1. If samba could find a way to accommodate this
new parameter it would be great.
Thanks,
Josh
Josh Peacock
UNIX Administrator
---
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
privileged and confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy
all copies of the original message.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
---
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
privileged and confidential information.
Re: [Samba] samba always expanding nested groups
Sorry when samba was recompiled with the panic statement commented out
everything worked fine. Until I run into the issue where a group is ignored.
-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On
Behalf Of Peacock,Josh
Sent: Thursday, October 06, 2011 2:05 PM
To: samba@lists.samba.org
Subject: Re: [Samba] samba always expanding nested groups
I am having a problem with Samba still core dumping on AIX 6.1 when my AD user
has 13 groups I am a member of.
I have the following directives set
winbind nested groups = no
winbind expand groups = 0
With this configuration I thought that Samba wouldn't try to find all the
groups that my original 13 groups are also members of, however samba continues
to core dump on sys_setgroups. Am I missing something in the configuration or
my understanding of the directives listed above?
On AIX 7.1 changing the new tunable has shown to work flawlessly but IBM has
said there is no plans to back port this tunable into AIX 6.1.
I applied the following patch are recompiled with no help.
From 1958f6034916746363fcbfa504c84dc6a13be495 Mon Sep 17 00:00:00 2001
From: Volker Lendecke v...@samba.org
Date: Wed, 23 Feb 2011 17:09:58 +0100
Subject: [PATCH] s3: Respect winbind nested groups in wb_gettoken_gotgroups
---
source3/winbindd/wb_gettoken.c |5 +
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/source3/winbindd/wb_gettoken.c b/source3/winbindd/wb_gettoken.c
index f2fbe4c..27d8c9a 100644
--- a/source3/winbindd/wb_gettoken.c
+++ b/source3/winbindd/wb_gettoken.c
@@ -103,6 +103,11 @@ static void wb_gettoken_gotgroups(struct tevent_req
*subreq)
state-num_sids += 1;
state-sids = sids;
+ if (!lp_winbind_nested_groups()) {
+ tevent_req_done(req);
+ return;
+ }
+
/*
* Expand our domain's aliases
*/
--
1.7.0.4
I also recompiled commenting out the panic when the number of groups exceeds
NGROUPS_MAX (which is hard coded to 128 in AIX 6.1).
Thanks
-Original Message-
From: samba-boun...@lists.samba.org [mailto:samba-boun...@lists.samba.org] On
Behalf Of Peacock,Josh
Sent: Monday, October 03, 2011 11:55 AM
To: samba@lists.samba.org
Subject: [Samba] samba always expanding nested groups
Volker was working with someone back in Feb on this issue and sent a patch to
him but was wondering if that worked and if there was an official fix in the
works.
What is happening is even after setting winbind expand groups = 0 the 13
groups currently assigned to my user are expanding into 220 groups. This also
breaks smbd by causing a panic and throwing the sys_set_groups error. Running
on AIX 6.1 TL 6 SP 5. I have tried this on 3.5.8 and 3.6.0.
Also AIX has made maximum number of groups per user a system parameter tunable
between 128 and 2048 in AIX 7.1. If samba could find a way to accommodate this
new parameter it would be great.
Thanks,
Josh
Josh Peacock
UNIX Administrator
---
Confidentiality Notice: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
privileged and confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy
all copies
[Samba] Samba 3.4.7 with LDAP authentication
Hello All, I have samba (Version 3.4.7) installed on a Ubuntu Server 10.04 (64-bit) using apt. I'm attempting to authenticate users connecting to the samba share over LDAP following the documentation https://help.ubuntu.com/10.04/serverguide/C/samba-ldap.html, but the authentication over LDAP fails. The OpenLDAP server was already configured to include the samba.schema, so i have skipped all the steps that fall under the OpenLDAP Configuration section of the manual referenced earlier. I have set the following directives in /etc/samba/smb.cnf file ### Authentication ### security = user encrypt passwords = true passdb backend = ldapsam:ldaps://ldap1.example.com/ ldap ssl = no ldap admin dn = cn=root,dc=example,dc=com ldap user suffix = ou=people,dc=example,dc=com ldap group suffix = ou=groups,dc=example,dc=com ldap suffix = dc=example,dc=com obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user === Share Definitions === [Documents] comment = Ubuntu File Server Share path = /data/Documents browsable = yes guest ok = no read only = no create mask = 0755 When a user tries to connect to the samba share the /var/log/samba/log.user file is populated with the following messages, [2011/10/06 10:15:53, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [FILESERVER]\[amore]@[MACBOOKPRO-1B99] with the new password interface [2011/10/06 10:15:53, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [FILESERVER]\[amore]@[MACBOOKPRO-1B99] [2011/10/06 10:15:53, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/10/06 10:15:53, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/10/06 10:15:53, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/10/06 10:15:53, 2] lib/smbldap.c:890(smbldap_open_connection) smbldap_open_connection: connection opened [2011/10/06 10:15:53, 3] lib/smbldap.c:1101(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2011/10/06 10:15:53, 4] lib/smbldap.c:1177(smbldap_open) The LDAP server is successfully connected [2011/10/06 10:15:53, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 10:15:53, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/06 10:15:53, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 10:15:53, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] - [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 10:15:53, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 10:15:53, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=65534)) The messages in the /var/log/syslog file on the LDAP server are as follows, Oct 6 10:03:06 ldap1 slapd[450]: = bdb_equality_candidates: (host) not indexed Oct 6 10:03:32 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:04:32 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:05:18 ldap1 slapd[450]: = bdb_equality_candidates: (cn) not indexed Oct 6 10:05:18 ldap1 slapd[450]: = bdb_substring_candidates: (sudoUser) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (cn) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_substring_candidates: (sudoUser) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaDomainName) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaGroupType) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSIDList) not indexed Oct 6 10:05:58 ldap1 slapd[450]: last message repeated 4 times Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaGroupType) not indexed Oct 6 10:05:58 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSIDList) not indexed Oct 6 10:06:13 ldap1 slapd[450]: last message repeated 4 times Oct 6 10:06:13 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:07:22 ldap1 slapd[450]: = bdb_equality_candidates: (sambaSID) not indexed Oct 6 10:08:33 ldap1 slapd[450]: last message repeated 3 times Here are some details of the packages installed, slapd: version 2.4.21-0ubuntu5.4 libnss-ldapd:
Re: [Samba] Samba 3.4.7 with LDAP authentication
passdb backend = ldapsam:ldaps://ldap1.example.com/ ldap ssl = no You have ldap ssl = no and yet you are trying to connect to ldaps? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
ldap user suffix = ou=people,dc=example,dc=com ldap group suffix = ou=groups,dc=example,dc=com ldap suffix = dc=example,dc=com Since your suffix is already in ldap suffix, the other entries should be: ldap user suffix = ou=people ldap group suffix = ou=groups Don't you need the entry ldap machine suffix? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
Thank you for your response. I appreciate it. I changed the following directives, passdb backend = ldapsam:ldap://ldap1.example.com/ ldap user suffix = ou=people ldap group suffix = ou=groups Added the following, ldap admin dn = cn=root,dc=example,dc=com ldap machine suffix = ou=people LDAP users are still not able to authenticate to the samba share. The error is the same. Heres an extract from the log file (/var/log/samba/user.log) [2011/10/06 13:48:38, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [FILESERVER]\[amore]@[MACBOOKPRO-1B99] with the new password interface [2011/10/06 13:48:38, 3] auth/auth.c:225(check_ntlm_password) check_ntlm_password: mapped user is: [FILESERVER]\[amore]@[MACBOOKPRO-1B99] [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:210(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2011/10/06 13:48:38, 3] smbd/uid.c:428(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:310(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2011/10/06 13:48:38, 2] lib/smbldap.c:890(smbldap_open_connection) smbldap_open_connection: connection opened [2011/10/06 13:48:38, 3] lib/smbldap.c:1101(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server [2011/10/06 13:48:38, 4] lib/smbldap.c:1177(smbldap_open) The LDAP server is successfully connected [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:418(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] - [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=65534)) [2011/10/06 13:48:38, 3] smbd/sec_ctx.c:210(push_sec_ctx) Thanks, Amit On Oct 6, 2011, at 1:27 PM, Miguel Medalha wrote: ldap user suffix = ou=people,dc=example,dc=com ldap group suffix = ou=groups,dc=example,dc=com ldap suffix = dc=example,dc=com Since your suffix is already in ldap suffix, the other entries should be: ldap user suffix = ou=people ldap group suffix = ou=groups Don't you need the entry ldap machine suffix? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
[2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] - [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=65534)) Are you sure that the LDAP database is correct? Are the user and group names in the correct places? What is the output of pdbedit -L ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.7 with LDAP authentication
the output of `pdbedit -L` is doing parameter security = user doing parameter encrypt passwords = true doing parameter passdb backend = ldapsam:ldap://ldap1.xetus.com/ doing parameter ldap admin dn = cn=root,dc=xetus,dc=com doing parameter ldap user suffix = ou=people doing parameter ldap group suffix = ou=groups doing parameter ldap machine suffix = ou=people doing parameter ldap suffix = dc=xetus,dc=com doing parameter ldap ssl = no doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes smbldap_search_domain_info: Searching for:[((objectClass=sambaDomain)(sambaDomainName=FILESERVER))] smbldap_open_connection: connection opened ldap_connect_system: successful connection to the LDAP server The LDAP server is successfully connected smbldap_search_paged: base = [dc=xetus,dc=com], filter = [((uid=*)(objectclass=sambaSamAccount))],scope = [2], pagesize = [1024] smbldap_search_paged: search was successful User Search failed! On Oct 6, 2011, at 2:38 PM, Miguel Medalha wrote: [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:1600(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [amore] count=0 [2011/10/06 13:48:38, 3] auth/auth_sam.c:282(check_sam_security) check_sam_security: Couldn't find user 'amore' in passdb. [2011/10/06 13:48:38, 2] auth/auth.c:320(check_ntlm_password) check_ntlm_password: Authentication for user [amore] - [amore] FAILED with error NT_STATUS_NO_SUCH_USER [2011/10/06 13:48:38, 3] smbd/sesssetup.c:42(do_map_to_guest) No such user amore [FILESERVER] - using guest account [2011/10/06 13:48:38, 4] passdb/pdb_ldap.c:2550(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was ((objectClass=sambaGroupMapping)(gidNumber=65534)) Are you sure that the LDAP database is correct? Are the user and group names in the correct places? What is the output of pdbedit -L ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Porting samba setup to backup server
Fixed - shutdown smb, nmb and winbind; then removed erroneous secrets.tdb as well as the passdb.tdb in privates; restarted smb which re-created secrets.tdb, then shutdown smb, ran tdbbackup -v to restore the passdb.tdb and restarted smb, nmb and winbind. All good with slightly re-configured smb.conf to avoid name confusion. From: samba-requ...@lists.samba.org Sent: Thursday, October 06, 2011 11:00 AM To: samba@lists.samba.org Subject: samba Digest, Vol 106, Issue 6 Send samba mailing list submissions to samba@lists.samba.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.samba.org/mailman/listinfo/samba or, via email, send a message with subject or body 'help' to samba-requ...@lists.samba.org You can reach the person managing the list at samba-ow...@lists.samba.org When replying, please edit your Subject line so it is more specific than Re: Contents of samba digest... Today's Topics: 1. [Re: Samba4 and sysvol share] (fe...@epepm.cupet.cu) 2. Access registry on remote Windows machine? (Ken D'Ambrosio) 3. Re: smbd: PANIC (pid x): internal error -- ? causes? (Linda W) 4. Re: Fwd: Win 7 Pro (Oto BREZINA) 5. Re: issue with tesparam (Moray Henderson) 6. Re: issue with tesparam (Harry Jede) 7. [mount.cifs] Mapping Windows ACLs SIDs to POSIX ACL ? (Xavier Roche) 8. access denied problem (Damian Rodriguez Sanchez) 9. Re: [mount.cifs] Mapping Windows ACLs SIDs to POSIX ACL ? (Shirish Pargaonkar) 10. Subversion working copy via Samba (Dalibor Karlovi?) 11. Force group syntax for multiple groups (Le, Anh) 12. Re: Force group syntax for multiple groups (Chris Weiss) 13. Porting samba setup to backup server (Ken Findlay) ___ samba mailing list samba@lists.samba.org https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB Signing issues... smbclient works, mount does not...
Hi All, I seem to have exactly the same problem which was described in this thread a while ago. I have gone through every piece of information I was able to find on mailing list archives but all I found was people reporting similar problems and not a solution to it. As in the original discussion if I use smbclient it works fine but if I use mount.cifs it does not work at all. To make smbclient work I have had to add client ntlmv2 auth = yes to the sbm.conf file. The server I am connecting to is a Windows 2008 R2 and the security policy only allows NTLMv2. I am trying to connect from a Centos 5.5 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:14:03 EDT 2011 i686 i686 i386 GNU/Linux libsmbclient-3.5.4-68.2 samba-3.5.4-68.2 samba-common-3.5.4-68.2 samba-client-3.5.4-68.2 samba-winbind-clients-3.5.4-68.2 cifs-utils-4.4-5.2 ls /proc/fs/cifs/ cifsFYI DebugData Experimental LinuxExtensionsEnabled LookupCacheEnabled MultiuserMount OplockEnabled SecurityFlags Stats traceSMB modinfo cifs filename: /lib/modules/2.6.18-274.3.1.el5/kernel/fs/cifs/cifs.ko version:1.60RH description:VFS to access servers complying with the SNIA CIFS Specification e.g. Samba and Windows license:GPL author: Steve French sfre...@us.ibm.com srcversion: 4A9C63C35E60B4C015318F5 depends: vermagic: 2.6.18-274.3.1.el5 SMP mod_unload 686 REGPARM 4KSTACKS gcc-4.1 parm: CIFSMaxBufSize:Network buffer size (not including header). Default: 16384 Range: 8192 to 130048 (int) parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to 64 (int) parm: cifs_min_small:Small network buffers in pool. Default: 30 Range: 2 to 256 (int) parm: cifs_max_pending:Simultaneous requests to server. Default: 50 Range: 2 to 256 (int) module_sig: 883f3504e66bf24104f42edc2b0f945112c79009d1e1918c363e6545d5644af26235486a0faee309e3e516f3731905cd551976d305e8c32b5f117ae9b This works without issues: smbclient -U username //192.168.20.129/share But this does not work at all: mount.cifs //192.168.20.129/share /mnt/ -o user=username,password=XXX,sec=ntlmv2 For the record I have tried sec=ntlmv2i, ntlmssp, krb5i, krb5. Here is what I get when I try: With sec=ntlmv2i mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Unexpected SMB signature Status code returned 0xc00d NT_STATUS_INVALID_PARAMETER CIFS VFS: Send error in SessSetup = -22 CIFS VFS: cifs_mount failed w/return code = -22 With sec=ntlmv2 mount error(95): Operation not supported Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags. CIFS VFS: cifs_mount failed w/return code = -95 With sec=ntlmssp mount error(95): Operation not supported Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags. CIFS VFS: cifs_mount failed w/return code = -95 I have tried changing the values /proc/fs/cifs/SecurityFlags but no difference at all. may use packet signing 0x1 must use packet signing 0x01001 may use NTLM (most common password hash)0x2 must use NTLM 0x02002 may use NTLMv2 0x4 must use NTLMv2 0x04004 may use Kerberos security 0x8 must use Kerberos 0x08008 may use lanman (weak) password hash 0x00010 must use lanman password hash 0x10010 may use plaintext passwords 0x00020 must use plaintext passwords0x20020 Reference on line 588 http://www.disy.cse.unsw.edu.au/lxr/source/fs/cifs/?v=linux-2.6.32 One funny thing is that there should be a pseudo-file called /proc/fs/cifs/PacketSigningEnabled but it does not exist, even on much newer kernels it does not exist. Has anyone been able to overcome this problem? Thanks Vini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB Signing issues... smbclient works, mount does not...
On Thu, Oct 6, 2011 at 10:10 PM, Vini v...@fugspbr.org wrote: Hi All, I seem to have exactly the same problem which was described in this thread a while ago. I have gone through every piece of information I was able to find on mailing list archives but all I found was people reporting similar problems and not a solution to it. As in the original discussion if I use smbclient it works fine but if I use mount.cifs it does not work at all. To make smbclient work I have had to add client ntlmv2 auth = yes to the sbm.conf file. The server I am connecting to is a Windows 2008 R2 and the security policy only allows NTLMv2. I am trying to connect from a Centos 5.5 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:14:03 EDT 2011 i686 i686 i386 GNU/Linux libsmbclient-3.5.4-68.2 samba-3.5.4-68.2 samba-common-3.5.4-68.2 samba-client-3.5.4-68.2 samba-winbind-clients-3.5.4-68.2 cifs-utils-4.4-5.2 ls /proc/fs/cifs/ cifsFYI DebugData Experimental LinuxExtensionsEnabled LookupCacheEnabled MultiuserMount OplockEnabled SecurityFlags Stats traceSMB modinfo cifs filename: /lib/modules/2.6.18-274.3.1.el5/kernel/fs/cifs/cifs.ko version: 1.60RH description: VFS to access servers complying with the SNIA CIFS Specification e.g. Samba and Windows license: GPL author: Steve French sfre...@us.ibm.com srcversion: 4A9C63C35E60B4C015318F5 depends: vermagic: 2.6.18-274.3.1.el5 SMP mod_unload 686 REGPARM 4KSTACKS gcc-4.1 parm: CIFSMaxBufSize:Network buffer size (not including header). Default: 16384 Range: 8192 to 130048 (int) parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to 64 (int) parm: cifs_min_small:Small network buffers in pool. Default: 30 Range: 2 to 256 (int) parm: cifs_max_pending:Simultaneous requests to server. Default: 50 Range: 2 to 256 (int) module_sig: 883f3504e66bf24104f42edc2b0f945112c79009d1e1918c363e6545d5644af26235486a0faee309e3e516f3731905cd551976d305e8c32b5f117ae9b This works without issues: smbclient -U username //192.168.20.129/share But this does not work at all: mount.cifs //192.168.20.129/share /mnt/ -o user=username,password=XXX,sec=ntlmv2 For the record I have tried sec=ntlmv2i, ntlmssp, krb5i, krb5. Here is what I get when I try: With sec=ntlmv2i mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Unexpected SMB signature Status code returned 0xc00d NT_STATUS_INVALID_PARAMETER CIFS VFS: Send error in SessSetup = -22 CIFS VFS: cifs_mount failed w/return code = -22 With sec=ntlmv2 mount error(95): Operation not supported Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags. CIFS VFS: cifs_mount failed w/return code = -95 With sec=ntlmssp mount error(95): Operation not supported Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags. CIFS VFS: cifs_mount failed w/return code = -95 I have tried changing the values /proc/fs/cifs/SecurityFlags but no difference at all. may use packet signing 0x1 must use packet signing 0x01001 may use NTLM (most common password hash) 0x2 must use NTLM 0x02002 may use NTLMv2 0x4 must use NTLMv2 0x04004 may use Kerberos security 0x8 must use Kerberos 0x08008 may use lanman (weak) password hash 0x00010 must use lanman password hash 0x10010 may use plaintext passwords 0x00020 must use plaintext passwords 0x20020 Reference on line 588 http://www.disy.cse.unsw.edu.au/lxr/source/fs/cifs/?v=linux-2.6.32 One funny thing is that there should be a pseudo-file called /proc/fs/cifs/PacketSigningEnabled but it does not exist, even on much newer kernels it does not exist. Has anyone been able to overcome this problem? Thanks Vini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba You probably need this patch installed on the Windows 2008 server http://support.microsoft.com/kb/957441/en-us -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Upgrade Samba 3.0.28 to 3.6.0 problems
Hello, having a problem upgrading a samba installation version 3.0.28 on a FreeBSD 7.x server. I use samba as a PDC with roaming profiles and user shares. I have to upgrade it to allow Windows 7 Pro workstations to join the domain. I was able to build the binaries sucessfully and install them, everything ran OK, but I noticed that my smbpasswd file had I guess been relocated and I had to readd the PC's and users to the smbpasswd file (smbpasswd -a username, smbpassword -ma machinename), etc. I noticed that I had to have the PC's un-join and re-join the domain in order for them to work. I noticed that none of the local profiles loaded, instead creating a new roaming profile username.V2 in the profiles directory. (windows XP workstation continued to complain about using a local profile as the server copy was unavailable) In addition to this on the Windows 7 workstation I could not access the user share that I was logged into. So I undid my changes and went back to Samba 3.0.28 until I can figure these problems out.I have to figure out how not to have to re-add all of my users and PC's into smbpasswd, why roaming profiles wont work and what the access denined problem was about. My smb.conf file did seem to translate OK because all of my shares were available. What am I missing, did the smbpasswd directory change? is the old smbpasswd file from 3.0.28 not compatible with 3.6.0? what can I do? I dont want everyone to have to recreate their roaming profiles... there are about 50 users... permissions problem? build/source/binary location problem? any suggestions welcome. help please, Thanks -- Louis Kabo lo...@kaboserv.com http://www.kaboserv.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] SMB Signing issues... smbclient works, mount does not...
On 7/10/2011 1:18 PM, Shirish Pargaonkar wrote: On Thu, Oct 6, 2011 at 10:10 PM, Vini v...@fugspbr.org wrote: Hi All, I seem to have exactly the same problem which was described in this thread a while ago. I have gone through every piece of information I was able to find on mailing list archives but all I found was people reporting similar problems and not a solution to it. As in the original discussion if I use smbclient it works fine but if I use mount.cifs it does not work at all. To make smbclient work I have had to add client ntlmv2 auth = yes to the sbm.conf file. The server I am connecting to is a Windows 2008 R2 and the security policy only allows NTLMv2. I am trying to connect from a Centos 5.5 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:14:03 EDT 2011 i686 i686 i386 GNU/Linux libsmbclient-3.5.4-68.2 samba-3.5.4-68.2 samba-common-3.5.4-68.2 samba-client-3.5.4-68.2 samba-winbind-clients-3.5.4-68.2 cifs-utils-4.4-5.2 ls /proc/fs/cifs/ cifsFYI DebugData Experimental LinuxExtensionsEnabled LookupCacheEnabled MultiuserMount OplockEnabled SecurityFlags Stats traceSMB modinfo cifs filename: /lib/modules/2.6.18-274.3.1.el5/kernel/fs/cifs/cifs.ko version:1.60RH description:VFS to access servers complying with the SNIA CIFS Specification e.g. Samba and Windows license:GPL author: Steve French sfre...@us.ibm.com srcversion: 4A9C63C35E60B4C015318F5 depends: vermagic: 2.6.18-274.3.1.el5 SMP mod_unload 686 REGPARM 4KSTACKS gcc-4.1 parm: CIFSMaxBufSize:Network buffer size (not including header). Default: 16384 Range: 8192 to 130048 (int) parm: cifs_min_rcv:Network buffers in pool. Default: 4 Range: 1 to 64 (int) parm: cifs_min_small:Small network buffers in pool. Default: 30 Range: 2 to 256 (int) parm: cifs_max_pending:Simultaneous requests to server. Default: 50 Range: 2 to 256 (int) module_sig: 883f3504e66bf24104f42edc2b0f945112c79009d1e1918c363e6545d5644af26235486a0faee309e3e516f3731905cd551976d305e8c32b5f117ae9b This works without issues: smbclient -U username //192.168.20.129/share But this does not work at all: mount.cifs //192.168.20.129/share /mnt/ -o user=username,password=XXX,sec=ntlmv2 For the record I have tried sec=ntlmv2i, ntlmssp, krb5i, krb5. Here is what I get when I try: With sec=ntlmv2i mount error(22): Invalid argument Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Unexpected SMB signature Status code returned 0xc00d NT_STATUS_INVALID_PARAMETER CIFS VFS: Send error in SessSetup = -22 CIFS VFS: cifs_mount failed w/return code = -22 With sec=ntlmv2 mount error(95): Operation not supported Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags. CIFS VFS: cifs_mount failed w/return code = -95 With sec=ntlmssp mount error(95): Operation not supported Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and dmesg gives: CIFS VFS: Server requires packet signing to be enabled in /proc/fs/cifs/SecurityFlags. CIFS VFS: cifs_mount failed w/return code = -95 I have tried changing the values /proc/fs/cifs/SecurityFlags but no difference at all. may use packet signing 0x1 must use packet signing 0x01001 may use NTLM (most common password hash)0x2 must use NTLM 0x02002 may use NTLMv2 0x4 must use NTLMv2 0x04004 may use Kerberos security 0x8 must use Kerberos 0x08008 may use lanman (weak) password hash 0x00010 must use lanman password hash 0x10010 may use plaintext passwords 0x00020 must use plaintext passwords0x20020 Reference on line 588 http://www.disy.cse.unsw.edu.au/lxr/source/fs/cifs/?v=linux-2.6.32 One funny thing is that there should be a pseudo-file called /proc/fs/cifs/PacketSigningEnabled but it does not exist, even on much newer kernels it does not exist. Has anyone been able to overcome this problem? Thanks Vini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba You probably need this patch installed on the Windows 2008 server http://support.microsoft.com/kb/957441/en-us I have tried this and it did not work either, once I apply it the login fails with NT_STATUS_LOGON_FAILURE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via f6b7bd4 lib/util: consolidate module loading via 355b5e3 modules: standardise on samba_init_module as the hook symbol to resolve via a718b5a lib/util: Use only init_module_fn typedef in module loading via c894527 lib/util: Remove unused module loading functions via 7d33ec3 lib/util: consolidate module loading into common code via 040055b s3-module allow libreplace to provide dlopen replacement from 3fca66e samba-tool: add support for fixing broken backlinks in dbcheck http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f6b7bd4a01205e442d3aa06d8edc3634a12945b2 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 9 22:41:28 2011 +1000 lib/util: consolidate module loading Autobuild-User: Andrew Bartlett abart...@samba.org Autobuild-Date: Thu Oct 6 08:52:30 CEST 2011 on sn-devel-104 commit 355b5e3a831415d9bef97de4b2d83e353de4ab0f Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 9 22:25:43 2011 +1000 modules: standardise on samba_init_module as the hook symbol to resolve commit a718b5a4f1ebfb63aec2f43b654d8e97f099fe85 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 9 22:18:42 2011 +1000 lib/util: Use only init_module_fn typedef in module loading commit c8945279e72aee5511739b2ce0d7ddd5535fd1cb Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 9 22:10:12 2011 +1000 lib/util: Remove unused module loading functions commit 7d33ec3dfe78723d62f4941684060baeb9c4bda6 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 9 21:24:49 2011 +1000 lib/util: consolidate module loading into common code This creates a samba-modules private libary that handles the details. Andrew Bartlett commit 040055bb6a578516007ab6f56ebe2ee77b0f8605 Author: Andrew Bartlett abart...@samba.org Date: Fri Sep 9 20:29:32 2011 +1000 s3-module allow libreplace to provide dlopen replacement Given that we have replacement dlopen() etc, use this from libreplace. The dlerror() from libreplace gives a good error if the platform really does not have dlopen(). Andrew Bartlett --- Summary of changes: lib/util/modules.c | 240 +++ lib/util/samba_modules.h| 59 + lib/util/wscript_build |6 + source3/Makefile.in |2 +- source3/exports/modules-darwin.syms |2 +- source3/include/includes.h |2 +- source3/include/module.h| 28 source3/include/proto.h | 11 +-- source3/lib/module.c| 144 - source3/lib/util.c |9 ++ source3/m4/aclocal.m4 |2 +- source3/modules/perfcount_test.c|2 +- source3/wscript |2 +- source3/wscript_build |2 +- source4/auth/gensec/gensec_start.c |1 + source4/auth/gensec/wscript_build |2 +- source4/auth/ntlm/auth.c|1 + source4/auth/ntlm/wscript_build |2 +- source4/ntptr/ntptr_base.c |1 + source4/ntvfs/ntvfs_base.c |1 + source4/ntvfs/posix/pvfs_acl.c |1 + source4/ntvfs/posix/wscript_build |2 +- source4/ntvfs/sysdep/sys_lease.c|1 + source4/ntvfs/sysdep/sys_notify.c |1 + source4/ntvfs/wscript_build |2 +- source4/param/param.h | 32 - source4/param/share.c |1 + source4/param/util.c| 104 --- source4/param/wscript_build |2 +- source4/rpc_server/dcerpc_server.c |1 + source4/smbd/process_model.c|1 + source4/smbd/server.c |1 + source4/smbd/wscript_build |2 +- source4/torture/smbtorture.c|3 +- source4/torture/torture.c |1 + 35 files changed, 342 insertions(+), 332 deletions(-) create mode 100644 lib/util/modules.c create mode 100644 lib/util/samba_modules.h delete mode 100644 source3/include/module.h Changeset truncated at 500 lines: diff --git a/lib/util/modules.c b/lib/util/modules.c new file mode 100644 index 000..52a04be --- /dev/null +++ b/lib/util/modules.c @@ -0,0 +1,240 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + Copyright (C) Jelmer Vernooij 2002-2003,2005-2007 + Copyright (C) Stefan (metze) Metzmacher 2003 + Copyright (C) Andrew Bartlett 2011 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 733457a selftest/Samba3: enable uid wrapper in nmbd, winbindd and
smbd
via 97d6795 s3:configure.developer: add --enable-uid-wrapper
via 1184e7d s3: Use the uid_wrapper
via c682ee3 uid_wrapper: We have talloc_array_length, no need for an
explicit length
from f6b7bd4 lib/util: consolidate module loading
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 733457a94ecfa09712ad115eded66d6b3e56c042
Author: Stefan Metzmacher me...@samba.org
Date: Thu Jul 7 19:48:02 2011 +0200
selftest/Samba3: enable uid wrapper in nmbd, winbindd and smbd
metze
Signed-off-by: Andreas Schneider a...@samba.org
Autobuild-User: Andreas Schneider a...@cryptomilk.org
Autobuild-Date: Thu Oct 6 13:49:05 CEST 2011 on sn-devel-104
commit 97d679536150c5365a78b84e68da18e9f6b9d0c2
Author: Stefan Metzmacher me...@samba.org
Date: Thu Jul 7 19:47:20 2011 +0200
s3:configure.developer: add --enable-uid-wrapper
metze
Signed-off-by: Andreas Schneider a...@samba.org
commit 1184e7de5947aa83209f14d07e14cf61c782710d
Author: Volker Lendecke v...@samba.org
Date: Sun Feb 20 00:05:06 2011 +0100
s3: Use the uid_wrapper
Signed-off-by: Stefan Metzmacher me...@samba.org
Signed-off-by: Andreas Schneider a...@samba.org
commit c682ee32b8155776f73665c5671fec0dee83a8ab
Author: Volker Lendecke v...@samba.org
Date: Sat Feb 19 23:21:07 2011 +0100
uid_wrapper: We have talloc_array_length, no need for an explicit length
Signed-off-by: Andreas Schneider a...@samba.org
---
Summary of changes:
lib/uid_wrapper/config.m4 |3 +++
lib/uid_wrapper/uid_wrapper.c | 18 +-
selftest/target/Samba3.pm |6 ++
source3/Makefile.in | 10 +++---
source3/configure.developer |1 +
source3/configure.in |1 +
source3/lib/system.c |1 +
source3/lib/util_sec.c|1 +
source3/smbd/sec_ctx.c|1 +
source3/wscript |1 +
source3/wscript_build |4 ++--
11 files changed, 33 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/uid_wrapper/config.m4 b/lib/uid_wrapper/config.m4
index db6537b..2cd573e 100644
--- a/lib/uid_wrapper/config.m4
+++ b/lib/uid_wrapper/config.m4
@@ -10,6 +10,9 @@ fi
if eval test x$enable_uid_wrapper = xyes; then
AC_DEFINE(UID_WRAPPER,1,[Use uid wrapper library])
HAVE_UID_WRAPPER=yes
+
+ # this is only used for samba3
+ UID_WRAPPER_OBJS=../lib/uid_wrapper/uid_wrapper.o
fi
AC_SUBST(HAVE_UID_WRAPPER)
diff --git a/lib/uid_wrapper/uid_wrapper.c b/lib/uid_wrapper/uid_wrapper.c
index c676797..05d226b 100644
--- a/lib/uid_wrapper/uid_wrapper.c
+++ b/lib/uid_wrapper/uid_wrapper.c
@@ -40,7 +40,6 @@ static struct {
bool enabled;
uid_t euid;
gid_t egid;
- unsigned ngroups;
gid_t *groups;
} uwrap;
@@ -51,7 +50,6 @@ static void uwrap_init(void)
if (getenv(UID_WRAPPER)) {
uwrap.enabled = true;
/* put us in one group */
- uwrap.ngroups = 1;
uwrap.groups = talloc_array(NULL, gid_t, 1);
uwrap.groups[0] = 0;
}
@@ -112,7 +110,6 @@ _PUBLIC_ int uwrap_setgroups(size_t size, const gid_t *list)
}
talloc_free(uwrap.groups);
- uwrap.ngroups = 0;
uwrap.groups = NULL;
if (size != 0) {
@@ -122,30 +119,33 @@ _PUBLIC_ int uwrap_setgroups(size_t size, const gid_t
*list)
return -1;
}
memcpy(uwrap.groups, list, size*sizeof(gid_t));
- uwrap.ngroups = size;
}
return 0;
}
_PUBLIC_ int uwrap_getgroups(int size, gid_t *list)
{
+ size_t ngroups;
+
uwrap_init();
if (!uwrap.enabled) {
return getgroups(size, list);
}
- if (size uwrap.ngroups) {
- size = uwrap.ngroups;
+ ngroups = talloc_array_length(uwrap.groups);
+
+ if (size ngroups) {
+ size = ngroups;
}
if (size == 0) {
- return uwrap.ngroups;
+ return ngroups;
}
- if (size uwrap.ngroups) {
+ if (size ngroups) {
errno = EINVAL;
return -1;
}
memcpy(list, uwrap.groups, size*sizeof(gid_t));
- return uwrap.ngroups;
+ return ngroups;
}
_PUBLIC_ uid_t uwrap_getuid(void)
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index a5c11d9..45d99ce 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -555,6 +555,8 @@ sub check_or_start() {
$ENV{NSS_WRAPPER_GROUP} = $env_vars-{NSS_WRAPPER_GROUP};
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via ceb831c s3:lib: remove unused/empty modules.c from 733457a selftest/Samba3: enable uid wrapper in nmbd, winbindd and smbd http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ceb831c2cc7599b45d63fc7a75643e0d767e960e Author: Stefan Metzmacher me...@samba.org Date: Thu Oct 6 09:57:20 2011 +0200 s3:lib: remove unused/empty modules.c metze Autobuild-User: Stefan Metzmacher me...@samba.org Autobuild-Date: Thu Oct 6 15:23:45 CEST 2011 on sn-devel-104 --- Summary of changes: source3/lib/module.c | 22 -- source3/wscript_build |2 +- 2 files changed, 1 insertions(+), 23 deletions(-) delete mode 100644 source3/lib/module.c Changeset truncated at 500 lines: diff --git a/source3/lib/module.c b/source3/lib/module.c deleted file mode 100644 index a85d7d0..000 --- a/source3/lib/module.c +++ /dev/null @@ -1,22 +0,0 @@ -/* - Unix SMB/CIFS implementation. - module loading system - - Copyright (C) Jelmer Vernooij 2002-2003 - Copyright (C) Stefan (metze) Metzmacher 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see http://www.gnu.org/licenses/. -*/ - -#include includes.h diff --git a/source3/wscript_build b/source3/wscript_build index 693148f..6d8402e 100755 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -80,7 +80,7 @@ LIB_SRC = ''' intl/lang_tdb.c lib/conn_tdb.c lib/gencache.c lib/sessionid_tdb.c - lib/module.c lib/events.c + lib/events.c lib/server_contexts.c lib/server_prefork.c lib/server_prefork_util.c -- Samba Shared Repository
