Re: [Samba] net user add . is there any way to specify destination ou ?
On Wed, Jul 08, 2009 at 03:14:35PM -0400, Michael Joyner ᏩᏯ wrote: net user add . is there any way to specify destination OU when security=ads ? You can define the container where to create users (and groups) with --container=ou=mycontainer. The base dn of your domain will be appended automatically. Guenther -- Günther DeschnerGPG-ID: 8EE11688 Red Hat gdesch...@redhat.com Samba Team g...@samba.org pgpTCNDebKzJD.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS recycle force user
Hi, i tried Samba 3.4.0 but with same result:( I created a new bug #6549 where i put also my log file with debug level 10 Lukas On Thu, 9 Jul 2009, Jeremy Allison wrote: On Tue, Jul 07, 2009 at 03:47:31PM +0200, dese...@linuxbox.cz wrote: i have problem with share with parametr force user Here i my settings of VFS modul recycle vfs object = recycle recycle:repository = .recycle/%u recycle:maxsize = 5000 recycle:exclude = *.tmp *.temp *.o *.obj ~$* recycle:exclude_dir = sdileni/*/profile* tmp temp cache recycle:versions = yes recycle:touch = yes recycle:keeptree = yes and this is my share [my_share] path = /home/sdileni/instalace comment = software, instalace force group = smbgroup force user = smbuser public = yes If i delete some file from this share, then samba make directory .recycle/smbuser. But in older version (for example Samba 3.3.0) samba maked directory .recycle/real_user - and this i need! It's possible? I must have something new in configuration or is this new behavior of samba? I think this is a side effect of the change that went into 3.4.0pre1. From the changelog : Changes since 3.4.0pre1 --- o Jeremy Allison * BUG 6291: Fix 'force user'. The recycle code uses a substitution of conn-server_info-unix_name for the %u parameter, and this is not (correctly) set to the forced username on connect (which is required for force user to work correctly. The real user name is lost after authentication, which is what you've asked for. The previous (3.3.0) behavior was probably a side effect of force user not being correct in that release. I think in the latest Samba 3.3.6 it would behave the same. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS recycle force user
On Mon, Jul 13, 2009 at 9:06 AM, Lukas Deseyvedese...@linuxbox.cz wrote: Hi, i tried Samba 3.4.0 but with same result:( From what I understand, Jeremy says you should downgrade to 3.3.6 to restore the behavior you want. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS recycle force user
No, i use at first time samba 3.3.6 and here was this problem. then i tried samba 3.4.0. but with same problem (and before any time i tried samba 3.3.3 and in this version was also this problem). Last version what i use without this problem is 3.0.30 But i dont know if this problem is new behavior or is it bug or if i must have something new in configuration or...? So...my problem is: - i have sharing with parameter force user and i use VFS module recycle - after connecting to share and delete some files, so samba maked directory .recycle/$force_user, but i need directory .recycle/$real_user thanks, Lukas On Mon, 13 Jul 2009, Norberto Bensa wrote: On Mon, Jul 13, 2009 at 9:06 AM, Lukas Deseyvedese...@linuxbox.cz wrote: Hi, i tried Samba 3.4.0 but with same result:( From what I understand, Jeremy says you should downgrade to 3.3.6 to restore the behavior you want. -- S pozdravem - Bc. Lukas DESEYVE LinuxBox.cz, s.r.o. 28. rijna 168, 709 01 Ostrava tel.: +420 596 603 142 fax: +420 596 603 143 mobil: +420 737 238 658 www.linuxbox.cz mobil servis: +420 737 238 656 email servis: ser...@linuxbox.cz - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] writable shares between solaris and windows
One of our daily jobs needs to process a lot of files on a solaris server and dump the files onto a windows server. We currently use sharity to accomplish this. However, the performance becomes worse when the files get larger. We want to find another approach to do this. The reason we didnt use samba was that very few users have unix accounts and they need to have write permission to the share. We dont want to create unix accounts just for this. To use ADS, we need to install and kerberos for this, we dont use kerberos right now. Is it worth the effort to configure kerberos for this? Is there any better way? Thanks Ying Xu --- DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to this message and then delete it from your system. Use, dissemination or copying of this message by unintended recipients is not authorized and may be unlawful. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] writable shares between solaris and windows
On Mon, Jul 13, 2009 at 09:54:42AM -0500, Xu, Ying (Houston) wrote: One of our daily jobs needs to process a lot of files on a solaris server and dump the files onto a windows server. We currently use sharity to accomplish this. However, the performance becomes worse when the files get larger. We want to find another approach to do this. The reason we didnt use samba was that very few users have unix accounts and they need to have write permission to the share. We dont want to create unix accounts just for this. To use ADS, we need to install and kerberos for this, we dont use kerberos right now. Is it worth the effort to configure kerberos for this? Is there any better way? Samba definitely needs unix accounts to be able to use the kernel access controls, sorry. You could join your box to AD, but winbind would then create virtual users for you. To gain nfs-like (non-)security, you might map all users to a single unix user via the map to guest = bad password and guest ok = yes features and control access to the shares via hosts allow/deny. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
On Sun, Mar 22, 2009 at 3:37 PM, Elvar el...@elvar.org wrote: Elder Souza wrote: No prob Jeremy, thanx for your help! Elder Souza (71) 9972-7573 / (71) 8801-5734 On Tue, Oct 21, 2008 at 5:47 PM, Jeremy Allison j...@samba.org wrote: On Tue, Oct 21, 2008 at 05:44:05PM -0300, Elder Souza wrote: It has been fixed after what version? Do you know? Don't have the time to check the release notes right now, but it's definately fixed in 3.0.32 and 3.2.4. Jeremy. I just downloaded version 3.0.33 and when I view the local.h file I still see 200 defined as the max simultaneous connections. Is it really fixed? Some of my installations require more than 200 simultaneous connections. I'm still using an older version but until I modified this to 400+ I had problems. /* Max number of simultaneous winbindd socket connections. */ #define WINBINDD_MAX_SIMULTANEOUS_CLIENTS 200 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I am using 3.2.4 but I still get this messages. I had many production servers hit 100% CPU due to winbind. I had to stop winbind 3 times through rc script to stop winbind. I didn't have verbose log enabled, but I would go straight and upgrade if you guys think this is resolved in latest versions. winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:50:36, 0] winbindd/winbindd.c:process_loop(955) winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:50:36, 0] winbindd/winbindd.c:process_loop(974) winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:50:36, 0] winbindd/winbindd.c:process_loop(955) winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:50:36, 0] winbindd/winbindd.c:process_loop(974) winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:51:41, 1] lib/util_tdb.c:tdb_validate_and_backup(1424) tdb '/var/lib/samba/winbindd_cache.tdb' is valid [2009/07/09 16:51:41, 1] lib/util_tdb.c:tdb_validate_and_backup(1434) Created backup '/var/lib/samba/winbindd_cache.tdb.bak' of tdb '/var/lib/samba/winbindd_cache.tdb' [2009/07/09 16:51:41, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2374) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2009/07/09 16:51:42, 1] lib/util_tdb.c:tdb_validate_and_backup(1424) tdb '/var/lib/samba/winbindd_cache.tdb' is valid [2009/07/09 16:51:42, 1] lib/util_tdb.c:tdb_validate_and_backup(1434) Created backup '/var/lib/samba/winbindd_cache.tdb.bak' of tdb '/var/lib/samba/winbindd_cache.tdb' u...@hostname$ rpm -qa |grep sam samba-client-3.2.4-1 samba-3.2.4-1 samba-debuginfo-3.2.4-1 samba-swat-3.2.4-1 samba-common-3.2.4-1 samba-doc-3.2.4-1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4 on Centos 5.3
cd to samba-3.4.0/packaging/RHEL and run sh makerpms.sh then rpm -Uvh /usr/src/redhat/RPMS/X86_64/samba*3.4.0*.rpm smbpasswd -w /etc/rc.d/init.d/smb restart Niklas Saers wrote: Dear Sirs, I'm running a vanilla CentOS 5.3 server, and yum there has Samba 3.0.33. What's the recommended way to install Samba 3.4 as an upgrade over 3.0.33? Just ./configure make sudo make install ? Cheers Nik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
On Mon, Jul 13, 2009 at 11:53 AM, Linux Addict linuxaddi...@gmail.comwrote: On Sun, Mar 22, 2009 at 3:37 PM, Elvar el...@elvar.org wrote: Elder Souza wrote: No prob Jeremy, thanx for your help! Elder Souza (71) 9972-7573 / (71) 8801-5734 On Tue, Oct 21, 2008 at 5:47 PM, Jeremy Allison j...@samba.org wrote: On Tue, Oct 21, 2008 at 05:44:05PM -0300, Elder Souza wrote: It has been fixed after what version? Do you know? Don't have the time to check the release notes right now, but it's definately fixed in 3.0.32 and 3.2.4. Jeremy. I just downloaded version 3.0.33 and when I view the local.h file I still see 200 defined as the max simultaneous connections. Is it really fixed? Some of my installations require more than 200 simultaneous connections. I'm still using an older version but until I modified this to 400+ I had problems. /* Max number of simultaneous winbindd socket connections. */ #define WINBINDD_MAX_SIMULTANEOUS_CLIENTS 200 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I am using 3.2.4 but I still get this messages. I had many production servers hit 100% CPU due to winbind. I had to stop winbind 3 times through rc script to stop winbind. I didn't have verbose log enabled, but I would go straight and upgrade if you guys think this is resolved in latest versions. winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:50:36, 0] winbindd/winbindd.c:process_loop(955) winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:50:36, 0] winbindd/winbindd.c:process_loop(974) winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:50:36, 0] winbindd/winbindd.c:process_loop(955) winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:50:36, 0] winbindd/winbindd.c:process_loop(974) winbindd: Exceeding 200 client connections, no idle connection found [2009/07/09 16:51:41, 1] lib/util_tdb.c:tdb_validate_and_backup(1424) tdb '/var/lib/samba/winbindd_cache.tdb' is valid [2009/07/09 16:51:41, 1] lib/util_tdb.c:tdb_validate_and_backup(1434) Created backup '/var/lib/samba/winbindd_cache.tdb.bak' of tdb '/var/lib/samba/winbindd_cache.tdb' [2009/07/09 16:51:41, 0] winbindd/winbindd_cache.c:initialize_winbindd_cache(2374) initialize_winbindd_cache: clearing cache and re-creating with version number 1 [2009/07/09 16:51:42, 1] lib/util_tdb.c:tdb_validate_and_backup(1424) tdb '/var/lib/samba/winbindd_cache.tdb' is valid [2009/07/09 16:51:42, 1] lib/util_tdb.c:tdb_validate_and_backup(1434) Created backup '/var/lib/samba/winbindd_cache.tdb.bak' of tdb '/var/lib/samba/winbindd_cache.tdb' u...@hostname$ rpm -qa |grep sam samba-client-3.2.4-1 samba-3.2.4-1 samba-debuginfo-3.2.4-1 samba-swat-3.2.4-1 samba-common-3.2.4-1 samba-doc-3.2.4-1 Looks like this where the bug was tracked. https://bugzilla.samba.org/show_bug.cgi?id=3204 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Active Directory Integration Problems
Brian, Which logs should I be checking? The following output comes from the winbindd.log. I replaced the FQDN of the domain controller in the second to last line of the log file. It was in the format SERVERNAME.domain.name [2009/07/13 09:16:40, 0] lib/util_sock.c:write_data(564) write_data: write failure. Error = Connection reset by peer [2009/07/13 09:16:40, 0] libsmb/clientgen.c:write_socket(158) write_socket: Error writing 104 bytes to socket 17: ERRNO = Connection reset by peer [2009/07/13 09:16:40, 0] libsmb/clientgen.c:cli_send_smb(188) Error writing 104 bytes to client. -1 (Connection reset by peer) [2009/07/13 09:16:40, 1] rpc_client/cli_pipe.c:cli_rpc_pipe_open(2223) cli_rpc_pipe_open: cli_nt_create failed on pipe \lsarpc to machine (FQDN to domain controller). Error was Write error: Connection reset by peer -Original Message- From: gregorcy [mailto:brian.grego...@utah.edu] Sent: Friday, July 10, 2009 12:56 PM To: David Armstrong Cc: samba@lists.samba.org Subject: Re: [Samba] Active Directory Integration Problems David Armstrong wrote: Thanks for the replies. I have modified the share portion of my smb.conf file as shown below. Still no luck. [test] path = /home/2CP/darmstrong browseable = yes read only = yes inherit permissions = yes valid users = 2CP\darmstrong,buexec,test,itadmin write list = 2CP\darmstrong,buexec,test,itadmin read list = When modifying file permissions for shares on Windows servers, I have to log out and log back on again before the workstation recognizes them. Does the same go for Samba shares? Sounds like my first suggestion was wrong, maybe try uping the idmap setting. idmap backend = rid:CHEMENG=500-1 idmap uid = 500-1 idmap gid = 500-1 Is there anything in the logs? -- Brian Gregorcy IT Manager University of Utah Department of Chemical Engineering -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba4. Provision script fails.
Good day. I want to try a new version of samba. I have installed samba4: freebsd-samba# samba4 -V Version 4.0.0alpha8 freebsd-samba# uname -a FreeBSD freebsd-samba.domain 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 r...@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 freebsd-samba# I used port system to install samba. Then i wan't to use provision script to configure samba as domain controller. And the provision script fails with segmentation fault: freebsd-samba# /usr/local/share/samba4/setup/provision --realm=freebsd.unix --domain=unix --adminpass=password --server-role='domain controller' Setting up secrets.ldb Setting up the registry Setting up templates db Setting up idmap db schema_fsmo_init: no schema head present: (skip schema loading) naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details) pdc_fsmo_init: no domain object present: (skip loading of domain details) schema_fsmo_init: no schema dn present: (skip schema loading) naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details) pdc_fsmo_init: no domain dn present: (skip loading of domain details) Setting up sam.ldb attributes Setting up sam.ldb rootDSE Erasing data from partitions schema_fsmo_init: no schema head present: (skip schema loading) naming_fsmo_init: no partitions dn present: (skip loading of naming contexts details) pdc_fsmo_init: no domain object present: (skip loading of domain details) Pre-loading the Samba 4 and AD schema Segmentation fault (core dumped) freebsd-samba# What can I do with this? If you want, I can send core file. Thanks. -- WBR, Ozerov Vasiliy aka fr33man. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] nsswitch issue
Hi:) If I run the command: getent group or getent passwd the result is usernma or goup instead of domain\username or domain\group do you have any clue about what's wrong? Thanks:) Gabi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] VFS recycle force user
On Mon, Jul 13, 2009 at 03:39:26PM +0200, Lukas Deseyve wrote: No, i use at first time samba 3.3.6 and here was this problem. then i tried samba 3.4.0. but with same problem (and before any time i tried samba 3.3.3 and in this version was also this problem). Last version what i use without this problem is 3.0.30 But i dont know if this problem is new behavior or is it bug or if i must have something new in configuration or...? So...my problem is: - i have sharing with parameter force user and i use VFS module recycle - after connecting to share and delete some files, so samba maked directory .recycle/$force_user, but i need directory .recycle/$real_user Unfortunately the behavior you relied upon was a bug that we fixed. So no, we won't be restoring the old behavior, sorry. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] nsswitch issue
On Mon, Jul 13, 2009 at 12:38 PM, Gabriel Petrescu gabriele...@gmail.comwrote: Hi:) If I run the command: getent group or getent passwd the result is usernma or goup instead of domain\username or domain\group do you have any clue about what's wrong? Thanks:) Gabi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba What is winbind use default domain ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Trouble with idmap_ldap in 3.3.6
On Sat, Jul 11, 2009 at 12:03:43AM -0400, Daniel Barowy wrote: Hello everyone, We've been running Samba for years, and with the exception of IDMAP, we've been very happy. Well, now we have a real need to keep this information in a shared DB, so I'm trying to set up the idmap_ldap plugin. I *think* I have lookups working correctly-- at least, I can see that Samba is contacting the LDAP directory. But since there's nothing actually *in* my directory yet, I can't be sure. But the real issue is that I'm having trouble getting LDAP to work as an allocating backend. I'm getting some ugly stuff like this: [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap_alloc(201) idmap_alloc module tdb already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module passdb already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:smb_register_idmap(149) Idmap module nss already registered! [2009/07/10 23:37:51, 0] winbindd/idmap.c:idmap_alloc_init(589) ERROR: Initialization failed for alloc backend, deferred! [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(40) === [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(41) INTERNAL ERROR: Signal 11 in pid 14920 (3.3.6) Please read the Trouble-Shooting section of the Samba3-HOWTO [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(43) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2009/07/10 23:38:12, 0] lib/fault.c:fault_report(44) === [2009/07/10 23:38:12, 0] lib/util.c:smb_panic(1673) PANIC (pid 14920): internal error [2009/07/10 23:38:12, 0] lib/util.c:log_stack_trace(1777) BACKTRACE: 21 stack frames: #0 winbindd(log_stack_trace+0x2d) [0x3581f9] #1 winbindd(smb_panic+0x8e) [0x35804b] #2 winbindd [0x341960] #3 winbindd [0x341971] #4 /lib/tls/libc.so.6 [0x74e918] #5 winbindd [0x62c779] #6 winbindd(run_events+0xdf) [0x36b645] #7 winbindd [0x2b8c6d] #8 winbindd [0x2b5eb7] #9 winbindd(async_request+0x20f) [0x2b5881] #10 winbindd(do_async+0x13c) [0x2b9301] #11 winbindd(winbindd_gid2sid_async+0xd8) [0x2c190e] #12 winbindd(winbindd_gid_to_sid+0x2fd) [0x2a2bc7] #13 winbindd [0x2819b8] #14 winbindd [0x28251a] #15 winbindd [0x282368] #16 winbindd [0x281ce7] #17 winbindd [0x282c13] #18 winbindd(main+0xb68) [0x283a96] #19 /lib/tls/libc.so.6(__libc_start_main+0xd3) [0x73bdf3] #20 winbindd [0x280f31] [2009/07/10 23:38:12, 0] lib/fault.c:dump_core(231) dumping core in /var/log/samba/cores/winbindd It's entirely possible that I'm just not configuring this properly. No, it should never crash. Can you load the debug symbols and get a stack backtrace from gdb so we can fix this please ? Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Suggestion for 2 domains samba+ldap and Windows AD
Hi people. I want to know if this is possible. I have right now 3 domains in my network. Dom A = Samba 3.0.33 Gentoo + LDAP. This serve to a domain of 10 users at location 1. Dom B = Windows 2003 AD serving 8 users at location 2. Dom C = WinNT + samba as client serving most of the users(35) at location 2. As u can see, the NT is the most busy, I need to remove that domain, is in the same location as Dom B, my path is to move all the users from Dom C to Dom B most of the machines are windows boxes. This is easy, the only issue I was having before is my 2 samba boxes, I could not make possible to be part of the Dom B, but last week I made that possible, them I can make this move. Well, the main reason of this email is because, after I remove the NT server, at location 2 I would just have a Window 2k3 AD domain working, on the other site (location 1) I would have a domain running samba+ldap working. Right now, if I'm at location 1 I cannot see location 2 the Dom B(Win 2k3), the same thing happen at location 2. There is a way to make this possible, can a domain with samba+ldap see a domain with win 2k3? Is possible to share users? I was think to setup another server at location 2 with samba+ldap and sync users but I still have the users of the win 2k3 domain...? Hope to be clear, if someone have some experience here at will appreciated, thanks for your time!!! P.S. my samba serves at location 2 are Centos 5.x Samba 3.0.33. -- LIving the dream... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
On Mon, Jul 13, 2009 at 11:53:15AM -0400, Linux Addict wrote: On Sun, Mar 22, 2009 at 3:37 PM, Elvar el...@elvar.org wrote: Elder Souza wrote: No prob Jeremy, thanx for your help! Elder Souza (71) 9972-7573 / (71) 8801-5734 On Tue, Oct 21, 2008 at 5:47 PM, Jeremy Allison j...@samba.org wrote: On Tue, Oct 21, 2008 at 05:44:05PM -0300, Elder Souza wrote: It has been fixed after what version? Do you know? Don't have the time to check the release notes right now, but it's definately fixed in 3.0.32 and 3.2.4. Jeremy. I just downloaded version 3.0.33 and when I view the local.h file I still see 200 defined as the max simultaneous connections. Is it really fixed? Some of my installations require more than 200 simultaneous connections. I'm still using an older version but until I modified this to 400+ I had problems. /* Max number of simultaneous winbindd socket connections. */ #define WINBINDD_MAX_SIMULTANEOUS_CLIENTS 200 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba I am using 3.2.4 but I still get this messages. I had many production servers hit 100% CPU due to winbind. I had to stop winbind 3 times through rc script to stop winbind. I didn't have verbose log enabled, but I would go straight and upgrade if you guys think this is resolved in latest versions. Ah. My statement that this was fixed in 3.2.4 was wrong, sorry about that. I've checked back in the release notes and the fix for this bug (3204) was discovered by Richard Sharpe in Jan 2009, and 3.2.4 dates from 18 September 2008. The fix went into the 3.2 tree on 2009-01-08, and so it will have been fixed on the 03 February 2009 release Samba 3.2.8 and above. Sorry for the mistake in claiming it was fixed in 3.2.4. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba on RHEL issue
Hi, I am trying to install samba on the RHEL. The installation completes but after that I get the smbd dead message upon checking the status: [r...@usps-dc1-pc12 share]# [r...@usps-dc1-pc12 share]# service smb status smbd dead but pid file exists nmbd (pid 8078) is running... [r...@usps-dc1-pc12 share]# The version of RHEL and samba are as follows: [r...@usps-dc1-pc12 samba]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.3 (Tikanga) [r...@usps-dc1-pc12 samba]# [r...@usps-dc1-pc12 samba]# [r...@usps-dc1-pc12 samba]# [r...@usps-dc1-pc12 samba]# yum install samba Loaded plugins: rhnplugin, security Setting up Install Process Parsing package install arguments Package samba-3.0.33-3.7.el5_3.1.i386 already installed and latest version Nothing to do [r...@usps-dc1-pc12 samba]# [r...@usps-dc1-pc12 samba]# [r...@usps-dc1-pc12 samba]# Any pointers to fix the issue will be helpful. Thank you. Shuaib -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba on RHEL issue
Quoting Shuaib Ilyas (shilyas) shil...@cisco.com: I am trying to install samba on the RHEL. The installation completes but after that I get the smbd dead message upon checking the status: What does the samba logfile say about this? On Fedora (which should have the same layout as RHEL), the samba logfile is in /var/log/samba/log.smbd Have you ran testparm to check smb.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba on RHEL issue
Shuaib Ilyas (shilyas) wrote: Hi, I am trying to install samba on the RHEL. The installation completes but after that I get the smbd dead message upon checking the status: [r...@usps-dc1-pc12 share]# [r...@usps-dc1-pc12 share]# service smb status smbd dead but pid file exists nmbd (pid 8078) is running... [r...@usps-dc1-pc12 share]# Hi Shuaib, Seems to me I had the same problem on CentOS 5.2 a few months back. Try this: 1) stop the service: /etc/rc.d/init.d/smb stop 2) erase any stray PID's: rm /var/run/smbd.pid rm /var/run/nmbd.pid 3) restart the service: /etc/rc.d/init.d/smb start If that does not work, try rebooting. HTH, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Intertrust Domain Account over Samba Servers?
Hello, A few days ago came a demand for users of 3 domains could sign up on their machines. 1 of them is with Ubuntu / Linux (Samba 3.3.2), 1 with Debian (Samba 3.20) and last with Windows Server 2003 (Mixed Mode). The problem in the relationship between Debian / Linux and Ubuntu / Linux. Added to account for each one through the LDAP base. But as I try to: net rpc trustdom establish $ DOMAIN Could not verify Trusting domain account. Error was NT_STATUS_OK. Anyone have any idea what could be? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Samba on RHEL issue
Thanks for the reply. I followed the steps but it still did not work. In step 2, there were no smbd.pid or nmbd.pid files found. In step 3, even after starting the service, when checking status, smbd id dead. Even after the reboot, same status. Shuaib -Original Message- From: MargoAndTodd [mailto:margoandt...@gmail.com] Sent: Monday, July 13, 2009 1:19 PM To: Shuaib Ilyas (shilyas) Cc: samba@lists.samba.org Subject: Re: [Samba] Samba on RHEL issue Shuaib Ilyas (shilyas) wrote: Hi, I am trying to install samba on the RHEL. The installation completes but after that I get the smbd dead message upon checking the status: [r...@usps-dc1-pc12 share]# [r...@usps-dc1-pc12 share]# service smb status smbd dead but pid file exists nmbd (pid 8078) is running... [r...@usps-dc1-pc12 share]# Hi Shuaib, Seems to me I had the same problem on CentOS 5.2 a few months back. Try this: 1) stop the service: /etc/rc.d/init.d/smb stop 2) erase any stray PID's: rm /var/run/smbd.pid rm /var/run/nmbd.pid 3) restart the service: /etc/rc.d/init.d/smb start If that does not work, try rebooting. HTH, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] Samba on RHEL issue
Hi Jonathon, Thanks for looking into it. The log messages are as follows: [r...@usps-dc1-pc12 samba]# [r...@usps-dc1-pc12 samba]# [r...@usps-dc1-pc12 samba]# tail smbd.log bind failed on port 445 socket_addr = 0.0.0.0. Error = Address already in use [2009/07/13 14:38:00, 0] smbd/server.c:main(944) smbd version 3.0.33-3.7.el5_3.1 started. Copyright Andrew Tridgell and the Samba Team 1992-2008 [2009/07/13 14:38:00, 1] param/loadparm.c:service_ok(3038) NOTE: Service printers is flagged unavailable. [2009/07/13 14:38:00, 0] lib/util_sock.c:open_socket_in(822) bind failed on port 445 socket_addr = 0.0.0.0. Error = Address already in use [r...@usps-dc1-pc12 samba]# The output of testparm to check the config smb.conf is a s follows: r...@usps-dc1-pc12 samba]# testparm /etc/samba/smb.conf Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] NOTE: Service printers is flagged unavailable. Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = WRKGRP netbios name = SMBSERVER security = SHARE default service = global path = /home cups options = raw available = No [homes] comment = Home Directories path = /home/share valid users = smbuser admin users = smbuser force user = root read only = No guest ok = Yes browseable = No available = Yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [r...@usps-dc1-pc12 samba]# [r...@usps-dc1-pc12 samba]# Any ideas? -Original Message- From: samba-bounces+shilyas=cisco@lists.samba.org [mailto:samba-bounces+shilyas=cisco@lists.samba.org] On Behalf Of Jonathon Doran Sent: Monday, July 13, 2009 1:23 PM To: samba@lists.samba.org Subject: Re: [Samba] Samba on RHEL issue Quoting Shuaib Ilyas (shilyas) shil...@cisco.com: I am trying to install samba on the RHEL. The installation completes but after that I get the smbd dead message upon checking the status: What does the samba logfile say about this? On Fedora (which should have the same layout as RHEL), the samba logfile is in /var/log/samba/log.smbd Have you ran testparm to check smb.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Sharing same directory with Samba and NFS
This topic seems to rear its head every now and then, but I can't seem to get a definitive answer I'm running a single RHEL5 server that is currently serving out home directories and a public share via Samba. My Linux desktop clients would like to access these same shares via NFS. So, the age-old question, is it possible or am I looking at a lifetime of pain and corrupted data? I will eventually be running a cluster of 3 servers, one running Samba, one running NFS and one as a standby. I've read that it's possible but. nothing really specific. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Active Directory Integration Problems
Lets see if this help. I have setup a server a couple of weeks before, windows 2k3 AD I add my vm centos 5.3 machine to it, I share 1 folder and add the home users folder. Is running and have no issue with. Windows 2k3 domain name: DOM.local machine name: dompdc IP: 192.168.2.2 Network: 192.168.2.0/24 Centos machine name: dom-vmcentos(DHCP) Kerberos: /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOM.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] DOM.LOCAL = { admin_server = dompdc.DOM.local default_domain = DOM.local kdc = dompdc.DOM.local } [domain_realm] .kerberos.server = DOM.LOCAL [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Winbind + samba running, lets go with samba: [global] syslog = 1 log level = 2 vfs:2 log file = /var/log/samba/%U.%m.log utmp = Yes load printers = no socket options = TCP_NODELAY SO_RCVBUF=20480 SO_SNDBUF=20480 dns proxy = no server string = vmCents 5.x Test Server printing = cups workgroup = DOM netbios name = dom-vmcentos security = ads realm = DOM.LOCAL allow trusted domains = Yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = Yes winbind enum groups = Yes winbind separator = + password server = dompdc.DOM.local encrypt passwords = Yes printcap name = /etc/printcap max log size = 100 interfaces = eth0 bind interfaces only = Yes local master = no domain master = no preferred master = no template homedir = /home/%D/%U template shell = /bin/bash #unix charset = UTF-8 [homes] comment = Home Directories DOM browseable = no writable = yes #valid users = %S create mode = 0664 directory mode = 0775 [Test] comment = Test Directories DOM path = /opt/test public = yes browseable = yes writable = yes valid users = DOM+username write list = DOM+username create mode = 0770 /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc:files winbind services: files netgroup: files winbind publickey: nisplus automount: files winbind aliases:files nisplus /etc/hostname: # Do not remove the following line, or various programs # that require network functionality willfail. 192.168.2.118 dom-vmcentos.DOM.local dom-vmcentos #::1localhost6.localdomain6 localhost6 192.168.2.2 dompdc.DOM.local dompdc Here it suppose that we already add the machine account to AD and is working as u say. Now lets see our shares on linux: [r...@dom-vmcentos opt]# ll total 16 -rw-r--r-- 1 root root 146 Sep 16 2008 File drwx-- 2 root root 12288 Feb 22 2008 lost+found drwxr-xr-x 3 psql pvsw 1024 Jun 12 2008 PSQLDATA drwxr-xr-x 2 DOM+username root 1024 Jun 16 15:31 test drwxr-xr-x 3 root root 1024 Jan 8 2009 zimbra Lest test: [r...@dom-vmcentos opt]# smbclient -L dom-vmcentos -U username Password: Domain=[DOM] OS=[Unix] Server=[Samba 3.0.33-3.7.el5] Sharename Type Comment - --- IPC$IPC IPC Service (vmCents 5.x Test Server) TestDisk Test Directories DOM usernameDisk Home Directories DOM Domain=[DOM] OS=[Unix] Server=[Samba 3.0.33-3.7.el5] Server Comment ---- DOM-VMCENTOS vmCents 5.x Test Server DOMPDC WorkgroupMaster ---- DOM DOMPDC Now a mount command: mount -t cifs //dom-vmcentos/Test -o username=username,password=passwd /mnt [r...@dom-vmcentos ~]# mount //dom-vmcentos/Test on /mnt type cifs (rw,mand) [r...@dom-vmcentos ~]# I can see the files inside this user home folder, create, modify, etc even inside windows 2k3. See u latter!!! On Mon, Jul 13, 2009 at 9:21 AM, David Armstrongdarmstr...@moca.org wrote: Brian, Which logs should I be checking? The following output comes from the winbindd.log. I replaced the FQDN of the domain controller in the second to last line of the log file. It was in the format SERVERNAME.domain.name [2009/07/13 09:16:40, 0] lib/util_sock.c:write_data(564) write_data: write
[Samba] shared drives are getting disconnected after some time
Dear All, I am using samba 3.0.33-3.7.el5 with openldap for centralized authentication and Nfs mount partition for storage drives. Now the user who logged in the domain and using a shared drive, if they stay ideal for approx 30min. The drive get disconnected and when they try to open it 2-3 times it start working again. Please revert if any buddy else has faced the same problem. Regards, Nitin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-315-g7d73551
The branch, master has been updated via 7d735519d7f6a726240dff8cdcae36acd73df48c (commit) via f26a2ca8e43884a62bf5822e7571692870ecc7a1 (commit) from d7809f65cf25ea10b3edd7df209cbf67a43df138 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7d735519d7f6a726240dff8cdcae36acd73df48c Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 09:01:56 2009 +0200 s3:smbd: make smbd_do_setfilepathinfo() non static for use in SMB2 SetInfo metze commit f26a2ca8e43884a62bf5822e7571692870ecc7a1 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 08:59:32 2009 +0200 s3:smbd: split out smbd_do_setfilepathinfo() from call_trans2setfilepathinfo() metze --- Summary of changes: source3/smbd/globals.h |9 + source3/smbd/trans2.c | 404 ++-- 2 files changed, 225 insertions(+), 188 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 725a94a..109c29a 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -201,6 +201,15 @@ NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn, char **ppdata, unsigned int *pdata_size); +NTSTATUS smbd_do_setfilepathinfo(connection_struct *conn, + struct smb_request *req, + TALLOC_CTX *mem_ctx, + uint16_t info_level, + files_struct *fsp, + struct smb_filename *smb_fname, + char **ppdata, int total_data, + int *ret_data_size); + void smbd_server_connection_terminate_ex(struct smbd_server_connection *sconn, const char *reason, const char *location); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 6554fb6..085a0b2 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7055,200 +7055,45 @@ static NTSTATUS smb_posix_unlink(connection_struct *conn, return close_file(req, fsp, NORMAL_CLOSE); } -/ - Reply to a TRANS2_SETFILEINFO (set file info by fileid or pathname). -/ - -static void call_trans2setfilepathinfo(connection_struct *conn, - struct smb_request *req, - unsigned int tran_call, - char **pparams, int total_params, - char **ppdata, int total_data, - unsigned int max_data_bytes) +NTSTATUS smbd_do_setfilepathinfo(connection_struct *conn, + struct smb_request *req, + TALLOC_CTX *mem_ctx, + uint16_t info_level, + files_struct *fsp, + struct smb_filename *smb_fname, + char **ppdata, int total_data, + int *ret_data_size) { - char *params = *pparams; char *pdata = *ppdata; - uint16 info_level; SMB_STRUCT_STAT sbuf; char *fname = NULL; - struct smb_filename *smb_fname = NULL; - files_struct *fsp = NULL; NTSTATUS status = NT_STATUS_OK; int data_return_size = 0; - TALLOC_CTX *ctx = talloc_tos(); - - if (!params) { - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); - return; - } - - if (tran_call == TRANSACT2_SETFILEINFO) { - if (total_params 4) { - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); - return; - } - - fsp = file_fsp(req, SVAL(params,0)); - /* Basic check for non-null fsp. */ - if (!check_fsp_open(conn, req, fsp)) { - return; - } - info_level = SVAL(params,2); - - fname = talloc_strdup(talloc_tos(),fsp-fsp_name); - if (!fname) { - reply_nterror(req, NT_STATUS_NO_MEMORY); - return; - } - - status = create_synthetic_smb_fname_split(talloc_tos(), fname, - NULL, smb_fname); - if (!NT_STATUS_IS_OK(status)) { - reply_nterror(req, status); - return; - } - if(fsp-is_directory || fsp-fh-fd == -1) { -
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-318-g3ee3eb3
The branch, master has been updated via 3ee3eb3acf5783894f358c415b342a88db248449 (commit) via ed99bf7317fccdb13e832e98f389486443f9fd48 (commit) via 2a92139a1ca8b2c1950f6ca32255b8fcfdeefff6 (commit) from 7d735519d7f6a726240dff8cdcae36acd73df48c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 3ee3eb3acf5783894f358c415b342a88db248449 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 13:14:39 2009 +0200 s3:smbd: close_file() handles named pipes just fine, no reason to return NOT_SUPPORTED metze commit ed99bf7317fccdb13e832e98f389486443f9fd48 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 12:05:34 2009 +0200 s3:smbd: make smbd_do_qfsinfo() non static for use in SMB2 GetInfo metze commit 2a92139a1ca8b2c1950f6ca32255b8fcfdeefff6 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 11:54:20 2009 +0200 s3:smbd: split out smbd_do_qfsinfo() from call_trans2qfsinfo() metze --- Summary of changes: source3/smbd/globals.h|9 +++ source3/smbd/smb2_close.c |5 -- source3/smbd/trans2.c | 172 - 3 files changed, 102 insertions(+), 84 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 109c29a..cd3e054 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -210,6 +210,15 @@ NTSTATUS smbd_do_setfilepathinfo(connection_struct *conn, char **ppdata, int total_data, int *ret_data_size); +NTSTATUS smbd_do_qfsinfo(connection_struct *conn, +TALLOC_CTX *mem_ctx, +uint16_t info_level, +SMB_STRUCT_STAT st, +uint16_t flags2, +unsigned int max_data_bytes, +char **ppdata, +int *ret_data_len); + void smbd_server_connection_terminate_ex(struct smbd_server_connection *sconn, const char *reason, const char *location); diff --git a/source3/smbd/smb2_close.c b/source3/smbd/smb2_close.c index 6724e5c..a46b36e 100644 --- a/source3/smbd/smb2_close.c +++ b/source3/smbd/smb2_close.c @@ -107,11 +107,6 @@ static NTSTATUS smbd_smb2_close(struct smbd_smb2_request *req, return NT_STATUS_NO_MEMORY; } - /* If it's an IPC, pass off the pipe handler. */ - if (IS_IPC(conn)) { - return NT_STATUS_NOT_IMPLEMENTED; - } - fsp = file_fsp(smbreq, (uint16_t)in_file_id_volatile); if (fsp == NULL) { return NT_STATUS_FILE_CLOSED; diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 085a0b2..4dd0375 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -2687,67 +2687,37 @@ static void samba_extended_info_version(struct smb_extended_info *extended_info) %s, samba_version_string()); } -/ - Reply to a TRANS2_QFSINFO (query filesystem info). -/ - -static void call_trans2qfsinfo(connection_struct *conn, - struct smb_request *req, - char **pparams, int total_params, - char **ppdata, int total_data, - unsigned int max_data_bytes) +NTSTATUS smbd_do_qfsinfo(connection_struct *conn, +TALLOC_CTX *mem_ctx, +uint16_t info_level, +SMB_STRUCT_STAT st, +uint16_t flags2, +unsigned int max_data_bytes, +char **ppdata, +int *ret_data_len) { char *pdata, *end_data; - char *params = *pparams; - uint16 info_level; - int data_len, len; - SMB_STRUCT_STAT st; + int data_len = 0, len; const char *vname = volume_label(SNUM(conn)); int snum = SNUM(conn); char *fstype = lp_fstype(SNUM(conn)); uint32 additional_flags = 0; - if (total_params 2) { - reply_nterror(req, NT_STATUS_INVALID_PARAMETER); - return; - } - - info_level = SVAL(params,0); - if (IS_IPC(conn)) { if (info_level != SMB_QUERY_CIFS_UNIX_INFO) { - DEBUG(0,(call_trans2qfsinfo: not an allowed + DEBUG(0,(smbd_do_qfsinfo: not an allowed info level (0x%x) on IPC$.\n, (unsigned int)info_level)); -
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-320-g05fbe0c
The branch, master has been updated via 05fbe0c7f763fbe8c1c48eb82ebdfe04bfa034ea (commit) via 8db45607f8d19781d33ebff0d0b13c473f34009b (commit) from 3ee3eb3acf5783894f358c415b342a88db248449 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 05fbe0c7f763fbe8c1c48eb82ebdfe04bfa034ea Author: Günther Deschner g...@samba.org Date: Fri Jun 12 15:20:48 2009 +0200 libds: merge the UF-ACB flag mapping functions. Guenther commit 8db45607f8d19781d33ebff0d0b13c473f34009b Author: Günther Deschner g...@samba.org Date: Fri Jun 12 14:27:19 2009 +0200 libds: share UF_ flags between samba3 and 4. Guenther --- Summary of changes: libds/common/flag_mapping.c | 143 ++ libds/common/flags.h| 177 +++ source3/Makefile.in |2 +- source3/include/ads.h | 127 + source3/include/proto.h | 16 ++- source3/lib/ads_flags.c | 150 --- source3/lib/netapi/user.c |2 +- source3/passdb/pdb_ads.c|6 +- source3/winbindd/winbindd_ads.c |2 +- source4/cldap_server/netlogon.c |2 +- source4/dsdb/common/flag_mapping.c | 145 --- source4/dsdb/common/flags.h | 137 -- source4/dsdb/common/sidmap.c|6 +- source4/dsdb/common/util.c |6 +- source4/dsdb/config.mk |4 +- source4/dsdb/samdb/ldb_modules/instancetype.c |2 +- source4/dsdb/samdb/ldb_modules/password_hash.c |2 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c |2 +- source4/dsdb/samdb/ldb_modules/samldb.c |8 +- source4/dsdb/samdb/samdb.c |2 +- source4/dsdb/samdb/samdb.h |2 +- source4/kdc/hdb-samba4.c|2 +- source4/kdc/pac-glue.c |2 +- source4/libnet/libnet_become_dc.c |2 +- source4/libnet/libnet_unbecome_dc.c |2 +- source4/rpc_server/lsa/lsa_lookup.c |4 +- source4/rpc_server/netlogon/dcerpc_netlogon.c |2 +- source4/rpc_server/samr/dcesrv_samr.c |8 +- source4/rpc_server/samr/samr_password.c |2 +- 29 files changed, 367 insertions(+), 600 deletions(-) create mode 100644 libds/common/flag_mapping.c create mode 100644 libds/common/flags.h delete mode 100644 source3/lib/ads_flags.c delete mode 100644 source4/dsdb/common/flag_mapping.c delete mode 100644 source4/dsdb/common/flags.h Changeset truncated at 500 lines: diff --git a/libds/common/flag_mapping.c b/libds/common/flag_mapping.c new file mode 100644 index 000..dc7d801 --- /dev/null +++ b/libds/common/flag_mapping.c @@ -0,0 +1,143 @@ +/* + Unix SMB/CIFS implementation. + helper mapping functions for the UF and ACB flags + + Copyright (C) Stefan (metze) Metzmacher 2002 + Copyright (C) Andrew Tridgell 2004 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see http://www.gnu.org/licenses/. +*/ + +#include includes.h +#include librpc/gen_ndr/samr.h +#include ../libds/common/flags.h + +/* +translated the ACB_CTRL Flags to UserFlags (userAccountControl) +*/ +/* mapping between ADS userAccountControl and SAMR acct_flags */ +static const struct { + uint32_t uf; + uint32_t acb; +} acct_flags_map[] = { + { UF_ACCOUNTDISABLE, ACB_DISABLED }, + { UF_HOMEDIR_REQUIRED, ACB_HOMDIRREQ }, + { UF_PASSWD_NOTREQD, ACB_PWNOTREQ }, + { UF_TEMP_DUPLICATE_ACCOUNT, ACB_TEMPDUP }, + { UF_NORMAL_ACCOUNT, ACB_NORMAL }, + { UF_MNS_LOGON_ACCOUNT, ACB_MNS }, + { UF_INTERDOMAIN_TRUST_ACCOUNT, ACB_DOMTRUST }, + { UF_WORKSTATION_TRUST_ACCOUNT, ACB_WSTRUST }, + { UF_SERVER_TRUST_ACCOUNT, ACB_SVRTRUST }, + { UF_DONT_EXPIRE_PASSWD, ACB_PWNOEXP }, + { UF_LOCKOUT, ACB_AUTOLOCK }, + { UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED, ACB_ENC_TXT_PWD_ALLOWED }, + { UF_SMARTCARD_REQUIRED, ACB_SMARTCARD_REQUIRED }, + {
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-321-gf7ff6bd
The branch, master has been updated via f7ff6bd1425cc4f0aa13ce8e7498cdac3967acf3 (commit) from 05fbe0c7f763fbe8c1c48eb82ebdfe04bfa034ea (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit f7ff6bd1425cc4f0aa13ce8e7498cdac3967acf3 Author: Günther Deschner g...@samba.org Date: Mon Jun 29 20:34:03 2009 +0200 s3-rpc_server: pass down full unix token to map_max_allowed_access(). Also use unix_token-uid instead of geteuid() when checking for mapping of the SEC_FLAG_MAXIMUM_ALLOWED flag. Guenther --- Summary of changes: source3/include/proto.h |5 ++- source3/rpc_server/srv_lsa_nt.c |8 +- source3/rpc_server/srv_samr_nt.c | 42 + 3 files changed, 37 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 44132b6..c0ce35a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7253,8 +7253,9 @@ NTSTATUS access_check_object( SEC_DESC *psd, NT_USER_TOKEN *token, SE_PRIV *rights, uint32 rights_mask, uint32 des_access, uint32 *acc_granted, const char *debug); -void map_max_allowed_access(const NT_USER_TOKEN *token, - uint32_t *pacc_requested); +void map_max_allowed_access(const NT_USER_TOKEN *nt_token, + const struct unix_user_token *unix_token, + uint32_t *pacc_requested); /* The following definitions come from ../libds/common/flag_mapping.c */ diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 324483b..c62991e 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -349,7 +349,9 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, NTSTATUS status; /* Work out max allowed. */ - map_max_allowed_access(p-server_info-ptok, des_access); + map_max_allowed_access(p-server_info-ptok, + p-server_info-utok, + des_access); /* map the generic bits to the lsa policy ones */ se_map_generic(des_access, lsa_policy_mapping); @@ -1628,7 +1630,9 @@ NTSTATUS _lsa_OpenAccount(pipes_struct *p, * handle - so don't check against policy handle. */ /* Work out max allowed. */ - map_max_allowed_access(p-server_info-ptok, des_access); + map_max_allowed_access(p-server_info-ptok, + p-server_info-utok, + des_access); /* map the generic bits to the lsa account ones */ se_map_generic(des_access, lsa_account_mapping); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 8560ee9..1085251 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -236,8 +236,9 @@ done: Map any MAXIMUM_ALLOWED_ACCESS request to a valid access set. / -void map_max_allowed_access(const NT_USER_TOKEN *token, - uint32_t *pacc_requested) +void map_max_allowed_access(const NT_USER_TOKEN *nt_token, + const struct unix_user_token *unix_token, + uint32_t *pacc_requested) { if (!((*pacc_requested) MAXIMUM_ALLOWED_ACCESS)) { return; @@ -248,15 +249,15 @@ void map_max_allowed_access(const NT_USER_TOKEN *token, *pacc_requested = GENERIC_READ_ACCESS|GENERIC_EXECUTE_ACCESS; /* root gets anything. */ - if (geteuid() == sec_initial_uid()) { + if (unix_token-uid == sec_initial_uid()) { *pacc_requested |= GENERIC_ALL_ACCESS; return; } /* Full Access for 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */ - if (is_sid_in_token(token, global_sid_Builtin_Administrators) || - is_sid_in_token(token, global_sid_Builtin_Account_Operators)) { + if (is_sid_in_token(nt_token, global_sid_Builtin_Administrators) || + is_sid_in_token(nt_token, global_sid_Builtin_Account_Operators)) { *pacc_requested |= GENERIC_ALL_ACCESS; return; } @@ -266,7 +267,7 @@ void map_max_allowed_access(const NT_USER_TOKEN *token, DOM_SID domadmin_sid; sid_copy( domadmin_sid, get_global_sam_sid() ); sid_append_rid( domadmin_sid, DOMAIN_GROUP_RID_ADMINS ); - if (is_sid_in_token(token, domadmin_sid)) { + if (is_sid_in_token(nt_token, domadmin_sid)) { *pacc_requested |= GENERIC_ALL_ACCESS;
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-322-g8646b95
The branch, master has been updated via 8646b9521d267284a335aafba3df6039c41b8370 (commit) from f7ff6bd1425cc4f0aa13ce8e7498cdac3967acf3 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8646b9521d267284a335aafba3df6039c41b8370 Author: Stefan Metzmacher me...@samba.org Date: Mon Jul 13 13:24:19 2009 +0200 s3:net: Fix Bug #6222. Default to DRSUAPI replication for net rpc vampire keytab metze Signed-off-by: Günther Deschner g...@samba.org --- Summary of changes: source3/utils/net_rpc_samsync.c | 11 +++ 1 files changed, 7 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index bd5047c..c0de247 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -493,17 +493,20 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) if (!dc_info.is_ad) { printf(DC is not running Active Directory\n); - return -1; - } - - if (dc_info.is_mixed_mode) { ret = run_rpc_command(c, cli, ndr_table_netlogon.syntax_id, 0, rpc_vampire_keytab_internals, argc, argv); + return -1; } else { ret = run_rpc_command(c, cli, ndr_table_drsuapi.syntax_id, NET_FLAGS_SEAL, rpc_vampire_keytab_ds_internals, argc, argv); + if (ret != 0 dc_info.is_mixed_mode) { + printf(Fallback to NT4 vampire on Mixed-Mode AD Domain\n); + ret = run_rpc_command(c, cli, ndr_table_netlogon.syntax_id, + 0, + rpc_vampire_keytab_internals, argc, argv); + } } return ret; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-323-ge4fca74
The branch, master has been updated via e4fca7466d3bc064587638560572813e62df00d8 (commit) from 8646b9521d267284a335aafba3df6039c41b8370 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e4fca7466d3bc064587638560572813e62df00d8 Author: Günther Deschner g...@samba.org Date: Mon Jul 13 21:56:31 2009 +0200 s3-pdb_ads: set correct pdb field with the value from 'accountExpires' attribute. Guenther --- Summary of changes: source3/passdb/pdb_ads.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/pdb_ads.c b/source3/passdb/pdb_ads.c index 4f7c210..66fdff1 100644 --- a/source3/passdb/pdb_ads.c +++ b/source3/passdb/pdb_ads.c @@ -203,7 +203,7 @@ static NTSTATUS pdb_ads_init_sam_from_priv(struct pdb_methods *m, pdb_set_pass_last_set_time(sam, tmp_time, PDB_SET); } if (pdb_ads_pull_time(entry, accountExpires, tmp_time)) { - pdb_set_pass_last_set_time(sam, tmp_time, PDB_SET); + pdb_set_kickoff_time(sam, tmp_time, PDB_SET); } str = tldap_talloc_single_attribute(entry, displayName, -- Samba Shared Repository
Build status as of Tue Jul 14 00:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-07-13 00:00:46.0 + +++ /home/build/master/cache/broken_results.txt 2009-07-14 00:01:04.0 + @@ -1,22 +1,22 @@ -Build status as of Mon Jul 13 00:00:02 2009 +Build status as of Tue Jul 14 00:00:02 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 33 7 0 +ccache 32 7 0 distcc 0 0 0 ldb 33 33 0 libreplace 32 13 0 lorikeet 0 0 0 pidl 23 2 0 ppp 14 0 0 -rsync33 11 0 +rsync32 11 0 samba-docs 0 0 0 samba-web0 0 0 samba_3_current 30 16 0 -samba_3_master 32 27 4 +samba_3_master 32 26 5 samba_3_next 32 29 1 -samba_4_0_test 32 29 12 -talloc 32 33 0 +samba_4_0_test 32 29 11 +talloc 33 33 0 tdb 31 31 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-324-gb25e3b6
The branch, master has been updated via b25e3b6c8a7a1dd31607dd344e6e767716dd645d (commit) from e4fca7466d3bc064587638560572813e62df00d8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b25e3b6c8a7a1dd31607dd344e6e767716dd645d Author: Jeremy Allison j...@samba.org Date: Mon Jul 13 17:17:37 2009 -0700 Fix set_posix_lock check which had been reversed in the recent changes. Jeremy. --- Summary of changes: source3/smbd/trans2.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 4dd0375..a862c14 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7277,7 +7277,7 @@ NTSTATUS smbd_do_setfilepathinfo(connection_struct *conn, case SMB_SET_POSIX_LOCK: { - if (fsp) { + if (!fsp) { return NT_STATUS_INVALID_LEVEL; } status = smb_set_posix_lock(conn, req, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-325-ge67de63
The branch, master has been updated via e67de63ba6c6de60400e7deb4664d259f6dfb638 (commit) from b25e3b6c8a7a1dd31607dd344e6e767716dd645d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e67de63ba6c6de60400e7deb4664d259f6dfb638 Author: Jeremy Allison j...@samba.org Date: Mon Jul 13 18:43:10 2009 -0700 Make cli_posix_lock/unlock asynchronous. Jeremy. --- Summary of changes: source3/client/client.c |4 +- source3/include/proto.h | 21 +++- source3/libsmb/clifile.c | 275 +++-- source3/torture/torture.c | 12 ++ 4 files changed, 248 insertions(+), 64 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/client/client.c b/source3/client/client.c index ed45f4e..6b273b4 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -2605,7 +2605,7 @@ static int cmd_lock(void) len = (uint64_t)strtol(buf, (char **)NULL, 16); - if (!cli_posix_lock(cli, fnum, start, len, true, lock_type)) { + if (!NT_STATUS_IS_OK(cli_posix_lock(cli, fnum, start, len, true, lock_type))) { d_printf(lock failed %d: %s\n, fnum, cli_errstr(cli)); } @@ -2639,7 +2639,7 @@ static int cmd_unlock(void) len = (uint64_t)strtol(buf, (char **)NULL, 16); - if (!cli_posix_unlock(cli, fnum, start, len)) { + if (!NT_STATUS_IS_OK(cli_posix_unlock(cli, fnum, start, len))) { d_printf(unlock failed %d: %s\n, fnum, cli_errstr(cli)); } diff --git a/source3/include/proto.h b/source3/include/proto.h index c0ce35a..7b3eaa0 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2516,11 +2516,26 @@ bool cli_unlock(struct cli_state *cli, uint16_t fnum, uint32_t offset, uint32_t bool cli_lock64(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len, int timeout, enum brl_type lock_type); bool cli_unlock64(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len); -bool cli_posix_lock(struct cli_state *cli, uint16_t fnum, +struct tevent_req *cli_posix_lock_send(TALLOC_CTX *mem_ctx, +struct event_context *ev, +struct cli_state *cli, +uint16_t fnum, +uint64_t offset, +uint64_t len, +bool wait_lock, +enum brl_type lock_type); +NTSTATUS cli_posix_lock_recv(struct tevent_req *req); +NTSTATUS cli_posix_lock(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len, bool wait_lock, enum brl_type lock_type); -bool cli_posix_unlock(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len); -bool cli_posix_getlock(struct cli_state *cli, uint16_t fnum, uint64_t *poffset, uint64_t *plen); +struct tevent_req *cli_posix_unlock_send(TALLOC_CTX *mem_ctx, +struct event_context *ev, +struct cli_state *cli, +uint16_t fnum, +uint64_t offset, +uint64_t len); +NTSTATUS cli_posix_unlock_recv(struct tevent_req *req); +NTSTATUS cli_posix_unlock(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_t len); struct tevent_req *cli_getattrE_send(TALLOC_CTX *mem_ctx, struct event_context *ev, struct cli_state *cli, diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index af67fcb..0e2b364 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -2857,103 +2857,260 @@ bool cli_unlock64(struct cli_state *cli, uint16_t fnum, uint64_t offset, uint64_ Get/unlock a POSIX lock on a file - internal function. / -static bool cli_posix_lock_internal(struct cli_state *cli, uint16_t fnum, - uint64_t offset, uint64_t len, bool wait_lock, enum brl_type lock_type) +struct posix_lock_state { +uint16_t setup; + uint8_t param[4]; +uint8_t data[POSIX_LOCK_DATA_SIZE]; +}; + +static void cli_posix_unlock_internal_done(struct tevent_req *subreq) { - unsigned int param_len = 4; - unsigned int data_len = POSIX_LOCK_DATA_SIZE; - uint16_t setup = TRANSACT2_SETFILEINFO; - char param[4]; - unsigned char data[POSIX_LOCK_DATA_SIZE]; - char *rparam=NULL, *rdata=NULL; - int saved_timeout = cli-timeout; + struct tevent_req *req = tevent_req_callback_data( +
Build status as of Tue Jul 14 04:30:45 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-07-13 18:01:04.0 -0600 +++ /home/build/master/cache/broken_results.txt 2009-07-13 22:30:48.0 -0600 @@ -1,16 +1,16 @@ -Build status as of Tue Jul 14 00:00:02 2009 +Build status as of Tue Jul 14 04:30:45 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 32 7 0 +ccache 33 7 0 distcc 0 0 0 ldb 33 33 0 libreplace 32 13 0 lorikeet 0 0 0 pidl 23 2 0 ppp 14 0 0 -rsync32 11 0 +rsync33 11 0 samba-docs 0 0 0 samba-web0 0 0 samba_3_current 30 16 0