[Samba] Does active directory support include policy support
Well, a rather odd subject, but I couldn't really express it differently. I would simply like to know if the active directory emulation of samba+openLDAP+kerberos or samba 3.0 includes support for policies. I have a bunch of XP clients that I need to set some restrictions on. But it seems the days of config.pol files are over, so i need active directory support on my PDC. Having read several articles on active directory, I still don't understand it fully, but articles about setting up active directory on a samba pdc mentioned only partial support for active directory(only some features supported). So before I start crashing our server with software and configuration, I would like to know if (group)policies are supported by active directory on samba. If this is the case, I'd also like to hear if anybody has a working setup of it, and maybe some links (I couldn't finde any) to howtos Lasse Riis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] WARNING: The printer driver locationoption is deprecated
Andre, Read Chapter 6 Printing Support in Samba 2.2.x in the Samba-HOWTO-Collection document which is in your source tree as a .pdf and a .html and on the Samba web site. PCC -Original Message- From: Andre Dieball [mailto:[EMAIL PROTECTED] Sent: Wednesday, 26 March, 2003 5:50 PM Hello After upgrade to 2.2.8-1 woody fom 2.2.7a I get (apart from other problems) the following error message: WARNING: The printer driver locationoption is deprecated As I use the Samba server only for printing, I'm not sure, what this means to me, as I have the follwoing in my smb.conf: printer driver file = /etc/samba/printers.def Any help is really appreciated. Thanks a lot in advance. Mit freundlichen Grüßen / Yours sincerely, Andre Dieball -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] no subject
Hello, iam looking for a way to splitt a printer job ( 200 pages) into many different jobs (2 or 3 Pages). Does anyone know a way to do this with samba or a other programm? Thanks in advance Philipp Hoeß __ Viren? Wir wissen nicht was Ihr Arzt empfiehlt. Wir empfehlen den Virencheck fur Ihre E-Mail-Anhange! http://freemail.web.de/features/?mc=021159 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] compile samba 2.2.8 on hpux11
did someone managed to build samba 2.2.8 on hpux11 with gcc 3.2 or gcc 2.95 I tried both and always get the make error: ld: No $UNWIND_END$ subspace has been defined (probably missing /usr/ccs/lib/crt0.o) *** Error exit code 1 I did ./configure --prefix=/opt/samba Regards Kai -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba reporting errors!
My syslog is constantly bombarded with these messages: Mar 27 07:15:35 fileserver1 smbd[70359]: [2003/03/27 07:15:35, 0] lib/util_sock.c:get_socket_addr(1012) Mar 27 07:15:35 fileserver1 smbd[70359]: getpeername failed. Error was Socket is not connected Mar 27 07:15:35 fileserver1 smbd[70359]: [2003/03/27 07:15:35, 0] lib/util_sock.c:write_socket_data(499) Mar 27 07:15:35 fileserver1 smbd[70359]: write_socket_data: write failure. Error = Broken pipe Mar 27 07:15:35 fileserver1 smbd[70359]: [2003/03/27 07:15:35, 0] lib/util_sock.c:write_socket(524) Mar 27 07:15:35 fileserver1 smbd[70359]: write_socket: Error writing 4 bytes to socket 12: ERRNO = Broken pipe Mar 27 07:15:35 fileserver1 smbd[70359]: [2003/03/27 07:15:35, 0] lib/util_sock.c:send_smb(704) Mar 27 07:15:35 fileserver1 smbd[70359]: Error writing 4 bytes to client. -1. (Broken pipe) I'm running Samba 2.2.8 without optimizations. #uname -a FreeBSD fileserver1.smartrafficenter.net 4.7-STABLE FreeBSD 4.7-STABLE #0: Mon Dec 16 19:41:03 EST 2002 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/FILESERVER1 i386 What do these message mean? How to I rid myself of them? Thanks, Kevin I'm desperately trying to figure out why kamikaze pilots wore helmets -- Dave Edison -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access to shares for authenticated domain users only
On Thu, 27 Mar 2003 07:11:55 +, Andrew wrote: While 'hacks' might be possible, shares are authenticated seperatly to the domain logon, and there is no linkage apart from the fact that the domain logon sets up the default username/pw pair. Fundementally, any restriction imposed by logon script/.pol files can be avoided - you must never trust the client to actually follow their directions... Thanks Andrew. Point taken. Where would you go for more info on this sort of security? In particular I'm trying to avoid unauthorised notebooks etc. connecting to the network and then disappearing off home with sensitive data from the server on their drives. I was thinking about using SSH, but it seems like a lot of work to set up a key for each user, and even then not foolproof. Any suggestions welcome. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] New Files in Samba
Hi. I've configured Samba to work as a dedicated file server, but when a user create a new file in the shared directory, only this user can os access this file. What should I do to change this? Thanks. Jaques Metz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help regarding Samba Server
On Wed, 2003-03-26 at 15:55, Abhijit Vaidya wrote: hi all, I am student at ASU and i wanted to know if I could use Samba to export some local file system like NFS via samba server. I am using Red Hat Linux 8 (kernel 2.4.18-14). If it is possible kindly let me know how i can do it. thanks, Abhijit you can do it by reading the manual at www.samba.org I don't recommend samba for unix to unix file sharing use NFS, AFS, or something else. brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] W2K DC as password server
All, I have recently begun a migration form NT 4.0 DCs to W2K DCs. Users have a home folder defined on Windows that lives on a samba server that now maps inconsistently when using the W2K server as the password server. Everything works as expected when I use an NT BDC as the password server. We have been using this configuration for a couple of years, upgrading samba several times, but have only seen this problem when using a W2K DC. Additionally, the problem does not occur during off-hours testing. I plan to test security = domain to see if it resolves this problem but was wondering if anyone has an explanation. Solaris 2.9 Samba 2.2.3a W2K Professional clients Thanks, Jim James D. Bonasera Lockheed Martin Corp. (610) 531-5873 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Auth Problems with 2.2.8 and Windows 2000
We managed to fix this yesterday by modifing the security to DOMAIN from SERVER -Original Message- From: Gilbert, Erric E - CIDS-2 [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 26, 2003 2:26 PM To: '[EMAIL PROTECTED]' Subject: [Samba] Auth Problems with 2.2.8 and Windows 2000 Hi Folks, We recently upgraded from 2.2.7 to 2.2.8 to fix the recently discovered bug in Samba. We are now getting intermittent log on failures from Win2K clients connecting to our Samba server (vitals below). Samba 2.2.8 is running on Solaris 2.8 with Kernel 108528-18 Our Samba security method is set to server and we pass along auth requests to an Win2K AD Domain Controller that has NT 4 compatibility enabled. We use 4 DC but for testing we have limited requests down to 1. All DCs give the same un-desirable results. The DC does not show a failure but the Samba server shows: error packet at smbd/reply.c(1025) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE Some dirs on the samba server have in excess of 3 - 5K of files (I am currently leaning on a timeout theory) The authentication does work almost 50% of the time. It isn't exact but it is very close. This may be a bit vague so if there are things I could describe further to help with a resolutoin, please let me know. Thanks, Erric -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I see my samba server but.............
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Mon, 24 Mar 2003 14:10:54 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] I see my samba server but. Message-ID: [EMAIL PROTECTED] Content-Type: multipart/mixed; Boundary=0__=85256CF3006D91FF8f9e8a93df938690918c85256CF3006D91FF MIME-Version: 1.0 Precedence: list Message: 1 --0__=85256CF3006D91FF8f9e8a93df938690918c85256CF3006D91FF Content-type: text/plain; charset=us-ascii Here I go guys! I've already changed the configuration of my sbm.conf, also I made my samba server to be configured as a windows domain, yes! it is found in my windows domain now but as doing double click on this machine (samba) it asks me for a user and passsword, it does not let me get into it, I have created the same samba users as windows, but without any results. I appreciate your help : (See attached file: samba1.jpg) And my samba config files is: Looks like it was a Mandrake 9.0 default config file until you crucified it with SWAT ;-). The best option for you may be winbind. If you have not got too much time invested in this machine, you may consider doing an installation in expert mode, where you can choose to have authentication via a Windows Domain (which sets up winbind). If not, you need to do this manually. 1)Install samba-winbind, either with software manager, or: # urpmi samba-winbind 2)Get a decent config file (backing up your current one) # cp /etc/samba/smb.conf /etc/samba/smb.conf.backup # cp /etc/samba/smb-winbind.conf /etc/samba/smb.conf 3)Edit the file with the text editor of your choice, spend 5 minutes reading it first, then change your workgroup name back as it was. 4)Join the domain # smbpasswd -j DOMAIN -U user with rights to join the machine to the domain 5)Start winbind # service winbind start 6)Test # wbinfo -u should list users # getent passwd should list users in the same format as the passwd file 7)Setup authentication via winbind (making a backup): # cp /etc/pam.d/system-auth /etc/pam.d/system-auth.backup # cp /etc/pam.d/system-auth-winbind /etc/pam.d/system-auth (everything up to here gets done for you if you choose Windows Domain for authentication during installation) 8)Login to X/KDE/GNOME/Mail server/console with your domain account There are some caveats, see http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf for more details in winbind setup in Mandrake. - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+gu7PrJK6UGDSBKcRAm4AAJ9XHU1bu+zaPbGW+2Y7hV5twozOvgCffYaN jvBO7j6tFeDIwRUu1r9yXZc= =z0p0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New Files in Samba
On Thu, 2003-03-27 at 08:31, Jaques Metz wrote: Hi. I've configured Samba to work as a dedicated file server, but when a user create a new file in the shared directory, only this user can os access this file. What should I do to change this? Thanks. Jaques Metz You'll want to look at the create mask (or create mode) options in that share. If you want rwx access for the creator and primary group, create mask would be 0770, if you want full access for everyone to have full access to the files, create mask would reflect 0777. Just make sure that your create mask corresponds with the linux/unix file permission structure. -- Eric Halverson [EMAIL PROTECTED] Doctors Care Health Services -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Groups in Samba w/LDAP and ACL
I have samba-2.2.8 with LDAP and ACL. When I open the ACL in WinXP how do I add another group? Which attributes does Samba uses to search for groups? Thanks Jean-Rene Cormier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] New Files in Samba
Hello, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Halverson Sent: Thursday, March 27, 2003 9:37 AM To: Jaques Metz Cc: Samba List Subject: Re: [Samba] New Files in Samba On Thu, 2003-03-27 at 08:31, Jaques Metz wrote: Hi. I've configured Samba to work as a dedicated file server, but when a user create a new file in the shared directory, only this user can os access this file. What should I do to change this? Thanks. Jaques Metz The answer is simple... Let's say that you have a partition labeled share and inside it are a number of directories that you are sharing... cd in to the share partition... Then run this command... chmod -R g+s * What that will do is cause all files folders and sub-directories to be created with the same group ownership as group user that access and creates such files and folders. What you will end up with is the following when running a ls -l : [EMAIL PROTECTED] share]# ls -l total 84 drwxrwsrwx3 root account 4096 Jan 9 10:57 account drwxrws--- 29 root cad 4096 Mar 26 18:26 cad drwxr-x---5 root root 4096 Jan 20 11:13 configurations drwxrws--- 26 root docs 4096 Mar 25 12:11 docs drwxrws--- 31 root inspect 4096 Mar 27 07:07 inspect drwxrws---3 root jboss4096 Mar 27 09:43 jobboss drwxrws---2 root laser4096 Mar 27 10:09 laser drwxr-x---2 root root 4096 Mar 21 08:58 logfiles drwxrwS---2 root root16384 Jul 16 2002 lost+found drwxrws---3 root mail 4096 Jan 22 14:05 mail drwxrws--- 12 root mill 4096 Mar 27 10:08 mill drwxrws--- 18 root dmusers 4096 Mar 24 13:55 profiles drwxrws--- 27 root public 4096 Mar 26 16:02 public drwxrws--- 14 radkins purchasi 8192 Mar 27 10:00 purchasing drwxrws---9 dgillesp qsman4096 Mar 3 11:59 qs9000 drwxrws---2 root quotes 4096 Dec 5 10:33 quotes drwxrws---2 root shipping 4096 Feb 22 09:06 shipping If you know how the above output is read... The first listing shows what the files or directories are. The first group of 3 after the 'd' (which designates directory), refers to a user account, which in the case of most of the directories is root. The second group of 3 characters refers to the group, which can easily be seen above. The final group of 3 refers to world (meaning EVERYONE on the system) rights. If you are looking to fully utilize user and group security rights, then the final set of three should be --- like they are above. In the case of the second set of 3, the 's' denotes that all files and folders created within those directories will have the same group ownership rights attached to them. With this you can create a number of nested group/user rights. You'll want to look at the create mask (or create mode) options in that share. If you want rwx access for the creator and primary group, create mask would be 0770, if you want full access for everyone to have full access to the files, create mask would reflect 0777. Just make sure that your create mask corresponds with the linux/unix file permission structure. For the LOVE OF GOD, please refrain from using the number method when running chmod. You will have stricter control and actually KNOW what rights you are handing out to the various users and groups on your system when using the alpha character method. For example; chmod ug+rw some_text_file.txt Will put User u and Group g read r and write w rights onto the file. This will allow the user that has his or her username listed as the owner of the file as well as any members of the group that are listed on the file. For the World rights use o. To add such rights use a + sign in between the ugo (User, Group, World) and the rwx (Read, Write, Executable) and the - sign to take them away. If you have a group called Accounting that needs access to a directory then use the following command... chown root:Accounting directory_name Then change the rwx rights to allow the group Accounting to use the directory and files within. Then you can run whatever group ownership rights you want on that directory and all Accounting group members will have access to the files within. These two commands, chmod and chown, are likely the most important UNIX/Linux commands that you could ever possibly learn. -- Eric Halverson [EMAIL PROTECTED] Doctors Care Health Services Regards, Robert Adkins II IT Manager/Buyer Impel Industries, Inc. 586-254-5800 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't join domain wrong password
On Tue, 2003-03-25 at 21:29, Greg Miller wrote: Guest account meaning an account named guest added to the smbpasswd? Yes I have. It is not assigned a password. Should it have one? I don't think it needs a password - you just need to tell samba to use that user as the guest user guest account = should be something like guest account = nobody Could you explain you have some unusual valid users statements...? valid users = @family valid users = %S (I don't know off hand what that does...) i find it hard to read the output of testparm (too much to sift through) brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.8 - can't view or change permissions from NT clients
We were using 2.0.6 on a SunOS 5.6 server, using domain security in an NT domain, and have upgraded to 2.2.8 for the security fix. Now, when the file permissions are displayed on an NT client, ACL's are only shown for user/group/other if there are R,W, or X permissions. If u, g, or o have no rights, the ACL is not displayed for them. Example, in 2.0.6, with a file with r--r- permissions (440), the NT permissions display would have an ACL for the owner with R permissions, an ACL for the group with R permissions, and the Everyone group would show as O for no permissions. In 2.2.8 with the same file, the NT permissions dialog only shows an ACL line for the owner, and an ACL line for the group, but NO ACL line for Everyone since they have no permissions If a file had r permissions, there won't be an ACL line for the group either. In addition, we can't Add an ACL for the ones not displayed - In other words, in the first example, we couldn't Add the Everyone group with R prrmissions to give world read. Is this normal behavior in 2.2.8, or should we see the same displays as before? How can we get the displays to show as before, or what might we have missed? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access to shares for authenticated domain users only
I believe this works OK with an NT PDC as one can restrict share users to, as an example, members of the Domain Users group, but this group is not available in Samba 2.2.x. Maybe 3.0 will help. I suppose, as one hack, you could use a root preexec and a root postexec to add and remove users to a particular group as they log on and off and then use this group to define the valid users of the share. On Thu, 2003-03-27 at 00:31, Kevin wrote: I am running several samba servers (2.2.3a and 2.2.7) in various places as pdcs. Everything seems to be running smoothly, but I can't find any way of restricting access to only those uses who have logged on to the domain. Is this possible? ie at the moment, any user can map a drive to \\server\share, put in a valid user/password pair and have access to that share without going through any logon script or pol files. This is what I would like to avoid. I believe that if I can do this, it would also stop any unauthorised machines from accessing the shares, as these machines would not be joined to the domain. Is this sort of authorisation possible? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT problem
dear all, I am able to run the GUI SWAT in my host (RedHat8.0) and other elements in the network(of different os) when the connection to internet is available. But the swat is not accessible when the internet connection is not available ( work offline). Can somebody suggest a solution? SathyaStudent-India Catch all the cricket action. Download Yahoo! Score tracker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem Joining a domain
Hi, I've a NT 4 SP6 PDC, i want to join this domain with a Linux Samba server (version 2.2.3a) Here is the GLOBAL of smb.conf: == [global] workgroup = RESSAC netbios name = GABARE server string = Frontal pages Web - Samba Server log file = /var/log/samba/log.%m max log size = 50 log level = 3 hosts allow = 193.55.236. 127. security = domain encrypt passwords = true password server = FREGATE remote announce = 193.55.236.255 dns proxy = no === GABARE is well create on FREGATE as station server Trying to join, i receive this message : === [EMAIL PROTECTED] root]# smbpasswd -j RESSAC -D4 added interface ip=193.55.236.130 bcast=193.55.236.255 nmask=255.255.255.0 resolve_lmhosts: Attempting lmhosts lookup for name FREGATE0x20 getlmhostsent: lmhost entry: 193.55.236.54 FREGATE Connecting to 193.55.236.54 at port 445 error connecting to 193.55.236.54:445 (Connection refused) Connecting to 193.55.236.54 at port 139 resolve_lmhosts: Attempting lmhosts lookup for name FREGATE0x20 getlmhostsent: lmhost entry: 193.55.236.54 FREGATE Connecting to 193.55.236.54 at port 445 error connecting to 193.55.236.54:445 (Connection refused) Connecting to 193.55.236.54 at port 139 cli_net_req_chal: LSA Request Challenge from FREGATE to GABARE: F41A0E3EFDE773C6 cred_session_key cred_create cli_net_auth2: srv:\\FREGATE acct:GABARE$ sc:2 mc: GABARE chal BCC467572BFF5E20 neg: 1ff cli_net_auth2: Error NT_STATUS_ACCESS_DENIED cli_nt_setup_creds: auth2 challenge failed modify_trust_password: unable to setup the PDC credentials to machine FREGATE. Error was : NT_STATUS_ACCESS_DENIED. 2003/03/27 17:50:30 : change_trust_account_password: Failed to change password for domain RESSAC. Unable to join domain RESSAC. === Why does it try to access 445 port? It seems to be a W2000 name service? Any idea? - __ www.eeigm.inpl-nancy.fr __ EEIGM - 6 rue Bastien LEPAGE - 54000 NANCY - FRANCE Phone +33.383.36.83.27 Fax +33.383.36.83.36 _ - This mail sent through IMP: http://horde.org/imp/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SWAT problem
Do you have the option Work Offline selected in internet explorer? If so this will prevent you from accessing ANY website other than one hosted locally on that system. Un check it and try accessing swat again. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sathya kuppa Sent: Thursday, March 27, 2003 11:53 AM To: [EMAIL PROTECTED] Subject: [Samba] SWAT problem dear all, I am able to run the GUI SWAT in my host (RedHat8.0) and other elements in the network(of different os) when the connection to internet is available. But the swat is not accessible when the internet connection is not available ( work offline). Can somebody suggest a solution? Sathya Student-India Catch all the cricket action. Download Yahoo! Score tracker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Doing a node status request to the domain master browser
Dear samba users, i'm getting the following message: Doing a node status request to the domain master browser at IP XXX.XXX.XXX.XXX failed. my assumption is that this computer wants to become the domain master or already has. am i off base in thinking this? thank you. --dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with xcopy /d samba
A problem has arisen with the way samba handles file creation dates compared to NT/win2k, which prevents xcopy /d from working correctly. On NT/Win2k, files copied from another NT machine using xcopy end up with the modified dates equal to the original modified date of the file, and the created and accessed dates become the date of the xcopy operation. On Samba, files copied from an NT machine using xcopy end up with created modified dates equal to the original modified date of the file, and the accessed date becomes the date of the xcopy operation. Dates are as reported from a windows NT client in both cases. The problem is that xcopy /d will NOT work as expected when attempting to use it to only copy newer files from NT to samba. Instead XCOPY /D will copy *all* files. This is a problem as we hope to migrate a large # of files from NT to samba and minimize downtime by using xcopy /d to refresh any modified files. In this case we will use a tape backup/restore to handle the modified files, but it would be nice to know if xcopy can be made to work with samba in this way? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, Systems Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New Files in Samba
On Thu, 2003-03-27 at 10:31, Jaques Metz wrote: Hi. I've configured Samba to work as a dedicated file server, but when a user create a new file in the shared directory, only this user can os access this file. What should I do to change this? Thanks. Jaques Metz Add in your share: force create mode = 777 force directory mode = 777 [ ]'s Tiago Cruz Org. King de Contab. S/C Ltda. www.linuxrapido.kit.net Linux User #282636 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.8 Upgrade, joining domain
Just posting an experience I had last weekend upgrading a Samba server (member server of NT4 domain) from 2.2.5 to 2.2.8... I noticed that the join domain command doesn't seem to work anymore using the IP address of the PDC. I used to use the following command: #smbpasswd -j DOMAIN -r PDC-IP -U Domain Admin Username With 2.2.8 it wouldn't work until I used this: #smbpasswd -j DOMAIN -r PDC-NETBIOS-NAME -U Domain Admin Username Also, I added -D 4 to the end, which gives a nice smattering of debug info. Great stuff if you're having trouble joining a domain. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE:Subject: [Samba] I see my samba server but.............
Well first problem I see is you editied your sbm.conf...Should be smb.conf ;-) Can you access it as root? Id start by making sure the permissions are correct. And that the Sharename in smb.conf matches the folder name on the server and that the path is correct. -- Date: Mon, 24 Mar 2003 14:10:54 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] I see my samba server but. Message-ID: [EMAIL PROTECTED] Content-Type: multipart/mixed; Boundary=0__=85256CF3006D91FF8f9e8a93df938690918c85256CF3006D91FF MIME-Version: 1.0 Precedence: list Message: 1 --0__=85256CF3006D91FF8f9e8a93df938690918c85256CF3006D91FF Content-type: text/plain; charset=us-ascii Here I go guys! I've already changed the configuration of my sbm.conf, also I made my samba server to be configured as a windows domain, yes! it is found in my windows domain now but as doing double click on this machine (samba) it asks me for a user and passsword, it does not let me get into it, I have created the same samba users as windows, but without any results. I appreciate your help : (See attached file: samba1.jpg) And my samba config files is: |--- | | | | # Samba config file created using SWAT | SNIP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: WinXP Pro passwords
Problem description When changing the password of an existing user or adding a new user they can not logon from a WinXP Pro machine. Existing users can logon OK from WinXP Pro and Win98. New users, and those with password changed, can logon from a Win98 machine (smbclient server_name\\share_name -U user_name works OK). I have started an stopped samba but it makes no difference. Just to let everyone know I have found a work around to my problem. It may help others. 1on the server set the sampasswd to a blank (use smbpasswrd) 2create an account on the local (WinXP Pro) machine and log on as the user you need to change 3Ctrl-Alt-Del and select change pasword 4set Log on to to the domain (Not the local machine) 5change the password (use blank for old password ) 6log off and then log on to the domain cherz Keith -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 2.2: workgroup browsing question
I looked in the archives and docs over and over again. I am sure I am missing something simple. I have several SunOS 5.8 systems in a workgroup - one Sun is a wins server and the others point to it. On my windows xp system, I can see the Sun workgroup and many others. I can drill down into the other workgroups, but not the Sun one - can't open it at all - not even to see the servers. What am I missing? Yes, I am going to upgrade samba, but this seems like a much more basic issue than a samba version issue. :) Brian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.8 is failing on change machine account password
I've noticed that a few systems that I've upgraded to Samba 2.2.8 are not able to change the machine account password. I have security = domain and I am seeing entries like this in the log. [2003/03/27 14:22:23, 1, pid=10302] smbd/service.c:(636) le21pai-1 (47.142.162.19) connect to service export as user wcitiadm (uid=201361, gid=4785) (pid 10302) [2003/03/27 14:22:24, 0, pid=10302] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/03/27 14:22:24, 0, pid=10302] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/03/27 14:22:24, 0, pid=10302] rpc_client/cli_trust.c:(46) domain_client_validate: unable to fetch domain sid. [2003/03/27 14:22:24, 0, pid=10302] rpc_client/cli_trust.c:(248) 2003/03/27 14:22:24 : change_trust_account_password: Failed to change password for domain AMERICASE. I've tried to debug this without much success. Any assistance in debugging this or resolving this would be appreciated. I am still able to access my shares but the machine account password is not changing as it should. -- Eric M. Boehm /\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I see my samba server but.............
Muchas Gracias Buchan Milne fro you help I´ll do that Thank You! Manuel Casoluengo Villanueva Network Administrator Mexico Coty Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Printing NT to Linux printer problem
If you are trying to add a printer share using the add printer wizard, it takes a little work. If you want APW, you need to define an add printer command, and that command will need to modify your smb.conf to add the print share depending on the input received from the wizard prompts. Details are in man smb.conf. But seems since you have a [printers] section, your printer shares should be automatically generated from whatever cups's equivalent to printcap is, and you just need to upload windows drivers for it. Is the printer defined to cups? If not, that's your first step. Also, cups has a cupsaddsmb (or something like that) command, which is another method of installing windows print drivers. If you have the printer share working, just no windows drivers associated with it, check out the Samba-HOWTO-Collection available from samba.org documentation, there's a thorough section about print and uploading the drivers there. Good luck ~ Daniel On Wednesday, March 26, 2003 11:39 PM John wrote: Using SuSE V8.0 Samba 2.2.7a on a small network I have a Lexmark laser printer attached to the Linux PC, using Cups 1.1.15. I was able to print from Linux OK, and some months ago had setup the Win NT PC to print across the network to the laser. So all was well. Recently I had a couple of problems with the NT machine (the usual BSOD's etc) also had a couple of problems with the SuSE PC and still feeling my way as newbie I took a while to get things going again, that is with the exception of printing from the NT PC. I have been back through the documents and run through the 11 tests in diagnosis.txt and the setup checks out OK between the two machines. The following is my smb.conf # Global parameters [global] workgroup = HOME netbios name = PENGUIN interfaces = eth0 encrypt passwords = Yes update encrypted = Yes map to guest = Bad User printcap name = cups load printers = yes preferred master = Yes wins server = 192.168.0.1 printer admin = @ntadmin, root,john hosts allow = 192.168.0.0/255.255.255.0 127.0.0.1 printing = cups veto files = /*.eml/*.nws/riched20.dll/*.{*}/ [public] comment = public path = /home/public read only = No guest ok = Yes [print$] comment = printer drivers path = /etc/samba/drivers write list = @ntadmin, root,john browseable = yes guest ok = no read only = yes [printers] comment = All printers path = /var/spool/samba printer admin = root, @ntadmin, john guest ok = Yes printable = Yes browseable = No public = yes writable = no On the NT Pc (NT$ sp6a) I can use windows explorer, browse to Penguin (linux pc) see the shares and the printer. When I attempt to add the printer I can proceed through selecting the port, printer model etc but as soon as I select finish I get access denied. I have tried this logged in as administrator, and as a super user..no difference. I would appreciate any advice on how to sort this out. Thanks, John This email has been pre-scanned using the latest Anti Virus software for your peace of mind. Please remember to maintain your own anti virus up to date with the latest reference files. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] A WIN95 machine list the shares but 98/win2k not
Why this conf dont work? A WIN95 machine list the shares but 98/win2k not [EMAIL PROTECTED] init.d]# smbclient -L //linus U% added interface ip=200.168.58.231 bcast=200.168.58.255 nmask=255.255.255.192 added interface ip=192.168.4.1 bcast=192.168.4.255 nmask=255.255.255.0 wins_srv_died(): Could not mark WINS server 127.0.0.1 down. Address not found in server list. session request to LINUS failed (Not listening for calling name) wins_srv_died(): Could not mark WINS server 127.0.0.1 down. Address not found in server list. session request to *SMBSERVER failed (Not listening for calling name) [EMAIL PROTECTED] init.d]# # Global parameters [global] workgroup = ADVOCACIA netbios name = LINUS server string = Samba Server security = share encrypt passwords = yes log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins hosts socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon path = \\%N\profiles\%u logon home = \\LINUS\%u os level = 64 preferred master = yes local master = No domain master = no dns proxy = No wins support = yes printing = lprng unix password sync = no map to guest = never password level = 0 null passwords = no dead time = 0 debug level = 0 load printers = yes domain logons = no allow hosts = 192.168.4.0/ 255.255.255.0, 127.0.0.1 [netlogon] path = /usr/local/samba/lib/netlogon browseable = No available = yes [homes] comment = Home Directories read only = No browseable = no available = yes public = no writable = no only user = no [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No Franco Catena http://www.surson.com.br tel 011-44374040 cel:78535362 NEXTEL: 55*26006*1 MSN: [EMAIL PROTECTED] ICQ: 24755602 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.0.6 (MingW32) Comment: For info see http://www.gnupg.org mQGiBD5fPr8RBAC4GydYCddbpvUo2g8xInqq8mJf4wIx0a1rX1cgNVX4Mx62kMXR fKDB9wjCUrj73xdJDtwTD778LABwuF9hTK0WjrxGCFhZ1Vk1nwM8wrNAO6m98HVF /gsb2ZrWp2LFsxUQsV2RfZXYax6xCI1czx5i+oPIz8z0eqSr5cpwwgGGAwCggeyg IhuYbgFxKZYpONfIus3c6j8EAI3JIz026gcbMRyD7jeAAi8e+Brh1rifrtXmXbxr /TQh1+biwIpA/HEPzgRZGkGzjhZdVd9Oxkgp6Zq3XKV9XpHnoucq/dvWTYaMm0pi pD85VNkROD2F/9owcFWKPWDYem/ipmyfhKgQ2nnUIrD9eHGxrxGBYW76Xx1htIoF 8GqlA/0XAXR0hopoVxgTEuLPOWT7MktY2f6vtvNG7pp1b0HzbLU7PRWNgCv8DRdG E7o1ewuT7KjiLbsTlmtI2Tw+BIWd8dWdcGkHl75DCdr/jyONkJvD6vPga98P36Nn H9/LJpf3kpaHud9K27ThpTWVCMuVyWXwK77RdNM56wHBJpMFurQhZmFjYXRlbmEg PGZhY2F0ZW5hQHN1cnNvbi5jb20uYnI+iF0EExECAB0FAj5fPr8FCQGUvIAFCwcK AwQDFQMCAxYCAQIXgAAKCRAH3evru7lBCyw4AJ9YMfqtOt26h9h/7W1Mm9Ga9/d3 oQCeKXBdahSPvEv+egRCYbcx5hLqAYi5AY0EPl8+3hAGAJu+Ezr636haP3Vjfgsh EnYX7s/yNSyNUkdcGjEC6dNKmlAZ8U5Tc3DD1vnkBEcSVjg2lrMSVADGZBCXuIEC keI/wbQWFQIKfPIZx0kJnW+np+tmTxZ/LoKV7gVqNW9hIKE5UWC8bzoH3EvtBRR8 LVLNADZUuhn17Wta0wJ+L+vB3Qa6DzwdSE98qCrsUWyCbC9JUdWjxKNH9X5H8Jl/ mXZOFprSeEs7k9P5XeNyv0lVVqVtDBA004KVAXHRvNSPvwADBQX/YMbUCZ8fVc6F xPKyBnBYNvRNlxbL+NyFzUGvTO/u+CTeJrvE/3O1Ax9AfXRjXdWgZ7mqhJAEAqWN ACE3g0Y4gFfMhSfgMYt9lmcNBUrk58h1kW2kYakEpOZlk3klO9HvKTmIYYyyu3vc Da0q+ALmATihlY8duAKUw/U1HV8P5JZ8LAjiaKpJQAj2XrH+WZ5YDi22zJ7M94zi CRBci5YCnAHmdfbKIyDXdCtLK2D0ouFt9+ahoxdioSrIBr34WauliEwEGBECAAwF Aj5fPt4FCQGUvIAACgkQB93r67u5QQvImQCfdARi8DpWjBCcZW9E6rfA8wTWK/gA n3kZ/R2hS/Kk7KLtvIOQ8Cd5y2UD =ry0w -END PGP PUBLIC KEY BLOCK- -Mensagem original- De: Amir Mostafa Saleh [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 27 de março de 2003 09:00 Para: FRANCO Assunto: Testes com o Winbind Caro Franco, Ontem à noite eu fiz os testes com o Winbind, conforme tinha dito. Usei um servidor Windows 2000 SP2 e um Red Hat 8. Funcionou muito bem. Eu integrei os usuários do Active Directory no Linux, e fiz testes de logon no console do Linux e de logon via telnet utilizando os usuários e senhas do AD. Que tipo de problema você enfrentou exatamente? []'s Amir Mostafa Saleh Vento Solar Sistemas de Informação [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.465 / Virus Database: 263 - Release Date: 25/3/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.465 / Virus Database: 263 - Release Date: 25/3/2003 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cannot see any files in samba shares
I have now tried version 2.2.7a, as well as 2.2.8 on a different Solaris 8 machine. They both have the same problems. What am I doing wrong? I have searched everywhere for an answer. I have seen several posts about this problem, but no one has had an answer yet. Permissions are 777 at this time on this folder, and still it does not work. Please help! Matt Yahna [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have installed Samba 2.2.8 on a Solaris 8 machine. My compile options were as follows: ./configure --with-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-smbwrapper --with-syslog My smb.conf is as follows: [global] workgroup = Our NT Domain netbios name = MOJO server string = Samba Server v. 2.2.8 security = DOMAIN encrypt passwords = Yes password server = * log level = 2 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE preferred master = No local master = No domain master = No dns proxy = No wins server = 10.40.5.1 hide dot files = No [tmp] comment = Temporary Files path = /tmp The server runs, I have run everything in DIAGNOSTIC.txt with no problems except that running smbclient //mojo/tmp gets me connected to the server, but there are no files through Samba (there are files in this directory). Using a Windows 2000 box, I can open \\mojo\tmp, it asks for a username and password, and it connects. However, there are no files listed. I am able to create files in this directory via windows, but can't see them. Any help would be much appreciated. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RES: RES: [Samba] Re: Winbind broken after 2.2.8 upgrade
I did it more then 12 times... I have a lot of problems with winbind and NEVER I did receive a answer... Sorry if I have a poore english: I hve 3 installations with problems... I never saw this I think that Im not a god SAMBA Administrator but I did read all the doc I dont have any troubles with other soft, but with samba ehehehehehe I did send e-mails to the lis in : 11/3. 12/3, 16/3, 18/3, 19, 20, 25, 27 with the same questions If you want, please check it and will see if Im joking... Im 42 years old. FIRST INSTALATION: Can yoiu help m? [EMAIL PROTECTED] /etc]# smbpasswd -j surson -r cleo -U Administrator Password: Joined domain SURSON. [EMAIL PROTECTED] /etc]# [EMAIL PROTECTED] /etc]# smbclient //firewall/PUBLICO -UAdministrator added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 Got a positive name query response from 192.168.1.2 ( 192.168.1.1 ) Password: session setup failed: NT_STATUS_LOGON_FAILURE When I try \\firewall\PUBLICO in the NT I receive a BOX to type USER and PASSWD Joe log.cleo [2003/03/25 04:38:27, 0] smbd/password.c:connect_to_domain_password_server(1307) connect_to_domain_password_server: machine CLEO rejected the tconX on the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. [2003/03/25 04:38:27, 0] smbd/password.c:domain_client_validate(1554) domain_client_validate: Domain password server not available. [2003/03/25 04:38:27, 1] smbd/password.c:pass_check_smb(555) Couldn't find user 'surson+administrator' in passdb. [2003/03/25 04:38:27, 1] smbd/password.c:pass_check_smb(555) Couldn't find user 'surson+administrator' in passdb. [2003/03/25 04:38:27, 1] smbd/reply.c:reply_sesssetup_and_X(988) Rejecting user 'surson+administrator': authentication failed [2003/03/25 04:38:27, 0] smbd/password.c:connect_to_domain_password_server(1307) connect_to_domain_password_server: machine CLEO rejected the tconX on the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. [2003/03/25 04:38:27, 0] smbd/password.c:domain_client_validate(1554) domain_client_validate: Domain password server not available. Joe.firewall IW log.firewall Row 1Col 14:57F1 for help [2003/03/25 04:37:32, 0] smbd/password.c:connect_to_domain_password_server(1307) connect_to_domain_password_server: machine CLEO rejected the tconX on the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. [2003/03/25 04:37:32, 0] smbd/password.c:domain_client_validate(1554) domain_client_validate: Domain password server not available. [2003/03/25 04:37:32, 1] smbd/password.c:pass_check_smb(555) Couldn't find user 'surson+administrator' in passdb. [2003/03/25 04:37:32, 1] smbd/password.c:pass_check_smb(555) Couldn't find user 'surson+administrator' in passdb. [2003/03/25 04:37:32, 1] smbd/reply.c:reply_sesssetup_and_X(988) Rejecting user 'surson+administrator': authentication failed Etc/smbusers # Unix_name = SMB_name1 SMB_name2 ... root = administrator admin nobody = guest pcguest smbguest Etc/smbpasswd root:0:CHANGED BY ME:[UX ]:LCT-3E7AEA06: Administrator:1CHANGED BY MEe:[UX ]:LCT-3E7FED90: catena:500:CHANGED BY ME:[UX ]:LCT-3 Etc/passwd Administrator:x:10032:10033::/home/Administrator:/dev/null danilo:x:10033:10033::/home/danilo:/dev/null Etc/pwdb.conf # # This is the configuration file for the pwdb library # user: unix+shadow nis+unix+shadow group: unix+shadow nis+unix+shadow etc/Pam.d/samba auth required/lib/security/pam_unix.so nullok shadow accountrequired/lib/security/pam_unix.so #authrequired/lib/security/pam_securetty.so #authrequired/lib/security/pam_nologin.so #authsufficient /lib/security/pam_winbind.so #authrequired/lib/security/pam_pwdb.so use_first_pass shadow #account required/lib/security/pam_winbind.so SMB.conf [global] workgroup = SURSON server string = Server FIREWALL usando Samba interfaces = 192.168.1.1/24 bind interfaces only = Yes security = DOMAIN encrypt passwords = Yes password server = cleo password level = 8 username level = 8 log level = 1 log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins hosts lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 0 preferred master = False local master = No domain master = False wins server = 192.168.1.2 winbind uid = 1-2 winbind gid = 1-2 template homedir = /home/winnt/%D/%U template shell = /bin/bash winbind separator = + winbind cache time = 10 hosts allow = 192.168.1. 192.168.2. 127. printing = lprng [homes]
[Samba] Help with password changing problem
I am having an issue changing local unix passwords - when I attempt to change my root password, I get this error: [EMAIL PROTECTED]: passwd Supported configurations for passwd management are as follows: passwd: files passwd: files ldap passwd: files nis passwd: files nisplus passwd: compat passwd: compat AND passwd_compat: nisplus [EMAIL PROTECTED]: passwd root Supported configurations for passwd management are as follows: passwd: files passwd: files ldap passwd: files nis passwd: files nisplus passwd: compat passwd: compat AND passwd_compat: nisplus my nsswitch.conf reads: passwd: files winbind if i remove winbind from nsswitch.conf, it works. help! thanks Jenn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] getent displays incomplete lists of groups on Solaris 8
Greetings, I have installed the samba 2.2.8 binary package under Solaris 8 and followed the HOWTO in order to get winbind working. My samba server is participating in an NT 4.0 domain which contains 2000 users and 250 Domain groups. On the samba server, I can issue a wbinfo -g and see a complete list of my domain groups. However, when I issue a getent group, the last group I see is the one listed immediately before the Domain Users group. If I add a new group to the domain, it will appear when using getent group as long as its name falls before the name Domain Users in the alphabet. This problem does not occur with users, issuing getent passwd displays a complete list of all users. I have installed samba 2.2.8 on a RedHat Linux 8.0 server, joined it to this same NT domain and have experienced no problems. getent group works as it should under Linux. I suspect that Solaris is having a problem enumerating the Domain Users group because it is the one group in the domain in which everyone is a member. Is there some limit in Solaris in regards to the number of users which may be in a group ? Has anyone else experienced this type of behavior in a Solaris 8 environment ? I have experienced this on two different Solaris servers, one on which I installed the samba binary package, and the other where I compiled samba from the source code. Any suggestions, or advice appreciated. Thanks Chris Hanrahan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
-- ** T Balamurugan, Systems Administrator, AU-KBC Research Centre, MIT Campus of Anna University, Chromepet,Chennai-600044, Tamilnadu, India. Tel: +91 44 22234885, 22232711 (O); +91 4112 231980 (R); Fax: +91 44 22231034; e-mail: [EMAIL PROTECTED]; -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RES: RES: [Samba] Re: Winbind broken after 2.2.8 upgrade
On Fri, 2003-03-28 at 09:46, FRANCO wrote: I did it more then 12 times... I have a lot of problems with winbind and NEVER I did receive a answer... Sorry if I have a poore english: There are a number of documents on 'how to get questions answered' around on the net. In particular, just repeating the question, or complaining that your question isn't answered just gets people frustrated. Instead, show that you have tried to solve the problem yourself. For example, if you have downgraded back to 2.2.7, and the problem 'went away', then this needs to be made clear. If you didn't, how can you claim it's a bug in 2.2.8? I hve 3 installations with problems... I never saw this I think that Im not a god SAMBA Administrator but I did read all the doc I dont have any troubles with other soft, but with samba ehehehehehe Samba is a complex peice of software. It's interactions with (often separately maintained) Windows DCs is particularly complex. If it doesn't occur on all your DCs, then you should look at what is different. This information should be present when you contact the list. I did send e-mails to the lis in : 11/3. 12/3, 16/3, 18/3, 19, 20, 25, 27 with the same questions If you want, please check it and will see if Im joking... Im 42 years old. FIRST INSTALATION: Can yoiu help m? [EMAIL PROTECTED] /etc]# smbpasswd -j surson -r cleo -U Administrator Password: Joined domain SURSON. [EMAIL PROTECTED] /etc]# [EMAIL PROTECTED] /etc]# smbclient //firewall/PUBLICO -UAdministrator added interface ip=192.168.1.1 bcast=192.168.1.255 nmask=255.255.255.0 Got a positive name query response from 192.168.1.2 ( 192.168.1.1 ) Password: session setup failed: NT_STATUS_LOGON_FAILURE When I try \\firewall\PUBLICO in the NT I receive a BOX to type USER and PASSWD Joe log.cleo [2003/03/25 04:38:27, 0] smbd/password.c:connect_to_domain_password_server(1307) connect_to_domain_password_server: machine CLEO rejected the tconX on the IPC$ share. Error was : NT_STATUS_ACCESS_DENIED. [2003/03/25 04:38:27, 0] smbd/password.c:domain_client_validate(1554) domain_client_validate: Domain password server not available. [2003/03/25 This looks like an issue with your PDC, not with Samba. Your PDC is has 'restrict anonymous = 2' set. The two options are to set a username for Samba to use (wbinfo -Auser%pass), or to disable it. However, setting this only really works for Samba 3.0 - for 2.2 you really can't run with this set. If you already have a username/pw set (by wbinfo -A), then I would suspect that you have SMB signing required, on a 'fixed' DC (MS did not used to enforce this). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba/ms terminal server problem
Hello, i have a problem with samba (2.2.6) and microsoft terminal server (Windows 2000 Server, SP3) .only one user, who is working on the microsoft terminal server, can work with the samba share TEST when another terminal server user connect to the samba share TEST, the other user will be disconnected this problem is only at the microsoft terminal server user of workstations can work without problems thanks Christoph Glanner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Maximum characters for valid users = ?
On Fri, 2003-03-28 at 05:07, Tom Dickson wrote: We have winbind running on our server, so all of our usernames look like MIXEDDOMAIN+User Name, and because of the spaces in the names, we wrap all of them with MIXEDDOMAIN+User Name . One share has many users, so the valid users = list becomes long (over 1024 characters). Yes, in Samba 2.2 there is a static buffer here, of 1024 chars. Testparm gives this error: ERROR: string overflow by 34 in safe_strcpy [ @MIXEDDOMAIN+Cert Publishers @MIXEDDOMAIN] Whenever we get that error, there is difficulty connecting from the windows clients. If I remove about 50 characters worth of names, it goes away and everything works right (for the names left). I know I can get around this limitation by assigning a group on the 2000 server, but I still have two questions. Can I have more that one valid users = line per share? No. And, is there a better way to deal with spaces in usernames than User Name ? Note: The same thing happens with write list =. This should be fixed in Samba 3.0, due to a change to the way we process such lists, but you are much advised to use a group on the server. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does active directory support include policy support
On Thu, 2003-03-27 at 19:53, Lasse Riis wrote: Well, a rather odd subject, but I couldn't really express it differently. I would simply like to know if the active directory emulation of samba+openLDAP+kerberos or samba 3.0 includes support for policies. I have a bunch of XP clients that I need to set some restrictions on. But it seems the days of config.pol files are over, so i need active directory support on my PDC. Having read several articles on active directory, I still don't understand it fully, but articles about setting up active directory on a samba pdc mentioned only partial support for active directory(only some features supported). So before I start crashing our server with software and configuration, I would like to know if (group)policies are supported by active directory on samba. If this is the case, I'd also like to hear if anybody has a working setup of it, and maybe some links (I couldn't finde any) to howtos We don't yet have an Active Directory PDC (it is much more than samba+openLDAP+kerberos - we need them all working with each other :-). That said, we are often confused for an active directory PDC by the clients - they often 'fall back' in parts of the protocol. It may well be possible to create such policies - In the end, they are just a file in a particular file share. It would be an interesting challenge for somebody to work on. :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access to shares for authenticated domain users only
On Thu, 2003-03-27 at 23:45, Kevin wrote: On Thu, 27 Mar 2003 07:11:55 +, Andrew wrote: While 'hacks' might be possible, shares are authenticated seperatly to the domain logon, and there is no linkage apart from the fact that the domain logon sets up the default username/pw pair. Fundementally, any restriction imposed by logon script/.pol files can be avoided - you must never trust the client to actually follow their directions... Thanks Andrew. Point taken. Where would you go for more info on this sort of security? In particular I'm trying to avoid unauthorised notebooks etc. connecting to the network and then disappearing off home with sensitive data from the server on their drives. Really, the best you can do is per-user passwords, strong passwords, correctly set permissions, and policies (human policies, not computer ones :-). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and CCC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 26 Mar 2003, Will L G wrote: When are you all going to make Samba compatible with CCC (Compaq Compiler)? I would really like to be able to compile it using CCC but I keep getting the errors listed below. I was wondering, could please point me in the right direction for a solution to this dilemma? Don't think any one on the team has access to a machine with compaq's compiler. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+g63nIR7qMdg1EfYRAm2fAKCgosf9jpVFOamT7fqMLmRZ8l4ERACfV8ZH wiCv3bTMOmbdOT1SbJjUOs0= =px0B -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Installing Samba on AIX
Hi, I'm installing Samba version 2.2.7.0 using smit install. Smit installs everything but doesn't create a /usr/local/samba dir. All the samba files are located in /usr/local/bin. But when I try to test my setup and so smbpasswd, it wants to look for everything in /usr/local/samba dir. Should I just create a /usr/local/samba dir and copy all the samba files from bin to the respective samba dir? Thanks...Bobby -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] print$ share problem URGENT - BUG
Whoops! extract is really expand. expand /? at the command prompt shows the options for expanding files with the trailing underscore. I use expand -r *.??_ which creates new, renamed, expanded files from the compressed ones. A word of warning: some compressed files do not have the original name embedded within the file. This will created expanded files with the underscore removed, not replaced with the original last character. In these situations, one must refer to the .INF file to discover the true name. What would be great is if someone wrote a simple Win32 program that parses the .INF print driver installation file, expanding the files as necessary, getting files from the local workstation and uploading them into the appropriate [print$] share directory, and doing the adddriver and setdriver RPCs. That way print driver installation would be free of the hoops imposed by drivers show add printer wizard goofiness. Thanks, Peter Hurley [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:18 AM To: [EMAIL PROTECTED] Subject: RE: [Samba] print$ share problem URGENT - BUG Heya, I'm looking at having to do the same thing... a couple of manufacturer's drivers either fail to install on samba, or install incorrectly. I'm using a W2k pro client but have no extract command. Is this a program that comes with w2k or something you got from somewhere else? Btw, thanks for explaining the {2227a280-3aea...} messages. Googling turned up lots of hits, but the only suggested solution was to delete the key from the client's registry (which didn't seem like a good idea to me). I didn't know that InProcServer was depended on by some driver installations. Realizing that samba as a print-server w/ automatic driver download has more hurdles than getting a devmode set... Thanks for letting me know about extract, ~ Daniel On Wednesday, March 26, 2003 5:45 PM Peter Hurley wrote: I do not know why your logs are showing an smb_panic(), but the failure to make a connection to {2227a280-3aea} is because the printer driver is attempting to open the Printers InProcServer on the remote print server. ***Snippet from logs*** [2003/03/26 14:33:08, 0] smbd/service.c:make_connection(252) donglesvr (10.217.7.11) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d} *** Since the print server is a Samba machine (that has no registry or capability to run InProcServers), that service doesn't exist. I had this happen to me when trying to add additional drivers from my W2k workstation to our 2.2.7a Samba server for a new HP2200 network printer. The solution I used was to add them manually via rpcclient on the Samba server itself. It took me quite a while. Basically the process is: 1) expand the driver files on your local W2k workstation, via the extract command line utility. 2) copy the driver files up to the appropriate directory on the [print$] share. See section 6.2.1 of the Samba HOWTO for the directory structure. Basically, NT4/W2K/XP drivers go in W32X86 and 95/98/Me go into WIN40. 3) on the samba server, run rpcclient. 4) at the rpcclient prompt, use adddriver to install the files into the appropriate architecture location. The tricky part of this is looking at the *.INF file to determine what parameters go where in the adddriver command. The format is: adddriver Architecture LongPrinterName:DriverFile:DataFile: ConfigFile:HelpFile:LanguageMonitorFile:DataType:ListOfFiles See rpcclient() man page for list of Architectures. The ListOfFiles are the files not already specified in the other parameters. For example, adddriver Windows NT x86 HP LaserJet 2200 Series PCL 6: HPBF3222.DLL:HPBF3224.PMD:HPBF3220.DLL:HPBF3220.HLP:HPBMMON.DLL:RAW: HPBAFD32.DLL,HPBFTM32.DLL,HPDOMON.DLL,HPBHEALR.DLL 5) when you have added the driver successfully, then you use the setdriver command (still at the rpcclient prompt) to associate the printer share with the driver. For example, setdriver hp2200 HP LaserJet 2200 Series PCL 6 Now automatic driver download should work. This process was so painful, eventually I'm going to look at the Imprints package to see if that works (there's a reference to this package in section 6.3 of the Samba HOWTO). Thanks, Peter Hurley [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stéphane Purnelle Sent: Wednesday, March 26, 2003 4:33 PM To: [EMAIL PROTECTED]; samba US; samba-tech Subject: Re: [Samba] print$ share problem URGENT - BUG Why I have no answer for my questions ? I repeat the situation : RedHat 8.0 with samba 2.2.8 compiled wiwth ldapsam and acl-support I need the print$ share and this system dont't work. I explain : when I add a driver, the system copy the data to the share, but after the
Stop in build 2.2.8 on FreeBSD 5.0 from ports
Building from the ports collection it stops in 'nsswitch/pam_winbind.po' every time. Stop in bulid for 5.0-RELEASE Not sure if this is a known bug for 5.0. Same problem with both my freshly installed 5.0 boxes. Tariq. . . . Linking bin/winbindd Compiling nsswitch/pam_winbind.c with -fPIC -DPIC nsswitch/pam_winbind.c: In function `_make_remark': nsswitch/pam_winbind.c:90: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c: In function `_winbind_read_password': nsswitch/pam_winbind.c:277: `PAM_AUTHTOK_RECOVER_ERR' undeclared (first use in this function) nsswitch/pam_winbind.c:277: (Each undeclared identifier is reported only once nsswitch/pam_winbind.c:277: for each function it appears in.) nsswitch/pam_winbind.c:298: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:306: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:312: warning: assignment discards qualifiers from pointer target type gmake: *** [nsswitch/pam_winbind.po] Error 1 *** Error code 2 Stop in /usr/ports/net/samba. *** Error code 1 Stop in /usr/ports/net/samba. $ ---
LDAP Coding??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi (lukeh?)! Why does my LDAP server deny the following request? ldapmodify sends this IA== (base64 for blank) as '04 01 20' according to ethereal. If I have a non-base64 value, say 'xxx', in 'profilePath' this works perfecly fine. This is a standard debian woody, so I have slapd 2.0.23. I'm still seeing this as my error, or could this also be an OpenLDAP bug? Thanks! Volker [EMAIL PROTECTED]:~/ldif$ ldapsearch -x uid=vl profilePath version: 2 # # filter: uid=vl # requesting: profilePath # # vl, samba, org dn: uid=vl,dc=samba,dc=org profilePath:: IA== # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 [EMAIL PROTECTED]:~/ldif$ cat test.ldif dn: uid=vl,dc=samba,dc=org changetype: modify delete: profilePath profilePath:: IA== [EMAIL PROTECTED]:~/ldif$ ldapmodify -x -D cn=admin,dc=samba,dc=org -w secret -f test.ldif modifying entry uid=vl,dc=kampf,dc=de ldap_modify: Invalid syntax additional info: modify: delete values failed ldif_record() = 21 [EMAIL PROTECTED]:~/ldif$ -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Key-ID D32186CF, Fingerprint available: phone +49 551 370 iD8DBQE+guPQOmSXH9Mhhs8RAj0eAJoDQkBwFmwJdJkqfDSTOF5Pr10rIgCeM2zI LLqc4ungKdauZaSCqD+4LTw= =yC2n -END PGP SIGNATURE-
Re: LDAP Coding??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 profilePath:: IA== [EMAIL PROTECTED]:~/ldif$ ldapmodify -x -D cn=admin,dc=samba,dc=org -w secret -f test.ldif modifying entry uid=vl,dc=kampf,dc=de ldap_modify: Invalid syntax Ooops. I had wanted to edit this completely... Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Key-ID D32186CF, Fingerprint available: phone +49 551 370 iD8DBQE+guRpOmSXH9Mhhs8RAlbtAKCA8Rz+z9YFj14NPp/PqSAnx8G7qgCdG+wr P+o2yPwPhTq5MM2eqtNjGlA= =EGpG -END PGP SIGNATURE-
Re: Next alpha of 3.0 planned for Friday
In [EMAIL PROTECTED], [EMAIL PROTECTED] wrote: This is just a heads up for everyone. I'm planning the 3.0alpha23 release for this Friday. If you have code that needs to be merged of commited to the SAMBA_3_0 cvs tree, please get in checked in by 8am EST on Friday of the week. Would someone take a look at CIDR-like notation problem by Mr. Takeda (and following mail by me) ? If this is right, example config described in securing-samba.sgml will not work as expected. (http://lists.samba.org/pipermail/samba-technical/2003-March/042993.html) Tomoki AONO ([EMAIL PROTECTED])
Re: modules: BOOL vs. int
At 12:12 27.03.2003 +0100, Jelmer Vernooij wrote: I noticed that all smb_register_*() fn's return BOOL and the init_module() fn's returns int so this is wrong: I don't have problems with this. We only need the return value in smb_probe_module() to check for failure, and False is defined to be equal to 0. The current way is more flexible. Some functions return a BOOL, but others return an int (such as in rpc). You're right but I think its confusing can't we name the return var BOOL when we use True or False or!!! int when we use 0 or -1 because int 0 means often success and BOOL False (int 0) means failure (this is confusing and cries for bugs!!!) And just for a better coding style :-) And I want it to be equal for all smb_register_*() fn's int auth_sam_init(void) { smb_register_auth(samstrict_dc, auth_init_samstrict_dc, AUTH_INTERFACE_VERSION); smb_register_auth(samstrict, auth_init_samstrict, AUTH_INTERFACE_VERSION); smb_register_auth(sam, auth_init_sam, AUTH_INTERFACE_VERSION); return True; } When would you want the function to fail ? If registering one of the functions fails? ok don't fail but a warning would be good metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Re: LDAP Coding??
On Thu, Mar 27, 2003 at 12:44:55PM +0100, Volker Lendecke wrote: Why does my LDAP server deny the following request? Ok, this seems to be something specific to OpenLDAP 2.0. With 2.1.16 just compiled this works as expected. Could this be called a bug? Volker pgp0.pgp Description: PGP signature
2.2.8 - can't view/change permissions from NT clients
We were using 2.0.6 on a SunOS 5.6 server, using domain security in an NT domain, and have upgraded to 2.2.8 for the security fix. Now, when the file permissions are displayed on an NT client, ACL's are only shown for user/group/other if there are R,W, or X permissions. If u, g, or o have no rights, the ACL is not displayed for them. Example, in 2.0.6, with a file with r--r- permissions (440), the NT permissions display would have an ACL for the owner with R permissions, an ACL for the group with R permissions, and the Everyone group would show as O for no permissions. In 2.2.8 with the same file, the NT permissions dialog only shows an ACL line for the owner, and an ACL line for the group, but NO ACL line for Everyone since they have no permissions If a file had r permissions, there won't be an ACL line for the group either. In addition, we can't Add an ACL for the ones not displayed - In other words, in the first example, we couldn't Add the Everyone group with R prrmissions to give world read. Is this normal behavior in 2.2.8, or should we see the same displays as before? How can we get the displays to show as before, or what might we have missed?
RE: encrypt passwords=no, security=yes, samba 2.2.8, W2K user auth fails
Hi tony, based on your log file, it sure does APPEAR that you have NOT turned off encrypted passwords, as samba is trying to open /usr/local/samba/private/smbpasswd. It should only do that if it negotiated encrypted passwords in the negot prot call, which it should only be able to do if encrypted passwords is set to yes. I note that you are including ANOTHER smb.conf file at the end of your global section; please check there and see if you have an encrypt passwords = yes, and/or include the contents of that smb.conf file as well in your next message to the list, ok? include=/etc/sfw/local-smb.conf -Original Message- From: tony shepherd [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 25, 2003 21:31 To: [EMAIL PROTECTED] Cc: tony.shepherd Subject: BUG: encrypt passwords=no, security=yes, samba 2.2.8, W2K user auth fails folks ** I am not on this mail list. Can all replied please be Cc'ed to me as well. ** I have come across the following bug using samba 2.2.8 (in the throws of upgrading from 2.0.10 to fix security vul). I discovered this bug using a W2K system; it was not present when testing with win98. I am running the samba server on a solaris 9 system. I am using encrypt passwords = no and security=user and using the Unix passwords for authentication. Registry modification have been made to the windows system. To replicate the bug, I do the following: * log onto w2k system as user ts74081, passwd: fred * try and open the share: \\huey\ts74081. As my password is different between the windows system and the samba server, it prompts me for a username/password pair. I give the correct values but I still get rejected. * I then try to access the share as a different user (one that does not exist on the system): username fred, passwd fred. Naturally it fails. * I then try again with the proper username/password pair and I get authenticated correctly and the share is made available. If I do not try and authenticate as a different user before retrying with the proper username, it will continue to fail to authenticate. I have attached debug 3 logs of the above scenario as well as the smb.conf I am using. If I change the security parameter to security=share, the above bug does not show itself. thanks tony
I: new smb.conf.5 build system is coming
Hi all! I'm commiting a new framework for working with smb.conf(5) Docbook sources into HEAD docs/docbook/smbdotconf/. It is not yet ready for production (most of parameters not yet converted to new meta-information description system) but infrastructure is there and should allow more easily maintain smb.conf(5). docs/docbook/smbdotconf/ not yet used for actual Samba documentation generation but I plan switch somewhere later next week or so when (hopefully) all information will be updated and other components of SGML documentation will be converted to XML too (most of them already prepared but not all). I'm including doc/docbook/smbdotconf/README below with more detailed description of structure and internals of new framework. --- DocBook XML 4.2 source code for smb.conf(5) documentation for Samba 3.0 Author of the document: Alexander Bokovoy [EMAIL PROTECTED] Welcome to new smb.conf(5) documentation build system! This directory contains a new incarnation of Samba's smb.conf(5) Docbook XML 4.2 sources. Note that the output might be unsatisfying untill all smb.conf(5) parameters will converted to new format (see Chapter 4 for details). Content --- 0. Prerequisites 1. Structure 2. XSLT stylesheets 3. Usage 4. Current status of converted parameters Prerequisites - In order to compile smb.conf(5) documentation from Docbook XML 4.2 sources you'll need: - a working libxml2 and libxslt installation, together with xsltproc utility - a locally installed Docbook XSL 4.2 or higher - a working xmlcatalog to eliminate Web access for Docbook XSL The latter requisite is important: we do not specify local copies of Docbook XSL stylesheets in our XSLTs because of real nightmare in their location in most distributions. Fortunately, libxml2 provides standard way to access locally installed external resources via so-called 'xmlcatalog' tool. It is working in RedHat, Mandrake, ALT Linux, and some other distributions but wasn't at the moment of this writting (Late March'03) in Debian. Structure - smb.conf(5) sources consist of a number of XML files distributed across a number of subdirectories. Each subdirectory represents a group of smb.conf(5) parameters dedicated to one specific task as described in Samba's loadparm.c source file (and shown in SWAT). Each XML file in subdirectories represents one parameter description, together with some additional meta-information about it. Complete list of meta-information attributes attribute description --- namesmb.conf(5) parameter name context G for global, S for services basic set to 1 if loadparm.c's decription wizard includes appropriate flag for advancedthis parameter (FLAG_BASIC, developer FLAG_ADVANCED, FLAG_WIZARD, FLAG_DEVELOPER) --- Main XML file for smb.conf(5) is smb.conf.5.xml. It contains a general stub for man page and several XML instructions to include: - a list of global parameters (auto-generated); - a list of service parameters (auto-generated); - a complete list of alphabetically sorted parameters (auto-generated). XSLT stylesheets In order to combine and build final version of smb.conf(5) we apply a set of XSLT stylesheets to smb.conf(5) sources. Following is the complete description of existing stylesheets in smb.conf(5) source tree: 1. [expand-smb.conf.xsl] Main driver, produces big XML source with all smaller components combined. The resulted tree is then feed to Docbook XSL for final producing. This stylesheet performs two main transformations: - Replaces samba:parameter tag by varlistentry one; - Generates term and anchor tags for each samba:parameter. The latter step needs some explanation. We generate automatically anchor and term tags based on meta-information about parameter. This way all anchors have predictable names (capitalized parameter name with all spaces supressed) and we really don't need to dublicate data. There was only one exception to the generation rule in smb.conf.5.sgml: use spnego parameter had anchor SPNEGO which is now unified to USESPNEGO. This also fixes a bug in SWAT which was unable to find SPNEGO achnor. 2. [generate-context.xsl] An utility stylesheet which main purpose is to produce a list of parameters which are applicable for selected context (global or service). The generate-context.xsl is run twice to generate both parameters.global.xml and parameters.service.xml which are included then by smb.conf.5.xml. This stylesheet relies on parameters.all.xml file which is generated by [generate-file-list.sh] shell script. The parameters.all.xml
Re: [patch] uppercase workgroup in browse request
Am Thursday 27 March 2003 03:43 schrieb Christopher R. Hertel: Stephan Kulow wrote: Hi! I noticed a difference between testsmbc smb://MYGRP and testsmbc smb://mygrp (it doesn't make a difference for SAMBA servers, but it does for XP and for winME) So please apply the included patch. Hang on... Do I read this correctly? Are we forgetting to up-case the workgroup name? (...it always helps to provide a little clue along with the patch.) :) Samba decodes NetBIOS names and then performs a case-insensitive comparison on the original name. Windows (the versions I've tested) simply compares the wire-format strings. That's faster, but it's also case sensitive. I don't currently have any ME or XP systems to test. I don't understand. You seem to agree with the patch, still it's not applied. Greetings, Stephan
Patch for Bad Password Attempt Lockout, samba3.0a22.
I have implemented the bad password attempt lockout policy. If an user attempt with the bad password more than the count setted in the policy, then his account will be auto-locked, like what did NT. The implementation is only for LDAP passdb backend. To do this, I have to introduce a new integer attribute in samba.schema, badPwAttempt. Folllowing are the patches, any comments? Jianliang Lu TieSse s.p.a. Via Jervis, 60. 10015 Ivrea (To) - Italy [EMAIL PROTECTED] [EMAIL PROTECTED] --- samba-3.0alpha22-orig/source/auth/auth_sam.cMon Feb 17 16:31:06 2003 +++ samba-3.0alpha22-orig/source/auth/auth_sam.c.fixThu Mar 27 12:40:10 2003 @@ -326,6 +326,12 @@ return NT_STATUS_ACCOUNT_DISABLED; } + /* Quit if the account was locked out. */ + if (acct_ctrl ACB_AUTOLOCK) { + DEBUG(1,(Account for user '%s' was locked out.\n, pdb_get_username(sampass))); + return NT_STATUS_ACCOUNT_LOCKED_OUT; + } + /* Test account expire time */ kickoff_time = pdb_get_kickoff_time(sampass); @@ -414,6 +420,7 @@ NTSTATUS nt_status; uint8 user_sess_key[16]; const uint8* lm_hash; + uint32 account_policy_lockout, badpwattempt; if (!user_info || !auth_context) { return NT_STATUS_UNSUCCESSFUL; @@ -448,10 +455,43 @@ nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key); if (!NT_STATUS_IS_OK(nt_status)) { + if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD)) { + badpwattempt = (uint32)pdb_get_bad_pw_attempt(sampass) + 1; + if (!pdb_set_bad_pw_attempt(sampass, badpwattempt, PDB_CHANGED)) + DEBUG(1, (Failed to set 'badPwAttempt' for user % s. \n, + user_info-internal_username.str)); + account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, account_policy_lockout); + if (badpwattempt = account_policy_lockout) + if (!pdb_set_acct_ctrl (sampass, + pdb_get_acct_ctrl(sampass) |ACB_AUTOLOCK, + PDB_CHANGED)) { + DEBUG(1, (Failed to set 'disabled' flag for user % s. \n, + user_info-internal_username.str)); + } + + become_root(); + if (!pdb_update_sam_account(sampass)) { + DEBUG(1, (Failed to modify entry for user % s.\n, + user_info-internal_username.str)); + unbecome_root(); +} + } pdb_free_sam(sampass); return nt_status; } + if (!pdb_set_bad_pw_attempt(sampass, 0, PDB_CHANGED)) + DEBUG(1, (Failed to set 'badPwAttempt' for user % s. \n, +user_info-internal_username.str)); + if (!pdb_set_logon_time(sampass, time(NULL), PDB_CHANGED)) + DEBUG(1, (auth_sam.c : pdb_set_logon_time fialed!\n)); + + become_root(); + if(!pdb_update_sam_account(sampass)) + DEBUG(1, (Failed to modify entry for user % s.\n, +user_info-internal_username.str)); + unbecome_root(); + if (!NT_STATUS_IS_OK(nt_status = make_server_info_sam(server_info, sampass))) { DEBUG(0,(check_sam_security: make_server_info_sam() failed with '%s'\n, nt_errstr(nt_status))); return nt_status; --- samba-3.0alpha22-orig/source/passdb/passdb.cMon Feb 24 16:12:31 2003 +++ samba-3.0alpha22-orig/source/passdb/passdb.c.fixThu Mar 27 12:40:10 2003 @@ -60,6 +60,7 @@ memset(user-private.hours, 0xff, user-private.hours_len); /* available at all hours */ user-private.unknown_5 = 0x; /* don't know */ user-private.unknown_6 = 0x04ec; /* don't know */ + user-private.bad_pw_attempt = 0; /* bad password attemp count */ /* Some parts of samba strlen their pdb_get...() returns, so this keeps the interface unchanged for now. */ --- samba-3.0alpha22-orig/source/passdb/pdb_get_set.c Thu Jan 9 20:05:59 2003 +++ samba-3.0alpha22-orig/source/passdb/pdb_get_set.c.fix Thu Mar 27 12:40:10 2003 @@ -172,6 +172,14 @@ return (NULL); } +uint32 pdb_get_bad_pw_attempt (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass-private.bad_pw_attempt); + else + return (-1); +} + /** * Get flags showing what is initalised
Re: Weird problems with Samba 2.2.8 under Solaris 8 + latest kernelpatch
Hi, Quick follow up... the problem was on another server. After the last reboot, not too long ago, fast-ethernet negotiation between the Cisco switch and the Sun server did not work properly. Cisco switch negotiated at 100Mbps/full and the Sun server in half duplex. Pierre B. Pierre Belanger wrote: Hello all, This weekend, we upgraded our Samba servers to 2.2.8 (pre3 according to the include/version.h -- CVS synced this past Saturday afternoon, EDT). I compiled this new release for the following Solaris/kernel : Solaris 6 : kernel patch 105181-33 Solaris 7 : kernel patch 106541-23 Solaris 8 : kernel patch 108528-19 Prior to Solaris 8 108528-19, that was installed yesterday *not by me* , we were running 108528-12. Solaris 8 with kernel patch 108518-19 + latest Samba is causing us troubles. ps : nothing changed in our smb.conf file / we had no problems before (the fcntl() bug was not an issue for us, we only have around ~ 150 concurrent connections on that machine). There's no problems on the other boxes (Solaris 6 7), note that we have much less connections on those boxes. [Q] Is there anyone on this list running with the latest Solaris 8 (108528-19) kernel patch and with Samba 2.2.8? After receiving a few complains, I decided to dig into the log files. Here's what I found: 1- Many dptr_close() errors, more than usually. log.wcanomp1775:[2003/03/17 14:04:09, 0] smbd/dir.c:dptr_close(277) log.wcanomp1775: Invalid key 256 given to dptr_close 2- Many oplock_break errors, much more than we had: [2003/03/17 15:32:49, 0] smbd/oplock.c:oplock_break(791) oplock_break: end of file from client oplock_break failed for file New Lisp/mbold.lsp (dev = 3d8000a, inode = 1467387, file_id = 15). [2003/03/17 15:32:49, 0] smbd/oplock.c:oplock_break(879) oplock_break: client failure in break - shutting down this smbd. [2003/03/17 15:32:49, 1] smbd/service.c:close_cnum(677) wcanomp2081 (10.10.92.33) closed connection to service imews [2003/03/17 15:32:49, 1] smbd/service.c:close_cnum(677) wcanomp2081 (10.10.92.33) closed connection to service site_doc [2003/03/17 15:32:49, 1] smbd/service.c:close_cnum(677) wcanomp2081 (10.10.92.33) closed connection to service docoss [2003/03/17 15:34:24, 1] smbd/service.c:make_connection(636) wcanomp2081 (10.10.92.33) connect to service site_doc as user imews (uid=2138, gid=240) (pid 4863) [2003/03/17 15:35:10, 0] smbd/oplock.c:request_oplock_break(1011) request_oplock_break: no response received to oplock break request to pid 4858 on port 56392 for dev = 3d8000a, inode = 825700, file_id = 15 [2003/03/17 15:35:10, 0] smbd/open.c:open_mode_check(652) open_mode_check: exlusive oplock left by process 4858 after break ! For file C 1505A/AA1710-W.dwg, dev = 3d8000a, inode = 825700. Deleting it to continue... [2003/03/17 15:35:10, 0] smbd/open.c:open_mode_check(656) open_mode_check: Existent process 4858 left active oplock. [2003/03/17 15:36:59, 1] smbd/service.c:make_connection(636) wcanomp2081 (10.10.92.33) connect to service site_doc as user imews (uid=2138, gid=240) (pid 4883) [2003/03/17 15:36:59, 0] smbd/dir.c:dptr_close(277) Invalid key 256 given to dptr_close [2003/03/17 15:36:59, 0] smbd/dir.c:dptr_close(277) Invalid key 257 given to dptr_close [2003/03/17 15:37:10, 0] smbd/oplock.c:process_local_message(397) process_local_message: Received unsolicited break reply - dumping info. [2003/03/17 15:37:10, 0] smbd/oplock.c:process_local_message(412) process_local_message: unsolicited oplock break reply from pid 4863, port 56392, dev = 3d8000a, inode = 825700, file_id = 15 [2003/03/17 15:38:02, 1] smbd/service.c:close_cnum(677) wcanomp2081 (10.10.92.33) closed connection to service site_doc [2003/03/17 15:38:09, 1] smbd/service.c:make_connection(636) wcanomp2081 (10.10.92.33) connect to service site_doc as user imews (uid=2138, gid=240) (pid 4904) [2003/03/17 15:41:22, 1] smbd/service.c:close_cnum(677) wcanomp2081 (10.10.92.33) closed connection to service imews [2003/03/17 15:41:22, 1] smbd/service.c:close_cnum(677) wcanomp2081 (10.10.92.33) closed connection to service docoss I will downgrade tonight to the previous version that we were running prior to the upgrade, it says 2.2.8pre1 but I remember taken that from CVS around February the 5th, according to the installation date!!! I wish I would have more time for this but I don't :-( I'll find time tomorrow to let you know if the downgrade helped or not. Cheers, Pierre B.
sesssetup.c, encrypted passwords and unicode
Hi there! I've been trying to get Samba 3.0 to use plaintext passwords and unicode for a while now. The first thing I stumbled on was solved, it was a service pack that needed to be applied to w2k. (Thanks!) This is the second thing I stumbled on: In line 613 of sesssetup.c (latest CVS) there is the following code snippet: } else { pstring pass; srvstr_pull(inbuf, pass, smb_buf(inbuf), sizeof(pass), passlen1, STR_TERMINATE); plaintext_password = data_blob(pass, strlen(pass)+1); } From what (limited) understanding I have, passlen1 in this case is the non-unicode password, and passlen2 is the unicode password. The code pull the wrong passlen, and consequently the wrong password was checked against the database. ( a password with a length of 0) Changing the code to use passlen2 basically allowed me to login, but I'm pretty sure this is not the correct fix (I would think that one should first check if the connection is unicode or not). Just FYI, Thanks :) Nir. -- Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org Father, why are all the children weeping? / They are merely crying son O, are they merely crying, father? / Yes, true weeping is yet to come -- Nick Cave and the Bad Seeds, The Weeping Song
Re: Patch for Bad Password Attempt Lockout, samba3.0a22.
Remember, this opens up a new vulnerability, to denial of service attacks. See, for example http://www.uksecurityonline.com/threat/password.php If you're implementing this, implement the approved strategy, also use by NT, of locking it for a settable period, and not locking out priveledged accounts. From http://calnetad.berkeley.edu/documentation/technical/uc_domain_policy.html Account lockout duration Sets the number of minutes an account will be locked out. Allowable values are 0 (account is lockout out until administrator unlocks it) or between 1 and 9 minutes. WARNING: Setting this value to 0 (until administrator unlocks) may allow a potential denial of service attack. It is important to note that the built-in Administrator account cannot be locked out. --dave Jianliang Lu wrote: I have implemented the bad password attempt lockout policy. If an user attempt with the bad password more than the count setted in the policy, then his account will be auto-locked, like what did NT. The implementation is only for LDAP passdb backend. To do this, I have to introduce a new integer attribute in samba.schema, badPwAttempt. Folllowing are the patches, any comments? Jianliang Lu TieSse s.p.a. Via Jervis, 60. 10015 Ivrea (To) - Italy [EMAIL PROTECTED] [EMAIL PROTECTED] --- samba-3.0alpha22-orig/source/auth/auth_sam.c Mon Feb 17 16:31:06 2003 +++ samba-3.0alpha22-orig/source/auth/auth_sam.c.fix Thu Mar 27 12:40:10 2003 @@ -326,6 +326,12 @@ return NT_STATUS_ACCOUNT_DISABLED; } + /* Quit if the account was locked out. */ + if (acct_ctrl ACB_AUTOLOCK) { + DEBUG(1,(Account for user '%s' was locked out.\n, pdb_get_username(sampass))); + return NT_STATUS_ACCOUNT_LOCKED_OUT; + } + /* Test account expire time */ kickoff_time = pdb_get_kickoff_time(sampass); @@ -414,6 +420,7 @@ NTSTATUS nt_status; uint8 user_sess_key[16]; const uint8* lm_hash; + uint32 account_policy_lockout, badpwattempt; if (!user_info || !auth_context) { return NT_STATUS_UNSUCCESSFUL; @@ -448,10 +455,43 @@ nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key); if (!NT_STATUS_IS_OK(nt_status)) { + if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD)) { + badpwattempt = (uint32)pdb_get_bad_pw_attempt(sampass) + 1; + if (!pdb_set_bad_pw_attempt(sampass, badpwattempt, PDB_CHANGED)) + DEBUG(1, (Failed to set 'badPwAttempt' for user % s. \n, + user_info-internal_username.str)); + account_policy_get(AP_BAD_ATTEMPT_LOCKOUT, account_policy_lockout); + if (badpwattempt = account_policy_lockout) +if (!pdb_set_acct_ctrl (sampass, + pdb_get_acct_ctrl(sampass) |ACB_AUTOLOCK, + PDB_CHANGED)) { + DEBUG(1, (Failed to set 'disabled' flag for user % s. \n, + user_info-internal_username.str)); + } + + become_root(); + if (!pdb_update_sam_account(sampass)) { + DEBUG(1, (Failed to modify entry for user % s.\n, + user_info-internal_username.str)); + unbecome_root(); +} + } pdb_free_sam(sampass); return nt_status; } + if (!pdb_set_bad_pw_attempt(sampass, 0, PDB_CHANGED)) + DEBUG(1, (Failed to set 'badPwAttempt' for user % s. \n, + user_info-internal_username.str)); + if (!pdb_set_logon_time(sampass, time(NULL), PDB_CHANGED)) + DEBUG(1, (auth_sam.c : pdb_set_logon_time fialed!\n)); + + become_root(); + if(!pdb_update_sam_account(sampass)) + DEBUG(1, (Failed to modify entry for user % s.\n, + user_info-internal_username.str)); + unbecome_root(); + if (!NT_STATUS_IS_OK(nt_status = make_server_info_sam(server_info, sampass))) { DEBUG(0,(check_sam_security: make_server_info_sam() failed with '%s'\n, nt_errstr(nt_status))); return nt_status; --- samba-3.0alpha22-orig/source/passdb/passdb.c Mon Feb 24 16:12:31 2003 +++ samba-3.0alpha22-orig/source/passdb/passdb.c.fix Thu Mar 27 12:40:10 2003 @@ -60,6 +60,7 @@ memset(user-private.hours, 0xff, user-private.hours_len); /* available at all hours */ user-private.unknown_5 = 0x; /* don't know */ user-private.unknown_6 = 0x04ec; /* don't know */ + user-private.bad_pw_attempt = 0; /* bad password attemp count */ /* Some parts of samba strlen their pdb_get...() returns, so this keeps the interface unchanged for now. */ --- samba-3.0alpha22-orig/source/passdb/pdb_get_set.c Thu Jan 9 20:05:59 2003 +++ samba-3.0alpha22-orig/source/passdb/pdb_get_set.c.fix Thu Mar 27 12:40:10 2003 @@ -172,6 +172,14 @@ return (NULL); } +uint32 pdb_get_bad_pw_attempt (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass-private.bad_pw_attempt); + else + return (-1); +} + /** * Get flags showing
use sendfile problems with Windows 95
Hi, I turned on use sendfile, not too long after (on the next logon) someone called me. His Windows 95 was having trouble opening files on the server. He can explore the shared volume but when trying to open a file, his computer hangs and needs to reboot. I've been using sendfile myself with Samba under Solaris 8 with NT 2000 XP since a long time with no trouble at all. I tested with another Windows 95 box -- same problem. Even after ~ 5 min. the box is still hanged. I'm wondering if Windows 98/ME are also affected by this? I don't have access to Windows ME boxes but I might find a Windows 98 box... I'll post when I am able to test. I generated a level 10 log file, it's 155KB (gzip -9). Someone wants to look at it? (I did not want to post this hughe file here). Here's the first place where the communication breaks: [2003/03/27 14:53:01, 6] lib/util_sock.c:write_socket(521) write_socket(5,1588) wrote 1588 [2003/03/27 14:53:47, 0] lib/util_sock.c:read_data(436) read_data: read failure for 4. Error = Connection reset by peer [2003/03/27 14:53:47, 10] lib/util_sock.c:receive_smb(609) receive_smb: length 0 ! [2003/03/27 14:53:47, 3] smbd/process.c:timeout_processing(1105) receive_smb error (Connection reset by peer) exiting I'll check on Microsoft's web site for any patches! Regards, Pierre B.
Re: use sendfile problems with Windows 95
On Thu, Mar 27, 2003 at 03:01:55PM -0500, Pierre Belanger wrote: Hi, I turned on use sendfile, not too long after (on the next logon) someone called me. His Windows 95 was having trouble opening files on the server. He can explore the shared volume but when trying to open a file, his computer hangs and needs to reboot. I've been using sendfile myself with Samba under Solaris 8 with NT 2000 XP since a long time with no trouble at all. I tested with another Windows 95 box -- same problem. Even after ~ 5 min. the box is still hanged. I'm wondering if Windows 98/ME are also affected by this? I don't have access to Windows ME boxes but I might find a Windows 98 box... I'll post when I am able to test. I generated a level 10 log file, it's 155KB (gzip -9). Someone wants to look at it? (I did not want to post this hughe file here). A log file won't help I don't think. It looks like sendfile is simply overwhelming the Win95 box's ability to process incoming TCP. Windows 95 is broken in many subtle and not-so-subtle ways w.r.t. SMB networking I'm afraid. Turning off sendfile might be your only option. Jeremy.
Re: [patch] uppercase workgroup in browse request
On Thu, Mar 27, 2003 at 05:43:55PM +0100, Stephan Kulow wrote: Am Thursday 27 March 2003 03:43 schrieb Christopher R. Hertel: Stephan Kulow wrote: Hi! I noticed a difference between testsmbc smb://MYGRP and testsmbc smb://mygrp (it doesn't make a difference for SAMBA servers, but it does for XP and for winME) So please apply the included patch. Hang on... Do I read this correctly? Are we forgetting to up-case the workgroup name? (...it always helps to provide a little clue along with the patch.) :) Samba decodes NetBIOS names and then performs a case-insensitive comparison on the original name. Windows (the versions I've tested) simply compares the wire-format strings. That's faster, but it's also case sensitive. I don't currently have any ME or XP systems to test. I don't understand. You seem to agree with the patch, still it's not applied. I don't understand. I asked for clarification. :) There's a question above. I asked Do I read this correctly?. So, what is your intention with this patch? What was the problem you were detecting? You never specified. Before I dig into the patch I want to know what you are trying to accomplish. Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: Patch for Bad Password Attempt Lockout, samba3.0a22.
On Fri, 2003-03-28 at 06:58, David Collier-Brown -- Customer Engineering wrote: Remember, this opens up a new vulnerability, to denial of service attacks. See, for example http://www.uksecurityonline.com/threat/password.php If you're implementing this, implement the approved strategy, also use by NT, of locking it for a settable period, and not locking out priveledged accounts. From http://calnetad.berkeley.edu/documentation/technical/uc_domain_policy.html Account lockout duration Sets the number of minutes an account will be locked out. Allowable values are 0 (account is lockout out until administrator unlocks it) or between 1 and 9 minutes. WARNING: Setting this value to 0 (until administrator unlocks) may allow a potential denial of service attack. It is important to note that the built-in Administrator account cannot be locked out. Once these issues are sorted, I'm inclined to apply this patch! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
extended ACL problems for default group w/ 2.2.7a 2.2.8
We're having problems on Samba 2.2.7a and 2.2.8, IBM JFS 1.1.1, Linux version 2.4.20, bestbits ACLs, etc. The problem is seen with Windows 2000 and Windows XP clients. I get different permissions for the default group on new files directories depending on if the directory tree is xcopied or is moved via drag drop in the GUI. According to level 10 samba logs and ethereal traces the difference that causes this problem is that the xcopy triggers serveral transaction2 SET_FILE_INFORMATION level 1004 calls. Samba does a chmod on the file or directory while processing this call. Nothing in this call looks to me like it should be changing the permissions. I tried the same test against a Windows 2000 server and found the resulting permissions are the same for both trees regardless of the copy method. Items from smb.conf [acl-test] comment = Temp Space to test ACL path = /home/group/new inherit acls = yes nt acl support = yes We don't have any mention of mask, mode, etc. in the smb.conf Comparison of the ACLs: [EMAIL PROTECTED] d1]# getfacl smtest # file: smtest # owner: bmarsh # group: bmarsh user::rwx group::--- group:admin:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:admin:rwx default:mask::rwx default:other::--- [EMAIL PROTECTED] d1]# getfacl smtestx # file: smtestx # owner: bmarsh # group: bmarsh user::rwx group::rwx group:admin:rwx mask::rwx other::--x default:user::rwx default:group::--- default:group:admin:rwx default:mask::rwx default:other::--- ACL on the parent directory of smtest smtestx: [EMAIL PROTECTED] new]# getfacl d1 # file: d1 # owner: bmarsh # group: bmarsh user::rwx group::--- group:admin:rwx mask::rwx other::--- default:user::rwx default:group::--- default:group:admin:rwx default:mask::rwx default:other::--- How the directories were created: Y:\xcopy smtest y:\d1\smtestx /s /e (I use the new dir smtestX for xcopy) Does Y:\d1\smtestx specify a file name or directory name on the target (F = file, D = directory)? d smtest\t1.txt 1 File(s) copied Then I drag and drop the same directory onto the same server to get smtest Thanks, Bill Marshall
security tab on shares not showing up in SAMBA_3_0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, I just confirmed that the security tab on a share is missing with a recent build of SAMBA_3_0. I'll look into this (unless someone has an immediate idea). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+gzMMIR7qMdg1EfYRAqiHAJ0b5tQyuAHy3carW+vFU7GJ1I1PigCg8r0H +AKWx7bdn0uNVXVELgrm1uI= =v9zk -END PGP SIGNATURE-
Re: modules: BOOL vs. int
Not that this is correct or anything... just my 2cents. I tend in my own code to return negative integers to indicate warnings or errors, with different negative values having different meaning (as needed). That way, I can simply check for 0 on return. If I want to get specific about what the error was I can look more carefully at the return value. I spent a little time programming in Icon. Interesting language. Every function returns a status code in addition to all other data. Chris -)- On Thu, Mar 27, 2003 at 02:29:11PM +0100, Stefan (metze) Metzmacher wrote: At 12:12 27.03.2003 +0100, Jelmer Vernooij wrote: I noticed that all smb_register_*() fn's return BOOL and the init_module() fn's returns int so this is wrong: I don't have problems with this. We only need the return value in smb_probe_module() to check for failure, and False is defined to be equal to 0. The current way is more flexible. Some functions return a BOOL, but others return an int (such as in rpc). You're right but I think its confusing can't we name the return var BOOL when we use True or False or!!! int when we use 0 or -1 because int 0 means often success and BOOL False (int 0) means failure (this is confusing and cries for bugs!!!) And just for a better coding style :-) And I want it to be equal for all smb_register_*() fn's int auth_sam_init(void) { smb_register_auth(samstrict_dc, auth_init_samstrict_dc, AUTH_INTERFACE_VERSION); smb_register_auth(samstrict, auth_init_samstrict, AUTH_INTERFACE_VERSION); smb_register_auth(sam, auth_init_sam, AUTH_INTERFACE_VERSION); return True; } When would you want the function to fail ? If registering one of the functions fails? ok don't fail but a warning would be good metze - Stefan metze Metzmacher [EMAIL PROTECTED] -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: security tab on shares not showing up in SAMBA_3_0
On Thu, 27 Mar 2003, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, I just confirmed that the security tab on a share is missing with a recent build of SAMBA_3_0. I'll look into this (unless someone has an immediate idea). Thanks. I was beginning to think it was something I was doing. Argh! - John T. -- John H Terpstra Email: [EMAIL PROTECTED]
bug in pjob_store (3.0alpha20)
Before I send all the details, I thought I'd check to see if this is a known problem. I've got version 3.0 alpha20 running on a FreeBSD -current box. When I try to print from a Win2000 box, smbd encounters an internal error. Gdb shows pjob_store() is calling pjob_store_notify() with a bad old_data.dptr pointer. (gdb) p old_data $1 = {dptr = 0x800 Error reading address 0x800: Bad address, dsize = 0} (gdb) frame #9 0x081a4ce4 in pjob_store (snum=6, jobid=3, pjob=0xbfbfec90) at printing/printing.c:582 582 pjob_store_notify( snum, jobid, (struct printjob *)old_data.dptr, pjob ); I've got, use client driver = yes, in my smb.conf file. Shall I provide more details, or is this a known problem? mike
Re: sesssetup.c, encrypted passwords and unicode
I posted some further analysis of this problem to the list a while back. I've got some captures. Basically, different Windows clients that can provide plaintext upper-case don't quite get it right. At least, they are not all formatting things the same way. I don't have time just now to look more deeply into this. If anyone else does, let me know and I'll forward my info. Chris -)- On Thu, Mar 27, 2003 at 09:36:48PM +0200, Nir Soffer wrote: Hi there! I've been trying to get Samba 3.0 to use plaintext passwords and unicode for a while now. The first thing I stumbled on was solved, it was a service pack that needed to be applied to w2k. (Thanks!) This is the second thing I stumbled on: In line 613 of sesssetup.c (latest CVS) there is the following code snippet: } else { pstring pass; srvstr_pull(inbuf, pass, smb_buf(inbuf), sizeof(pass), passlen1, STR_TERMINATE); plaintext_password = data_blob(pass, strlen(pass)+1); } From what (limited) understanding I have, passlen1 in this case is the non-unicode password, and passlen2 is the unicode password. The code pull the wrong passlen, and consequently the wrong password was checked against the database. ( a password with a length of 0) Changing the code to use passlen2 basically allowed me to login, but I'm pretty sure this is not the correct fix (I would think that one should first check if the connection is unicode or not). Just FYI, Thanks :) Nir. -- Nir Soffer -=- Exanet Inc. -=- http://www.evilpuppy.org Father, why are all the children weeping? / They are merely crying son O, are they merely crying, father? / Yes, true weeping is yet to come -- Nick Cave and the Bad Seeds, The Weeping Song -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: use sendfile problems with Windows 95
On Thu, 27 Mar 2003, Pierre Belanger wrote: Hi, I turned on use sendfile, not too long after (on the next logon) someone called me. His Windows 95 was having trouble opening files on the server. He can explore the shared volume but when trying to open a file, his computer hangs and needs to reboot. I've been using sendfile myself with Samba under Solaris 8 with NT 2000 XP since a long time with no trouble at all. I tested with another Windows 95 box -- same problem. Even after ~ 5 min. the box is still hanged. I'm wondering if Windows 98/ME are also affected by this? I don't have access to Windows ME boxes but I might find a Windows 98 box... I'll post when I am able to test. I generated a level 10 log file, it's 155KB (gzip -9). Someone wants to look at it? (I did not want to post this hughe file here). Can you get us a sniff? Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: Patch for Bad Password Attempt Lockout, samba3.0a22.
You can already do that through pam_tally, what does your approach add ? Simo. On Thu, 2003-03-27 at 15:34, Jianliang Lu wrote: I have implemented the bad password attempt lockout policy. If an user attempt with the bad password more than the count setted in the policy, then his account will be auto-locked, like what did NT. The implementation is only for LDAP passdb backend. To do this, I have to introduce a new integer attribute in samba.schema, badPwAttempt. Folllowing are the patches, any comments? -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it
Re: OPLOCK and locking problems: (Resource deadlock avoided)
On Fri, 2003-03-28 at 07:34, [EMAIL PROTECTED] wrote: On Sun, Mar 23, 2003 at 02:23:45PM +1100, Andrew Bartlett wrote: Earlier this week, I had a serious meltdown of Samba HEAD at my site. (A 100 concurrent user, domain logon and homedir setup). All the users share a single mandatory profile, which they think they can write two, but can't. (due to file permissions). They think they can due to the use of 'vfs_fake_perms.so'. In any case, no matter what the client thinks, I'm told this should not happen: I've attached the first 6 mins on the log, but by the time it got to 11 AM I'm told it got impossible to use the system. As smbds got caught up in waiting for oplocks, I think the clients decided to reconnect. This created even more load, and by 12PM when I got onto the system, there were way more smbd processes than machines to account for them. The load at 12PM was 20, and just logging into the system with SSH took *ages*. Unfortunately I was unable to get an strace or gdb the culprit, as I had to get the system back up and going again. There is a slight possibility of tdb corruption (I should have removed the locking tdb after the last crash), but no segfaulting processes. (This has occurred before, but I had blamed that). By the end of the logfile, we have multiple smbds all sending oplock replies to processes that don't expect them, connections being reset and all hell breaking loose... Personally, I suspect a tdb bug as the root cause, but our UDP based oplock handling can't get off the hook either. Are you running the Solaris kernel scalabel-fcntl patch ? If not, that was your problem, not the Samba code. Nope, RedHat 8, kernel 2.4.18. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Patch for Bad Password Attempt Lockout, samba3.0a22.
On Fri, 2003-03-28 at 07:40, Simo wrote: You can already do that through pam_tally, what does your approach add ? We can't correctly trigger pam_tally from the encrypted password check. Also, the pam_tally is dodgy - it doesn't correctly handle 'oh, they got it right'. (It makes assumptions about the way applications call PAM). Andrew, -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
generating core dumps in winbindd and smbd
I was poking around in the segv signal handling code today as I'm in a situation where an actual core dump would be handy to have. The intent of the current code looks like core dumps are to be made in $LOGDIR/corefiles but the dump_core() function is never executed as the argument to fault_setup() is never used. Do we want to keep the existing behaviour or shall I fix it to do what was intended? Tim.
Re: generating core dumps in winbindd and smbd
On Fri, 28 Mar 2003, Tim Potter wrote: I was poking around in the segv signal handling code today as I'm in a situation where an actual core dump would be handy to have. The intent of the current code looks like core dumps are to be made in $LOGDIR/corefiles but the dump_core() function is never executed as the argument to fault_setup() is never used. Do we want to keep the existing behaviour or shall I fix it to do what was intended? I would say do what was intended. I often need core files :-( Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Re: generating core dumps in winbindd and smbd
On Thu, Mar 27, 2003 at 09:41:55PM -0800, Richard Sharpe wrote: On Fri, 28 Mar 2003, Tim Potter wrote: I was poking around in the segv signal handling code today as I'm in a situation where an actual core dump would be handy to have. The intent of the current code looks like core dumps are to be made in $LOGDIR/corefiles but the dump_core() function is never executed as the argument to fault_setup() is never used. Do we want to keep the existing behaviour or shall I fix it to do what was intended? I would say do what was intended. I often need core files :-( It would also be nice to have a core-server-pid filename for the core dump but I'm not sure how portable that is.
Re: generating core dumps in winbindd and smbd
On Fri, 2003-03-28 at 17:17, Tim Potter wrote: On Thu, Mar 27, 2003 at 09:41:55PM -0800, Richard Sharpe wrote: On Fri, 28 Mar 2003, Tim Potter wrote: I was poking around in the segv signal handling code today as I'm in a situation where an actual core dump would be handy to have. The intent of the current code looks like core dumps are to be made in $LOGDIR/corefiles but the dump_core() function is never executed as the argument to fault_setup() is never used. Do we want to keep the existing behaviour or shall I fix it to do what was intended? I would say do what was intended. I often need core files :-( It would also be nice to have a core-server-pid filename for the core dump but I'm not sure how portable that is. Isn't that what the mkdir() stuff is about? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
RE: [Samba] print$ share problem URGENT - BUG
Whoops! extract is really expand. expand /? at the command prompt shows the options for expanding files with the trailing underscore. I use expand -r *.??_ which creates new, renamed, expanded files from the compressed ones. A word of warning: some compressed files do not have the original name embedded within the file. This will created expanded files with the underscore removed, not replaced with the original last character. In these situations, one must refer to the .INF file to discover the true name. What would be great is if someone wrote a simple Win32 program that parses the .INF print driver installation file, expanding the files as necessary, getting files from the local workstation and uploading them into the appropriate [print$] share directory, and doing the adddriver and setdriver RPCs. That way print driver installation would be free of the hoops imposed by drivers show add printer wizard goofiness. Thanks, Peter Hurley [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, March 27, 2003 8:18 AM To: [EMAIL PROTECTED] Subject: RE: [Samba] print$ share problem URGENT - BUG Heya, I'm looking at having to do the same thing... a couple of manufacturer's drivers either fail to install on samba, or install incorrectly. I'm using a W2k pro client but have no extract command. Is this a program that comes with w2k or something you got from somewhere else? Btw, thanks for explaining the {2227a280-3aea...} messages. Googling turned up lots of hits, but the only suggested solution was to delete the key from the client's registry (which didn't seem like a good idea to me). I didn't know that InProcServer was depended on by some driver installations. Realizing that samba as a print-server w/ automatic driver download has more hurdles than getting a devmode set... Thanks for letting me know about extract, ~ Daniel On Wednesday, March 26, 2003 5:45 PM Peter Hurley wrote: I do not know why your logs are showing an smb_panic(), but the failure to make a connection to {2227a280-3aea} is because the printer driver is attempting to open the Printers InProcServer on the remote print server. ***Snippet from logs*** [2003/03/26 14:33:08, 0] smbd/service.c:make_connection(252) donglesvr (10.217.7.11) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d} *** Since the print server is a Samba machine (that has no registry or capability to run InProcServers), that service doesn't exist. I had this happen to me when trying to add additional drivers from my W2k workstation to our 2.2.7a Samba server for a new HP2200 network printer. The solution I used was to add them manually via rpcclient on the Samba server itself. It took me quite a while. Basically the process is: 1) expand the driver files on your local W2k workstation, via the extract command line utility. 2) copy the driver files up to the appropriate directory on the [print$] share. See section 6.2.1 of the Samba HOWTO for the directory structure. Basically, NT4/W2K/XP drivers go in W32X86 and 95/98/Me go into WIN40. 3) on the samba server, run rpcclient. 4) at the rpcclient prompt, use adddriver to install the files into the appropriate architecture location. The tricky part of this is looking at the *.INF file to determine what parameters go where in the adddriver command. The format is: adddriver Architecture LongPrinterName:DriverFile:DataFile: ConfigFile:HelpFile:LanguageMonitorFile:DataType:ListOfFiles See rpcclient() man page for list of Architectures. The ListOfFiles are the files not already specified in the other parameters. For example, adddriver Windows NT x86 HP LaserJet 2200 Series PCL 6: HPBF3222.DLL:HPBF3224.PMD:HPBF3220.DLL:HPBF3220.HLP:HPBMMON.DLL:RAW: HPBAFD32.DLL,HPBFTM32.DLL,HPDOMON.DLL,HPBHEALR.DLL 5) when you have added the driver successfully, then you use the setdriver command (still at the rpcclient prompt) to associate the printer share with the driver. For example, setdriver hp2200 HP LaserJet 2200 Series PCL 6 Now automatic driver download should work. This process was so painful, eventually I'm going to look at the Imprints package to see if that works (there's a reference to this package in section 6.3 of the Samba HOWTO). Thanks, Peter Hurley [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stéphane Purnelle Sent: Wednesday, March 26, 2003 4:33 PM To: [EMAIL PROTECTED]; samba US; samba-tech Subject: Re: [Samba] print$ share problem URGENT - BUG Why I have no answer for my questions ? I repeat the situation : RedHat 8.0 with samba 2.2.8 compiled wiwth ldapsam and acl-support I need the print$ share and this system dont't work. I explain : when I add a driver, the system copy the data to the share, but after the
RE : Possible TDB/Samba optimizations.
Connections is one that I would want to move to use the LOCKING code. Connections must be removed from the table if a SMBD process crashed. Removal of old connections from crashed SMBD processes is now done : when a new connection comes in, all connections in the TDB file that is owned by non existent processes are removed. I think that there is a way to have more bytes than that associated with a lock. It would take some research. Possibly sublocks. As an example, the TDB record for a connection is 604 bytes long. For the LOCKING TDB file, it is 145 bytes long. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE : Problem with VMS_SUPPORT.C
Hi. Could you give me a copy of the full line (or lines) of the log where the error appears ? It should look like $GETDVI ERROR for xxx: sts = nnn, iosb=yyy You are right that GETDVIW should be better than GETDVI, but this is clearly not the point. In addition, you CAN use a full file spec for $GETDVI, so it's not the point either. The addressing mode of the iosb is OK too. Actually, there is probably something specific on your site that makes some bug appear, because this problem does not appear here or anywhere else as far as I know. Anyway, I need the full error message to work on it. Why would you need to retrieve this information when reading files? It seems to me that SAMBA is doing a lot of unnecessary work here. Well, it is very true that SOMEONE is doing unnecessary work, but it's not SAMBA. Samba is just a server, and does what the client asks it to do. If Samba retrieves the nb of free blocks, the only reason is that the client asked for it. Sure, the client has no understandable reason to do so, but it did. I think that in the Windows World, there is enough wonder in just observing what is done. Trying to understand WHY it's done is far too much for me. As an example, when you just right-click Properties on a file on the XP Explorer, it sends to Samba more than 10 consecutive requests to open that file, and one of those open requests is in WRITE mode ! PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: Problem with VMS_SUPPORT.C
This e-mail contains confidential information or information belonging to the Credit Lyonnais Group entity sending it and is intended solely for the addressees. Any views expressed in this message are those of the individual sender and its contents do not constitute a commitment by Credit Lyonnais unless confirmed by letter or fax. The unauthorised disclosure, use, dissemination or copying (either whole or partial) of this e-mail, or any information it contains, is prohibited. E-mails are susceptible to alteration and their integrity cannot be guaranteed. Internet communications are not secured and therefore Credit Lyonnais shall not be liable for this e-mail if modified or falsified. If you are not the intended recipient of this e-mail, please delete it immediately from your system and notify the sender of the wrong delivery and the mail deletion. Seems like it treats the whole beast like a file name: what are your DECC$EFS* settings ? -Message d'origine- De : B. Z. Lederman [EMAIL PROTECTED] À : [EMAIL PROTECTED] [EMAIL PROTECTED] Date : jeudi, 27. mars 2003 15:31 Objet : RE : Problem with VMS_SUPPORT.C xphp-ledermanb (16.32.216.244) connect to service lederman as user lederman (uid=12582913, gid=192) (pid 816) [2003/03/27 07:43:54, 0] DISK$STORAGE:[SAMBA-2_2_7A-SRC.SOURCE.VMS]VMS_SUPPORT.C;262:(394) vms_statfs: $GETDVI ERROR for disk$lederman^:^[lederman^].: sts= 0144, iosb = 0144 ^ ^^ Seems like it treats the whole beast like a file name: what are your DECC$EFS* settings ? [2003/03/27 07:43:54, 0]DISK$STORAGE:[SAMBA-2_2_7A-SRC.SOURCE.SMBD]DFREE.C;2:(142) WARNING: dfree is broken on this system [2003/03/27 07:45:27, 1]DISK$STORAGE:[SAMBA-2_2_7A-SRC.SOURCE.SMBD]SERVICE.C;1:(675) xphp-ledermanb (16.32.216.244) closed connection to servicelederman Status 144 is %SYSTEM-F-IVDEVNAM, invalid device name By the way, LIB$SIGNAL would be a better choice to output the error messages, as it usually translates the error status, and it will exit on fatal errors but continue on warnings. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Samba for VMS
Hi, I want to make a question, where i can find the installation manual for SAMBA for VMS... thanks a lot for your help. Cesar Enrique Amaya Torres email: [EMAIL PROTECTED] Bogota - Colombia PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
New VMS 2.2.8 Version
The 2.2.8 version for VMS is available at http://www.pi-net.dyndns.org/anonymous/jyc/ It includes the Unix version 2.2.8, and some specific VMS fixes : - Unexpected changes of file structure (VARIABLE to STREAM) and modification date - Correct display of the file dates (no more differences between VMS and PC clients) - Fix of SMBD crashes when sharing 00 directory of a disk - Automatic creation of TDB files when needed (thanks to Dave Jones) PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: New VMS 2.2.8 Version
Thanks for this, I will have a go. BTW why can I not print the index page from Internet Explorer - have to play around to get it printed. -- Chris Townley European Systems Development - Logistics Spicers Ltd -Original Message- From: COLLOT Jean-Yves [mailto:[EMAIL PROTECTED] Sent: 27 March 2003 17:44 To: Samba VMS Subject: New VMS 2.2.8 Version The 2.2.8 version for VMS is available at http://www.pi-net.dyndns.org/anonymous/jyc/ It includes the Unix version 2.2.8, and some specific VMS fixes : - Unexpected changes of file structure (VARIABLE to STREAM) and modification date - Correct display of the file dates (no more differences between VMS and PC clients) - Fix of SMBD crashes when sharing 00 directory of a disk - Automatic creation of TDB files when needed (thanks to Dave Jones) PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html This e-mail message is intended solely for the person to whom it is addressed and may contain confidential or privileged information. If you have received it in error, please notify [EMAIL PROTECTED] and destroy this e-mail and any attachments. In addition, you must not disclose, copy, distribute or take any action in reliance on this e-mail or any attachments. Any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. E-mail may be susceptible to data corruption, interception, unauthorised amendment, viruses and unforeseen delays, and we do not accept liability for any such data corruption, interception, unauthorised amendment, viruses and delays or the consequences thereof. Accordingly, this e-mail and any attachments are opened at your own risk. Spicers Ltd. Registered in England, Registration No. 425809 PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE : Compiling SAMBA with better options
| I quite agree with your remarks, but I fear that you seem to forget a very | important point : Samba/VMS is a port from a quite complicated software that | comes from Unix, and is quite often updated. If you multiply the #ifdef | for VMS specifics, you begin to have a lot of work each time a new release | comes in, if you want to follow the Unix updates. So I tend to limit the VMS | specific changes to truly functional ones, not for the intellectual benefit | of removing warning or informational messages. I do know where the code comes from, and I'm not proposing the addition of any #ifdef s at all. The modules that should be including STARLET.H are VMS only or are already conditionalized for VMS, because only VMS-specific code will be calling sys$open, sys$truncate, etc. As for the other warnings: they are indications of problems in the common code. Comparing an unsigned integer to a signed value is something that should not be done on any platform. The OpenVMS C compiler is warning of things that should be fixed on all platforms in the common code. | them on the Internet. I was not too much enthusiast, but I eventually | agreed, and since then I try to do my best to help other users who encounter | problems. May I say that since the beginning of this Samba/VMS version (more | or less 1 year ago), not a single problem was due to the /STAND=VAXC option | ? I'm sure your efforts are appreciated. Unfortunately, you can't be sure you don't have problems due to the compiler options. Compiling /STAND=VAXC means that warning messages about code that could be causing problems are not seen. You are also losing out on improvements the compiler can make to the code. I'm trying to make the results of my compilation run available to everyone who wants it. I hope someone would know how to pass back the information to the people who are 'responsible' for the common code so the major problems can be fixed. I also think the improved compiler switches would be good for everybody running on OpenVMS. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Compiling SAMBA with better options
I've been looking more at the source code and the way it's compiled. /STANDARD=VAXC is really not a good choice. It covers up too many real and potential problems in the code. I decided to try compiling with a better set of options which I have included below. (the /ARCH = HOST isn't essential, but it helps if the code is going to execute on the same architecture as it's compiled.) I got a lot of warnings about locally declared prototypes (PROTOSCOPE): these aren't always problems, but they can be if the function is used in more than one place. So I have (for now) told the compiler not to issue any warnings about that one particular potential problem. There are other checks that could be included in the /CHECK qualifier, and when the currently known problems are addressed perhaps a /CHECK or even a /CHECK=ALL should be done. There is also a question of what to do with names that are longer than 31 characters. I don't know what ANSI says about it, but they're a potential problem on OpenVMS. There is work going on to address this, but for now removing the /STANDARD=VAXC means usually choosing a method of dealing with names. I tried /NAMES = (AS_IS, SHORTENED) which shortens the names in a predictable manner. However, I got errors linking the executables because some names didn't match. I think /NAMES = (UPPERCASE, SHORTENED) would be better and I intend to try that. A lot of the code compiles cleanly with this set of options, which it should. When the compiler flags something, it's usually a real problem, and something which would be a problem on any platform. For example, there are many cases where an unsigned variable is being compared to a signed constant or value. I also edited two modules: [SAMBA-2_2_7A-SRC.SOURCE.VMS] VMS_SUPPORT.C for the previously discussed problem with getdvi instead of getdviw and [SAMBA-2_2_7A-SRC.SOURCE.SMBD] CLOSE.C because it calls sys$open, sys$close, etc. without the functions being defined. Modules that call these functions are better off if they #include starlet.h to define the function prototypes. There are a couple of other modules where this should be done. The compiler command I used is: $ cc := CC/DECC/NOLIST/INCLUDE=([],[.INCLUDE],[.UBIQX],[.SMBWRAPPER],[.tdb],[.popt],[.VMS]) - /DEFINE=(WITH_SMBPASSWD_SAM, HAVE_IFACE_IFCONF) /NESTED = PRIMARY - /ARCH = HOST /ASSUME = WHOLE /CHECK = (UNINIT, POINTER = ALL) - /LIST /CROSS /SHOW = BRIEF /PREFIX = ALL /OPT = LEVEL = 5 - /NAMES = (AS_IS, SHORTENED) /WARN = DISABLE = PROTOSCOPE The number of modules with warnings is longer than I would post to the mailing list by default (if you include the entire message, which includes a pointer to the code with an explanation). I can mail it, or you can pick it up from a web site. My personal web site is: http://encompasserve.org/~lederman/index.html There should be a pointer to samba1.txt and samba1.zip which has the results of my compilation. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE : Problem with VMS_SUPPORT.C
The disk on which I am testing (DISK$STORAGE) is ODS-5. Bart. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
CVS update: samba/source
Date: Thu Mar 27 12:08:46 2003 Author: jelmer Update of /home/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv18367 Modified Files: Makefile.in configure.in Log Message: Use the new modules system in VFS. If a module can't be loaded with the new modules system, we still fall back to the old system. Revisions: Makefile.in 1.653 = 1.654 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.653r2=1.654 configure.in1.439 = 1.440 http://www.samba.org/cgi-bin/cvsweb/samba/source/configure.in?r1=1.439r2=1.440
CVS update: samba/source/modules
Date: Thu Mar 27 12:08:46 2003 Author: jelmer Update of /home/cvs/samba/source/modules In directory dp.samba.org:/tmp/cvs-serv18367/modules Modified Files: vfs_audit.c vfs_extd_audit.c vfs_fake_perms.c vfs_netatalk.c vfs_recycle.c Log Message: Use the new modules system in VFS. If a module can't be loaded with the new modules system, we still fall back to the old system. Revisions: vfs_audit.c 1.2 = 1.3 http://www.samba.org/cgi-bin/cvsweb/samba/source/modules/vfs_audit.c?r1=1.2r2=1.3 vfs_extd_audit.c1.2 = 1.3 http://www.samba.org/cgi-bin/cvsweb/samba/source/modules/vfs_extd_audit.c?r1=1.2r2=1.3 vfs_fake_perms.c1.2 = 1.3 http://www.samba.org/cgi-bin/cvsweb/samba/source/modules/vfs_fake_perms.c?r1=1.2r2=1.3 vfs_netatalk.c 1.3 = 1.4 http://www.samba.org/cgi-bin/cvsweb/samba/source/modules/vfs_netatalk.c?r1=1.3r2=1.4 vfs_recycle.c 1.6 = 1.7 http://www.samba.org/cgi-bin/cvsweb/samba/source/modules/vfs_recycle.c?r1=1.6r2=1.7
CVS update: samba/source/smbd
Date: Thu Mar 27 12:08:46 2003 Author: jelmer Update of /home/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv18367/smbd Modified Files: server.c vfs.c Log Message: Use the new modules system in VFS. If a module can't be loaded with the new modules system, we still fall back to the old system. Revisions: server.c1.416 = 1.417 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/server.c?r1=1.416r2=1.417 vfs.c 1.71 = 1.72 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/vfs.c?r1=1.71r2=1.72
CVS update: samba/source/include
Date: Thu Mar 27 12:08:46 2003 Author: jelmer Update of /home/cvs/samba/source/include In directory dp.samba.org:/tmp/cvs-serv18367/include Modified Files: vfs.h Log Message: Use the new modules system in VFS. If a module can't be loaded with the new modules system, we still fall back to the old system. Revisions: vfs.h 1.27 = 1.28 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/vfs.h?r1=1.27r2=1.28
CVS update: samba/examples/LDAP
Date: Thu Mar 27 14:12:42 2003 Author: vlendec Update of /data/cvs/samba/examples/LDAP In directory dp.samba.org:/tmp/cvs-serv30358 Modified Files: samba.schema Log Message: Fix schema error not detected by OpenLDAP 2.0.23 but by 2.1.16. Volker Revisions: samba.schema1.10 = 1.11 http://www.samba.org/cgi-bin/cvsweb/samba/examples/LDAP/samba.schema?r1=1.10r2=1.11
CVS update: samba/docs/docbook
Date: Thu Mar 27 14:22:03 2003 Author: ab Update of /home/cvs/samba/docs/docbook In directory dp.samba.org:/tmp/cvs-serv31228 Modified Files: global.ent Log Message: Tidy XML formating Revisions: global.ent 1.5 = 1.6 http://www.samba.org/cgi-bin/cvsweb/samba/docs/docbook/global.ent?r1=1.5r2=1.6
CVS update: samba/examples/LDAP
Date: Thu Mar 27 14:25:30 2003 Author: vlendec Update of /data/cvs/samba/examples/LDAP In directory dp.samba.org:/tmp/cvs-serv31404 Modified Files: Tag: SAMBA_3_0 samba.schema Log Message: Fix schema error not detected by OpenLDAP 2.0.23 but by 2.1.16. Volker Revisions: samba.schema1.7.2.3 = 1.7.2.4 http://www.samba.org/cgi-bin/cvsweb/samba/examples/LDAP/samba.schema?r1=1.7.2.3r2=1.7.2.4
CVS update: samba/source/passdb
Date: Thu Mar 27 14:31:46 2003 Author: vlendec Update of /data/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv32163 Modified Files: Tag: SAMBA_3_0 pdb_ldap.c Log Message: This is no functional change. It just makes pdb_ldap.c a bit easier to understand by moving the logic for init_ldap_from_sam and friends around. Volker Revisions: pdb_ldap.c 1.28.2.28 = 1.28.2.29 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/pdb_ldap.c?r1=1.28.2.28r2=1.28.2.29
CVS update: samba/docs/docbook/smbdotconf
Date: Thu Mar 27 15:00:09 2003 Author: ab Update of /home/cvs/samba/docs/docbook/smbdotconf In directory dp.samba.org:/tmp/cvs-serv2759/smbdotconf Log Message: Directory /home/cvs/samba/docs/docbook/smbdotconf added to the repository Revisions:
CVS update: samba/docs/docbook/smbdotconf/ldap
Date: Thu Mar 27 15:01:01 2003 Author: ab Update of /home/cvs/samba/docs/docbook/smbdotconf/ldap In directory dp.samba.org:/tmp/cvs-serv3039/ldap Log Message: Directory /home/cvs/samba/docs/docbook/smbdotconf/ldap added to the repository Revisions:
CVS update: samba/docs/docbook/smbdotconf/browse
Date: Thu Mar 27 15:01:01 2003 Author: ab Update of /home/cvs/samba/docs/docbook/smbdotconf/browse In directory dp.samba.org:/tmp/cvs-serv3039/browse Log Message: Directory /home/cvs/samba/docs/docbook/smbdotconf/browse added to the repository Revisions:
CVS update: samba/docs/docbook/smbdotconf/locking
Date: Thu Mar 27 15:01:01 2003 Author: ab Update of /home/cvs/samba/docs/docbook/smbdotconf/locking In directory dp.samba.org:/tmp/cvs-serv3039/locking Log Message: Directory /home/cvs/samba/docs/docbook/smbdotconf/locking added to the repository Revisions:
CVS update: samba/docs/docbook/smbdotconf/logon
Date: Thu Mar 27 15:01:01 2003 Author: ab Update of /home/cvs/samba/docs/docbook/smbdotconf/logon In directory dp.samba.org:/tmp/cvs-serv3039/logon Log Message: Directory /home/cvs/samba/docs/docbook/smbdotconf/logon added to the repository Revisions:
CVS update: samba/docs/docbook/smbdotconf/winbind
Date: Thu Mar 27 15:01:01 2003 Author: ab Update of /home/cvs/samba/docs/docbook/smbdotconf/winbind In directory dp.samba.org:/tmp/cvs-serv3039/winbind Log Message: Directory /home/cvs/samba/docs/docbook/smbdotconf/winbind added to the repository Revisions: