Reminder: list EOL on Sept 1,2 004
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just a reminder of the pending list closure on Sept 1. If you wish to unsubscribe prior to that date, please see http://lists.samba.org/listinfo/samba-binaries/ cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBJL90IR7qMdg1EfYRAul3AJ4yZHl7U/EmJyDIC+21Z4PWcbKvtQCeMnfR K3oFFvI7iQBQpFgH5JvrCyY= =YeRc -END PGP SIGNATURE-
Re: RE : [Samba] winbind / ldap
- Winbind isn't needed any more. don't we need winbind to MAP SIDs to UIDs, if the server is a DOMAIN MEMBER Server ??? cause the idmap backend parameter in smb.conf is for winbind i thought greez [EMAIL PROTECTED] schrieb: Hello! I have an AD domain configured with this : 1 - win2k server with AD and NIS server for Windows (from SFU http://www.microsoft.com/windows/SFU) 2- a linux debian sarge box with samba3.0.4 and lib_nss-ldap With SFU, AD Schema is changed and Unix Information such as UID GID home an Shell can be set on each User. Linux can access user database either with - ypbind (nis client) : the simpliest but Some security holes - libnss_ldap : better but difficult to opperate with AD I have succeded with almost all default Debian package I have tried with RedHat without success. - Samba is in ADS security mode and member of domain. - Winbind isn't needed any more. - -Message d'origine- - De : [EMAIL PROTECTED] - [mailto:[EMAIL PROTECTED] - rg] De la part de Manfred Odenstein - Envoyé : jeudi 12 août 2004 13:16 - À : [EMAIL PROTECTED] - Objet : Re: [Samba] winbind / ldap - - - its on - http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#ch 6-ldifadd Am Donnerstag, 12. August 2004 11:19 schrieb Hamish: Hello Im not sure how to ask the question i need, but let me try: Background: SuSE 9.0 Samba from rpms: samba 3.0.3pre2-SuSE Role: domain member server (winbind) I am having a lot of trouble upgrading samba and I'm thinking of moving to another server. I have found that if I move the winbindd_idmap.tdb across, the AD / UID mappings are saved but would like to know: a) Is this safe? (is there anything that will bomb out a few months down the line?) b) can this be done with LDAP instead (I know close to nothing of LDAP, I have assumed it is for use as a PDC, but could it be used to store UID mappings as well? How 'interesting' would this be to set up?) Thanks, H -- Matrix - more than a vision ** Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Winbind issue
hi, on a samba v3.x domain member server i'm using winbind and nscd to speed up resolving SID/UID mapping e.g. during setting ACLs from windows under security it works fine for me after some tuning of nscd.conf (short caching times) greez Alexander E. Patrakov schrieb: Andrew wrote: I recently upgraded to 3.0.4-6.3E from 3.0.2 on RedHat Enterprise 3 and ever since I have been experiencing a strange winbind issue. It looks like winbind is not updating the group memberships properly. If I look at a user using wbinfo -r DOMAIN+User I get the following: 11001 11026 11030 11033 11034 11035 11042 11043 11048 11049 Now if I delete any groups or add the user to any additional groups and run the command again I get: 11001 11026 11030 11033 11034 11035 11042 11043 11048 11049 No Change! Please check if your distro has nscd daemon running by default. nscd is incompatible with winbindd. -- Matrix - more than a vision ** Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Automated response from the Paragon Software (SHDD) Support Service
___English___ Dear Customer, This is an automated response from the Paragon Software Support Service. Please do not reply this message. Your e-mail message has been successfully received. Please be patient, your request will be processed within two-three business days and will be replied. Our support hours are Monday-Friday 11.00-19.00 GMT+3. You can find both technical, as well as general, product information, in the following areas: 1) The Paragon Software web site (http://www.penreader.com). Useful links: Dictionaries http://www.penreader.com/technologies/Dictionaries.html Localization http://www.penreader.com/technologies/Localization.html Gameshttp://www.penreader.com/technologies/Games.html Utilitieshttp://www.penreader.com/technologies/Utilities.html Handwriting http://www.penreader.com/technologies/Handwriting.html News http://www.penreader.com/company/news.html 2) Your Getting Started Manual 3) Help files that were installed with the product If you paid for software online and do not know, how to get your purchase, please, check Your e-mail box. There must be a message from e-care System of Paragon Software with a link, password and login, where you can download a program. Paragon Software (Smart Handheld Devices Division) phones - +7 (095) 408-61-79, 408-76-77 e-mail: [EMAIL PROTECTED] Web - http://www.penreader.com Russian_ , Paragon Software. , . - . : - 11.00-19.00 GMT+3. : 1)web- (http://www.penreader.com/ru/index.html); : http://www.penreader.com/ru/technologies/Dictionaries.html http://www.penreader.com/ru/technologies/Localization.html http://www.penreader.com/ru/technologies/Games.html http://www.penreader.com/ru/technologies/Utilities.html http://www.penreader.com/ru/technologies/Handwriting.html http://www.penreader.com/ru/company/news.html 2) ; 3) Help files. - , ,, e-mail . Paragon Software, , , . Paragon Software (Smart Handheld Devices Division) +7 (095) 408-61-79, 408-76-77 e-mail: [EMAIL PROTECTED] Web - http://www.penreader.com/ru/index.html 19.08.2004 You wrote/ : [EMAIL PROTECTED] See the attached file for details. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS Printing to PostScript Printer
Richardson, Anthony wrote: I'm having trouble printing to a HP LaserJet 6MP Postscript printer. I'm using CUPS and normal UNIX printing works fine. I've tried to configure SAMBA for point and click printing. That all seemed to go okay except that what is printed is: = [EMAIL PROTECTED] JOB @PJL SET RESOLUTION = 600 @PJL SET ECONOMODE = OFF @PJL ENTER LANGUAGE = POSTSCRIPT = followed by all of the raw Postscript commands. I think it is the -12345X at the beginning of the output that is confusing the printer. Two suggestions come to mind : 1) Edit the ppd file and remove the entries that cause this code to be sent or (better) 2) configure the printer without auto-detect of language I've had similar problems with some other makes of printer so I normally just configure all printers as Postscript only - then some f***ing clueless software vendor comes along and only supports PCL :-( Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd issue
Howdy All, I am trying to add more winxp machines to an existing domain and I think I must have broken something. The story goes, I discovered that it is a bad idea to have the computername and username the same, so I thought I would change the computername on one machine ( at a time ). However after trying with the first machine ( and failing ) I gave up thinking I would come back to this issue. However,when I try to add ANY new machine to the domain with smbpasswd -a -m newmachinename I get failed to initialise SAM_ACCOUNT for user newmachinename$ failed tomodify password entry for user newmachinename$ This tells me that it recognises the account as a machine trust account, but the database is bust. HOW DO I FIX IT ( or if all else fails can I remove the smbpasswd file and simply add all of the accounts again ) ?? The latter is not my favourite option but I will do it to get things going. The second and more important question is WHAT DID I DO to break it. I really dont want to have to go through this regularly.AND is there some backup of the database ( or can I create one on a dynamic system ) and if so what files should I be backing up. Thanks in advance. Regards Greg -- System Manager RGTechnologies Pty Ltd 606 Skipton Street Ballarat 3350 613 53363603 0417 511 731 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Internet.Com Format Error
Sorry, your email containing an attachment can not be distributed through Internet.Com discussion lists. The only acceptable format for posting to isp-nt is ASCII Text, with NO attachments. Please, re-send your post to continue your discussion on isp-nt. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group creation and ldap
This only happens when I try to create a new group from the User Manager for Domains - This search is in the test to see if the posixGroup exists (right after it calls out to the group creation script). I have several groupMappings in operation and they all work correctly; Do I understand your correctly that you've got working groups, or is it that you're able to create them as well? Ahh... I don't use User Manager for Domains. Initially I created my group mappings using the net groupmap add command from the command line of my samba server. However, I now create the group mappings at the time when the group is created in LDAP by simply adding the Samba attributes. Regards, Neil -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mount at boot - and a bug - where to report?
Hi, your problem arises from abuse of the c$ share: ;-) the shares ending in$-signs are so-called administrative shares. Their use is restricted to adminitrator-users of the windows-machine, as they are ment only for administrative tasks. Never use these shares for real filesharing, create a second share on the root-directory of your c:-drive if you want to share it to some other machines. Christoph Victor Wynnytsky schrieb: just in case you didn't put this problem to rest... I found I got the tree connect failed: ERRDOS - ERRnoaccess (Access denied.) when I removed my windows user from the administrator group and I was mounting to a c$ share so I suppose the windows account requires admin access if I'm authenticating with it from linux. PS: this problem is best debugged from un/mount scripts and NOT by rebooting for each attempt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net groupmap - gidNumber=4294967295
hello, i still trying to deal with groups in a samba-pdc i am now closer to my problem: the net groupmap cant find the group about a wrong groupid. i found similar errormessages by googling, but no answer, which brings me to understand what exactly happens. it follows a snipp from smb.conf, a snipp from the debug-info i am getting. my ldap has ous people, groups and Idmap samba is 3.0.4 system is solaris 8 smb.conf: passdb backend = ldapsam:ldaps://localhost domain logons = yes ldap admin dn = cn=Manager,dc=agrl,dc=ethz ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ldap suffix = dc=agrl,dc=ethz debuginfo: ./net groupmap add -d 5 ntgroup=Domain Admins unixgroup=domadm \ type=d rid=512 [2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base = [dc=agrl,dc=ethz], filter = [((objectClass=sambaIdma pEntry)(gidNumber=4294967295))], scope = [2] [2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base = [ou=groups,dc=agrl,dc=ethz], filter = [((objectClass =sambaGroupMapping)(gidNumber=4294967295))], scope = [2] [2004/08/19 10:43:52, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898) ldapsam_getgroup: Did not find group [2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base = [ou=groups,dc=agrl,dc=ethz], filter = [((|(objectCla ss=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=4294967295))], scope = [ 2] [2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base = [dc=agrl,dc=ethz], filter = [((objectClass=sambaIdma pEntry)(gidNumber=4294967295))], scope = [2] [2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base = [ou=groups,dc=agrl,dc=ethz], filter = [((objectClass =sambaGroupMapping)(gidNumber=55001))], scope = [2] [2004/08/19 10:43:52, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898) ldapsam_getgroup: Did not find group [2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base = [ou=groups,dc=agrl,dc=ethz], filter = [((|(objectCla ss=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=55001))], scope = [2] [2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base = [dc=agrl,dc=ethz], filter = [((objectClass=sambaIdma pEntry)(gidNumber=55001))], scope = [2] adding entry for group Domain Admins failed! [2004/08/19 10:43:52, 2] utils/net.c:main(792) return code = -1 -- Andreas Burger Eidgenoessische Technische Hochschule Zuerich Departement AgrL ISG LFW A2 8092 Zuerich 632 68 54 [EMAIL PROTECTED] _ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2003 Active Directory Compatibility issue in libads/sasl.c
You can find references in the archives, but I remember wasting quite a bit of time to find this. MIT Kerberos and Heimdal have to be really pretty current versions. If you cant upgrade to the new MS rc4-hmac encryption type see the following MS hotfix http://support.microsoft.com/default.aspx?scid=kb;en-us;833708 Hope it helps, Doug [EMAIL PROTECTED] wrote: Hi All, I am new to the samba-technical list. I am currently adopting the way Samba does for mutual authentication using Kerberos to MS Active Directory 2003. Basically, I am using this static ADS_STATUS ads_sasl_gssapi_bind (ADS_STRUCT *ads) in my LDAP client implemented by Netscape Directory SDK. However, the code works fine with Windows 2000 but fails on 2003. By running the code, I could sucessfully get the TGT and session ticket from Windows Active Directory KDC with the right enctype. I verified both tickets by checking client's local credential cache using klist. After tracing down the code, the code fails on line 000374 ( http://samba.org/doxygen/appliance-head/sasl_8c-source.html) with an error saying invalid credential. I have tried serveral ways to work it out but got no luck. I am at the end of the rope. Is there a known issue for compatibility with Windows 2003 and Samba, or am I missing something here? Any help and insighs are highly apprecited. Many thanks in advance. Sincerely, Peter TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Master/Slave
Hi John, let me explainif you have conected smb ldap master pdc with a vpn ( ie. Openvpn ) to a bdc smb ldap slave and if the vpn brakes , win clients from the vpn network are working with the last entries from the slave ldap. As in the blackout period the pdc isnt exist and the bdc ldap slave is not writeable , you cant make any changes ( like bringing up new machines on the fly, chnage passwords etc )until the vpn is up again to the pdc ldap master. This belongs to the fact that a bdc is read only. This is my understandingand practised...or do you now something other workaround? ( which might be possible with ldap in principal, but will end in heavly syncing the ldap directory in network blackout periods ) Best Regards John H Terpstra schrieb: On Wednesday 18 August 2004 16:11, rruegner wrote: thats right I am not sure if I understand what is being said here. Samba should refer password changes to the PDC and it should apply the changes to the LDAP directory. - John T. regards Jason C. Waters schrieb: I don't think this is a solution. If I understand what you were saying, on the BDC I should have this as the passwd backend: passwd backend = ldapsam:ldaps://ldap.server2 ldaps://ldap.server1 server2 - the BDC and ldap slave which is read only server1 - is the PDB and has the ldap master which users can read/write, so they could update their passwords. If I have it setup this way, the users that on the other side will never be able to update their passwords, at least on that leg of the VPN. Or maybe I just thinking about this the wrong way. Jason rruegner wrote: Hi, if you want to stay bdc stay alive, in cases when vpn broke so on your bdc smb.conf your slave ldap should be the first entry in the passwd backend, so if vpn brake , the slave ldap operates with its last entries from the master and will give the win clients any chance to operate just like if the pdc is alive. If vpn is up again it the ldap should refresh the slave automatic. But note, a bdc is read only so changes can olny be made to the master ldap on the pdc.So no changes can be made to the domain during the blackout period. If you want a full functional bdc you also should setup user clients homes and profiles in your outside ( vpn ) office hosted on the bdc. ( a seperate dhcp server and an bind slave with longtime zone caching is very usefull, too ) Regards Jason C. Waters schrieb: Is anyone using this? My smb.conf file has this line in server1(master) passwd backend = ldapsam:ldaps://ldap.server1 ldaps://ldap.server2 and this is what server2(slave ldap, BDC) looks like: passwd backend = ldapsam:ldaps://ldap.server1 ldap.server2 This is what happens. When I take down server 1's ldap server, server2 just starts using its local ldap server. But if I take down the VPN between the two, I try the same test, pdbedit -L, it works but it take about 6 seconds for it to timeout on server1. Is this normal or do I need to change some DNS setting? Thanks for your help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Master/Slave
This belongs to the fact that a bdc is read only. This is my understandingand practised...or do you now something other workaround? this is also my understandig a solution could be the (experimental) multimaster patch for openldap but it's not recommended on productive systems greez rruegner schrieb: Hi John, let me explainif you have conected smb ldap master pdc with a vpn ( ie. Openvpn ) to a bdc smb ldap slave and if the vpn brakes , win clients from the vpn network are working with the last entries from the slave ldap. As in the blackout period the pdc isnt exist and the bdc ldap slave is not writeable , you cant make any changes ( like bringing up new machines on the fly, chnage passwords etc )until the vpn is up again to the pdc ldap master. This belongs to the fact that a bdc is read only. This is my understandingand practised...or do you now something other workaround? ( which might be possible with ldap in principal, but will end in heavly syncing the ldap directory in network blackout periods ) Best Regards John H Terpstra schrieb: On Wednesday 18 August 2004 16:11, rruegner wrote: thats right I am not sure if I understand what is being said here. Samba should refer password changes to the PDC and it should apply the changes to the LDAP directory. - John T. regards Jason C. Waters schrieb: I don't think this is a solution. If I understand what you were saying, on the BDC I should have this as the passwd backend: passwd backend = ldapsam:ldaps://ldap.server2 ldaps://ldap.server1 server2 - the BDC and ldap slave which is read only server1 - is the PDB and has the ldap master which users can read/write, so they could update their passwords. If I have it setup this way, the users that on the other side will never be able to update their passwords, at least on that leg of the VPN. Or maybe I just thinking about this the wrong way. Jason rruegner wrote: Hi, if you want to stay bdc stay alive, in cases when vpn broke so on your bdc smb.conf your slave ldap should be the first entry in the passwd backend, so if vpn brake , the slave ldap operates with its last entries from the master and will give the win clients any chance to operate just like if the pdc is alive. If vpn is up again it the ldap should refresh the slave automatic. But note, a bdc is read only so changes can olny be made to the master ldap on the pdc.So no changes can be made to the domain during the blackout period. If you want a full functional bdc you also should setup user clients homes and profiles in your outside ( vpn ) office hosted on the bdc. ( a seperate dhcp server and an bind slave with longtime zone caching is very usefull, too ) Regards Jason C. Waters schrieb: Is anyone using this? My smb.conf file has this line in server1(master) passwd backend = ldapsam:ldaps://ldap.server1 ldaps://ldap.server2 and this is what server2(slave ldap, BDC) looks like: passwd backend = ldapsam:ldaps://ldap.server1 ldap.server2 This is what happens. When I take down server 1's ldap server, server2 just starts using its local ldap server. But if I take down the VPN between the two, I try the same test, pdbedit -L, it works but it take about 6 seconds for it to timeout on server1. Is this normal or do I need to change some DNS setting? Thanks for your help. Jason -- Matrix - more than a vision ** Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Master/Slave
rruegner wrote: let me explainif you have conected smb ldap master pdc with a vpn ( ie. Openvpn ) to a bdc smb ldap slave and if the vpn brakes , win clients from the vpn network are working with the last entries from the slave ldap. As in the blackout period the pdc isnt exist and the bdc ldap slave is not writeable , you cant make any changes ( like bringing up new machines on the fly, chnage passwords etc )until the vpn is up again to the pdc ldap master. This belongs to the fact that a bdc is read only. This is my understandingand practised...or do you now something other workaround? ( which might be possible with ldap in principal, but will end in heavly syncing the ldap directory in network blackout periods ) I've been watching this thread since I'm looking at implementing backup servers at two remote sites next week. Could I just clarify what I believe happens : During a network break : Clients at the remote site will be reliant on the backup servers, but for obvious reasons will not be able to update the LDAP server. During normal operations : Clients can use any of the servers for authentication etc. If a change is made via one of the remote servers, then it is either replicated or redirected to the primary LDAP server depending on the LDAP setup. Is this correct ? Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem migrating PDC from one machine to another
On Aug 12, 2004, at 7:57 AM, Alex Sharaz wrote: 3). Copy smbpasswd, secrets.tdb and smbusers from old server/etc/samba to new server/etc/samba Don't copy the secrets.tdb, most of the information in secrets.tdb is server specific. The information piece of information in the file is the domain SID. So preform the upgrade just like a real MS domain. Join Server 2 to the domain, so it has the correct domain SID, then edit it's config to make it a the domain master. At this point you can either edit the config on Server 1 and demote it to a normal domain server or simply turn it off. Hope that helps, Derek Isn't sanity just a one-trick pony anyway? I mean, all you get is that one trick, rational thinking, but when you're good and crazy, well, the sky's the limit! The Tick (comic book) PGP.sig Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling Samba and kerberos, lib problems
I compiled kerberos 1.3.4 with these options: --prefix=/usr/local/kerberos/ --enable-dns --disable-krb4 --enable-shared Then I compiled samba 3.0.5 with these: --prefix=/usr/local/samba --with-krb5=/usr/local/kerberos/ Everything seemed fine and I did: make install. But I get this message when I manually try to start smbd: ./smbd: error while loading shared libraries: libgssapi_krb5.so.2: cannot open shared object file: No such file or directory If I run this command: ls -l /usr/local/kerberos/lib/libgssapi_krb5.so.2* I get: lrwxrwxrwx1 root root 21 Aug 12 12:07 /usr/local/kerberos/lib/libgssapi_krb5.so.2 - libgssapi_krb5.so.2.2 -rw-r--r--1 root root 781823 Aug 12 12:07 /usr/local/kerberos/lib/libgssapi_krb5.so.2.2 So the lib seems to be in place. Help? Thanks, Mattias -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem migrating PDC from one machine to another
On Thursday 19 August 2004 06:47, Derek Harkness wrote: On Aug 12, 2004, at 7:57 AM, Alex Sharaz wrote: 3). Copy smbpasswd, secrets.tdb and smbusers from old server/etc/samba to new server/etc/samba Don't copy the secrets.tdb, most of the information in secrets.tdb is server specific. The information piece of information in the file is the domain SID. So preform the upgrade just like a real MS domain. Join Server 2 to the domain, so it has the correct domain SID, then edit it's config to make it a the domain master. At this point you can either edit the config on Server 1 and demote it to a normal domain server or simply turn it off. To set the domain SID from an existing Domain run: net rpc getsid -S PDC_name -UAdministrator%password Do NOT change the server name and do NOT change the Domain name (workgroup name) of a Samba server after you have set the SID. IF you must change either you should first save the current SID with: net getlocalsid mysid Then after changing the name, reset the SID from the file mysid with: net setlocalsid S-1-5-21-XX-XX-X - John T. Hope that helps, Derek Isn't sanity just a one-trick pony anyway? I mean, all you get is that one trick, rational thinking, but when you're good and crazy, well, the sky's the limit! The Tick (comic book) -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba and kerberos, lib problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mattias Andersson wrote: | I compiled kerberos 1.3.4 with these options: | --prefix=/usr/local/kerberos/ --enable-dns | --disable-krb4 --enable-shared | | Then I compiled samba 3.0.5 with these: --prefix=/usr/local/samba | --with-krb5=/usr/local/kerberos/ | | Everything seemed fine and I did: make install. | | But I get this message when I manually try to start smbd: | ./smbd: error while loading shared libraries: libgssapi_krb5.so.2: | cannot open shared object file: No such file or directory You don't say what server os. If you are using linux, then just add /usr/local/kerberos/lib/ to /etc/ld.so.conf. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBJKb/IR7qMdg1EfYRAuKOAJ9Jb2RWDMEI6WgcyiF1rtqjTnka0QCglK+4 b86tpWICEDOA2PPl0VctkMc= =gtYy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Virus gefunden!
Dateianlage : document.pif Virusname : W32/[EMAIL PROTECTED] Ausgeführte Aktion : Gelöscht... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba and kerberos, lib problems
Gerald (Jerry) Carter wrote: You don't say what server os. If you are using linux, then just add /usr/local/kerberos/lib/ to /etc/ld.so.conf. Yes, it is linux, thanks a lot for your help, though there is still something strange. When I run smbd it dies directly and returns 255. If I try to run winbindd, same thing happens, though it returns 1. Thanks, Mattias -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] printernames vs. sharenames
Hello, when I assign a printer driver to a printer from a windows client, the printername now changes to the drivername. Yes, I can see the SPOOLSS_SETPRINTER call with the printername property, but that's definitly not what I want (or would expect). E.g. when I change the drivers of 3 printers to HP Laserjet, I get 3 printers with the names HP Laserjet [(Copy 1|2)]. These names are different from the names of my CUPS queues and have to be reverted manually. We all work with and configure the printers having the sharenames (aka the queue names) in mind. And -btw- it does not happen, when changing the printer driver of a local queue. Just my point of view... any comments? P.S. To the topic print spooling messages never go away: We're not able to reproduce it with 3.06rc2. We'll still have an eye on that but can't provide reasonable infos now. Bye, Martin -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticating with ldap backend
Hi, Using samba 3.0.2, I am trying to set up my samba config to authenticate against my ldap server. However I am getting the errors: Failed to issue the StartTLS instruction: Can't contact LDAP server I believe that samba is trying to bind to port 636. This is a problem as my ldap server using port 389. Although the option exists in my config to change the ldap port : ldap port = 389, when I start samba with this option I get an error unkown option. PLease help ... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2 gb size limit
Jason, I am loading the share with the following command export USER=ralphf smbmount //satldw001/programers /lcad/backup1 -o credentials=/etc/somefile It seems to work fine up until 2 gig going to windows I can copy a 3 gig file in linux from (box a) to (box b) no problem without samba Any help would be appreciated Here is a copy of my /etc/fstab LABEL=/ / ext3defaults1 1 LABEL=/boot /boot ext3defaults1 2 none/dev/ptsdevpts gid=5,mode=620 0 0 LABEL=/home /home ext3defaults1 2 LABEL=/lcad /lcad ext3defaults1 2 none/proc procdefaults0 0 none/dev/shmtmpfs defaults0 0 LABEL=/tmp /tmpext3defaults1 2 LABEL=/usr /usrext3defaults1 2 LABEL=/var /varext3defaults1 2 /dev/sda8 swapswapdefaults0 0 /dev/cdrom /mnt/cdrom iso9660 noauto,owner,kudzu,ro 0 0 /dev/fd0/mnt/floppy autonoauto,owner,kudzu 0 0 Thanks Ralph Ralph Feole LogistiCare, Inc. [EMAIL PROTECTED] 352-337-0029 ext. 405 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printernames vs. sharenames
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Zielinski wrote: | Hello, | | when I assign a printer driver to a printer from a | windows client, the printername now changes | to the drivername. | | Yes, I can see the SPOOLSS_SETPRINTER call with the | printername property, but that's definitly not what I | want (or would expect). This is actually windows behavior. As you mention, it is the client spooler to the SetPrinter() call. You can see the same thing locally if the printername is the previous driver name. | E.g. when I change the drivers of 3 printers to HP Laserjet, I | get 3 printers with the names HP Laserjet [(Copy 1|2)]. These | names are different from the names of my CUPS queues and have | to be reverted manually. | | We all work with and configure the printers having the | sharenames (aka the queue names) in mind. And -btw- it does | not happen, when changing the printer driver of a local | queue. | | Just my point of view... any comments? Changing a driver should happen in frequently I expect. If people find the behavior worse than not being able to change the printername at all, then we can set some method of enforcing the printername == sharename model again. Kind of late for 3.0.6 though. | To the topic print spooling messages never go away: | We're not able to reproduce it with 3.06rc2. We'll still | have an eye on that but can't provide reasonable infos now. ok. Hopefully this is fixed. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBJL3/IR7qMdg1EfYRAqTfAKC3OcWqDiM15STY2x4jV9N1dQZiQACgv90Y U323MlSzED1oIRx0V23fNXo= =ubKi -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] TR : Connection Issue - Samba 3.0.2a Solaris 6 - NT4 SP 6
Hi all, First, here is a small description of our environnement : We have a PDC running a domain. let's call this server pdc01. All of our users are defined in the domain. We have a Unix server hosting a database. Let's call this server unix01. All users can access this server and use the database. They are allowed of generating report which are stored in their home directory on unix01. Unix01, and pdc01 are on different network with a firewall between them. I would like to configure samba to act as a Domain member, and have users accessing their home directory on unix01 through a share. We also have unix02 and unix03 working the same way. SAMBA is working well on unix02 and unix03 but I cannot get unix01 to work. When I try to join the domain, this is what I get (these are the last line of command net join rpc -d10) : _ [2004/08/19 11:00:09, 5] libsmb/nmblib.c:send_udp(744) Sending a packet of len 50 to (10.xx.xx.255) on port 137 [2004/08/19 11:00:09, 5] libsmb/nmblib.c:send_udp(744) Sending a packet of len 50 to (10.xx.xx.255) on port 137 [2004/08/19 11:00:09, 5] libsmb/nmblib.c:send_udp(744) Sending a packet of len 50 to (10.xx.xx.255) on port 137 [2004/08/19 11:00:10, 1] utils/net.c:net_find_server(274) no server to connect to [2004/08/19 11:00:10, 2] utils/net.c:main(767) return code = 1 Unable to find a suitable server Unable to find a suitable server _ Earlier on in this output, I see Samba trying to broadcast queries on network 10.xx.xx.255 (which is unix01 net). pdc01 is on a different network. Do I have to configure something ? Do you have any idea of what is going on ? Thanks a lot in advance. Group Cantrex Inc. Boismartel, Jerome Certified Unix SysAdmin Cantrex Group Inc. 4445 rue Garand, St-Laurent, H4R 2H9 Quebec, Canada [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Groups not recognized
I've got an issue with a fresh (and I mean really fresh) 3.0.5 + ldap server where doesn't seem to recognize unix group membership. The server was 2.2.8a last night and things were working. The unix side works flawlessly, in other words if I log in as myself I can get where I need to, but under samba I get nothing. Here's some supporting info: my group membership information: [fgoserv:bin]# groups pgienger itserv applied itadmin office projects permissions on the directory: [fgoserv:itserv]# ls -alF total 8 drwxrws--- 4 speterso itserv 512 Mar 3 09:03 ./ drwxr-xr-x 8 root root 512 Jun 25 08:10 ../ drwxrws--- 5 speterso projects 512 Jun 22 09:34 projects/ drwxrwsr-t 7 root itserv 512 Aug 3 16:47 shared/ So from that I can access projects and subdirectories with uid pgienger on unix. On samba 3, not so much. This did work under 2.2.8a last night. My question then is 'is there anything else I should need to do to get the groups to recognize?' This is one example, there are many more people/groups/directories that show this behavior as well. I'm pretty sure I've seen this posting before on the list but I couldn't find any resolutions... so if somebody solved it - shame on you for not sharing :-P Thanks -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] LDAP Idmap
In addition to the instructions below, you must have complied the NSS_LDAP from www.padl.com on your SAMBA PDC. I have written a how-to with instructions to compile NSS_LDAP and an example smb.conf attached to this email. I got the detailed directions from the SAMBA 3 by example at http://us1.samba.org/samba/docs/man/Samba-Guide/ Good luck, Pat -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Manfred Odenstein Sent: Monday, August 09, 2004 2:59 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] LDAP Idmap Hi, at least you have to specify: idmap backend = ldap:ldap://host idmap uid = 1-2 idmap gid = 1-2 ldap idmap suffix = suffix ldap admin dn = admindn ldap suffix = suffix you don't have to change the nsswitch if winbind is already in there regards odi Am Freitag, 6. August 2004 13:51 schrieb Shannon Johnson: Thanks for the quick response... but I've already been there. As I said, I'm NOT looking for an LDAP PDC... I'm ONLY looking for LDAP idmap. There is no documentation on idealx.org for an LDAP idmap that does NOT include the PDC... nor is there much documentation anywhere else about it. Shannon Johnson Network Support Specialist / Systems Administrator Dept. of Mechanical and Nuclear Engineering 224 Reber Building University Park, PA 16802 Phone: (814) 865-8267 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, August 06, 2004 3:59 AM To: Shannon Johnson; [EMAIL PROTECTED] Subject: Re: [Samba] LDAP Idmap Shannon Johnson [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 05.08.2004 22:59 To: [EMAIL PROTECTED] cc: Subject:[Samba] LDAP Idmap Hi shannon, a good start you'll find at www.idealx.org. There is a very good docu on how to setup samba3-LDAP. If you then running into problems. ask the list. Chris I'm having quite a bit of trouble getting an LDAP directory set up for the idmap backend for winbind. I've been working on it for quite a while, and haven't found any very helpful websites or anything. I've found quite a bit on how to set up a PDC using LDAP, which would be nice, but I already have the PDC... I just need LDAP to host UID's and GID's. The things I'd like to know are: 1. What should the rootdn, suffix, and indexes be in the slapd.conf? I think that the rootdn needs to match what I put in the smb.conf for the ldap admin dn, and I'm fairly sure the suffix needs to match the ldap suffix from the smb.conf... I don't have any idea about the indexes. 2. What needs to be in the ldif file to create the directory properly? I've tried several that I've found online, both from the Samba 3 By Example book, and lots of forum / mailing list posts. I'm not sure if what I've tried has been correct, but it hasn't worked yet, and this is one part I'm not sure about. 3. I think that once I get the first 2 things worked out, I just set about 6 things in my smb.conf (ldap suffix, ldap admin dn, idmap backend (which should point to ldap:ldap://127.0.0.1, if the server is running on the same machine, right?), ldap idmap suffix, idmap uid, and idmap gid), enter my password from the smbpasswd -w command, and once I restart winbind, it should automatically start filling up the directory, right? 4. Once I get the server going and filled up with UID's and GID's, for the clients, am I correct in saying that I alter the smb.conf to include the ldap suffix, ldap admin dn, idmap backend, ldap idmap suffix, idmap uid, and idmap gid, then again enter my password via smbpasswd -w, change /etc/nsswitch.conf to be passwd files ldap instead of passwd files winbind, and it should work? This isn't documented very well anywhere, so I'd appreciate any hints or suggestions anybody might have... Shannon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't log in after joining domain
Hello, I've successfully joined my workstation (Win 2K Pro) to my Samba domain (3.0.5 on a Fedora Core 2 box), but I can't log on after that. The error message is The system cannot log you on to this domain because the system's computer account in its primary domain is missing, or the password on that account is incorrect. I've checked the different files associated with this (smb.conf, smbpasswd, /etc/passwd, /etc/shadow, etc.) The machine account appears in each one. I don't have any LDAP running. Any help would be appreciated. Thanks! Jeff Jeff Brooks-Manas - Sr. IT Coordinator Raines, Melton Carella, Inc. 2001 N. Main St., Suite 400 Walnut Creek, CA 94596 (925) 627-4136 (direct) (925) 299-6733 (office) (925) 299-6736 (fax) [EMAIL PROTECTED] http://www.rmcengr.com Innovative Solutions for Water and the Environment. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How can I limit samba users to just one login session ?
How can I limit samba users to just one login session? I have some people logging in as the same user several times .. .( don't ask...it's a partner company that has limited access) I have no control over the users other than limiting their login to just once per user. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How can I limit samba users to just one login session ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Donald D Gunn wrote: | How can I limit samba users to just one login session? | | I have some people logging in as the same user several times .. | .( don't ask...it's a partner company that has limited access) | I have no control over the users other than limiting their | login to just once per user. Volker just posted a possible patch to the samba-technical list. Probably will be incorporated into 3.0.7. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBJOOdIR7qMdg1EfYRApaPAKCvtQmD59ebSybiLacdCSM42fWH7gCgxQZU CDUhXtb2k07iY2eJWmuZpR0= =Rpd4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authenticating with ldap backend
Try adding /ldap ssl = off to your smb.conf// / Brendon Standing wrote: Hi, Using samba 3.0.2, I am trying to set up my samba config to authenticate against my ldap server. However I am getting the errors: Failed to issue the StartTLS instruction: Can't contact LDAP server I believe that samba is trying to bind to port 636. This is a problem as my ldap server using port 389. Although the option exists in my config to change the ldap port : ldap port = 389, when I start samba with this option I get an error unkown option. PLease help ... -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind, active directory and solaris 8
Hi All, I have a sparc solaris 8 server running samba 2.2.11 (which i complied with winbind). The server has been running for years and has about 20 local users setup using local files for openssh and rexec logins, and samba shares. They each use samba to map to their home directory and a common shared folder. They also use rexec and openssh to login on the command line. 4 users are in a special group called sap and only those 4 have write access to the shared folder, the rest are in a group called dataentry and only have read access to the shared folder. I now have a requirement to have the unix server get its passwords for these users from our win2000 active directory server. I used this guide to try and set this up: http://us3.samba.org/samba/ftp/docs/textdocs/Solaris-Winbind-HOWTO.txt I am now able to map to the samba share using winbind, but i have some problems: 1) When the users login using ssh or rexec, they get the local UID, but when they map with samba they get the UID from samba and active directory. These do not match and im having permission problems. Also when they login local, they get their group sap or dataentry but when they use winbind/AD to map they are in a group called domain users, so the permissions are wrong here also. Is there a way to have them keep their UID's and GID's that im now using from local files when i switch to winbind and AD? The users have different groups for unix local files and AD. If not I have to change the perms on thousands of files. 2) I only want these 20 users to be able to map to the samba share, but it seems that anyone in the windows active directory can now map to this share. How do i only allow the 20 users to map? 3) I am trying to setup logins with rexec and openssh to use winbind and active directory, but its not working for me. I think my pam.conf is setup wrong. How can i fix this? Do i need to delete their entries from the local passwd, shadow and group files when i switch to AD? Thank you in advance gurus! Here is my pam.conf and my smb.conf: [EMAIL PROTECTED]:/export# cat /etc/pam.conf # # ident @(#)pam.conf 1.1903/01/10 SMI # # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # PAM configuration # # Unless explicitly defined, all services use the modules # defined in the other section. # # Modules are defined with relative pathnames, i.e., they are # relative to /usr/lib/security/$ISA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth required /usr/lib/security/pam_winbind.so login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 login auth required pam_dial_auth.so.1 # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient /usr/lib/security/pam_winbind.so rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_auth.so.1 # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_auth.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authenctication # other account sufficient /usr/lib/security/pam_winbind.so other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_auth.so.1 # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cronaccount requiredpam_projects.so.1 cronaccount requiredpam_unix_account.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # other account requisite pam_roles.so.1 other account requiredpam_projects.so.1 other account requiredpam_unix_account.so.1 # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # other session requiredpam_unix_session.so.1 # # Default definition for Password management # Used when service name is not explicitly mentioned for password management # other password required pam_dhkeys.so.1 other password requisite
Re: [Samba] Authenticating with ldap backend
Make sure you have the proper schema's loaded in ../etc/openldap/schema on the ldap server and that slapd.conf calls them in the right order. Also smb.conf needs this line ldap ssl = start tls. This will invoke the tls session which make ldap requests to port 389. Hastas TMS III Paul Gienger wrote: Try adding /ldap ssl = off to your smb.conf// / Brendon Standing wrote: Hi, Using samba 3.0.2, I am trying to set up my samba config to authenticate against my ldap server. However I am getting the errors: Failed to issue the StartTLS instruction: Can't contact LDAP server I believe that samba is trying to bind to port 636. This is a problem as my ldap server using port 389. Although the option exists in my config to change the ldap port : ldap port = 389, when I start samba with this option I get an error unkown option. PLease help ... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] can't write superblock
Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with rwxrwx, server2(Redhat linux 9) mount to /Shared from server 1. When I did smbmount from server2, Shared is successfully mounted. I then remove /Shared and recreate /Shared from server 1, I started having problem from server 2. when I do mount, it still show Shared is mounted, but when I do ls -l / , it displays /Shared Input/Output error. I can't unmount /Shared after that. When I try to umount, it dislays can't write superblock. Can anybody tell me what's happening here? How can I fix it? If nothing I can do, reboot the system will umount /Shared? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 1 wk2 server with 2 names; is it possible?
Hi, I tried to post in the windows newsgroup, but I didn't get replies because maybe there the users are not very conscious of what they are doing. ;-) I can't choose to go with samba (as I'd like best), because on the w2k server of the subject there are some windows application that doesn't work on linux or samba. Sorry if it's a FAQ, and if it is let me know where can I find the A(nswer) and read the FM (Fine Manual). I have 2 W2K server with 2 different names with about 80 clients (mostly XP, but also some W98) that uses different shares and programs on both (using also the server's names, not only IPs). They are oversized (average CPU load in working hours at about 10-15%) and the tasks that they perform are important but not mission critical h24x365. They work in a municipality, it is there are no much money and they are both W2000 server (no advanced server and there are no Microsoft cluster software). Every night they are backupped on DAT and there are a crossed backup copy of data from one to the other and viceversa. If for some reason one of them die I'd like to switch to the other without changing the settings of all the clients. To do so, I have to add the IP address of died machine to the surviving, but I should also add the name of the died one to the surviving one. Are there some way to do such thing (it is a W2000 server with 2 names), and if yes, which one? Thx to replying people, regards to all, Andrea Ferraris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't write superblock
nina wrote: Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with rwxrwx, server2(Redhat linux 9) mount to /Shared from server 1. When I did smbmount from server2, Shared is successfully mounted. I then remove /Shared Huh? What do you mean remove /Shared? and recreate /Shared from server 1, Again sorry, Huh? Please explain precisely. I started having problem from server 2. when I do mount, it still show Shared is mounted, but when I do ls -l / , it displays /Shared Input/Output error. I can't unmount /Shared after that. When I try to umount, it dislays can't write superblock. Can anybody tell me what's happening here? How can I fix it? If nothing I can do, reboot the system will umount /Shared? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] userRID
In the context of Samba, what is a RID? Jeff Saxton Sr. Support Engineer Addamark Technologies, Inc. http://www.addamark.com http://www.addamark.com/ mailto:[EMAIL PROTECTED] CELL: +1 415-640-6392 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't write superblock
/shared is actually the copy of one of mine folder which is updated everyday. That's why I need to remove /Shared and recreate it. rm -Rf /Shared cp -R /myDir /Shared Tom Skeren wrote: nina wrote: Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with rwxrwx, server2(Redhat linux 9) mount to /Shared from server 1. When I did smbmount from server2, Shared is successfully mounted. I then remove /Shared Huh? What do you mean remove /Shared? and recreate /Shared from server 1, Again sorry, Huh? Please explain precisely. I started having problem from server 2. when I do mount, it still show Shared is mounted, but when I do ls -l / , it displays /Shared Input/Output error. I can't unmount /Shared after that. When I try to umount, it dislays can't write superblock. Can anybody tell me what's happening here? How can I fix it? If nothing I can do, reboot the system will umount /Shared? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps
The ca certificate path must be entered in the ldap.conf of the openldap lib used by Samba. For me that was /usr/local/etc/openldap/ldap.conf Thanks everyone -Original Message- From: Bousquet Francois Sent: August 18, 2004 1:39 PM To: '[EMAIL PROTECTED]' Subject: Samba3 PDC with ldap backend in ldaps I have a Samba 3.0.4 installed on Solaris 7 as a PDC connecting to an ldap backend with ldaps (secure ldap). I need to specify the CA Certificate to Samba so it can accept the server certificate. What is the line to add to smb.conf ? I made some search and it doesn`t seems to have one. anyone have a idea ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps
Watch out, nss_ldap wants it in a different file, usually /etc/ldap.conf Jeff Saxton Sr. Support Engineer Addamark Technologies, Inc. http://www.addamark.com mailto:[EMAIL PROTECTED] CELL: +1 415-640-6392 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bousquet Francois Sent: Thursday, August 19, 2004 12:12 PM To: '[EMAIL PROTECTED]' Subject: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps The ca certificate path must be entered in the ldap.conf of the openldap lib used by Samba. For me that was /usr/local/etc/openldap/ldap.conf Thanks everyone -Original Message- From: Bousquet Francois Sent: August 18, 2004 1:39 PM To: '[EMAIL PROTECTED]' Subject: Samba3 PDC with ldap backend in ldaps I have a Samba 3.0.4 installed on Solaris 7 as a PDC connecting to an ldap backend with ldaps (secure ldap). I need to specify the CA Certificate to Samba so it can accept the server certificate. What is the line to add to smb.conf ? I made some search and it doesn`t seems to have one. anyone have a idea ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] No .JPG as background when using roaming profiles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello ! I have installed Samba3.0.5 on Debian/testing and I think I have encountered a problem with WinXP (SP1 and SP2), the desktop wallpapers and Samba. If I use a JPEG image as background image for the desktop it will not be loaded at the next logon. I have to right click on desktop, select properties and then simply click OK to let Windows load the wallpaper. If I use BMP images instead of JPG, GIF, PNG the wallpaper will be loaded without any problems. This happens only with roaming profiles stored on the samba server. Locale profiles and profiles stored on a W2k server are not hit by this problem. I can post my smb.conf on request. Thank you for your help. Thorsten Reichelt -BEGIN PGP SIGNATURE- Version: PGP SDK 3.0.3 Comment: iQA/AwUBQST+rm1rSljn4qeLEQJmAgCgg6kvV0e17MpRKEOe6q3Gui7B+KEAoM8B kVsEYmXItGJE2eXAbK8Duj3p =sesx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps
Yes, I know and I have 2 ldap.conf on my server : /usr/local/etc/openldap/ldap.conf and /etc/ldap.conf The first is for openldap lib and the second for pam_ldap nss_ldap I didn't want to put pam_ldap nss_ldap parameters in the openldap ldap.conf because I was worrying my slapd would not accept them correctly. It is working well like this, maybe I could try to mixed both files but that would me recompile openldap lib ou slapd for me... so I am not very interested. thanx for the cue. -Original Message- From: Jeff Saxton [mailto:[EMAIL PROTECTED] Sent: August 19, 2004 3:32 PM To: [EMAIL PROTECTED] Cc: 'Bousquet Francois' Subject: RE: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps Watch out, nss_ldap wants it in a different file, usually /etc/ldap.conf Jeff Saxton Sr. Support Engineer Addamark Technologies, Inc. http://www.addamark.com mailto:[EMAIL PROTECTED] CELL: +1 415-640-6392 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bousquet Francois Sent: Thursday, August 19, 2004 12:12 PM To: '[EMAIL PROTECTED]' Subject: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps The ca certificate path must be entered in the ldap.conf of the openldap lib used by Samba. For me that was /usr/local/etc/openldap/ldap.conf Thanks everyone -Original Message- From: Bousquet Francois Sent: August 18, 2004 1:39 PM To: '[EMAIL PROTECTED]' Subject: Samba3 PDC with ldap backend in ldaps I have a Samba 3.0.4 installed on Solaris 7 as a PDC connecting to an ldap backend with ldaps (secure ldap). I need to specify the CA Certificate to Samba so it can accept the server certificate. What is the line to add to smb.conf ? I made some search and it doesn`t seems to have one. anyone have a idea ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Active Directory
I have setup my linux machine (Fedora Core2) to kinit to my windows 2003 server. It has added itself to the active directory with no errors I can use smbclient //server/c$ -k and view all the files on the server. I installed and configured winbind. I can do a wbinfo -u and wbinfo -g and return the list of users and groups from the active directory. I have done a getent passwd and getgroups and winbind has assigned the active directory users and groups the proper unix uid's and gid's. I can even assign ownership to files but I must use DOMAINPREFIX\\username in order to do so. IS THIS THE CORRECT WAY TO DO THAT? I can add the user to the smbpasswd file using smbpasswd -a DOMAINPREFIX\\username and it gets added. This tells me that unix knows the user exits. Whether I add the username to the smbpasswd file or not I still cannot access any of the samba shares. It continuously prompts me for a username and password when I access it from a windows machine. I guessing that the password isn't getting pulled from the active directory for the user accounts. But I'm not sure. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] userRID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff Saxton wrote: | In the context of Samba, what is a RID? Relative IDentifier -- last 32 bits in the user/group SID (security IDentifier). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBJQf4IR7qMdg1EfYRArYsAJ46u941itl2bq7EAwtB/JA+xAzx6gCgpBxf pri+JZjQO6o6g9NJID/tQSo= =peVe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Message not delivered RE: Re: Here
Ihre Nachricht Your message From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Thu, 19 Aug 2004 22:47:31 +0200 Subject: Re: Here wurde nicht zugestellt, ein Virus oder Wurm wurde entdeckt. was not delivered, a virus or worm was detected. Bitte antworten sie nicht an [EMAIL PROTECTED] Please do not answer to [EMAIL PROTECTED] Viren benutzen oft die Adressbuecher eines befallenen Szstems als Senderadresse. Insofern kann es sein, dass die Nachricht nicht von Ihrem System versendet wurde.Wurde ihre Mail-Adresse missbraucht, koennen Sie diese Nachricht loeschen. Virus often uses adressbooks of infected systems as sender-adress. So it is possible, that the message came not from your system. Was your address misused, you can delete this message. This message was generated by Mailsweeper. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbmount hung after mounted
From my redhat9, I tried to mount the network disk from the FC2 system , after mounting, most of the time it just stay there until I press Ctrl_z, or Ctrl_c, however, the disk is mounted successfully ( somtimes, it got through and give me the prompt without pressing Ctrl_c.) *#smbmount //server/folder1 /Shared -o credentials=/root/smb_shared,uid=general,gid=group,fmask=660, dmask=770 /INFO: Debug class all level = 2 (pid 5476 from pid 5476) added interface ip=66.80.30.160 bcast=66.80.30.191 nmask=255.255.255.224/ * then wait for ctrl_c. Did I miss anything here? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't write superblock
Let's see, you first do this on server2 1. mkdir /Shared 2. mount_smbfs //server1/Shared /Shared 3. On server2 you rm -R /Shared. If so this is a bad thing. You have two choices here. ssh to server 1 and do that function on server1. Or cd /Shared and rm the stuff in there. You can't delete the mount point and then recreate the mount point, then remount the shared drive. nina wrote: /shared is actually the copy of one of mine folder which is updated everyday. That's why I need to remove /Shared and recreate it. rm -Rf /Shared cp -R /myDir /Shared Tom Skeren wrote: nina wrote: Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with rwxrwx, server2(Redhat linux 9) mount to /Shared from server 1. When I did smbmount from server2, Shared is successfully mounted. I then remove /Shared Huh? What do you mean remove /Shared? and recreate /Shared from server 1, Again sorry, Huh? Please explain precisely. I started having problem from server 2. when I do mount, it still show Shared is mounted, but when I do ls -l / , it displays /Shared Input/Output error. I can't unmount /Shared after that. When I try to umount, it dislays can't write superblock. Can anybody tell me what's happening here? How can I fix it? If nothing I can do, reboot the system will umount /Shared? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Groups not recognized
I've got an issue with a fresh (and I mean really fresh) 3.0.5 + ldap server where doesn't seem to recognize unix group membership. The server was 2.2.8a last night and things were working. The unix side works flawlessly, in other words if I log in as myself I can get where I need to, but under samba I get nothing. Here's some supporting info: Ok, apparently this is a solaris-vs.-LDAP issue. I've tested with a machine running Solaris 9 12/02 (that I could reboot) and with anything higher than 112960-03 you can't see supplimentary groups, but with -03 you can do everything like you want to, although the id command never shows all the groups, but I think that's a solaris-ism. Here's the rub, I've got a Solaris 9 8/03 box that has to be upgraded, but that version is post 112960-03. Does anybody know of a way around this??? I'm not completely averse to ripping out sun's nss library, but that's a little more work than this cat likes to do. my group membership information: [fgoserv:bin]# groups pgienger itserv applied itadmin office projects permissions on the directory: [fgoserv:itserv]# ls -alF total 8 drwxrws--- 4 speterso itserv 512 Mar 3 09:03 ./ drwxr-xr-x 8 root root 512 Jun 25 08:10 ../ drwxrws--- 5 speterso projects 512 Jun 22 09:34 projects/ drwxrwsr-t 7 root itserv 512 Aug 3 16:47 shared/ So from that I can access projects and subdirectories with uid pgienger on unix. On samba 3, not so much. This did work under 2.2.8a last night. My question then is 'is there anything else I should need to do to get the groups to recognize?' This is one example, there are many more people/groups/directories that show this behavior as well. I'm pretty sure I've seen this posting before on the list but I couldn't find any resolutions... so if somebody solved it - shame on you for not sharing :-P Thanks -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't write superblock
Thanks a lot. Tom Skeren wrote: Let's see, you first do this on server2 1. mkdir /Shared 2. mount_smbfs //server1/Shared /Shared 3. On server2 you rm -R /Shared. If so this is a bad thing. You have two choices here. ssh to server 1 and do that function on server1. Or cd /Shared and rm the stuff in there. You can't delete the mount point and then recreate the mount point, then remount the shared drive. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File deletion logging
Hi, I small network at my job, and it has a samba server. This server has many shares (one for the home of each user, one for each group of users and one public share, that anyone can write to, open any file ou even delete then). Lately, I'm experiencing some problems with malicious users who are deleting all files in the public share, and I'd like to know if there is any setting in samba that can log who deleted any file, and when. I've RTFM, and tried using a higher level of logging, tried the audit and extd_audit modules, to no avail. Does any of you have a tip on how could I accomplish this? Thanks in advance, José Pinteiro -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Installation problems on Fedora Core 2
Thanks to Paul Gienger, I've made some progress diagnosing my samba problems. Paul suggested that I needed to install the samba-client package to fully test my setup. I have now done that. I am trying to share files between a Linux system running Fedora Core 2 (named Wintergreen) and a Windows 2000 Professional system (named Internet-2000). I am not yet able to share files, although the W2K machine can see the Linux box. The key error message I am getting on the W2K machine is The Server service is not started. I have gone through the Samba Checklist to try to figure out what is wrong. Here are the results I've gotten from the checklist (it's long). I've also attached my smb.conf file to this e-mail. 1. The output of testparm looks healthy: Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [tmp] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] server string = Samba Test Server interfaces = eth0, lo log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap dns proxy = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes 2. I can ping each machine from the other using IP addresses. I can ping the W2K machine from the Linux machine by the machine name (because I put the W2K machine name and IP address into /etc/hosts). 3. When I run the command smbclient -L Wintergreen on the Linux box, I am asked for a password. I type in the root password and get the error message session setup failed: NT_STATUS_LOGON_FAILURE. When I enter no password at all (this was not obvious), the command succeeds and I get the following output: Anonymouse login successful Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.3-5] Sharename Type Comment - --- tmp Disk Temporary file space IPC$IPC IPC Service (Samba Test Server) ADMIN$ IPC IPC Service (Samba Test Server) Anonymouse login successful Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.3-5] Server Comment ---- WINTERGREEN Samba Test Server WorkgroupMaster ---- WORKGROUPWINTERGREEN 4. When I type the command nmblookup -B Wintergreen __SAMBA__, I do indeed get the IP address of the server. 5. When I type the command nmblookup -B Internet-2000 '*', I do indeed get the IP address of the W2K machine. 6. When I type the command nmblookup -d 2 '*', I get the following output: added interface ip=192.168.0.4 bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 querying * on 192.168.0.255 querying * on 127.255.255.255 Got a positive name query response from 127.0.0.1 ( 192.168.0.4 ) 192.168.0.4 *00 The fact that I only got one positive response bothers me. I should probably have gotten a response from the W2K machine (192.168.0.7). 7. When I type the command smbclient //Wintergreen/tmp, I am prompted for a password. When I enter the password, I get the error message session setup failed: NT_STATUS_LOGON_FAILURE. However, when I don't enter a password (I just press Enter), the anonymous login succeeds and I get a smb :\ prompt. The dir and get commands work. When I try the put command, I get the error message NT_STATUS_ACCESS_DENIED opening remote file \test.txt. 8. On the W2K machine, I typed net view \\Wintergreen in a DOS window, and I got the following error message: The Server service is not started. 9. On the W2K machine, I typed net use x: \\Wintergreen, and I got the following two error messages: System error 67 has occurred. and The network name cannot be found. 10. The command nmblookup -M WORKGROUP succeeded on the Linux machine. 11. When I used Internet explorer to try to look at the Linux machine, I got the following error messages: \\Wintergreen is not accessible and The Server service is not started. Thanks for any help you can provide. David Levner --- Paul Gienger [EMAIL PROTECTED] wrote: David Levner wrote: the name of the Linux machine. I have started nmbd and smbd on the Linux machine with nmbd -D and smbd -D.) Perhaps try using the startup script, you may get some insight from that and it's the 'approved' way to do things ;) I used yum (yum install samba) to install
[Samba] Making users happy
Using samba 3.05 and Openldap I have been following the Samba How To Chapter 6 Making users happy and everything works up to this point root# pdbedit -Lv chrisr I get a message along the lines of the user is not in the pass backend. Any suggestions would be appreciated. Thanks Douglas Sterner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Printing
Using samba 3.05 and cups for raw printing does anyone know why I'm getting this when I print from an xp client. All I'm trying to do is get point and print printing working in raw cups mode. Using the print manager I can print a successful test page but not from the client. Does anyone have any suggestions. Thanks Samba version 3.0.5 PID Username Group Machine --- 23087 root 1 chpaw-test (192.168.10.199) Service pid machine Connected at --- print$ 23087 chpaw-testTue Aug 17 15:09:58 2004 scans23087 chpaw-testTue Aug 17 14:42:06 2004 IPC$ 23087 chpaw-testTue Aug 17 12:39:46 2004 Locked files: PidDenyMode Access R/WOplock Name -- 23087 DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH /data/samba/drivers/W32X86/3/DKAAJ2UZ.ZIP Tue Aug 17 15:09:58 2004 23087 DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH /data/samba/drivers/W32X86/3/DKAAJ2F0.DFM Tue Aug 17 15:09:58 2004 23087 DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH /data/samba/drivers/W32X86/3/DKAAJ2D$.INI Tue Aug 17 15:09:58 2004 23087 DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH /data/samba/drivers/W32X86/3/DKAAJ2TH.HLP Tue Aug 17 15:09:58 2004 23087 DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH /data/samba/drivers/W32X86/3/DKAAJ2DA.HLP Tue Aug 17 15:09:58 2004 23087 DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH /data/samba/drivers/W32X86/3/DKAAJ2DA.ALL Tue Aug 17 15:09:58 2004 23087 DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH /data/samba/drivers/W32X86/3/DKAAJ2DA.CNT Tue Aug 17 15:09:58 2004 [EMAIL PROTECTED] samba]# [global] workgroup = workgroup log file = /var/log/samba/%U.log max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 printcap name = cups printer admin = auser guest ok = Yes printing = cups cups options = raw print command = /usr/bin/lp -d '%p' %s; rm %s lpq command = /usr/bin/lpstat -o '%p' lprm command = /usr/bin/cancel '%p-%j' lppause command = lp -i '%p-%j' -H hold lpresume command = lp -i '%p-%j' -H resume queuepause command = /usr/bin/disable '%p' queueresume command = /usr/bin/enable '%p' [printers] comment = CHPA - Complete printer share path = /var/spool/samba printer admin = @ntadmin, root, auser printable = Yes browseable = No [print$] comment = Printer Driver Download Area path = /data/samba/drivers write list = @ntadmin, root, auser [CH-5300N] comment = CH Dispatch Dell 5300N Laser Jet path = /var/spool/samba/dell5300n printer admin = @ntadmin, root hosts allow = 192.168.10. guest ok = Yes printable = Yes printer name = CH Dispatch Dell 5300N Laser Jet [CH-1600N-1] comment = CH Maintenance Dell 1600N Laser Jet path = var/spool/samba/dell1600N-1 printer admin = @ntadmin, root hosts allow = 192.168.10. printable = Yes printer name = CH Maintenance Dell 1600N Laser Jet [CH-1600N-2] comment = CH MIS Dell 1600N Laser Jet path = var/spool/samba/dell1600N-2 printer admin = @ntadmin, root hosts allow = 192.168.10. printable = Yes printer name = CH MIS Dell 1600N Laser Jet Douglas Sterner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Errors on DC since adding a Samba 3.0.5 server.
Morning all. Im hoping someone here has seen this before and can suggest a solution. I added a Samba 3.0.5 box to our AD yesterday and now one of our DCs is producing the following error in its System log: Event Type: Error Event Source: Server Event Category: None Event ID: 2510 Date: 20/08/2004 Time: 2:24:05 AM User: N/A Computer: RKI-SYD-SQL1 Description: The server service was unable to map error code 1355. The occurance of this error appears to be very random. According to MS this means: H:\net helpmsg 1355 The specified domain either does not exist or could not be contacted. The MS KB has a few references for Event ID 2510 but nothing specific for error code 1355. Google groups found: http://groups.google.com/groups?q=windows+2000+event+id+2510+1355hl=enlr=ie=UTF-8selm=i5T9AVzkDHA.2616%40cpmsftngxa06.phx.gblrnum=2 Seems like a contender and suggests the problem is a Samba one. Im unsure how to proceed though, ive probably not got Samba setup right. Anyone else seen this error? start smb.conf [global] # general options workgroup = *REMOVEDTOPROTECTTHEINNOCENT* netbios name = SERVER1 server string = Server 1 # winbindd configuration #winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes #template homedir = /home/%D/%U #template shell = /bin/bash # Active directory joining security = ads encrypt passwords = yes realm = *REMOVEDTOPROTECTTHEINNOCENT* wins server = X.X.X.35 cheers Andrew -- NARF! 250 OK -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Inter. between Samba 2.2.x and 3.x w/ LDAP backend (and another changes)
Hi all, I have a network that are composed at this way: - Samba 2.2.8a PDC - Samba 2.2.8a BDC - Some Samba 2.2.8a as MS - OpenLDAP 2.1 as backend (w/ Samba2 schema) We are planning some changes, including change the domain name. For this, we planning to setup the new Samba 3 domain on the same environment as the Samba 2, and sharing the same backend using the ldapsam_compat feature. After the workstations are changed to the new domain, we will convert the LDAP to the Samba 3 schema. In tests, we found some problems: - In Samba 3, we have the built-in accounts, which must be mapped to unix accounts. When I try to map it using the idmap ldap backend, we receive an error; - Using the tdbbackend, we can map the Domain Admins group, but when I try to add a machine on domain, we receive the user or password is incorrect (the machine account is created). Testing with net join, using an user of Domain Admins group (after the map), I receive this user could not have administrative rights. Reading the Idealx howto, I found that, in LDAP, is created a Domain Admins with an user Administrator with UID 0. Questions: - Is it possible to use the idmap ldap backend with ldapsam_compat? Someone has an example? - In Samba 3, we don't have some option as domain admin group (I read that this parameter isn't used)? I believed that mapping the Unix Group to Domains Admins can be done it. We need to have an user with UID 0? - I see on LDAP Account Manager (http://lam.sourceforge.net/), on live demo that the Domain SID are stored on LDAP backend, and not on secrets.tdb, is it correct? If yes, how to make it? Is possible to store more than one SID? - In some examples, all groups uses the posixGroup and sambaGroup objectclass, this can be the error in my built-in account maps? In Samba 3, is it mandatory? If I do it with all my groups, I can view then on Windows Workstations? (without the sambaGroup, on Samba 2, I can use it to provide access control on filesystem, but it can't be listed on Windows machines) Sirs, I need to make this change. I can't found any doc in the net about this setup. I believe that I can write my experience about after , and I need this help to make it. Please, any help will be apreciated. With best regards, Fabiano Felix -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groups not recognized
Paul Gienger [EMAIL PROTECTED] wrote: Ok, apparently this is a solaris-vs.-LDAP issue. I've tested with a machine running Solaris 9 12/02 (that I could reboot) and with anything higher than 112960-03 you can't see supplimentary groups, but with -03 you can do everything like you want to, although the id command never shows all the groups, but I think that's a solaris-ism. Here's the rub, I've got a Solaris 9 8/03 box that has to be upgraded, but that version is post 112960-03. Does anybody know of a way around this??? I'm not completely averse to ripping out sun's nss library, but that's a little more work than this cat likes to do. Certainilly problem does not appear on Solaris 9 04/03 with patch 112960-16. It is pretty weird you only have 112960-03. The patch itself is pretty much depended on many other patches and you should also make sure you have got them applied - at least those that apply to you config. What do you use as a NSS data source ? Do you have any patchlevel control software ? (I'd recommend opensource pca.pl). Have you modified your pam config ? Cheers, -- Michal Kurowski perl -e '$_=q#: 13_2: 12/o{: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#; y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ldap, smbldap-tools and smbpasswd
After a review of the smbldap-tools and: add user script = /usr/local/sbin/smbldap-useradd -m %u delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p %g delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/sbin/smbldap-useradd -w %u Can these perl scripts be effectively replaced by the current incarnation of smbpasswd? -- Raymond -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Master/Slave
Please remove [EMAIL PROTECTED] from your contact lists- Original Message - From: rruegner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 19, 2004 5:41 PM Subject: Re: [Samba] LDAP Master/Slave Hi John, let me explainif you have conected smb ldap master pdc with a vpn ( ie. Openvpn ) to a bdc smb ldap slave and if the vpn brakes , win clients from the vpn network are working with the last entries from the slave ldap. As in the blackout period the pdc isnt exist and the bdc ldap slave is not writeable , you cant make any changes ( like bringing up new machines on the fly, chnage passwords etc )until the vpn is up again to the pdc ldap master. This belongs to the fact that a bdc is read only. This is my understandingand practised...or do you now something other workaround? ( which might be possible with ldap in principal, but will end in heavly syncing the ldap directory in network blackout periods ) Best Regards John H Terpstra schrieb: On Wednesday 18 August 2004 16:11, rruegner wrote: thats right I am not sure if I understand what is being said here. Samba should refer password changes to the PDC and it should apply the changes to the LDAP directory. - John T. regards Jason C. Waters schrieb: I don't think this is a solution. If I understand what you were saying, on the BDC I should have this as the passwd backend: passwd backend = ldapsam:ldaps://ldap.server2 ldaps://ldap.server1 server2 - the BDC and ldap slave which is read only server1 - is the PDB and has the ldap master which users can read/write, so they could update their passwords. If I have it setup this way, the users that on the other side will never be able to update their passwords, at least on that leg of the VPN. Or maybe I just thinking about this the wrong way. Jason rruegner wrote: Hi, if you want to stay bdc stay alive, in cases when vpn broke so on your bdc smb.conf your slave ldap should be the first entry in the passwd backend, so if vpn brake , the slave ldap operates with its last entries from the master and will give the win clients any chance to operate just like if the pdc is alive. If vpn is up again it the ldap should refresh the slave automatic. But note, a bdc is read only so changes can olny be made to the master ldap on the pdc.So no changes can be made to the domain during the blackout period. If you want a full functional bdc you also should setup user clients homes and profiles in your outside ( vpn ) office hosted on the bdc. ( a seperate dhcp server and an bind slave with longtime zone caching is very usefull, too ) Regards Jason C. Waters schrieb: Is anyone using this? My smb.conf file has this line in server1(master) passwd backend = ldapsam:ldaps://ldap.server1 ldaps://ldap.server2 and this is what server2(slave ldap, BDC) looks like: passwd backend = ldapsam:ldaps://ldap.server1 ldap.server2 This is what happens. When I take down server 1's ldap server, server2 just starts using its local ldap server. But if I take down the VPN between the two, I try the same test, pdbedit -L, it works but it take about 6 seconds for it to timeout on server1. Is this normal or do I need to change some DNS setting? Thanks for your help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.6 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 (Samba goes for the gold!) This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. There have been several issues fixes since the 3.0.4/5 release and new features have been added as well. See the Changes section of the release notes for details on exact updates. Common bugs fixed in 3.0.6 include: o Schannel failure in winbindd. o Numerous memory leaks. o Incompatibilities between the 'write list' and 'force user' smb.conf options. o Premature optimization of the open_directory() internal function that broke tools such as the ArcServe backup agent, Macromedia HomeSite, and Robocopy. o Corrupt workgroup names in nmbd's browse.dat. o Sharing violation errors commonly seen when opening when serving Microsoft Office documents from a Samba file share. o Browsing problems caused by an apostrophe (') in the computer's description field. o Problems creating special file types from UNIX CIFS clients and enabling 'unix extensions'. o Fix stalls in smbd caused by inaccessible LDAP servers. o Fix issues in the password lockout feature. New features introduced in this release include: o Support symlinks created by CIFS clients which can be followed on the server. o Using a cups server other than localhost. o Maintaining the service principal entry in the system keytab for integration with other kerberized services. Please refer to the 'use kerberos keytab' entry in smb.conf(5). When using the heimdal kerberos libraries, you must also specify the following in /etc/krb5.conf: [libdefaults] default_keytab_name = FILE:/etc/krb5.keytab o Support for maintaining individual printer names stored separately from the printer's sharename. o Support for maintaining user password history. o Support for honoring the logon times for user in a Samba domain. smb.conf changes - Parameter Name Action -- -- cups server New defer sharing violationsNew force unknown acl user New ldap timeoutNew printcap cache time New use kerberos keytab New - unix extensions = yes (default) and symlinks - Beginning with Samba 3.0.6pre1 (formerly known as 3.0.5pre1), clients supporting the UNIX extensions to the CIFS protocol can create symlinks to absolute paths which will be **followed** by the server. This functionality has been requested in order to correctly support certain applications when the user's home directory is mounted using some type of CIFS client (e.g. the cifsvfs in the Linux 2.6 kernel). If this behavior is not acceptable for your production environment you can set 'wide links = no' in the specific share declaration in the server's smb.conf. Be aware that disabling wide link support out of a share in Samba may impact the server's performance due to the fact that smbd will now have to check each path additional times before traversing it. - Password History Support - The new password history feature allows smbd to check the new password in password change requests against a list of the user's previous passwords. The number of previous passwords to save can be set using pdbedit (4 in this example): root# pdbedit -P password history -C 4 When using the ldapsam passdb backend, it is vital to secure the following attributes from access by non-administrative users: * sambaNTPassword * sambaLMPassword * sambaPasswordHistory You should refer to your directory server's documentation on how to implement this restriction. - The source code can be downloaded from : http://download.samba.org/samba/ftp/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at http://download.samba.org/samba/ftp/samba-pubkey.asc Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ The release notes are also available on-line at http://www.samba.org/samba/whatsnew/samba-3.0.6.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFBJWH3IR7qMdg1EfYRAh9hAJsHzXiZQS7N/jr3ntrSPs/EenWdtQCg7aqB NKwBoDlzqm4kndX6Q91gPoo= =yfUw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Macintosh filenames with reserved chars
I have a client with about 1TB worth of files stored on an old mac server which is being replaced by a small samba cluster. Unfortunately the users were very liberal when naming their files naming them things such as. *wh at/e\v er!.tiff lol, so of course samba doesnt like that very much and gives me a invalid filename error, so the question is, is there a way for samba to rename that incoming filename just taking out the invalid chars? resulting in something valid like wh atev er.tiff thanks :) -- Entelin [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Lkfdpsac m'edi`cal update
trommelaars hyphend woodington wgwhipsgyracanthus The most wanted medications like Dar,von, Carisoprodol, Brufen retard, Lipitor and other 200 medications at the most wanted price. NrtxlwuRcujtx http://ul.dh.kalmyk3865drygs.com/f74m/ Were you ever with a circus, brother? No, said the SorcererIt was nearly evening, and Rob had wandered down by the wharves to look at the shipping, when his attention was called to an ugly looking bull dog, which ran toward him and began barking ferociously magnesiabutb12acordante 03prematuramente roldana comentarista -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.6 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: | The release notes are also available on-line at | | http://www.samba.org/samba/whatsnew/samba-3.0.6.html Correction. The URL should read http://www.samba.org/samba/history/samba-3.0.6.html cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBJWThIR7qMdg1EfYRAkyHAJ9soay8z2QlpqJ298L2tjQDMpU/JgCeO/HM gdvPjy+A+TVQ3QcmGeg9smg= =7TGr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Sharing a Samba Share?
Is it possible to share a Windows Share of a Samba Unix Share? We have Samba running on a Solaris Box, I can map a drive to the share just fine from a Windows 2000 server. Problem is that I want to in-turn share the Samba share from the Windows box. Reason is ... I have customers on a remote network who are only allowed HTTP and HTTPS outbound on their firewall. And I would like to give them access to the Solaris box. I would like to do something similar to what I have done for access to our Netware servers via HTTPS: Here's an example of what I have done for our Netware Servers: 1. Setup an application Server running Unix accessible via HTTPS in our DMZ. 2. Application Server runs an https Windows Domain Browser/ File Manager to browse and access Windows Server shares/files. 3. The shares are published to the client browser via HTTPS. 4. The user can manage files using their java client similar to the Windows Explorer. 5. I setup one of the Windows Servers with GSNW (Gateway Services for Netware) and use that to re-share netware file shares as windows shares. 6. From this point the remote users can access the Netware files through the HTTPS application server, then the Windows Server running GSNW and finally on the Netware server. This all works fine but I want to do something similar for sharing the files on the Solaris box. Process would be something like... 1. Setup an application Server running Unix accessible via HTTPS in our DMZ. = DONE. 2. Application Server runs an https Windows Domain Browser/ File Manager to browse and access Windows Server shares/files. = DONE. 3. Grab a Windows Server and MAP a drive to the Solaris Box using Samba. = DONE 4. Share the mapped drive in step 3 and allow remote user to access. = FAILED. This is where I get stuck, I can't share the mapped drive because Windows won't allow this type of mapping to be shared. Is there a workaround for this? Bear in mind the only connectivity the customer is allowed out their firewall is HTTPS, no FTP, no IPSEC (vpn) etc. thanks in advance for any ideas. -Bryan Fitzwater Network Janitor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groups not recognized
Quoting Michal Kurowski [EMAIL PROTECTED]: Paul Gienger [EMAIL PROTECTED] wrote: Ok, apparently this is a solaris-vs.-LDAP issue. I've tested with a machine running Solaris 9 12/02 (that I could reboot) and with anything higher than 112960-03 you can't see supplimentary groups, but with -03 you can do everything like you want to, although the id command never shows all the groups, but I think that's a solaris-ism. Correcting myself, on solaris you need to do an id -a but on linux a simple id gives you all secondary groups. Here's the rub, I've got a Solaris 9 8/03 box that has to be upgraded, but that version is post 112960-03. Does anybody know of a way around this??? I'm not completely averse to ripping out sun's nss library, but that's a little more work than this cat likes to do. Certainilly problem does not appear on Solaris 9 04/03 with patch 112960-16. Just to be sure, we're talking about a directory that has something like 750 perms, and the group is in the secondary groups list of the user? I get perm denied from samba but get in just fine on something like the unix comand line. If so, good to hear, perhaps then I won't have issues with 8/03 - the newer of the two sun boxes I have to work on. I think I read in one of the posts that the reporter was using 12/02 (what I have), but I can't find that one now. Maybe if push comes to shove, both boxes can be updated to 04/04. I guess it's possible that the patch itself is bad or it doesn't check for some other minute dependency. Put updating test server to 04/04 on my to-do list :-\ It is pretty weird you only have 112960-03. Why is that wierd? patchrm works wonders when you need it. This is what the bug (395 I believe) says is the correct patch-point to get things working, and it seems to be correct in my tests. What do you use as a NSS data source ? Openldap 2.1.something, whatever comes with FC2, or are you getting at something else? Do you have any patchlevel control software ? Nope, but if I did I'd try using the sun package first. I can't stand automatic patching of unix boxes (this week anyway, next week may change). We've got two FC2 boxes that started going wierd on network transfers, and I'd much rather be able to rule out yum sticking in some new version of a package that doesn't play nice. Have you modified your pam config ? Nope, at least not that I can remember. Rembember, unix permissions work fine, it's just from samba. Just to update, I backed down to 112960-03 on my 12/02 box and things work fine. If I go to a windows box and run ifmember it shows me all the groups I want, and I don't even think I have some of them groupmapped. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing a Samba Share?
An interesting problem. I think a thing I tried and failed at may apply here. Want internet samba port 445 clients to access a W2k machine, but point the router to a samba machine. Mount the w2k machine share on the Unix box Share that mount in samba Let the wan clients mount the unix samba share. Lots of errors. Besides being so slow it was unusable here are some issues. The smb mount to the unix box has the permissions of the mount. IE if you mount the w2k share as Administrator, then all who mount the samba share are Administrator. Further, given the above, Samba does not like this. It lags out a lot and is not ideal. Note that a smb mount from UNIX to a w2k server is a user level implementation. It's like mapping a drive to a windows box. I know not Novel, but I suspect that the Novel functions you describe are quite disimilar to smbfs. Too many beers. Exiting before I say something stupid. Fitzwater, Bryan wrote: Is it possible to share a Windows Share of a Samba Unix Share? We have Samba running on a Solaris Box, I can map a drive to the share just fine from a Windows 2000 server. Problem is that I want to in-turn share the Samba share from the Windows box. Reason is ... I have customers on a remote network who are only allowed HTTP and HTTPS outbound on their firewall. And I would like to give them access to the Solaris box. I would like to do something similar to what I have done for access to our Netware servers via HTTPS: Here's an example of what I have done for our Netware Servers: 1. Setup an application Server running Unix accessible via HTTPS in our DMZ. 2. Application Server runs an https Windows Domain Browser/ File Manager to browse and access Windows Server shares/files. 3. The shares are published to the client browser via HTTPS. 4. The user can manage files using their java client similar to the Windows Explorer. 5. I setup one of the Windows Servers with GSNW (Gateway Services for Netware) and use that to re-share netware file shares as windows shares. 6. From this point the remote users can access the Netware files through the HTTPS application server, then the Windows Server running GSNW and finally on the Netware server. This all works fine but I want to do something similar for sharing the files on the Solaris box. Process would be something like... 1. Setup an application Server running Unix accessible via HTTPS in our DMZ. = DONE. 2. Application Server runs an https Windows Domain Browser/ File Manager to browse and access Windows Server shares/files. = DONE. 3. Grab a Windows Server and MAP a drive to the Solaris Box using Samba. = DONE 4. Share the mapped drive in step 3 and allow remote user to access. = FAILED. This is where I get stuck, I can't share the mapped drive because Windows won't allow this type of mapping to be shared. Is there a workaround for this? Bear in mind the only connectivity the customer is allowed out their firewall is HTTPS, no FTP, no IPSEC (vpn) etc. thanks in advance for any ideas. -Bryan Fitzwater Network Janitor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: CUPS Printing to PostScript Printer
Are you using the postscript cups-samba drivers? I'm having trouble printing to a HP LaserJet 6MP Postscript printer. I'm using CUPS and normal UNIX printing works fine. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Printing
This is Mandrake specific but there are refs to relevant sections of the HOWTOs. http://mandrake.vmlinuz.ca/bin/view/Main/SambaThreeDomainController#Simple_Print_Services Using samba 3.05 and cups for raw printing does anyone know why i'm getting this when i print from an xp client. All i'm trying to do is get point and print printing working in raw cups mode. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: We are pleased to hear of your support for OpenVMS on Integrityservers
Michael A. Fitzgerald ([EMAIL PROTECTED]) wrote: Dear Samba, Dear Samba?? Perhaps someone shouldn't be using a form letter. -- Brian Tillman ** The information contained in, or attached to, this e-mail, may contain confidential information and is intended solely for the use of the individual or entity to whom they are addressed and may be subject to legal privilege. If you have received this e-mail in error you should notify the sender immediately by reply e-mail, delete the message from your system and notify your system manager. Please do not copy it for any purpose, or disclose its contents to any other person. The views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company. The recipient should check this e-mail and any attachments for the presence of viruses. The company accepts no liability for any damage caused, directly or indirectly, by any virus transmitted in this email. ** PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: We are pleased to hear of your support for OpenVMS on
In article [EMAIL PROTECTED], Tillman, Brian (AGRE) [EMAIL PROTECTED] writes: Michael A. Fitzgerald ([EMAIL PROTECTED]) wrote: Dear Samba, Dear Samba?? Perhaps someone shouldn't be using a form letter. Apparently this is a result of Sue Skonetski publicizing Robert Thomas's post here about getting SAMBA to run on OpenVMS 8.1. I have forwarded that note to some people in HP. I do not see a problem with the note being posted here though. It would seem that if someone wanted to sell consulting support for SAMBA on VMS including IPF, they would be interested in participating in this program. The attachment was missing because the mailing list strips all but a small number of attachment types. Samba seems to run on OpenVMS 8.2 internal releases also, but I have not done any real testing on it. There is a bug in the IA64 C compiler on VMS that prevents one of the modules from compiling that Robert mentioned in his report. The workaround is to compile that module/OPT=INLINE=NONE In order to use the cross compiler, I had to change the COMPILE.COM procedure to not change the symbol definitions for CC and link. $ ccflags :=/DECC/noLIST/INCLUDE=- ([],[.INCLUDE],[.UBIQX],[.SMBWRAPPER],[.tdb],[.popt],[.VMS]) - /STANDARD=VAXC/NESTED=PRIMARY/nowarning /PREFIX=ALL - /DEFINE=(WITH_SMBPASSWD_SAM, HAVE_IFACE_IFCONF)/name=SHORTENED $ compile_mains: $! $ ! SRV_SPOOLSS_NT Hack $ if p2.eqs. .or. p2.eqs.SRV_SPOOLSS_NT $ then $ filename = SRV_SPOOLSS_NT $ dirname = RPC_SERVER $ Write sys$output Compiling ''filename' in ''dirname' $ CC'ccflags'/OPT=INLINE=NONE [.'dirname']'filename'.c- /OBJ=[.'dirname']'filename'.OBJ $ LIBRARY/REPLACE [.bin]samba.OLB [.'dirname']'filename'.OBJ $ delete [.'dirname']'filename'.OBJ;* $ endif -John [EMAIL PROTECTED] Personal Opinion Only PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r1900 - branches/SAMBA_4_0/source/gtk/common
Author: metze Date: 2004-08-19 07:49:45 + (Thu, 19 Aug 2004) New Revision: 1900 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1900nolog=1 Log: fix function prototypes metze Modified: branches/SAMBA_4_0/source/gtk/common/gtk-smb.c branches/SAMBA_4_0/source/gtk/common/select.c Changeset: Modified: branches/SAMBA_4_0/source/gtk/common/gtk-smb.c === --- branches/SAMBA_4_0/source/gtk/common/gtk-smb.c 2004-08-19 03:11:17 UTC (rev 1899) +++ branches/SAMBA_4_0/source/gtk/common/gtk-smb.c 2004-08-19 07:49:45 UTC (rev 1900) @@ -239,7 +239,7 @@ gtk_widget_grab_default (btn_connect); } -GType gtk_rpc_binding_dialog_get_type () +GType gtk_rpc_binding_dialog_get_type (void) { static GType mytype = 0; @@ -314,7 +314,7 @@ } } -GtkWidget* create_gtk_samba_about_dialog (char *appname) +GtkWidget *create_gtk_samba_about_dialog (char *appname) { GtkWidget *samba_about_dialog; GtkWidget *dialog_vbox1; @@ -358,4 +358,3 @@ return samba_about_dialog; } - Modified: branches/SAMBA_4_0/source/gtk/common/select.c === --- branches/SAMBA_4_0/source/gtk/common/select.c 2004-08-19 03:11:17 UTC (rev 1899) +++ branches/SAMBA_4_0/source/gtk/common/select.c 2004-08-19 07:49:45 UTC (rev 1900) @@ -101,7 +101,7 @@ return h; } -GType gtk_select_domain_dialog_get_type () +GType gtk_select_domain_dialog_get_type (void) { static GType mytype = 0; @@ -246,7 +246,7 @@ GTK_WIDGET_SET_FLAGS (okbutton2, GTK_CAN_DEFAULT); } -GType gtk_select_host_dialog_get_type () +GType gtk_select_host_dialog_get_type (void) { static GType mytype = 0;
svn commit: samba r1901 - branches/SAMBA_4_0/source/lib/ldb/ldb_tdb
Author: metze Date: 2004-08-19 07:51:51 + (Thu, 19 Aug 2004) New Revision: 1901 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1901nolog=1 Log: add missing include of fnmatch.h metze Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_match.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_match.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_match.c 2004-08-19 07:49:45 UTC (rev 1900) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_match.c 2004-08-19 07:51:51 UTC (rev 1901) @@ -33,6 +33,7 @@ */ #include includes.h +#include fnmatch.h #include ldb/ldb_tdb/ldb_tdb.h #include ldb/include/ldb_parse.h
svn commit: samba r1902 - branches/SAMBA_4_0/source/include
Author: metze Date: 2004-08-19 07:54:38 + (Thu, 19 Aug 2004) New Revision: 1902 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1902nolog=1 Log: we need to include popt.h before popt_common.h metze Modified: branches/SAMBA_4_0/source/include/includes.h branches/SAMBA_4_0/source/include/rewrite.h Changeset: Modified: branches/SAMBA_4_0/source/include/includes.h === --- branches/SAMBA_4_0/source/include/includes.h2004-08-19 07:51:51 UTC (rev 1901) +++ branches/SAMBA_4_0/source/include/includes.h2004-08-19 07:54:38 UTC (rev 1902) @@ -653,8 +653,6 @@ #include asn_1.h -#include popt.h - #include mutex.h #include librpc/rpc/dcerpc.h Modified: branches/SAMBA_4_0/source/include/rewrite.h === --- branches/SAMBA_4_0/source/include/rewrite.h 2004-08-19 07:51:51 UTC (rev 1901) +++ branches/SAMBA_4_0/source/include/rewrite.h 2004-08-19 07:54:38 UTC (rev 1902) @@ -280,6 +280,7 @@ char *from_name, *to_name; } *smb_iconv_t; +#include popt.h #include popt_common.h #endif /* _REWRITE_H */
svn commit: samba r1903 - branches/SAMBA_4_0/source/include
Author: metze Date: 2004-08-19 07:56:55 + (Thu, 19 Aug 2004) New Revision: 1903 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1903nolog=1 Log: hmm a better solution is to include popt.h where it is needed metze Modified: branches/SAMBA_4_0/source/include/popt_common.h branches/SAMBA_4_0/source/include/rewrite.h Changeset: Modified: branches/SAMBA_4_0/source/include/popt_common.h === --- branches/SAMBA_4_0/source/include/popt_common.h 2004-08-19 07:54:38 UTC (rev 1902) +++ branches/SAMBA_4_0/source/include/popt_common.h 2004-08-19 07:56:55 UTC (rev 1903) @@ -21,6 +21,8 @@ #ifndef _POPT_COMMON_H #define _POPT_COMMON_H +#include popt.h + /* Common popt structures */ extern struct poptOption popt_common_samba[]; extern struct poptOption popt_common_connection[]; Modified: branches/SAMBA_4_0/source/include/rewrite.h === --- branches/SAMBA_4_0/source/include/rewrite.h 2004-08-19 07:54:38 UTC (rev 1902) +++ branches/SAMBA_4_0/source/include/rewrite.h 2004-08-19 07:56:55 UTC (rev 1903) @@ -280,7 +280,6 @@ char *from_name, *to_name; } *smb_iconv_t; -#include popt.h #include popt_common.h #endif /* _REWRITE_H */
svn commit: samba r1904 - branches/SAMBA_4_0/source/script
Author: metze Date: 2004-08-19 07:58:02 + (Thu, 19 Aug 2004) New Revision: 1904 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1904nolog=1 Log: catch the common gtk function prototypes with make proto metze Modified: branches/SAMBA_4_0/source/script/mkproto.pl Changeset: Modified: branches/SAMBA_4_0/source/script/mkproto.pl === --- branches/SAMBA_4_0/source/script/mkproto.pl 2004-08-19 07:56:55 UTC (rev 1903) +++ branches/SAMBA_4_0/source/script/mkproto.pl 2004-08-19 07:58:02 UTC (rev 1904) @@ -69,7 +69,8 @@ next unless ( $line =~ / ^void|^BOOL|^int|^struct|^char|^const|^\w+_[tT]\s|^uint|^unsigned|^long| ^NTSTATUS|^ADS_STATUS|^enum\s.*\(|^DATA_BLOB|^WERROR|^XFILE|^FILE|^DIR| - ^double|^TDB_CONTEXT|^TDB_DATA|^TALLOC_CTX|^NTTIME|^FN_|^REG_KEY|^REG_HANDLE|^REG_VAL + ^double|^TDB_CONTEXT|^TDB_DATA|^TALLOC_CTX|^NTTIME|^FN_|^REG_KEY|^REG_HANDLE|^REG_VAL| + ^GtkWidget|^GType /xo); if ($line =~ /^FN_/) {
svn commit: samba r1905 - in branches/SAMBA_4_0/source/build: smb_build tests
Author: metze Date: 2004-08-19 07:59:08 + (Thu, 19 Aug 2004) New Revision: 1905 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/buildrev=1905nolog=1 Log: add -Werror-implicit-function-declaration with --enable-developer metze Modified: branches/SAMBA_4_0/source/build/smb_build/check_path.m4 branches/SAMBA_4_0/source/build/tests/summary.c branches/SAMBA_4_0/source/build/tests/trivial.c Changeset: Modified: branches/SAMBA_4_0/source/build/smb_build/check_path.m4 === --- branches/SAMBA_4_0/source/build/smb_build/check_path.m4 2004-08-19 07:58:02 UTC (rev 1904) +++ branches/SAMBA_4_0/source/build/smb_build/check_path.m4 2004-08-19 07:59:08 UTC (rev 1905) @@ -127,7 +127,7 @@ AC_ARG_ENABLE(developer, [ --enable-developer Turn on developer warnings and debugging (default=no)], [if eval test x$enable_developer = xyes; then developer=yes - CFLAGS=${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER + CFLAGS=${CFLAGS} -g -Wall -Wshadow -Werror-implicit-function-declaration -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -DDEBUG_PASSWORD -DDEVELOPER fi]) AC_ARG_ENABLE(krb5developer, [ --enable-krb5developer Turn on developer warnings and debugging, except -Wstrict-prototypes (default=no)], Modified: branches/SAMBA_4_0/source/build/tests/summary.c === --- branches/SAMBA_4_0/source/build/tests/summary.c 2004-08-19 07:58:02 UTC (rev 1904) +++ branches/SAMBA_4_0/source/build/tests/summary.c 2004-08-19 07:59:08 UTC (rev 1905) @@ -1,5 +1,7 @@ #include stdio.h +void exit(int); + main() { #if !(defined(HAVE_FCNTL_LOCK) || defined(HAVE_STRUCT_FLOCK64)) Modified: branches/SAMBA_4_0/source/build/tests/trivial.c === --- branches/SAMBA_4_0/source/build/tests/trivial.c 2004-08-19 07:58:02 UTC (rev 1904) +++ branches/SAMBA_4_0/source/build/tests/trivial.c 2004-08-19 07:59:08 UTC (rev 1905) @@ -1,3 +1,6 @@ + +void exit(int); + main() { exit(0);
svn commit: samba r1906 - branches/SAMBA_3_0/source/passdb
Author: vlendec Date: 2004-08-19 08:11:11 + (Thu, 19 Aug 2004) New Revision: 1906 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1906nolog=1 Log: Revert lukeh's change for primary uid/gid change. This creates a recursion loop between uid_to_sid - getsampwnam - uid_to_sid. It needs further inspection. Volker Modified: branches/SAMBA_3_0/source/passdb/passdb.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/passdb.c === --- branches/SAMBA_3_0/source/passdb/passdb.c 2004-08-19 07:59:08 UTC (rev 1905) +++ branches/SAMBA_3_0/source/passdb/passdb.c 2004-08-19 08:11:11 UTC (rev 1906) @@ -190,9 +190,7 @@ const char *guest_account = lp_guestaccount(); GROUP_MAP map; BOOL ret; - DOM_SID user_sid; - DOM_SID group_sid; - + if (!account_data || !pwd) { return NT_STATUS_INVALID_PARAMETER; } @@ -200,7 +198,7 @@ /* this is a hack this thing should not be set this way --SSS */ if (!(guest_account *guest_account)) { - DEBUG(1, (pdb_set_sam_sids: NULL guest account!?!?\n)); + DEBUG(1, (NULL guest account!?!?\n)); return NT_STATUS_UNSUCCESSFUL; } else { /* Ensure this *must* be set right */ @@ -215,13 +213,8 @@ } } - if (NT_STATUS_IS_OK(uid_to_sid(user_sid, pwd-pw_uid))) { - if (!pdb_set_user_sid(account_data, user_sid, PDB_SET)) { - DEBUG(0,(pdb_set_sam_sids: Can't set User SID from mapped UID\n)); - return NT_STATUS_INVALID_PARAMETER; - } - } else if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd-pw_uid), PDB_SET)) { - DEBUG(0,(pdb_set_sam_sids: Can't set User SID from RID!\n)); + if (!pdb_set_user_sid_from_rid(account_data, algorithmic_pdb_uid_to_user_rid(pwd-pw_uid), PDB_SET)) { + DEBUG(0,(Can't set User SID from RID!\n)); return NT_STATUS_INVALID_PARAMETER; } @@ -232,18 +225,13 @@ if( ret ) { if (!pdb_set_group_sid(account_data, map.sid, PDB_SET)){ - DEBUG(0,(pdb_set_sam_sids: Can't set Group SID!\n)); + DEBUG(0,(Can't set Group SID!\n)); return NT_STATUS_INVALID_PARAMETER; } } else { - if (NT_STATUS_IS_OK(gid_to_sid(group_sid, pwd-pw_gid))) { - if (!pdb_set_group_sid(account_data, group_sid, PDB_SET)) { - DEBUG(0,(pdb_set_sam_sids: Can't set Group SID from mapped GID\n)); - return NT_STATUS_INVALID_PARAMETER; - } - } else if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd-pw_gid), PDB_SET)) { - DEBUG(0,(pdb_set_sam_sids: Can't set Group SID\n)); + if (!pdb_set_group_sid_from_rid(account_data, pdb_gid_to_group_rid(pwd-pw_gid), PDB_SET)) { + DEBUG(0,(Can't set Group SID\n)); return NT_STATUS_INVALID_PARAMETER; } }
svn commit: samba r1908 - branches/SAMBA_3_0/source/client
Author: tpot Date: 2004-08-19 09:59:08 + (Thu, 19 Aug 2004) New Revision: 1908 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1908nolog=1 Log: Bugzilla #1541. Fix recursive ls in smbclient. Fix by Josef Zlomek. Modified: branches/SAMBA_3_0/source/client/client.c Changeset: Modified: branches/SAMBA_3_0/source/client/client.c === --- branches/SAMBA_3_0/source/client/client.c 2004-08-19 09:50:54 UTC (rev 1907) +++ branches/SAMBA_3_0/source/client/client.c 2004-08-19 09:59:08 UTC (rev 1908) @@ -592,7 +592,7 @@ else pstrcat(mask,p); } else { - pstrcat(mask,*); + pstrcat(mask,\\*); } do_list(mask, attribute, display_finfo, recurse, True);
svn commit: samba r1909 - branches/SAMBA_4_0/source/build/pidl
Author: metze Date: 2004-08-19 10:10:16 + (Thu, 19 Aug 2004) New Revision: 1909 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1909nolog=1 Log: nicer format metze Modified: branches/SAMBA_4_0/source/build/pidl/header.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/header.pm === --- branches/SAMBA_4_0/source/build/pidl/header.pm 2004-08-19 09:59:08 UTC (rev 1908) +++ branches/SAMBA_4_0/source/build/pidl/header.pm 2004-08-19 10:10:16 UTC (rev 1909) @@ -279,12 +279,12 @@ if(!defined $interface-{PROPERTIES}-{version}) { $interface-{PROPERTIES}-{version} = 0.0; } $res .= #define DCERPC_$name\_VERSION $interface-{PROPERTIES}-{version}\n; - $res .= #define DCERPC_$name\_NAME \$interface-{NAME}\\n\n; + $res .= #define DCERPC_$name\_NAME \$interface-{NAME}\\n; if(!defined $interface-{PROPERTIES}-{helpstring}) { $interface-{PROPERTIES}-{helpstring} = NULL; } $res .= #define DCERPC_$name\_HELPSTRING $interface-{PROPERTIES}-{helpstring}\n; - $res .= extern const struct dcerpc_interface_table dcerpc_table_$interface-{NAME};\n; + $res .= \nextern const struct dcerpc_interface_table dcerpc_table_$interface-{NAME};\n; $res .= NTSTATUS dcerpc_$interface-{NAME}_init(void);\n\n; }
svn commit: samba-web r266 - trunk/devel
Author: deryck Date: 2004-08-19 11:32:50 + (Thu, 19 Aug 2004) New Revision: 266 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=266nolog=1 Log: Remove this is not the real samba.org header that was left over from tmp.samba. --deryck Modified: trunk/devel/header_devel.html Changeset: Modified: trunk/devel/header_devel.html === --- trunk/devel/header_devel.html 2004-08-19 03:53:19 UTC (rev 265) +++ trunk/devel/header_devel.html 2004-08-19 11:32:50 UTC (rev 266) @@ -129,5 +129,3 @@ div id=content div class=center -!--#include virtual=/samba/local_header.html -- -
svn commit: samba r1910 - branches/SAMBA_4_0/source/libcli/raw
Author: metze Date: 2004-08-19 11:37:36 + (Thu, 19 Aug 2004) New Revision: 1910 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1910nolog=1 Log: this should not be a local var in this block metze Modified: branches/SAMBA_4_0/source/libcli/raw/clisocket.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/raw/clisocket.c === --- branches/SAMBA_4_0/source/libcli/raw/clisocket.c2004-08-19 10:10:16 UTC (rev 1909) +++ branches/SAMBA_4_0/source/libcli/raw/clisocket.c2004-08-19 11:37:36 UTC (rev 1910) @@ -65,7 +65,7 @@ int i; const char **ports = lp_smb_ports(); for (i=0;ports[i];i++) { - int port = atoi(ports[i]); + port = atoi(ports[i]); if (port != 0 smbcli_sock_connect(sock, ip, port)) { return True; }
svn commit: samba r1911 - in branches/SAMBA_4_0/source: client include lib/cmdline
Author: metze Date: 2004-08-19 12:16:48 + (Thu, 19 Aug 2004) New Revision: 1911 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1911nolog=1 Log: merge a few popt parameters from 3.0 move some to better places and deal with users DOMAIN and lp_workgroup() of the local workstation metze Modified: branches/SAMBA_4_0/source/client/client.c branches/SAMBA_4_0/source/include/popt_common.h branches/SAMBA_4_0/source/lib/cmdline/popt_common.c Changeset: Sorry, the patch is too large (295 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1911nolog=1
svn commit: samba r1912 - in branches/SAMBA_4_0/source: include lib/cmdline
Author: metze Date: 2004-08-19 12:18:07 + (Thu, 19 Aug 2004) New Revision: 1912 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1912nolog=1 Log: move popt_common.h metze Added: branches/SAMBA_4_0/source/lib/cmdline/popt_common.h Removed: branches/SAMBA_4_0/source/include/popt_common.h Modified: branches/SAMBA_4_0/source/include/rewrite.h Changeset: Deleted: branches/SAMBA_4_0/source/include/popt_common.h === --- branches/SAMBA_4_0/source/include/popt_common.h 2004-08-19 12:16:48 UTC (rev 1911) +++ branches/SAMBA_4_0/source/include/popt_common.h 2004-08-19 12:18:07 UTC (rev 1912) @@ -1,51 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Common popt arguments - Copyright (C) Jelmer Vernooij 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _POPT_COMMON_H -#define _POPT_COMMON_H - -#include popt.h - -/* Common popt structures */ -extern struct poptOption popt_common_samba[]; -extern struct poptOption popt_common_connection[]; -extern struct poptOption popt_common_version[]; -extern struct poptOption popt_common_credentials[]; - -#ifndef POPT_TABLEEND -#define POPT_TABLEEND { NULL, '\0', 0, 0, 0, NULL, NULL } -#endif - -#define POPT_COMMON_SAMBA { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_samba, 0, Common samba options:, NULL }, -#define POPT_COMMON_CONNECTION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_connection, 0, Connection options:, NULL }, -#define POPT_COMMON_VERSION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version, 0, Common samba options:, NULL }, -#define POPT_COMMON_CREDENTIALS { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_credentials, 0, Authentication options:, NULL }, - -struct cmdline_auth_info { - pstring username; - pstring password; - pstring domain; - BOOL got_pass; - BOOL use_kerberos; -}; - -extern struct cmdline_auth_info cmdline_auth_info; - -#endif /* _POPT_COMMON_H */ Modified: branches/SAMBA_4_0/source/include/rewrite.h === --- branches/SAMBA_4_0/source/include/rewrite.h 2004-08-19 12:16:48 UTC (rev 1911) +++ branches/SAMBA_4_0/source/include/rewrite.h 2004-08-19 12:18:07 UTC (rev 1912) @@ -280,6 +280,6 @@ char *from_name, *to_name; } *smb_iconv_t; -#include popt_common.h +#include lib/cmdline/popt_common.h #endif /* _REWRITE_H */ Copied: branches/SAMBA_4_0/source/lib/cmdline/popt_common.h (from rev 1911, branches/SAMBA_4_0/source/include/popt_common.h)
svn commit: samba r1913 - branches/SAMBA_4_0/source/client
Author: metze Date: 2004-08-19 12:23:57 + (Thu, 19 Aug 2004) New Revision: 1913 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1913nolog=1 Log: add --version back metze Modified: branches/SAMBA_4_0/source/client/client.c Changeset: Modified: branches/SAMBA_4_0/source/client/client.c === --- branches/SAMBA_4_0/source/client/client.c 2004-08-19 12:18:07 UTC (rev 1912) +++ branches/SAMBA_4_0/source/client/client.c 2004-08-19 12:23:57 UTC (rev 1913) @@ -2976,6 +2976,7 @@ POPT_COMMON_SAMBA POPT_COMMON_CONNECTION POPT_COMMON_CREDENTIALS + POPT_COMMON_VERSION POPT_TABLEEND };
svn commit: samba r1914 - branches/SAMBA_4_0/source/utils/net
Author: metze Date: 2004-08-19 12:24:58 + (Thu, 19 Aug 2004) New Revision: 1914 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1914nolog=1 Log: use common popt stuff in net metze Modified: branches/SAMBA_4_0/source/utils/net/net.c Changeset: Modified: branches/SAMBA_4_0/source/utils/net/net.c === --- branches/SAMBA_4_0/source/utils/net/net.c 2004-08-19 12:23:57 UTC (rev 1913) +++ branches/SAMBA_4_0/source/utils/net/net.c 2004-08-19 12:24:58 UTC (rev 1914) @@ -158,9 +158,12 @@ struct net_context *ctx; poptContext pc; struct poptOption long_options[] = { - {help,'h', POPT_ARG_NONE, 0, 'h'}, - {NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version}, - { 0, 0, 0, 0} + POPT_AUTOHELP + POPT_COMMON_SAMBA + POPT_COMMON_CONNECTION + POPT_COMMON_CREDENTIALS + POPT_COMMON_VERSION + POPT_TABLEEND }; setup_logging(net, DEBUG_STDOUT); @@ -179,15 +182,11 @@ ZERO_STRUCTP(ctx); ctx-mem_ctx = mem_ctx; - pc = poptGetContext(NULL, argc, (const char **) argv, long_options, - POPT_CONTEXT_KEEP_FIRST); + pc = poptGetContext(net, argc, (const char **) argv, long_options, + POPT_CONTEXT_KEEP_FIRST); while((opt = poptGetNextOpt(pc)) != -1) { switch (opt) { - case 'h': - net_help(ctx, argc, argv); - exit(0); - break; default: d_printf(Invalid option %s: %s\n, poptBadOption(pc, 0), poptStrerror(opt));
svn commit: samba r1915 - branches/SAMBA_4_0/source/utils/net
Author: metze Date: 2004-08-19 12:36:05 + (Thu, 19 Aug 2004) New Revision: 1915 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1915nolog=1 Log: use popt's cmdline_auth_info to fill the net_context and print the user domain when prompting for a new password metze Modified: branches/SAMBA_4_0/source/utils/net/net.c branches/SAMBA_4_0/source/utils/net/net_password.c Changeset: Modified: branches/SAMBA_4_0/source/utils/net/net.c === --- branches/SAMBA_4_0/source/utils/net/net.c 2004-08-19 12:24:58 UTC (rev 1914) +++ branches/SAMBA_4_0/source/utils/net/net.c 2004-08-19 12:36:05 UTC (rev 1915) @@ -156,6 +156,7 @@ const char **argv_new; TALLOC_CTX *mem_ctx; struct net_context *ctx; + const char *domain; poptContext pc; struct poptOption long_options[] = { POPT_AUTOHELP @@ -172,16 +173,6 @@ setbuffer(stdout, NULL, 0); #endif - mem_ctx = talloc_init(net_context); - ctx = talloc_p(mem_ctx, struct net_context); - if (!ctx) { - d_printf(talloc_init(net_context) failed\n); - exit(1); - } - - ZERO_STRUCTP(ctx); - ctx-mem_ctx = mem_ctx; - pc = poptGetContext(net, argc, (const char **) argv, long_options, POPT_CONTEXT_KEEP_FIRST); @@ -213,6 +204,25 @@ return 1; } + if (cmdline_auth_info.domain[0]) { + domain = cmdline_auth_info.domain; + } else { + domain = lp_workgroup(); + } + + mem_ctx = talloc_init(net_context); + ctx = talloc_p(mem_ctx, struct net_context); + if (!ctx) { + d_printf(talloc_init(net_context) failed\n); + exit(1); + } + + ZERO_STRUCTP(ctx); + ctx-mem_ctx = mem_ctx; + ctx-user.account_name = talloc_strdup(ctx-mem_ctx, cmdline_auth_info.username); + ctx-user.domain_name = talloc_strdup(ctx-mem_ctx, domain); + ctx-user.password = talloc_strdup(ctx-mem_ctx, cmdline_auth_info.password); + rc = net_run_function(ctx, argc_new-1, argv_new+1, net_functable, net_usage); if (rc != 0) { Modified: branches/SAMBA_4_0/source/utils/net/net_password.c === --- branches/SAMBA_4_0/source/utils/net/net_password.c 2004-08-19 12:24:58 UTC (rev 1914) +++ branches/SAMBA_4_0/source/utils/net/net_password.c 2004-08-19 12:36:05 UTC (rev 1915) @@ -37,7 +37,8 @@ if (argc 0 argv[0]) { new_password = argv[0]; } else { - password_prompt = talloc_asprintf(ctx-mem_ctx, Enter new password for %s:, ctx-user.account_name); + password_prompt = talloc_asprintf(ctx-mem_ctx, Enter new password for account [%s\\%s]:, + ctx-user.domain_name, ctx-user.account_name); new_password = getpass(password_prompt); }
svn commit: samba r1917 - branches/SAMBA_4_0/source/librpc/idl
Author: vlendec Date: 2004-08-19 13:05:36 + (Thu, 19 Aug 2004) New Revision: 1917 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1917nolog=1 Log: Attempt to push the AIX machine a bit further in the compile. I'm not sure, but pidl there says syntax error. Volker Modified: branches/SAMBA_4_0/source/librpc/idl/dcom.idl branches/SAMBA_4_0/source/librpc/idl/svcctl.idl Changeset: Sorry, the patch is too large (524 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1917nolog=1
svn commit: samba r1918 - in branches/SAMBA_3_0_RELEASE: . source/nsswitch source/passdb
Author: jerry Date: 2004-08-19 13:07:49 + (Thu, 19 Aug 2004) New Revision: 1918 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0_RELEASErev=1918nolog=1 Log: revert the passdb.c change; fix typos in release notes; add guenther's fix for pam_winbind Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_pam.c branches/SAMBA_3_0_RELEASE/source/passdb/passdb.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2004-08-19 13:05:36 UTC (rev 1917) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2004-08-19 13:07:49 UTC (rev 1918) @@ -1,6 +1,6 @@ = Release Notes for Samba 3.0.6 -Aug 18, 2004 +Aug 19, 2004 = This is the latest stable release of Samba. This is the version @@ -52,7 +52,7 @@ unix extensions = yes (default) and symlinks -Beginning with Samba 3.0.6pre1 (formally known as 3.0.5pre1), +Beginning with Samba 3.0.6pre1 (formerly known as 3.0.5pre1), clients supporting the UNIX extensions to the CIFS protocol can create symlinks to absolute paths which will be **followed** by the server. This functionality has been requested in order @@ -86,7 +86,7 @@ * sambaPasswordHistory You should refer to your directory server's documentation on how -to implement this restriction). +to implement this restriction. ## @@ -115,18 +115,20 @@ * Tighten the cache consistency with the ntprinters.tdb entry an the in memory cache associated with open printer handles. * Make sure that register_messages_flags() doesn't overwrite - the originally registers flags. + the originally registered flags. +o Guenther Deschner [EMAIL PROTECTED] +* Correct infinite loop in pam_winbind's verification of + group membership in the 'other sids' field in the user_info3 + struct. + + o Steve French [EMAIL PROTECTED] * prevent infinite recusion in reopen_logs() when expanding the smb.conf variable %I. -o Luke Howard [EMAIL PROTECTED] -* Correctly use uid_to_sid() and gid_to_sid() in - pdb_set_sam_sids(). - o Volker Lendecke [EMAIL PROTECTED] * Improved NT-AFS ACL mapping VFS module. @@ -138,12 +140,12 @@ o James Peach [EMAIL PROTECTED] * Prevent smbd from attempting to use sendfile at all if it is not supported by the server's OS. -* Allow SWAT to search for index.html when searving html files +* Allow SWAT to search for index.html when serving html files in a directory. o Jelmer Vernooij [EMAIL PROTECTED] -* BUG 1474: Fix build of --with-expsma stuff on Solaris. +* BUG 1474: Fix build of --with-expsam stuff on Solaris. Changes since 3.0.5 Modified: branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_pam.c 2004-08-19 13:05:36 UTC (rev 1917) +++ branches/SAMBA_3_0_RELEASE/source/nsswitch/winbindd_pam.c 2004-08-19 13:07:49 UTC (rev 1918) @@ -123,7 +123,7 @@ http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp */ - for (i = 0; i info3-num_other_sids; j++) { + for (i = 0; i info3-num_other_sids; i++) { sid_copy(all_sids[info3-num_groups2 + i + 2], info3-other_sids[j].sid); j++; Modified: branches/SAMBA_3_0_RELEASE/source/passdb/passdb.c === --- branches/SAMBA_3_0_RELEASE/source/passdb/passdb.c 2004-08-19 13:05:36 UTC (rev 1917) +++ branches/SAMBA_3_0_RELEASE/source/passdb/passdb.c 2004-08-19 13:07:49 UTC (rev 1918) @@ -190,9 +190,7 @@ const char *guest_account = lp_guestaccount(); GROUP_MAP map; BOOL ret; - DOM_SID user_sid; - DOM_SID group_sid; - + if (!account_data || !pwd) { return NT_STATUS_INVALID_PARAMETER; } @@ -200,7 +198,7 @@ /* this is a hack this thing should not be set this way --SSS */ if (!(guest_account *guest_account)) { - DEBUG(1, (pdb_set_sam_sids: NULL guest account!?!?\n)); + DEBUG(1, (NULL guest account!?!?\n)); return NT_STATUS_UNSUCCESSFUL; } else { /* Ensure this *must* be set right */ @@ -215,13 +213,8 @@ } } - if (NT_STATUS_IS_OK(uid_to_sid(user_sid, pwd-pw_uid))) { - if (!pdb_set_user_sid(account_data,
svn commit: samba r1919 - in branches/SAMBA_4_0/source: libnet utils/net
Author: metze Date: 2004-08-19 13:32:06 + (Thu, 19 Aug 2004) New Revision: 1919 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=1919nolog=1 Log: paasword change basicly works now:-) but we need to find the real pdc for the users domain and fallback to other levels metze Modified: branches/SAMBA_4_0/source/libnet/libnet.h branches/SAMBA_4_0/source/libnet/libnet_passwd.c branches/SAMBA_4_0/source/libnet/libnet_rpc.c branches/SAMBA_4_0/source/utils/net/net_password.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet.h === --- branches/SAMBA_4_0/source/libnet/libnet.h 2004-08-19 13:07:49 UTC (rev 1918) +++ branches/SAMBA_4_0/source/libnet/libnet.h 2004-08-19 13:32:06 UTC (rev 1919) @@ -25,6 +25,11 @@ * a client env context * a user env context */ + struct { + const char *account_name; + const char *domain_name; + const char *password; + } user; }; /* struct and enum for connecting to a dcerpc inferface */ Modified: branches/SAMBA_4_0/source/libnet/libnet_passwd.c === --- branches/SAMBA_4_0/source/libnet/libnet_passwd.c2004-08-19 13:07:49 UTC (rev 1918) +++ branches/SAMBA_4_0/source/libnet/libnet_passwd.c2004-08-19 13:32:06 UTC (rev 1919) @@ -109,11 +109,11 @@ NTSTATUS status; union libnet_ChangePassword r2; - r2.generic.level= LIBNET_CHANGE_PASSWORD_RPC; - r2.rpc.in.account_name = NULL; - r2.rpc.in.domain_name = NULL; - r2.rpc.in.oldpassword = NULL; - r2.rpc.in.newpassword = NULL; + r2.rpc.level= LIBNET_CHANGE_PASSWORD_RPC; + r2.rpc.in.account_name = r-generic.in.account_name; + r2.rpc.in.domain_name = r-generic.in.domain_name; + r2.rpc.in.oldpassword = r-generic.in.oldpassword; + r2.rpc.in.newpassword = r-generic.in.newpassword; status = libnet_ChangePassword(ctx, mem_ctx, r2); Modified: branches/SAMBA_4_0/source/libnet/libnet_rpc.c === --- branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2004-08-19 13:07:49 UTC (rev 1918) +++ branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2004-08-19 13:32:06 UTC (rev 1919) @@ -20,8 +20,40 @@ #include includes.h +/* connect to a dcerpc interface of a domains PDC */ +NTSTATUS libnet_rpc_connect_pdc(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_rpc_connect *r) +{ + NTSTATUS status; + const char *binding = NULL; + const char *pdc = NULL; + + /* TODO: find real PDC! +* for now I use the lp_netbios_name() +* that's the most important for me as we don't have +* smbpasswd in samba4 (and this is good!:-) --metze +*/ + pdc = lp_netbios_name(); + + binding = talloc_asprintf(mem_ctx, ncacn_np:%s,pdc); + + status = dcerpc_pipe_connect(r-pdc.out.dcerpc_pipe, + binding, + r-pdc.in.dcerpc_iface_uuid, + r-pdc.in.dcerpc_iface_version, + ctx-user.domain_name, + ctx-user.account_name, + ctx-user.password); + + return status; +} + /* connect to a dcerpc interface */ NTSTATUS libnet_rpc_connect(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_rpc_connect *r) { - return NT_STATUS_NOT_IMPLEMENTED; + switch (r-pdc.level) { + case LIBNET_RPC_CONNECT_PDC: + return libnet_rpc_connect_pdc(ctx, mem_ctx, r); + } + + return NT_STATUS_INVALID_LEVEL; } Modified: branches/SAMBA_4_0/source/utils/net/net_password.c === --- branches/SAMBA_4_0/source/utils/net/net_password.c 2004-08-19 13:07:49 UTC (rev 1918) +++ branches/SAMBA_4_0/source/utils/net/net_password.c 2004-08-19 13:32:06 UTC (rev 1919) @@ -46,6 +46,9 @@ if (!libnetctx) { return -1; } + libnetctx-user.account_name= ctx-user.account_name; + libnetctx-user.domain_name = ctx-user.domain_name; + libnetctx-user.password= ctx-user.password; /* prepare password change */ r.generic.level = LIBNET_CHANGE_PASSWORD_GENERIC;
svn commit: samba r1920 - branches/SAMBA_4_0/source/librpc/idl
Author: vlendec Date: 2004-08-19 13:36:22 + (Thu, 19 Aug 2004) New Revision: 1920 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1920nolog=1 Log: This needs more inspection by the IDL experts. Reverting my last change. Volker Modified: branches/SAMBA_4_0/source/librpc/idl/dcom.idl branches/SAMBA_4_0/source/librpc/idl/svcctl.idl Changeset: Sorry, the patch is too large (524 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1920nolog=1
svn commit: samba r1921 - branches/SAMBA_3_0/packaging/Mandrake
Author: jerry Date: 2004-08-19 14:19:25 + (Thu, 19 Aug 2004) New Revision: 1921 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1921nolog=1 Log: Mandrake packaging fixes Modified: branches/SAMBA_3_0/packaging/Mandrake/samba2.spec.tmpl branches/SAMBA_3_0/packaging/Mandrake/smb.conf branches/SAMBA_3_0/packaging/Mandrake/winbind.init Changeset: Sorry, the patch is too large (981 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1921nolog=1
svn commit: samba r1922 - in branches/SAMBA_3_0_RELEASE: . packaging/Mandrake
Author: jerry Date: 2004-08-19 14:24:00 + (Thu, 19 Aug 2004) New Revision: 1922 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0_RELEASErev=1922nolog=1 Log: last minute packaging changes from Buchan Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt branches/SAMBA_3_0_RELEASE/packaging/Mandrake/samba2.spec.tmpl branches/SAMBA_3_0_RELEASE/packaging/Mandrake/smb.conf branches/SAMBA_3_0_RELEASE/packaging/Mandrake/winbind.init Changeset: Sorry, the patch is too large (1014 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0_RELEASErev=1922nolog=1
svn commit: samba r1923 - branches/SAMBA_3_0_RELEASE/packaging/Mandrake
Author: jerry Date: 2004-08-19 14:25:00 + (Thu, 19 Aug 2004) New Revision: 1923 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1923nolog=1 Log: missed adding a few files Added: branches/SAMBA_3_0_RELEASE/packaging/Mandrake/samba-3.0.2a-smbldap-config.patch branches/SAMBA_3_0_RELEASE/packaging/Mandrake/smb-migrate Changeset: Sorry, the patch is too large (292 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1923nolog=1
svn commit: samba r1924 - branches/SAMBA_3_0/packaging/Mandrake
Author: jerry Date: 2004-08-19 14:25:28 + (Thu, 19 Aug 2004) New Revision: 1924 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1924nolog=1 Log: missed adding a few files Added: branches/SAMBA_3_0/packaging/Mandrake/samba-3.0.2a-smbldap-config.patch branches/SAMBA_3_0/packaging/Mandrake/smb-migrate Changeset: Sorry, the patch is too large (292 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1924nolog=1
svn commit: samba r1925 - branches/SAMBA_4_0/source/libnet
Author: metze Date: 2004-08-19 15:04:14 + (Thu, 19 Aug 2004) New Revision: 1925 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1925nolog=1 Log: now we lookup the domain controller and fallback to a workstation name metze Modified: branches/SAMBA_4_0/source/libnet/libnet.h branches/SAMBA_4_0/source/libnet/libnet_rpc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet.h === --- branches/SAMBA_4_0/source/libnet/libnet.h 2004-08-19 14:25:28 UTC (rev 1924) +++ branches/SAMBA_4_0/source/libnet/libnet.h 2004-08-19 15:04:14 UTC (rev 1925) @@ -32,6 +32,26 @@ } user; }; +/* struct and enum for finding a domain controller */ +enum libnet_find_pdc_level { + LIBNET_FIND_PDC_GENERIC +}; + +union libnet_find_pdc { + /* find to a domains PDC */ + struct { + enum libnet_find_pdc_level level; + + struct { + const char *domain_name; + } in; + + struct { + const char *pdc_name; + } out; + } generic; +}; + /* struct and enum for connecting to a dcerpc inferface */ enum libnet_rpc_connect_level { LIBNET_RPC_CONNECT_PDC Modified: branches/SAMBA_4_0/source/libnet/libnet_rpc.c === --- branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2004-08-19 14:25:28 UTC (rev 1924) +++ branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2004-08-19 15:04:14 UTC (rev 1925) @@ -20,22 +20,55 @@ #include includes.h +/* find a domain pdc generic */ +static NTSTATUS libnet_find_pdc_generic(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_find_pdc *r) +{ + BOOL ret; + struct in_addr ip; + + ret = get_pdc_ip(mem_ctx, r-generic.in.domain_name, ip); + if (!ret) { + /* fallback to a workstation name */ + ret = resolve_name(mem_ctx, r-generic.in.domain_name, ip, 0x20); + if (!ret) { + return NT_STATUS_NO_LOGON_SERVERS; + } + } + + r-generic.out.pdc_name = talloc_strdup(mem_ctx, inet_ntoa(ip)); + + return NT_STATUS_OK; +} + +/* find a domain pdc */ +NTSTATUS libnet_find_pdc(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_find_pdc *r) +{ + switch (r-generic.level) { + case LIBNET_FIND_PDC_GENERIC: + return libnet_find_pdc_generic(ctx, mem_ctx, r); + } + + return NT_STATUS_INVALID_LEVEL; +} + /* connect to a dcerpc interface of a domains PDC */ -NTSTATUS libnet_rpc_connect_pdc(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_rpc_connect *r) +static NTSTATUS libnet_rpc_connect_pdc(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, union libnet_rpc_connect *r) { NTSTATUS status; const char *binding = NULL; - const char *pdc = NULL; + union libnet_find_pdc f; - /* TODO: find real PDC! -* for now I use the lp_netbios_name() -* that's the most important for me as we don't have -* smbpasswd in samba4 (and this is good!:-) --metze -*/ - pdc = lp_netbios_name(); + f.generic.level = LIBNET_FIND_PDC_GENERIC; + f.generic.in.domain_name= r-pdc.in.domain_name; - binding = talloc_asprintf(mem_ctx, ncacn_np:%s,pdc); + status = libnet_find_pdc(ctx, mem_ctx, f); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + binding = talloc_asprintf(mem_ctx, ncacn_np:%s, + f.generic.out.pdc_name); + status = dcerpc_pipe_connect(r-pdc.out.dcerpc_pipe, binding, r-pdc.in.dcerpc_iface_uuid,
svn commit: samba r1926 - branches/SAMBA_4_0/source/libnet
Author: metze Date: 2004-08-19 15:06:06 + (Thu, 19 Aug 2004) New Revision: 1926 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1926nolog=1 Log: fallback to other SAMR ChangePasswordUser levels 1. ChangePasswordUser3 2. ChangePasswordUser2 3. OemChangePasswordUser2 4. ChangePasswordUser (not implemented complete) metze Modified: branches/SAMBA_4_0/source/libnet/libnet_passwd.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_passwd.c === --- branches/SAMBA_4_0/source/libnet/libnet_passwd.c2004-08-19 15:04:14 UTC (rev 1925) +++ branches/SAMBA_4_0/source/libnet/libnet_passwd.c2004-08-19 15:06:06 UTC (rev 1926) @@ -29,8 +29,16 @@ { NTSTATUS status; union libnet_rpc_connect c; +#if 0 + struct policy_handle user_handle; + struct samr_Password hash1, hash2, hash3, hash4, hash5, hash6; + struct samr_ChangePasswordUser pw; +#endif + struct samr_OemChangePasswordUser2 oe2; + struct samr_ChangePasswordUser2 pw2; struct samr_ChangePasswordUser3 pw3; struct samr_Name server, account; + struct samr_AsciiName a_server, a_account; struct samr_CryptPassword nt_pass, lm_pass; struct samr_Password nt_verifier, lm_verifier; uint8_t old_nt_hash[16], new_nt_hash[16]; @@ -47,8 +55,8 @@ status = libnet_rpc_connect(ctx, mem_ctx, c); if (!NT_STATUS_IS_OK(status)) { r-rpc.out.error_string = talloc_asprintf(mem_ctx, - Connection to SAMR pipe of PDC of domain '%s' failed\n, - r-rpc.in.domain_name); + Connection to SAMR pipe of PDC of domain '%s' failed: %s\n, + r-rpc.in.domain_name, nt_errstr(status)); return status; } @@ -83,20 +91,128 @@ status = dcerpc_samr_ChangePasswordUser3(c.pdc.out.dcerpc_pipe, mem_ctx, pw3); if (!NT_STATUS_IS_OK(status)) { r-rpc.out.error_string = talloc_asprintf(mem_ctx, - ChangePassword3 failed: %s\n,nt_errstr(status)); - goto disconnect; + ChangePasswordUser3 failed: %s\n,nt_errstr(status)); + goto ChangePasswordUser2; } /* check result of password change */ if (!NT_STATUS_IS_OK(pw3.out.result)) { r-rpc.out.error_string = talloc_asprintf(mem_ctx, - ChangePassword3 for '%s\\%s' failed: %s\n, + ChangePasswordUser3 for '%s\\%s' failed: %s\n, r-rpc.in.domain_name, r-rpc.in.account_name, nt_errstr(status)); /* TODO: give the reason of the reject */ + goto ChangePasswordUser2; + } + + goto disconnect; + +ChangePasswordUser2: + + encode_pw_buffer(lm_pass.data, r-rpc.in.newpassword, STR_ASCII|STR_TERMINATE); + arcfour_crypt(lm_pass.data, old_lm_hash, 516); + E_old_pw_hash(new_lm_hash, old_lm_hash, lm_verifier.hash); + + encode_pw_buffer(nt_pass.data, r-rpc.in.newpassword, STR_UNICODE); + arcfour_crypt(nt_pass.data, old_nt_hash, 516); + E_old_pw_hash(new_nt_hash, old_nt_hash, nt_verifier.hash); + + pw2.in.server = server; + pw2.in.account = account; + pw2.in.nt_password = nt_pass; + pw2.in.nt_verifier = nt_verifier; + pw2.in.lm_change = 1; + pw2.in.lm_password = lm_pass; + pw2.in.lm_verifier = lm_verifier; + + status = dcerpc_samr_ChangePasswordUser2(c.pdc.out.dcerpc_pipe, mem_ctx, pw2); + if (!NT_STATUS_IS_OK(status)) { + r-rpc.out.error_string = talloc_asprintf(mem_ctx, + ChangePasswordUser2 failed: %s\n,nt_errstr(status)); + goto OemChangePasswordUser2; + } + + /* check result of password change */ + if (!NT_STATUS_IS_OK(pw2.out.result)) { + r-rpc.out.error_string = talloc_asprintf(mem_ctx, + ChangePasswordUser2 for '%s\\%s' failed: %s\n, + r-rpc.in.domain_name, r-rpc.in.account_name, + nt_errstr(status)); + goto OemChangePasswordUser2; + } + + goto disconnect; + +OemChangePasswordUser2: + + a_server.name = talloc_asprintf(mem_ctx, %s, dcerpc_server_name(c.pdc.out.dcerpc_pipe)); + a_account.name = r-rpc.in.account_name; + + encode_pw_buffer(lm_pass.data, r-rpc.in.newpassword, STR_ASCII); + arcfour_crypt(lm_pass.data,
svn commit: samba r1927 - branches/SAMBA_4_0/source/libnet
Author: metze Date: 2004-08-19 15:22:02 + (Thu, 19 Aug 2004) New Revision: 1927 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1927nolog=1 Log: allow the domain to be a ip address metze Modified: branches/SAMBA_4_0/source/libnet/libnet_rpc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_rpc.c === --- branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2004-08-19 15:06:06 UTC (rev 1926) +++ branches/SAMBA_4_0/source/libnet/libnet_rpc.c 2004-08-19 15:22:02 UTC (rev 1927) @@ -26,6 +26,11 @@ BOOL ret; struct in_addr ip; + if (is_ipaddress(r-generic.in.domain_name)) { + r-generic.out.pdc_name = r-generic.in.domain_name; + return NT_STATUS_OK; + } + ret = get_pdc_ip(mem_ctx, r-generic.in.domain_name, ip); if (!ret) { /* fallback to a workstation name */
svn commit: samba r1929 - branches/SAMBA_4_0/source/librpc/idl
Author: jelmer Date: 2004-08-19 16:01:23 + (Thu, 19 Aug 2004) New Revision: 1929 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1929nolog=1 Log: CHeck if cpp on AIX likes /* */ better then // Modified: branches/SAMBA_4_0/source/librpc/idl/dcom.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/dcom.idl === --- branches/SAMBA_4_0/source/librpc/idl/dcom.idl 2004-08-19 15:27:07 UTC (rev 1928) +++ branches/SAMBA_4_0/source/librpc/idl/dcom.idl 2004-08-19 16:01:23 UTC (rev 1929) @@ -26,10 +26,10 @@ { WERROR stub(); - // Machine Identifier + /* Machine Identifier */ #define MID HYPER_T -// Object Exporter Identifier +/* Object Exporter Identifier */ #define OXID HYPER_T // Object Identifer
svn commit: samba r1930 - tags
Author: jerry Date: 2004-08-19 18:53:38 + (Thu, 19 Aug 2004) New Revision: 1930 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1930nolog=1 Log: tagging 3.0.6 Added: tags/release-3-0-6/ Changeset: Copied: tags/release-3-0-6 (from rev 1929, branches/SAMBA_3_0_RELEASE)
svn commit: samba-docs r191 - tags
Author: jerry Date: 2004-08-19 18:53:45 + (Thu, 19 Aug 2004) New Revision: 191 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=191nolog=1 Log: tagging 3.0.6 Added: tags/release-3-0-6/ Changeset: Copied: tags/release-3-0-6 (from rev 190, )
svn commit: samba r1931 - branches/SAMBA_3_0/swat/help
Author: jerry Date: 2004-08-19 19:56:17 + (Thu, 19 Aug 2004) New Revision: 1931 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1931nolog=1 Log: fix broken documentation links Modified: branches/SAMBA_3_0/swat/help/welcome.html Changeset: Modified: branches/SAMBA_3_0/swat/help/welcome.html === --- branches/SAMBA_3_0/swat/help/welcome.html 2004-08-19 18:53:38 UTC (rev 1930) +++ branches/SAMBA_3_0/swat/help/welcome.html 2004-08-19 19:56:17 UTC (rev 1931) @@ -57,9 +57,9 @@ libBooks/b ul lia href=/swat/using_samba/toc.html target=docsUsing Samba, 2ed./a - by Jay Ts, Robert Eckstein, and David Collier-Brown -lia href=/swat/help/howto/The Official Samba HOWTO and Reference Guide/a -lia href=/swat/help/guide/Samba 3 by Example/a -lia href=/swat/help/devel/The Samba Developer Guide/a +lia href=/swat/help/Samba-HOWTO-Collection/The Official Samba HOWTO and Reference Guide/a +lia href=/swat/help/Samba-Guide/Samba 3 by Example/a +lia href=/swat/help/Samba-Developers-Guide/The Samba Developer Guide/a /ul /ul