[Samba] copy files to windows thru smbmount
hello i have this strange problem: i've ounted up a windows share on my linux machine, and tryign to copy a file to it, which is bigger than 2gbs, and it fails with a maximum file size exceeded error. the linux is running ext3, and windows is ntfs, so the size limit must be somewhere in samba. i've read on http://www.mail-archive.com/samba@lists.samba.org/msg10412.html about this. ive tryed 2.2.9, 2.2.11, 2.2.12, even one from the 3 series, but im still getting this error. i've seen in the changelog that it was fixed, but i cant figure out what im doing wrong. can anyone help me with it? thanks in advance, wd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] copy files to windows thru smbmount
Csere Mtys wrote: hello i have this strange problem: i've ounted up a windows share on my linux machine, and tryign to copy a file to it, which is bigger than 2gbs, and it fails with a maximum file size exceeded error. the linux is running ext3, and windows is ntfs, so the size limit must be somewhere in samba. i've read on http://www.mail-archive.com/samba@lists.samba.org/msg10412.html about this. ive tryed 2.2.9, 2.2.11, 2.2.12, even one from the 3 series, but im still getting this error. i've seen in the changelog that it was fixed, but i cant figure out what im doing wrong. can anyone help me with it? thanks in advance, wd What I understand from recent posts is that when you 'mount' a samba-share on your windows machine, there are 'no' limits to the file-size you transfer. Here you are using samba. If you mount a windows-share on your linux-machine, you're not using samba, but smbfs. smbfs has a limitation concerning file sizes. If you use cifs (a replacement for smbfs, I don't know how you can do this B.T.W., maybe load a module or so), then that problem is gone. Again, these are my interpretations of posts on this list. Someone correct me if I'm wrong. -- Met vriendelijke groeten, Koenraad Lelong RD Manager ACE electronics n.v. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Using samba on two domains
Hello all, Thought I'd let you know what I've been trying in addition to the mail below to get this thing to work. This morning, I installed a second copy of the samba server, and got it to run simultaneously with the existing one. ss1 serves DOM1 and ss2 serves DOM2. ss2 has a copy of the smb.conf file for ss1, only with the workgroup changed to DOM2. Both servers use the same smbpasswd file. Using the same WIN98SE computer, when logged in on domain DOM1, I can access ss1, however, when on the same computer logged in on domain DOM2, I still get invalid password to ss2. A bit of information I forgot to mention in my mail. The webserver, which for now has a testpage on it, is accessible on DOM1 through http://ss1/ and it also works on DOM2 through http://ss2/ so the error is not network related. Greetings, Niki Van Strydonck From: Van Strydonck, Niki Sent: Thu 16-Dec-04 16:34 Subject: [Samba] Using samba on two domains Hello all, We've been using samba version 3.0.4 on RH9 with success for quite a while now for shares on our domain (DOM1). Since this machine will have to be available in the near future in another domain (DOM2) as a webserver, and limited fileserver, another network interface has been added for the NIC. When browsing the shares from a WIN98SE computer in DOM2, we are able to see the computer, but when wanting to list the shares, we're prompted for a password. When entering the correct password, we still get Invalid password. When doing the same on the same WIN98SE computer in DOM1, it is successful. The computer has DSClient for windows 98 installed. The error logs for the connection from DOM2 gives the following: smbd/service.c: make_connection(706) make_connection: refusing to connect with no session setup We've tried the following to remedy the problem, without success: - in smb.conf, add the parameter interfaces, listing the two valid ip-ranges and subnetmasks. - set the windows registry key to send plain text passwords - set DOM2 as an accepted host - tried both encrypt password = yes and no - We even tried mapping bad password to log in as guest account Alas, none of these seem to work. Has anyone had issues with this before? I'd appreciate some pointers. Thanks in advance, Niki Van Strydonck Here's the smb.conf used [global] workgroup = DOM1 server string = server9 printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log max log size = 0 pam password change = yes obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 username map = /etc/samba/smbusers guest ok = yes encrypt passwords = yes dns proxy = no [homes] comment = Home Directories browseable = no writeable = yes valid users = %S create mode = 0664 directory mode = 0775 [printers] comment = All Printers path = /var/spool/samba browseable = no printable = yes [test] comment = test path = /winshare/test writeable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot share MSAccess DB after upgrade 3.0.5 to 3.0.8
3.0.8 has an evil file attribute bug if your samba server has ACL support. Try 3.0.10. Daniel. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[samba] Adding Domain Groups to local Groups Crashed XP
Hi, Im using samba 3.0.9 with LDAP (Sun Iplanet 5.2 directory Server). On an XP client, im trying to add Domain Users group to the Local Power Users group (For windows updates etc...) However when i try to add the group it just crashed the windows. Also if i use the usrmgr.exe to edit groups, the usermgr also crashes, nothing in logs to show any errors. If i use windows 2000 pro to add Domain Users group to the Local Power Users group it works but takes about 2 mins? Any ideas anybody? my smb.conf file: [global] workgroup = UNI-STAFF passdb backend = ldapsam:ldap://yoda.sunderland.ac.uk username map = /usr/local/lib/usermap log level = 2 logon path = \\uos-stud\profiles\%U logon home = domain logons = Yes os level = 33 preferred master = Yes domain master = Yes ldap admin dn = cn=Directory Manager ldap group suffix = ou=domain-groups ldap idmap suffix = ou=domain-groups,dc=sunderland,dc=ac,dc=uk ldap machine suffix = ou=domain-computers ldap passwd sync = Yes ldap suffix = dc=sunderland,dc=ac,dc=uk idmap backend = ldap:ldap://yoda.sunderland.ac.uk [netlogon] comment = netlogon share path = /usr/local/lib/netlogon -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] copy files to windows thru smbmount
Csere Mtys wrote: hello i have this strange problem: i've ounted up a windows share on my linux machine, and tryign to copy a file to it, which is bigger than 2gbs, and it fails with a maximum file size exceeded error. the linux is running ext3, and windows is ntfs, so the size limit must be somewhere in samba. i've read on http://www.mail-archive.com/samba@lists.samba.org/msg10412.html about this. ive tryed 2.2.9, 2.2.11, 2.2.12, even one from the 3 series, but im still getting this error. i've seen in the changelog that it was fixed, but i cant figure out what im doing wrong. can anyone help me with it? thanks in advance, wd How to mount with cifs : http://www.uwplatt.edu/oit/howto/mountvolumecifs-lin.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ldap machine suffix fixed?
OK, so what I am hearing is that: 1. It is still a problem. 2. But it isn't a Samba problem, it is an nss_ldap problem. 3. There might be some work arounds. Possible workarounds: A. Burry the Two OU's one deeper and do a subtree search on the parent OU. Works but not scaleable. I disagree on the not scaleable claim. NSS *MUST* see all valid posix accounts, so you're going to perform one sub search or *TWO* one-level searches? I'll put my money on the former as a better (and faster) solution. If your nss search is slow - 1. Fix your indexes 2. Tune your DSA 3. Run nscd (you can also increase the nscd cache size if you have lots of active users, x ~200) All three should be standard practice anyway. B. Add filter keyword to uh... Is it /etc/ldap.conf or nss_switch.conf? Syntax? nss performs all searches with an objectclass filter and searches for uid and uidNumber are equality searches; any properly configured DSA is going to be able to chunk through thousands of such searches per minute; and if your caching it won't even have to. And set your various bases in NSS - nss_base_passwdou=Entities,ou=SAM,dc=whitemice,dc=org nss_base_shadowou=Entities,ou=SAM,dc=whitemice,dc=org nss_base_group ou=Groups,ou=SAM,dc=whitemice,dc=org Still to slow? (You must have tens of thousands of users). You can either run a local replicant just for the local Samba NSS that you can communicate with via the UNIX domain socket (way faster than TCP/IP) or run a local proxy cache backend (also using the UNIX domain socket). Most of our user apps like address books and what are aimed through a proxy, because those are the kind of searches that slow things down, and it performs wonderfully. Am I in the right ballpark here? :-) There is no problem. The 'problem' results from a failure to properly conceptualize the situation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot disable renaming/deleting of files?
Hi, I am having problem preventing renaming and deleting files owned by someone else. Idea is to have directory where some people can save files and only admins in that share can read files. Now the problems is that users must be able to write those files and directory permissions need to have write access and trying to restrict file access using create mode = 700 works fine for protecting how files can be read. But users can still rename and remove files. Example file structure: \\server\sharename\ -dir1 [users can write files here, but only read their own] -dir2 -dir2\subdir1 [users can also write files here, but only read their own] Here is share configuration: [sharename] comment = comment path = /path/to/share public = no writable = yes create mode = 700 directory mode = 777 write list = @Users admin users = @ShareAdmins valid users = @ShareAdmins @Users available = yes browseable = yes guest only = no only user = no Thanks, Vesa Jääskeläinen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[samba] Adding Domain Groups to local Groups Crashed XP
Hi, Im using samba 3.0.9 with LDAP (Sun Iplanet 5.2 directory Server). On an XP client, im trying to add Domain Users group to the Local Power Users group (For windows updates etc...) However when i try to add the group it just crashed the windows. Also if i use the usrmgr.exe to edit groups, the usermgr also crashes, nothing in logs to show any errors. If i use windows 2000 pro to add Domain Users group to the Local Power Users group it works but takes about 2 mins? Any ideas anybody? my smb.conf file: [global] workgroup = UNI-STAFF passdb backend = ldapsam:ldap://yoda.sunderland.ac.uk username map = /usr/local/lib/usermap log level = 2 logon path = \\uos-stud\profiles\%U logon home = domain logons = Yes os level = 33 preferred master = Yes domain master = Yes ldap admin dn = cn=Directory Manager ldap group suffix = ou=domain-groups ldap idmap suffix = ou=domain-groups,dc=sunderland,dc=ac,dc=uk ldap machine suffix = ou=domain-computers ldap passwd sync = Yes ldap suffix = dc=sunderland,dc=ac,dc=uk idmap backend = ldap:ldap://yoda.sunderland.ac.uk [netlogon] comment = netlogon share path = /usr/local/lib/netlogon -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.10 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Bork wrote: | Gerald Carter schrieb: | | This is the latest stable release of Samba. This is the version | that production Samba servers should be running for all current | bug-fixes. This is primarily a security release to address | CAN-2004-1154. | | | Compiles ok with changed configure and printing-3-0-10.patch :) | | | A question to the thread 3.0.9 and macro %f | | http://marc.theaimsgroup.com/?l=sambam=110260704009010w=2 | | Do you have a patch for that? Not fixed yet. Is tehre a bugzilla number for it ? Just so I don't forget. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBwuuoIR7qMdg1EfYRAnueAJ97+DERqAC5Tkbw9bB63pS/OEtyjACffHgo h4xOxQJo/Ve/rRxFdJSSdkY= =i3P0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File locking issues with Peachtree
I am having problems with storing Peachtree Complete Accounting on a Samba share. I know people have reported issues like this before but I have yet to see a solution. Is there anyone here who has successfully set this up (without getting the lock errors)? Any help would be greatly appreciated. -Donald -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] Adding Domain Groups to local Groups Crashed XP
Daniel Wilson wrote: Hi, Im using samba 3.0.9 with LDAP (Sun Iplanet 5.2 directory Server). On an XP client, im trying to add Domain Users group to the Local Power Users group (For windows updates etc...) However when i try to add the group it just crashed the windows. Also if i use the usrmgr.exe to edit groups, the usermgr also crashes, nothing in logs to show any errors. If i use windows 2000 pro to add Domain Users group to the Local Power Users group it works but takes about 2 mins? Any ideas anybody? my smb.conf file: [global] workgroup = UNI-STAFF passdb backend = ldapsam:ldap://yoda.sunderland.ac.uk username map = /usr/local/lib/usermap log level = 2 logon path = \\uos-stud\profiles\%U logon home = domain logons = Yes os level = 33 preferred master = Yes domain master = Yes ldap admin dn = cn=Directory Manager ldap group suffix = ou=domain-groups ldap idmap suffix = ou=domain-groups,dc=sunderland,dc=ac,dc=uk ldap machine suffix = ou=domain-computers ldap passwd sync = Yes ldap suffix = dc=sunderland,dc=ac,dc=uk idmap backend = ldap:ldap://yoda.sunderland.ac.uk [netlogon] comment = netlogon share path = /usr/local/lib/netlogon I was recently doing some experimenting with Directory Server 5.2 and Samba on Redhat AS 2.1 and RHEL3 and encountered a strange issue that sounds somewhat related. After everything was configured perfectly, win2k clients could join the domain, log on and everything was wonderful. However whenever I tried to logon to an XP client with a domain account, it would authenticate and then reboot the computer. It does not do this with OpenLDAP...I was never able to make any more progress on the issue and have since become sidetracked. Is your XP client actually crash (blue screen) or is it just rebooting? Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] copy files to windows thru smbmount
first of all, thanks for the help! thats just how im mounting it right now. i've installed the whole stuff from debian packages, and i've installed smbfs everytime, so i thought that would be up to date too. but as i recall there is a kernel module named smbfs too, so there must be one named cifs right? anyone could send me some links where i could catch up on this, so i wouldnt bug the mailinglist with this? =P thanks wd -Eredeti zenet- Felad: Koenraad Lelong [mailto:[EMAIL PROTECTED] Kldve: P 2004. 12. 17. 13:02 Cmzett: Msolatot kap: [EMAIL PROTECTED] Trgy: Re: [Samba] copy files to windows thru smbmount Csere Mtys wrote: hello i have this strange problem: i've ounted up a windows share on my linux machine, and tryign to copy a file to it, which is bigger than 2gbs, and it fails with a maximum file size exceeded error. the linux is running ext3, and windows is ntfs, so the size limit must be somewhere in samba. i've read on http://www.mail-archive.com/samba@lists.samba.org/msg10412.html about this. ive tryed 2.2.9, 2.2.11, 2.2.12, even one from the 3 series, but im still getting this error. i've seen in the changelog that it was fixed, but i cant figure out what im doing wrong. can anyone help me with it? thanks in advance, wd How to mount with cifs : http://www.uwplatt.edu/oit/howto/mountvolumecifs-lin.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Cannot share MSAccess DB after upgrade 3.0.5 to 3.0.8
-Original Message- From: Beschorner Daniel [mailto:[EMAIL PROTECTED] 3.0.8 has an evil file attribute bug if your samba server has ACL support. Try 3.0.10. What are the details on this? I thought I'd been carefully watching the release announcements for anything ACL-related, but I apparently missed this one. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Unable to save files to share
no, I used cifs instead of smbfs in fstab, see man mount.cifs. But I'd guess that there are others on this list that know more about this, or not??? Chris On Tuesday 14 December 2004 23:54, Des Dougan wrote: On Tue, 2004-12-14 at 22:37 +0100, C. Hurschler wrote: I had the same errors with the 2.6.9 kerme on a Debian Sarge system. I read somewhere that one should use cifs, which seems to work for me. I haven't had time to fully verify it though. Chris, Do you mean replace the samba client RPM(s) with a cifs RPM? Do you know what the differences are? Is cifs a product of the Samba team? Des -- Des Dougan, Principal Dougan Consulting Group Ph: 604-980-2848 Email: des at DouganConsulting dot com www.DouganConsulting.com Design - Implementation - Support -- C. Hurschler Bodenstedtstr. 13 30173 Hannover -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] Adding Domain Groups to local Groups Crashed XP
Its just frezzing, you cant do anything so a manual reboot is needed! Christian Merrill wrote: Daniel Wilson wrote: Hi, Im using samba 3.0.9 with LDAP (Sun Iplanet 5.2 directory Server). On an XP client, im trying to add Domain Users group to the Local Power Users group (For windows updates etc...) However when i try to add the group it just crashed the windows. Also if i use the usrmgr.exe to edit groups, the usermgr also crashes, nothing in logs to show any errors. If i use windows 2000 pro to add Domain Users group to the Local Power Users group it works but takes about 2 mins? Any ideas anybody? my smb.conf file: [global] workgroup = UNI-STAFF passdb backend = ldapsam:ldap://yoda.sunderland.ac.uk username map = /usr/local/lib/usermap log level = 2 logon path = \\uos-stud\profiles\%U logon home = domain logons = Yes os level = 33 preferred master = Yes domain master = Yes ldap admin dn = cn=Directory Manager ldap group suffix = ou=domain-groups ldap idmap suffix = ou=domain-groups,dc=sunderland,dc=ac,dc=uk ldap machine suffix = ou=domain-computers ldap passwd sync = Yes ldap suffix = dc=sunderland,dc=ac,dc=uk idmap backend = ldap:ldap://yoda.sunderland.ac.uk [netlogon] comment = netlogon share path = /usr/local/lib/netlogon I was recently doing some experimenting with Directory Server 5.2 and Samba on Redhat AS 2.1 and RHEL3 and encountered a strange issue that sounds somewhat related. After everything was configured perfectly, win2k clients could join the domain, log on and everything was wonderful. However whenever I tried to logon to an XP client with a domain account, it would authenticate and then reboot the computer. It does not do this with OpenLDAP...I was never able to make any more progress on the issue and have since become sidetracked. Is your XP client actually crash (blue screen) or is it just rebooting? Christian -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RHEL3 3.0.9 Release Active Directory Membership
Some preliminary testing indicates that there may be problems in the newly released Red Hat 3.0.9 packages (not samba.org's) in regard to joining an AD as a full member (w/kerberos). This may also affect maintaining current membership in such an environment. If anyone has already upgraded and is experiencing the same or different behavior please let me know. Specifically we are seeing no support for encryption type messages when using a net ads join and a return code of -1. Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba PDC Server Local SID, Domain SID, and GROUP RID Question
On Mon, Dec 13, 2004 at 09:32:27AM -0600, bryanw wrote: My samba PDC is using the tdbsam backend and, for the most part is working flawlessly. However, when using smbpasswd to add samba accounts, I always get the following error: tdb_update_sam: Failing to store a SAM_ACCOUNT for [userid] without a primary group RID Now, I've googled a lot on this and have read through the mailing list archives and know that this often has to do with people not having group mapping setup. But I do: jerry:~# net groupmap list | grep users Users (S-1-5-32-545) - users Domain Users (S-1-5-21-1590455367-7305976-751859383-513) - users As it turns out, I had group mapping set up, but too thoroughly. Found this in the archives: -- snip -- The problem can be also caused if you already have 'Domain Users - users' and add 'Users - users' since Samba mapps gid - SID by finding the first SID - gid mapping with the right gid and will fail if 'Users - users' is the first map it encounters. -- end snip -- Thanks, Bryan Walton -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [proposal] Samba Software Foundation
On Wed, 15 Dec 2004, [ISO-8859-1] Gémes Géza wrote: Charles N Wyble írta: i like it. i like it a lot. sounds wonderful. lets get this going. the time is NOW to kill exchange. -charles http://www.thewybles.com/~charles www.oserproject.org Yes it realy sounds wonderful, and the basic idea probably is, but I dislike the reiteration of personal tastes, and dislikes. Imposing if xy would say something negative about me I'll take my ball with me and won't play again with you until you would force him to leave IMHO sounds too childish in an OSS software organizations ruleset :-( Not only that, it is not clear that we need a change in structure given that: 1. Things seem to be working pretty well the current way, in any case, and 2. We have technical agreement among the people who are actually working on the code. The direction that samba4 has taken promises to bring us a big improvement in the correctness and flexibility of the code. Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] adding and updating DNS entries on a Win2003 AD server
I'm trying to create/update DNS records on a Windows 2003 server from a Linux (Debian) client. The situation is this: - a Linux workstation, that gets its IP from a DHCP server - a completely separate Windows 2003 AD server, that handles DNS for workstations (mainly laptops) in our domain The DHCP server is owned by IT and is totally outside our control, so no possibility of doing it through the DHCP negotiation. I found the following in the archives: = Lucas Machado wrote: | I looked through the net man page and googled with no | luck...I was wondering if it is possible to have a DNS entry | created for the machine I add using net ads join without | me having to manually add it to the DNS. We don't currently do this but you could wrap 'net ads join' with a script that did the update for you. No examples on hand. Sorry. cheers, jerry = I get the idea from this that it's possible, but... how? Does anyone know of a tool that can create/update the DNS record on the Windows server? Thanks in advance... James ^^ James Bradley Eagan, McAllister Associates [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issues with trustdom on 3.0.9
Anyone that can offer some insight? This now happens to me on two sites, both HP-UX PA-Risc-2.0. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 14 Dec 2004, Ryan Novosielski wrote: I upgraded from 2.2.12 (and kept my tdb files -- it is a possibility that this is a part of my problem, but let me run it by you anyway). I'm attempting to do a domain trust between my production domain and a test domain. However, on my production domain, I have the following problem: # /products/samba/bin/net rpc trustdom list -U novosirj Password: Trusted domains list: NWK-DEV S-1-5-21-3621456476-1818373083-1045877787 Trusting domains list: [2004/12/14 12:02:21, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2004/12/14 12:02:21, 0] utils/net_rpc.c:rpc_trustdom_list(4692) Couldn't enumerate accounts. Error was: NT_STATUS_UNSUCCESSFUL ...I don't even know where to begin to check this out more thorougly. It works fine on the test system, where everything is fresh, but there are also a lot fewer restrictions/other activities on that box. A point in the right direction would be much appreciated. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba as pdc in NT domain
i've configure my samba server as pdc but when i try to connect win client using win XP, it said that no network path found. i've double check and recheck the permission of the configuration file and the file used by the smb.conf..but the result is still the same. please help me..what should i do?? note: i'm using redhat 9.0 with client NT and XP. thanks before guys!!! __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RHEL3 3.0.9 Release Active Directory Membership
Hello Christian, Here at Iowa State, we have experienced exactly this behavior, although we haven't noticed any of my samba servers loosing their domain membership. It appears that samba is still functioning via the rpc methods. We compiled samba.org's srpms and haven't had any problems. I can't verify this right now, but I recall having this same problem with RH's 3.0.7 package. I'm still digging to see if that was indeed the case. We are running Samba with an AD in native 2000 mode. We are beginning the transition to AD 2003. We have about 3 dozen or so samba servers in our domain. Let me know if you need any more help or testing or whatever. Thanks, Ben Vaughan Ben Vaughan Engineering Computing Support Services CLUE Network SysAdmin Iowa State University -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christian Merrill Sent: Friday, December 17, 2004 11:05 AM To: [EMAIL PROTECTED] Subject: [Samba] RHEL3 3.0.9 Release Active Directory Membership Some preliminary testing indicates that there may be problems in the newly released Red Hat 3.0.9 packages (not samba.org's) in regard to joining an AD as a full member (w/kerberos). This may also affect maintaining current membership in such an environment. If anyone has already upgraded and is experiencing the same or different behavior please let me know. Specifically we are seeing no support for encryption type messages when using a net ads join and a return code of -1. Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] losing NT4 WAN trust domains with samba-3.0.8+
If I use any of the binary packages for SuSE SLES9 greater than 3.0.7 I can not see some of my NT4 trust domain via winbind. We have 5 regular NT 4 domains that trust each other. Two of them our within our LAN (local subnet), one of these domains the samba machine is within ... security = domain. There's another 5 domains that are setup for our AD enviroment for exchange, mixed mode. Using 3.0.7 and below, if I do a getent passwd I can see accounts from all 10 domains. If I upgrade to 3.08-3.0.10 I lose the 3 of the 5 regular NT 4 domains. These domains are not within my lan, local subnet. Some possible items from the 3.0.8 release notes that might explain this: o New experimental idmap backend for assigning uids/gids directly based on the user/group RID when acting as a member of single domain without any trusts. o New experimental idmap backend for assigning uids/gids directly based on the user/group RID when acting as a member of single domain without any trusts. * Fix deadlock loop in winbind's required_membership_sid verification. * Bring the same level of required_membership-functionality that ntlm_auth uses, to pam_winbindd as well. * Add the idmap_rid module (written in conjunction with Sumit Bose ). * Prevent idmap_rid from making unnecessary calls to domain controllers for trusted domains. Any help would be much appreciated, as it's stopping our windows fileserver replacement we were going to do during the holiday break. Adam _ **Works with samba 3.0.7 and below, fails with 3.0.8 and above [global] workgroup = RICK interfaces = 127.0.0.1 eth0 bind interfaces only = true passdb backend = ldapsam:ldap://linuxwest.XX.com map to guest = guest security = domain encrypt passwords = yes server string = Samba Server netbios name = linuxwest domain master = false domain logons = no local master = no obey pam restrictions = yes wins server = 172.XX.XXX.1 name resolve order = wins lmhosts hosts username map = /etc/samba/smbusers winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash ldap suffix = dc=XX,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=ricardo-us,dc=com idmap backend = ldap:ldap://linuxwest.XX.com allow trusted domains = yes map acl inherit = yes add user script = /usr/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /usr/sbin/smbldap-userdel.pl '%u' add group script = /usr/sbin/smbldap-groupadd.pl -p '%g' delete group script = /usr/sbin/smbldap-groupdel.pl '%g' add user to group script = /usr/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod.pl -g -%g' '%u' add machine script = /usr/sbin/smbldap-useradd.pl -w '%u' host msdfs = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY deadtime = 3 wins support = no _ **Works with samba 3.0.7 and below, fails with 3.0.8 and above [global] workgroup = RICARDO interfaces = 127.0.0.1 eth0 bind interfaces only = true map to guest = guest security = domain encrypt passwords = yes server string = Samba Server netbios name = linuxeast domain master = false domain logons = no local master = no obey pam restrictions = yes wins server = 172.20.161.1 name resolve order = lmhosts hosts wins bcast username map = /etc/samba/smbusers winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash allow trusted domains = yes map acl inherit = yes host msdfs = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 IPTOS_LOWDELAY deadtime = 3 wins support = no passdb backend = tdbsam:/etc/samba/passdb.tdb smbpasswd:/etc/samba/smbpasswd preferred master = auto _ /etc/nsswitch.conf passwd: compat winbind group: compat winbind hosts: files dns wins networks: files dns services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases:files passwd_compat: ldap group_compat: ldap __ example pam.d file - login #%PAM-1.0 authsufficient pam_winbind.so authrequisite pam_unix2.sonullok #set_secrpc authrequiredpam_securetty.so authrequired
Re: [Samba] RHEL3 3.0.9 Release Active Directory Membership
Ben Vaughan wrote: Hello Christian, Here at Iowa State, we have experienced exactly this behavior, although we haven't noticed any of my samba servers loosing their domain membership. It appears that samba is still functioning via the rpc methods. We compiled samba.org's srpms and haven't had any problems. I can't verify this right now, but I recall having this same problem with RH's 3.0.7 package. I'm still digging to see if that was indeed the case. We are running Samba with an AD in native 2000 mode. We are beginning the transition to AD 2003. We have about 3 dozen or so samba servers in our domain. Let me know if you need any more help or testing or whatever. Thanks, Ben Vaughan Ben Vaughan Engineering Computing Support Services CLUE Network SysAdmin Iowa State University -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christian Merrill Sent: Friday, December 17, 2004 11:05 AM To: [EMAIL PROTECTED] Subject: [Samba] RHEL3 3.0.9 Release Active Directory Membership Some preliminary testing indicates that there may be problems in the newly released Red Hat 3.0.9 packages (not samba.org's) in regard to joining an AD as a full member (w/kerberos). This may also affect maintaining current membership in such an environment. If anyone has already upgraded and is experiencing the same or different behavior please let me know. Specifically we are seeing no support for encryption type messages when using a net ads join and a return code of -1. Christian Actually we've figured this out. Our rpm was built against U4's libkrb5. You should be able to compile RH's source package and see this problem disappear. I believe we should have a binary fix out shortly. Christian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] losing NT4 WAN trust domains with samba-3.0.8+ - more info..
The missing domains do show up in net rpc trustdom list -U Administrator linuxeast:/etc/pam.d # net rpc trustdom list -U administrator Password: Trusted domains list: W2K1 S-1-5-21-(X)15 W2K2 S-1-5-21-(X)30 NT4_missing_1 S-1-5-21-(X)88 NT4_missing_2S-1-5-21-(X)46 NT_local S-1-5-21-(X)31 W2K3S-1-5-21-(X)62 Trusting domains list: W2K2 S-1-5-21-(X)30 NT4_local S-1-5-21-(X)31 W2K3S-1-5-21-(X)62 NT4_missing_1S-1-5-21-(X)46 W2K1 S-1-5-21-(X)15 NT4_missing_2S-1-5-21-(X)88 No clue to why winbind is ignoring them with the samba releases over 3.0.7 Adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Changing IP brings wins error message
Hi all, I have found and error on my log.nmbd shown below that I do not know how to get rid off. I have been using the server with IP 192.168.13.1 and I have changed to 192.168.1.1. Now although it works, it brings that error message. It seems that it stores somewhere that it have been using such ip address. I have checked the smb.conf , and it is no longer enabled there, now it is 192.168.1.1 instead. Any ideas are welcome. Thank you in advance. [2004/12/17 23:43:44, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.7 started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2004/12/17 23:43:44, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup GRUPO_TRABAJO, subnet UNICAST_SUBNET. [2004/12/17 23:43:44, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) become_domain_master_browser_wins: querying WINS server from IP 192.168.1.1 for domain master browser name GRUPO_TRABAJO1b on workgroup GRUPO_TRABAJO [2004/12/17 23:43:44, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113) * Samba server MAIN is now a domain master browser for workgroup GRUPO_TRABAJO on subnet UNICAST_SUBNET * [2004/12/17 23:43:44, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup GRUPO_TRABAJO on subnet 192.168.1.1 [2004/12/17 23:43:44, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295) become_domain_master_browser_bcast: querying subnet 192.168.1.1 for domain master browser on workgroup GRUPO_TRABAJO [2004/12/17 23:43:52, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113) * Samba server MAIN is now a domain master browser for workgroup GRUPO_TRABAJO on subnet 192.168.1.1 * [2004/12/17 23:44:05, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488) get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP 192.168.13.1 failed. Cannot get workgroup name. [2004/12/17 23:44:07, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server MAIN is now a local master browser for workgroup GRUPO_TRABAJO on subnet 192.168.1.1 * [2004/12/17 23:59:24, 0] nmbd/nmbd_browsesync.c:get_domain_master_name_node_status_fail(488) get_domain_master_name_node_status_fail: Doing a node status request to the domain master browser at IP 192.168.13.1 failed. Cannot get workgroup name. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS NT4 trusted domains not working .
RH 3.0 ES
krb5 1.2.7
Samba 3.0.9
I am trying to use Samba, Winbind and Kerberos to configure single sign
in and allow users from both Windows and Linux (RH 3.0 ES) platforms to
use shares from either platform. I can not see users from my primary
domain but can see the trusted NT4 groups and users. I have been trying
to get this right for the last week and keep thinking I am missing
something easy. I followed the following doc for setup procedures. Any
help would be appreciated.
http://www.wlug.org.nz/ActiveDirectorySamba
Primary QG.COM
AD = W2K3 running in W2K native mode. With two way trusts with the
following.
3 - W2K3 AD in W2K3 native
5 - NT4 trusted domains
[EMAIL PROTECTED] rhn-packages]# wbinfo -t
checking the trust secret via RPC calls succeeded
[EMAIL PROTECTED] rhn-packages]# wbinfo -m
SXEC2
BUILTIN
QMED
CORPORATE
QG_INKJET
QUADTECH
HIGHTECH
IMAGING
QUADMED
CUSTOMERS
[EMAIL PROTECTED] rhn-packages]# wbinfo --sequence
SXEC2 : 1
BUILTIN : 1
QMED : DISCONNECTEDW2K3 Native
CORPORATE : 1031564NT
QG_INKJET : 95442 NT
QUADTECH : 9281NT
HIGHTECH : 164705 NT
IMAGING : 60026NT
QUADMED : DISCONNECTEDW2K3
CUSTOMERS : DISCONNECTEDW2K3
QG : DISCONNECTEDW2K3 in W2K native
wbinfo -g
BUILTIN\System Operators
BUILTIN\Replicators
BUILTIN\Guests
BUILTIN\Power Users
BUILTIN\Print Operators
BUILTIN\Administrators
BUILTIN\Account Operators
BUILTIN\Backup Operators
BUILTIN\Users
QMED\Domain Admins
QMED\Domain Users
QMED\Domain Guests
QMED\Domain Computers
QMED\Domain Controllers
QMED\Schema Admins
QMED\Enterprise Admins
QMED\Group Policy Creator Owners
QMED\DnsUpdateProxy
QUADTECH\AbnAmro
QUADTECH\Domain Admins
QUADTECH\Domain Guests
QUADTECH\Domain Users
QUADTECH\Organisatie
HIGHTECH\Domain Admins
HIGHTECH\Domain Guests
HIGHTECH\Domain Users
IMAGING\Domain Admins
IMAGING\Domain Guests
IMAGING\DOMAIN POLICY
IMAGING\DOMAIN PROD
IMAGING\Domain Users
CUSTOMERS\Domain Admins
CUSTOMERS\Domain Users
CUSTOMERS\Domain Guests
CUSTOMERS\Domain Computers
CUSTOMERS\Domain Controllers
CUSTOMERS\Schema Admins
CUSTOMERS\Enterprise Admins
CUSTOMERS\Group Policy Creator Owners
CUSTOMERS\DnsUpdateProxy
SMB.conf
[global]
netbios name = SXEC2
workgroup = QG
encrypt passwords = yes
realm = QG.COM
server string = Enterprise Computing Linux Server
security = ADS
password server = IP of my AD server
log level = 3
os level = 0
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
krb5.conf
[logging]
default = FILE:/var/log/krb5/krb5libs.log
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = QG.COM
default_tgs_enctypes = RC4-HMAC des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_tkt_enctypes = RC4-HMAC des3-hmac-sha1 des-cbc-crc des-cbc-md5
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
QG.COM = {
kdc = IP of my AD server
default_domain = qg.com
}
[domain_realm]
.qg.com = QG.COM
qg.com = QG.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Duane Ochs
Enterprise Computing
Quad/Graphics Inc.
Sussex, Wisconsin
414-566-2375 phone
414-566-4010 pin# 2375 beeper
[EMAIL PROTECTED]
www.QG.com outbind://8/www.QG.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 RC1: Unable to find a suitable server
Pls send more details about connecting FC3 machine to ADS. thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 RC1: Unable to find a suitable server
Pls send more details about connecting FC3 machine to ADS. Please visit http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r4248 - in branches/SAMBA_3_0/source/utils: .
Author: vlendec
Date: 2004-12-17 08:51:23 + (Fri, 17 Dec 2004)
New Revision: 4248
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4248
Log:
Implement smbstatus -n, don't lookup users and groups. On heavily loaded
winbind systems, looking up hundreds of users can turn out to be a bit too
expensive if you just want to find out which smbd handles a particular IP
address.
Volker
P.S: Who is OH? ;-)
Modified:
branches/SAMBA_3_0/source/utils/status.c
Changeset:
Modified: branches/SAMBA_3_0/source/utils/status.c
===
--- branches/SAMBA_3_0/source/utils/status.c2004-12-17 06:35:11 UTC (rev
4247)
+++ branches/SAMBA_3_0/source/utils/status.c2004-12-17 08:51:23 UTC (rev
4248)
@@ -36,7 +36,7 @@
#include includes.h
#define SMB_MAXPIDS2048
-static pstring Ucrit_username = ; /* added by
OH */
+static uid_t Ucrit_uid = 0; /* added by OH */
static pid_t Ucrit_pid[SMB_MAXPIDS]; /* Ugly !!! */ /* added by
OH */
static int Ucrit_MaxPid=0;/* added by OH */
static unsigned intUcrit_IsActive = 0;/* added by OH */
@@ -46,24 +46,23 @@
static intlocks_only = 0;/* Added by RJS */
static BOOL processes_only=False;
static int show_brl;
+static BOOL numeric_only = False;
const char *username = NULL;
/* added by OH */
-static void Ucrit_addUsername(const char *user_name)
+static void Ucrit_addUid(uid_t uid)
{
- pstrcpy(Ucrit_username, user_name);
-
- if ( strlen(Ucrit_username) 0 )
- Ucrit_IsActive = 1;
+ Ucrit_uid = uid;
+ Ucrit_IsActive = 1;
}
-static unsigned int Ucrit_checkUsername(const char *user_name)
+static unsigned int Ucrit_checkUid(uid_t uid)
{
if ( !Ucrit_IsActive )
return 1;
- if ( strcmp(Ucrit_username,user_name) == 0 )
+ if ( uid == Ucrit_uid )
return 1;
return 0;
@@ -91,7 +90,7 @@
if ( Ucrit_MaxPid = SMB_MAXPIDS ) {
d_printf(ERROR: More than %d pids for user %s!\n,
- SMB_MAXPIDS, Ucrit_username);
+SMB_MAXPIDS, uidtoname(Ucrit_uid));
return False;
}
@@ -538,7 +537,7 @@
if (crec.cnum == -1)
return 0;
- if (!process_exists(crec.pid) ||
!Ucrit_checkUsername(uidtoname(crec.uid))) {
+ if (!process_exists(crec.pid) || !Ucrit_checkUid(crec.uid)) {
return 0;
}
@@ -553,21 +552,27 @@
static int traverse_sessionid(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf,
void *state)
{
struct sessionid sessionid;
+ fstring uid_str, gid_str;
if (dbuf.dsize != sizeof(sessionid))
return 0;
memcpy(sessionid, dbuf.dptr, sizeof(sessionid));
- if (!process_exists(sessionid.pid) ||
!Ucrit_checkUsername(uidtoname(sessionid.uid))) {
+ if (!process_exists(sessionid.pid) || !Ucrit_checkUid(sessionid.uid)) {
return 0;
}
Ucrit_addPid( sessionid.pid );
+ fstr_sprintf(uid_str, %d, sessionid.uid);
+ fstr_sprintf(gid_str, %d, sessionid.gid);
+
d_printf(%5d %-12s %-12s %-12s (%s)\n,
- (int)sessionid.pid, uidtoname(sessionid.uid),
gidtoname(sessionid.gid),
- sessionid.remote_machine, sessionid.hostname);
+(int)sessionid.pid,
+numeric_only ? uid_str : uidtoname(sessionid.uid),
+numeric_only ? gid_str : gidtoname(sessionid.gid),
+sessionid.remote_machine, sessionid.hostname);
return 0;
}
@@ -594,6 +599,7 @@
{profile, 'P', POPT_ARG_NONE, profile_only, 'P', Do
profiling },
#endif /* WITH_PROFILE */
{byterange, 'B', POPT_ARG_NONE, show_brl, 'B',
Include byte range locks},
+ {numeric, 'n', POPT_ARG_NONE, numeric_only, 'n',
Numeric uid/gid},
POPT_COMMON_SAMBA
POPT_TABLEEND
};
@@ -613,7 +619,7 @@
while ((c = poptGetNextOpt(pc)) != -1) {
switch (c) {
case 'u':
- Ucrit_addUsername(poptGetOptArg(pc));
+ Ucrit_addUid(nametouid(poptGetOptArg(pc)));
break;
}
}
@@ -625,7 +631,7 @@
show_shares= !(processes_only || locks_only || profile_only) ||
shares_only;
if ( username )
- Ucrit_addUsername( username );
+ Ucrit_addUid( nametouid(username) );
if (verbose) {
d_printf(using configfile = %s\n, dyn_CONFIGFILE);
svn commit: samba r4249 - in trunk/source/utils: .
Author: vlendec
Date: 2004-12-17 08:52:36 + (Fri, 17 Dec 2004)
New Revision: 4249
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4249
Log:
Implement smbstatus -n, don't lookup users and groups. On heavily loaded
winbind systems, looking up hundreds of users can turn out to be a bit too
expensive if you just want to find out which smbd handles a particular IP
address.
Volker
P.S: Who is OH? ;-)
Modified:
trunk/source/utils/status.c
Changeset:
Modified: trunk/source/utils/status.c
===
--- trunk/source/utils/status.c 2004-12-17 08:51:23 UTC (rev 4248)
+++ trunk/source/utils/status.c 2004-12-17 08:52:36 UTC (rev 4249)
@@ -36,7 +36,7 @@
#include includes.h
#define SMB_MAXPIDS2048
-static pstring Ucrit_username = ; /* added by
OH */
+static uid_t Ucrit_uid = 0; /* added by OH */
static pid_t Ucrit_pid[SMB_MAXPIDS]; /* Ugly !!! */ /* added by
OH */
static int Ucrit_MaxPid=0;/* added by OH */
static unsigned intUcrit_IsActive = 0;/* added by OH */
@@ -46,24 +46,23 @@
static intlocks_only = 0;/* Added by RJS */
static BOOL processes_only=False;
static int show_brl;
+static BOOL numeric_only = False;
const char *username = NULL;
/* added by OH */
-static void Ucrit_addUsername(const char *user_name)
+static void Ucrit_addUid(uid_t uid)
{
- pstrcpy(Ucrit_username, user_name);
-
- if ( strlen(Ucrit_username) 0 )
- Ucrit_IsActive = 1;
+ Ucrit_uid = uid;
+ Ucrit_IsActive = 1;
}
-static unsigned int Ucrit_checkUsername(const char *user_name)
+static unsigned int Ucrit_checkUid(uid_t uid)
{
if ( !Ucrit_IsActive )
return 1;
- if ( strcmp(Ucrit_username,user_name) == 0 )
+ if ( uid == Ucrit_uid )
return 1;
return 0;
@@ -91,7 +90,7 @@
if ( Ucrit_MaxPid = SMB_MAXPIDS ) {
d_printf(ERROR: More than %d pids for user %s!\n,
- SMB_MAXPIDS, Ucrit_username);
+SMB_MAXPIDS, uidtoname(Ucrit_uid));
return False;
}
@@ -538,7 +537,7 @@
if (crec.cnum == -1)
return 0;
- if (!process_exists(crec.pid) ||
!Ucrit_checkUsername(uidtoname(crec.uid))) {
+ if (!process_exists(crec.pid) || !Ucrit_checkUid(crec.uid)) {
return 0;
}
@@ -553,21 +552,27 @@
static int traverse_sessionid(TDB_CONTEXT *tdb, TDB_DATA kbuf, TDB_DATA dbuf,
void *state)
{
struct sessionid sessionid;
+ fstring uid_str, gid_str;
if (dbuf.dsize != sizeof(sessionid))
return 0;
memcpy(sessionid, dbuf.dptr, sizeof(sessionid));
- if (!process_exists(sessionid.pid) ||
!Ucrit_checkUsername(uidtoname(sessionid.uid))) {
+ if (!process_exists(sessionid.pid) || !Ucrit_checkUid(sessionid.uid)) {
return 0;
}
Ucrit_addPid( sessionid.pid );
+ fstr_sprintf(uid_str, %d, sessionid.uid);
+ fstr_sprintf(gid_str, %d, sessionid.gid);
+
d_printf(%5d %-12s %-12s %-12s (%s)\n,
- (int)sessionid.pid, uidtoname(sessionid.uid),
gidtoname(sessionid.gid),
- sessionid.remote_machine, sessionid.hostname);
+(int)sessionid.pid,
+numeric_only ? uid_str : uidtoname(sessionid.uid),
+numeric_only ? gid_str : gidtoname(sessionid.gid),
+sessionid.remote_machine, sessionid.hostname);
return 0;
}
@@ -594,6 +599,7 @@
{profile, 'P', POPT_ARG_NONE, profile_only, 'P', Do
profiling },
#endif /* WITH_PROFILE */
{byterange, 'B', POPT_ARG_NONE, show_brl, 'B',
Include byte range locks},
+ {numeric, 'n', POPT_ARG_NONE, numeric_only, 'n',
Numeric uid/gid},
POPT_COMMON_SAMBA
POPT_TABLEEND
};
@@ -613,7 +619,7 @@
while ((c = poptGetNextOpt(pc)) != -1) {
switch (c) {
case 'u':
- Ucrit_addUsername(poptGetOptArg(pc));
+ Ucrit_addUid(nametouid(poptGetOptArg(pc)));
break;
}
}
@@ -625,7 +631,7 @@
show_shares= !(processes_only || locks_only || profile_only) ||
shares_only;
if ( username )
- Ucrit_addUsername( username );
+ Ucrit_addUid( nametouid(username) );
if (verbose) {
d_printf(using configfile = %s\n, dyn_CONFIGFILE);
svn commit: samba r4250 - in trunk/source/modules: .
Author: vlendec
Date: 2004-12-17 09:05:27 + (Fri, 17 Dec 2004)
New Revision: 4250
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4250
Log:
AFS does not cope with spaces in file names. Implement a stupid mapping that
maps the space to another character choosable by afsacl:space.
Volker
P.S: Who is OH? ;-)
Modified:
trunk/source/modules/vfs_afsacl.c
Changeset:
Modified: trunk/source/modules/vfs_afsacl.c
===
--- trunk/source/modules/vfs_afsacl.c 2004-12-17 08:52:36 UTC (rev 4249)
+++ trunk/source/modules/vfs_afsacl.c 2004-12-17 09:05:27 UTC (rev 4250)
@@ -37,6 +37,8 @@
extern DOM_SID global_sid_Authenticated_Users;
extern DOM_SID global_sid_NULL;
+static char space_replacement = '%';
+
extern int afs_syscall(int, char *, int, char *, int);
struct afs_ace {
@@ -260,10 +262,12 @@
for (aces = nplus+nminus; aces 0; aces--)
{
- const char *name;
+ const char *namep;
+ fstring name;
uint32 rights;
+ char *space;
- name = p;
+ namep = p;
if ((p = strchr(p, '\t')) == NULL)
return False;
@@ -277,6 +281,11 @@
return False;
p += 1;
+ fstrcpy(name, namep);
+
+ while ((space = strchr_m(name, space_replacement)) != NULL)
+ *space = ' ';
+
add_afs_ace(acl, nplus0, name, rights);
nplus -= 1;
@@ -709,6 +718,7 @@
fstring dom_name;
fstring name;
enum SID_NAME_USE name_type;
+ char *p;
if (ace-type != SEC_ACE_TYPE_ACCESS_ALLOWED) {
/* First cut: Only positive ACEs */
@@ -763,6 +773,9 @@
}
}
+ while ((p = strchr_m(name, ' ')) != NULL)
+ *p = space_replacement;
+
add_afs_ace(afs_acl, True, name,
nt_to_afs_rights(filename, ace));
}
@@ -982,9 +995,26 @@
return afs_set_nt_acl(handle, fsp, security_info_sent, psd);
}
+static int afsacl_connect(vfs_handle_struct *handle,
+ connection_struct *conn,
+ const char *service,
+ const char *user)
+{
+ char *spc;
+
+ spc = lp_parm_const_string(SNUM(handle-conn), afsacl, space, %);
+
+ if (spc != NULL)
+ space_replacement = spc[0];
+
+ return SMB_VFS_NEXT_CONNECT(handle, conn, service, user);
+}
+
/* VFS operations structure */
static vfs_op_tuple afsacl_ops[] = {
+ {SMB_VFS_OP(afsacl_connect), SMB_VFS_OP_CONNECT,
+SMB_VFS_LAYER_TRANSPARENT},
{SMB_VFS_OP(afsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
SMB_VFS_LAYER_TRANSPARENT},
{SMB_VFS_OP(afsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
svn commit: samba r4251 - in branches/SAMBA_3_0/source/modules: .
Author: vlendec
Date: 2004-12-17 09:05:41 + (Fri, 17 Dec 2004)
New Revision: 4251
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4251
Log:
AFS does not cope with spaces in file names. Implement a stupid mapping that
maps the space to another character choosable by afsacl:space.
Volker
P.S: Who is OH? ;-)
Modified:
branches/SAMBA_3_0/source/modules/vfs_afsacl.c
Changeset:
Modified: branches/SAMBA_3_0/source/modules/vfs_afsacl.c
===
--- branches/SAMBA_3_0/source/modules/vfs_afsacl.c 2004-12-17 09:05:27 UTC
(rev 4250)
+++ branches/SAMBA_3_0/source/modules/vfs_afsacl.c 2004-12-17 09:05:41 UTC
(rev 4251)
@@ -37,6 +37,8 @@
extern DOM_SID global_sid_Authenticated_Users;
extern DOM_SID global_sid_NULL;
+static char space_replacement = '%';
+
extern int afs_syscall(int, char *, int, char *, int);
struct afs_ace {
@@ -260,10 +262,12 @@
for (aces = nplus+nminus; aces 0; aces--)
{
- const char *name;
+ const char *namep;
+ fstring name;
uint32 rights;
+ char *space;
- name = p;
+ namep = p;
if ((p = strchr(p, '\t')) == NULL)
return False;
@@ -277,6 +281,11 @@
return False;
p += 1;
+ fstrcpy(name, namep);
+
+ while ((space = strchr_m(name, space_replacement)) != NULL)
+ *space = ' ';
+
add_afs_ace(acl, nplus0, name, rights);
nplus -= 1;
@@ -709,6 +718,7 @@
fstring dom_name;
fstring name;
enum SID_NAME_USE name_type;
+ char *p;
if (ace-type != SEC_ACE_TYPE_ACCESS_ALLOWED) {
/* First cut: Only positive ACEs */
@@ -763,6 +773,9 @@
}
}
+ while ((p = strchr_m(name, ' ')) != NULL)
+ *p = space_replacement;
+
add_afs_ace(afs_acl, True, name,
nt_to_afs_rights(filename, ace));
}
@@ -982,9 +995,26 @@
return afs_set_nt_acl(handle, fsp, security_info_sent, psd);
}
+static int afsacl_connect(vfs_handle_struct *handle,
+ connection_struct *conn,
+ const char *service,
+ const char *user)
+{
+ char *spc;
+
+ spc = lp_parm_const_string(SNUM(handle-conn), afsacl, space, %);
+
+ if (spc != NULL)
+ space_replacement = spc[0];
+
+ return SMB_VFS_NEXT_CONNECT(handle, conn, service, user);
+}
+
/* VFS operations structure */
static vfs_op_tuple afsacl_ops[] = {
+ {SMB_VFS_OP(afsacl_connect), SMB_VFS_OP_CONNECT,
+SMB_VFS_LAYER_TRANSPARENT},
{SMB_VFS_OP(afsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
SMB_VFS_LAYER_TRANSPARENT},
{SMB_VFS_OP(afsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
svn commit: samba r4252 - in branches/SAMBA_3_0/source/lib: .
Author: vlendec Date: 2004-12-17 09:35:54 + (Fri, 17 Dec 2004) New Revision: 4252 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4252 Log: Comment clarification from Love H?\195?\182rnquist ?\195?\133strand [EMAIL PROTECTED]. Thanks, Volker Modified: branches/SAMBA_3_0/source/lib/afs.c Changeset: Modified: branches/SAMBA_3_0/source/lib/afs.c === --- branches/SAMBA_3_0/source/lib/afs.c 2004-12-17 09:05:41 UTC (rev 4251) +++ branches/SAMBA_3_0/source/lib/afs.c 2004-12-17 09:35:54 UTC (rev 4252) @@ -124,9 +124,13 @@ p += 8; - /* Ticket lifetime. We fake everything here, so go as long as - possible. This is in 5-minute intervals, so 255 is 21 hours - and 15 minutes.*/ + /* This is a kerberos 4 life time. The life time is expressed +* in units of 5 minute intervals up to 38400 seconds, after +* that a table is used up to lifetime 0xBF. Values between +* 0xC0 and 0xFF is undefined. 0xFF is defined to be the +* infinite time that never expire. +* +* So here we cheat and use the infinite time */ *p = 255; p += 1;
svn commit: samba r4253 - in trunk/source/lib: .
Author: vlendec Date: 2004-12-17 09:36:12 + (Fri, 17 Dec 2004) New Revision: 4253 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4253 Log: Comment clarification from Love H?\195?\182rnquist ?\195?\133strand [EMAIL PROTECTED]. Thanks, Volker Modified: trunk/source/lib/afs.c Changeset: Modified: trunk/source/lib/afs.c === --- trunk/source/lib/afs.c 2004-12-17 09:35:54 UTC (rev 4252) +++ trunk/source/lib/afs.c 2004-12-17 09:36:12 UTC (rev 4253) @@ -124,9 +124,13 @@ p += 8; - /* Ticket lifetime. We fake everything here, so go as long as - possible. This is in 5-minute intervals, so 255 is 21 hours - and 15 minutes.*/ + /* This is a kerberos 4 life time. The life time is expressed +* in units of 5 minute intervals up to 38400 seconds, after +* that a table is used up to lifetime 0xBF. Values between +* 0xC0 and 0xFF is undefined. 0xFF is defined to be the +* infinite time that never expire. +* +* So here we cheat and use the infinite time */ *p = 255; p += 1;
svn commit: samba r4254 - in branches/SAMBA_3_0/source/utils: .
Author: vlendec
Date: 2004-12-17 10:20:53 + (Fri, 17 Dec 2004)
New Revision: 4254
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4254
Log:
Add an undocumented hack. I had to delete a wrong mapping (a user that had
ended up as a gid in winbindd_idmap.tdb) from winbindd_idmap.tdb. Stopping
winbind was not an option on that machine
net idmap delete idmap-file SID
Thanks,
Volker
Modified:
branches/SAMBA_3_0/source/utils/net_idmap.c
Changeset:
Modified: branches/SAMBA_3_0/source/utils/net_idmap.c
===
--- branches/SAMBA_3_0/source/utils/net_idmap.c 2004-12-17 09:36:12 UTC (rev
4253)
+++ branches/SAMBA_3_0/source/utils/net_idmap.c 2004-12-17 10:20:53 UTC (rev
4254)
@@ -235,6 +235,57 @@
return NT_STATUS_IS_OK(net_idmap_fixup_hwm()) ? 0 : -1;
}
+/***
+ Delete a SID mapping from a winbindd_idmap.tdb
+ **/
+static int net_idmap_delete(int argc, const char **argv)
+{
+ TDB_CONTEXT *idmap_tdb;
+ TDB_DATA key, data;
+ fstring sid;
+
+ if (argc != 2)
+ return net_help_idmap(argc, argv);
+
+ idmap_tdb = tdb_open_log(argv[0], 0, TDB_DEFAULT, O_RDWR, 0);
+
+ if (idmap_tdb == NULL) {
+ d_printf(Could not open idmap: %s\n, argv[0]);
+ return -1;
+ }
+
+ fstrcpy(sid, argv[1]);
+
+ if (strncmp(sid, S-1-5-, strlen(S-1-5-)) != 0) {
+ d_printf(Can only delete SIDs, %s is does not start with
+S-1-5-\n, sid);
+ return -1;
+ }
+
+ key.dptr = sid;
+ key.dsize = strlen(key.dptr)+1;
+
+ data = tdb_fetch(idmap_tdb, key);
+
+ if (data.dptr == NULL) {
+ d_printf(Could not find sid %s\n, argv[1]);
+ return -1;
+ }
+
+ if (tdb_delete(idmap_tdb, key) != 0) {
+ d_printf(Could not delete key %s\n, argv[1]);
+ return -1;
+ }
+
+ if (tdb_delete(idmap_tdb, data) != 0) {
+ d_printf(Could not delete key %s\n, data.dptr);
+ return -1;
+ }
+
+ return 0;
+}
+
+
int net_help_idmap(int argc, const char **argv)
{
d_printf(net idmap dump filename\
@@ -243,6 +294,8 @@
d_printf(net idmap restore\
\n Restore entries from stdin to current local idmap\n);
+ /* Deliberately *not* document net idmap delete */
+
return -1;
}
@@ -254,6 +307,7 @@
struct functable func[] = {
{dump, net_idmap_dump},
{restore, net_idmap_restore},
+ {delete, net_idmap_delete},
{help, net_help_idmap},
{NULL, NULL}
};
svn commit: samba r4255 - in trunk/source/utils: .
Author: vlendec
Date: 2004-12-17 10:22:34 + (Fri, 17 Dec 2004)
New Revision: 4255
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4255
Log:
Add an undocumented hack. I had to delete a wrong mapping (a user that had
ended up as a gid in winbindd_idmap.tdb) from winbindd_idmap.tdb. Stopping
winbind was not an option on that machine
net idmap delete idmap-file SID
Thanks,
Volker
Modified:
trunk/source/utils/net_idmap.c
Changeset:
Modified: trunk/source/utils/net_idmap.c
===
--- trunk/source/utils/net_idmap.c 2004-12-17 10:20:53 UTC (rev 4254)
+++ trunk/source/utils/net_idmap.c 2004-12-17 10:22:34 UTC (rev 4255)
@@ -235,6 +235,57 @@
return NT_STATUS_IS_OK(net_idmap_fixup_hwm()) ? 0 : -1;
}
+/***
+ Delete a SID mapping from a winbindd_idmap.tdb
+ **/
+static int net_idmap_delete(int argc, const char **argv)
+{
+ TDB_CONTEXT *idmap_tdb;
+ TDB_DATA key, data;
+ fstring sid;
+
+ if (argc != 2)
+ return net_help_idmap(argc, argv);
+
+ idmap_tdb = tdb_open_log(argv[0], 0, TDB_DEFAULT, O_RDWR, 0);
+
+ if (idmap_tdb == NULL) {
+ d_printf(Could not open idmap: %s\n, argv[0]);
+ return -1;
+ }
+
+ fstrcpy(sid, argv[1]);
+
+ if (strncmp(sid, S-1-5-, strlen(S-1-5-)) != 0) {
+ d_printf(Can only delete SIDs, %s is does not start with
+S-1-5-\n, sid);
+ return -1;
+ }
+
+ key.dptr = sid;
+ key.dsize = strlen(key.dptr)+1;
+
+ data = tdb_fetch(idmap_tdb, key);
+
+ if (data.dptr == NULL) {
+ d_printf(Could not find sid %s\n, argv[1]);
+ return -1;
+ }
+
+ if (tdb_delete(idmap_tdb, key) != 0) {
+ d_printf(Could not delete key %s\n, argv[1]);
+ return -1;
+ }
+
+ if (tdb_delete(idmap_tdb, data) != 0) {
+ d_printf(Could not delete key %s\n, data.dptr);
+ return -1;
+ }
+
+ return 0;
+}
+
+
int net_help_idmap(int argc, const char **argv)
{
d_printf(net idmap dump filename\
@@ -243,6 +294,8 @@
d_printf(net idmap restore\
\n Restore entries from stdin to current local idmap\n);
+ /* Deliberately *not* document net idmap delete */
+
return -1;
}
@@ -254,6 +307,7 @@
struct functable func[] = {
{dump, net_idmap_dump},
{restore, net_idmap_restore},
+ {delete, net_idmap_delete},
{help, net_help_idmap},
{NULL, NULL}
};
svn commit: samba r4256 - in branches/SAMBA_3_0/source: lib param
Author: vlendec
Date: 2004-12-17 11:42:10 + (Fri, 17 Dec 2004)
New Revision: 4256
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4256
Log:
Add a patch from [EMAIL PROTECTED]: New Parameter 'afs token lifetime' tells the
AFS client when to throw away a token.
Thanks,
Volker
Modified:
branches/SAMBA_3_0/source/lib/afs.c
branches/SAMBA_3_0/source/param/loadparm.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/afs.c
===
--- branches/SAMBA_3_0/source/lib/afs.c 2004-12-17 10:22:34 UTC (rev 4255)
+++ branches/SAMBA_3_0/source/lib/afs.c 2004-12-17 11:42:10 UTC (rev 4256)
@@ -139,7 +139,11 @@
SIVAL(p, 0, now);
ct-BeginTimestamp = now;
- ct-EndTimestamp = now + (255*60*5);
+ if(lp_afs_token_lifetime() == 0)
+ ct-EndTimestamp = NEVERDATE;
+ else
+ ct-EndTimestamp = now + lp_afs_token_lifetime();
+
if (((ct-EndTimestamp - ct-BeginTimestamp) 1) == 1) {
ct-BeginTimestamp += 1; /* Lifetime must be even */
}
Modified: branches/SAMBA_3_0/source/param/loadparm.c
===
--- branches/SAMBA_3_0/source/param/loadparm.c 2004-12-17 10:22:34 UTC (rev
4255)
+++ branches/SAMBA_3_0/source/param/loadparm.c 2004-12-17 11:42:10 UTC (rev
4256)
@@ -127,6 +127,7 @@
char *szSocketOptions;
char *szRealm;
char *szAfsUsernameMap;
+ int iAfsTokenLifetime;
char *szUsernameMap;
char *szLogonScript;
char *szLogonPath;
@@ -1125,6 +1126,7 @@
{socket address, P_STRING, P_GLOBAL, Globals.szSocketAddress, NULL,
NULL, FLAG_ADVANCED},
{homedir map, P_STRING, P_GLOBAL, Globals.szNISHomeMapName, NULL,
NULL, FLAG_ADVANCED},
{afs username map, P_STRING, P_GLOBAL, Globals.szAfsUsernameMap,
NULL, NULL, FLAG_ADVANCED},
+ {afs token lifetime, P_INTEGER, P_GLOBAL, Globals.iAfsTokenLifetime,
NULL, NULL, FLAG_ADVANCED},
{time offset, P_INTEGER, P_GLOBAL, extra_time_offset, NULL, NULL,
FLAG_ADVANCED},
{NIS homedir, P_BOOL, P_GLOBAL, Globals.bNISHomeMap, NULL, NULL,
FLAG_ADVANCED},
{-valid, P_BOOL, P_LOCAL, sDefault.valid, NULL, NULL, FLAG_HIDE},
@@ -1474,6 +1476,11 @@
Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT;
+ /* This is what we tell the afs client. in reality we set the token
+* to never expire, though, when this runs out the afs client will
+* forget the token. Set to 0 to get NEVERDATE.*/
+ Globals.iAfsTokenLifetime = 604800;
+
/* these parameters are set to defaults that are more appropriate
for the increasing samba install base:
@@ -1647,6 +1654,7 @@
FN_GLOBAL_STRING(lp_name_resolve_order, Globals.szNameResolveOrder)
FN_GLOBAL_STRING(lp_realm, Globals.szRealm)
FN_GLOBAL_CONST_STRING(lp_afs_username_map, Globals.szAfsUsernameMap)
+FN_GLOBAL_INTEGER(lp_afs_token_lifetime, Globals.iAfsTokenLifetime)
FN_GLOBAL_STRING(lp_username_map, Globals.szUsernameMap)
FN_GLOBAL_CONST_STRING(lp_logon_script, Globals.szLogonScript)
FN_GLOBAL_CONST_STRING(lp_logon_path, Globals.szLogonPath)
svn commit: samba r4257 - in trunk/source: lib param
Author: vlendec
Date: 2004-12-17 11:42:48 + (Fri, 17 Dec 2004)
New Revision: 4257
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4257
Log:
Add a patch from [EMAIL PROTECTED]: New Parameter 'afs token lifetime' tells the
AFS client when to throw away a token.
Thanks,
Volker
Modified:
trunk/source/lib/afs.c
trunk/source/param/loadparm.c
Changeset:
Modified: trunk/source/lib/afs.c
===
--- trunk/source/lib/afs.c 2004-12-17 11:42:10 UTC (rev 4256)
+++ trunk/source/lib/afs.c 2004-12-17 11:42:48 UTC (rev 4257)
@@ -139,7 +139,11 @@
SIVAL(p, 0, now);
ct-BeginTimestamp = now;
- ct-EndTimestamp = now + (255*60*5);
+ if(lp_afs_token_lifetime() == 0)
+ ct-EndTimestamp = NEVERDATE;
+ else
+ ct-EndTimestamp = now + lp_afs_token_lifetime();
+
if (((ct-EndTimestamp - ct-BeginTimestamp) 1) == 1) {
ct-BeginTimestamp += 1; /* Lifetime must be even */
}
Modified: trunk/source/param/loadparm.c
===
--- trunk/source/param/loadparm.c 2004-12-17 11:42:10 UTC (rev 4256)
+++ trunk/source/param/loadparm.c 2004-12-17 11:42:48 UTC (rev 4257)
@@ -129,6 +129,7 @@
char *szSocketOptions;
char *szRealm;
char *szAfsUsernameMap;
+ int iAfsTokenLifetime;
char *szUsernameMap;
char *szLogonScript;
char *szLogonPath;
@@ -1130,6 +1131,7 @@
{socket address, P_STRING, P_GLOBAL, Globals.szSocketAddress, NULL,
NULL, FLAG_ADVANCED},
{homedir map, P_STRING, P_GLOBAL, Globals.szNISHomeMapName, NULL,
NULL, FLAG_ADVANCED},
{afs username map, P_STRING, P_GLOBAL, Globals.szAfsUsernameMap,
NULL, NULL, FLAG_ADVANCED},
+ {afs token lifetime, P_INTEGER, P_GLOBAL, Globals.iAfsTokenLifetime,
NULL, NULL, FLAG_ADVANCED},
{time offset, P_INTEGER, P_GLOBAL, extra_time_offset, NULL, NULL,
FLAG_ADVANCED},
{NIS homedir, P_BOOL, P_GLOBAL, Globals.bNISHomeMap, NULL, NULL,
FLAG_ADVANCED},
{-valid, P_BOOL, P_LOCAL, sDefault.valid, NULL, NULL, FLAG_HIDE},
@@ -1483,6 +1485,11 @@
Globals.ldap_replication_sleep = 1000; /* wait 1 sec for replication */
Globals.ldap_timeout = LDAP_CONNECT_DEFAULT_TIMEOUT;
+ /* This is what we tell the afs client. in reality we set the token
+* to never expire, though, when this runs out the afs client will
+* forget the token. Set to 0 to get NEVERDATE.*/
+ Globals.iAfsTokenLifetime = 604800;
+
/* these parameters are set to defaults that are more appropriate
for the increasing samba install base:
@@ -1658,6 +1665,7 @@
FN_GLOBAL_STRING(lp_name_resolve_order, Globals.szNameResolveOrder)
FN_GLOBAL_STRING(lp_realm, Globals.szRealm)
FN_GLOBAL_CONST_STRING(lp_afs_username_map, Globals.szAfsUsernameMap)
+FN_GLOBAL_INTEGER(lp_afs_token_lifetime, Globals.iAfsTokenLifetime)
FN_GLOBAL_STRING(lp_username_map, Globals.szUsernameMap)
FN_GLOBAL_CONST_STRING(lp_logon_script, Globals.szLogonScript)
FN_GLOBAL_CONST_STRING(lp_logon_path, Globals.szLogonPath)
svn commit: samba r4258 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd
Date: 2004-12-17 13:14:22 + (Fri, 17 Dec 2004)
New Revision: 4258
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4258
Log:
strlower username, not (non-existing) domain_username.
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
trunk/source/nsswitch/winbindd_util.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_util.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2004-12-17 11:42:48 UTC
(rev 4257)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_util.c 2004-12-17 13:14:22 UTC
(rev 4258)
@@ -641,7 +641,7 @@
*/
void fill_domain_username(fstring name, const char *domain, const char *user)
{
- strlower_m( name );
+ strlower_m( user );
if (assume_domain(domain)) {
strlcpy(name, user, sizeof(fstring));
Modified: trunk/source/nsswitch/winbindd_util.c
===
--- trunk/source/nsswitch/winbindd_util.c 2004-12-17 11:42:48 UTC (rev
4257)
+++ trunk/source/nsswitch/winbindd_util.c 2004-12-17 13:14:22 UTC (rev
4258)
@@ -648,7 +648,7 @@
*/
void fill_domain_username(fstring name, const char *domain, const char *user)
{
- strlower_m( name );
+ strlower_m( user );
if (assume_domain(domain)) {
strlcpy(name, user, sizeof(fstring));
svn commit: samba-web r476 - in trunk/news/users: .
Author: deryck Date: 2004-12-17 18:38:17 + (Fri, 17 Dec 2004) New Revision: 476 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=476 Log: Adding a submitted testimonial piece about Babel Media to news.samba.org. --deryck Added: trunk/news/users/babelmedia_converts.html Changeset: Added: trunk/news/users/babelmedia_converts.html === --- trunk/news/users/babelmedia_converts.html 2004-12-17 05:40:26 UTC (rev 475) +++ trunk/news/users/babelmedia_converts.html 2004-12-17 18:38:17 UTC (rev 476) @@ -0,0 +1,23 @@ +h3a name=babelmedia_convertsTestimonial: Samba Is Good for Gaming/a/h3 + +div class=article +/pAlan Horkan, Systems Manager at a href=http://www.babelmedia.com/; +babelmedia.com/a writes:/p + +blockquote +pBabelmedia is a specialist software test/development +house providing services to the computer games industry for console, +PC, mobile, TV games developers. We specialise in QA and localisation +and have test facilities in UK, US and India./p + +pI recently have taken on a mission to migrate as many services away +from Microsoft technology after realising that the word dependency is +too vital to operating a successful Microsoft environment. We have +now been using SAMBA on one of our file servers in AD mode +for three months with no regrets. Its faster and more reliable than its +Windows counterparts. I have no hesitation now to use SAMBA for file +serving to any platform./p +/blockquote +/div + +
svn commit: samba-web r477 - in trunk/news/users: .
Author: deryck Date: 2004-12-17 18:39:51 + (Fri, 17 Dec 2004) New Revision: 477 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=477 Log: Fixing a tag goof. Modified: trunk/news/users/babelmedia_converts.html Changeset: Modified: trunk/news/users/babelmedia_converts.html === --- trunk/news/users/babelmedia_converts.html 2004-12-17 18:38:17 UTC (rev 476) +++ trunk/news/users/babelmedia_converts.html 2004-12-17 18:39:51 UTC (rev 477) @@ -1,7 +1,7 @@ h3a name=babelmedia_convertsTestimonial: Samba Is Good for Gaming/a/h3 div class=article -/pAlan Horkan, Systems Manager at a href=http://www.babelmedia.com/; +pAlan Horkan, Systems Manager at a href=http://www.babelmedia.com/; babelmedia.com/a writes:/p blockquote
svn commit: samba-web r478 - in trunk/news/users: .
Author: deryck Date: 2004-12-17 19:37:49 + (Fri, 17 Dec 2004) New Revision: 478 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=478 Log: Adding the standard call for testimonials I forgot. --deryck Modified: trunk/news/users/babelmedia_converts.html Changeset: Modified: trunk/news/users/babelmedia_converts.html === --- trunk/news/users/babelmedia_converts.html 2004-12-17 18:39:51 UTC (rev 477) +++ trunk/news/users/babelmedia_converts.html 2004-12-17 19:37:49 UTC (rev 478) @@ -18,6 +18,11 @@ Windows counterparts. I have no hesitation now to use SAMBA for file serving to any platform./p /blockquote + +p class=creditIf you have a testimonial about your experience with +Samba, please go to our a href=http://news.samba.org/submit.html;story +submission form/a and let us hear from you./p + /div
svn commit: samba r4259 - branches/SAMBA_3_0/source/utils trunk/source/utils
Author: tpot Date: 2004-12-17 21:59:47 + (Fri, 17 Dec 2004) New Revision: 4259 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4259 Log: Fix cast in SMB_XMALLOC_ARRAY. Bugzilla #2168. Modified: branches/SAMBA_3_0/source/utils/ntlm_auth.c trunk/source/utils/ntlm_auth.c Changeset: Modified: branches/SAMBA_3_0/source/utils/ntlm_auth.c === --- branches/SAMBA_3_0/source/utils/ntlm_auth.c 2004-12-17 13:14:22 UTC (rev 4258) +++ branches/SAMBA_3_0/source/utils/ntlm_auth.c 2004-12-17 21:59:47 UTC (rev 4259) @@ -753,7 +753,7 @@ /* Server negTokenInit (mech offerings) */ spnego.type = SPNEGO_NEG_TOKEN_INIT; - spnego.negTokenInit.mechTypes = SMB_XMALLOC_ARRAY(char *, 3); + spnego.negTokenInit.mechTypes = SMB_XMALLOC_ARRAY(const char *, 3); #ifdef HAVE_KRB5 spnego.negTokenInit.mechTypes[0] = smb_xstrdup(OID_KERBEROS5_OLD); spnego.negTokenInit.mechTypes[1] = smb_xstrdup(OID_NTLMSSP); Modified: trunk/source/utils/ntlm_auth.c === --- trunk/source/utils/ntlm_auth.c 2004-12-17 13:14:22 UTC (rev 4258) +++ trunk/source/utils/ntlm_auth.c 2004-12-17 21:59:47 UTC (rev 4259) @@ -753,7 +753,7 @@ /* Server negTokenInit (mech offerings) */ spnego.type = SPNEGO_NEG_TOKEN_INIT; - spnego.negTokenInit.mechTypes = SMB_XMALLOC_ARRAY(char *, 3); + spnego.negTokenInit.mechTypes = SMB_XMALLOC_ARRAY(const char *, 3); #ifdef HAVE_KRB5 spnego.negTokenInit.mechTypes[0] = smb_xstrdup(OID_KERBEROS5_OLD); spnego.negTokenInit.mechTypes[1] = smb_xstrdup(OID_NTLMSSP);
svn commit: samba r4260 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: tpot Date: 2004-12-17 22:16:30 + (Fri, 17 Dec 2004) New Revision: 4260 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4260 Log: Change the license for the winbindd external interface more liberal. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h trunk/source/nsswitch/winbindd_nss.h Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h === --- branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2004-12-17 21:59:47 UTC (rev 4259) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_nss.h 2004-12-17 22:16:30 UTC (rev 4260) @@ -5,20 +5,9 @@ Copyright (C) Tim Potter 2000 - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. + You are free to use this interface definition in any way you see + fit, including without restriction, using this header in your own + products. You do not need to give any attribution. */ #ifndef SAFE_FREE Modified: trunk/source/nsswitch/winbindd_nss.h === --- trunk/source/nsswitch/winbindd_nss.h2004-12-17 21:59:47 UTC (rev 4259) +++ trunk/source/nsswitch/winbindd_nss.h2004-12-17 22:16:30 UTC (rev 4260) @@ -5,20 +5,9 @@ Copyright (C) Tim Potter 2000 - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. + You are free to use this interface definition in any way you see + fit, including without restriction, using this header in your own + products. You do not need to give any attribution. */ #ifndef SAFE_FREE
svn commit: samba r4261 - in branches/SAMBA_4_0/source: include libcli/raw ntvfs/posix smb_server torture
Author: tridge Date: 2004-12-17 22:47:49 + (Fri, 17 Dec 2004) New Revision: 4261 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4261 Log: added the RAW_FILEINFO_EA_LIST trans2 qfileinfo and qpathinfo level. Interestingly, this level did now show up on our trans2 scanner previously as we didn't have the FLAGS2_EXTENDED_ATTRIBUTES bit set in the client code. Now that we set that bit, new levels appear in windows servers. Modified: branches/SAMBA_4_0/source/include/smb_interfaces.h branches/SAMBA_4_0/source/include/trans2.h branches/SAMBA_4_0/source/libcli/raw/raweas.c branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c branches/SAMBA_4_0/source/smb_server/trans2.c branches/SAMBA_4_0/source/torture/torture_util.c Changeset: Sorry, the patch is too large (562 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4261
svn commit: samba r4262 - in branches/SAMBA_4_0/source: lib ntvfs/posix
Author: tridge
Date: 2004-12-18 01:16:04 + (Sat, 18 Dec 2004)
New Revision: 4262
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4262
Log:
a sniff from kukks showed that the FILE_ATTRIBUTE_NORMAL handling in
pvfs was not correct. This should fix a xcopy bug on OS/2.
Modified:
branches/SAMBA_4_0/source/lib/util_str.c
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_fileinfo.c
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_util.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/util_str.c
===
--- branches/SAMBA_4_0/source/lib/util_str.c2004-12-17 22:47:49 UTC (rev
4261)
+++ branches/SAMBA_4_0/source/lib/util_str.c2004-12-18 01:16:04 UTC (rev
4262)
@@ -1120,6 +1120,7 @@
{'A', FILE_ATTRIBUTE_ARCHIVE},
{'H', FILE_ATTRIBUTE_HIDDEN},
{'S', FILE_ATTRIBUTE_SYSTEM},
+ {'N', FILE_ATTRIBUTE_NORMAL},
{'R', FILE_ATTRIBUTE_READONLY},
{'d', FILE_ATTRIBUTE_DEVICE},
{'t', FILE_ATTRIBUTE_TEMPORARY},
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_fileinfo.c
===
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_fileinfo.c 2004-12-17
22:47:49 UTC (rev 4261)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_fileinfo.c 2004-12-18
01:16:04 UTC (rev 4262)
@@ -57,15 +57,6 @@
if (S_ISDIR(st-st_mode))
result = FILE_ATTRIBUTE_DIRECTORY | (result
FILE_ATTRIBUTE_READONLY);
- if (!(result
- (FILE_ATTRIBUTE_READONLY|
- FILE_ATTRIBUTE_ARCHIVE|
- FILE_ATTRIBUTE_SYSTEM|
- FILE_ATTRIBUTE_HIDDEN|
- FILE_ATTRIBUTE_DIRECTORY))) {
- result |= FILE_ATTRIBUTE_NORMAL;
- }
-
return result;
}
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_util.c
===
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_util.c 2004-12-17 22:47:49 UTC
(rev 4261)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_util.c 2004-12-18 01:16:04 UTC
(rev 4262)
@@ -70,9 +70,6 @@
*/
uint32_t pvfs_attrib_normalise(uint32_t attrib)
{
- if (attrib == 0) {
- attrib = FILE_ATTRIBUTE_NORMAL;
- }
if (attrib != FILE_ATTRIBUTE_NORMAL) {
attrib = ~FILE_ATTRIBUTE_NORMAL;
}
svn commit: samba r4263 - in branches/SAMBA_4_0/source: include lib libcli/raw ntvfs/posix smb_server torture/raw
Author: tridge Date: 2004-12-18 04:38:43 + (Sat, 18 Dec 2004) New Revision: 4263 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4263 Log: added support for the trans2 RAW_SEARCH_EA_LIST information level. This is quite a strange level that we've never seen before, but is used by the os2 workplace shell. note w2k screws up this level when unicode is negotiated, so it only passes the RAW-SEARCH test when you force non-unicode Modified: branches/SAMBA_4_0/source/include/smb_interfaces.h branches/SAMBA_4_0/source/include/trans2.h branches/SAMBA_4_0/source/lib/data_blob.c branches/SAMBA_4_0/source/libcli/raw/rawfileinfo.c branches/SAMBA_4_0/source/libcli/raw/rawsearch.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c branches/SAMBA_4_0/source/smb_server/trans2.c branches/SAMBA_4_0/source/torture/raw/eas.c branches/SAMBA_4_0/source/torture/raw/search.c Changeset: Sorry, the patch is too large (521 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4263
