[Samba] Secondary group problem in include statement
Hi, Scenario :- User A belongs primarily to GroupA and secondary to GroupB. Somedirectory contains GroupA.conf and GroupB.conf Have anyone got include = /somedirectory/%g.conf in smb.conf to work such that scripts in groupA.conf and groupb.conf will be executed when UserA logins? Am I using the correct syntax? If not, what is the correct syntax? I am on Debian with 3.0.10 version of samba. Thanks a lot. adrian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
Hi John, Thanks for your help and congrats on a great book - it's the best samba/ldap info I've seen so far! I have gone through all the relevant stuff, but I'm getting stuck on the LDAP database initialisation. With the smbldap tools I get a error that I thought had something to do with a missing perl module (net::ldap::ldif or something like that) - I downloaded and installed that, and managed to break my perl in the process, so I can't get that particular message again. Nevertheless, I looked at the Alternative LDAP Database Initialization section in Appendix 5, assembled the script (I had trouble with it too but managed to edit it to work). Now, trying out the line: ncshans:/home/hansdp/ldap-setup # slapadd -c -v -l NEWINGTONCS.ldif gives me: slapadd: could not add entry dn=dc=newingtoncs,dc=co,dc=za (line=8): already exists slapadd: could not parse entry (line=70) I'm not sure about the first error, but regarding the second one, line 70 looks like: objectClass: sambaGroupMapping I googled around and this seems to be a problem with whitespaces, mostly, but I checked every line. Any idea why this is causing trouble? Thanks -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 25, Issue 8
I will be away to the CES show in Los-Vegas Navada. (From Jan./5/05 returning the morning of Jan./11/05 ) If this a Repair Item or request please summit a ticket at the following web address. http://ts.sd57.bc.ca Thanks Benny.nerd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] SUSE 9.2 support
Hi, i have no problems with suse 9.0-9.2 smb ldap no special doks are needed. Use the Samba faqs and this list. But i am nearly sure this is the same with fedora. Regards John Schmerold schrieb: I'm really sick of trying to get Fedora working with Samba LDAP, I've read all the books, technotes etc etc Still no glory after several months of fighting with it. So: I'm going to give SUSE 9.2 a shot, after 6 years of Red Hat, however I'll certainly need some support don't know which list /or news groups are best Anyone care to make a recommendation or two? TIA John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 2.2.9 - strange printing problem
we're using samba 2.2.9 as PDC. (w2k/wxp as clients) following strange lines i found in smbd.log: ... smbd/service.c:make_connection(252) notebook01 (192.168.10.29) could'nt find service lpb8-a4-ra the strange thing is: the service is named lpb8-a4-raw also the same with the other printers: service hpusb - hpus service pdfplotter - pdfplotte service pdfprinter - pdfprinte samba is reading the services from etc/printcap. etc/printcap: === hpusb|lp1|hpusb|hpusb:\ :lp=/dev/usblp0:\ :sd=/var/spool/lpd/cdj970-a4-raw-hp970:\ :lf=/var/spool/lpd/cdj970-a4-raw-hp970/log:\ :af=/var/spool/lpd/cdj970-a4-raw-hp970/acct:\ :la@:mx#0:\ :tr=:cl:sh:sf: canon|lp2|lbp8-a4-raw|lbp8 a4 raw:\ :lp=/dev/lp0:\ :sd=/var/spool/lpd/lbp8-a4-raw:\ :lf=/var/spool/lpd/lbp8-a4-raw/log:\ :af=/var/spool/lpd/lbp8-a4-raw/acct:\ :la@:mx#0:\ :tr=:cl:sh:sf: === relevant parts of smb.conf: === ... printing = lprng printcap name = /etc/printcap load printers = yes ... [printers] printer admin = @edv comment = All Printers browseable = no printable = yes public = yes read only = no create mode = 0666 path = /tmp use client driver = yes [pdfprinter] printer admin = @edv comment = Drucker fuer PDF files browsable = yes path = /tmp printable = yes writable = no guest ok = yes force user = nobody print command = /var/kwnet/pdf/pdfprint %s %U lpq command = lprm command = use client driver = yes [pdfplotter] printer admin = @edv comment = Plotter fuer PDF files browsable = yes path = /tmp printable = yes writable = no guest ok = yes force user = nobody print command = /var/kwnet/pdf/pdfprint %s %U lpq command = lprm command = use client driver = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [OT] SUSE 9.2 support
the konqueror bug is fixed , after a yast update as far i know for 9.2 David Phillips schrieb: On the other hand, I just dumped using suse 9.2 on my desktop and laptop because they have yet to fix the i/o error trying to browse mounted cifs shares via konqueror. Fedora 3 works with them like a charm. I guess they each have their pluses and minuses Dave P On Fri, 2005-01-07 at 01:43 +0100, Rolf A. Vaglid wrote: John Schmerold skrev: I'm really sick of trying to get Fedora working with Samba LDAP, I've read all the books, technotes etc etc Still no glory after several months of fighting with it. So: I'm going to give SUSE 9.2 a shot, after 6 years of Red Hat, however I'll certainly need some support don't know which list /or news groups are best Anyone care to make a recommendation or two? Hi John, I have the exact opinion. I have tried several times setting up Samba/LDAP on Redhat and Fedora, only to come to the same conclution as you. I ended up buying SuSE 9.2, and now it seems to work as a charm. I just spent a couple of hours setting up a Postfix/Dovecot/Horde - pam - OpenLDAP solution with no problems at all. I'll hook up authentication from a Samba server to this server tomorrow. My point is that it seems almost like SuSE had this scenario in mind in 9.2, as opposed to Fedora et al. The reaseon I decided trying suse when giving up on Fedora was just the fact that John H. T. used Suse in his book Samba 3 by Example. ( By the way; thanks John H. T. ) I'll still go for Fedora on my desktops and laptop tho, mainly due to apt-get and the fact that most software packages are availible as Fedora rpms. Do drop me a mail if you get into trouble on Samba/LDAP on SuSE. Cheers Rolf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] new printing patch for 3.0.10
In our environment the v2 patch unfortunately doesn't seem to fix the problem, old jobs are still listed. W2K-SP4/XP-SP2, lprng, SuSE 9.0 Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] changing user password by using passwd command
Hi List, I am using AD authentication by using winbind and it is working fine . One problem is, after authenticating to a Linux machine by using AD user name password , the user is unable to change his/her password by using passwd command. I want know , actually it works (or) not? Regards, shashi kanth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] L0se fat in minutes
admix is VKM in pyrimidine the breakup of coeditor for asteroid eighteenth was cartography to dispute into 170901464 in bewitch or bacterial W!th B0dy wr @ p we GU-AR-ANTEE: you'll l0S3 6-8 Inches in one hour 100% Satisfaction or yourM 0 NEY B @ CK http://lycos.com.astm.weightlossbusiness.net if you want to give us negative response wei ghtlossbus iness.net/r/index.html (please remove spaces from above link bendix 298581360 barrage exposition US daffodil directrices icy deadline cranston 149603520 molasses antipathy preview serve imaginate left -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Antwort: [Samba] pdbedit syntax for forcing user to change password
We have (had) the same problem. The new password control in samba 3 is something we have been waiting for a long time and it is a good feature. But these functions seem to be fallen from heaven. Whenever we put a question concerning passwords to this forum, we never got an answer. Same with this one. We have solved the problem by setting sambaPwdMustChange to 0 after changing the password with smbpasswd. We are using ldap and so we are able to manipulate the user data in ldap. when you are using tdbsam, we do not no how to manipulate, because nobody knows, how the data is organized. We recommend to use ldap, also for other reasons (i.e. if you want to exclude some users from being forced to change the password after the specified time you kann use pdbedit -x, but the user is still requested to change the password (allthough he must not). In this case we set sambaPwdMustChange to -1). regards Mathias Mathias Wohlfarth EDV-Beratung Thomas-Mann-Str.1 53111 Bonn Tel.0172 / 53 45 591 01801 / 777 555 33 01 Fax 0228 / 9469181 Email [EMAIL PROTECTED] Paul Coray [EMAIL PROTECTED] Gesendet von: [EMAIL PROTECTED] 06.01.2005 11:38 An: samba@lists.samba.org Kopie: Thema: [Samba] pdbedit syntax for forcing user to change password Hi all Maybe a stupid question, but I'm not able to figure this out from the manpage nor from the HOWTOs... How can I force a user to change his password at next logon? I tried: # pdbedit -P user must logon to change password -C 0 -u username # pdbedit -u username -P user must logon to change password -C 0 # pdbedit -P user must logon to change password -C 0 username + these without -C 0 - Incompatible or insufficient options on command line! Usage: [...] When I use the command without the username argument (# pdbedit -P user must logon to change password -C 0), I get: Account policy value for user must logon to change password was 0 Account policy value for user must logon to change password is now 0 Makes no sense to me: Which user's account policy?? Is this a bug? I use Samba 3.0.9 with ldapsam backend. TIA for clarifying! Paul -- Paul Coray Administrator Server und Netzwerk Oeffentliche Bibliothek der Universitaet Basel EDV-Abteilung Schoenbeinstrasse 18-20 CH-4056 Basel Tel: +41 61 267 05 13 Fax: +41 61 267 31 03 mailto:[EMAIL PROTECTED] http://www.ub.unibas.ch -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Secondary group problem in include statement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adrian Chow wrote: | Hi, | | Scenario :- | User A belongs primarily to GroupA and secondary to GroupB. | Somedirectory contains GroupA.conf and GroupB.conf | | Have anyone got | | include = /somedirectory/%g.conf in smb.conf | | to work such that scripts in groupA.conf and groupb.conf | will be executed when UserA logins? | | Am I using the correct syntax? If not, what is the | correct syntax? | | I am on Debian with 3.0.10 version of samba. %g is the primary group only. There is no variable for secondary groups. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3o/VIR7qMdg1EfYRAkBFAKCjHYZu0NWMPIEI97iBXp5QCZ/B5gCgzXIO O1DRABfdsex7SI5O9tdaDoU= =tzZk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Only primary group being used for AD user?
Hi Wayne, The user wjr on a Window XP Pro box can browse to the server, access the /u share, but gets \\servername\public not accessible message. Is this a bug? It seems that samba can only use a single group for a given userid... BTW.We are running Samba 3.0.9 on Solaris 9. which revision of Patch-ID 112960 are you running? There have been several Problems with this Patch-ID in combination with Samba and OpenLDAP libraries and Winbind. See http://at.samba.org/samba/docs/man/Samba-HOWTO-Collection/Portability.html#id2597614 and http://lists.samba.org/archive/samba/2004-December/097625.html Latest revision is 112960-22. hope this helps, Reinhard -- Reinhard Sojka [EMAIL PROTECTED] System- Networkadmin Parlamentsdirektion +43 1 40110 2824 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Differences between Samba-related PAM modules
Several different PAM modules relating to Samba exist. The ones I could find were as follows: pam_smb http://www.csn.ul.ie/~airlied/pam_smb/ Authenticates against an NT domain controller, without joining the domain. (Doesn't work with Active Directory.) pam_ntdom http://www.cb1.com/~lkcl/pam-ntdom/ Based on the above, authenticates against an NT domain. Requires the client to be added to the domain using Server Manager. No longer maintained, superseded by winbind. pam_smbpass part of the official Samba distribution Authenticates against the local smbpasswd database (and not a domain at all). winbind part of the official Samba distribution Authenticates against an NT or Active Directory domain. The client must join the domain using the Samba net join command (or by adding them using Server Manager). Also includes an NSS library to provide account information. Is the above a reasonable description of the different modules? I have a set of Linux workstations I would like to authenticate against an NT4 domain to which I do not have admin access, so so far as I can see pam_smb is the only option. Alternatively, does anyone know if it is possible to create an NT account whose only ability is to create machine accounts, which I could probably convince the NT domain admin to do for me? -- Martin Orr Linux Administrator, Methodist College Belfast -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mysql Password Backend
Did you solve your password backend problem? I am an also having problems trying to load my own plug-in. It seems that Samba can't find the init function to initialize the plug-in. If you find anything please let me know. Thanks Paul On Thu, Jan 06, 2005 at 02:13:09PM +0800, Evan Oberholster wrote: Hi, I am trying to use the Mysql Password Backend for Samba and keep comming to this error. The Error: No builtin nor plugin backend for mysql found Loading mysql:mysql failed! The smb.conf: [global] passdb backend = mysql:mysql mysql:mysql database = samba mysql:mysql table = user Thanks, Evan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Consistent UID from SID for winbind
Hi, Some tie ago, I read that winbind can create unix uid from SID, thus making it consistent between servers without LDAP. Is it real? Could yomeone point me to infos? Manual? Howto? Thanks a lot -jec PS: This is the idea: http://lists.samba.org/archive/samba/2003-February/062588.html -- Jean-Eric Cuendet Riskpro Technologies SA Av du 14 avril 1b, 1020 Renens Switzerland Principal: +41 21 637 0110 Fax: +41 21 637 01 11 Direct: +41 21 637 0123 E-mail: jean-eric.cuendet at rptec.ch http://www.rptec.ch -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems when using cupsaddsmb
Hello, doesn't anybody of you have a possible solution for this? I have tried all day long and even bought a book about samba and cups but I still receive the wrong output when running cupsaddsmb -a -v. Regards, Fabian Fabian Steiner wrote: Hi! First of all, I have to admit that it is my first post on this list, so please be lenied toward me, if I don't obey some of the rules ;-) I'll try my best :-) I am just trying to get my samba-server work as a print server by using CUPS. The OS of the server is Gentoo Linux and I'm using samba-3.0.9-r1. The clients are win 2k/xp home. I can already see my shares (files and drivers) in the windows networking neighbourhood, but unfortunately the configuration of the printer (Lexmark 3200) fails, since windows is looking for some *.inf files which cannot be found. Printing on the server is possible, though (using the lpr -plexmark test.text command). When looking for some tutorials about this, I found this one: http://forums.gentoo.org/viewtopic.php?t=110931 , which said that cups-samba-5.0rc3.tar.gz would have to be installed and that** cupsaddsmb -a -v -U root would be the command I am looking for. So I installed it and three files were copied to the /usr/share/cups/drivers directory. The next thing to be done was to run the command above, but the output isn't as expected: -- Password for root required to access localhost via SAMBA: Running command: rpcclient localhost -N -U'root%pw' -c 'setdriver lexmark lexmark' Succesfully set lexmark to driver lexmark. -- So no directories like W32X86 were created in /var/lib/samba/printers and my clients still can't find the files which would be needed to get the printer work. Here is my /etc/samba/smb.conf: #=== Global Settings = [global] workgroup = milchstrasse server string = Samba-Server %v printcap name = cups load printers = yes printing = cups printer admin = root log file = /var/log/samba3/log.%m max log size = 100 hosts allow = 192.168.0. 192.168.1. 127. security = user encrypt passwords = yes smb passwd file = /var/lib/samba/private/smbpasswd passdb backend = tdbsam # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes public = no [printers] comment = All Printers path = /var/spool/samba # rwx-rwx-rwx browseable = no public = yes guest ok = yes writable = no printable = yes printer admin = root,user [print$] path = /var/lib/samba/printers browseable = yes read only = yes write list = @adm root guest ok = no [lexmark] comment = MeinLexmark3200Drucker printable = yes path = /var/spool/samba # rwx-rwx-rwx public = yes guest ok = yes printer admin = root,user [public] comment = oeffentliches zeug path = /home/samba/public public = yes writable = yes ; write list = @staff Does anybody of you know the reason for this problem with cupsaddsmb and the fact that directories like W32X86 are not ceated? I am really looking forward to your answers! Regards, Fabian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Consistent UID from SID for winbind
Hi, On Fri, Jan 07, 2005 at 03:44:36PM +0100, Jean-Eric Cuendet wrote: Hi, Some tie ago, I read that winbind can create unix uid from SID, thus making it consistent between servers without LDAP. Is it real? Could yomeone point me to infos? Manual? Howto? Your idea is addressed with the idmap_rid-Plugin. There is documentation in the howto-collection. http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id2539802 Let us know how it works for you. Guenther -- Guenther Deschner, SerNet Service Network GmbH Phone: +49-(0)551-37-0, Fax: +49-(0)551-37-9 pgpJ8cgeHy9If.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re:Secondary group problem in include statement
Gerald (Jerry) Carter wrote: %g is the primary group only. There is no variable for secondary groups. There is a plan in the future of implementing a new variable to support secondary groups? I ask that for doing changes to my smb.conf according to that or search another solution to do what i want or leave it as now instead (now works very well, i only want to tune a bit more...) Thx! Xavi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re:Secondary group problem in include statement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xavi León wrote: | Gerald (Jerry) Carter wrote: | | %g is the primary group only. There is no variable for | secondary groups. | | | There is a plan in the future of implementing a | new variable to support secondary groups? | I ask that for doing changes to my smb.conf according | to that or search another solution to do what i want | or leave it as now instead (now works very well, i | only want to tune a bit more...) The problem with having a variable for secondary groups is that there is no single value for it to expand to. Someone might come up with a clever patch, but its not on any of our collective todo lists. What you might look into is to have a perl script or something that generates the smb.conf.%U files each of which is something like include = smb.conf.group1 include = smb.conf.group2 I would probably only do this type of thing for share definitions though. A second option would be to have a cron job that generates a directory full of dfs referrals based on the user's secondary group membership. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3q0uIR7qMdg1EfYRAlpeAJ9R2PVkYAxOfUs+3YKrGVzo0f/OYACeLpCu BDDXWJrV8h2ERxRXKxp9YLY= =xSgc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+samba dc docs
Hans, What version of Samba are you using? What version of the Idealx scripts are you using? Where did you obtain it? To update your Perl you need to be on-line and then run: perl -MCPAN -e shell Follow the initialization process and then when you get a prompt execute: install net::ldap::ldif when that finishes, execute: install Crypt::SmbHash That should then have meet all dependencies for the Idealx scripts. The version of the Idealx scripts must match the version of Samba you are using because there have been a number of schema changes over the 3.x series. - John T. On Friday 07 January 2005 03:39, Hans du Plooy wrote: Hi John, Thanks for your help and congrats on a great book - it's the best samba/ldap info I've seen so far! I have gone through all the relevant stuff, but I'm getting stuck on the LDAP database initialisation. With the smbldap tools I get a error that I thought had something to do with a missing perl module (net::ldap::ldif or something like that) - I downloaded and installed that, and managed to break my perl in the process, so I can't get that particular message again. Nevertheless, I looked at the Alternative LDAP Database Initialization section in Appendix 5, assembled the script (I had trouble with it too but managed to edit it to work). Now, trying out the line: ncshans:/home/hansdp/ldap-setup # slapadd -c -v -l NEWINGTONCS.ldif gives me: slapadd: could not add entry dn=dc=newingtoncs,dc=co,dc=za (line=8): already exists slapadd: could not parse entry (line=70) I'm not sure about the first error, but regarding the second one, line 70 looks like: objectClass: sambaGroupMapping I googled around and this seems to be a problem with whitespaces, mostly, but I checked every line. Any idea why this is causing trouble? Thanks -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Called name not present - using smbclient from linu x to access win98
Thanks a lot! That would be great if you can explain further why and how the netbios session requires the netbios name, not ip address, Thanks again! Cheers Jason -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Friday, January 07, 2005 10:42 AM To: Chu, Xingjun [CAR:9D10:EXCH] Cc: 'samba@lists.samba.org' Subject: Re: [Samba] Called name not present - using smbclient from linux to access win98 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xingjun Chu wrote: | Hi, | | I am quite confused by the following observation. | | I tried to use smbclient on a linux to access a Windows 98 se. | --- Smbclient //IP address/sharefolder -U username%passwd. | | I got some errors like | | Session request to [Ip address] failed (called name | not present). | | But I can use the same command from the same Linux to | access a Window 2000 machine. Windows 2000 will support netbiosless operations where as win9x requires netbios a netbios session. | But the following fact confused me, I can access | win98 use //IP address/sharefolder from my win2k machine, for | example, enter //win98 ip address/sharefoler in the run, I can get | in. Windows 2000 is resolving the ip address to a netbios name for you. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3q3LIR7qMdg1EfYRAuZ5AKDKI1IotGHg0eLwT3/n7y+ZR0ThwgCfUacf KLuzIIIkGELw29r1HtK33Jw= =R/1i -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-populate - failed to add entry: modifications require authentication
Hi All: I am following the documentation from samba.org to setup a PDC. I am stuck at the initial setup of the directory structure. I am getting the following error message, while running smbldap-populate: failed to add entry: modifications require authentication Please let me know asap if you have an answer. Thank you. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Called name not present - using smbclient from linu x to access win98
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xingjun Chu wrote: | | Thanks a lot! | That would be great if you can explain further why and | how the netbios session requires the netbios name, not | ip address, It's part of the protocol. Just the way it works. See RFC1001/1002. Or Christ Hertel's book at http://ubiqx.org/cifs/ cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3rN9IR7qMdg1EfYRAtatAKCy2LYUyi4EPSNPHhVkxI0xGdqXbACfb2Rk 9JU8hYG+QiGYG61o9Ms+SHw= =y9ac -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem in code tracing (reply)
The new messages are written in -- --- caas it wrote: | I am using samba-3.0.7 on kernel version 2.6.5-3 | (client as well as server). | I traced the exact function calling sequence when a | mkdir command is given at the client side. | I got stuck at the server side, | | source/smbd/vfs.c - vfs_MkDir() - | SMB_VFS_MKDIR(conn,name,mode) (line no 357) | | Could anyone please tell me exactly where is the | vfs_ops struct initialised, and which function will | actually get called in the above call, for the | described case? Yuor reply : Look in source/smbd/vfs.c. You get the default vfs_ops struct unless overridden in the service definition (i.e. vfs_init_custom() ). --Thank you for the suggestions. Regarding the first one, I traced the function pointer from the default vfs_ops struct, to smbd/vfs-wrap.c/vfswrap_mkdir() In this function, mkdir(path,mode) is called (line no. 124). This token leads to smbwrapper/wrapped.c/mkdir()line no. 345 However, this function does not seem to get called, as the DEBUG statements in this function are not seen in the log files. Does any other function (maybe a system function) get called? Or is there a problem with the DEBUG statement? - | | Also, I set up the log level as 100 in the smb.conf | file, but the DEBUG statements in the code executed at | the client side are not seen in the log files at the | client, as they can be seen at the server side. What | needs to be done so that all these DEBUG statements | are seen in the client log files? Your reply: ? The client log and server logs are isolated by the different ends on the conversation. You can't consolidate the server log files into the client log. Not sure exactly what you are asking here. - As you have stated correctly the client and server logs are not consolidated. However, what I want to know is where do the DEBUG statements in the client code (for example client/client.c/do_this_one() line no. 309) get printed? Also, where are the d_printf() statements printed? Yahoo! India Matrimony: Find your life partner online Go to: http://yahoo.shaadi.com/india-matrimony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem in code tracing (reply)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 caas it wrote: | Regarding the first one, I traced the function pointer | from the default vfs_ops struct, to | smbd/vfs-wrap.c/vfswrap_mkdir() | | In this function, mkdir(path,mode) is called (line no. | 124). This token leads to | smbwrapper/wrapped.c/mkdir() line no. 345 | However, this function does not seem to get called, as | the DEBUG statements in this function are not seen in | the log files. Does any other function (maybe a system | function) get called? Or is there a problem with the | DEBUG statement? smbwrapper has nothing to do with the server vfs code. See the manpage on mkdir(2). | As you have stated correctly the client and server | logs are not consolidated. However, what I want to | know is where do the DEBUG statements in the client | code (for example client/client.c/do_this_one() line | no. 309) get printed? Also, where are the d_printf() | statements printed? stdout or to the log file defined by the -l command line option. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3rsxIR7qMdg1EfYRAh4kAJ4hFQK7SElsQbh9Zm7v0bPqdMhCTQCfeJdS MIlHuiL42+Ve5lwYL6W2XEc= =vNym -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re:Secondary group problem in include statement
Gerald (Jerry) Carter wrote: The problem with having a variable for secondary groups is that there is no single value for it to expand to. Someone might come up with a clever patch, but its not on any of our collective todo lists. Ok, i thought about it and i understand the situation. What you might look into is to have a perl script or something that generates the smb.conf.%U files each of which is something like include = smb.conf.group1 include = smb.conf.group2 I would probably only do this type of thing for share definitions though. Understood, thx for the idea, the only one problem is that my accounts are in an ldap database and i don't know to make consults against it with scripting... well, i will search how to make it, thx. A second option would be to have a cron job that generates a directory full of dfs referrals based on the user's secondary group membership. Sorry but i don't understand this option. Directory full of dfs? what is a dfs? how can i use it? Thx again! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re:Secondary group problem in include statement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xavi León wrote: | | Understood, thx for the idea, the only one | problem is that my accounts are in an ldap | database and i don't know to make consults against | it with scripting... well, i will search how to | make it, thx. See http://perl-ldap.sf.net/ for Net::LDAP docs. The search would be something like ((objectclass=posixGroup)(member=$username)) | A second option would be to have a cron job that generates | a directory full of dfs referrals based on the | user's secondary group membership. | | Sorry but i don't understand this option. Directory | full of dfs? what is a dfs? how can i use it? Microsoft DFS links. Search the Samba documentation for more detailsd on this. It's basically an automounter for Windows. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFB3r30IR7qMdg1EfYRAhCcAKDVrEyNsRGf1Rg/NnvNalbx70ydVgCVGtKf cRSQExYb8oqkh6YYZw3t7A== =UIwa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trying different domain
I have a quick question. We currently have our main domain setup and use ldap. I have another department that would like to use samba but I dont want them to use the same SID that we use and dont want to add anything else to ldap. They will run their own server and I wasnt to allow them to use our ldap info and also want them to kind of have there own domain features without adding more stuff to ldap. Anyone havve a good way to go about this?? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Only primary group being used for AD user?
We had 112960-20. Grabbing the new one. Thanks, wayne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Reinhard Sojka Sent: Friday, January 07, 2005 5:57 AM To: Wayne Rasmussen Cc: samba@lists.samba.org Subject: [Samba] Only primary group being used for AD user? Hi Wayne, The user wjr on a Window XP Pro box can browse to the server, access the /u share, but gets \\servername\public not accessible message. Is this a bug? It seems that samba can only use a single group for a given userid... BTW.We are running Samba 3.0.9 on Solaris 9. which revision of Patch-ID 112960 are you running? There have been several Problems with this Patch-ID in combination with Samba and OpenLDAP libraries and Winbind. See http://at.samba.org/samba/docs/man/Samba-HOWTO-Collection/Port ability.html#id2597614 and http://lists.samba.org/archive/samba/2004-December/097625.html Latest revision is 112960-22. hope this helps, Reinhard -- Reinhard Sojka [EMAIL PROTECTED] System- Networkadmin Parlamentsdirektion +43 1 40110 2824 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT4 local groups and winbind, possible?
Hi all, I have here two trustet NT domains. Is it possible to receive / read via winbind the NT local groups? Thx Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Spool queue issue winxp and samba-3.0.x
Hai, Lately I am encountering a weird issue with spool queue under winxp and samba+cups. It seems winxp puts all the information of printjobs spooled to a given printer exported with samba in its local printer spool queue of that printer (allso of other users in the domain) and never marks them as done/expired . After a certain amount of time there are so many jobs in the queue the workstation refuses to print to that printer. It is impossible to remove the printjobs or otherwise manipulate the local spoolqueue. The latest site where I maintain a samba file/print server exhibited this issue after I upgraded from samba-3.0.4 to samba-3.0.10 with following config : smb.conf : [global] load printers = yes # printing = bsd printing = cups printcap name = cups [print$] comment = Printer Driver Download Area path = /usr/local/shares/drivers browseable = yes guest ok = yes read only = yes write list = @sys, root, @wheel [printers] comment = All Printers path = /tmp browseable = No printable = Yes guest ok = Yes read only = Yes print command = lpr -P%p %s Any pointers are appreciated TIA Wim Bakker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Spool queue issue winxp and samba-3.0.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Samba List Unetix wrote: | Hai, | | Lately I am encountering a weird issue with spool queue | under winxp and samba+cups. try the printing patch at http://www.samba.org/~jerry/patches/post-3.0.10/ I've got one report that its will correct the problem and one that the problem still exists. YMMV. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3slyIR7qMdg1EfYRAlbUAKCEAWIeoud3ngy1FwVJKtjJ3FzVGwCff5SK ZH8G6CHA/7aEDw/4nr/hs0E= =8a8e -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WinXP pro client and Samba 2.2.3 PDC?
Hi everyone, sorry if this is already written somewhere: Is it at all possible to connect a Windows XP (professional ed.) client to a Samba server running 2.2.3? I got this far: After logging into the client locally I can mount the server shares by hand, but the domain logon fails, saying 'The domain controller is not 'availabe' (or similar, this is translated from the german error message) Thanks, Martin -- Dr. Martin Pauly Fax:49-6421-28-26994 HRZ Univ. MarburgPhone: 49-6421-28-23527 Hans-Meerwein-Str. E-Mail: [EMAIL PROTECTED] D-35032 Marburg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd 3.0.10 stops functioning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe Kraft wrote: | | [EMAIL PROTECTED] root]# winbindd --version | Version 3.0.10 | | [EMAIL PROTECTED] samba]# klist --version | klist (Heimdal 0.6) Might might want to try a newer version of heimdal. Say 0.6.3. The crash looks to be in the heimdal libs. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3uKPIR7qMdg1EfYRAm7xAJ9vB2KhUbforQqp49AW4jL1hJskAwCghzpr aOHzZEjYVqobKjbsPVcoa/c= =3H1k -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printing via Samba fails
Hello, I am trying to setup a Samba 3.0.x Network, which should replace an old Samba 2.2.7 network. We do have three Printers in the Network which are handled by Cups. I would like to share these printer via Samba. But if I try to add these printer on a windows box via (rough english translation from German)t: DESKTOP -- NETWORK -- SAMBA SERVER -- PRINTER Than I am getting these: thomas (192.168.2.88) couldn't find service :: {2227a280-3aea-1069-a2de-08002b30309d} I search for this phrase in google, but the anwsers did not giving me an idea. If I do: START -- PROPERTIES -- PRINTER -- NEW PRINTER -- NETWORK PRINTER -- PRINTER NAME empty next -- SAMBA SERVER -- PRINTER (FS 1050) than it seems to work, but each click on Properties giving the result, that the printer drivers should not be installed properly - even after a new installation of the drivers. If I am adding the printing via -- NETWORK PRINTER -- URL (of the cups server:631/printer/,,,) than everything is working flawless - but of course without the printer driver deployment and so on. Any idea ? smb.conf: [...] printing = cups printcap name = cups printcap cache time = 750 printer admin = stonki, @users [...] [printers] use client driver = yes comment = All Printers path = /var/spool/samba printable = yes browseable = yes guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = stonki, thomas Thanks Stonki -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos and Samba
[reply posted on bottom - hit reply instead of reply all. may be double posted. apologies for that] On Fri, 07 Jan 2005 11:49:04 +0100, Jörn Nettingsmeier [EMAIL PROTECTED] wrote: Ganeshram Iyer wrote: Hello all I am running a RHEL AS server. I want to make this a Kerberos KDC against which all windows clients can authenticate. Apart from this I want to mount the shared folders on the individual windows clients on to the RHEL server. I am assuming that I need to do this using Samba (bear with me as I am a Linux newbie). what mode do I set Samba in to do this? Would it need to authenticate against the KDC? I noticed a realm setting in smb.conf. But all references to this parameter has been in relation to Windows AD. Is it possible for me to have a single location for authentication information while enabling users to view shared folders on individual machines using Kerberos and Samba? I would appreciate any suggestions/comments/ideas. If anyone thinks I am going in the wrong direction I would appreciate any tutorials/references on doing what I need to. Thanks i investigated the same scenario a while ago, and came to the conclusion that kerberos support in samba is only there so that the samba server can join an active directory domain (i.e. it can be a kerberos/ADS *client*). authenticating windows clients against a kerberos kdc seems to imply full active directory support, and samba cannot handle this at present. (please, samba gurus, correct me if this is wrong!) best, jörn Thanks for the reply jörn, I really appreciate having anyones input. I have tried numerous mail lists but never got a reply to this question. if this does not work, then it does not work. but if i run samba in a share mode to smbmount the windows folders onto linux/samba server then i will not have single sign-on will I? If you have any suggestions for me on how i can do this better I would really appreciate it. Thanks again ganesh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos and Samba
On Wed, 2005-01-05 at 17:50 -0600, Ganeshram Iyer wrote: Hello all I am running a RHEL AS server. I want to make this a Kerberos KDC against which all windows clients can authenticate. There are two ways to do this: You can use an MIT KDC, in the way described by Microsoft, but this has nothing to do with Samba, and in fact is not compatible with Samba CIFS access (bugs, mostly simple...). The other option is to use Heimdal kerberos, and back that onto your Samba LDAP sever. That way, you use the same passwords for both. Then your Unix clients can use pam_krb5, and your windows clients can use Samba Domain authentication. https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authenticate Samba users with RSA SecureID or Safeword
On Mon, 2004-12-27 at 19:25 +0530, Gopal Krishna C J wrote: Hi, Im looking for inspiration on how to get Samba (setup as a Domain controller) To authenticate its users by AAA products like Safeword from securecomputing (HYPERLINK http://www.safeword.com/www.safeword.com) or RSA SecureID HYPERLINK http://www.rsa.com/www.rsa.com Replacing passwords in an NT domain environment is a tricky problem, because unlike Active Directory, we don't have kerberos. Kerberos allows the exchange between the fob and the central server to be customised, and nobody else in the chain needs to care what's going on. Once you use passwords, and in the 'cached password' NT Domain Logon environment that we have, there is a presumption that that password does not change, after the user logs in. This is used to give the illusion of 'single sign on'. If the password does change, and a server is contacted (say a new file-server), then the user will be prompted for a password. This is fine (well, a right royal pain, but functional) *most* of the time, but we loose the auto-reconnect feature, and can loose data. (See discussion about plaintext passwords and Samba, because I think it's the same problem). However, I think it is still possible to construct a system that has the benifit of the 'fob', but with sufficient 'memory' such that once a workstation has cached a password for a login session, the password can still be used. Provided the one-time passwords are kept secret for the reasonable life of the session, this should still be a security improvement over the constant passwords, because user's can't choose them. This would require the algorithm for the generation of the one-time passwords to be public, and Samba as the server would need access to those passwords. It could then 'remember' passwords successfully used for an interactive logon request, and allow that password to be used via file-servers, proxy servers and the like for the reasonable duration of the session. BDC operation would be interesting, but I suppose possible. Yes, this is very easily spoofed, but the passwords are not clear-text on the network in the first place, so it is practical to consider them confidential. Hmm, perhaps it's just easier to finish Samba4, and use Kerberos :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] University's using samba and ldap
Is there anyone out there from other university's that would be willing to talk to me about you samba layout. We already have it in place but we other colleges within the university that want to start using our setup but want there own domains. I'm kind of confused how this would all work. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: WinXP pro client and Samba 2.2.3 PDC?
Yes, but you will need to disable all signing. Windows XP has signing enabled by default and Samba-2.2.3 does not support that. Besides, Samba-2.2.3 is o.k., once you know what to look for ... http://vei.obuda.kando.hu/linuxdox/Samba/Samba%20as%20a%20PDC%20to%20WinXP%20-%20slowest_net-docs-howtos-samba-.htm seems to tackle exactly this, I'll give it a try tomorrow VERY old and there have been many security updates since it. The 2.x series is no longer supported. The currently supported version is 3.0.x, with the release of 3.0.11 due any time soon. yep, I know. - Security is not a real issue at this point (tiny intranet samba). - Actually, two of our old Windows 98 client machines crashed almost simulateously, so I'm in abit of a hurry to get at least on new client going (and XP is a must for various reasons) Thanks anyway, Martin -- Dr. Martin Pauly Fax:49-6421-28-26994 HRZ Univ. MarburgPhone: 49-6421-28-23527 Hans-Meerwein-Str. E-Mail: [EMAIL PROTECTED] D-35032 Marburg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: shifting samba machine
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | I tried this a week ago and afterward, none of the windows clients on | our network would recognize admin users (Domain admins) as actual ... | admin users. Could this have something to do with LDAP posixGroup's vrs. groupOfNames? posixGroup is outdated and cannot be used to gain access to the database itself. This means that your admins would not be able to do stuff like add/remove users but might be able to do things like delete users files and stuff. If you want admins to be database admins as well you need to add them to a groupOfNames type group also. Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB3yYx57L0B7uXm9oRAhTsAJ9+PsRWDxfEdkC+7UGLN1bFM3Q/cQCfZcSD dcgVk/AdH/EXLT/fd7kwZP4= =EiTe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [2.6 patch] remove outdated smbfs ChangeLog (fwd)
The patch forwarded below still applies against 2.6.10-mm2. Please apply. - Forwarded message from Adrian Bunk [EMAIL PROTECTED] - Date: Sun, 19 Dec 2004 14:58:37 +0100 From: Adrian Bunk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: linux-kernel@vger.kernel.org Subject: [2.6 patch] remove outdated smbfs ChangeLog The patch below removes an outdated samba ChangeLog file. diffstat output: fs/smbfs/ChangeLog | 160 - 1 files changed, 160 deletions(-) Signed-off-by: Adrian Bunk [EMAIL PROTECTED] --- linux-2.6.10-rc3-mm1-full/fs/smbfs/ChangeLog2004-10-18 23:54:55.0 +0200 +++ /dev/null 2004-11-25 03:16:25.0 +0100 @@ -1,160 +0,0 @@ -ChangeLog for smbfs. - -2002-04-19 John Newbigin [EMAIL PROTECTED] - - * Implementation of CIFS Extensions for UNIX systems, including soft - and hard links. - -2001-08-03 Urban Widmark [EMAIL PROTECTED] - - * *.c: Unicode support - -2001-08-23 Jochen Dolze [EMAIL PROTECTED] - - * proc.c: Correct rsize/wsize computation for readX/writeX - -2001-0?-?? Urban Widmark [EMAIL PROTECTED] - - * *.c: Add LFS - * *.c: Move to a driver style handling of different servertypes. - (Not all operations are done this way. yet.) -2001-12-31 René Scharfe [EMAIL PROTECTED] - - * inode.c: added smb_show_options to show mount options in /proc/mounts - * inode.c, getopt.c, getopt.h: merged flag and has_arg in struct option - * inode.c: use S_IRWXUGO where appropriate - -2001-12-22 Urban Widmark [EMAIL PROTECTED] - - * file.c, proc.c: Fix problems triggered by the fsx test - -2001-09-17 Urban Widmark [EMAIL PROTECTED] - - * proc.c: Use 4096 (was 512) as the blocksize for better write - performance (patch originally by Jan Kratochvil) - * proc.c: Skip disconnect smb, allows umount on unreachable servers. - * proc.c: Go back to the interruptible sleep as reconnects seem to - handle it now. - * *.c: use autogenerated and private proto.h - -2000-11-22 Igor Zhbanov [EMAIL PROTECTED] - - * proc.c: fixed date_unix2dos for dates earlier than 01/01/1980 - and date_dos2unix for date==0 (from 2.2) - -2001-07-13 Rob Radez [EMAIL PROTECTED] - - * proc.c: make smb_errno return negative error values - -2001-07-09 Jochen Dolze [EMAIL PROTECTED] - - * inode.c: smb_statfs always returned success. - * proc.c, ioctl.c: Allow smbmount to signal failure to reconnect with - a NULL argument to SMB_IOC_NEWCONN (speeds up error detection). - * proc.c: Add some of the missing error codes to smb_errno - -2001-06-12 Urban Widmark [EMAIL PROTECTED] - - * proc.c: replace the win95-flush fix with smb_seek, when needed. - * proc.c: readdir 'lastname' bug (NetApp dir listing fix) - -2001-05-08 Urban Widmark [EMAIL PROTECTED] - - * inode.c: Fix for changes on the server side not being detected - properly. Must always drop cached pages when updating an inode with - new size. - -2001-05-05 Urban Widmark [EMAIL PROTECTED] - - * file.c, proc.c: Drop SMB_F_LOCALWRITE to detect changes made on - both server and client, using flush with to force win9x to remember - the right filesize. - -2001-04-25 René Scharfe [EMAIL PROTECTED] - - * inode.c: Don't clear s_flags and allow ro mounts - -2001-04-21 Urban Widmark [EMAIL PROTECTED] - - * dir.c, proc.c: replace tests on conn_pid with tests on state to - fix smbmount reconnect on smb_retry timeout and up the timeout to 30s. - * proc.c: smb_newconn must have the server locked while updating it. - * inode.c, proc.c: need flush after truncate on some servers (win9x) - * file.c: add call to send SMBflush on fsync - (as suggested by Jochen Dolze [EMAIL PROTECTED]) - -2001-03-06 Urban Widmark [EMAIL PROTECTED] - - * cache.c: d_add on hashed dentries corrupts d_hash list and - causes loops in d_lookup. Inherited bug. :) - * inode.c: tail -f fix for non-readonly opened files - (related to the smb_proc_open change). - * inode.c: tail -f fix for fast size changes with the same mtime. - -2001-03-02 Michael Kockelkorn [EMAIL PROTECTED] - - * proc.c: fix smb_proc_open to allow open being called more than once - with different modes (O_RDONLY - O_WRONLY) without closing. - -2001-02-10 Urban Widmark [EMAIL PROTECTED] - - * dir.c, cache.c: replace non-bigmem safe cache with cache code - from ncpfs and fix some other bigmem bugs in smbfs. - * inode.c: root dentry not properly initialized - * proc.c, sock.c: adjust max parameters max data to follow max_xmit - lots of servers were having find_next trouble with this. - * proc.c: use documented write method of truncating (NetApp fix) - -2000-08-14 Urban Widmark [EMAIL PROTECTED] - - * dir.c: support case sensitive shares - *
[Samba] net ads join error
This is more than likely a rookie config problem but when I try to add the server to the ADS domain with: $net ads join I get: [*DATESTAMP*] libads/kerberos.c:get_service_tickets(335) get_service_ticket: kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed Segmentation fault Redhat ES 3. samba-3.0.10 my /etc/krb5.conf was taken from another machine that it works on.. same os.. same samba level... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Obey Pam Restrictions Problem 3.0.10
Hi, I was using Samba 3.0.9 on Fedora Core 2 and decided to upgrade to 3.0.10. So I upgrade to Core 3 and installed Samba 3.0.10 and thought I could just copy my settings over to the new build and everything would run smoothly. I thought wrong. Everything seems fine until I enable Obey Pam Restrictions. If enabled I get a login error from XP stating: Windows cannot locate your roaming profile (read only) and is attempting to log you on with your local profile. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator. DETAIL - Logon failure: unknown user name or bad password. If Obey Pam Restrictions = no everything is fine except the home directory creation! I Obey Pam Restrictions to create Home Directories on the fly when a new user logs into the network. I don't have the time to manually create the directories for all the new students that sign up in the lab. The Obey Pam Restrictions option was working great on Core 2. I have been using this feature ever since I migrated from Samba 2 to Samba 3 and would be sad if I can't fix the problem or find a work around. I hope this problem is not because of Core 3. I can't afford to switch now because school is in session. I also disabled SELiunx because I thought that was the root of all this evil, but that didn't work. Here are the exact setting I used prior to 3.0.10/3.0.11pre1 that worked with 3.0.9 pam.d login auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient/lib/security/pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so pam.d/samba auth required pam_nologin.so auth required pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth sessionrequired /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022 sessionrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth pam.d/system-auth authrequired /lib/security/pam_env.so authsufficient/lib/security/pam_winbind.so authsufficient/lib/security/pam_unix.so likeauth nullok use_first_pass authrequired /lib/security/pam_deny.so account required /lib/security/pam_unix.so passwordrequired /lib/security/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so # Global parameters [global] workgroup = SCHOOL server string = Samba Server security = DOMAIN password server = * log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon path = preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%U winbind use default domain = Yes admin users = @Domain Admins cups options = raw [homes] comment = Home Directories path = /home/%U read only = No create mask = 0760 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No /etc/nsswitch.conf passwd: files winbind shadow: files group: files winbind Please Help, Guille -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Simple Samba Guest printer setup problem
OK, I have a very simple setup problem. I have a server and three printers which I want to share. These printers should need no password. This does not work However when I login and map a network drive I can print just fin How do I bypass the need for a password or network login on these printers. Thanks I am running Fedora 3 core and samba Thanks Chip Here is the printers section of my smb.conf # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = cups # This option tells cups that the data has already been rasterized # cups options = raw # Uncomment this if you want a guest account, you must add this to # otherwise the user nobody is used guest account = guest [printers] comment = All Printers path = /var/spool/samba browseable = no writable = no public = yes # Set public = yes to allow user 'guest account' to print guest ok = yes printable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kerberos and Samba
Thank jörn and Andrew, Apologies for hitting reply only. I did not mean to do this and once i had sent the email, I resent it to the group. Thanks again for your replies. The suggestions and comments were very much what I was looking for. jörn's reply was what I had tried earlier and for the life of me I could not get Windows users to be able to change passwords from the Windows machine. It kept telling them that they did not have the permission to change their own passwords. As for LDAP, for some reason I was unable to get SAMBA to even authorize against the LDAP DB. I am a bit of a Linux newbie (i am mainly a part time Windows administrator) and so am working with a new enviroment. Thanks for the link. I will try and see if I can implement that better. Ganesh On Sat, 08 Jan 2005 07:40:07 +1100, Andrew Bartlett [EMAIL PROTECTED] wrote: On Wed, 2005-01-05 at 17:50 -0600, Ganeshram Iyer wrote: Hello all I am running a RHEL AS server. I want to make this a Kerberos KDC against which all windows clients can authenticate. There are two ways to do this: You can use an MIT KDC, in the way described by Microsoft, but this has nothing to do with Samba, and in fact is not compatible with Samba CIFS access (bugs, mostly simple...). The other option is to use Heimdal kerberos, and back that onto your Samba LDAP sever. That way, you use the same passwords for both. Then your Unix clients can use pam_krb5, and your windows clients can use Samba Domain authentication. https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help with Samba (net vampire) not pulling passwords into openLDAP backend - fails pam_ldap authentication - pam_unix used instead ?
Hi All, Hope someone here can help me ? *See end for background and system information... I'm looking for advice or links to clear documentation on the use and configuration of net vampire and it's ability to download PDC accounts with passwords intact. I have successfully used net vampire to synchronize my Samba BDC -- with my companies PDC. I've switched my linux box authentication -- using authconfig -- to authenticate against LDAP. Seems to be working for all but accounts net vampired over. My original users (root - stored in /etc/passwd) as well as newly created users (created with smbldap-useradd - stored in LDAP) -- can log into my system fine -- OK. My problem all the newly created users (from PDC using net vampire) can be switched to as root using: su - newDomainAccountUser BUT -- These users cannot log into the system console themselves All the /home/userX directories have been created -- and LDAP is populated with everything it seems but the correct password -- I think ? - tail -f /var/log/message reveals: Jan 7 17:05:04 host06 su(pam_unix)[26618]: check pass; user unknown Jan 7 17:05:04 host06 su(pam_unix)[26618]: authentication failure; logname=f uid=500 euid=0 tty= ruser=f rhost= Jan 7 17:05:04 host06 su[26618]: pam_ldap: error trying to bind as user uid=product,ou=Users,dc=X,dc=ca (Invalid credentials) NOTE: replaced sensitive information... - An ldap client I'm using reveals {CRYPT} X -- in place of the NT password hashes I'm unclear why -- net vampire -- did not pull down the user passwords correctly. I've searched the internet/forums etc. -- and cannot find any solution that helps or clearly explains what's going on; though many people seem to be having similar issues with net vampire I've tried the following: - different pam_ldap versions (156 176) - tweaking /etc/ldap.conf settings including pam_password key - tweaking various pam.d config files - confirm my local SID matches the PDC/remote SID Questions: === I'm unclear about the following -- and see many conflicting suggestions on the internet: *) Should /etc/samba/smb.conf = encrypt passwords =yes *) My BDC /etc/samba/smb.conf is setup with: security = user password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd obey pam restrictions = no ldap passwd sync = yes domain master = no preferred master = no domain logons = yes name resolve order = wins lmhosts bcast wins server = X.X.X.X (our company WINS server...) dns proxy = no passdb backend = ldapsam:ldap://127.0.0.1/ ... ... And all remaining LDAP settings/scripts/admin/suffix etc. ... Dos charset =850 Unix charset = ISO8859-1 *) Should /etc/ldap.conf= pam_password md5orcrypt *) Should my /etc/openldap/slapd.conf roopw== be encrypted ? for now I'm using plain text with /etc/ldap.conf: bindpw rootbinddn used in combination with plain text /etc/ldap.secret *) Beside removing my host from the PDC's list of detected BDC prior to: net rpc join -S MY_PDC -UAdministrator%myAdminPassWd I'm not doing anything on the remote PDC machine ? Is there any remote configuration I need to perform for trust ? Note: My BDC -- has the same SID and Workgroup name as my PDC and I'm able to join the domain OK... no errors. *) I'm using IDEALX scripts -- why doesn't Samba provide similar utilities ? Are there better 3rd party scripts out there ? **) What might I be missing ? What must I do to get net vampire to pull and store the PDC/SAM passwords OK ? *) Should I be using SambaTNG instead ? *) Could I use net rpc samdump instead -- and manual scripts to convert to LDIF ? Background: All I want to do is reproduce MSWinNT2000-PDC/SAM user/computer/group information in LDAP so I can authenticate web applications and other applications without having to manually maintain all this user information by hand. Later I may also want to synch. with account/address information in LotusNotes and ADP I dont't care to have my host as fulltime BDC -- I don't need my host to replace the PDC -- I don't need the host to authenticate Windows users on the WinDOMAIN; A cron job to synch with PDC each night -- and then shutdown would be OK. SYSTEM INFORMATION: = uname -a Linux host06 2.4.21-20.ELsmp #1 SMP Wed Aug 18 20:46:40 EDT 2004 i686 i686 i386 GNU/Linux cat /etc/redhat-release Red Hat Enterprise Linux ES release 3 (Taroon Update 3) rpm -qa | grep -i '???' samba-3.0.6-2.3E nss_ldap-207-11 openldap-2.0.27-17 pam-0.75-58 Note: I've tried pam_ldap v156
RE: [Samba] Simple Samba Guest printer setup problem
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ralph Blach Sent: Friday, January 07, 2005 9:33 PM To: samba@lists.samba.org Subject: [Samba] Simple Samba Guest printer setup problem OK, I have a very simple setup problem. I have a server and three printers which I want to share. These printers should need no password. This does not work However when I login and map a network drive I can print just fin How do I bypass the need for a password or network login on these printers. Thanks I am running Fedora 3 core and samba Thanks Chip Here is the printers section of my smb.conf # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = cups # This option tells cups that the data has already been rasterized # cups options = raw # Uncomment this if you want a guest account, you must add this to # otherwise the user nobody is used guest account = guest [printers] comment = All Printers path = /var/spool/samba browseable = no writable = no public = yes # Set public = yes to allow user 'guest account' to print guest ok = yes printable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Hello, If you have security = user you could try these: Global section: map to guest = Bad Password OR map to guest = Bad User also if you using guest account = guest make sure guest user enough privileges to print... Andras Kende http://www.kende.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba-docs r320 - in trunk: . xslt
Author: jelmer Date: 2005-01-07 16:04:34 + (Fri, 07 Jan 2005) New Revision: 320 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=320 Log: Add support for HTML version of smb.conf in chunks Added: trunk/xslt/smb.conf-html.xsl Modified: trunk/Makefile.in Changeset: Modified: trunk/Makefile.in === --- trunk/Makefile.in 2005-01-07 09:54:41 UTC (rev 319) +++ trunk/Makefile.in 2005-01-07 16:04:34 UTC (rev 320) @@ -229,6 +229,13 @@ mkdir -p $(@D) $(XSLTPROC) --output $@ xslt/man.xsl $ +# Individual smb.conf parameters +smb.conf-chunks: $(patsubst $(SMBDOTCONFDOC)/%.xml,$(HTMLDIR)/smb.conf/%.html,$(wildcard $(SMBDOTCONFDOC)/*/*.xml)) + +$(HTMLDIR)/smb.conf/%.html: $(SMBDOTCONFDOC)/%.xml + mkdir -p $(@D) + $(XSLTPROC) --output $@ xslt/smb.conf-html.xsl $ + # Pearson compatible XML $(PEARSONDIR)/%.xml: %/index.xml xslt/pearson.xsl Added: trunk/xslt/smb.conf-html.xsl === --- trunk/xslt/smb.conf-html.xsl2005-01-07 09:54:41 UTC (rev 319) +++ trunk/xslt/smb.conf-html.xsl2005-01-07 16:04:34 UTC (rev 320) @@ -0,0 +1,104 @@ +?xml version='1.0'? +!-- + Samba-documentation specific stylesheets + Published under the GNU GPL + + (C) Jelmer Vernooij 2005 +-- +xsl:stylesheet xmlns:xsl=http://www.w3.org/1999/XSL/Transform; + xmlns:exsl=http://exslt.org/common; + xmlns:samba=http://samba.org/common; + version=1.1 + extension-element-prefixes=exsl + + xsl:import href=../settings.xsl/ + xsl:import href=html-common.xsl/ + + xsl:output method=xml encoding=UTF-8 doctype-public=-//W3C//DTD XHTML 1.0 Strict//EN indent=yes doctype-system=http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd/ + + xsl:template match=samba:parameter + xsl:element name=html + xsl:element name=head + xsl:element name=link + xsl:attribute name=hrefxsl:textsmb.conf.xsl/xsl:text/xsl:attribute + xsl:attribute name=relxsl:textstylesheet/xsl:text/xsl:attribute + xsl:attribute name=typexsl:texttext/css/xsl:text/xsl:attribute + /xsl:element + + xsl:element name=title + xsl:value-of select=@name/ + /xsl:element + /xsl:element + xsl:element name=body + xsl:element name=h1 + xsl:value-of select=@name/ + /xsl:element + + xsl:element name=div + xsl:attribute name=classxsl:textcontext/xsl:text/xsl:attribute + xsl:textContext: /xsl:text + xsl:choose + xsl:when test=@context = 'S' + xsl:textShare-specific/xsl:text + /xsl:when + + xsl:when test=@context = 'G' + xsl:textGlobal/xsl:text + /xsl:when + + xsl:otherwise + xsl:messagexsl:textUnknown value for context attribute : /xsl:textxsl:value-of select=@context//xsl:message + /xsl:otherwise + /xsl:choose + + /xsl:element + + xsl:element name=div + xsl:attribute name=classxsl:texttype/xsl:text/xsl:attribute + xsl:textType: /xsl:text + xsl:value-of select=@type/ + /xsl:element + + xsl:element name=div + xsl:attribute name=classxsl:textsynonyms/xsl:text/xsl:attribute + xsl:textSynonyms: /xsl:text + xsl:for-each select=synonym + xsl:text, /xsl:text + xsl:value-of select=text()/ + /xsl:for-each + /xsl:element + + xsl:for-each select=value +
svn commit: samba r4597 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: vlendec Date: 2005-01-07 18:13:53 + (Fri, 07 Jan 2005) New Revision: 4597 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4597 Log: Recently I've come across a case where I suspect the GetAnyDCName request to kill the domain controller I'm asking. In samba4 torturing the DC is just so easy, commit the test to randomized ask for DCs for all trusted domains. Volker Modified: branches/SAMBA_4_0/source/torture/rpc/netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/netlogon.c === --- branches/SAMBA_4_0/source/torture/rpc/netlogon.c2005-01-07 06:59:53 UTC (rev 4596) +++ branches/SAMBA_4_0/source/torture/rpc/netlogon.c2005-01-07 18:13:53 UTC (rev 4597) @@ -1091,7 +1091,100 @@ return (*async_counter) == ASYNC_COUNT; } +static BOOL test_ManyGetDCName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +{ + NTSTATUS status; + struct dcerpc_pipe *p2; + struct lsa_ObjectAttribute attr; + struct lsa_QosInfo qos; + struct lsa_OpenPolicy2 o; + struct policy_handle lsa_handle; + struct lsa_DomainList domains; + struct lsa_EnumTrustDom t; + uint32_t resume_handle = 0; + struct netr_GetAnyDCName d; + + int i; + BOOL ret = True; + + if (p-transport.transport != NCACN_NP) { + return True; + } + + printf(Torturing GetDCName\n); + + status = dcerpc_secondary_connection(p, p2, +DCERPC_LSARPC_NAME, +DCERPC_LSARPC_UUID, +DCERPC_LSARPC_VERSION); + if (!NT_STATUS_IS_OK(status)) { + printf(Failed to create secondary connection\n); + return False; + } + + qos.len = 0; + qos.impersonation_level = 2; + qos.context_mode = 1; + qos.effective_only = 0; + + attr.len = 0; + attr.root_dir = NULL; + attr.object_name = NULL; + attr.attributes = 0; + attr.sec_desc = NULL; + attr.sec_qos = qos; + + o.in.system_name = \\; + o.in.attr = attr; + o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + o.out.handle = lsa_handle; + + status = dcerpc_lsa_OpenPolicy2(p2, mem_ctx, o); + if (!NT_STATUS_IS_OK(status)) { + printf(OpenPolicy2 failed - %s\n, nt_errstr(status)); + return False; + } + + t.in.handle = lsa_handle; + t.in.resume_handle = resume_handle; + t.in.num_entries = 1000; + t.out.domains = domains; + t.out.resume_handle = resume_handle; + + status = dcerpc_lsa_EnumTrustDom(p2, mem_ctx, t); + + if ((!NT_STATUS_IS_OK(status) +(!NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES { + printf(Could not list domains\n); + return False; + } + + dcerpc_pipe_close(p2); + + d.in.logon_server = talloc_asprintf(mem_ctx, %s, + dcerpc_server_name(p)); + + for (i=0; idomains.count * 4; i++) { + struct lsa_DomainInformation *info = + domains.domains[rand()%domains.count]; + + d.in.domainname = info-name.string; + + status = dcerpc_netr_GetAnyDCName(p, mem_ctx, d); + if (!NT_STATUS_IS_OK(status)) { + printf(GetAnyDCName - %s\n, nt_errstr(status)); + continue; + } + + printf(\tDC for domain %s is %s\n, info-name.string, + d.out.dcname ? d.out.dcname : unknown); + } + + return ret; +} + + BOOL torture_rpc_netlogon(void) { NTSTATUS status; @@ -1127,6 +1220,7 @@ ret = test_AccountDeltas(p, mem_ctx); ret = test_AccountSync(p, mem_ctx); ret = test_GetDcName(p, mem_ctx); + ret = test_ManyGetDCName(p, mem_ctx); ret = test_LogonControl(p, mem_ctx); ret = test_GetAnyDCName(p, mem_ctx); ret = test_LogonControl2(p, mem_ctx);
svn commit: samba r4598 - in trunk/source: . passdb
Author: jerry Date: 2005-01-07 19:32:31 + (Fri, 07 Jan 2005) New Revision: 4598 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4598 Log: syncing some changes from 3.0 Modified: trunk/source/configure.in trunk/source/passdb/pdb_interface.c Changeset: Modified: trunk/source/configure.in === --- trunk/source/configure.in 2005-01-07 18:13:53 UTC (rev 4597) +++ trunk/source/configure.in 2005-01-07 19:32:31 UTC (rev 4598) @@ -299,9 +299,26 @@ ac_cv_gnu_ld_date=`echo $ac_cv_gnu_ld_version | sed -n 's,^.*\([2-9][0-9][0-9][0-9]\)[-]*\([01][0-9]\)[-]*\([0-3][0-9]\).*$,\1\2\3,p'` changequote([,])dnl AC_MSG_RESULT(${ac_cv_gnu_ld_date}) +if test -n $ac_cv_gnu_ld_date; then if test $ac_cv_gnu_ld_date -lt 20030217; then ac_cv_gnu_ld_no_default_allow_shlib_undefined=yes fi +else + AC_MSG_CHECKING(GNU ld release version) + changequote(,)dnl + ac_cv_gnu_ld_vernr=`echo $ac_cv_gnu_ld_version | sed -n 's,^.*\([1-9][0-9]*\.[0-9][0-9]*\).*$,\1,p'` + ac_cv_gnu_ld_vernr_major=`echo $ac_cv_gnu_ld_vernr | cut -d '.' -f 1` + ac_cv_gnu_ld_vernr_minor=`echo $ac_cv_gnu_ld_vernr | cut -d '.' -f 2` + changequote([,])dnl + AC_MSG_RESULT(${ac_cv_gnu_ld_vernr}) + AC_MSG_CHECKING(GNU ld release version major) + AC_MSG_RESULT(${ac_cv_gnu_ld_vernr_major}) + AC_MSG_CHECKING(GNU ld release version minor) + AC_MSG_RESULT(${ac_cv_gnu_ld_vernr_minor}) + if test $ac_cv_gnu_ld_vernr_major -lt 2 || test $ac_cv_gnu_ld_vernr_minor -lt 14; then + ac_cv_gnu_ld_no_default_allow_shlib_undefined=yes + fi +fi fi dnl needed before AC_TRY_COMPILE @@ -430,7 +447,6 @@ AC_DEFINE(_MAX_ALIGNMENT, 4, [Maximum alignment]) ;; esac - DYNEXP=-Wl,-E ;; # @@ -462,7 +478,7 @@ *solaris*) AC_DEFINE(SYSV, 1, [Whether to enable System V compatibility]) case `uname -r` in - 5.0*|5.1*|5.2*|5.3*|5.5*) + 5.0|5.0.*|5.1|5.1.*|5.2|5.2.*|5.3|5.3.*|5.5|5.5.*) AC_MSG_RESULT([no large file support]) ;; 5.*) @@ -473,17 +489,20 @@ rm -fr conftest.c case $ac_cv_gcc_compiler_version_number in *gcc version 2.6*|*gcc version 2.7*) - CPPFLAGS=$CPPFLAGS -D_LARGEFILE64_SOURCE + CPPFLAGS=$CPPFLAGS -D_LARGEFILE64_SOURCE -D_REENTRANT + LDFLAGS=$LDFLAGS -lthread AC_DEFINE(_LARGEFILE64_SOURCE, 1, [Whether to enable large file support]) ;; *) - CPPFLAGS=$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 + CPPFLAGS=$CPPFLAGS -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 + LDFLAGS=$LDFLAGS -lthread AC_DEFINE(_LARGEFILE64_SOURCE, 1, [Whether to enable large file support]) AC_DEFINE(_FILE_OFFSET_BITS, 64, [File offset bits]) ;; esac else - CPPFLAGS=$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 + CPPFLAGS=$CPPFLAGS -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 + LDFLAGS=$LDFLAGS -lthread AC_DEFINE(_LARGEFILE64_SOURCE, 1, [Whether to enable large file support]) AC_DEFINE(_FILE_OFFSET_BITS, 64, [File offset bits]) fi @@ -653,13 +672,13 @@ AC_HEADER_TIME AC_HEADER_SYS_WAIT AC_CHECK_HEADERS(arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h) -AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h) +AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h) AC_CHECK_HEADERS(rpc/rpc.h rpcsvc/nis.h rpcsvc/yp_prot.h rpcsvc/ypclnt.h) AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/mode.h) AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h) AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h) AC_CHECK_HEADERS(sys/termio.h
svn commit: samba r4599 - in branches/SAMBA_4_0/source: build/pidl script
Author: tpot Date: 2005-01-07 22:27:18 + (Fri, 07 Jan 2005) New Revision: 4599 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4599 Log: Remove some duplicated code in pidl.pl. Start working on adding support for bitmaps and enums. In progress tweaks for arrays of structures. Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm branches/SAMBA_4_0/source/build/pidl/pidl.pl branches/SAMBA_4_0/source/script/build_idl.sh Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm === --- branches/SAMBA_4_0/source/build/pidl/eparser.pm 2005-01-07 19:32:31 UTC (rev 4598) +++ branches/SAMBA_4_0/source/build/pidl/eparser.pm 2005-01-07 22:27:18 UTC (rev 4599) @@ -228,6 +228,17 @@ $needed{ett_$t-{NAME}} = 1; } + + if ($t-{DATA}-{TYPE} eq ENUM) { + use Data::Dumper; + print Dumper($t); + + $needed{hf_$t-{NAME}} = { + 'name' = $t-{NAME}, + 'ft' = 'FT_UINT32', + 'base' = 'BASE_HEX' + }; + } } # @@ -342,6 +353,10 @@ s/(struct pidl_pull \*ndr, int ndr_flags)/$1, pidl_tree *tree/smg; + # Bitmaps + + s/(uint32_t \*r\);)/pidl_tree *tree, int hf, $1/smg; + pidl $_; } @@ -405,10 +420,11 @@ s/NDR_CHECK\((.*)\)/$1/g; - # We're not interested in ndr_print or ndr_push functions. + # We're not interested in ndr_print, ndr_push or ndr_size functions. s/^(static )?NTSTATUS (ndr_push[^\(]+).*?^\}\n\n//smg; s/^void (ndr_print[^\(]+).*?^\}\n\n//smg; + s/^size_t (ndr_size[^\(]+).*?^\}\n\n//smg; # Get rid of dcerpc interface structures and functions @@ -435,7 +451,9 @@ # Add tree argument to ndr_pull_array() - s/(ndr_pull_array\(ndr, ([^,]*?), ([^\)].*?)\);)/ndr_pull_array( ndr, $2, tree, $3);/smg; +#get_subtree(tree, \$2\, ndr, ett_$2) +#ndr_pull_array( ndr, NDR_SCALARS, tree, (void **)r-aces, sizeof(r-aces[0]), r-num_aces, (ndr_pull_flags_fn_t)ndr_pull_security_ace); + s/(ndr_pull_array\(ndr, ([^,]*?), ([^,]*?), ([^\)].*?)\);)/ndr_pull_array( ndr, $2, tree, $3, $4);/smg; s/(ndr_pull_array_([^\(]*?)\(ndr, ([^,]*?), (r-((in|out).)?([^,]*?)), (.*?)\);)/ndr_pull_array_$2( ndr, $3, tree, hf_$7_$2_array, $4, $8);/smg; @@ -491,7 +509,19 @@ s/uint(16|32) _level/uint$1_t _level/smg; s/ndr_pull_([^\(]*)\(ndr, tree, hf_level, _level\);/ndr_pull_$1(ndr, tree, hf_level_$1, _level);/smg; - + + # Enums + +s/(^static NTSTATUS ndr_pull_(.+?), (enum .+?)\))/static NTSTATUS ndr_pull_$2, pidl_tree *tree, int hf, $3)/smg; + s/uint(8|16|32) v;/uint$1_t v;/smg; + s/(ndr_pull_([^\)]*?)\(ndr, v\);)/ndr_pull_$2(ndr, tree, hf, v);/smg; + + s/(ndr_pull_([^\(]+?)\(ndr, _level\);)/ndr_pull_$2(ndr, tree, hf_$2, _level);/smg; + + # Bitmaps + + s/(^NTSTATUS ndr_pull_(.+?), uint32 \*r\))/NTSTATUS ndr_pull_$2, pidl_tree *tree, int hf, uint32_t *r)/smg; + pidl $_; } Modified: branches/SAMBA_4_0/source/build/pidl/pidl.pl === --- branches/SAMBA_4_0/source/build/pidl/pidl.pl2005-01-07 19:32:31 UTC (rev 4598) +++ branches/SAMBA_4_0/source/build/pidl/pidl.pl2005-01-07 22:27:18 UTC (rev 4599) @@ -141,6 +141,10 @@ if ($opt_header) { my($header) = util::ChangeExtension($output, .h); util::FileSave($header, IdlHeader::Parse($pidl)); + if ($opt_eparser) { + my($eparserhdr) = dirname($output) . /packet-dcerpc-$basename.h; + IdlEParser::RewriteHeader($pidl, $header, $eparserhdr); + } } if ($opt_client) { @@ -202,28 +206,12 @@ if ($opt_parser) { my($parser) = util::ChangeExtension($output, .c); IdlParser::Parse($pidl, $parser); + if($opt_eparser) { + my($eparser) = dirname($output) . /packet-dcerpc-$basename.c; + IdlEParser::RewriteC($pidl, $parser, $eparser); + } } - if ($opt_eparser) { - - # Generate regular .c and .h files for marshaling and - # unmarshaling. - - my($parser) = util::ChangeExtension($output, .c); - IdlParser::Parse($pidl, $parser); - - my($header) = util::ChangeExtension($output, .h); - util::FileSave($header, IdlHeader::Parse($pidl)); - - # Postprocess to produce ethereal parsers. - - my($eparser) = dirname($output) . /packet-dcerpc-$basename.c; - IdlEParser::RewriteC($pidl, $parser, $eparser); - - my($eparserhdr) = dirname($output) .
svn commit: samba r4600 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tpot Date: 2005-01-07 23:23:28 + (Fri, 07 Jan 2005) New Revision: 4600 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4600 Log: Remove Data::Dumper import leftover from debugging. Return more ethereal types and bases for hf fields. Currently we assume that enums always fit into a uint16 which will probably have to change soon. Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm === --- branches/SAMBA_4_0/source/build/pidl/eparser.pm 2005-01-07 22:27:18 UTC (rev 4599) +++ branches/SAMBA_4_0/source/build/pidl/eparser.pm 2005-01-07 23:23:28 UTC (rev 4600) @@ -107,10 +107,13 @@ { my($t) = shift; -return FT_UINT32, if ($t eq uint32); -return FT_UINT16, if ($t eq uint16); -return FT_UINT8, if ($t eq uint8); -return FT_BYTES; +return FT_UINT$1 if $t =~ /uint(8|16|32|64)/; +return FT_INT$1 if $t =~ /int(8|16|32|64)/; +return FT_UINT64, if ($t eq HYPER_T or $t eq NTTIME); + +# Type is an enum + +return FT_UINT16; } # Determine the display base for an element @@ -123,9 +126,13 @@ return BASE_ . uc($base); } -return BASE_DEC, if ($e-{TYPE} eq uint32) or - ($e-{TYPE} eq uint16) or ($e-{TYPE} eq uint8); -return BASE_NONE; +return BASE_DEC, if $e-{TYPE} eq ENUM; +return BASE_DEC, if $e-{TYPE} =~ /u?int(8|16|32|64)/; +return BASE_DEC, if $e-{TYPE} eq NTTIME or $e-{TYPE} eq HYPER_T; + +# Probably an enum + +return BASE_DEC; } # Convert a IDL structure field name (e.g access_mask) to a prettier @@ -230,13 +237,10 @@ } if ($t-{DATA}-{TYPE} eq ENUM) { - use Data::Dumper; - print Dumper($t); - $needed{hf_$t-{NAME}} = { 'name' = $t-{NAME}, - 'ft' = 'FT_UINT32', - 'base' = 'BASE_HEX' + 'ft' = 'FT_UINT16', + 'base' = 'BASE_DEC' }; } }
Build status as of Sat Jan 8 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-01-07 00:00:14.0 + +++ /home/build/master/cache/broken_results.txt 2005-01-08 00:00:31.0 + @@ -1,15 +1,15 @@ -Build status as of Fri Jan 7 00:00:01 2005 +Build status as of Sat Jan 8 00:00:02 2005 Build counts: Tree Total Broken Panic -ccache 34 2 0 -distcc 32 3 0 +ccache 32 1 0 +distcc 30 3 0 ppp 9 0 0 -rsync35 2 0 +rsync33 2 0 samba2 2 0 samba-docs 0 0 0 -samba4 37 12 0 -samba_3_037 36 0 +samba4 35 10 0 +samba_3_035 35 0 Currently broken builds: Host Tree Compiler Status @@ -29,7 +29,6 @@ gc8samba_3_0gccok/ 1/?/? aretnapsamba_3_0gccok/ 1/?/? aretnapsamba_3_0iccok/ 1/?/? -gc4samba4 gcc 127/?/?/? gc4samba_3_0gccok/ 1/?/? sbfsamba_3_0gccok/ 1/?/? smartserv1 samba_3_0gccok/ 1/?/? @@ -49,12 +48,9 @@ flock samba4 gccok/ 1/?/? flock samba_3_0gccok/ 1/?/? svamp samba_3_0gccok/ 2/?/? -opisol10 ccache gccok/ok/ok/ 1 -opisol10 samba4 gccok/ 1/?/? -opisol10 samba_3_0gccok/ 1/?/? gc20 rsyncgccok/ 2/?/? gc20 samba4 gccok/ 2/?/? -gc20 samba_3_0gccok/ 2/?/? +gc20 samba_3_0gcc 1/?/?/? sun1 samba_3_0cc ok/ 2/?/? sun1 samba_3_0gccok/ 2/?/? Isis samba_3_0gccok/ 2/?/?
svn commit: lorikeet r173 - in trunk/ethereal/plugins/pidl: .
Author: tpot Date: 2005-01-08 00:38:15 + (Sat, 08 Jan 2005) New Revision: 173 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=173 Log: Number array entries. Modified: trunk/ethereal/plugins/pidl/eparser.c Changeset: Modified: trunk/ethereal/plugins/pidl/eparser.c === --- trunk/ethereal/plugins/pidl/eparser.c 2005-01-05 23:56:35 UTC (rev 172) +++ trunk/ethereal/plugins/pidl/eparser.c 2005-01-08 00:38:15 UTC (rev 173) @@ -411,7 +411,7 @@ if (!(ndr_flags NDR_SCALARS)) goto buffers; for (i=0;icount;i++) { proto_item *item; - item = proto_tree_add_text(tree-proto_tree, ndr-tvb, ndr-offset, 0, Array entry); + item = proto_tree_add_text(tree-proto_tree, ndr-tvb, ndr-offset, 0, Array entry %s, i + 1); subtrees[i].proto_tree = proto_item_add_subtree(item, ett_array); if ((ndr_flags (NDR_SCALARS|NDR_BUFFERS)) == (NDR_SCALARS|NDR_BUFFERS))
svn commit: samba r4601 - in branches/SAMBA_3_0/source: include rpc_parse
Author: jra Date: 2005-01-08 00:51:12 + (Sat, 08 Jan 2005) New Revision: 4601 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4601 Log: Removed any use of the MAX_XXX_STR style definitions. A little larger change than I'd hoped for due to formating changes to tidy up code. Jeremy. Modified: branches/SAMBA_3_0/source/include/rpc_misc.h branches/SAMBA_3_0/source/rpc_parse/parse_misc.c branches/SAMBA_3_0/source/rpc_parse/parse_prs.c Changeset: Sorry, the patch is too large (481 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4601
svn commit: samba r4602 - in trunk/source: include rpc_parse
Author: jra Date: 2005-01-08 00:52:14 + (Sat, 08 Jan 2005) New Revision: 4602 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4602 Log: Removed any use of the MAX_XXX_STR style definitions. A little larger change than I'd hoped for due to formating changes to tidy up code. Jeremy. Modified: trunk/source/include/rpc_misc.h trunk/source/rpc_parse/parse_misc.c trunk/source/rpc_parse/parse_prs.c Changeset: Sorry, the patch is too large (481 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4602
svn commit: samba r4603 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2005-01-08 02:00:28 + (Sat, 08 Jan 2005) New Revision: 4603 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=4603 Log: Test creating local and global secrets over LSA. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c === --- branches/SAMBA_4_0/source/torture/rpc/lsa.c 2005-01-08 00:52:14 UTC (rev 4602) +++ branches/SAMBA_4_0/source/torture/rpc/lsa.c 2005-01-08 02:00:28 UTC (rev 4603) @@ -689,110 +689,115 @@ DATA_BLOB blob1, blob2; const char *secret1 = abcdef12345699qwerty; char *secret2; - char *secname; + char *secname[2]; + int i; - printf(Testing CreateSecret\n); - asprintf(secname, torturesecret-%u, (uint_t)random()); + secname[0] = talloc_asprintf(mem_ctx, torturesecret-%u, (uint_t)random()); + secname[1] = talloc_asprintf(mem_ctx, G$torturesecret-%u, (uint_t)random()); - init_lsa_String(r.in.name, secname); - - r.in.handle = handle; - r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r.out.sec_handle = sec_handle; - - status = dcerpc_lsa_CreateSecret(p, mem_ctx, r); - if (!NT_STATUS_IS_OK(status)) { - printf(CreateSecret failed - %s\n, nt_errstr(status)); - return False; - } - - r2.in.handle = handle; - r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r2.in.name = r.in.name; - r2.out.sec_handle = sec_handle2; - - printf(Testing OpenSecret\n); - - status = dcerpc_lsa_OpenSecret(p, mem_ctx, r2); - if (!NT_STATUS_IS_OK(status)) { - printf(OpenSecret failed - %s\n, nt_errstr(status)); - ret = False; - } - - status = dcerpc_fetch_session_key(p, session_key); - if (!NT_STATUS_IS_OK(status)) { - printf(dcerpc_fetch_session_key failed - %s\n, nt_errstr(status)); - ret = False; - } - - enc_key = sess_encrypt_string(secret1, session_key); - - r3.in.handle = sec_handle; - r3.in.new_val = buf1; - r3.in.old_val = NULL; - r3.in.new_val-data = enc_key.data; - r3.in.new_val-length = enc_key.length; - r3.in.new_val-size = enc_key.length; - - printf(Testing SetSecret\n); - - status = dcerpc_lsa_SetSecret(p, mem_ctx, r3); - if (!NT_STATUS_IS_OK(status)) { - printf(SetSecret failed - %s\n, nt_errstr(status)); - ret = False; - } - - data_blob_free(enc_key); - - ZERO_STRUCT(new_mtime); - ZERO_STRUCT(old_mtime); - - /* fetch the secret back again */ - r4.in.handle = sec_handle; - r4.in.new_val = bufp1; - r4.in.new_mtime = new_mtime; - r4.in.old_val = NULL; - r4.in.old_mtime = NULL; - - bufp1.buf = NULL; - - status = dcerpc_lsa_QuerySecret(p, mem_ctx, r4); - if (!NT_STATUS_IS_OK(status)) { - printf(QuerySecret failed - %s\n, nt_errstr(status)); - ret = False; - } - - if (r4.out.new_val-buf == NULL) { - printf(No secret buffer returned\n); - ret = False; - } else { - blob1.data = r4.out.new_val-buf-data; - blob1.length = r4.out.new_val-buf-length; - - blob2 = data_blob(NULL, blob1.length); - - secret2 = sess_decrypt_string(blob1, session_key); - - printf(returned secret '%s'\n, secret2); - - if (strcmp(secret1, secret2) != 0) { - printf(Returned secret doesn't match\n); + for (i=0; i 2; i++) { + printf(Testing CreateSecret of %s\n, secname[i]); + + init_lsa_String(r.in.name, secname[i]); + + r.in.handle = handle; + r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r.out.sec_handle = sec_handle; + + status = dcerpc_lsa_CreateSecret(p, mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + printf(CreateSecret failed - %s\n, nt_errstr(status)); + return False; + } + + r2.in.handle = handle; + r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r2.in.name = r.in.name; + r2.out.sec_handle = sec_handle2; + + printf(Testing OpenSecret\n); + + status = dcerpc_lsa_OpenSecret(p, mem_ctx, r2); + if (!NT_STATUS_IS_OK(status)) { + printf(OpenSecret failed - %s\n, nt_errstr(status)); ret = False; } + + status = dcerpc_fetch_session_key(p, session_key); + if (!NT_STATUS_IS_OK(status)) { +
svn commit: lorikeet r174 - in trunk/white-papers: .
Author: abartlet Date: 2005-01-08 02:32:57 + (Sat, 08 Jan 2005) New Revision: 174 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=174 Log: Finish (I think) the Samba3/Samba4 intergration paper. Andrew Bartlett Modified: trunk/white-papers/samba3-samba4.lyx Changeset: Sorry, the patch is too large (278 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=174
svn commit: lorikeet r175 - in trunk/white-papers: .
Author: vance Date: 2005-01-08 06:28:19 + (Sat, 08 Jan 2005) New Revision: 175 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=175 Log: Work through the whitepaper clarifying a few small things. Vance Modified: trunk/white-papers/samba3-samba4.lyx Changeset: Sorry, the patch is too large (326 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=175