Re: [Samba] Samba 3.0.11rc1 Available for Download
On Tue, 01 Feb 2005 15:47:22 -0600, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Landgren wrote: | # time smbclient //jersey/dsvi -U david%foobar -c 'exit' | creating lame upcase table | creating lame lowcase table | Domain=[BPINET] OS=[Unix] Server=[Samba 3.0.11rc1] | | real0m8.817s | user0m0.180s | sys 0m0.020s | David, I'm not seeing anything like that here. time bin/smbclient //queso/public -U jerry%foo -W VALE -c 'exit' Domain=[VALE] OS=[Unix] Server=[Samba 3.0.11rc1] real0m0.386s user0m0.027s sys 0m0.005s This is a on linux 2.6 box. Maybe a name resolution issue? Have you looked on the server for dns timeouts or wins server timeouts? This is Solaris 2.9. Name resolution is fine (ns0 is my WINS server). # time ./nmblookup -RU ns0 jersey querying jersey on 0.0.0.0 172.17.0.101 jersey00 real0m0.167s user0m0.150s sys 0m0.010s DNS performance is correct..Solaris lacks a 'host' command by default which is a bit of a hassle, but watching the logs of the DNS server shows that requests are handled in milliseconds. You raised an eyebrow at security = domain in my config. It's been that way since 2.2.8 and (poor) performance was never sufficiently noticeable to warrant benchmarking. Other servers are running Linux and have security = user and the following params for querying the LDAP server directly: passdb backend = ldapsam:ldap://ldap-master.example.com; ldap suffix = dc=bpinet,dc=com ldap admin dn = cn=Manager,dc=example,dc=com ldap passwd sync = yes ldap delete dn = no ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Group When I use this in the config, authenticated shares don't work, and the following is logged: [2005/02/02 08:10:32, 0] passdb/pdb_interface.c:make_pdb_methods_name(684) No builtin nor plugin backend for ldapsam found I didn't compile --with-ldapsam. From what I read in the archives, I thought it was a compatibility shim for 2.x ldap backends, and that with nsswitch things would Just Work. Now that I look more carefully at similar problems, I think I do have to compile --with-ldapsam. Which means I can then use the above params, which hopefully means the performance issues will sort themselves out. Does that sound reasonable? Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind giving errors like illegal multibyte sequence ...
Hi, On Tue, Feb 01, 2005 at 05:36:13PM +0100, Michael Gasch wrote: sorry to bother you again but i get lots of errors like [2005/02/01 17:30:27, 4] nsswitch/winbindd_acct.c:wb_getpwuid(414) wb_getpwuid: failed to locate uid == 10098 [2005/02/01 17:30:27, 3] lib/charcnv.c:convert_string_allocate(576) convert_string_allocate: Conversion error: Illegal multibyte sequence(àÑ) at least the Illegal multibyte sequence-errors are fixed in 3.0.11rc1 (but not 3.0.10). You may want to test 3.0.11rc1 or 3.0.11 (out soon). Hope that helps, Guenther -- Guenther Deschner Samba Team SerNet GmbH - Goettingen [EMAIL PROTECTED],org [EMAIL PROTECTED] pgp0gzOlD1xtm.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getent doesn't work with AD users
Hi!
I'm trying to get a second samba server to get to work but it seems like
there is something I have done wrong since I can't get getent to return the
users from my AD-server.
I have tried a lot of different solutions but no one that worked.
So, could anyone here please point me in the correct direction?
I'm running Suse 9.2 and Samba 3.0.9-2.1 and a Windows 2003 server with
Active Directory.
Running wbinfo -u and wbinfo -g shows all users from the ad.
When trying to getent passwd I only get local users and no users from the
Active Directory. No output in /var/log/messages.
When restarting winbind i get the following in /var/log/messages
---
Feb 2 09:54:47 aqmlin03 winbindd[4196]: [2005/02/02 09:54:47, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
Feb 2 09:54:47 aqmlin03 winbindd[4196]: cli_nt_setup_creds: request
challenge failed
Feb 2 09:54:47 aqmlin03 winbindd[4196]: [2005/02/02 09:54:47, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
Feb 2 09:54:47 aqmlin03 winbindd[4196]: cli_nt_setup_creds: request
challenge failed
---
My smb.conf file --
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2004-12-20
[global]
workgroup = alfa-moving
server string = aqmlin03 samba server
log file = /var/log/samba/%m.log
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
comment = Home Directories
realm = ALFA-MOVING.SE
security = ADS
password server = 192.168.10.10
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
[hdb]
comment = Primary share
path = /volume/hdb
writeable = yes
guest ok = yes
[hdc]
comment = Secondary share
path = /volume/hdc
writeable = yes
guest ok = yes
My krb5.conf --
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = ALFA-MOVING.SE
dns_lookup_realm = false
dns_lookup_kdc = false
clockskew = 300
[realms]
ALFA-MOVING.SE = {
kdc = 192.168.10.10
}
[domain_realm]
.kerberos.server = ALFA-MOVING.SE
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
-
Thanks in advance
Roland Carlsson
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: VFS calls after disconnect
Hello,
(BBelow is the sample code almost similar to the one in Samba Developers's
(Bguide. I tested it with a win2k client for samba 3.0.2a on FreeBSD.
(BWhen the example_connect is called the second time by the same client
(Bhandle-data is null.
(BThe test can be reproduced as follows-
(B1) search for the computer from windows explorer. Access the vfs share and
(Bcreate directory or perform any other operation.
(B2) use the back button of the explorer to return back to the share and map
(Bit to a network drive.
(B
(BIs there some way that this data can be preserved irrespective of the number
(Bof times that an already connected client tries a reconnection?
(B
(BAny help is highly appreciated!
(BThanks,
(BChetana
(B
(Bstatic int connectCnt = 0;
(Bstruct example_privates {
(Bchar *some_string;
(Bint db_connection;
(B};
(B
(Bstatic int example_connect(vfs_handle_struct *handle,
(Bconnection_struct *conn, const char *service,
(Bconst char* user)
(B{
(Bstruct example_privates *data = NULL;
(B
(Bif ( connectCnt 0 ) {
(BDEBUG(0,("connection to client already exists\n"));
(BSMB_VFS_HANDLE_GET_DATA(handle, data, struct example_privates,
(B-1);
(Bdata = (struct example_privates*)handle-data ;
(BDEBUG(0,("data-db_connection = %d\n" , data-db_connection ));
(Breturn 1;
(B}
(B
(B/* alloc our private data */
(Bdata = (struct example_privates *)talloc_zero(conn-mem_ctx,
(Bsizeof(struct
(Bexample_privates));
(Bif (!data) {
(BDEBUG(0,("talloc_zero() failed\n"));
(Breturn -1;
(B}
(B
(B/* init out private data */
(Bdata-some_string = talloc_strdup(conn-mem_ctx,"test");
(Bif (!data-some_string) {
(BDEBUG(0,("talloc_strdup() failed\n"));
(Breturn -1;
(B}
(B
(BconnectCnt ++;
(Bdata-db_connection = connectCnt ;
(B
(B/* and now store the private data pointer in handle-data
(B * we don't need to specify a free_function here because
(B * we use the connection TALLOC context.
(B * (return -1 if something failed.)
(B */
(BVFS_HANDLE_SET_DATA(handle, data, NULL, struct example_privates, -1);
(B
(B
(Breturn 1;
(B}
(B
(B
(B
(B--
(BTo unsubscribe from this list go to the following URL and read the
(Binstructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing Printer - Insufficient rights?
Hello jerry, yes i'm sure this has nothing to do with the Driver-Install-Right: IF i add the driver to samba (via rpcclient/cupsaddsmb) AND IF the user's in the Domain-Admin Group, everything (including installing the driver) is ok... Also the Error-Message itself is clearly indicating that it's the right to install printers, not drivers (unfortunatly it's in german, so it wouldn't make much sense to post it here word-by-word ;) Again: If i do that with winxp instead of samba, everything works perfect: so i think it's a samba-related problem (something with passing-through the permissions of domain-users?!?) Greetings, and thanks for the answer Tobias Am Mittwoch, 2. Februar 2005 03:39 schrieb Gerald (Jerry) Carter: On Tue, 1 Feb 2005, Tobias Geiger wrote: Problem: - as soon as i want to connect the samba-shared-printer from the WXP Client, i get a You don't have the sufficient Rights... Message. are you sure this isn't the you can't install drivers on the client error message? The only error I see in the Samba log is the fact that the PDF printer you have installed doesn't have a driver associated with it. (hint: look for WERR_UNKNOWN_PRINTER_DRIVER) cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca pgp1cKQv69HPR.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC + SAMBA + LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Good Morning, My test machine is Workstation 16178-AUDIT$. I've already included in the ldap base, like you can see in the base: smbldap# ldapsearch -D cn=root,o=frigorifico-aurora,c=br -b o=frigorifico-aurora,c=br -x -W '(uid=16178-audit$)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base o=frigorifico-aurora,c=br with scope sub # filter: (uid=16178-audit$) # requesting: ALL # # 16178-AUDIT$, Computers, frigorifico-aurora, br dn: uid=16178-AUDIT$,ou=Computers,o=frigorifico-aurora,c=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: 16178-AUDIT$ sn: 16178-AUDIT$ uid: 16178-AUDIT$ uidNumber: 1010 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 but, the system says that it does not exist. (no account in domain) [2005/02/01 17:02:42, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1982) ~ ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax) [2005/02/01 17:02:42, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244) ~ get_md4pw: Workstation 16178-AUDIT$: no account in domain Do you have the solutions? []'s __ Márcio Luciano Donada mdonada at auroraalimentos dot com dot br FreeBSD - The uptime is mesuared in years! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCAKyLyJq2hZEymxcRAmokAJ99RQmilBZSnMq1wwT7a4UyppHfSwCgtXVF mzTq1e+WnnvVbBJIWA6nqrg= =boWl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC + SAMBA + LDAP
maybe nss doesn't look at ou=Computers ? try either of: 1) move comupter account to ou=Users 2) make nss look at both ou=Users and ou=Computers -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Good Morning, My test machine is Workstation 16178-AUDIT$. I've already included in the ldap base, like you can see in the base: smbldap# ldapsearch -D cn=root,o=frigorifico-aurora,c=br -b o=frigorifico-aurora,c=br -x -W '(uid=16178-audit$)' Enter LDAP Password: # extended LDIF # # LDAPv3 # base o=frigorifico-aurora,c=br with scope sub # filter: (uid=16178-audit$) # requesting: ALL # # 16178-AUDIT$, Computers, frigorifico-aurora, br dn: uid=16178-AUDIT$,ou=Computers,o=frigorifico-aurora,c=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: 16178-AUDIT$ sn: 16178-AUDIT$ uid: 16178-AUDIT$ uidNumber: 1010 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 but, the system says that it does not exist. (no account in domain) [2005/02/01 17:02:42, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1982) ~ ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax) [2005/02/01 17:02:42, 0] rpc_server/srv_netlog_nt.c:get_md4pw(244) ~ get_md4pw: Workstation 16178-AUDIT$: no account in domain Do you have the solutions? []'s __ M?rcio Luciano Donada mdonada at auroraalimentos dot com dot br FreeBSD - The uptime is mesuared in years! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCAKyLyJq2hZEymxcRAmokAJ99RQmilBZSnMq1wwT7a4UyppHfSwCgtXVF mzTq1e+WnnvVbBJIWA6nqrg= =boWl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbcquotas (Need help with command syntax)
smbcquotas will definetely work under the following conditions: 1) SMB server is something nt-like (w2k or w2k3) 2) disk quotas are enabled 3) \\server\share is ROOT of filesystem. ntfs5 doesn't allow to have different quotas for directories on a single partition. not sure smbcquotas will work on samba. also I do not know any filesystem which allows disk quotas per directory. Usually you have to put directories on separates partitions in order to achive that. I need to setup quota on //server/home for user a to 1GB and on //server/client (for all users on this share) to 10GB May you please let me know the exact command to be used for this? Also, do I need to add any other parameter in smb.conf in order to make quotas work? I have compiled samba with quotas option. Thank you. - Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mass user creation
1) how to do with ldiff file to put a user member of a group ? You have the gid specified so that will get your primary group, adding secondary groups is not as easy though. The secondary groups you are a member of is stored in the group, via the multi-value property memberUID. You'll have to ldapmodify the groups you want to be a member of with the appropriate member's uid. 2) Is there a solution to avoid this problem so that i also can generate mass user password ? You could pipe your script, depending on the language, into the smbpasswd command. I believe Jerry has posted something like this for a shell language: echo $pass $pass smbpasswd -a $username smbpasswd also used to have an optional last parameter for user's password. which was never documented and recently has been removed :-( Also, you may want to leave off your samba parameters in the ldif, they will get added by the smbpasswd command. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP help!
Right now I have Samba+LDAP working (like a charm acctually) I just have one issue. Right now Samba is authenticating the user against the sambaLMPassword and/or the sambaNTPassword attributes. Yep. I would rather it authenticated against the userPassword attribute like my unix boxes and mail servers do. Is samba capable of doing this? Otherwise I have to maintain two seperate passwords for each user. yes, you have to support two separate passwords for samba and nss. Yes. But we are talking about Samba and PAM - not NSS. NSS has nothing to do with passwords. otherwise you have to keep passwords in clear and somehow emulate (is OpenLDAP capable of this ?) sambaNTPassword via cleartext userPassword Password syncronization is trivial. See ldap password sync to do it from the Samba side or the smbk5pwd overlay to extend the password-modify exop on the LDAP side to always set all passwords. Or the third option is to use Kerberos for authentication of non-CIFS connections as the Hiemdal KDC can use the same LDAP SAM as Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] (no subject)
Thomas Kreft wrote: I have a rather complex access setup for my users home-directories. This is because a) All users have to be able to read other users files (minus some private folders) b) Some users additionally have write access to specific (not: all!) home-directories So a user Joe also has a group called 'Joe' with members Joe, Tim and Kate. Hence, Joe, Tim and Kate may write to /home/joe. I do this by editing smb.conf as follows: [homes] valid users = @users write list = @%g browseable = No create mask = 0660 directory mask = 0770 Now the question is: How do I provide the users with an easy way to access the various 'homes', ie. via a mapped network drive, and STILL preserve the 'write list' option of the smb.conf? Of course, the users could type \\SERVERNAME into their windows explorer, or browse through the network neighbourhood everytime, but this is rather inconvenient. Or I could create a share with symlinks to all the home folders, but this would deprive me of the individual 'write list' access control. Hope I could make myself clear! Any ideas are highly appreciated, I'm completely lost. Thomas Hallo Thomas, I would solve your problem this way: I would create home folders like you have done /home/joe , /home/tim ... I would create group folders like /group/joe, /group/... in smb.conf : [homes] comment = private browseable = yes create mask = 0700 directory mask = 0700 public = no writeable = yes [group] comment = group directory path = /group/%g create mask = 0770 directory mask = 0770 force directory mode = 0770 force create mode = 0770 public = no writeable = yes in logon.bat: net use x: \\server\homes net use y: \\server\group In this way, data in x:\ are private f.e. joe, data in y:\ are readable and writeable for the whole group f. e. joe, tim and kate. Sabine -- Sabine Zarabian Universität Bielefeld Fakultät für Biologie 0521 - 106 5567 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba 2 smbpasswd + ldap - not binding properly
Hi, The problem isn't the authentication, as the server can't even connect to the LDAP server to try to authenticate. Is your passdb backend correctly defined? Best Regards, Bruno Guerreiro -Original Message- From: Tyler R. Retzlaff [mailto:[EMAIL PROTECTED] Sent: terça-feira, 1 de Fevereiro de 2005 23:15 To: samba@lists.samba.org Subject: [Samba] samba 2 smbpasswd + ldap - not binding properly I've been having difficulty getting smbpasswd -a working as follows. wiggum:/etc# smbpasswd -D 10 -a rtr New SMB password: Retype new SMB password: ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as cn=manager,dc=test,dc=net Bind failed: Can't contact LDAP server ldap_open_connection: connection opened ldap_connect_system: Binding to ldap server as cn=manager,dc=test,dc=net Bind failed: Can't contact LDAP server Failed to add entry for user rtr. Failed to modify password entry for user rtr Now it clearly says it's binding as cn=manager,dc=test,dc=net. But according to the ldap server debug info I see the following two binds. During the smbpasswd -a neither of which is cn=manager. do_bind: version=3 dn=cn=nss,dc=test,dc=net method=128 do_bind: v3 bind: cn=nss,dc=test,dc=net to cn=nss,dc=test,dc=net My smb.conf looks like this: ldap admin dn = cn=manager,dc=test,dc=net ldap server = ldap.test.net ldap suffix = ou=People,dc=test,dc=net So is smbpasswd ignoring it? Just a note cn=nss comes from my libnss_ldap.conf so it's possible what I'm really seeing is the bind for nss lookup of the the passwd entry and smbpasswd isn't attempting to bind at all.. I've been scanning the samba list for days and haven't seen any solutions, so if someone could help me out I would appreciate it. Thanks -- Tyler R. Retzlaff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ntlm_auth + nt domain
i have to use ntlm_auth command with freeradius. Before, i want to execute ntlm_auth manually. For this job i use samba and winbind. the result command is : ntlm_auth --requeset-nt-key --domain=micro --username=alex password: NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) Before i entered my computer in nt domain which name is DOMAIN like this: net rpc join -S micro -U administrator Password: Joined domain DOMAIN. and wbinfo -u :wbinfo -u Error looking up domain users and wbinfo -g : BUILTINSystem Operators,BUILTINReplicators BUILTINGuests,BUILTINPower Users BUILTINPrint Operators,BUILTINAdministrators BUILTINAccount Operators,BUILTINBackup Operators BUILTINUsers So, can you please return your experience about this subjet, particulary authentication with nt domain Regards, durale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ntlm_auth + nt domain
i have to use ntlm_auth command with freeradius. Before, i want to execute ntlm_auth manually. For this job i use samba and winbind. the result command is : ntlm_auth --requeset-nt-key --domain=micro --username=alex password: NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) Before i entered my computer in nt domain which name is DOMAIN like this: net rpc join -S micro -U administrator Password: Joined domain DOMAIN. and wbinfo -u :wbinfo -u Error looking up domain users and wbinfo -g : BUILTINSystem Operators,BUILTINReplicators BUILTINGuests,BUILTINPower Users BUILTINPrint Operators,BUILTINAdministrators BUILTINAccount Operators,BUILTINBackup Operators BUILTINUsers So, can you please return your experience about this subjet, particulary authentication with nt domain Regards, durale -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Auth failing - idmap_rid?
Guenther Deschner wrote: Hi Brian, Thanks for the response. On Tue, Feb 01, 2005 at 03:11:23PM -0500, Brian Hoover wrote: The samba server is FC3 / samba 3.0.10 (Fedora package w/ idmap_rid compiled) The samba server shows up in the browse list, but when you select it from an XP machine windows spits up \\ server is not accessable yada yada The user name could not be found The following shows up twice in /var/log/samba/winbindd: [2005/02/01 14:00:27, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(461) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-21-601769246-1165110998-860360866-2946 Could you please restart winbindd once with loglevel = 10 and post the rid_idmap respective idmap_rid relevant entries of log.winbindd? This one may need to remain a mystery. I went show the SID differences to a colleague 4 hours after sending the original post and the symptom had disappeared. I had changed the uid / gid ranges from 1-2 to 1000-20 but even after changing them back I have not been able to repeat the issue. I'll post again if this happens again. Since this is my first samba server it is still in lab status and I will leave the log level set to 10. Maybe I'll catch something. The log you ask for does not show anything to me that is abnormal but here it is: [2005/02/02 07:43:43, 1] nsswitch/winbindd.c:main(864) winbindd version 3.0.10-1.fc3 started. Copyright The Samba Team 2000-2004 [2005/02/02 07:43:43, 5] lib/debug.c:debug_dump_status(366) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 --SNIP-- doing parameter idmap backend = idmap_rid:VIDAR=1-2 doing parameter idmap uid = 1-2 doing parameter idmap gid = 1-2 -Brian Thanks, Guenther -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] forcing a file to have the same uid from parent directory
1) You can try force user = %U, not sure it will work on [homes] it even can have side effect that every user will gain access to any home directory. 2) SUID on directory ? Hi, I have a little problem, sometimes the administrator must put a file in a home directory. But the owner of this file is root, not the user which have the home directory. Example : /rsrv/data1/home/toto toto Utilisateurs0700 + toto.id root Administrateurs 0700 + fichier.xls toto Utilisateurs0700 I would like to kown how I set up my conf (linux or samba ) for forcing uid of new file to have the same uid which have the directory. Thank you St?phane --- St?phane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ERRinvnetname (HELP)
Please HELP me! -- Forwarded message -- From: Fábio Soares [EMAIL PROTECTED] Date: Tue, 1 Feb 2005 14:01:13 -0300 Subject: Error messages when trying to access a share To: samba@lists.samba.org Hi everyone! Does anybody know what each of the error messages ERRinvnetname and ERRbadpw mean? The first one I get when I type my password after each of the following commands: smbclient -L localhost -U fabio //it only asks me for a password (I think it's to be my password) smbclient -L localhost -N //it doesn't ask a password. what/who is the username? The second one I get when I try this command: smbclient -L localhost //it does ask a password. but whatever password I type, the ERRbadpw error message arises on my screen. Why?? where does samba take a username for this password from? my smb.conf file is attached. you might want to take a look at it. -- Fabio Mendes Soares Computing Student (yet newbie at Samba) Ananindeua-PA-Brazil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba bidirectional printing support
No answers so far.. So probably it is impossible to make bidirectional printer connection using samba? One more question - are there another smb implementations for unix-like operating systems? Viktor Remennik wrote: Paul Gienger wrote: trying to install Canon s900 printer but canon printer monitor on win PC is not working saying there's no bidirectional connection between win That is probably the Canon app not wanting to work with a networked printer. Those style apps are designed to work on a local machine with a local printer. You could try to create a virtual LPR port and set the server to print in raw mode, but that probably won't get you over the hump. I don't think so. Actualy there are two kind of tools. First is really working with local port. But I'm talking about win32 driver. Under win32 (windows xp sp2) the driver is able to show when there's no ink in the network printer. but with samba shared printer win32 driver claims that bidirectional mode is unavailable and Enable bidirectional support checkbox in printer properties is disabled gray. Is it possible to let it alert me when ink is out? So, am i right that it is impossible to use modern printers via samba? No, you're wrong. It may be very difficult or impossible to use printers whose driver writers expect that printer to be attached to USB or parallel ports and cannot function over the network, but this will only hinder the advanced properties, perhaps such as ink sensing and what not. Pull virtually any network aware printer off of the shelf today, install the drivers on your server and client and you'll be just fine. Naturally this works better if the printer talks PostScript or any open printing language, but even without, many companies make valid unix drivers for network printers. But under win32 it works via smb net! Maybe the problem is in the samba configuration? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba a la linux question?
I think you probably should ask this on the samba@lists.samba.org list [redirected], as this is the development list. Hint: keepalive deals with part of this. --dave --- Behnam, Saman [EMAIL PROTECTED] wrote: Dear Mr. Mrs. When a windows share is mounted in to a linux-share running samba and anohter windows mashine accesses the linux-share...then all is ok. But when the mounted mashine crashes for example (if running ms windows its not rare ;) and the another windows mashine trys to access the linux-share with the unmounted but crashed windows.so the request hangs! Is there a workarround for this? e.g. mechanism that samba checks the mounted windows mashine and if not arrichable then force umount and when arrichable then mount it! Thank u verry much! Mit freundlichen Grüßen / Kind regards Saman Behnam Dipl.-Ing. (FH) TÜV AUTOMOTIVE GmbH Abt.: TAP-GAR Daimlerstr.11 D-85748 Garching Tel: 089 32950-849 / 859 Fax: 858 mailto:[EMAIL PROTECTED] http://www.tuev-sued.de http://www.tuev-sued.de/ = David Collier-Brown, | Always do right. This will gratify System Programmer and Author | some people and astonish the rest [EMAIL PROTECTED] | -- Mark Twain -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba network errors
Samba seems to work OK but I have the following problem: In the log I get the following Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] lib/util_sock.c:get_peer_addr(1000) Jan 27 10:33:53 test smbd[5055]: getpeername failed. Error was Transport endpoint is not connected Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] lib/util_sock.c:get_peer_addr(1000) Jan 27 10:33:53 test smbd[5055]: getpeername failed. Error was Transport endpoint is not connected Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] lib/util_sock.c:write_socket_data(430) Jan 27 10:33:53 test smbd[5055]: write_socket_data: write failure. Error = Connection reset by peer Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] lib/util_sock.c:write_socket(455) Jan 27 10:33:53 test smbd[5055]: write_socket: Error writing 4 bytes to socket 23: ERRNO = Connection reset by peer Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] lib/util_sock.c:send_smb(647) Jan 27 10:33:53 test smbd[5055]: Error writing 4 bytes to client. -1. (Connection reset by peer) It means at least that I temporarily looses the connection and if writing to a database it becomes corrupted. I cannnot se i have made somthing wrong. Samba 2.x worked fine but Samba 3 is giving this problem. What can be done? Is it a bug? Is Samba misconfigured? Or is the network misconfigured? I have checked network configuration with webmin. It now has a box in Routing and Gateways which says the folowing: Destination Gateway Netmask Interface 10.0.0.0 0.0.0.0 255.255.255.0 eth0 Default Route 10.0.0.10.0.0.0 eth0 My configuration is IP: 10.0.0.10 Netmask 255.255.255.0 Gateway 10.0.0.1 Broaddcast 10.0.0.255 So what does the box mean? Have I misconfigured something in the network? I have reconfigured my eth0 with MDK Controlecenter, and nothing changes. It is really frustrating as it is the basic configuration I am loosing my time with and not the network for the benefits of the users. I have another thing. In the Microsoft Network the Xp-workstations disappear after a time (5-20 minutes) I can find them via Find computer. If I close down the Samba service it does not happen. Bjørn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.11rc1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2 Feb 2005, David Landgren wrote: You raised an eyebrow at security = domain in my config. It's been that way since 2.2.8 and (poor) performance was never sufficiently noticeable to warrant benchmarking. No. I was just trying to understand the configuration that you were working with. What we need to find out is whether the delay is on the server or in smbclient. I would look at a level 4 log on smbd with 'debug timestamp = yes' and look for any obvious gaps. Trying to narrow down to a specific code path. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCAPYrIR7qMdg1EfYRAoL7AKC+JSFWheeMWqZmiYr0Gx9/e/kD3ACgzch4 dC8UpB86DDkgM/VrVL5LSME= =UFs8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating mandatory profiles (not making profiles mandatory)
Ilia Chipitsine schrieb: Hi, is it possible to create the user profiles by copying a template, change file ownership and modify the SID in NTUSER.DAT using the profile tool? We have many problems with broken profiles. This has become time consuming ^^^ there're few tips which I came to after using roaming profiles for several years, those tips will significately reduce number of problems with roaming profiles: 1) watch that profiles are less than 30Mb (number of files also is important) 2) when user first logs in, if there no profile exists, Default User profile is taken from \\$LOGONSERVER\NETLOGON, so you can have special default profile for new users. otherwise local Default User profile is taken. 3) redirect common folders like Desktop, My Documents out of roaming profile. they can live on network share in user's home directory, but not in the roaming profile. this can be achived either by manipulating registry directly or by using nt4 style domain policies, I can even send You custom ADM template for that. Outlook.pst can also be redirected out of roaming profile. simply move it to another place and start MS Outlook, it will ask You where to find outlook.pst 4) be careful with terminal services. samba doesn't understand separate profiles for terminal services, so you can ruin roaming profile. 5) make sure you are using the same version of Windows on all computers. w2k -- xp can also break many things in profile 6) make sure other things than Windows are the same on all computers. particularly MS Office. 7) You can create profile backup system, put, for example regedit /e \\SERVER\share\%UserName%-of2k3.reg HKEY_CURRENT_USER\Software\Microsoft\Office\11.0 at logon script and after that You can easily delete broken profile and restore required things from backup. 8) xp behave weird on roaming profiles. even if You reqiure delete cached copies of roaming profiles on exit, xp leaves copy and !!! if You delete network copy of roaming profile (in order to create profile from Default User), xp picks up local cached copy. so, in such case You need to remove both network and local cached copy of profile. no idea how to make xp delete it on exit. and frustrating - when a user experiences an error or weird behaviour of an application I can never be sure wether the cause is a wrong user error, a broken profile or defect in installation. If I want all users or groups of users to have the same profile I should be able to create it for them. I already use the default user, but with that I only can make a profile mandatory after the user's first logoff. I could try myself, but I sometimes experience that tricks that work at first and look good have some side effects I didn't think of, so I would appreciate comments from people who tried that, or maybe someone knows why this is rather a bad idea. With kind regards, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Thanks a lot Ilia! We have 200 PC and nearly all have a reborn-card or such, which prevents any lokal changes, so local copies of profiles do not exist. Users log in very often to different Computers and need to have a defined environment i.e. an available profile. I already use a default user-profile and redirected folders (thanks John, the book helped a lot). Nevertheless I feel that I cannot rely on the profiles' integrety once a user had a chance to modify it. Making a registry copy is a good tip, i will use that, at least for some users. But rather than backing up I would very much appreciate to set up a defined profile for each user. I think it would make life a lot easier for me (and the users). With kind regards Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing problems
Gerald (Jerry) Carter wrote: Josh Kelley wrote: | Second, we're seeing lots of the following messages in | our log files: | | [2005/01/27 13:31:34, 0] rpc_server/srv_lsa_hnd.c:create_policy_hnd(111) | create_policy_hnd: ERROR: too many handles (1025) on this pipe. | | I'm getting reports from users that they're intermittently | unable to print. Windows reports, Unable to create a print | job; this seems to correspond with the too many handles | errors, but I haven't gotten details consistently enough | to know for sure. Any suggestions? Are you using an XP client? There's a limit on the number of open printer handles that smbd will allow to prevent a client from eating up too much memory. it's set to 256 currently. I would look at a network sniff to see what the client is doing opening all those printer handles. We are using XP clients. I'll try running a network sniff; thanks for the suggestion. (The problem is happening intermittently on a number of our lab computers, which makes that a bit harder.) A couple of questions, keeping in mind that I know little about the SMB protocol or Samba's internals: If I'm reading the source code and the log messages correctly, these are policy handles (policy handles on pipes?). Are those the same thing as printer handles? The limit on policy handles in 3.0.9 is apparently 1024, not 256. Another oddity: We'd been getting hundreds or thousands of these error messages each day, then our server crashed yesterday morning for as-yet-undetermined reasons. Since the reboot, I've been seeing neither the old print jobs aren't cleared bug nor the too many handles messages. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 question, DOMAIN vs. SERVER method? Help!
Hello all! We are attempting to get Samba-3.0.10 working on a new Solaris 8 machine in preparation for upgrading an existing 2.2.8 installation (both use the SMCsamba packages from SunFreeware.com). We copied over the smb.conf file and the usermap from the Samba-2 installation, and seeing some weird symptoms when Windows users try to connect to the new machine. We ran net join to join the local domain (referred to hereafter as MYDOMAIN). When we set security = DOMAIN in the smb.conf file (which is how we have it on 2.2.8), it works for users that are not in the usermap (i.e. whose UNIX login name is the same as their Windows login). But users who are in the usermap can't connect. However, when we change the setting to security = SERVER then it works for the users in the usermap. The main difference I see between DOMAIN and SERVER logins is that the DOMAIN uses winbind authentication, while SERVER uses smbserver authentication. Also, it looks like Samba tries to create a user with the login of the UNIX user, and then fails because it can't. If anyone can tell me where we're going wrong, I would really appreciate it! Thanks in advance! smb.conf global entries: # Global parameters [global] workgroup = MYDOMAIN netbios name = MYSERVER security = DOMAIN # security = SERVER encrypt passwords = Yes password server = winserv1 winserv2 * username map = /usr/local/samba/lib/usermap wins server = x.x.x.x log level = 3 log file = /var/log/smb.log Contents of usermap: unixuser=pcuser Log entries for the successful DOMAIN login with an unmapped user: [2005/02/01 15:57:58, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[myuser] domain=[MYDOMAIN] workstation=[MYPC] len1=24 len2=24 [2005/02/01 15:57:58, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/02/01 15:57:58, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] SNIP [2005/02/01 15:57:58, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: winbind authentication for user [myuser] succeeded [2005/02/01 15:57:58, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/02/01 15:57:58, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/02/01 15:57:58, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/02/01 15:57:58, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/02/01 15:57:58, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [myuser] - [myuser] - [myuser] succeeded [2005/02/01 15:57:58, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/02/01 15:57:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 [2005/02/01 15:57:58, 3] smbd/password.c:register_vuid(222) User name: myuser Real name: [2005/02/01 15:57:58, 3] smbd/password.c:register_vuid(241) UNIX uid 5489 is UNIX user myuser, and will be vuid 100 SNIP The logs for the failed DOMAIN login for the mapped user: [2005/02/01 15:35:41, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[PCuser] domain=[MYDOMAIN] workstation=[MYPC] len1=24 len2=24 [2005/02/01 15:35:41, 3] lib/username.c:map_username(173) Mapped user PCuser to unixuser [2005/02/01 15:35:41, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/02/01 15:35:41, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] SNIP [2005/02/01 15:35:41, 3] auth/auth_util.c:make_server_info_info3(1127) User unixuser does not exist, trying to add it [2005/02/01 15:35:41, 0] auth/auth_util.c:make_server_info_info3(1134) make_server_info_info3: pdb_init_sam failed! [2005/02/01 15:35:41, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [PCuser] - [unixuser] FAILED with error NT_STATUS_NO_SUCH_USER SNIP Logs for the successful SERVER login for the mapped user: [2005/02/01 15:36:22, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615) Got user=[PCuser] domain=[MYDOMAIN] workstation=[MYPC] len1=24 len2=24 [2005/02/01 15:36:22, 3] lib/username.c:map_username(173) Mapped user PCuser to unixuser [2005/02/01 15:36:22, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/02/01 15:36:22, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] SNIP [2005/02/01 15:36:26, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: smbserver authentication for user
[Samba] A smbd process pegging CPU at near 100% with v3.0.10-1 FC2 RPM
CPU 99.3%: 2170 root 25 0 11656 3228 10m R 99.3 0.5 0:07.42 smbd We're having the same problems as many others with print queues, client lock-ups, etc. I think maybe this CPU problem is related as we have two servers in two locations with the same versions, and both had the problem immediately after upgrading to 3.0.10. We use the YUM facility to upgrade Samba. To react to these problems without waiting for the .11 release, is it possible to use the FC3 RPM of RC1 on a Fedora Core 2 box? If not, a pointer to a FC2 binary would be appreciated. Many Thanks- Kel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File Tranfer limits, if any?
Are there any limits to the size of a file that can be sent to a SAMBA server? I ask, because a year or so ago, I was using a SAMBA device to store data files from a Windowz system that were larger than 2 GIG. The Windows system came back saying that the drive was full. A check of the space on the SAMBA location said 30 GIG was open. The same 2 GIG file between 2 Windows boxes did work. Thanks for your help. --alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2 Feb 2005, Josh Kelley wrote: A couple of questions, keeping in mind that I know little about the SMB protocol or Samba's internals: If I'm reading the source code and the log messages correctly, these are policy handles (policy handles on pipes?). Are those the same thing as printer handles? The limit on policy handles in 3.0.9 is apparently 1024, not 256. Yes a policy handle is basically the same thing as a printer handle. It's a different limit for printer handles: rpc_server/srv_pipe_hnd.c:#define MAX_OPEN_SPOOLSS_PIPES 256 Another oddity: We'd been getting hundreds or thousands of these error messages each day, then our server crashed yesterday morning for as-yet-undetermined reasons. Since the reboot, I've been seeing neither the old print jobs aren't cleared bug nor the too many handles messages. hmm...bad tdb somewhere ? ANy error messages about that ? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCAPwzIR7qMdg1EfYRAhdkAJ0WD+YfGJm5ThKS7PCONFn/4ZB96ACfXXaw +7SzruguxsXZNyCTwNUwka0= =gnTa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Tranfer limits, if any?
Hi, this behavior is not really samba related, i guess youre using ext2 on the samba host system, there should be no problem if you use ext3 which has no 2GB limtitation Regards Garies, Alan schrieb: Are there any limits to the size of a file that can be sent to a SAMBA server? I ask, because a year or so ago, I was using a SAMBA device to store data files from a Windowz system that were larger than 2 GIG. The Windows system came back saying that the drive was full. A check of the space on the SAMBA location said 30 GIG was open. The same 2 GIG file between 2 Windows boxes did work. Thanks for your help. --alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] libiconv.so.2 is not found in archive
Hi, Have just spend the afternoon browsing and trying to find the solution to this error. We are running AIX 4.3.3, release 10. I'm trying to get Samba up and running. It seems to install okay using smitty, at least all the directories appear with the various samba files in them. Though no smb.conf is created. I thought a default one would be created? I'm coming from a mainly Linux background where that happens. Maybe Unix is slightly different? Anyway when I try to run anything related to samba get the following error: exec(): 0509-036 Cannot load program ./testparm because of the following errors: 0509-150 Dependent module /usr/lib/libiconv.a(libiconv.so.2) could not be loaded. 0509-152 Member libiconv.so.2 is not found in archive I've found several mails and newsgroup posts about this, but with no real solution. Is there a way round this? Thanks, Neil. http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] stumped, security = domain FAILS for NTLMv2 only
I have a Samba only domain (Samba PDC, Samba Member Servers) where security = domain. Versions are all 3.0.10 compiled with --enable-cups --with-utmp --with-acl-support Backend is tdbsam All smb.confs have the following: ... pdc: security = user members: security = domain ... restrict anonymous = 2 encrypt passwords = yes lanman auth = no ntlm auth = no client ntlmv2 auth = yes client schannel = yes server schannel = yes client signing = auto server signing = auto ... Domain controller works like a charm, all Windows2000/XP clients are locked down the same schannel=yes,ntlmv2 only,restrict anon=2. All clients can auth through each other (I can view shares on other workstations) net rpc testjoin returns OK from all samba-3.0.10 members attempts to connect to samba-3.0.10 member server fail with session setup failed: NT_STATUS_LOGON_FAILURE unix accounts exists for domain members. winbindd is up and running on members as auth only (no account creation) attempts to connect to windows members succeed. If security = user is used on members, and a smbpasswd -a command is issued to assign the samba password on members (which makes the membership useless), connection attempts succeed. Logs on the Samba member server [RHEL] look like this: [2005/02/02 10:26:59, 10] auth/auth_util.c:make_user_info(201) made an encrypted user_info for myuser (myuser) [2005/02/02 10:26:59, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/02/02 10:26:59, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/02/02 10:26:59, 10] auth/auth.c:check_ntlm_password(231) check_ntlm_password: auth_context challenge created by random [2005/02/02 10:26:59, 10] auth/auth.c:check_ntlm_password(233) challenge is: [2005/02/02 10:26:59, 10] auth/auth.c:check_ntlm_password(259) check_ntlm_password: guest had nothing to say [2005/02/02 10:26:59, 6] auth/auth_sam.c:check_samstrict_security(358) check_samstrict_security: MYDOMAIN is not one of my local names (ROLE_DOMAIN_MEMBER) [2005/02/02 10:26:59, 10] auth/auth.c:check_ntlm_password(259) check_ntlm_password: sam had nothing to say [2005/02/02 10:26:59, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: winbind authentication for user [myuser] FAILED with error NT_STATUS_WRONG_PASSWORD [2005/02/02 10:26:59, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [myuser] - [myuser] FAILED with error NT_STATUS_WRONG_PASSWORD Logs on the domain controller [FreeBSD] look like this: [2005/02/02 10:26:59, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/02/02 10:26:59, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/02/02 10:26:59, 4] libsmb/ntlm_check.c:ntlm_password_check(288) ntlm_password_check: Checking NTLMv2 password with domain [MYDOMAIN] [2005/02/02 10:26:59, 4] libsmb/ntlm_check.c:ntlm_password_check(298) ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [MYDOMAIN] [2005/02/02 10:26:59, 4] libsmb/ntlm_check.c:ntlm_password_check(308) ntlm_password_check: Checking NTLMv2 password without a domain [2005/02/02 10:26:59, 3] libsmb/ntlm_check.c:ntlm_password_check(317) ntlm_password_check: NTLMv2 password check failed [2005/02/02 10:26:59, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: sam authentication for user [myuser] FAILED with error NT_STATUS_WRONG_PASSWORD [2005/02/02 10:26:59, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [MYDOMAIN] was for this SAM. [2005/02/02 10:26:59, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [myuser] - [myuser] FAILED with error NT_STATUS_WRONG_PASSWORD I am stumped. Is a tdbsam backend unsupported for security = domain? (not stated in docs) Do I have to move to an LDAP backend? Although this is not noted in any documentation I have found. Side note: I noticed that even though I am setting auth to NTLMv2 ONLY, the password databases are still storing the LANMAN hashes... is there a reason for this? -- Aaron Zirbes Systems Administrator Environmental Health Sciences University of Minnesota -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Oplock errors in 2.2.8a
Hi, We are having connection timeout issues in Excel and Word. Was this an issue that was resolved in post 3.0 versions? We are running 2.2.8a. Below is the samba log file and I have attached a netmon output. Thanks, Domenic [2005/01/24 09:13:48, 0] smbd/oplock.c:oplock_break(797) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file lotus/data/WeightedAverageFunction.xla (dev = 3996f31, inode = 66801, file_id = 197). [2005/01/24 09:13:48, 0] smbd/oplock.c:oplock_break(869) oplock_break: client failure in oplock break in file lotus/data/WeightedAverageFunction.xla ** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Modifying SWAT views for general users
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roy P Costa wrote:
| I'm looking at having my general Samba users change their own
passwords on
| my Linux server using SWAT. Is there a way that I can have them have
| access to the password changing view and not be able to see the
| configuration and status information. Is there an easy way for those
| button to not appear on the web page?
|
|
| Roy Costa
| roycosta at us.ibm.com
|
|
I've just committed the attached patch to SVN. It adds a '-P'
command-line option to SWAT. Running swat -P will now do what you asked
about above -- only show the Password menu to read-only users. Please
test it, and let us know if it works out for you. Cheers,
deryck
- --
Deryck Hodgehttp://www.devurandom.org/
Auburn University Libraries http://www.lib.auburn.edu/
Samba Team http://www.samba.org/
I am flawed but I am cleaning up so well.
- --Dashboard Confessional, from Vindicated(2004)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCARjn4glRK0DaE8gRAnA0AJ9kJD5ypPISeNc7XNtdUufkDVYKcACgow9Y
ztvJGe2eqhkDJ3Jt2msvRRk=
=5WaD
-END PGP SIGNATURE-
Index: source/web/swat.c
===
--- source/web/swat.c (revision 5172)
+++ source/web/swat.c (working copy)
@@ -32,6 +32,7 @@
#include web/swat_proto.h
static BOOL demo_mode = False;
+static BOOL passwd_only = False;
static BOOL have_write_access = False;
static BOOL have_read_access = False;
static int iNumNonAutoPrintServices = 0;
@@ -530,7 +531,8 @@
image_link(_(Printers), printers, images/printers.gif);
image_link(_(Wizard), wizard, images/wizard.gif);
}
- if (have_read_access) {
+ /* root always gets all buttons, otherwise look for -P */
+ if ( have_write_access || (!passwd_only have_read_access) ) {
image_link(_(Status), status, images/status.gif);
image_link(_(View Config), viewconfig,
images/viewconfig.gif);
}
@@ -1315,6 +1317,7 @@
struct poptOption long_options[] = {
POPT_AUTOHELP
{ disable-authentication, 'a', POPT_ARG_VAL, demo_mode,
True, Disable authentication (demo mode) },
+{ password-menu-only, 'P', POPT_ARG_VAL, passwd_only, True, Show
only change password menu },
POPT_COMMON_SAMBA
POPT_TABLEEND
};
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Oplock errors in 2.2.8a
On Wed, Feb 02, 2005 at 12:41:34PM -0500, Verlezza, Domenic wrote: Hi, We are having connection timeout issues in Excel and Word. Was this an issue that was resolved in post 3.0 versions? We are running 2.2.8a. Below is the samba log file and I have attached a netmon output. Thanks, Domenic [2005/01/24 09:13:48, 0] smbd/oplock.c:oplock_break(797) oplock_break: receive_smb timed out after 30 seconds. oplock_break failed for file lotus/data/WeightedAverageFunction.xla (dev = 3996f31, inode = 66801, file_id = 197). [2005/01/24 09:13:48, 0] smbd/oplock.c:oplock_break(869) oplock_break: client failure in oplock break in file lotus/data/WeightedAverageFunction.xla This was an issue I fixed in the 3.x code w.r.t. 1 second deferred closes, so I'd definately upgrade. However, many oplock bugs are actually network hardware problems. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Still no browse list and no help!
Unable to resolve my problem after long time of reading and searching I decide to ask for help to the experts. The problems is that there is no browse list even thought everything works fine. I can share files with others machines but don't see anything on network neighborhood. We use the OpenBSD 3.6 box with Samba 2.2 only for DNS and Wins. Please Help! Here is my smb.conf file. # This is the main Samba configuration file. You should read the #=== Global Settings [global] ## ## Basic Server Settings ## # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = TVGBCAST netbios name = laxbcastdns01 # server string is the equivalent of the NT Description field server string = # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page hosts allow = 10. 127.0.0.1 # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects # log file = /var/log/smbd.%m # How much information do you want to see in the logs? # default is only to log critical messages ; log level = 1 # Put a capping on the size of the log files (in Kb). max log size = 550 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may want to add the following on a Linux system: # SO_RCVBUF92 SO_SNDBUF92 ; socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces and want to limit smbd will # use, list the ones desired here. Otherwise smbd nmbd will bind to all # active interfaces on the system. See the man page for details. # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1 # Should smbd report that it has MS-DFS Capabilities? Only available # if-with-msdfs was passed to ./configure ; host msdfs = yes ## ## Network Browsing ## # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value (20) should be reasonable os level = 65 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes browse list = yes ## ## WINS Name Resolution ## # If you have multiple network interfaces and want to limit smbd will # use, list the ones desired here. Otherwise smbd nmbd will bind to all # active interfaces on the system. See the man page for details. # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1 # Should smbd report that it has MS-DFS Capabilities? Only available # if-with-msdfs was passed to ./configure ; host msdfs = yes ## ## Network Browsing ## # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value (20) should be reasonable os level = 65 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller
Re: [Samba] Still no browse list and no help!
you can keep asking but the answer will always be the same - to browse the network, you will want a wins server. either this system... wins support = yes or another WinNT type server wins server = ip_address_of_wins_server and of course, the windows machines should have the ip address set for the wins server that is operational - either manually or through dhcp also - it helps to trim all the comments out of an smb.conf - either manually (the hard way) or by using 'testparm -s /tmp/smb.conf.no.comments' or 'testparm -sv /tmp/smb.conf.no.comments.all.attributes Craig On Wed, 2005-02-02 at 10:28 -0800, Marvin Bonilla wrote: Unable to resolve my problem after long time of reading and searching I decide to ask for help to the experts. The problems is that there is no browse list even thought everything works fine. I can share files with others machines but don't see anything on network neighborhood. We use the OpenBSD 3.6 box with Samba 2.2 only for DNS and Wins. Please Help! Here is my smb.conf file. # This is the main Samba configuration file. You should read the #=== Global Settings [global] ## ## Basic Server Settings ## # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = TVGBCAST netbios name = laxbcastdns01 # server string is the equivalent of the NT Description field server string = # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page hosts allow = 10. 127.0.0.1 # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects # log file = /var/log/smbd.%m # How much information do you want to see in the logs? # default is only to log critical messages ; log level = 1 # Put a capping on the size of the log files (in Kb). max log size = 550 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may want to add the following on a Linux system: # SO_RCVBUF92 SO_SNDBUF92 ; socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces and want to limit smbd will # use, list the ones desired here. Otherwise smbd nmbd will bind to all # active interfaces on the system. See the man page for details. # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1 # Should smbd report that it has MS-DFS Capabilities? Only available # if-with-msdfs was passed to ./configure ; host msdfs = yes ## ## Network Browsing ## # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value (20) should be reasonable os level = 65 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes browse list = yes ## ## WINS Name Resolution ## # If you have multiple network interfaces and want to limit smbd will # use, list the ones desired here. Otherwise smbd nmbd will bind to all # active interfaces on the system. See the man page for details. # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1 # Should smbd report that it has MS-DFS Capabilities? Only available # if-with-msdfs was passed to ./configure ; host msdfs = yes
Re: [Samba] Still no browse list and no help!
It looks like you have a bit of redundancy in your smb.conf, but other that that, seems OK. I have a question for you: Have you either: a) hard-coded your WINS server IP (samba machine) into your windows clients? b) setup your DHCP options to set your WINS server to your Samba Server's IP address. The easy way to check this is to run ipconfig /all from your windows clients, and see if the line: Primary WINS Server . . . . . . . : www.xxx.yyy.zzz points to your Samba WINS server. If it does not, therein lies your problem and solution Enjoy! Marvin Bonilla wrote: Unable to resolve my problem after long time of reading and searching I decide to ask for help to the experts. The problems is that there is no browse list even thought everything works fine. I can share files with others machines but don't see anything on network neighborhood. We use the OpenBSD 3.6 box with Samba 2.2 only for DNS and Wins. Please Help! Here is my smb.conf file. workgroup = TVGBCAST netbios name = laxbcastdns01 hosts allow = 10. 127.0.0.1 guest account = pcguest max log size = 550 security = user os level = 65 local master = yes domain master = yes preferred master = yes browse list = yes wins support = yes remote announce = yes announce as = NT Server -- Aaron Zirbes Systems Administrator Environmental Health Sciences University of Minnesota -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Still no browse list and no help!
Marvin Bonilla wrote: Unable to resolve my problem after long time of reading and searching I decide to ask for help to the experts. The problems is that there is no browse list even thought everything works fine. I can share files with others machines but don't see anything on network neighborhood. We use the OpenBSD 3.6 box with Samba 2.2 only for DNS and Wins. Please Help! Are you using static IP's on the win boxes, or DHCP? If you are using DHCP, what DHCP server are you using? The reason I ask is that you need to have the Win boxes point to the Samba wins server for browsing to work right. It also helps to make sure the workgroup on the Win boxes is the same as the workgroup name in smb.conf. Here is my smb.conf file. # This is the main Samba configuration file. You should read the #=== Global Settings [global] ## ## Basic Server Settings ## # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 workgroup = TVGBCAST netbios name = laxbcastdns01 # server string is the equivalent of the NT Description field server string = # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page hosts allow = 10. 127.0.0.1 # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects # log file = /var/log/smbd.%m # How much information do you want to see in the logs? # default is only to log critical messages ; log level = 1 # Put a capping on the size of the log files (in Kb). max log size = 550 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting. # Note: Consider carefully the location in the configuration file of # this line. The included file is read at that point. ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may want to add the following on a Linux system: # SO_RCVBUF?92 SO_SNDBUF?92 ; socket options = TCP_NODELAY # Configure Samba to use multiple interfaces # If you have multiple network interfaces and want to limit smbd will # use, list the ones desired here. Otherwise smbd nmbd will bind to all # active interfaces on the system. See the man page for details. # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1 # Should smbd report that it has MS-DFS Capabilities? Only available # if-with-msdfs was passed to ./configure ; host msdfs = yes ## ## Network Browsing ## # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser # elections. The default value (20) should be reasonable os level = 65 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = yes browse list = yes ## ## WINS Name Resolution ## # If you have multiple network interfaces and want to limit smbd will # use, list the ones desired here. Otherwise smbd nmbd will bind to all # active interfaces on the system. See the man page for details. # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1 # Should smbd report that it has MS-DFS Capabilities? Only available # if-with-msdfs was passed to ./configure ; host msdfs = yes ## ## Network Browsing ## # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = yes # OS Level determines the precedence of this server in master browser #
Re: [Samba] File Tranfer limits, if any?
On Wednesday 02 February 2005 09:12, Garies, Alan wrote: Are there any limits to the size of a file that can be sent to a SAMBA server? How are you sending the file? I ask, because a year or so ago, I was using a SAMBA device to store data files from a Windowz system that were larger than 2 GIG. The Windows system came back saying that the drive was full. A check of the space on the SAMBA location said 30 GIG was open. The same 2 GIG file between 2 Windows boxes did work. What Linux kernel are you using? What version of Samba? - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating mandatory profiles (not making profiles mandatory)
On Wednesday 02 February 2005 08:58, M. Müller wrote: Thanks a lot Ilia! We have 200 PC and nearly all have a reborn-card or such, which prevents any lokal changes, so local copies of profiles do not exist. Users log in very often to different Computers and need to have a defined environment i.e. an available profile. I already use a default user-profile and redirected folders (thanks John, the book helped a lot). Nevertheless I feel that I cannot rely on the profiles' integrety once a user had a chance to modify it. Making a registry copy is a good tip, i will use that, at least for some users. But rather than backing up I would very much appreciate to set up a defined profile for each user. I think it would make life a lot easier for me (and the users). The last time I tried to create a Default User profile that was set as a mandatory profile the Windows client could not handle this on login. You can of course use a normal Default User profile that has folder redirection, set the client to delete cached profiles on logout, and NOT have a profile share. This means that every user will get a fresh profile on login every time. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating mandatory profiles (not making profiles mandatory)
On Wednesday 02 February 2005 08:58, M. Müller wrote: Thanks a lot Ilia! We have 200 PC and nearly all have a reborn-card or such, which prevents any lokal changes, so local copies of profiles do not exist. Users log in very often to different Computers and need to have a defined environment i.e. an available profile. I already use a default user-profile and redirected folders (thanks John, the book helped a lot). Nevertheless I feel that I cannot rely on the profiles' integrety once a user had a chance to modify it. Making a registry copy is a good tip, i will use that, at least for some users. But rather than backing up I would very much appreciate to set up a defined profile for each user. I think it would make life a lot easier for me (and the users). The last time I tried to create a Default User profile that was set as a mandatory profile the Windows client could not handle this on login. You can of course use a normal Default User profile that has folder redirection, set the client to delete cached profiles on logout, and NOT have a profile share. This means that every user will get a fresh profile on login every time. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File Tranfer limits, if any?
On Wednesday 02 February 2005 09:12, Garies, Alan wrote: Are there any limits to the size of a file that can be sent to a SAMBA server? How are you sending the file? I ask, because a year or so ago, I was using a SAMBA device to store data files from a Windowz system that were larger than 2 GIG. The Windows system came back saying that the drive was full. A check of the space on the SAMBA location said 30 GIG was open. The same 2 GIG file between 2 Windows boxes did work. What Linux kernel are you using? What version of Samba? - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Removing Everyone Can Print Permission
I can navigate to a printer on our print server and right click, go the securities tab, click Advanced, select the 'Allow\Everyone\Print' line and click Remove. It goes away, without errors. If I click apply it comes right back (gr). Can one set ACLs on printer queues (cups backend)? I'm almost 99% certain I've done this in the past. samba-3.0.11rc1 (updated from samba-3.0.10 last night). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] iPlanet Bug and PDC Problem
Josh, Did you ever get an answer about the Samba problem ... smbd/sec_ctx.c:initialise_groups(247) This is probably a problem with the account \nobody Thanks, Rick Hey Guys, Ok, I've got a 2.2.9pre3 Samba box compilied with LDAP. I had to use 2.2.9cvs cause 2.2.8a has some bug with iPlanet that doesn't allow it to compilie properly Anyway, I've got a 2.2.8 box setup with: security = server password server = mirage (the 2.2.9 Solaris box) so when I try to loggin to the domain that the 2.2.8 box serves I get an error saying the username/password pair doesn't exist... Its like its not even talking to the 2.2.9 box... Here is the log with level 2... Any ideas? Also, I'd apprecite a reply with a CC directed to me so I don't miss the reply in all the other threads... Thanks ever one! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 16-bit application
I've got a really weird problem. A user is running a 16-bit application called Jetform V2.2, originally from Delrina but now supported by Adobe. The user is storing the data files on their local disk but the forms sit on a samba share. We have moved the data files to samba as well and this is where the weirdness comes in. When the application tries to open a file it brings down a pulldown list and in the list is the DOS filename. When the files were local the names listed were the Windows filenames. The same behavior is shown when the data files are on a Novell volume so it seems like it's not a Samba issue. Does anyone have a clue on how to get the Windows filename to be listed? Thanks for the help. spike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2 smbpasswd + ldap - not binding properly
On Wednesday 02 February 2005 23:51, you wrote: Hi, The problem isn't the authentication, as the server can't even connect to the LDAP server to try to authenticate. Seems reasonable that this is actually the problem, though I still haven't been able to get things working. Is your passdb backend correctly defined? I checked the documentation on this, passdb backend seems to be a samba 3 parameter only. Since I'm using samba 2.x no joy. Other suggestions? Best Regards, Bruno Guerreiro Thanks -- Tyler R. Retzlaff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printing from Unix to unix
Hi, I'm wondering how can I print from UNIX to a UNIX shared printer. can anyone help me? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Removing Everyone Can Print Permission
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2 Feb 2005, Adam Tauno Williams wrote: I can navigate to a printer on our print server and right click, go the securities tab, click Advanced, select the 'Allow\Everyone\Print' line and click Remove. It goes away, without errors. If I click apply it comes right back (gr). Can one set ACLs on printer queues (cups backend)? I'm almost 99% certain I've done this in the past. samba-3.0.11rc1 (updated from samba-3.0.10 last night). Close the property dialog and reopen it after hitting apply. We don't implement the change notify event for security descriptors on printers IIRC. cheers,jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCASfTIR7qMdg1EfYRAhPpAJ4knwmdvJ8TaoV0L5YclvwBPjzm3gCfcr9p tmn1Sm5obRcr2yXjExg6Mb8= =OzDu -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating mandatory profiles (not making profiles mandatory)
John H Terpstra schrieb: On Wednesday 02 February 2005 08:58, M. Müller wrote: Thanks a lot Ilia! We have 200 PC and nearly all have a reborn-card or such, which prevents any lokal changes, so local copies of profiles do not exist. Users log in very often to different Computers and need to have a defined environment i.e. an available profile. I already use a default user-profile and redirected folders (thanks John, the book helped a lot). Nevertheless I feel that I cannot rely on the profiles' integrety once a user had a chance to modify it. Making a registry copy is a good tip, i will use that, at least for some users. But rather than backing up I would very much appreciate to set up a defined profile for each user. I think it would make life a lot easier for me (and the users). The last time I tried to create a Default User profile that was set as a mandatory profile the Windows client could not handle this on login. You can of course use a normal Default User profile that has folder redirection, set the client to delete cached profiles on logout, and NOT have a profile share. This means that every user will get a fresh profile on login every time. - John T. Yes indeed that should have the same effect. As far as I can see I can test it with a smaller user group whom I give a profilePath= in their ldap-entry(?). So that would not be too dangerous. Thanks a lot, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 2 smbpasswd + ldap - not binding properly (solved)
On Wednesday 02 February 2005 23:51, you wrote: It looks like the new day has given me a fresh outlook. I foolishly neglected the fact that the defaults in my test environment were using non-ssl. Since samba defaults ldap port to 636 this was why I was never seeing the connections. Works perfect if you try to connect to a service on the correct port amazing! Thanks Bruno. Best Regards, Bruno Guerreiro -- Tyler R. Retzlaff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating mandatory profiles (not making profiles mandatory)
Yes indeed that should have the same effect. As far as I can see I can test it with a smaller user group whom I give a profilePath= in their ldap-entry(?). So that would not be too dangerous. That is the way to do it. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] access to all home directories for all users
Thanks to Matthew and Sabine for their suggestions, which sadly are not solving my problem :). After some more reading and learning I've come up with another way which I'll describe below for those who are interested. I skipped the idea of extensive read write list parameters in the smb.conf and now handle almost everything with standard unix permissions, particularly by using the sgid bit on directories (which I never used before -- shame on me). In addition to the [homes] service I made a service called [users] which serves as a place for symlinks to the desired home directories. By mounting this share, my user tim can see the homes of joe, kate and himself, and can read (and write, if he is in the group kate resp. joe). My smb.conf: [homes] valid users = @users write list = @%g read only = No inherit acls = Yes browseable = No create mask = 0664 force create mode = 020 directory mask = 0775 force directory mode = 020 [users] path = /home/server/userlinks valid users = @users read only = no create mask = 0664 force create mode = 020 directory mask = 0775 force directory mode = 020 # ls -l /home | grep joe drwxrwsr-x 4 joejoe152 Feb 2 16:56 joe # ls -l joe/ drwxrwsr-x 5 joejoe176 Feb 2 21:26 . drwxr-xr-x 18 root root 424 Feb 2 21:26 .. drwx-- 2 joeroot 136 Feb 2 14:36 secret drwxr-sr-x 2 root joe 48 Feb 2 21:26 test -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to join domain using ldap backend
net rpc join Create of workstation account failed User specified does not have administrator privileges Unable to join domain BOB I'm logged in as root. I setup ldap using the Idealx instructions and latest scripts. I can add users and see the samba server ie smbclient -L bob -Uroot%secret I set the password for the Administrator account and it is also set uid 0. I set the secrets.tdb password smbpasswd -w secret. I also have a ldap-secret file. I checked the SID for net getlocalsid to the SID's in the ldap database, all matched up. I tried running net rpc join -Uadministrator%secret For simplicity all the passwords I set are the same secret. Could someone please explain what the command; net rpc join is trying to authenticate? Why can't it create a workstations account? What administrator privileges is it looking for? I am able to join the domain if I don't use the ldap backend. What's the magic setting for ldap? Thanks, David Mongan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join domain using ldap backend
David, Get rid of the Administrator account. Use the root account instead. You have ambiguous names that can NOT unambiguously resolve to one identity. ie: Is uid=0 root or is it Administrator? Does uid=0 map to the Administrator SID or to some other SID? Also, use: net rpc join -S 'PDC_Name' -Uroot%secret PS: It is best to populate your LDAP directory using: smbldap-populate -a root, not just the default which creates an Administrator account. - John T. On Wednesday 02 February 2005 15:11, MONGAN, DAVID (JSC-DV2) (USA) wrote: net rpc join Create of workstation account failed User specified does not have administrator privileges Unable to join domain BOB I'm logged in as root. I setup ldap using the Idealx instructions and latest scripts. I can add users and see the samba server ie smbclient -L bob -Uroot%secret I set the password for the Administrator account and it is also set uid 0. I set the secrets.tdb password smbpasswd -w secret. I also have a ldap-secret file. I checked the SID for net getlocalsid to the SID's in the ldap database, all matched up. I tried running net rpc join -Uadministrator%secret For simplicity all the passwords I set are the same secret. Could someone please explain what the command; net rpc join is trying to authenticate? Why can't it create a workstations account? What administrator privileges is it looking for? I am able to join the domain if I don't use the ldap backend. What's the magic setting for ldap? Thanks, David Mongan -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Iseries LPAR Virtual Ethernet PDC w/o LDAP
General Configuration: IBM ISeries Model 520 partitioned using virtual ethernet (One to one NAT is used for access from internal private network to virtual lan.) Suse Enterprise (9.0) Samba 3.X Looking for a configuration example that provides a simple Primary Domain Controller in this small but security conscious office environment? I have seen several for a physical ethernet adapter. Reconcile the Linux host/domain settings with smb.conf settings. A trim efficient approach is desired because of limited processing power in the Linux partition. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] People with applications needing directories containing large numbers of files.
I've been working (inspired by James Peach of SGI) on the problem of using Samba3 with applications that need large numbers of file (100,000 or more) per directory. I think the current code in SVN in the SAMBA_3_0 branch may hold the fix for this problem, so I'd like to request people who need this functionality to give it a try. The key was fixing the directory handling to read only the current list requested instead of the old (up to 3.0.11) behaviour of reading the entire directory into memory before doling out names. Normally this would have broken OS/2 applications which have *very* strange delete semantics :-), but by stealing logic from Samba4 (thanks tridge) I think the current code in SVN handles this correctly. So here's how to set up an application that needs large number of files per directory in a way that doesn't damage performance. Firstly, you need to canonicalize all the files in the directory to have one case, upper or lower - take your pick (I chose upper as all my files were already upper case names). Then set up a new custom share for the application as follows : [bigshare] path = /home/jeremy/tmp/manyfilesdir read only = no default case = upper preserve case = no short preserve case = no Of course, use your own path and settings, but set the case options to match the case of all the files in your directory. The path should point at the large directory needed for the application - any new files created in there and in any paths under it will be forced by smbd into upper case - but smbd will no longer have to scan the directory for names - it knows that if a file doesn't exist in upper case then it doesn't exist at all. So please give this a test if you have problems with Samba and large sized directories. Remember this is in SVN code only, it isn't in the 3.0.11 pre releases or rc candidates, as we need to ensure this new code is correct. If you can help me test it it'll be in 3.0.12 (security problems notwithstanding :-). Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: People with applications needing directories containing large numbers of files.
On Wed, Feb 02, 2005 at 05:38:19PM -0800, Jeremy Allison wrote: So please give this a test if you have problems with Samba and large sized directories. Remember this is in SVN code only, it isn't in the 3.0.11 pre releases or rc candidates, as we need to ensure this new code is correct. If you can help me test it it'll be in 3.0.12 (security problems notwithstanding :-). Ok, I'm sorry - I spoke too soon :-(. I have one more fix to do before this works Sorry for being stupid :-(. Please ignore the earlier message :-(. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Removing printer drivers?
I have installed windows printer drivers and it worked but now I need to remove several. I have tried everything I can find but nothing will get rid of them. Using remove from a winxp machine in server properties won't work. It claims they are in use. I'm not sure what in use means. Nothing is printing and the drivers should be local. I've tried the rpc client and it gives errors which I cannot post because I'm not near the machine now but I believe it too states something about being in use. Any tips? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Removing printer drivers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2 Feb 2005, Joe Konecny wrote: I have installed windows printer drivers and it worked but now I need to remove several. I have tried everything I can find but nothing will get rid of them. Using remove from a winxp machine in server properties won't work. It claims they are in use. I'm not sure what in use means. Nothing is printing and the drivers should be local. I've tried the rpc client and it gives errors which I cannot post because I'm not near the machine now but I believe it too states something about being in use. Any tips? In use on the server means that they are assigned to a printer. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCAaTnIR7qMdg1EfYRAjJ3AJ9YHzoL5uvz4cnthIAvpARjIBHEVwCg2pBs mfiegyDLzxK8y8dXFS2gCkw= =Am27 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba bidirectional printing support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 2 Feb 2005, Viktor Remennik wrote: No answers so far.. So probably it is impossible to make bidirectional printer connection using samba? One more question - are there another smb implementations for unix-like operating systems? If the driver is designed to talk directly to the printer over TCP/IP but spool through the Samba server, you will be ok. However, as someone already mentioned, if the driver needs to talk to the printer over a local port (USB, LPT, etc...) you are out of luck. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQFCAaWuIR7qMdg1EfYRAtx5AJ9NtslgZOYe7HjlLEU2mEhJUHgrfwCgzQFT qF68PGwmOaUgq7dkBWpbiOw= =8E4B -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem while configuring Samba
Hi , I am facing a problem while configuring Samba on AIX 5.2. The configure completes without any issues , but getting an error while running make . Any pointers to this problem will be helpfull. Options used for Configure are - ./configure --with-winbind --with-ldap --with-ads --with-pam Here is the Error - # make Using FLAGS = -O -I/usr/local/include -I./popt -Iinclude -I/usr/samba-3.0.1/sou rce/include -I/usr/samba-3.0.1/source/ubiqx -I/usr/samba-3.0.1/source/smbwrapper -I. -I/usr/local/include -I/usr/samba-3.0.1/source LIBS = LDSHFLAGS = -Wl,-bexpall,-bM:SRE,-bnoentry,-berok LDFLAGS = Compiling nsswitch/pam_winbind.c with -O2 nsswitch/pam_winbind.c: In function `converse': nsswitch/pam_winbind.c:67: warning: passing arg 3 of `pam_get_item' from incompa tible pointer type nsswitch/pam_winbind.c:70: warning: passing arg 2 of pointer to function from in compatible pointer type nsswitch/pam_winbind.c: In function `_make_remark': nsswitch/pam_winbind.c:85: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c: In function `_winbind_read_password': nsswitch/pam_winbind.c:297: warning: passing arg 3 of `pam_get_item' from incomp atible pointer type nsswitch/pam_winbind.c:309: error: `PAM_AUTHTOK_RECOVER_ERR' undeclared (first u se in this function) nsswitch/pam_winbind.c:309: error: (Each undeclared identifier is reported only once nsswitch/pam_winbind.c:309: error: for each function it appears in.) nsswitch/pam_winbind.c:330: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:338: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:344: warning: assignment discards qualifiers from pointer target type nsswitch/pam_winbind.c:402: warning: passing arg 3 of `pam_get_item' from incomp atible pointer type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:417: error: syntax error before int nsswitch/pam_winbind.c: In function `pam_sm_authenticate': nsswitch/pam_winbind.c:428: warning: passing arg 2 of `pam_get_user' from incomp atible pointer type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:461: error: syntax error before int nsswitch/pam_winbind.c:472: error: syntax error before int nsswitch/pam_winbind.c: In function `pam_sm_acct_mgmt': nsswitch/pam_winbind.c:482: warning: passing arg 2 of `pam_get_user' from incomp atible pointer type nsswitch/pam_winbind.c: At top level: nsswitch/pam_winbind.c:518: error: syntax error before int nsswitch/pam_winbind.c:528: error: syntax error before int nsswitch/pam_winbind.c:540: error: syntax error before int nsswitch/pam_winbind.c: In function `pam_sm_chauthtok': nsswitch/pam_winbind.c:559: warning: passing arg 2 of `pam_get_user' from incomp atible pointer type nsswitch/pam_winbind.c:636: warning: passing arg 3 of `pam_get_item' from incomp atible pointer type make: 1254-004 The error code from the last command is 1. Stop. Thanks DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating mandatory profiles (not making profiles mandatory)
Ilia Chipitsine schrieb: Hi, is it possible to create the user profiles by copying a template, change file ownership and modify the SID in NTUSER.DAT using the profile tool? We have many problems with broken profiles. This has become time consuming ^^^ there're few tips which I came to after using roaming profiles for several years, those tips will significately reduce number of problems with roaming profiles: 1) watch that profiles are less than 30Mb (number of files also is important) 2) when user first logs in, if there no profile exists, Default User profile is taken from \\$LOGONSERVER\NETLOGON, so you can have special default profile for new users. otherwise local Default User profile is taken. 3) redirect common folders like Desktop, My Documents out of roaming profile. they can live on network share in user's home directory, but not in the roaming profile. this can be achived either by manipulating registry directly or by using nt4 style domain policies, I can even send You custom ADM template for that. Outlook.pst can also be redirected out of roaming profile. simply move it to another place and start MS Outlook, it will ask You where to find outlook.pst 4) be careful with terminal services. samba doesn't understand separate profiles for terminal services, so you can ruin roaming profile. 5) make sure you are using the same version of Windows on all computers. w2k -- xp can also break many things in profile 6) make sure other things than Windows are the same on all computers. particularly MS Office. 7) You can create profile backup system, put, for example regedit /e \\SERVER\share\%UserName%-of2k3.reg HKEY_CURRENT_USER\Software\Microsoft\Office\11.0 at logon script and after that You can easily delete broken profile and restore required things from backup. 8) xp behave weird on roaming profiles. even if You reqiure delete cached copies of roaming profiles on exit, xp leaves copy and !!! if You delete network copy of roaming profile (in order to create profile from Default User), xp picks up local cached copy. so, in such case You need to remove both network and local cached copy of profile. no idea how to make xp delete it on exit. and frustrating - when a user experiences an error or weird behaviour of an application I can never be sure wether the cause is a wrong user error, a broken profile or defect in installation. If I want all users or groups of users to have the same profile I should be able to create it for them. I already use the default user, but with that I only can make a profile mandatory after the user's first logoff. I could try myself, but I sometimes experience that tricks that work at first and look good have some side effects I didn't think of, so I would appreciate comments from people who tried that, or maybe someone knows why this is rather a bad idea. With kind regards, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Thanks a lot Ilia! We have 200 PC and nearly all have a reborn-card or such, which prevents any lokal changes, so local copies of profiles do not exist. Users log in very often to different Computers and need to have a defined environment i.e. an available profile. I already use a default user-profile and redirected folders (thanks John, the book helped a lot). Nevertheless I feel that I cannot rely on the profiles' integrety once a user had a chance to modify it. Making a registry copy is a good tip, i will use that, at least for some users. But rather than backing up I would very much appreciate to set up a defined profile for each user. I think it would make life a lot easier for me (and the users). I would left capability of changing profiles for users. there's some VFS module for faking read-only access. but I'm afraid You will have even more problems this way. Just regular registry backup (as I suggested) and it will work like charm. You already did the rest :-) With kind regards Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NDS authentication in Samba
Hello, Does anyone know if it is possible to authenticate Novell Directory Service users in Samba? Since Samba works fine with Microsoft ADS, I would think that it should work okay with NDS. Does anyone have any pointers in this regard? Any help is much appreciated! Regards, Carlos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Creating mandatory profiles (not making profiles mandatory)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | 5) make sure you are using the same version of Windows on all computers. | w2k -- xp can also break many things in profile Use %a in your path names to fix this. %a will be replaced with the architecture of your system, i.e. Win2K,WinXP,WinNT etc. etc. Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCAcEL57L0B7uXm9oRAiUBAJ9zjr8eiR08/o4W3AqgfcpgeTq9nQCfd0I5 xiI7TSGlqElu+GvbaUnhEmc= =Jq4t -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Difficulty mapping 2 different drives from a Solaris 8 host using samba by the same XP user
Hi Folks, I have Samba AFSP ver 2.2.8a running on Solaris 8 host and have defined a few filesystem as samba map-able drive, inside smb.conf and also have the smb.map which mapped Unix to XP/NT user, extract of 2 files are shown below: smb.conf: username map = /data/samba/etc/smb.map [alog] comment = ux lg path = /a/log valid users = ugly read only = yes [adata] comment = ux dt path = /a/log/sp/adata valid users = pretty read only = no force user = pretty smb.map ugly = dracula vampire ghost angel pretty = cute baby angel The XP user, angel on her PC can map the drives exclusively on their own. But the problem arrive when she successfully mapped the 1st drive without password, /a/log. she could not map /alog/sp/adata, kept promptng for passoword ?? Is there something I have missed out and kindly advise on how to resolve the above scenario. Thanks. Cheers, Alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
New release : 20050201
There is a new release available of Samba/VMS 2.2.8 at http://www.pi-net.dyndns.org/anonymous/jyc/ Please read that page to know about the changes/fixes of that new release. JY Collot PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r5169 - in branches/SAMBA_4_0/source/script: .
Author: ab Date: 2005-02-02 09:59:01 + (Wed, 02 Feb 2005) New Revision: 5169 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5169 Log: As provisioning script generates everything under $newdb/ directory, put generated domain zone there as well Modified: branches/SAMBA_4_0/source/script/provision.pl Changeset: Modified: branches/SAMBA_4_0/source/script/provision.pl === --- branches/SAMBA_4_0/source/script/provision.pl 2005-02-02 02:22:32 UTC (rev 5168) +++ branches/SAMBA_4_0/source/script/provision.pl 2005-02-02 09:59:01 UTC (rev 5169) @@ -424,9 +424,9 @@ $res = apply_substitutions($data); -print saving dns zone to $newdb/dns.zone ...\n; +print saving dns zone to $newdb/$dnsdomain.zone ...\n; -FileSave($dnsdomain.zone, $res); +FileSave($newdb/$dnsdomain.zone, $res); print creating $newdb/hklm.ldb ... \n;
svn commit: samba r5170 - in branches/SAMBA_4_0/source/lib: .
Author: tridge
Date: 2005-02-02 10:24:47 + (Wed, 02 Feb 2005)
New Revision: 5170
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5170
Log:
fixed a bug handling events that have already timed out - they were
being treated as events that never time out, so they happened on the
next other event
Modified:
branches/SAMBA_4_0/source/lib/events.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/events.c
===
--- branches/SAMBA_4_0/source/lib/events.c 2005-02-02 09:59:01 UTC (rev
5169)
+++ branches/SAMBA_4_0/source/lib/events.c 2005-02-02 10:24:47 UTC (rev
5170)
@@ -223,7 +223,7 @@
struct loop_event *le;
struct timed_event *te, *te_next;
int selrtn;
- struct timeval tval, t;
+ struct timeval tval, t, *tvalp=NULL;
uint32_t destruction_count = ev-destruction_count;
t = timeval_current();
@@ -264,13 +264,13 @@
talloc_free(te);
continue;
}
-
tv = timeval_diff(te-next_event, t);
- if (timeval_is_zero(tval)) {
+ if (tvalp == NULL) {
tval = tv;
} else {
tval = timeval_min(tv, tval);
}
+ tvalp = tval;
}
/* only do a select() if there're fd_events
@@ -290,11 +290,7 @@
* sys_select() with something in the events
* structure - for now just use select()
*/
- if (timeval_is_zero(tval)) {
- selrtn = select(ev-maxfd+1, r_fds, w_fds, NULL,
NULL);
- } else {
- selrtn = select(ev-maxfd+1, r_fds, w_fds, NULL,
tval);
- }
+ selrtn = select(ev-maxfd+1, r_fds, w_fds, NULL, tvalp);
t = timeval_current();
svn commit: samba r5171 - in branches/SAMBA_4_0/source/nbt_server: .
Author: tridge Date: 2005-02-02 10:29:50 + (Wed, 02 Feb 2005) New Revision: 5171 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5171 Log: added support for bind interfaces only in nbtd. The solution was to bind twice on each interface, once using the broadcast address and once using the specific IP. We then only listen on the wildcard address if we don't have bind interface only set. This also happens to simplify the code that finds the right interface for an incoming request. Modified: branches/SAMBA_4_0/source/nbt_server/interfaces.c branches/SAMBA_4_0/source/nbt_server/nbt_server.c branches/SAMBA_4_0/source/nbt_server/nodestatus.c branches/SAMBA_4_0/source/nbt_server/query.c branches/SAMBA_4_0/source/nbt_server/register.c Changeset: Sorry, the patch is too large (300 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5171
svn commit: samba r5172 - in branches/SAMBA_4_0/source/nbt_server: .
Author: tridge
Date: 2005-02-02 10:35:25 + (Wed, 02 Feb 2005)
New Revision: 5172
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5172
Log:
actually bind to the right address for the wildcard interface
Modified:
branches/SAMBA_4_0/source/nbt_server/interfaces.c
Changeset:
Modified: branches/SAMBA_4_0/source/nbt_server/interfaces.c
===
--- branches/SAMBA_4_0/source/nbt_server/interfaces.c 2005-02-02 10:29:50 UTC
(rev 5171)
+++ branches/SAMBA_4_0/source/nbt_server/interfaces.c 2005-02-02 10:35:25 UTC
(rev 5172)
@@ -63,6 +63,7 @@
start listening on the given address
*/
static NTSTATUS nbt_add_socket(struct nbt_server *nbtsrv,
+ const char *bind_address,
const char *address,
const char *bcast,
const char *netmask)
@@ -106,7 +107,7 @@
iface-nbtsock = nbt_name_socket_init(iface, nbtsrv-task-event_ctx);
NT_STATUS_HAVE_NO_MEMORY(iface-ip_address);
- status = socket_listen(iface-nbtsock-sock, address, lp_nbt_port(), 0,
0);
+ status = socket_listen(iface-nbtsock-sock, bind_address,
lp_nbt_port(), 0, 0);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,(Failed to bind to %s:%d - %s\n,
address, lp_nbt_port(), nt_errstr(status)));
@@ -157,6 +158,7 @@
NT_STATUS_HAVE_NO_MEMORY(primary_address);
status = nbt_add_socket(nbtsrv,
+ 0.0.0.0,
primary_address,
talloc_strdup(tmp_ctx,
255.255.255.255),
talloc_strdup(tmp_ctx, 0.0.0.0));
@@ -168,7 +170,7 @@
const char *bcast = talloc_strdup(tmp_ctx,
sys_inet_ntoa(*iface_n_bcast(i)));
const char *netmask = talloc_strdup(tmp_ctx,
sys_inet_ntoa(*iface_n_netmask(i)));
- status = nbt_add_socket(nbtsrv, address, bcast, netmask);
+ status = nbt_add_socket(nbtsrv, address, address, bcast,
netmask);
NT_STATUS_NOT_OK_RETURN(status);
}
svn commit: samba r5173 - in branches/SAMBA_4_0/source/script: .
Author: ab Date: 2005-02-02 12:02:16 + (Wed, 02 Feb 2005) New Revision: 5173 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5173 Log: Refer to a proper zone file name in resulting message Modified: branches/SAMBA_4_0/source/script/provision.pl Changeset: Modified: branches/SAMBA_4_0/source/script/provision.pl === --- branches/SAMBA_4_0/source/script/provision.pl 2005-02-02 10:35:25 UTC (rev 5172) +++ branches/SAMBA_4_0/source/script/provision.pl 2005-02-02 12:02:16 UTC (rev 5173) @@ -437,7 +437,7 @@ Installation: - Please move $newdb/*.ldb to the private/ directory of your Samba4 installation -- Please use $newdb/dnsdomain.zone in BIND on your dns server +- Please use $newdb/$dnsdomain.zone in BIND on your dns server ;
svn commit: samba r5174 - in branches/SAMBA_3_0/source: lib param
Author: jerry
Date: 2005-02-02 16:05:55 + (Wed, 02 Feb 2005)
New Revision: 5174
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5174
Log:
ensure that we consistently use the current_user_info.smb_name vs. smb_name
when parsing smb.conf and reloading config files
Modified:
branches/SAMBA_3_0/source/lib/substitute.c
branches/SAMBA_3_0/source/param/loadparm.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/substitute.c
===
--- branches/SAMBA_3_0/source/lib/substitute.c 2005-02-02 12:02:16 UTC (rev
5173)
+++ branches/SAMBA_3_0/source/lib/substitute.c 2005-02-02 16:05:55 UTC (rev
5174)
@@ -135,6 +135,18 @@
}
/***
+ return the current active user name
+***/
+
+const char* get_current_username( void )
+{
+ if ( current_user_info.smb_name[0] == '\0' )
+ return smb_user_name;
+
+ return current_user_info.smb_name;
+}
+
+/***
Given a pointer to a %$(NAME) expand it as an environment variable.
Return the number of characters by which the pointer should be advanced.
Based on code by Branko Cibej [EMAIL PROTECTED]
Modified: branches/SAMBA_3_0/source/param/loadparm.c
===
--- branches/SAMBA_3_0/source/param/loadparm.c 2005-02-02 12:02:16 UTC (rev
5173)
+++ branches/SAMBA_3_0/source/param/loadparm.c 2005-02-02 16:05:55 UTC (rev
5174)
@@ -1584,11 +1584,11 @@
if (!lp_talloc)
lp_talloc = talloc_init(lp_talloc);
- tmpstr = alloc_sub_basic(current_user_info.smb_name, s);
+ tmpstr = alloc_sub_basic(get_current_username(), s);
if (trim_char(tmpstr, '\', '\')) {
if (strchr(tmpstr,'\') != NULL) {
SAFE_FREE(tmpstr);
- tmpstr = alloc_sub_basic(current_user_info.smb_name,s);
+ tmpstr = alloc_sub_basic(get_current_username(),s);
}
}
ret = talloc_strdup(lp_talloc, tmpstr);
@@ -2694,23 +2694,15 @@
BOOL lp_file_list_changed(void)
{
struct file_lists *f = file_lists;
- char *username;
DEBUG(6, (lp_file_list_changed()\n));
- /* get the username for substituion -- preference to the
current_user_info */
- if ( strlen( current_user_info.smb_name ) != 0 )
- username = current_user_info.smb_name;
- else
- username = sub_get_smb_name();
-
-
while (f) {
pstring n2;
time_t mod_time;
pstrcpy(n2, f-name);
- standard_sub_basic( username, n2, sizeof(n2) );
+ standard_sub_basic( get_current_username(), n2, sizeof(n2) );
DEBUGADD(6, (file %s - %s last mod_time: %s\n,
f-name, n2, ctime(f-modtime)));
@@ -2744,7 +2736,7 @@
pstrcpy(netbios_name, pszParmValue);
- standard_sub_basic(current_user_info.smb_name,
netbios_name,sizeof(netbios_name));
+ standard_sub_basic(get_current_username(),
netbios_name,sizeof(netbios_name));
ret = set_global_myname(netbios_name);
string_set(Globals.szNetbiosName,global_myname());
@@ -2800,7 +2792,7 @@
pstring fname;
pstrcpy(fname, pszParmValue);
- standard_sub_basic(current_user_info.smb_name, fname,sizeof(fname));
+ standard_sub_basic(get_current_username(), fname,sizeof(fname));
add_to_file_list(pszParmValue, fname);
@@ -3894,20 +3886,11 @@
pstring n2;
BOOL bRetval;
param_opt_struct *data, *pdata;
- char *username;
pstrcpy(n2, pszFname);
- /* get the username for substituion -- preference to the
current_user_info */
-
- if ( strlen( current_user_info.smb_name ) != 0 ) {
- username = current_user_info.smb_name;
- } else {
- username = sub_get_smb_name();
- }
+ standard_sub_basic( get_current_username(), n2,sizeof(n2) );
- standard_sub_basic( username, n2,sizeof(n2) );
-
add_to_file_list(pszFname, n2);
bRetval = False;
@@ -4046,7 +4029,7 @@
* service names
*/
fstrcpy(serviceName, ServicePtrs[iService]-szService);
- standard_sub_basic(current_user_info.smb_name,
serviceName,sizeof(serviceName));
+ standard_sub_basic(get_current_username(),
serviceName,sizeof(serviceName));
if (strequal(serviceName, pszServiceName))
break;
}
svn commit: samba r5175 - in trunk/source: include lib libads passdb rpc_server
Author: gd Date: 2005-02-02 16:14:57 + (Wed, 02 Feb 2005) New Revision: 5175 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5175 Log: Add pdb_get_seq_num call to ldapsam. This derives the sequence number we hand out in SAMR query_dom_info (level 2 and 8) from the OpenLDAP 2.2 syncrepl contextCSN. This is a perfect solution for the very common situation where posix and samba-accounts reside in OpenLDAP as the contextCSN-timestamp is increased on any change in the DIT. All other LDAP-Servers and passdb-backend continue to hand out time(NULL) as sequence-number. Due to it's dependency to OpenLDAP it must be hand-enabled (evaluating support for syncrepl can't be automated reasonably anyway at the moment): ldapsam:syncrepl_seqnum=True In addition, when using a syncrepl consumer, one needs to set the local replica id (rid): ldapsam:syncrepl_rid=[integer] This mechanism might soon be replaced with another mechanism that Jerry adds while adding sam-replication. Guenther Modified: trunk/source/include/passdb.h trunk/source/lib/smbldap.c trunk/source/lib/time.c trunk/source/libads/ldap.c trunk/source/passdb/pdb_interface.c trunk/source/passdb/pdb_ldap.c trunk/source/rpc_server/srv_samr_nt.c Changeset: Sorry, the patch is too large (432 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5175
svn commit: samba r5176 - in branches/SAMBA_3_0/source/utils: .
Author: idra
Date: 2005-02-02 16:22:59 + (Wed, 02 Feb 2005)
New Revision: 5176
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5176
Log:
Warn the user that print command is ignored when using cups libraries
Modified:
branches/SAMBA_3_0/source/utils/testparm.c
Changeset:
Modified: branches/SAMBA_3_0/source/utils/testparm.c
===
--- branches/SAMBA_3_0/source/utils/testparm.c 2005-02-02 16:14:57 UTC (rev
5175)
+++ branches/SAMBA_3_0/source/utils/testparm.c 2005-02-02 16:22:59 UTC (rev
5176)
@@ -320,6 +320,13 @@
Map system can only work if force
create mode excludes octal 010 (S_IXGRP).\n,
lp_servicename(s) );
}
+#ifdef HAVE_CUPS
+ if (lp_printing(s) == PRINT_CUPS
*(lp_printcommand(s)) != '\0') {
+fprintf(stderr,Warning: Service %s defines a
print command, but \
+print command parameter is ignored when using CUPS libraries.\n,
+ lp_servicename(s) );
+ }
+#endif
}
}
svn commit: samba r5177 - in branches/SAMBA_3_0_RELEASE: . source source/lib source/param source/utils
Author: jerry
Date: 2005-02-02 16:35:57 + (Wed, 02 Feb 2005)
New Revision: 5177
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5177
Log:
more updates in preparation for 3.0.11
Modified:
branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
branches/SAMBA_3_0_RELEASE/source/VERSION
branches/SAMBA_3_0_RELEASE/source/lib/substitute.c
branches/SAMBA_3_0_RELEASE/source/param/loadparm.c
branches/SAMBA_3_0_RELEASE/source/utils/testparm.c
Changeset:
Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt
===
--- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-02-02 16:22:59 UTC (rev
5176)
+++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2005-02-02 16:35:57 UTC (rev
5177)
@@ -70,13 +70,48 @@
commits
---
o Jeremy Allison [EMAIL PROTECTED]
+
+
o Timur Bakeyev [EMAIL PROTECTED]
+* BUG 2263: Guard base64_encode_data_blob() against empty blobs.
+
o Gerald (Jerry) Carter [EMAIL PROTECTED]
+* BUG 2262: Add support in configure.in for *freebsd6*.
+* BUG 2266: Portability fixes for queota code on FreeBSD4.
+* BUG 2264: Remove shutdown and abortshutdown commands from
+ rpcclient in favor of using the same functions in 'net'.
+* BUG 2295: Prevent mbd from returning an emptry servername
+ in certain lanman api calls.
+* BUG 2290: Fix autogen.sh script in examples (based on original
+ patch from Lars Mueller).
+* Fix bug enumerating domain trusts in security = ads.
+* Fix segv in rpcclient's dsenumdomtrusts.
+* Fix bug in expansion of %U and %G in included filesnames.
+
+
o Guenther Deschner [EMAIL PROTECTED]
+
+
o Volker Lendecke [EMAIL PROTECTED]
+
+
+o Jason Mader [EMAIL PROTECTED]
+* BUG 2113, 2289: Remove dead code.
+
+
o Tim Potter [EMAIL PROTECTED]
+* Compile fixes after new setsampwent() API.
+o Richard Renard [EMAIL PROTECTED]
+* Update Netscape DS 5.2 LDAP schema.
+
+
+o Simo Sorce [EMAIL PROTECTED]
+* Log a warning in testparm if a print command is defined for
+ a print service using 'printing = cups'.
+
+
Changes since 3.0.10
Modified: branches/SAMBA_3_0_RELEASE/source/VERSION
===
--- branches/SAMBA_3_0_RELEASE/source/VERSION 2005-02-02 16:22:59 UTC (rev
5176)
+++ branches/SAMBA_3_0_RELEASE/source/VERSION 2005-02-02 16:35:57 UTC (rev
5177)
@@ -39,7 +39,7 @@
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# - 3.0.0rc1 #
-SAMBA_VERSION_RC_RELEASE=1
+SAMBA_VERSION_RC_RELEASE=
# To mark SVN snapshots this should be set to 'yes'#
Modified: branches/SAMBA_3_0_RELEASE/source/lib/substitute.c
===
--- branches/SAMBA_3_0_RELEASE/source/lib/substitute.c 2005-02-02 16:22:59 UTC
(rev 5176)
+++ branches/SAMBA_3_0_RELEASE/source/lib/substitute.c 2005-02-02 16:35:57 UTC
(rev 5177)
@@ -135,6 +135,18 @@
}
/***
+ return the current active user name
+***/
+
+const char* get_current_username( void )
+{
+ if ( current_user_info.smb_name[0] == '\0' )
+ return smb_user_name;
+
+ return current_user_info.smb_name;
+}
+
+/***
Given a pointer to a %$(NAME) expand it as an environment variable.
Return the number of characters by which the pointer should be advanced.
Based on code by Branko Cibej [EMAIL PROTECTED]
Modified: branches/SAMBA_3_0_RELEASE/source/param/loadparm.c
===
--- branches/SAMBA_3_0_RELEASE/source/param/loadparm.c 2005-02-02 16:22:59 UTC
(rev 5176)
+++ branches/SAMBA_3_0_RELEASE/source/param/loadparm.c 2005-02-02 16:35:57 UTC
(rev 5177)
@@ -1584,11 +1584,11 @@
if (!lp_talloc)
lp_talloc = talloc_init(lp_talloc);
- tmpstr = alloc_sub_basic(current_user_info.smb_name, s);
+ tmpstr = alloc_sub_basic(get_current_username(), s);
if (trim_char(tmpstr, '\', '\')) {
if (strchr(tmpstr,'\') != NULL) {
SAFE_FREE(tmpstr);
- tmpstr = alloc_sub_basic(current_user_info.smb_name,s);
+ tmpstr = alloc_sub_basic(get_current_username(),s);
}
}
ret = talloc_strdup(lp_talloc, tmpstr);
@@ -2694,23 +2694,15 @@
BOOL lp_file_list_changed(void)
{
struct file_lists *f = file_lists;
- char *username;
DEBUG(6, (lp_file_list_changed()\n));
- /* get the username for substituion -- preference to the
current_user_info */
- if (
svn commit: samba-docs r346 - in trunk/manpages: .
Author: jerry Date: 2005-02-02 16:42:59 + (Wed, 02 Feb 2005) New Revision: 346 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=346 Log: adding basic docs to net(8) about 'net rpc rights' Modified: trunk/manpages/net.8.xml Changeset: Modified: trunk/manpages/net.8.xml === --- trunk/manpages/net.8.xml2005-02-01 13:01:10 UTC (rev 345) +++ trunk/manpages/net.8.xml2005-02-02 16:42:59 UTC (rev 346) @@ -734,6 +734,18 @@ /refsect3 +refsect3 +titleRPC RIGHTS/title + +paraThis subcommand is used to view and manage Samba's rights assignments (also +referred to as privileges). There are three options current available: +parameterlist/parameter, parametergrant/parameter, and +parameterrevoke/parameter. More details on Samba's privilege model and its use +can be found in the Samba-HOWTO-Collection./para + +/refsect3 + + /refsect2 refsect2
svn commit: samba r5178 - in trunk/source/web: .
Author: deryck
Date: 2005-02-02 17:59:51 + (Wed, 02 Feb 2005)
New Revision: 5178
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5178
Log:
Add -P (password-menu-only) option to swat. Admins can allow users
to use swat to change their password without allowing them to see
the View and Status buttons.
deryck
Modified:
trunk/source/web/swat.c
Changeset:
Modified: trunk/source/web/swat.c
===
--- trunk/source/web/swat.c 2005-02-02 16:35:57 UTC (rev 5177)
+++ trunk/source/web/swat.c 2005-02-02 17:59:51 UTC (rev 5178)
@@ -32,6 +32,7 @@
#include web/swat_proto.h
static BOOL demo_mode = False;
+static BOOL passwd_only = False;
static BOOL have_write_access = False;
static BOOL have_read_access = False;
static int iNumNonAutoPrintServices = 0;
@@ -530,7 +531,8 @@
image_link(_(Printers), printers, images/printers.gif);
image_link(_(Wizard), wizard, images/wizard.gif);
}
- if (have_read_access) {
+ /* root always gets all buttons, otherwise look for -P */
+ if ( have_write_access || (!passwd_only have_read_access) ) {
image_link(_(Status), status, images/status.gif);
image_link(_(View Config), viewconfig,
images/viewconfig.gif);
}
@@ -1315,6 +1317,7 @@
struct poptOption long_options[] = {
POPT_AUTOHELP
{ disable-authentication, 'a', POPT_ARG_VAL, demo_mode,
True, Disable authentication (demo mode) },
+{ password-menu-only, 'P', POPT_ARG_VAL, passwd_only, True, Show
only change password menu },
POPT_COMMON_SAMBA
POPT_TABLEEND
};
svn commit: samba r5179 - in branches/SAMBA_3_0/source/web: .
Author: deryck
Date: 2005-02-02 18:01:11 + (Wed, 02 Feb 2005)
New Revision: 5179
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5179
Log:
Add -P (password-menu-only) option to swat. Admins can allow users
to use swat to change their password without allowing them to see
the View and Status buttons.
deryck
Modified:
branches/SAMBA_3_0/source/web/swat.c
Changeset:
Modified: branches/SAMBA_3_0/source/web/swat.c
===
--- branches/SAMBA_3_0/source/web/swat.c2005-02-02 17:59:51 UTC (rev
5178)
+++ branches/SAMBA_3_0/source/web/swat.c2005-02-02 18:01:11 UTC (rev
5179)
@@ -32,6 +32,7 @@
#include web/swat_proto.h
static BOOL demo_mode = False;
+static BOOL passwd_only = False;
static BOOL have_write_access = False;
static BOOL have_read_access = False;
static int iNumNonAutoPrintServices = 0;
@@ -530,7 +531,8 @@
image_link(_(Printers), printers, images/printers.gif);
image_link(_(Wizard), wizard, images/wizard.gif);
}
- if (have_read_access) {
+ /* root always gets all buttons, otherwise look for -P */
+ if ( have_write_access || (!passwd_only have_read_access) ) {
image_link(_(Status), status, images/status.gif);
image_link(_(View Config), viewconfig,
images/viewconfig.gif);
}
@@ -1315,6 +1317,7 @@
struct poptOption long_options[] = {
POPT_AUTOHELP
{ disable-authentication, 'a', POPT_ARG_VAL, demo_mode,
True, Disable authentication (demo mode) },
+{ password-menu-only, 'P', POPT_ARG_VAL, passwd_only, True, Show
only change password menu },
POPT_COMMON_SAMBA
POPT_TABLEEND
};
svn commit: samba r5180 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: gd
Date: 2005-02-02 20:11:37 + (Wed, 02 Feb 2005)
New Revision: 5180
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5180
Log:
Call the add machine script to create all kinds of trust accounts
(this restores old behaviour). Fixes #2291.
Guenther
Modified:
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
trunk/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-02-02 18:01:11 UTC
(rev 5179)
+++ branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c 2005-02-02 20:11:37 UTC
(rev 5180)
@@ -2259,7 +2259,7 @@
pw = Get_Pwnam(account);
/* determine which user right we need to check based on the acb_info */
- if ( acb_info == ACB_WSTRUST ) {
+ if ( acb_info (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) {
se_priv_copy( se_rights, se_machine_account );
pstrcpy(add_script, lp_addmachine_script());
}
Modified: trunk/source/rpc_server/srv_samr_nt.c
===
--- trunk/source/rpc_server/srv_samr_nt.c 2005-02-02 18:01:11 UTC (rev
5179)
+++ trunk/source/rpc_server/srv_samr_nt.c 2005-02-02 20:11:37 UTC (rev
5180)
@@ -2382,7 +2382,7 @@
pw = Get_Pwnam(account);
/* determine which user right we need to check based on the acb_info */
- if ( acb_info == ACB_WSTRUST ) {
+ if ( acb_info (ACB_WSTRUST|ACB_SVRTRUST|ACB_DOMTRUST)) {
se_priv_copy( se_rights, se_machine_account );
pstrcpy(add_script, lp_addmachine_script());
}
svn commit: samba r5181 - in trunk/source: . include lib rpc_parse rpc_server smbd
Author: jerry Date: 2005-02-02 22:22:39 + (Wed, 02 Feb 2005) New Revision: 5181 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5181 Log: Started playing with the Sync with PDC option in User Manager. Needed to implement some of the \svcctl pipe to get to the netlogon calls. Still need to finish the _svcctl_get_display_name() call but smbd at least allows rpc_binds and the parsing seems to be working ok. Added: trunk/source/include/rpc_svcctl.h trunk/source/rpc_parse/parse_svcctl.c trunk/source/rpc_server/srv_svcctl.c trunk/source/rpc_server/srv_svcctl_nt.c Modified: trunk/source/Makefile.in trunk/source/configure.in trunk/source/include/ntdomain.h trunk/source/include/smb.h trunk/source/lib/privileges.c trunk/source/rpc_parse/parse_rpc.c trunk/source/rpc_server/srv_pipe.c trunk/source/smbd/nttrans.c Changeset: Sorry, the patch is too large (655 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5181
svn commit: samba-docs r347 - in trunk/manpages: .
Author: deryck Date: 2005-02-02 22:45:07 + (Wed, 02 Feb 2005) New Revision: 347 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=347 Log: Adding info on the '-P' option I added to swat. deryck Modified: trunk/manpages/swat.8.xml Changeset: Modified: trunk/manpages/swat.8.xml === --- trunk/manpages/swat.8.xml 2005-02-02 16:42:59 UTC (rev 346) +++ trunk/manpages/swat.8.xml 2005-02-02 22:45:07 UTC (rev 347) @@ -71,6 +71,14 @@ server. /emphasis/para/listitem /varlistentry + varlistentry + term-P/term + listitemparaThis option restricts read-only users to the password +management page. commandswat/command can then be used to change +user passwords without users seeing the View and Status menu +buttons./para/listitem + /varlistentry + popt.common.samba; stdarg.help;
Build status as of Thu Feb 3 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-02-02 00:00:17.0 + +++ /home/build/master/cache/broken_results.txt 2005-02-03 00:00:20.0 + @@ -1,20 +1,21 @@ -Build status as of Wed Feb 2 00:00:02 2005 +Build status as of Thu Feb 3 00:00:02 2005 Build counts: Tree Total Broken Panic -ccache 37 5 0 +ccache 38 5 0 distcc 38 4 0 ppp 21 4 0 rsync37 3 0 samba1 1 1 samba-docs 0 0 0 -samba4 40 11 0 -samba_3_036 9 1 +samba4 40 12 0 +samba_3_037 10 1 Currently broken builds: Host Tree Compiler Status mungerasamba_3_0gccok/ok/ok/ 2/PANIC cyberone samba4 gccok/ 2/?/? +cyberone samba_3_0gcc 1/?/?/? fusberta samba4 gccok/ 2/?/? rhonwynsamba4 gcc-4.0ok/ 2/?/? rhonwynsamba_3_0gcc-4.0ok/ 2/?/? @@ -24,9 +25,11 @@ gc8samba4 gccok/ 1/?/? aretnapccache iccok/ok/ok/ 1 aretnapsamba4 iccok/ 1/?/? +gc4samba4 gcc 127/?/?/? smartserv1 samba_3_0gcc-4.0ok/ok/ok/ 2 gwen distcc cc ok/ 1/?/? gwen samba4 cc ok/ 1/?/? +gwen samba_3_0cc ok/ok/ok/ 1 us4samba_3_0cc ok/ 1/?/? us4samba_3_0gccok/ 1/?/? flock samba4 gccok/ 1/?/? @@ -37,7 +40,6 @@ sol10 samba4 gccok/ 1/?/? sun1 samba4 cc ok/ 2/?/? sun1 samba_3_0cc ok/ 2/?/? -sun1 samba_3_0gccok/ok/ok/ 1 Isis ccache cc 77/?/?/? Isis distcc cc 77/?/?/? Isis rsynccc 77/?/?/?
svn commit: samba r5182 - in trunk/source/passdb: .
Author: gd
Date: 2005-02-03 00:21:55 + (Thu, 03 Feb 2005)
New Revision: 5182
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5182
Log:
Fix wrong cast.
Guenther
Modified:
trunk/source/passdb/pdb_ldap.c
Changeset:
Modified: trunk/source/passdb/pdb_ldap.c
===
--- trunk/source/passdb/pdb_ldap.c 2005-02-02 22:22:39 UTC (rev 5181)
+++ trunk/source/passdb/pdb_ldap.c 2005-02-03 00:21:55 UTC (rev 5182)
@@ -295,7 +295,7 @@
goto done;
}
- values = ldap_get_values(ldap_state-smbldap_state-ldap_struct, entry,
(char *)attrs[0]);
+ values = ldap_get_values(ldap_state-smbldap_state-ldap_struct, entry,
attrs[0]);
if (values == NULL) {
DEBUG(3,(ldapsam_get_seq_num: no values\n));
goto done;
@@ -317,7 +317,7 @@
if (!strncmp(p, csn=, strlen(csn=)))
p += strlen(csn=);
- DEBUG(10,(ldapsam_get_seq_num: got %s: %s\n, (char *)attrs[0], p));
+ DEBUG(10,(ldapsam_get_seq_num: got %s: %s\n, attrs[0], p));
*seq_num = generalized_to_unix_time(p);
svn commit: samba-docs r348 - in trunk/manpages: .
Author: jelmer Date: 2005-02-03 00:42:10 + (Thu, 03 Feb 2005) New Revision: 348 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=348 Log: Add -P to synopsis Modified: trunk/manpages/swat.8.xml Changeset: Modified: trunk/manpages/swat.8.xml === --- trunk/manpages/swat.8.xml 2005-02-02 22:45:07 UTC (rev 347) +++ trunk/manpages/swat.8.xml 2005-02-03 00:42:10 UTC (rev 348) @@ -21,6 +21,7 @@ commandswat/command arg choice=opt-s lt;smb config filegt;/arg arg choice=opt-a/arg + arg choice=opt-P/arg /cmdsynopsis /refsynopsisdiv
svn commit: samba r5183 - in branches/SAMBA_3_0/source/smbd: .
Author: jra
Date: 2005-02-03 02:02:54 + (Thu, 03 Feb 2005)
New Revision: 5183
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5183
Log:
Ensure we correctly set the per-connection case_sensitive setting.
Rename dptrs_open to the more correct dirhandles_open.
Remove old #if 1.
Jeremy.
Modified:
branches/SAMBA_3_0/source/smbd/dir.c
branches/SAMBA_3_0/source/smbd/filename.c
branches/SAMBA_3_0/source/smbd/service.c
Changeset:
Modified: branches/SAMBA_3_0/source/smbd/dir.c
===
--- branches/SAMBA_3_0/source/smbd/dir.c2005-02-03 00:21:55 UTC (rev
5182)
+++ branches/SAMBA_3_0/source/smbd/dir.c2005-02-03 02:02:54 UTC (rev
5183)
@@ -57,7 +57,7 @@
static struct bitmap *dptr_bmap;
static struct dptr_struct *dirptrs;
-static int dptrs_open = 0;
+static int dirhandles_open = 0;
#define INVALID_DPTR_KEY (-3)
@@ -135,7 +135,7 @@
for(dptr = dirptrs; dptr; dptr = dptr-next) {
if(dptr-dnum == key) {
if (!forclose !dptr-dir_hnd) {
- if (dptrs_open = MAX_OPEN_DIRECTORIES)
+ if (dirhandles_open = MAX_OPEN_DIRECTORIES)
dptr_idleoldest();
DEBUG(4,(dptr_get: Reopening dptr key
%d\n,key));
if (!(dptr-dir_hnd = OpenDir(dptr-conn,
dptr-path))) {
@@ -385,7 +385,7 @@
string_set(conn-dirpath,dir2);
- if (dptrs_open = MAX_OPEN_DIRECTORIES)
+ if (dirhandles_open = MAX_OPEN_DIRECTORIES)
dptr_idleoldest();
dptr = SMB_MALLOC_P(struct dptr_struct);
@@ -968,7 +968,7 @@
goto fail;
}
- dptrs_open++;
+ dirhandles_open++;
return dirp;
fail:
@@ -1004,7 +1004,7 @@
}
SAFE_FREE(dirp-name_cache);
SAFE_FREE(dirp);
- dptrs_open--;
+ dirhandles_open--;
return ret;
}
Modified: branches/SAMBA_3_0/source/smbd/filename.c
===
--- branches/SAMBA_3_0/source/smbd/filename.c 2005-02-03 00:21:55 UTC (rev
5182)
+++ branches/SAMBA_3_0/source/smbd/filename.c 2005-02-03 02:02:54 UTC (rev
5183)
@@ -150,11 +150,7 @@
pstrcpy(saved_last_component, name);
}
-#if 1
if (!conn-case_preserve || (mangle_is_8_3(name, False)
!conn-short_case_preserve))
-#else
- if (!conn-case_sensitive (!conn-case_preserve ||
(mangle_is_8_3(name, False) !conn-short_case_preserve)))
-#endif
strnorm(name, lp_defaultcase(SNUM(conn)));
start = name;
Modified: branches/SAMBA_3_0/source/smbd/service.c
===
--- branches/SAMBA_3_0/source/smbd/service.c2005-02-03 00:21:55 UTC (rev
5182)
+++ branches/SAMBA_3_0/source/smbd/service.c2005-02-03 02:02:54 UTC (rev
5183)
@@ -60,17 +60,26 @@
last_flags = flags;
/* Obey the client case sensitivity requests - only for clients that
support it. */
- if (lp_casesensitive(snum) == Auto) {
- /* We need this uglyness due to DOS/Win9x clients that lie
about case insensitivity. */
- enum remote_arch_types ra_type = get_remote_arch();
- if ((ra_type != RA_SAMBA) (ra_type != RA_CIFSFS)) {
- /* Client can't support per-packet case sensitive
pathnames. */
+ switch (lp_casesensitive(snum)) {
+ case Auto:
+ {
+ /* We need this uglyness due to DOS/Win9x
clients that lie about case insensitivity. */
+ enum remote_arch_types ra_type =
get_remote_arch();
+ if ((ra_type != RA_SAMBA) (ra_type !=
RA_CIFSFS)) {
+ /* Client can't support per-packet case
sensitive pathnames. */
+ conn-case_sensitive = False;
+ } else {
+ conn-case_sensitive = !(flags
FLAG_CASELESS_PATHNAMES);
+ }
+ }
+ break;
+ case True:
+ conn-case_sensitive = True;
+ break;
+ default:
conn-case_sensitive = False;
- } else {
- conn-case_sensitive = !(flags
FLAG_CASELESS_PATHNAMES);
- }
+ break;
}
-
magic_char = lp_magicchar(snum);
return(True);
}
svn commit: samba r5184 - in trunk/source/smbd: .
Author: jra
Date: 2005-02-03 02:03:01 + (Thu, 03 Feb 2005)
New Revision: 5184
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5184
Log:
Ensure we correctly set the per-connection case_sensitive setting.
Rename dptrs_open to the more correct dirhandles_open.
Remove old #if 1.
Jeremy.
Modified:
trunk/source/smbd/dir.c
trunk/source/smbd/filename.c
trunk/source/smbd/service.c
Changeset:
Modified: trunk/source/smbd/dir.c
===
--- trunk/source/smbd/dir.c 2005-02-03 02:02:54 UTC (rev 5183)
+++ trunk/source/smbd/dir.c 2005-02-03 02:03:01 UTC (rev 5184)
@@ -57,7 +57,7 @@
static struct bitmap *dptr_bmap;
static struct dptr_struct *dirptrs;
-static int dptrs_open = 0;
+static int dirhandles_open = 0;
#define INVALID_DPTR_KEY (-3)
@@ -135,7 +135,7 @@
for(dptr = dirptrs; dptr; dptr = dptr-next) {
if(dptr-dnum == key) {
if (!forclose !dptr-dir_hnd) {
- if (dptrs_open = MAX_OPEN_DIRECTORIES)
+ if (dirhandles_open = MAX_OPEN_DIRECTORIES)
dptr_idleoldest();
DEBUG(4,(dptr_get: Reopening dptr key
%d\n,key));
if (!(dptr-dir_hnd = OpenDir(dptr-conn,
dptr-path))) {
@@ -385,7 +385,7 @@
string_set(conn-dirpath,dir2);
- if (dptrs_open = MAX_OPEN_DIRECTORIES)
+ if (dirhandles_open = MAX_OPEN_DIRECTORIES)
dptr_idleoldest();
dptr = SMB_MALLOC_P(struct dptr_struct);
@@ -968,7 +968,7 @@
goto fail;
}
- dptrs_open++;
+ dirhandles_open++;
return dirp;
fail:
@@ -1004,7 +1004,7 @@
}
SAFE_FREE(dirp-name_cache);
SAFE_FREE(dirp);
- dptrs_open--;
+ dirhandles_open--;
return ret;
}
Modified: trunk/source/smbd/filename.c
===
--- trunk/source/smbd/filename.c2005-02-03 02:02:54 UTC (rev 5183)
+++ trunk/source/smbd/filename.c2005-02-03 02:03:01 UTC (rev 5184)
@@ -150,11 +150,7 @@
pstrcpy(saved_last_component, name);
}
-#if 1
if (!conn-case_preserve || (mangle_is_8_3(name, False)
!conn-short_case_preserve))
-#else
- if (!conn-case_sensitive (!conn-case_preserve ||
(mangle_is_8_3(name, False) !conn-short_case_preserve)))
-#endif
strnorm(name, lp_defaultcase(SNUM(conn)));
start = name;
Modified: trunk/source/smbd/service.c
===
--- trunk/source/smbd/service.c 2005-02-03 02:02:54 UTC (rev 5183)
+++ trunk/source/smbd/service.c 2005-02-03 02:03:01 UTC (rev 5184)
@@ -60,17 +60,26 @@
last_flags = flags;
/* Obey the client case sensitivity requests - only for clients that
support it. */
- if (lp_casesensitive(snum) == Auto) {
- /* We need this uglyness due to DOS/Win9x clients that lie
about case insensitivity. */
- enum remote_arch_types ra_type = get_remote_arch();
- if ((ra_type != RA_SAMBA) (ra_type != RA_CIFSFS)) {
- /* Client can't support per-packet case sensitive
pathnames. */
+ switch (lp_casesensitive(snum)) {
+ case Auto:
+ {
+ /* We need this uglyness due to DOS/Win9x
clients that lie about case insensitivity. */
+ enum remote_arch_types ra_type =
get_remote_arch();
+ if ((ra_type != RA_SAMBA) (ra_type !=
RA_CIFSFS)) {
+ /* Client can't support per-packet case
sensitive pathnames. */
+ conn-case_sensitive = False;
+ } else {
+ conn-case_sensitive = !(flags
FLAG_CASELESS_PATHNAMES);
+ }
+ }
+ break;
+ case True:
+ conn-case_sensitive = True;
+ break;
+ default:
conn-case_sensitive = False;
- } else {
- conn-case_sensitive = !(flags
FLAG_CASELESS_PATHNAMES);
- }
+ break;
}
-
magic_char = lp_magicchar(snum);
return(True);
}
svn commit: samba r5185 - in branches/SAMBA_4_0/source: include ldap_server lib lib/messaging libcli libcli/composite libcli/nbt libcli/raw libcli/resolve librpc/rpc nbt_server ntvfs/cifs ntvfs/posix rpc_server rpc_server/echo smb_server smbd torture/local torture/nbt torture/raw torture/rpc winbind
Author: tridge Date: 2005-02-03 02:35:52 + (Thu, 03 Feb 2005) New Revision: 5185 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5185 Log: make all the events data structures private to events.c. This will make it possible to add optimisations to the events code such as keeping the next timed event in a sorted list, and using epoll for file descriptor events. I also removed the loop events code, as it wasn't being used anywhere, and changed timed events to always be one-shot (as adding a new timed event in the event handler is so easy to do if needed) Modified: branches/SAMBA_4_0/source/include/events.h branches/SAMBA_4_0/source/ldap_server/ldap_server.c branches/SAMBA_4_0/source/lib/basic.mk branches/SAMBA_4_0/source/lib/events.c branches/SAMBA_4_0/source/lib/messaging/messaging.c branches/SAMBA_4_0/source/libcli/composite/composite.c branches/SAMBA_4_0/source/libcli/config.mk branches/SAMBA_4_0/source/libcli/nbt/nbtsocket.c branches/SAMBA_4_0/source/libcli/raw/clisocket.c branches/SAMBA_4_0/source/libcli/raw/clitransport.c branches/SAMBA_4_0/source/libcli/raw/rawrequest.c branches/SAMBA_4_0/source/libcli/resolve/host.c branches/SAMBA_4_0/source/libcli/resolve/resolve.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_sock.c branches/SAMBA_4_0/source/nbt_server/register.c branches/SAMBA_4_0/source/ntvfs/cifs/vfs_cifs.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_wait.c branches/SAMBA_4_0/source/rpc_server/dcerpc_server.c branches/SAMBA_4_0/source/rpc_server/dcerpc_sock.c branches/SAMBA_4_0/source/rpc_server/echo/rpc_echo.c branches/SAMBA_4_0/source/smb_server/request.c branches/SAMBA_4_0/source/smb_server/smb_server.c branches/SAMBA_4_0/source/smbd/process_model.c branches/SAMBA_4_0/source/smbd/process_model.h branches/SAMBA_4_0/source/smbd/server.c branches/SAMBA_4_0/source/smbd/service_stream.c branches/SAMBA_4_0/source/torture/local/messaging.c branches/SAMBA_4_0/source/torture/nbt/query.c branches/SAMBA_4_0/source/torture/raw/composite.c branches/SAMBA_4_0/source/torture/rpc/echo.c branches/SAMBA_4_0/source/torture/rpc/netlogon.c branches/SAMBA_4_0/source/winbind/wb_server.c Changeset: Sorry, the patch is too large (1650 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5185
svn commit: samba r5186 - in trunk/source: include rpc_parse rpc_server
Author: jerry
Date: 2005-02-03 03:54:30 + (Thu, 03 Feb 2005)
New Revision: 5186
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5186
Log:
hard code the reply for the NETLOGON service
in _svcctl_get_display_name() in order to get
farther along in the dance with Srvmgr.exe
Add in parsing code for svcctl_open_service()
Modified:
trunk/source/include/rpc_svcctl.h
trunk/source/rpc_parse/parse_svcctl.c
trunk/source/rpc_server/srv_svcctl.c
trunk/source/rpc_server/srv_svcctl_nt.c
Changeset:
Modified: trunk/source/include/rpc_svcctl.h
===
--- trunk/source/include/rpc_svcctl.h 2005-02-03 02:35:52 UTC (rev 5185)
+++ trunk/source/include/rpc_svcctl.h 2005-02-03 03:54:30 UTC (rev 5186)
@@ -27,6 +27,7 @@
#define SVCCTL_CLOSE_SERVICE 0x00
#define SVCCTL_OPEN_SCMANAGER 0x0f
+#define SVCCTL_OPEN_SERVICE0x10
#define SVCCTL_START_SERVICE 0x13
#define SVCCTL_GET_DISPLAY_NAME0x14
@@ -66,6 +67,17 @@
NTSTATUS status;
} SVCCTL_R_GET_DISPLAY_NAME;
+typedef struct _svcctl_q_open_service {
+ POLICY_HND handle;
+ UNISTR2 servicename;
+ uint32 access_mask;
+} SVCCTL_Q_OPEN_SERVICE;
+typedef struct _svcctl_r_open_service {
+ POLICY_HND handle;
+ NTSTATUS status;
+} SVCCTL_R_OPEN_SERVICE;
+
+
#endif /* _RPC_SVCCTL_H */
Modified: trunk/source/rpc_parse/parse_svcctl.c
===
--- trunk/source/rpc_parse/parse_svcctl.c 2005-02-03 02:35:52 UTC (rev
5185)
+++ trunk/source/rpc_parse/parse_svcctl.c 2005-02-03 03:54:30 UTC (rev
5186)
@@ -157,6 +157,17 @@
/***
/
+BOOL init_svcctl_r_get_display_name( SVCCTL_R_GET_DISPLAY_NAME *r_u, const
char *displayname )
+{
+ r_u-display_name_len = strlen(displayname);
+ init_unistr2( r_u-displayname, displayname, UNI_STR_TERMINATE );
+
+ return True;
+}
+
+/***
+/
+
BOOL svcctl_io_r_get_display_name(const char *desc, SVCCTL_R_GET_DISPLAY_NAME
*r_u, prs_struct *ps, int depth)
{
if (r_u == NULL)
@@ -184,3 +195,57 @@
return True;
}
+
+/***
+/
+
+BOOL svcctl_io_q_open_service(const char *desc, SVCCTL_Q_OPEN_SERVICE *q_u,
prs_struct *ps, int depth)
+{
+ if (q_u == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, svcctl_io_q_open_service);
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!smb_io_pol_hnd(scm_pol, q_u-handle, ps, depth))
+ return False;
+
+ if(!smb_io_unistr2(, q_u-servicename, 1, ps, depth))
+ return False;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32(access_mask, ps, depth, q_u-access_mask))
+ return False;
+
+ return True;
+}
+
+/***
+/
+
+BOOL svcctl_io_r_open_service(const char *desc, SVCCTL_R_OPEN_SERVICE *r_u,
prs_struct *ps, int depth)
+{
+ if (r_u == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, svcctl_io_r_open_service);
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+
+ if(!smb_io_pol_hnd(service_pol, r_u-handle, ps, depth))
+ return False;
+
+ if(!prs_ntstatus(status, ps, depth, r_u-status))
+ return False;
+
+ return True;
+}
+
Modified: trunk/source/rpc_server/srv_svcctl.c
===
--- trunk/source/rpc_server/srv_svcctl.c2005-02-03 02:35:52 UTC (rev
5185)
+++ trunk/source/rpc_server/srv_svcctl.c2005-02-03 03:54:30 UTC (rev
5186)
@@ -77,6 +77,30 @@
/***
/
+static BOOL api_svcctl_open_service(pipes_struct *p)
+{
+ SVCCTL_Q_OPEN_SERVICE q_u;
+ SVCCTL_R_OPEN_SERVICE r_u;
+ prs_struct *data = p-in_data.data;
+ prs_struct *rdata = p-out_data.rdata;
+
+ ZERO_STRUCT(q_u);
+ ZERO_STRUCT(r_u);
+
+ if(!svcctl_io_q_open_service(, q_u, data, 0))
+ return False;
+
+ r_u.status = _svcctl_open_service(p, q_u, r_u);
+
+ if(!svcctl_io_r_open_service(, r_u, rdata, 0))
+ return False;
+
+ return True;
+}
+
svn commit: samba r5187 - in branches/SAMBA_4_0/source: include lib
Author: tridge
Date: 2005-02-03 04:02:48 + (Thu, 03 Feb 2005)
New Revision: 5187
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5187
Log:
ordered the timed events in the events code, which makes processing
events much more efficient (no linked lists need to be traversed, so
large numbers of timers are no problem)
Modified:
branches/SAMBA_4_0/source/include/dlinklist.h
branches/SAMBA_4_0/source/lib/events.c
Changeset:
Modified: branches/SAMBA_4_0/source/include/dlinklist.h
===
--- branches/SAMBA_4_0/source/include/dlinklist.h 2005-02-03 03:54:30 UTC
(rev 5186)
+++ branches/SAMBA_4_0/source/include/dlinklist.h 2005-02-03 04:02:48 UTC
(rev 5187)
@@ -71,23 +71,15 @@
} \
} while (0)
-/* demote an element to the end of the list, needs a tmp pointer */
-#define DLIST_DEMOTE(list, p, tmp) \
+/* insert 'p' after the given element 'el' in a list. If el is NULL then
+ this is the same as a DLIST_ADD() */
+#define DLIST_ADD_AFTER(list, p, el) \
do { \
- DLIST_REMOVE(list, p); \
- DLIST_ADD_END(list, p, tmp); \
+if (!(list) || !(el)) { \
+ DLIST_ADD(list, p); \
+ } else { \
+ p-prev = el; \
+ p-next = el-next; \
+ el-next = p; \
+ }\
} while (0)
-
-/* concatenate two lists - putting all elements of the 2nd list at the
- end of the first list */
-#define DLIST_CONCATENATE(list1, list2, type) \
-do { \
- if (!(list1)) { \
- (list1) = (list2); \
- } else { \
- type tmp; \
- for (tmp = (list1); tmp-next; tmp = tmp-next) ; \
- tmp-next = (list2); \
- (list2)-prev = tmp; \
- } \
-} while (0)
Modified: branches/SAMBA_4_0/source/lib/events.c
===
--- branches/SAMBA_4_0/source/lib/events.c 2005-02-03 03:54:30 UTC (rev
5186)
+++ branches/SAMBA_4_0/source/lib/events.c 2005-02-03 04:02:48 UTC (rev
5187)
@@ -200,7 +200,6 @@
{
struct timed_event *te = talloc_get_type(ptr, struct timed_event);
DLIST_REMOVE(te-event_ctx-timed_events, te);
- te-event_ctx-destruction_count++;
return 0;
}
@@ -213,19 +212,32 @@
event_timed_handler_t handler,
void *private)
{
- struct timed_event *e = talloc(ev, struct timed_event);
- if (!e) return NULL;
+ struct timed_event *te, *e;
+ e = talloc(mem_ctx?mem_ctx:ev, struct timed_event);
+ if (e == NULL) return NULL;
+
e-event_ctx = ev;
e-next_event = next_event;
e-handler= handler;
e-private= private;
- DLIST_ADD(ev-timed_events, e);
- talloc_set_destructor(e, event_timed_destructor);
- if (mem_ctx) {
- talloc_steal(mem_ctx, e);
+ /* keep the list ordered */
+ if (ev-timed_events == NULL ||
+ timeval_compare(e-next_event, ev-timed_events-next_event) 0)
{
+ DLIST_ADD(ev-timed_events, e);
+ } else {
+ for (te=ev-timed_events;te te-next;te=te-next) {
+ if (!timeval_is_zero(te-next_event)
+ timeval_compare(te-next_event, e-next_event)
0) {
+ break;
+ }
+ }
+ DLIST_ADD_AFTER(ev-timed_events, e, te);
}
+
+ talloc_set_destructor(e, event_timed_destructor);
+
return e;
}
@@ -236,9 +248,8 @@
{
fd_set r_fds, w_fds;
struct fd_event *fe;
- struct timed_event *te, *te_next;
int selrtn;
- struct timeval tval, t, *tvalp;
+ struct timeval tval, *tvalp;
uint32_t destruction_count = ev-destruction_count;
FD_ZERO(r_fds);
@@ -257,88 +268,65 @@
}
tvalp = NULL;
- t = timeval_current();
/* work out the right timeout for all timed events */
- for (te=ev-timed_events;te;te=te_next) {
- struct timeval tv;
- te_next = te-next;
- if (timeval_is_zero(te-next_event)) {
- talloc_free(te);
- continue;
- }
- tv = timeval_diff(te-next_event, t);
- if (tvalp == NULL) {
- tval = tv;
- } else {
- tval = timeval_min(tv, tval);
- }
+ if (ev-timed_events) {
+ struct timeval t = timeval_current();
+ tval = timeval_diff(ev-timed_events-next_event, t);
tvalp = tval;
}
- /* only do a select() if there're fd_events
-* otherwise we would block for a the time in tval,
-
svn commit: samba r5188 - in branches/SAMBA_4_0/source/build/smb_build: .
Author: tpot Date: 2005-02-03 04:03:24 + (Thu, 03 Feb 2005) New Revision: 5188 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5188 Log: Add config.mk file for swig. Modified: branches/SAMBA_4_0/source/build/smb_build/main.pm Changeset: Modified: branches/SAMBA_4_0/source/build/smb_build/main.pm === --- branches/SAMBA_4_0/source/build/smb_build/main.pm 2005-02-03 04:02:48 UTC (rev 5187) +++ branches/SAMBA_4_0/source/build/smb_build/main.pm 2005-02-03 04:03:24 UTC (rev 5188) @@ -57,6 +57,7 @@ libcli/libsmb.mk, libcli/config.mk, libcli/security/config.mk + scripting/swig/config.mk, ); $| = 1;
svn commit: samba r5189 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: tridge
Date: 2005-02-03 04:03:28 + (Thu, 03 Feb 2005)
New Revision: 5189
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5189
Log:
fixed a double free bug in the ltdb indexing code
Modified:
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2005-02-03
04:03:24 UTC (rev 5188)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2005-02-03
04:03:28 UTC (rev 5189)
@@ -209,7 +209,6 @@
list-dn[list-count] =
talloc_strdup(list-dn, (char
*)el-values[j].data);
if (!list-dn[list-count]) {
- talloc_free(list);
return -1;
}
list-count++;
@@ -309,7 +308,6 @@
if (list-count == 0 || list2-count == 0) {
/* 0 X == 0 */
- talloc_free(list);
return 0;
}
@@ -320,7 +318,6 @@
list3-dn = talloc_array(list3, char *, list-count);
if (!list3-dn) {
- talloc_free(list);
talloc_free(list3);
return -1;
}
@@ -359,13 +356,11 @@
if (list-count == 0 list2-count == 0) {
/* 0 | 0 == 0 */
- talloc_free(list);
return 0;
}
d = talloc_realloc(list, list-dn, char *, list-count + list2-count);
if (!d) {
- talloc_free(list);
return -1;
}
list-dn = d;
@@ -375,7 +370,6 @@
sizeof(char *), (comparison_fn_t)strcmp) == -1) {
list-dn[list-count] = talloc_strdup(list-dn,
list2-dn[i]);
if (!list-dn[list-count]) {
- talloc_free(list);
return -1;
}
list-count++;
@@ -453,7 +447,6 @@
}
if (list-count == 0) {
- talloc_free(list);
return 0;
}
svn commit: samba r5190 - in branches/SAMBA_4_0/source/build/smb_build: .
Author: tpot Date: 2005-02-03 04:22:37 + (Thu, 03 Feb 2005) New Revision: 5190 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5190 Log: Grr - typo. Modified: branches/SAMBA_4_0/source/build/smb_build/main.pm Changeset: Modified: branches/SAMBA_4_0/source/build/smb_build/main.pm === --- branches/SAMBA_4_0/source/build/smb_build/main.pm 2005-02-03 04:03:28 UTC (rev 5189) +++ branches/SAMBA_4_0/source/build/smb_build/main.pm 2005-02-03 04:22:37 UTC (rev 5190) @@ -56,7 +56,7 @@ client/config.mk, libcli/libsmb.mk, libcli/config.mk, - libcli/security/config.mk + libcli/security/config.mk, scripting/swig/config.mk, );
svn commit: samba r5191 - in branches/SAMBA_3_0/packaging: Fedora RedHat
Author: jerry
Date: 2005-02-03 04:38:48 + (Thu, 03 Feb 2005)
New Revision: 5191
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5191
Log:
BUG 2299: better logrotate configuration from Levente Farkas [EMAIL PROTECTED]
Modified:
branches/SAMBA_3_0/packaging/Fedora/samba.log
branches/SAMBA_3_0/packaging/Fedora/smb.conf
branches/SAMBA_3_0/packaging/RedHat/samba.log
branches/SAMBA_3_0/packaging/RedHat/smb.conf
Changeset:
Modified: branches/SAMBA_3_0/packaging/Fedora/samba.log
===
--- branches/SAMBA_3_0/packaging/Fedora/samba.log 2005-02-03 04:22:37 UTC
(rev 5190)
+++ branches/SAMBA_3_0/packaging/Fedora/samba.log 2005-02-03 04:38:48 UTC
(rev 5191)
@@ -1,4 +1,4 @@
-/var/log/samba/*.log {
+/var/log/samba/*.log /var/log/samba/log.smbd /var/log/samba/log.nmbd {
notifempty
missingok
sharedscripts
Modified: branches/SAMBA_3_0/packaging/Fedora/smb.conf
===
--- branches/SAMBA_3_0/packaging/Fedora/smb.conf2005-02-03 04:22:37 UTC
(rev 5190)
+++ branches/SAMBA_3_0/packaging/Fedora/smb.conf2005-02-03 04:38:48 UTC
(rev 5191)
@@ -43,7 +43,7 @@
# this tells Samba to use a separate log file for each machine
# that connects
- #log file = /var/log/samba/log.%m
+ #log file = /var/log/samba/%m.log
# all information in one file
log file = /var/log/samba/log.smbd
Modified: branches/SAMBA_3_0/packaging/RedHat/samba.log
===
--- branches/SAMBA_3_0/packaging/RedHat/samba.log 2005-02-03 04:22:37 UTC
(rev 5190)
+++ branches/SAMBA_3_0/packaging/RedHat/samba.log 2005-02-03 04:38:48 UTC
(rev 5191)
@@ -1,11 +1,9 @@
-/var/log/samba/log.nmbd {
+/var/log/samba/*.log /var/log/samba/log.smbd /var/log/samba/log.nmbd {
+notifempty
+missingok
+sharedscripts
+copytruncate
postrotate
- /usr/bin/killall -HUP nmbd
+ /bin/kill -HUP `cat /var/run/smbd.pid /var/run/nmbd.pid
/var/run/winbindd.pid 2 /dev/null` 2 /dev/null || true
endscript
}
-
-/var/log/samba/log.smbd {
-postrotate
- /usr/bin/killall -HUP smbd
-endscript
-}
Modified: branches/SAMBA_3_0/packaging/RedHat/smb.conf
===
--- branches/SAMBA_3_0/packaging/RedHat/smb.conf2005-02-03 04:22:37 UTC
(rev 5190)
+++ branches/SAMBA_3_0/packaging/RedHat/smb.conf2005-02-03 04:38:48 UTC
(rev 5191)
@@ -43,7 +43,7 @@
# this tells Samba to use a separate log file for each machine
# that connects
- # log file = /var/log/samba/log.%m
+ # log file = /var/log/samba/%m.log
# all log information in one file
log file = /var/log/samba/smbd.log
svn commit: samba r5192 - in branches/SAMBA_3_0/packaging/RedHat: .
Author: jerry Date: 2005-02-03 04:40:52 + (Thu, 03 Feb 2005) New Revision: 5192 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5192 Log: missed one packaging fix for BUG 2299 Modified: branches/SAMBA_3_0/packaging/RedHat/smb.conf Changeset: Modified: branches/SAMBA_3_0/packaging/RedHat/smb.conf === --- branches/SAMBA_3_0/packaging/RedHat/smb.conf2005-02-03 04:38:48 UTC (rev 5191) +++ branches/SAMBA_3_0/packaging/RedHat/smb.conf2005-02-03 04:40:52 UTC (rev 5192) @@ -45,7 +45,7 @@ # that connects # log file = /var/log/samba/%m.log # all log information in one file - log file = /var/log/samba/smbd.log + log file = /var/log/samba/log.smbd # Put a capping on the size of the log files (in Kb). max log size = 50
