[Samba] Undeliverable message returned to sender
This message was created automatically by mail delivery software. Delivery failed for the following recipient(s): [EMAIL PROTECTED] The message you sent contained an attachment which the recipient has chosen to block. Usually these sort of attachments are blocked to prevent malicious software from being sent to the recipient in question. The name(s) of the blocked file(s) follow: document_word.pif To send this file, please place it in a compressed archive using WinZip (http://www.winzip.com) or the archive software of your choice. - Original Message Header - Received: by mail35-ash.bigfish.com (MessageSwitch) id 1109664063361974_4769; Tue, 1 Mar 2005 08:01:03 + (UCT) Received: from wabco-auto.com (pD955DC27.dip.t-dialin.net [217.85.220.39]) by mail35-ash.bigfish.com (Postfix) with ESMTP id 5C58730BD2D for [EMAIL PROTECTED]; Tue, 1 Mar 2005 08:00:51 + (UCT) From: samba@lists.samba.org To: [EMAIL PROTECTED] Subject: Re: Word file Date: Tue, 1 Mar 2005 09:19:58 +0100 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0006_4062.3B8E X-Priority: 3 X-MSMail-Priority: Normal Message-Id: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [homes] share problems
james schrieb: Robert rob.smb at connectfree.co.uk writes: I am experiencing the following problems with the [homes] shares. Using Samba 3.0.9 and winbind on SLES9 with NT PDC. Running wbinfo -a authenticates users ok but I cannot connect using smbclient. If I comment out 'valid users = %S' from [homes] in smb.conf then it is possible to connect using valid user/password combinations but otherwise I get tree connect failed: NT_STATUS_ACCESS_DENIED Could anyone please throw some light on this while I still have some hair left. Thanks Rob Help also wanted with the same issue:- I am using the the same version of Samba, same version of SLES and experiencing an identical problem with the valid users=%S setting on the homes share - tree connect failed: NT_STATUS_ACCESS_DENIED. One key difference between my environment and Rob's is my environment is relying on a Windows AD server for authentication and I am running smbclient -k. smbclient work okay with the %S commented out but fails when uncommented Any help would be appreciated Thanks James Hi all, some month ago i had the same problem and was told to replace %S by %U. That solved the problem for me. BUT i have a standalone samba-pdc, so it may help you or not, but it's worth a try, isn't it? Christoph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [homes] share problems
james wrote: Robert rob.smb at connectfree.co.uk writes: I am experiencing the following problems with the [homes] shares. Using Samba 3.0.9 and winbind on SLES9 with NT PDC. Running wbinfo -a authenticates users ok but I cannot connect using smbclient. If I comment out 'valid users = %S' from [homes] in smb.conf then it is possible to connect using valid user/password combinations but otherwise I get tree connect failed: NT_STATUS_ACCESS_DENIED Could anyone please throw some light on this while I still have some hair left. Thanks Rob Help also wanted with the same issue:- I am using the the same version of Samba, same version of SLES and experiencing an identical problem with the valid users=%S setting on the homes share - tree connect failed: NT_STATUS_ACCESS_DENIED. One key difference between my environment and Rob's is my environment is relying on a Windows AD server for authentication and I am running smbclient -k. smbclient work okay with the %S commented out but fails when uncommented Any help would be appreciated Thanks James James I have now managed to resolve this issue using the following :- valid users = DOMAIN\%S where DOMAIN is replaced by your domain name. This assumes the default winbind separator \ Regards Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root - SOLUTION
Thanks to those of you who responded. Andrew Bartlett came through with the answer I needed to hear, which was that I was trying to do something that wasn't supported. I am it has two weeks trying to twirl the PDC with samba + LDAP and ties the moment only migraines. It would like to know which is the problem, now, below described in mine log's? What user are you trying to use to join the domain. It must either be root (Samba 3.0.11) or an user with the SeMachineAccount privilege (Samba = 3.0.11). Andrew Bartlett Is it also true in Samba 3.0.11 that only root can add users/groups and make modifications using the SRVTOOLS package? Correct. Thanks Andrew for the answer! Doug -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tony Earnshaw Sent: Monday, February 28, 2005 9:41 PM To: samba@lists.samba.org Subject: RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root Doug Campbell: [...] smbldap_open: cannot access LDAP when not root... [...] As which user (Unix) is slapd (presume this is OpenLDAP)running? Do you have an 'ldap admin dn' entry in smb.conf with rights to all LDAP ACLs? I.e., I don't have this problem with Samba 3.0.11/OL 2.2.17-23 and didn't with 3.0.7, either. My smb.conf file does have the ldap admin dn entry. The relevant section of my smb.conf file is as follows: [...] Again, as which Unix user is slapd running? Who is the owner of your DB files, config files, etc.? What are the permissions on them? Have you certificates (i.e. the CA cert) or anything that smbd has to try to read that can only be read by root? Is cn=Manager,dc=swro,dc=local a proxy user in your DIT, or the rootdn user in slapd.conf (it's better to make a proxy user in the DIT and comment out the rootdn). Can a normal user run ldapsearch, for example, without being root?Etc. ;) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authentication via both domain controller and local Samba password file
Hi Guys, Does anybody know that if Samba is able to authenticate the user via both domain controller and local Samba password file when the Samba is running under 'Domain' mode?? The test steps: 1. Add some Samba users when the Samba is configured running under 'User' mode, then the share is accessible by those added users. 2. Try to join the Samba a Windows 2000 domain, then the user logs into the domain can access the share. My question is: Can the user created in step 1 can still access the share? I have done the test on Samba 3.0.7 and Samba 3.0.11, the answer is 'No'. But I do remember that the share can be accessed by both domain user or local Samba user in this case in earlier Samba 3.0.x than 3.0. Thanks in advance, Juer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two smbd daemons and clustered environment
Hello I have a question about running two SMBD daemons on one host. Background for this request is Samba failover in parallel services mode. The actual requirement is to start Samba processes bind to specific IP address. This can be done by specifying following parameters in smb.conf file : interfaces = 192.168.100.1/24 bind interfaces only = yes But nmbd process always is listening on *, instead of specific interface. So does it mean, that nmbd should be started once on a hosts event two smbd daemons will run ? Maybe running two smbd's on one node is not a good idea at all ? But how to deal with failovering IP address in case of one smbd process ? Does anybody have experience in running two smbd daemons with different configuration options on one host and can share his/her experience ? Or running smbd service as parallel service in clustered environment on two nodes ? Thank you for any tips and/or advises. With best regards Martynas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] permissions modified on shared excel files
Tyler R. Retzlaff: Having difficulty with samba permissions being changed when windows clients save files. Initially files may be shared 0774 (e.g. some excel file) after it is opened and saved by a windows client the permissions are 0744. Thus the next access by a group user cannot write the file. No mask options are specified in the smb.conf so all defaults are being used. Is there a reason why the permissions are being changed when a file is saved? Have a look at the various mask settings (SWAT's a good help for looking at what's possible, but i don't use it for real). 3.0.11 here, but it should be the same across the board. I have: create mask = 0770 security mask = 0770 directory mask = 0770 directory security mask = 0770 inherit permissions = Yes In [global] It's probably overkill, but can be modified in each share and avoids what you describe. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: profiles not loading
Jeff Umbach: I'm having the same issue as well, though it normally happens after the server locks up and needs to be rebooted. The server is RedHat ES 3 running Samba 3.0.9 and the workstations are WinXP Pro SP1. Server locks up? We had a Samba 3.0.11 running on RHAS3 update 4 - IBM 235 X series (Jeff Carter's Red Hat srpm compiled on the same machine) suddenly refuse ssh and console logins after Samba had been running for a week. The server had been running perfectly up to then, for more than 6 months. The users could carry on with what they were doing, logins just hung. We had to use the on/off button to reboot. Is this what you mean? --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root
Sergey Loskutov: [...] samba have next code in smbldap.c: #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { DEBUG(0, (smbldap_open: cannot access LDAP when not root..\n)); return LDAP_INSUFFICIENT_ACCESS; } #endif If you user account not have uid=0 sometimes you have a problem described above. This would be it, yes. This is covered in the Samba (3.0) docs. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba failed to authenticate to openLDAP
Steve Zeng: I tried to let Samba authenticate against LDAP but could not figure out how to build the LDAP tree for Samba. Fedora core 2 Samba 3.0.10 OpenLDAP 2.1.29 I used the migration tool bundled with OpenLDAP and successfully imported passwd, group and hosts from NIS into LDAP. I can authenticate from any of linux client against LDAP server. My LDAP DIT is as follows: dc=mydomain | `--- ou=People: to store user accounts for Unix and Windows | `--- ou=Hosts : to store computer accounts for UNIXX Windows | `--- ou=Groups: to store system groups for Unix and Windows O.k. But you could find at a later stage (on, for example, a large installation) that you could do better to separate Samba specific stuff into a subtree, f.ex. under an ou smb. You can still have Samba users in your People container. [...] No comment on the specific OpenLDAP stuff, it looks o.k. and you made it work :) 2) Configure smb.conf with SWAT You might find out later that a CLI editor is a better choice; it gives you the chance of commenting and trying different settings out temporarily. [...] ldap suffix = dc=mfelc This is your immediate problem. Where on earth did you get this from? Your ldap suffix should normally be that of the suffix used in your slapd.conf DSE (could possibly be a subtree): in this case dc=mydomain. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root
Doug Campbell: [...] Sorry, I forgot to put some of these answers in last time :( slapd appears to be running as user ldap when I run ps aux I enabled it to start automatically on boot up using the chkconfig utility in FC3. All config files are owned by root and have root as their group with the one exception of slapd.conf which has ldap as it's group The DB files are owned by ldap and the group is ldap. O.k. I don't have any certificates to deal with as I am not using SSL/TLS. I actually tried to do this as a learning exercise but couldn't get it to work based on the documentation I read. Try http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html cn=Manager,dc=swro,dc=local is the rootdn user in slapd.conf I wanted to have a proxy user but again when I tried using the example slapd.conf files for ACLs they never worked even though I followed the examples as given. You *have* to get ACLs working. You can't possibly use OpenLDAP (in production, at least) without some quite complex ACLs. if I just type ldapsearch at the console, it will prompt me for a password. I don't know what password it is asking though. I tried all that I have used and there is still no luck. The error I get is user not found: no secret in database. If instead I type ldapsearch -x. It displays information from my ldap store. If I now switch users to a non-root user and execute the same two commands, I also get the same two results. 'man ldapsearch'. ldapsearch without -x assumes that you are asking for SASL support that you have configured in slapd.conf, and you haven't. The fact that you get the same results for root or a non-root user doesn't have anything to do with the Unix user that you are logged in as; slapd doesn't care about the Unix )posix) user. It only cares about users in DNs that you feed it. Does that give a better idea of what might be wrong in my setup? Yes. I have to agree with Craig White here (I usually do ;) LDAP for me is the be-all and end-all. i use it for across-platform authentication in production for *everything* It is the corner stone to all services that my users may use. If an application doesn't work with it, then that application is useless to me. Examples of apps that use a single login and password at one site I administer (runs 3 servers under RHAS3 using the same LDAP DSA) are postfix smtp, Courier IMAP, Linux Terminal Server Project, Pykota print quota admin, ssh and a Samba PDC. To be able to master the LDAP part thoroughly, I chose to use source code and subscribe to the 4-5 mailing lists dealing with this. Craig does the same. Get samba working without LDAP first, then make sure you master every possible aspect of openldap and are completely confident with it. Then you can adapt what you've done to Samba. Best, --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] local users in domain member security.
Hi, I have samba 3.0.7 installed and it works fine in security=domain with domain user accounts, ACL and so on but now we would like to add some users in local database account (/etc/passwd /etc/smbpasswd file I though, so they are few users). I try to use smbclient /server/data -Ulocal_linux_user_name%password to test it's everithing ok, but I always receive the same error: session setup failed: NT_STATUS_LOGON_FAILURE, I presume that it try to find the user in the domain, but I have configure nsswitch to search in files before and winbind after. What's wrong? Thanks a lot. Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem joining w2k server into samba3 domain
Hello. We like to join an existing and working samba3 domain (Debian/sarge, just pam, no ldap or kerberos) with a win2k server. When I try to join the domain I have to authenticate with an domain Admin Account as usual. This proves in my opinion, that it can talk to the samba-pdc. After that an error message says that the samba domain can't be found. Why is it, that I can't add a Windows server? Does anybody know this problem? I don't understand why this should not work, its a normally domain join like Win2k pro and Windows xp join. Is anything different here? We need this server in our domain to install a domain-wide SuS-service. Any help is greatly appreciated. -- regards Andreas Schneider ... -- ANW GmbH Co. KG Mainzer Str. 4-6 66424 Homburg Telefon 06841 - 1897760 Telefax 06841 - 1897770 mailto:[EMAIL PROTECTED] http://www.anw.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.8 - authentication and nscd
Peter Dods Senior Consultant STR Technology Ltd - IT Telecoms Staffing Specialists e-mail: [EMAIL PROTECTED] Tel: 01483 510130 Fax:01483 510140 Mobile: 07906 162 871 View a selection of our vacancies online www.strecruitment.co.uk PRIVACY AND CONFIDENTIALITY NOTICE The information in this email is for the named addressee only. As this email may contain confidential or privileged information if you are not, or suspect that you are not, the named addressee or the person responsible for delivering the message to the named addressee, please contact us immediately. Please note that we cannot guarantee that this message has not been intercepted and amended. The views of the author may not necessarily reflect those of STR Ltd. Should this email contain a curriculum vitae of an STR Ltd candidate then this shall be classed as an 'Introduction' by STR Ltd as per our terms and conditions of business. VIRUS NOTICE The contents of any attachment may contain software viruses, which could damage your own computer. While STR Ltd has taken reasonable precautions to minimise the risk of software viruses, it cannot accept liability for any damage, which you may suffer as a result of such viruses. We recommend that you carry out your own virus checks before opening any attachment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.11 doesn't work on Fedora Core 2
Andrew Bartlett wrote: On Tue, 2005-03-01 at 09:46 +0300, Dmitry V. Korotkov wrote: Hi! I am not alone. Philip Burrow [http://lists.samba.org/archive/samba/2005-February/100848.html] has the same problem on Fedora Core 1. I've downloaded samba-3.0.11-1.src.rpm from samba.org, built samba RPM packages and updated samba-3.0.8 (it is configured to be PDC with LDAP sam database). When I restart samba, server appears in network and shares are working, but soon server disappears. I think it's a bug in the version of nss_ldap included in FC2. I run with this patch (removing an optimisation in our handling on LDAP). Perhaps the smbldap part of the changes are not required... Hi Andrew, What I have found is that 3.0.10 works fine on Fedora 1 and 2, but 3.0.11 and the 3.0.12 prerelease suffers the issue described by me earlier and by Dimitry here. I built from SRPMS provided on samba.org in all cases. It is related to LDAP, as if I comment out the passdb backend=ldapsam:ldap://localhost directive from the config file, the errors from smbclient stop. Unfortunately it doesn't use LDAP, which is what I want. After restarting smbd/nmbd with 3.0.11 or 3.0.12pre1, I get a share list and this error when I do smbclient -L localhost: session setup failed: Call returned zero bytes (EOF) NetBIOS over TCP disabled -- no workgroup available Then if I repeat smbclient -L localhost, I get the following only: protocol negotiation failed With the above smb.conf directive enabled, the LDAP logs show Samba querying the LDAP server, and there doesn't appear to be a lot wrong with whats happening. It just doesn't work right! Is there a known working version of nss_ldap that we can try? Which patch are you referring to? Many thanks, Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows 2003 Active Directory - Cannot authenticate
I've been checking the authentication with wbinfo -a username%password, which is failing with the following error: plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user username%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user username with challenge/response Strangely, wbinfo -g and wbinfo -u seem to work, as mentioned in my previous post. Logging winbindd, at level 10, during this process, shows the following (apologies for length): [2005/02/28 13:24:27, 6] nsswitch/winbindd.c:new_connection(356) accepted socket 19 [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn INTERFACE_VERSION [2005/02/28 13:24:27, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [14536]: request interface version [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2005/02/28 13:24:27, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [14536]: request location of privileged pipe [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(569) client_write: need to write 35 extra data bytes. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 35 bytes. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(558) client_write: client_write: complete response written. [2005/02/28 13:24:27, 6] nsswitch/winbindd.c:new_connection(356) accepted socket 20 [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 0 bytes. Need 1824 more for a full request. [2005/02/28 13:24:27, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 19, pid 14536: EOF [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn PAM_AUTH [2005/02/28 13:24:27, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(179) [14536]: pam auth username [2005/02/28 13:24:27, 8] lib/util.c:is_myname(1810) is_myname(EASTLONDON) returns 1 [2005/02/28 13:24:27, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(259) Authentication for domain EASTLONDON (local domain to this server) not supported at this stage [2005/02/28 13:24:27, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(361) Plain-text authentication for user username returned NT_STATUS_NO_SUCH_USER (PAM: 10) [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn INFO [2005/02/28 13:24:27, 3] nsswitch/winbindd_misc.c:winbindd_info(248) [14536]: request misc info [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn DOMAIN_NAME [2005/02/28 13:24:27, 3] nsswitch/winbindd_misc.c:winbindd_domain_name(273) [14536]: request domain name [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524) client_write: wrote 1300 bytes. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:winbind_client_read(470) client_read: read 1824 bytes. Need 0 more for a full request. [2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321) process_request: request fn AUTH_CRAP [2005/02/28 13:24:27, 3]
Re: [Samba] [SOLVED] Samba 3.0.11 doesn't work on Fedora Core 2
Philip Burrow wrote: Andrew Bartlett wrote: I think it's a bug in the version of nss_ldap included in FC2. I run with this patch (removing an optimisation in our handling on LDAP). Perhaps the smbldap part of the changes are not required... Hi Andrew, What I have found is that 3.0.10 works fine on Fedora 1 and 2, but 3.0.11 and the 3.0.12 prerelease suffers the issue described by me earlier and by Dimitry here. I built from SRPMS provided on samba.org in all cases. Just following up my own post, I obtained nss_ldap-220-3.src.rpm (used in FC3) for a FC1 machine, built and installed it then rebuilt Samba 3.0.12pre1 and installed. This appears to have fixed the problem. I was using nss_ldap-217-1 on both my FC1 and FC2 machines, hence why it wasn't working on both. I since tested 3.0.11 and it worked too. Thanks Andrew for your comments. Phil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error on samba installation
Hello, I want to install samba 3.0.11 on a Mandrake 10.1. Once all source compiled, the make command gives an error message that you can see on the attached file. Thanks in advance for any advice. (See attached file: instal-samba.doc) Jean-Marc VIGUIER Service Informatique Mairie de Six-Fours-Les-Plages 04 94 34 94 91 06 87 13 62 00-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind - how to map ADS group to Unix group
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Miles, Noal wrote: | OK I set winbind nested group = yes use `net groupmap {addmem,delmem,listmem}' cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJHV4IR7qMdg1EfYRAgauAJ9zI4gmGpn/9H0E0zA4Y3Nips3nnACdHAUj HOXXv8XrN7gaVl2mBrpxLcs= =/mab -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba failed to authenticate to openLDAP
Judicious snippage, post at the bottom. I tried to let Samba authenticate against LDAP but could not figure out how to build the LDAP tree for Samba. Fedora core 2 Samba 3.0.10 OpenLDAP 2.1.29 dc=mydomain | `--- ou=People: to store user accounts for Unix and Windows | `--- ou=Hosts : to store computer accounts for UNIXX Windows | `--- ou=Groups: to store system groups for Unix and Windows What I did were: [global] workgroup = TESTDM passdb backend = ldapsam:ldap://10.10.0.101/ log level = 1 passdb:8 auth:8 domain logons = Yes wins support = Yes ldap admin dn = cn=root,dc=mydomain ldap delete dn = Yes ldap group suffix = ou=Group ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap suffix = dc=mfelc ldap passwd sync = Yes ldap ssl = no 3) start Samba server 4) run smbclient //smbserver -U myid Password: session setup failed: NT_STATUS_LOGON_FAILURE Attached is the smbd.log, I deleted the normal log and keep failed messages as below: check_sam_security: Couldn't find user 'szeng' in passdb file. auth/auth.c:check_ntlm_password(271) check_ntlm_password: sam authentication for user [szeng] FAILED with error NT_STATUS_NO_SUCH_USER Is there anybody who might have some idea of what is wrong. Yep. You did nothing to create the samba attributes that will have to exist in each user account for the users to log in. I suggest you read the documentation on setting up an LDAP/PDC system that is on the samba.org web site. You've missed quite a few steps here, so you may want to read it through to get a complete idea. Your solution is going to include the following: 1. Obtain and configure the smbldap-tools package. 2. Run the smbldap-populate script 3. Make sure you've got a sambaDomain (I think that's the object type) in the base of your DIT. 4. Join the machine to the domain (since you appear to want a domain setup) 4. Add samba attributes to each user's account. Yes there are 2 #4 entries. Doesn't matter which one comes first. As far as I can remember, those will be the critical steps to not miss. If you've followed the documentation and not done those steps, you've missed something. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Access Denied when trying to change permissions on Samba share
click the file/directory, click properties, click Security tab, choose a user and try to modify the permissions or add a user or group for access rights the share it fails. The message given is Unable to save permission changes...Access is denied. I compared both smb.conf files before and after the upgrade and they are the same. What am I missing here? Do you have ACLs enabled on your FS? -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [homes] share problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christoph Scheeder wrote: | Hi all, | some month ago i had the same problem and was told | to replace %S by %U. That solved the problem for me. | BUT i have a standalone samba-pdc, so it may help | you or not, but it's worth a try, isn't it? valid users = %U in [homes] has no real effect. If you expand out the smb.conf variables, you should see why. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJHolIR7qMdg1EfYRAloLAKC9upb19xfZAJuluoR+YDqAqAnHTQCePV6/ Jnn449P6AkhdiIs/XSzEsNQ= =zKzh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] local users in domain member security.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Meli Marco wrote: | Hi, | I have samba 3.0.7 installed and it works fine in security=domain with | domain user accounts, ACL and so on but now we would like to add some users | in local database account (/etc/passwd /etc/smbpasswd file I though, so | they are few users). | I try to use smbclient /server/data -Ulocal_linux_user_name%password | to test it's everithing ok, but I always receive the same error: | session setup failed: NT_STATUS_LOGON_FAILURE, I presume add -W netbios name of server cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJHqFIR7qMdg1EfYRAo3BAJ9L+UqwP2txsJ2nLE799eUcg5yW2QCgyUa7 rEJlMDtfM5OPs0SCFnODP+k= =QIrj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to login to the domain
Hello everyone. I am having a problem loging into my domain (although I can log into my shares successfully). Here are the details. Servers and applications: PDC Server: Name: ACME-SERVER Domain: ACME Samba: 3.0.10-1 (Debian) smbldap-tools: 0.8.5-3 Distribution: Debian, running kernel 2.6.8-1-k7 IP Address: 192.168.1.106 Backend Database: ldap (OpenLdap) Windows Machine: OS: Win2K Name: naddaf2 IP Address: 192.168.1.108 username used in creating the log files: maunelie I have been able to add my windows machine (i.e. naddaf2) to the ACME domain (and a naddaf2$ entry was added to my ldap backend as a result). After cleaning up my /var/log/samba/ content, I started my samba and tried to login from naddaf2 to my domain and it created a number of log files that I have zipped in a 20K file and have put here for your access: http://naddaf.net:82/samba/all_samba_logs.zip Looking at the naddaf2 log file (included in the above zipped file), it seems that logon has gone through successfully, but what I see on my windows box is the standard error: The system could not log you in. make sure your User name and Domain are correct, then type your password again. Letters in passwords must be typed using the correct case. Make sure Caps Lock is not accidently on. I have also put my smb.conf file there: http://naddaf.net:82/samba/smb.conf . If there is any other information I can add, please let me know. I appreciate it if someone could help me fix the issue. Many thanks, Ali Naddaf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrate profiles from one domain to another
Hi all, I need to migrate profiles from one running domain to another. I can't use the standard Windows Profile tools, because when I am a member of one domain, profiles for the other domain say Account Unknown and the Copy function is disabled. I can't get interdomain trusts working and have no responses to my email about that, so I am looking for another way to get this done. I have a feeling that my missing link is interdomain trusts. Any help would be appreciated, so I can merge these two domains together. :( Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fedora core 2 domain trust account fails
Hello, Having a problem with trust accounts failing after creation. The following is the system that I'm running Samba on: Fedora Core 2 (compiled from source) Samba 3.0.11 OpenLDAP 2.2.23 BerkeleyDB 4.3.27 Windows 2000 client machine I have a script to add machine trust accounts to LDAP. The first part adds a posix Account and attributes to LDAP, the second uses smbpasswd to add the Samba account and attributes. I use PAM to point to the LDAP directory for user, group info and authentication. This method has worked on Samba 3.0.0 with ldap 2.1.30 backend systems fine. I add the account using root, the account is created in LDAP, and I get a Welcome to blah blah domain message. After I reboot and attempt to login, I get a trust account failure error message. I compared the sid for the domain and the machine account and they are identical. The only password that is created is sambaNTPassword. The following are attributes that are found in LDAP after account creation: [EMAIL PROTECTED] root]# ldapsearch -xv -b ou=computers,dc=tow,dc=net uid=wms-0106$ldap_initialize( DEFAULT ) filter: uid=wms-0106$ requesting: ALL # extended LDIF # # LDAPv3 # base ou=computers,dc=tow,dc=net with scope sub # filter: uid=wms-0106$ # requesting: ALL # # wms-0106$, Computers, tow.net dn: uid=wms-0106$,ou=Computers,dc=tow,dc=net objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount uid: wms-0106$ cn: wms-0106$ sn: wms-0106$ uidNumber: 8049 gidNumber: 502 homeDirectory: /dev/null description: Computer loginShell: /bin/false sambaSID: S-1-5-21-1129281578-1295143107-3311307472-17098 sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-515 displayName: wms-0106$ sambaPwdCanChange: 1109349002 sambaPwdMustChange: 2147483647 sambaNTPassword: 6B92BAAA9FAD3E498BF4665F0B42BF95 sambaPwdLastSet: 1109349002 sambaAcctFlags: [W ] # search result search: 2 result: 0 Success Any suggestions? Kent L. Nasveschuk Wareham Public Schools -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fedora core 2 domain trust account fails
On Tuesday 01 March 2005 11:30 am, kent wrote: Hello, Having a problem with trust accounts failing after creation. The following is the system that I'm running Samba on: Fedora Core 2 (compiled from source) Samba 3.0.11 OpenLDAP 2.2.23 BerkeleyDB 4.3.27 If you read the release notes for 3.0.12pre1 you will see there is a bug with interdomain trusts in 3.0.11. Nobody ever told me that even though I have asked repeated on the mailing list. I wlll save you the time I wasted and let you know. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrate profiles from one domain to another
Misty, You can use the Samb 'profiles' tool to change the SIDs in your user profiles. - John T. On Tuesday 01 March 2005 08:22, Misty Stanley-Jones wrote: Hi all, I need to migrate profiles from one running domain to another. I can't use the standard Windows Profile tools, because when I am a member of one domain, profiles for the other domain say Account Unknown and the Copy function is disabled. I can't get interdomain trusts working and have no responses to my email about that, so I am looking for another way to get this done. I have a feeling that my missing link is interdomain trusts. Any help would be appreciated, so I can merge these two domains together. :( Misty -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fedora core 2 domain trust account fails
I haven't read them but I will, thanks. Kent Misty Stanley-Jones lt;[EMAIL PROTECTED]gt; wrote: On Tuesday 01 March 2005 11:30 am, kent wrote: Hello, Having a problem with trust accounts failing after creation. The following is the system that I'm running Samba on: Fedora Core 2 (compiled from source) Samba 3.0.11 OpenLDAP 2.2.23 BerkeleyDB 4.3.27 If you read the release notes for 3.0.12pre1 you will see there is a bug with interdomain trusts in 3.0.11. Nobody ever told me that even though I have asked repeated on the mailing list. I wlll save you the time I wasted and let you know. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Authentication via both domain controller and local Sambapassword file
Try setting auth methods = sam winbind. IIRC when in domain authentication auth methods does not include users in the local sam, but my knowledge could be based upon an older version of samba, so you'll have to try it out. -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Juer Lee Sent: Tuesday, March 01, 2005 12:46 AM To: samba@lists.samba.org Subject: [Samba] Authentication via both domain controller and local Sambapassword file Hi Guys, Does anybody know that if Samba is able to authenticate the user via both domain controller and local Samba password file when the Samba is running under 'Domain' mode?? The test steps: 1. Add some Samba users when the Samba is configured running under 'User' mode, then the share is accessible by those added users. 2. Try to join the Samba a Windows 2000 domain, then the user logs into the domain can access the share. My question is: Can the user created in step 1 can still access the share? I have done the test on Samba 3.0.7 and Samba 3.0.11, the answer is 'No'. But I do remember that the share can be accessed by both domain user or local Samba user in this case in earlier Samba 3.0.x than 3.0. Thanks in advance, Juer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is it feasable?
Am I asking something OT? If there's a more appropriate Samba ML, let me know... -- Sensei mailto:[EMAIL PROTECTED] pgp:8998A2DB icqnum:241572242 yahoo!:sensei_sen msn-id:[EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] compile problems on SuSE 7.2
Hello, I try to compile Samba 3.0.11 on SuSE 7.2 (Kernel 2.4.10, glibc 2.2.2, gcc 2.95.3) and get a lot of warnings and then the compilation fails with ---snip--- Linking nsswitch/libnss_wins.so lib/system.po: In function `sys_dlopen': lib/system.po(.text+0xf3f): undefined reference to `dlopen' lib/system.po: In function `sys_dlsym': lib/system.po(.text+0xf6f): undefined reference to `dlsym' lib/system.po: In function `sys_dlclose': lib/system.po(.text+0xf9b): undefined reference to `dlclose' lib/system.po: In function `sys_dlerror': lib/system.po(.text+0xfc4): undefined reference to `dlerror' lib/username.po: In function `user_in_netgroup_list': lib/username.po(.text+0xbd2): undefined reference to `yp_get_default_domain' lib/access.po: In function `string_match': lib/access.po(.text+0x200): undefined reference to `yp_get_default_domain' Compiling nsswitch/pam_winbind.c with -fPIC Linking nsswitch/pam_winbind.so Compiling libsmb/libsmbclient.c with -fPIC Compiling libsmb/libsmb_compat.c with -fPIC make: *** wait: No child processes. Stop. make: *** Waiting for unfinished jobs make: *** wait: No child processes. Stop. ---snip--- Is compiling with such an old system not supported? Or: what Do I have to do to get it compiled? Regards Jochen -- Jochen Witte [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba failed to authenticate to openLDAP
Paul, Great Tips... Thanks you. I will take a look at smbldap-tools and try again. Steve Judicious snippage, post at the bottom. I tried to let Samba authenticate against LDAP but could not figure out how to build the LDAP tree for Samba. Fedora core 2 Samba 3.0.10 OpenLDAP 2.1.29 dc=mydomain | `--- ou=People: to store user accounts for Unix and Windows | `--- ou=Hosts : to store computer accounts for UNIXX Windows | `--- ou=Groups: to store system groups for Unix and Windows What I did were: [global] workgroup = TESTDM passdb backend = ldapsam:ldap://10.10.0.101/ log level = 1 passdb:8 auth:8 domain logons = Yes wins support = Yes ldap admin dn = cn=root,dc=mydomain ldap delete dn = Yes ldap group suffix = ou=Group ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap suffix = dc=mfelc ldap passwd sync = Yes ldap ssl = no 3) start Samba server 4) run smbclient //smbserver -U myid Password: session setup failed: NT_STATUS_LOGON_FAILURE Attached is the smbd.log, I deleted the normal log and keep failed messages as below: check_sam_security: Couldn't find user 'szeng' in passdb file. auth/auth.c:check_ntlm_password(271) check_ntlm_password: sam authentication for user [szeng] FAILED with error NT_STATUS_NO_SUCH_USER Is there anybody who might have some idea of what is wrong. Yep. You did nothing to create the samba attributes that will have to exist in each user account for the users to log in. I suggest you read the documentation on setting up an LDAP/PDC system that is on the samba.org web site. You've missed quite a few steps here, so you may want to read it through to get a complete idea. Your solution is going to include the following: 1. Obtain and configure the smbldap-tools package. 2. Run the smbldap-populate script 3. Make sure you've got a sambaDomain (I think that's the object type) in the base of your DIT. 4. Join the machine to the domain (since you appear to want a domain setup) 4. Add samba attributes to each user's account. Yes there are 2 #4 entries. Doesn't matter which one comes first. As far as I can remember, those will be the critical steps to not miss. If you've followed the documentation and not done those steps, you've missed something. -- Regards, Steve Zeng Systems Administrator Mainframe Entertainment Inc T: (604) 628-1000 ext 5293 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using 99% cpu
I've been having problems since updating to samba 3.0.10 on Debian 3.1 Below is the output of ltrace and gdb on the offending smbd process. I tried upgrading to 3.0.11 and the problem still exists. Anyone have any suggestions? [ltrace output] After about 20 seconds on the processes ltrace loops this iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 [gdb backtrace] Attaching to program: /usr/sbin/smbd, process 10657 snip 0x40202cf9 in memcpy () from /lib/tls/libc.so.6 (gdb) bt #0 0x40202cf9 in memcpy () from /lib/tls/libc.so.6 #1 0x081ac059 in tdb_set_lock_alarm () #2 0x081ac20d in tdb_set_lock_alarm () #3 0x081ad49b in tdb_exists () #4 0x081ad6e3 in tdb_traverse () #5 0x081b4a79 in pjob_delete () #6 0x081b4f61 in pjob_delete () #7 0x081a450b in message_dispatch () #8 0x081b5186 in start_background_queue () #9 0x081ffd62 in main () (gdb) John C. Hennessy President/CTO HNK Technology Solutions, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.12pre1 build failure
Gerald (Jerry) Carter wrote: This is a preview release of the Samba 3.0.12 code base and is provided for testing only. I'm seeing a build failure, rh90, gcc-3.2.2: (using same config as for samba-3.0.11): Compiling modules/vfs_expand_msdfs.c with -fPIC Compiling modules/vfs_shadow_copy.c with -fPIC Compiling sam/idmap_rid.c with -fPIC Compiling modules/CP850.c with -fPIC Compiling modules/CP437.c with -fPIC Linking bin/smbd Linking bin/nmbd Linking bin/swat Linking bin/winbindd smbd/trans2.o(.text+0xa20a): In function `call_trans2setfilepathinfo': : undefined reference to `interpret_long_unix_date' smbd/trans2.o(.text+0xa221): In function `call_trans2setfilepathinfo': : undefined reference to `interpret_long_unix_date' smbd/trans2.o(.text+0xa234): In function `call_trans2setfilepathinfo': : undefined reference to `interpret_long_unix_date' collect2: ld returned 1 exit status make[1]: *** [bin/smbd] Error 1 make[1]: *** Waiting for unfinished jobs make[1]: Leaving directory `/usr/local/tmp/BUILD/samba-3.0.12pre1/source' -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fedora core 2 domain trust account fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Misty Stanley-Jones wrote: | On Tuesday 01 March 2005 11:30 am, kent wrote: |Hello, |Having a problem with trust accounts failing after creation. The following |is the system that I'm running Samba on: | |Fedora Core 2 |(compiled from source) |Samba 3.0.11 |OpenLDAP 2.2.23 |BerkeleyDB 4.3.27 | | If you read the release notes for 3.0.12pre1 you will see there | is a bug with interdomain trusts in 3.0.11. Nobody ever | told me that even though I have asked repeated on the | mailing list. I wlll save you the time I wasted and | let you know. Just to clarify: The bug in 3.0.11 was only with 'net rpc trust establish' Once a trust was setup (or upgrading from a previous version) everything is fine. And for the record, the patch was always available at http://www.samba.org/~jerry/patches/post-3.0.11/ And was also logged as a issue in bugzilla.samba.org. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJKjgIR7qMdg1EfYRAp9RAKDVOwXMD2TlBSRhZxYBgiztNVRurwCfelEp cy2yuNaLiwGr+oeaOcv8Dv8= =seql -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 build failure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: | Gerald (Jerry) Carter wrote: | This is a preview release of the Samba 3.0.12 code base and | is provided for testing only. | | I'm seeing a build failure, rh90, gcc-3.2.2: (using same config as for | samba-3.0.11): | | Compiling modules/vfs_expand_msdfs.c with -fPIC | Compiling modules/vfs_shadow_copy.c with -fPIC | Compiling sam/idmap_rid.c with -fPIC | Compiling modules/CP850.c with -fPIC | Compiling modules/CP437.c with -fPIC | Linking bin/smbd | Linking bin/nmbd | Linking bin/swat | Linking bin/winbindd | smbd/trans2.o(.text+0xa20a): In function `call_trans2setfilepathinfo': | : undefined reference to `interpret_long_unix_date' | smbd/trans2.o(.text+0xa221): In function `call_trans2setfilepathinfo': | : undefined reference to `interpret_long_unix_date' | smbd/trans2.o(.text+0xa234): In function `call_trans2setfilepathinfo': | : undefined reference to `interpret_long_unix_date' Builds fine on my rh9 box. I can't find any references to interpret_long_unix_date(). $ grep interpret_long_unix_date */*.[ch] have you checked the differences in the specfile for the 3.0.12pre1 src.rpm at http://us4.samba.org/samba/ftp/Binary_Packages/RedHat/SRPMS/ and the one you are using ? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJK3/IR7qMdg1EfYRAspYAKDIYvi+vMq/jOyfURPyxT7fGZadlACdHeH/ ZfAfJiLu3KJSCd+lPI+st9k= =URAP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using 99% cpu
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John C. Hennessy wrote: | I've been having problems since updating | to samba 3.0.10 on Debian 3.1 Below is the output of | ltrace and gdb on the offending smbd process. | I tried upgrading to 3.0.11 and the problem | still exists. Anyone have any suggestions? | | [gdb backtrace] | Attaching to program: /usr/sbin/smbd, process 10657 | snip | 0x40202cf9 in memcpy () from /lib/tls/libc.so.6 | (gdb) bt | #0 0x40202cf9 in memcpy () from /lib/tls/libc.so.6 | #1 0x081ac059 in tdb_set_lock_alarm () | #2 0x081ac20d in tdb_set_lock_alarm () | #3 0x081ad49b in tdb_exists () | #4 0x081ad6e3 in tdb_traverse () | #5 0x081b4a79 in pjob_delete () | #6 0x081b4f61 in pjob_delete () | #7 0x081a450b in message_dispatch () | #8 0x081b5186 in start_background_queue () | #9 0x081ffd62 in main () | (gdb) There were a lot of printing fixes in 3.0.11. I would really suggest an upgrade. Particularly due to loading issues like this one. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJK5mIR7qMdg1EfYRAp4VAJ0Snpx98UQFocnUjqQX5hRz3iOTSwCg6hxB kCy0gZ4uUC38l7o0YZLlKFk= =VUq3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [homes] share problems
Robert rob.smb at connectfree.co.uk writes: James I have now managed to resolve this issue using the following :- valid users = DOMAIN\%S where DOMAIN is replaced by your domain name. This assumes the default winbind separator \ Regards Rob Rob Thanks - I'll give it a go. Is this documented anywhere or was it a case of trial and error James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 build failure
Gerald (Jerry) Carter wrote: Rex Dieter wrote: | Gerald (Jerry) Carter wrote: | This is a preview release of the Samba 3.0.12 code base and | is provided for testing only. | | I'm seeing a build failure, rh90, gcc-3.2.2: (using same config as for | samba-3.0.11): Builds fine on my rh9 box. I can't find any references to interpret_long_unix_date(). $ grep interpret_long_unix_date */*.[ch] It's there in samba-3.0.12pre1/source/smbd/trans2.c: BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date * smbd/trans2.c: tvs.actime = interpret_long_unix_date(pdata+8); smbd/trans2.c: write_time = interpret_long_unix_date(pdata+16); smbd/trans2.c: changed_time = interpret_long_unix_date(pdata+24); have you checked the differences in the specfile for the 3.0.12pre1 src.rpm at http://us4.samba.org/samba/ftp/Binary_Packages/RedHat/SRPMS/ and the one you are using ? I'm building a slighty modified version from fedora-devel. Wierder still, it seemed to build fine on my rhel3 box, though I still can't find where interpret_long_unix_date is defined. -- Rex A. Dieter [EMAIL PROTECTED] Computer System Administrator http://www.math.unl.edu/~rdieter/ Department of Mathematics University of Nebraska Lincoln -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] creating link to disk from Nautilis 2.2.4
Hi, Sorry if this question has been asked before. I have just installed Redhat 9 and am trying to set up a permanent link to another system running a Samba client. I can launch the network servers and get access to the disk(s). When i right click on any of the disks and try and make a link to the device i get the following message Error unsupported operation while creating a link to smb:// Is this a config problem or a know issue ? What i really want to have is the disk appear on my desktop so that i can have things on the disk always be available -- Sláinte kkken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL Question [Repost]
Well, I'm not the only one who's experiencing this problem. Does anyone out there have any ideas? Is this a bug or just a misconfiguration. I'd really like to get this resolved. Thomas Boutell wrote: I experience similar symptoms with both 3.0.10-as-found-in-fedora-core-3 and samba-3.0.11. One difference is that I haven't been able to make smbcacls get as far as denying permission. Shouldn't this command work? smbcacls //localhost/research research1.txt -a ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator Password: Failed to parse ACL ACL:AD\MarketingGroup Note that when I remove the -a to just list ACLs, it works fine, so a parsing error doesn't make much sense here: [EMAIL PROTECTED] ~]# smbcacls //localhost/research research1.txt ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator Password: REVISION:1 OWNER:AD\salesperson1 GROUP:S-1-5-21-875667829-2241442456-3328505926-1130 ACL:AD\salesperson1:ALLOWED/0/RW ACL:S-1-5-21-875667829-2241442456-3328505926-1130:ALLOWED/0/R ACL:\Everyone:ALLOWED/0/R Yes, I can use getfacl and setfacl successfully and yes, ACLs are enabled in Samba and on the ext3 file system in question (POSIX ACLs). Thanks for any information. On Mon, 28 Feb 2005, David Sonenberg wrote: OK so I've got samba-3.0.11 compiled with ACL support. I've running 2.4.25 with the ACL/ATTR patch applied. I can read and set ACLS's using the getfacl/setfacl programs. ldd /usr/sbin/smbd shows it's linked to libattr.so.1 and libacl.so.1. I can read ACL with the smbcacls program, but when I try to set them I get: ERROR: Unable to open credentials file! Also from the windows side, in the properties of a file in it show the users and groups for that file but it lists the perms is all blank, and when I try to change the perms I get a window labeled 'Security' with the message: Unable to save premission changes on . Access is denied. -- David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane 15th Floor New York, NY 10038 Tel 212.981.6527 Fax 917.495.4918 This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No right to confidential or privileged treatment of this message is waived or lost by any error in transmission. If you have received this message in error, please immediately notify the sender by e-mail or by telephone at 212.981.6540, delete the message and all copies from your system and destroy any hard copies. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Thomas Boutell Boutell.Com, Inc. http://www.boutell.com/ -- David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane 15th Floor New York, NY 10038 Tel 212.981.6527 Fax 917.495.4918 This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No right to confidential or privileged treatment of this message is waived or lost by any error in transmission. If you have received this message in error, please immediately notify the sender by e-mail or by telephone at 212.981.6540, delete the message and all copies from your system and destroy any hard copies. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 build failure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: | $ grep interpret_long_unix_date */*.[ch] | | It's there in samba-3.0.12pre1/source/smbd/trans2.c: | BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date * | smbd/trans2.c: tvs.actime = | interpret_long_unix_date(pdata+8); | smbd/trans2.c: write_time = | interpret_long_unix_date(pdata+16); | smbd/trans2.c: changed_time = | interpret_long_unix_date(pdata+24); That's not our 3.0.12pre1 I don't think. Did you get it from Fedora ? $ grep interpret_long_unix_date samba-3.0.12pre1/source/*.[ch] ? | I'm building a slighty modified version from fedora-devel. | | Wierder still, it seemed to build fine on my rhel3 box, | though I still can't find where interpret_long_unix_date | is defined. I can't find it anywhere either. This looks like a Fedora specific thing. Try the SRPM at http://us4.samba.org/samba/ftp/Binary_Packages/Fedora/SRPMS/ Or maybe talk to the Fedora maintainers. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJLmRIR7qMdg1EfYRAhmfAKCD58JrGsxO429FCy7ZPwv2nVI6NQCfZALw Wr1PAsFR1ronsO1Dj4E/VFU= =+7Wf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.12pre1 build failure
Gerald (Jerry) Carter wrote: Rex Dieter wrote: | $ grep interpret_long_unix_date */*.[ch] | | It's there in samba-3.0.12pre1/source/smbd/trans2.c: | BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date * | smbd/trans2.c: tvs.actime = | interpret_long_unix_date(pdata+8); | smbd/trans2.c: write_time = | interpret_long_unix_date(pdata+16); | smbd/trans2.c: changed_time = | interpret_long_unix_date(pdata+24); That's not our 3.0.12pre1 I don't think. Did you get it from Fedora ? I downloaded the source from us4.samba.org. I'll go get it again, and compare. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL Question [Repost]
Thought it might help to have some debugging info: smbcacls //localhost/work for_david -a ACL:STROZLLC\dsonenberg:ALLOWED/0/RWX -Udsonenberg -d9 Password: INFO: Current debug levels: all: True/9 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 Connecting to host=localhost Opening cache file at /var/cache/samba/gencache.tdb name localhost#20 found. Connecting to 127.0.0.1 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 50232 socket option SO_RCVBUF = 87408 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 write_socket(4,183) write_socket(4,183) wrote 183 size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=31691 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=52480 (0xCD00) smb_vwv[ 8]= 123 (0x7B) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=56752 (0xDDB0) smb_vwv[13]=36907 (0x902B) smb_vwv[14]=50462 (0xC51E) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=14849 (0x3A01) smb_bcc=58 size=127 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=31691 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=52480 (0xCD00) smb_vwv[ 8]= 123 (0x7B) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=32896 (0x8080) smb_vwv[12]=56752 (0xDDB0) smb_vwv[13]=36907 (0x902B) smb_vwv[14]=50462 (0xC51E) smb_vwv[15]=11265 (0x2C01) smb_vwv[16]=14849 (0x3A01) smb_bcc=58 Serverzone is 18000 Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE write_socket(4,166) write_socket(4,166) wrote 166 size=290 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=31691 smb_uid=0 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]= 193 (0xC1) smb_bcc=247 size=290 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=31691 smb_uid=0 smb_mid=2 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]= 193 (0xC1) smb_bcc=247 Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_CHAL_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP challenge set by NTLM2 challenge is: [000] E4 26 A7 6C EA B9 D6 E1 ..l NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH write_socket(4,276) write_socket(4,276) wrote 276 size=106 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=31691 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]=9 (0x9) smb_bcc=63 size=106 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=31691 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]=9 (0x9) smb_bcc=63 write_socket(4,88) write_socket(4,88) wrote 88 size=54 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=1 smb_pid=31691 smb_uid=100 smb_mid=4 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=1 (0x1) smb_bcc=13 Connecting to host=localhost name localhost#20 found. Connecting to 127.0.0.1 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 50232 socket option SO_RCVBUF = 87408 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket
Re: [Samba] Samba 3.0.12pre1 build failure
On Tue, Mar 01, 2005 at 12:57:54PM -0600, Rex Dieter wrote: Gerald (Jerry) Carter wrote: Rex Dieter wrote: | $ grep interpret_long_unix_date */*.[ch] | | It's there in samba-3.0.12pre1/source/smbd/trans2.c: | BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date * | smbd/trans2.c: tvs.actime = | interpret_long_unix_date(pdata+8); | smbd/trans2.c: write_time = | interpret_long_unix_date(pdata+16); | smbd/trans2.c: changed_time = | interpret_long_unix_date(pdata+24); That's not our 3.0.12pre1 I don't think. Did you get it from Fedora ? I downloaded the source from us4.samba.org. I'll go get it again, and compare. Is your spec file applying the 64bit_timestamps patch? As of 3.0.12pre1 it's obsolete, because interpret_date() changed. -- JF -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Access Problems
Hello, I have a very strange access problem, and do not know how to get rid of it. We have a server with a Raid 1 installed running under SuSE 9.2 (Samba 3.0.9-2.3). There are some shares where several users need access to. The permissions of the directories are rwxrwxr-x user1 users when files on that shares are accessed by a Windows Client a strange behaviour occurs. Accessing files with Excel or Access (opening changing and saving them) results in a change oft the permissions, so that the group doesn´t have write permissions any more. The same change of permissions occurs when a Backup over the LAN from a Windows Client is made of these directories. Other programs like Word or Notepad leave the permissions alone. First I thought ist was a problem of Posix ACLs that I first had set to the whole home-directory (see my mail a few days ago). However, the problem remained after deleting these ACLs and the default ACL I had set to the home-directory. I have tried a lot of things, but couldn´t get the problem solved. Another strange thing I observed ist that different users belonging to the same group get different permissions for new files. some have rw-rw-rw others rw-r--r-- others rw-rw-r-- in their home-directories (share [homes]) I hope anyone can help me. I´m really desperate. Harry Here is the whole smb.conf # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2005/03/01 14:46:24 # Global parameters [global] workgroup = MYDOMAIN.LOCAL interfaces = eth0 bind interfaces only = Yes map to guest = Never username map = /etc/samba/smbusers log level = 1 syslog = 5 time server = Yes printcap name = CUPS add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u add machine script = /usr/sbin/useradd -g 100 -s /bin/false -M %u logon drive = H: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes ldap ssl = no admin users = @ntadmin, root, administrator printer admin = user1, user2 hosts allow = 192.168.0.0/255.255.255.0 profile acls = Yes veto files = /*.eml/*.nws/riched20.dll/*.{*}/ [homes] comment = %Us Daten auf %L valid users = %S read only = No create mask = 0770 directory mask = 0770 browseable = No inherit acls = yes map archive = no [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [daten] comment = Alle Daten auf %L path = /home valid users = user1,user2, administrator, root admin users = administrator, root read only = No map archive = no [test] comment = Alle Daten auf %L path = /test admin users = administrator, root read only = No map archive = no [netlogon] path = /home/netlogon write list = Administrator, root [alles] comment = Gemeinsame Dateien auf %L path = /home/alle admin users = administrator, root read only = No create mask = 0777 directory mask = 0777 inherit acls = no map archive = no [db] comment = Datenbank path = /home/db read only = No create mask = 0777 directory mask = 0777 inherit acls = no map archive = no [Trumpf] comment = Laser path = /home/alle/Daten/Trumpf read only = No create mask = 0777 directory mask = 0777 map archive = no [GL] path = /home/chefs valid users = user1,user2, administrator admin users = administrator read only = No create mask = 0770 directory mask = 0770 map archive = no [install] path = /home/install read only = No create mask = 0777 directory mask = 0777 map archive = no [Office] path = /home/install/Office create mask = 0777 directory mask = 0777 map archive = no [OfficePro] path = /home/install/OfficePro create mask = 0777 directory mask = 0777 map archive = no [fs1000] comment = Kyocera Mita FS-1000+ path = /var/tmp read only = No create mask = 0600 printable = Yes printer name = fs1000 oplocks = No share modes = No [pdf] comment = PDF creator path = /var/tmp printable = Yes print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z create mask = 0600 -- Dr. Harry Knitter
Re: [Samba] Samba 3.0.12pre1 build failure
Jay Fenlason wrote: On Tue, Mar 01, 2005 at 12:57:54PM -0600, Rex Dieter wrote: Gerald (Jerry) Carter wrote: Rex Dieter wrote: | $ grep interpret_long_unix_date */*.[ch] | | It's there in samba-3.0.12pre1/source/smbd/trans2.c: | BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date * | smbd/trans2.c: tvs.actime = | interpret_long_unix_date(pdata+8); | smbd/trans2.c: write_time = | interpret_long_unix_date(pdata+16); | smbd/trans2.c: changed_time = | interpret_long_unix_date(pdata+24); That's not our 3.0.12pre1 I don't think. Did you get it from Fedora ? I downloaded the source from us4.samba.org. I'll go get it again, and compare. Is your spec file applying the 64bit_timestamps patch? As of 3.0.12pre1 it's obsolete, because interpret_date() changed. Bingo. My fault for not seeing the file in question had been patched. OK everyone, move along... nothing to see here. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using 99% cpu
Just to let everyone know I was able to fix the problem. I cleaned out the tdb files which appearntly had been corrupted. -John John C. Hennessy wrote: I've been having problems since updating to samba 3.0.10 on Debian 3.1 Below is the output of ltrace and gdb on the offending smbd process. I tried upgrading to 3.0.11 and the problem still exists. Anyone have any suggestions? [ltrace output] After about 20 seconds on the processes ltrace loops this iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 [gdb backtrace] Attaching to program: /usr/sbin/smbd, process 10657 snip 0x40202cf9 in memcpy () from /lib/tls/libc.so.6 (gdb) bt #0 0x40202cf9 in memcpy () from /lib/tls/libc.so.6 #1 0x081ac059 in tdb_set_lock_alarm () #2 0x081ac20d in tdb_set_lock_alarm () #3 0x081ad49b in tdb_exists () #4 0x081ad6e3 in tdb_traverse () #5 0x081b4a79 in pjob_delete () #6 0x081b4f61 in pjob_delete () #7 0x081a450b in message_dispatch () #8 0x081b5186 in start_background_queue () #9 0x081ffd62 in main () (gdb) John C. Hennessy President/CTO HNK Technology Solutions, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Permission Denied with updated version of Samba
I have changed from using samba version 2.0.3 running on SCO OpenServer 5 to samba version 3.0.11 running on RedHat 8.0 My client computer is Windows XP. The problem also exists on Windows NT. The Windows XP computer has MKS Toolkit 8.7 The Windows NT computer has NuTCRACKER 4.2 These products provide Unix APIs to aid in porting applications from Unix to Windows. From my command shell, I can issue a cat command to list the contents of a file, which exists on my server just fine. If however I try to open that same file programatically, then, I get a permission denied error. I have included a copy of the smb.conf file at then end of this email. Any suggestions as to what could be wrong, and how to correct it. It seems that this is a problem with the samba software, unless of course the MKS or NuTCRACKER software exploited some previous bug that has now been fixed. My hope is that I can change some setting in the samba to correct this. Thank you for any assistance. Mark ## smb.conf ### # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2005/02/25 09:25:14 # Global parameters [global] workgroup = IMMNET server string = Samba Server encrypt passwords = No log file = /usr/local/samba/var/log.%m max log size = 50 printcap name = lpstat os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = srvtrn01 create mask = 0775 case sensitive = Yes [homes] comment = Home Directories read only = No browseable = No [hdrive] comment = /h on enfs03 path = /h write list = @D504_kgs, @D506_beh, kmp read only = No force create mode = 0444 force directory mode = 0555 hide dot files = No delete readonly = Yes fake directory create times = Yes [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes [backup] path = /backup write list = @D504_kgs, @D506_beh, kmp read only = No force create mode = 0444 force directory mode = 0555 hide dot files = No delete readonly = Yes fake directory create times = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using99% cpu
I have this same problem on 3.0.10, and I also fixed it by deleting the tdbs. My problem, had nothing to do with printing, it was happening once I started winbindd with security = ADS. Jerry, what would we need to do to track this bug down in the tdb code? I have logs at level 10, ltrace output, and a backtrace. Do you think that there were changes made to the tdb code in 3.0.12 that might fix this? -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of John C. Hennessy Sent: Tuesday, March 01, 2005 12:07 PM To: samba@lists.samba.org Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using99% cpu Just to let everyone know I was able to fix the problem. I cleaned out the tdb files which appearntly had been corrupted. -John John C. Hennessy wrote: I've been having problems since updating to samba 3.0.10 on Debian 3.1 Below is the output of ltrace and gdb on the offending smbd process. I tried upgrading to 3.0.11 and the problem still exists. Anyone have any suggestions? [ltrace output] After about 20 seconds on the processes ltrace loops this iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1 __errno_location() = 0x403ac560 iconv(0x82cecc8, 0, 0, 0, 0) = 0 __errno_location() = 0x403ac560 [gdb backtrace] Attaching to program: /usr/sbin/smbd, process 10657 snip 0x40202cf9 in memcpy () from /lib/tls/libc.so.6 (gdb) bt #0 0x40202cf9 in memcpy () from /lib/tls/libc.so.6 #1 0x081ac059 in tdb_set_lock_alarm () #2 0x081ac20d in tdb_set_lock_alarm () #3 0x081ad49b in tdb_exists () #4 0x081ad6e3 in tdb_traverse () #5 0x081b4a79 in pjob_delete () #6 0x081b4f61 in pjob_delete () #7 0x081a450b in message_dispatch () #8 0x081b5186 in start_background_queue () #9 0x081ffd62 in main () (gdb) John C. Hennessy President/CTO HNK Technology Solutions, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain Tursts Revisited
OK Jerry, I think I got it sorted. The documentation in Chap 17 says: Problems With LDAP ldapsam And The smbldap-tools If you use the smbldap-useradd.pl script to create a trust account to set up Interdomain trusts the process of setting up the trust will fail. The account that was created in the LDAP database will have an account flags field that has [W ], when it must have [I ] for Interdomain trusts to work. Answer: Here is a simple solution. Create a machine account as follows: root# smbldap-useradd.pl -w domain_name Then set the desired trust account password as shown here: root# smbldap-passwd.pl domain_name\$ I think it needs to be clear that domain_name here is the NetBIOS name of the w2k domain and not the samba domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SuSE9.2 Client to AD 2003
I have been pulling my hairs out about this for a while now. Running the latest version of SuSE with all patches applied, I have my machine joined to the domain no problem. But when I go to use mount -t smbfs I get this error. Mounting share failed, smbmnt must be installed suid root for direct user mounts (1000,1000) smbmnt failed:1 Of course I hit Google and the list archives first before asking here and tried a few things first like Chmod +s smbmnt and also making sure the kernel was compiled to support smbfs file system. Can anyone in here save me a few hairs and point me to some help or offer some guidance before I pull what is left of my hair out :) Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Audit Trail/Logging For Network Logons and Logoffs
On Fri, 2005-02-25 at 12:51 -0700, Gene Cooper wrote: Hi Folks, I have searched the archives and the web for this issue, but I haven't found an answer. I need to be able to log or audit the network access of our network users. This information needs to be used in conjuction with a time and attendance punch clock. I have seen much discussion of using preexec and postexec for obtaining a network access log. However, my testing has shown this as unreliable. It seems Windows logs in and logs out at (nearly) random and the collected information seems useless as I haven't discovered a useful way to collect or parse the collected information. I have tested on various shares as well. The best you will get is the utmp information, as this is more accurate than the per-share info (due to multiple users of a given share). I've long proposed to implement 'session exec' scripts for this purpose, but never got around to it (and I don't do Samba3 any more). However, if you read the discussion that occurred last year on 'preventing multiple simultaneous logons', you will see why this is so, so hard to get right. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SuSE9.2 Client to AD 2003
On Tue, 1 Mar 2005 17:45:29 -0500 Elijah Savage [EMAIL PROTECTED] wrote: I have been pulling my hairs out about this for a while now. Running the latest version of SuSE with all patches applied, I have my machine joined to the domain no problem. But when I go to use mount -t smbfs I get this error. Mounting share failed, smbmnt must be installed suid root for direct user mounts (1000,1000) smbmnt failed:1 Of course I hit Google and the list archives first before asking here So you should have found that smbfs is not samba, but kernel question. Wrong list here. and tried a few things first like Chmod +s smbmnt and also making sure the kernel was compiled to support smbfs file system. Can anyone in here save me a few hairs and point me to some help or offer some guidance before I pull what is left of my hair out :) I'd suggest trying cifs instead of smbfs. Regards, Nerijus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)
... Setting up a Samba PDC with the following: FreeBSD 5.3 Samba 3.0.x OpenLDAP 2.2.x Kerberos (Heimdal) Would like LDAP to take care of both posixAccount(s) and sambaSamAccount(s). Posix account via nsswitch+pam_ldap. Hope to find one complete documentation that describes this setup from scratch, start to finish. A Ports style install of all packages is fine but I can download, compile and install packages by hand if needed. Problem I am currently having is that I can set up a kerberos server and an ldap server, access both and use ldap for authentication to both the system and samba. I can add users via smbpasswd and use those users (in ldap) to access shares. Where I run into problems is trying to add computers (Windows 2kPro) from the windows systems. Have tried much playing around at this point but am unable to figure out the configuration that allows for this. I have been working from the O'Reilly LDAP book and various differing documentation I have found on the net. The O'Reilly book describes a Samba 2.x style samba.schema but I have moved to a 3.x samba.schema set up now as I attempt to learn this. My current Kerb/LDAP server is FreeBSD 5.3. The Samba PDC is Slackware 10 and it's lack of PAM support is possibly causing some issues but do not know for sure. I want to drop Slackware at this point and make the PDC FreeBSD 5.3 as well. I want to keep the Kerb/LDAP server separate from the PDC. I don't have the resources to separate the Kerberos and LDAP servers at this time. I hope to have documentation that describes setting up the needed ldap containers and how to populate them. I have worked from the samba.org documentation too but found I got stuck at a few points. This documentation shows me ldif examples of how records should look but I didn't get a good idea of how to add these records. I didn't believe that copying those and ldapadd(ing) them would be best due to wrong data in fields such as sambaNTPassword and sambaLMPassword. Maybe I wasn't looking in the right places of the samba.org docs? I hope this well describes what I am hoping to find. Thank you all in advance. Chris -- Number 41 Media Corporation Suite 103 - 645 Fort Street Victoria BC V8W 1G2 T 250.414.0410 F 250.414.0411 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Netbench controller crashs
Hi All, I'm running netbench against our samba based filer and having I believe a controller problem. When I configure the test to run multiple engines per client (about 5 in my case) and about 20 clients so all together I have 100 engines, the controller crashes. My clients are a mix of NT4, winxp and win2000 systems. If I run the controller on windows 2003, the controller simply quit and all my netbench clients are terminating. If I run the controller on winxp system, I am getting the familiar dialog box telling me: Controller MFC Application has encountered a problem and needs to close. We are sorry for the incovenenience. and of course if I want to send error report to Microsoft... It is pretty random when it crashes. Sometimes at the beginning of the test, sometimes later. Has anyone else see similar problems with running netbench? Is there anything special I need to do in smb.conf or so? Is there any work around? Your help is really appreciated. Please advise, Cheers, Ephi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permission Denied with updated version of Samba
I would suggest you first look at your logfiles. This should give you SOME kind of clue. Turn up the log level if need be. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - User Support Spec. III |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Tue, 1 Mar 2005, Mark Kunkel wrote: I have changed from using samba version 2.0.3 running on SCO OpenServer 5 to samba version 3.0.11 running on RedHat 8.0 My client computer is Windows XP. The problem also exists on Windows NT. The Windows XP computer has MKS Toolkit 8.7 The Windows NT computer has NuTCRACKER 4.2 These products provide Unix APIs to aid in porting applications from Unix to Windows. From my command shell, I can issue a cat command to list the contents of a file, which exists on my server just fine. If however I try to open that same file programatically, then, I get a permission denied error. I have included a copy of the smb.conf file at then end of this email. Any suggestions as to what could be wrong, and how to correct it. It seems that this is a problem with the samba software, unless of course the MKS or NuTCRACKER software exploited some previous bug that has now been fixed. My hope is that I can change some setting in the samba to correct this. Thank you for any assistance. Mark ## smb.conf ### # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2005/02/25 09:25:14 # Global parameters [global] workgroup = IMMNET server string = Samba Server encrypt passwords = No log file = /usr/local/samba/var/log.%m max log size = 50 printcap name = lpstat os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = srvtrn01 create mask = 0775 case sensitive = Yes [homes] comment = Home Directories read only = No browseable = No [hdrive] comment = /h on enfs03 path = /h write list = @D504_kgs, @D506_beh, kmp read only = No force create mode = 0444 force directory mode = 0555 hide dot files = No delete readonly = Yes fake directory create times = Yes [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes [backup] path = /backup write list = @D504_kgs, @D506_beh, kmp read only = No force create mode = 0444 force directory mode = 0555 hide dot files = No delete readonly = Yes fake directory create times = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)
On Tue, 2005-03-01 at 15:43 -0800, Chris Lawder wrote: ... Setting up a Samba PDC with the following: FreeBSD 5.3 Samba 3.0.x OpenLDAP 2.2.x Kerberos (Heimdal) Have you read: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Also, Howard Chu has a module in current OpenLDAP called smbk5pwd, which was constructed to allow LDAP to 'set' all the different password types. (Unfortunately I don't use it yet, despite being the person it was constructed for...) Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)
Andrew Bartlett wrote: I've got it up with two way trusts to a w2k domain everything over a ipsec vlan: s: 3.0.10 ports build FBSD: 5.3 etc. Any specific questions? On Tue, 2005-03-01 at 15:43 -0800, Chris Lawder wrote: ... Setting up a Samba PDC with the following: FreeBSD 5.3 Samba 3.0.x OpenLDAP 2.2.x Kerberos (Heimdal) Have you read: https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Also, Howard Chu has a module in current OpenLDAP called smbk5pwd, which was constructed to allow LDAP to 'set' all the different password types. (Unfortunately I don't use it yet, despite being the person it was constructed for...) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)
On Tue, 2005-03-01 at 17:37 -0800, Thomas M. Skeren III wrote: Andrew Bartlett wrote: I've got it up with two way trusts to a w2k domain everything over a ipsec vlan: The kerberos stuff I refer to is all 'unix' (linking Samba and Heimdal kerberos), I don't run windows servers in production, so I can't help you on that side of things. Who is the kerberos for the benefit of? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Netbench controller crashs
Do you have another fileserver, perhaps a Windows box that you could test this against? It really doesn't sound like a Samba problem, and if you can rule that out, you should submit a bug to Veritest (who wrote the NetBench software). I have run multiple engines per client before without a problem, though I have not done so recently. -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Ephi Dror Sent: Tuesday, March 01, 2005 4:28 PM To: samba@lists.samba.org Subject: [Samba] Netbench controller crashs Hi All, I'm running netbench against our samba based filer and having I believe a controller problem. When I configure the test to run multiple engines per client (about 5 in my case) and about 20 clients so all together I have 100 engines, the controller crashes. My clients are a mix of NT4, winxp and win2000 systems. If I run the controller on windows 2003, the controller simply quit and all my netbench clients are terminating. If I run the controller on winxp system, I am getting the familiar dialog box telling me: Controller MFC Application has encountered a problem and needs to close. We are sorry for the incovenenience. and of course if I want to send error report to Microsoft... It is pretty random when it crashes. Sometimes at the beginning of the test, sometimes later. Has anyone else see similar problems with running netbench? Is there anything special I need to do in smb.conf or so? Is there any work around? Your help is really appreciated. Please advise, Cheers, Ephi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)
Andrew Bartlett wrote: On Tue, 2005-03-01 at 17:37 -0800, Thomas M. Skeren III wrote: Andrew Bartlett wrote: I've got it up with two way trusts to a w2k domain everything over a ipsec vlan: The kerberos stuff I refer to is all 'unix' (linking Samba and Heimdal kerberos), I don't run windows servers in production, so I can't help you on that side of things. Who is the kerberos for the benefit of? Dunno. I kinda hopped into the middle of the conversation. Only thing I can think is that a samba server is authenticating off of w2k/w2k3. It hasn't come up in my trust stuff. Just trying to help a FBSD user. No reason for someone else to have my forehead whelts. ;-) TMS III Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Optimise Samba for MYOB
On Tue, 2005-03-01 at 07:30 +, Jackie Chan wrote: First a short background of the situation, My work ran a MYOB file from a MS 2000 server. They were getting problems such as the, cannot send messages to so-and-so. blah blah blah... They were planning to upgrade to MS 2003 in an attempt to eradicate all error messages and remove the lag sometimes experienced when opening a large list. Is this a suggestion by MYOB's vendor, or just a hunch? Since i am a linux fan i suggested giving samba 3.0.11 a try, i was convinced it would be an improvement. After all Linux is the best right. Samba emulates windows as closely as possible in areas of protocol correctness, which in particular includes locking correctness. While Samba does allow more tweaks (in particular, it can deny oplocks on a more granular basis) the locking behaviour (which is almost certainly to blame for both MYOB issues this week) is identical. The only thing I would suggest (which would be in common to both systems) is to look very, very carefully at your network gear. Most reports of bad Samba performance are due to latency inflicted by poor quality NICs and switches. I have seen this on my network with other locking-intensive applications. The money spent on Intel, or even Netgear FA-311 NICs, and *decent* switches will be well worth it. Ditch the RTL8139 cards as fast as you can. We have had good luck with the non-toy Dlink switches, and very bad luck with anything cheaper. Otherwise, as the performance problems are general to networked MYOB, I suggest you instead chase the vendor. I realise everybody is in a rush, and it is coming up to tax time again (at least for those who have Australian accountants :-), but as it matches windows, I'm not sure we can help other than the oplock settings you already use. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.11 Compile Error
Hello. I'm trying to run Samba on HP-UX (IA64), but I can't compile Samba source. I have this following packages: Samba 3.0.11 libiconv 1.9.1 HP-UX 11.23 (IA64) configure process is ok. At make process, I encounters the parsing error. I attached the compile error log. Do you have information how to compile Samba on HP-UX (IA64)? -- Osamu Takeuchi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba failed to authenticate to openLDAP
Paul, I downloaded smbldap-tools-0.8.7 and tried the following: 1) run configure.pl 2) initialize LDAP base and then start LDAP server dn: dc=mfelc dc: mfelc objectClass: top objectClass: domain 3) run smbldap-populate 4) run the following migration tool to import users from NIS: smbldap-migrate-unix-accounts -a -P /tmp/passwd.nis 5) run the following migration tool to import groups from NIS: smbldap-migrate-unix-groups -a -G /tmp/group.nis 6) smbldap-useradd -a -m testuser1 smbldap-passwd testuser1 6) smbclient //enzo/testuser1 -U testuser1 got the following errors: - User testuser1 in passdb, but getpwnam() fails! [2005/03/01 18:12:11, 5] auth/auth_util.c:free_server_info(1344) attempting to free (and zero) a server_info structure [2005/03/01 18:12:11, 0] auth/auth_sam.c:check_sam_security(306) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2005/03/01 18:12:11, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: sam authentication for user [testuser1] FAILED with error NT_STATUS_NO_SUCH_USER [2005/03/01 18:12:11, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [TESTDM] was for this SAM. [2005/03/01 18:12:11, 10] auth/auth.c:check_ntlm_password(259) check_ntlm_password: winbind had nothing to say [2005/03/01 18:12:11, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [testuser1] - [testuser1] FAILED with error NT_STATUS_NO_SUCH_USER -- No idea what is missing. Thanks a lot for any hints. Steve Judicious snippage, post at the bottom. I tried to let Samba authenticate against LDAP but could not figure out how to build the LDAP tree for Samba. Fedora core 2 Samba 3.0.10 OpenLDAP 2.1.29 dc=mydomain | `--- ou=People: to store user accounts for Unix and Windows | `--- ou=Hosts : to store computer accounts for UNIXX Windows | `--- ou=Groups: to store system groups for Unix and Windows What I did were: [global] workgroup = TESTDM passdb backend = ldapsam:ldap://10.10.0.101/ log level = 1 passdb:8 auth:8 domain logons = Yes wins support = Yes ldap admin dn = cn=root,dc=mydomain ldap delete dn = Yes ldap group suffix = ou=Group ldap machine suffix = ou=Hosts ldap user suffix = ou=People ldap suffix = dc=mfelc ldap passwd sync = Yes ldap ssl = no 3) start Samba server 4) run smbclient //smbserver -U myid Password: session setup failed: NT_STATUS_LOGON_FAILURE Attached is the smbd.log, I deleted the normal log and keep failed messages as below: check_sam_security: Couldn't find user 'szeng' in passdb file. auth/auth.c:check_ntlm_password(271) check_ntlm_password: sam authentication for user [szeng] FAILED with error NT_STATUS_NO_SUCH_USER Is there anybody who might have some idea of what is wrong. Yep. You did nothing to create the samba attributes that will have to exist in each user account for the users to log in. I suggest you read the documentation on setting up an LDAP/PDC system that is on the samba.org web site. You've missed quite a few steps here, so you may want to read it through to get a complete idea. Your solution is going to include the following: 1. Obtain and configure the smbldap-tools package. 2. Run the smbldap-populate script 3. Make sure you've got a sambaDomain (I think that's the object type) in the base of your DIT. 4. Join the machine to the domain (since you appear to want a domain setup) 4. Add samba attributes to each user's account. Yes there are 2 #4 entries. Doesn't matter which one comes first. As far as I can remember, those will be the critical steps to not miss. If you've followed the documentation and not done those steps, you've missed something. -- Regards, Steve Zeng Systems Administrator Mainframe Entertainment Inc T: (604) 628-1000 ext 5293 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.11 Compile Error
(BSorry. I was not able to post the error log. (BIt is this. (B (Bbash-2.05b# make (B (BWarning! One or more of your selected locales are not available. (BPlease invoke the commands "locale" and "locale -a" to verify your (Bselections and the available locales. (B (BContinuing processing using the "C" locale. (B (BUsing FLAGS = -O -I./popt -Iinclude -I/var/tmp/test1/syc_work/samba-3.0.11/sour (Bce/include -I/var/tmp/test1/syc_work/samba-3.0.11/source/ubiqx -I/var/tmp/test1/ (Bsyc_work/samba-3.0.11/source/smbwrapper -I. -D_HPUX_SOURCE -D_POSIX_SOURCE -D_L (BARGEFILE64_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4 -DMAX_POSITIVE_LOCK (B_OFFSET=0x1ffLL -I/var/tmp/test1/syc_work/samba-3.0.11/source (B LIBS = -lgen -lsec -lnsl -liconv (B LDSHFLAGS = -shared (B LDFLAGS = (B (BWarning! One or more of your selected locales are not available. (BPlease invoke the commands "locale" and "locale -a" to verify your (Bselections and the available locales. (B (BContinuing processing using the "C" locale. (B (BGenerating smbd/build_options.c (B (BWarning! One or more of your selected locales are not available. (BPlease invoke the commands "locale" and "locale -a" to verify your (Bselections and the available locales. (B (BContinuing processing using the "C" locale. (B (B (BWarning! One or more of your selected locales are not available. (BPlease invoke the commands "locale" and "locale -a" to verify your (Bselections and the available locales. (B (BContinuing processing using the "C" locale. (B (BBuilding include/proto.h (Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/include/proto.h (B (BWarning! One or more of your selected locales are not available. (BPlease invoke the commands "locale" and "locale -a" to verify your (Bselections and the available locales. (B (BContinuing processing using the "C" locale. (B (BBuilding include/wrepld_proto.h (Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/include/wrepld_proto.h (B (BWarning! One or more of your selected locales are not available. (BPlease invoke the commands "locale" and "locale -a" to verify your (Bselections and the available locales. (B (BContinuing processing using the "C" locale. (B (BBuilding include/build_env.h (B (BWarning! One or more of your selected locales are not available. (BPlease invoke the commands "locale" and "locale -a" to verify your (Bselections and the available locales. (B (BContinuing processing using the "C" locale. (B (B (BWarning! One or more of your selected locales are not available. (BPlease invoke the commands "locale" and "locale -a" to verify your (Bselections and the available locales. (B (BContinuing processing using the "C" locale. (B (Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/nsswitch/winbindd_proto.h (Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/web/swat_proto.h (Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/client/client_proto.h (Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/utils/net_proto.h (Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/utils/ntlm_auth_proto.h (BWARNING: you need to run ./config.status (B (BWarning! One or more of your selected locales are not available. (BPlease invoke the commands "locale" and "locale -a" to verify your (Bselections and the available locales. (B (BContinuing processing using the "C" locale. (B (BCompiling dynconfig.c (BIn file included from include/includes.h:421, (B from dynconfig.c:21: (B/usr/include/sys/ipc.h:51: error: parse error before "cid_t" (B/usr/include/sys/ipc.h:56: error: parse error before '}' token (BIn file included from include/includes.h:425, (B from dynconfig.c:21: (B/usr/include/sys/shm.h:82: error: field `shm_perm' has incomplete type (B*** Error exit code 1 (B (BStop. (B (B (B (BOn Wed, 02 Mar 2005 11:17:05 +0900 (B"TAKEUHCI, Osamu" [EMAIL PROTECTED] wrote: (B (B Hello. (B (B I'm trying to run Samba on HP-UX (IA64), but I can't compile Samba source. (B (B I have this following packages: (B (B Samba 3.0.11 (B libiconv 1.9.1 (B HP-UX 11.23 (IA64) (B (B "configure" process is ok. (B At "make" process, I encounters the parsing error. (B (B I attached the compile error log. (B Do you have information how to compile Samba on HP-UX (IA64)? (B (B -- (B Osamu Takeuchi (B (B-- $BC]Fb(B $BM}!wJ<8K8)@>5\;T(B (B (B-- (BTo unsubscribe from this list go to the following URL and read the (Binstructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] MIT Kerberos tickets gone..
I have the following scenario. Windows 2K Active Dir server, Samba 3.0.7 running on Solaris 2.8. Running MIT Kerberos to join and authenticate with the AD. Things work ok, can join the domain, and can access the samba server from trusted domains as well as local domain. However, when doing 'kinit' I have found that the default ticket life was for 24 hours is seemed. After I reboot the solaris / samba server the Kerberos token was gone, and I had to manually generate a new ticket and do a 'net ads join' again to get the server back up.. I found that I can us the -d option with kinit to increase the ticket life and did so to 500 days. Reboot the server and the token is gone again.. Have to then do a 'kinit' again as well as a 'net ads join' to get things running again. I read that I should not have a /etc/krb5.conf due to locking things down to one kdc only. Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root
I don't have any certificates to deal with as I am not using SSL/TLS. I actually tried to do this as a learning exercise but couldn't get it to work based on the documentation I read. Try http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html I will check that out. [snip] 'man ldapsearch'. ldapsearch without -x assumes that you are asking for SASL support that you have configured in slapd.conf, and you haven't. The fact that you get the same results for root or a non-root user doesn't have anything to do with the Unix user that you are logged in as; slapd doesn't care about the Unix )posix) user. It only cares about users in DNs that you feed it. That makes sense to me and I think gives me a clue on some of the problems I was having with the LDAP ACLs. Does that give a better idea of what might be wrong in my setup? Yes. I have to agree with Craig White here (I usually do ;) LDAP for me is the be-all and end-all. i use it for across-platform authentication in production for *everything* It is the corner stone to all services that my users may use. If an application doesn't work with it, then that application is useless to me. Examples of apps that use a single login and password at one site I administer (runs 3 servers under RHAS3 using the same LDAP DSA) are postfix smtp, Courier IMAP, Linux Terminal Server Project, Pykota print quota admin, ssh and a Samba PDC. To be able to master the LDAP part thoroughly, I chose to use source code and subscribe to the 4-5 mailing lists dealing with this. Craig does the same. Get samba working without LDAP first, then make sure you master every possible aspect of openldap and are completely confident with it. Then you can adapt what you've done to Samba. I will do that. Thanks for your time in patiently helping me through this. Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root
On Wed, 2005-03-02 at 10:40 +0800, Doug Campbell wrote: Yes. I have to agree with Craig White here (I usually do ;) LDAP for me is the be-all and end-all. i use it for across-platform authentication in production for *everything* It is the corner stone to all services that my users may use. If an application doesn't work with it, then that application is useless to me. Examples of apps that use a single login and password at one site I administer (runs 3 servers under RHAS3 using the same LDAP DSA) are postfix smtp, Courier IMAP, Linux Terminal Server Project, Pykota print quota admin, ssh and a Samba PDC. To be able to master the LDAP part thoroughly, I chose to use source code and subscribe to the 4-5 mailing lists dealing with this. Craig does the same. Get samba working without LDAP first, then make sure you master every possible aspect of openldap and are completely confident with it. Then you can adapt what you've done to Samba. I will do that. Thanks for your time in patiently helping me through this. I will say the unpopular thing that people don't want to hear. Learning LDAP through samba is probably one of the most obtuse angles that one can take and it seems certain to confound, confuse and frustrate those who try. I know this because I spent 2 or 3 days trying and said to myself - self, this isn't teaching me what I need to know about LDAP So I put Samba on the side - bought Gerry Carter's LDAP System Administration book (great book by the way - perhaps a bit dated but definitely tells you the things you NEED to know). Set up LDAP on the base server, added some users, tested it out with various packages like ssh, imap etc. By this time, I was comfortable with ldapadd/ldapmodify/ldapsearch etc. I was working. I then began working on LDAP ACL's. This took time but by then, I was getting the picture. All in all, this probably took me a week to get a 'basic' understanding of LDAP and I was able to add in Samba stuff. You need to understand LDAP to the point of troubleshooting connections, errors etc. Without this ability, and putting total reliance upon something like the IDEALX tools to populate and maintain LDAP, at the first problem you don't know where to look for causes, you don't know how to solve these problems and you are begging lists for help and you can't even accurately describe the problems you are having except in the most general ways. I understand what people are saying when they say, it seems to be working fine except for...I've been there. It means that they don't know what they are doing and have gotten lucky to a point. Samba/IDEALX is not a turnkey system to create the LDAP backend that works out of the box. In a way, I fear the day that some distribution packages it up with that claim since it will engender a lot of 'Administrators' that don't have a clue what they're doing...Point and click know not the ramification administration is not a Windows patented technology I think. I see all of the people like Steve Zeng - without a clue why things aren't working. When I say, you really need to learn LDAP first - I get a message back - why don't you give me some constructive feedback and I think to myself, damn, I thought I just gave them the most constructive advice that they could get - in case you haven't figured it out yet, this is why I didn't respond to your personal email to me. (Doug - not Steve) I have this saved in my 'subscriptions' file... Thu, 14 Jun 2001 01:14:45 GMT (Wed, 18:14 MST) Welcome to the openldap-software mailing list! I 'monitored' the list for nearly 2 1/2 years before I actually implemented my first DSA. (I admit that I had used LDAP for a year and didn't know what DSA meant - but had the humility to ask what it meant a few weeks ago). I observed. I am on several other lists - I observe. I am not that smart and it probably takes me longer than most but I know that I am not willing to trust the most powerful system on my network to work without doing everything that I can to understand how it works. Knowledge is the power to take responsibility for what I do. Lastly, if LDAP provides core authentication for users on the system, are you gonna feel comfortable relying upon it when you can't operate it, troubleshoot it, articulate how it is structured and/or define the security methods you are using to protect it? Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba failed to authenticate to openLDAP
Paul Gienger: [...] Is there anybody who might have some idea of what is wrong. Yep. You did nothing to create the samba attributes that will have to exist in each user account for the users to log in. I suggest you read the documentation on setting up an LDAP/PDC system that is on the samba.org web site. You've missed quite a few steps here, so you may want to read it through to get a complete idea. Your solution is going to include the following: 1. Obtain and configure the smbldap-tools package. 2. Run the smbldap-populate script 3. Make sure you've got a sambaDomain (I think that's the object type) in the base of your DIT. 4. Join the machine to the domain (since you appear to want a domain setup) 4. Add samba attributes to each user's account. Yes there are 2 #4 entries. Doesn't matter which one comes first. As far as I can remember, those will be the critical steps to not miss. If you've followed the documentation and not done those steps, you've missed something. Not that i don't appreciate your constant help and encouragement but: 1: I followed the docs to the letter; 2: doing that nearly fscked up my already existent DIT for always; 3: I found a different way that worked for me; 4: I promised JHT to write up how (and more importantly why) but I didn't get that far yet. The important thing is, that whoever wrote the (3.0.7 and higher) ldapsam code made it truly versatile: it can do things in more ways than one. As my Walloon Belgian granny used to say: there are more ways of killing a cat than choking it with cheese ;) --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can print test page in the redhat, but can't print through the samba share print,why?
i can print test page in the redhat, but when i use the samba shared printer to print test page, it is said test page failed to print why? one part of my smb.conf as follow: printcap name = CUPS load printers = yes disable spoolss = no show add printer wizard = yes printer admin = samhuang,GZ+samhuang printing = cups any help would be appreciate -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: lorikeet r237 - in branches: .
Author: metze Date: 2005-03-01 13:22:36 + (Tue, 01 Mar 2005) New Revision: 237 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=237 Log: create branches/tmp/ dir metze Added: branches/tmp/ Changeset:
svn commit: samba r5599 - in trunk/examples/LDAP: .
Author: jmcd Date: 2005-03-01 14:00:25 + (Tue, 01 Mar 2005) New Revision: 5599 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5599 Log: Bring IBM Directory Server schema up to date with openldap schema Modified: trunk/examples/LDAP/samba.schema.at.IBM-DS trunk/examples/LDAP/samba.schema.oc.IBM-DS Changeset: Modified: trunk/examples/LDAP/samba.schema.at.IBM-DS === --- trunk/examples/LDAP/samba.schema.at.IBM-DS 2005-03-01 00:10:56 UTC (rev 5598) +++ trunk/examples/LDAP/samba.schema.at.IBM-DS 2005-03-01 14:00:25 UTC (rev 5599) @@ -44,4 +44,32 @@ attributetypes=( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetypes=( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributetypes=( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boolean option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'munged dial' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.56 NAME 'sambaAccountPolicyName' DESC 'Account Policy Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.57 NAME 'sambaAccountPolicyValue' DESC 'Account Policy Value' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) Modified: trunk/examples/LDAP/samba.schema.oc.IBM-DS === --- trunk/examples/LDAP/samba.schema.oc.IBM-DS 2005-03-01 00:10:56 UTC (rev 5598) +++ trunk/examples/LDAP/samba.schema.oc.IBM-DS 2005-03-01 14:00:25 UTC (rev 5599) @@ -1,8 +1,8 @@ ## Samba 3.0 schema for IBM Directory Server 5.1 - object classes only -objectclasses=( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial )) +objectclasses=( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $
svn commit: samba r5600 - in branches/SAMBA_3_0/examples/LDAP: .
Author: jmcd Date: 2005-03-01 14:00:25 + (Tue, 01 Mar 2005) New Revision: 5600 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5600 Log: Bring IBM Directory Server schema up to date with openldap schema Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS branches/SAMBA_3_0/examples/LDAP/samba.schema.oc.IBM-DS Changeset: Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS === --- branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS 2005-03-01 14:00:25 UTC (rev 5599) +++ branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS 2005-03-01 14:00:25 UTC (rev 5600) @@ -44,4 +44,32 @@ attributetypes=( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetypes=( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributetypes=( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boolean option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'munged dial' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.56 NAME 'sambaAccountPolicyName' DESC 'Account Policy Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetypes=( 1.3.6.1.4.1.7165.2.1.57 NAME 'sambaAccountPolicyValue' DESC 'Account Policy Value' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema.oc.IBM-DS === --- branches/SAMBA_3_0/examples/LDAP/samba.schema.oc.IBM-DS 2005-03-01 14:00:25 UTC (rev 5599) +++ branches/SAMBA_3_0/examples/LDAP/samba.schema.oc.IBM-DS 2005-03-01 14:00:25 UTC (rev 5600) @@ -1,8 +1,8 @@ ## Samba 3.0 schema for IBM Directory Server 5.1 - object classes only -objectclasses=( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial )) +objectclasses=( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
svn commit: samba r5601 - in branches/SAMBA_4_0/source: libads libcli/auth
Author: metze Date: 2005-03-01 15:19:18 + (Tue, 01 Mar 2005) New Revision: 5601 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5601 Log: add a gsskrb5 backend that uses lorikeet-heimdal's new gssapi with GSS_C_DCE_STYLE support, it's just a start and does work correctly yet metze Added: branches/SAMBA_4_0/source/libcli/auth/gensec_gsskrb5.c Modified: branches/SAMBA_4_0/source/libads/config.m4 branches/SAMBA_4_0/source/libcli/auth/gensec.m4 branches/SAMBA_4_0/source/libcli/auth/gensec.mk Changeset: Sorry, the patch is too large (658 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5601
svn commit: samba r5602 - in trunk/source: . groupdb nsswitch sam
Author: vlendec Date: 2005-03-01 15:41:35 + (Tue, 01 Mar 2005) New Revision: 5602 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5602 Log: Make winbindd_sid_to_gid async, meanwhile solving a problem while creating aliases. Make winbindd_uid_to_sid async. This is quite complicated, the path for uid_to_sid using winbind trusted domains only = yes contains 3 (!) blocking functions. getpwuid, name2sid and idmap_set_mapping. Who invented this parameter :-( Volker Added: trunk/source/nsswitch/winbindd_async.c Modified: trunk/source/Makefile.in trunk/source/groupdb/mapping.c trunk/source/nsswitch/wb_client.c trunk/source/nsswitch/winbindd.c trunk/source/nsswitch/winbindd_dual.c trunk/source/nsswitch/winbindd_group.c trunk/source/nsswitch/winbindd_nss.h trunk/source/nsswitch/winbindd_sid.c trunk/source/nsswitch/winbindd_user.c trunk/source/nsswitch/winbindd_util.c trunk/source/sam/idmap_util.c Changeset: Sorry, the patch is too large (1142 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5602
svn commit: samba r5603 - in branches/SAMBA_4_0/source: build/pidl librpc/rpc torture/rpc
Author: metze Date: 2005-03-01 16:08:36 + (Tue, 01 Mar 2005) New Revision: 5603 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5603 Log: add authservice() property to the interface property list so we can specify allowed target service names in the idl file the default is host metze Modified: branches/SAMBA_4_0/source/build/pidl/ndr.pm branches/SAMBA_4_0/source/librpc/rpc/dcerpc.h branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c branches/SAMBA_4_0/source/librpc/rpc/dcerpc_util.c branches/SAMBA_4_0/source/torture/rpc/bind.c Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/ndr.pm === --- branches/SAMBA_4_0/source/build/pidl/ndr.pm 2005-03-01 15:41:35 UTC (rev 5602) +++ branches/SAMBA_4_0/source/build/pidl/ndr.pm 2005-03-01 16:08:36 UTC (rev 5603) @@ -2008,18 +2008,40 @@ pidl ; pidl static const struct dcerpc_endpoint_list $interface-{NAME}\_endpoints = {; - pidl \t$endpoint_count, $interface-{NAME}\_endpoint_strings; + pidl \t.count\t= $endpoint_count,; + pidl \t.names\t= $interface-{NAME}\_endpoint_strings; pidl };; pidl ; + if (! defined $interface-{PROPERTIES}-{authservice}) { + $interface-{PROPERTIES}-{authservice} = \host\; + } + + my @a = split / /, $interface-{PROPERTIES}-{authservice}; + my $authservice_count = $#a + 1; + + pidl static const char * const $interface-{NAME}\_authservice_strings[] = {; + foreach my $ap (@a) { + pidl \t$ap, ; + } + pidl };; + pidl ; + + pidl static const struct dcerpc_authservice_list $interface-{NAME}\_authservices = {; + pidl \t.count\t= $endpoint_count,; + pidl \t.names\t= $interface-{NAME}\_authservice_strings; + pidl };; + pidl ; + pidl \nconst struct dcerpc_interface_table dcerpc_table_$interface-{NAME} = {; - pidl \t\$interface-{NAME}\,; - pidl \tDCERPC_$uname\_UUID,; - pidl \tDCERPC_$uname\_VERSION,; - pidl \tDCERPC_$uname\_HELPSTRING,; - pidl \t$count,; - pidl \t$interface-{NAME}\_calls,; - pidl \t$interface-{NAME}\_endpoints; + pidl \t.name\t\t= \$interface-{NAME}\,; + pidl \t.uuid\t\t= DCERPC_$uname\_UUID,; + pidl \t.if_version\t= DCERPC_$uname\_VERSION,; + pidl \t.helpstring\t= DCERPC_$uname\_HELPSTRING,; + pidl \t.num_calls\t= $count,; + pidl \t.calls\t\t= $interface-{NAME}\_calls,; + pidl \t.endpoints\t= $interface-{NAME}\_endpoints,; + pidl \t.authservices\t= $interface-{NAME}\_authservices; pidl };; pidl ; Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.h === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.h 2005-03-01 15:41:35 UTC (rev 5602) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.h 2005-03-01 16:08:36 UTC (rev 5603) @@ -153,6 +153,11 @@ const char * const *names; }; +struct dcerpc_authservice_list { + uint32_t count; + const char * const *names; +}; + struct dcerpc_interface_table { const char *name; const char *uuid; @@ -161,6 +166,7 @@ uint32_t num_calls; const struct dcerpc_interface_call *calls; const struct dcerpc_endpoint_list *endpoints; + const struct dcerpc_authservice_list *authservices; }; struct dcerpc_interface_list { @@ -175,6 +181,7 @@ uint16_t object_version; const char *host; const char *endpoint; + const char *authservice; const char **options; uint32_t flags; }; Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c === --- branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c 2005-03-01 15:41:35 UTC (rev 5602) +++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc_auth.c 2005-03-01 16:08:36 UTC (rev 5603) @@ -146,7 +146,8 @@ const char *domain, const char *username, const char *password, - uint8_t auth_type) + uint8_t auth_type, + const char *service) { NTSTATUS status; @@ -189,6 +190,15 @@ return status; } + if (service) { + status = gensec_set_target_service(p-conn-security_state.generic_state, service); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1, (Failed to start set GENSEC target service: %s\n, + nt_errstr(status))); + return status; + } + } + status = gensec_start_mech_by_authtype(p-conn-security_state.generic_state,
svn commit: samba r5604 - in trunk/source/nsswitch: .
Author: vlendec Date: 2005-03-01 16:37:29 + (Tue, 01 Mar 2005) New Revision: 5604 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5604 Log: Make winbindd_allocate_rid and winbindd_gid_to_sid async. Volker Modified: trunk/source/nsswitch/winbindd.c trunk/source/nsswitch/winbindd_dual.c trunk/source/nsswitch/winbindd_sid.c Changeset: Modified: trunk/source/nsswitch/winbindd.c === --- trunk/source/nsswitch/winbindd.c2005-03-01 16:08:36 UTC (rev 5603) +++ trunk/source/nsswitch/winbindd.c2005-03-01 16:37:29 UTC (rev 5604) @@ -271,8 +271,8 @@ { WINBINDD_SID_TO_UID, winbindd_sid_to_uid_async, SID_TO_UID }, { WINBINDD_SID_TO_GID, winbindd_sid_to_gid_async, SID_TO_GID }, { WINBINDD_UID_TO_SID, winbindd_uid_to_sid_async, UID_TO_SID }, - { WINBINDD_GID_TO_SID, winbindd_gid_to_sid, GID_TO_SID }, - { WINBINDD_ALLOCATE_RID, winbindd_allocate_rid, ALLOCATE_RID }, + { WINBINDD_GID_TO_SID, winbindd_gid_to_sid_async, GID_TO_SID }, + { WINBINDD_ALLOCATE_RID, winbindd_allocate_rid_async, ALLOCATE_RID }, { WINBINDD_ALLOCATE_RID_AND_GID, winbindd_allocate_rid_and_gid_async, ALLOCATE_RID_AND_GID }, Modified: trunk/source/nsswitch/winbindd_dual.c === --- trunk/source/nsswitch/winbindd_dual.c 2005-03-01 16:08:36 UTC (rev 5603) +++ trunk/source/nsswitch/winbindd_dual.c 2005-03-01 16:37:29 UTC (rev 5604) @@ -433,6 +433,7 @@ { WINBINDD_DUAL_UID2NAME, winbindd_dual_uid2name, DUAL_UID2NAME }, { WINBINDD_DUAL_GID2NAME, winbindd_dual_gid2name, DUAL_GID2NAME }, { WINBINDD_DUAL_IDMAPSET, winbindd_dual_idmapset, DUAL_IDMAPSET }, + { WINBINDD_ALLOCATE_RID, winbindd_allocate_rid, ALLOCATE_RID }, { WINBINDD_ALLOCATE_RID_AND_GID, winbindd_allocate_rid_and_gid, ALLOCATE_RID_AND_GID }, /* End of list */ Modified: trunk/source/nsswitch/winbindd_sid.c === --- trunk/source/nsswitch/winbindd_sid.c2005-03-01 16:08:36 UTC (rev 5603) +++ trunk/source/nsswitch/winbindd_sid.c2005-03-01 16:37:29 UTC (rev 5604) @@ -505,8 +505,9 @@ static void uid2sid_uid2name_recv(void *private, BOOL success, const char *username); -static void uid2sid_lookupsid_recv(void *private, BOOL success, - const DOM_SID *sid, enum SID_NAME_USE type); +static void uid2sid_lookupname_recv(void *private, BOOL success, + const DOM_SID *sid, + enum SID_NAME_USE type); static void uid2sid_idmap_set_mapping_recv(void *private, BOOL success); enum winbindd_result winbindd_uid_to_sid_async(struct winbindd_cli_state *state) @@ -577,11 +578,11 @@ winbindd_lookup_name_async(state-cli_state-mem_ctx, domain-name, username, - uid2sid_lookupsid_recv, state); + uid2sid_lookupname_recv, state); } -static void uid2sid_lookupsid_recv(void *private, BOOL success, - const DOM_SID *sid, enum SID_NAME_USE type) +static void uid2sid_lookupname_recv(void *private, BOOL success, + const DOM_SID *sid, enum SID_NAME_USE type) { struct uid2sid_state *state = private; unid_t id; @@ -592,12 +593,6 @@ return; } - if (type != SID_NAME_USER) { - state-cli_state-response.result = WINBINDD_ERROR; - request_finished(state-cli_state); - return; - } - state-sid = *sid; state-type = type; @@ -619,23 +614,37 @@ } /* Convert a gid to a sid */ -enum winbindd_result winbindd_gid_to_sid(struct winbindd_cli_state *state) + +struct gid2sid_state { + struct winbindd_cli_state *cli_state; + gid_t gid; + fstring name; + DOM_SID sid; + enum SID_NAME_USE type; +}; + +static void gid2sid_gid2name_recv(void *private, BOOL success, + const char *groupname); +static void gid2sid_lookupname_recv(void *private, BOOL success, + const DOM_SID *sid, + enum SID_NAME_USE type); +static void gid2sid_idmap_set_mapping_recv(void *private, BOOL success); + +enum winbindd_result winbindd_gid_to_sid_async(struct winbindd_cli_state *state) { DOM_SID sid; NTSTATUS status; - struct group *grp = NULL; - enum SID_NAME_USE type; - unid_t id; - struct winbindd_domain *domain; + struct gid2sid_state *gid2sid_state; DEBUG(3, ([%5lu]: gid to sid %lu\n, (unsigned long)state-pid, (unsigned long)state-request.data.gid)); -
svn commit: samba r5605 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jerry Date: 2005-03-01 17:28:25 + (Tue, 01 Mar 2005) New Revision: 5605 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5605 Log: only display the publish check box on printer if we are a member of an AD domain clean up some hardcoded constands with the REG_XXX constant. Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-03-01 16:37:29 UTC (rev 5604) +++ branches/SAMBA_3_0/source/rpc_server/srv_spoolss_nt.c 2005-03-01 17:28:25 UTC (rev 5605) @@ -2310,7 +2310,7 @@ DEBUG(8,(getprinterdata_printer_server:%s\n, value)); if (!StrCaseCmp(value, W3SvcInstalled)) { - *type = 0x4; + *type = REG_DWORD; if((*data = (uint8 *)TALLOC_ZERO(ctx, 4*sizeof(uint8) )) == NULL) return WERR_NOMEM; *needed = 0x4; @@ -2318,7 +2318,7 @@ } if (!StrCaseCmp(value, BeepEnabled)) { - *type = 0x4; + *type = REG_DWORD; if((*data = (uint8 *)TALLOC(ctx, 4*sizeof(uint8) )) == NULL) return WERR_NOMEM; SIVAL(*data, 0, 0x00); @@ -2327,7 +2327,7 @@ } if (!StrCaseCmp(value, EventLog)) { - *type = 0x4; + *type = REG_DWORD; if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL) return WERR_NOMEM; /* formally was 0x1b */ @@ -2337,7 +2337,7 @@ } if (!StrCaseCmp(value, NetPopup)) { - *type = 0x4; + *type = REG_DWORD; if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL) return WERR_NOMEM; SIVAL(*data, 0, 0x00); @@ -2346,7 +2346,7 @@ } if (!StrCaseCmp(value, MajorVersion)) { - *type = 0x4; + *type = REG_DWORD; if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL) return WERR_NOMEM; @@ -2365,7 +2365,7 @@ } if (!StrCaseCmp(value, MinorVersion)) { - *type = 0x4; + *type = REG_DWORD; if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL) return WERR_NOMEM; SIVAL(*data, 0, 0); @@ -2381,7 +2381,7 @@ * extra unicode string = e.g. Service Pack 3 */ if (!StrCaseCmp(value, OSVersion)) { - *type = 0x3; + *type = REG_BINARY; *needed = 0x114; if((*data = (uint8 *)TALLOC(ctx, *needed)) == NULL) @@ -2401,7 +2401,7 @@ if (!StrCaseCmp(value, DefaultSpoolDirectory)) { const char *string=C:\\PRINTERS; - *type = 0x1; + *type = REG_SZ; *needed = 2*(strlen(string)+1); if((*data = (uint8 *)TALLOC(ctx, (*needed in_size) ? *needed:in_size )) == NULL) return WERR_NOMEM; @@ -2417,7 +2417,7 @@ if (!StrCaseCmp(value, Architecture)) { const char *string=Windows NT x86; - *type = 0x1; + *type = REG_SZ; *needed = 2*(strlen(string)+1); if((*data = (uint8 *)TALLOC(ctx, (*needed in_size) ? *needed:in_size )) == NULL) return WERR_NOMEM; @@ -2430,10 +2430,18 @@ } if (!StrCaseCmp(value, DsPresent)) { - *type = 0x4; + *type = REG_DWORD; if((*data = (uint8 *)TALLOC(ctx, 4 )) == NULL) return WERR_NOMEM; - SIVAL(*data, 0, 0x01); + + /* only show the publish check box if we are a + memeber of a AD domain */ + + if ( lp_security() == SEC_ADS ) + SIVAL(*data, 0, 0x01); + else + SIVAL(*data, 0, 0x00); + *needed = 0x4; return WERR_OK; } @@ -2443,7 +2451,7 @@ if (!get_mydnsfullname(hostname)) return WERR_BADFILE; - *type = 0x1; + *type = REG_SZ; *needed = 2*(strlen(hostname)+1); if((*data = (uint8 *)TALLOC(ctx, (*needed in_size) ? *needed:in_size )) == NULL) return WERR_NOMEM;
svn commit: lorikeet r240 - in branches/tmp/heimdal-gssapi: admin lib/krb5
Author: metze Date: 2005-03-01 18:58:11 + (Tue, 01 Mar 2005) New Revision: 240 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=240 Log: add ktutil add --keyhex option that says that the specified password is the key as hex string, this is very useful when you have the NTHASH as hexstring, like that one's stored in samba's passdb backends, or what a modified RPC-SAMSYNC torture test gives me... (ethereal can know decrypt krb5 blobs from my w2k3 dc) metze Modified: branches/tmp/heimdal-gssapi/admin/add.c branches/tmp/heimdal-gssapi/admin/ktutil-commands.in branches/tmp/heimdal-gssapi/lib/krb5/crypto.c branches/tmp/heimdal-gssapi/lib/krb5/krb5-protos.h Changeset: Modified: branches/tmp/heimdal-gssapi/admin/add.c === --- branches/tmp/heimdal-gssapi/admin/add.c 2005-03-01 13:52:43 UTC (rev 239) +++ branches/tmp/heimdal-gssapi/admin/add.c 2005-03-01 18:58:11 UTC (rev 240) @@ -101,7 +101,10 @@ opt-password_string = buf; } if(opt-password_string) { - if (!opt-salt_flag) { + if (opt-keyhex_flag) { + ret = krb5_hexkey_to_key(context, enctype, opt-password_string, +entry.principal, entry.keyblock); + } else if (!opt-salt_flag) { krb5_salt salt; krb5_data pw; Modified: branches/tmp/heimdal-gssapi/admin/ktutil-commands.in === --- branches/tmp/heimdal-gssapi/admin/ktutil-commands.in2005-03-01 13:52:43 UTC (rev 239) +++ branches/tmp/heimdal-gssapi/admin/ktutil-commands.in2005-03-01 18:58:11 UTC (rev 240) @@ -75,6 +75,12 @@ type = flag help = generate random key } + option = { + long = keyhex + short = k + type = flag + help = password is key as hex string + } function = kt_add help = Adds a key to a keytab. max_args = 0 Modified: branches/tmp/heimdal-gssapi/lib/krb5/crypto.c === --- branches/tmp/heimdal-gssapi/lib/krb5/crypto.c 2005-03-01 13:52:43 UTC (rev 239) +++ branches/tmp/heimdal-gssapi/lib/krb5/crypto.c 2005-03-01 18:58:11 UTC (rev 240) @@ -1176,7 +1176,75 @@ return ret; } + krb5_error_code KRB5_LIB_FUNCTION +krb5_hexkey_to_key (krb5_context context, + krb5_enctype enctype, + const char *hexkey, + krb5_principal principal, + krb5_keyblock *key) +{ +char *k; +size_t len; +int i, y, key_len, left; +struct encryption_type *et =_find_enctype(enctype); + +if(et == NULL) { + krb5_set_error_string(context, encryption type %d not supported, + enctype); + return KRB5_PROG_ETYPE_NOSUPP; +} + +key_len = et-keytype-size; + +len = strlen(hexkey); +if (len != (key_len*2)) { + krb5_set_error_string(context, invalid hexkey len (%d/%d), len, key_len*2); + return EINVAL; +} + +k = malloc (len); +if (k == NULL) { + krb5_set_error_string(context, malloc: out of memory); + return ENOMEM; +} + +i = 0; +y = 0; +left = len; +for (; left 0;) { + int ret; + unsigned c; + + ret = sscanf(hexkey[i],%02X, c); + if (ret != 1 || c 0xFF) { + krb5_set_error_string(context, invalid hexkey); + memset (k, 0, len); + free (k); + return EINVAL; + } + left -= 2; + i += 2; + k[y++] = (char)c; +} + +if (y != key_len) { + krb5_set_error_string(context, invalid key len (%d/%d), y, key_len); + memset (k, 0, len); + free (k); + return EINVAL; +} + +key-keytype = enctype; +krb5_data_alloc (key-keyvalue, key_len); +memcpy(key-keyvalue.data, k, key_len); +memset (k, 0, len); +free (k); +return 0; +} + + +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key (krb5_context context, krb5_enctype enctype, const char *password, Modified: branches/tmp/heimdal-gssapi/lib/krb5/krb5-protos.h === --- branches/tmp/heimdal-gssapi/lib/krb5/krb5-protos.h 2005-03-01 13:52:43 UTC (rev 239) +++ branches/tmp/heimdal-gssapi/lib/krb5/krb5-protos.h 2005-03-01 18:58:11 UTC (rev 240) @@ -3030,6 +3030,13 @@ krb5_keyblock */*key*/); krb5_error_code KRB5_LIB_FUNCTION +krb5_hexkey_to_key (krb5_context /*context*/, + krb5_enctype /*enctype*/, + const char */*hexkey*/, + krb5_principal /*principal*/, + krb5_keyblock */*key*/); + +krb5_error_code KRB5_LIB_FUNCTION krb5_string_to_key_data_salt (
svn commit: samba r5606 - in trunk/source/smbd: .
Author: jra Date: 2005-03-01 21:25:53 + (Tue, 01 Mar 2005) New Revision: 5606 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5606 Log: Fix for bug #2399 - ensure we use SMB_VFS_STAT instead of stat when checking for existance of a pathname. Jeremy. Modified: trunk/source/smbd/service.c Changeset: Modified: trunk/source/smbd/service.c === --- trunk/source/smbd/service.c 2005-03-01 17:28:25 UTC (rev 5605) +++ trunk/source/smbd/service.c 2005-03-01 21:25:53 UTC (rev 5606) @@ -278,6 +278,7 @@ *user = 0; fstrcpy(dev, pdev); + ZERO_STRUCT(st); if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) { return NULL; @@ -622,7 +623,7 @@ } #else /* the alternative is just to check the directory exists */ - if (stat(conn-connectpath, st) != 0 || !S_ISDIR(st.st_mode)) { + if (SMB_VFS_STAT(conn, conn-connectpath, st) != 0 || !S_ISDIR(st.st_mode)) { DEBUG(0,('%s' does not exist or is not a directory, when connecting to [%s]\n, conn-connectpath, lp_servicename(SNUM(conn; change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn)));
svn commit: samba r5607 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-03-01 21:26:01 + (Tue, 01 Mar 2005) New Revision: 5607 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5607 Log: Fix for bug #2399 - ensure we use SMB_VFS_STAT instead of stat when checking for existance of a pathname. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/service.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/service.c === --- branches/SAMBA_3_0/source/smbd/service.c2005-03-01 21:25:53 UTC (rev 5606) +++ branches/SAMBA_3_0/source/smbd/service.c2005-03-01 21:26:01 UTC (rev 5607) @@ -278,6 +278,7 @@ *user = 0; fstrcpy(dev, pdev); + ZERO_STRUCT(st); if (NT_STATUS_IS_ERR(*status = share_sanity_checks(snum, dev))) { return NULL; @@ -622,7 +623,7 @@ } #else /* the alternative is just to check the directory exists */ - if (stat(conn-connectpath, st) != 0 || !S_ISDIR(st.st_mode)) { + if (SMB_VFS_STAT(conn, conn-connectpath, st) != 0 || !S_ISDIR(st.st_mode)) { DEBUG(0,('%s' does not exist or is not a directory, when connecting to [%s]\n, conn-connectpath, lp_servicename(SNUM(conn; change_to_root_user(); yield_connection(conn, lp_servicename(SNUM(conn)));
svn commit: samba r5608 - in branches/SAMBA_3_0/source/smbd: .
Author: jerry Date: 2005-03-01 21:48:34 + (Tue, 01 Mar 2005) New Revision: 5608 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5608 Log: BUG 2399 - removing dead code (not finished with bug yet). Modified: branches/SAMBA_3_0/source/smbd/service.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/service.c === --- branches/SAMBA_3_0/source/smbd/service.c2005-03-01 21:26:01 UTC (rev 5607) +++ branches/SAMBA_3_0/source/smbd/service.c2005-03-01 21:48:34 UTC (rev 5608) @@ -606,22 +606,10 @@ } #endif -#if CHECK_PATH_ON_TCONX /* win2000 does not check the permissions on the directory during the tree connect, instead relying on permission check during individual operations. To match this behaviour I have disabled this chdir check (tridge) */ - if (vfs_ChDir(conn,conn-connectpath) != 0) { - DEBUG(0,(%s (%s) Can't change directory to %s (%s)\n, -get_remote_machine_name(), conn-client_address, -conn-connectpath,strerror(errno))); - change_to_root_user(); - yield_connection(conn, lp_servicename(SNUM(conn))); - conn_free(conn); - *status = NT_STATUS_BAD_NETWORK_NAME; - return NULL; - } -#else /* the alternative is just to check the directory exists */ if (SMB_VFS_STAT(conn, conn-connectpath, st) != 0 || !S_ISDIR(st.st_mode)) { DEBUG(0,('%s' does not exist or is not a directory, when connecting to [%s]\n, conn-connectpath, lp_servicename(SNUM(conn; @@ -631,7 +619,6 @@ *status = NT_STATUS_BAD_NETWORK_NAME; return NULL; } -#endif string_set(conn-origpath,conn-connectpath);
svn commit: samba r5609 - in branches/tmp: .
Author: tpot Date: 2005-03-01 23:36:36 + (Tue, 01 Mar 2005) New Revision: 5609 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5609 Log: Remove abartlet's old branch. Removed: branches/tmp/abartlet-4_0/ Changeset:
svn commit: samba r5610 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: mimir Date: 2005-03-01 23:53:18 + (Tue, 01 Mar 2005) New Revision: 5610 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5610 Log: Starting libnet test of userinfo call. Unfinished yet, though doesn't break anything at the moment. rafal Added: branches/SAMBA_4_0/source/torture/libnet/userinfo.c Changeset: Added: branches/SAMBA_4_0/source/torture/libnet/userinfo.c === --- branches/SAMBA_4_0/source/torture/libnet/userinfo.c 2005-03-01 23:36:36 UTC (rev 5609) +++ branches/SAMBA_4_0/source/torture/libnet/userinfo.c 2005-03-01 23:53:18 UTC (rev 5610) @@ -0,0 +1,100 @@ +/* + Unix SMB/CIFS implementation. + Test suite for libnet calls. + + Copyright (C) Rafal Szczesniak 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h +#include librpc/gen_ndr/ndr_samr.h + + +static BOOL test_opendomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle, struct samr_String *domname) +{ + NTSTATUS status; + struct policy_handle h, domain_handle; + struct samr_Connect r1; + struct samr_LookupDomain r2; + struct samr_OpenDomain r3; + + printf(connecting\n); + + r1.in.system_name = 0; + r1.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r1.out.connect_handle = h; + + status = dcerpc_samr_Connect(p, mem_ctx, r1); + if (!NT_STATUS_IS_OK(status)) { + printf(Connect failed - %s\n, nt_errstr(status)); + return False; + } + + r2.in.connect_handle = h; + r2.in.domain_name = domname; + + status = dcerpc_samr_LookupDomain(p, mem_ctx, r2); + if (!NT_STATUS_IS_OK(status)) { + printf(LookupDomain failed - %s\n, nt_errstr(status)); + return False; + } + + r3.in.connect_handle = h; + r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r3.in.sid = r2.out.sid; + r3.out.domain_handle = domain_handle; + + status = dcerpc_samr_OpenDomain(p, mem_ctx, r3); + if (!NT_STATUS_IS_OK(status)) { + printf(OpenDomain failed - %s\n, nt_errstr(status)); + return False; + } else { + *handle = domain_handle; + } +} + + +BOOL torture_userinfo(void) +{ + NTSTATUS status; + struct dcerpc_pipe *p; + TALLOC_CTX *mem_ctx; + BOOL ret = True; + struct policy_handle h; + struct samr_String name = { 4, 4, TEST }; + + mem_ctx = talloc_init(test_userinfo); + + status = torture_rpc_connection(p, + DCERPC_SAMR_NAME, + DCERPC_SAMR_UUID, + DCERPC_SAMR_VERSION); + + if (!NT_STATUS_IS_OK(status)) { + return False; + } + + if (!test_opendomain(p, mem_ctx, h, name)) { + ret = False; + } + + talloc_free(mem_ctx); + + torture_rpc_close(p); + + return ret; +}
svn commit: samba r5613 - in trunk/source/utils: .
Author: jerry Date: 2005-03-02 03:23:09 + (Wed, 02 Mar 2005) New Revision: 5613 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5613 Log: fix proto for copy_fn() after changes to cli_list() Modified: trunk/source/utils/net_rpc.c Changeset: Modified: trunk/source/utils/net_rpc.c === --- trunk/source/utils/net_rpc.c2005-03-02 00:33:40 UTC (rev 5612) +++ trunk/source/utils/net_rpc.c2005-03-02 03:23:09 UTC (rev 5613) @@ -2792,7 +2792,7 @@ * @param statearg-pointer * **/ -static void copy_fn(file_info *f, const char *mask, void *state) +static void copy_fn(const char *mnt, file_info *f, const char *mask, void *state) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct copy_clistate *local_state = (struct copy_clistate *)state;
svn commit: samba r5614 - in branches/SAMBA_3_0/source/utils: .
Author: jerry Date: 2005-03-02 03:24:40 + (Wed, 02 Mar 2005) New Revision: 5614 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5614 Log: fix proto for copy_fn() after changes to cli_list() Modified: branches/SAMBA_3_0/source/utils/net_rpc.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_rpc.c === --- branches/SAMBA_3_0/source/utils/net_rpc.c 2005-03-02 03:23:09 UTC (rev 5613) +++ branches/SAMBA_3_0/source/utils/net_rpc.c 2005-03-02 03:24:40 UTC (rev 5614) @@ -2792,7 +2792,7 @@ * @param statearg-pointer * **/ -static void copy_fn(file_info *f, const char *mask, void *state) +static void copy_fn(const char *mnt, file_info *f, const char *mask, void *state) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct copy_clistate *local_state = (struct copy_clistate *)state;
svn commit: samba r5615 - in trunk/source/smbd: .
Author: jra Date: 2005-03-02 03:41:35 + (Wed, 02 Mar 2005) New Revision: 5615 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5615 Log: Forgot about the sticky bit on directories (commonly set on /tmp). If this is set then only the owner or root can delete a file. We now use the same algorithm to check file delete. Jeremy. Modified: trunk/source/smbd/posix_acls.c Changeset: Modified: trunk/source/smbd/posix_acls.c === --- trunk/source/smbd/posix_acls.c 2005-03-02 03:24:40 UTC (rev 5614) +++ trunk/source/smbd/posix_acls.c 2005-03-02 03:41:35 UTC (rev 5615) @@ -3903,10 +3903,26 @@ if (current_user.uid == sbuf.st_uid) { return (sbuf.st_mode S_IWUSR) ? True : False; } + +#ifdef S_ISVTX + /* sticky bit means delete only by owner or root. */ + if (sbuf.st_mode S_ISVTX) { + SMB_STRUCT_STAT sbuf_file; + if(SMB_VFS_STAT(conn, fname, sbuf_file) != 0) { + return False; + } + if (current_user.uid == sbuf_file.st_uid) { + return True; + } + return False; + } +#endif + /* Check group ownership. */ ret = check_posix_acl_group_write(conn, dname, sbuf); if (ret == 0 || ret == 1) { return ret ? True : False; } + return (sbuf.st_mode S_IWOTH) ? True : False; }
svn commit: samba r5616 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-03-02 03:41:44 + (Wed, 02 Mar 2005) New Revision: 5616 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5616 Log: Forgot about the sticky bit on directories (commonly set on /tmp). If this is set then only the owner or root can delete a file. We now use the same algorithm to check file delete. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/posix_acls.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/posix_acls.c === --- branches/SAMBA_3_0/source/smbd/posix_acls.c 2005-03-02 03:41:35 UTC (rev 5615) +++ branches/SAMBA_3_0/source/smbd/posix_acls.c 2005-03-02 03:41:44 UTC (rev 5616) @@ -3903,10 +3903,26 @@ if (current_user.uid == sbuf.st_uid) { return (sbuf.st_mode S_IWUSR) ? True : False; } + +#ifdef S_ISVTX + /* sticky bit means delete only by owner or root. */ + if (sbuf.st_mode S_ISVTX) { + SMB_STRUCT_STAT sbuf_file; + if(SMB_VFS_STAT(conn, fname, sbuf_file) != 0) { + return False; + } + if (current_user.uid == sbuf_file.st_uid) { + return True; + } + return False; + } +#endif + /* Check group ownership. */ ret = check_posix_acl_group_write(conn, dname, sbuf); if (ret == 0 || ret == 1) { return ret ? True : False; } + return (sbuf.st_mode S_IWOTH) ? True : False; }