[Samba] Log deletion of file
Hi! Today i stumbled into a problem. Someone in our economic-department had deleted a couple of files. There was no big issue since the files was on backup-tape but since noone knew who had deleted them and there are a lot of sick people today it was hard to ask the one who deleted the files why he/she deleted them even though it most likley was of an legitimate reason. The problem I faced was that when searching through the logs I could not even see that a deletion had occurd. So the quitestion, my logs view when people opens and closes files but how do I see when they delete files? Thanks in advance Roland Carlsson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba-3.0.6 on Redhat AS3
Gees I hate programmers :) Fixed the problem thanks to this thread http://www.linuxforum.com/forums/index.php?showtopic=104897 The line I needed was use sendfile = no Thanks Greg -Original Message- From: Geoff Scott [mailto:[EMAIL PROTECTED] Sent: Thursday, 12 May 2005 12:35 PM To: Greg Wiggill; samba@lists.samba.org Subject: RE: [Samba] samba-3.0.6 on Redhat AS3 Greg Wiggill wrote: [global] workgroup = blah server string = blah cup options = raw log file = /var/log/samba/%m.log max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd os level = 0 dns proxy = no dos filetime resolution = yes Mr Wiggill, why the need for dos filetime resolution = yes ? The default is no. Comment (#) that line out and see if it speeds things up for you. By the way if this works, does this mean I get a discount on Pronto support? ;-) Regards Geoff Scott # This email has been scanned by MailMarshal, an email content filter. # -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Log deletion of file
On Thursday 12 May 2005 00:08, Roland Carlsson wrote: Hi! Today i stumbled into a problem. Someone in our economic-department had deleted a couple of files. There was no big issue since the files was on backup-tape but since noone knew who had deleted them and there are a lot of sick people today it was hard to ask the one who deleted the files why he/she deleted them even though it most likley was of an legitimate reason. The problem I faced was that when searching through the logs I could not even see that a deletion had occurd. So the quitestion, my logs view when people opens and closes files but how do I see when they delete files? Please refer to Chapter 22, Section 22.3.2 of the Samba-HOWTO-Collection. This document may be downloaded from: http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Log deletion of file
On Thursday 12 May 2005 00:25, John H Terpstra wrote: On Thursday 12 May 2005 00:08, Roland Carlsson wrote: Hi! Today i stumbled into a problem. Someone in our economic-department had deleted a couple of files. There was no big issue since the files was on backup-tape but since noone knew who had deleted them and there are a lot of sick people today it was hard to ask the one who deleted the files why he/she deleted them even though it most likley was of an legitimate reason. The problem I faced was that when searching through the logs I could not even see that a deletion had occurd. So the quitestion, my logs view when people opens and closes files but how do I see when they delete files? Please refer to Chapter 22, Section 22.3.2 of the Samba-HOWTO-Collection. This document may be downloaded from: http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf - John T. I know replying to oneself is a bad thing(TM) - but it seems the document on our web site has not been updated since May 1. The location in the on-line version is chapter 21. Apologies for the confusion. Please note that I am updating this book at this time. There will be many changes over the next 4 days. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Exchange 5.5 on a Samba Domain
Hi, I recently migrated from an NT4 Domain to a Samba domain with LDAP backend. We use Exchange 5.5 on NT4 as our mail/groupware. All existing users on the domain appear to be using the Exchange Server without any problems. However, when i create new users they cannot access their mail box'es from Outlook. The Event log on the Exchange Server reports the following error : A logon attempt failed because an attempt to look up Windows NT account information failed. Error 1332. The new user accounts appear to work perfectly otherwise. They can log onto the Domain and the Exchange NT4 Serve itself. They can even check their mail using squirrelmail webmail which connects to the exchange server using IMAP. I sniffed the communication between the Exchange server and the Samba Domain server with ethereal and the only communication i can see is a couple of DCERPC packets. Anyone had this problem before ?. Thanks, -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba + AD etc.
Hi carlos, Tried doing the smbclient bit and got back [EMAIL PROTECTED] bin]# ./smbclient -Utest //172.16.2.253/mp3 Password: Domain=[DEV-DOMAIN] OS=[Unix] Server=[Samba 3.0.14a] tree connect failed: NT_STATUS_NO_SUCH_USER (NB no mp3's in there, just had to think of a test dir to set up... :P) Test deffo exists on the AD so... [EMAIL PROTECTED] bin]# wbinfo -u DEV-DOMAIN+administrator DEV-DOMAIN+guest DEV-DOMAIN+auth1$ DEV-DOMAIN+krbtgt DEV-DOMAIN+dev1$ ! Then do net ads user [EMAIL PROTECTED] bin]# ./net ads user -UAdministrator Administrator's password: Administrator Guest krbtgt test Then wbinfo [EMAIL PROTECTED] bin]# wbinfo -u DEV-DOMAIN+administrator DEV-DOMAIN+guest DEV-DOMAIN+auth1$ DEV-DOMAIN+krbtgt DEV-DOMAIN+dev1$ DEV-DOMAIN+dev2$ DEV-DOMAIN+test And try smbclient again [EMAIL PROTECTED] bin]# ./smbclient -Utest //172.16.2.253/mp3 Password: Domain=[DEV-DOMAIN] OS=[Unix] Server=[Samba 3.0.14a] tree connect failed: NT_STATUS_NO_SUCH_USER Now test doesn't exist in /etc/passwd so I can only assume that samba isnt quite talking to the AD correctly? Many Thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Rodrigues Sent: 11 May 2005 17:47 To: samba@lists.samba.org Subject: [Samba] Re: Samba + AD etc. sysrm wrote: Hi all... Im at the stage where: Kinit works Net ads join -U Administrator works (I can see the computer in AD) Net ads user works Wbinfo -u / -g / -t works Getent passwd/group works What I cannot seem to get working is when someone logs onto the domain, and then tries to map a drive to the samba server, its like the credentials arent getting passed onto samba, or rather samba is unable to look them up properly. Can you log in to samba using smbclient -Uuser //yourserver/yourshare? And doing kinit user; smbclient -k //yourserver/yourshare? Am I missing a vital step/componant? Things like su - ADUSERNAME don't work, and neither does chown, chgrp commands ( are they even ment to work?) They shouldn't. To have local authentication you must configure pam to use whatever means of talking to the AD you are using (winbind, ldap or kerberos). Any help, ideas, WHY HAVNT YOU READ THIS FAQ (I probably have in fairness) gratefully received. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Exchange 5.5 on a Samba Domain
Hi Ian, On Thu, May 12, 2005 at 09:18:27AM +0100, Ian Clancy wrote: Hi, I recently migrated from an NT4 Domain to a Samba domain with LDAP backend. We use Exchange 5.5 on NT4 as our mail/groupware. All existing users on the domain appear to be using the Exchange Server without any problems. However, when i create new users they cannot access their mail box'es from Outlook. We need more information to be able to help you on that one. What version of Samba3 are you using? Do you run SP4 on your Exchange boxes? Thanks, Guenther pgpg4McjtK7Zc.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
SV: [Samba] Samba + AD etc.
Hi Ross! All our windows-clients works well with Samba 3.0.14a (WinXP and TS 2003 sp1). Perhaps the changes made for ADS SP1 somehow can affect ADS 2003 (without sp1) in the same way that ADS 2003 sp1 did for our Samba 3.0.9. But that is only a wild guess. Regards Roland Carlsson Ps: please answer to the list instead to me. Den 05-05-12 11.00, skrev sysrm [EMAIL PROTECTED]: Hey roland, Im using windows 2k3 not sp1 'd (issues with dell and openmange with sp1, avoiding like the plauge at the mo) and the client is windows xp with sp1. Im using samba 3.0.14a Does that help at at? Many thanks for your email. Ross -Original Message- From: Roland Carlsson [mailto:[EMAIL PROTECTED] Sent: 12 May 2005 06:59 To: sysrm Subject: SV: [Samba] Samba + AD etc. Hi Ross! I'm guessing now but i think you are using and Active Director Server with servicepack 1 and you don't use the latest Samba version 3.0.14 or so. If the situation is so your clients Kerberos tickets doesn't get validated correctly (if I understood it correctly) and hence samba vill not allow them. Regards Roland Carlsson Den 05-05-11 16.54, skrev sysrm [EMAIL PROTECTED]: Hi all... Im at the stage where: Kinit works Net ads join -U Administrator works (I can see the computer in AD) Net ads user works Wbinfo -u / -g / -t works Getent passwd/group works What I cannot seem to get working is when someone logs onto the domain, and then tries to map a drive to the samba server, its like the credentials arent getting passed onto samba, or rather samba is unable to look them up properly. Am I missing a vital step/componant? Things like su - ADUSERNAME don't work, and neither does chown, chgrp commands ( are they even ment to work?) Any help, ideas, WHY HAVNT YOU READ THIS FAQ (I probably have in fairness) gratefully received. Cheers Ross -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Exchange 5.5 on a Samba Domain - Further Information
Ian Clancy wrote: Hi, I recently migrated from an NT4 Domain to a Samba domain with LDAP backend. We use Exchange 5.5 on NT4 as our mail/groupware. All existing users on the domain appear to be using the Exchange Server without any problems. However, when i create new users they cannot access their mail box'es from Outlook. The Event log on the Exchange Server reports the following error : A logon attempt failed because an attempt to look up Windows NT account information failed. Error 1332. The new user accounts appear to work perfectly otherwise. They can log onto the Domain and the Exchange NT4 Serve itself. They can even check their mail using squirrelmail webmail which connects to the exchange server using IMAP. I sniffed the communication between the Exchange server and the Samba Domain server with ethereal and the only communication i can see is a couple of DCERPC packets. Anyone had this problem before ?. Thanks, Hi Again, Some further information to add. My samba PDC is running RHEL4 with samba version 3.0.10 (red hat rpm) and OpenLDAP 2.2.13. Exchange 5.5 SP4 Build 2653.23 on NT4 SP6. I have created the Domain user accounts with usrmgr.exe and the smbldap tools with the same results. The samba domain is working apart from 1 other problem, adding computer accounts to the domain. When i attempt to add a PC to the domain from windows only a posix account is created in the directory. Creating the computer account with the smbldap tools works fine though so i am using this as a workaround for the moment. Thanks, Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba + AD etc.
Ok I seem to making some headway, Someone suggested it being a Kerberos tickets issue, but that didn't seem to fix it. 1st off, the main problem with the share was a typo :/ In the smb conf I mistyped the location of the directory, as was shown in samba log file. Now both smbclient and windows can connect No problem! Now im not sure if this was to do with the Kerberos issue or not, but anyways, im further than I was. My next question is about managing user rights etc. On my current samba, this is dealt with by using chown/chgrp and chmod But when I run these commands it says unknown username (as previously stated and answered) Even tho I think ive done the pam stuff listed in the how to's. So. How/where can I enforce user/grp permissions on the samba files? Many thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sysrm Sent: 12 May 2005 09:25 To: 'Carlos Rodrigues'; samba@lists.samba.org Subject: RE: [Samba] Re: Samba + AD etc. Hi carlos, Tried doing the smbclient bit and got back [EMAIL PROTECTED] bin]# ./smbclient -Utest //172.16.2.253/mp3 Password: Domain=[DEV-DOMAIN] OS=[Unix] Server=[Samba 3.0.14a] tree connect failed: NT_STATUS_NO_SUCH_USER (NB no mp3's in there, just had to think of a test dir to set up... :P) Test deffo exists on the AD so... [EMAIL PROTECTED] bin]# wbinfo -u DEV-DOMAIN+administrator DEV-DOMAIN+guest DEV-DOMAIN+auth1$ DEV-DOMAIN+krbtgt DEV-DOMAIN+dev1$ ! Then do net ads user [EMAIL PROTECTED] bin]# ./net ads user -UAdministrator Administrator's password: Administrator Guest krbtgt test Then wbinfo [EMAIL PROTECTED] bin]# wbinfo -u DEV-DOMAIN+administrator DEV-DOMAIN+guest DEV-DOMAIN+auth1$ DEV-DOMAIN+krbtgt DEV-DOMAIN+dev1$ DEV-DOMAIN+dev2$ DEV-DOMAIN+test And try smbclient again [EMAIL PROTECTED] bin]# ./smbclient -Utest //172.16.2.253/mp3 Password: Domain=[DEV-DOMAIN] OS=[Unix] Server=[Samba 3.0.14a] tree connect failed: NT_STATUS_NO_SUCH_USER Now test doesn't exist in /etc/passwd so I can only assume that samba isnt quite talking to the AD correctly? Many Thanks Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Rodrigues Sent: 11 May 2005 17:47 To: samba@lists.samba.org Subject: [Samba] Re: Samba + AD etc. sysrm wrote: Hi all... Im at the stage where: Kinit works Net ads join -U Administrator works (I can see the computer in AD) Net ads user works Wbinfo -u / -g / -t works Getent passwd/group works What I cannot seem to get working is when someone logs onto the domain, and then tries to map a drive to the samba server, its like the credentials arent getting passed onto samba, or rather samba is unable to look them up properly. Can you log in to samba using smbclient -Uuser //yourserver/yourshare? And doing kinit user; smbclient -k //yourserver/yourshare? Am I missing a vital step/componant? Things like su - ADUSERNAME don't work, and neither does chown, chgrp commands ( are they even ment to work?) They shouldn't. To have local authentication you must configure pam to use whatever means of talking to the AD you are using (winbind, ldap or kerberos). Any help, ideas, WHY HAVNT YOU READ THIS FAQ (I probably have in fairness) gratefully received. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Exchange 5.5 on a Samba Domain - Further Information
Hi, On Thu, May 12, 2005 at 10:29:52AM +0100, Ian Clancy wrote: Hi Again, Some further information to add. My samba PDC is running RHEL4 with samba version 3.0.10 (red hat rpm) and OpenLDAP 2.2.13. Exchange 5.5 SP4 Build 2653.23 on NT4 SP6. I have created the Domain user accounts with usrmgr.exe and the smbldap tools with the same results. to first concentrate on your Exchange issues: You have to use Samba Version 3.0.11 when using Exchange 5.5 on NT4 with a Samba DC. In Samba 3.0.11 there have been added a couple of fixes w.r.t Exchange 5.5. Let us know if an update solves your Exchange-problems. I'm not sure if RedHat provides official Samba package updates, you could also use RedHat rpms from SerNet. Hope that helps, Guenther pgp4YTNe946r0.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Exchange 5.5 on a Samba Domain - Further Information
Guenther Deschner wrote: Date: Thu, 12 May 2005 10:52:51 +0100 Hi, On Thu, May 12, 2005 at 10:29:52AM +0100, Ian Clancy wrote: Hi Again, Some further information to add. My samba PDC is running RHEL4 with samba version 3.0.10 (red hat rpm) and OpenLDAP 2.2.13. Exchange 5.5 SP4 Build 2653.23 on NT4 SP6. I have created the Domain user accounts with usrmgr.exe and the smbldap tools with the same results. to first concentrate on your Exchange issues: You have to use Samba Version 3.0.11 when using Exchange 5.5 on NT4 with a Samba DC. In Samba 3.0.11 there have been added a couple of fixes w.r.t Exchange 5.5. Let us know if an update solves your Exchange-problems. I'm not sure if RedHat provides official Samba package updates, you could also use RedHat rpms from SerNet. Hope that helps, Guenther Guenther, I would like to upgrade to the latest version 3.0.14a. Red hat tend to only update samba when a security vulnerability is discovered so i will probably have to use the SerNet rpm's. I would have used Sernet rpms originally but had issues with winbind that i won't go into here. Does any body percieve any difficult in upgrading from samba version 3.0.10 (red hat rpm) to 3.0.14 SerNet rpm's ? -- Ian Clancy IT Systems Engineer Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:[EMAIL PROTECTED] W : http://www.cel-europe.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Exchange 5.5 on a Samba Domain - Further Information
Hi, On Thu, May 12, 2005 at 11:06:10AM +0100, Ian Clancy wrote: Guenther, I would like to upgrade to the latest version 3.0.14a. Red hat tend to only update samba when a security vulnerability is discovered so i will probably have to use the SerNet rpm's. I would have used Sernet rpms originally but had issues with winbind that i won't go into here. Does any body percieve any difficult in upgrading from samba version 3.0.10 (red hat rpm) to 3.0.14 SerNet rpm's ? I guess those questions can be best answered by SerNet themselves, so I put them cc. Guenther pgpxVtTNzWs5s.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] MULTI-USER databases
Have you tried the strict locks setting? Steve Kuryachy wrote: hi all Subject: 1) Samba server 3.0.15 with one shared sesource Security is set to SHARE, all guest users have full read/write access to the share 2) Microsoft network clients is Windows 98, Windows 2000 and Windows XP (sp2) 3) Old-age DOS program, written on Clipper (xBase), what runs on Windows 98 and on Windows XP/2k (ntvdm) 4) Large multi-user database (dbf files) on samba server network share 5) Opportunistic locking are disabled totally on Windows XP/2000 and Windows 98, and on the Samba server too 6) it is impossible to use one sort of network client (only 98's or only XP's) Problem: When clipper program runs on windows 98, all file lock operations on network drive are ok. But when i run clipper program on Windows 2000/XP, some strange things happens: 1) It is possible to delete files, what are opened on network share by other clients, files, which are opened EXCLUSIVELY for writing (NTX and some DBFs) 2) When two or more clients edit some dbf concurrently, i've got a database corruption. 3) When i switch from Win XP/2k to Win98 these terrible bugs are disappear Solution: here is my smb.conf: [global] dos charset = cp866 unix charset = koi8-r workgroup = ICPLUS netbios name = SK_UNIX server string = Samba Server interfaces = eth0, eth1, eth2, lo0 security = SHARE log file = /var/log/smb/log.%m max log size = 50 time server = Yes change notify timeout = 300 max disk size = 4 max open files = 65300 socket options = TCP_NODELAY SO_RCVBUF=8196 SO_SNDBUF=8196 IPTOS_LOWDELAY mangling method = hash os level = 90 preferred master = Yes dns proxy = No wins server = 192.168.0.14 kernel oplocks = No lock spin count = 100 lock spin time = 15 ldap ssl = no hosts allow = 192.168.0., 192.168.5., 192.168.7., 192.168.3., 127. csc policy = disable oplocks = No level2 oplocks = No wide links = No follow symlinks = No dos filemode = Yes dos filetimes = Yes [sys] comment = System volume path = /mnt/raid1/wingz/sys/__sys read only = No create mask = 0770 directory mask = 0770 guest ok = Yes [HP1200] path = /tmp guest ok = Yes printable = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive TCP retransmissions with samba 3.0, slow file opening
I've tried replacing the NIC, but the problem follows. This is a small network, with two 100mbit hubs, and windows 2000 on all the clients. Hubs? HUBS? I hope you meant switches. If not, go buy some switches. I want to suspect hardware, but flood pings from a linux box put on the network never report dropped packets. Then go back to hardware. Unless you've got firewalls or something in the mix that's probably where your traffic is going. Watch the collision lights on your hubs and see if they go nuts when the problem occurs. I'm absolutely stumped. I don't see the retransmissions with anything on the network except SMB-related TCP traffic. SMB is pretty chatty as far as protocols go. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive TCP retransmissions with samba 3.0, slow file opening
I've tried replacing the NIC, but the problem follows. This is a small network, with two 100mbit hubs, and windows 2000 on all the clients. Hubs? HUBS? I hope you meant switches. If not, go buy some switches. I want to suspect hardware, but flood pings from a linux box put on the network never report dropped packets. Then go back to hardware. Unless you've got firewalls or something in the mix that's probably where your traffic is going. Watch the collision lights on your hubs and see if they go nuts when the problem occurs. I'm absolutely stumped. I don't see the retransmissions with anything on the network except SMB-related TCP traffic. SMB is pretty chatty as far as protocols go. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] error in nbmstatus
Hello all! Resuming on my yesterday posts, I changed as suggested, my smb.conf to something like this workgroup = VLN002 server string = map to guest = Bad User passdb backend = tdbsam pam password change = Yes passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers unix password sync = Yes name resolve order = wins bcast hosts time server = Yes printcap cache time = 750 add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false %u logon script = scripts\logon.bat logon path = logon drive = H: logon home = \\%L\%U\.9xprofile domain logons = yes os level = 65 printer admin = @ntadmin, root, administrator load printers = yes printing = cups printcap name = cups local master = yes encrypt passwords = yes # THE IMPORTANT PART IS HERE BELOW! preferred master = Yes domain master = Yes local master = yes remote announce = 192.168.101.255 192.168.100.255 wins server = 192.168.102.15 192.168.101.1 remote browse sync = 192.168.101.255 And when i do nmbstatus i recieve this warning or error, just wanted to check out if it is something wrong or just some debug message: Use of uninitialized value in concatenation (.) or string at /usr/bin/nmbstatus line 132, NMBLOOKUP line 6. I always appreciate your help, and time, thanxs :) Best Regards Victor Medina -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] slow access while crossmounting samba
On Tuesday 03 May 2005 17:18 Luca Ferrari's cat walking on the keyboard wrote: Hi, I've got two linux machines with the same distribution and samba 3 that cross-mounts a share (i.e., machine a mounts a share of machine b and vice versa). I'm experiencing slow access from the machines to the opposite mounted share and I don't know what this slow performance can be due to. I'm not running with oplocks cause the share is accessed only by the other linux machine (no windows clients) and oplocks produced a few problems with my database indexes (dataflex) in the past. Thus oplocks and level2oplocks are disabled. The following is a part of my configuration file: [DATA] comment = database path = /vol1/sys/ writable = yes browsable = no available = yes public= yes printable = no guest ok = yes copy = lock_template guest account = smb_guest read raw = yes where the lock_template is the following: [lock_template] locking = no posix locking = yes oplocks = no level2 oplocks= no As you can see I've tried also read raw, but I didn't see any difference. Any idea? Thanks, Luca I'm still having problems of speed in cross-mounting, and I've tried to place the host names in the /etc/hosts file and in the lmhost file, but I cannot see valuable changes. Any idea? -- Luca Ferrari, [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [HELP-Syntax] net rpc share migrate
hi, i'm trying to migrate files and shares from NT PDC to samba v3 (3.0.14a) box net rpc share migrate shares netlogon -S server -Uadministrator password: *mypass* error: cannot add share - WERR_ACCESS_DENIED it's making a connection to localhost IPC$ i manually mounted IPC$ as administrator, which worked fine i also have full access to netlogon on server did you ever manage to migrate files/shares (with acls)? it's badly documented :( how can i specify migrating acls on the commandline? usually net only migrates files/shares without acls thx in advance! -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Log deletion of file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John H Terpstra wrote: I know replying to oneself is a bad thing(TM) - but it seems the document on our web site has not been updated since May 1. The location in the on-line version is chapter 21. Apologies for the confusion. Please note that I am updating this book at this time. There will be many changes over the next 4 days. John, The automated builds of the docs have been failing since last week. You and jelmer should have been receiving those mails. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCg1NgIR7qMdg1EfYRAl9gAJwMg+U1RLcJrV1nfwSEdrBUnbmpfwCfQpMs UN+70vBCV86qXclnUJY83Lo= =VWW7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.14a, Windows2003, ADS
I think I may have found something wrong. I have two isntances of secrets.tdb. /usr/local/samba/private/secrets.tdb /etc/samba/secrets.tdb Also, my smb.conf file was created in /usr/local/samba/lib/ ? It appears that wbinfo is looking for it in /etc/samba but samba is looking for it in /usr/local/samba/lib. I'm not sure where these files are supposed to be? Michael Joyner wrote: I had a problem with winbind talking to one to my ADS here, not exactly like your situation, but the following might work, READ THE WARNING, YMMV: stop winbind stop nmb stop smb cd /var/lib/samba(*?* not sure of location on RedHat) rm -rfv winbind* # WARNING!## # THE ABOVE WILL REMOVE ANY PREVIOUS RECORDED MAPPINGS FOR UID's - # SID's! NEW MAPPINGS WILL BE GENERATED THAT MOST CERTAINLY WILL NOT BE # THE SAME UNLESS YOU USE # idmap backend = idmap_rid:DOMAIN=1000-1 # idmap uid = 1000-1 # idmap gid = 1000-1 # PLEASE UNDERSTAND THE CONSEQUENCES OF idmap_rid BEFORE USING. # WARNING!## rm secrets.tdb (located in /etc/samba on SuSE, RedHat ?) net -U domain_admin ads join start nmb start smb start winbind I also have use kerberos keytab = yes in my /etc/samba/smb.conf Danna Dowdy wrote: Platform is RedHat $ ps -axc | grep winbind 4792 ?S 0:00 winbindd 4793 ?S 0:00 winbindd Michael Joyner wrote: wbinfo -p is trying to tell you the wrong thing. :) ps axc | grep winbind if there is no output your winbind is not running. what is your platform? SuSE, RedHat, FreeBSD, Other? winbindd.log [2005/05/11 12:34:43, 1] libsmb/clikrb5.c:ads_krb5_mk_req(415) ads_krb5_mk_req: krb5_mk_req_extended failed (Ticket expired) [2005/05/11 12:34:43, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(539) spnego_gen_negTokenTarg failed: Ticket expired [2005/05/11 12:34:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain DOMAIN failed: Cannot read password [2005/05/11 12:34:43, 1] nsswitch/winbindd_util.c:init_domain_list(322) Could not fetch sid for our domain DOMAIN [2005/05/11 12:34:43, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(539) spnego_gen_negTokenTarg failed: No credentials cache found -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New ADS infrastructure with winbind - Which is the best ID-mapping: IDMAP_RID or IDMAP LDAP with ADS + SFU schema ?
A question for the best winbind SID-UID/GID mapping in our situation: I'm building a new infrastructure with Windows 2003SP1 ADS Domaincontrollers and some Debian Servers (File: Samba+NFS; Mail; Web; ) and varios XP and Debian Clients. After reading Chapter 12. (Identity Mapping) in the Samba-HOWTO is IDMAP_RID in couple with winbind an easy way to solve the problem with syncr. SID-UID/GID's on all Linux machines. Why should I use the hard way with the MS SFU 3.5 Schema extensions, PADL and so on - when IDMAP_RID seems to be so easy? Can anybody tell me something about the deeper backgrounds and which of both ist the best solution for us? Thanks and Best regards Steffen -- Mit freundlichen Gruessen Steffen Kolbe Andreas-Schubert-Str. 23 D-01062 Dresden -- Phone: +49/0 351 463-36750 Fax: +49/0 351 463-36809 e-mail: [EMAIL PROTECTED] -- Institut fuer Wirtschaft und Verkehr Fakultaet Verkehrswissenschaften Friedrich List Technische Universitaet Dresden -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba AIX
Does anyone have any experience installing/configuring the latest Samba on AIX 5.2?... If so, would you care to share your notes? Thanks all. Andy Speagle Always remember that you are unique. Just like everybody else. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.14a, Windows2003, ADS
I also found another isntance of wbinfo in /usr/bin. when I run the /usr/local/samba/bin/wbinfo -p Ping to winbindd succeeded on fd 4 But I still get errors with all other options of wbinfo Danna Dowdy wrote: I think I may have found something wrong. I have two isntances of secrets.tdb. /usr/local/samba/private/secrets.tdb /etc/samba/secrets.tdb Also, my smb.conf file was created in /usr/local/samba/lib/ ? It appears that wbinfo is looking for it in /etc/samba but samba is looking for it in /usr/local/samba/lib. I'm not sure where these files are supposed to be? Michael Joyner wrote: I had a problem with winbind talking to one to my ADS here, not exactly like your situation, but the following might work, READ THE WARNING, YMMV: stop winbind stop nmb stop smb cd /var/lib/samba(*?* not sure of location on RedHat) rm -rfv winbind* # WARNING!## # THE ABOVE WILL REMOVE ANY PREVIOUS RECORDED MAPPINGS FOR UID's - # SID's! NEW MAPPINGS WILL BE GENERATED THAT MOST CERTAINLY WILL NOT BE # THE SAME UNLESS YOU USE # idmap backend = idmap_rid:DOMAIN=1000-1 # idmap uid = 1000-1 # idmap gid = 1000-1 # PLEASE UNDERSTAND THE CONSEQUENCES OF idmap_rid BEFORE USING. # WARNING!## rm secrets.tdb (located in /etc/samba on SuSE, RedHat ?) net -U domain_admin ads join start nmb start smb start winbind I also have use kerberos keytab = yes in my /etc/samba/smb.conf Danna Dowdy wrote: Platform is RedHat $ ps -axc | grep winbind 4792 ?S 0:00 winbindd 4793 ?S 0:00 winbindd Michael Joyner wrote: wbinfo -p is trying to tell you the wrong thing. :) ps axc | grep winbind if there is no output your winbind is not running. what is your platform? SuSE, RedHat, FreeBSD, Other? winbindd.log [2005/05/11 12:34:43, 1] libsmb/clikrb5.c:ads_krb5_mk_req(415) ads_krb5_mk_req: krb5_mk_req_extended failed (Ticket expired) [2005/05/11 12:34:43, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(539) spnego_gen_negTokenTarg failed: Ticket expired [2005/05/11 12:34:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain DOMAIN failed: Cannot read password [2005/05/11 12:34:43, 1] nsswitch/winbindd_util.c:init_domain_list(322) Could not fetch sid for our domain DOMAIN [2005/05/11 12:34:43, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(539) spnego_gen_negTokenTarg failed: No credentials cache found -- Danna Dowdy [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Hollings Marine Lab 331 Fort Johnson Road Charleston, SC 29412 843.762.8986 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive TCP retransmissions with samba 3.0, slow file opening
Thanks for the quick response, Paul! On Thu, May 12, 2005 at 07:38:47AM -0500, Paul Gienger wrote: Hubs? HUBS? I hope you meant switches. If not, go buy some switches. 10/100 hubs. This is a small client, with limited hardware budget. So, it's a pair of 8-port 10/100 hubs, connected. I want to suspect hardware, but flood pings from a linux box put on the network never report dropped packets. Then go back to hardware. Unless you've got firewalls or something in the mix that's probably where your traffic is going. Watch the collision lights on your hubs and see if they go nuts when the problem occurs. Hrm. Good point. Wish I'd thought of that. I've found a new caveat, however. One of the machines in the office is absolutely unaffected by the problem. It opens extremely large files very quickly. I find that one user has been reporting the problem for several weeks, and now three more users have begun experiencing it in the past week. I cannot find any differences between the fast machine and the slow machines--except the fast machine has slightly older hardware than the slow machines. All are running Windows 2000 SP4. And, when I connected from my linux laptop using smbclient, transfers are instantaneous (or close enough) I'm beginning to suspect this is a client issue. The problem, however, remains, and the client would be happiest if I could make things fast again. SMB is pretty chatty as far as protocols go. Yes, it is, but I did some big scp transfers, and would have expected to see at least SOME TCP retransmits if it's a hardware issue. Also, SMTP, POP3, and IMAP are very, very fast on the network--no delays whatsoever, while SMB traffic is not. I'd like to believe that a hardware problem would affect all protocols equally--but I'm not so sure about that supposition. The hubs were hot to the touch, I wonder if they're starting to fail. One of them is circa-1997--I know that's when I got the exact same piece of hardware as a promo from 3COM (an officeconnect hub). Jeremy -- Jeremy Anderson jeremy (at) angelar.com http://www.angelar.com/~jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.x tool net
Can samba 3.0.x tool net do ldap search with trusted domain controller by current domain user ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [HELP-Syntax] net rpc share migrate
Hi, On Thu, May 12, 2005 at 02:58:17PM +0200, Michael Gasch wrote: hi, i'm trying to migrate files and shares from NT PDC to samba v3 (3.0.14a) box net rpc share migrate shares netlogon -S server -Uadministrator password: *mypass* error: cannot add share - WERR_ACCESS_DENIED it's making a connection to localhost IPC$ i manually mounted IPC$ as administrator, which worked fine i also have full access to netlogon on server could you send a log-level 10 of that net-failure offlist to me? As well as a log-level 10 of the corresponding smbd (your localhost). did you ever manage to migrate files/shares (with acls)? well, yes :) it's badly documented :( I feel sorry about that, John and me are currently on that. Expect to have much better documentation about net share migrate available online rather soon. how can i specify migrating acls on the commandline? --acls Guenther pgpGkYPWM7ttb.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.14a, Windows2003, ADS
Ok, You have TWO installations of SAMBA, this is going to cause GRIEF beyond belief. Apparantly, you have one installed via RPM the other via ./configure; make; make install You need to remove BOTH, completely (`rpm -qa | grep samba`) Then you need to either 1) do an RPM install, or 2) do a ./configure install. After the cleanup and new fresh install, start over with brand spaken new smb.conf, *.tdb's etc. :) Danna Dowdy wrote: I think I may have found something wrong. I have two isntances of secrets.tdb. /usr/local/samba/private/secrets.tdb /etc/samba/secrets.tdb Also, my smb.conf file was created in /usr/local/samba/lib/ ? It appears that wbinfo is looking for it in /etc/samba but samba is looking for it in /usr/local/samba/lib. I'm not sure where these files are supposed to be? Michael Joyner wrote: I had a problem with winbind talking to one to my ADS here, not exactly like your situation, but the following might work, READ THE WARNING, YMMV: stop winbind stop nmb stop smb cd /var/lib/samba(*?* not sure of location on RedHat) rm -rfv winbind* # WARNING!## # THE ABOVE WILL REMOVE ANY PREVIOUS RECORDED MAPPINGS FOR UID's - # SID's! NEW MAPPINGS WILL BE GENERATED THAT MOST CERTAINLY WILL NOT BE # THE SAME UNLESS YOU USE # idmap backend = idmap_rid:DOMAIN=1000-1 # idmap uid = 1000-1 # idmap gid = 1000-1 # PLEASE UNDERSTAND THE CONSEQUENCES OF idmap_rid BEFORE USING. # WARNING!## rm secrets.tdb (located in /etc/samba on SuSE, RedHat ?) net -U domain_admin ads join start nmb start smb start winbind I also have use kerberos keytab = yes in my /etc/samba/smb.conf Danna Dowdy wrote: Platform is RedHat $ ps -axc | grep winbind 4792 ?S 0:00 winbindd 4793 ?S 0:00 winbindd Michael Joyner wrote: wbinfo -p is trying to tell you the wrong thing. :) ps axc | grep winbind if there is no output your winbind is not running. what is your platform? SuSE, RedHat, FreeBSD, Other? winbindd.log [2005/05/11 12:34:43, 1] libsmb/clikrb5.c:ads_krb5_mk_req(415) ads_krb5_mk_req: krb5_mk_req_extended failed (Ticket expired) [2005/05/11 12:34:43, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(539) spnego_gen_negTokenTarg failed: Ticket expired [2005/05/11 12:34:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain DOMAIN failed: Cannot read password [2005/05/11 12:34:43, 1] nsswitch/winbindd_util.c:init_domain_list(322) Could not fetch sid for our domain DOMAIN [2005/05/11 12:34:43, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(539) spnego_gen_negTokenTarg failed: No credentials cache found -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive TCP retransmissions with samba 3.0, slow file opening
Hubs? HUBS? I hope you meant switches. If not, go buy some switches. 10/100 hubs. This is a small client, with limited hardware budget. So, it's a pair of 8-port 10/100 hubs, connected. I cannot find any differences between the fast machine and the slow machines--except the fast machine has slightly older hardware than the slow machines. not all brands of ethernet cards negotiate properly with a 100/half duplex hub MANUALLY SET THE DUPLEX ON THE CLIENTS to *HALF* Especially if they have 8139 ethernet cards and see if that helps. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printers not visible in Add Printer Wizard
Hi Wim, I'm having a similar problem using Samba 3.0.13. I wonder if you have any resolution about this issue. Thanks, Joanna Chan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba + AD etc.
sysrm wrote: Hi carlos, Tried doing the smbclient bit and got back [EMAIL PROTECTED] bin]# ./smbclient -Utest //172.16.2.253/mp3 Password: Domain=[DEV-DOMAIN] OS=[Unix] Server=[Samba 3.0.14a] tree connect failed: NT_STATUS_NO_SUCH_USER (NB no mp3's in there, just had to think of a test dir to set up... :P) Test deffo exists on the AD so... [EMAIL PROTECTED] bin]# wbinfo -u DEV-DOMAIN+administrator DEV-DOMAIN+guest DEV-DOMAIN+auth1$ DEV-DOMAIN+krbtgt DEV-DOMAIN+dev1$ ! Then do net ads user Ok, looks like you're using winbind. Have you changed /etc/nsswitch.conf? If you did, then does a finger test work? If getent passwd shows the AD users, then finger should also work, but try it anyway. Also, could you post your smb.conf? It would help. BTW, are you using SUSE? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] howto share printers and homes diferent way
I would like to configure my samba server to share: * printers to everybody (share security level) * homes to unix users only (user security level) What should I change in my configuration file? With the following configuration users need password to access his home directory but anyone also needs password to acces printers... Thanks! [global] log file = /var/log/samba/log.%m dns proxy = no passwd chat = *Enter\snew\sUNIX\spassword: \\*%n\n*Retype\snew\sUNIX\spassword:* %n\n server string = %h server (Samba %v) socket options = TCP_NODELAY invalid users = root obey pam restrictions = yes workgroup = t09 encrypt passwords = true syslog = 0 passwd program = /usr/bin/passwd %u passdb backend = tdbsam guest panic action = /usr/share/samba/panic-action %d max log size = 1000 printcap name = cups printing = cups security = user [printers] browseable = yes printable = yes public = yes create mode = 0700 guest only = yes use client driver = yes guest account = smbprint path = /var/spool/smbprint [print$] comment = Printer Drivers path = /var/lib/samba/printers browseable = yes read only = yes guest ok = no [homes] comment = Dades Usuaris T09 writeable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sarbanes-Oxley headaches
Hi there, With the new scrutinization by auditors on account policies and auditing, how can Samba be SOX compliant? Using 3.0.14a-sernet on Suse 9.1 - ldapsam Specifically, a couple of things seem to be lacking: 1) Logon/Logoff times are not being recorded The last logon time recorded in my ldap entries are pre-nt4 migration. 2) Do the Audit Policy values in user manager have any effect? Are they implemented? Can they be syslogged? 3) How can I get a hook into logons? Without turning up the debug values, how can I tell if an account has had repeated login failures? Thanks, Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Doing a Node status request to the domain master browser at IP 11.11.11.11 failed
I added a second network card with a new ip address that was say 11.11.11.11. I removed it and samba is still trying to reference it. This server is my domain master. I did not put in an interface parameter in my smb.conf so I am assuming this ip address was recorded as part of my domain master. Where would this ip address been saved? This server is also my PDC and winserver. Any suggestions? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] not able to do dns lookups after following samba 3 by example
So I followed the steps in samba 3 by example and I got my Samba PDC up and running. I have a feeling like when I changed the nsswitch.conf file to have the line hosts: files wins It screwed up my ability to do normal DNS lookups on that machine? Has anyone else experienced this? Vincent Yonemitsu Information Technology Services (905)639-3611 ext 153 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not able to do dns lookups after following samba 3 by example
On Thursday 12 May 2005 11:59, Vincent Yonemitsu wrote: So I followed the steps in samba 3 by example and I got my Samba PDC up and running. Which chapter, section and step please. I will need to add another warning. I have a feeling like when I changed the nsswitch.conf file to have the line hosts: files wins It screwed up my ability to do normal DNS lookups on that machine? Has anyone else experienced this? Of course! You removed the dns entry! What you need is: hosts: files dns wins - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not able to do dns lookups after following samba 3 by example
hosts: files wins Does it honestly say that in whatever you were reading? The printed copy of By Example I have here says hosts: files dns wins which is sane. You (normally) need to have dns in there someplace. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with file transfer under samba
Hi everybody, I have some problem with file transfer under samba.. they are very very slow My configuration : Debian sarge on 2 x Raptor 74 Go sata in Raid 1 (software). This is a fresh installation of samba (and debian), and i've got the same configuration like usually [global] workgroup = syn netbios name = Exoserv server string = Exoserv Fileserver security = user encrypt passwords = true local master = no domain master = no preferred master = no wins support = yes hosts allow = 10.0.0. hosts deny = all [pool] path = /home/exouser/pool comment = vinz land guest ok = no valid users = vinz browseable = yes writeable = yes write list = vinz I don't see where is the matter and if you got an idea let me know !! Thanks Vincent Ravier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not able to do dns lookups after following samba 3 by example
Further to this when I changed the line to hosts : file dns wins I am not able to logon to the domain. I would assume this has something to do with DNS interfering with WINS and this Samba PDC is supposed to be the wins server for this domain? When I switch the line back to hosts : file wins All the computers on the domain can login, but when I am on the server I can't use dns. :( On May 12, 2005 02:14 PM, John H Terpstra [EMAIL PROTECTED] wrote: On Thursday 12 May 2005 11:59, Vincent Yonemitsu wrote: So I followed the steps in samba 3 by example and I got my Samba PDC up and running. Which chapter, section and step please. I will need to add another warning. I have a feeling like when I changed the nsswitch.conf file to have the line hosts: files wins It screwed up my ability to do normal DNS lookups on that machine? Has anyone else experienced this? Of course! You removed the dns entry! What you need is: hosts: files dns wins - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Vincent Yonemitsu Information Technology Services (905)639-3611 ext 153 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not able to do dns lookups after following samba 3 by example
EEEK, nevermind on this one I forgot to start the samba service after I had to reboot. the setting hosts : file dns wins works as it should it scared me for a sec there. :) but it might be good to clarify further in that section that although the server in the example may not use DNS almost every server I have ever seen in my life uses dns so the modified hosts line should be as you guys suggest. It is just gonna confuse more people I would imagine. On May 12, 2005 03:12 PM, Vincent Yonemitsu [EMAIL PROTECTED] wrote: Further to this when I changed the line to hosts : file dns wins I am not able to logon to the domain. I would assume this has something to do with DNS interfering with WINS and this Samba PDC is supposed to be the wins server for this domain? When I switch the line back to hosts : file wins All the computers on the domain can login, but when I am on the server I can't use dns. :( On May 12, 2005 02:14 PM, John H Terpstra [EMAIL PROTECTED] wrote: On Thursday 12 May 2005 11:59, Vincent Yonemitsu wrote: So I followed the steps in samba 3 by example and I got my Samba PDC up and running. Which chapter, section and step please. I will need to add another warning. I have a feeling like when I changed the nsswitch.conf file to have the line hosts: files wins It screwed up my ability to do normal DNS lookups on that machine? Has anyone else experienced this? Of course! You removed the dns entry! What you need is: hosts: files dns wins - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Vincent Yonemitsu Information Technology Services (905)639-3611 ext 153 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Vincent Yonemitsu Information Technology Services (905)639-3611 ext 153 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not able to do dns lookups after following samba 3 by example
1. Configure the name service switch (NSS) to handle WINS based name resolution. Since this system does not use a DNS server, it is safe to remove this option from the NSS configuration. Edit the /etc/nsswitch.conf file so that the hosts: entry looks like this: hosts: files wins Given the context of that statement... there's nothing wrong with removing dns from the line. HOWEVER - and this is a big one - I feel pretty confidant that I can count on my fist how many times I'll ever run into a system that will be happy running with no dns. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.14a, Windows2003, ADS
okay finally got everything cleaned up and reinstalled and now wbinfo works like a charm. I am still having one problem? I have started winbindd in interactive mode and when I try and access the share via my winXP client I get ..Any idea what is wrong here? cli_net_req_chal: LSA Request Challenge from SambaServer to DomainController: 920DA3C24D2BB5A4 cred_session_key cred_create cli_net_auth2: srv:\\DomainController acct:SambaServer$ sc:2 mc: SambaServer chal B471454F71A2F34E neg: 400701ff cred_create cred_assert cred_create cred_create cred_assert NTLM CRAP authentication for user [EMAIL PROTECTED] returned NT_STATUS_NO_SUCH_USER (PAM: 10) [ 6785]: request interface version [ 6785]: request location of privileged pipe [ 6785]: ping [ 6785]: pam auth crap domain: NOS user: [EMAIL PROTECTED] Using cleartext machine password cred_create cred_create cred_assert NTLM CRAP authentication for user [EMAIL PROTECTED] returned NT_STATUS_NO_SUCH_USER (PAM: 10) Michael Joyner wrote: Ok, You have TWO installations of SAMBA, this is going to cause GRIEF beyond belief. Apparantly, you have one installed via RPM the other via ./configure; make; make install You need to remove BOTH, completely (`rpm -qa | grep samba`) Then you need to either 1) do an RPM install, or 2) do a ./configure install. After the cleanup and new fresh install, start over with brand spaken new smb.conf, *.tdb's etc. :) Danna Dowdy wrote: I think I may have found something wrong. I have two isntances of secrets.tdb. /usr/local/samba/private/secrets.tdb /etc/samba/secrets.tdb Also, my smb.conf file was created in /usr/local/samba/lib/ ? It appears that wbinfo is looking for it in /etc/samba but samba is looking for it in /usr/local/samba/lib. I'm not sure where these files are supposed to be? Michael Joyner wrote: I had a problem with winbind talking to one to my ADS here, not exactly like your situation, but the following might work, READ THE WARNING, YMMV: stop winbind stop nmb stop smb cd /var/lib/samba(*?* not sure of location on RedHat) rm -rfv winbind* # WARNING!## # THE ABOVE WILL REMOVE ANY PREVIOUS RECORDED MAPPINGS FOR UID's - # SID's! NEW MAPPINGS WILL BE GENERATED THAT MOST CERTAINLY WILL NOT BE # THE SAME UNLESS YOU USE # idmap backend = idmap_rid:DOMAIN=1000-1 # idmap uid = 1000-1 # idmap gid = 1000-1 # PLEASE UNDERSTAND THE CONSEQUENCES OF idmap_rid BEFORE USING. # WARNING!## rm secrets.tdb (located in /etc/samba on SuSE, RedHat ?) net -U domain_admin ads join start nmb start smb start winbind I also have use kerberos keytab = yes in my /etc/samba/smb.conf Danna Dowdy wrote: Platform is RedHat $ ps -axc | grep winbind 4792 ?S 0:00 winbindd 4793 ?S 0:00 winbindd Michael Joyner wrote: wbinfo -p is trying to tell you the wrong thing. :) ps axc | grep winbind if there is no output your winbind is not running. what is your platform? SuSE, RedHat, FreeBSD, Other? winbindd.log [2005/05/11 12:34:43, 1] libsmb/clikrb5.c:ads_krb5_mk_req(415) ads_krb5_mk_req: krb5_mk_req_extended failed (Ticket expired) [2005/05/11 12:34:43, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(539) spnego_gen_negTokenTarg failed: Ticket expired [2005/05/11 12:34:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) ads_connect for domain DOMAIN failed: Cannot read password [2005/05/11 12:34:43, 1] nsswitch/winbindd_util.c:init_domain_list(322) Could not fetch sid for our domain DOMAIN [2005/05/11 12:34:43, 1] libsmb/cliconnect.c:cli_session_setup_kerberos(539) spnego_gen_negTokenTarg failed: No credentials cache found -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Horrendously slow transfer speeds in FC3 is driving me crazy!!! Please help...
quote who=Peter Szmrecsanyi Great a reply!!! I thought everyone had given up on me! OK for the specifications, it's a Compaq ProLiant 2500 server with: - Dual Pentium Pro (200MHz) - 256 MB EDO RAM - 36GB RAID(0) Compaq Raid Array (two 18GB SCSI disks) hdparm -tT gives: /dev/ida/c0d0p4: Timing cached reads: 192 MB in 2.02 seconds = 95.11 MB/sec Timing buffered disk reads: 46 MB in 3.03 seconds = 15.18 MB/sec - Compaq Netelligent Integrated 10/100 TX NIC I can do FTP at 9 MB/s but the absolute max I can get samba up to is about 4 MB/s. I've tried installing version 3.0.14a, I'm compiling the old version 2.2.12 as I write this... I managed to get quite a performance boost when I compiled the latest version for the i686 architecture (100% performance increase using smbclient from another machine). What is annoying is that and NFS client in windows doesn't perform better than the samba client (using a Linux client NFS is slightly faster than FTP). I'm going to try compiling samba 3 without ACL support, then I'm going to try to install samba 2.2.12 if that doesn't solve it then I'll settle for a hardware issue and try to get hold of a 3C905 (3com NIC), after that I'll be out of ideas... Have you taken a close look at top while doing the transfer? I also noticed that FC3 is more of a memory hog than previous versions. I found that 256mb of memory was way too low for most of my systems. I was getting a lot of swap space usage. I use hotsanic to graph my usage information. This might be a good idea for you also. It would help a lot. If you get any swap space usage, that is a clear performance killer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not able to do dns lookups after following samba 3 by example
On Thursday 12 May 2005 13:43, Paul Gienger wrote: 1. Configure the name service switch (NSS) to handle WINS based name resolution. Since this system does not use a DNS server, it is safe to remove this option from the NSS configuration. Edit the /etc/nsswitch.conf file so that the hosts: entry looks like this: hosts: files wins Given the context of that statement... there's nothing wrong with removing dns from the line. HOWEVER - and this is a big one - I feel pretty confidant that I can count on my fist how many times I'll ever run into a system that will be happy running with no dns. And I can not count the number of systems I have installed that work just fine without any DNS or internet access. Why should it be necessary to install DNS for a 5 user office that uses no internet access and that wants to keep things simple? - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not able to do dns lookups after following samba 3 by example
Agreed, yes in that context it may be ok, but I can't ever think of any machine that doesn't use DNS for something. It may be usefull to put in sort of a disclaimer to that note. When I first read it I took it as. Hmm this Smaba server isn't using DNS to reference machine names so its not needed. I didn't quite put it together. I would imagine it might confuse others. or maybe I am just special like my mommy used to tell me. :) On May 12, 2005 03:43 PM, Paul Gienger [EMAIL PROTECTED] wrote: 1. Configure the name service switch (NSS) to handle WINS based name resolution. Since this system does not use a DNS server, it is safe to remove this option from the NSS configuration. Edit the /etc/nsswitch.conf file so that the hosts: entry looks like this: hosts: files wins Given the context of that statement... there's nothing wrong with removing dns from the line. HOWEVER - and this is a big one - I feel pretty confidant that I can count on my fist how many times I'll ever run into a system that will be happy running with no dns. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] Vincent Yonemitsu Information Technology Services (905)639-3611 ext 153 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3.0.14a, Windows2003, ADS WINBIND in INTERACTIVE mode
Danna Dowdy wrote: okay finally got everything cleaned up and reinstalled and now wbinfo works like a charm. Glad to hear! I am still having one problem? I have started winbindd in interactive mode and when I try and access the share via my winXP client I get ..Any idea what is wrong here? Not the foggiest. :) I have never used winbind in interactive mode. Perhaps someone else cares to elucidate? cli_net_req_chal: LSA Request Challenge from SambaServer to DomainController: 920DA3C24D2BB5A4 cred_session_key cred_create cli_net_auth2: srv:\\DomainController acct:SambaServer$ sc:2 mc: SambaServer chal B471454F71A2F34E neg: 400701ff cred_create cred_assert cred_create cred_create cred_assert NTLM CRAP authentication for user [EMAIL PROTECTED] returned NT_STATUS_NO_SUCH_USER (PAM: 10) [ 6785]: request interface version [ 6785]: request location of privileged pipe [ 6785]: ping [ 6785]: pam auth crap domain: NOS user: [EMAIL PROTECTED] Using cleartext machine password cred_create cred_create cred_assert NTLM CRAP authentication for user [EMAIL PROTECTED] returned NT_STATUS_NO_SUCH_USER (PAM: 10) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not able to do dns lookups after following samba 3 by example
John H Terpstra wrote: On Thursday 12 May 2005 13:43, Paul Gienger wrote: 1. Configure the name service switch (NSS) to handle WINS based name resolution. Since this system does not use a DNS server, it is safe to remove this option from the NSS configuration. Edit the /etc/nsswitch.conf file so that the hosts: entry looks like this: hosts: files wins Given the context of that statement... there's nothing wrong with removing dns from the line. HOWEVER - and this is a big one - I feel pretty confidant that I can count on my fist how many times I'll ever run into a system that will be happy running with no dns. And I can not count the number of systems I have installed that work just fine without any DNS or internet access. Why should it be necessary to install DNS for a 5 user office that uses no internet access and that wants to keep things simple? Well then I just showed my age ;) No office (or non-office) network* I've been at has not used some sort of dns, if not internal, then the server still wanted to be able to find some external site via the ISP's dns. I come from a time where the internet not existing is just not within the realm of possibilities, I'd go as far as to claim blasphemy if someone mentions it :-D *a network being 2+ computers. Plenty of my elder family members have single dial up machines that do just fine without DNS when the modem is unplugged. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive TCP retransmissions with samba 3.0, slow file opening
quote who=Jeremy Anderson Hello all! I've got a Fedora Core 3 box running Samba 3.0.8. It serves a variety of roles, including mail server and samba server. The mail server is quite fast, but the smb server generates lots and lots of TCP retransmissions (as seen in ethereal). The general consensus is that this is new in the last few weeks. One user has been reporting speed problems for some time, but no metrics were ever gathered. Jeremy, I have a similar problem at one of my clients. The problem is mainly with a piece of software called Proseries (by Intuit). The software takes 3-5 minutes to open on two of the machines on the network. one of them is brand new. The third machine has no problem at all. It's not the oldest either. Go figure. I'll replace the hub and see if that helps. If you get a solution, please let me know. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The semaphore timeout period has expired
Did you receive any information to resolve ? I have the same problem but W2000 - W2003 server. Thanks to answer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not able to do dns lookups after following samba 3 by example
tit for tat I would guess. Samba did in fact work perfectly fine without DNS as did all the other machineswell accept I wasn't able to donwload patches from redhat or finish reading the article I was using on the web to do the tutorial to configure the machine without dns. :) I little more clear of a disclaimer for us trolls would be helpful is all I meant. :) Other than that the doc is wonderfully written. On May 12, 2005 04:04 PM, Paul Gienger [EMAIL PROTECTED] wrote: John H Terpstra wrote: On Thursday 12 May 2005 13:43, Paul Gienger wrote: 1. Configure the name service switch (NSS) to handle WINS based name resolution. Since this system does not use a DNS server, it is safe to remove this option from the NSS configuration. Edit the /etc/nsswitch.conf file so that the hosts: entry looks like this: hosts: files wins Given the context of that statement... there's nothing wrong with removing dns from the line. HOWEVER - and this is a big one - I feel pretty confidant that I can count on my fist how many times I'll ever run into a system that will be happy running with no dns. And I can not count the number of systems I have installed that work just fine without any DNS or internet access. Why should it be necessary to install DNS for a 5 user office that uses no internet access and that wants to keep things simple? Well then I just showed my age ;) No office (or non-office) network* I've been at has not used some sort of dns, if not internal, then the server still wanted to be able to find some external site via the ISP's dns. I come from a time where the internet not existing is just not within the realm of possibilities, I'd go as far as to claim blasphemy if someone mentions it :-D *a network being 2+ computers. Plenty of my elder family members have single dial up machines that do just fine without DNS when the modem is unplugged. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Systems Architect Fax: 701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Vincent Yonemitsu Information Technology Services (905)639-3611 ext 153 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba AIX
On Thu, 12 May 2005 [EMAIL PROTECTED] wrote: Does anyone have any experience installing/configuring the latest Samba on AIX 5.2?... If so, would you care to share your notes? I've been compiling some of my notes from the last couple years and sifting as quickly as possible, but you seem *eager* so you can test them out for me! :-) You can get some stuff from IBM and the notes will guide you in the order for compiling your world. The notes are based on how I would organize my stuff :-), so feel free to do what you like. I'd like to officially offer these and my homegrown scripts and C code for migrating /etc/passwd people to LDAP using standard AIX stuff. I also have some bits to do mass generation of accounts for a Samba DC. None of the stuff I'll be providing has been tested with ADS membership, so don't look for it. This is designed solely for AIX to get username/password cues from LDAP and for Samba to ride on top. There is no intent of winbindd use with this implementation, so if you want that or to use IBM's pam, you're on your own. That said, all the stuff that John T. has painstaking documented will work with respect to this setup. I've inluded sufficient links and instructions to get the code compiled and installed. Start reading the HOwTo. John Terpstra, are you interested the scripts and C code I've built so far for supporting our infrastructure on AIX? I've got much to share with those who'd like it. We don't subscribe to the creat the account as you go method, but we're kinda strange like that ;-) We get our cues for account generation from other systems (since we're a college) and process them all at once. We still have needs for creating machine accounts and the like manually, so we have support for that as well. All the scripts are based on a 900+ line ksh function library and about 25 ksh utility programs that were designed using here-documents to build the LDAP stanzas and manage groups. It's free if you'd like it, I'll just have to come up with some *easy* method of making it all available. Cheers! Bill Thanks all. Andy Speagle Always remember that you are unique. Just like everybody else. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Get gcc, bison and gdb (and whatever else you like!) from IBM: http://www-1.ibm.com/servers/aix/products/aixos/linux/rpmgroups.html#Development/Tools Before you get started, I'd create a 4GB /src filesystem. Also either create a /usr/local filesytem of a few GB or extend /usr and make a /usr/local dir. - Build GNU make 3.8.0 http://ftp.gnu.org/pub/gnu/make/ # mkdir /src/make # cp /path/to/gnumake /src/make # cd /src/make # gunzip make-3.80.tar.gz # tar -xvf make-3.80.tar # chown -R root:system make-3.80 # cd make-3.80 # ./configure # make # make install # ln -sf /usr/local/bin/make /usr/bin/make (the symlink replaces the one that points /usr/ccs/bin/make) - Build libiconv: http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.9.1.tar.gz # mkdir /src/libiconv # cp /path/to/libiconvtarball /src/libiconv # cd /src/libiconv # gunzip libiconv-1.9.1.tar.gz # tar -xvf libiconv-1.9.1.tar # chown -R root:system libiconv-1.9.1 # cd libiconv-1.9.1 # ./configure # make # make install ( the IBM libiconv will fail certain tests for Samba 3.0 ) - Build BerkeleyDB: http://www.sleepycat.com/download/db/index.shtml This can work for either 4.2 or 4.3. Extract the tarball to a suitable location: # mkdir /src/bdb # cp /path/to/berkeleydbtarball /src/bdb # cd /src/bdb # gunzip db-4.2.52.NC.tar.gz # tar -xvf db-4.2.52.NC.tar # chown -R root:system db-4.2.52.NC # cd db-4.2.52.NC/build_unix # ../dist/configure --enable-posixmutexes # make # make install -- Build OpenSSL 0.9.7?: http://www.openssl.org/ # mkdir /src/openssl # cp /path/to/openssltarball /src/openssl # cd /src/openssl # gunzip openssl-0.9.7e.tar.gz # tar -xvf openssl-0.9.7e.tar # chown -R root:system openssl-0.9.7e # cd openssl-0.9.7e # ./config threads # make # make install Build Kerberos (MIT 1.4 - requires bison): http://web.mit.edu/kerberos/www/dist/#krb5-1.4.1 # mkdir /src/krb # cp /path/to/krbtarball /src/krb # cd /src/krb # gunzip krb5-1.4.1-signed.tar.gz # tar -xvf krb5-1.4.1-signed.tar # gunzip krb5-1.4.1.tar.gz # tar -xvf krb5-1.4.1.tar # chown -R root:system krb5-1.4.1 # cd krb5-1.4.1/src # ./configure # make # make install Build Cyrus SASL: http://asg.web.cmu.edu/cyrus/download/
Re: [Samba] Samba AIX
Bill, Thanks for the information... I'm mostly looking to get AIX user authentication from AD so I'll peruse this and see what I can learn. Andy Speagle Always remember that you are unique. Just like everybody else. William Jojo [EMAIL PROTECTED] To [EMAIL PROTECTED] 05/12/2005 03:32 cc PMsamba@lists.samba.org Subject Re: [Samba] Samba AIX On Thu, 12 May 2005 [EMAIL PROTECTED] wrote: Does anyone have any experience installing/configuring the latest Samba on AIX 5.2?... If so, would you care to share your notes? I've been compiling some of my notes from the last couple years and sifting as quickly as possible, but you seem *eager* so you can test them out for me! :-) You can get some stuff from IBM and the notes will guide you in the order for compiling your world. The notes are based on how I would organize my stuff :-), so feel free to do what you like. I'd like to officially offer these and my homegrown scripts and C code for migrating /etc/passwd people to LDAP using standard AIX stuff. I also have some bits to do mass generation of accounts for a Samba DC. None of the stuff I'll be providing has been tested with ADS membership, so don't look for it. This is designed solely for AIX to get username/password cues from LDAP and for Samba to ride on top. There is no intent of winbindd use with this implementation, so if you want that or to use IBM's pam, you're on your own. That said, all the stuff that John T. has painstaking documented will work with respect to this setup. I've inluded sufficient links and instructions to get the code compiled and installed. Start reading the HOwTo. John Terpstra, are you interested the scripts and C code I've built so far for supporting our infrastructure on AIX? I've got much to share with those who'd like it. We don't subscribe to the creat the account as you go method, but we're kinda strange like that ;-) We get our cues for account generation from other systems (since we're a college) and process them all at once. We still have needs for creating machine accounts and the like manually, so we have support for that as well. All the scripts are based on a 900+ line ksh function library and about 25 ksh utility programs that were designed using here-documents to build the LDAP stanzas and manage groups. It's free if you'd like it, I'll just have to come up with some *easy* method of making it all available. Cheers! Bill Thanks all. Andy Speagle Always remember that you are unique. Just like everybody else. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba (See attached file: samba aix build.txt)-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Volker Kaesler/VD 52-1/PARION/DE ist außer Haus.
Ich werde außer Haus sein von 02.05.2005 Bis 31.05.2005. Ich werde Ihre Nachrichten nach meiner Rückkehr beantworten. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Guest access with Kerberos does not work
I use Samba with Kerberos and noted that guest access doesn't work, when Kerberos is used. I created a bug report with fix for it. See https://bugzilla.samba.org/show_bug.cgi?id=2691 Regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printer Installation Issues on Win XP (Samba 3.0.10 as PDC)
Hi, would be happy if somebody might help me with the following problem: I installed Samba as the Primary DC -- works perfectly, XP clients can join the domain, access the shares ... The domain users's primary group is the users Unix group. root is member of the ntadmins Unix group. Mapped the Unix groups to NT groups as follows: net groupmap modify ntgroup=Domain Admins unixgroup=ntadmins net groupmap modify ntgroup=Domain Users unixgroup=users net groupmap modify ntgroup=Domain Guests unixgroup=nobody When logged in as a *local user* at an XP client, there is no problem installing a (CUPS) printer shared by Samba. However, when logged in as a *domain user*, XP tells me that I don't have sufficient rights to access that printer (I don't know what the exact error message would be in an English XP, mine is German). The error appears no matter if I'm logged in as a regular user or as root. Any hint would be appreciated. Thanks in advance, Jan Werner __ My smb.conf: #=== Global Settings = [global] logon script = default.bat logon drive = H: logon home = \\%N\%U os level = 35 local master = yes domain master = yes domain logons = yes netbios name = SERVER workgroup = ABC server string = ABC Samba Server bind interfaces only = yes interfaces = eth0 use client driver = yes printcap name = /etc/printcap load printers = yes printer admin = @ntadmins, @users add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u max log size = 50 security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no utmp = yes # WINS / VPN # -- preferred master = yes wins support = yes # Share Definitions == idmap uid = 15000-2 idmap gid = 15000-2 template shell = /bin/false winbind use default domain = no [printers] printing = cups print command = lpr -r -P%p -o raw %s printer admin = @ntadmins, @users use client driver = yes browseable = yes printable = yes public = yes guest ok = yes [print$] comment = Printer Driver Share path = /home/ntadmin/prndrv write list = @ntadmins, @users printer admin = @ntadmins, @users [homes] read only = no browseable = no [netlogon] comment = Network Logon path = /home/ntadmin/netlogon read only = yes write list = ntadmin [shared] comment = Shared Folder path = /home/shared browseable = yes guest only = yes writable = yes public = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] include files
can i use include files in smb.conf, i meant have some configurations in others files and make a call to it from smb.conf -- Patricio Bruna [EMAIL PROTECTED] RHCE/RHCI Jefe Soporte y Operaciones LinuxCenter S.A. Canada 239, 5to piso, Providencia, Chile http://www.linuxcenterla.com +56-2-2745000 pgpCcU9siCu3w.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba problems on aix
Installed samba 3.0.4.0 and libiconv 1.9.1 (download from bullfreeware) on AIX 5.2. When I run smbclient, it says error: exec(): 0509-036 Cannot load program ./smbclient because of the following errors: 0509-150 Dependent module libreadline.a(libreadline.so) could not be loaded. 0509-022 Cannot load module libreadline.a(libreadline.so). 0509-026 System error: A file or directory in the path name does not exist. If I try swat from IE, it says: exec(): 0509-036 Cannot load program swat because of the following errors: 0509-150 Dependent module libldap.a(libldap.so.2) could not be loaded. 0509-022 Cannot load module libldap.a(libldap.so.2). 0509-026 System error: A file or directory in the path name does not exist. Does anyone know how to fix it? - Stay ahead of the information curve. Receive MCAD news and jobs on your desktop daily. Subscribe today to the MCAD CafeNews newsletter. [ http://www10.mcadcafe.com/nl/newsletter_subscribe.php ] It's informative and essential. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New ADS infrastructure with winbind - Which is the best ID-mapping: IDMAP_RID or IDMAP LDAP with ADS + SFU schema ?
Steffen Kolbe wrote: A question for the best winbind SID-UID/GID mapping in our situation: I'm building a new infrastructure with Windows 2003SP1 ADS Domaincontrollers and some Debian Servers (File: Samba+NFS; Mail; Web; ) and varios XP and Debian Clients. After reading Chapter 12. (Identity Mapping) in the Samba-HOWTO is IDMAP_RID in couple with winbind an easy way to solve the problem with syncr. SID-UID/GID's on all Linux machines. Why should I use the hard way with the MS SFU 3.5 Schema extensions, PADL and so on - when IDMAP_RID seems to be so easy? Can anybody tell me something about the deeper backgrounds and which of both ist the best solution for us? If you have an existing base of unix uid/gid accounts to maintain, consider the mapping capabilities of SFU 3.5 and padl idmap_ad. If there is no existing base of unix uid/gid accounts, consider IDMAP_RID. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Machine Account info in Domain Controller
We find the samba 3.0.x cmd 'net' can modify the info name:samba version:3.0.x to machine account info in Domain Controller after registering samba to domain by ldap. But samba 2.2.x always show name:Windows NT version:4.0 after registering samba to domain. Can we modify the info in samba 2.2.x ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba and vfs deleted items folder
Okay, early this year I setup a samba server for a small non profit, they are running XP on the desktop and I have things setup so that all their data and outlook info is stored on the server. We do daily backups to tape, this works great. A couple of months ago, someone had created an important file and deleted it on the same day, so it wasn't backed up, at that point I setup the samba vfs recycle bin. I had the little talk with the staff about the necessity of regularly checking and cleaning the recycling bin out. One staff member wanted to have it done automatically every 2 weeks, the rest did not want it done automatically. So we left it at that. Now the backup tapes (DDS4 using bacula) are getting full and stopping. I had a look around and the data is up to 30gb, It was under 15gb at the beginning of the year. Poking around I find one users' deleted items folder at 11gb!!! sigh, the total for the others user's brings recycled items up to 15 of the 30gb in use :-( So, what do folks recommend to handle this automatically that gives some kind of flexibility. Essentially for the folks who want to manage it themselves and have shown they can handle that responsibility, I'd like them to be able to do this, for the folks with a more cavalier attitude, I'd like to set limits on a per user basis and be able to change those limits on the fly if necessary. Next I also want the deleted items folder to automatically recylce in a FIFO manner for the people with limited/controlled storage space. If this can all be controlled through a gui tool like webmin that can be handled by a non-technical office administrator, so much the better. Suggestions -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] kernel oops generated by smbfs module
Please see here: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=129577 and here: http://bugme.osdl.org/show_bug.cgi?id=1732 The bug seems to still exist in kernel 2.6.11-1.14_FC3 for FC3. Erik Osheim Apr 26, 1:43 pm show options Newsgroups: mailing.unix.samba From: [EMAIL PROTECTED] (Erik Osheim) Date: Wed, 27 Apr 2005 01:43:58 +0800 (CST) Local: Tues,Apr 26 2005 1:43 pm Subject: [Samba] kernel oops generated by smbfs module Greetings, I have run into a kernel oops that I can generate at will, and that hangs my machine. The machine is running Gentoo Linux, 2.6.11 kernel and gcc 3.3.5. I can post more information if needed. The problem arises when I mount an SMB share from a 2000-series Snap server (network appliance); software version 3.4.804, hardware 2.0.3. The mount is fine, and can sit for a long time. However, as soon as I start doing ls in directories on the mount, or tab-completing filenames (i.e. short reads), I get a kernel oops. This invariably happens within 20 seconds of starting to do this. I have tried two separate NICs (one tulip-compatible card and a 3com 905B) both of which have the same problem. The machine hangs whether or not smbfs is a module (although running it as a module makes the source of the oops more obvious). I have never debugged the linux kernel before. What information do you folks need from me? I have at least one of the oopses in /var/log/messages, and can generate more of them. I read some of the kernel documentation but found it a little bit confusing, which is why I'm asking here. Regards, -- Erik Osheim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Doing a Node status request to the domain master browser at IP 11.11.11.11 failed
tor, 12.05.2005 kl. 19.01 skrev Richmond Dyes: I added a second network card with a new ip address that was say 11.11.11.11. I removed it and samba is still trying to reference it. This server is my domain master. I did not put in an interface parameter in my smb.conf so I am assuming this ip address was recorded as part of my domain master. Where would this ip address been saved? This server is also my PDC and winserver. Any suggestions? WINS? Thanks for giving no details about anything. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sarbanes-Oxley headaches
tor, 12.05.2005 kl. 18.54 skrev Robert Kelly: With the new scrutinization by auditors on account policies and auditing, how can Samba be SOX compliant? Using 3.0.14a-sernet on Suse 9.1 - ldapsam Specifically, a couple of things seem to be lacking: 1) Logon/Logoff times are not being recorded The last logon time recorded in my ldap entries are pre-nt4 migration. Bad luck? 2) Do the Audit Policy values in user manager have any effect? Are they implemented? Can they be syslogged? No to both, please read the official Samba HOWTOs. Experiment. Like we all have to. 3) How can I get a hook into logons? Without turning up the debug values, how can I tell if an account has had repeated login failures? Try 'man pdbedit' and search for -P. I have never understood why people complain about any item of software's supposed limitations until they have read and thoroughly understand all aspects of all the documentation. Perhaps they aspire toward posthumous beatification, attaining al martyrs' brigade status or whatever. Thanks, *Wake up* and at least make *some effort* to read the docs and follow the threads and experiment for yourself as 1001 others on this list, including the undersigned choose to do. Hanging yourself out is not to your own advantage. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba-docs r544 - in trunk/smbdotconf/logon: .
Author: jht Date: 2005-05-12 06:07:32 + (Thu, 12 May 2005) New Revision: 544 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=544 Log: Making sure all typos are fixed. Modified: trunk/smbdotconf/logon/logonpath.xml Changeset: Modified: trunk/smbdotconf/logon/logonpath.xml === --- trunk/smbdotconf/logon/logonpath.xml2005-05-10 23:24:19 UTC (rev 543) +++ trunk/smbdotconf/logon/logonpath.xml2005-05-12 06:07:32 UTC (rev 544) @@ -46,7 +46,7 @@ will break profile handling. Where the tdbsam or ldapsam passdb backend is used, at the time the user account is created the value configured for this parameter is written to the passdb backend and that value will - over-ride the parameter value present in the smb.conf; file. Any error + over-ride the parameter value present in the smb.conf file. Any error present in the passdb backend account record must be editted using the appropriate tool (pdbedit on the command-line, or any other locally provided system tool.
svn commit: samba r6742 - in trunk/source/lib: .
Author: vlendec
Date: 2005-05-12 06:42:56 + (Thu, 12 May 2005)
New Revision: 6742
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6742
Log:
Merge r6741 from 4_0
Modified:
trunk/source/lib/talloc.c
Changeset:
Modified: trunk/source/lib/talloc.c
===
--- trunk/source/lib/talloc.c 2005-05-12 02:54:42 UTC (rev 6741)
+++ trunk/source/lib/talloc.c 2005-05-12 06:42:56 UTC (rev 6742)
@@ -919,7 +919,7 @@
size_t len;
char *ret;
- for (len=0; p[len] lenn; len++) ;
+ for (len=0; lenn p[len]; len++) ;
ret = _talloc(t, len + 1);
if (!ret) { return NULL; }
svn commit: samba r6743 - in branches/SAMBA_3_0/source/lib: .
Author: vlendec
Date: 2005-05-12 06:43:12 + (Thu, 12 May 2005)
New Revision: 6743
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6743
Log:
Merge r6741 from 4_0
Modified:
branches/SAMBA_3_0/source/lib/talloc.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/talloc.c
===
--- branches/SAMBA_3_0/source/lib/talloc.c 2005-05-12 06:42:56 UTC (rev
6742)
+++ branches/SAMBA_3_0/source/lib/talloc.c 2005-05-12 06:43:12 UTC (rev
6743)
@@ -919,7 +919,7 @@
size_t len;
char *ret;
- for (len=0; p[len] lenn; len++) ;
+ for (len=0; lenn p[len]; len++) ;
ret = _talloc(t, len + 1);
if (!ret) { return NULL; }
svn commit: samba r6744 - in branches/SAMBA_4_0/source/libcli/cldap: .
Author: tridge Date: 2005-05-12 08:25:35 + (Thu, 12 May 2005) New Revision: 6744 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6744 Log: added support for reply packets in libcli/cldap/ Modified: branches/SAMBA_4_0/source/libcli/cldap/cldap.c branches/SAMBA_4_0/source/libcli/cldap/cldap.h Changeset: Sorry, the patch is too large (260 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6744
svn commit: samba r6745 - in branches/SAMBA_4_0/source/libcli/ldap: .
Author: tridge
Date: 2005-05-12 08:26:26 + (Thu, 12 May 2005)
New Revision: 6745
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6745
Log:
- escape spaces in binary ldap blobs
- expose the ldap filter string parsing outside of ldap.c
Modified:
branches/SAMBA_4_0/source/libcli/ldap/ldap.c
branches/SAMBA_4_0/source/libcli/ldap/ldap.h
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c
===
--- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2005-05-12 08:25:35 UTC
(rev 6744)
+++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2005-05-12 08:26:26 UTC
(rev 6745)
@@ -150,7 +150,7 @@
char *ret;
int len = blob.length;
for (i=0;iblob.length;i++) {
- if (!isprint(blob.data[i]) || blob.data[i] == '\\') {
+ if (!isprint(blob.data[i]) || strchr( *()\\|!,
blob.data[i])) {
len += 2;
}
}
@@ -159,7 +159,7 @@
len = 0;
for (i=0;iblob.length;i++) {
- if (!isprint(blob.data[i]) || blob.data[i] == '\\') {
+ if (!isprint(blob.data[i]) || strchr( *()\\|!,
blob.data[i])) {
snprintf(ret+len, 4, \\%02X, blob.data[i]);
len += 3;
} else {
@@ -318,7 +318,7 @@
filter ::= '(' filtercomp ')'
*/
static struct ldap_parse_tree *ldap_parse_filter(TALLOC_CTX *mem_ctx,
- const char **s)
+const char **s)
{
char *l, *s2;
const char *p, *p2;
@@ -1335,3 +1335,13 @@
}
+
+/*
+ externally callable version of filter string parsing - used in the
+ cldap server
+*/
+struct ldap_parse_tree *ldap_parse_filter_string(TALLOC_CTX *mem_ctx,
+const char *s)
+{
+ return ldap_parse_filter(mem_ctx, s);
+}
Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.h
===
--- branches/SAMBA_4_0/source/libcli/ldap/ldap.h2005-05-12 08:25:35 UTC
(rev 6744)
+++ branches/SAMBA_4_0/source/libcli/ldap/ldap.h2005-05-12 08:26:26 UTC
(rev 6745)
@@ -323,6 +323,8 @@
BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg);
BOOL ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
char **host, uint16_t *port, BOOL *ldaps);
+struct ldap_parse_tree *ldap_parse_filter_string(TALLOC_CTX *mem_ctx,
+const char *s);
/* The following definitions come from libcli/ldap/ldap_client.c */
svn commit: samba r6746 - in branches/SAMBA_4_0/source/librpc/ndr: .
Author: tridge
Date: 2005-05-12 08:27:04 + (Thu, 12 May 2005)
New Revision: 6746
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6746
Log:
added ndr_push_union_blob() for pushing IDL unions into a DATA_BLOB
Modified:
branches/SAMBA_4_0/source/librpc/ndr/ndr.c
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2005-05-12 08:26:26 UTC (rev
6745)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2005-05-12 08:27:04 UTC (rev
6746)
@@ -842,6 +842,29 @@
}
/*
+ push a union to a blob using NDR
+*/
+NTSTATUS ndr_push_union_blob(DATA_BLOB *blob, TALLOC_CTX *mem_ctx, void *p,
+uint32_t level, ndr_push_flags_fn_t fn)
+{
+ NTSTATUS status;
+ struct ndr_push *ndr;
+ ndr = ndr_push_init_ctx(mem_ctx);
+ if (!ndr) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ ndr_push_set_switch_value(ndr, p, level);
+ status = fn(ndr, NDR_SCALARS|NDR_BUFFERS, p);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ *blob = ndr_push_blob(ndr);
+
+ return NT_STATUS_OK;
+}
+
+/*
generic ndr_size_*() handler for structures
*/
size_t ndr_size_struct(const void *p, int flags, ndr_push_flags_fn_t push)
svn commit: samba r6747 - in branches/SAMBA_4_0/source: cldap_server include
Author: tridge Date: 2005-05-12 08:28:07 + (Thu, 12 May 2005) New Revision: 6747 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6747 Log: first working version of cldapd server. It is missing 'sites' support, and filling in some of the returned parameters is quite rough, but it seems to work OK Added: branches/SAMBA_4_0/source/cldap_server/netlogon.c Modified: branches/SAMBA_4_0/source/cldap_server/cldap_server.c branches/SAMBA_4_0/source/cldap_server/cldap_server.h branches/SAMBA_4_0/source/cldap_server/config.mk branches/SAMBA_4_0/source/include/structs.h Changeset: Sorry, the patch is too large (329 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6747
svn commit: samba-docs r545 - in trunk/Samba-HOWTO-Collection: .
Author: jht Date: 2005-05-12 08:32:59 + (Thu, 12 May 2005) New Revision: 545 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=545 Log: Interim update. Modified: trunk/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml Changeset: Sorry, the patch is too large (277 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=545
svn commit: samba r6748 - in branches/SAMBA_3_0/source/passdb: .
Author: vlendec
Date: 2005-05-12 08:33:27 + (Thu, 12 May 2005)
New Revision: 6748
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6748
Log:
With reconnects, state-connection-ldap_struct can change in smbldap_search
and friends. This should be a fix for bug 2701. Thanks to jht for giving me
access to his box!
Volker
Modified:
branches/SAMBA_3_0/source/passdb/pdb_ldap.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2005-05-12 08:28:07 UTC (rev
6747)
+++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2005-05-12 08:33:27 UTC (rev
6748)
@@ -3390,7 +3390,7 @@
static BOOL ldapsam_search_firstpage(struct pdb_search *search)
{
struct ldap_search_state *state = search-private;
- LDAP *ld = state-connection-ldap_struct;
+ LDAP *ld;
int rc = LDAP_OPERATIONS_ERROR;
state-entries = NULL;
@@ -3423,8 +3423,13 @@
state-connection-paged_results = False;
}
- if ( ld )
- state-current_entry = ldap_first_entry(ld, state-entries);
+ld = state-connection-ldap_struct;
+if ( ld == NULL) {
+DEBUG(5, (Don't have an LDAP connection right after a
+ search\n));
+return False;
+}
+state-current_entry = ldap_first_entry(ld, state-entries);
if (state-current_entry == NULL) {
ldap_msgfree(state-entries);
svn commit: samba r6749 - in trunk/source/passdb: .
Author: vlendec
Date: 2005-05-12 08:35:07 + (Thu, 12 May 2005)
New Revision: 6749
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6749
Log:
With reconnects, state-connection-ldap_struct can change in smbldap_search
and friends. This should be a fix for bug 2701. Thanks to jht for giving me
access to his box!
Volker
Modified:
trunk/source/passdb/pdb_ldap.c
Changeset:
Modified: trunk/source/passdb/pdb_ldap.c
===
--- trunk/source/passdb/pdb_ldap.c 2005-05-12 08:33:27 UTC (rev 6748)
+++ trunk/source/passdb/pdb_ldap.c 2005-05-12 08:35:07 UTC (rev 6749)
@@ -3778,7 +3778,7 @@
static BOOL ldapsam_search_firstpage(struct pdb_search *search)
{
struct ldap_search_state *state = search-private;
- LDAP *ld = state-connection-ldap_struct;
+ LDAP *ld;
int rc = LDAP_OPERATIONS_ERROR;
state-entries = NULL;
@@ -3811,8 +3811,13 @@
state-connection-paged_results = False;
}
- if ( ld )
- state-current_entry = ldap_first_entry(ld, state-entries);
+ld = state-connection-ldap_struct;
+if ( ld == NULL) {
+DEBUG(5, (Don't have an LDAP connection right after a
+ search\n));
+return False;
+}
+state-current_entry = ldap_first_entry(ld, state-entries);
if (state-current_entry == NULL) {
ldap_msgfree(state-entries);
svn commit: samba r6750 - in branches/SAMBA_4_0/source: cldap_server nbt_server/wins
Author: tridge
Date: 2005-05-12 09:03:14 + (Thu, 12 May 2005)
New Revision: 6750
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6750
Log:
some minor tweaks to the cldapd server
I can now join winxp - samba4 DC using long name, and login. The nice
thing is there are no delays now, as the client likes the replies it gets
Modified:
branches/SAMBA_4_0/source/cldap_server/netlogon.c
branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c
Changeset:
Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c
===
--- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2005-05-12 08:35:07 UTC
(rev 6749)
+++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2005-05-12 09:03:14 UTC
(rev 6750)
@@ -33,6 +33,7 @@
static NTSTATUS cldapd_netlogon_fill(struct cldap_socket *cldap,
TALLOC_CTX *mem_ctx,
const char *domain,
+const char *user,
const char *src_address,
uint32_t version,
union nbt_cldap_netlogon *netlogon)
@@ -59,6 +60,11 @@
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
+ /* the domain has an optional trailing . */
+ if (domain[strlen(domain)-1] == '.') {
+ domain = talloc_strndup(mem_ctx, domain, strlen(domain)-1);
+ }
+
/* try and find the domain */
ret = gendb_search(samctx, samctx, NULL, res, attrs,
((dnsDomain=%s)(objectClass=domainDNS)), domain);
@@ -87,7 +93,7 @@
pdc_dns_name = talloc_asprintf(mem_ctx, %s.%s,
lp_netbios_name(), dns_domain);
flatname = samdb_result_string(res[0], name, lp_workgroup());
- site_name= Default-First-Site-Name;
+ site_name= Default-First-Site-Name.bludom.tridgell.net;
site_name2 = ;
pdc_ip = iface_best_ip(src_address);
@@ -129,7 +135,7 @@
netlogon-logon3.pdc_dns_name = pdc_dns_name;
netlogon-logon3.domain = flatname;
netlogon-logon3.pdc_name = pdc_name;
- netlogon-logon3.user_name= ;
+ netlogon-logon3.user_name= user;
netlogon-logon3.site_name= site_name;
netlogon-logon3.site_name2 = site_name2;
netlogon-logon3.nt_version = 3;
@@ -144,7 +150,7 @@
netlogon-logon4.pdc_dns_name = pdc_dns_name;
netlogon-logon4.domain = flatname;
netlogon-logon4.pdc_name = lp_netbios_name();
- netlogon-logon4.user_name= ;
+ netlogon-logon4.user_name= user;
netlogon-logon4.site_name= site_name;
netlogon-logon4.site_name2 = site_name2;
netlogon-logon4.unknown = 10;
@@ -172,12 +178,15 @@
int i;
const char *domain = NULL;
const char *host = NULL;
+ const char *user = ;
int version = -1;
union nbt_cldap_netlogon netlogon;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
TALLOC_CTX *tmp_ctx = talloc_new(cldap);
+ DEBUG(0,(cldap filter='%s'\n, filter));
+
tree = ldap_parse_filter_string(tmp_ctx, filter);
if (tree == NULL) goto failed;
@@ -197,6 +206,11 @@
t-u.simple.value.data,
t-u.simple.value.length);
}
+ if (strcasecmp(t-u.simple.attr, User) == 0) {
+ user = talloc_strndup(tmp_ctx,
+ t-u.simple.value.data,
+ t-u.simple.value.length);
+ }
if (strcasecmp(t-u.simple.attr, NtVer) == 0
t-u.simple.value.length == 4) {
version = IVAL(t-u.simple.value.data, 0);
@@ -207,10 +221,10 @@
goto failed;
}
- DEBUG(2,(cldap netlogon query domain=%s host=%s version=%d\n,
-domain, host, version));
+ DEBUG(0,(cldap netlogon query domain=%s host=%s user=%s version=%d\n,
+domain, host, user, version));
- status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, src_address,
+ status = cldapd_netlogon_fill(cldap, tmp_ctx, domain, user,
src_address,
version, netlogon);
if (!NT_STATUS_IS_OK(status)) {
goto failed;
Modified: branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c
===
--- branches/SAMBA_4_0/source/nbt_server/wins/winsserver.c 2005-05-12
08:35:07 UTC (rev 6749)
svn commit: samba r6751 - in branches/SAMBA_4_0/source/setup: .
Author: tridge Date: 2005-05-12 09:13:53 + (Thu, 12 May 2005) New Revision: 6751 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6751 Log: dnsDomain should be CASE_INSENSITIVE (winxp will sometimes do a cldap query with this in uppercase) Modified: branches/SAMBA_4_0/source/setup/provision.ldif Changeset: Modified: branches/SAMBA_4_0/source/setup/provision.ldif === --- branches/SAMBA_4_0/source/setup/provision.ldif 2005-05-12 09:03:14 UTC (rev 6750) +++ branches/SAMBA_4_0/source/setup/provision.ldif 2005-05-12 09:13:53 UTC (rev 6751) @@ -12,6 +12,7 @@ realm: CASE_INSENSITIVE userPrincipalName: CASE_INSENSITIVE servicePrincipalName: CASE_INSENSITIVE +dnsDomain: CASE_INSENSITIVE cn: CASE_INSENSITIVE dc: CASE_INSENSITIVE name: CASE_INSENSITIVE WILDCARD
svn commit: samba-docs r546 - in trunk/Samba-HOWTO-Collection: .
Author: jht Date: 2005-05-12 09:21:41 + (Thu, 12 May 2005) New Revision: 546 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=546 Log: Folding Volker's and Guenthers contributions - interim commit. Modified: trunk/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml Changeset: Sorry, the patch is too large (306 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=546
svn commit: samba r6752 - in branches/SAMBA_4_0/source: build/m4 include include/system nsswitch
Author: jelmer Date: 2005-05-12 10:46:57 + (Thu, 12 May 2005) New Revision: 6752 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6752 Log: Patch by Steven Edwards to improve portability to mingw32 Modified: branches/SAMBA_4_0/source/build/m4/rewrite.m4 branches/SAMBA_4_0/source/include/includes.h branches/SAMBA_4_0/source/include/system/glob.h branches/SAMBA_4_0/source/include/system/network.h branches/SAMBA_4_0/source/include/system/passwd.h branches/SAMBA_4_0/source/nsswitch/winbind_nss_config.h Changeset: Modified: branches/SAMBA_4_0/source/build/m4/rewrite.m4 === --- branches/SAMBA_4_0/source/build/m4/rewrite.m4 2005-05-12 09:13:53 UTC (rev 6751) +++ branches/SAMBA_4_0/source/build/m4/rewrite.m4 2005-05-12 10:46:57 UTC (rev 6752) @@ -60,17 +60,17 @@ AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/mode.h) AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h) AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h) -AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h) +AC_CHECK_HEADERS(fnmatch.h pwd.h sys/termio.h sys/time.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h) AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h dlfcn.h) AC_CHECK_HEADERS(sys/syslog.h syslog.h) AC_CHECK_HEADERS(stdint.h locale.h) -AC_CHECK_HEADERS(shadow.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h) +AC_CHECK_HEADERS(shadow.h netdb.h netinet/in.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h) AC_CHECK_HEADERS(nss.h nss_common.h ns_api.h sys/security.h security/pam_appl.h security/pam_modules.h) AC_CHECK_HEADERS(stropts.h) AC_CHECK_HEADERS(sys/capability.h syscall.h sys/syscall.h) AC_CHECK_HEADERS(sys/acl.h) +AC_CHECK_HEADERS(windows.h winsock2.h ws2tcpip.h) - AC_TYPE_SIGNAL AC_TYPE_UID_T AC_TYPE_MODE_T Modified: branches/SAMBA_4_0/source/include/includes.h === --- branches/SAMBA_4_0/source/include/includes.h2005-05-12 09:13:53 UTC (rev 6751) +++ branches/SAMBA_4_0/source/include/includes.h2005-05-12 10:46:57 UTC (rev 6752) @@ -70,6 +70,14 @@ #include varargs.h #endif +#ifdef HAVE_WINSOCK2_H +#include winsock2.h +#endif + +#ifdef HAVE_WINDOWS_H +#include windows.h +#endif + /* we support ADS if we want it and have krb5 and ldap libs */ #if defined(WITH_ADS) defined(HAVE_KRB5) defined(HAVE_LDAP) #define HAVE_ADS Modified: branches/SAMBA_4_0/source/include/system/glob.h === --- branches/SAMBA_4_0/source/include/system/glob.h 2005-05-12 09:13:53 UTC (rev 6751) +++ branches/SAMBA_4_0/source/include/system/glob.h 2005-05-12 10:46:57 UTC (rev 6752) @@ -24,4 +24,6 @@ #include glob.h #endif +#ifdef HAVE_FNMATCH_H #include fnmatch.h +#endif Modified: branches/SAMBA_4_0/source/include/system/network.h === --- branches/SAMBA_4_0/source/include/system/network.h 2005-05-12 09:13:53 UTC (rev 6751) +++ branches/SAMBA_4_0/source/include/system/network.h 2005-05-12 10:46:57 UTC (rev 6752) @@ -28,9 +28,16 @@ #include sys/un.h #endif +#ifdef HAVE_NETINET_IN_H #include netinet/in.h +#endif +#ifdef HAVE_ARPA_INET_H #include arpa/inet.h +#endif + +#ifdef HAVE_NETDB_H #include netdb.h +#endif #ifdef HAVE_NETINET_TCP_H #include netinet/tcp.h Modified: branches/SAMBA_4_0/source/include/system/passwd.h === --- branches/SAMBA_4_0/source/include/system/passwd.h 2005-05-12 09:13:53 UTC (rev 6751) +++ branches/SAMBA_4_0/source/include/system/passwd.h 2005-05-12 10:46:57 UTC (rev 6752) @@ -20,8 +20,9 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#ifdef HAVE_PWD_H #include pwd.h - +#endif #ifdef HAVE_GRP_H #include grp.h #endif Modified: branches/SAMBA_4_0/source/nsswitch/winbind_nss_config.h === --- branches/SAMBA_4_0/source/nsswitch/winbind_nss_config.h 2005-05-12 09:13:53 UTC (rev 6751) +++ branches/SAMBA_4_0/source/nsswitch/winbind_nss_config.h 2005-05-12 10:46:57 UTC (rev 6752) @@ -75,7 +75,10 @@ #include sys/types.h #include sys/stat.h #include errno.h + +#ifdef HAVE_PWD_H #include pwd.h +#endif #include nsswitch/winbind_nss.h /* I'm trying really hard not to include anything from smb.h with the
svn commit: samba-docs r547 - in trunk/smbdotconf/printing: .
Author: vlendec Date: 2005-05-12 11:17:39 + (Thu, 12 May 2005) New Revision: 547 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=547 Log: Fix typo Modified: trunk/smbdotconf/printing/useclientdriver.xml Changeset: Modified: trunk/smbdotconf/printing/useclientdriver.xml === --- trunk/smbdotconf/printing/useclientdriver.xml 2005-05-12 09:21:41 UTC (rev 546) +++ trunk/smbdotconf/printing/useclientdriver.xml 2005-05-12 11:17:39 UTC (rev 547) @@ -20,7 +20,7 @@ considers the printer to be local, it will attempt to issue the OpenPrinterEx() call requesting access rights associated with the logged on user. If the user possesses local administator rights but -not root privilegde on the Samba host (often the case), the +not root privilege on the Samba host (often the case), the OpenPrinterEx() call will fail. The result is that the client will now display an quot;Access Denied; Unable to connectquot; message in the printer queue window (even though jobs may successfully be
svn commit: samba r6753 - in branches/SAMBA_3_0/source/libsmb: .
Author: derrell
Date: 2005-05-12 12:50:03 + (Thu, 12 May 2005)
New Revision: 6753
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6753
Log:
Fixes bug 2663. cli_getattrE() and cli_setattrE() were not formatting or
parsing the timestamp values correctly. It turns out they were using the
incorrect function for formatting and parsing values. Thanks to Satwik Hebbar
for reporting this and testing the patch.
Modified:
branches/SAMBA_3_0/source/libsmb/clifile.c
Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/clifile.c
===
--- branches/SAMBA_3_0/source/libsmb/clifile.c 2005-05-12 10:46:57 UTC (rev
6752)
+++ branches/SAMBA_3_0/source/libsmb/clifile.c 2005-05-12 12:50:03 UTC (rev
6753)
@@ -1103,15 +1103,15 @@
}
if (c_time) {
- *c_time = make_unix_date3(cli-inbuf+smb_vwv0);
+ *c_time = make_unix_date2(cli-inbuf+smb_vwv0);
}
if (a_time) {
- *a_time = make_unix_date3(cli-inbuf+smb_vwv2);
+ *a_time = make_unix_date2(cli-inbuf+smb_vwv2);
}
if (m_time) {
- *m_time = make_unix_date3(cli-inbuf+smb_vwv4);
+ *m_time = make_unix_date2(cli-inbuf+smb_vwv4);
}
return True;
@@ -1186,9 +1186,9 @@
cli_setup_packet(cli);
SSVAL(cli-outbuf,smb_vwv0, fd);
- put_dos_date3(cli-outbuf,smb_vwv1, c_time);
- put_dos_date3(cli-outbuf,smb_vwv3, a_time);
- put_dos_date3(cli-outbuf,smb_vwv5, m_time);
+ put_dos_date2(cli-outbuf,smb_vwv1, c_time);
+ put_dos_date2(cli-outbuf,smb_vwv3, a_time);
+ put_dos_date2(cli-outbuf,smb_vwv5, m_time);
p = smb_buf(cli-outbuf);
*p++ = 4;
svn commit: samba r6754 - in trunk/source/libsmb: .
Author: derrell
Date: 2005-05-12 12:56:18 + (Thu, 12 May 2005)
New Revision: 6754
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6754
Log:
merge SAMBA_3_0 r6753 (cli_[gs]etattrE() fixes)
Modified:
trunk/source/libsmb/clifile.c
Changeset:
Modified: trunk/source/libsmb/clifile.c
===
--- trunk/source/libsmb/clifile.c 2005-05-12 12:50:03 UTC (rev 6753)
+++ trunk/source/libsmb/clifile.c 2005-05-12 12:56:18 UTC (rev 6754)
@@ -1103,15 +1103,15 @@
}
if (c_time) {
- *c_time = make_unix_date3(cli-inbuf+smb_vwv0);
+ *c_time = make_unix_date2(cli-inbuf+smb_vwv0);
}
if (a_time) {
- *a_time = make_unix_date3(cli-inbuf+smb_vwv2);
+ *a_time = make_unix_date2(cli-inbuf+smb_vwv2);
}
if (m_time) {
- *m_time = make_unix_date3(cli-inbuf+smb_vwv4);
+ *m_time = make_unix_date2(cli-inbuf+smb_vwv4);
}
return True;
@@ -1186,9 +1186,9 @@
cli_setup_packet(cli);
SSVAL(cli-outbuf,smb_vwv0, fd);
- put_dos_date3(cli-outbuf,smb_vwv1, c_time);
- put_dos_date3(cli-outbuf,smb_vwv3, a_time);
- put_dos_date3(cli-outbuf,smb_vwv5, m_time);
+ put_dos_date2(cli-outbuf,smb_vwv1, c_time);
+ put_dos_date2(cli-outbuf,smb_vwv3, a_time);
+ put_dos_date2(cli-outbuf,smb_vwv5, m_time);
p = smb_buf(cli-outbuf);
*p++ = 4;
svn commit: samba r6755 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jerry
Date: 2005-05-12 13:09:33 + (Thu, 12 May 2005)
New Revision: 6755
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6755
Log:
removing domain_sid() since it is not referenced anymore
Modified:
branches/SAMBA_3_0/source/nsswitch/winbindd.h
branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c
branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c
branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd.h 2005-05-12 12:56:18 UTC
(rev 6754)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd.h 2005-05-12 13:09:33 UTC
(rev 6755)
@@ -210,10 +210,6 @@
char ***alt_names,
DOM_SID **dom_sids);
- /* find the domain sid */
- NTSTATUS (*domain_sid)(struct winbindd_domain *domain,
- DOM_SID *sid);
-
/* setup the list of alternate names for the domain, if any */
NTSTATUS (*alternate_name)(struct winbindd_domain *domain);
};
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2005-05-12 12:56:18 UTC
(rev 6754)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c 2005-05-12 13:09:33 UTC
(rev 6755)
@@ -892,36 +892,6 @@
return result;
}
-/* find the domain sid for a domain */
-static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
-{
- ADS_STRUCT *ads;
- ADS_STATUS rc;
-
- DEBUG(3,(ads: domain_sid\n));
-
- ads = ads_cached_connection(domain);
-
- if (!ads) {
- domain-last_status = NT_STATUS_SERVER_DISABLED;
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- rc = ads_domain_sid(ads, sid);
-
- if (!ADS_ERR_OK(rc)) {
-
- /* its a dead connection; don't destroy it though
- since that has already been done indirectly
- by ads_domain_sid() */
-
- domain-private = NULL;
- }
-
- return ads_ntstatus(rc);
-}
-
-
/* find alternate names list for the domain - for ADS this is the
netbios name */
static NTSTATUS alternate_name(struct winbindd_domain *domain)
@@ -972,7 +942,6 @@
lookup_groupmem,
sequence_number,
trusted_domains,
- domain_sid,
alternate_name
};
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2005-05-12 12:56:18 UTC
(rev 6754)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2005-05-12 13:09:33 UTC
(rev 6755)
@@ -1398,18 +1398,6 @@
names, alt_names, dom_sids);
}
-/* find the domain sid */
-static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
-{
- get_cache(domain);
-
- DEBUG(10,(domain_sid: [Cached] - doing backend query for info for
domain %s\n,
- domain-name ));
-
- /* we don't cache this call */
- return domain-backend-domain_sid(domain, sid);
-}
-
/* find the alternate names for the domain, if any */
static NTSTATUS alternate_name(struct winbindd_domain *domain)
{
@@ -1476,6 +1464,5 @@
lookup_groupmem,
sequence_number,
trusted_domains,
- domain_sid,
alternate_name
};
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c2005-05-12
12:56:18 UTC (rev 6754)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_passdb.c2005-05-12
13:09:33 UTC (rev 6755)
@@ -373,13 +373,6 @@
return nt_status;
}
-/* find the domain sid for a domain */
-static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
-{
- sid_copy(sid, domain-sid);
- return NT_STATUS_OK;
-}
-
/* find alternate names list for the domain
* should we look for netbios aliases??
SSS */
@@ -405,6 +398,5 @@
lookup_groupmem,
sequence_number,
trusted_domains,
- domain_sid,
alternate_name
};
Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c
===
--- branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c 2005-05-12 12:56:18 UTC
(rev 6754)
+++ branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c 2005-05-12 13:09:33 UTC
(rev 6755)
@@ -1021,44 +1021,6 @@
return result;
}
-/* find the domain sid for a domain */
-static NTSTATUS domain_sid(struct winbindd_domain *domain,
svn commit: samba r6756 - in trunk/source: include registry utils
Author: jerry
Date: 2005-05-12 13:12:48 + (Thu, 12 May 2005)
New Revision: 6756
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6756
Log:
a few more registry fixesgetting closer; need to write security descriptors
next
Modified:
trunk/source/include/regfio.h
trunk/source/registry/regfio.c
trunk/source/utils/net_rpc_registry.c
Changeset:
Modified: trunk/source/include/regfio.h
===
--- trunk/source/include/regfio.h 2005-05-12 13:09:33 UTC (rev 6755)
+++ trunk/source/include/regfio.h 2005-05-12 13:12:48 UTC (rev 6756)
@@ -202,7 +202,7 @@
REGF_NK_REC* regfio_fetch_subkey( REGF_FILE *file, REGF_NK_REC *nk );
REGF_NK_REC* regfio_write_key ( REGF_FILE *file, const char *name,
REGVAL_CTR *values, REGSUBKEY_CTR *subkeys,
- REGF_NK_REC *parent );
+ SEC_DESC *sec_desc, REGF_NK_REC *parent );
#endif /* _REGFIO_H */
Modified: trunk/source/registry/regfio.c
===
--- trunk/source/registry/regfio.c 2005-05-12 13:09:33 UTC (rev 6755)
+++ trunk/source/registry/regfio.c 2005-05-12 13:12:48 UTC (rev 6756)
@@ -276,6 +276,7 @@
uint16 class_length, name_length;
uint32 start;
uint32 data_size, start_off, end_off;
+ uint32 unknown_off = REGF_OFFSET_NONE;
nk-hbin_off = prs_offset( ps );
start = nk-hbin_off;
@@ -310,6 +311,8 @@
return False;
if ( !prs_uint32( subkeys_off, ps, depth, nk-subkeys_off ))
return False;
+ if ( !prs_uint32( unknown_off, ps, depth, unknown_off) )
+ return False;
if ( !prs_set_offset( ps, start+0x0024 ) )
return False;
@@ -1066,7 +1069,7 @@
/* hard coded values...no diea what these are ... maybe in time */
- file-unknown1 = 0x1;
+ file-unknown1 = 0x2;
file-unknown2 = 0x1;
file-unknown3 = 0x3;
file-unknown4 = 0x0;
@@ -1353,6 +1356,8 @@
if ( !write_hbin_block( file, hbin ) )
return NULL;
+ file-last_block = hbin-file_off;
+
return hbin;
}
@@ -1566,7 +1571,7 @@
REGF_NK_REC* regfio_write_key( REGF_FILE *file, const char *name,
REGVAL_CTR *values, REGSUBKEY_CTR *subkeys,
- REGF_NK_REC *parent )
+ SEC_DESC *secdesc, REGF_NK_REC *parent )
{
REGF_NK_REC *nk;
REGF_HBIN *vlist_hbin;
Modified: trunk/source/utils/net_rpc_registry.c
===
--- trunk/source/utils/net_rpc_registry.c 2005-05-12 13:09:33 UTC (rev
6755)
+++ trunk/source/utils/net_rpc_registry.c 2005-05-12 13:12:48 UTC (rev
6756)
@@ -359,7 +359,7 @@
regsubkey_ctr_addkey( subkeys, subkey-keyname );
}
- key = regfio_write_key( outfile, nk-keyname, values, subkeys, parent
);
+ key = regfio_write_key( outfile, nk-keyname, values, subkeys,
nk-sec_desc-sec_desc, parent );
/* write each one of the subkeys out */
svn commit: samba r6757 - in branches/SAMBA_3_0/source: .
Author: derrell Date: 2005-05-12 13:39:00 + (Thu, 12 May 2005) New Revision: 6757 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6757 Log: test for existence of sys/un.h was missing, thus AF_LOCAL support was not found Modified: branches/SAMBA_3_0/source/configure.in Changeset: Modified: branches/SAMBA_3_0/source/configure.in === --- branches/SAMBA_3_0/source/configure.in 2005-05-12 13:12:48 UTC (rev 6756) +++ branches/SAMBA_3_0/source/configure.in 2005-05-12 13:39:00 UTC (rev 6757) @@ -707,6 +707,7 @@ AC_CHECK_HEADERS(rpcsvc/yp_prot.h, sys/mode.h, [], [] -) AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h) AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h) +AC_CHECK_HEADERS(sys/un.h) AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h) AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h) AC_CHECK_HEADERS(sys/sysmacros.h security/_pam_macros.h dlfcn.h)
svn commit: samba r6758 - in trunk/source: .
Author: derrell Date: 2005-05-12 13:40:40 + (Thu, 12 May 2005) New Revision: 6758 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6758 Log: merge r6757 from 3_0 Modified: trunk/source/configure.in Changeset: Modified: trunk/source/configure.in === --- trunk/source/configure.in 2005-05-12 13:39:00 UTC (rev 6757) +++ trunk/source/configure.in 2005-05-12 13:40:40 UTC (rev 6758) @@ -700,6 +700,7 @@ AC_CHECK_HEADERS(rpcsvc/yp_prot.h, sys/mode.h, [], [] -) AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h) AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h) +AC_CHECK_HEADERS(sys/un.h) AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h) AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h) AC_CHECK_HEADERS(sys/sysmacros.h security/_pam_macros.h dlfcn.h)
svn commit: samba r6759 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: idra
Date: 2005-05-12 14:39:03 + (Thu, 12 May 2005)
New Revision: 6759
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6759
Log:
let us have a wildcard attribute so that we can set a default for all attributes
example:
*: CASE_INSENSITIVE
by placing it in the @ATTRIBUTES object you make all the matching be case
insensitive
to make an excepion to the general rule now you just need to create an entry
like:
name: CASE_SENSITIVE
the key CASE_SENSITIVE currently does not exist but has the effect of making
the code
ignore the wildcard default flag and being ldb case sensitive by default it let
the
name attribute be case sensitive again
Tridge, can you look at this commit?
Should we introduce a CASE_SENSITVE/BINARY flag and handle it in the code ?
Simo.
Modified:
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2005-05-12
13:40:40 UTC (rev 6758)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_cache.c 2005-05-12
14:39:03 UTC (rev 6759)
@@ -272,7 +272,13 @@
attrs = ldb_msg_find_string(ltdb-cache-attributes, attr_name, NULL);
if (!attrs) {
- return ret;
+
+ /* check if theres a wildcard attribute */
+ attrs = ldb_msg_find_string(ltdb-cache-attributes, *, NULL);
+
+ if (!attrs) {
+ return ret;
+ }
}
/* we avoid using strtok and friends due to their nasty
svn commit: samba r6760 - in branches/SAMBA_4_0/packaging: . debian
Author: jelmer Date: 2005-05-12 19:31:50 + (Thu, 12 May 2005) New Revision: 6760 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6760 Log: Update debian packages Modified: branches/SAMBA_4_0/packaging/ branches/SAMBA_4_0/packaging/debian/README.building branches/SAMBA_4_0/packaging/debian/changelog branches/SAMBA_4_0/packaging/debian/rules Changeset: Property changes on: branches/SAMBA_4_0/packaging ___ Name: svn:ignore + configure Modified: branches/SAMBA_4_0/packaging/debian/README.building === --- branches/SAMBA_4_0/packaging/debian/README.building 2005-05-12 14:39:03 UTC (rev 6759) +++ branches/SAMBA_4_0/packaging/debian/README.building 2005-05-12 19:31:50 UTC (rev 6760) @@ -8,7 +8,7 @@ Now, go to packaging/, and run: -dpkg-buildpackage -rfakeroot +svn-buildpackage -rfakeroot See the Debian docs for more information about the debian build process. Modified: branches/SAMBA_4_0/packaging/debian/changelog === --- branches/SAMBA_4_0/packaging/debian/changelog 2005-05-12 14:39:03 UTC (rev 6759) +++ branches/SAMBA_4_0/packaging/debian/changelog 2005-05-12 19:31:50 UTC (rev 6760) @@ -1,3 +1,9 @@ +samba4 (3.9.0-SVN-build-6710-1) unstable; urgency=low + + * Newer upstream version + + -- Jelmer Vernooij [EMAIL PROTECTED] Thu, 12 May 2005 14:04:05 +0200 + samba4 (3.9.0-SVN-build-655-1) unstable; urgency=low * Initial release. Modified: branches/SAMBA_4_0/packaging/debian/rules === --- branches/SAMBA_4_0/packaging/debian/rules 2005-05-12 14:39:03 UTC (rev 6759) +++ branches/SAMBA_4_0/packaging/debian/rules 2005-05-12 19:31:50 UTC (rev 6760) @@ -4,8 +4,7 @@ # based on the sample debian/rules file for GNU hello by Ian Jackson. -SOURCEPATH=../source -DOCSPATH=../docs +SOURCEPATH=../../source package=samba4 @@ -25,21 +24,17 @@ --with-syslog \ --with-readline \ --with-ldap - cd $(DOCSPATH) autoreconf - cd $(DOCSPATH) ./configure touch configure build: configure $(checkdir) cd $(SOURCEPATH) $(MAKE) proto all - cd $(DOCSPATH) $(MAKE) htmlman manpages touch build clean: $(checkdir) rm -f build -cd $(SOURCEPATH) $(MAKE) clean - -cd $(DOCSPATH) $(MAKE) clean rm -f `find . -name *~` rm -rf debian/tmp `find debian/* -type d ! -name CVS` debian/files* core rm -f debian/*substvars @@ -58,8 +53,6 @@ cd $(SOURCEPATH) $(MAKE) install DESTDIR=`pwd`/../packaging/debian/tmp mkdir -p debian/tmp/usr/share/man/man1 mkdir -p debian/tmp/usr/share/man/man7 - cp $(DOCSPATH)/output/manpages/*.1 debian/tmp/usr/share/man/man1 - cp $(DOCSPATH)/output/manpages/*.7 debian/tmp/usr/share/man/man7 cp $(SOURCEPATH)/build/pidl/pidl.pl debian/tmp/usr/bin/pidl debstd dpkg-gencontrol -isp -psamba4
svn commit: samba-docs r548 - in trunk/Samba-HOWTO-Collection: .
Author: jht Date: 2005-05-12 21:09:54 + (Thu, 12 May 2005) New Revision: 548 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=548 Log: Another update. Modified: trunk/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml trunk/Samba-HOWTO-Collection/TOSHARG-TheNetCommand.xml Changeset: Modified: trunk/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml === --- trunk/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml 2005-05-12 11:17:39 UTC (rev 547) +++ trunk/Samba-HOWTO-Collection/TOSHARG-Group-Mapping.xml 2005-05-12 21:09:54 UTC (rev 548) @@ -92,8 +92,6 @@ UNIX/Linux group, an attempt that will of course fail. /para - - para indextermprimaryGID/primary/indexterm indextermprimarySID/primary/indexterm @@ -220,6 +218,105 @@ /sect2 sect2 + titleNested Groups: Adding Windows Domain Groups to Windows Local Groups/title + + indextermprimarygroups/primarysecondarynested/secondary/indexterm + + para + This functionality is known as constantnested groups/constant and was first added to + Samba-3.0.3. + /para + + para + All Microsoft Windows products since the release of Windows NT 3.10 support the use of nested groups. + Many Windows network administrators depend on this capability becasue it greatly simplifies security + administration. + /para + + para + The nested group architecture was designed with the premise that day-to-day user and group membership + management should be performed on the domain security database. The application of group security + should be implemented on domain member servers using only local groups. On the domain member server + all file system security controls are then limited to use of the local groups which will contain + domain global groups and domain global users. + /para + + para + You may ask, What are the benefits of this arrangement? The answer is obvious to those who have plumbed + the dark depths of Windows networking architecture. Consider for a moment a server on which are stored + 200,000 files, each with individual domain user and domain group settings. The company that owns the + file server is bought by another company resulting in the server being moved to another location and then + it is made a member of a different domain. Who would you think now owns all the files and directories? + Answer: Account Unknown. + /para + + para + Unravelling the file ownership mess is an unenviable administrative task that can be avoided simply + by using local groups to control all file and directory access control. In this case, only the members + of the local groups will have been lost. The files and directories in the storage subsystem will still + be owned by the local groups. The same goes for all ACLs on them. It is administratively much simpler + to delete the constantAccount Unknown/constant membership entries inside local groups with appropriate + entries for domain global groups in the new domain that the server has been made a member of. + /para + + para + Another prominent example of the use of nested groups involves implementation of administrative privileges + on domain member workstations and servers. Administrative privileges are given to all members of the + builtin + local group constantAdministrators/constant on each domain member machine. To ensure that all domain + administrators have full rights on the member server or workstation, on joining the domain the + constantDomain Admins/constant group is added to the local Administrators group. Thus everyone who is + logged into the domain as a member of the Domain Admins group is also granted local adminitrative + privileges on each domain member. + /para + + para + UNIX/Linux has no concept of support for nested groups, and thus Samba has for a long time not supported + them either. The problem is that you would have to enter unix groups as auxiliary members of a group in + filename/etc/group/filename. This does not work because it was not a design requirement at the time + the UNIX file system security model was implemented. Since Samba-2.2 the winbind daemon can provide + filename/etc/group/filename entries on demand by obtaining user and group information from the Domain + Controller that the Samba server is a member of. + /para + para + In effect, Samba supplements the filename/etc/group/filename data via the dynamic + commandlibnss_winbind/command mechanism. Beginning with Samba-3.0.3 this facility is used to provide + local groups in the same manner as Windows does it. It works
svn commit: samba-web r670 - in trunk/news/announcements: .
Author: deryck Date: 2005-05-12 21:54:18 + (Thu, 12 May 2005) New Revision: 670 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=670 Log: Adding news on FreeNX SambaXP edition deryck Added: trunk/news/announcements/freenx-0.4.0.html Changeset: Added: trunk/news/announcements/freenx-0.4.0.html === --- trunk/news/announcements/freenx-0.4.0.html 2005-05-11 23:34:23 UTC (rev 669) +++ trunk/news/announcements/freenx-0.4.0.html 2005-05-12 21:54:18 UTC (rev 670) @@ -0,0 +1,43 @@ +h3a name=freenx-0.4.0FreeNX-0.4.0 with Samba File and Printer Sharing/a/h3 + +div class=article + pFreeNX has a new release (0.4.0), which may be of interest to others in + the Samba community. The + a href=http://mail.kde.org/pipermail/freenx-knx/2005-May/001240.html;announcement/a can help explain why:/p + + blockquote + It is code-named iSambaXP Edition/i for two + reasons: + + ul +liits first public announcement happened + during the SambaXP Conference in + Goettingen/Germany./li + +lithis version utilizes for the first time + Samba to support file sharing between NX client + and FreeNX server./li + /ul + + FreeNX 0.4.0 sports several new feature and fixes + for all bugs found in 0.3.1. [] New major + features include: + + ul +liFull filesharing support via Samba./li +liSound support via ESD/artsd./li +liPrinting support via Samba and a separate + userspace cupsd for each user session./li + /ul + /blockquote + + pFor all the details on FreeNX-0.4.0 SambaXP Edition, see the + a href=http://mail.kde.org/pipermail/freenx-knx/2005-May/001240.html;release announcement/a (quoted above). For more on FreeNX itself, see the + a href=http://developer.berlios.de/projects/freenx/;FreeNX project + site/a. There is also a a href=https://mail.kde.org/mailman/listinfo/freenx-knx;FreeNX-kNX user mailing list/a./p + + p class=creditSubmitted by a href=mailto:[EMAIL PROTECTED]Kurt + Pfeifle/a./p +/div + +
Build status as of Fri May 13 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-05-12 00:00:12.0 + +++ /home/build/master/cache/broken_results.txt 2005-05-13 00:00:08.0 + @@ -1,16 +1,16 @@ -Build status as of Thu May 12 00:00:01 2005 +Build status as of Fri May 13 00:00:01 2005 Build counts: Tree Total Broken Panic ccache 35 3 0 distcc 35 3 0 ppp 21 1 0 -rsync36 1 0 +rsync36 2 0 samba1 1 1 samba-docs 0 0 0 -samba4 38 27 0 -samba_3_036 12 4 -talloc 29 19 0 +samba4 38 26 0 +samba_3_036 9 4 +talloc 29 18 0 tdb 29 29 0 Currently broken builds: @@ -19,6 +19,7 @@ aix1 talloc gccok/ 2/?/? aix1 tdb gcc 2/?/?/? lithiumtdb gcc 2/?/?/? +cyberone rsyncgccok/ok/ok/ 2 fusberta samba4 gccok/ 2/?/? fusberta talloc gccok/ 2/?/? fusberta tdb gcc 2/?/?/? @@ -27,7 +28,6 @@ samba-s390 tdb gcc 2/?/?/? rhonwynsamba4 gccok/ 2/?/? rhonwynsamba4 gcc-4.0ok/ 2/?/? -rhonwynsamba_3_0gcc-4.0ok/ 2/?/? rhonwynsamba4 tccok/ 2/?/? superego tdb gcc 2/?/?/? cl012 talloc gccok/ok/ 2/? @@ -37,7 +37,6 @@ berks samba4 gccok/ 2/?/? berks tdb gcc 2/?/?/? shelob samba4 gccok/ 2/?/? -shelob talloc gccok/ok/ 2/? shelob tdb gcc 2/?/?/? shelob ccache iccok/ok/ok/ 2 shelob distcc icc 127/?/?/? @@ -48,14 +47,12 @@ aretnaptdb gcc 2/?/?/? aretnapccache iccok/ok/ok/ 1 aretnapsamba4 iccok/ 1/?/? -aretnapsamba_3_0iccok/ok/ok/ 1 aretnaptalloc iccok/ 1/?/? aretnaptdb icc 2/?/?/? gc4samba4 gccok/ 1/?/? gc4talloc gccok/ 1/?/? gc4tdb gcc 2/?/?/? manhattan samba4 cc ok/ 1/?/? -manhattan samba_3_0cc 127/?/?/? sbfsamba4 gccok/ 1/?/? sbftalloc gccok/ 1/?/? sbftdb gcc 2/?/?/? @@ -90,7 +87,7 @@ sun1 samba_3_0cc ok/ 2/?/? sun1 talloc cc ok/ 2/?/? sun1 tdb cc 2/?/?/? -sun1 samba_3_0gccok/ok/ok/ 7/PANIC +sun1 samba_3_0gccok/ok/ok/ 8/PANIC sun1 talloc gccok/ 2/?/? sun1 tdb gcc 2/?/?/? fire1 samba_3_0gccok/ok/ok/ 7/PANIC @@ -108,7 +105,6 @@ l390vme1 talloc gccok/ok/ 2/? l390vme1 tdb gcc 2/?/?/? opippp gccok/ 2/?/? -opisamba4 gccok/ 2/?/? opitalloc gccok/ok/ 2/? opitdb gcc 2/?/?/?
svn commit: samba r6761 - in branches/SAMBA_4_0/source/cldap_server: .
Author: tridge
Date: 2005-05-13 05:29:41 + (Fri, 13 May 2005)
New Revision: 6761
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6761
Log:
- not everyone is in my domain :-)
- started adding support for the other cldap attributes that XP uses
Modified:
branches/SAMBA_4_0/source/cldap_server/netlogon.c
Changeset:
Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c
===
--- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2005-05-12 19:31:50 UTC
(rev 6760)
+++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2005-05-13 05:29:41 UTC
(rev 6761)
@@ -93,7 +93,8 @@
pdc_dns_name = talloc_asprintf(mem_ctx, %s.%s,
lp_netbios_name(), dns_domain);
flatname = samdb_result_string(res[0], name, lp_workgroup());
- site_name= Default-First-Site-Name.bludom.tridgell.net;
+ site_name= talloc_asprintf(mem_ctx,
Default-First-Site-Name.%s,
+ dns_domain);
site_name2 = ;
pdc_ip = iface_best_ip(src_address);
@@ -179,6 +180,9 @@
const char *domain = NULL;
const char *host = NULL;
const char *user = ;
+ const char *domain_guid = NULL;
+ const char *domain_sid = NULL;
+ int acct_control = -1;
int version = -1;
union nbt_cldap_netlogon netlogon;
NTSTATUS status = NT_STATUS_INVALID_PARAMETER;
@@ -206,6 +210,16 @@
t-u.simple.value.data,
t-u.simple.value.length);
}
+ if (strcasecmp(t-u.simple.attr, DomainGuid) == 0) {
+ domain_guid = talloc_strndup(tmp_ctx,
+t-u.simple.value.data,
+t-u.simple.value.length);
+ }
+ if (strcasecmp(t-u.simple.attr, DomainSid) == 0) {
+ domain_sid = talloc_strndup(tmp_ctx,
+ t-u.simple.value.data,
+ t-u.simple.value.length);
+ }
if (strcasecmp(t-u.simple.attr, User) == 0) {
user = talloc_strndup(tmp_ctx,
t-u.simple.value.data,
@@ -215,6 +229,10 @@
t-u.simple.value.length == 4) {
version = IVAL(t-u.simple.value.data, 0);
}
+ if (strcasecmp(t-u.simple.attr, AAC) == 0
+ t-u.simple.value.length == 4) {
+ acct_control = IVAL(t-u.simple.value.data, 0);
+ }
}
if (domain == NULL || host == NULL || version == -1) {
