[Samba] Abwesenheitsnotiz: ***SPAM*** Auslaenderpolitik
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Abwesenheitsnotiz: ***SPAM*** Auslaenderpolitik
Befinde mich derzeit nicht im Hause. Werde voraussichtlich ab 23. Mai wieder erscheinen. Ihre E-Mail läuft bei meiner Vertreterin, Frau ROI Heinz, Tel. 1470 auf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Abwesenheitsnotiz: ***SPAM*** Auslaenderpolitik
Sehr geehrte Damen und Herren, leider bin ich bis einschließlich 27.05.2005 nicht erreichbar. In dringenden Angelegenheiten wenden Sie sich bitte an Herrn RAR Müller. Telefon:0981 53-1578 Telefax:0981 53-5578 mailto:[EMAIL PROTECTED] Mit freundlichen Grüßen gez. Albert Bögelein -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] dual boot linux/winxp, winbind
Hi, Different machine names? (machineWin/MachineLnx) Just my 2 cents. Bruno Guerreiro -Original Message- From: Rex Dieter [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 18 de Maio de 2005 21:58 To: samba@lists.samba.org Subject: [Samba] dual boot linux/winxp, winbind We have a bunch of dual-boot boxes (linux/winxp). I'd like to be able to use winbind (against ads) for user authentication on the linux side, but it appears samba has to join the AD too. Upon joining the AD under linux/samba, it makes the windows side of things stop working (machine account has been modified). In the past, when using an NT4 domain, I was able to tell samba to use a different (netbios) name, via (in smb.conf): netbios name = hostname-samba netbios aliases = hostname When trying this now against ads, it *appears* to join the domain ok, but it doesn't work. For example, $ wbinfo -t checking the trust secret vi RPC calls failed error code was STATUS_BUFFER_OVERFLOW (0x8005) Could not check secret Suggestions/workarounds for dual-boot machines? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: One more
Hi, I've solved that issue by setting homeDirectory: /dev/null loginShell: /bin/false to the users and don't wish to give access. Don't know if it is the right way, but it solves my problems. But then again, I'm using Samba+OpenLDAP, and have almost zero experience with AD. Best regards, Bruno Guerreiro -Original Message- From: Rex Dieter [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 18 de Maio de 2005 21:52 To: samba@lists.samba.org Subject: [Samba] Re: One more Etienne Goyer wrote: Is it possible to make available as Unix user only members of a specific Windows group ? I too would be very interested in this. I don't want/need to give access to our Linux boxes to *every* AD user. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mac OSX breaking POSIX rights with SMB/CIFS
hi list, we recently saw the following weird behaviour on samba v3.0.13 with MacOSX panther and tiger as clients --setup-- [share1] path = /data valid users = @admins force user = administrator inherit permissions = yes force create mode = 770 force directory mode = 2770 [share2] path = /data/folder valid users = @noadmins force user = administrator inherit permissions = yes force create mode = 770 force directory mode = 2770 where: /data administrator.adminsrwxrwsr-x /data/folderadministrator.noadmins rwxrws--- members of @admins are also members of @noadmins --setup-- if you connect from MaxOSX (smb/cifs) to share2 and create a file the file looks like /data/folder/new.txtadministrator.noadmins rwxrwx--- if you connect now from MaxOSX (smb/cifs) to share1 and create a file in /data/folder the file looks like /data/folder/new2.txt administrator.*admins* rwxrwx--- even if you modify new.txt and save it it gets this group change (noadmins-admins) - so nobody from noadmins is able to modify those files anymore :( we were able to reproduce this on a windows NT fileserver in the same setup (of course with equivalent NTFS/share rights) if you follow this procedure with a windows client everything looks like it should: all files/dirs in /data/folder/ get rwxrwx--- (or rwxrws--- for dirs) and administrator.noadmins as the owners can you help us? could you please try to reproduce this? we have to use minimum acls because we use netatalk also which doesn't understand ext. acls! thx in advance -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trouble joining domain at BDC site
Hi, Is your BDC at office 2, registering itself correctly in your wins server? Best Regards, Bruno Guerreiro -Original Message- From: David Sonenberg [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 19 de Maio de 2005 0:47 To: samba@lists.samba.org Subject: [Samba] Trouble joining domain at BDC site I have no trouble joining the domain in our main office(samba PDC) or a branch office(samba BDC) but for some reason I can't join the domain at the branch office 2(also samba BDC) All three offices are running 3.0.11 and the 2 branch offices have identical configurations, aside from ip address'. The message I get from Windows XP is: The following error occured attempting to join the domain strozllc The specified domain does not exist or could not be contacted. I was able to join a linux machine to the domain by doing: net rpc join -U administrator -S FQDN.OF.PDC Is there a windows registry entry where I can put the FQDN of the PDC or is there something else I should try? -- David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane 15th Floor New York, NY 10038 Tel 212.981.6527 Fax 917.495.4918 This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No right to confidential or privileged treatment of this message is waived or lost by any error in transmission. If you have received this message in error, please immediately notify the sender by e-mail or by telephone at 212.981.6540, delete the message and all copies from your system and destroy any hard copies. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot get machines to logon to domain
Hello, SNIP So again the problem is that I cannot get the machines to join the domain. I created the group and each computer manually. Then I added the users and machines using smbpasswd manually. try the following line in your global section of smb.conf add machine script = /usr/sbin/useradd -g 1001 -d /var/lib/nobody -s /bin/false %u make sure you have a unix group machines or whatever you like with a unique id that fits in your environment. on some systems you can try a home directory -d /dev/null hope this helps cheers F.W. Here is my smb.conf [global] workgroup = MIDDLE_EARTH netbios name = ISENGARD server string = Isengard browseable = yes printcap name = /etc/printcap load printers = yes printing = cups cups options = raw log file = /var/log/samba/%m.log max log size = 200 security = user encrypt passwords = yes passdb backend = tdbsam smb passwd file = /etc/samba/passdb.tdb username map = /etc/smbusers unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 35 domain master = yes preferred master = yes local master = yes domain logons = yes logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U dns proxy = no # Share Definitions == idmap uid = 15000-2 idmap gid = 15000-2 template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories browseable = no valid users = %S writable = yes [netlogon] comment = Network Logon Service path = /helios guest ok = No writable = yes browseable = No admin users = root [Profiles] path = /helios browseable = No guest ok = No profile acls = Yes read only = No [printers] comment = All Printers path = /var/spool/samba browseable = No guest ok = Yes writable = No printable = yes [temp] comment = Temporary file space path = /helios/temp read only = no public = yes [public] comment = Public Stuff path = /helios/public public = yes read only = No [oldserv] path = /helios/oldserv public = yes read only = no Cheers, KGE This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba and Apple's open directory
Hello list, Is it possible to get a linux samba to authenticate against Apple's open directory? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind nsswitch stuff.
Hi all Ive setup winbind and nsswitch etc everything works great but because of some scripts I run which create auth files, is it possible to see the domain accounts usernames and passwords? Obviously not in plain text, but to export them into a crypt format? If not, is it possible to make .htaccess somehow use the domain information instead of a flatfile? That and squid? Else im stumped with this one :/ Many thanks Ross -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dual boot linux/winxp, winbind
Bruno Guerreiro wrote: We have a bunch of dual-boot boxes (linux/winxp). I'd like to be able ... In the past, when using an NT4 domain, I was able to tell samba to use a different (netbios) name, via (in smb.conf): netbios name = hostname-samba netbios aliases = hostname When trying this now against ads, it *appears* to join the domain ok, but it doesn't work. For example, $ wbinfo -t checking the trust secret vi RPC calls failed error code was STATUS_BUFFER_OVERFLOW (0x8005) Could not check secret Suggestions/workarounds for dual-boot machines? Different machine names? (machineWin/MachineLnx) We're using DHCP, so they get assigned the same IP/hostname regardless of which OS is booted. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: One more
Bruno Guerreiro wrote: I've solved that issue by setting homeDirectory: /dev/null loginShell: /bin/false to the users and don't wish to give access. Don't know if it is the right way, but it solves my problems. That won't work for us, as I don't have rights to modify accounts outside of our Departmental OU. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] dual boot linux/winxp, winbind
And I'm correct to assume you're reserving Ip's at your dhcp server? Is it mandatory to add the machine name to the lease at the server? Best Regards, Bruno Guerreiro -Original Message- From: Rex Dieter [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 19 de Maio de 2005 12:37 To: samba@lists.samba.org Subject: Re: [Samba] dual boot linux/winxp, winbind Bruno Guerreiro wrote: We have a bunch of dual-boot boxes (linux/winxp). I'd like to be able ... In the past, when using an NT4 domain, I was able to tell samba to use a different (netbios) name, via (in smb.conf): netbios name = hostname-samba netbios aliases = hostname When trying this now against ads, it *appears* to join the domain ok, but it doesn't work. For example, $ wbinfo -t checking the trust secret vi RPC calls failed error code was STATUS_BUFFER_OVERFLOW (0x8005) Could not check secret Suggestions/workarounds for dual-boot machines? Different machine names? (machineWin/MachineLnx) We're using DHCP, so they get assigned the same IP/hostname regardless of which OS is booted. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File locking problems
I have been writing some code to perform portable file locking between Linux and Windows. On Windows I use UnlockFileEx() and Linux fcntl(). To get over the incompatibilites between these calls, I use the calls to lock the first two bytes of the file with a read lock. The first byte is regarded as meaning that the file is read locked and the second byte that the file is write locked. The Linux side is routine but the Windows side is somewhat more difficult. If I want a read lock I test if I can get a write lock on the second byte. If successful then I release the lock obtained and set a read lock on the first byte. To obtain a write lock, I test whether I can set a write lock on both bytes, release this write lock and set a read lock on the second byte. This works correctly for a samba share for the cases when client 1 and client 2 are either both Linux or both Windows, or client 1 is Linux and client 2 is Windows. But if the order is changed and client 1 is Windows and client 2 is Linux, the open() call on Linux fails with EAGAIN. So I tried putting the open() call in a for ( tries = 0 ; tries 100 : tries++ ) loop with a wait of usleep( 100 ) after each open() attempt. And bingo, this works with about 4 or 5 loops. Untill I discovered that when the delay between starting client 1 (Windows) and client 2 (Linux) is more than a couple of minutes (rather than seconds) then the open loop usually fails even after 1000 iterations. In smb.conf I have: locking = Yes posix locking = Yes strict locking = No kernel oplocks = Yes blocking locks = No Changing any of these means that nothing works. The version of SAMBA is: Version 3.0.13-1.1-SUSE Windows is XP Proffesional Any help gratefully received. Malcolm Agnew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dual boot linux/winxp, winbind
Bruno Guerreiro wrote: And I'm correct to assume you're reserving Ip's at your dhcp server? Is it mandatory to add the machine name to the lease at the server? Yes and most likely, respectively. I'm not in control of our campus dhcp, so that part is out of my hands. -- Rex -Original Message- From: Rex Dieter [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 19 de Maio de 2005 12:37 To: samba@lists.samba.org Subject: Re: [Samba] dual boot linux/winxp, winbind Bruno Guerreiro wrote: We have a bunch of dual-boot boxes (linux/winxp). I'd like to be able ... In the past, when using an NT4 domain, I was able to tell samba to use a different (netbios) name, via (in smb.conf): netbios name = hostname-samba netbios aliases = hostname When trying this now against ads, it *appears* to join the domain ok, but it doesn't work. For example, $ wbinfo -t checking the trust secret vi RPC calls failed error code was STATUS_BUFFER_OVERFLOW (0x8005) Could not check secret Suggestions/workarounds for dual-boot machines? Different machine names? (machineWin/MachineLnx) We're using DHCP, so they get assigned the same IP/hostname regardless of which OS is booted. -- Rex -- Rex A. Dieter [EMAIL PROTECTED] Computer System Administrator http://www.math.unl.edu/~rdieter/ Department of Mathematics University of Nebraska Lincoln -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: use of netbios name and joining ads fails (bug #2727)
Rex Dieter wrote: We have a bunch of dual-boot boxes (linux/winxp). I'd like to be able to use winbind (against ads) for user authentication on the linux side, but it appears samba has to join the AD too. Upon joining the AD under linux/samba, it makes the windows side of things stop working (machine account has been modified). In the past, when using an NT4 domain, I was able to tell samba to use a different (netbios) name, via (in smb.conf): netbios name = hostname-samba netbios aliases = hostname When trying this now against ads, it *appears* to join the domain ok, but it doesn't work. For example, $ wbinfo -t checking the trust secret vi RPC calls failed error code was STATUS_BUFFER_OVERFLOW (0x8005) Could not check secret FYI, submitted to bugzilla: http://bugzilla.samba.org/show_bug.cgi?id=2727 -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Solved: Follow Up - Problem with groups joining domain.- LDAP
Just a note for the archives. My Freebsd nsswitch problems were being caused by a mis-configured nss_ldap.conf file. Everything indeed seems to be working properly now in Freebsd. On 5/5/05, Flatfender [EMAIL PROTECTED] wrote: Follow up to original post. If I created local groups and users in /etc/passwd /etc/groups I get farther along. For instance, if I have a Samba PDC with LDAP basically like I listed in my post. If I browse from a w2k pro box to the samba server without the workstation having joined the domain, I can authenticate to the samba server with a user who is not in /etc/passwd but is in LDAP. So samba is able to do the lookup via ldap. Now, if I create a posix group in ldap but not in /etc/group, I can not use net groupmap modify to modify the ntgroup to unix group mapping. But if I create the group in /etc/groups then the group mapping works. This leads me to believe either that the nsswitch/nss_ldap stuff in FreeBSD is either insufficient or not configured. Since their is so little to configure, I tend to lean towards NSSwitch not being fully implemented. Also If I try to join the domain with from a workstation that neither has a /etc/passwd account or an ldap account then, joining the domain fails, but smbldap-tools creates a workstation account in ldap with posix only attributes and no samba attributes. If I create the workstation account in /etc/passwd and then join the domain, then I can sucessfully join the domain, and smbldap tools creates an account in ldap, but this time with only samba attributes and no posix attributes. I have not tested any other group/user scenarios yet. -- Forwarded message -- From: Flatfender [EMAIL PROTECTED] Date: Apr 21, 2005 11:04 AM Subject: Problem with groups joining domain.- LDAP To: samba@lists.samba.org Software list: FreeBSD 5.3 Samba 3.0.14a nss_ldap-1.204_5 openldap-client-2.2.19 openldap-server-2.2.23 p5-perl-ldap-0.32.02 pam_ldap-1.7.6 smbldap-tools-0.8.8 samba was configured with the following options. LDAP, Cups, Winbind, utmp, popt, acl, quotas, msdfs, syslog, without_ADS I have also tried winbind_nss which I believe is a FreeBSD wrapper around the linux implentation of winbindd, but it yielded the same results. 1. ldapadd ldapserach w/tls is working fine. 2. smbldap-tools work. smbldap-populate, smbldap-migrate-unix-accounts/groups work. smbldap-useradd works. 3. smbpasswd -w has been set. What fails is joining a machine to the domain. I get the domain password is incorrect, the workstation account is created, but with posix attributes only, no samba attributes. problems with groups If I add a group to the local /etc/group file, which I don't think should have to do, but maybe this is a FreeBSD nsswitch bug? Can anyone confirm this? pw group add domadmins smbldap-groupadd -a domadmins - adds to ldap fine. net groupmap modify ntgroup=Domain Admins unixgroup=domadmins . This fails with this error message: and I get the same error message if the -a omitted from smbldap-groupadd passdb/pdb_ldap.c:ldapsam_update_group_mapping_entry(2665) ldapsam_update_group_mapping_entry: No group to modify! Could not update group database net groupmap list shows all groups that are in LDAP. What I suspect is that group lookups are failing somehow, but I'm not sure. Also If I browse through network neighborhood to the samba PDC server, I can authenticate with an ordinary user and get the users home dir. So Users seem to be working. snipped. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Dear list, a few days ago my samba server hanged up, I mean the samba services where not available (I/O error) and I didn't understand why. A simple umount/smbmount without restarting samba worked. In the log I found this: [2005/05/14 07:01:41, 0] lib/util_sock.c:read_socket_data(365) read_socket_data: recv failure for 4. Error = Connection reset by peer that refers to the fact that sys_read returned -1. What can be the cause? It's like the server didn't read enough data from the socket, like a connection/cable problem happened. Anyone else with a similar problem? Thanks, Luca -- Luca Ferrari, [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: One more
I use pam_require.so to limit access to services via pam. Here is how I limit access to my pure-ftpd server to a specific group (GLFTPAccess). You can also limit access to specific users, like I did with the user root. auth sufficient pam_winbind.so auth required pam_unix2.so # set_secrpc auth required pam_nologin.so auth required pam_env.so account requiredpam_nologin.so account requiredpam_require.so root @GLFTPAccess account sufficient pam_unix2.so account requiredpam_winbind.so password required pam_pwcheck.so password required pam_unix2.souse_first_pass use_authtok session requiredpam_unix2.sonone # trace or debug session requiredpam_mkhomedir.so session requiredpam_limits.so Hope that helps !!! Josh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rex Dieter Posted At: Wednesday, May 18, 2005 3:52 PM Posted To: Samba Conversation: [Samba] Re: One more Subject: [Samba] Re: One more Etienne Goyer wrote: Is it possible to make available as Unix user only members of a specific Windows group ? I too would be very interested in this. I don't want/need to give access to our Linux boxes to *every* AD user. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: One more
Samba wrote: I use pam_require.so to limit access to services via pam. Hmm... doesn't seem to be part of RHEL4. I'll go check out: http://freshmeat.net/projects/pam_require/ -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ACLs on a member server
Hi all, i have ACLs working fine on my PDC, but they do not work on a member server. Here is a summary of my set-up: I am using LDAP backend, with nss_ldap on all of my member servers. Samba 3.0.12pre1 on the PDC and Samba 3.0.14a on the member server. I have winbindd running on my member server, and it is pointing at LDAP as its backend. wbinfo -u and wbinfo -g both work. I am using security=domain on the member server and it is joined to the domain. However when I view ACEs on a file from a Windows client, on the member server the users / groups resolve to SERVER\user instead of DOMAIN\user. I have provided a screen shot of what it looks like for files on the PDC and files on the member server, here: http://www.borkholder.com/admin/ Any help is appreciated. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dual boot linux/winxp, winbind
Le Jeudi 19 Mai 2005 13:37, Rex Dieter a écrit : Different machine names? (machineWin/MachineLnx) We're using DHCP, so they get assigned the same IP/hostname regardless of which OS is booted. -- Rex I had the same problem. I use legacy hostname.domain.tld for linux as the hostname is used to get the account on the DC, and the linux box has its real name given by dhcp. For Windows, as I have a DC which act as DNS, I have already another domain2.tld2 And when I join the domain, I use another hostname hostnameW. So the linux is named hostname.domain2.tld2 in AD, the windows hostnameW.domain2.tld2, the ip is served by dhcp in each case, and the name provided by the dhcp is hostname. It work fine here. With a little experience, I'll probably do some change if I had to do the same: I'll use kerberos auth against the AD domain (Native Mode), hack a little winbind to only do ldap request for idmap, and only have one winbind doing the idmap, with ldap storage. Of go kerberos for auth, ldap instead of idmap from winbind. Emmanuel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble joining domain at BDC site
It has the win server = IP.OF.PDC How can I check to if it's regeistered correctly? Bruno Guerreiro wrote: Hi, Is your BDC at office 2, registering itself correctly in your wins server? Best Regards, Bruno Guerreiro -Original Message- From: David Sonenberg [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 19 de Maio de 2005 0:47 To: samba@lists.samba.org Subject: [Samba] Trouble joining domain at BDC site I have no trouble joining the domain in our main office(samba PDC) or a branch office(samba BDC) but for some reason I can't join the domain at the branch office 2(also samba BDC) All three offices are running 3.0.11 and the 2 branch offices have identical configurations, aside from ip address'. The message I get from Windows XP is: The following error occured attempting to join the domain strozllc The specified domain does not exist or could not be contacted. I was able to join a linux machine to the domain by doing: net rpc join -U administrator -S FQDN.OF.PDC Is there a windows registry entry where I can put the FQDN of the PDC or is there something else I should try? -- David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane 15th Floor New York, NY 10038 Tel 212.981.6527 Fax 917.495.4918 This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No right to confidential or privileged treatment of this message is waived or lost by any error in transmission. If you have received this message in error, please immediately notify the sender by e-mail or by telephone at 212.981.6540, delete the message and all copies from your system and destroy any hard copies. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 and AD
Hi, Can anybody confirm this please. Can I run Samba 3.14a authenticating to a mixed mode ADS just using Winbind but without any Kerberous Pam or LDAP. The smb.conf would read. security = DOMAIN I have tested this with a x86 Solaris 8 server and Windows 2003 domain controller Windows XP clients and it works but was wondering if anyone has used or is using this configuration. The target operating system would be Sparc Solaris 8. Thank You Graeme -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trusted domains with ldapsam_compat in samba 3
Hi all :-) We are currently hosting a SAMBA domain that provides login file serving for public clusters around the university campus. We are using Samba 3.0.10, with an LDAP server that uses a samba 2.x schema. A department would now like to trust our domain for authentication, and use their own domain to administer their windows boxes. Will we be able to create a domain trust account in our ldap server with our samba 2 schema? And if so, does anyone have a sample ldif I could use to manually create the account directly in the ldap server? -- David Barker University of Exeter IT Services -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: dual boot linux/winxp, winbind
Emmanuel Blindauer wrote: Le Jeudi 19 Mai 2005 13:37, Rex Dieter a écrit : Different machine names? (machineWin/MachineLnx) We're using DHCP, so they get assigned the same IP/hostname regardless of which OS is booted. I had the same problem. I use legacy hostname.domain.tld for linux as the hostname is used to get the account on the DC, and the linux box has its real name given by dhcp. For Windows, as I have a DC which act as DNS, I have already another domain2.tld2 And when I join the domain, I use another hostname hostnameW. Hmm... maybe that is the only way to get it to work reliably, (somehow) force the use of different hostnames. I'll do that if I have to, but I'd rather opt for a simpler solution. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ADS and Samba
On May 10, John Terpstra wrote: A process for building Samba-3 for this purpose can be obtained from: http://samba.org/~jht/Notes/Samba-Install-Solaris9.txt Thanks, John -- this look very handy, even though I have Solaris 8 (which on Febraru 6 you said is also covered by this). Could you comment on differences between it and the advice provided in last winter's SysAdmin magazine article? www.samag.com/documents/s=9383/sam0414e/ Thanks. -wde -- Will Enestvedt UNIX System Administrator Johnson Wales University -- Providence, RI -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File locking problems
On Thu, May 19, 2005 at 02:13:33PM +0200, malcolm wrote: I have been writing some code to perform portable file locking between Linux and Windows. On Windows I use UnlockFileEx() and Linux fcntl(). To get over the incompatibilites between these calls, I use the calls to lock the first two bytes of the file with a read lock. The first byte is regarded as meaning that the file is read locked and the second byte that the file is write locked. The Linux side is routine but the Windows side is somewhat more difficult. If I want a read lock I test if I can get a write lock on the second byte. If successful then I release the lock obtained and set a read lock on the first byte. To obtain a write lock, I test whether I can set a write lock on both bytes, release this write lock and set a read lock on the second byte. This works correctly for a samba share for the cases when client 1 and client 2 are either both Linux or both Windows, or client 1 is Linux and client 2 is Windows. But if the order is changed and client 1 is Windows and client 2 is Linux, the open() call on Linux fails with EAGAIN. So I tried putting the open() call in a for ( tries = 0 ; tries 100 : tries++ ) loop with a wait of usleep( 100 ) after each open() attempt. And bingo, this works with about 4 or 5 loops. Untill I discovered that when the delay between starting client 1 (Windows) and client 2 (Linux) is more than a couple of minutes (rather than seconds) then the open loop usually fails even after 1000 iterations. In smb.conf I have: locking = Yes posix locking = Yes strict locking = No kernel oplocks = Yes blocking locks = No If you want byte range locks seen between Windows and Linux clients you must *TURN OFF* all oplocks. Nothing else will work. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMB issues across VPN
I have Samba v3.0.5 running on OS X Server 10.3. On our local office LAN we have no SMB browsing or speed issues at all. We recently set-up a VPN between this office and an offsite location via synchronous 3Mb/s wireless internet and two Sonicwall firewall / VPN devices. The offsite users are having issues with SMB browsing and file transfer speeds and reliability. The offsite users are seeing decent copy speeds (8MB file in 50 seconds) but the browsing is horrible. It takes them a few minutes to view the contents of a directory. The same action locally is instantaneous. If they try accessing a native PC share across the VPN the browsing is fast. This makes me think it is some sort of specific samba issue. Are there any browsing related speed tweaks that can be done. Also the smb.conf file (see below) is pretty much the standard Apple dist besides the socket options and getwd cache that I added. If I change the socket options buffer values performance takes a huge hit. I just found something in the smb.conf manual page on the samba.org site: enhanced browsing = yes My local subnet is 192.168.0.* and the offsite location is 192.168.2.*. Could this be part of the issue? The enhanced browsing mentions cross subnet support. Any tips / suggestions would be greatly appreciated. Thanks, Dan smb.conf file below... - [global] getwd cache = yes workgroup = OROURKE display charset = UTF-8-MAC print command = /usr/sbin/PrintServiceAccess printps %p %s lprm command = /usr/sbin/PrintServiceAccess remove %p %j security = user guest account = unknown encrypt passwords = yes printing = BSD allow trusted domains = no preferred master = yes lppause command = /usr/sbin/PrintServiceAccess hold %p %j netbios name = fileserver wins support = yes add machine script = /usr/bin/opendirectorypdbconfig -c create_computer_account -r %u -n /LDAPv3/127.0.0.1 max smbd processes = 0 printcap = server string = Apple Xserve / RAID lpresume command = /usr/sbin/PrintServiceAccess release %p %j logon drive = H: client ntlmv2 auth = no domain logons = yes lpq command = /usr/sbin/PrintServiceAccess jobs %p admin users = @admin passdb backend = opendirectorysam guest dos charset = CP437 unix charset = UTF-8-MAC socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8576 SO_SNDBUF=8576 IPTOS_LOWDELAY auth methods = guest opendirectory local master = yes use spnego = no domain master = yes logon path = \\%N\profiles\%u printer admin = @admin, @staff map to guest = Never log level = 2 [netlogon] path = /etc/netlogon oplocks = yes strict locking = no write list = @admin browseable = no [homes] browseable = no root preexec = /usr/sbin/inituser %U create mode = 0750 read only = no comment = User Home Directories [projects] oplocks = 1 map archive = no path = /Volumes/Data/Projects read only = no inherit permissions = 1 strict locking = 1 comment = macosx create mask = 0644 guest ok = 0 directory mask = 0755 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind and vnc revisited
A couple of days ago, I posted a question about using vnc with winbind users (i.e. users from a Win2k3 Active Directory domain being authenticated locally on a Linux box -- in this case Fedora Core 3 -- with winbind). The consensus seemed to be that it wasn't possible, at least with the free versions of VNC. Well, not so. Here's how I did it. First, I found out by accident (i.e. just trying different things) that if I created a vncserver session for my winbind user while logged in as that user, that it worked! That is, while logged in as a winbind user, I set up a vncserver session as usual: vncserver :2 (for display :2), got prompted for the passwd, and vnc set up the .vnc directory and everything. Then, using vnc (specifically tightvnc) from a Windows box, I logged into the winbind users' desktop on :2. Voila, I'm logging in remotely with vnc as a winbind user. The next problem to overcome was to get this to start up automatically at boot time so I wouldn't have to log in locally first in order to be able to log in remotely as the winbind user. I tried to do this through the usual means on a Redhat/Fedora box by editing /etc/sysconfig/vncservers but this wouldn't work: even after changing the order of the startup scripts so that winbind started before vncserver it would not recognize the winbind user. After googling to find out how to start vncserver for a specific user, I found something that worked, and put it in the /etc/rc.local file: /bin/su - winbinduser -c /usr/bin/vncserver :2 I'm presuming that this is simply giving the winbinduser root privilege to start a vnc session on :2. If so, then I would think that the only reason why things don't work when the normal S92vncserver script is run during startup is that the S91winbind script has not finished setting up winbind before the vncserver script tries to set up a session for the winbind user. Maybe somebody more familiar with SysV can suggest something that would make this work through the Sxx scripts so it can be done without resorting to rc.local. But for now, I've got the ability to VNC into the FC3 server without having to create a local account; I can use a winbind user account. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] login and WinNT
Hello! I was wondering if it's possible to make Windows NT and Samba 3 work togheter. I found an old question with the same problem I have. Samba 3 is not authenticating WinNT machines. My smb.conf is: [global] workgroup = DESQ-TESTE server string = Teste (Samba %v) interfaces = 143.106.19.25/255.255.255.192, 127. bind interfaces only = Yes encrypt passwords = No password server = kappa.desq.feq.unicamp.br passdb backend = smbpasswd root directory = / passwd program = /usr/bin/passwd password level = 8 username level = 4 log file = /var/log/samba/log.%m max log size = 500 min protocol = NT1 announce version = 4.2 name resolve order = host wins lmhosts bcast time server = Yes server signing = auto load printers = No logon path = logon home = preferred master = Yes domain master = Yes dns proxy = No wins server = 143.106.19.2 ldap ssl = no socket address = 143.106.19.25 NIS homedir = Yes invalid users = root, toor, operator, tty, kmem, bin, daemon, games, news, man, sshd, smmsp, mailnul, bind, proxy, pop, www hosts allow = 143.106.19.0/255.255.255.192, 143.106.19.64/255.255.255.192, 143.106.123.0/255.255.255.192 printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j hide dot files = No veto files = /*.mp3/*.wmv/ [tmp] comment = Temporary file space path = /tmp/share force user = nobody read only = No create mask = 0777 guest only = Yes guest ok = Yes fstype = FAT [homes] comment = Users area browseable = No The log produced by one WinNT machine is (just a piece): smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User juliano ! [2005/05/19 13:09:19, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User zemp ! [2005/05/19 13:09:23, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User zemp ! [2005/05/19 13:40:01, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User juliano ! [2005/05/19 13:52:12, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User juliano ! Thanks for any help Juliano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] login and WinNT
encrypt passwords = Yes passwd program = /usr/bin/passwd %u If you're using a password server, you don't need to define passwd program, if you are using a password server, you need: security = server security can equal server, user, or share - Original Message - From: Juliano Medeiros Coimbra [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Thursday, May 19, 2005 10:08 AM Subject: [Samba] login and WinNT Hello! I was wondering if it's possible to make Windows NT and Samba 3 work togheter. I found an old question with the same problem I have. Samba 3 is not authenticating WinNT machines. My smb.conf is: [global] workgroup = DESQ-TESTE server string = Teste (Samba %v) interfaces = 143.106.19.25/255.255.255.192, 127. bind interfaces only = Yes encrypt passwords = No password server = kappa.desq.feq.unicamp.br passdb backend = smbpasswd root directory = / passwd program = /usr/bin/passwd password level = 8 username level = 4 log file = /var/log/samba/log.%m max log size = 500 min protocol = NT1 announce version = 4.2 name resolve order = host wins lmhosts bcast time server = Yes server signing = auto load printers = No logon path = logon home = preferred master = Yes domain master = Yes dns proxy = No wins server = 143.106.19.2 ldap ssl = no socket address = 143.106.19.25 NIS homedir = Yes invalid users = root, toor, operator, tty, kmem, bin, daemon, games, news, man, sshd, smmsp, mailnul, bind, proxy, pop, www hosts allow = 143.106.19.0/255.255.255.192, 143.106.19.64/255.255.255.192, 143.106.123.0/255.255.255.192 printing = bsd print command = lpr -r -P'%p' %s lpq command = lpq -P'%p' lprm command = lprm -P'%p' %j hide dot files = No veto files = /*.mp3/*.wmv/ [tmp] comment = Temporary file space path = /tmp/share force user = nobody read only = No create mask = 0777 guest only = Yes guest ok = Yes fstype = FAT [homes] comment = Users area browseable = No The log produced by one WinNT machine is (just a piece): smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User juliano ! [2005/05/19 13:09:19, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User zemp ! [2005/05/19 13:09:23, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User zemp ! [2005/05/19 13:40:01, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User juliano ! [2005/05/19 13:52:12, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User juliano ! Thanks for any help Juliano -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools broken pipe, a fix
Oh joy! I got this working by setting the verify parameter in smbldap.conf to none. Perl's debugger rocks! A brief trace of my travails - er, travels - follows. The results after upgrading to smbldap-tools 0.8.9: lauterbur{17}# /usr/local/samba/sbin/smbldap-passwd chuck Use of uninitialized value in die at /usr/local/lib/perl5/site_perl/5.8.5/Convert/ASN1/_decode.pm line 111. Broken pipe lauterbur{18}# I traced this using the Perl debugger and eventually got to a reference to a config parameter verify. I tried the other two possible values (none, optional) and found that none works for me. As the require setting works on other machines running ldap servers, I am led to conclude that something is wrong with my machine certificate. I wonder about the verify parameter's relationship to the TLS_REQCERT parameter of ldap.conf, perhaps analogous? Hope this contributes somewhat to the Collective. Cheers, Chuck PS: Thanks for not saying that this is off-topic and referring me to some non-existent list about smbldap-tools. t 11:32 AM 5/17/2005, John H Terpstra wrote: On Tuesday 17 May 2005 12:09, Chuck Theobald wrote: Hi, I am working on establishing a Samba+LDAP server with management by the smbldap tools from idealx. Versions are Samba 3.0.14a, OpenLDAP 2.2.24, smbldap tools 0.8.8 all on Solaris 8. I'm thinking I have a problem with my perl (perhaps), version 5.8.5, as I keep getting Broken pipe messages when using smbldap-populate, smbldap-groupadd, etc. Google produced no useful results in my searches. I would like some suggestions on how to troubleshoot this issue. Please download the latest (developmental) release from: ftp://166.70.93.234/pub/Idealx-smbldap-tools/ There you will find version 0.8.9. This is not a final release but has many enhancements and fixes for bugs that caused problems on some platforms. Please let me know how this version works. This code was provided by Jerome Tournier (Idealx) - he is the one maintaining this. Do not contact him about this version. Please pass your feedback through me. - John T. I placed the -d option to perl in smbldap-passwd and got the following: . .. DB1 Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:404): 404: if (exists $arg-{scope}) { DB1 Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:405): 405:my $sc = lc $arg-{scope}; DB1 Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:406): 406:$stash{scope} = 0 + (exists $scope{$sc} ? $scope{$sc} : $sc); DB1 Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:409): 409: if (exists $arg-{deref}) { DB1 Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:415): 415:searchRequest = \%stash, 416:controls = $control 417: ) or return _error($ldap, $mesg, LDAP_ENCODING_ERROR,$@); DB1 Net::LDAP::search(/usr/local/lib/perl5/site_perl/5.8.5/Net/LDAP.pm:419): 419: $ldap-_sendmesg($mesg); DB1 Broken pipe lauterbur{181}# . . . see previous post for other information . . . Chuck Theobald System Administrator The Robert and Beverly Lewis Center for Neuroimaging University of Oregon P: 541-346-0343 F: 541-346-0345 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] securing root to administrator mapping
I'm just starting to convert to using samba 3 --. Untill now, my use of samba has been pretty simple. I've not used it as a DC and I've use passthrough auth.. I know some say its ugly (and it can be) but its made my life easier most of the time. Now I'm reading through the samba docs, howto's, etc and I am still very uncomfortable mapping the windows Administrator account to root. I know samba will need to change some things that only root can do. I was hoping for something that I could do with sudo. Could I create and account called 'joeAdmin', put him in sudoers, then put all the commands that joeAdmin would need to run in the sudoers config? That seems a more structure way to secure this. Secondly, we have possibly more than one administrator account on a machine. Can we map multiple windows user names to the root account in idmap? I'm thinking something like this.. create a group jAdminGroup, joeAdmin, JaneAdmin in sodoers.conf jAdminGroup ALL=/passwordchatprograms/addprinterprograms NOPASSWD: ALL then in smbusermap file root = joeAdmin janeAdmin Does this sound reasonable? -- David Bear phone: 480-965-8257 fax:480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 Beware the IP portfolio, everyone will be suspect of trespassing -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: securing root to administrator mapping
David Bear [EMAIL PROTECTED] wrote: I'm just starting to convert to using samba 3 --. Untill now, my use of samba has been pretty simple. I've not used it as a DC and I've use passthrough auth.. I know some say its ugly (and it can be) but its made my life easier most of the time. Please read Samba Official HOWTO, chapter 14. Now I'm reading through the samba docs, howto's, etc and I am still very uncomfortable mapping the windows Administrator account to root. I know samba will need to change some things that only root can do. I was hoping for something that I could do with sudo. Could I create and account called 'joeAdmin', put him in sudoers, then put all the commands that joeAdmin would need to run in the sudoers config? That seems a more structure way to secure this. There isn't really anything that would require your legitimate unix users to be put into sudoers. That information is stored in samba tdb files and are manipulated using net. Secondly, we have possibly more than one administrator account on a machine. Can we map multiple windows user names to the root account in idmap? Recent samba releases don't require root account during normal operation. Parent processes still are being run with uid=0 so there you go. then in smbusermap file root = joeAdmin janeAdmin Does this sound reasonable? You shouldn't have to do this. HTH, -- Michal Kurowski perl -e '$_=q#: 13_2: 12/o{: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#; y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: securing root to administrator mapping
On Thursday 19 May 2005 12:55, Michal Kurowski wrote: David Bear [EMAIL PROTECTED] wrote: I'm just starting to convert to using samba 3 --. Untill now, my use of samba has been pretty simple. I've not used it as a DC and I've use passthrough auth.. I know some say its ugly (and it can be) but its made my life easier most of the time. Please read Samba Official HOWTO, chapter 14. I agree with Mike's advice - then again, I wrote that stuff! :-) You can get your specially reserved copy (after all - everyone wants special care!) from: http://www.samba.org/samba/docs/Samba-Guide.pdf http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf Which document for you? Well: The Samba-Guide.pdf teaches how to drive the car and take a vacation The Samba-HOWTO-Collection shows how to build the auto-transmission In your case, you need to build the auto-transmission. Suggest you read up on IDMAP handling, User Rights and Privileges, and the use of the 'net' command. No more 'root' accounts in the Samba passdb backend. In fact, you do not even need an 'administrator' account now - all admin responsibilities can be delegates to janitors if you wish. Enjoy! PS: The new HOWTO and By Example books will by available in print around August. - John T. Now I'm reading through the samba docs, howto's, etc and I am still very uncomfortable mapping the windows Administrator account to root. I know samba will need to change some things that only root can do. I was hoping for something that I could do with sudo. Could I create and account called 'joeAdmin', put him in sudoers, then put all the commands that joeAdmin would need to run in the sudoers config? That seems a more structure way to secure this. There isn't really anything that would require your legitimate unix users to be put into sudoers. That information is stored in samba tdb files and are manipulated using net. Secondly, we have possibly more than one administrator account on a machine. Can we map multiple windows user names to the root account in idmap? Recent samba releases don't require root account during normal operation. Parent processes still are being run with uid=0 so there you go. then in smbusermap file root = joeAdmin janeAdmin Does this sound reasonable? You shouldn't have to do this. HTH, -- Michal Kurowski perl -e '$_=q#: 13_2: 12/o{: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#; y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] making MS server 2003 a domain member server
Hello, I have been researching (google, o'reilly and samba.org) intensely for the past 3 weeks learning about samba and setting up my first successful samba 3.10 domain. So I am still very new to this. Am I right when I assume that a domain member server helps with authentication? My company wants to migrate the current windows 2000 server over to the new samba 3 server I created. So this will be our main file and print server. But for client backups we need to keep our backup server Windows. I just installed server 2003 on that machine. Can I add the server 2003 machine as a domain member server of the samba 3 domain, and if so how would I do that? Would that 2003 server then help with authentication? I am not using ldap just a simple samba3 with smbpasswd domain. Thanks, -Patrick Frye Frye Electronics Inc. http://www.frye.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] making MS server 2003 a domain member server
On Thursday 19 May 2005 14:50, Patrick Frye wrote: Hello, I have been researching (google, o'reilly and samba.org) intensely for the past 3 weeks learning about samba and setting up my first successful samba 3.10 domain. So I am still very new to this. Am I right when I assume that a domain member server helps with authentication? My company wants to migrate the current windows 2000 server over to the new samba 3 server I created. So this will be our main file and print server. But for client backups we need to keep our backup server Windows. I just installed server 2003 on that machine. Can I add the server 2003 machine as a domain member server of the samba 3 domain, and if so how would I do that? Would that 2003 server then help with authentication? I am not using ldap just a simple samba3 with smbpasswd domain. Patrick, Suggest you follow the book Samba-3 by Example, you can download a PDF of the book from: http://www.samba.org/samba/docs/Samba-Guide.pdf I would suggest you consider chapter 3 or 4 as the model for your network. Chapter 7 provides information needed to add a Domain Member Server. If you run into difficulty please let me know. Cheers, John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS Kerberos Woes
I've been successfully running Samba 3.0 under FreeBSD 5 attached to a 2003 Domain for awhile now. As of about a week ago, I could no longer get most users to authenticate to the Samba server. It happened at roughly the same time I upgraded to FreeBSD 5.4. I'm using heimdal 0.6.3, samba 3.0.14 and FreeBSD 5.4. I had the error running samba 3.0.11 and 3.0.12 from the FreeBSD ports collection. I've since deinstalled those and rebuilt from source manually. I've also reinstall the heimdal port from the ports collection. I've removed the server from the Domain and am now just trying to get it readded. Kinit signs me in just fine, but using most of the net ads commands fails. Smbclient -k fails as well. I've tried several variations on my krb5.conf and smb.conf. Any help would be appreciated. Running net ads testjoin returns: [2005/05/19 16:53:56, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown error -1765328378 [2005/05/19 16:53:56, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password [EMAIL PROTECTED] failed: Unknown error -1765328378 [2005/05/19 16:53:56, 0] utils/net_ads.c:ads_startup(191) ads_connect: Unknown error -1765328378 Join to domain is not valid Running net ads join -Ujb returns: [2005/05/19 16:55:19, 0] utils/net_ads.c:ads_startup(191) ads_connect: Unknown error -1765328332 Krb5.conf: [libdefaults] default_realm = FBFGUNS.COM [realms] FBFGUNS.COM = { kdc = mercury.fbfguns.com default_domain = fbfguns.com admin_server = mercury.fbfguns.com } [domain_realm] .fbfguns.com = FBFGUNS.COM fbfguns.com = FBFGUNS.COM .FBFGUNS.COM = FBFGUNS.COM [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Smb.conf: [global] client use spnego = Yes client schannel = Yes server schannel = Yes dns proxy = No allow trusted domains = no workgroup = FBF realm = FBFGUNS.COM interfaces = 172.22.2.1, 127.0.0.1 security = ADS auth methods = winbind update encrypted = Yes password server = mercury.fbfguns.com pam password change = Yes unix password sync = Yes max log size = 50 time server = Yes server signing = auto add user script = /usr/local/sbin/smb-add-user %u delete user script = /usr/local/sbin/smb-rm-user %u add group script = /usr/local/sbin/smb-add-group %g delete group script = /usr/local/sbin/smb-rm-group %g add user to group script = /usr/local/sbin/smb-add-user-group %u %g delete user from group script = /usr/local/sbin/smb-rm-user-group %u %g add machine script = /usr/local/sbin/smb-add-machine %u preferred master = No local master = No wins server = 172.22.2.2 ldap admin dn = cn=Administrator,cn=users,DC=fbfguns,DC=com ldap suffix = DC=fbfguns,DC=com idmap uid = 15000-2 idmap gid = 15000-2 template homedir = /home/%U winbind use default domain = Yes winbind trusted domains only = Yes winbind enum users = No winbind enum groups = No force create mode = 0664 force directory mode = 0775 admin users = jb, jason, jr hide unreadable = Yes store dos attributes = Yes dos filemode = Yes Jason Burgess [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems syncing Samba and Linux passwords
Hi all, I'm trying to sync unix/samba passwords, but I experience problems when running smbpasswd as a normal user (not as root). The error message is machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Of course, trying to change passwords from Windows clients does not work. After some googling I've found out that I'm not the only one that has encountered this problem. However, googling did not reveal an answer to my problem. I've tried to experiment with the interfaces and bind interfaces only parameters, the hosts allow parameter, and pretty much every other parameter that has something to do with passwords. No success. Turning off unix password sync is not an option. Can anyone that has encountered this problem please guide me towards a solution to this very irritating problem. Thanks, Erlend Aasland Attached is the relevant pieces from smb.conf: encrypt passwords = Yes min password length = 5 null passwords = No password server = * smb passwd file = /etc/samba/smbpasswd passdb backend = tdbsam:/etc/samba/private/passdb.tdb pam password change = No passwd program = /bin/passwd %u passwd chat = *New password* %n\n *Retype password* %n\n *Success* passwd chat debug = Yes passwd chat timeout = 2 check password script = password level = 0 unix password sync = Yes log level = 1 passdb:2 auth:2 machine password timeout = 604800 ldap passwd sync = no hosts allow = 127.0.0.1, 192.168.1.0/255.255.255.0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble joining domain at BDC site [SOLVED]
Just to follow up. Mr. Terpstra was nice enough to help me on the phone. The problem was that the office with the problem did not have a wins server defined. Once I updated the dhcpd.conf to publish the win server address everthing worked fine. Thanks John. - Dave David Sonenberg wrote: It has the win server = IP.OF.PDC How can I check to if it's regeistered correctly? Bruno Guerreiro wrote: Hi, Is your BDC at office 2, registering itself correctly in your wins server? Best Regards, Bruno Guerreiro -Original Message- From: David Sonenberg [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 19 de Maio de 2005 0:47 To: samba@lists.samba.org Subject: [Samba] Trouble joining domain at BDC site I have no trouble joining the domain in our main office(samba PDC) or a branch office(samba BDC) but for some reason I can't join the domain at the branch office 2(also samba BDC) All three offices are running 3.0.11 and the 2 branch offices have identical configurations, aside from ip address'. The message I get from Windows XP is: The following error occured attempting to join the domain strozllc The specified domain does not exist or could not be contacted. I was able to join a linux machine to the domain by doing: net rpc join -U administrator -S FQDN.OF.PDC Is there a windows registry entry where I can put the FQDN of the PDC or is there something else I should try? -- David Sonenberg Systems / Network Administrator Stroz Friedberg, LLC 15 Maiden Lane 15th Floor New York, NY 10038 Tel 212.981.6527 Fax 917.495.4918 This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No right to confidential or privileged treatment of this message is waived or lost by any error in transmission. If you have received this message in error, please immediately notify the sender by e-mail or by telephone at 212.981.6540, delete the message and all copies from your system and destroy any hard copies. You must not, directly or indirectly, use, disclose, distribute, print or copy any part of this message if you are not the intended recipient. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba spamming Windows ADS server event logs with pre-authentication failure?
It appears that for some odd reason, all of the samba machines on our network are causing frequent pre-authentication error events for the machine name to clog the event logs on the ActiveDirectory server. What's strange is that everything otherwise appears to be working - users can connect to samba shares and authenticate to the ADS server, but the event logs on the ADS server (Windows 2000) gets a mess of Event 675's every few minutes, with the machine account identified as the user attempting to connect. kinit administrator@(DOMAIN).COM works fine. smbclient -k works fine. getent successfully pulls group info from the ActiveDirectory server. net ads join says it is updating the machine account entry successfully (in the process causing a whole slew of additional pre-authentication failure lines in the event logs again...). I haven't been able to figure out what's causing it. The fact that I don't quite understand what's going on between the Samba ADS member server and the ADS server itself doesn't help... Supposedly, the error is wrong password (Pre-Authentication Type: 0x0 Failure Code 0x19). Is the machine account's password screwed up such that I need to do something 'special' to fix it? This appears to be happening with Samba 3.0.9 (Suse 9.2 Pro), Samba 3.0.11 (Slackware), and Samba 3.0.15pre2 (Slackware). Any pointers regarding where to look for the problem would be much appreciated. If it helps, here's the smb.conf (sanitized for my protection...) # Global parameters [global] workgroup = WINDOMAIN realm = DOMAIN.COM server string = Samba Experimental security = ADS username map = /etc/samba/smbusers log file = /var/log/samba.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = 192.168.1.2, 192.168.1.7 idmap uid = 15000-2 idmap gid = 15000-2 template shell = /bin/bash winbind separator = + winbind use default domain = Yes hosts allow = 192.168.1., 127. use sendfile = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] comment = test drive path = /tmp/temp read only = No guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Having it both ways with winbind
We already have a large complement of Unix users that are also Windows users but we also have non-unix users that need access to some samba shares. How can I setup samba so that Users who already have a Unix account will get that account and home directory when they connect through samba but valid domain users that do not already have a Unix account will authenticate through winbind and get the winbind generated UID, GID and home directory? Thanks. --Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP master-slave and BDC ?
I am a bit confused, about the LDAP master-slave and BDC. I have an Samba-LDAP server that serves as my PDC. All my users authenticate to this server. I would like to set up a BDC for failover. What is the difference between a BDC and a LDAP Slave server? Second part. Does anyone on this list have this type of configuration, PDC-BDC or Master/Slave and can help do the same? -Thank you Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive TCP retransmissions with samba 3.0, slow file opening RESOLVED
Jeremy Anderson wrote: Hello all! I've got a Fedora Core 3 box running Samba 3.0.8. It serves a variety of roles, including mail server and samba server. The mail server is quite fast, but the smb server generates lots and lots of TCP retransmissions (as seen in ethereal). The general consensus is that this is new in the last few weeks. One user has been reporting speed problems for some time, but no metrics were ever gathered. I've tried replacing the NIC, but the problem follows. This is a small network, with two 100mbit hubs, and windows 2000 on all the clients. I want to suspect hardware, but flood pings from a linux box put on the network never report dropped packets. All hosts are listed in DNS, and reverse DNS lookup is successful. I've also configured samba to pass WINS requests on to DNS. I'm absolutely stumped. I don't see the retransmissions with anything on the network except SMB-related TCP traffic. I don't see anything peculiar in /var/log/messages or the smbd.log file. nmbd is running just fine. Any assistance is greatly, greatly appreciated. I'd like to thank everyone for the help with this problem. Replacing the two Ethernet hubs with a single Ethernet switch seems to have resolved the problem. The two hubs were actually hot to the touch when I looked at them. I wouldn't have guessed that hardware would affect just a single protocol, but it looks like only SMB was chatty enough to overload the failing hubs. -- Jeremy Anderson jeremy (at) angelar.com http://www.angelar.com/~jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP master-slave and BDC ?
On Thursday 19 May 2005 20:04, Msdigital wrote: I am a bit confused, about the LDAP master-slave and BDC. I have an Samba-LDAP server that serves as my PDC. All my users authenticate to this server. I would like to set up a BDC for failover. What is the difference between a BDC and a LDAP Slave server? A BDC is a NT4 domain controller that handles network logon authentication. A Samba BDC will relay all network account updates to a PDC. Only the PDC will write to the passdb backend. A BDC will read authentication data from the passdb backend it is configured to use. A Slave LDAP server is a read-only mirror of an LDAP Master server. A PDC would normally be directed at a Master LDAP server, but can work with a Slave LDAP server. If a PDC is configured to use a Slave LDAP server all write requests to the directory will be handled via a referral to the Master LDAP server. In other words, all write requests are handled by the Master LDAP server. It does not matter whether a BDC uses a Master or a Slave LDAP server - it only ever reads directory information from it. What do you mean by fail-over? A BDC can handle network logon requests, but it can never replace a PDC. In other words, the PDC is still the weakest link. If a PDC is off the air for a prolonged outage the network will eventually fail. Second part. Does anyone on this list have this type of configuration, PDC-BDC or Master/Slave and can help do the same? Please refer to the book: Samba-3 by Example Chapters 5 and 6. You can obtain a copy from: http://www.samba.org/samba/docs/Samba-Guide.pdf Enjoy. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help for the Net Services Mail Server
This is an automatic response triggered when [EMAIL PROTECTED] can't understand a message you sent to it. It's also sent out in response to a help command. The Net Services Mail Server sends out files by e-mail. Files currently available are: mrcooli.exe Mr.Cool, a W95/NT program for downloading files from slow sites. (Windows 95/98/NT) See http://www.netservs.com/mrcool/ coolinfo.txtInformation about Mr. Cool update.txt Update file for Mr. Cool stats.txt FTPMail/Agora Statistics. Daily updated list secrets.hlp Secrets of Solving Computer Software Problems (Windows) mlsc5.exe Mollusc 5 (Email privacy/security with PGP) (W95/98/NT) pgpkeyv2.ascOur PGP (V2.6) Public Key pgpkeyv5.ascOur PGP (V5) Public Key sci.exe Spamicide anti-junk mail program (Windows 95/98/NT) spamh.exe Spam Hater junk mail tracing and retaliation program (Windows) t2h101.exe Free Text to HTML program (Windows) emotsprt.exeDatabase of emotional support resources (Windows) glossi.exe Glossary program explains jargon (Windows 95/98/NT) starrprt.exeStarr report in easy browse format - requires web browser. To get the file you want, send mail to [EMAIL PROTECTED] and in the body, put: get file name_of_file You will get two messages - the transaction report and a message containing the MIME encoded file (or the file if it is a text file). Example: -- From: Ann Example [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: not needed get file mrcooli.exe -- Troubleshooting Tips: * Some e-mail programs add lots of garbage such as HTML or MIME to your message. This confuses the mailserver. and clear By default, send HTML messages * You must put the command in the body of the message, not the subject Where to report problems Should you still have any problems or questions, please email [EMAIL PROTECTED] who will be happy to help. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] List Command Transaction Report
und weisst es nicht einmal: Defaults used: ADDRESS = [EMAIL PROTECTED] Unrecognised command : und - no further processing done Help message sent. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive TCP retransmissions with samba 3.0, slow file opening RESOLVED
On Thursday 19 May 2005 20:53, Jeremy Anderson wrote: I'd like to thank everyone for the help with this problem. Replacing the two Ethernet hubs with a single Ethernet switch seems to have resolved the problem. The two hubs were actually hot to the touch when I looked at them. I wouldn't have guessed that hardware would affect just a single protocol, but it looks like only SMB was chatty enough to overload the failing hubs. I heard of a site that replaced the server because of performance problems caused by a $50 HUB. It is not as uncommon as you might think. The problem is that so few people will believe the story - and that means most will repeat the learning! Thanks for sharing the outcome with those of us who already believe. :-) - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive TCP retransmissions with samba 3.0, slow file opening RESOLVED
- Original Message - From: John H Terpstra On Thursday 19 May 2005 20:53, Jeremy Anderson wrote: I'd like to thank everyone for the help with this problem. Replacing the two Ethernet hubs with a single Ethernet switch seems to have resolved the problem. The two hubs were actually hot to the touch when I looked at them. I wouldn't have guessed that hardware would affect just a single protocol, but it looks like only SMB was chatty enough to overload the failing hubs. I heard of a site that replaced the server because of performance problems caused by a $50 HUB. It is not as uncommon as you might think. The problem is that so few people will believe the story - and that means most will repeat the learning! Thanks for sharing the outcome with those of us who already believe. :-) I have followed this thread and believe I'm suffering from the same problem. File copying is terribly slow on one of my customers networks. The 8-port hub (which is plugged into a larger network switch) is a no-name piece of junk. However is worked fine when only network printers (jetdirects) was on it. Now that a windows XP box is on that hub, performance went down hill and I even get errors in the syslog about failed smb gethostnames or something like that. -Eric Wood -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive TCP retransmissions with samba 3.0, slow file opening RESOLVED
Eric Wood wrote: I have followed this thread and believe I'm suffering from the same problem. File copying is terribly slow on one of my customers networks. The 8-port hub (which is plugged into a larger network switch) is a no-name piece of junk. However is worked fine when only network printers (jetdirects) was on it. Now that a windows XP box is on that hub, performance went down hill and I even get errors in the syslog about failed smb gethostnames or something like that. -Eric Wood Yeah, SMB is so blame chatty, and so impatient, that it just cacks on a hub. I'd never have believed it before, but when they can get a 24-port 10/100 DLink switch for $91 from newegg (shipped!), why mess around with technician time? At typical consultant bill rates, that switch will cost them less than an hour of technician time. I bet if you fire up ethereal on that hub, you'll see plenty of TCP retransmits... -- Jeremy Anderson jeremy (at) angelar.com http://www.angelar.com/~jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Viewing multiple Versions
I've searched the archives for postings on viewing multple VMS file versions using SAMBA for VMS, and it appears that currently SAMBA for VMS does not support this feature. We VERY much need to view multiple versions, as the data collection application on our VMS system uses unique version numbers to identify specific users. Are we out of luck? Is there a way to do this? Is there a possibility this feature could be added in the near future? Thanks for any input. Regards, Charles Goff Wyeth Research PS - We are running Samba 2.2.8 on VMS 7.3-2 PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r6900 - in branches/SAMBA_3_0/source/utils: .
Author: vlendec Date: 2005-05-19 10:52:36 + (Thu, 19 May 2005) New Revision: 6900 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6900 Log: Fix bug 2725. Thanks, John, for finding it. Volker Modified: branches/SAMBA_3_0/source/utils/net_ads.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_ads.c === --- branches/SAMBA_3_0/source/utils/net_ads.c 2005-05-19 03:32:41 UTC (rev 6899) +++ branches/SAMBA_3_0/source/utils/net_ads.c 2005-05-19 10:52:36 UTC (rev 6900) @@ -360,11 +360,13 @@ const char *attrs[] = {memberOf, NULL}; char *searchstring=NULL; char **grouplist; - char *escaped_user = escape_ldap_string_alloc(argv[0]); + char *escaped_user; if (argc 1) { return net_ads_user_usage(argc, argv); } + + escaped_user = escape_ldap_string_alloc(argv[0]); if (!(ads = ads_startup())) { return -1;
svn commit: samba r6901 - in trunk/source/utils: .
Author: vlendec Date: 2005-05-19 10:52:58 + (Thu, 19 May 2005) New Revision: 6901 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6901 Log: Fix bug 2725. Thanks, John, for finding it. Volker Modified: trunk/source/utils/net_ads.c Changeset: Modified: trunk/source/utils/net_ads.c === --- trunk/source/utils/net_ads.c2005-05-19 10:52:36 UTC (rev 6900) +++ trunk/source/utils/net_ads.c2005-05-19 10:52:58 UTC (rev 6901) @@ -360,11 +360,13 @@ const char *attrs[] = {memberOf, NULL}; char *searchstring=NULL; char **grouplist; - char *escaped_user = escape_ldap_string_alloc(argv[0]); + char *escaped_user; if (argc 1) { return net_ads_user_usage(argc, argv); } + + escaped_user = escape_ldap_string_alloc(argv[0]); if (!(ads = ads_startup())) { return -1;
svn commit: samba r6902 - in branches/SAMBA_4_0/source/param: .
Author: abartlet Date: 2005-05-19 11:23:31 + (Thu, 19 May 2005) New Revision: 6902 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6902 Log: Turn the LDAP server on by default. It is no worse than the others... (no ACL support) Andrew Bartlett Modified: branches/SAMBA_4_0/source/param/loadparm.c Changeset: Modified: branches/SAMBA_4_0/source/param/loadparm.c === --- branches/SAMBA_4_0/source/param/loadparm.c 2005-05-19 10:52:58 UTC (rev 6901) +++ branches/SAMBA_4_0/source/param/loadparm.c 2005-05-19 11:23:31 UTC (rev 6902) @@ -938,7 +938,7 @@ do_parameter(max connections, -1); do_parameter(dcerpc endpoint servers, epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup); - do_parameter(server services, smb rpc nbt cldap); + do_parameter(server services, smb rpc nbt ldap cldap); do_parameter(auth methods, anonymous sam_ignoredomain); do_parameter(smb passwd file, dyn_SMB_PASSWD_FILE); do_parameter(private dir, dyn_PRIVATE_DIR);
svn commit: samba r6903 - in trunk/source: . include registry
Author: jerry Date: 2005-05-19 13:16:16 + (Thu, 19 May 2005) New Revision: 6903 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6903 Log: * main change is to make it easier to define supported registry paths in reg_db.c * also ensure that regsubkey_ctr_addkey() doesn't add duplicate values * cleanup file descriptions and copyrights Added: trunk/source/registry/reg_util.c Modified: trunk/source/Makefile.in trunk/source/include/regfio.h trunk/source/registry/reg_cachehook.c trunk/source/registry/reg_db.c trunk/source/registry/reg_eventlog.c trunk/source/registry/reg_frontend.c trunk/source/registry/reg_objects.c trunk/source/registry/reg_printing.c trunk/source/registry/reg_shares.c trunk/source/registry/regfio.c Changeset: Sorry, the patch is too large (743 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6903
svn commit: samba r6904 - in branches/SAMBA_4_0/source: cldap_server nbt_server/dgram
Author: metze Date: 2005-05-19 13:35:50 + (Thu, 19 May 2005) New Revision: 6904 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6904 Log: use krb5:kdc=yes in your smb.conf when you have the lorikeet-heimdal kdc running metze Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c branches/SAMBA_4_0/source/nbt_server/dgram/netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/cldap_server/netlogon.c === --- branches/SAMBA_4_0/source/cldap_server/netlogon.c 2005-05-19 13:16:16 UTC (rev 6903) +++ branches/SAMBA_4_0/source/cldap_server/netlogon.c 2005-05-19 13:35:50 UTC (rev 6904) @@ -83,7 +83,7 @@ NBT_SERVER_CLOSEST | NBT_SERVER_WRITABLE | NBT_SERVER_GOOD_TIMESERV; - if (lp_parm_bool(-1, gensec, krb5, True)) { + if (lp_parm_bool(-1, krb5, kdc, True)) { server_type |= NBT_SERVER_KDC; } if (str_list_check(services, ldap)) { Modified: branches/SAMBA_4_0/source/nbt_server/dgram/netlogon.c === --- branches/SAMBA_4_0/source/nbt_server/dgram/netlogon.c 2005-05-19 13:16:16 UTC (rev 6903) +++ branches/SAMBA_4_0/source/nbt_server/dgram/netlogon.c 2005-05-19 13:35:50 UTC (rev 6904) @@ -118,7 +118,7 @@ NBT_SERVER_GOOD_TIMESERV; /* hmm, probably a better way to do this */ - if (lp_parm_bool(-1, gensec, krb5, True)) { + if (lp_parm_bool(-1, krb5, kdc, True)) { pdc-server_type |= NBT_SERVER_KDC; } if (str_list_check(services, ldap)) {
svn commit: samba r6905 - in trunk/source: include registry rpc_server
Author: jerry Date: 2005-05-19 14:27:11 + (Thu, 19 May 2005) New Revision: 6905 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6905 Log: * refactoring the enum ports command in enumports levels 1 and 2 (not a separate callable functionsenumports_hook() ) * added support for enumerating ports via the key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Ports Modified: trunk/source/include/rpc_reg.h trunk/source/registry/reg_db.c trunk/source/registry/reg_frontend.c trunk/source/registry/reg_printing.c trunk/source/rpc_server/srv_spoolss_nt.c Changeset: Sorry, the patch is too large (355 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6905
svn commit: samba r6906 - in trunk/source: . include passdb rpc_client rpc_parse rpc_server rpcclient smbd
Author: vlendec Date: 2005-05-19 15:43:43 + (Thu, 19 May 2005) New Revision: 6906 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6906 Log: Commit the unixinfo pipe to trunk. This survives the samba4 torture test and the samba3 rpcclient can successfully talk to samba4 smbd. This gives me some confidence that I did not mess up the marshalling too badly. This is not yet schannel-protected, this needs to be done before release. Volker Added: trunk/source/include/rpc_unixinfo.h trunk/source/rpc_client/cli_unixinfo.c trunk/source/rpc_parse/parse_unixinfo.c trunk/source/rpc_server/srv_unixinfo.c trunk/source/rpc_server/srv_unixinfo_nt.c trunk/source/rpcclient/cmd_unixinfo.c Modified: trunk/source/Makefile.in trunk/source/configure.in trunk/source/include/ntdomain.h trunk/source/include/smb.h trunk/source/passdb/lookup_sid.c trunk/source/rpc_parse/parse_prs.c trunk/source/rpc_parse/parse_rpc.c trunk/source/rpc_server/srv_pipe.c trunk/source/rpcclient/rpcclient.c trunk/source/smbd/nttrans.c Changeset: Sorry, the patch is too large (1600 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6906
svn commit: samba r6907 - in branches/SAMBA_4_0/source: librpc librpc/idl rpc_server rpc_server/unixinfo torture torture/rpc
Author: vlendec Date: 2005-05-19 15:45:25 + (Thu, 19 May 2005) New Revision: 6907 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6907 Log: Unixinfo for samba4, not activated by default. Volker Added: branches/SAMBA_4_0/source/librpc/idl/unixinfo.idl branches/SAMBA_4_0/source/rpc_server/unixinfo/ branches/SAMBA_4_0/source/rpc_server/unixinfo/dcesrv_unixinfo.c branches/SAMBA_4_0/source/torture/rpc/unixinfo.c Modified: branches/SAMBA_4_0/source/librpc/config.mk branches/SAMBA_4_0/source/rpc_server/config.mk branches/SAMBA_4_0/source/torture/config.mk branches/SAMBA_4_0/source/torture/torture.c Changeset: Sorry, the patch is too large (445 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6907
svn commit: samba r6908 - in branches/tmp/pidl2/source: build/pidl librpc/ndr
Author: jelmer Date: 2005-05-19 15:53:00 + (Thu, 19 May 2005) New Revision: 6908 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6908 Log: Improve handling of arrays Modified: branches/tmp/pidl2/source/build/pidl/ndr.pm branches/tmp/pidl2/source/build/pidl/ndr_parser.pm branches/tmp/pidl2/source/librpc/ndr/ndr.c Changeset: Sorry, the patch is too large (587 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6908
svn commit: samba r6909 - in branches/tmp/pidl2/source/build/pidl: .
Author: jelmer Date: 2005-05-19 16:38:04 + (Thu, 19 May 2005) New Revision: 6909 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6909 Log: Make code somewhat easier to read (and recursive :-) Modified: branches/tmp/pidl2/source/build/pidl/ndr_parser.pm Changeset: Sorry, the patch is too large (340 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6909
svn commit: samba r6910 - in trunk/source: include registry rpc_server
Author: jerry Date: 2005-05-19 17:00:41 + (Thu, 19 May 2005) New Revision: 6910 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6910 Log: * Fix size calculation of sk_record * add REG_KEY_XXX permissions sets * set owner for default registry sd Modified: trunk/source/include/rpc_secdes.h trunk/source/registry/regfio.c trunk/source/rpc_server/srv_reg_nt.c Changeset: Modified: trunk/source/include/rpc_secdes.h === --- trunk/source/include/rpc_secdes.h 2005-05-19 16:38:04 UTC (rev 6909) +++ trunk/source/include/rpc_secdes.h 2005-05-19 17:00:41 UTC (rev 6910) @@ -22,16 +22,6 @@ #ifndef _RPC_SECDES_H /* _RPC_SECDES_H */ #define _RPC_SECDES_H -#define SEC_RIGHTS_QUERY_VALUE 0x0001 -#define SEC_RIGHTS_SET_VALUE 0x0002 -#define SEC_RIGHTS_CREATE_SUBKEY 0x0004 -#define SEC_RIGHTS_ENUM_SUBKEYS0x0008 -#define SEC_RIGHTS_NOTIFY 0x0010 -#define SEC_RIGHTS_CREATE_LINK 0x0020 -#define SEC_RIGHTS_READ0x00020019 -#define SEC_RIGHTS_FULL_CONTROL0x000f003f -#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x0200 - /* for ADS */ #defineSEC_RIGHTS_LIST_CONTENTS0x4 #define SEC_RIGHTS_LIST_OBJECT 0x80 @@ -518,5 +508,39 @@ SC_RIGHT_SVC_INTERROGATE | \ SC_RIGHT_SVC_USER_DEFINED_CONTROL ) +/* + * Access Bits for registry ACLS + */ +/* used by registry ACLs */ + +#define SEC_RIGHTS_QUERY_VALUE 0x0001 +#define SEC_RIGHTS_SET_VALUE 0x0002 +#define SEC_RIGHTS_CREATE_SUBKEY 0x0004 +#define SEC_RIGHTS_ENUM_SUBKEYS0x0008 +#define SEC_RIGHTS_NOTIFY 0x0010 +#define SEC_RIGHTS_CREATE_LINK 0x0020 +#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x0200 + + +#define REG_KEY_READ \ + ( STANDARD_RIGHTS_READ_ACCESS |\ + SEC_RIGHTS_QUERY_VALUE|\ + SEC_RIGHTS_ENUM_SUBKEYS |\ + SEC_RIGHTS_NOTIFY ) + +#define REG_KEY_EXECUTEREG_KEY_READ + +#define REG_KEY_WRITE \ + ( STANDARD_RIGHTS_READ_ACCESS |\ + SEC_RIGHTS_SET_VALUE |\ + SEC_RIGHTS_CREATE_SUBKEY ) + +#define REG_KEY_ALL \ + ( STANDARD_RIGHTS_REQUIRED_ACCESS |\ + REG_KEY_READ |\ + REG_KEY_WRITE |\ + SEC_RIGHTS_CREATE_LINK ) + + #endif /* _RPC_SECDES_H */ Modified: trunk/source/registry/regfio.c === --- trunk/source/registry/regfio.c 2005-05-19 16:38:04 UTC (rev 6909) +++ trunk/source/registry/regfio.c 2005-05-19 17:00:41 UTC (rev 6910) @@ -1756,7 +1756,9 @@ nk-sec_desc-sec_desc = sec_desc; nk-sec_desc-ref_count = 0; - nk-sec_desc-size = sec_desc_size(sec_desc); + + /* size value must be self-inclusive */ + nk-sec_desc-size = sec_desc_size(sec_desc) + sizeof(uint32); DLIST_ADD_END( file-sec_desc_list, nk-sec_desc, tmp ); @@ -1797,7 +1799,7 @@ memcpy( nk-subkeys.header, lf, REC_HDR_SIZE ); nk-subkeys.num_keys = nk-num_subkeys; - if ( !(nk-subkeys.hashes = TALLOC_ARRAY( file-mem_ctx, REGF_HASH_REC, nk-subkeys.num_keys )) ) + if ( !(nk-subkeys.hashes = TALLOC_ZERO_ARRAY( file-mem_ctx, REGF_HASH_REC, nk-subkeys.num_keys )) ) return NULL; nk-subkey_index = 0; Modified: trunk/source/rpc_server/srv_reg_nt.c === --- trunk/source/rpc_server/srv_reg_nt.c2005-05-19 16:38:04 UTC (rev 6909) +++ trunk/source/rpc_server/srv_reg_nt.c2005-05-19 17:00:41 UTC (rev 6910) @@ -41,7 +41,7 @@ /* no idea if this is correct, just use the file access bits for now */ -struct generic_mapping reg_map = { GENERIC_RIGHTS_FILE_READ, GENERIC_RIGHTS_FILE_WRITE, GENERIC_RIGHTS_FILE_EXECUTE, GENERIC_RIGHTS_FILE_ALL_ACCESS }; +struct generic_mapping reg_map = { REG_KEY_READ, REG_KEY_WRITE, REG_KEY_EXECUTE, REG_KEY_ALL }; static REGISTRY_KEY *regkeys_list; @@ -875,12 +875,18 @@ static WERROR make_default_reg_sd( TALLOC_CTX *ctx, SEC_DESC **psd ) { - DOM_SID adm_sid; + DOM_SID adm_sid, owner_sid; SEC_ACE ace[2]; /* at most 2 entries */ SEC_ACCESS mask; SEC_ACL *psa = NULL; uint32 sd_size; + /* set the owner to BUILTIN\Administrator */ + + sid_copy(owner_sid, global_sid_Builtin); + sid_append_rid(owner_sid, DOMAIN_USER_RID_ADMIN ); + + /* basic access for Everyone */
svn commit: samba r6911 - in trunk/source/smbd: .
Author: vlendec Date: 2005-05-19 17:32:33 + (Thu, 19 May 2005) New Revision: 6911 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6911 Log: For some weird reason, the patch I sent to Jeremy did not make it to his inbox several times. This is an optimization for the write cache necessary for optimal performance when sequentially writing large files. A Win32 app writes files in chunks of, say, 256k. At the SMB layer this only arrives as 64k chunks. This is fine for the file system algorithms that detect that this is a growing file, if the chunks would be sent in sequence. This however is not the case. When the XP redirector has to send a new 256k chunk it sends one single byte at the end of the 256k chunk, probably as an indication to NTFS that more stuff is coming and that NTFS should preallocate stuff. This however destroys the file system prediction and *completely* kills performance. I've seen the write system call for this one byte take 2.6 seconds where with this patch the file system happily writes 90MBytes/second per client from several clients simultaneously. Without the patch it works perfectly fine and correct, just *really* slow. Volker Modified: trunk/source/smbd/fileio.c Changeset: Modified: trunk/source/smbd/fileio.c === --- trunk/source/smbd/fileio.c 2005-05-19 17:00:41 UTC (rev 6910) +++ trunk/source/smbd/fileio.c 2005-05-19 17:32:33 UTC (rev 6911) @@ -509,6 +509,30 @@ write_path = 3; +} else if ( (pos = wcp-file_size) + (pos wcp-offset + 2*wcp-alloc_size) + (wcp-file_size == wcp-offset + wcp-data_size) + (n == 1) ) { + +/* ++---+ +| Cached data | ++---+ + + ++ + | 1 Byte | + ++ +*/ + + SMB_BIG_UINT new_start = wcp-offset + wcp-data_size; + +flush_write_cache(fsp, WRITE_FLUSH); + wcp-offset = new_start; + wcp-data_size = pos - new_start + 1; + memset(wcp-data, '\0', wcp-data_size); + memcpy(wcp-data + wcp-data_size-1, data, 1); + return n; + } else { /* ASCII art. JRA.
svn commit: samba r6912 - in branches/tmp/pidl2/source/build/pidl: .
Author: jelmer Date: 2005-05-19 19:57:47 + (Thu, 19 May 2005) New Revision: 6912 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6912 Log: Fix handling of arrays with deferred data. Modified: branches/tmp/pidl2/source/build/pidl/ndr.pm branches/tmp/pidl2/source/build/pidl/ndr_parser.pm Changeset: Modified: branches/tmp/pidl2/source/build/pidl/ndr.pm === --- branches/tmp/pidl2/source/build/pidl/ndr.pm 2005-05-19 17:32:33 UTC (rev 6911) +++ branches/tmp/pidl2/source/build/pidl/ndr.pm 2005-05-19 19:57:47 UTC (rev 6912) @@ -76,6 +76,8 @@ NO_METADATA = (is_inline_array($e) or is_fixed_array($e)), IS_INLINE = is_inline_array($e) }); + + $is_deferred = 0; } if (my $hdr_size = util::has_property($e, subcontext)) { Modified: branches/tmp/pidl2/source/build/pidl/ndr_parser.pm === --- branches/tmp/pidl2/source/build/pidl/ndr_parser.pm 2005-05-19 17:32:33 UTC (rev 6911) +++ branches/tmp/pidl2/source/build/pidl/ndr_parser.pm 2005-05-19 19:57:47 UTC (rev 6912) @@ -656,18 +656,31 @@ } elsif ($l-{TYPE} eq ARRAY and not is_scalar_array($e,$l)) { my $length = ParseExpr($l-{LENGTH_IS}, $env); my $counter = cntr_$e-{NAME}_$l-{LEVEL_INDEX}; - pidl for ($counter = 0; $counter $length; $counter++) {; - indent; + $var_name = $var_name . [$counter]; unless ($l-{NO_METADATA}) { $var_name = get_pointer_to($var_name); } + + # primitives if $primitives or IS_DEFERRED + if ($primitives or $l-{IS_DEFERRED}) { + pidl for ($counter = 0; $counter $length; $counter++) {; + indent; + ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 1, 0); + + deindent; + pidl }; + } - ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, $primitives, $deferred); - - deindent; - pidl }; + if ($deferred and ($l-{CONTAINS_DEFERRED} or $l-{IS_DEFERRED})) { + pidl for ($counter = 0; $counter $length; $counter++) {; + indent; + ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 0, 1); + + deindent; + pidl }; + } } } @@ -1018,15 +1031,28 @@ } elsif ($l-{TYPE} eq ARRAY and not is_scalar_array($e,$l)) { my $length = ParseExpr($l-{LENGTH_IS}, $env); my $counter = cntr_$e-{NAME}_$l-{LEVEL_INDEX}; - pidl for ($counter = 0; $counter $length; $counter++) {; - indent; + $var_name = $var_name . [$counter]; unless ($l-{NO_METADATA}) { $var_name = get_pointer_to($var_name); } - ParseElementPullLevel($e,GetNextLevel($e,$l), $ndr, $var_name, $env, $primitives, $deferred); - deindent; - pidl }; + + if ($primitives or $l-{IS_DEFERRED}) { + + pidl for ($counter = 0; $counter $length; $counter++) {; + indent; + ParseElementPullLevel($e,GetNextLevel($e,$l), $ndr, $var_name, $env, 1, 0); + deindent; + pidl }; + } + + if ($deferred and ($l-{CONTAINS_DEFERRED} or $l-{IS_DEFERRED})) { + pidl for ($counter = 0; $counter $length; $counter++) {; + indent; + ParseElementPullLevel($e,GetNextLevel($e,$l), $ndr, $var_name, $env, 0, 1); + deindent; + pidl }; + } } }
svn commit: samba r6913 - in trunk/source/registry: .
Author: jerry Date: 2005-05-19 20:10:24 + (Thu, 19 May 2005) New Revision: 6913 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6913 Log: * correct the standard registry path to Windows print driver inforamtion (it's really sad to be emulating this much of windows) ( and I'm a sad, sad little man ) * forrect Modified: trunk/source/registry/reg_printing.c Changeset: Sorry, the patch is too large (328 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6913
svn commit: samba r6914 - in trunk/source/registry: .
Author: jerry Date: 2005-05-19 20:46:24 + (Thu, 19 May 2005) New Revision: 6914 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6914 Log: printmig.exe can now successfully backup print drivers from a Samba box and restore them to a local Windows 2000 server. The printer regoistry objects are not quite correct yet, but I think I know what to do there. And then I have to get RegRestoreKey() working for migrations from Windows print servers to Samba. Or even from one Samba box to another. Modified: trunk/source/registry/reg_printing.c Changeset: Modified: trunk/source/registry/reg_printing.c === --- trunk/source/registry/reg_printing.c2005-05-19 20:10:24 UTC (rev 6913) +++ trunk/source/registry/reg_printing.c2005-05-19 20:46:24 UTC (rev 6914) @@ -254,7 +254,7 @@ if ( !subkeypath ) { - num_drivers = get_ntdrivers( drivers, environments[env_index], atoi(base) ); + num_drivers = get_ntdrivers( drivers, environments[env_index], version ); for ( i=0; inum_drivers; i++ ) regsubkey_ctr_addkey( subkeys, drivers[i] ); @@ -351,7 +351,7 @@ keystr = subkeypath; reg_split_path( keystr, base, subkeypath ); - version = atoi( base ); + version = atoi(base[strlen(base)-1]); /* printer driver name */
svn commit: samba r6915 - in branches/tmp/pidl2/source/build/pidl: .
Author: jelmer Date: 2005-05-19 21:43:28 + (Thu, 19 May 2005) New Revision: 6915 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6915 Log: More array fixes Modified: branches/tmp/pidl2/source/build/pidl/ndr_parser.pm Changeset: Modified: branches/tmp/pidl2/source/build/pidl/ndr_parser.pm === --- branches/tmp/pidl2/source/build/pidl/ndr_parser.pm 2005-05-19 20:46:24 UTC (rev 6914) +++ branches/tmp/pidl2/source/build/pidl/ndr_parser.pm 2005-05-19 21:43:28 UTC (rev 6915) @@ -667,7 +667,7 @@ if ($primitives or $l-{IS_DEFERRED}) { pidl for ($counter = 0; $counter $length; $counter++) {; indent; - ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 1, 0); + ParseElementPushLevel($e, GetNextLevel($e, $l), $ndr, $var_name, $env, 1, !($l-{CONTAINS_DEFERRED} or $l-{IS_DEFERRED})); deindent; pidl }; @@ -1038,10 +1038,9 @@ } if ($primitives or $l-{IS_DEFERRED}) { - pidl for ($counter = 0; $counter $length; $counter++) {; indent; - ParseElementPullLevel($e,GetNextLevel($e,$l), $ndr, $var_name, $env, 1, 0); + ParseElementPullLevel($e,GetNextLevel($e,$l), $ndr, $var_name, $env, 1, !($l-{CONTAINS_DEFERRED} or $l-{IS_DEFERRED})); deindent; pidl }; }
svn commit: samba r6916 - in trunk/source/registry: .
Author: jerry Date: 2005-05-19 21:52:47 + (Thu, 19 May 2005) New Revision: 6916 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6916 Log: * fix the printer registry object so that printers can mi backed up and restored to a Windows print server. Still have one issue with the security descriptor to fix Modified: trunk/source/registry/reg_printing.c Changeset: Modified: trunk/source/registry/reg_printing.c === --- trunk/source/registry/reg_printing.c2005-05-19 21:43:28 UTC (rev 6915) +++ trunk/source/registry/reg_printing.c2005-05-19 21:52:47 UTC (rev 6916) @@ -632,8 +632,9 @@ fstrcpy( printername, base ); - if ( !new_path ) - { + if ( !new_path ) { + char *p; + /* we are dealing with the printer itself */ if ( !W_ERROR_IS_OK( get_a_printer(NULL, printer, 2, printername) ) ) @@ -649,33 +650,45 @@ regval_ctr_addvalue( val, Status, REG_DWORD, (char*)info2-status, sizeof(info2-status) ); regval_ctr_addvalue( val, StartTime,REG_DWORD, (char*)info2-starttime,sizeof(info2-starttime) ); regval_ctr_addvalue( val, UntilTime,REG_DWORD, (char*)info2-untiltime,sizeof(info2-untiltime) ); - regval_ctr_addvalue( val, cjobs,REG_DWORD, (char*)info2-cjobs,sizeof(info2-cjobs) ); - regval_ctr_addvalue( val, AveragePPM, REG_DWORD, (char*)info2-averageppm, sizeof(info2-averageppm) ); - init_unistr2( data, info2-printername, UNI_STR_TERMINATE); - regval_ctr_addvalue( val, Name, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + /* strip the \\server\ from this string */ + if ( !(p = strrchr( info2-printername, '\\' ) ) ) + p = info2-printername; + else + p++; + init_unistr2( data, p, UNI_STR_TERMINATE); + regval_ctr_addvalue( val, Name, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + init_unistr2( data, info2-location, UNI_STR_TERMINATE); - regval_ctr_addvalue( val, Location, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + regval_ctr_addvalue( val, Location, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + init_unistr2( data, info2-comment, UNI_STR_TERMINATE); - regval_ctr_addvalue( val, Comment, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + regval_ctr_addvalue( val, Description, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + init_unistr2( data, info2-parameters, UNI_STR_TERMINATE); - regval_ctr_addvalue( val, Parameters, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + regval_ctr_addvalue( val, Parameters, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + init_unistr2( data, info2-portname, UNI_STR_TERMINATE); - regval_ctr_addvalue( val, Port, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); - init_unistr2( data, info2-servername, UNI_STR_TERMINATE); - regval_ctr_addvalue( val, Server, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + regval_ctr_addvalue( val, Port, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + init_unistr2( data, info2-sharename, UNI_STR_TERMINATE); - regval_ctr_addvalue( val, Share,REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + regval_ctr_addvalue( val, Share Name, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + init_unistr2( data, info2-drivername, UNI_STR_TERMINATE); - regval_ctr_addvalue( val, Driver, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + regval_ctr_addvalue( val, Printer Driver, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + init_unistr2( data, info2-sepfile, UNI_STR_TERMINATE); - regval_ctr_addvalue( val, Separator File, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); - init_unistr2( data, winprint, UNI_STR_TERMINATE); + regval_ctr_addvalue( val, Separator File, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + + init_unistr2( data, WinPrint, UNI_STR_TERMINATE); regval_ctr_addvalue( val, Print Processor, REG_SZ, (char*)data.buffer, data.uni_str_len*sizeof(uint16) ); + + init_unistr2( data, RAW,
svn commit: samba-docs r566 - in trunk/xslt: .
Author: jelmer Date: 2005-05-19 23:33:59 + (Thu, 19 May 2005) New Revision: 566 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=566 Log: Fix link texts for PDF and PS output Modified: trunk/xslt/latex.xsl Changeset: Modified: trunk/xslt/latex.xsl === --- trunk/xslt/latex.xsl2005-05-19 00:54:42 UTC (rev 565) +++ trunk/xslt/latex.xsl2005-05-19 23:33:59 UTC (rev 566) @@ -4,6 +4,12 @@ !--xsl:import href=docbook.xsl/-- xsl:import href=http://db2latex.sourceforge.net/xsl/docbook.xsl/ +xsl:template name=link + xsl:element name=link + xsl:copy-of select=@*/ + /xsl:element +/xsl:template + xsl:output method=text encoding=ISO-8859-1 indent=yes/ xsl:param name=l10n.gentext.default.language select='en'/ xsl:param name=latex.example.caption.style/xsl:param
Build status as of Fri May 20 00:00:01 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-05-19 00:00:39.0 + +++ /home/build/master/cache/broken_results.txt 2005-05-20 00:00:36.0 + @@ -1,4 +1,4 @@ -Build status as of Thu May 19 00:00:01 2005 +Build status as of Fri May 20 00:00:01 2005 Build counts: Tree Total Broken Panic @@ -9,19 +9,18 @@ rsync37 1 0 samba1 1 1 samba-docs 0 0 0 -samba4 39 15 0 -samba_3_037 8 0 -talloc 30 15 0 +samba4 39 13 0 +samba_3_037 9 0 +talloc 30 16 0 tdb 30 30 0 Currently broken builds: Host Tree Compiler Status -aix1 lorikeet-heimdal gcc 1/?/?/? +aix1 lorikeet-heimdal gccok/ 2/?/? aix1 samba4 gccok/ 2/?/? aix1 talloc gccok/ok/ 2/? aix1 tdb gccok/ 2/?/? lithiumlorikeet-heimdal gcc 1/?/?/? -lithiumsamba4 gcc 127/?/?/? lithiumtdb gcc 2/?/?/? samba-s390 lorikeet-heimdal gcc 1/?/?/? samba-s390 samba4 gccok/ 2/?/? @@ -38,19 +37,20 @@ dev4-003 tdb gcc 2/?/?/? berks lorikeet-heimdal gccok/ 2/?/? berks tdb gcc 2/?/?/? +shelob talloc gccok/ok/ 2/? shelob tdb gcc 2/?/?/? shelob ccache iccok/ok/ok/ 2 shelob lorikeet-heimdal iccok/ 2/?/? shelob tdb icc 2/?/?/? aretnaplorikeet-heimdal gccok/ 1/?/? +aretnapsamba_3_0gccok/ok/ok/ 1 aretnaptalloc gccok/ok/ 2/? aretnaptdb gcc 2/?/?/? aretnapccache iccok/ok/ok/ 1 aretnaplorikeet-heimdal iccok/ 1/?/? -aretnapsamba_3_0iccok/ok/ok/ 5 aretnaptalloc iccok/ok/ 2/? aretnaptdb icc 2/?/?/? -gc4lorikeet-heimdal gcc 127/?/?/? +gc4lorikeet-heimdal gccok/ 1/?/? gc4talloc gccok/ok/ 2/? gc4tdb gcc 2/?/?/? sbfccache gccok/ 1/?/? @@ -59,8 +59,7 @@ sbftalloc gccok/ok/ 2/? sbftdb gcc 2/?/?/? ragnarok ccache gccok/ 1/?/? -ragnarok lorikeet-heimdal gccok/ 1/?/? -ragnarok samba4 gcc 1/?/?/? +ragnarok lorikeet-heimdal gcc 1/?/?/? ragnarok samba_3_0gccok/ok/ok/ 32 ragnarok talloc gccok/ok/ 2/? ragnarok tdb gcc 2/?/?/? @@ -73,23 +72,23 @@ tardis lorikeet-heimdal gcc 1/?/?/? tardis tdb gcc 2/?/?/? gwen distcc cc ok/ 1/?/? -gwen lorikeet-heimdal cc 127/?/?/? +gwen lorikeet-heimdal cc 1/?/?/? gwen samba4 cc ok/ 1/?/? gwen samba_3_0cc ok/ 1/?/? gwen talloc cc ok/ok/ 1/? gwen tdb cc ok/ 1/?/? trip lorikeet-heimdal gccok/ 2/?/? trip tdb gcc 2/?/?/? -yowiee lorikeet-heimdal gcc 127/?/?/? +yowiee lorikeet-heimdal gccok/ 2/?/? yowiee samba_3_0gcc 1/?/?/? yowiee talloc gccok/ok/ 2/? yowiee tdb gcc 2/?/?/? -homer lorikeet-heimdal gccok/ 2/?/? +homer lorikeet-heimdal gcc 1/?/?/? homer tdb gcc 2/?/?/? shubnigurath lorikeet-heimdal cc ok/ 1/?/? shubnigurath samba4 cc ok/ 1/?/? shubnigurath tdb cc 2/?/?/? -sol10 lorikeet-heimdal gccok/ 1/?/? +sol10 lorikeet-heimdal gcc 1/?/?/? sol10 tdb gcc 2/?/?/? gc20 lorikeet-heimdal gccok/ 2/?/? gc20 samba4 gccok/ 2/?/? @@ -101,6 +100,7 @@ sun1 talloc cc ok/ok/ok/ 2 sun1 tdb cc 2/?/?/? sun1 lorikeet-heimdal gccok/ 2/?/? +sun1 samba_3_0gccok/ok/ok/ 1 sun1 talloc
svn commit: samba r6917 - in trunk/source/utils: .
Author: jerry Date: 2005-05-20 03:33:36 + (Fri, 20 May 2005) New Revision: 6917 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6917 Log: remove editreg.c after talking to Richard and Jelmer at Samba XP Removed: trunk/source/utils/editreg.c Changeset: Sorry, the patch is too large (4155 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6917
svn commit: samba r6918 - in trunk/source: include printing registry
Author: jerry Date: 2005-05-20 05:26:59 + (Fri, 20 May 2005) New Revision: 6918 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=6918 Log: * fixed final issue when restoring printers to a Windows host from a printmig.exe backup file of a Samba server. When smbd generates a default sd for a printer, it formally included join the generic bits in the ACE. Samba would always map the specific bits in the access mask for a request for checking against the generic bits. Apparently, the windows spooler does not perform this mapping of specific to generic bits internally. Hence this is why i was always getting access denied on the open printer calls for the local printer object after the restore. There really were no access bits that the spooler would look at to give me access. So the main change here is modify the definition of the PRINTER_ACE_XXX macros in rpc_spoolss.h to include the specific bits as well as the generic ones. Modified: trunk/source/include/rpc_spoolss.h trunk/source/printing/nt_printing.c trunk/source/registry/reg_printing.c Changeset: Modified: trunk/source/include/rpc_spoolss.h === --- trunk/source/include/rpc_spoolss.h 2005-05-20 03:33:36 UTC (rev 6917) +++ trunk/source/include/rpc_spoolss.h 2005-05-20 05:26:59 UTC (rev 6918) @@ -170,13 +170,6 @@ #define JOB_STATUS_BLOCKED 0x0200 #define JOB_STATUS_USER_INTERVENTION 0x0400 -/* ACE masks for the various print permissions */ - -#define PRINTER_ACE_FULL_CONTROL GENERIC_ALL_ACCESS -#define PRINTER_ACE_MANAGE_DOCUMENTS READ_CONTROL_ACCESS -#define PRINTER_ACE_PRINT \ -(GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS) - /* Access rights for print servers */ #define SERVER_ALL_ACCESS STANDARD_RIGHTS_REQUIRED_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE #define SERVER_READ STANDARD_RIGHTS_READ_ACCESS|SERVER_ACCESS_ENUMERATE @@ -195,6 +188,13 @@ #define JOB_WRITE STANDARD_RIGHTS_WRITE_ACCESS|JOB_ACCESS_ADMINISTER #define JOB_EXECUTESTANDARD_RIGHTS_EXECUTE_ACCESS|JOB_ACCESS_ADMINISTER +/* ACE masks for the various print permissions */ + +#define PRINTER_ACE_FULL_CONTROL (GENERIC_ALL_ACCESS|PRINTER_ALL_ACCESS) +#define PRINTER_ACE_MANAGE_DOCUMENTS READ_CONTROL_ACCESS +#define PRINTER_ACE_PRINT (READ_CONTROL_ACCESS|PRINTER_ACCESS_USE) + + /* Notify field types */ #define NOTIFY_ONE_VALUE 1 /* Notify data is stored in value1 */ Modified: trunk/source/printing/nt_printing.c === --- trunk/source/printing/nt_printing.c 2005-05-20 03:33:36 UTC (rev 6917) +++ trunk/source/printing/nt_printing.c 2005-05-20 05:26:59 UTC (rev 6918) @@ -3930,7 +3930,7 @@ SEC_ACL *psa = NULL; SEC_DESC_BUF *sdb = NULL; SEC_DESC *psd = NULL; - DOM_SID owner_sid; + DOM_SID owner_sid, group_sid; size_t sd_size; /* Create an ACE where Everyone is allowed to print */ @@ -3942,18 +3942,21 @@ /* Make the security descriptor owned by the Administrators group on the PDC of the domain. */ - if (secrets_fetch_domain_sid(lp_workgroup(), owner_sid)) { - sid_append_rid(owner_sid, DOMAIN_USER_RID_ADMIN); + if (secrets_fetch_domain_sid(lp_workgroup(), group_sid)) { + sid_append_rid(group_sid, DOMAIN_USER_RID_ADMIN); } else { /* Backup plan - make printer owned by admins. This should emulate a lanman printer as security settings can't be changed. */ - sid_copy(owner_sid, get_global_sam_sid()); - sid_append_rid(owner_sid, DOMAIN_USER_RID_ADMIN); + sid_copy(group_sid, get_global_sam_sid()); + sid_append_rid(group_sid, DOMAIN_USER_RID_ADMIN); } + sid_copy( owner_sid, global_sid_Builtin_Administrators ); + + init_sec_access(sa, PRINTER_ACE_FULL_CONTROL); init_sec_ace(ace[i++], owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_OBJECT_INHERIT | @@ -3988,7 +3991,7 @@ if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, i, ace)) != NULL) { psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, - owner_sid, NULL, + owner_sid, group_sid, NULL, psa, sd_size); } Modified: trunk/source/registry/reg_printing.c === --- trunk/source/registry/reg_printing.c2005-05-20 03:33:36 UTC (rev 6917) +++ trunk/source/registry/reg_printing.c2005-05-20 05:26:59 UTC (rev 6918) @@ -560,6 +560,11 @@ for (snum=0; snumn_services; snum++) { if (