[Samba] performance
Hi, We have samba running on a redhat cluster, the samba shares are used for a apache cluster. The connection is with a 100Mb network. We have performance problems, with copy files on one of the apache systems we get a speed of 40Mb/s. When we do the same to a nfs share we get more then 90Mb/s. Can anybody explain the big differance? Mels -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] we have domain logon authentication but profile loads SLOW
Hey samba friends, We are getting really bad performance from the samba server. Profiles are taking forever to d/l. This is in an isolated environment: one client, one server, attached to a 100 Mbps switch. Ping is min/avg/max/mdev 0.174/0.190/0.309/0.036 ms. On irc.freenode.org #samba we have been met with some derision for using ping to test throughput. We also tested with rsync and the isolated test environment seemed speedy, but the IRC guys won't talk to us unless we test throughput with http or ftp. The problem with that is, the sambatest server is offline and for performance reasons we are psyched about installing apache2 on the box. Even trying to install proftp on the samba server is problematic because we have to set up a knoppix livecd next to the isolated network, tunnel through the mailserver and firewall, and get debs (mailserver and sambatest both Ubuntu Breezy) which we d/l to knoppix, then unplug knoppix from the network and plug into the test switch, and then we still have to use dpkg instead of apt-get to install proftpd, resolve conflicts, satisfy dependencies, etc. Hopefully you can see why testing the throughput of the switch is a PITA. Even if we turn off samba to join the test server to the LAN (we don't want the PDCs to get into a battle!) we still have to set up apt to use our proxy server. We can't even use apt-get install apt-proxy! Meanwhile, we think the bandwidth benchmark is irrelevant to the problem we're having -- IRC opinions notwithstanding. It just seems like a lot of trouble to test throughput on a switch we know is working fine at 100Mbps. There must be another problem! Default profile 5 MB. We have domain logons. Also, I don't remember how to make a default profile on a windows box and move it to the samba PDC. I want to use the old profile from: /etc/samba/netlogon/default user but change paths, proxy settings, etc. -- /home/modus/.signature Thu Sep 22 02:41:56 EDT 2005 The Moon is Waning Gibbous (79% of Full) In the immortal words of Modus Operandi [EMAIL PROTECTED]: In the immortal words of Modus Operandi [EMAIL PROTECTED]: we have been trying to move our samba box to a faster server, with better NICs, faster processor and more memory. both the old and new server are using samba 3.0.14A both on debian based distributions (old was sarge, new is breezy) here are the steps we followed: install samba from the apt archives. confirmed that they were the same version. copied smb.conf from old server to new server. changed domain name, or workgroup = domain2 as well as netbios name snip! Well, that was the problem. I set the workgroup and the netbios to the same name, which was causing the duplicate name error. Not sure why the old install worked just fine with netbios and workgroup set to the same thing. Anyway, we can now log on to the domain without the error. There are still problems, though ... the authentication procedure is incredibly slow -- and the reason we got a new server was so it would be faster. Tomorrow, I will make sure all the users are created with the same uid on the new server, and then convert our old smbpasswd to tdb format. -- /home/modus/.signature Mon Sep 19 18:19:45 EDT 2005 The Moon is Waning Gibbous (95% of Full) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with Mysql, compilation problem.
hmm.. try ./configure --with-expsam=mysql --with-shared-modules=pdb_mysql mysql lib's in the: /usr/lib/mysql (symlink will do) mysql headers in the: /usr/include/mysql (symlink will do) you can compile the mysql_backend into samba so there isn't an external module ! your problem is that samba can't find the header files from mysql (.h) I think that the guy's from debian left the mysql backend out, coz' it's somewhat experimental, and lackes support.. never the less, it works, and we have it up and running for almost 2years now!! have fun Collen Blijenberg (MLHJ) MARTIN Pierre wrote: First i would like to say hello to everybody here, because i am new to this ML. So here is the description of my problem: I began with a clean samba installation from the stable branch few monthes ago, everything was just fine, i have a linux box which was sharing files for another linux workstation and two WinXP laptops. The sharing linux box is a debian stable branch O/S, which is my choice for a long time now. Few weeks ago, i decided to make my sparkling samba installation virtual-users aware, and i began to crawl on various websites, all explaining the smb.conf parametters to give. I figured out that i was just not able to make it run because of a main problem, the apt-get samba gave me a non mysql-powered-samba version :( So i removed the samba package from the computer, and dowloaded the debian source of it. Basic source, untared, and had a look to the debian/rule file. I saw there was any parametters given about mysql building, so i also had a look at the configure script's options. It always compiles the brand new warm .deb packages (after i fixed some lacky dependencies, i had to make a fake mysql-common package by myselve, because i already had mysql installed from sources and did not want to install the deb package, etc...). I'm now totally lost, i have try everything and i can't get this pdb_mysql.so plugin ready :( So maybe i have miss something, maybe there is another way to make it as i wish to be, maybe there is a simple way to indirectly link samba to mysql with pam (I don't know PAM rules at all, i neither don't know how it works). It has been 4 days i'm looking for a solution, mailing random people i find on websites, no answers from them. Please if somebody has any clue, let me know a link, a sound, a color, anything to find a way to make it work... Anything to make it work from the stable .deb packages appreciated too. Thank you a lot! Pierre. P.S.: Here is the current configure parametters i use extracted from my rule file: --cache-file=./config.cache --with-fhs --enable-shared --enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba --with-privatedir=/etc/samba --with-piddir=/var/run/samba --localstatedir=/var --with-netatalk --with-pam --with-syslog --with-utmp --with-readline --with-pam_smbpass --with-libsmbclient --with-winbind --with-msdfs --with-automount --with-tdbsam --with-ldap --with-python=python2.3 --with-mysql --enable-mysql --with-mysql-prefix=/usr/local/mysql --with-expsam=mysql -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: locking.tdb: expand_file ftruncate to 8192 failed (Permission denied)
On Wed, Sep 21, 2005 at 04:34:32PM -0700, Jeremy Allison wrote: On Thu, Sep 22, 2005 at 01:01:45AM +0200, Axel Thimm wrote: Should I generate a more verbose debug log (what log level settings?) and place it somewhere on the net? I wonder how I'm triggering that code path, it certainly isn't seen by the typical RHEL4 installs. The lock directory is set to reside on a GFS filesystem, could that make a difference (shouldn't as it is supposed to be POSIX compliant local-fs-like filesystem)? Oh almost certainly that's the problem. Did you test my test program on a GFS filesystem ? Doesn't GFS use crypto credentials to prevent people hijacking root ? If that's the case I bet they break POSIX semantics w.r.t. this. Why are you putting the locking db on a GFS filesystem anyway. That's madness ! The reason is to have a poor-man's-clustered-samba by placing lock and private dir on a common share and have the relocated smbd/nmbd pairs access them. E.g. relocating within the cluster is effectively like restarting smbd/nmbd on a node. On Wed, Sep 21, 2005 at 04:37:32PM -0700, Jeremy Allison wrote: On Thu, Sep 22, 2005 at 01:09:30AM +0200, Axel Thimm wrote: # mount | grep gfs /dev/mapper/physik-data on /srv/physik.fu-berlin.de/data type gfs (rw,acl) # pwd /srv/physik.fu-berlin.de/data/samba-test # ls -l total 32 -rwxr-xr-x 1 root root 10080 Sep 22 00:38 a.out -rw--- 1 root root 1231 Sep 22 00:35 test.c -rw-r--r-- 1 root root 0 Sep 22 01:07 testfile # ./a.out testfile thimm Segmentation fault What's the gdb backtrace. There's probably a bug in one of the error condition printing in the test code. (gdb) run testfile thimm Starting program: /srv/physik.fu-berlin.de/data/samba-test/a.out testfile thimm Program received signal SIGSEGV, Segmentation fault. 0x003e18a6fb00 in strlen () from /lib64/tls/libc.so.6 (gdb) bt #0 0x003e18a6fb00 in strlen () from /lib64/tls/libc.so.6 #1 0x003e18a428dc in vfprintf () from /lib64/tls/libc.so.6 #2 0x003e18a3f299 in buffered_vfprintf () from /lib64/tls/libc.so.6 #3 0x003e18a3f479 in vfprintf () from /lib64/tls/libc.so.6 #4 0x003e18a47d96 in fprintf () from /lib64/tls/libc.so.6 #5 0x00400b2b in main (argc=3, argv=0x7fb8a8) at test.c:55 As I said, I bet GFS isn't POSIX complient. Don't put locking tdb's on anything but local filesystems. Well, GFS claims to be POSIX and local-like in any way. Maybe it is just a bug in GFS? Does POSIX ensure that you can open an fd under some user and not lose access right to the fd when dropping priviledges? Thanks! -- Axel.Thimm at ATrpms.net pgp5kMboOMrTe.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authentication for user FAILED with error NT_STATUS_NO_SUCH_USER
Sérgio A P Ferreira wrote: Hi list, Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SRCH base=dc=cultura,dc=gov,dc=br scope=2 deref=0 filter=((uid=testuser)(objectClass=sambaSamAccount)) Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= See the nentries=0? This is telling you the object was not found in your LDAP directory. Try to search from the commandline with ldapsearch like: ldapsearch -D here goes what you have for ldap admin dn in your smb.conf -b dc=gov,dc=br -W ((uid=testuser)(objectClass=sambaSamAccount) if that doesn't work try modifying the search filter to read: ((uid=*)(objectClass=*) if it works (you get the entries back), your entry most likely misses the sambaSamAccount attributes, that is to say you missed a step in your setup (smbpasswd?) if it does not work it might be a problem with ACLs in your LDAP server. Try using your rootdn from slapd.conf for the -D switch in the above search. If that works change your ACLs to allow your ldap admin dn to read and write the necessary attributes. Another thing to check is if your users are visible to the system via NSS, a getent passwd should show your samba users along with the users from /etc/passwd. hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FW: GESIS Samba config
Hallo zusammen, Herr Lendecke bat mich, die Samba Konfiguration zu mailen, die wir hier im Einsatz haben. Ich habe das für eine Server oben zusammengestellt. Es gibt folgende Ziele, die erreicht werden sollen: 1.) völlige Virutalisierung von Samba (Unabhänigkeit von der Hardware) ähnlich SAP 2.) Dedizierte Server für z.B.: profile homedirs kunden der gesis/sz ag 3.) Hochverfügbarkeit der einzelnen Instanzen. Ich bitte um Kommentar dazu. Ich bin heute vorort und per Handy erreichbar. Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] -| Sent: Thursday, September 22, 2005 10:25 AM -| To: Laurenz, Dirk -| Subject: GESIS Samba config -| -| -| -| -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Recall: GESIS Samba config
Laurenz, Dirk would like to recall the message, GESIS Samba config. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] FW: GESIS Samba config
PLEASE IGNORE THIS MESSAGE Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of [EMAIL PROTECTED] -| Sent: Thursday, September 22, 2005 10:34 AM -| To: samba@lists.samba.org -| Subject: [Samba] FW: GESIS Samba config -| -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] strange error 1937
Hi, After configuring and populating I try to add the accounts from a NT4 domain. The net rpc samdump -S SERVERNAME works as expected. I can see the Password hashes and all computers and users. After that I try to NET VAMPIRE. The groups were added fine but for each computer and user account I get this error: ...passdb/pdb_ldap.c:ldapsam_add_sam_account(1937) ldapsam_add_sam_account: failed to modify/add user with uid = . the normal smbldap-useradd works also as expected. I try all findable documentation and searched for this error but found nothing. I try it with samba 3.0.13 and 3.0.14 / smbldap-tools 0.9.0 and 0.9.1 with the same result ---SNIP- The ldap log tell me: conn=2 op=94 SRCH base=dc=example,dc=com scope=2 deref=0 filter=((objectClass=posixAccount)(uid=user2)) conn=2 op=94 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass conn=2 op=94 SEARCH RESULT tag=101 err=0 nentries=1 text= conn=1 op=186 SRCH base=dc=example,dc=com scope=2 deref=0 filter=((sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount)) conn=1 op=186 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp conn=1 op=186 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=1 op=187 SRCH base=dc=example,dc=com scope=2 deref=0 filter=(((objectClass=sambaSamAccount)(uid=user2))(objectClass=sambaSamAccount)) conn=1 op=187 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours conn=1 op=187 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=1 op=188 SRCH base=dc=example,dc=com scope=2 deref=0 filter=((sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(objectClass=sambaSamAccount)) conn=1 op=188 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours modifyTimestamp conn=1 op=188 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=1 op=189 SRCH base=dc=example,dc=com scope=2 deref=0 filter=((objectClass=sambaSamAccount)(uid=user2)) conn=1 op=189 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours conn=1 op=189 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=1 op=190 SRCH base=dc=example,dc=com scope=2 deref=0 filter=((sambaSID=s-1-5-21-123456789-123456789-123456789-1003)(|(objectClass=sambaIdmapEntry)(objectClass=sambaSidEntry))) conn=1 op=190 SRCH attr=uid uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory modifyTimestamp sambaLogonHours conn=1 op=190 SEARCH RESULT tag=101 err=0 nentries=0 text= conn=1 op=191 ADD dn=uid=user2,dc=example,dc=com conn=1 op=191 RESULT tag=105 err=68 text=èV^W^H^X^V.A \204î,@^P3^W^HDx,@[EMAIL PROTECTED]@[EMAIL PROTECTED]@^HY^W^H^C --SNAP--- This is the add user script: add user script = smbldap-useradd %u I take a look at
Re: [Samba] FW: GESIS Samba config
Try ENGLISH [EMAIL PROTECTED] wrote: Hallo zusammen, Herr Lendecke bat mich, die Samba Konfiguration zu mailen, die wir hier im Einsatz haben. Ich habe das für eine Server oben zusammengestellt. Es gibt folgende Ziele, die erreicht werden sollen: 1.) völlige Virutalisierung von Samba (Unabhänigkeit von der Hardware) ähnlich SAP 2.) Dedizierte Server für z.B.: profile homedirs kunden der gesis/sz ag 3.) Hochverfügbarkeit der einzelnen Instanzen. Ich bitte um Kommentar dazu. Ich bin heute vorort und per Handy erreichbar. Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] -| Sent: Thursday, September 22, 2005 10:25 AM -| To: Laurenz, Dirk -| Subject: GESIS Samba config -| -| -| -| -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] FW: GESIS Samba config
this was not for the list.sorry Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: (C)ollen [mailto:[EMAIL PROTECTED] -| Sent: Thursday, September 22, 2005 10:47 AM -| To: Laurenz, Dirk; samba@lists.samba.org -| Subject: Re: [Samba] FW: GESIS Samba config -| -| Try ENGLISH -| -| [EMAIL PROTECTED] wrote: -| Hallo zusammen, -| -| Herr Lendecke bat mich, die Samba Konfiguration zu -| mailen, die wir hier -| im Einsatz haben. Ich habe das für eine Server oben -| zusammengestellt. -| -| Es gibt folgende Ziele, die erreicht werden sollen: -| -| 1.) völlige Virutalisierung von Samba (Unabhänigkeit -| von der Hardware) -| ähnlich SAP -| -| 2.) Dedizierte Server für z.B.: -| profile -| homedirs -| kunden der gesis/sz ag -| -| 3.) Hochverfügbarkeit der einzelnen Instanzen. -| -| Ich bitte um Kommentar dazu. Ich bin heute vorort und per -| Handy erreichbar. -| -| Mit freundlichem Gruß, -| -| -| -| Dirk Laurenz -| Systems Engineer -| -| Fujitsu Siemens Computers -| S CE DE SE PS N/O -| Sales Central Europe Deutschland -| Professional Service Nord / Ost -| -| Hildesheimer Strasse 25 -| 30880 Laatzen -| Germany -| -| Telephone:+49 (511) 84 89 - 18 08 -| Telefax: +49 (511) 84 89 - 25 18 08 -| Mobile: +49 (170) 22 10 781 -| Email:mailto:[EMAIL PROTECTED] -| Internet: http://www.fujitsu-siemens.com -| http://www.fujitsu-siemens.de/services/index.html -| -| -| *** -| -| -| -| -Original Message- -| -| From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] -| -| Sent: Thursday, September 22, 2005 10:25 AM -| -| To: Laurenz, Dirk -| -| Subject: GESIS Samba config -| -| -| -| -| -| -| -| -| -| -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net rpc vampire / Question or Problem?
Hi, maybe that it is a german domain is the problem? There're Groups like 'Domänen Benutzer' or 'Domänen Admins' Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of [EMAIL PROTECTED] -| Sent: Wednesday, September 21, 2005 3:57 PM -| To: [EMAIL PROTECTED] -| Cc: samba@lists.samba.org -| Subject: RE: [Samba] net rpc vampire / Question or Problem? -| -| Hi, -| -| some usernames have german characters, but we're repairing this. -| Groups have only a _ inside thier names. But shouldn't -| rpc vampire simply -| skip this usernames? -| -| Mit freundlichem Gruß, -| -| -| -| Dirk Laurenz -| Systems Engineer -| -| Fujitsu Siemens Computers -| S CE DE SE PS N/O -| Sales Central Europe Deutschland -| Professional Service Nord / Ost -| -| Hildesheimer Strasse 25 -| 30880 Laatzen -| Germany -| -| Telephone: +49 (511) 84 89 - 18 08 -| Telefax:+49 (511) 84 89 - 25 18 08 -| Mobile: +49 (170) 22 10 781 -| Email: mailto:[EMAIL PROTECTED] -| Internet: http://www.fujitsu-siemens.com -| http://www.fujitsu-siemens.de/services/index.html -| -| *** -| -| -| -| -Original Message- -| -| From: Michael Gasch [mailto:[EMAIL PROTECTED] -| -| Sent: Wednesday, September 21, 2005 8:09 AM -| -| To: Laurenz, Dirk -| -| Cc: samba@lists.samba.org -| -| Subject: Re: [Samba] net rpc vampire / Question or Problem? -| -| -| -| here's my groupmod script: -| -| -| -| add user to group script= -| -| /opt/IDEALX/sbin/smbldap-groupmod -m %u %g -| -| -| -| net rpc vampire stops with exit code 141. -| -| -| -| Is there someting wrong? -| -| -| -| i guess you're using the latest versions of smbldap and samba -| -| your line is fine, so i can't really explain this behaviour -| -| may be your global groups have some weird characters, -| usernames, or -| -| nested groups in it? -| -| -| -| -- -| -| Michael Gasch -| -| Max Planck Institute for Evolutionary Anthropology -| -| Department of Human Evolution (IT) -| -| Deutscher Platz 6 -| -| D-04103 Leipzig -| -| Germany -| -| -| -| Phone: 49 (0)341 - 3550 137 -| -| -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: https://lists.samba.org/mailman/listinfo/samba -| -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba printer server error
With XP client printer, when choosing Printer Properties the following error follows, I use samba 3.0.9, 3.0.14a 3.0.20. I can't print to samba printer server with XP client. but with win2000 and win98 no problems. Thanks in advance. [2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(785) spoolss_io_devmode: I've parsed all I know and there is still stuff left| [2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(787) spoolss_io_devmode: available_space = [3052], devmode_size = [3272]! [2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(788) spoolss_io_devmode: please report to [EMAIL PROTECTED] [2005/09/22 00:01:19, 0] rpc_server/srv_spoolss.c:api_spoolss_open_printer_ex(76) spoolss_io_q_open_printer_ex: unable to unmarshall SPOOL_Q_OPEN_PRINTER_EX. [2005/09/22 00:01:19, 0] rpc_server/srv_pipe.c:api_rpcTNP(1572) api_rpcTNP: spoolss: SPOOLSS_OPENPRINTEREX failed. [2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(785) spoolss_io_devmode: I've parsed all I know and there is still stuff left| [2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(787) spoolss_io_devmode: available_space = [3052], devmode_size = [3272]! [2005/09/22 00:01:19, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(788) spoolss_io_devmode: please report to [EMAIL PROTECTED] [2005/09/22 00:01:19, 0] rpc_server/srv_spoolss.c:api_spoolss_open_printer_ex(76) spoolss_io_q_open_printer_ex: unable to unmarshall SPOOL_Q_OPEN_PRINTER_EX. [2005/09/22 00:01:19, 0] rpc_server/srv_pipe.c:api_rpcTNP(1572) api_rpcTNP: spoolss: SPOOLSS_OPENPRINTEREX failed. [2005/09/22 00:01:47, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(785) spoolss_io_devmode: I've parsed all I know and there is still stuff left| [2005/09/22 00:01:47, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(787) spoolss_io_devmode: available_space = [3052], devmode_size = [3272]! [2005/09/22 00:01:47, 0] rpc_parse/parse_spoolss.c:spoolss_io_devmode(788) spoolss_io_devmode: please report to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd default domain problem
Hello, I got a problem using the Squid-winbind-samba-ldap services. Squid 2.5, authenticating with Samba 3.1 through winbind. Problem occurs with internet explorer on Windows XP clients when users authenticate with Squid using NTLM protocol, with clients that are not in the domain. Acces is not allowed until I add the domain information to the user id. When I look at winbind' logs, I can see that Internet Explorer sent the local machine name as domain without asking me (My machine is called TEST, so I have TEST\username sent to squid. I've the winbind use default domain = yes directive set (and parsed by windbind when running), I've also tried to force the ntlm-auth Squid helper with --domain=MYDOMAIN, but nothing worked. Despite of that, it works well with firefox when out of the domain (auto switching to basic auth), and well with both navigators when in a domain (getting the Windows XP login as authentifier). Did I forgot something ? All threads I found on the samba lists said that the winbind use default domain = yes directive would be enough... why isn't it ok for me ? Note : I'm sorry for my english, I'm french ;) Josselin Dulac Technicien au CRI IUFM de Lyon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with Mysql, compilation problem.
Hello Collen and thank you for this answer! I am at work now, so i'll manage to test all this at home tonight. Anyway, i'll keep everybody tunned of the progression, hope it will helps people to get mysql pluggin running on debian. See you and thank you again :) Pierre On 9/22/05, (C)ollen [EMAIL PROTECTED] wrote: hmm.. try ./configure --with-expsam=mysql --with-shared-modules=pdb_mysql mysql lib's in the: /usr/lib/mysql (symlink will do) mysql headers in the: /usr/include/mysql (symlink will do) you can compile the mysql_backend into samba so there isn't an external module ! your problem is that samba can't find the header files from mysql (.h) I think that the guy's from debian left the mysql backend out, coz' it's somewhat experimental, and lackes support.. never the less, it works, and we have it up and running for almost 2years now!! have fun Collen Blijenberg (MLHJ) MARTIN Pierre wrote: First i would like to say hello to everybody here, because i am new to this ML. So here is the description of my problem: I began with a clean samba installation from the stable branch few monthes ago, everything was just fine, i have a linux box which was sharing files for another linux workstation and two WinXP laptops. The sharing linux box is a debian stable branch O/S, which is my choice for a long time now. Few weeks ago, i decided to make my sparkling samba installation virtual-users aware, and i began to crawl on various websites, all explaining the smb.conf parametters to give. I figured out that i was just not able to make it run because of a main problem, the apt-get samba gave me a non mysql-powered-samba version :( So i removed the samba package from the computer, and dowloaded the debian source of it. Basic source, untared, and had a look to the debian/rule file. I saw there was any parametters given about mysql building, so i also had a look at the configure script's options. It always compiles the brand new warm .deb packages (after i fixed some lacky dependencies, i had to make a fake mysql-common package by myselve, because i already had mysql installed from sources and did not want to install the deb package, etc...). I'm now totally lost, i have try everything and i can't get this pdb_mysql.so plugin ready :( So maybe i have miss something, maybe there is another way to make it as i wish to be, maybe there is a simple way to indirectly link samba to mysql with pam (I don't know PAM rules at all, i neither don't know how it works). It has been 4 days i'm looking for a solution, mailing random people i find on websites, no answers from them. Please if somebody has any clue, let me know a link, a sound, a color, anything to find a way to make it work... Anything to make it work from the stable .deb packages appreciated too. Thank you a lot! Pierre. P.S.: Here is the current configure parametters i use extracted from my rule file: --cache-file=./config.cache --with-fhs --enable-shared --enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba --with-privatedir=/etc/samba --with-piddir=/var/run/samba --localstatedir=/var --with-netatalk --with-pam --with-syslog --with-utmp --with-readline --with-pam_smbpass --with-libsmbclient --with-winbind --with-msdfs --with-automount --with-tdbsam --with-ldap --with-python=python2.3 --with-mysql --enable-mysql --with-mysql-prefix=/usr/local/mysql --with-expsam=mysql -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with Mysql, compilation problem.
Hello Collen, I've just try what you suggested. I have now a new error which is *Can't find MySQL libraries while MySQL support is requested.* But now, the configure script returns an error, not the compilation itselve (Since the make command is not started unless configure tells i'm fine go ahead :-) ) The configure script was called with these args: *--cache-file=./config.cache --with-fhs --enable-shared --enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba --with-privatedir=/etc/samba --with-piddir=/var/run/samba --localstatedir=/var --with-netatalk --with-pam --with-syslog --with-utmp --with-readline --with-pam_smbpass --with-libsmbclient --with-winbind --with-msdfs --with-automount --with-tdbsam --with-ldap --with-python=python2.3 --with-expsam=mysql --with-shared-modules=pdb_mysql* My actual filesystem configuration is as follows: * /usr/local/mysql/include/mysql is symlinked to /usr/include/mysql, so i virtualy have mysql.h and other header files in /usr/include/mysql/* * /usr/local/mysql/lib/mysql is symlinked to /usr/lib/mysql, so i also virtually have all mysql libraries in /usr/lib/mysql/* look: *ls /usr/lib/mysql/* gives *libdbug.a libmerge.a libmyisammrg.alibmysqlclient.la libmysqlclient.so.14 libmystrings.a libnisam.a libheap.a libmyisam.a libmysqlclient.a libmysqlclient.so libmysqlclient.so.14.0.0 libmysys.a libvio.a* and *ls /usr/include/mysql/* *errmsg.hmy_alloc.h my_getopt.h my_no_pthread.h mysqld_error.h mysql_version.h readline.h sslopt-longopts.h keycache.h my_config.h my_global.h my_pthread.h mysql_embed.h my_sys.h sql_common.h sslopt-vars.h m_ctype.h my_dbug.h my_list.hmy_semaphore.h mysql.h my_xml.h sql_state.htypelib.h m_string.h my_dir.h my_net.h mysql_com.h mysql_time.hraid.h sslopt-case.h* But it seems that the configure script doesn't knows where to look in. I'm going to make further tests with the *--with-mysql-prefix* and *--with-mysql-exec-prefix*, giving them some additionnal paths, in fact i dont know what more i can do :'( Anyway, thank you for the help! Take care, Pierre (C)ollen wrote: hmm.. try ./configure --with-expsam=mysql --with-shared-modules=pdb_mysql mysql lib's in the: /usr/lib/mysql (symlink will do) mysql headers in the: /usr/include/mysql (symlink will do) you can compile the mysql_backend into samba so there isn't an external module ! your problem is that samba can't find the header files from mysql (.h) I think that the guy's from debian left the mysql backend out, coz' it's somewhat experimental, and lackes support.. never the less, it works, and we have it up and running for almost 2years now!! have fun Collen Blijenberg (MLHJ) MARTIN Pierre wrote: First i would like to say hello to everybody here, because i am new to this ML. So here is the description of my problem: I began with a clean samba installation from the stable branch few monthes ago, everything was just fine, i have a linux box which was sharing files for another linux workstation and two WinXP laptops. The sharing linux box is a debian stable branch O/S, which is my choice for a long time now. Few weeks ago, i decided to make my sparkling samba installation virtual-users aware, and i began to crawl on various websites, all explaining the smb.conf parametters to give. I figured out that i was just not able to make it run because of a main problem, the apt-get samba gave me a non mysql-powered-samba version :( So i removed the samba package from the computer, and dowloaded the debian source of it. Basic source, untared, and had a look to the debian/rule file. I saw there was any parametters given about mysql building, so i also had a look at the configure script's options. It always compiles the brand new warm .deb packages (after i fixed some lacky dependencies, i had to make a fake mysql-common package by myselve, because i already had mysql installed from sources and did not want to install the deb package, etc...). I'm now totally lost, i have try everything and i can't get this pdb_mysql.so plugin ready :( So maybe i have miss something, maybe there is another way to make it as i wish to be, maybe there is a simple way to indirectly link samba to mysql with pam (I don't know PAM rules at all, i neither don't know how it works). It has been 4 days i'm looking for a solution, mailing random people i find on websites, no answers from them. Please if somebody has any clue, let me know a link, a sound, a color, anything to find a way to make it work... Anything to make it work from the stable .deb packages appreciated too. Thank you a lot! Pierre. P.S.: Here is the current configure parametters i use extracted from my rule file: --cache-file=./config.cache --with-fhs --enable-shared --enable-static --prefix=/usr --sysconfdir=/etc
Re: [Samba] Samba with Mysql, compilation problem.
Hello again, and sorry for the spam inconvenience! Well have just added these args to the configure script (i also have symlinked some of the most important mysql bins in /usr/local/bin): *--with-mysql-prefix=/usr/include/mysql/ --with-mysql-exec-prefix=/usr/local/bin/* and it now goes ahead... I will have to go work soon, so i will see if it has been compiling the whole thing including the mysql stuff tonight... Any idea are welcome :) Pierre (C)ollen wrote: hmm.. try ./configure --with-expsam=mysql --with-shared-modules=pdb_mysql mysql lib's in the: /usr/lib/mysql (symlink will do) mysql headers in the: /usr/include/mysql (symlink will do) you can compile the mysql_backend into samba so there isn't an external module ! your problem is that samba can't find the header files from mysql (.h) I think that the guy's from debian left the mysql backend out, coz' it's somewhat experimental, and lackes support.. never the less, it works, and we have it up and running for almost 2years now!! have fun Collen Blijenberg (MLHJ) MARTIN Pierre wrote: First i would like to say hello to everybody here, because i am new to this ML. So here is the description of my problem: I began with a clean samba installation from the stable branch few monthes ago, everything was just fine, i have a linux box which was sharing files for another linux workstation and two WinXP laptops. The sharing linux box is a debian stable branch O/S, which is my choice for a long time now. Few weeks ago, i decided to make my sparkling samba installation virtual-users aware, and i began to crawl on various websites, all explaining the smb.conf parametters to give. I figured out that i was just not able to make it run because of a main problem, the apt-get samba gave me a non mysql-powered-samba version :( So i removed the samba package from the computer, and dowloaded the debian source of it. Basic source, untared, and had a look to the debian/rule file. I saw there was any parametters given about mysql building, so i also had a look at the configure script's options. It always compiles the brand new warm .deb packages (after i fixed some lacky dependencies, i had to make a fake mysql-common package by myselve, because i already had mysql installed from sources and did not want to install the deb package, etc...). I'm now totally lost, i have try everything and i can't get this pdb_mysql.so plugin ready :( So maybe i have miss something, maybe there is another way to make it as i wish to be, maybe there is a simple way to indirectly link samba to mysql with pam (I don't know PAM rules at all, i neither don't know how it works). It has been 4 days i'm looking for a solution, mailing random people i find on websites, no answers from them. Please if somebody has any clue, let me know a link, a sound, a color, anything to find a way to make it work... Anything to make it work from the stable .deb packages appreciated too. Thank you a lot! Pierre. P.S.: Here is the current configure parametters i use extracted from my rule file: --cache-file=./config.cache --with-fhs --enable-shared --enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba --with-privatedir=/etc/samba --with-piddir=/var/run/samba --localstatedir=/var --with-netatalk --with-pam --with-syslog --with-utmp --with-readline --with-pam_smbpass --with-libsmbclient --with-winbind --with-msdfs --with-automount --with-tdbsam --with-ldap --with-python=python2.3 --with-mysql --enable-mysql --with-mysql-prefix=/usr/local/mysql --with-expsam=mysql -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] share connection dropped after 10 minutes
Hello everybody, I have to face a problem here with a samba share disconnecting after about 10 minutes. Situation: - debian woody, samba 3.0.14a - server configured as PDC - typically 100-150 smbd processes running everything runs smoothly but one client (W2K SP4) that obviously needs a quasi static connection to the PDC. The client runs a software that stores regularly data on a dedicated share called aekta. The software logs a warning that it lost the connection to the server every 12 minutes. A few seconds later, the connection is reestablished and the software writes it's data as planned. There is no loss of data, but the warning messages fills up the logs of the software. As the scientists using the software need to read the logs for other purposes, they are quite annoyed about these warnings. I also already tried to set deadtime = 60 to ensure a defines timeout, without success. Any suggestions? smb.conf (some share definitions cut): ; /etc/samba/smb.conf [global] workgroup = MPI log level = 5 security = user map to guest = Bad Password guest account = nobody admin users = root,administrator netbios name = tux server string = Samba Fileserver add machine script = /usr/sbin/useradd -c Machine account for %u to use tux's NT-services. -g machines -d /dev/null -s /bin/false %u dos charset = CP850 unix charset = CP850 socket options = TCP_NODELAY veto files = /quota.user/ encrypt passwords = true obey pam restrictions = yes passdb backend = tdbsam guest unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . null passwords = no os level = 65 preferred master = yes name resolve order = lmhosts hosts wins bcast domain master = yes domain logons = yes local master= yes wins support = yes preserve case = yes short preserve case = yes logon script = logon.bat logon path = \\%L\%U\.profiledata logon home = \\%L\%U logon drive = y: log file = /var/log/samba/log.%m max log size = 1000 syslog only = no [homes] comment = Home-directory writeable = yes create mask = 0600 directory mask = 2700 inherit permissions = yes map archive = yes browseable = yes [netlogon] comment = Windows-logon-scripts path = /home/logon-script writeable = no create mask = 0604 directory mask = 0755 browseable = yes invalid users = nobody [aekta] comment = aekta path = /groups/aekta create mask = 0664 directory mask = 2777 force directory mode = 0775 browseable = yes valid users = @microbio write list = ogrundma aekta ogunderm read only = yes posix locking = no oplocks = no strict locking = no relevant log entries: 2005/09/22 12:28:49, 3] smbd/process.c:switch_message(886) switch message SMBtrans2 (pid 6739) conn 0x836fd38 [2005/09/22 12:28:49, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/09/22 12:28:49, 3] smbd/trans2.c:call_trans2qfilepathinfo(2418) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2005/09/22 12:28:49, 5] smbd/filename.c:unix_convert(108) unix_convert called on file UNICORN/Server [2005/09/22 12:28:49, 3] smbd/trans2.c:call_trans2qfilepathinfo(2452) call_trans2qfilepathinfo UNICORN/Server (fnum = -1) level=1004 call=5 total_data=0 [2005/09/22 12:28:49, 5] smbd/trans2.c:call_trans2qfilepathinfo(2596) SMB_QFBI - create: Tue Aug 23 13:30:54 2005 access: Thu Sep 22 09:11:16 2005 write: Tue Aug 23 13:30:54 2005 change: Tue Aug 23 13:30:54 2005 mode: 10 [2005/09/22 12:28:53, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/09/22 12:28:53, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2005/09/22 12:28:53, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2005/09/22 12:28:53, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/09/22 12:28:53, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/09/22 12:28:53, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/09/22 12:28:53, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/09/22 12:28:53, 2] smbd/server.c:exit_server(609) Closing connections [2005/09/22 12:28:53, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/09/22 12:28:53, 5] auth/auth_util.c:debug_nt_user_token(485) NT user token: (NULL) [2005/09/22 12:28:53, 5] auth/auth_util.c:debug_unix_user_token(506) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2005/09/22 12:28:53, 5] smbd/uid.c:change_to_root_user(296) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/09/22 12:28:53, 1] smbd/service.c:close_cnum(830) gigas (194.95.7.119) closed connection to service aekta [2005/09/22 12:28:53, 3] smbd/connection.c:yield_connection(69)
Re: [Samba] Problem adding printer using MSRPC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Guruswamy Namasivayam (gnamasiv) wrote: Hi, When I try to add a printer using APW, the printer gets added successfully. However, when I try to add a printer using the MS_RPC addprinter command, the script fails with access denied. Please let me know if I am doing anything wrong. Thanks, Guru. The addprinter vbscript dim oMaster, oPrinter set oMaster = CreateObject(PrintMaster.PrintMaster.1) set oPrinter = CreateObject(Printer.Printer.1) oPrinter.ServerName = \\abc.xyz.com oPrinter.PrinterName = Apple oPrinter.DriverName = Apple LaserWriter 8500 oPrinter.PortName= Samba printer port oPrinter.shareName = Apple oPrinter.Location = odi-lab oMaster.PrinterAdd(oPrinter) You're probably going to have to look at a level 10 smbd debug log to see what is failing. What error code is being returned? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDMpKgIR7qMdg1EfYRAmf4AJ9hvYThW+pDtiM3ozo69Hh9qWppYwCfd/cE nXESiP7F/etHd90wTWSQp8o= =54IP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Username Case Sensitivity vs. Lower Casing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcel Ziswiler wrote: Thanks! I applied the winbindd_v1.patch and it at least partially fixed the problem: I can now log in again regardless of the casing of the entered username. I still get mixed casing on my home directory. gerald-carter login: gcarter Password: Creating directory '/home/GCarter'. Creating directory '/home/GCarter/.kde'. Creating directory '/home/GCarter/.kde/Autostart'. Creating directory '/home/GCarter/.xemacs'. Last login: Tue Aug 30 10:18:02 on :0 Any suggestions? Sorry Marcel, I've been really tied up in otherthings for the past several weeks. Any chance you could test the SAMBA_3_0_RELEASE branch $ svn co \ svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE \ samba-3.0.20a I think we have the case issues fixed. But I need confirmation. Also be careful is the system is running nscd. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDMpfCIR7qMdg1EfYRAvyqAKDSr+x355+WxVBo1y29H1EDuChUKgCeOqGn hLIl/PlCp0mG1uy2VY2zU94= =OFG1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] High CPU Time an Load Avarage on our Samba Server
Hello list, how could this happen? The Server doesn't respond from time to time with a high load avarage. We found a suspicious smbd process: top - 13:43:07 up 1 day, 2:27, 5 users, load average: 32.49, 58.41, 37.95 Tasks: 1196 total, 5 running, 1190 sleeping, 0 stopped, 1 zombie Cpu0 : 14.7% us, 3.8% sy, 0.0% ni, 79.8% id, 1.3% wa, 0.0% hi, 0.3% si Cpu1 : 1.3% us, 84.6% sy, 0.0% ni, 14.1% id, 0.0% wa, 0.0% hi, 0.0% si Cpu2 : 15.0% us, 6.4% sy, 0.0% ni, 76.7% id, 0.6% wa, 0.0% hi, 1.3% si Cpu3 : 10.9% us, 16.0% sy, 0.0% ni, 72.8% id, 0.0% wa, 0.0% hi, 0.3% si Mem: 6231672k total, 6105452k used, 126220k free,12944k buffers Swap: 8418016k total, 232k used, 8417784k free, 1636920k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ GROUPCOMMAND 19256 PREUSSAG 25 0 14804 8168 3520 R 99.9 0.1 116:00.06 PREUSSAG smbd This is a really big file server: agestt71:~ # ps -ef | grep smbd |wc -l 1014 here's an sar -A: 10:15:01 runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15 10:18:012 1262 2.17 2.16 1.82 10:21:011 1264 2.08 2.16 1.87 10:24:011 1269 2.09 2.18 1.93 10:27:011 1262 2.20 2.14 1.95 10:30:011 1262 2.01 2.15 1.99 10:33:011 1265 2.37 2.20 2.02 10:36:011 1264 2.33 2.26 2.08 10:39:011 1268 2.32 2.29 2.11 10:42:20 31 1289340.91128.06 48.26 10:45:011 1276 37.48 92.10 48.24 10:48:011 1283 4.44 51.58 40.18 10:51:010 1275 1.69 29.00 33.40 10:54:010 1272 1.42 16.54 27.77 10:57:011 1271 1.35 9.67 23.11 11:00:010 1269 1.50 5.94 19.28 11:03:011 1272 1.38 3.87 16.12 11:06:012 1267 1.29 2.70 13.50 11:09:29 79 1297190.52 83.20 41.67 11:12:010 1269 18.08 52.06 36.16 11:15:010 1274 2.36 29.17 30.05 11:18:011 1270 1.53 16.63 25.00 11:22:25 50 1296191.30 89.21 49.85 11:24:012 1293 41.52 65.89 45.36 11:24:01 runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15 11:28:02 141 1308129.16 68.58 48.71 11:30:011 1297115.12 98.49 63.00 11:33:010 1303 6.91 54.53 52.14 11:37:13 50 1302234.47136.50 83.73 11:39:011 1305 41.48 96.57 75.20 11:42:011 1307 5.10 54.24 62.47 11:45:013 1311 2.61 30.84 51.91 11:48:011 1309 2.31 17.92 43.16 11:51:012 1288 2.12 10.78 35.93 11:54:012 1273 2.35 7.01 30.02 11:57:011 1266 2.20 4.84 25.12 12:00:013 1272 2.46 3.72 21.10 12:03:011 1277 2.19 3.03 17.77 12:06:023 1279 2.45 2.72 15.04 12:09:021 1270 2.68 2.64 12.83 12:12:011 1256 2.12 2.40 10.94 12:15:014 1251 2.50 2.48 9.46 12:18:011 1251 2.09 2.28 8.15 12:21:011 1248 2.09 2.23 7.09 12:24:011 1253 2.48 2.31 6.26 12:27:011 1246 2.26 2.35 5.58 12:30:014 1249 2.49 2.36 5.00 12:33:11 173 1249190.71 79.53 33.47 12:33:11 runq-sz plist-sz ldavg-1 ldavg-5 ldavg-15 12:36:011 1253 16.15 51.05 30.60 12:39:011 1251 3.20 29.10 25.65 12:42:011 1254 2.36 16.97 21.53 12:45:011 1250 2.31 10.35 18.14 12:48:011 1253 2.41 6.84 15.40 12:51:011 1247 2.16 4.70 13.06 12:54:012 1250 2.28 3.63 11.16 12:57:011 1240 2.29 3.03 9.60 13:00:011 1238 2.34 2.70 8.31 13:03:011 1243 2.68 2.65 7.29 13:06:012 1240 2.23 2.47 6.40 13:09:011 1232 2.30 2.39 5.67 13:12:011 1237 2.63 2.50 5.13 13:15:012 1236 2.51 2.46 4.64 13:18:011 1244 2.35 2.47 4.26 13:21:011
[Samba] Problem with Samba share
Hi all, I got a problem with my Samba I added a new (well, ok old but new in this server, NTFS -) hdd to my server. I made a new partition with /sbin/mkfs.ext3 -m 0 -j /dev/hde1 and mounted it ( mount /dev/hde1 /mnt/hde1 ) Now I wanna share a folder on this new hdd (public) which is located /mnt/hde1/public. When I try to connect with the smb client (smbclient //jessica/public ) I get the following error: * Anonymous login successful Domain=[ARMBRUSTER] OS=[Unix] Server=[Samba 3.0.14a-2] tree connect failed: NT_STATUS_BAD_NETWORK_NAME* If I use another folder on the existing hdd (only changing the path in the smb.conf) it works well ... anyone got an idea? Thanks. br René -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] GFS bug hits Samba (was: locking.tdb: expand_file ftruncate to 8192 failed (Permission denied))
On Thu, Sep 22, 2005 at 10:15:08AM +0200, Axel Thimm wrote: On Wed, Sep 21, 2005 at 04:34:32PM -0700, Jeremy Allison wrote: Why are you putting the locking db on a GFS filesystem anyway. That's madness ! The reason is to have a poor-man's-clustered-samba by placing lock and private dir on a common share and have the relocated smbd/nmbd pairs access them. E.g. relocating within the cluster is effectively like restarting smbd/nmbd on a node. On Wed, Sep 21, 2005 at 04:37:32PM -0700, Jeremy Allison wrote: As I said, I bet GFS isn't POSIX complient. Don't put locking tdb's on anything but local filesystems. Well, GFS claims to be POSIX and local-like in any way. Maybe it is just a bug in GFS? It turns out that's exactly what it is: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169039 GFS is in fact a local fs. It is just local for several SAN nodes at the same time using dlm for coordinating locking. GFS can even be used as a non-clustered local fs, just like ext3, where the same bug hits it. I hope the bug gets fixed soon. Otherwise, does this hit more than locking.tdb? Thanks! -- Axel.Thimm at ATrpms.net pgp6EiyC7TYHu.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Question on Samba Service
Hi, For no particular reason, my Samba service didn't start yesterday, when I went to start it by going in the /usr/local/samba/sbin and then typing SMBD I got an error permission denied and something about the port 139 (sorry I don't have the whole error message) No changes were made on the box. I started looking over the web and I found an something out something to help me out on this issue. This is what I found Now, if you wish to use inetd to start the Samba daemons, enter suitable lines in the file /etc/inetd.conf, such as the following: netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat After editing the files, type refresh -s inetd. Now my question is : Why commenting that out made from the Indetd.conf works. In other case why did I had to go trough this to start the samba service, is the samba sercie suppose to start automatically ? Thanks for all your help Eddy Notice: This transmission is for the sole use of the intended recipient(s) and may contain information that is confidential and/or privileged. If you are not the intended recipient, please delete this transmission and any attachments and notify the sender by return email immediately. Any unauthorized review, use, disclosure or distribution is prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Big problem with roaming profiles
Hello everyone!
I'm facing a big problem with the samba server I just set up:
System: FreeBSD 5.4
Samba ver: 3.0.20 (previuosly 3.0.12)
Client(s): Windows XP Professional
I configured the server to make use of roaming profiles. I was able to copy
local profiles to the server, to login and voila - got my desktop. Also after
creating a new user, the new profile gets copied to the server, synchronized
and reloaded after next login.
So far so good.
But when I delete the local copy of the profile (deleting the entire user.dom
directory) it doesn't get copied back from the server. Instead Windows waits
für about 10 minutes until I get a new desktop from some default profile, where
I can't change most settings. No update to the server occurs after logout.
The same happens when I try to login from a different client. No profile gets
loaded.
The log reveals no problems or errors.
I'm pretty clueless now, since I've read many, many documentations and sample
configurations.
Below is my smb.conf:
[global]
display charset = ISO-8859-15
dos charset = 850
unix charset = ISO-8859-15
enable privileges = yes
socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY
map to guest = Bad User
# smb passwd file = /etc/samba/smbpasswd
time server = Yes
encrypt passwords = yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}
allow hosts = 128.176.52.0/255.255.255.128 192.168.0.0/24
unix extensions = Yes
netbios name = PDC
server string = Samba Domain Controller
printing = CUPS
path = /var/spool/samba
workgroup = IZKF4
os level = 65
domain master = yes
preferred master = yes
local master = yes
wins support = yes
printcap name = CUPS
cups options = raw
use client driver = no
security = user
domain logons = yes
logon script = STARTUP.CMD
logon path = \\%L\profiles\%U
logon drive = P:
hide unreadable = yes
hide dot files = yes
log level = 2
log file = /var/log/samba/log.%m
ldap passwd sync = Yes
passdb backend = ldapsam:ldap://127.0.0.1/
; SAMBA-LDAP declarations
passdb backend = ldapsam:ldap://127.0.0.1/
# ldap filter = ((objectclass=sambaSamAccount)(uid=%u))
ldap admin dn = cn=Manager,dc=mydomain,dc=com
ldap suffix = dc=mydomain,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
# ldap ssl = start_tls
add machine script = /usr/local/sbin/smbldap-useradd -w %u
add user script = /usr/local/sbin/smbldap-useradd -m %u
ldap delete dn = Yes
delete user script = /usr/local/sbin/smbldap-userdel %u
add group script = /usr/local/sbin/smbldap-groupadd -p %g
delete group script = /usr/local/sbin/smbldap-groupdel %g
add user to group script = /usr/local/sbin/smbldap-groupmod -m %u
%g
delete user from group script = /usr/local/sbin/smbldap-groupmod -x
%u %g
set primary group script = /usr/local/sbin/smbldap-usermod -g %g
%u
[W]
comment = Data
browsable = yes
path = /data/drivew
create mask = 0664
directory mask = 0775
public = no
writable = yes
printable = no
write list = @users
[netlogon]
path = /data/netlogon
public = no
writeable = no
browseable = no
[profiles]
path=/data/ntprofiles
browseable = no
writeable = yes
guest ok = Yes
profile acls = Yes
csc policy = disable
force user = %U
# hide files = /desktop.ini/ntuser.ini/NTUSER.*/
# write list = %U @Domain Admins
valid users = %U @Domain Admins
create mask = 0600
directory mask = 0700
# default case = lower
preserve case = Yes
case sensitive = no
[homes]
comment = Home Directories
valid users = %S
browseable = No
read only = No
create mask = 0640
directory mask = 0750
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
create mask = 0600
browseable = No
public = yes
writable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
write list = root,@Domain Admins
force group = Domain Admins
create mask = 0664
directory mask = 0775
[hplj1300]
comment = HP Laserjet 1300
printable = yes
path = /var/spool/hplaserjet1300
public = no
guest ok = no
printer admin = Domain Admins
Additionally I applied the following patch to the XP-Clients:
###
; Windows XP Professional
; enable windows logon to samba server as domain controller (pdc) with roaming
profile
; disable secure channel
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
requiresignorseal=dword:
signsecurechannel=dword:
;
[Samba] ACLs with Problem
Hi All, I am with problem with the permissions of windows. The samba is not getting the ACLs permissions. I compiled version 3.0.20, with the following options: ./configure \ --prefix=/usr/local/samba \ --localstatedir=/var \ --with-configdir=/etc/samba \ --with-privatedir=/etc/samba \ --with-fhs \ --with-quotas \ --with-smbmount \ --enable-cups \ --with-pam \ --with-pam_smbpass \ --with-syslog \ --with-utmp \ --with-sambabook=/usr/local/samba/share/swat/using_samba \ --with-swatdir=/usr/local/samba/share/swat \ --with-shared-modules=idmap_rid \ --with-libsmbclient \ --with-acl-support \ --with-winbind \ --with-ads \ --with-krb5=/usr/kerberos Below mine smb.conf: [global] workgroup = ECPNET netbios name = PINHEIROS_BETA # unix charset = iso8859-1 display charset = cp850 realm = ECP.ORG.BR server string = Samba Server security = ADS auth methods = winbind client schannel = No password server = * passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n * passwd:*all*authentication*tokens*updated*successfully* #username map = /usr/local/samba/etc/smbusers password level = 8 username level = 8 log file = /var/log/samba/%m.log log level = 3 auth:3 winbind:3 max log size = 50 nt acl support = Yes domain admin group = admins acl compatibility = win2k acl map full control = yes acl check permissions = no acl group control = yes inherit acls = Yes profile acls = Yes map acl inherit = Yes name resolve order = host wins bcast server signing = auto client use spnego = Yes socket options = TCP_NODELAY SO_RCVBUF=131072 SO_SNDBUF=131072 addprinter command = addprinter deleteprinter command = delprinter add machine script = /usr/sbin/useradd -d /dev/null -g 504 -c local master = No dns proxy = No wins server = 10.0.0.5, 10.0.0.4 ldap ssl = no add share command = /usr/local/samba/share/modify_samba_config.pl change share command = /usr/local/samba/share/modify_samba_config.pl delete share command = /usr/local/samba/share/modify_samba_config.pl idmap uid = 1-2 idmap gid = 1-2 template homedir = /data/users/%U template shell = /bin/ksh winbind use default domain = Yes admin users = corniani, administrator, henrique read only = No force unknown acl user = Yes guest ok = Yes [Teste1] comment = Teste de ACL Linux path = /data/teste browseable = Yes admin users = ECPNET\henrique read only = No With this configuration the users of the PDC (windows 2003) are authenticantion way telnet without problem. However, the ACL do not function. They see the exit with command getfacl teste.txt: [EMAIL PROTECTED] teste]# getfacl teste.txt # file: teste.txt # owner: root # group: Domain Users user::rwx user:henrique:rw- group::r-- mask::rw- other::r-- The user henrique appears in linux, but he does not appear in windows. When I try to add permissions through windows appears a message of denied access. Somebody can help me Luís Henrique Departamento de Tecnologia Esporte Clube Pinheiros Tel: 55 11 3817 3071 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] permissions problem
Hi, i have a samba server with a share, in that share there is a folder called, for example 'users' and then sub folders with permissions 750 for each. With this i can handle de access to the folder by group. Let me put more clear: x:\ - - - - users \ - -john ---paul ---production The problem is this: even that user paul or anyone of his group can't access to john folder, he can delete de folder john. Is there a way to prevent this?, i mean, to prohibit anyone exept john and his members group to delete that folder¿? Thanks.- MMo-.- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question on Samba Service
Samba can either be started as a service in inetd or started by the run-level init process. On my debian system, you can manually start stop Samba by typing /etc/init.d/samba [start | stop | restart]. On non-Debian systems the path to the samba command script may vary. The script should be used when manually doing things with samba as it gets the order for starting and stopping daemons correct. You can also use swat if you have it enabled. If Samba is started in inetd, you need the lines you mentioned. Otherwise, run something like the KDE System V Init editor and add Samba to start and stop at the appropriate run levels. The permission denied error is probably because you were not logged in as root. Try using the su command first! Edouard Ades wrote: Hi, For no particular reason, my Samba service didn't start yesterday, when I went to start it by going in the /usr/local/samba/sbin and then typing SMBD I got an error permission denied and something about the port 139 (sorry I don't have the whole error message) No changes were made on the box. I started looking over the web and I found an something out something to help me out on this issue. This is what I found Now, if you wish to use inetd to start the Samba daemons, enter suitable lines in the file /etc/inetd.conf, such as the following: netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat After editing the files, type refresh -s inetd. Now my question is : Why commenting that out made from the Indetd.conf works. In other case why did I had to go trough this to start the samba service, is the samba sercie suppose to start automatically ? Thanks for all your help Eddy Notice: This transmission is for the sole use of the intended recipient(s) and may contain information that is confidential and/or privileged. If you are not the intended recipient, please delete this transmission and any attachments and notify the sender by return email immediately. Any unauthorized review, use, disclosure or distribution is prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc vampire / Question or Problem?
There're Groups like 'Domänen Benutzer' or 'Domänen Admins' nope, no problem we migrated successfully from German NT PDC to samba -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net rpc vampire / Question or Problem?
how big is your domain? here're over 4000 users and 2000 groups... Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] rg [mailto:samba-bounces+dirk.laurenz=fujitsu--| [EMAIL PROTECTED] On Behalf Of Michael Gasch -| Sent: Thursday, September 22, 2005 5:04 PM -| Cc: samba@lists.samba.org -| Subject: Re: [Samba] net rpc vampire / Question or Problem? -| -| There're Groups like 'Domänen Benutzer' or 'Domänen Admins' -| nope, no problem -| we migrated successfully from German NT PDC to samba -| -| -| -- -| Michael Gasch -| Max Planck Institute for Evolutionary Anthropology -| Department of Human Evolution (IT) -| Deutscher Platz 6 -| D-04103 Leipzig -| Germany -| -| Phone: 49 (0)341 - 3550 137 -| -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: https://lists.samba.org/mailman/listinfo/samba -| -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] documentation for idmap backend = ad ?
I have been searching all day for documentation on the new idmap backend = ad feature. Where is it documented? I want shell and home dir templates from SFU as well as uid/gid. I have seen some examples in mailing lists for shell and home dir templates, but none seem to have acceptable syntax. Has this been implemented, and if so... what is the correct syntax to get it? I have installed samba from the fedora core 4 develop repository, but it doesn't seem to have the ad module. I guess that means I have to compile it myself. -- birger -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: locking.tdb: expand_file ftruncate to 8192 failed (Permission denied)
On Thu, Sep 22, 2005 at 10:15:08AM +0200, Axel Thimm wrote: On Wed, Sep 21, 2005 at 04:34:32PM -0700, Jeremy Allison wrote: On Thu, Sep 22, 2005 at 01:01:45AM +0200, Axel Thimm wrote: Should I generate a more verbose debug log (what log level settings?) and place it somewhere on the net? I wonder how I'm triggering that code path, it certainly isn't seen by the typical RHEL4 installs. The lock directory is set to reside on a GFS filesystem, could that make a difference (shouldn't as it is supposed to be POSIX compliant local-fs-like filesystem)? Oh almost certainly that's the problem. Did you test my test program on a GFS filesystem ? Doesn't GFS use crypto credentials to prevent people hijacking root ? If that's the case I bet they break POSIX semantics w.r.t. this. Why are you putting the locking db on a GFS filesystem anyway. That's madness ! The reason is to have a poor-man's-clustered-samba by placing lock and private dir on a common share and have the relocated smbd/nmbd pairs access them. E.g. relocating within the cluster is effectively like restarting smbd/nmbd on a node. That's never going to work (at least with acceptable speed). Talk to Volker for details... (gdb) run testfile thimm Starting program: /srv/physik.fu-berlin.de/data/samba-test/a.out testfile thimm Program received signal SIGSEGV, Segmentation fault. 0x003e18a6fb00 in strlen () from /lib64/tls/libc.so.6 (gdb) bt #0 0x003e18a6fb00 in strlen () from /lib64/tls/libc.so.6 #1 0x003e18a428dc in vfprintf () from /lib64/tls/libc.so.6 #2 0x003e18a3f299 in buffered_vfprintf () from /lib64/tls/libc.so.6 #3 0x003e18a3f479 in vfprintf () from /lib64/tls/libc.so.6 #4 0x003e18a47d96 in fprintf () from /lib64/tls/libc.so.6 #5 0x00400b2b in main (argc=3, argv=0x7fb8a8) at test.c:55 Very strange - that's this line : fprintf(stderr, failed to extend file %s - error %s\n, argv[1], strerror(errno) ); I wonder if strerror is returning NULL ? As I said, I bet GFS isn't POSIX complient. Don't put locking tdb's on anything but local filesystems. Well, GFS claims to be POSIX and local-like in any way. Maybe it is just a bug in GFS? Does POSIX ensure that you can open an fd under some user and not lose access right to the fd when dropping priviledges? Yes. That's why we wrote it this way. It's a bug in GFS. Open it with RedHat. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getent
I am able to view groups after joining the domain but not users using getent passwd and getent group. Anyone else seen this? -- Jason Gerfen My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP Pro password change problem
Further to my e-mails below: I am running Samba 3.0.14a-Debian. My garydale account owns all the directories I am sharing. The group is set to users for all of them also. All of the user's linux accounts are members of the Linux users group. However, I suspect the root of the problem is to be found in my inability to change passwords through XP Pro. Further to my e-mail below: I just tried to change some share permissions from an XP Pro workstation by right-clicking on the share | properties | security. The security window shows me the existing permissions which seem correct. Because it takes a second to translate the SIDs into names, I can also see that the SID is the same as reported below from pdbedit. However, even though I have write access to the share (yes, I can write to it), the permissions all show empty (unchecked). Nor can I change them. I can change the boxes when I click apply, they revert to the old values. I note that when I click on the Add button then the advanced button I can get a full listing of the groups from Samba. Clearly my XP Pro workstation is talking to Samba, but I can't get it to change my password or recognize my right to change file permissions. Surely someone must have a clue as to how I can track down the cause of this problem? -- I've set up NT domains from scratch and things work. However, in this case I vampired the old settings over to my new Samba PDC from a W2K server which I then removed from the network. Everything almost works, except ... The main thing is that I can't seem to change the domain passwords from the XP Pro workstations. Normally you do Ctrl-Alt-Del and select change password, then fill in the blanks, hit enter and the password gets changed. However, when I try, I get a long wait - about 5 minutes - then the system cannot change your password now because the domain RAHIM-DALE is unavailable (where RAHIM-DALE is my domain name). This happens on whatever XP Pro workstation I try. I've even tried removing a domain account and recreating it, but the same thing happens. If I change the passwords through SWAT, XP sees the new passwords and stops bugging me to change them. I looked at the tdb entries using the pdbedit program and can't see anything wrong. The home directories get mapped properly. However, only my account, which is in the Domain Admins group, seems to be able to write to the shares! Another oddity is that I can't seem to copy a file larger than 2G to the server. Any ideas anyone? BTW: the server is running plain vanilla Debian 3.1 (Sarge) with ReiserFS. Here's a pdbedit -Lv of my account: Unix username:garydale NT username: Account Flags:[U ] User SID: S-1-5-21-1715567821-789336058-854245398-3000 Primary Group SID:S-1-5-21-1715567821-789336058-854245398-3001 Full Name:Gary Dale Home Directory: \\semper\garydale HomeDir Drive:M: Logon Script: scripts\logon.bat Profile Path: \\semper\Profiles\garydale Domain: RAHIM-DALE Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Mon, 18 Jan 2038 22:14:07 GMT Kickoff time: Mon, 18 Jan 2038 22:14:07 GMT Password last set:Sun, 14 Aug 2005 22:44:09 GMT Password can change: Mon, 15 Aug 2005 22:44:09 GMT Password must change: Mon, 26 Sep 2005 21:31:41 GMT Last bad password : 0 Bad password count : 0 Logon hours : FF Here's my smb.conf: Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2005/09/14 21:34:51 # Global parameters [global] workgroup = RAHIM-DALE server string = %h PDC (Samba %v) passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . unix password sync = Yes syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 printcap name = cups add user script = /usr/sbin/useradd -g samba -c %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G `/usr/bin/id -G %g %u add machine script = /usr/sbin/useradd -g machines -c Machine -d /dev/null -s /bin/false %u logon script = scripts\logon.bat logon path = \\%L\Profiles\%U logon drive = M: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 invalid users = root admin users = garydale, root hosts allow = 192.168.2. printing = cups print command = lpq command = %p lprm command = [netlogon] comment = Logon Server Share path =
[Samba] Re: locking.tdb: expand_file ftruncate to 8192 failed (Permission denied)
On Thu, Sep 22, 2005 at 08:19:18AM -0700, Jeremy Allison wrote: On Thu, Sep 22, 2005 at 10:15:08AM +0200, Axel Thimm wrote: On Wed, Sep 21, 2005 at 04:34:32PM -0700, Jeremy Allison wrote: Why are you putting the locking db on a GFS filesystem anyway. That's madness ! The reason is to have a poor-man's-clustered-samba by placing lock and private dir on a common share and have the relocated smbd/nmbd pairs access them. E.g. relocating within the cluster is effectively like restarting smbd/nmbd on a node. That's never going to work (at least with acceptable speed). Talk to Volker for details... We found the speed is very acceptable, its is faster than NFS relocation and counts a couple of seconds, no more than a simple non-clustered samba restart. But it also isn't as transparent as we would wish it to be, as a TCP RST doesn't have the cifs client retry as NFS does, which fortunately is sometimes masked away in higher application levels like Office saving dialogs, but still breaks a simple copy operation. Anyway it does serve its purpose quite well, if it were not for the mentioned bug in GFS. We now have several instances of smdb/nmbd pairs freely floating within the cluster. As I said, I bet GFS isn't POSIX complient. Don't put locking tdb's on anything but local filesystems. Well, GFS claims to be POSIX and local-like in any way. Maybe it is just a bug in GFS? Does POSIX ensure that you can open an fd under some user and not lose access right to the fd when dropping priviledges? Yes. That's why we wrote it this way. It's a bug in GFS. Open it with RedHat. Already done so, the bugzilla link was in my previous mail :) Thanks for the test case, it helped cornering the GFS bug. -- Axel.Thimm at ATrpms.net pgpXJCVNZmodP.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] auth problem
Okay, I'll keep asking questions, until I word one in a way that someone will answer. :) i'm trying to get Samba setup. I've done this before, and it has never given me this much trouble. In short, it seems to be insisting that the user be in smbpasswd (I've not experienced this before). If the user is in smbpasswd, all seems well. If not, even though they exist on the server (via ldap + kerberos), I get a user not found error. On the last set of servers I did this on, even ones who authenticate via ldap, I never did anything special to samba to get it to work. But I've not been so lucky this time. The setup: Server: IBM AIX 5.2 Samba 3.0.14a Authentication: LDAP Security: Kerberos The user entry in /etc/security/user: user name SYSTEM = KRB5files smb.conf (in a simple form) [global] workgroup = WIN log level = 5 auth log file = /var/log/samba/%m.log username map = /usr/local/samba/lib/smbusers [Homes] comment = User home directories guest ok = no read only = No I need the username map because the user names do not match between the windows clients the samba server. So I need to map the translation. When I try to access the system, I get an unknown user error. The ONLY thing I need samba to do is provide shares (not shown above) to windows users. Nothing else. If, I add a user to samba with smbpasswd . then the users can access the shares. If not, they can't. I also, in the past have not had a server prompt me for passwords to access shares. I'm missing something really obvious. I'd really appreciate some assistance on this one. thanks in advance! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba with Mysql, compilation problem. (Additionnal information)
MARTIN Pierre wrote: Hey people, i just had a compilation error! I'm pretty happy because it means that i am doing something wrong. It seems that the compiler doesn't find mysql.h include header file. The point is that i have all these includes files in this folder: /usr/local/mysql/include/mysql/ try: CFLAGS=$CFLAGS -I/usr/local/mysql/include/ LDFLAGS=$LDFLAGS -L/usr/local/mysql/lib ./configure --foo --bar not sure if you have to add the last /mysql/ part also, just try it ;) hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password History with Ldap
I am trying to turn on password history using an ldap backend. I can see the sambaPasswordHistory entry set to all 0s in Ldap. I tried to turn on password history with pdbedit -P password history -C 3 and get back that it was set: [root]# pdbedit -P password history account policy value for password history is 3 However, when I try to reset a user password it doesn't store the history in sambaPasswordHistory. What am I missing here? I have tried to reset the password from the windows side and the unix side via smbpasswd. The password reset works but no history. Thanks, Darryl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: ACLs with Problem
Luis Henrique de Faria Guimarães wrote: With this configuration the users of the PDC (windows 2003) are authenticantion way telnet without problem. However, the ACL do not function. They see the exit with command getfacl teste.txt: [EMAIL PROTECTED] teste]# getfacl teste.txt # file: teste.txt # owner: root # group: Domain Users user::rwx user:henrique:rw- group::r-- mask::rw- other::r-- Can you please describe what you expected to see here and why? The user henrique appears in linux, but he does not appear in windows. Then I'd say he's a linux user and not from AD via winbind right? When I try to add permissions through windows appears a message of denied access. If that is a correct result largely depends which user is logged in to the windows workstation. It would be helpful if you set samba to a moderate debug level, and provide the relevant logs generated when the desired operation(s) fail. hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] vfs module problem with new samba version
hi, I was using vfs modules in my 3.0.4 samba version I go to the new 3.0.20 today and now vfs modules doesn't work anymore: is this ok ? vfs object = vscan-clamav, default_quota, recycle recycle: config-file = /etc/samba/samba-recycle.conf vscan-clamav: config-file = /etc/samba/vscan-clamav.conf testparm says : Processing section [homes] Unknown parameter encountered: recycle: config-file Ignoring unknown parameter recycle: config-file Unknown parameter encountered: vscan-clamav: config-file Ignoring unknown parameter vscan-clamav: config-file thanks for help -- Xavier mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACLs with Problem
On Thu, 2005-09-22 at 11:43 -0300, Luis Henrique de Faria Guimarães wrote: Hi All, I am with problem with the permissions of windows. The samba is not getting the ACLs permissions. I compiled version 3.0.20, with the following options: [...] Well the first thin we need to know, is the filesystem that you are sharing via samba mounted with the acl option in the /etc/fstab? Here is what mine looks like and I get the ACLs just fine: /dev/datavg/examplelv /lf/db ext3 rw,suid,nodev,exec,auto,nouser,async,acl,errors=remount-ro 1 1 I guess, I could have done defaults,acl,nodev and be-equivalent... but hey I guess I am a bit retentive. # file: teste.txt # owner: root # group: Domain Users user::rwx user:henrique:rw- group::r-- mask::rw- other::r-- The user henrique appears in linux, but he does not appear in windows. When I try to add permissions through windows appears a message of denied access. Somebody can help me Well, as long as you have the filesystem mounted (assuming it is ext3 with acl support compiled in) with the ACLs turned on... then things should work. -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba with Mysql, compilation problem. (Additionnal information)
Hi, Thank you for the help. I have managed to make the ./configure and compilation end with no errors, with the help of Collen who told me to make few symlinks of mysql and some little adds in the configure script. Now i am trying to get the mysql module to work with samba, and i still get the stupid message like No builtin mysql plugin or something. I also have try to locate anything named pdb_mysql but there is nothing, so maybe it has been compiled with samba like Collen said! I'm not sure of what to do now, so any help will be greatly appreciated. Thank you all, Pierre paul kölle wrote: MARTIN Pierre wrote: Hey people, i just had a compilation error! I'm pretty happy because it means that i am doing something wrong. It seems that the compiler doesn't find mysql.h include header file. The point is that i have all these includes files in this folder: /usr/local/mysql/include/mysql/ try: CFLAGS=$CFLAGS -I/usr/local/mysql/include/ LDFLAGS=$LDFLAGS -L/usr/local/mysql/lib ./configure --foo --bar not sure if you have to add the last /mysql/ part also, just try it ;) hth Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authentication for user FAILED with error NT_STATUS_NO_SUCH_USER
On 9/21/2005 2:29 PM, Sérgio A P Ferreira wrote: Sep 21 14:59:15 zeus slapd[2123]: conn=18 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= check your LDAP ACLs ... most frequent problem for LDAP apps by far -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vfs module problem with new samba version
On Thu, Sep 22, 2005 at 06:16:44PM +0200, Xavier wrote: hi, I was using vfs modules in my 3.0.4 samba version I go to the new 3.0.20 today and now vfs modules doesn't work anymore: is this ok ? You need new modules to match your Samba version. The module interface can change between Samba versions (and definately has between 3.0.4 and 3.0.20). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP howto
Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems? I probably don't need it for my home network, but I'd like to learn how to do it anyway. My previous attempts to get it working have failed. :( -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP howto
The samba how-to's a good place to start, however... if you're just looking to learn and understand things better, then I'd suggest a read-through on the OpenLDAP.org site as well. Hate to puch you away with a 'RTFM' reply... but it is kinda what you were asking for. On Thursday 22 September 2005 14:16, Gary Dale wrote: Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems? I probably don't need it for my home network, but I'd like to learn how to do it anyway. My previous attempts to get it working have failed. :( -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vfs module problem with new samba version
Jeremy Allison a écrit : On Thu, Sep 22, 2005 at 06:16:44PM +0200, Xavier wrote: hi, I was using vfs modules in my 3.0.4 samba version I go to the new 3.0.20 today and now vfs modules doesn't work anymore: is this ok ? You need new modules to match your Samba version. The module interface can change between Samba versions (and definately has between 3.0.4 and 3.0.20). Jeremy. The modules have been updated when i compiled the new samba version. so, recycle.so is 3.0.20 version ?? seems strange Xavier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth problem
On Thu, 2005-09-22 at 09:43 -0600, Ric Tibbetts wrote: Okay, I'll keep asking questions, until I word one in a way that someone will answer. :) i'm trying to get Samba setup. I've done this before, and it has never given me this much trouble. In short, it seems to be insisting that the user be in smbpasswd (I've not experienced this before). If the user is in smbpasswd, all seems well. If not, even though they exist on the server (via ldap + kerberos), I get a user not found error. On the last set of servers I did this on, even ones who authenticate via ldap, I never did anything special to samba to get it to work. But I've not been so lucky this time. The setup: Server: IBM AIX 5.2 Samba 3.0.14a Authentication: LDAP Security: Kerberos The user entry in /etc/security/user: user name SYSTEM = KRB5files smb.conf (in a simple form) [global] workgroup = WIN log level = 5 auth log file = /var/log/samba/%m.log username map = /usr/local/samba/lib/smbusers [Homes] comment = User home directories guest ok = no read only = No I need the username map because the user names do not match between the windows clients the samba server. So I need to map the translation. When I try to access the system, I get an unknown user error. The ONLY thing I need samba to do is provide shares (not shown above) to windows users. Nothing else. If, I add a user to samba with smbpasswd . then the users can access the shares. If not, they can't. I also, in the past have not had a server prompt me for passwords to access shares. I'm missing something really obvious. I'd really appreciate some assistance on this one. There is a terribly good howto: http://www.idealx.org/prj/samba/smbldap-howto.en.html -- greg, [EMAIL PROTECTED] The technology that is Stronger, Better, Faster: Linux Use Debian GNU/Linux, its a bazaar thing. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] get quota command
I found the answer to my own question in a round about sort of way..
My NFS server is Solaris w/UFS - thus no group quota support. It
seems when samba queries for user quotas and group quotas, it gets
unhappy when no group quota is returned, so the quotas are thrown
out and the windows boxes see the entire volume's free, used and
capacity. To fix this I set the two options in my conf file:
vfs objects = default_quota:quotasettings
quotasettings: gid = 65534
Rick Brown wrote:
I've discovered that if I make a share from a local filesystem,
the PC's mounting the share see their quota (hard limit, not
soft which is another matter) as their capacity and their
appropriate free space... this is good.
I found in the source that the hard limit is used instead of the
soft limit if the user is over quota.
When I share ouf the NFS mounted volume, the PC's see the entire
volume size and free space. Not so good. Okay fine, so I
wrote a little cheesy script to run run quota and report back and
defined it as get quota command = myscript in smb.conf.
This works great... mostly.I wasn't seeing the values I
expected to see, so I started dumping the arguments samba was
passing to my scipt. I expected 3 fields: Path, type of query, and
user/group ID.something like:
. 1 32849 (user quota)
. 3 1178(group quota)
instead, I'm seeing samba pass:
. 2 32849 (default user quota)
. 4 1178(default group quota)
Why is samba asking for the default user and group quotas instead of
the actual user and group quotas? From the documentation I would
have expected that if field 2 was a 2 or 4, then the uid/gid would be
-1. How can I make samba request the actual user and group's quota
instead of the defaults?
And since I didn't easily find any examples of a get quota command
I'll share my super-cheesy script which totally ignores the values
passed to it by samba. It's not pretty, but it works.
#!/bin/ksh
PATH=/usr/bin:/usr/sbin:/bin
IAM=`id -un`
# find the user's home file system.
DIR=`ypmatch $IAM passwd | awk -F: '{print $6}' | cut -f 2 -d /`
#check and see if they're over quota, as it will affect output
OVER=`quota -F rpc -v $IAM | grep $DIR | wc -w`
#OVER=`quota -f rpc -v $IAM | grep $DIR | egrep -i expired|days
#if [ $? -ne 0]; then
# over quota
if [ $OVER -gt 7 ]; then
RET=`quota -v $IAM | grep ${DIR} | awk -F '{print 2 $2
$3 $4 $7 $8 $9}'`
else
# not over quota
RET=`quota -v $IAM | grep ${DIR} | awk -F '{print 2 $2
$3 $4 $5 $6 $7}'`
fi
# linux quota puts a * after the used blocks if the user is over quota
STRIPPED=`echo $RET | sed 's/*/ /g'`
echo $STRIPPED
--
[ Rick Brown ][ (404) 894-6175 ]
[ Office of Information Technology ][[EMAIL PROTECTED] ]
[ Georgia Institute of Technology ][ 258 4th street. Atlanta, GA ]
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP howto
Not really. I've been to the various Samba-LDAP howtos and there is a lot of outdated or irrelevant information in them. Too many sites seem to think that you need to know how to compile the sources while others don't recognize that we're not running Redhat 9.x. I've yet to find one that says these are the packages you need and here's how they interact with one another. Everyone I've found seems to assume that you're running the same system the same way they are. I've been through the Samba 3 book from cover to cover - try doing that without ample doses of caffeine! - but there seems to be important details missing. There is no howto that really takes you through the various steps of setting up Samba and LDAP together and get them talking, at least as far as I've found, and at least for Debian. My last attempt failed, as I recall, because LDAP seemed to asking for an encrypted connection. Nathan Vidican wrote: The samba how-to's a good place to start, however... if you're just looking to learn and understand things better, then I'd suggest a read-through on the OpenLDAP.org site as well. Hate to puch you away with a 'RTFM' reply... but it is kinda what you were asking for. On Thursday 22 September 2005 14:16, Gary Dale wrote: Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems? I probably don't need it for my home network, but I'd like to learn how to do it anyway. My previous attempts to get it working have failed. :( -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth problem
There is a terribly good howto: http://www.idealx.org/prj/samba/smbldap-howto.en.html Thank you! That helped, I'm closer. I left out one line from my smb.conf I found it from digging through that how-to. password server = LDAP server With that in, it now picks up the users from LDAP, which is exactly what I was after! Now I just need to work out a performance issue. getting the IDs from LDAP is SLOW It works, just as I wanted it to. It's just slow. -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with Mysql, compilation problem.
Hello everybody, For those who have followed the mysql plugin compilation problem, here are some new information: I have tryed everything to make it work from the debian sources, not successfully. So i have downloaded the TGZ sources from samba.org (version is 3.0.20). I have started the basic ./configure script with params --with-expsam=xml,mysql --with-mysql-prefix=/usr/include/mysql/ It worked so i started to make the compilation. It also have compiled successfully. But as usual with the debian source version, it did not compile any pdb_mysql.so. The only thing i get is a mysql.so lib, but it cant be loaded as a plugin... Any idea is really welcome, since i begin to lose the faith :) Bye bye and thank you all! Pierre P.S.: Here is the end of the compilation process: Compiling modules/vfs_recycle.c with -fPIC Building plugin bin/recycle.so Compiling modules/vfs_audit.c with -fPIC Building plugin bin/audit.so Compiling modules/vfs_extd_audit.c with -fPIC Building plugin bin/extd_audit.so Compiling modules/vfs_full_audit.c with -fPIC Building plugin bin/full_audit.so Compiling modules/vfs_netatalk.c with -fPIC Building plugin bin/netatalk.so Compiling modules/vfs_fake_perms.c with -fPIC Building plugin bin/fake_perms.so Compiling modules/vfs_default_quota.c with -fPIC Building plugin bin/default_quota.so Compiling modules/vfs_readonly.c with -fPIC Compiling modules/getdate.c with -fPIC Building plugin bin/readonly.so Compiling modules/vfs_cap.c with -fPIC Building plugin bin/cap.so Compiling modules/vfs_expand_msdfs.c with -fPIC Building plugin bin/expand_msdfs.so Compiling modules/vfs_shadow_copy.c with -fPIC Building plugin bin/shadow_copy.so Compiling passdb/pdb_xml.c with -fPIC Building plugin bin/xml.so Compiling passdb/pdb_mysql.c with -fPIC Building plugin bin/mysql.so Compiling modules/CP850.c with -fPIC Building plugin bin/CP850.so Compiling modules/CP437.c with -fPIC Building plugin bin/CP437.so (C)ollen wrote: hmm.. try ./configure --with-expsam=mysql --with-shared-modules=pdb_mysql mysql lib's in the: /usr/lib/mysql (symlink will do) mysql headers in the: /usr/include/mysql (symlink will do) you can compile the mysql_backend into samba so there isn't an external module ! your problem is that samba can't find the header files from mysql (.h) I think that the guy's from debian left the mysql backend out, coz' it's somewhat experimental, and lackes support.. never the less, it works, and we have it up and running for almost 2years now!! have fun Collen Blijenberg (MLHJ) MARTIN Pierre wrote: First i would like to say hello to everybody here, because i am new to this ML. So here is the description of my problem: I began with a clean samba installation from the stable branch few monthes ago, everything was just fine, i have a linux box which was sharing files for another linux workstation and two WinXP laptops. The sharing linux box is a debian stable branch O/S, which is my choice for a long time now. Few weeks ago, i decided to make my sparkling samba installation virtual-users aware, and i began to crawl on various websites, all explaining the smb.conf parametters to give. I figured out that i was just not able to make it run because of a main problem, the apt-get samba gave me a non mysql-powered-samba version :( So i removed the samba package from the computer, and dowloaded the debian source of it. Basic source, untared, and had a look to the debian/rule file. I saw there was any parametters given about mysql building, so i also had a look at the configure script's options. It always compiles the brand new warm .deb packages (after i fixed some lacky dependencies, i had to make a fake mysql-common package by myselve, because i already had mysql installed from sources and did not want to install the deb package, etc...). I'm now totally lost, i have try everything and i can't get this pdb_mysql.so plugin ready :( So maybe i have miss something, maybe there is another way to make it as i wish to be, maybe there is a simple way to indirectly link samba to mysql with pam (I don't know PAM rules at all, i neither don't know how it works). It has been 4 days i'm looking for a solution, mailing random people i find on websites, no answers from them. Please if somebody has any clue, let me know a link, a sound, a color, anything to find a way to make it work... Anything to make it work from the stable .deb packages appreciated too. Thank you a lot! Pierre. P.S.: Here is the current configure parametters i use extracted from my rule file: --cache-file=./config.cache --with-fhs --enable-shared --enable-static --prefix=/usr --sysconfdir=/etc --libdir=/etc/samba --with-privatedir=/etc/samba --with-piddir=/var/run/samba --localstatedir=/var --with-netatalk --with-pam --with-syslog --with-utmp --with-readline --with-pam_smbpass --with-libsmbclient --with-winbind --with-msdfs --with-automount --with-tdbsam --with-ldap
Re: [Samba] XP Pro password change problem
On Thu, Sep 22, 2005 at 11:35:49AM -0400, Gary Dale wrote: Further to my e-mails below: I am running Samba 3.0.14a-Debian. My garydale account owns all the directories I am sharing. The group is set to users for all of them also. All of the user's linux accounts are members of the Linux users group. However, I suspect the root of the problem is to be found in my inability to change passwords through XP Pro. Ok, I'm confused. Are you having problems changing user passwords (CTRL-ALT-DEL) which we had a reply bug that was fixed for 3.0.20 (the password was getting changed but we were not returning success) or is this file permission related ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] STATUS_BUFFER_OVERFLOW
FC4 with Samba 3.20 Win 2003 AD Domain, no SP1 yet wbinfo --authenticate=dom+domtest%password yields the following could not open handle to NETLOGON pipe (error: STATUS_BUFFER_OVERFLOW) NTLM CRAP authentication for user [dom]\[domtest] returned STATUS_BUFFER_OVERFLOW (PAM: 4) challenge/response password authentication failed Could not authenticate user dom+domtest with challenge/response from running winbindd -i -d3 logging my smb.conf is as follows: [global] workgroup = DOM realm = DOM.MYDOMAIN.COM server string = Samba Server security = ADS allow trusted domains = No password server = dc.dom.mydomain.com log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap os level = 30 preferred master = No local master = No domain master = No browse list = No dns proxy = No wins server = 192.168.1.20 ldap ssl = no idmap backend = idmap_rid:DOM=1-1 idmap uid = 1-1 idmap gid = 1-1 template shell = /bin/bash winbind separator = + winbind nested groups = Yes cups options = raw I've tried playing with the authentication options so that only NTLMv2 was sent as I'm pretty sure only NTLM and NTLMv2 are accepted by our DCs. But changing those from the defaults in smb.conf have never made a difference in how wbinfo sends password information out. my system-auth file #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient/lib/security/$ISA/pam_localuser.so account sufficient/lib/security/$ISA/pam_succeed_if.so uid 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so account required /lib/security/$ISA/pam_permit.so passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/$ISA/pam_winbind.so use_authtok passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so wbinfo -u/-g and getent passwd/group all spit out the information as intended, only the authentication right now is giving me fits. The end goal is to unify my logons to AD alone vs. having some on NIS and the rest on AD. A text logon yields the following: [0]: getpwnam dom+domtest [ 2371]: lookupname DOM+domtest [ 2371]: lookupsid S-1-5-21-963995414-1895067062-1845911597-4472 [0]: getpwnam dom+domtest [ 2371]: lookupname DOM+domtest [ 2371]: lookupsid S-1-5-21-963995414-1895067062-1845911597-4472 [0]: request interface version [0]: request location of privileged pipe [0]: pam auth dom+domtest [ 2371]: pam auth dom+domtest could not open handle to NETLOGON pipe Plain-text authentication for user dom+domtest returned STATUS_BUFFER_OVERFLOW (PAM: 4) and /var/log/messages Sep 22 14:55:59 abq-fc4workstation pam_winbind[4900]: request failed, but PAM error 0! Sep 22 14:55:59 abq-fc4workstation pam_winbind[4900]: internal module error (retval = 3, user = `dom+domtest') Sep 22 14:56:02 abq-fc4workstation login[4900]: FAILED LOGIN 1 FROM (null) FOR dom+domtest, Authentication failure As far as a server the configuration works as it is supposed to, but I'm not able to get it to act as a full client due to this authentication problem. Phil Bryant Systems Administrator ITT Industries, AES RHCT MCSE 2000 MCP+I This e-mail and any files transmitted with it are proprietary and intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Industries, Inc. The recipient should check this e-mail and any attachments for the presence of viruses. ITT Industries accepts no liability for any damage caused by any virus transmitted by this e-mail. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC (3.0.14a) with LDAP cannot add machines
Eduard Witteveen wrote: Jan Evert van Grootheest wrote: I am setting up a Samba PDC which uses LDAP for account information. It is a debian installation with samba 3.0.14a and slapd 2.2.23 (I'm also using ldap-account-manager, but I don't think that has anything to do with this). If've found it. I came across this page at http://www.unav.es/cti/ldap-smb-howto.html where an administrator keeps his findings (I used the link for samba 3/head/samba 4). One of the things it mentions is that an administrator account is needed which has uidNumber 0 for unix. That caused a smbd to be created with uid 0 which passed the test that was failing. I also set the digital signing of the channel in w2k, but I'm not sure whether that's still required (my samba is somewhat newer than the one he used). So... the bug can be closed. Or can it??? Why is it necessary to have an administrator for samba that has uid 0? As long as the administrator has enough rights, according to the LDAP database, I don't think there's a reason to it. There's probably another bug in the database that is about this, now I just need to find it and then it'll become a duplicate. Thanks, Jan EVert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with starting smbd and nmbd
I need to change the server and master name on the node. How is that done. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error message when mapping drive
When I try to map a Linux file system to a windows 2000 machine, I get the following error message with one user ONLY. The account is for a printer which does scanning. Samba server is Suse Linux Pro 9.0 Samba version 3.0 Smb.conf file # smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the # samba-doc package is installed. # Date: 2005-05-23 [global] workgroup = wrkgrp password server = xxx.xxx.xxx.xxx hosts allow = xxx.xxx.xxx.xxx printing = cups printcap name = cups log file = /var/log/samba.log.%m username map = /etc/samba/usermap.txt printcap cache time = 750 cups options = raw printer admin = @ntadmin, root, administrator map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: security = server #security = domain encrypt passwords = yes ldap suffix = dc=example,dc=com domain logons = no ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers local master = no #local master = yes Chnaged 9/22/05 in AM #passdb backend = smbpasswd:/etc/passwd wins server = xxx.xxx.xxx.xx wins support = no add machine script = preferred master = auto [homes] comment = Home Directories valid users = %S browseable = no read only = No inherit acls = Yes guest ok = no printable = no ;; [groups] ;; comment = All groups ;; path = /home/groups ;; read only = No ;; inherit acls = Yes ;; browseable = yes ;; guest ok = no ;; printable = no [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 browseable = yes guest ok = no printable = no [business] comment = Data Storage location path = /storage/Georgia writeable = yes browseable = yes guest ok = no printable = no directory mask = 777 valid users = users [scans] comment = scans path = /storage/scans/ writeable = yes browseable = yes guest ok = no printable = no valid users = users [mailbox] comment = Company Mail path = /storage/Mailbox/ writeable = yes browseable = yes guest ok = no printable = no [profiles] comment = profiles path = /var/tmp printable = yes browseable = yes guest ok = no All OTHER users can map this file system and other file systems as well, without a problem. Any help appreciated. More info suppled upon request. Thanks John J. Maher Systems Administrator Anabase International Corp. 154 Lambertville / HQ Rd. Stockton, NJ 08559 (P) 609-397-4287, ext. 14 (F) 609-397-4178 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password expires
I have RedHat 9.0 and am having the same problem with password expiration. I cannot find the file account_policy.tdb. Into what file does the NT_TIME_MAX setting get put? Thanks, Michael C -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem migrating printer and driver form one samba share to another
Hi, I am using Samba 3.20 and trying out the following command to migrate testPrinter form bd-s4 to bd-s1, but I am getting the following errors: debugshell# net rpc printer MIGRATE PRINTERS testPrinter -U admin%pass -p 50139 -S bd-s4 --destination=bd-s1 migrating printer queue for:[\\bd-s4\testPrinter] / [testPrinter] cannot open printer \\bd-s1\testPrinter on server \\bd-s1: WERR_INVALID_PRINTER_NAME cannot get printer-info: WERR_GENERAL_FAILURE could not get printer, creating printer. creating printer: \\bd-s4\testPrinter could not create printer debugshell# admin is a user that has access to both the samba shares \\bd-s1 and \\bd-s4 Thanks in advance. Any help will be appreciated! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Name mangling problem
We have a few applications which are still 16bit (running on Win2k clients), and since moving some user data from NT4 to Samba, users have encountered the unpredictable filename mangling issue, where New Folder appears as NUJRHW~7. Users use 8.3 filenames when working in these programs, but often have folders with long filenames that are now unrecognizable. Is there any workaround for this, aside from renaming all the folders? -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Name mangling problem
On Thu, Sep 22, 2005 at 02:51:20PM -0700, Shawn Wright wrote: We have a few applications which are still 16bit (running on Win2k clients), and since moving some user data from NT4 to Samba, users have encountered the unpredictable filename mangling issue, where New Folder appears as NUJRHW~7. Users use 8.3 filenames when working in these programs, but often have folders with long filenames that are now unrecognizable. Is there any workaround for this, aside from renaming all the folders? You can use the old name-mangling scheme by setting : mangling method = hash (the default is hash2). This uses more characters of the original filename at the expense of greater name collision problems. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] UTMP duplicated entries
On Wed, 2005-09-21 at 16:38 -0300, Fabiano Caixeta Duarte wrote: On Wed, 21 Sep 2005, Kaplan, Marc wrote: Windows does allow duplicate sessions actually. If you net use * \\hostname\share and then net use \\ipaddress\share for the same server you will get two connections to the same server on your client (you can even use different users). Is it possible that this is what some users are doing? Yeah! Sorry! I am talking about login sessions. Does samba logs on utmp all kind of sessions or just login sessions? It logs file-share connections, as it doesn't really have the info for client-side login sessions. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Vista Setup
On Tue, 2005-09-20 at 10:49 +0200, [EMAIL PROTECTED] wrote: Hi, I am currently running a Gentoo with a 2.4 Kernel and Samba 3.0.20. More exactly I did emerge the net-fs/samba-3.0.20-rc1 package. Still I cant get Windows Vista to connect to the samba-server. I did some googling but didnt find anything usefull. Can anyone help? Do I have to setup a ADS with samba? Samba 3.0.21 will contain the fix, as does current SVN. I didn't see it in the list for 3.0.20a, sorry. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntlm_auth multiple domain authentication
On Tue, 2005-09-20 at 09:22 -0500, Jamie Crawford wrote: Hi, I'm using ntlm_auth to authenticate users in freeradius. My samba server is joined to DOMAINA. When I run ntlm_auth --username=domainauser everything works great. When I run ntlm_auth --username=domainbuser it fails because the user does not exist in domaina which the server is joined to. If I run ntlm_auth --username=domainbuser --domain=domainb it works great. I was wanting to do ntlm_auth --domain=domaina --domain=domainb --username=domainbuser, it works only because the second domain variable is domainb. If I were to use a domainauser, it would fail. Any ideas??? It isn't the role of ntlm_auth to 'search' for users, it expects to be told exactly what to return yes or no for. What if you had the same user in both domains? (Administrator comes to mind). In the windows world, the domain is always specified, so this doesn't come up as much. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind joins with domain name , not netbios name
Hi, I am having a problem with Winbind: First, some information .. Domain name :TESTDOM PDC's Netbios name : ubuntu Samba version : 3.0.20 (lateset patches installed) with LDAP backend. Linux : Ubuntu 2.6.10 Samba is running smoothly, with no problems. I want to use Winbin, so I followed Samba HowTo - chapter 23 http://us5.samba.org/samba/docs/man/Samba3-HOWTO/winbind.html#id2634776 I wanted to configure winbind to use the domain installed in the same server, so I joined using this command : net join -U administrator It says Joined Domain TESTDOM , and a machine account is created in LDAP with the following attributes : dn: uid=ubuntu$,ou=Computers,dc=testdom,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: ubuntu$ sn: ubuntu$ uid: ubuntu$ uidNumber: 1006 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer sambaSID: S-1-5-21-649663798-2503265242-3544459435-3012 sambaPrimaryGroupSID: S-1-5-21-649663798-2503265242-3544459435-2031 displayName: Computer sambaPwdCanChange: 1127424362 sambaPwdMustChange: 2147483647 sambaLMPassword: F6612BB25EF49A45DBF571ADD3E3B73E sambaNTPassword: 3EFFA0C5FF16761A846B9B24192F5955 sambaPwdLastSet: 1127424362 sambaAcctFlags: [S ] Then , I start Winbind. Here is the output of Winbind -u , -g -t [EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -u Error looking up domain users [EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -g BUILTIN\Print Operators BUILTIN\Backup Operators BUILTIN\Replicators [EMAIL PROTECTED]:/var/www/samba-doc/htmldocs # wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_ACCESS_DENIED (0xc022) Could not check secret When I run wbingo -t (to check secret), smbd logs : ldapsam_getsampwnam: Unable to locate user [TESTDOM$] count=0 [2005/09/23 00:34:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2005/09/23 00:34:56, 0] rpc_server/srv_netlog_nt.c:get_md4pw(242) get_md4pw: Workstation TESTDOM$: no account in domain The machine account it is searching is TESTDOM$ , which is the domain name , not the netbios name. Is this normal ? It should join with the netbios name of the PDC. I tried to create a machine trust account (smbldap-useradd -w) , didn't work. Can any body help me with this one ? Thanks Regards. Here's smb.conf : [global] workgroup = TESTDOM netbios name = ubuntu syslog = 0 log level = 4 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -a -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' domain logons = Yes domain master = yes wins support = yes printing = CUPS ldap passwd sync = Yes ldap admin dn = cn=Manager,dc=testdom,dc=com passdb backend = ldapsam:ldap://127.0.0.1/; ldap delete dn = yes ldap suffix = dc=testdom,dc=com ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://localhost time server = yes logon path = logon home = idmap uid = 15000-2 idmap gid = 15000-2 template shell = /bin/bash security = user winbind use default domain = yes [homes] comment = Home Directories valid users = %S writeable = yes browseable = No [netlogon] comment = Network Logon Service path = /samba/netlogon browseable = no guest ok = yes -- Turki M. Al-Ibrahim turkim (at) gmail.com http://gmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password expires
Michael Croy wrote: I have RedHat 9.0 and am having the same problem with password expiration. I cannot find the file account_policy.tdb. Into what file does the NT_TIME_MAX setting get put? Thanks, Michael C Try using pdbedit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Pro password change problem
Jeremy Allison wrote: On Thu, Sep 22, 2005 at 11:35:49AM -0400, Gary Dale wrote: Further to my e-mails below: I am running Samba 3.0.14a-Debian. My garydale account owns all the directories I am sharing. The group is set to users for all of them also. All of the user's linux accounts are members of the Linux users group. However, I suspect the root of the problem is to be found in my inability to change passwords through XP Pro. Ok, I'm confused. Are you having problems changing user passwords (CTRL-ALT-DEL) which we had a reply bug that was fixed for 3.0.20 (the password was getting changed but we were not returning success) or is this file permission related ? Jeremy. This cannot be the bug you are referring because my passwords are not being changed. It is not that passwords are being changed but not reported correctly. The next time I log in, I must use the old password still. The new one doesn't work. I eventually have to use SWAT to change it. There is a problem with file permissions in that I am the only one who seems to have write access. However, I suspect that the root of both problems lies in whatever is preventing passwords from being changed from XP. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2 samba servers on different subnets
Paul Littlefield schrieb: Hi All [...] I have just set up Network #2 and would now like to give these clients access to the file share on Network #1 (via the Tinc VPN)... AND... still keep a local PDC with roaming profiles. NETWORK #1 Range: 192.168.0.0/24 Tinc/Samba PDC Server: 192.168.0.200 Workgroup: ABCLTDGROUP NETWORK #2 Range: 192.168.50.0/24 Tinc/Samba PDC Server: 192.168.50.200 Workgroup: ABCLTDGROUP [...] Hi Paully, as I can see of your descr. you should do the following: - change the workgroup on NETWORK #2 to something else (f.e. BBCLTDGROUP) - Install Trust Relationship between the two PDC's as described in the samba HOWTO's. - Use WINS so that the clients can see the remote side. IMHO this should work. -Andy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Vista Setup
On Friday 23 September 2005 06:33, Andrew Bartlett wrote: On Tue, 2005-09-20 at 10:49 +0200, [EMAIL PROTECTED] wrote: I am currently running a Gentoo with a 2.4 Kernel and Samba 3.0.20. More exactly I did emerge the net-fs/samba-3.0.20-rc1 package. Still I cant get Windows Vista to connect to the samba-server. I did some googling but didnt find anything usefull. Can anyone help? Do I have to setup a ADS with samba? Samba 3.0.21 will contain the fix, as does current SVN. I didn't see it in the list for 3.0.20a, sorry. Ah, the ritual breaking of existing software with every major release. Can't just dump an old tradition, y'know? Imagine what that would do to revenues. Cheers; Leon -- http://cyberknights.com.au/ Modern tools; traditional dedication http://plug.linux.org.au/ Member, Perth Linux User Group http://slpwa.asn.au/Member, Linux Professionals WA http://osia.net.au/ Member, Open Source Industry Australia http://linux.org.au/Member, Linux Australia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Vista Setup
On Fri, 2005-09-23 at 09:07 +0800, Leon Brooks wrote: On Friday 23 September 2005 06:33, Andrew Bartlett wrote: On Tue, 2005-09-20 at 10:49 +0200, [EMAIL PROTECTED] wrote: I am currently running a Gentoo with a 2.4 Kernel and Samba 3.0.20. More exactly I did emerge the net-fs/samba-3.0.20-rc1 package. Still I cant get Windows Vista to connect to the samba-server. I did some googling but didnt find anything usefull. Can anyone help? Do I have to setup a ADS with samba? Samba 3.0.21 will contain the fix, as does current SVN. I didn't see it in the list for 3.0.20a, sorry. It looks like my fix made it in, I just missed the merge. Ah, the ritual breaking of existing software with every major release. Can't just dump an old tradition, y'know? Imagine what that would do to revenues. :-) But in all seriousness, Samba3 just didn't implement this area correctly and as such was more delicate than I would have preferred. In Samba4 I have reworked this area extensively, so hopefully we won't get caught on the hop as much in future. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] root login using /etc/shadow bypassing winbind / ADS security
I'm wondering if anyone has tried use local Solaris NSS files for root-only login VIA the console or ssh - effectively bypassing domain security to the PDC using ADS - Windows 2003 AD? I am not having a problem logging as the non-admin user. I wish to login to the root account that would not be part of the ADS domain security eventually over an ssh connection or directly to /dev/console via a serial link. SSH - next step after this issue is solved! My /opt/samba/smb.conf on Solaris 9 file looks like: [global] workgroup = ADTEST realm = ADTEST.AD.LAB server string = %h server (Samba %v) security = ADS update encrypted = Yes username map = /etc/samba/smbusers log level = 10 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 500-1 idmap gid = 500-1 template shell = /bin/bash winbind cache time = 10 winbind use default domain = Yes winbind trusted domains only = Yes winbind nested groups = Yes [homes] valid users = %S read only = No browseable = No /etc/nsswitch.conf: passwd: files winbind group: files winbind hosts: files dns winbind ipnodes:files networks: files protocols: files rpc:files ethers: files netmasks: files bootparams: files publickey: files # At present there isn't a 'files' backend for netgroup; the system will # figure it out pretty quickly, and won't use netgroups at all. netgroup: files automount: files aliases:files services: files sendmailvars: files printers: user files auth_attr: files prof_attr: files project:files /etc/pam.conf: # #ident @(#)pam.conf 1.2002/01/23 SMI # # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # PAM configuration # # Unless explicitly defined, all services use the modules # defined in the other section. # # Modules are defined with relative pathnames, i.e., they are # relative to /usr/lib/security/$ISA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth required /usr/lib/security/pam_winbind.so try_first_pass login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 try_first_pass login auth required pam_dial_auth.so.1 try_first_pass # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient /usr/lib/security/pam_winbind.so try_first_pass rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_auth.so.1 # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 other auth sufficient /usr/lib/security/pam_winbind.so try_first_pass rsh auth required pam_unix_auth.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authenctication # other auth sufficient /usr/lib/security/pam_winbind.so try_first_pass other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_auth.so.1 try_first_pass # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cronaccount requiredpam_projects.so.1 cronaccount requiredpam_unix_account.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # other account requisite pam_roles.so.1 other account requiredpam_projects.so.1 other account requiredpam_unix_account.so.1 # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # other session requiredpam_unix_session.so.1 # # Default definition for Password management # Used when service name is not explicitly mentioned for password management # other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other
Re: [Samba] LDAP howto
On Thursday 22 September 2005 14:21, Gary Dale wrote: Not really. I've been to the various Samba-LDAP howtos and there is a lot of outdated or irrelevant information in them. Too many sites seem to think that you need to know how to compile the sources while others don't recognize that we're not running Redhat 9.x. I've yet to find one that says these are the packages you need and here's how they interact with one another. Everyone I've found seems to assume that you're running the same system the same way they are. I've been through the Samba 3 book from cover to cover - try doing that without ample doses of caffeine! - but there seems to be important details missing. There is no howto that really takes you through the various steps of setting up Samba and LDAP together and get them talking, at least as far as I've found, and at least for Debian. My last attempt failed, as I recall, because LDAP seemed to asking for an encrypted connection. Please let me know what fails for you in chapter 5 of the book Samba-3 by Example - I'd love to fix it with your assistance. - John T. Nathan Vidican wrote: The samba how-to's a good place to start, however... if you're just looking to learn and understand things better, then I'd suggest a read-through on the OpenLDAP.org site as well. Hate to puch you away with a 'RTFM' reply... but it is kinda what you were asking for. On Thursday 22 September 2005 14:16, Gary Dale wrote: Does anyone know of a good Samba-LDAP howto for Debian (Sarge) systems? I probably don't need it for my home network, but I'd like to learn how to do it anyway. My previous attempts to get it working have failed. :( -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r10413 - in trunk/source/nsswitch: .
Author: vlendec
Date: 2005-09-22 06:10:01 + (Thu, 22 Sep 2005)
New Revision: 10413
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10413
Log:
Reformat. Jeremy, you might have a better and more expensive display I have,
but on my 1.1kg laptop with 1024x768 and with my glasses a 200 character wide
xterm is not really readable :-)
Volker
Modified:
trunk/source/nsswitch/winbindd_cm.c
Changeset:
Modified: trunk/source/nsswitch/winbindd_cm.c
===
--- trunk/source/nsswitch/winbindd_cm.c 2005-09-22 05:36:50 UTC (rev 10412)
+++ trunk/source/nsswitch/winbindd_cm.c 2005-09-22 06:10:01 UTC (rev 10413)
@@ -1042,32 +1042,41 @@
if (conn-samr_pipe == NULL) {
/*
-* No SAMR pipe yet. Attempt to get an NTLMSSP SPNEGO
authenticated
-* sign and sealed pipe using the machine account password by
-* preference. If we can't - try schannel, if that fails, try
anonymous.
+* No SAMR pipe yet. Attempt to get an NTLMSSP SPNEGO
+* authenticated sign and sealed pipe using the machine
+* account password by preference. If we can't - try schannel,
+* if that fails, try anonymous.
*/
fstring conn_pwd;
pwd_get_cleartext(conn-cli-pwd, conn_pwd);
- if (conn-cli-user_name[0] conn-cli-domain[0]
conn_pwd[0]) {
+ if (conn-cli-user_name[0] conn-cli-domain[0]
+ conn_pwd[0]) {
/* We have an authenticated connection. Use
a NTLMSSP SPNEGO authenticated SAMR pipe with
sign seal. */
- conn-samr_pipe =
cli_rpc_pipe_open_spnego_ntlmssp(conn-cli,
- PI_SAMR,
-
PIPE_AUTH_LEVEL_PRIVACY,
-
conn-cli-domain,
-
conn-cli-user_name,
- conn_pwd,
- result);
+ conn-samr_pipe =
+ cli_rpc_pipe_open_spnego_ntlmssp(conn-cli,
+PI_SAMR,
+
PIPE_AUTH_LEVEL_PRIVACY,
+
conn-cli-domain,
+
conn-cli-user_name,
+conn_pwd,
+result);
if (conn-samr_pipe == NULL) {
- DEBUG(10,(cm_connect_sam: failed to connect to
SAMR pipe for domain %s
- using NTLMSSP authenticated pipe: user
%s\\%s. Error was %s\n,
- domain-name, conn-cli-domain,
conn-cli-user_name, nt_errstr(result) ));
+ DEBUG(10,(cm_connect_sam: failed to connect
+ to SAMR pipe for domain %s using
+ NTLMSSP authenticated pipe: user
+ %s\\%s. Error was %s\n,
+ domain-name, conn-cli-domain,
+ conn-cli-user_name,
+ nt_errstr(result)));
} else {
- DEBUG(10,(cm_connect_sam: connected to SAMR
pipe for domain %s
- using NTLMSSP authenticated pipe: user
%s\\%s\n,
- domain-name, conn-cli-domain,
conn-cli-user_name ));
+ DEBUG(10,(cm_connect_sam: connected to SAMR
+ pipe for domain %s using NTLMSSP
+ authenticated pipe: user %s\\%s\n,
+ domain-name, conn-cli-domain,
+ conn-cli-user_name ));
}
}
@@ -1077,28 +1086,32 @@
struct dcinfo *p_dcinfo;
if (cm_get_schannel_dcinfo(domain, p_dcinfo)) {
- conn-samr_pipe =
cli_rpc_pipe_open_schannel_with_key(conn-cli,
- PI_SAMR,
-
PIPE_AUTH_LEVEL_PRIVACY,
-
svn commit: samba r10414 - in branches/SAMBA_4_0/source/build/scons: .
Author: tpot
Date: 2005-09-22 06:20:53 + (Thu, 22 Sep 2005)
New Revision: 10414
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10414
Log:
Fix building of proto.h
Modified:
branches/SAMBA_4_0/source/build/scons/proto.py
Changeset:
Modified: branches/SAMBA_4_0/source/build/scons/proto.py
===
--- branches/SAMBA_4_0/source/build/scons/proto.py 2005-09-22 06:10:01 UTC
(rev 10413)
+++ branches/SAMBA_4_0/source/build/scons/proto.py 2005-09-22 06:20:53 UTC
(rev 10414)
@@ -13,7 +13,7 @@
def generate(env):
env['MKPROTO'] = './script/mkproto.sh'
- env['PROTOCOM'] = '$MKPROTO $PERL -h _PROTO_H_ ${TARGETS[0]}
$SOURCE'
+ env['PROTOCOM'] = '$MKPROTO $PERL -h _PROTO_H_ ${TARGETS[0]}
$SOURCES'
env['BUILDERS']['CProtoHeader'] = proto_builder
def exists(env):
svn commit: samba r10415 - in branches/SAMBA_4_0/source/lib: ldb tdb
Author: tpot
Date: 2005-09-22 06:38:26 + (Thu, 22 Sep 2005)
New Revision: 10415
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10415
Log:
The ldb and tdb libraries are bad examples to test out the make proto
code as they are marked as NOPROTO in the config.mk files.
Modified:
branches/SAMBA_4_0/source/lib/ldb/SConscript
branches/SAMBA_4_0/source/lib/tdb/SConscript
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/SConscript
===
--- branches/SAMBA_4_0/source/lib/ldb/SConscript2005-09-22 06:20:53 UTC
(rev 10414)
+++ branches/SAMBA_4_0/source/lib/ldb/SConscript2005-09-22 06:38:26 UTC
(rev 10415)
@@ -1,7 +1,5 @@
-#tastes like -*- python -*-
+Import('hostenv', 'talloc', 'defines')
-Import('hostenv', 'talloc', 'defines', 'proto_files')
-
hostenv.StaticLibrary('modules/timestamps.c')
hostenv.StaticLibrary('modules/rdn_name.c')
hostenv.StaticLibrary('modules/schema.c')
@@ -23,7 +21,6 @@
'ldb_tdb/ldb_cache.c', 'ldb_tdb/ldb_tdb_wrap.c']
hostenv.StaticLibrary('ldb_tdb', ldb_tdb_source)
-proto_files += [File(x) for x in ldb_tdb_source]
ldb_source = ['common/ldb.c','common/ldb_ldif.c','common/ldb_parse.c',
'common/ldb_parse.c','common/ldb_msg.c','common/ldb_utf8.c',
@@ -31,7 +28,6 @@
'common/attrib_handlers.c','common/ldb_dn.c']
ldb = hostenv.StaticLibrary('ldb', ldb_source + talloc)
-proto_files += [File(x) for x in ldb_source]
Export('ldb')
Modified: branches/SAMBA_4_0/source/lib/tdb/SConscript
===
--- branches/SAMBA_4_0/source/lib/tdb/SConscript2005-09-22 06:20:53 UTC
(rev 10414)
+++ branches/SAMBA_4_0/source/lib/tdb/SConscript2005-09-22 06:38:26 UTC
(rev 10415)
@@ -1,17 +1,15 @@
-Import('hostenv', 'proto_files')
+Import('hostenv')
+
tdbenv = hostenv.Copy()
tdbenv.Append(CPPPATH=['include'])
-tdb_files = ['common/tdb.c','common/dump.c','common/io.c','common/lock.c',
+tdb_source = ['common/tdb.c','common/dump.c','common/io.c','common/lock.c',
'common/open.c','common/traverse.c','common/freelist.c',
'common/error.c','common/transaction.c', 'common/tdbutil.c']
-tdb = tdbenv.StaticLibrary('tdb', tdb_files)
+tdb = tdbenv.StaticLibrary('tdb', tdb_source)
-proto_files += [File(x) for x in tdb_files]
-
tdbtool = tdbenv.Program('bin/tdbtool', ['tools/tdbtool.c',tdb])
tdbtorture = tdbenv.Program('bin/tdbtorture', ['tools/tdbtorture.c',tdb])
tdbdump = tdbenv.Program('bin/tdbdump', ['tools/tdbdump.c',tdb])
tdbbackup = tdbenv.Program('bin/tdbbackup', ['tools/tdbbackup.c',tdb])
-
svn commit: samba r10416 - in branches/SAMBA_4_0/source: .
Author: tpot
Date: 2005-09-22 07:17:24 + (Thu, 22 Sep 2005)
New Revision: 10416
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10416
Log:
Detect some more types to get rid of spurious warnings in the
lib/replace/replace.h header.
Running 'scons lib/tdb' now (mostly) builds tdb.
Modified:
branches/SAMBA_4_0/source/SConstruct
Changeset:
Modified: branches/SAMBA_4_0/source/SConstruct
===
--- branches/SAMBA_4_0/source/SConstruct2005-09-22 06:38:26 UTC (rev
10415)
+++ branches/SAMBA_4_0/source/SConstruct2005-09-22 07:17:24 UTC (rev
10416)
@@ -7,7 +7,7 @@
# Copyright (C) 2005 Jelmer Vernooij [EMAIL PROTECTED]
# Published under the GNU GPL
-import cPickle
+import cPickle, string
# We don't care about NFS builds...
@@ -149,11 +149,22 @@
type_headers =
#include stdint.h
+#include sys/types.h
for t in needed_types:
if not conf.CheckType(t,type_headers):
defines[t] = needed_types[t]
+ for t in ['u_int32_t', 'u_int16_t', 'u_int8_t']:
+ if conf.CheckType(t, type_headers):
+ defines['HAVE_%s' % string.upper(t)] = 1
+
+ if conf.CheckType('comparison_fn_t', type_headers):
+ defines['HAVE_COMPARISON_FN_T'] = 1
+
+ if conf.CheckType('sig_atomic_t', '#include signal.h'):
+ defines['HAVE_SIG_ATOMIC_T_TYPE'] = 1
+
if conf.TryCompile(
#include sys/types.h
svn commit: samba r10417 - in branches/tmp/samba4-winsrepl: . source source/auth source/auth/gensec source/auth/kerberos source/auth/ntlmssp source/build/m4 source/build/scons source/build/smb_build s
Author: metze Date: 2005-09-22 08:23:45 + (Thu, 22 Sep 2005) New Revision: 10417 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10417 Log: [EMAIL PROTECTED] (orig r10353): vlendec | 2005-09-20 17:43:58 +0200 Fix typo [EMAIL PROTECTED] (orig r10356): jelmer | 2005-09-20 19:49:19 +0200 Make the proto generator work with scons [EMAIL PROTECTED] (orig r10363): vlendec | 2005-09-20 22:54:25 +0200 Nobody loudly screamed noo, so commit the samba3 winbind interface to samba4. Ok, maybe the silence is due to timezones, but what can you do... ;-) Volker [EMAIL PROTECTED] (orig r10364): abartlet | 2005-09-20 23:29:29 +0200 Turn gensec:gssapi on by default, except for a login of the form -Udomain\\user. This will probably break in a few configurations, so please let me know. I'll also work to have a way to inhibit kerberos/ntlmssp, as this removes -k. Andrew Bartlett [EMAIL PROTECTED] (orig r10365): vlendec | 2005-09-20 23:37:10 +0200 Use nsswitch/winbindd_nss.h in winbind/, update that file to the current 3_0 interface. Volker [EMAIL PROTECTED] (orig r10366): jelmer | 2005-09-21 00:10:40 +0200 More scons fixes. Building et, asn1, lex and yacc files sort-of works now [EMAIL PROTECTED] (orig r10368): tridge | 2005-09-21 00:52:54 +0200 when building the epm tower, don't put host names in the ip address field, instead put a zero address. Note that zero is correct (ie. we shouldn't do the lookup) as in the client we want to send a zero for the server to fill in. When we make this call from the server we fill in a real IP. [EMAIL PROTECTED] (orig r10369): tpot | 2005-09-21 01:00:45 +0200 You don't need to put leading or trailing spaces on variables. It's a make-ism. Use consistent (single) quoting. [EMAIL PROTECTED] (orig r10370): tridge | 2005-09-21 01:23:03 +0200 only validate the re-generated binding string for hostnames with IPs Jelmer, can you see a better approach to this? As far as I am aware protocol towers don't use hostnames, they always use IP addresses [EMAIL PROTECTED] (orig r10372): abartlet | 2005-09-21 02:15:56 +0200 Having gone to all the effort to uppercase the realm, actually set the upper-case realm. Andrew Bartlett [EMAIL PROTECTED] (orig r10373): abartlet | 2005-09-21 02:27:10 +0200 Fix segfault in LookupSids. Andrew Bartlett [EMAIL PROTECTED] (orig r10374): jelmer | 2005-09-21 02:38:23 +0200 Add HAVE_* defines (on command-line or in config.h file) for scons + some other minor updates [EMAIL PROTECTED] (orig r10376): tpot | 2005-09-21 06:59:02 +0200 Argh - not quoting dictionary/hash keys is a bit of a perlism. [EMAIL PROTECTED] (orig r10377): tpot | 2005-09-21 07:39:18 +0200 Save configuration stuff to sconf.cache so it isn't annoyingly run at every single build. Run 'scons configure=1' or delete sconf.cache to force checks to be re-run. Jelmer, I think this stuff is cached in the .sconf_cache directory but the message is still displayed and it looks like it caches the compiled test object file not the actual result of the test. [EMAIL PROTECTED] (orig r10378): tpot | 2005-09-21 09:12:23 +0200 Build config.h file from dictionary of defines and always use it. [EMAIL PROTECTED] (orig r10379): tpot | 2005-09-21 09:20:58 +0200 Add files for ldb and tdb to proto_files. The tool for building proto.h is busted though. [EMAIL PROTECTED] (orig r10380): jelmer | 2005-09-21 11:16:55 +0200 Use pod-style documentation rather then XML-doc, in good perl style. [EMAIL PROTECTED] (orig r10381): jelmer | 2005-09-21 11:27:17 +0200 Be a bit stricter on pod syntax [EMAIL PROTECTED] (orig r10382): abartlet | 2005-09-21 12:17:56 +0200 In the absence of client support for the full KDC-side canonicalisation code, I've hacked Heimdal to use the default realm if no other realm can be determined for a given host. Andrew Bartlett [EMAIL PROTECTED] (orig r10383): abartlet | 2005-09-21 12:18:40 +0200 This patch is on the road to implementing servers (such as kpasswd) that use raw krb5, not GSSAPI. I still keep the 'fake GSSAPI' code, but under the module name 'fake_gssapi_krb5'. Andrew Bartlett [EMAIL PROTECTED] (orig r10384): tridge | 2005-09-21 12:45:47 +0200 add _GNU_SOURCE in tdb configure [EMAIL PROTECTED] (orig r10385): tridge | 2005-09-21 12:46:02 +0200 removed obsolete comment [EMAIL PROTECTED] (orig r10386): abartlet | 2005-09-21 14:24:41 +0200 Merge current lorikeet-heimdal into Samba4. Andrew Bartlett [EMAIL PROTECTED] (orig r10387): abartlet | 2005-09-21 14:38:25 +0200 By exporting KRB5_CONFIG pointing at a file of our choosing, we can avoid DNS delays in our testsuite. The next step will be to use kerberos in the tests (awaits application of socketwrapper or hooks into our socket layer). Andrew Bartlett [EMAIL PROTECTED] (orig r10388): jelmer | 2005-09-21 14:57:18 +0200 Add version
svn commit: samba r10418 - in branches/SAMBA_4_0/source: .
Author: tpot
Date: 2005-09-22 08:47:32 + (Thu, 22 Sep 2005)
New Revision: 10418
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10418
Log:
Fix comparison_fn_t test I busted. Add $HOME to the environment as some
tools get confused if it isn't there.
Modified:
branches/SAMBA_4_0/source/SConstruct
Changeset:
Modified: branches/SAMBA_4_0/source/SConstruct
===
--- branches/SAMBA_4_0/source/SConstruct2005-09-22 08:23:45 UTC (rev
10417)
+++ branches/SAMBA_4_0/source/SConstruct2005-09-22 08:47:32 UTC (rev
10418)
@@ -7,7 +7,7 @@
# Copyright (C) 2005 Jelmer Vernooij [EMAIL PROTECTED]
# Published under the GNU GPL
-import cPickle, string
+import cPickle, string, os
# We don't care about NFS builds...
@@ -45,6 +45,9 @@
# Pull in GNU extensions
hostenv.Append(CPPDEFINES = {'_GNU_SOURCE': 1})
+# Some tools get confused if $HOME isn't defined
+hostenv.Append(ENV={'HOME': os.environ['HOME']})
+
# Store configuration data in a dictionary.
def saveconfig(data):
@@ -159,7 +162,7 @@
if conf.CheckType(t, type_headers):
defines['HAVE_%s' % string.upper(t)] = 1
- if conf.CheckType('comparison_fn_t', type_headers):
+ if conf.CheckType('comparison_fn_t', '#include stdlib.h'):
defines['HAVE_COMPARISON_FN_T'] = 1
if conf.CheckType('sig_atomic_t', '#include signal.h'):
svn commit: samba r10420 - in branches/SAMBA_4_0/source: . lib/tdb
Author: jelmer
Date: 2005-09-22 12:23:44 + (Thu, 22 Sep 2005)
New Revision: 10420
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10420
Log:
Two minor scons fixes
Modified:
branches/SAMBA_4_0/source/SConstruct
branches/SAMBA_4_0/source/lib/tdb/SConscript
Changeset:
Modified: branches/SAMBA_4_0/source/SConstruct
===
--- branches/SAMBA_4_0/source/SConstruct2005-09-22 09:06:37 UTC (rev
10419)
+++ branches/SAMBA_4_0/source/SConstruct2005-09-22 12:23:44 UTC (rev
10420)
@@ -42,9 +42,6 @@
hostenv.Append(CCFLAGS='-Wno-format-y2k')
hostenv.Append(CCFLAGS='-Wno-declaration-after-statement')
-# Pull in GNU extensions
-hostenv.Append(CPPDEFINES = {'_GNU_SOURCE': 1})
-
# Some tools get confused if $HOME isn't defined
hostenv.Append(ENV={'HOME': os.environ['HOME']})
@@ -138,6 +135,9 @@
if conf.CheckFunc(f):
defines['HAVE_' + f.upper()] = 1
+ # Pull in GNU extensions
+ defines['_GNU_SOURCE'] = 1
+
needed_types = {
'uint_t': 'unsigned int',
'int8_t': 'signed char',
Modified: branches/SAMBA_4_0/source/lib/tdb/SConscript
===
--- branches/SAMBA_4_0/source/lib/tdb/SConscript2005-09-22 09:06:37 UTC
(rev 10419)
+++ branches/SAMBA_4_0/source/lib/tdb/SConscript2005-09-22 12:23:44 UTC
(rev 10420)
@@ -12,4 +12,4 @@
tdbtool = tdbenv.Program('bin/tdbtool', ['tools/tdbtool.c',tdb])
tdbtorture = tdbenv.Program('bin/tdbtorture', ['tools/tdbtorture.c',tdb])
tdbdump = tdbenv.Program('bin/tdbdump', ['tools/tdbdump.c',tdb])
-tdbbackup = tdbenv.Program('bin/tdbbackup', ['tools/tdbbackup.c',tdb])
+#tdbbackup = tdbenv.Program('bin/tdbbackup', ['tools/tdbbackup.c',tdb])
svn commit: samba r10421 - in branches/SAMBA_4_0/source/lib/tdb: common docs include tools
Author: tridge Date: 2005-09-22 13:12:46 + (Thu, 22 Sep 2005) New Revision: 10421 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10421 Log: following on discussions with simo, I have worked out a way of allowing searches to proceed while another process is in a transaction, then only upgrading the transaction lock to a write lock on commit. The solution is: - split tdb_traverse() into two calls, called tdb_traverse() and tdb_traverse_read(). The _read() version only gets read locks, and will fail any write operations made in the callback from the traverse. - the normal tdb_traverse() call allows for read or write operations in the callback, but gets the transaction lock, preventing transastions from starting inside the traverse In addition we enforce the following rule that you may not start a transaction within a traverse callback, although you can start a traverse within a transaction With these rules in place I believe all the deadlock possibilities are removed, and we can now allow for searches to happen in parallel with transactions Modified: branches/SAMBA_4_0/source/lib/tdb/common/error.c branches/SAMBA_4_0/source/lib/tdb/common/io.c branches/SAMBA_4_0/source/lib/tdb/common/lock.c branches/SAMBA_4_0/source/lib/tdb/common/tdb.c branches/SAMBA_4_0/source/lib/tdb/common/tdb_private.h branches/SAMBA_4_0/source/lib/tdb/common/transaction.c branches/SAMBA_4_0/source/lib/tdb/common/traverse.c branches/SAMBA_4_0/source/lib/tdb/docs/README branches/SAMBA_4_0/source/lib/tdb/include/tdb.h branches/SAMBA_4_0/source/lib/tdb/tools/tdbtorture.c Changeset: Sorry, the patch is too large (401 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10421
svn commit: samba r10422 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: tridge
Date: 2005-09-22 13:14:12 + (Thu, 22 Sep 2005)
New Revision: 10422
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10422
Log:
ldb_search() can now use tdb_traverse_read() to ensure it can run in
parallel with any transaction
Modified:
branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
===
--- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2005-09-22
13:12:46 UTC (rev 10421)
+++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2005-09-22
13:14:12 UTC (rev 10422)
@@ -472,7 +472,7 @@
sinfo-count = 0;
sinfo-failures = 0;
- ret = tdb_traverse(ltdb-tdb, search_func, sinfo);
+ ret = tdb_traverse_read(ltdb-tdb, search_func, sinfo);
if (ret == -1) {
talloc_free(sinfo);
svn commit: samba r10423 - in branches/SAMBA_4_0/source/lib/ldb/tests: .
Author: tridge Date: 2005-09-22 13:16:23 + (Thu, 22 Sep 2005) New Revision: 10423 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10423 Log: minor changes to the ldb test suite to allow it to work correctly with a real ldap backend (such as openldap) Modified: branches/SAMBA_4_0/source/lib/ldb/tests/init.ldif branches/SAMBA_4_0/source/lib/ldb/tests/test.ldif Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/tests/init.ldif === --- branches/SAMBA_4_0/source/lib/ldb/tests/init.ldif 2005-09-22 13:14:12 UTC (rev 10422) +++ branches/SAMBA_4_0/source/lib/ldb/tests/init.ldif 2005-09-22 13:16:23 UTC (rev 10423) @@ -14,3 +14,18 @@ 09 $ US telephonenumber: +1 313 764-1817 associateddomain: example.com + +dn: ou=People,o=University of Michigan,c=TEST +objectclass: organizationalUnit +objectclass: extensibleObject +ou: People +uidNumber: 0 +gidNumber: 0 + +dn: ou=Ldb Test,ou=People,o=University of Michigan,c=TEST +objectclass: organizationalUnit +objectclass: extensibleObject +ou: People +ou: Ldb Test +uidNumber: 0 +gidNumber: 0 Modified: branches/SAMBA_4_0/source/lib/ldb/tests/test.ldif === --- branches/SAMBA_4_0/source/lib/ldb/tests/test.ldif 2005-09-22 13:14:12 UTC (rev 10422) +++ branches/SAMBA_4_0/source/lib/ldb/tests/test.ldif 2005-09-22 13:16:23 UTC (rev 10423) @@ -1,10 +1,3 @@ -dn: ou=People,o=University of Michigan,c=TEST -objectclass: organizationalUnit -objectclass: extensibleObject -ou: People -uidNumber: 0 -gidNumber: 0 - dn: ou=Groups,o=University of Michigan,c=TEST objectclass: organizationalUnit ou: Groups
svn commit: samba r10424 - in branches/SAMBA_4_0/source/lib/tdb/common: .
Author: tridge
Date: 2005-09-22 13:20:28 + (Thu, 22 Sep 2005)
New Revision: 10424
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10424
Log:
for caller convenience, automatically turn a tdb_traverse() into a
tdb_traverse_read() for read only databases
Modified:
branches/SAMBA_4_0/source/lib/tdb/common/traverse.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/tdb/common/traverse.c
===
--- branches/SAMBA_4_0/source/lib/tdb/common/traverse.c 2005-09-22 13:16:23 UTC
(rev 10423)
+++ branches/SAMBA_4_0/source/lib/tdb/common/traverse.c 2005-09-22 13:20:28 UTC
(rev 10424)
@@ -220,6 +220,10 @@
{
struct tdb_traverse_lock tl = { NULL, 0, 0, F_WRLCK };
int ret;
+
+ if (tdb-read_only) {
+ return tdb_traverse_read(tdb, fn, private);
+ }
if (tdb-methods-tdb_brlock(tdb, TRANSACTION_LOCK, F_WRLCK, F_SETLKW,
0) == -1) {
TDB_LOG((tdb, 0, tdb_traverse: failed to get transaction
lock\n));
svn commit: samba r10425 - in branches/tmp/vl-cluster/source: . include libads libsmb nsswitch param printing rpc_client rpc_parse smbd tdb torture utils
Author: vlendec Date: 2005-09-22 13:49:54 + (Thu, 22 Sep 2005) New Revision: 10425 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10425 Log: Merge trunk up to r10424 Added: branches/tmp/vl-cluster/source/printing/print_iprint.c Removed: branches/tmp/vl-cluster/source/include/rpc_creds.h Modified: branches/tmp/vl-cluster/source/Makefile.in branches/tmp/vl-cluster/source/configure.in branches/tmp/vl-cluster/source/include/client.h branches/tmp/vl-cluster/source/include/includes.h branches/tmp/vl-cluster/source/include/ntdomain.h branches/tmp/vl-cluster/source/include/printing.h branches/tmp/vl-cluster/source/include/rpc_misc.h branches/tmp/vl-cluster/source/include/smb.h branches/tmp/vl-cluster/source/libads/sasl.c branches/tmp/vl-cluster/source/libsmb/cliconnect.c branches/tmp/vl-cluster/source/libsmb/clientgen.c branches/tmp/vl-cluster/source/libsmb/clikrb5.c branches/tmp/vl-cluster/source/libsmb/clispnego.c branches/tmp/vl-cluster/source/libsmb/passchange.c branches/tmp/vl-cluster/source/nsswitch/pam_winbind.c branches/tmp/vl-cluster/source/nsswitch/wb_common.c branches/tmp/vl-cluster/source/nsswitch/winbind_client.h branches/tmp/vl-cluster/source/nsswitch/winbindd.h branches/tmp/vl-cluster/source/nsswitch/winbindd_cm.c branches/tmp/vl-cluster/source/nsswitch/winbindd_nss.h branches/tmp/vl-cluster/source/param/loadparm.c branches/tmp/vl-cluster/source/printing/pcap.c branches/tmp/vl-cluster/source/printing/printing.c branches/tmp/vl-cluster/source/rpc_client/cli_pipe.c branches/tmp/vl-cluster/source/rpc_parse/parse_prs.c branches/tmp/vl-cluster/source/smbd/dosmode.c branches/tmp/vl-cluster/source/tdb/tdb.c branches/tmp/vl-cluster/source/torture/locktest.c branches/tmp/vl-cluster/source/utils/ntlm_auth.c Changeset: Sorry, the patch is too large (1400 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10425
svn commit: samba r10426 - in branches/SAMBA_4_0/source: include winbind
Author: metze Date: 2005-09-22 18:35:08 + (Thu, 22 Sep 2005) New Revision: 10426 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10426 Log: - restructure the winbind server code a bit - remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze Added: branches/SAMBA_4_0/source/winbind/wb_samba3_cmd.c branches/SAMBA_4_0/source/winbind/wb_samba3_protocol.c branches/SAMBA_4_0/source/winbind/wb_samba3_protocol.h branches/SAMBA_4_0/source/winbind/wb_server.h Modified: branches/SAMBA_4_0/source/include/structs.h branches/SAMBA_4_0/source/winbind/SConscript branches/SAMBA_4_0/source/winbind/config.mk branches/SAMBA_4_0/source/winbind/wb_server.c Changeset: Sorry, the patch is too large (916 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10426
svn commit: samba r10427 - in branches/tmp/samba4-winsrepl: . source source/include source/lib/ldb/include source/lib/ldb/ldb_tdb source/lib/ldb/tests source/lib/tdb source/lib/tdb/common source/lib/t
Author: metze Date: 2005-09-22 18:37:03 + (Thu, 22 Sep 2005) New Revision: 10427 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10427 Log: [EMAIL PROTECTED] (orig r10418): tpot | 2005-09-22 10:47:32 +0200 Fix comparison_fn_t test I busted. Add $HOME to the environment as some tools get confused if it isn't there. [EMAIL PROTECTED] (orig r10419): idra | 2005-09-22 11:06:37 +0200 Remove unused prototypes of locking functions (thanks Jelmer) omment about transactions [EMAIL PROTECTED] (orig r10420): jelmer | 2005-09-22 14:23:44 +0200 Two minor scons fixes [EMAIL PROTECTED] (orig r10421): tridge | 2005-09-22 15:12:46 +0200 following on discussions with simo, I have worked out a way of allowing searches to proceed while another process is in a transaction, then only upgrading the transaction lock to a write lock on commit. The solution is: - split tdb_traverse() into two calls, called tdb_traverse() and tdb_traverse_read(). The _read() version only gets read locks, and will fail any write operations made in the callback from the traverse. - the normal tdb_traverse() call allows for read or write operations in the callback, but gets the transaction lock, preventing transastions from starting inside the traverse In addition we enforce the following rule that you may not start a transaction within a traverse callback, although you can start a traverse within a transaction With these rules in place I believe all the deadlock possibilities are removed, and we can now allow for searches to happen in parallel with transactions [EMAIL PROTECTED] (orig r10422): tridge | 2005-09-22 15:14:12 +0200 ldb_search() can now use tdb_traverse_read() to ensure it can run in parallel with any transaction [EMAIL PROTECTED] (orig r10423): tridge | 2005-09-22 15:16:23 +0200 minor changes to the ldb test suite to allow it to work correctly with a real ldap backend (such as openldap) [EMAIL PROTECTED] (orig r10424): tridge | 2005-09-22 15:20:28 +0200 for caller convenience, automatically turn a tdb_traverse() into a tdb_traverse_read() for read only databases [EMAIL PROTECTED] (orig r10426): metze | 2005-09-22 20:35:08 +0200 - restructure the winbind server code a bit - remove the echo test stuff - abstract out the used protocol - we have a seperate handler for the samba3 protocol now - the backend can easy do async replies by setting WBSRV_CALL_FLAGS_REPLY_ASYNC in wbsrv_call and then call wbsrv_queue_reply() later metze Added: branches/tmp/samba4-winsrepl/source/winbind/wb_samba3_cmd.c branches/tmp/samba4-winsrepl/source/winbind/wb_samba3_protocol.c branches/tmp/samba4-winsrepl/source/winbind/wb_samba3_protocol.h branches/tmp/samba4-winsrepl/source/winbind/wb_server.h Modified: branches/tmp/samba4-winsrepl/ branches/tmp/samba4-winsrepl/source/SConstruct branches/tmp/samba4-winsrepl/source/include/structs.h branches/tmp/samba4-winsrepl/source/lib/ldb/include/ldb.h branches/tmp/samba4-winsrepl/source/lib/ldb/ldb_tdb/ldb_search.c branches/tmp/samba4-winsrepl/source/lib/ldb/tests/init.ldif branches/tmp/samba4-winsrepl/source/lib/ldb/tests/test.ldif branches/tmp/samba4-winsrepl/source/lib/tdb/SConscript branches/tmp/samba4-winsrepl/source/lib/tdb/common/error.c branches/tmp/samba4-winsrepl/source/lib/tdb/common/io.c branches/tmp/samba4-winsrepl/source/lib/tdb/common/lock.c branches/tmp/samba4-winsrepl/source/lib/tdb/common/tdb.c branches/tmp/samba4-winsrepl/source/lib/tdb/common/tdb_private.h branches/tmp/samba4-winsrepl/source/lib/tdb/common/transaction.c branches/tmp/samba4-winsrepl/source/lib/tdb/common/traverse.c branches/tmp/samba4-winsrepl/source/lib/tdb/docs/README branches/tmp/samba4-winsrepl/source/lib/tdb/include/tdb.h branches/tmp/samba4-winsrepl/source/lib/tdb/tools/tdbtorture.c branches/tmp/samba4-winsrepl/source/winbind/SConscript branches/tmp/samba4-winsrepl/source/winbind/config.mk branches/tmp/samba4-winsrepl/source/winbind/wb_server.c Changeset: Sorry, the patch is too large (1472 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10427
svn commit: samba r10428 - in trunk/source/rpc_client: .
Author: jra
Date: 2005-09-22 18:41:17 + (Thu, 22 Sep 2005)
New Revision: 10428
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10428
Log:
It doesn't help in encrypted RPC streams if you forget to remove
the auth_footer from the stream... :-). Thanks to Volker for catching
this Doh! Homer Simpson bug :-).
Jeremy.
Modified:
trunk/source/rpc_client/cli_pipe.c
Changeset:
Modified: trunk/source/rpc_client/cli_pipe.c
===
--- trunk/source/rpc_client/cli_pipe.c 2005-09-22 18:37:03 UTC (rev 10427)
+++ trunk/source/rpc_client/cli_pipe.c 2005-09-22 18:41:17 UTC (rev 10428)
@@ -440,6 +440,19 @@
{
NTSTATUS ret = NT_STATUS_OK;
+ /* Paranioa checks for auth_len. */
+ if (prhdr-auth_len) {
+ if (prhdr-auth_len prhdr-frag_len) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (prhdr-auth_len + RPC_HDR_AUTH_LEN prhdr-auth_len ||
+ prhdr-auth_len + RPC_HDR_AUTH_LEN
RPC_HDR_AUTH_LEN) {
+ /* Integer wrap attempt. */
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
/*
* Now we have a complete RPC request PDU fragment, try and verify any
auth data.
*/
@@ -543,11 +556,26 @@
/* Point the return values at the NDR data. Remember to
remove any ss padding. */
*ppdata = prs_data_p(current_pdu) + RPC_HEADER_LEN +
RPC_HDR_RESP_LEN;
+
if (current_pdu_len RPC_HEADER_LEN + RPC_HDR_RESP_LEN
+ ss_padding_len) {
return NT_STATUS_BUFFER_TOO_SMALL;
}
+
*pdata_len = current_pdu_len - RPC_HEADER_LEN -
RPC_HDR_RESP_LEN - ss_padding_len;
+ /* Remember to remove the auth footer. */
+ if (prhdr-auth_len) {
+ /* We've already done integer wrap tests on
auth_len in
+ cli_pipe_validate_rpc_response(). */
+ if (*pdata_len RPC_HDR_AUTH_LEN +
prhdr-auth_len) {
+ return NT_STATUS_BUFFER_TOO_SMALL;
+ }
+ *pdata_len -= (RPC_HDR_AUTH_LEN +
prhdr-auth_len);
+ }
+
+ DEBUG(10,(cli_pipe_validate_current_pdu: got pdu len
%u, data_len %u, ss_len %u\n,
+ current_pdu_len, *pdata_len, ss_padding_len ));
+
/*
* If this is the first reply, and the allocation hint
is reasonably, try and
* set up the return_data parse_struct to the correct
size.
@@ -809,6 +837,9 @@
ret = cli_pipe_validate_current_pdu(cli, rhdr, current_pdu,
expected_pkt_type,
ret_data, ret_data_len, rbuf);
+ DEBUG(10,(rpc_api_pipe: got PDU len of %u at offset %u\n,
+ prs_data_size(current_pdu), current_rbuf_offset ));
+
if (!NT_STATUS_IS_OK(ret)) {
goto err;
}
svn commit: samba r10429 - in trunk/source/nsswitch: .
Author: jra
Date: 2005-09-22 18:46:55 + (Thu, 22 Sep 2005)
New Revision: 10429
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10429
Log:
Added Volker's fix for LSA pipes. winbindd should now work
with just a machine a/c password to do secure RPC.
Jeremy.
Modified:
trunk/source/nsswitch/winbindd_cm.c
Changeset:
Modified: trunk/source/nsswitch/winbindd_cm.c
===
--- trunk/source/nsswitch/winbindd_cm.c 2005-09-22 18:41:17 UTC (rev 10428)
+++ trunk/source/nsswitch/winbindd_cm.c 2005-09-22 18:46:55 UTC (rev 10429)
@@ -1162,22 +1162,72 @@
conn = domain-conn;
if (conn-lsa_pipe == NULL) {
+ fstring conn_pwd;
+ pwd_get_cleartext(conn-cli-pwd, conn_pwd);
+ if (conn-cli-user_name[0] conn-cli-domain[0]
+ conn_pwd[0]) {
+ /* We have an authenticated connection. Use
+ a NTLMSSP SPNEGO authenticated LSA pipe with
+ sign seal. */
+ conn-lsa_pipe =
+ cli_rpc_pipe_open_spnego_ntlmssp(conn-cli,
+PI_LSARPC,
+
PIPE_AUTH_LEVEL_PRIVACY,
+
conn-cli-domain,
+
conn-cli-user_name,
+conn_pwd,
+result);
+ if (conn-lsa_pipe == NULL) {
+ DEBUG(10,(cm_connect_lsa: failed to connect
+ to LSA pipe for domain %s using
+ NTLMSSP authenticated pipe: user
+ %s\\%s. Error was %s\n,
+ domain-name, conn-cli-domain,
+ conn-cli-user_name,
+ nt_errstr(result)));
+ } else {
+ DEBUG(10,(cm_connect_lsa: connected to LSA
+ pipe for domain %s using NTLMSSP
+ authenticated pipe: user %s\\%s\n,
+ domain-name, conn-cli-domain,
+ conn-cli-user_name ));
+ }
+ }
+
#ifndef DISABLE_SCHANNEL_WIN2K3_SP1
- struct dcinfo *p_dcinfo;
+ /* Fall back to schannel if it's a W2K pre-SP1 box. */
+ if (conn-lsa_pipe == NULL) {
+ struct dcinfo *p_dcinfo;
- if (cm_get_schannel_dcinfo(domain, p_dcinfo)) {
- conn-lsa_pipe =
- cli_rpc_pipe_open_schannel_with_key(conn-cli,
- PI_LSARPC,
-
PIPE_AUTH_LEVEL_PRIVACY,
-
domain-name,
- p_dcinfo,
- result);
- } else
+ if (cm_get_schannel_dcinfo(domain, p_dcinfo)) {
+ conn-lsa_pipe =
+
cli_rpc_pipe_open_schannel_with_key(conn-cli,
+
PI_LSARPC,
+
PIPE_AUTH_LEVEL_PRIVACY,
+
domain-name,
+
p_dcinfo,
+
result);
+ }
+ if (conn-lsa_pipe == NULL) {
+ DEBUG(10,(cm_connect_lsa: failed to connect
+ to LSA pipe for domain %s using
+ schannel authenticated. Error
+ was %s\n, domain-name,
+ nt_errstr(result) ));
+ } else {
+ DEBUG(10,(cm_connect_lsa: connected to LSA
+ pipe for domain %s using
schannel.\n,
+ domain-name ));
+ }
+ }
#endif /* DISABLE_SCHANNEL_WIN2K3_SP1 */
+
+ /*
svn commit: samba r10430 - in branches/SAMBA_3_0_RELEASE/source: include libsmb
Author: jerry Date: 2005-09-22 18:48:52 + (Thu, 22 Sep 2005) New Revision: 10430 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10430 Log: adding missing files Added: branches/SAMBA_3_0_RELEASE/source/include/smb_share_modes.h branches/SAMBA_3_0_RELEASE/source/libsmb/smb_share_modes.c Changeset: Sorry, the patch is too large (583 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10430
svn commit: samba r10431 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_RELEASE/source/utils
Author: jerry
Date: 2005-09-22 18:49:23 + (Thu, 22 Sep 2005)
New Revision: 10431
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10431
Log:
fix segfault when the pip open fails in 'net rpc' commands
Modified:
branches/SAMBA_3_0/source/utils/net_rpc.c
branches/SAMBA_3_0_RELEASE/source/utils/net_rpc.c
Changeset:
Modified: branches/SAMBA_3_0/source/utils/net_rpc.c
===
--- branches/SAMBA_3_0/source/utils/net_rpc.c 2005-09-22 18:48:52 UTC (rev
10430)
+++ branches/SAMBA_3_0/source/utils/net_rpc.c 2005-09-22 18:49:23 UTC (rev
10431)
@@ -131,6 +131,8 @@
if (!(conn_flags NET_FLAGS_NO_PIPE)) {
if (!cli_nt_session_open(cli, pipe_idx)) {
DEBUG(0, (Could not initialise pipe\n));
+ cli_shutdown(cli);
+ return -1;
}
}
Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_rpc.c
===
--- branches/SAMBA_3_0_RELEASE/source/utils/net_rpc.c 2005-09-22 18:48:52 UTC
(rev 10430)
+++ branches/SAMBA_3_0_RELEASE/source/utils/net_rpc.c 2005-09-22 18:49:23 UTC
(rev 10431)
@@ -131,6 +131,8 @@
if (!(conn_flags NET_FLAGS_NO_PIPE)) {
if (!cli_nt_session_open(cli, pipe_idx)) {
DEBUG(0, (Could not initialise pipe\n));
+ cli_shutdown(cli);
+ return -1;
}
}
svn commit: samba r10432 - in branches: SAMBA_3_0/source/rpc_parse SAMBA_3_0_RELEASE/source/rpc_parse
Author: jerry
Date: 2005-09-22 19:21:27 + (Thu, 22 Sep 2005)
New Revision: 10432
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10432
Log:
BUG 3080: fix 'net rpc shutdown' for XP clients
Modified:
branches/SAMBA_3_0/source/rpc_parse/parse_reg.c
branches/SAMBA_3_0/source/rpc_parse/parse_shutdown.c
branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_reg.c
branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_shutdown.c
Changeset:
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_reg.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_reg.c 2005-09-22 18:49:23 UTC
(rev 10431)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_reg.c 2005-09-22 19:21:27 UTC
(rev 10432)
@@ -1484,8 +1484,9 @@
q_u-server = TALLOC_P( get_talloc_ctx(), uint16 );
*q_u-server = 0x1;
+ q_u-message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 );
+
if ( msg *msg ) {
- q_u-message = TALLOC_P( get_talloc_ctx(), UNISTR4 );
init_unistr4( q_u-message, msg, UNI_FLAGS_NONE );
/* Win2000 is apparently very sensitive to these lengths */
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_shutdown.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_shutdown.c2005-09-22
18:49:23 UTC (rev 10431)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_shutdown.c2005-09-22
19:21:27 UTC (rev 10432)
@@ -34,8 +34,9 @@
q_s-server = TALLOC_P( get_talloc_ctx(), uint16 );
*q_s-server = 0x1;
+ q_s-message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 );
+
if ( msg *msg ) {
- q_s-message = TALLOC_P( get_talloc_ctx(), UNISTR4 );
init_unistr4( q_s-message, msg, UNI_FLAGS_NONE );
/* Win2000 is apparently very sensitive to these lengths */
Modified: branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_reg.c
===
--- branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_reg.c 2005-09-22
18:49:23 UTC (rev 10431)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_reg.c 2005-09-22
19:21:27 UTC (rev 10432)
@@ -1484,8 +1484,9 @@
q_u-server = TALLOC_P( get_talloc_ctx(), uint16 );
*q_u-server = 0x1;
+ q_u-message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 );
+
if ( msg *msg ) {
- q_u-message = TALLOC_P( get_talloc_ctx(), UNISTR4 );
init_unistr4( q_u-message, msg, UNI_FLAGS_NONE );
/* Win2000 is apparently very sensitive to these lengths */
Modified: branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_shutdown.c
===
--- branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_shutdown.c
2005-09-22 18:49:23 UTC (rev 10431)
+++ branches/SAMBA_3_0_RELEASE/source/rpc_parse/parse_shutdown.c
2005-09-22 19:21:27 UTC (rev 10432)
@@ -34,8 +34,9 @@
q_s-server = TALLOC_P( get_talloc_ctx(), uint16 );
*q_s-server = 0x1;
+ q_s-message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 );
+
if ( msg *msg ) {
- q_s-message = TALLOC_P( get_talloc_ctx(), UNISTR4 );
init_unistr4( q_s-message, msg, UNI_FLAGS_NONE );
/* Win2000 is apparently very sensitive to these lengths */
svn commit: samba r10433 - in trunk/source/rpc_parse: .
Author: jra
Date: 2005-09-22 19:28:20 + (Thu, 22 Sep 2005)
New Revision: 10433
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10433
Log:
Janitor for Jerry so we don't regress on XP shutdown code :-).
Jeremy.
Modified:
trunk/source/rpc_parse/parse_reg.c
trunk/source/rpc_parse/parse_shutdown.c
Changeset:
Modified: trunk/source/rpc_parse/parse_reg.c
===
--- trunk/source/rpc_parse/parse_reg.c 2005-09-22 19:21:27 UTC (rev 10432)
+++ trunk/source/rpc_parse/parse_reg.c 2005-09-22 19:28:20 UTC (rev 10433)
@@ -1484,8 +1484,9 @@
q_u-server = TALLOC_P( get_talloc_ctx(), uint16 );
*q_u-server = 0x1;
+ q_u-message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 );
+
if ( msg *msg ) {
- q_u-message = TALLOC_P( get_talloc_ctx(), UNISTR4 );
init_unistr4( q_u-message, msg, UNI_FLAGS_NONE );
/* Win2000 is apparently very sensitive to these lengths */
Modified: trunk/source/rpc_parse/parse_shutdown.c
===
--- trunk/source/rpc_parse/parse_shutdown.c 2005-09-22 19:21:27 UTC (rev
10432)
+++ trunk/source/rpc_parse/parse_shutdown.c 2005-09-22 19:28:20 UTC (rev
10433)
@@ -34,8 +34,9 @@
q_s-server = TALLOC_P( get_talloc_ctx(), uint16 );
*q_s-server = 0x1;
+ q_s-message = TALLOC_ZERO_P( get_talloc_ctx(), UNISTR4 );
+
if ( msg *msg ) {
- q_s-message = TALLOC_P( get_talloc_ctx(), UNISTR4 );
init_unistr4( q_s-message, msg, UNI_FLAGS_NONE );
/* Win2000 is apparently very sensitive to these lengths */
svn commit: samba r10434 - in branches/SAMBA_4_0/source/winbind: .
Author: metze Date: 2005-09-22 19:36:43 + (Thu, 22 Sep 2005) New Revision: 10434 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10434 Log: add a short path to the event context that should be used for async replies metze Modified: branches/SAMBA_4_0/source/winbind/wb_server.c branches/SAMBA_4_0/source/winbind/wb_server.h Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_server.c === --- branches/SAMBA_4_0/source/winbind/wb_server.c 2005-09-22 19:28:20 UTC (rev 10433) +++ branches/SAMBA_4_0/source/winbind/wb_server.c 2005-09-22 19:36:43 UTC (rev 10434) @@ -123,7 +123,8 @@ /* we have a full request - parse it */ status = ops-pull_request(wbconn-partial, wbconn, call); if (!NT_STATUS_IS_OK(status)) goto failed; - call-wbconn = wbconn; + call-wbconn= wbconn; + call-event_ctx = conn-event.ctx; /* * we have parsed the request, so we can reset the wbconn-partial_read, Modified: branches/SAMBA_4_0/source/winbind/wb_server.h === --- branches/SAMBA_4_0/source/winbind/wb_server.h 2005-09-22 19:28:20 UTC (rev 10433) +++ branches/SAMBA_4_0/source/winbind/wb_server.h 2005-09-22 19:36:43 UTC (rev 10434) @@ -107,6 +107,9 @@ #define WBSRV_CALL_FLAGS_REPLY_ASYNC 0x0001 uint32_t flags; + /* the backend should use this event context */ + struct event_context *event_ctx; + /* the connection the call belongs to */ struct wbsrv_connection *wbconn;
svn commit: samba r10435 - in branches/SAMBA_4_0/source/winbind: .
Author: metze Date: 2005-09-22 19:44:08 + (Thu, 22 Sep 2005) New Revision: 10435 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10435 Log: fill in the reference to the generic wbsrv_call in the wbsrv_samba3_call, so that async function can use it. metze Modified: branches/SAMBA_4_0/source/winbind/wb_samba3_protocol.c Changeset: Modified: branches/SAMBA_4_0/source/winbind/wb_samba3_protocol.c === --- branches/SAMBA_4_0/source/winbind/wb_samba3_protocol.c 2005-09-22 19:36:43 UTC (rev 10434) +++ branches/SAMBA_4_0/source/winbind/wb_samba3_protocol.c 2005-09-22 19:44:08 UTC (rev 10435) @@ -50,6 +50,7 @@ s3_call = talloc_zero(call, struct wbsrv_samba3_call); NT_STATUS_HAVE_NO_MEMORY(s3_call); + s3call-call = call; /* the packet layout is the same as the in memory layout of the request, so just copy it */ memcpy(s3_call-request, blob.data, sizeof(s3_call-request));
svn commit: samba r10436 - in branches/SAMBA_4_0/source/build/scons: .
Author: tpot
Date: 2005-09-22 23:30:08 + (Thu, 22 Sep 2005)
New Revision: 10436
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10436
Log:
Some thoughts on getting pidl working in scons.
Modified:
branches/SAMBA_4_0/source/build/scons/pidl.py
Changeset:
Modified: branches/SAMBA_4_0/source/build/scons/pidl.py
===
--- branches/SAMBA_4_0/source/build/scons/pidl.py 2005-09-22 19:44:08 UTC
(rev 10435)
+++ branches/SAMBA_4_0/source/build/scons/pidl.py 2005-09-22 23:30:08 UTC
(rev 10436)
@@ -10,7 +10,13 @@
idl_scanner = SCons.Scanner.ClassicCPP(PIDLScan, '.idl', 'CPPPATH',
r'depends\(([^,]+),+\)', SCons.Node.FS.default_fs)
+def idl_emitter(target, source, env):
+ base, ext = SCons.Util.splitext(str(source[0]))
+ result = ['gen_ndr/%s.c' % base, 'gen_ndr/%s.h' % base]
+ return result
+
pidl_builder = SCons.Builder.Builder(action='$PIDLCOM',
+emitter = idl_emitter,
src_suffix = '.idl',
suffix='.c',
scanner = idl_scanner)
@@ -18,7 +24,7 @@
def generate(env):
env['PIDL'] = env.Detect('pidl') or './pidl/pidl'
env['PIDLFLAGS'] = []
- env['PIDLCOM'] = 'CPP=$CPP $PIDL $PIDLFLAGS -- $SOURCE'
+ env['PIDLCOM'] = '$PIDL $PIDLFLAGS -- $SOURCE'
env['BUILDERS']['NdrMarshaller'] = pidl_builder
def exists(env):
svn commit: samba r10437 - in trunk/source: . auth include lib libads libsmb nsswitch rpc_parse smbd utils
Author: gd Date: 2005-09-22 23:42:38 + (Thu, 22 Sep 2005) New Revision: 10437 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10437 Log: Use the Kerberos PAC when building the user token in a SPNEGO-Kerberos Session Setup. In a lot of areas this is a direct port from Samba4 (especially the validation/verification of PAC signatures). The main difficulty was not make it work not only with Samba4's heimdal. The first, most obvious benefit from this: it makes it possible for Samba3 running in security = ads to use share security descriptors, privileges or any other authorization mechanisms that are based on the user's sid. Thanks a lot to Andrew Bartlett and metze. I tried my best to get original copyrights correct, please shout if I did that wrong somewhere. Guenther Modified: trunk/source/Makefile.in trunk/source/auth/auth_util.c trunk/source/auth/auth_winbind.c trunk/source/configure.in trunk/source/include/ads.h trunk/source/include/authdata.h trunk/source/include/includes.h trunk/source/include/rpc_netlogon.h trunk/source/lib/time.c trunk/source/libads/authdata.c trunk/source/libads/kerberos_verify.c trunk/source/libsmb/clikrb5.c trunk/source/nsswitch/winbindd_pam.c trunk/source/rpc_parse/parse_net.c trunk/source/smbd/sesssetup.c trunk/source/utils/ntlm_auth.c Changeset: Sorry, the patch is too large (2022 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10437
Build status as of Fri Sep 23 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-09-22 00:00:37.0 + +++ /home/build/master/cache/broken_results.txt 2005-09-23 00:00:09.0 + @@ -1,17 +1,17 @@ -Build status as of Thu Sep 22 00:00:02 2005 +Build status as of Fri Sep 23 00:00:02 2005 Build counts: Tree Total Broken Panic -ccache 7 2 0 -distcc 11 2 0 -lorikeet-heimdal 30 13 0 +ccache 8 2 0 +distcc 12 2 0 +lorikeet-heimdal 32 14 0 ppp 20 0 0 -rsync34 2 0 +rsync35 2 0 samba2 1 0 samba-docs 0 0 0 -samba4 36 17 2 -samba_3_035 13 0 -smb-build26 3 0 -talloc 32 8 0 -tdb 2 1 0 +samba4 37 33 0 +samba_3_036 13 0 +smb-build28 4 0 +talloc 33 9 0 +tdb 33 18 0
svn commit: samba r10438 - in branches/SAMBA_4_0/source: . build/m4 client heimdal_build include lib lib/com lib/replace libcli/resolve librpc/ndr torture winbind
Author: jelmer Date: 2005-09-23 00:38:22 + (Fri, 23 Sep 2005) New Revision: 10438 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10438 Log: Move portability functions to lib/replace/; replace now simply ensures that a given set of (working) POSIX functions are available (without prefixes to their names, etc). See lib/replace/README for a list. Functions that behave different from their POSIX specification (such as sys_select, sys_read, etc) have kept the sys_ prefix. Added: branches/SAMBA_4_0/source/lib/replace/README branches/SAMBA_4_0/source/lib/replace/dlfcn.c Modified: branches/SAMBA_4_0/source/SConstruct branches/SAMBA_4_0/source/build/m4/rewrite.m4 branches/SAMBA_4_0/source/client/client.c branches/SAMBA_4_0/source/dynconfig.c branches/SAMBA_4_0/source/heimdal_build/glue.c branches/SAMBA_4_0/source/include/includes.h branches/SAMBA_4_0/source/lib/com/tables.c branches/SAMBA_4_0/source/lib/replace/SConscript branches/SAMBA_4_0/source/lib/replace/config.m4 branches/SAMBA_4_0/source/lib/replace/config.mk branches/SAMBA_4_0/source/lib/replace/replace.c branches/SAMBA_4_0/source/lib/replace/replace.h branches/SAMBA_4_0/source/lib/signal.c branches/SAMBA_4_0/source/lib/system.c branches/SAMBA_4_0/source/lib/time.c branches/SAMBA_4_0/source/lib/util.c branches/SAMBA_4_0/source/libcli/resolve/host.c branches/SAMBA_4_0/source/librpc/ndr/ndr_basic.c branches/SAMBA_4_0/source/torture/torture.c branches/SAMBA_4_0/source/winbind/wb_samba3_protocol.c Changeset: Sorry, the patch is too large (1013 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10438
svn commit: samba r10439 - in trunk/source/libsmb: .
Author: jra
Date: 2005-09-23 01:05:08 + (Fri, 23 Sep 2005)
New Revision: 10439
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10439
Log:
Fix typo in debug from new pac code.
Jeremy.
Modified:
trunk/source/libsmb/clikrb5.c
Changeset:
Modified: trunk/source/libsmb/clikrb5.c
===
--- trunk/source/libsmb/clikrb5.c 2005-09-23 00:38:22 UTC (rev 10438)
+++ trunk/source/libsmb/clikrb5.c 2005-09-23 01:05:08 UTC (rev 10439)
@@ -204,7 +204,7 @@
if (tkt-enc_part2-authorization_data[i]-ad_type !=
KRB5_AUTHDATA_IF_RELEVANT) {
DEBUG(10,(get_auth_data_from_tkt: ad_type is
%d\n,
-
kt-enc_part2-authorization_data[i]-ad_type));
+
tkt-enc_part2-authorization_data[i]-ad_type));
continue;
}
svn commit: samba r10440 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet Date: 2005-09-23 02:05:26 + (Fri, 23 Sep 2005) New Revision: 10440 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10440 Log: Start passing against Win2k3 SP1 again, with the NTLMv2 changes described on the list. I probably need to write more specific NTLMv2 sucess and failure mode tests. Andrew Bartlett Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/samlogon.c === --- branches/SAMBA_4_0/source/torture/rpc/samlogon.c2005-09-23 01:05:08 UTC (rev 10439) +++ branches/SAMBA_4_0/source/torture/rpc/samlogon.c2005-09-23 02:05:26 UTC (rev 10440) @@ -572,7 +572,7 @@ DATA_BLOB lmv2_response = data_blob(NULL, 0); DATA_BLOB lmv2_session_key = data_blob(NULL, 0); DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0); - DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state-mem_ctx, lp_netbios_name(), lp_workgroup()); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state-mem_ctx, TEST_MACHINE_NAME, lp_workgroup()); uint8_t lm_session_key[8]; uint8_t user_session_key[16];
