Re: [samba] ldapsam:trusted = yes kills smbd
On Thu, Sep 29, 2005 at 05:39:03PM -0500, Gerald (Jerry) Carter wrote: the trusted=yes is not a complete replacement for nss_ldap IIRC. I would need to check to be sure. but what I remember is that this allows for certain group membership optimizations. Volker, can you confirm or correct me? You're correct. You still need ldap in /etc/nsswitch.conf, be it only for the other unix programs running. The major optimizations come from the assumption that all accounts relevant to Samba are in LDAP and both the posix and samba object classes are on the same LDAP entry. Volker pgpRFknvaVsVh.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
AW: [Samba] Cant browse network
Hi, I cant find any wins options in your smb.conf. I think you´ll need Wins for proper Network browsing. Maybe this Link would help you: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html Von: [EMAIL PROTECTED] im Auftrag von [EMAIL PROTECTED] Gesendet: Do 29.09.2005 19:48 An: samba@lists.samba.org Betreff: [Samba] Cant browse network Hi all Im pretty new to Samba. I would like to use Samba as a PDC, for some funny reason I cant browse the network. I cant find other machines on the network. The server says its a PDC, but my win clients (win2000) says its not. [2005/09/29 19:36:09, 1] nmbd/nmbd_incomingrequests.c:process_node_status_request(328) process_node_status_request: status request for name DYNACHEM00 from IP 192.168.10.141 on subnet UNICAST_SUBNET - name not found. [2005/09/29 19:38:56, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353) find_domain_master_name_query_fail: Unable to find the Domain Master Browser name DYNACHEM1b for the workgroup DYNACHEM. Unable to sync browse lists in this workgroup. [2005/09/29 19:41:17, 1] nmbd/nmbd_incomingrequests.c:process_node_status_request(328) process_node_status_request: status request for name DYNACHEM00 from IP 192.168.10.141 on subnet UNICAST_SUBNET - name not found. I have pasted my output from running testparm If anyone could help, I would be most grateful. Kind Regards Brent Clark == server:~ # testparm Load smb config files from /etc/samba/smb.conf Can't find include file Processing section [homes] Processing section [netlogin] Processing section [profiles] Processing section [IPC$] Processing section [storage] Processing section [apps] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = WORKGROUP interfaces = eth0, lo bind interfaces only = Yes passdb backend = tdbsam username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 large readwrite = No name resolve order = lmhosts bcast hosts time server = Yes printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null '%u' shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = scripts\logon.bat logon path = \%L\profiles\%U logon drive = X: logon home = \%L\%U domain logons = Yes os level = 65 lm announce = Yes preferred master = Yes domain master = Yes utmp = Yes map acl inherit = Yes veto files = /*.eml/*.nws/*.{*}/ veto oplock files = /*.doc/*.xls/*.mdb/ [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogin] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes locking = No [profiles] comment = Profile Share path = /usr/lib/samba/profiles read only = No profile acls = Yes [IPC$] path = /tmp hosts allow = 192.168.10.0/24, 127.0.0.1/24 hosts deny = 0.0.0.0/0 [storage] path = /storage/ read only = No inherit acls = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba https://pdbvpn1.fujitsu-siemens.com/https/0/lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: multiple domain login failures
Am Donnerstag, 29. September 2005 18:26 schrieb Rex Dieter: Stan Garvin wrote: Offhand, you're using a relatively old version of samba. I'd recommend upgrading to the latest version (3.0.14a at the moment) and re-test. -- Rex Hi, I'm having the same problem... using the rpm from SuSE-9.2 (version 3.0.9...) Upgrading to 3.0.20 doesn't solve it. Some users can login from a particular workstation, while others cannot. I don't know how to debug that kind of failure (Error dialog from WinXP said something like domain is not available) The problem shows up right after adding a new user to the samba server. But don't know if it is the cause. br, Sebastian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo joined the domain but -t is in error
Hello, Still having some problem about the joined domain of wbinfo. bash-3.00# net join -w d-ci3 -U d-bi1\\admin Password: Joined domain D-CI3. bash-3.00# wbinfo -t checking the trust secret via RPC calls failed error code was (0x0) Could not check secret it's running on samba 3.0.20 and Solaris 8 any clue ? why here is the config: [global] workgroup = D-CI3 server string = squid proxy %v security = DOMAIN password server = 10.17.12.56 10.17.12.57 log level = 1 wins server = 10.17.12.9, 10.17.17.8 idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = Yes thanks for any help regards, arno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] ldapsam:trusted = yes kills smbd - THANKS :)
Thanks guys for your help so quickly, who says open source support is rubbish ;) Results: I came in this morning and Our LDAP server is now running at a load average of 0.4-9 with slapd at 10-30% :) the lastweek its been at a load average of 16-23 slapd at 98% :( Now we have no LDAP queries of filter=(objectclass=posixaccount) which was what was killing our LDAP server as it was trying to get over 50,000 entries. :) every few minutes. Having ldapsam:trusted = yes has greatly improved our proformance :) and my teams worry :) The University of Sunderland (UK) are commited to using open source software. We in the small IT Systems Team would like to try and get the University to make a donation to the Samba Project, how would we go about this if its possible? Regards Daniel Wilson Jeremy Allison wrote: On Thu, Sep 29, 2005 at 11:16:03PM +0100, Daniel Wilson wrote: ok i have now changed the sambaSID on the user nobody to be gloabl- sam-sid-501 it now finds the user nobody but still says it can't find the primary group: for the user nobody, here are my ldap entries: # nobody, People, Staff, Itacs, sunderland.ac.uk dn: uid=nobody,ou=People,ou=Staff,ou=Itacs,dc=sunderland,dc=ac,dc=uk sambaSID: S-1-5-21-82148923-2461359520-1342846908-501 cn: nobody uid: nobody gidNumber: 65533 sambaPrimaryGroupSID: S-1-0-0 (which i understand is nobody on windows) No, that sid S-1-0-0 is wrong I think. Look here for details : http://linux-ntfs.sourceforge.net/ntfs/concepts/sid.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net group members timeout
Hi team, I have detected an unusual behaviour on my configuration. I use samba-3.0.4 with OpenLDAP on HPUX and AIX, which works fine. except ... when I try net user or net group command, the result is correct and immediate. When I try net group members groupA, it works fine as well, but on a net group members groupB, I get the following message : [Fri Sep 30 09:44:05 2005 , 0] rpc_client/cli_pipe.c:rpc_api_pipe(424) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds and here are the last lines in log file (log level 3) : in the exemple, groupB corresponds to domain admins group, gid 512 / rid 512 [Fri Sep 30 09:43:55 2005 , 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [Fri Sep 30 09:43:55 2005 , 2] passdb/pdb_ldap.c:init_group_from_ldap(1792) init_group_from_ldap: Entry found for group: 512 [Fri Sep 30 09:43:55 2005 , 3] smbd/sec_ctx.c:pop_sec_ctx(385) pop_sec_ctx (1, 1) - sec_ctx_stack_ndx = 0 any idea why this happens ? many thanks by advance -- Fred LacombeLinagora S.A. Open Source Project Manager30, rue Saint Augustin Tel. : +33 (0)1 58 18 68 28 Fax. : +33 (0)1 58 18 68 29 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hilfe bei Samba Problem
Mhmm, 1. language of this list is english 2. did you see some log entries? 3. try another backup tool Hi, bei mir läuft Samba 3.0 unter SuSE 9.0 als Fileserver für verschiedene Windowsrechner. Seit der Umstellung von Samba 2 unter SuSE 8.0 kann ich kein Backup der Netzlaufwerke mit dem Windows2000 (SP2) mehr machen. Das Backup-Programm ist zugegeben etwas altertümlich: BackupExec 5.0.16... Seit der Umstellung auf Samba 3.0 kann dieses Programm nicht mehr auf die Netzlaufwerke zugreifen. Fehlermeldung: Unable To Attach To N: Enter Password Was ich dann tue, aber ohne Erfolg. Die Netzlaufwerke sind im Explorer sichtbar und man kann darauf zugreifen. Es bestehen uneingeschränkte Schreibrechte. Der Norton Security Firewall habe ich das BackupExec Programm als vertrauenwürdig eingetragen. Dem User habe ich unter W2000 Backuprecht erteilt. Was mache ich falsch, was habe ich vergessen? Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Stefan Berger - Systemadministrator - DIMA Systems AG Nonnenstraße 39 04229 Leipzig Tel.: +49 3641 2825 - 43 mobil: +49 172 3721 - 231 Fax.: +49 341 2866 - 333 mailto: [EMAIL PROTECTED] www.dima-systems.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] ldapsam:trusted = yes kills smbd
Hello, I've just seen this thread.. I had exactly the same problem and posted on it a few weeks ago. I obviously didn't express it clearly enough, but I asked for an explanation of the group mapping stuff in samba 3.0.20 because it doesn't seem to be documented, especially the fact that samba won't start if the builtin groups aren't mapped. Here is an extract from my posting: I may be missing something, but it seems that there has been a change between 3.0.14a and 3.0.20 which means that a user's primary UNIX group HAS to be mapped to a valid NT group (i.e. the primary UNIX group in the LDAP DB has to have the sambagroupmapping attribute and a SID). Can anyone confirm this as a new requirement or am I being a bit stupid? I'm using an LDAP backend with no IDmap or winbind. -- Tom. Tom Crummey, Systems and Network Manager, EMAIL: [EMAIL PROTECTED] Department of Electronic and Electrical Engineering, University College London, TEL: +44 (0)20 7679 3898 Torrington Place, FAX: +44 (0)20 7388 9325 London, UK, WC1E 7JE. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Hilfe bei Samba Problem
If version of Samba is 3.04 or 3.05, try upgrading at least to version 3.07. Could be same problem I had using SyncbackSE, which could not see subfolders of sambaserver using new type of microsoft dialog box to select folders. See https://bugzilla.samba.org/show_bug.cgi?id=1345. Herzliche Gruesse Alan Hi, bei mir läuft Samba 3.0 unter SuSE 9.0 als Fileserver für verschiedene Windowsrechner. Seit der Umstellung von Samba 2 unter SuSE 8.0 kann ich kein Backup der Netzlaufwerke mit dem Windows2000 (SP2) mehr machen. Das Backup-Programm ist zugegeben etwas altertümlich: BackupExec 5.0..16... Seit der Umstellung auf Samba 3.0 kann dieses Programm nicht mehr auf die Netzlaufwerke zugreifen. Fehlermeldung: Unable To Attach To N: Enter Password Was ich dann tue, aber ohne Erfolg. Die Netzlaufwerke sind im Explorer sichtbar und man kann darauf zugreifen.. Es bestehen uneingeschränkte Schreibrechte. Der Norton Security Firewall habe ich das BackupExec Programm als vertrauenwürdig eingetragen. Dem User habe ich unter W2000 Backuprecht erteilt. Was mache ich falsch, was habe ich vergessen? Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Need help with IDMAP storage in LDAP using Winbind
Hi, On Thu, 2005-09-29 at 17:36 +0200, paul kölle wrote: Kristof Bruyninckx wrote: But still there are some new problems that popped up. wbinfo -u ,wbinfo -g and wbinfo -t still work. Also getent passwd works, and shows me all the windows accounts, but it is very slow, when starting this command the LDAP starts pumping a lot of messages into /var/log/message, this in it self is not a real problem since the debugging is turned to maximum. logging slows things down, additionally you might consider adding indexes for the relevant attributes to slapd.conf, shut down the ldap server run slapindex and start again. It was indeed the logging which was slowing me down so badly, turned of debugging and the system is very responsive now. But even do getent passwd is working, I cannot perform id Windows.Usename Hmm, I'd expect id should work for root as soon as getent works for root. Stop nscd if running. I'm sure you alread red this: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html nor login as that user. You have set up pam_winbind have you? ldapsearch -x -b 'dc=thales,dc=be' '(objectclass=*)' also doesn't show me any entry, and if I'm not mistaken it should display everything. No, this is an anonymous search and your ACLs do not grant anonymous read access. I don't know if that is a problem for nss_winbind though, try changing your last ACL to: Also is no longer giving me any problems, and displays all the users. access to * by dn.base=uid=samba,ou=Idmap,dc=thales,dc=be write by self write by users read by * read If that helps you will have to investigate which component uses anonymous binds and if that can be changed. cheers Paul But I have one more question, I configured a LDAP client, and on this machine I can see all the normal NIS users, but I don't see any windows users. This might sound stupid but this was what how I expected it to work. Sometimes it takes a while for the brain to catch a clue :). Now my question would be, how to setup the client, to use the mapping stored into the LDAP server. If this is possible, since at the moment I'm a bit confused. Do I have to perform this setup on every server to Unify SID to UID/GID mapping. Or how can I use the LDAP server I just setup for this purpose, sorry if this question is well documented somewhere, but I haven't found anything yet, maybe because I was asking the wrong questions. Cheers, -- Bruyninckx Kristof Thales Services Division GNULinux/Unix System Administrator / Test developer Tel: 02/674.76.49.19 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba (3.0.20) doesn't use TLS for LDAP referrals
Jay Fenlason wrote: I can see _four_ unencrypted tries to the master directory server and a network trace confirms that samba doesn't use TLS with referrals. first contact with the slave directory: Sep 29 18:25:43 slave slapd[30977]: = check a_authz.sai_ssf: ACL 112 OP 168 fwe seconds later the referral is followed: Sep 29 18:25:45 master slapd[6738]: = check a_authz.sai_ssf: ACL 112 OP 0 is it a bug in samba? or in the OpenLDAP libraries? Could be the OpenLDAP libraries. What version of them are you using? OpenLDAP 2.2.28 (it's the last version of the 2.2.x series) It sounds suspiciously like https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161991 which is the OpenLDAP part of http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069 Jay, you are right, I'm hitting this bug[1]. I' will post the question in the OpenLDAP ML. Thank you. [1] http://www.openldap.org/its/index.cgi/Software%20Bugs?id=3791;selectid=3791 -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w--- O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+ G++ e- h+(++) !r !z --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Need help with IDMAP storage in LDAP using Winbind
Kristof Bruyninckx wrote: [snipp] But I have one more question, I configured a LDAP client, and on this machine I can see all the normal NIS users, but I don't see any windows users. This might sound stupid but this was what how I expected it to work. Sometimes it takes a while for the brain to catch a clue :). ;), if I recall your setup correctly you don't have the windows users in LDAP. They are comming from AD and nss_winbind makes them available for the OS. Idmap provides a means to share SID - UID mappings across multiple servers. Something like: Now my question would be, how to setup the client, to use the mapping stored into the LDAP server. This largely depends on the definition of use. If this is possible, since at the moment I'm a bit confused. Do I have to perform this setup on every server to Unify SID to UID/GID mapping. Or how can I use the LDAP server I just setup for this purpose, For your samba servers you just point every member server to your ou=Idmap, ... branch. You *can* add another LDAP server as slave to add redundancy but that's another story. grz Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profiles not supporting quota
Dear Group, I'm using samba 3.x as a PDC, and I'm using linux system quota v2 for samba. Here is my problem: if a user copies a big file to the desktop (bigger than the quota set for that user), when he logs off, the profile wont syncronize with the server with the message disk full. Is there a way to let the WinXp client to understand how much space is available also for the local profile that must be syncronized later with the server? In other words: how can i manage to solve this problem not having to make mandatory profiles? I want the users to do whatever they want with the quota i gave them. Thanks a lot, Lorenzo Lorenzo Allori Systems Administrator Office: +393491924516 Mobile: +393398612411 The Medici Archive Project [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles not supporting quota
Allori Lorenzo schrieb: Here is my problem: if a user copies a big file to the desktop (bigger than the quota set for that user), when he logs off, the profile wont syncronize with the server with the message disk full. Is there a way to let the WinXp client to understand how much space is available also for the local profile that must be syncronized later with the server? In other words: how can i manage to solve this problem not having to make mandatory profiles? I want the users to do whatever they want with the quota i gave them. Limiting the size of roaming profiles is a good idea anyway. You can use policies to move some folders (e.g. the Desktop folder) out of the profile (e.g. into a subdirectory of the user's homedirectory). And you can use policies to tell windows to enforce a size limit for the roamin profile. (NB: for replication to work you will need windows to limit the profile size to half the quota size. Of course, you will need to have separate quota for profile directory and user home directory.) http://www.pcc-services.com/custom_poledit.html looks like a nice starting point for using profiles on samba. Kind regards, Wolfgang Ratzka -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP PDC question
When setting up an LDAP PDC do I have to have both user and machines in the ou=People container? Here's what I've got. LDAP Tree ou=People,o=umd.umich.edu ou=NIS,ou=Groups,o=umd.umich.eud ou=machines,ou=Samba,ou=Services,o=umd.umich.edu ou=Idmap,ou=Samba,ou=Services,o=umd.umich.edu smb.conf (ldap stuff) ldap delete dn = no ldap suffix = o=umd.umich.edu ldap user suffix = ou=People ldap group suffix = ou=NIS,ou=Groups ldap machine suffix = ou=machines,ou=Samba,ou=Services ldap idmap suffix = ou=Idmap,ou=Services ldapsam:trusted = yes idmap backend = ldap:ldap://tien.its.umd.umich.edu passdb backend = ldapsam:ldap://tien.its.umd.umich.edu NSS setting nss_base_passwd ou=People nss_base_groups ou=NIS When I attempt to join a workstation to the domain the smbldap- useradd script works and creates the posix entry, but the samba attributes are never add and the workstation returns the error user can not be found. If I try adding the workstation using smbpasswd -a -m I get Failed to initialise SAM_ACCOUNT for user its-1150d$. Does this user exist in the UNIX password database which would be correct since machine accounts aren't under ou=People the local workstation won't be able to look them up. I don't want my unix users seeing all the windows workstations. Thanks, Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Need help with IDMAP storage in LDAP using Winbind
So basically the winbind has to be setup as usual, pointing to the PDC, but instead of storing it's SID/UID/GID locally, it will use the remote SID-UID/GID mappings stored in the LDAP correct? For example : On a system previously working just with winbind to resolve the SID to UID/GID locally, I should just change the following to make it use the remotely stored mappings : client system : [global] log level = 6 workgroup = THALES-IS realm = THALES-IS.BE server string = Samba Server security = ads password server = 192.168.1.99 username map = /etc/opt/samba/smbusers log file = /var/log/samba/smbd.log max log size = 5 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #printcap name = /etc/printcap dns proxy = No ldap admin dn = uid=samba,ou=Idmap,dc=thales,dc=be ldap idmap suffix = ou= Idmap ldap suffix = dc=thales,dc=be idmap backend = ldap:ldap://192.168.1.143 #Our IDMAP LDAP we just setup. ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 encrypt passwords = yes winbind enum users = yes winbind enum groups = yes template shell = /bin/bash winbind separator = / winbind cache time = 10 winbind use default domain = yes hosts allow = 192.168.1. I ran the smbpasswd -w MyverySecretPassword, but still when I start this I see in the smb log, [2005/09/30 16:04:12, 0] lib/smbldap.c:smbldap_connect_system(751) ldap_connect_system: Failed to retrieve password from secrets.tdb [2005/09/30 16:04:12, 1] lib/smbldap.c:another_ldap_try(951) Connection to LDAP server failed for the 3 try Are there anymore changes I need to do in the ldap.conf on client side? wbinfo -u , wbinfo -g work, and shows me the users, but when I try getent passwd, it just says in the logs cannot lookup domain user ... . But ok when it fails to authenticate this is supposed to be normal. Also when preforming ID on one of the NIS users, this works nicely. The link there to the LDAP is working. On Fri, 2005-09-30 at 14:31 +0200, paul kölle wrote: Kristof Bruyninckx wrote: [snipp] But I have one more question, I configured a LDAP client, and on this machine I can see all the normal NIS users, but I don't see any windows users. This might sound stupid but this was what how I expected it to work. Sometimes it takes a while for the brain to catch a clue :). ;), if I recall your setup correctly you don't have the windows users in LDAP. They are comming from AD and nss_winbind makes them available for the OS. Idmap provides a means to share SID - UID mappings across multiple servers. Something like: Now my question would be, how to setup the client, to use the mapping stored into the LDAP server. This largely depends on the definition of use. If this is possible, since at the moment I'm a bit confused. Do I have to perform this setup on every server to Unify SID to UID/GID mapping. Or how can I use the LDAP server I just setup for this purpose, For your samba servers you just point every member server to your ou=Idmap, ... branch. You *can* add another LDAP server as slave to add redundancy but that's another story. grz Paul -- Bruyninckx Kristof Thales Services Division GNULinux/Unix System Administrator / Test developer Tel: 02/674.76.49.19 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] recycle not working as I expected
I have the following in my configuration file and recycle is working for the share but - versions is working as I expected - touch does not seem to be changing the time on the files to show me when they were deleted - keeptree does not work when there are multiple users within a share and prevents the recycle from working in some cases. if user1 deletes a file everything works fine. If user2 deletes something along the same tree the permissions prevent the creation of the file in the recycle. So I've turned off keeptree - exclude does not seem to be working. I have tried the syntax below along with recycle:exclude = /*.tmp/*.temp/ similar to what is used in veto files. samba 3.0.10 Any help appreciated. vfs object = recycle recycle:versions = yes recycle:touch = yes recycle:keeptree = no recycle:exclude = *.tmp|*.temp This has been working for me for quite some time now: [E911home] comment = Lake Region 911 Group Folder path = /data/e911home read only = No create mask = 0776 directory mask = 0775 vfs objects = recycle recycle:repository = Recycle Bin/%U recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:maxsize = 0 recycle:exclude = *.tmp *.TMP *.bak *.BAK recycle:exclude_dir = /tmp '/Recycle Bin' /temp /TMP /TEMP recycle:noversions = *.doc *.DOC *.xls *.XLS *.sxw *.sxc *.bkf You will have to manually create the Recycle Bin folder (directory) at the root of each share, but not the individual user folder. Samba creates a separate (username) folder for each user. If I had it to do over again, I wouldn't put the space in the Recycle Bin folder name . . . it has caused me to have to do alot of complicated scripting to purge the files automatically. But . . . live and learn. :) Jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS and domain controller
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: On Thu, Sep 29, 2005 at 03:30:19PM +0100, Will Payne wrote: Hi, Is there any way to 'administer' Samba's WINS database? I'm attempting to get Samba to take over our NT servers' current functionality so that we can ditch them entirely. I've enabled WINS support and told our DHCP server to point at it. Is there any way of viewing it's database to see if it's working? That database in in plain text in wins.dat so it's easy to view. Currently there aren't any good admin tools - I need to work on and fix that (thanks for the reminder :-). The biggest problem here IMO is that the wins.dat is a temporary dump of what nmbd has in memory. You can't edit it during run time and get changes immediately. We also don't really support static wins entries yet (I know we have that horrible wins.dat hack but it's not really easy). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPVPyIR7qMdg1EfYRAtMqAKCGGuBcapjgLt3WpMcgFgDRhJ/ezQCdFKHV LkYqReW0l3cgWky7yg6a2aI= =rugG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: multiple domain login failures
We are running a rather old version of Samba, so I don't know if this might apply to your problem or not... We had similar problems when our network config changed, and WINS entries were no longer fed to DHCP clients. Users that had previously logged in the workstation could still log into the PC, but someone who had never logged in before got the domain not available error (we have local profiles, not roaming; I assumed cached credentials). While we have been trying to get the network guys to change the DHCP setup, our workaround was putting entries into LMHOSTS for the Samba server onto each affected PC. As I said, maybe not relevant to your situation... HTH - john On Fri, 30 Sep 2005 09:08:14 +0200 Sebastian Held [EMAIL PROTECTED] wrote: Hi, I'm having the same problem... using the rpm from SuSE-9.2 (version 3.0.9...) Upgrading to 3.0.20 doesn't solve it. Some users can login from a particular workstation, while others cannot. I don't know how to debug that kind of failure (Error dialog from WinXP said something like domain is not available) The problem shows up right after adding a new user to the samba server. But don't know if it is the cause. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Simple fix to horrible bug in Samba website CSS
On Wed, Jun 29, 2005 at 10:52:44AM -0500, Deryck Hodge wrote: Hash: SHA1 Gerald (Jerry) Carter wrote: Nick, Is this an old message? I thought we already talked about this? Deryck, don't you remember a discussion about this? Nope. In fact, I never got (or noticed) this mail before now. I don't know what happened, but I can't even find a trace of it. Sorry about that! I've never noticed any of the display problems you describe. Because you never pressed Ctrl-+ many times in Firefox until the font became larger than the fixed size of 20 pixels. I have attached two screen images of the menu, one with the default CSS, the other with the following simple patch applied. I agree this needs to be fixed. You're just the first to report problems on really high resolutions. I guess most people who use high resolutions generally like the tiny fonts. :-) $ diff -u main.css-orig main.css +++ main.css2005-06-08 19:18:55.0 +1000 @@ -161,7 +161,7 @@ .nav a:link, .nav a:visited { display:block; - height:20px; + #height:20px; font-size:small; color:#2B5C9F; } Trust me, it needs fixing. And trust me, it will be. :-) Thank you very much. For the first time, I can now read the samba web site without the menus looking a jumbled mess. I hope that the changes I have made to my web site are enough for you. -- Nick Urbanik RHCE http://nicku.org nicku(at)nicku.org Proud ex-member of Dept. of Information Communications Technology in Hong Kong IVE (Tsing Yi), Home of Visual Paradigm: Jolt Productivity Award winner, programmed by ICT's own graduates! GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24ID: BB9D2C24 pgpOnr65nuZcH.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticating Samba against Active Directory
I trying to authenticate samba 3.0.13 against active directory using my SLES 9 linux box. I have istalled OpenLDAP, Samba, Kerberos (Heimdal) and PAM. I can join my domain, and I can see using wbinfo -u the domain users from active directory, but I cannot see them with the getent passwd command. Can you help me? The log generated with the nmbd is this: [2005/09/30 16:31:29, 0] nmbd/nmbd.c:main(718) Netbios nameserver version 3.0.20 started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2005/09/30 16:31:29, 0] nmbd/nmbd.c:main(737) standard input is not a socket, assuming -D option The log generated with the winbindd -i -d3 is this: winbindd version 3.0.20 started. Copyright The Samba Team 2000-2004 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /opt/samba-3.0.13/lib/smb.conf Processing section [global] Processing section [public] adding IPC service adding IPC service added interface ip=192.168.211.146 bcast=192.168.211.255 nmask=255.255.255.0 added interface ip=192.168.211.146 bcast=192.168.211.255 nmask=255.255.255.0 Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Added domain IVY IVY.LTD.UK S-1-5-21-286760449-2502667932-2086727194 Added domain BUILTIN S-1-5-32 Added domain TS-IVY-01 S-1-5-21-300931632-1033023069-1792939587 resolve_lmhosts: Attempting lmhosts lookup for name ms-ivy-01.ivy.ltd.uk0x20 resolve_wins: Attempting wins lookup for name ms-ivy-01.ivy.ltd.uk0x20 resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name ms-ivy-01.ivy.ltd.uk0x20 fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) cm_get_ipc_userpass: No auth-user defined Doing spnego session setup (blob length=109) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Doing kerberos session setup Ticket in ccache[MEMORY:cliconnect] expiration Sat, 01 Oct 2005 02:56:18 GMT lsa_io_sec_qos: length c does not match size 8 [ 4584]: list trusted domains ads: trusted_domains The above information is confidential to the addressee and may be privileged. Unauthorised access and use is prohibited. Internet communications are not secure and therefore this Company does not accept legal responsibility for the contents of this message. If you are not the intended recipient, any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. The sender does not accept any responsibility for viruses and it is your responsibility to scan the email and any attachments. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] pam_mkhomdir.so is creating machine folders when used withsamba
I have tried changing the valid users on the [homes] share to %D+%u, instead of leaving the default, thinking it might be trying %S, which might have been causing the machine name folders to be created, that was not it, I tried changing the location of the pam_mkhomedir.so session string. I moved it to /etc/pam.d/samba, I moved it to the last string in system-auth, nothing has made a difference. I can't find a pam option to keep this from happening, and I did find a samba thread on this list about this being by design, and they eventually went with a pre-exec script. I see a ton of pam_mkhomedir threads on the samba list, but none of them mention the machine name directory getting created, and how to prevent it. Any help would be greatly appreciated. Barry Smoke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Smoke Sent: Thursday, September 29, 2005 10:22 AM To: samba@lists.samba.org Subject: [Samba] pam_mkhomdir.so is creating machine folders when used withsamba Hello Samba Users, I recently found out about pam_mkhomedir.so, and now use it on a couple of servers. It works great, except that it is constantly creating directories for the machines that connect also. is my problem in my pam config, or my samba config? What can I do to keep this from happening? here is my config [global] workgroup = audit netbios name = Storage1 server string = Storage1 security = ADS encrypt passwords = yes realm = AUDIT.LOCAL obey pam restrictions = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + winbind use default domain = yes use sendfile = yes log level = 1 passdb:5 auth:1 winbind:1 template homedir = /data/%D/%U #template shell = /bin/bash time server = yes [homes] comment = Home Directories #valid users = %S read only = no browseable = no vfs objects = recycle:keeptree [EMAIL PROTECTED] pam.d]# cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session sufficient/lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so Thanks, Barry Smoke Network Administrator AR Division of Legislative Audit -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Differences with net join
All; I'm getting closer to tracking down my problem (I hope). Since I want samba to verify the windows users from the Windows domain, I did the usual net join. But it still doesn't get the users from there, I still need an smbpasswd file. So... now the question (for the real samba gurus): Is there a substantial difference between: net ads join -w domain/workgroup and net rpc join -w domain/workgroup ? I did the net rpc because I don't have ads compiled in (owing to the problems with IBMs implementation of Kerberos not being compatable with Samba..). BTW: The join was successful, but Samba isn't pulling user IDs from there. To do what I need to, do I HAVE to have ads compiled in? Thanks again! -ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
On Fri, Sep 30, 2005 at 10:01:45AM -0600, Ric Tibbetts wrote: All; I'm getting closer to tracking down my problem (I hope). Since I want samba to verify the windows users from the Windows domain, I did the usual net join. But it still doesn't get the users from there, I still need an smbpasswd file. So... now the question (for the real samba gurus): Is there a substantial difference between: net ads join -w domain/workgroup and net rpc join -w domain/workgroup ? I did the net rpc because I don't have ads compiled in (owing to the problems with IBMs implementation of Kerberos not being compatable with Samba..). BTW: The join was successful, but Samba isn't pulling user IDs from there. To do what I need to, do I HAVE to have ads compiled in? No, you shouldn't. What is the Domain controller running ? Is it W2K3 SP1 ? Can you post an smbd log level 10 showing a user trying to connect to your system, this should show us what is going on when smbd is trying to connect to the DC. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble with ntlm_auth
Hi all, I'm having trouble getting ntlm_auth working with the --require-membership-of= option. I did rebuild the Samba RPM so that it had the --enable-auth=ntlm,basic and --enable-external-acl-helpers=wbinfo_group settings. The command line test for the squid-2.5-basic protocol returns an OK. The one using the squid-2.5-ntlmssp protocol returns what looks like a line that should be going to a log file and then a BH. Any time that I add the --require-membership parameter to the ntlm_auth line in my squid.conf file it fails every time. Below are the config lines I'm using: # Experimental Domain Authentication auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --require-membership-of=MERCURY\WebAccess auth_param ntlm children 30 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic --require-membership-of=MERCURY\WebAccess auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl AuthorizedUsers proxy_auth REQUIRED http_access allow all AuthorizedUsers -- Michael St. Laurent Hartwell Corporation -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Free space/capacity displayed as garbage...
Can noone shed some light on this issue, because as it stands now, it is not useable. Best Wishes, Marc Gregoire -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of samba Sent: dinsdag 27 september 2005 19:53 To: samba@lists.samba.org Subject: [SPAM] [Samba] Free space/capacity displayed as garbage... Dear, I'm having some strange problems with Samba. I have shared a linux folder on my samba and have mapped it to a drive letter in Windows XP (I also tried with Windows 2000). When I right click my mapped drive and click on properties to view the free space and capacity, I get all garbage as can be seen from the screenshot at: http://www.nuonsoft.com/temp/samba_free_space.jpg I'm running the latest version 3.0.20 and it is running on AlphaCore which is Fedora Core 3 for the Alpha (64 bit platform). It compiled without problems with gcc 3.4.3. Because of this issue, I'm unable to use my samba network share from programs that check the freespace before doing something, like for example creating a cd image. Any help will be appreciated. My smb.conf is as follows: [global] workgroup = GREGOIRE server string = Alpha Server printcap name = cups cups options = raw log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 dns proxy = no winbind uid = 16777216-33554431 winbind gid = 16777216-33554431 restrict anonymous = no domain master = no preferred master = no max protocol = NT ldap ssl = No server signing = Auto username map = /etc/samba/smbusers [homes] comment = Home Directories browseable = no read only = no [printers] comment = All Printers path = /var/spool/samba printable = yes printer name = EPSPHOTO guest ok = yes [mydocs] case sensitive = no guest ok = yes msdfs proxy = no read only = no path = /mydocs Some more system info: [EMAIL PROTECTED] ~]# smbd --version Version 3.0.20 [EMAIL PROTECTED] ~]# nmbd --version Version 3.0.20 [EMAIL PROTECTED] ~]# uname -a Linux alpha 2.6.11-1.1180axp_FC3 #1 Mon Apr 18 11:34:15 EEST 2005 alpha alpha alpha GNU/Linux If you need other system information, please ask. Kind Regards, Marc -- Marc Gregoire NuonSoft Website: http://www.nuonsoft.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS and domain controller
On Fri, Sep 30, 2005 at 10:04:18AM -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: On Thu, Sep 29, 2005 at 03:30:19PM +0100, Will Payne wrote: Hi, Is there any way to 'administer' Samba's WINS database? I'm attempting to get Samba to take over our NT servers' current functionality so that we can ditch them entirely. I've enabled WINS support and told our DHCP server to point at it. Is there any way of viewing it's database to see if it's working? That database in in plain text in wins.dat so it's easy to view. Currently there aren't any good admin tools - I need to work on and fix that (thanks for the reminder :-). The biggest problem here IMO is that the wins.dat is a temporary dump of what nmbd has in memory. You can't edit it during run time and get changes immediately. We also don't really support static wins entries yet (I know we have that horrible wins.dat hack but it's not really easy). Yep - we need a command line WINS editor Can you open a bugzilla entry and assign it to me so I don't forget ? Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20a Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === He's not the first psycho to hire us nor the last. You think that's a commentary on us? -- Capt. Malcolm Reynolds (Firefly 2002) === Release Announcements = This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. Please read the following important changes in this release. Common bugs fixed in 3.0.20a include: o Stability problems with winbindd. o Crash bugs caused by incompatibilities on 64-bit systems. o Missing files from directory listings on AIX servers o User Manager interoperability problems. o Minor build difficulties on various platforms such as Solaris and OpenBSD, Winbind, security = domain, and Active Directory Recent security updates for Windows 2000 and Windows 2003 have changed the fashion in which user and group lists can be obtained from domain controllers. In short, the RPC mechanisms used by security = domain to retrieve users and groups is not compatible with these changes. The security = ads configuration is not affected by the Windows protocol changes. Samba developers are actively working to correct this problem in the 3.0.21 release. In the meantime, Administrators who are unable to migrate to security = ads and must continue using security = domain, can define credentials to be used by winbindd for account enumeration by executing the following command as root. root# wbinfo --set-auth-user='DOMAIN\username%password' Download Details The uncompressed tarball and patch files have been signed using GnuPG (ID F17F9772). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.20a.html Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPVI8IR7qMdg1EfYRAvCQAJ90WWeiIy0E4YzRBOexQdT8wYLLcACfdJ88 1rltxXuuR/hootWxm5IAdJk= =SXTO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Free space/capacity displayed as garbage...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc Gregoire wrote: I'm having some strange problems with Samba. I have shared a linux folder on my samba and have mapped it to a drive letter in Windows XP (I also tried with Windows 2000). When I right click my mapped drive and click on properties to view the free space and capacity, I get all garbage as can be seen from the screenshot at: http://www.nuonsoft.com/temp/samba_free_space.jpg I'm running the latest version 3.0.20 and it is running on AlphaCore which is Fedora Core 3 for the Alpha (64 bit platform). It compiled without problems with gcc 3.4.3. Because of this issue, I'm unable to use my samba network share from programs that check the freespace before doing something, like for example creating a cd image. Marc, Please try the just release 3.0.20a since there were some 64-bit compile issues fixed in it. Also, Can you very that Samba has been built with LFS ? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPXQrIR7qMdg1EfYRAjroAKDgkyRbNekPp+33dJtwQm1tar15AgCfaNgi WCSbftMUOn2HY8ERF8LuH0U= =mmfh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File sharing permissions w/ Win2k
I need help configuring Samba v3 to do file sharing with Windows 2000pro and XP through SWAT. I've listed my user groups in the read, write, and valid fields of my share's parameters page. My security level is set to USER, and read-only option is set to NO. From any Windows workstation I am able to successfully map a drive to the Samba share; however, I can not write to it (Access is denied). Any ideas, or explanations? Thank you. Mauricio Herrera -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File sharing permissions w/ Win2k
On Friday 30 September 2005 11:39, Mauricio Herrera wrote: I need help configuring Samba v3 to do file sharing with Windows 2000pro and XP through SWAT. I've listed my user groups in the read, write, and valid fields of my share's parameters page. My security level is set to USER, and read-only option is set to NO. From any Windows workstation I am able to successfully map a drive to the Samba share; however, I can not write to it (Access is denied). Any ideas, or explanations? Thank you. Mauricio Herrera Suggest you follow the book Samba3-ByExample available from Amazon.Com under ISBN number 013188221X, or in PDF from: http://www.samba.org/samba/docs/Samba3-ByExample.pdf Choose the chapter that best matches your network configuration needs and then follow the step-by-step installation guidance. Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
On Fri, Sep 30, 2005 at 11:10:14AM -0600, Ric Tibbetts wrote: At In your IP address log you have : [2005/09/30 10:32:41, 5] auth/auth.c:make_auth_context_subsystem(480) Making default auth method list for standalone security=user, encrypt passwords = yes You need to have security = domain for this to work. Jeremy. Ooops. I had flipped that to test, and not put it back. Even with it on security = domain it doesn't work. Current logs attached. Interesting things with your logs : Firstly your DC *is* W2K3 SP1. Reading logs can be very interesting :-) [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. ^M [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2^M [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0^M [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e^M [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 . .P.a.c .k. .1..^M [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. ^M [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2^M [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2..^M [080] 00 57 00 49 00 4E 00 00 .W.I.N.. ^M Secondly, the user logging in has the name Windows name 212442. The logon to the DC succeeds, this user is then mapped to user u212442 via a username map file. The problem is this user cannot be found on the local unix box - look at the log where it says : User u212442 does not exist, trying to add it So, your underlying problem is that the users who are logging in and being successfully authenticated against the W2K3 SP 1 DC don't exist locally. You'll either need to add them to /etc/passwd, or user winbindd. I'm CC:ing to the list so people can see the resolution of this issue. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA 3.0.14a getpwent() usage with LDAP backend -- URGENT HELP!!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Wilson wrote: Hi, We're being hit by occasional very high load (up to 23 on a SUN Fire v440) on our LDAP server coming from a query of (objectClass=posixAccount). This currently returns over 54,000 entries ... This is coming from the getpwent() call in util_getent.c:getpwent_list() This is coming from srv_samr_nt.c:get_memberuids() You might be interested in testing ldapsam:trusted=yes (see the recent thread on this). My first guess would be that this is related to group membership. You might also trying setting winbind enum users = no winbind enum groups = no cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPXtmIR7qMdg1EfYRAmpsAKCHO+H7+HTZet/NuNIYGMQMYe9bwQCfRvel DE/k1NIx3IbI9fMQkImoQZI= =3KHE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] IDMAP difficulties
hi, can somebody explain, how the idmap backend with ldap works exactly. sorry for that stupid questions, but the docu is not clear for me. http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ idmapper.html#id2588292 i understand the idmap topic/difficulty, why i need this, but how the ldap get filled with idmap entries? automatically/dynamically if winbind is running? or manually/statically if the user created maybe readonly? or i have to care myself? because if i add idmap backend = ldap:ldap://ldap1.foo.bla ldap idmap suffix = ou=idmap idmap uid = 1-3 idmap gid = 1-3 on DC nothing happens. the ou is still empty and the ldap log shows something like ...conn=41240 op=36 SRCH base=ou=idmap,...,dc=org scope=1 filter=(objectClass=*) we have 3 samba domains with trusts over vpn no proplem, but now i want to add a samba domain member server. i got only the server runing with nss/ldap only. all my unix accounts are in ldap, groups too. is it right that i need in the nsswitch.conf the ldap entry too and not only passwd: files winbind? i guess, but winbind reports allways group xy not found if i connect to a share on the domain member server. is it possible to get idmap example configurations (smb.conf), one for the samba DC with ldapsam and one for a samba domain member? if i need to add the entry manually, can somebody explain the following objectclasses, maybe with an ldif-file (sambaIdmapEntry and sambaUnixIdPool are clear, i guess): objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) ) objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY DESC 'Samba Configuration Section' MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL DESC 'Samba Share Section' MUST ( sambaShareName ) MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL DESC 'Samba Configuration Option' MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY DESC 'Samba Privilege' MUST ( sambaSID ) MAY ( sambaPrivilegeList ) ) because i need this for our free web based tool, which managed the whole network (www.ideaweb.de/netmc.php) and now my last questions, is it possible to set up network with the following conditions if the idmap tables are on ldap: the samba DC can allways establish a connection to the ldap, all clients and to the samba domain member (additional fileserver). the clients can reach both server (dc and fileserver) but the fileserver can not establish a connection to the pdc through the firewall or to all clients only to the ldap. we want a fileserver with webdav/modperl (webdrive) to access the samba files, located in an unsafe network (dmz). many thanks for helping, thomas sorry for my english =) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ugly name when mapping drives to windows
Hi list I have just finished setting up a samba server as a member server in a windows 2003 AD. Everyting works like a keps Only one minor beauty defekt. When I map a drive in windows from the samba share like. net use x: \\server\sharedfolder In windows this computer and in explorer the mapping shows with the long name sharedfolder at Samba file and print server (server) (X:) Is there a way to remove aleast the Samba file and print server part of the name. I have tryed in netbios name = something and server string = something With no result Any ideas? Thanks in advance Clas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ugly name when mapping drives to windows
In windows this computer and in explorer the mapping shows with the long name sharedfolder at Samba file and print server (server) (X:) Is there a way to remove aleast the Samba file and print server part of the name. I have tryed in netbios name = something and server string = something With no result Any ideas? Thanks in advance Windows remembers this comment field regardless of what the server is actually called now, at least in certain versions. If you do a registry search for that string on the workstation you will find a section that lists the comment. Also, try looking in your nethood directory, one of these two locations will have it. You simply clear out references to the old long name. I used to have this myself where a previous admin had called our server 'Samba Mania' and I couldn't clear it until I brought in a new machine that had never known about 'Samba Mania' and they referred to the machine as the proper name. I went looking and dug up the location that had it. Sorry I can't be exact, those machines have all been long gone so I can't tell you exactly where it is. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
Firstly your DC *is* W2K3 SP1. Reading logs can be very interesting :-) [000] 41 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 AW.i.n.d .o.w.s. ^M [010] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2^M [020] 00 30 00 30 00 33 00 20 00 33 00 37 00 39 00 30 .0.0.3. .3.7.9.0^M [030] 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 . .S.e.r .v.i.c.e^M [040] 00 20 00 50 00 61 00 63 00 6B 00 20 00 31 00 00 . .P.a.c .k. .1..^M [050] 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 .W.i.n.d .o.w.s. ^M [060] 00 53 00 65 00 72 00 76 00 65 00 72 00 20 00 32 .S.e.r.v .e.r. .2^M [070] 00 30 00 30 00 33 00 20 00 35 00 2E 00 32 00 00 .0.0.3. .5...2..^M [080] 00 57 00 49 00 4E 00 00 .W.I.N.. ^M I was digging through the logs after sending that to you, and spotted the above. ;) Secondly, the user logging in has the name Windows name 212442. The logon to the DC succeeds, this user is then mapped to user u212442 via a username map file. The problem is this user cannot be found on the local unix box - look at the log where it says : User u212442 does not exist, trying to add it So, your underlying problem is that the users who are logging in and being successfully authenticated against the W2K3 SP 1 DC don't exist locally. You'll either need to add them to /etc/passwd, or user winbindd. Now this one is interesting. The user does exist. If I do id u212442 on the server, it produces the appropriate user id/group... # id u212442 uid=1040(u212442) gid=1001(sysadmin) So the user does exist. But for some strange reason (which I still don't understand), it doesn't report that to Samba at login time. I'm CC:ing to the list so people can see the resolution of this issue. Sorry to say, that it's not resolved yet. I think we've found the symptom, but not the cause. If the user exists, why doesn't samba see it? All of the assistance on this is greatly appreciated! -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ugly name when mapping drives to windows
- Original Message - From: Paul Gienger [EMAIL PROTECTED] To: 'Clas Mayer' [EMAIL PROTECTED]; samba@lists.samba.org Sent: Friday, September 30, 2005 8:28 PM Subject: RE: [Samba] ugly name when mapping drives to windows In windows this computer and in explorer the mapping shows with the long name sharedfolder at Samba file and print server (server) (X:) Is there a way to remove aleast the Samba file and print server part of the name. I have tryed in netbios name = something and server string = something With no result Any ideas? Thanks in advance Windows remembers this comment field regardless of what the server is actually called now, at least in certain versions. If you do a registry search for that string on the workstation you will find a section that lists the comment. Also, try looking in your nethood directory, one of these two locations will have it. You simply clear out references to the old long name. I used to have this myself where a previous admin had called our server 'Samba Mania' and I couldn't clear it until I brought in a new machine that had never known about 'Samba Mania' and they referred to the machine as the proper name. I went looking and dug up the location that had it. Sorry I can't be exact, those machines have all been long gone so I can't tell you exactly where it is. Thanks Paul! I found it at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions /Clas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] log.winbind error: ads_connect for domain failed: cannot read password
I am not sure how to resolve this error, and googling has not produced anything for me. I join the domain as a domain member server (security = ads) and the winbind log shows ads_connect for domain SCL failed: Cannot read password Any help? -- Jason Gerfen My girlfriend threated to leave me if I went boarding... I will miss her. ~ DIATRIBE aka FBITKK -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
On Fri, Sep 30, 2005 at 12:38:28PM -0600, Ric Tibbetts wrote: So the user does exist. But for some strange reason (which I still don't understand), it doesn't report that to Samba at login time. I'm CC:ing to the list so people can see the resolution of this issue. Sorry to say, that it's not resolved yet. I think we've found the symptom, but not the cause. If the user exists, why doesn't samba see it? All of the assistance on this is greatly appreciated! Oops, sorry - I deleted the email with the logs. You'll have to send me another copy and I'll look further... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20a on AIX 5.2
While I was between other things, I thought I'd try to build this. The build failed with: Compiling dynconfig.c In file included from include/includes.h:507, from dynconfig.c:21: /usr/include/aio.h:76: field `aio_sigevent' has incomplete type /usr/include/aio.h:127: field `aio_sigevent' has incomplete type In file included from dynconfig.c:21: include/includes.h:811: redefinition of `struct timespec' make: 1254-004 The error code from the last command is 1. Same problem as 3.0.20 -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] recycle not working as I expected
Jim Shanks wrote: I have the following in my configuration file and recycle is working for the share but - versions is working as I expected - touch does not seem to be changing the time on the files to show me when they were deleted - keeptree does not work when there are multiple users within a share and prevents the recycle from working in some cases. if user1 deletes a file everything works fine. If user2 deletes something along the same tree the permissions prevent the creation of the file in the recycle. So I've turned off keeptree - exclude does not seem to be working. I have tried the syntax below along with recycle:exclude = /*.tmp/*.temp/ similar to what is used in veto files. samba 3.0.10 Any help appreciated. vfs object = recycle recycle:versions = yes recycle:touch = yes recycle:keeptree = no recycle:exclude = *.tmp|*.temp This has been working for me for quite some time now: [E911home] comment = Lake Region 911 Group Folder path = /data/e911home read only = No create mask = 0776 directory mask = 0775 vfs objects = recycle recycle:repository = Recycle Bin/%U recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:maxsize = 0 recycle:exclude = *.tmp *.TMP *.bak *.BAK recycle:exclude_dir = /tmp '/Recycle Bin' /temp /TMP /TEMP recycle:noversions = *.doc *.DOC *.xls *.XLS *.sxw *.sxc *.bkf You will have to manually create the Recycle Bin folder (directory) at the root of each share, but not the individual user folder. Samba creates a separate (username) folder for each user. If I had it to do over again, I wouldn't put the space in the Recycle Bin folder name . . . it has caused me to have to do alot of complicated scripting to purge the files automatically. But . . . live and learn. :) Jim Thanks for the example. Now I have confirmation on how it works and have gone back to my setup and found that touch is working correctly. Need to use ls -l --time=atime. I also found that comma delimited works for the exclude files along with space delimited. Thanks again. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
On Fri, Sep 30, 2005 at 01:24:30PM -0600, Ric Tibbetts wrote: At 01:13 PM 9/30/2005, you wrote: On Fri, Sep 30, 2005 at 12:38:28PM -0600, Ric Tibbetts wrote: So the user does exist. But for some strange reason (which I still don't understand), it doesn't report that to Samba at login time. I'm CC:ing to the list so people can see the resolution of this issue. Sorry to say, that it's not resolved yet. I think we've found the symptom, but not the cause. If the user exists, why doesn't samba see it? All of the assistance on this is greatly appreciated! Oops, sorry - I deleted the email with the logs. You'll have to send me another copy and I'll look further... Jeremy. No problem. Fresh logs attached. Again, the assist is greatly appreciated! Ok - it looks like you're trying to use winbindd on this box. If you already have a unix uid that you've mapped the numeric windows user to you don't need to use winbindd. Can you confirm if you are running winbindd or now ? If you are, kill it and retry. This is related to Jerry's code here in auth/auth_util.c so I might ask him to look at the log: /* try to fill the SAM account.. If getpwnam() fails, then try the add user script (2.2.x behavior). We use the _unmapped_ username here in an attempt to provide consistent username mapping behavior between kerberos and NTLM[SSP] authentication in domain mode security. I.E. Username mapping should be applied to the fully qualified username (e.g. DOMAIN\user) and no just the login name. Yes this mean swe called map_username() unnecessarily in make_user_info_map() but that is how the current code is designed. Making the change here is the least disruptive place.-- jerry */ nt_status = fill_sam_account(mem_ctx, nt_domain, sent_nt_username, found_username, uid, gid, sam_account); if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { DEBUG(3,(User %s does not exist, trying to add it\n, internal_username)); smb_create_user( nt_domain, sent_nt_username, NULL); nt_status = fill_sam_account( mem_ctx, nt_domain, sent_nt_username, found_username, uid, gid, sam_account ); } Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
At 02:36 PM 9/30/2005, Jeremy Allison wrote: On Fri, Sep 30, 2005 at 01:24:30PM -0600, Ric Tibbetts wrote: At 01:13 PM 9/30/2005, you wrote: On Fri, Sep 30, 2005 at 12:38:28PM -0600, Ric Tibbetts wrote: So the user does exist. But for some strange reason (which I still don't understand), it doesn't report that to Samba at login time. I'm CC:ing to the list so people can see the resolution of this issue. Sorry to say, that it's not resolved yet. I think we've found the symptom, but not the cause. If the user exists, why doesn't samba see it? All of the assistance on this is greatly appreciated! Oops, sorry - I deleted the email with the logs. You'll have to send me another copy and I'll look further... Jeremy. No problem. Fresh logs attached. Again, the assist is greatly appreciated! Ok - it looks like you're trying to use winbindd on this box. If you already have a unix uid that you've mapped the numeric windows user to you don't need to use winbindd. Can you confirm if you are running winbindd or now ? If you are, kill it and retry. This is related to Jerry's code here in auth/auth_util.c so I might ask him to look at the log: /* try to fill the SAM account.. If getpwnam() fails, then try the add user script (2.2.x behavior). We use the _unmapped_ username here in an attempt to provide consistent username mapping behavior between kerberos and NTLM[SSP] authentication in domain mode security. I.E. Username mapping should be applied to the fully qualified username (e.g. DOMAIN\user) and no just the login name. Yes this mean swe called map_username() unnecessarily in make_user_info_map() but that is how the current code is designed. Making the change here is the least disruptive place.-- jerry */ nt_status = fill_sam_account(mem_ctx, nt_domain, sent_nt_username, found_username, uid, gid, sam_account); if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { DEBUG(3,(User %s does not exist, trying to add it\n, internal_username)); smb_create_user( nt_domain, sent_nt_username, NULL); nt_status = fill_sam_account( mem_ctx, nt_domain, sent_nt_username, found_username, uid, gid, sam_account ); } Jeremy. -- Nope, no winbind. I saw those references in the log too, but thought they were just standard checks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
On Fri, Sep 30, 2005 at 02:45:27PM -0600, Ric Tibbetts wrote: Nope, no winbind. I saw those references in the log too, but thought they were just standard checks. The problem is definately related to the mapping between the numeric Windows user and the unix user. What does your username map file look like ? Just to test, can you ensure you have both the unumber=number unumber=DOMAIN\number entries in the username map for the user you're testing with. BTW: The reason you're having such trouble with this set up is that having a Windows domain consisting of numeric user id's is an unusual setup. Most people don't set things up this way. We should still work in this environment (once there is a correct mapping in place) but this is why you're having a lot of problems. It's such an unusual case we don't usually test in an environment like this. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: On Fri, Sep 30, 2005 at 02:45:27PM -0600, Ric Tibbetts wrote: Nope, no winbind. I saw those references in the log too, but thought they were just standard checks. The problem is definately related to the mapping between the numeric Windows user and the unix user. What does your username map file look like ? I can tell from the logs that he is not using the fully qualified name. Scanning username map /usr/local/samba/private/smbusers user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |administrator| user_in_list: checking user |WIN\212442| against |admin| user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |guest| user_in_list: checking user |WIN\212442| against |pcguest| user_in_list: checking user |WIN\212442| against |smbguest| user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |214023| user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |203691| Just to test, can you ensure you have both the unumber=number unumber=DOMAIN\number entries in the username map for the user you're testing with. BTW: The reason you're having such trouble with this set up is that having a Windows domain consisting of numeric user id's is an unusual setup. Most people don't set things up this way. No. I think that I need to update the man page - From the 3.0.8 release notes: == Change in Username Map == Previous Samba releases would only support reading the fully qualified username (e.g. DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server. Samba 3.0.8 obeys the following rules when applying the username map functionality: * When performing local authentication, the username map is applied to the login name before attempting to authenticate the connection. * When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPag3IR7qMdg1EfYRAnH5AJ9r3ZH8DxT4SILRCJpzOh8wQspOjwCg0vYa xrHb23jb0vTXiKT5o/FpOxA= =ABfE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
EUREKA ! ! ! ! ! That was it! I needed to map the DOMAIN\username, and that solved it! Thank you very, very much!!! My whole week-end just got better! -Ric At 03:03 PM 9/30/2005, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: On Fri, Sep 30, 2005 at 02:45:27PM -0600, Ric Tibbetts wrote: Nope, no winbind. I saw those references in the log too, but thought they were just standard checks. The problem is definately related to the mapping between the numeric Windows user and the unix user. What does your username map file look like ? I can tell from the logs that he is not using the fully qualified name. Scanning username map /usr/local/samba/private/smbusers user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |administrator| user_in_list: checking user |WIN\212442| against |admin| user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |guest| user_in_list: checking user |WIN\212442| against |pcguest| user_in_list: checking user |WIN\212442| against |smbguest| user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |214023| user_in_list: checking user WIN\212442 in list user_in_list: checking user |WIN\212442| against |203691| Just to test, can you ensure you have both the unumber=number unumber=DOMAIN\number entries in the username map for the user you're testing with. BTW: The reason you're having such trouble with this set up is that having a Windows domain consisting of numeric user id's is an unusual setup. Most people don't set things up this way. No. I think that I need to update the man page - From the 3.0.8 release notes: == Change in Username Map == Previous Samba releases would only support reading the fully qualified username (e.g. DOMAIN\user) from the username map when performing a kerberos login from a client. However, when looking up a map entry for a user authenticated by NTLM[SSP], only the login name would be used for matches. This resulted in inconsistent behavior sometimes even on the same server. Samba 3.0.8 obeys the following rules when applying the username map functionality: * When performing local authentication, the username map is applied to the login name before attempting to authenticate the connection. * When relying upon a external domain controller for validating authentication requests, smbd will apply the username map to the fully qualified username (i.e. DOMAIN\user) only after the user has been successfully authenticated. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPag3IR7qMdg1EfYRAnH5AJ9r3ZH8DxT4SILRCJpzOh8wQspOjwCg0vYa xrHb23jb0vTXiKT5o/FpOxA= =ABfE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: No. I think that I need to update the man page Apparently I already did in late July. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPbN9IR7qMdg1EfYRAuBiAJ9eAisPKmpXsCvadKdRZc/t7a+xVgCeI1UV Sdt8DbqPwNbXh/m03j4rC1A= =OLHL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Old smbpasswd file to new SMB 3.0 smbpasswd
Hello - Is there a script available to convert an old 2.2.18 smbpasswd file to the newer Smb 3.0 smbpasswd file? The reason I ask is that ive figured out why my users are getting bad errors when changing passwords locally. I have over 1000 users and dont wish to manually add them into a fresher smbpasswd file. Thanks TJ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
BTW: The reason you're having such trouble with this set up is that having a Windows domain consisting of numeric user id's is an unusual setup. Most people don't set things up this way. Just a side note, now that this works. I fully agree that using fully numeric usernames is a bad thing, believe me, I didn't do it, it's been this way here for many years. But the windows stuff is handled by a different department, and we (on the unix side) have no say, we just have to work with the fallout. We should still work in this environment (once there is a correct mapping in place) but this is why you're having a lot of problems. Yep, as demonstrated, the format of the username map needs to be: unix user = DOMAIN\Windows User and a small note for others: Watch the \ it NEEDS to be a back slash. don't ask how I know. ;) -Ric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Old smbpasswd file to new SMB 3.0 smbpasswd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Todd Johnson wrote: Hello - Is there a script available to convert an old 2.2.18 smbpasswd file to the newer Smb 3.0 smbpasswd file? The reason I ask is that ive figured out why my users are getting bad errors when changing passwords locally. I have over 1000 users and dont wish to manually add them into a fresher smbpasswd file. a simple `cat smbpasswd=2.2.x | awk -F: '{print }'` is probably the easist thing to do. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPbT4IR7qMdg1EfYRAt5YAJ0f6EavGFE0/erXxW1yttQ/7+v5AACfRdTm CLgvWFVnGCJY52qR+xQbiDQ= =rF+L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Old smbpasswd file to new SMB 3.0 smbpasswd
Jerry; Just for my own information, wouldn't: pdbedit -i smbpasswd old smbpasswd file do an import, and update? -Ric At 03:58 PM 9/30/2005, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Todd Johnson wrote: Hello - Is there a script available to convert an old 2.2.18 smbpasswd file to the newer Smb 3.0 smbpasswd file? The reason I ask is that ive figured out why my users are getting bad errors when changing passwords locally. I have over 1000 users and dont wish to manually add them into a fresher smbpasswd file. a simple `cat smbpasswd=2.2.x | awk -F: '{print }'` is probably the easist thing to do. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPbT4IR7qMdg1EfYRAt5YAJ0f6EavGFE0/erXxW1yttQ/7+v5AACfRdTm CLgvWFVnGCJY52qR+xQbiDQ= =rF+L -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Differences with net join
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ric Tibbetts wrote: BTW: The reason you're having such trouble with this set up is that having a Windows domain consisting of numeric user id's is an unusual setup. Most people don't set things up this way. Just a side note, now that this works. I fully agree that using fully numeric usernames is a bad thing, believe me, I didn't do it, it's been this way here for many years. But the windows stuff is handled by a different department, and we (on the unix side) have no say, we just have to work with the fallout. Truthfully, which cosmetically gross, numeric usernames should not be any problem technically (for Samba at least). We should still work in this environment (once there is a correct mapping in place) but this is why you're having a lot of problems. Yep, as demonstrated, the format of the username map needs to be: unix user = DOMAIN\Windows User and a small note for others: Watch the \ it NEEDS to be a back slash. don't ask how I know. ;) You should be able to control this character with the 'winbind separator' even if you aren't using nss_winbind cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPbZJIR7qMdg1EfYRAngzAKClQcW5A/BRl6EpOcWhZ8IaCEnzKwCeJaA9 c0niIzrz1/FwszSCfH7/tqk= =857z -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RPMs for SuSE Linux (was: Samba 3.0.20a Available for Download)
Hello, On Fri, Sep 30, 2005 at 09:57:01AM -0500, Gerald Carter wrote: [snip] Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ RPM packages of Samba 3.0.20a for SuSE Linux are available at ftp://ftp.SuSE.com/pub/projects/samba/3.0/ http://ftp.SuSE.com/pub/projects/samba/3.0/ The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SuSE mirrors. A list of international mirrors sites is at http://www.Novell.com/products/linuxprofessional/downloads/ftp/int_mirrors.html A list of mirrors in Germany is at http://www.novell.com/products/linuxprofessional/downloads/ftp/germ_mirrors.html Currently there are 3.0.20a packages for SuSE Linux (ppc, x86, and x86_64) 9.0, 9.1, 9.2, 9.3, 10.0, UnitedLinux 1/ SuSE Linux Enterprise Server (SLES) 8, and SLES 9. Packages for ppc are only available for 10.0, SLES 8 and 9 as there are no other SuSE Linux product of this architecture. If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.0, then select 'component' Packaging and set 'assign to' to lmuelle at suse dot de. Or use http://bugzilla.Novell.com instead. Our customers, our products, our responsibility. Have a lot of fun... Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SuSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany pgpQhljbo5Ek8.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP Client brings another SID in
Hello, This about another attempt of joining a (samba controlled) domain. It is samba version 3.0.14 with a LDAP backend. The client is a Windows XP computer. I do get message welcome to the domain (reboot to activate) But an user login fails ... I think I have nailed it down to a strange SID that the client brings in. On a working system I have this LDAP entry: | dn: uid=tosh$,ou=Computers,ou=Users,dc=yourdomain,dc=tld | objectClass: top | objectClass: inetOrgPerson | objectClass: posixAccount | objectClass: sambaSamAccount | cn: tosh$ | sn: tosh$ | uid: tosh$ | uidNumber: 2014 | gidNumber: 515 | homeDirectory: /dev/null | loginShell: /bin/false | description: Computer | gecos: Computer | structuralObjectClass: inetOrgPerson | sambaSID: S-1-5-21-2689494773-1951033108-3857615256-5028 | sambaPrimaryGroupSID: S-1-5-21-2689494773-1951033108-3857615256-515 | displayName: TOSH$ | sambaPwdMustChange: 2147483647 | sambaAcctFlags: [W ] | sambaPwdCanChange: 1128030550 | sambaNTPassword: 6EB64F5A71C942C2FAFF3AC003B03686 | sambaPwdLastSet: 1128030550 Note the same base SID On the failing system there is this after adding a client: | dn: uid=coco$,ou=Computers,ou=Users,dc=yourdomain,dc=tld | objectClass: top | objectClass: inetOrgPerson | objectClass: posixAccount | objectClass: sambaSamAccount | cn: coco$ | sn: coco$ | uid: coco$ | uidNumber: 2015 | gidNumber: 515 | homeDirectory: /dev/null | loginShell: /bin/false | description: Computer | gecos: Computer | sambaSID: S-1-5-21-1217595360-3837695174-1118015926-5030 | sambaPrimaryGroupSID: S-1-5-21-2202232871-2120539869-948389690-515 | displayName: COCO$ | sambaPwdCanChange: 1128087802 | sambaPwdMustChange: 2147483647 | sambaNTPassword: 43C26C7D4326A9C5746A35B643E3FB5B | sambaPwdLastSet: 1128087802 | sambaAcctFlags: [W ] Note the different base SID. Could be confirmed that base SIDs should be te same? (or could be told that it is okay ;-) Anyway: which way to go ? ( or what to read next ? ;-) Cheers Geert Stappers signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP PDC question
On Fri, Sep 30, 2005 at 09:37:02AM -0400, Derek Harkness wrote: When setting up an LDAP PDC do I have to have both user and machines in the ou=People container? Here's what I've got. LDAP Tree ou=People,o=umd.umich.edu ou=NIS,ou=Groups,o=umd.umich.eud ou=machines,ou=Samba,ou=Services,o=umd.umich.edu ou=Idmap,ou=Samba,ou=Services,o=umd.umich.edu snip/ -m I get Failed to initialise SAM_ACCOUNT for user its-1150d$. Does this user exist in the UNIX password database which would be correct since machine accounts aren't under ou=People the local workstation won't be able to look them up. I don't want my unix users seeing all the windows workstations. I think that http://lists.samba.org/archive/samba/2005-August/109641.html can help. St -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Reliability of samba
When I mount samba partitions using smbmount on a Linux box under /mnt/linnet_g and run this command: find /mnt/linnet_g/ -type f|xargs wc I get a number of errors which look like this: wc: /mnt/linnet_g/analysis.lesion/b19o61/b61o19.9/b61o18.9-042303.332.cbin: Input/output error What does this mean? The error is repeatable in a I am using samba-3.0.14a-6 on a Debian machine, with kernel 2.6.8. How does smbclient handle the type of errors which produce these results? I have seen a few explanations, but I can't find a really good answer. Perhaps a timeout on the Windows side. -- Kevin Dalley [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Samba 3.0.20a Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 === He's not the first psycho to hire us nor the last. You think that's a commentary on us? -- Capt. Malcolm Reynolds (Firefly 2002) === Release Announcements = This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. Please read the following important changes in this release. Common bugs fixed in 3.0.20a include: o Stability problems with winbindd. o Crash bugs caused by incompatibilities on 64-bit systems. o Missing files from directory listings on AIX servers o User Manager interoperability problems. o Minor build difficulties on various platforms such as Solaris and OpenBSD, Winbind, security = domain, and Active Directory Recent security updates for Windows 2000 and Windows 2003 have changed the fashion in which user and group lists can be obtained from domain controllers. In short, the RPC mechanisms used by security = domain to retrieve users and groups is not compatible with these changes. The security = ads configuration is not affected by the Windows protocol changes. Samba developers are actively working to correct this problem in the 3.0.21 release. In the meantime, Administrators who are unable to migrate to security = ads and must continue using security = domain, can define credentials to be used by winbindd for account enumeration by executing the following command as root. root# wbinfo --set-auth-user='DOMAIN\username%password' Download Details The uncompressed tarball and patch files have been signed using GnuPG (ID F17F9772). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.20a.html Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDPVKnIR7qMdg1EfYRAiWZAKCAWKryBFCymHllRFGbemQiopjekgCg7/08 dWNiuWhLYYH/+pkRkThhD2I= =dIyI -END PGP SIGNATURE-
svn commit: samba r10644 - branches/SAMBA_3_0/source/smbd trunk/source/smbd
Author: jpeach Date: 2005-09-30 06:37:51 + (Fri, 30 Sep 2005) New Revision: 10644 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10644 Log: Let the ports parameter be a comma-separated list, as documented in smbd(8). Modified: branches/SAMBA_3_0/source/smbd/server.c trunk/source/smbd/server.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/server.c === --- branches/SAMBA_3_0/source/smbd/server.c 2005-09-30 04:52:21 UTC (rev 10643) +++ branches/SAMBA_3_0/source/smbd/server.c 2005-09-30 06:37:51 UTC (rev 10644) @@ -245,7 +245,7 @@ continue; } - for (ptr=ports; next_token(ptr, tok, NULL, sizeof(tok)); ) { + for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); if (port == 0) { continue; @@ -285,7 +285,7 @@ num_interfaces = 1; - for (ptr=ports; next_token(ptr, tok, NULL, sizeof(tok)); ) { + for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); if (port == 0) continue; /* open an incoming socket */ Modified: trunk/source/smbd/server.c === --- trunk/source/smbd/server.c 2005-09-30 04:52:21 UTC (rev 10643) +++ trunk/source/smbd/server.c 2005-09-30 06:37:51 UTC (rev 10644) @@ -247,7 +247,7 @@ continue; } - for (ptr=ports; next_token(ptr, tok, NULL, sizeof(tok)); ) { + for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); if (port == 0) { continue; @@ -287,7 +287,7 @@ num_interfaces = 1; - for (ptr=ports; next_token(ptr, tok, NULL, sizeof(tok)); ) { + for (ptr=ports; next_token(ptr, tok, \t,, sizeof(tok)); ) { unsigned port = atoi(tok); if (port == 0) continue; /* open an incoming socket */
svn commit: samba r10645 - in branches/tmp/vl-cluster/source: include lib smbd torture
Author: vlendec Date: 2005-09-30 06:45:34 + (Fri, 30 Sep 2005) New Revision: 10645 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10645 Log: Change the message dispatcher from client connects to server connects. This simplifies the logic a bit. Volker Modified: branches/tmp/vl-cluster/source/include/messages.h branches/tmp/vl-cluster/source/lib/messages.c branches/tmp/vl-cluster/source/lib/system.c branches/tmp/vl-cluster/source/smbd/server.c branches/tmp/vl-cluster/source/torture/msgtest.c Changeset: Sorry, the patch is too large (616 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10645
svn commit: samba r10646 - in branches/SAMBA_4_0/source: . libcli
Author: tpot Date: 2005-09-30 07:30:37 + (Fri, 30 Sep 2005) New Revision: 10646 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10646 Log: Hey Jelmer what do you think of this? The SConscript for the libcli directory now looks like the config.mk file but with different punctuation. The only weird bit is that it creates a proto.h file for each subsystem. Modified: branches/SAMBA_4_0/source/SConstruct branches/SAMBA_4_0/source/libcli/SConscript Changeset: Modified: branches/SAMBA_4_0/source/SConstruct === --- branches/SAMBA_4_0/source/SConstruct2005-09-30 06:45:34 UTC (rev 10645) +++ branches/SAMBA_4_0/source/SConstruct2005-09-30 07:30:37 UTC (rev 10646) @@ -5,6 +5,8 @@ # eventually replace this system. # # Copyright (C) 2005 Jelmer Vernooij [EMAIL PROTECTED] +# Copyright (C) 2005 Tim Potter [EMAIL PROTECTED] +# # Published under the GNU GPL # # TODO: @@ -22,7 +24,34 @@ BoolOption('configure','run configure checks', False), ) -hostenv = Environment( +class SambaEnvironment(Environment): +def Subsystem(self, target, source, **kwargs): +Create a Samba subsystem, basically a static library. + + By default a prototype file for the subsystem is created, + unless the keyword argument 'noproto' is present. A variable + corresponding to the target name is exported, unless the + keyword argument 'noexport' is present. + + # Generate prototype file for subsystem + + if not kwargs.has_key('noproto'): + self.proto_headers += self.CProtoHeader( + '%s_proto.h' % target, [str(x) for x in source]) + + # Maketh the library + + result = self.Library(target, source, **kwargs) + + # Export library symbol + + if not kwargs.has_key('noexport'): + locals()[target] = result # Eww + Export(target) + + return result + +hostenv = SambaEnvironment( toolpath=['build/scons','.'], tools=['default','pidl','proto','et','asn1','samba'], options=opts, Modified: branches/SAMBA_4_0/source/libcli/SConscript === --- branches/SAMBA_4_0/source/libcli/SConscript 2005-09-30 06:45:34 UTC (rev 10645) +++ branches/SAMBA_4_0/source/libcli/SConscript 2005-09-30 07:30:37 UTC (rev 10646) @@ -1,70 +1,119 @@ Import('hostenv') -proto_files = [] -cli_utils_files = ['util/asn1.c', 'util/doserr.c','util/errormap.c','util/clierror.c', 'util/nterr.c','util/smbdes.c'] -proto_files += cli_utils_files -hostenv.Library('cli_utils', cli_utils_files) -hostenv.Library('cli_lsa', ['util/clilsa.c']) -hostenv.Library('cli_composite_base', ['composite/composite.c']) +hostenv.Subsystem( +'cli_utils', +['util/asn1.c', + 'util/doserr.c', + 'util/errormap.c', + 'util/clierror.c', + 'util/nterr.c', + 'util/smbdes.c']) -cli_composite_files = ['smb_composite/loadfile.c','smb_composite/savefile.c','smb_composite/connect.c', - 'smb_composite/sesssetup.c','smb_composite/fetchfile.c','smb_composite/appendacl.c', -'smb_composite/fsinfo.c'] +hostenv.Subsystem( +'cli_lsa', +['util/clilsa.c']) -hostenv.Library('cli_composite', cli_composite_files) -proto_files += ['util/clilsa.c', 'composite/composite.c'] + cli_composite_files +hostenv.Subsystem( +'cli_composite_base', +['composite/composite.c']) -cli_nbt_files = ['nbt/nbtname.c','nbt/nbtsocket.c','nbt/namequery.c','nbt/nameregister.c', - 'nbt/namerefresh.c','nbt/namerelease.c'] +hostenv.Subsystem( +'cli_composite', +['smb_composite/loadfile.c', + 'smb_composite/savefile.c', + 'smb_composite/connect.c', + 'smb_composite/sesssetup.c', + 'smb_composite/fetchfile.c', + 'smb_composite/appendacl.c', + 'smb_composite/fsinfo.c']) -hostenv.Library('cli_nbt', cli_nbt_files) -proto_files += cli_nbt_files +hostenv.Subsystem( +'cli_nbt', +['nbt/nbtname.c', + 'nbt/nbtsocket.c', + 'nbt/namequery.c', + 'nbt/nameregister.c', + 'nbt/namerefresh.c', + 'nbt/namerelease.c']) -hostenv.Library('cli_dgram', - [ 'dgram/dgramsocket.c','dgram/mailslot.c','dgram/netlogon.c', -'dgram/ntlogon.c','dgram/browse.c']) +hostenv.Subsystem( +'cli_dgram', +['dgram/dgramsocket.c', + 'dgram/mailslot.c', + 'dgram/netlogon.c', + 'dgram/ntlogon.c', + 'dgram/browse.c']) -hostenv.Library('cli_cldap', ['cldap/cldap.c']) -hostenv.Library('cli_wrepl', ['wrepl/winsrepl.c']) +hostenv.Subsystem( +'cli_cldap', +['cldap/cldap.c']) -cli_resolve_files = ['resolve/resolve.c','resolve/nbtlist.c','resolve/bcast.c','resolve/wins.c', - 'resolve/host.c'] +hostenv.Subsystem( +'cli_wrepl', +['wrepl/winsrepl.c']) -hostenv.Library('cli_resolve', cli_resolve_files) -proto_files += cli_resolve_files
svn commit: samba r10647 - in branches/tmp/vl-cluster/source/lib: .
Author: vlendec Date: 2005-09-30 11:03:49 + (Fri, 30 Sep 2005) New Revision: 10647 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10647 Log: Some bugfixes, first (untested) provision for TCP connections to other nodes. Volker Modified: branches/tmp/vl-cluster/source/lib/messages.c Changeset: Sorry, the patch is too large (292 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10647
svn commit: samba r10648 - in branches/tmp/vl-cluster/source/include: .
Author: vlendec Date: 2005-09-30 11:04:21 + (Fri, 30 Sep 2005) New Revision: 10648 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10648 Log: Forgotten file in last commit Modified: branches/tmp/vl-cluster/source/include/messages.h Changeset: Modified: branches/tmp/vl-cluster/source/include/messages.h === --- branches/tmp/vl-cluster/source/include/messages.h 2005-09-30 11:03:49 UTC (rev 10647) +++ branches/tmp/vl-cluster/source/include/messages.h 2005-09-30 11:04:21 UTC (rev 10648) @@ -86,6 +86,7 @@ #define FLAG_MSG_PRINT_GENERAL 0x0010 #define MESSAGING_PORT 55064 +#define MESSAGING_DISPATCHER_PID -2 struct process_id { struct in_addr ip;
svn commit: samba r10649 - in branches/tmp/vl-cluster/source/lib: .
Author: vlendec Date: 2005-09-30 11:18:29 + (Fri, 30 Sep 2005) New Revision: 10649 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10649 Log: Bugfixes Modified: branches/tmp/vl-cluster/source/lib/messages.c Changeset: Modified: branches/tmp/vl-cluster/source/lib/messages.c === --- branches/tmp/vl-cluster/source/lib/messages.c 2005-09-30 11:04:21 UTC (rev 10648) +++ branches/tmp/vl-cluster/source/lib/messages.c 2005-09-30 11:18:29 UTC (rev 10649) @@ -778,7 +778,8 @@ { static char *name = NULL; if (name == NULL) { - asprintf(name, %s/%s, lock_path(messaging), dispatch); + asprintf(name, %s/%s:%s, lock_path(messaging), +lp_socket_address(), dispatch); SMB_ASSERT(name != NULL); } return name; @@ -925,7 +926,7 @@ ZERO_STRUCT(sinaddr); sinaddr.sin_family = AF_INET; sinaddr.sin_addr = pid-ip; - sinaddr.sin_port = MESSAGING_PORT; + sinaddr.sin_port = htons(MESSAGING_PORT); addr = (struct sockaddr *)sinaddr; addrlen = sizeof(sinaddr); @@ -1177,6 +1178,7 @@ { int parent_pipe[2]; int fd, tcp_fd; + char *name; if (pipe(parent_pipe) 0) { return; @@ -1191,7 +1193,12 @@ close(parent_pipe[1]); - fd = create_dgram_sock(lock_path(messaging), dispatch, 0700); + asprintf(name, %s:dispatch, lp_socket_address()); + if (name == NULL) { + smb_panic(asprintf failed\n); + } + fd = create_dgram_sock(lock_path(messaging), name, 0700); + SAFE_FREE(name); if (fd 0) { smb_panic(Could not create dispatch socket\n); }
svn commit: samba r10650 - in branches/tmp/vl-cluster/source: lib nmbd torture utils
Author: vlendec Date: 2005-09-30 11:56:39 + (Fri, 30 Sep 2005) New Revision: 10650 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10650 Log: Send non-local messages via the dispatcher, allow message_select_dispatch wait for a timeout Volker Modified: branches/tmp/vl-cluster/source/lib/messages.c branches/tmp/vl-cluster/source/nmbd/nmbd.c branches/tmp/vl-cluster/source/torture/msgtest.c branches/tmp/vl-cluster/source/utils/smbcontrol.c Changeset: Modified: branches/tmp/vl-cluster/source/lib/messages.c === --- branches/tmp/vl-cluster/source/lib/messages.c 2005-09-30 11:18:29 UTC (rev 10649) +++ branches/tmp/vl-cluster/source/lib/messages.c 2005-09-30 11:56:39 UTC (rev 10650) @@ -315,6 +315,10 @@ memcpy(packet.data + sizeof(struct message_rec), buf, len); } + if (!procid_is_local(hdr-dest)) { + goto via_stream; + } + ZERO_STRUCT(sunaddr); sunaddr.sun_family = AF_UNIX; strncpy(sunaddr.sun_path, message_path(pid), @@ -350,6 +354,7 @@ dispatcher in blocking mode\n)); } + via_stream: if ((stream_fd 0) !init_stream_socket()) { DEBUG(5, (No stream socket\n)); goto done; @@ -618,15 +623,14 @@ return result; } -void message_select_dispatch(void) +void message_select_dispatch(struct timeval *tv) { fd_set rfds; int maxfd = 0; - struct timeval tv = timeval_zero(); FD_ZERO(rfds); message_select_setup(maxfd, rfds); - if (sys_select(maxfd+1, rfds, NULL, NULL, tv) 0) { + if (sys_select(maxfd+1, rfds, NULL, NULL, tv) 0) { message_dispatch(rfds); } } Modified: branches/tmp/vl-cluster/source/nmbd/nmbd.c === --- branches/tmp/vl-cluster/source/nmbd/nmbd.c 2005-09-30 11:18:29 UTC (rev 10649) +++ branches/tmp/vl-cluster/source/nmbd/nmbd.c 2005-09-30 11:56:39 UTC (rev 10650) @@ -392,7 +392,10 @@ /* Check for internal messages */ - message_select_dispatch(); + { + struct timeval null = timeval_zero(); + message_select_dispatch(null); + } /* * Check all broadcast subnets to see if Modified: branches/tmp/vl-cluster/source/torture/msgtest.c === --- branches/tmp/vl-cluster/source/torture/msgtest.c2005-09-30 11:18:29 UTC (rev 10649) +++ branches/tmp/vl-cluster/source/torture/msgtest.c2005-09-30 11:56:39 UTC (rev 10650) @@ -35,7 +35,7 @@ int main(int argc, char *argv[]) { - pid_t pid; + struct process_id pid; int i, n; char *buf; @@ -50,9 +50,9 @@ } if (strcmp(argv[1], self) == 0) { - pid = getpid(); + pid = procid_self(); } else { - pid = atoi(argv[1]); + pid = interpret_pid(argv[1]); } n = atoi(argv[2]); @@ -70,9 +70,11 @@ for (i=0;in;i++) { fd_set rfds; int maxfd; + size_t size = 1024*512; FD_ZERO(rfds); - message_send_pid(pid_to_procid(pid), MSG_PING, NULL, 0, -True); + buf=SMB_MALLOC(size); + memset(buf, 0, size); + message_send_pid(pid, MSG_PING, buf, size, True); message_select_setup(maxfd, rfds); if (select(maxfd+1, rfds, NULL, NULL, NULL) = 0) break; @@ -80,13 +82,8 @@ } while (pong_count n) { - fd_set rfds; - int maxfd; - FD_ZERO(rfds); - message_select_setup(maxfd, rfds); - if (select(maxfd+1, rfds, NULL, NULL, NULL) = 0) - break; - message_dispatch(rfds); + struct timeval tv = timeval_set(5, 0); + message_select_dispatch(tv); } DEBUG(0, (expected %d, got back %d\n, n, pong_count)); Modified: branches/tmp/vl-cluster/source/utils/smbcontrol.c === --- branches/tmp/vl-cluster/source/utils/smbcontrol.c 2005-09-30 11:18:29 UTC (rev 10649) +++ branches/tmp/vl-cluster/source/utils/smbcontrol.c 2005-09-30 11:56:39 UTC (rev 10650) @@ -76,10 +76,11 @@ busy-wait here as there is no nicer way to do it. */ do { - message_select_dispatch(); - if (num_replies 0 !multiple_replies) - break; - sleep(1); + struct timeval tmo; + tmo = timeval_set(timeout - (time(NULL) - start_time), 0); +
svn commit: samba r10651 - in branches/tmp/vl-cluster/source/torture: .
Author: vlendec Date: 2005-09-30 13:23:38 + (Fri, 30 Sep 2005) New Revision: 10651 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10651 Log: Start a little torture test for the dbwrap interface. dbwrap_file performs better than tdb in /dev/shm for huge numbers of keys :-) Volker Modified: branches/tmp/vl-cluster/source/torture/torture.c Changeset: Modified: branches/tmp/vl-cluster/source/torture/torture.c === --- branches/tmp/vl-cluster/source/torture/torture.c2005-09-30 11:56:39 UTC (rev 10650) +++ branches/tmp/vl-cluster/source/torture/torture.c2005-09-30 13:23:38 UTC (rev 10651) @@ -4651,8 +4651,63 @@ return True; } +#define KEYLEN 5 +#define DATALEN 100 + +static char *randbuf(int len) +{ + char *buf; + int i; + buf = (char *)SMB_MALLOC(len+1); + + for (i=0;ilen;i++) { + buf[i] = 'a' + (rand() % 26); + } + buf[i] = 0; + return buf; +} + static BOOL run_dbwrap(int dummy) { + TALLOC_CTX *mem_ctx; + struct db_context *db; + int i; + + mem_ctx = talloc_init(dbwrap %i, dummy); + if (mem_ctx == NULL) { + DEBUG(0, (talloc_init failed\n)); + return False; + } + + db = db_open_file(mem_ctx, torture.tdb, 0, 0, O_RDWR|O_CREAT, 0644); + if (db == NULL) { + DEBUG(0, (db_open_file failed: %s\n, strerror(errno))); + talloc_free(mem_ctx); + return False; + } + + for (i=0; itorture_numops; i++) { + TDB_DATA key, data; + struct db_record *rec; + + key.dsize = 1 + (rand() % KEYLEN); + key.dptr = randbuf(key.dsize); + data.dsize = 1 + (rand() % DATALEN); + data.dptr = randbuf(data.dsize); + + rec = db-fetch_locked(db, mem_ctx, key); + if (rec == NULL) { + DEBUG(0, (could not fetch %s\n, key.dptr)); + return False; + } + rec-store(rec, data, 0); + talloc_free(rec); + + free(key.dptr); + free(data.dptr); + } + + talloc_free(mem_ctx); return True; }
svn commit: samba-web r818 - in trunk: . history patches
Author: jerry Date: 2005-09-30 14:39:28 + (Fri, 30 Sep 2005) New Revision: 818 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=818 Log: announcing 3.0.20a Added: trunk/history/samba-3.0.20a.html Modified: trunk/header_columns.html trunk/index.html trunk/patches/index.html Changeset: Sorry, the patch is too large (5283 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=818
svn commit: samba-web r819 - in trunk: . patches
Author: jerry Date: 2005-09-30 14:45:25 + (Fri, 30 Sep 2005) New Revision: 819 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=819 Log: fix name of bittorrent file formatting on patches table Modified: trunk/index.html trunk/patches/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2005-09-30 14:39:28 UTC (rev 818) +++ trunk/index.html2005-09-30 14:45:25 UTC (rev 819) @@ -37,7 +37,7 @@ shortly./p pSamba 3.0.20a is also available via BitTorrent - (a href=http://torrent.samba.org/samba/ftp/samba-3.0.20a.tar.gz.torrent;samba-3.0.20.tar.gz.torrent/a). + (a href=http://torrent.samba.org/samba/ftp/samba-3.0.20a.tar.gz.torrent;samba-3.0.20a.tar.gz.torrent/a). Note that when downloading via BitTorrent, you are encouraged to verify the resulting uncompressed tarball's a href=/samba/ftp/stable/samba-3.0.20a.tar.ascGPG signature/a./p Modified: trunk/patches/index.html === --- trunk/patches/index.html2005-09-30 14:39:28 UTC (rev 818) +++ trunk/patches/index.html2005-09-30 14:45:25 UTC (rev 819) @@ -52,10 +52,16 @@ tr tdemPatch/em/tdtdemDescription/em/td /tr + tr +tdNone/td +tdNo patches available at this time/td + /tr /tbody /table +pnbsp;/p + table class=real thead
svn commit: samba-web r820 - in trunk/patches: .
Author: jerry Date: 2005-09-30 14:47:36 + (Fri, 30 Sep 2005) New Revision: 820 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=820 Log: removing comments about upcoming 3.0.20a release and removing empty 3.0.20a patch table Modified: trunk/patches/index.html Changeset: Modified: trunk/patches/index.html === --- trunk/patches/index.html2005-09-30 14:45:25 UTC (rev 819) +++ trunk/patches/index.html2005-09-30 14:47:36 UTC (rev 820) @@ -10,13 +10,6 @@ main Samba development trees for the next version of Samba 3.0.x./p -pbATTENTION/b Samba 3.0.20a, is planned for late in the week - of September 19, 2005. This release will incorporate all the patches for 3.0.20 listed - on this page as well as a few possible other fixes./p - -pemUpdate/em: The Samba 3.0.20a release has been delayed slightly due to some -minor last minute bugs. We are hoping to finalize the release by October 7./p - pFollow these instructions for applying patches:/p pre$ tar zxvf samba-3.0.x.tar.gz $ cd samba-3.0.x @@ -43,7 +36,7 @@ after applying any patches./p - !-- Each release gets its own table. -- +!-- Each release gets its own table. table class=real thead trth colspan=2bSamba 3.0.20a/b/th/tr @@ -60,6 +53,7 @@ /table pnbsp;/p +-- table class=real
svn commit: samba r10652 - in branches/tmp/samba4-winsrepl: . source source/lib/ldb/ldb_ildap source/libcli source/script/tests
Author: metze Date: 2005-09-30 14:58:50 + (Fri, 30 Sep 2005) New Revision: 10652 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10652 Log: [EMAIL PROTECTED] (orig r10641): tridge | 2005-09-30 05:42:07 +0200 fixed the error handling on search errors in the ildap backend [EMAIL PROTECTED] (orig r10643): tridge | 2005-09-30 06:52:21 +0200 increase smbd max runtime when using valgrind [EMAIL PROTECTED] (orig r10646): tpot | 2005-09-30 09:30:37 +0200 Hey Jelmer what do you think of this? The SConscript for the libcli directory now looks like the config.mk file but with different punctuation. The only weird bit is that it creates a proto.h file for each subsystem. Modified: branches/tmp/samba4-winsrepl/ branches/tmp/samba4-winsrepl/source/SConstruct branches/tmp/samba4-winsrepl/source/lib/ldb/ldb_ildap/ldb_ildap.c branches/tmp/samba4-winsrepl/source/libcli/SConscript branches/tmp/samba4-winsrepl/source/script/tests/test_functions.sh Changeset: Sorry, the patch is too large (272 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10652
svn commit: samba r10653 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze Date: 2005-09-30 15:28:41 + (Fri, 30 Sep 2005) New Revision: 10653 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10653 Log: give unknown levels a name basicly the *2 levels mean that the update or inform should be propagaded to all servers metze Modified: branches/SAMBA_4_0/source/librpc/idl/winsrepl.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/winsrepl.idl === --- branches/SAMBA_4_0/source/librpc/idl/winsrepl.idl 2005-09-30 14:58:50 UTC (rev 10652) +++ branches/SAMBA_4_0/source/librpc/idl/winsrepl.idl 2005-09-30 15:28:41 UTC (rev 10653) @@ -107,9 +107,9 @@ WREPL_REPL_SEND_REQUEST = 2, WREPL_REPL_SEND_REPLY = 3, WREPL_REPL_UPDATE = 4, - WREPL_REPL_5= 5, + WREPL_REPL_UPDATE2 = 5, WREPL_REPL_INFORM = 8, - WREPL_REPL_9= 9 + WREPL_REPL_INFORM2 = 9 } wrepl_replication_cmd; typedef [nodiscriminant] union { @@ -118,9 +118,9 @@ [case(WREPL_REPL_SEND_REQUEST)] wrepl_wins_owner owner; [case(WREPL_REPL_SEND_REPLY)] wrepl_send_reply reply; [case(WREPL_REPL_UPDATE)] wrepl_table table; - [case(WREPL_REPL_5)]wrepl_table table; + [case(WREPL_REPL_UPDATE2)] wrepl_table table; [case(WREPL_REPL_INFORM)] wrepl_table table; - [case(WREPL_REPL_9)]wrepl_table table; + [case(WREPL_REPL_INFORM2)] wrepl_table table; } wrepl_replication_info; typedef struct {
svn commit: samba r10654 - in branches/tmp/samba4-winsrepl: . source/librpc/idl
Author: metze Date: 2005-09-30 15:30:08 + (Fri, 30 Sep 2005) New Revision: 10654 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10654 Log: [EMAIL PROTECTED] (orig r10653): metze | 2005-09-30 17:28:41 +0200 give unknown levels a name basicly the *2 levels mean that the update or inform should be propagaded to all servers metze Modified: branches/tmp/samba4-winsrepl/ branches/tmp/samba4-winsrepl/source/librpc/idl/winsrepl.idl Changeset: Property changes on: branches/tmp/samba4-winsrepl ___ Name: svk:merge - 0c0555d6-39d7-0310-84fc-f1cc0bd64818:/branches/SAMBA_4_0:10646 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba4:9495 a953eb74-4aff-0310-a63c-855d20285ebb:/local/samba4:11632 + 0c0555d6-39d7-0310-84fc-f1cc0bd64818:/branches/SAMBA_4_0:10653 3a72dc49-98ff-0310-ab52-9b7ed7945d91:/local/samba4:9495 a953eb74-4aff-0310-a63c-855d20285ebb:/local/samba4:11632 Modified: branches/tmp/samba4-winsrepl/source/librpc/idl/winsrepl.idl === --- branches/tmp/samba4-winsrepl/source/librpc/idl/winsrepl.idl 2005-09-30 15:28:41 UTC (rev 10653) +++ branches/tmp/samba4-winsrepl/source/librpc/idl/winsrepl.idl 2005-09-30 15:30:08 UTC (rev 10654) @@ -107,9 +107,9 @@ WREPL_REPL_SEND_REQUEST = 2, WREPL_REPL_SEND_REPLY = 3, WREPL_REPL_UPDATE = 4, - WREPL_REPL_5= 5, + WREPL_REPL_UPDATE2 = 5, WREPL_REPL_INFORM = 8, - WREPL_REPL_9= 9 + WREPL_REPL_INFORM2 = 9 } wrepl_replication_cmd; typedef [nodiscriminant] union { @@ -118,9 +118,9 @@ [case(WREPL_REPL_SEND_REQUEST)] wrepl_wins_owner owner; [case(WREPL_REPL_SEND_REPLY)] wrepl_send_reply reply; [case(WREPL_REPL_UPDATE)] wrepl_table table; - [case(WREPL_REPL_5)]wrepl_table table; + [case(WREPL_REPL_UPDATE2)] wrepl_table table; [case(WREPL_REPL_INFORM)] wrepl_table table; - [case(WREPL_REPL_9)]wrepl_table table; + [case(WREPL_REPL_INFORM2)] wrepl_table table; } wrepl_replication_info; typedef struct {
svn commit: samba r10655 - in branches/tmp/samba4-winsrepl/source: include wrepl_server
Author: metze Date: 2005-09-30 15:36:49 + (Fri, 30 Sep 2005) New Revision: 10655 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10655 Log: - implement the WREPL_REPL_UPDATE* and WREPL_REPL_INFORM* this includes the connection fliping into a client connection for WREPL_REPL_UPDATE* NOTE: I not yet found out how to get the w2k server to use INFORM against samba4 it uses inform against w2k and w2k3 but UPDATE against nt4 and samba4 what's left now is to be able to initiate INFORM and UPDATE requests to notify our pull partners metze Modified: branches/tmp/samba4-winsrepl/source/include/structs.h branches/tmp/samba4-winsrepl/source/wrepl_server/wrepl_in_call.c branches/tmp/samba4-winsrepl/source/wrepl_server/wrepl_in_connection.c branches/tmp/samba4-winsrepl/source/wrepl_server/wrepl_out_connection.c Changeset: Sorry, the patch is too large (309 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10655
svn commit: samba r10656 - in branches/SAMBA_3_0: examples/LDAP source source/auth source/client source/groupdb source/include source/lib source/libads source/libsmb source/locking source/modules sour
Author: jerry Date: 2005-09-30 17:13:37 + (Fri, 30 Sep 2005) New Revision: 10656 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10656 Log: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) Added: branches/SAMBA_3_0/source/include/rpc_ntsvcs.h branches/SAMBA_3_0/source/include/rpc_perfcount.h branches/SAMBA_3_0/source/include/rpc_perfcount_defs.h branches/SAMBA_3_0/source/include/smb_ldap.h branches/SAMBA_3_0/source/lib/arc4.c branches/SAMBA_3_0/source/registry/reg_perfcount.c branches/SAMBA_3_0/source/rpc_parse/parse_ntsvcs.c branches/SAMBA_3_0/source/rpc_server/srv_ntsvcs.c branches/SAMBA_3_0/source/rpc_server/srv_ntsvcs_nt.c branches/SAMBA_3_0/source/rpcclient/cmd_test.c branches/SAMBA_3_0/source/sam/idmap_smbldap.c branches/SAMBA_3_0/source/services/svc_netlogon.c branches/SAMBA_3_0/source/services/svc_winreg.c branches/SAMBA_3_0/source/torture/t_asn1.c branches/SAMBA_3_0/source/torture/t_strappend.c Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/auth/auth.c branches/SAMBA_3_0/source/auth/auth_domain.c branches/SAMBA_3_0/source/auth/auth_ntlmssp.c branches/SAMBA_3_0/source/auth/auth_util.c branches/SAMBA_3_0/source/auth/auth_winbind.c branches/SAMBA_3_0/source/client/mount.cifs.c branches/SAMBA_3_0/source/client/smbspool.c branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/groupdb/mapping.c branches/SAMBA_3_0/source/include/ads.h branches/SAMBA_3_0/source/include/asn_1.h branches/SAMBA_3_0/source/include/authdata.h branches/SAMBA_3_0/source/include/client.h branches/SAMBA_3_0/source/include/dlinklist.h branches/SAMBA_3_0/source/include/doserr.h branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/include/messages.h branches/SAMBA_3_0/source/include/module.h branches/SAMBA_3_0/source/include/ntdomain.h branches/SAMBA_3_0/source/include/ntlmssp.h branches/SAMBA_3_0/source/include/passdb.h branches/SAMBA_3_0/source/include/printing.h branches/SAMBA_3_0/source/include/rpc_client.h branches/SAMBA_3_0/source/include/rpc_dce.h branches/SAMBA_3_0/source/include/rpc_dfs.h branches/SAMBA_3_0/source/include/rpc_ds.h branches/SAMBA_3_0/source/include/rpc_eventlog.h branches/SAMBA_3_0/source/include/rpc_lsa.h branches/SAMBA_3_0/source/include/rpc_misc.h branches/SAMBA_3_0/source/include/rpc_netlogon.h branches/SAMBA_3_0/source/include/rpc_reg.h branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/include/rpc_secdes.h branches/SAMBA_3_0/source/include/rpc_svcctl.h branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/include/smb_share_modes.h branches/SAMBA_3_0/source/include/smbldap.h branches/SAMBA_3_0/source/include/spnego.h branches/SAMBA_3_0/source/include/srvstr.h branches/SAMBA_3_0/source/lib/account_pol.c branches/SAMBA_3_0/source/lib/data_blob.c branches/SAMBA_3_0/source/lib/debug.c branches/SAMBA_3_0/source/lib/dmallocmsg.c branches/SAMBA_3_0/source/lib/gencache.c branches/SAMBA_3_0/source/lib/genrand.c branches/SAMBA_3_0/source/lib/messages.c branches/SAMBA_3_0/source/lib/module.c branches/SAMBA_3_0/source/lib/pidfile.c branches/SAMBA_3_0/source/lib/privileges.c branches/SAMBA_3_0/source/lib/smbldap.c branches/SAMBA_3_0/source/lib/smbldap_util.c branches/SAMBA_3_0/source/lib/smbrun.c branches/SAMBA_3_0/source/lib/tallocmsg.c branches/SAMBA_3_0/source/lib/time.c branches/SAMBA_3_0/source/lib/util.c branches/SAMBA_3_0/source/libads/authdata.c branches/SAMBA_3_0/source/libads/kerberos_verify.c branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/libads/ldap_printer.c branches/SAMBA_3_0/source/libads/sasl.c branches/SAMBA_3_0/source/libsmb/cliconnect.c branches/SAMBA_3_0/source/libsmb/clidgram.c branches/SAMBA_3_0/source/libsmb/clientgen.c branches/SAMBA_3_0/source/libsmb/clierror.c branches/SAMBA_3_0/source/libsmb/clikrb5.c branches/SAMBA_3_0/source/libsmb/clireadwrite.c branches/SAMBA_3_0/source/libsmb/clispnego.c branches/SAMBA_3_0/source/libsmb/clitrans.c branches/SAMBA_3_0/source/libsmb/credentials.c branches/SAMBA_3_0/source/libsmb/errormap.c branches/SAMBA_3_0/source/libsmb/libsmb_compat.c branches/SAMBA_3_0/source/libsmb/libsmbclient.c branches/SAMBA_3_0/source/libsmb/ntlmssp.c branches/SAMBA_3_0/source/libsmb/ntlmssp_parse.c branches/SAMBA_3_0/source/libsmb/ntlmssp_sign.c branches/SAMBA_3_0/source/libsmb/passchange.c branches/SAMBA_3_0/source/libsmb/pwd_cache.c branches/SAMBA_3_0/source/libsmb/smb_share_modes.c branches/SAMBA_3_0/source/libsmb/smbdes.c
svn commit: samba r10657 - in branches/SAMBA_3_0/source/include: .
Author: jerry Date: 2005-09-30 17:23:18 + (Fri, 30 Sep 2005) New Revision: 10657 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10657 Log: remove missing header file Modified: branches/SAMBA_3_0/source/include/includes.h Changeset: Modified: branches/SAMBA_3_0/source/include/includes.h === --- branches/SAMBA_3_0/source/include/includes.h2005-09-30 17:13:37 UTC (rev 10656) +++ branches/SAMBA_3_0/source/include/includes.h2005-09-30 17:23:18 UTC (rev 10657) @@ -940,7 +940,6 @@ #include rpc_ds.h #include rpc_echo.h #include rpc_shutdown.h -#include rpc_unixinfo.h #include rpc_perfcount.h #include rpc_perfcount_defs.h
svn commit: samba-web r821 - in trunk: devel history news/releases
Author: deryck Date: 2005-09-30 18:53:05 + (Fri, 30 Sep 2005) New Revision: 821 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=821 Log: Add news on latest release. Update 'Latest release' links throughout the site. Bump old release announcment to history. deryck Added: trunk/news/releases/3.0.20a.html Modified: trunk/devel/index.html trunk/history/index.html Changeset: Modified: trunk/devel/index.html === --- trunk/devel/index.html 2005-09-30 14:47:36 UTC (rev 820) +++ trunk/devel/index.html 2005-09-30 18:53:05 UTC (rev 821) @@ -14,8 +14,8 @@ pAs of 4 April 2004, the Samba Team converted from CVS to Subversion for maintaining the Samba source code. All current development is done in a Subversion repository. All older code is in the original CVS tree; this would include 2.2.x versions of Samba, which are no longer in active development./p -pThe latest stable release is emSamba 3.0.20/em (a -href=/samba/history/samba-3.0.20.htmlrelease notes/a and a +pThe latest stable release is emSamba 3.0.20a/em (a +href=/samba/history/samba-3.0.20a.htmlrelease notes/a and a href=/samba/download/download/a). /p pThe next major release will be emSamba 4.0/em, an ambitious Modified: trunk/history/index.html === --- trunk/history/index.html2005-09-30 14:47:36 UTC (rev 820) +++ trunk/history/index.html2005-09-30 18:53:05 UTC (rev 821) @@ -6,8 +6,8 @@ div class=latest ul - liLatest Release mdash; a href=/samba/index.html#latestSamba 3.0.20/a/li - liCurrent Stable Release mdash; a href=/samba/index.html#latestSamba 3.0.20/a/li + liLatest Release mdash; a href=/samba/index.html#latestSamba 3.0.20a/a/li + liCurrent Stable Release mdash; a href=/samba/index.html#latestSamba 3.0.20a/a/li !-- Second link will point to #stable on this page when current release is a development release -- /ul /div @@ -16,6 +16,44 @@ h2Previous Release Announcments/h2 +h4a19 Aug 2005/a/h4 +p class=headlineSamba 3.0.20 Available for Download/p + +pWe are proud to announce the production release of Samba 3.0.20. +This is the latest stable release of Samba. This is the version +that production Samba servers should be running for all current +bug-fixes. This is a substantial upgrade from previous Samba +3.0.x releases. Please read the following explanation, +quot;What happened to 3.0.15 - 3.0.19?quot; and the other +major change descriptions in the +a href=/samba/history/samba-3.0.20.htmlRelease Notes/a./p + +pemSo what happened to 3.0.15 through 3.0.19?/em After some +discussion it was deemed that the amount of changes +going into the next Samba 3.0 release needed something to catch +people's attention. Skipping several releases was chosen as +the best solution with the least overhead. There will be no +3.0.15 - 3.0.19 ever released. The next production release +following 3.0.20 should be 3.0.21. You can also read the +a href=http://marc.theaimsgroup.com/?l=sambam=111721010206997w=2;original +announcement on the samba mailing list/a./p + +pThe a href=/samba/ftp/samba-3.0.20.tar.gzSamba 3.0.20 +source code/a can be downloaded now. The a +href=/samba/ftp/samba-3.0.20.tar.ascGnuPG +signature for the emun/emcompressed tarball/a is also available. +Precompiled packages for Fedora Core 4 are available in the +a href=/samba/ftp/Binary_Packages/Binary_Packages +download area/a. Packages for other platforms will be available +shortly./p + +pSamba 3.0.20 is also available via BitTorrent +(a href=http://torrent.samba.org/samba/ftp/samba-3.0.20.tar.gz.torrent;samba-3.0.20.tar.gz.torrent/a). +Note that when downloading via BitTorrent, you are encouraged +to verify the resulting uncompressed tarball's +a href=/samba/ftp/rc/samba-3.0.20.tar.ascGPG signature/a./p + + h4a09 Aug 2005/a/h4 p class=headlineSamba 3.0.20rc2 Available for Download/p @@ -321,29 +359,5 @@ download area/a./p -h4a name=stable5 February 2005/a/h4 -p class=headlineSamba 3.0.11 Available for Download/p -pThis is the latest stable release of Samba. This is -the version that production Samba servers should run -for all current bug-fixes. Many issues have been fixed -since the 3.0.10 release. New features -that have been added include: better migration of user -information from Windows NT domains, the capability to -delegate certain operations, such as joining clients to -a Samba domain, to non-root users, and performance -improvements to winbindd. Full details are available in the -a href=/samba/history/samba-3.0.11.htmlRelease Notes/a -and in the a href=/samba/docs/updated Samba Documentation/a. -/p - -pThe a href=/samba/ftp/samba-3.0.11.tar.gzSamba 3.0.11 -source code/a can be downloaded now. The a -href=/samba/ftp/samba-3.0.11.tar.ascGnuPG -signature for the emun/emcompressed tarball/a is also available.
svn commit: samba r10658 - branches/SAMBA_3_0/source/passdb branches/tmp/vl-cluster/source/passdb trunk/source/passdb
Author: vlendec Date: 2005-09-30 19:50:02 + (Fri, 30 Sep 2005) New Revision: 10658 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10658 Log: It's so nice to have CVSIN to blame for this kind of bugs :-) Volker Modified: branches/SAMBA_3_0/source/passdb/secrets.c branches/tmp/vl-cluster/source/passdb/secrets.c trunk/source/passdb/secrets.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/secrets.c === --- branches/SAMBA_3_0/source/passdb/secrets.c 2005-09-30 17:23:18 UTC (rev 10657) +++ branches/SAMBA_3_0/source/passdb/secrets.c 2005-09-30 19:50:02 UTC (rev 10658) @@ -803,7 +803,7 @@ { int ret = 0; - if (!message_init()) + if (!secrets_init()) return False; ret = tdb_lock_bystring(tdb, name, timeout); Modified: branches/tmp/vl-cluster/source/passdb/secrets.c === --- branches/tmp/vl-cluster/source/passdb/secrets.c 2005-09-30 17:23:18 UTC (rev 10657) +++ branches/tmp/vl-cluster/source/passdb/secrets.c 2005-09-30 19:50:02 UTC (rev 10658) @@ -803,7 +803,7 @@ { int ret = 0; - if (!message_init()) + if (!secrets_init()) return False; ret = tdb_lock_bystring(tdb, name, timeout); Modified: trunk/source/passdb/secrets.c === --- trunk/source/passdb/secrets.c 2005-09-30 17:23:18 UTC (rev 10657) +++ trunk/source/passdb/secrets.c 2005-09-30 19:50:02 UTC (rev 10658) @@ -803,7 +803,7 @@ { int ret = 0; - if (!message_init()) + if (!secrets_init()) return False; ret = tdb_lock_bystring(tdb, name, timeout);
svn commit: samba r10659 - in trunk/source: .
Author: jerry Date: 2005-09-30 21:12:27 + (Fri, 30 Sep 2005) New Revision: 10659 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10659 Log: adding indent preferences file to help deal with external patches. Do not arbitraily run indent on source files for fun! (or I will hunt you down). Use only when necessary Added: trunk/source/.indent.pro Changeset: Added: trunk/source/.indent.pro === --- trunk/source/.indent.pro2005-09-30 19:50:02 UTC (rev 10658) +++ trunk/source/.indent.pro2005-09-30 21:12:27 UTC (rev 10659) @@ -0,0 +1,15 @@ +-bad +-bap +-bbb +-br +-ce +-ut +-ts8 +-i8 +-di1 +-brs +-npsl +-npcs +-prs +-bbo +-hnl
svn commit: samba r10660 - in trunk/source/rpc_server: .
Author: jerry Date: 2005-09-30 21:17:04 + (Fri, 30 Sep 2005) New Revision: 10660 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10660 Log: running indent in order to deal with patches from Brian Modified: trunk/source/rpc_server/srv_eventlog_nt.c Changeset: Sorry, the patch is too large (1292 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10660
svn commit: samba r10661 - in branches/tmp/vl-cluster/source: include lib smbd
Author: vlendec Date: 2005-09-30 21:36:59 + (Fri, 30 Sep 2005) New Revision: 10661 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10661 Log: Next round of messages.c. Now I start to be like it, the client is quite simple. General idea: Every messaging client has a unix datagram socket open in lock_path(messaging) where it sends and receives direct messages from. It also connects to a unix stream socket in the same directory that a dispatch daemon listens on. Anybody interested (Jeremy?) might look at message_send_pid and message_dispatch, they have become really simple. message_send_pid() tries to directly send non-blocking and falls back to a blocking write to the stream socket if the non-blocking call would fail for any reason. One source of complexity is safe startup of the dispatch daemon. The first one to do a message_init() tries to connect to the socket. If that fails, we can't directly unlink() and bind() to establish that, as this would open us for races. Thus I'm protecting that by an exclusive fcntl lock on the pid file that is created. Volker Modified: branches/tmp/vl-cluster/source/include/messages.h branches/tmp/vl-cluster/source/lib/messages.c branches/tmp/vl-cluster/source/lib/util.c branches/tmp/vl-cluster/source/smbd/server.c Changeset: Sorry, the patch is too large (802 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10661
svn commit: samba r10662 - in branches/SAMBA_4_0/source/torture/nbench: .
Author: jelmer Date: 2005-09-30 21:48:25 + (Fri, 30 Sep 2005) New Revision: 10662 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10662 Log: Eliminate pstring and friends. Modified: branches/SAMBA_4_0/source/torture/nbench/nbench.c Changeset: Modified: branches/SAMBA_4_0/source/torture/nbench/nbench.c === --- branches/SAMBA_4_0/source/torture/nbench/nbench.c 2005-09-30 21:36:59 UTC (rev 10661) +++ branches/SAMBA_4_0/source/torture/nbench/nbench.c 2005-09-30 21:48:25 UTC (rev 10662) @@ -37,8 +37,7 @@ pstring line; char *cname; FILE *f; - fstring params[20]; - const char *p; + const char **params; BOOL correct = True; if (torture_nprocs == 1) { @@ -68,13 +67,9 @@ all_string_sub(line,client1, cname, sizeof(line)); - p = line; - for (i=0; -i19 next_token(p, params[i], , sizeof(fstring)); -i++) ; + params = str_list_make_shell(NULL, line, ); + i = str_list_length(params); - params[i][0] = 0; - if (i 2 || params[0][0] == '#') continue; if (!strncmp(params[0],SMB, 3)) { @@ -84,6 +79,7 @@ if (strncmp(params[i-1], NT_STATUS_, 10) != 0) { printf(Badly formed status at line %d\n, nbench_line_count); + talloc_free(params); continue; } @@ -142,6 +138,8 @@ } else { printf([%d] Unknown operation %s\n, nbench_line_count, params[0]); } + + talloc_free(params); if (nb_tick()) goto done; }
svn commit: samba r10663 - in branches/SAMBA_4_0/source/auth/ntlmssp: .
Author: jelmer Date: 2005-09-30 22:08:06 + (Fri, 30 Sep 2005) New Revision: 10663 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10663 Log: Eliminate use of pstring Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_parse.c branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c Changeset: Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_parse.c === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_parse.c 2005-09-30 21:48:25 UTC (rev 10662) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_parse.c 2005-09-30 22:08:06 UTC (rev 10663) @@ -21,7 +21,6 @@ */ #include includes.h -#include pstring.h /* this is a tiny msrpc packet generator. I am only using this to @@ -210,7 +209,7 @@ uint16_t len1, len2; uint32_t ptr; uint32_t *v; - pstring p; + char *p; va_start(ap, format); for (i=0; format[i]; i++) { @@ -237,13 +236,10 @@ return False; if (0 len1) { - pull_string(p, blob-data + ptr, sizeof(p), - len1, - STR_UNICODE|STR_NOALIGN); - (*ps) = talloc_strdup(mem_ctx, p); - if (!(*ps)) { + if (convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, blob-data + ptr, len1, (void **)p) 0) { return False; } + (*ps) = p; } else { (*ps) = ; } Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c 2005-09-30 21:48:25 UTC (rev 10662) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c 2005-09-30 22:08:06 UTC (rev 10663) @@ -26,7 +26,6 @@ #include auth/auth.h #include auth/ntlmssp/ntlmssp.h #include lib/crypto/crypto.h -#include pstring.h #include system/filesys.h /** @@ -107,7 +106,7 @@ */ static BOOL get_myfullname(char *my_name) { - pstring hostname; + char hostname[HOST_NAME_MAX]; *hostname = 0; @@ -121,13 +120,13 @@ hostname[sizeof(hostname)-1] = '\0'; if (my_name) - fstrcpy(my_name, hostname); + strncpy(my_name, hostname, sizeof(hostname)); return True; } static BOOL get_mydomname(char *my_domname) { - pstring hostname; + char hostname[HOST_NAME_MAX]; char *p; /* arrgh! relies on full name in system */ @@ -150,7 +149,7 @@ p++; if (my_domname) - fstrcpy(my_domname, p); + strncpy(my_domname, p, sizeof(hostname)); return True; } @@ -173,7 +172,7 @@ { struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security-private_data; DATA_BLOB struct_blob; - fstring dnsname, dnsdomname; + char dnsname[HOST_NAME_MAX], dnsdomname[HOST_NAME_MAX]; uint32_t neg_flags = 0; uint32_t ntlmssp_command, chal_flags; char *cliname=NULL, *domname=NULL;
svn commit: samba r10664 - in branches/SAMBA_4_0/source: include/system lib/replace
Author: jelmer Date: 2005-09-30 23:10:20 + (Fri, 30 Sep 2005) New Revision: 10664 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10664 Log: Include limits.h in replace.h for HOST_NAME_MAX Modified: branches/SAMBA_4_0/source/include/system/filesys.h branches/SAMBA_4_0/source/lib/replace/replace.h Changeset: Modified: branches/SAMBA_4_0/source/include/system/filesys.h === --- branches/SAMBA_4_0/source/include/system/filesys.h 2005-09-30 22:08:06 UTC (rev 10663) +++ branches/SAMBA_4_0/source/include/system/filesys.h 2005-09-30 23:10:20 UTC (rev 10664) @@ -103,25 +103,11 @@ #include sys/xattr.h #endif -/* Load header file for dynamic linking stuff */ -#ifdef HAVE_DLFCN_H -#include dlfcn.h -#endif #ifdef HAVE_SYS_RESOURCE_H #include sys/resource.h #endif -#ifdef HAVE_LIMITS_H -#include limits.h -#endif - - -#ifndef RTLD_LAZY -#define RTLD_LAZY 0 -#endif - - /* Some POSIX definitions for those without */ #ifndef S_IFDIR @@ -171,14 +157,6 @@ #define O_ACCMODE (O_RDONLY | O_WRONLY | O_RDWR) #endif -#ifndef HAVE_RENAME -int rename(const char *zfrom, const char *zto); -#endif - -#ifndef HAVE_FTRUNCATE -int ftruncate(int f,long l); -#endif - #ifndef MAXPATHLEN #define MAXPATHLEN 256 #endif Modified: branches/SAMBA_4_0/source/lib/replace/replace.h === --- branches/SAMBA_4_0/source/lib/replace/replace.h 2005-09-30 22:08:06 UTC (rev 10663) +++ branches/SAMBA_4_0/source/lib/replace/replace.h 2005-09-30 23:10:20 UTC (rev 10664) @@ -80,6 +80,14 @@ int setenv(const char *name, const char *value, int overwrite); #endif +#ifndef HAVE_RENAME +int rename(const char *zfrom, const char *zto); +#endif + +#ifndef HAVE_FTRUNCATE +int ftruncate(int f,long l); +#endif + #ifndef HAVE_VASPRINTF_DECL int vasprintf(char **ptr, const char *format, va_list ap); #endif @@ -132,13 +140,26 @@ typedef int (*comparison_fn_t)(const void *, const void *); #endif +/* Load header file for dynamic linking stuff */ #ifdef HAVE_DLFCN_H #include dlfcn.h #endif +#ifndef RTLD_LAZY +#define RTLD_LAZY 0 +#endif + #ifndef HAVE_SECURE_MKSTEMP #define mkstemp(path) rep_mkstemp(path) int rep_mkstemp(char *temp); #endif +#ifdef HAVE_LIMITS_H +#include limits.h #endif + +#ifndef HOST_NAME_MAX +#define HOST_NAME_MAX 64 +#endif + +#endif
svn commit: samba r10665 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: tridge Date: 2005-09-30 23:14:30 + (Fri, 30 Sep 2005) New Revision: 10665 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10665 Log: fixed some crash errors and an error encoding AND and OR operations in the expression parsing code Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_parse.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_parse.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_parse.c2005-09-30 23:10:20 UTC (rev 10664) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_parse.c2005-09-30 23:14:30 UTC (rev 10665) @@ -354,6 +354,11 @@ switch (filtertype) { + case LDB_OP_PRESENT: + ret-operation = LDB_OP_PRESENT; + ret-u.present.attr = attr; + break; + case LDB_OP_EQUALITY: if (strcmp(value, *) == 0) { @@ -615,6 +620,11 @@ */ struct ldb_parse_tree *ldb_parse_tree(void *mem_ctx, const char *s) { + /* allowing NULL makes the _bytree() searches easier */ + if (s == NULL) { + return NULL; + } + while (isspace((unsigned char)*s)) s++; if (*s == '(') { @@ -633,10 +643,14 @@ char *s, *s2, *ret; int i; + if (tree == NULL) { + return NULL; + } + switch (tree-operation) { case LDB_OP_AND: case LDB_OP_OR: - ret = talloc_asprintf(mem_ctx, (%c, (char)tree-operation); + ret = talloc_asprintf(mem_ctx, (%c, tree-operation==LDB_OP_AND?'':'|'); if (ret == NULL) return NULL; for (i=0;itree-u.list.num_elements;i++) { s = ldb_filter_from_tree(mem_ctx, tree-u.list.elements[i]); @@ -707,8 +721,7 @@ talloc_free(s); return ret; case LDB_OP_PRESENT: - ret = talloc_strdup(mem_ctx, *); - if (ret == NULL) return NULL; + ret = talloc_asprintf(mem_ctx, (%s=*), tree-u.present.attr); return ret; case LDB_OP_APPROX: s = ldb_binary_encode(mem_ctx, tree-u.equality.value);
svn commit: samba r10666 - in branches/SAMBA_4_0/source/lib/ldb/ldb_ildap: .
Author: tridge Date: 2005-09-30 23:46:41 + (Fri, 30 Sep 2005) New Revision: 10666 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10666 Log: - reverse the ildap ldb backend so tree based searches go through directly, and expression based searches are converted to trees. This makes for less conversions. - allow the caller to supply a set of credentials via the ldb opaque name 'credentials'. I will be using this in my ldb proxy module. Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c 2005-09-30 23:14:30 UTC (rev 10665) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c 2005-09-30 23:46:41 UTC (rev 10666) @@ -125,11 +125,11 @@ static void ildb_rootdse(struct ldb_module *module); /* - search for matching records + search for matching records using a ldb_parse_tree */ -static int ildb_search(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, const char *expression, - const char * const *attrs, struct ldb_message ***res) +static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, + enum ldb_scope scope, struct ldb_parse_tree *tree, + const char * const *attrs, struct ldb_message ***res) { struct ildb_private *ildb = module-private_data; int count, i; @@ -158,12 +158,8 @@ return -1; } - if (expression == NULL || expression[0] == '\0') { - expression = objectClass=*; - } - - ildb-last_rc = ildap_search(ildb-ldap, search_base, scope, expression, attrs, -0, ldapres); + ildb-last_rc = ildap_search_bytree(ildb-ldap, search_base, scope, tree, attrs, + 0, ldapres); talloc_free(search_base); if (!NT_STATUS_IS_OK(ildb-last_rc)) { ldb_set_errstring(module, talloc_strdup(module, ldap_errstr(ildb-ldap, ildb-last_rc))); @@ -217,22 +213,25 @@ /* - search for matching records using a ldb_parse_tree + search for matching records */ -static int ildb_search_bytree(struct ldb_module *module, const struct ldb_dn *base, - enum ldb_scope scope, struct ldb_parse_tree *tree, - const char * const *attrs, struct ldb_message ***res) +static int ildb_search(struct ldb_module *module, const struct ldb_dn *base, + enum ldb_scope scope, const char *expression, + const char * const *attrs, struct ldb_message ***res) { struct ildb_private *ildb = module-private_data; - char *expression; int ret; + struct ldb_parse_tree *tree; - expression = ldb_filter_from_tree(ildb, tree); - if (expression == NULL) { - return -1; + if (expression == NULL || expression[0] == '\0') { + expression = objectClass=*; } - ret = ildb_search(module, base, scope, expression, attrs, res); - talloc_free(expression); + + tree = ldb_parse_tree(ildb, expression); + + ret = ildb_search_bytree(module, base, scope, tree, attrs, res); + + talloc_free(tree); return ret; } @@ -428,6 +427,7 @@ { struct ildb_private *ildb = NULL; NTSTATUS status; + struct cli_credentials *creds; ildb = talloc(ldb, struct ildb_private); if (!ildb) { @@ -460,8 +460,14 @@ ldb-modules-private_data = ildb; ldb-modules-ops = ildb_ops; - if (cmdline_credentials != NULL cli_credentials_authentication_requested(cmdline_credentials)) { - status = ldap_bind_sasl(ildb-ldap, cmdline_credentials); + /* caller can optionally setup credentials using the opaque token 'credentials' */ + creds = ldb_get_opaque(ldb, credentials); + if (creds == NULL) { + creds = cmdline_credentials; + } + + if (creds != NULL cli_credentials_authentication_requested(creds)) { + status = ldap_bind_sasl(ildb-ldap, creds); if (!NT_STATUS_IS_OK(status)) { ldb_debug(ldb, LDB_DEBUG_ERROR, Failed to bind - %s\n, ldap_errstr(ildb-ldap, status));
svn commit: samba r10667 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: tridge Date: 2005-09-30 23:47:40 + (Fri, 30 Sep 2005) New Revision: 10667 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10667 Log: cope with a NULL tree for base searches in ldb_search() Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2005-09-30 23:46:41 UTC (rev 10666) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2005-09-30 23:47:40 UTC (rev 10667) @@ -501,6 +501,17 @@ if ((base == NULL || base-comp_num == 0) (scope == LDB_SCOPE_BASE || scope == LDB_SCOPE_ONELEVEL)) return -1; + /* check if we are looking for a simple dn */ + if (scope == LDB_SCOPE_BASE tree == NULL) { + return ltdb_search_dn(module, base, attrs, res); + } + + if (tree == NULL) { + char *err_string = talloc_strdup(module, expression parse failed); + if (err_string) ldb_set_errstring(module, err_string); + return -1; + } + /* it is important that we handle dn queries this way, and not via a full db search, otherwise ldb is horribly slow */ if (tree-operation == LDB_OP_EQUALITY @@ -553,18 +564,7 @@ if ((base == NULL || base-comp_num == 0) (scope == LDB_SCOPE_BASE || scope == LDB_SCOPE_ONELEVEL)) return -1; - /* check if we are looking for a simple dn */ - if (scope == LDB_SCOPE_BASE (expression == NULL || expression[0] == '\0')) { - ret = ltdb_search_dn(module, base, attrs, res); - return ret; - } - tree = ldb_parse_tree(ltdb, expression); - if (tree == NULL) { - char *err_string = talloc_strdup(module, expression parse failed); - if (err_string) ldb_set_errstring(module, err_string); - return -1; - } ret = ltdb_search_bytree(module, base, scope, tree, attrs, res); talloc_free(tree);
svn commit: samba r10668 - in branches/SAMBA_4_0/source/libcli/ldap: .
Author: tridge Date: 2005-09-30 23:56:54 + (Fri, 30 Sep 2005) New Revision: 10668 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10668 Log: added a ildap_search_bytree() function Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap_ildap.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap_ildap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap_ildap.c 2005-09-30 23:47:40 UTC (rev 10667) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap_ildap.c 2005-09-30 23:56:54 UTC (rev 10668) @@ -154,10 +154,10 @@ /* perform a ldap search */ -NTSTATUS ildap_search(struct ldap_connection *conn, const char *basedn, - int scope, const char *expression, - const char * const *attrs, BOOL attributesonly, - struct ldap_message ***results) +NTSTATUS ildap_search_bytree(struct ldap_connection *conn, const char *basedn, +int scope, struct ldb_parse_tree *tree, +const char * const *attrs, BOOL attributesonly, +struct ldap_message ***results) { struct ldap_message *msg; int n, i; @@ -178,7 +178,7 @@ msg-r.SearchRequest.timelimit = 0; msg-r.SearchRequest.sizelimit = 0; msg-r.SearchRequest.attributesonly = attributesonly; - msg-r.SearchRequest.tree = ldb_parse_tree(msg, expression); + msg-r.SearchRequest.tree = tree; msg-r.SearchRequest.num_attributes = n; msg-r.SearchRequest.attributes = attrs; @@ -213,3 +213,18 @@ return status; } + +/* + perform a ldap search +*/ +NTSTATUS ildap_search(struct ldap_connection *conn, const char *basedn, + int scope, const char *expression, + const char * const *attrs, BOOL attributesonly, + struct ldap_message ***results) +{ + struct ldb_parse_tree *tree = ldb_parse_tree(conn, expression); + NTSTATUS status; + status = ildap_search(conn, basedn, scope, tree, attrs, attributesonly, results); + talloc_free(tree); + return status; +}
Build status as of Sat Oct 1 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-09-30 00:00:11.0 + +++ /home/build/master/cache/broken_results.txt 2005-10-01 00:00:14.0 + @@ -1,17 +1,17 @@ -Build status as of Fri Sep 30 00:00:02 2005 +Build status as of Sat Oct 1 00:00:02 2005 Build counts: Tree Total Broken Panic -ccache 16 3 0 -distcc 16 2 0 -lorikeet-heimdal 37 20 0 -ppp 21 0 0 -rsync39 2 0 -samba3 0 0 +ccache 39 5 0 +distcc 39 4 0 +lorikeet-heimdal 38 19 0 +ppp 23 0 0 +rsync41 3 0 +samba2 0 0 samba-docs 0 0 0 -samba4 39 19 5 -samba_3_040 9 0 -smb-build31 4 0 -talloc 38 15 0 -tdb 38 4 0 +samba4 40 30 7 +samba_3_041 29 0 +smb-build33 5 0 +talloc 39 14 0 +tdb 39 4 0
svn commit: samba r10669 - in branches/SAMBA_4_0/source/auth/ntlmssp: .
Author: tridge Date: 2005-10-01 01:04:34 + (Sat, 01 Oct 2005) New Revision: 10669 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10669 Log: reverted jelmers commit 10663 as it was causing lots of panics in 'make test' I also think the method of getting rid of pstring isn't the right one. I certainly do want to get rid of pstring/fstring, but the reason for removing them is the use of arbitrary sized fixed length strings on the stack and in structures. Changing to another fixed length stack string format isn't really a win, and moving to use strncpy() is actually worse than pstrcpy() as strncpy() has the absolutely awful semantics of always zeroing all remaining bytes, so it ends up taking a lot of cpu doing pointless memory writes. I'd rather move to more use of asprintf()/talloc_asprintf() and similar functions for dynamic string allocation. You also have to be very careful about some of these system defined string limits. One some systems PATH_MAX could be 64k or even larger, which can quickly blow the stack out when you allocate a few of them. Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_parse.c branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c Changeset: Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_parse.c === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_parse.c 2005-09-30 23:56:54 UTC (rev 10668) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_parse.c 2005-10-01 01:04:34 UTC (rev 10669) @@ -21,6 +21,7 @@ */ #include includes.h +#include pstring.h /* this is a tiny msrpc packet generator. I am only using this to @@ -209,7 +210,7 @@ uint16_t len1, len2; uint32_t ptr; uint32_t *v; - char *p; + pstring p; va_start(ap, format); for (i=0; format[i]; i++) { @@ -236,10 +237,13 @@ return False; if (0 len1) { - if (convert_string_talloc(mem_ctx, CH_UTF16, CH_UNIX, blob-data + ptr, len1, (void **)p) 0) { + pull_string(p, blob-data + ptr, sizeof(p), + len1, + STR_UNICODE|STR_NOALIGN); + (*ps) = talloc_strdup(mem_ctx, p); + if (!(*ps)) { return False; } - (*ps) = p; } else { (*ps) = ; } Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c 2005-09-30 23:56:54 UTC (rev 10668) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp_server.c 2005-10-01 01:04:34 UTC (rev 10669) @@ -26,6 +26,7 @@ #include auth/auth.h #include auth/ntlmssp/ntlmssp.h #include lib/crypto/crypto.h +#include pstring.h #include system/filesys.h /** @@ -106,7 +107,7 @@ */ static BOOL get_myfullname(char *my_name) { - char hostname[HOST_NAME_MAX]; + pstring hostname; *hostname = 0; @@ -120,13 +121,13 @@ hostname[sizeof(hostname)-1] = '\0'; if (my_name) - strncpy(my_name, hostname, sizeof(hostname)); + fstrcpy(my_name, hostname); return True; } static BOOL get_mydomname(char *my_domname) { - char hostname[HOST_NAME_MAX]; + pstring hostname; char *p; /* arrgh! relies on full name in system */ @@ -149,7 +150,7 @@ p++; if (my_domname) - strncpy(my_domname, p, sizeof(hostname)); + fstrcpy(my_domname, p); return True; } @@ -172,7 +173,7 @@ { struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security-private_data; DATA_BLOB struct_blob; - char dnsname[HOST_NAME_MAX], dnsdomname[HOST_NAME_MAX]; + fstring dnsname, dnsdomname; uint32_t neg_flags = 0; uint32_t ntlmssp_command, chal_flags; char *cliname=NULL, *domname=NULL;
svn commit: samba r10670 - in branches/SAMBA_4_0/source/auth/kerberos: .
Author: abartlet Date: 2005-10-01 01:19:12 + (Sat, 01 Oct 2005) New Revision: 10670 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10670 Log: Add notes on things that are TODO in Samba4 kerberos land. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt Changeset: Modified: branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt === --- branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt 2005-10-01 01:04:34 UTC (rev 10669) +++ branches/SAMBA_4_0/source/auth/kerberos/kerberos-notes.txt 2005-10-01 01:19:12 UTC (rev 10670) @@ -374,3 +374,49 @@ delay and root server load. +Kerberos TODO += + +(Feel free to contribute to any of these tasks, or ask [EMAIL PROTECTED] about them). + +Gssmonger +- + +Microsoft has released a testsuite called gssmonger, which tests +interop. We should compile it against lorikeet-heimdal, MIT and see +if we can build a 'Samba4' server for it. + +PAC Correctness +--- + +We need to put the PAC into the TGT, not just the service ticket. + +Authz data extraction +- + +We need to parse the authz data field correctly, and have a generic +rouitine to get at particular types of data, no matter their inclusion +in 'if relevent' or other stuctures. This should be a utlity function +we can use in both the client libs and KDC. + +Forwarded tickets +- + +We need to extract forwarded tickets from the GSSAPI layer, and put +them into the credentials. We can then use them for proxy work. + +Access Control +-- + +We need to get (either if PADL publishes their patch, or write our +own) access control hooks in the Heimdal KDC. We need to lockout +accounts, and perform other controls. + +Kpasswd server +-- + +I have a partial kpasswd server which needs finishing, and a client +testsuite written, either via the krb5 API or directly against GENSEC +and the ASN.1 routines. +