[Samba] WINBIND idmap and tdbfiles while upgrading to 3.0.20a
Hello everybody, had anyone of you problems with winbind and tdbfiles, when upgrading from 3.0.14a to 3.0.20a? The Symptom was: After upgrading to 3.0.20a the idmapping was corrupt. Although 3.0.20a runs fine, none of the idmaping was resolved correctly. Downgrading to 3.0.14a restored the idmaps. tdbdump showed me the same idmappings, therefor i think winbind wasn't able to read them? Has anyone an idea why this happened? Has anyone had this problem too? There're no entries in the log concering this. The idmap is in a lock idmap tdb file Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0 PDC + XP + roaming profile = big, strange mistery of sorts
Hi, This seems familuar to me.. Now, here comes the real problem: - The user can now log on, except that all of Windows' settings were gone, and back to the default. - The profile *was* downloaded to the local machine, and all the files were present, but it acted as if the registry somehow wasn't present. - Even after redoing some configuration, on logging off, even though some files in the roaming profile were updated in the server (NTUSER.DAT included), logging in again produced the same problem. - Deleted all local copies of the profile. Same thing. I always reverted to a known-good copy of the profile between tests. - Checked permissions on the local copy of the profile. Permissions were OK, the domain user had the full control over his local profile directory. - Out of spite, said machine was reformatted. Problem repeated itself and remained. Note: said machine has no different configuration from any other; the user also has a regular roaming profile like anyone else. Do you have the setting POFILES ACL = YES .. set it to NO. I had the same problem as above and this resolved it for me. can you post you config of the [profiles] Louis I'm now out of a total loss of ideas. jerry @ freenode (Jeremy Allison?) even helped out a bit, but I couldn't get anywhere, even after trying lots of things. Now, something tells me that this has something to do with domain SIDs or the like (of which I have little knowledge, I know what they are, but I'm not savvy enough to go around investigating them). I even deleted secrets.tdb so that Samba would recreate it, which wasn't a smart move, as I came to learn, but will most likely come to no harm (I hope). I'd like to know two things, and I'll take any suggestions that I can get. a) The cause, so that I know why this happens, and I can avoid it later. b) The solution, obviously. I've been delaying other work because of this and my brain now feels like jelly because of bashing my head against the table :( Hopeful for some insight on this, Bruno Ferreira -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printing Support - Can i disable it?
Hi, i get constantly the following error message: Unable to connect to CUPS server localhost - Connection refused The system in question is a fileserver only samba server, therefor i want to disable printing support, but printing = none does not really help. agestt71:/samba/ages002/conf/log # testparm -v -s ../etc/smb.conf 21 | grep printing printing = cups Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] synchronise time
Hi, in my logon.bat file i put : net time \\admin /SET /YES to synchronise computer time with the server. This works when the user who is login in has administrator rights on the computer. How can i do with users who are just member of the domain? Is there a way to run this command as administrator ? Thanks for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba segment faulting - unknown cause
Thank god your not alone... I also had a Samba segment faulting, in some tls and libthreat, but i stuppidly deleted my logs. so im waiting until the next one. It takes about 1 -2 months before it happens again. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Mike Hodgkinson Verzonden: dinsdag 11 oktober 2005 5:29 Aan: samba@lists.samba.org Onderwerp: [Samba] Samba segment faulting - unknown cause Hello, Recently our Samba server has started segment faulting. It happens occasionally, but is often enough to cause disruption. People notice thier network drives freeze, I am unsure of the cause of the segment fault, and have no experience debugging backtraces. Can anoyone lend a hand? We are running Samba as a primary domain controller with an Openldap backend on another server, both on debian linux sarge stable. Versions: Samba server ii samba 3.0.14a-3 ii samba-common 3.0.14a-3 ii smbclient 3.0.14a-3 ii smbfs 3.0.14a-3 ii smbldap-tools 0.8.7-4 ii libpam-ldap178-1 ii libnss-ldap238-1 ii libc6 2.3.2.ds1-22 Openldap server ii ldap-utils 2.2.23-8 OpenLDAP utilities ii libldap-2.2-7 2.2.23-8 OpenLDAP libraries ii libldap2 2.1.30-8 OpenLDAP libraries rc libnss-ldap238-1 NSS module for using LDAP as a naming servic rc libpam-ldap178-1 Pluggable Authentication Module allowing LDA ii libc6 2.3.2.ds1-22 ii libc6-sparc64 2.3.2.ds1-22 Email recieved --- The Samba 'panic action' script, /usr/share/samba/panic-action, was called for pid 5720 (/usr/sbin/smbd). Below is a backtrace for this process generated with gdb, which shows the state of the program at the time the error occured. You are encouraged to submit this information as a bug report to Debian. For information about the procedure for submitting bug reports , please see http://www.debian.org/Bugs/Reporting or the reportbug(1) manpage. (no debugging symbols found) Using host libthread_db library /lib/libthread_db.so.1. (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 5720)] (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) 0x4023b808 in waitpid () from /lib/libc.so.6 #0 0x4023b808 in waitpid () from /lib/libc.so.6 #1 0x402c3880 in ?? () from /lib/libc.so.6 #2 0x401d44c2 in strtold_l () from /lib/libc.so.6 #3 0x081eb261 in smb_panic2 () #4 0x081eb1ea in smb_panic () #5 0x081d7368 in dbgtext () #6 0x4034e825 in __pthread_sighandler () from /lib/libpthread.so.0 #7 signal handler called #8 0x401bd7c1 in kill () from /lib/libc.so.6 #9 0x4034b771 in pthread_kill () from /lib/libpthread.so.0 #10 0x4034ba7b in raise () from /lib/libpthread.so.0 #11 0x401bd554 in raise () from /lib/libc.so.6 #12 0x401bea88 in abort () from /lib/libc.so.6 #13 0x401b6bbf in __assert_fail () from /lib/libc.so.6 #14 0x4002ddcd in ldap_int_sasl_open () from /usr/lib/libldap_r.so.2 #15 0x4002845e in ldap_int_open_connection () from /usr/lib/libldap_r.so.2 #16 0x4003a299 in ldap_new_connection () from /usr/lib/libldap_r.so.2 #17 0x40027f11 in ldap_open_defconn () from /usr/lib/libldap_r.so.2 #18 0x40039e0f in ldap_send_initial_request () from /usr/lib/libldap_r.so.2 #19 0x40030137 in ldap_sasl_bind () from /usr/lib/libldap_r.so.2 #20 0x4003040b in ldap_sasl_bind_s () from /usr/lib/libldap_r.so.2 #21 0x40030c7c in ldap_simple_bind_s () from /usr/lib/libldap_r.so.2 #22 0x08261b7d in smbldap_make_mod () #23 0x08261ebe in smbldap_make_mod () #24 0x08262214 in smbldap_make_mod () #25 0x0826240a in smbldap_search () #26 0x08262b04 in smbldap_search_suffix () #27 0x081ba9d8 in ldapsam_search_suffix_by_name () #28 0x081be181 in ldapsam_search_suffix_by_name () #29 0x081b4ac5 in smb_register_passdb () #30
RE: [Samba] synchronise time
i did it this way, Or use ntp service in xp .. or use GPEDIT.MSC ( group policies ) For this goto Computer config - Windows Settings - Security Settings - - Local policy - UserRights. in here below there is System Time Change Just add the domain group where all of you domain users are in. ( for me : domain users ) This way you give domain users rights to adjust time. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Patrick DUBAU Verzonden: dinsdag 11 oktober 2005 9:06 Aan: samba@lists.samba.org Onderwerp: [Samba] synchronise time Hi, in my logon.bat file i put : net time \\admin /SET /YES to synchronise computer time with the server. This works when the user who is login in has administrator rights on the computer. How can i do with users who are just member of the domain? Is there a way to run this command as administrator ? Thanks for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ACLs and EXT3
Isnt there a setting like : ( global ) nt acl support = yes map acl inherit = yes have you tryed these Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Daniel Haas Verzonden: maandag 10 oktober 2005 18:48 Aan: [EMAIL PROTECTED] CC: samba@lists.samba.org Onderwerp: Re: [Samba] ACLs and EXT3 Hi Ian, thank you for your answer This article shows me a lot of details which help me to understand more about ACLs But my problem was not solve with it. There is discribe how I can copy files without inherit ACLs. I want to know how I can move ACLs with inheritance from the parent directory I move the file to. Greets Daniel Ian Clancy [EMAIL PROTECTED] schrieb am 07.10.05 13:12:53: Hi Daniel, You need to read up on Default ACLs. This article should cover what you need to know. http://www.vanemery.com/Linux/ACL/linux-acl.html regards, Ian Daniel Haas wrote: Hi List, I am working with ACLs and the EXT3 Filesystem and I have the same problem how already discussed in several NGs. If I move a file from one directory into another, the file do not change the persmissons. So the users who should be authorize to access the file, do not have these permissons. This is a great problem in my data structure because we have to exchange a lot of files. I know that this is the way the filesystems works. But I think there are more people who wants to work in the discribed way. So is there a filesystem which have another way to handle the scrolling of files and directories? Is there really no chance to inherit the permissions from the parent-directory? Or do anybody know a workaround to mange my problem? How do other administrators handle this? for info: I am working with Samba 3.0.13 under SuSE 9.3 The service of the smb.conf for tests: [data] comment = Daten path = /data writeable = yes create mask = 0770 directory mask = 0770 valid users = @samba Test with inherit permissions and inherit ACL was not successful. Thanks for your help Daniel __ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193 __ Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD newbies having several issues
Hi, I'm setting up my first AD-like setup on samba 3, but I'm having a hard time. I have the primary and backup DC with an LDAP backend set up and working fine. File shares, profiles, netlogon, all works fine as long as they are on the PDC. Now I want to move shares and profiles to a separate server, which I set up as a domain member. I configured users' home directories in the LDAP backend, and they are properly mounted; I configured profiles directories, and the client sort of see them. Still, profiles are no go. I enabled logging on the clients, and I see XP manages to mount the profiles share, creates the user's dir, but then something wierd happens: the new directory appears to belong to FS/user, not DOMAIN/user ! I investigate the problem more, and this is what I'm seeing (and I'm not experienced enough to tell whether it's right or wrong): the domain controller (KDC) has a sid: S-1-5-21-1512199000-2920656753-3993784119 the file server (FS) has its own sid: S-1-5-21-1218707650-1570396825-3317316570 when I log in to the XP machine, my user has a user sid (in addition to several groups), which corresponds to DOMAIN/acampi: S-1-5-21-1512199000-2920656753-3993784119-1234 but its home directory, and any file it own appears to belong to FS/ acampi: S-1-5-21-1218707650-1570396825-3317316570-1234 and thus I'm NOT the owner. It looks like samba does know the directory and files belong to acampi (the Unix user), but when sending ownership information it uses its own sid, which of course is useless... What gives? Bye, Andrea -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems with samba 3 and termnal server
hello folks dont know if this is a faq: a customer currently uses a Suse 9.2 pro with the last version of Samba to share a folder containing data for an Enterprise Management program (Windows based). everything works fine with local clients (many 98s and 1 XP machine). we have some (15) clients connecting to the ERP program via a Terminal Server (Windows2K server). these clients often stuck in some requests for 5 to 15 minutes (randomly) and then unlock and continue working. note that: - the same folder on a Win2000 machine works fine (ie. no stucks) - this means it is a samba problem - local clients work find - this means it is a terminal-server-related problem i thought it was something related to oplocks and i have disabled them (level 1 AND level 2) but the problem is still here. now I ***suppose*** this is something like: - samba receives many connections from the same IP (the terminal server) and has problems de-mux-ing the requests... any ideas??? mny tnx in adv greetings loris __ Accesso Internet Gratis per utenti Excite! Attivalo subito! http://www.excite.it/hitech/accesso Il Mio Excite. Personalizza la tua Home page Excite come vuoi tu! http://www.excite.it AAA/Relazioni. Sfoglia gli annunci e trova la tua anima gemella http://www.excite.it/relazioni -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] synchronise time
Patrick DUBAU schrieb: Hi, in my logon.bat file i put : net time \\admin /SET /YES to synchronise computer time with the server. This works when the user who is login in has administrator rights on the computer. How can i do with users who are just member of the domain? Is there a way to run this command as administrator ? Thanks for any help I use WPKG for that - http://wpkg.org - (and for all other tasks needing administrator rights, like changing printers, installing and updating software, changing file permissions and registry entries etc.). -- Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] displayName vs. cn
In 3.0.20a/ldapsam the Usrmgr shows in the all users view the displayName attribute as full name, but in the user properties view the cn attribute. Seems a little bit inconsistent to me, shouldn't be the algorithm to retrieve the full name always the same? Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group mapping only working for initial group?
Hello, on my Samba 3.0.14a PDC (Debian Woody) I created a local unix group named gpusers. Then I mapped it to a new NT domain group named GPPower: # net groupmap add rid=1005 ntgroup=GPPower unixgroup=gpusers Then added a user mdv, who already had its own initial group mdv, to the new gpusers group: # usermod -g mdv -G gpusers mdv So the situation for mdv is the following: # groups mdv mdv : mdv gpusers I finally added the GPPower domain group to the local Power Users group on a domain client (Win2000Pro). In this situation, when the user logs in on that client, he is NOT part of the Power Users group. Instead, if I change his initial group: # usermod -g gpusers -G mdv mdv # groups mdv mdv : gpusers mdv ...then the user correctly appears to be part of the local Power Users group on the domain client. Shouldn't group mapping work also for groups other than the initial one? Thanks. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0 PDC + XP + roaming profile = big, strange mistery of sorts
Wel i see you have the same problem as i had. this is my working config now : [profiles] path = /home/samba/profiles comment = Profiel omgeving read only = no create mask = 0600 directory mask = 0700 browseable = Yes guest ok = Yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @Domain Admins The /home/samba/profiles dir MUST HAVE 777 Rights. ( and Administrator:Domain Admin in my case.) Also check what rights there are now on the user folders. example /home/samba/profiles/myusername has 0700 if its correct. you can simpel fix this, first login the users on the computers in in the domain, check if there profile is correct. now the scary thing, remove all the user profiles, and beter MOVE THEM now log out 1 computer, and login again, put something on the desktop and check if it worked. I fixed 50 profiles this way on the fly when everybody was working, and nobody notised. Louis -Oorspronkelijk bericht- Van: Bruno Ferreira [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 11 oktober 2005 11:17 Aan: Louis van Belle Onderwerp: Re: [Samba] Samba 3.0 PDC + XP + roaming profile = big, strange mistery of sorts Louis van Belle wrote: Hi, This seems familuar to me.. Now, here comes the real problem: - The user can now log on, except that all of Windows' settings were gone, and back to the default. - The profile *was* downloaded to the local machine, and all the files were present, but it acted as if the registry somehow wasn't present. - Even after redoing some configuration, on logging off, even though some files in the roaming profile were updated in the server (NTUSER.DAT included), logging in again produced the same problem. - Deleted all local copies of the profile. Same thing. I always reverted to a known-good copy of the profile between tests. - Checked permissions on the local copy of the profile. Permissions were OK, the domain user had the full control over his local profile directory. - Out of spite, said machine was reformatted. Problem repeated itself and remained. Note: said machine has no different configuration from any other; the user also has a regular roaming profile like anyone else. Do you have the setting POFILES ACL = YES .. set it to NO. I had the same problem as above and this resolved it for me. can you post you config of the [profiles] Louis Here it goes, and yes, profile acls is set to Yes. That was the only change in the Samba side in the upgrade, and it was necessary because if it wasn't set to yes, then none of the XP boxes would load the profiles (claiming it couldn't find the network service). Looking through the logs, I'd see that it tried to look for the [user] share in profiles, which existed, but somehow wasn't accessible. Setting profile acls solved that. Could that be related? [Profiles] path = /docs/main/profiles read only = No profile acls = Yes writeable = Yes browseable = No create mode = 0600 directory mode = 0700 -- Bruno Ferreira -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20a and Winbind crashing (bug?)
Den 10. okt 2005 kl. 23:40 skrev Jeremy Allison: On Sun, Oct 09, 2005 at 06:25:56PM +0100, [EMAIL PROTECTED] wrote: Hi all. having major issues on all my servers at the moment. All running RHES 3, all with samba 3.0.20a and all have the winbind crashing problem :/ the main 2 are the filestore and email servers, also get the most usage. in fact from my systems point of view, its definatly a most usage = most frequent winbind crashing issue. Any help from others or the dev team gratefully received. NB i have also set a cron to restart smb at 22:00 every night. Please try this patch : Succes, well sort off This patch works for me as well. I can no longer crash winbindd by running getent passwd However my auth.log file still contains write to socket failed! But just a few seconds later it appears to be working, but it does not work. Oct 11 11:23:20 frodo pam_winbind[6100]: write to socket failed! Oct 11 11:23:20 frodo pam_winbind[6100]: internal module error (retval = 3, user = `dkrbr1') Oct 11 11:23:27 frodo apache2[6100]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168.119.160 Oct 11 11:23:27 frodo pam_winbind[6100]: write to socket failed! Oct 11 11:23:27 frodo pam_winbind[6100]: internal module error (retval = 3, user = `dkrbr1') (someone was connecting here using ssh and a unix account) Oct 11 11:23:34 frodo apache2[6100]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168.119.160 Oct 11 11:23:34 frodo pam_winbind[6100]: write to socket failed! Oct 11 11:23:34 frodo pam_winbind[6100]: internal module error (retval = 3, user = `dkrbr1') Oct 11 11:23:38 frodo sshd[16016]: Accepted publickey for sergtepkom from 82.179.167.71 port 2932 ssh2 Oct 11 11:23:40 frodo apache2[20839]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168.119.160 Oct 11 11:23:40 frodo pam_winbind[20839]: user 'dkrbr1' granted access Oct 11 11:23:40 frodo apache2[20839]: (pam_unix) could not identify user (from getpwnam(dkrbr1)) Oct 11 11:23:40 frodo apache2[6098]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168.119.160 Oct 11 11:23:40 frodo pam_winbind[6098]: user 'dkrbr1' granted access Oct 11 11:23:40 frodo apache2[6098]: (pam_unix) could not identify user (from getpwnam(dkrbr1)) Oct 11 11:23:52 frodo apache2[20061]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168.119.160 Oct 11 11:23:52 frodo pam_winbind[20061]: user 'dkrbr1' granted access Oct 11 11:23:52 frodo apache2[20061]: (pam_unix) could not identify user (from getpwnam(dkrbr1)) Oct 11 11:23:52 frodo apache2[31528]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168.119.160 Oct 11 11:23:52 frodo pam_winbind[31528]: user 'dkrbr1' granted access Oct 11 11:23:52 frodo apache2[31528]: (pam_unix) could not identify user (from getpwnam(dkrbr1)) Oct 11 11:23:52 frodo apache2[22772]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty= ruser= rhost=192.168.119.160 Oct 11 11:23:52 frodo pam_winbind[22772]: user 'dkrbr1' granted access Oct 11 11:23:52 frodo apache2[22772]: (pam_unix) could not identify user (from getpwnam(dkrbr1)) Oct 11 11:23:54 frodo apache2[6096]: (pam_unix) authentication failure; logname= uid=33 euid=33 tty And the user complains that subversion update through apache2 through pam authentication through winbind to win 2003 server does not work. TortoiseSVN does no longer ask for username/password. A restart of winbindd did not help, i had to restart apache2 as well before it would work. After this restart i tried repeating the error by running getent passwdbut i can nolonger get write to socket failed!messages in auth.log. JonB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] remove rights on c:\Documents and Settings
Hi, on samba all our users are just member of 'domain user' group. This way gives them limted rights on local workstation, but they still have full rights on c:\Documents and Settings. Is there a way to just give them read right on that folder ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] installing samba on fedora 3
Hi, Please could someone help guide me through installing samba on fedora 3. First I would like to clear my system of previously (incorrectly) installed samba programs (there may be duplicates...) How can I do this? I had tried following web guides but only to make a mess of my system; I dont think they are appropriate for fedora 3. I have been told to use rpm, but know nothing of possible sources or commands. Please help asap... Many thanks, Khaled -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with Samba as a ADS domain member
Hi there, I have some problems with a samba server (v. 3.0.14a installed on gentoo linux 2005.1), which is a domain member server in an windows 2003 active directory domain. The authentication works fine, and when I set the permissions on the Linux side for a certain user on a certain folder, he will have the access I granted him. As I'm using reiserfs with acl-support for the /-partition and xfs (which has acl build in) for /home, I can even chown a folder to several users (by using setfacl). Nice. Now, here's what causing me trouble: User and group permissions are not displayed correctly in windows explorer. Well... you can see, who has permissions on the directories, but there are no checkboxes set. As the local admin of our customer is a pure Windows guy, I can't tell him to set permissions via a Linux commandline. He'd like to do this via Windows Explorer. Shouldn't this work? Or am I working on a problem that can not be solved with samba? Are there any errors in my smb.conf? At least, testparm As gentoo is not using the latest samba version (3.0.14a-r2 instead of 3.0.20a), I will test the scenario with a new samba compiled from the original sources. Will that be helpful? My smb.conf looks like that: [global] netbios name = fileserver-2 server string = Samba Server %v log file = /var/log/samba/samba.log log level = 9 smb passwd file = /var/lib/samba/private/smbpasswd username level = 8 os level = 33 domain master = no local master = no prefered master = no domain logons = no username map = /etc/samba/smbusers map to guest = bad user encrypt passwords = yes realm = mein-kunde.de workgroup = mein-kunde security = ads # Winbind Parameter idmap uid = 1-2 idmap gid = 1-2 winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/userdaten/%U template shell = /bin/false ;winbind enable local accounts = yes # ACL Parameter inherit acls = yes acl compatibility = auto map acl inherit = yes # Behebung einiger Kompatibilitätsprobleme #store dos attributes = yes #dos filemode = yes #dos filetimes = yes #dos filetime resolution = yes max protocol = NT1 min protocol = NT1 client lanman auth = no lanman auth = no # Netlogon Konfiguration logon path = \\%L\PROFILE\%U logon drive = h: #- Freigaben -# [homes] comment = Home Directory browseable = no writeable = yes [tmp] comment = Temporary file space path = /tmp read only = no public = yes [USERDATEN] comment = Home Directory path = /home/userdaten read only = no writeable = yes [gruppenspeicher] comment = Home Directory path = /home/gruppenspeicher read only = no [PROFILE] comment = User Profile path = /home/profile read only = no writeable = yes [netlogon] comment = Logonscripte path = /home/netlogon browseable = no Regards, Andreas -- dawin GmbH - Andreas Stallmann - Consultant Belgische Allee 50 - 53842 Troisdorf FON +49 (0)2241 / 39 71 98 - 0 FAX +49 (0)2241 / 39 71 98 - 9 -- dawin GmbH - Andreas Stallmann - Consultant Belgische Allee 50 - 53842 Troisdorf FON +49 (0)2241 / 39 71 98 - 0 FAX +49 (0)2241 / 39 71 98 - 9 -- dawin GmbH - Andreas Stallmann - Consultant Belgische Allee 50 - 53842 Troisdorf FON +49 (0)2241 / 39 71 98 - 0 FAX +49 (0)2241 / 39 71 98 - 9 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Windows 2k SBS
Hi, I have problem with WinBind and Windows SBS 2k sience this monday. When i went back to work (I work as a teacher), my windows server was restarted and my linux workstations have problem: [EMAIL PROTECTED]:~# wbinfo -u Error looking up domain users [EMAIL PROTECTED]:~# id a id: a: No such user # wbinfo -t checking the trust secret via RPC calls succeeded [EMAIL PROTECTED]:~# wbinfo --sequence KOMP15L : 1 BUILTIN : 1 MENIS : DISCONNECTED When I remove directories: /var/lib/samba and /var/cache/samba/ and I rejoin to domain: net rpc getsid; net rpc join -U Administrator%password; all works OK [EMAIL PROTECTED]:~# wbinfo --sequence MENIS : 8916 [EMAIL PROTECTED]:~# until system reboot. I'm depressed, because this is my classroom and I need it to work OK. Please, Help Me -- Przemyslaw Adam Smiejek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unrecognized pam_winbind/gdm error.
On Mon, 2005-10-10 at 15:47 -0700, Jeremy Allison wrote: On Mon, Oct 10, 2005 at 02:56:21PM -0500, Matt Sellers wrote: Hello all, I have successfully setup winbind with clients pointing to a central ldap server, and have had great results for ssh service logins, however i get wierd problems with gdm login attempts after winbind has been running for a while. Oct 10 14:45:26 ctilinux6 pam_winbind[2398]: request failed, but PAM error 0! Oct 10 14:45:26 ctilinux6 pam_winbind[2398]: internal module error (retval = 3, user = `mahmed') Oct 10 14:45:29 ctilinux6 gdm-binary[2398]: Couldn't authenticate user This error can be resolved by restarting winbind, thus allowing users to login again. Ive setup a cron job to do this every few hours but I want to find the root of the problem... many thanks to to developers and supporters of the samba project, im documenting all my setup notes / issues and am going to post them to a website soon What version of Samba ? That would help with narrowing down any winbindd issues. This rather smells like pam_winbind/winbindd version mismatch to me. Just an idea, Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntlm_auth SID problem
On Mon, 2005-10-10 at 12:32 -0300, Marcello Mezzanotti wrote: Hello all Im using a linux box running CentOS 4.1 as a proxy server with user auth with an AD Its working for a long time, but suddenly this weekend the users cant authenticate anymore looking on logs i obtain this Oct 10 08:29:59 sol (ntlm_auth): [2005/10/10 08:29:59, 0] utils/ntlm_auth.c:get_require_membership_sid(237) Oct 10 08:29:59 sol (ntlm_auth): Winbindd lookupname failed to resolve VILLAS+SQUID into a SID! searching for this error on google i tried on ntlm_auth command to change the DOMAIN+GROUP to SID and with SID works fine The problem is that ntlm_auth does the name2sid call once at startup. If this call doesn't work then, it has problems, which is why I suggest storing the SID for maximum reliability. Perhaps your DC was down when squid started? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] remove rights on c:\Documents and Settings
Patrick DUBAU schrieb: Hi, on samba all our users are just member of 'domain user' group. This way gives them limted rights on local workstation, but they still have full rights on c:\Documents and Settings. Is there a way to just give them read right on that folder ? normally, they don't have read nor write access to any folder in c:\Documents and Settings\ (other than the one belonging to them). so perhaps you something went wrong when you installed the workstation? since Samba doesn't have GPO / group policy, there is no way to change permissions on the workstations only with Samba. you could do it with WPKG though - http://wpkg.org - just execute a script and change c:\Documents and Settings acls on specified workstations. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with roaming profiles
Hi, i'm using samba version 3.0.9-2.6-SUSE on suse 9.1 platform with about 40 clients both win XP SP2 and win 2000 SP4 and over 200 users. My problem is with win xp roaming profiles. It caches profiles onto local drive and every time user logs off it starts to synchronize users profile. If there are more than one profiles cached it tries to synchronize all of them and asks username and password for each cached profile. I have set the registry key to delete roaming profiles and it does so, but when user does not log off correctly for some reason (power cut or reset button is too attempting ) it still caches his profile. i have many dumbusers around and in a month there are over 15 profiles in each computer wanting to synchronize. Is there a way to disable this synchronize? PS! profiles can be deleted.. users need their accounts just for internet, msn and printing. Siim Kobin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] remove rights on c:\Documents and Settings
The right of c:\Documents and Setting is not dependant of Samba. It's dependant of the configuration of the client. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 11/10/2005 11:54:56 : Hi, on samba all our users are just member of 'domain user' group. This way gives them limted rights on local workstation, but they still have full rights on c:\Documents and Settings. Is there a way to just give them read right on that folder ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] synchronise time
Hello, This is new to me (WPKG). I started to use a product that I had to pay for to switch users. Tell me more if you can. I've started looking at the web site documentation. Kent N Patrick DUBAU schrieb: Hi, in my logon.bat file i put : net time \\admin /SET /YES to synchronise computer time with the server. This works when the user who is login in has administrator rights on the computer. How can i do with users who are just member of the domain? Is there a way to run this command as administrator ? Thanks for any help I use WPKG for that - http://wpkg.org - (and for all other tasks needing administrator rights, like changing printers, installing and updating software, changing file permissions and registry entries etc.). -- Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: guest share not working (for disabled/locked/machine accounts)
Rex Dieter wrote: Rex Dieter wrote: Unforatunately, it appears that when local machine try to use the share for software deployment, they are also accessing it as the local Administrator account. More snooping determined this not to be the case, but that the Local System account is used for access creditials. Turns out the machines in question attempt to access the samba share using their machine account in AD, and it appears samba has a problem with this based on the plethora of these entries I'm seeing in samba's logs: [2005/10/09 15:30:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DOMAIN\MACHINE-1$ is invalid on this system Now to go off to look in smbd/sesssetup.c to see what criteria is used to determine if a username is invalid or not. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] synchronise time
Not a samba solution, but I prefer to run it as a scheduled job on each computer. Set it to multiple schedules, including at login or bootup, plus every few hours. It's not as accurate as NTP, but it works. [EMAIL PROTECTED] wrote: Hello, This is new to me (WPKG). I started to use a product that I had to pay for to switch users. Tell me more if you can. I've started looking at the web site documentation. Kent N Patrick DUBAU schrieb: Hi, in my logon.bat file i put : net time \\admin /SET /YES to synchronise computer time with the server. This works when the user who is login in has administrator rights on the computer. How can i do with users who are just member of the domain? Is there a way to run this command as administrator ? Thanks for any help I use WPKG for that - http://wpkg.org - (and for all other tasks needing administrator rights, like changing printers, installing and updating software, changing file permissions and registry entries etc.). -- Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] synchronise time
[EMAIL PROTECTED] schrieb: Hello, This is new to me (WPKG). I started to use a product that I had to pay for to switch users. Tell me more if you can. I've started looking at the web site documentation. WPKG is just something that can run commands when the system boots (or using windows equivalent to cron). It can be used to run simple commands (like time syncing) each time the workstation is booted, one time only (i.e. to remove some directories, change permissions, add registry entries), run installers to install applications (i.e. Firefox, Office etc.) - and it will track if the application was installed successfully etc. Just try to use it, and if you have any problems, subscribe to wpkg mailing list, I'll try to help. -- Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User auth-groups vs Win2k ADS Problems
Hello Everyone This samba server was working perfectly without problems. Running as an Domain member vs Win2K ADS One day it stopped working. All that happened 5 days ago was a change of the administrator/root password We adjusted the wbinfo -set-auth-user towards the new password. But nothing have worked since. install:/ # wbinfo -V Version 3.0.13-1.1-SUSE What might be wrong when the following happen? wbinfo -r TARP+hl 1 10001 10010 10011 10012 10013 10015 10016 10017 10036 install:/var/log/samba # wbinfo -n TARP+hl S-1-5-21-220523388-1957994488-854245398-2811 User (1) install:/var/log/samba # wbinfo --user-sids=S-1-5-21-220523388-1957994488-854245398-2811 Could not get group SIDs for user SID S-1-5-21-220523388-1957994488-854245398-2811 Also the ACL groups on my folders and files seam to have become corrupt/changed. I can still set users but not group ACLs. :/ (As shown below) install:/var/samba # getfacl preInstall # file: preInstall # owner: root # group: root user::rwx user:root:rwx group::rwx group:root:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:TARP+lkh:rwx default:group::rwx default:group:root:rwx default:group:1:rwx default:group:10001:rwx default:mask::rwx default:other::--- Try to add a group to the ACL install:/var/samba # setfacl -d -m 'g:tarp+domain admins:rwx' preInstall setfacl: Option -m: Invalid argument near character 3 Try to add a user to the ACL install:/var/samba # setfacl -d -m 'u:tarp+dhj:rwx' preinstall no errors Please if anyone can give me any hints of what to look for or had similary experiences please reply. would an updated version of samba help? Anything Regards Daniel Jensen Hello Everyone This samba server was working perfectly without problems. Running as an Domain member vs Win2K ADS One day it stopped working. All that happened 5 days ago was a change of the administrator/root password We adjusted the wbinfo -set-auth-user towards the new password. But nothing have worked since. install:/ # wbinfo -V Version 3.0.13-1.1-SUSE What might be wrong when the following happen? wbinfo -r TARP+hl 1 10001 10010 10011 10012 10013 10015 10016 10017 10036 install:/var/log/samba # wbinfo -n TARP+hl S-1-5-21-220523388-1957994488-854245398-2811 User (1) install:/var/log/samba # wbinfo --user-sids=S-1-5-21-220523388-1957994488-854245398-2811 Could not get group SIDs for user SID S-1-5-21-220523388-1957994488-854245398-2811 Also the ACL groups on my folders and files seam to have become corrupt/changed. I can still set users but not group ACLs. :/ (As shown below) install:/var/samba # getfacl preInstall # file: preInstall # owner: root # group: root user::rwx user:root:rwx group::rwx group:root:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:TARP+lkh:rwx default:group::rwx default:group:root:rwx default:group:1:rwx default:group:10001:rwx default:mask::rwx default:other::--- Try to add a group to the ACL install:/var/samba # setfacl -d -m 'g:tarp+domain admins:rwx' preInstall setfacl: Option -m: Invalid argument near character 3 Try to add a user to the ACL install:/var/samba # setfacl -d -m 'u:tarp+dhj:rwx' preinstall no errors Please if anyone can give me any hints of what to look for or had similary experiences please reply. would an updated version of samba help? Anything Regards Daniel Jensen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive lpstat calls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Morgan wrote: | | I run a fairly busy samba server that only serves up users' home | directory. I am running Samba v3.0.20 under Solaris 10 on a Sun v440. | I'm seeing a large number of calls to '/usr/bin/lpstat -v'. These are | probably occuring everytime a new client connects, but I'm not positive. | | The server does not have any printers attached to it, has no entries in | /etc/printers.conf, and is not running lp services at all. I am unable | to remove the lp packages from the system due to dependencies. I have | no intention of using Samba as a print server on this machine, so I'd | like to disable printing entirely and prevent Samba from calling lpstat | continuously. | | I've attached my smb.conf file. Any suggestions? Try setting printing = bsd and printcap name = /dev/null. Although we really shouldn't be looking for printers at all when there ie no [printers] section in smb.conf. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDS7aKIR7qMdg1EfYRAoC9AKDjCQcznujDhoZcLjPPnB5rSfML4ACfWNfX i2I1tA+Z0K3iMg1wgS4QaU8= =wENR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing Support - Can i disable it?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hi, | | i get constantly the following error message: | Unable to connect to CUPS server localhost - Connection refused | | The system in question is a fileserver only samba server, | therefor i want to disable printing | support, but printing = none does not really help. Try setting printing = bsd and printcap name = /dev/null cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDS7bdIR7qMdg1EfYRAp5BAKC0tP1J/k54vim/JxY0zPXyKx/XggCeN6BE K3bPi6H+WTh9/3wOR212ml0= =sYRh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] warward smbd processes
For several months now, we've been having smbd processes which 'lock' and escalate to 99% CPU utilization effectively locking the end-user out entirely and hanging their client machines. Almost exclusively happening while the user is saving either MS Word or Excel file, and even more specifically only narrowed to a couple of users. We've tried various patches offered by members of the samba team here through the list, which over the past few versions of samba have helped greatly (thanx guys), but to no avail has the problem ever ceased to exist. Admittedly, the state of our network was rather poor and ineffective for debugging purposes. Recently, we moved to change that when a nice thunderstorm took out three of our existing switches. We have since replaced the network hardware in both the main server room, and the network branch with which all the users encountering this problem exist. The network now consists of NetGear Layer 2 Managed switches, (1- 12 PORT SFP switch in the server room operating at 1000Mbit full duplex with 2 independant fiber links to (2) 24 Port 10/100 switches with 1000mbit fiber uplinks via GBICs). Figuring that perhaps the issue was indeed out network disconnecting users, and thus leaving a stale smbd processes locking the file they were using and escalating to 99% cpu in some way-ward loop of code somewhere... Now, things are running a lot faster, but the problem seems to be getting trickier. We're having users encounter a similar problem as to before, except now the first smbd process belonging to a specific client becomes locked without escalating to 100% cpu utilization. Essentially I get something similar to this: (wmpoff25 is the machine/client in question in this case, user usually calls to say 'my machine is locked up'): wmptwo# /server/bin/samba-3.0.13/bin/net status sessions | grep wmpoff25 10135 cboakes shop wmpoff25 (10.0.0.27) 10015 cboakes shop wmpoff25 (10.0.0.27) A simple 'kill 10015' does nothing, repeat... nothing, finally, 'kill -9 10015' , and poof - the end user's system comes back to them and all runs well until the next time they call us. The problem therefore the same as before, and our resolution much the same, except that now the process does not climb to high cpu utilization. In my dispair I started to think perhaps the issue is with the LDAP tree, noting that the slapd process cannot exit cleanly on our systems, (seems to be a bug in openldap/freebsd-amd64/threads), so I've since re-compiled ldap and re-created the tree from a 'slapcat' backup using a copy of ldap which is not utilizing threads. This cripples our setup a little, as slurp will not compile/run without threading support - to say nothing of the obvious performance issues in not using a threaded version of slapd. But for now, at least slapd starts, runs, and exits cleanly. We depend on ldap not only for our samba user database, but also for our unix user base via pam_ldap and nss_ldap to multiple servers and even a few *_nix workstations. So here I am again, at a loss. I tried compiling samba-3.0.20, and all compiles well, smbd starts, but nobody's home for some reason. Admittedly have not had the time nor capability to properly debug or roll-out 3.0.20, because these servers are in production environment now running slightly hacked copy of 3.0.13. I cannot stop our systems from running to 'try' them with 3.0.20, and have not a test machine capable of running freebsd/amd64 which is not already in use. Our servers are all dual AMD Opteron based boxes with dual homed gigabit ethernet connections (one link to the main network, and one amongst each other). Aside from 'try 3.0.20', any suggestions someone may offer? I will be setting up a test server shortly and trying to get 3.0.20 to run cleanly on it, but I figured it may be worth posting now to see if anyone had some other ideas. Any and all constructive feedback would be greatly appreciated. We're running FreeBSD 5.3-RELEASE/AMD64, with OpenLDAP 2.2.26 (no thread support), and samba-3.0.13 (with one server running 3.0.7 for print server with no errors thus far). -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmptl.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] installing samba on fedora 3
Please could someone help guide me through installing samba on fedora 3. First I would like to clear my system of previously (incorrectly) installed samba programs (there may be duplicates...) How can I do this? I had tried following web guides but only to make a mess of my system; I dont think they are appropriate for fedora 3. I have been told to use rpm, but know nothing of possible sources or commands. Yes, use rpm on an rpm based system unless you are knowlegeable to know where things are going to go and how to fix them. You might have a long task to get rid of the old versions depending on how many you tried and how you put them in. How many did you try? How did you install them? For all of your rpm info: man rpm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] synchronise time
Patrick DUBAU wrote: in my logon.bat file i put : net time \\admin /SET /YES to synchronise computer time with the server. This works when the user who is login in has administrator rights on the computer. How can i do with users who are just member of the domain? Is there a way to run this command as administrator ? Why not use NTP instead? Windows supports NTP (the Windows Time Service), and http://msi-repository.sourceforge.net/ has NTP for Windows MSI's that make using it easy. (I haven't tried these to know how they work.) Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba not obeying locking = no from smb.conf file
I have the following share in my smb.conf : [cdrom] comment = Samba server's CD-ROM writable = no locking = no path = /media/cdrecorder public = yes When I go to that share from a Windows workstation it does still lock as you can see: [EMAIL PROTECTED] ~]# lsof | grep cdrecorder smbd 9647root 20w DIR 22,0 2048 1792 /media/cdrecorder smbd 9647root 27r DIR 22,0 2048 1792 /media/cdrecorder This prohibits me of ejecting my cdrom when someone's browsing it. I have version 3.0.14a-2 Is this a bug or expected behavior? -- for some how-to's and rpms visit my site: http://solid.bounceme.net for commercially supported solutions visit : http://www.robas.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SOLVED] Re: [Samba] synchronise time
Thanks for all your answers. I found another way to solve my problem I use cpau.exe found at http://www.joeware.net/win/free/tools/cpau.htm First step : create an encrypt file by the following command (execute on c:\ -because on netwotk drive it won't work) : cpau.exe –u iufm\administrator –p -ex « net time \\admin /set /yes » -file setime.txt –enc Second step : copy cpau.exe and setile.txt files in netlogon directory and execute that file each time a station connects at network by placing the following line in logon.bat script cpau.exe -file \\admin\netlogon\setime.txt –dec Tomasz Chmielewski a écrit : [EMAIL PROTECTED] schrieb: Hello, This is new to me (WPKG). I started to use a product that I had to pay for to switch users. Tell me more if you can. I've started looking at the web site documentation. WPKG is just something that can run commands when the system boots (or using windows equivalent to cron). It can be used to run simple commands (like time syncing) each time the workstation is booted, one time only (i.e. to remove some directories, change permissions, add registry entries), run installers to install applications (i.e. Firefox, Office etc.) - and it will track if the application was installed successfully etc. Just try to use it, and if you have any problems, subscribe to wpkg mailing list, I'll try to help. -- Patrick DUBAU IUFM d'Alsace - Service Informatique : Parfois détruire, souvent construire, toujours Servir 200 avenue de Colmar 67100 STRASBOURG Téléphone: 03.88.40.79.76 -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] displayName vs. cn
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beschorner Daniel wrote: | In 3.0.20a/ldapsam the Usrmgr shows in the all users | view the displayName attribute as full name, but in the | user properties view the cn attribute. Seems a little | bit inconsistent to me, shouldn't be the algorithm to | retrieve the full name always the same? Is this different from 3.0.20? Or just 3.0.20 versions? And to clarify, you have both the displayName and cn attribute in a user account entry right? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDS8EeIR7qMdg1EfYRAnecAJ4s/p3mOQ+n8/6BKKgKrcIZe+uZcQCdFO+Y bWDlnw9Fe0T+loPujoPwkWc= =ZIyV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Physical path of share
Hi all! Is there a way to get the physical path of a win share? I.e I want to get C:\Data\Foldername from MyShare. Thanks Henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] displayName vs. cn
| In 3.0.20a/ldapsam the Usrmgr shows in the all users | view the displayName attribute as full name, but in the | user properties view the cn attribute. Seems a little | bit inconsistent to me, shouldn't be the algorithm to | retrieve the full name always the same? Is this different from 3.0.20? Or just 3.0.20 versions? And to clarify, you have both the displayName and cn attribute in a user account entry right? With 3.0.14 it was different, all our users got full names. I didn't try 3.0.20, but can do if necessary. Because of this change I realized how poorly our displayNames are maintained (only 5 of 150 users), in fact since 3.0.20a most users doesn't have a full name any longer in the user list. In user details (and for instance in Windows login information after Ctrl+Alt+Del) they still have. Both entries in Usrmgr claim to have the full name, but they differ. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.20a Winbind Dead but subsys locked
Hello, Last week I downloaded and installed the 3.0.20a-23 release on Redhat ES 4 x86_64bit and noticed that I am getting the Winbind Dead but subsys locked status on winbind service. The service seems to start corectly but immediately get Winbind Dead but subsys locked status message. I had been running version 3.0.20-22 64 bit version which was also downloaded from sambaenterprise.org (ftp://ftp.sernet.de/pub/samba/rhel/rhel4-x86_64/). I just noticed that this site has a 20a-24 release, I'll install it to see if it corrects the issue. Any other ideas? PC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [SOLVED] Re: [Samba] synchronise time
Tomasz Chmielewski a écrit : Patrick DUBAU schrieb: Thanks for all your answers. I found another way to solve my problem I use cpau.exe found at http://www.joeware.net/win/free/tools/cpau.htm First step : create an encrypt file by the following command (execute on c:\ -because on netwotk drive it won't work) : cpau.exe –u iufm\administrator –p -ex « net time \\admin /set /yes » -file setime.txt –enc doesn't it mean a regular user can access the Administrator password? it's encrypted, but is it that hard to guess? Well i hope it isn't. Here is a cat from the encrypt file 365355F67345113374357370223237D30E76100A74A73E74B71F70A73C66C72F6510411004103105101105102F76103B76B73E74C73112B71B72106B6 3E70106107107103104106100C76101121E73100113E73A76E67C65E71C64A71113105106104103106102101104B77E76F24C74D77113C75A65E65C71D621 06107112126105101125C77B77116A76B74 and so on ... I didn't put all the content of the file... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [SOLVED] Re: [Samba] synchronise time
Patrick DUBAU schrieb: Thanks for all your answers. I found another way to solve my problem I use cpau.exe found at http://www.joeware.net/win/free/tools/cpau.htm First step : create an encrypt file by the following command (execute on c:\ -because on netwotk drive it won't work) : cpau.exe –u iufm\administrator –p -ex « net time \\admin /set /yes » -file setime.txt –enc doesn't it mean a regular user can access the Administrator password? it's encrypted, but is it that hard to guess? -- Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: installing samba on fedora 3
Khaled wrote: Please could someone help guide me through installing samba on fedora 3. $ yum install samba -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [SOLVED] Re: [Samba] synchronise time
usually Power Users are granted rigth to modify system time. using GPO or LGPO You can change this behaviour. Tomasz Chmielewski a ?crit : Patrick DUBAU schrieb: Thanks for all your answers. I found another way to solve my problem I use cpau.exe found at http://www.joeware.net/win/free/tools/cpau.htm First step : create an encrypt file by the following command (execute on c:\ -because on netwotk drive it won't work) : cpau.exe ?u iufm\administrator ?p -ex ? net time \\admin /set /yes ? -file setime.txt ?enc doesn't it mean a regular user can access the Administrator password? it's encrypted, but is it that hard to guess? Well i hope it isn't. Here is a cat from the encrypt file 365355F67345113374357370223237D30E76100A74A73E74B71F70A73C66C72F6510411004103105101105102F76103B76B73E74C73112B71B72106B6 3E70106107107103104106100C76101121E73100113E73A76E67C65E71C64A71113105106104103106102101104B77E76F24C74D77113C75A65E65C71D621 06107112126105101125C77B77116A76B74 and so on ... I didn't put all the content of the file... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: guest share (fixed)
Rex Dieter wrote: Turns out the machines in question attempt to access the samba share using their machine account in AD, and it appears samba has a problem with this based on the plethora of these entries I'm seeing in samba's logs: [2005/10/09 15:30:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DOMAIN\MACHINE-1$ is invalid on this system Now to go off to look in smbd/sesssetup.c to see what criteria is used to determine if a username is invalid or not. I could have sworn I had tried this previously, but... It turns out we're not (yet) using winbind for UIDs (only authentication/passwords), so I needed map to guest = Bad Uid instead of map to guest = Bad User -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Windows 2k SBS
Hi, I have problem with WinBind and Windows SBS 2k sience this monday. When i went back to work (I work as a teacher), my windows server was restarted and my linux workstations have problem: [EMAIL PROTECTED]:~# wbinfo -u Error looking up domain users [EMAIL PROTECTED]:~# id a id: a: No such user # wbinfo -t checking the trust secret via RPC calls succeeded [EMAIL PROTECTED]:~# wbinfo --sequence KOMP15L : 1 BUILTIN : 1 MENIS : DISCONNECTED When I remove directories: /var/lib/samba and /var/cache/samba/ and I rejoin to domain: net rpc getsid; net rpc join -U Administrator%password; all works OK [EMAIL PROTECTED]:~# wbinfo --sequence MENIS : 8916 [EMAIL PROTECTED]:~# until system reboot or period of time. I'm depressed, because this is my classroom and I need it to work OK. Please, Help Me -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot get logged in using Server=DOMAIN
I have an FC3 intallation with samba-3.0.10-1. I cannot get it to accept a login with server=DOMAIN. I can join the domain with no problem: # net rpc join member -U scarville passwd: Joined domain TOTALFLOOD. I can browse the shares: $ smbclient -L amazon added interface ip=192.168.124.230 bcast=192.168.124.255 nmask=255.255.255.0 Password: Anonymous login successful Domain=[TOTALFLOOD] OS=[Unix] Server=[Samba 3.0.10-1.fc3] Sharename Type Comment - --- netappsDisk Network Applications common Disk Common Files public Disk Public Files IPC$ IPC IPC Service (Main File Server) ADMIN$ IPC IPC Service (Main File Server) Server Comment ---- AMAZON Main File Server ATLANTIC DC-PDC WorkgroupMaster ---- TOTALFLOOD ATLANTIC but if I actually try to login with an NT username: $ smbclient -v //amazon/common -U scarville -d 3 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] added interface ip=192.168.124.232 bcast=192.168.124.255 nmask=255.255.255.0 Client started (version 3.0.10-1.fc2). resolve_lmhosts: Attempting lmhosts lookup for name amazon0x20 resolve_wins: Attempting wins lookup for name amazon0x20 resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name amazon0x20 Connecting to 192.168.124.222 at port 445 Password: Doing spnego session setup (blob length=58) got OID=1 3 6 1 4 1 311 2 2 10 got principal=NONE Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FAILURE My configuration lookslike: $ testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netapps] Processing section [common] Processing section [public] Loaded services file OK. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = TOTALFLOOD server string = Main File Server security = DOMAIN username map = /etc/samba/smbusers log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No disable spoolss = Yes preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = winbind use default domain = Yes [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [netapps] comment = Network Applications path = /export/netapps force user = procman force group = users read only = No [common] comment = Common Files path = /export/common force group = users read only = No create mask = 0775 force create mode = 0664 directory mask = 0775 force directory mode = 0775 [public] comment = Public Files path = /export/public force user = procman force group = users read only = No create mask = 0774 In smbusers I have the line maping my NT username to my UNIX name: stephen = scarville My old samba 2.2 server on Redhat 7.2 is working OK but I'd like to upgrade if possible. -- Stephen Carville -- polluting the ranks of skeptics since 1995. --- Government is actually the worst failure of civilized man. There has never been a really good one, and even those that are most tolerable are arbitrary, cruel, grasping and unintelligent. -- H. L. Mencken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] synchronise time
On Tuesday 11 October 2005 09:30 am, Josh Kelley wrote: Why not use NTP instead? Agreed. Simplest and best. Windows supports NTP (the Windows Time Service), and http://msi-repository.sourceforge.net/ has NTP for Windows MSI's that make using it easy. (I haven't tried these to know how they work.) Windows 2k/XP/2k3 support SNTP via the Windows Time Service which, although not NTP caliber, can nevertheless sync with an NTP server. No reason to download and install anything to sync these clients. Just make sure the Windows Time Service is running, set to automatic, and pointing to a valid NTP or SNTP server. Most XP systems I've seen are as a default, automatically syncing to a Microsoft time server. Generally I change this to access the local NTP server on the server running Samba (I deal generally with small business networks so there usually aren't a lot of single purpose servers plus NTP is already needed on the server to keep its time correct). The logon script always checks to see what type of system it is: if %OS%==Windows_NT So it only runs: net time /set /yes for the non-NT (Win9x/ME) systems, which sync time at logon via Samba. Everything else syncs regularly via (S)NTP with no need to change permissions, etc. The one quirk I have noticed in the past (maybe it has been fixed by now but I haven't checked) is that when setting MS's SNTP to sync with an NTP server the IP address instead of the system name was necessary. The details can be seen via: net time ? To check the setting: net time /querysntp To set the server (if 192.168.1.1 is the listening NTP srv): net time /setsntp:192.168.1.1 Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Noelia Leiva Urbina Dirección de Informatica Ministerio de Transportes y Comunicaciones 4337800-1376 Esta comunicación representa las opiniones y puntos de vista del autor y no refleja necesariamente la posición del MTC. Si usted no es el destinatario original, sírvase notificar inmediatamente a [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with samba 3 and termnal server
On Tue, Oct 11, 2005 at 10:20:41AM +0200, Lorenzo Pilotti wrote: a customer currently uses a Suse 9.2 pro with the last version of Samba to share a folder containing data for an Enterprise Management program (Windows based). everything works fine with local clients (many 98s and 1 XP machine). we have some (15) clients connecting to the ERP program via a Terminal Server (Windows2K server). these clients often stuck in some requests for 5 to 15 minutes (randomly) and then unlock and continue working. Clients usually time out after 30 seconds. What is happening on the wire between terminal server and Samba during that time ? note that: - the same folder on a Win2000 machine works fine (ie. no stucks) - this means it is a samba problem - local clients work find - this means it is a terminal-server-related problem i thought it was something related to oplocks and i have disabled them (level 1 AND level 2) but the problem is still here. now I ***suppose*** this is something like: - samba receives many connections from the same IP (the terminal server) and has problems de-mux-ing the requests... any ideas??? It's possible to set a registry setting that causes TS to open a new SMB connection for every logged on user, this should help if the problem is requests getting stuck in smbd's single threaded queue. The TS client has some multi-threaded synchronisation problems that Microsoft could only solve by going back to the (sensible) multi-connection model. They only changed to single-connection to screw Samba over in a big account anyway (the honest and sad truth :-). You can look up the registry setting on MSDN, or someone on the list may have it to hand. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] About the group setting in smb.conf.
i never had trouble using winbindd with spaces in group names. recently tested with samba v3.0.14a against NT4 PDC greez Gary Dale wrote: Liu wrote: Hi, This is my first time to configure Samba server as a member server in AD domain, So, I have a question about how to configure a group name with one or more spaces in smb.conf? As we know, this kind of group names are very common in Windows environment. For example, set “valid users” parameter: Usually , a name starting with @ is represented group, valid users = username, @GroupName,… But if the group name includes spaces, e.g. “it dept”, “sales dept”, How can I set them correctly? (I set them as @”it dept”, but the winbind log file tells me “group it dept in domain does not exist”, But I can list this group using wbinfo �Cg) Wish someone give me a advice! Thanks in advance! Best Regards! Liu hongquan Basically, you need to map your NT groups to Linux groups. The Linux groups should not have spaces in the names. Do a search on samba groupmap for the details. -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] guest user (from session setup) not permitted to access this share
On Tuesday 27 September 2005 12:54 am, Andrew Bartlett wrote: --- --- [2005/09/08 15:43:48, 2] smbd/service.c:make_connection_snum(314) guest user (from session setup) not permitted to access this share (EACM) [2005/09/08 15:43:48, 2] smbd/service.c:make_connection_snum(314) guest user (from session setup) not permitted to access this share (EACM) --- What is the guest user (from session setup)? It just notes which part of the auth subsystem determined this was a guest access. This is normal for browsing, NETLOGON rpcs and many other protocol purposes. What can I provide to help get this problem resolved? Is there a real problem? Do you want guest access (see 'guest ok') to these shares? No, guest access is not allowed. So does that mean these are normal messages? The user who is logged on to the system and using the share does have access rights. Which is why I wonder why I see these, usually ten to twenty attempts, from the guest user quite often. Sometimes, but not always, this activity coincides with the Access app crashing (the share hosts an .mdb). Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with samba 3 and termnal server
One smbd per user on W2K TS with this registry key: http://support.microsoft.com/kb/818528/ You need the hotfix 818528 (included in Update Rollup 1 for SP4) for the key to become effective. Daniel -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Jeremy Allison Gesendet: Dienstag, 11. Oktober 2005 18:12 An: Lorenzo Pilotti Cc: samba@lists.samba.org Betreff: Re: [Samba] problems with samba 3 and termnal server On Tue, Oct 11, 2005 at 10:20:41AM +0200, Lorenzo Pilotti wrote: a customer currently uses a Suse 9.2 pro with the last version of Samba to share a folder containing data for an Enterprise Management program (Windows based). everything works fine with local clients (many 98s and 1 XP machine). we have some (15) clients connecting to the ERP program via a Terminal Server (Windows2K server). these clients often stuck in some requests for 5 to 15 minutes (randomly) and then unlock and continue working. Clients usually time out after 30 seconds. What is happening on the wire between terminal server and Samba during that time ? note that: - the same folder on a Win2000 machine works fine (ie. no stucks) - this means it is a samba problem - local clients work find - this means it is a terminal-server-related problem i thought it was something related to oplocks and i have disabled them (level 1 AND level 2) but the problem is still here. now I ***suppose*** this is something like: - samba receives many connections from the same IP (the terminal server) and has problems de-mux-ing the requests... any ideas??? It's possible to set a registry setting that causes TS to open a new SMB connection for every logged on user, this should help if the problem is requests getting stuck in smbd's single threaded queue. The TS client has some multi-threaded synchronisation problems that Microsoft could only solve by going back to the (sensible) multi-connection model. They only changed to single-connection to screw Samba over in a big account anyway (the honest and sad truth :-). You can look up the registry setting on MSDN, or someone on the list may have it to hand. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.20a Winbind Dead but subsys locked
You've got a pid file somewhere that your start script is reading. Open the start script and find the location of the pid file then delete the file and start again. hth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of PC Sent: Tuesday, October 11, 2005 6:59 AM To: samba@lists.samba.org Subject: [Samba] Samba 3.0.20a Winbind Dead but subsys locked Hello, Last week I downloaded and installed the 3.0.20a-23 release on Redhat ES 4 x86_64bit and noticed that I am getting the Winbind Dead but subsys locked status on winbind service. The service seems to start corectly but immediately get Winbind Dead but subsys locked status message. I had been running version 3.0.20-22 64 bit version which was also downloaded from sambaenterprise.org (ftp://ftp.sernet.de/pub/samba/rhel/rhel4-x86_64/). I just noticed that this site has a 20a-24 release, I'll install it to see if it corrects the issue. Any other ideas? PC -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problem with roaming profiles
Hi, this may be of interest to you: http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582displaylang=en a service called User Profile Hive Cleanup Service -- Warum können Pinguine nicht fliegen? Was nicht fliegt, kann nicht abstürzen. Never be afraid of doing tasks you are not familiar with. Noah's Ark was built by an amateur. Professionals have built the Titanic -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Changing PDC Domain name
Hello all. What are the implications of changing the domain name for a PDC? If I understand correctly, the SID is based on the domain name, so if the domain name (workgroup) setting in smb.conf is changed, will that mean that a new SID will be generated? If so, then I assume that all user/group SIDs will have to be updated. If the domain name is changed, can I just state that this is an entirely new domain and all users/groups/machines will have to be created fresh? What we have is a setup that currently only supports simple Workgroups. We are in the proccess of adding support for NT4 domains (no AD yet) using Samba 3.0.20a. The current passdb backend is LDAP, and the Samba schema is already in place. Setting up the PDC has been fairly simple so far (thank you to John Terpstra for the Howto and Examples books), but in writing the documentation for our users we need to tell them about any consequences of changing the domain name. One thing that I noticed while playing with it is that after changing the 'workgroup' setting in smb.conf, a new 'sambaDomainName' object is created in LDAP with the new name, but the same SID as before. Does this mean that the domain name can just be changed without any problems and the SID is just carried forward? Apologies if this is covered in the books or the archives. I've looked around, but sometimes with a flood of information it's easy to miss the little specific details that I'm after. /dwight -- Dwight N. Tovey email: [EMAIL PROTECTED] - Work to Live : Live to Ride : Ride to Work -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Changing PDC Domain name
On Tue, Oct 11, 2005 at 11:51:32AM -0600, Dwight Tovey wrote: Hello all. What are the implications of changing the domain name for a PDC? If I understand correctly, the SID is based on the domain name, so if the domain name (workgroup) setting in smb.conf is changed, will that mean that a new SID will be generated? If so, then I assume that all user/group SIDs will have to be updated. If the domain name is changed, can I just state that this is an entirely new domain and all users/groups/machines will have to be created fresh? The SID isn't based on the domain name, but all the indexes in the tdb's are based on the domain name. So if you change it on the PDC then you could (with effort - ie. I don't think we ship tools to do this) modify these indexes to use the new domain name. I don't think Windows clients can do this though - change the domain name means a new domain for them. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Performance issues
*sigh*, I tried the suggestions without any luck. Does anyone have any other ideas? Some more data that might be helpful: When the video freezes, it enters a loop - it will freeze for a few seconds, then play for a few seconds, freeze again, etc. If I pause playback for a couple of seconds and resume, it's normally fine from then on. Maybe this just isn't a Samba issue and I need to be looking elsewhere; but if I put the video files on a Windows share they play back fine. -Ryan On 10/7/05, Ryan Wright [EMAIL PROTECTED] wrote: List, I apologize for the newbie nature of this post; I am sure there is an easy answer somewhere, but I've tried all the search terms I can think up and can't find it. I have some video archived on a White Box 4 machine. I watch it on a Windows XP box in the other room by mapping a drive to a Samba share. Seemingly at random, my video stream will halt due to an inability to receive data from the server. If I pause for a few seconds and resume, everything is usually fine. This generally happens only once or twice per hour, but it's annoying. The video is not huge. We're talking ~350MB xvid files, 45 minutes each (compressed network TV shows). The Samba server used to be a Windows 2000 Server and the same video files worked perfectly from there. Network is gigabit on the server side, 100mbit on the client side - though even wireless should be able to stream these files. Virtually no traffic on the network (just my computers and they mostly sit idle unless I'm using them). I saw this problem again last night when copying ~10GB worth of files from another XP box to the Samba share. The copy stopped a couple of times, telling me the network path no longer existed, but after clicking OK I could still browse the share just fine. It's like an intermittant, very temporary glitch. Stats: White Box Linux 4 (kernel 2.6.9-5) Samba 3.0.10-1.4E Relevant smb.conf: [global] workgroup = WRIGHT netbios name = SATURN server string = Saturn security = domain idmap uid = 15000-2 idmap gid = 15000-2 winbind use default domain = Yes encrypt passwords = yes password server = jupiter jupiter is a Win2k server PDC. Any advice would be greatly appreciated. -Ryan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Changing PDC Domain name
Jeremy Allison said: On Tue, Oct 11, 2005 at 11:51:32AM -0600, Dwight Tovey wrote: Hello all. What are the implications of changing the domain name for a PDC? If I understand correctly, the SID is based on the domain name, so if the domain name (workgroup) setting in smb.conf is changed, will that mean that a new SID will be generated? If so, then I assume that all user/group SIDs will have to be updated. If the domain name is changed, can I just state that this is an entirely new domain and all users/groups/machines will have to be created fresh? The SID isn't based on the domain name, but all the indexes in the tdb's are based on the domain name. So if you change it on the PDC then you could (with effort - ie. I don't think we ship tools to do this) modify these indexes to use the new domain name. I don't think Windows clients can do this though - change the domain name means a new domain for them. Jeremy. Thanks. So if the domain name is changed, we can just declare that this is an entirely new setup. In that case, should I delete all the tdb's? I can probably delete the machine accounts from LDAP to force them to rejoin. Would I need to recreate or update anything in the user or group entries? BTW: How does the SID get generated? At one time I wound up with a sambaDomainName LDAP object that had a SID different from any other SID in LDAP. I have no idea what I did to trigger this though and I haven't been able to duplicate it yet. /dwight -- Dwight N. Tovey email: [EMAIL PROTECTED] - Work to Live : Live to Ride : Ride to Work -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dangling MS Access DB Lock Files *.ldb
I have an intermittent problem with dangling MS Access DB lock files. In a productive environment with N batch queus (each on a separate Windows XP Professional) a scheduler PC dispatches the work load to a free queue by means of modifying a simple MS Access DB file called PRIM.mdb, which resides on a Samba 3.0.20 share. Each free queue PC polls the same MS Access DB file every 60 seconds to see if there is a work packet to be executed by it. If there is a work package for it it modifies a state value of the respective work packet in this DB when it starts executing it as well as after the job has been done so that the scheduler knows what's going on. There's a bug in 3.0.20 that might affect this (btw it's also in 3.0.20a). I know about it because it's my fault :-(. Here's the patch for 3.0.20, and 3.0.20a. Jeremy. Thank you, Jeremy. I might have unwittingly made the impression that the problem only came with 3.0.20. The same problem was present in 3.0.14 as well as 3.0.4. It's a very intermittent problem which has been haunting me for months now. I have compiled your patches and installed it on the affected samba server and the first obvious difference is that when either the *.mdb or *.ldb file is opened then the Sharing attribute in the Open Files section of the status page is now DENY_DOS instead of DENY_NONE. (I can catch the moment when they're opend if I keep refreshing the status often enough.) I hope that no lock file will dangle any more. I'll keep you posted. Best regards Dragan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dangling MS Access DB Lock Files *.ldb
On Tue, Oct 11, 2005 at 08:03:10PM +0100, Dragan Krnic wrote: I might have unwittingly made the impression that the problem only came with 3.0.20. The same problem was present in 3.0.14 as well as 3.0.4. It's a very intermittent problem which has been haunting me for months now. Then it's not this particular bug. I have compiled your patches and installed it on the affected samba server and the first obvious difference is that when either the *.mdb or *.ldb file is opened then the Sharing attribute in the Open Files section of the status page is now DENY_DOS instead of DENY_NONE. (I can catch the moment when they're opend if I keep refreshing the status often enough.) I hope that no lock file will dangle any more. I'll keep you posted. Hopefully the combination of the new NTCreateX file open code in 3.0.20+ and this patch will do the trick. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and MS SMS
Hi, Has anyone experience installing Microsoft System Management Server on a server, that belongs to Samba network ( Samba as PDC ) ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Changing PDC Domain name
On Tue, Oct 11, 2005 at 12:13:32PM -0600, Dwight Tovey wrote: Thanks. So if the domain name is changed, we can just declare that this is an entirely new setup. In that case, should I delete all the tdb's? I can probably delete the machine accounts from LDAP to force them to rejoin. Would I need to recreate or update anything in the user or group entries? That's easiest. BTW: How does the SID get generated? At one time I wound up with a sambaDomainName LDAP object that had a SID different from any other SID in LDAP. I have no idea what I did to trigger this though and I haven't been able to duplicate it yet. The SID is generated randomly on startup if one isn't found in the secrets.tdb. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] excessive lpstat calls
On Tue, 11 Oct 2005, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Morgan wrote: | | I run a fairly busy samba server that only serves up users' home | directory. I am running Samba v3.0.20 under Solaris 10 on a Sun v440. | I'm seeing a large number of calls to '/usr/bin/lpstat -v'. These are | probably occuring everytime a new client connects, but I'm not positive. | | The server does not have any printers attached to it, has no entries in | /etc/printers.conf, and is not running lp services at all. I am unable | to remove the lp packages from the system due to dependencies. I have | no intention of using Samba as a print server on this machine, so I'd | like to disable printing entirely and prevent Samba from calling lpstat | continuously. | | I've attached my smb.conf file. Any suggestions? Try setting printing = bsd and printcap name = /dev/null. Although we really shouldn't be looking for printers at all when there ie no [printers] section in smb.conf. Thanks Jerry, this worked. Should I file a bug on this so it doesn't get lost? Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: SOLVED [Samba] problems with samba 3 and termnal server
thanks fellows, the M$ patch seems to work fine... ya guruz! ;-) loris It's possible to set a registry setting that causes TS to open a new SMB connection for every logged on user, this should help if the problem is requests getting stuck in smbd's single threaded queue. The TS client has some multi-threaded synchronisation problems that Microsoft could only solve by going back to the (sensible) multi-connection model. They only changed to single-connection to screw Samba over in a big account anyway (the honest and sad truth :-). Jeremy. __ Accesso Internet Gratis per utenti Excite! Attivalo subito! http://www.excite.it/hitech/accesso Il Mio Excite. Personalizza la tua Home page Excite come vuoi tu! http://www.excite.it AAA/Relazioni. Sfoglia gli annunci e trova la tua anima gemella http://www.excite.it/relazioni -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ADS auth when primary AD server fails
My apologies for the lack of info. Thought I had it covered... (samba version is native to RHEL4) [EMAIL PROTECTED] ~]# rpm -qa | grep samba samba-common-3.0.10-1.4E samba-3.0.10-1.4E system-config-samba-1.2.21-1 samba-client-3.0.10-1.4E [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] ~]# uname -a Linux bar 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] ~]# smbd -V Version 3.0.10-1.4E [EMAIL PROTECTED] ~]# Windows: Win2k3 no service pack I will attach the tcpdump output. Im not sure if it is appropriate to attach it to send to the list. Please don't flame me, to bad, if it is the wrong thing to do. I don't know where I will provide it otherwise. It was run as `tcpdump -i eth0 -w /tmp/tcpdump.out host 10.180.23.57 or host 10.180.23.88` while trying to login with the primary AD server down. I also have a snip from /var/log/messages when this took place but I think it mostly just says winbindd can't talk to the domain Snip Oct 10 21:13:07 bar winbindd[4008]: [2005/10/10 21:13:07, 0] nsswitch/winbindd_util.c:get_trust_pw(1034) Oct 10 21:13:07 bar winbindd[4008]: get_trust_pw: could not fetch trust account password for my domain GUTBUSTER Oct 10 21:13:07 bar pam_winbind[28308]: request failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO, PAM error was 4, NT error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Oct 10 21:13:07 bar pam_winbind[28308]: internal module error (retval = 4, user = `administrator' Oct 10 21:13:07 bar sshd(pam_unix)[28308]: check pass; user unknown Oct 10 21:13:07 bar sshd(pam_unix)[28308]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=windows.gutbuster.local Oct 10 21:13:07 bar winbindd[4008]: [2005/10/10 21:13:07, 0] nsswitch/winbindd_util.c:get_trust_pw(1034) Oct 10 21:13:07 bar winbindd[4008]: get_trust_pw: could not fetch trust account password for my domain GUTBUSTER Oct 10 21:13:07 bar pam_winbind[28308]: request failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO, PAM error was 4, NT error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Oct 10 21:13:07 bar pam_winbind[28308]: internal module error (retval = 4, user = `administrator' Oct 10 21:13:13 bar winbindd[4008]: [2005/10/10 21:13:13, 0] nsswitch/winbindd_util.c:get_trust_pw(1034) Oct 10 21:13:13 bar winbindd[4008]: get_trust_pw: could not fetch trust account password for my domain GUTBUSTER Oct 10 21:13:13 bar pam_winbind[28308]: request failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO, PAM error was 4, NT error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Oct 10 21:13:13 bar pam_winbind[28308]: internal module error (retval = 4, user = `administrator' Oct 10 21:13:13 bar sshd(pam_unix)[28308]: check pass; user unknown Oct 10 21:13:13 bar winbindd[4008]: [2005/10/10 21:13:13, 0] nsswitch/winbindd_util.c:get_trust_pw(1034) Oct 10 21:13:13 bar winbindd[4008]: get_trust_pw: could not fetch trust account password for my domain GUTBUSTER Oct 10 21:13:13 bar pam_winbind[28308]: request failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO, PAM error was 4, NT error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Oct 10 21:13:13 bar pam_winbind[28308]: internal module error (retval = 4, user = `administrator' Oct 10 21:13:23 bar winbindd[4008]: [2005/10/10 21:13:23, 0] nsswitch/winbindd_util.c:get_trust_pw(1034) Oct 10 21:13:23 bar winbindd[4008]: get_trust_pw: could not fetch trust account password for my domain GUTBUSTER Oct 10 21:13:23 bar pam_winbind[28308]: request failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO, PAM error was 4, NT error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Oct 10 21:13:23 bar pam_winbind[28308]: internal module error (retval = 4, user = `administrator' Oct 10 21:13:26 bar sshd(pam_unix)[28308]: check pass; user unknown Oct 10 21:13:26 bar winbindd[4008]: [2005/10/10 21:13:26, 0] nsswitch/winbindd_util.c:get_trust_pw(1034) Oct 10 21:13:26 bar winbindd[4008]: get_trust_pw: could not fetch trust account password for my domain GUTBUSTER Oct 10 21:13:26 bar pam_winbind[28308]: request failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO, PAM error was 4, NT error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO Oct 10 21:13:26 bar pam_winbind[28308]: internal module error (retval = 4, user = `administrator' Snip -Brian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with samba 3 and termnal server
Jeremy Allison wrote: On Tue, Oct 11, 2005 at 10:20:41AM +0200, Lorenzo Pilotti wrote: a customer currently uses a Suse 9.2 pro with the last version of Samba to share a folder containing data for an Enterprise Management program (Windows based). everything works fine with local clients (many 98s and 1 XP machine). we have some (15) clients connecting to the ERP program via a Terminal Server (Windows2K server). these clients often stuck in some requests for 5 to 15 minutes (randomly) and then unlock and continue working. I'm getting something similar - Suse 9.3 client running rdesktop with a session from TS 2003 which gets its dbase files served by a Debian Samba 3 server. Oddly, it seemed to happen after running nicely for a while, possibly the week before last. I can't see any admission of changes on MS site. It's possible to set a registry setting that causes TS to open a new SMB connection for every logged on user, this should help if the problem is requests getting stuck in smbd's single threaded queue. I'll try that. The TS client has some multi-threaded synchronisation problems that Microsoft could only solve by going back to the (sensible) multi-connection model. They only changed to single-connection to screw Samba over in a big account anyway (the honest and sad truth :-). Bad people. It isn't entirely clear to me whether the registry setting is the same for TS2003 as it was for TS2000. I'll try it. -- Dr Adrian Midgleyfrom Homefield Surgery 01392 214151 using Thunderbird -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind issues with AD domain trust
Any luck resolving this issue? I'm running into the same problem. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] help with random connection loss to server from only win98 clients
I have a Suse 9.2 server, with samba 3 and about 16 users. The share used the most (named F for F Drive) randomly disconnects during users sessions from win98SE clients. There is also a WinXP PRO client, that does not have this problem. Only the Win98 clients. I have looked through the group, and found some similar problems, but with little help to get results to fix it. I have checked the ifconfig -a on the server to see if there are any dropped packets or errors, and there are 0. I have not checked the client machines to see if there is also some problem there perhaps. What are some things I can look for? Is there perhaps an option for some sort of timeout or maximum users in the smb.conf file? Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User auth-groups vs Win2k ADS Problems
Hello Everyone This samba server was working perfectly without problems. Running as an Domain member vs Win2K ADS One day it stopped working. All that happened 5 days ago was a change of the administrator/root password We adjusted the wbinfo -set-auth-user towards the new password. But nothing have worked since. install:/ # wbinfo -V Version 3.0.13-1.1-SUSE What might be wrong when the following happen? wbinfo -r TARP+hl 1 10001 10010 10011 10012 10013 10015 10016 10017 10036 install:/var/log/samba # wbinfo -n TARP+hl S-1-5-21-220523388-1957994488-854245398-2811 User (1) install:/var/log/samba # wbinfo --user-sids=S-1-5-21-220523388-1957994488-854245398-2811 Could not get group SIDs for user SID S-1-5-21-220523388-1957994488-854245398-2811 Also the ACL groups on my folders and files seam to have become corrupt/changed. I can still set users but not group ACLs. :/ (As shown below) install:/var/samba # getfacl preInstall # file: preInstall # owner: root # group: root user::rwx user:root:rwx group::rwx group:root:rwx mask::rwx other::--- default:user::rwx default:user:root:rwx default:user:TARP+lkh:rwx default:group::rwx default:group:root:rwx default:group:1:rwx default:group:10001:rwx default:mask::rwx default:other::--- Try to add a group to the ACL install:/var/samba # setfacl -d -m 'g:tarp+domain admins:rwx' preInstall setfacl: Option -m: Invalid argument near character 3 Try to add a user to the ACL install:/var/samba # setfacl -d -m 'u:tarp+dhj:rwx' preinstall no errors Please if anyone can give me any hints of what to look for or had similary experiences please reply. would an updated version of samba help? Anything Regards Daniel Jensen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Performance issues
On Tue, Oct 11, 2005 at 11:02:55AM -0700, Ryan Wright wrote: *sigh*, I tried the suggestions without any luck. Does anyone have any other ideas? Some more data that might be helpful: When the video freezes, it enters a loop - it will freeze for a few seconds, then play for a few seconds, freeze again, etc. If I pause playback for a couple of seconds and resume, it's normally fine from then on. Maybe this just isn't a Samba issue and I need to be looking elsewhere; but if I put the video files on a Windows share they play back fine. You might want to try tweaking some of the TCP parameters. Steve French has reported these can make quite a difference. Try : use sendfile = yes socket options = TCP_NODELAY SO_RCVBUF=65536 SO_SNDBUF=65536 just for a quick test. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS auth when primary AD server fails
On Tue, Oct 11, 2005 at 09:13:39AM -0500, [EMAIL PROTECTED] wrote: My apologies for the lack of info. Thought I had it covered... (samba version is native to RHEL4) [EMAIL PROTECTED] ~]# rpm -qa | grep samba samba-common-3.0.10-1.4E samba-3.0.10-1.4E system-config-samba-1.2.21-1 samba-client-3.0.10-1.4E [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] ~]# uname -a Linux bar 2.6.9-5.EL #1 Wed Jan 5 19:22:18 EST 2005 i686 i686 i386 GNU/Linux [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] ~]# smbd -V Version 3.0.10-1.4E [EMAIL PROTECTED] ~]# Windows: Win2k3 no service pack I will attach the tcpdump output. Im not sure if it is appropriate to attach it to send to the list. Please don't flame me, to bad, if it is the wrong thing to do. I don't know where I will provide it otherwise. It was run as `tcpdump -i eth0 -w /tmp/tcpdump.out host 10.180.23.57 or host 10.180.23.88` while trying to login with the primary AD server down. I also have a snip from /var/log/messages when this took place but I think it mostly just says winbindd can't talk to the domain Is it possible for you to try 3.0.20a or (later this week) 3.0.20b ? There are improvements in winbindd fallback code in those releases. At least then we know we're working with the latest code base (winbindd has had major changes on it between 3.0.10 and 3.0.20). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mount.cifs: iocharset/codepage
I am trying to access a share on a samba server using charset iso8859-1 from a client using the same charset via CIFS. smbmount has separate options for the server/client charset, using codepage=cp850,iocharset=iso8859-1 gets the correct behavior in my case. Unfortunately, the parameter for specifying the server codepage doesn't seem to exist in mount.cifs (it looks, like utf-8 is assumed). Is there any way to explicitly set this? Regards, Peter Daum -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't see Samba Server from Win2k
--- [EMAIL PROTECTED] escribió: I've read other posts on this, but can't figure out what I'm doing wrong. I have Suse 8.0, Samba 2.2.3a, and Win2k. Win2k Setup: workgroup = HOME_NET Host Name = Copernicus IP : 192.168.0.7 Subnet : 255.255.255.0 Def Gateway: 192.168.0.1 smb.conf (comments removed): === [global] workgroup = HOME_NET netbios name = gallileo encrypt passwords = yes security = share wins support = yes guest only = yes username map = /etc/samba/smbusers interfaces = 192.168.0.7/255.255.255.0 character set = ISO8859-15 client code page = 850 veto files = /*.eml/*.nws/riched20.dll/*.{*}/ [homes] comment = Home Directories read only = No browseable = No [share1] path = /home/jimmy read only = Yes browseable = yes guest ok = Yes public = yes == I set up lmhosts as follows: 1.- Have you setted up a trust account for your win2k pc? 2.- Why use lmhosts? accoring to your smb.conf you re using samba as a wins server? 3.- you need to specify wich password backend you are using eg: passdb backend = tdbsam:/etc/samba/passdb.tdb James. ___ 1GB gratis, Antivirus y Antispam Correo Yahoo!, el mejor correo web del mundo http://correo.yahoo.com.ar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mixing share and user?
Hi, My goal is to set up the server so that one directory acts like a windows share that (1) does not require any log in information to gain access (2) Can be viewed from a windows box and selected using map network drive. At the the same time, I also want to set up private space on the disk that does require an authorized user, username and password for access. My set up (see smb.conf below), as currently written, helps me accomplish the second goal. But not the first. As I'm looking at this, it occurs to me that the problem is that the open to all director is within the /home directory tree. Is there a way to make an exception to the security = users directive specified in [global]? Or should I place it in another directory altogether. The open to all directory will contain two things: files shared by everyone on the network and data for a custom database which is accessed by client-type applications distributed across the network. Thanks in advance for the help! Bob smb.conf. [global] workgroup = home_office netbios name = DEXTERLAKE server string = NBTAFileServer security = user encrypt passwords = yes guest account = public username map = /etc/samba/smbusers guest ok = yes [public] comment = For Lighthouse and general NBTA User data guest ok = yes force user = public path = /home/public/public writeable = yes browseable = yes [homes] comment = User Space path = /home/%U writeable = yes browseable = yes -- Bob Cohen Principal MojoTools and b.p.e.Creative http://www.mojotools.com bob -at- mojotools.com 508.384.0405 Yahoo IM bob_j_cohen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
re: [Samba] User unable to change their password using smbpasswd
Hi, yaya I still can't. Who can help me! Why can't I find any solution here although before there're some issue about it. -原始邮件- 发件人: yaya [mailto:[EMAIL PROTECTED] 发送时间: 2005年10月10日 15:10 收件人: FCG Lu Bei; samba@lists.samba.org 主题: Re: [Samba] User unable to change their password using smbpasswd Maybe you need to use the -U username option. smbpasswd -U username yaya From: FCG Lu Bei [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Monday, October 10, 2005 1:24 PM Subject: [Samba] User unable to change their password using smbpasswd Hello, everyone I searched in the list, some problems are the same as it. But I can't find the resolution. Would you please help me. Now, nobody can change the password. -原始邮件- 发件人: FCG Lu Bei 发送时间: 2005年10月10日 12:18 收件人: 'samba@lists.samba.org' 主题: User unable to change their password using smbpasswd 重要性: 高 May anyone help me solve the problem? I use samba 2.2.2 on Solaris 8 ngnvob02 [** NONE **]/export/home/sitlb $ cd /usr/local/samba/bin ngnvob02 [** NONE **]/usr/local/samba/bin $ ./smbpasswd Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the tconX on the IPC$ share. Error was : ERRSRV - ERRbadpw. Failed to change password for sitlb But I can change the passwd as root. Thank you very much! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mixing share and user?
Bob, Try to do a chmod -R 777 /home/public -- it's possible that filesystem permissions are not right. Also try adding these lines to the definition for the public share as well. force group = public read only = No create mask = 0777 directory mask = 0777 Hope this helps you out!! On Tue, 11 Oct 2005 19:40:46 -0400, Bob Cohen wrote: Hi, My goal is to set up the server so that one directory acts like a windows share that (1) does not require any log in information to gain access (2) Can be viewed from a windows box and selected using map network drive. At the the same time, I also want to set up private space on the disk that does require an authorized user, username and password for access. My set up (see smb.conf below), as currently written, helps me accomplish the second goal. But not the first. As I'm looking at this, it occurs to me that the problem is that the open to all director is within the /home directory tree. Is there a way to make an exception to the security = users directive specified in [global]? Or should I place it in another directory altogether. The open to all directory will contain two things: files shared by everyone on the network and data for a custom database which is accessed by client-type applications distributed across the network. Thanks in advance for the help! Bob smb.conf. [global] workgroup = home_office netbios name = DEXTERLAKE server string = NBTAFileServer security = user encrypt passwords = yes guest account = public username map = /etc/samba/smbusers guest ok = yes [public] comment = For Lighthouse and general NBTA User data guest ok = yes force user = public path = /home/public/public writeable = yes browseable = yes [homes] comment = User Space path = /home/%U writeable = yes browseable = yes -- Bob Cohen Principal MojoTools and b.p.e.Creative http://www.mojotools.com bob -at- mojotools.com 508.384.0405 Yahoo IM bob_j_cohen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind issues with AD domain trust
Den 11. okt 2005 kl. 20:06 skrev Giles Mullen: Any luck resolving this issue? I'm running into the same problem. get the posted patch, or checkout the latest from svn, this worked for me. I no longer experience a dead winbindd. JonB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r10892 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: tridge Date: 2005-10-11 06:21:07 + (Tue, 11 Oct 2005) New Revision: 10892 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10892 Log: - improved the handling of the special distinguishedName attribute - ensure we don't add attributes twice, should a user ask for the attribute twice. Do this in such a way that we don't become O(n^2) - removed some unused code Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2005-10-11 05:01:52 UTC (rev 10891) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2005-10-11 06:21:07 UTC (rev 10892) @@ -42,11 +42,18 @@ add one element to a message */ static int msg_add_element(struct ldb_context *ldb, - struct ldb_message *ret, const struct ldb_message_element *el) + struct ldb_message *ret, + const struct ldb_message_element *el, + int check_duplicates) { unsigned int i; struct ldb_message_element *e2, *elnew; + if (check_duplicates ldb_msg_find_element(ret, el-name)) { + /* its already there */ + return 0; + } + e2 = talloc_realloc(ret, ret-elements, struct ldb_message_element, ret-num_elements+1); if (!e2) { return -1; @@ -84,6 +91,30 @@ } /* + add the special distinguishedName element +*/ +static int msg_add_distinguished_name(struct ldb_module *module, struct ldb_message *msg) +{ + struct ldb_message_element el; + struct ldb_val val; + int ret; + + el.flags = 0; + el.name = talloc_strdup(msg, distinguishedName); + if (!el.name) { + return -1; + } + el.num_values = 1; + el.values = val; + val.data = ldb_dn_linearize(msg, msg-dn); + val.length = strlen(val.data); + + ret = msg_add_element(module-ldb, msg, el, 1); + talloc_free(el.name); + return ret; +} + +/* add all elements from one message into another */ static int msg_add_all_elements(struct ldb_module *module, struct ldb_message *ret, @@ -91,14 +122,20 @@ { struct ldb_context *ldb = module-ldb; unsigned int i; + int check_duplicates = (ret-num_elements != 0); + if (msg_add_distinguished_name(module, ret) != 0) { + return -1; + } + for (i=0;imsg-num_elements;i++) { const struct ldb_attrib_handler *h; h = ldb_attrib_handler(ldb, msg-elements[i].name); if (h-flags LDB_ATTR_FLAG_HIDDEN) { continue; } - if (msg_add_element(ldb, ret, msg-elements[i]) != 0) { + if (msg_add_element(ldb, ret, msg-elements[i], + check_duplicates) != 0) { return -1; } } @@ -151,27 +188,10 @@ continue; } - if (ldb_attr_cmp(attrs[i], dn) == 0 || - ldb_attr_cmp(attrs[i], distinguishedName) == 0) { - struct ldb_message_element el2; - struct ldb_val val; - - el2.flags = 0; - el2.name = talloc_strdup(ret, attrs[i]); - if (!el2.name) { - talloc_free(ret); - return NULL; + if (ldb_attr_cmp(attrs[i], distinguishedName) == 0) { + if (msg_add_distinguished_name(module, ret) != 0) { + return -1; } - el2.num_values = 1; - el2.values = val; - val.data = ldb_dn_linearize(ret, ret-dn); - val.length = strlen(val.data); - - if (msg_add_element(ldb, ret, el2) != 0) { - talloc_free(ret); - return NULL; - } - talloc_free(discard_const_p(char, el2.name)); continue; } @@ -179,7 +199,7 @@ if (!el) { continue; } - if (msg_add_element(ldb, ret, el) != 0) { + if (msg_add_element(ldb, ret, el, 1) != 0) { talloc_free(ret); return NULL; } @@ -277,69 +297,7 @@ return tdb_chainunlock_read(ltdb-tdb, key); } - - /* - search the database for a single simple dn -*/ -static int ltdb_search_dn(struct ldb_module
svn commit: samba r10893 - in branches/SAMBA_4_0/source/lib/tdb: .
Author: tridge Date: 2005-10-11 10:53:28 + (Tue, 11 Oct 2005) New Revision: 10893 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10893 Log: add configure test for utime (needed for the previous utime patch) Modified: branches/SAMBA_4_0/source/lib/tdb/config.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/tdb/config.m4 === --- branches/SAMBA_4_0/source/lib/tdb/config.m4 2005-10-11 06:21:07 UTC (rev 10892) +++ branches/SAMBA_4_0/source/lib/tdb/config.m4 2005-10-11 10:53:28 UTC (rev 10893) @@ -1,4 +1,4 @@ -AC_CHECK_FUNCS(mmap pread pwrite getpagesize) +AC_CHECK_FUNCS(mmap pread pwrite getpagesize utime) AC_CHECK_HEADERS(getopt.h sys/select.h sys/time.h) AC_DEFINE([_GNU_SOURCE],[],[Pull in GNU extensions])
svn commit: samba r10894 - in branches/SAMBA_4_0/source: auth/gensec dsdb/samdb lib lib/ldb/common lib/ldb/tools libnet nbt_server/wins rpc_server/drsuapi rpc_server/lsa rpc_server/samr
Author: tridge Date: 2005-10-11 11:00:16 + (Tue, 11 Oct 2005) New Revision: 10894 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10894 Log: make the handling of dn/distinguishedName much closer to real ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to Modified: branches/SAMBA_4_0/source/auth/gensec/schannel_state.c branches/SAMBA_4_0/source/dsdb/samdb/samdb.c branches/SAMBA_4_0/source/lib/gendb.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_parse.c branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbdel.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbedit.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c branches/SAMBA_4_0/source/libnet/libnet_samsync_ldb.c branches/SAMBA_4_0/source/nbt_server/wins/winsdb.c branches/SAMBA_4_0/source/rpc_server/drsuapi/drsuapi_cracknames.c branches/SAMBA_4_0/source/rpc_server/lsa/dcesrv_lsa.c branches/SAMBA_4_0/source/rpc_server/samr/dcesrv_samr.c Changeset: Sorry, the patch is too large (375 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10894
svn commit: samba r10895 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: tridge Date: 2005-10-11 12:25:55 + (Tue, 11 Oct 2005) New Revision: 10895 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10895 Log: allow 'dn=string' searches to work again. Windows doesn't allow these, but they are so very useful for things like [EMAIL PROTECTED] that I think its worth supporting them Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c === --- branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c2005-10-11 11:00:16 UTC (rev 10894) +++ branches/SAMBA_4_0/source/lib/ldb/common/ldb_match.c2005-10-11 12:25:55 UTC (rev 10895) @@ -151,13 +151,8 @@ struct ldb_dn *valuedn; int ret; - /* catch the old method of dn matching */ - if (ldb_attr_cmp(tree-u.equality.attr, dn) == 0) { - ldb_debug(ldb, LDB_DEBUG_FATAL, attempt to match on 'dn' - should use distinguishedName); - return 0; - } - - if (ldb_attr_cmp(tree-u.equality.attr, distinguishedName) == 0) { + if (ldb_attr_cmp(tree-u.equality.attr, dn) == 0 || + ldb_attr_cmp(tree-u.equality.attr, distinguishedName) == 0) { valuedn = ldb_dn_explode_casefold(ldb, tree-u.equality.value.data); if (valuedn == NULL) { return 0;
svn commit: samba r10896 - in branches/SAMBA_4_0/source/lib/replace: .
Author: tridge Date: 2005-10-11 12:30:34 + (Tue, 11 Oct 2005) New Revision: 10896 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10896 Log: added a strcasestr() replacement function Modified: branches/SAMBA_4_0/source/lib/replace/config.m4 branches/SAMBA_4_0/source/lib/replace/replace.c branches/SAMBA_4_0/source/lib/replace/replace.h Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/config.m4 === --- branches/SAMBA_4_0/source/lib/replace/config.m4 2005-10-11 12:25:55 UTC (rev 10895) +++ branches/SAMBA_4_0/source/lib/replace/config.m4 2005-10-11 12:30:34 UTC (rev 10896) @@ -45,7 +45,7 @@ AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror) AC_CHECK_FUNCS(timegm setenv vsyslog setlinebuf mktime ftruncate chsize rename) AC_CHECK_FUNCS(waitpid strnlen strlcpy strlcat innetgr initgroups memmove strdup) -AC_CHECK_FUNCS(pread pwrite strndup) +AC_CHECK_FUNCS(pread pwrite strndup strcasestr) AC_HAVE_DECL(setresuid, [#include unistd.h]) AC_HAVE_DECL(setresgid, [#include unistd.h]) AC_HAVE_DECL(errno, [#include errno.h]) Modified: branches/SAMBA_4_0/source/lib/replace/replace.c === --- branches/SAMBA_4_0/source/lib/replace/replace.c 2005-10-11 12:25:55 UTC (rev 10895) +++ branches/SAMBA_4_0/source/lib/replace/replace.c 2005-10-11 12:30:34 UTC (rev 10896) @@ -22,6 +22,7 @@ #include system/wait.h #include system/time.h #include system/network.h +#include system/iconv.h void replace_dummy(void); void replace_dummy(void) {} @@ -534,4 +535,17 @@ } #endif - +#ifndef HAVE_STRCASESTR +char *strcasestr(const char *haystack, const char *needle) +{ + const char *s; + size_t nlen = strlen(needle); + for (s=haystack;*s;s++) { + if (toupper(*needle) == toupper(*s) + strncasecmp(s, needle, nlen) == 0) { + return discard_const_p(char, s); + } + } + return NULL; +} +#endif Modified: branches/SAMBA_4_0/source/lib/replace/replace.h === --- branches/SAMBA_4_0/source/lib/replace/replace.h 2005-10-11 12:25:55 UTC (rev 10895) +++ branches/SAMBA_4_0/source/lib/replace/replace.h 2005-10-11 12:30:34 UTC (rev 10896) @@ -84,6 +84,10 @@ int rename(const char *zfrom, const char *zto); #endif +#ifndef HAVE_STRCASESTR +char *strcasestr(const char *haystack, const char *needle); +#endif + #ifndef HAVE_FTRUNCATE int ftruncate(int f,long l); #endif
svn commit: samba r10897 - in branches/SAMBA_4_0/source: dsdb dsdb/samdb/ldb_modules lib/ldb/common
Author: tridge Date: 2005-10-11 12:31:31 + (Tue, 11 Oct 2005) New Revision: 10897 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10897 Log: added in a hackish ldb proxy module that I am using to experiment with mmc management support Added: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/proxy.c Modified: branches/SAMBA_4_0/source/dsdb/config.mk branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c Changeset: Sorry, the patch is too large (380 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10897
svn commit: samba r10898 - in branches/tmp: .
Author: jerry Date: 2005-10-11 14:02:40 + (Tue, 11 Oct 2005) New Revision: 10898 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10898 Log: creating tmp branch for the 3.0.20b release Added: branches/tmp/SAMBA_3_0_20B/ Changeset: Copied: branches/tmp/SAMBA_3_0_20B (from rev 10897, tags/release-3-0-20a)
svn commit: samba r10899 - in branches/tmp/SAMBA_3_0_20B: . source source/include source/nmbd source/nsswitch source/smbd source/wrepld
Author: jerry Date: 2005-10-11 14:19:06 + (Tue, 11 Oct 2005) New Revision: 10899 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10899 Log: merges for 3.0.20b svn merge -r10819:10888 $SVNURL/branches/SAMBA_3_0 svn merge -r10730:10744 $SVNURL/branches/SAMBA_3_0 svn merge -r10676:10688 $SVNURL/branches/SAMBA_3_0 Start updating the WHATSNEW and setting the version Modified: branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt branches/tmp/SAMBA_3_0_20B/source/VERSION branches/tmp/SAMBA_3_0_20B/source/include/smb.h branches/tmp/SAMBA_3_0_20B/source/nmbd/nmbd.c branches/tmp/SAMBA_3_0_20B/source/nsswitch/winbindd_misc.c branches/tmp/SAMBA_3_0_20B/source/smbd/open.c branches/tmp/SAMBA_3_0_20B/source/smbd/posix_acls.c branches/tmp/SAMBA_3_0_20B/source/smbd/server.c branches/tmp/SAMBA_3_0_20B/source/wrepld/server.c Changeset: Modified: branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt === --- branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt 2005-10-11 14:02:40 UTC (rev 10898) +++ branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt 2005-10-11 14:19:06 UTC (rev 10899) @@ -1,6 +1,6 @@ === - Release Notes for Samba 3.0.20a - Sept 30, 2005 + Release Notes for Samba 3.0.20b + Oct 11, 2005 === This is the latest stable release of Samba. This is the version @@ -8,6 +8,36 @@ bug-fixes. Please read the following important changes in this release. +Common bugs fixed in 3.0.20b include: + + o + + + +## +Changes +### + + +Changes since 3.0.20a +- + +commits +--- + +o Jeremy Allison [EMAIL PROTECTED] +o Gerald (Jerry) Carter [EMAIL PROTECTED] +o Volker Lendecke [EMAIL PROTECTED] + + +Release Notes for older release follow: + + -- + === + Release Notes for Samba 3.0.20a + Sept 30, 2005 + === + Common bugs fixed in 3.0.20a include: o Stability problems with winbindd. @@ -154,8 +184,6 @@ * BUG 3052: Fix compile issues on OpenBSD. -Release Notes for older release follow: - -- == Release Notes for Samba 3.0.20 Modified: branches/tmp/SAMBA_3_0_20B/source/VERSION === --- branches/tmp/SAMBA_3_0_20B/source/VERSION 2005-10-11 14:02:40 UTC (rev 10898) +++ branches/tmp/SAMBA_3_0_20B/source/VERSION 2005-10-11 14:19:06 UTC (rev 10899) @@ -31,7 +31,7 @@ # e.g. SAMBA_VERSION_REVISION=a# # - 2.2.8a# -SAMBA_VERSION_REVISION=a +SAMBA_VERSION_REVISION=b # For 'pre' releases the version will be # Modified: branches/tmp/SAMBA_3_0_20B/source/include/smb.h === --- branches/tmp/SAMBA_3_0_20B/source/include/smb.h 2005-10-11 14:02:40 UTC (rev 10898) +++ branches/tmp/SAMBA_3_0_20B/source/include/smb.h 2005-10-11 14:19:06 UTC (rev 10899) @@ -27,6 +27,10 @@ #ifndef _SMB_H #define _SMB_H +/* logged when starting the various Samba daemons */ +#define COPYRIGHT_STARTUP_MESSAGE Copyright Andrew Tridgell and the Samba Team 1992-2005 + + #if defined(LARGE_SMB_OFF_T) #define BUFFER_SIZE (128*1024) #else /* no large readwrite possible */ Modified: branches/tmp/SAMBA_3_0_20B/source/nmbd/nmbd.c === --- branches/tmp/SAMBA_3_0_20B/source/nmbd/nmbd.c 2005-10-11 14:02:40 UTC (rev 10898) +++ branches/tmp/SAMBA_3_0_20B/source/nmbd/nmbd.c 2005-10-11 14:19:06 UTC (rev 10899) @@ -715,7 +715,7 @@ reopen_logs(); DEBUG( 0, ( Netbios nameserver version %s started.\n, SAMBA_VERSION_STRING) ); - DEBUGADD( 0, ( Copyright Andrew Tridgell and the Samba Team 1994-2004\n ) ); + DEBUGADD( 0, ( %s\n, COPYRIGHT_STARTUP_MESSAGE ) ); if ( !reload_nmbd_services(False) ) return(-1); Modified: branches/tmp/SAMBA_3_0_20B/source/nsswitch/winbindd_misc.c === --- branches/tmp/SAMBA_3_0_20B/source/nsswitch/winbindd_misc.c 2005-10-11 14:02:40 UTC (rev 10898) +++ branches/tmp/SAMBA_3_0_20B/source/nsswitch/winbindd_misc.c 2005-10-11 14:19:06 UTC (rev 10899) @@ -131,7 +131,8 @@ if (num_domains 0) extra_data =
svn commit: samba r10900 - in branches/tmp/SAMBA_3_0_20B: .
Author: jerry Date: 2005-10-11 14:38:04 + (Tue, 11 Oct 2005) New Revision: 10900 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10900 Log: updating relnotes with commit log Modified: branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt Changeset: Modified: branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt === --- branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt 2005-10-11 14:19:06 UTC (rev 10899) +++ branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt 2005-10-11 14:38:04 UTC (rev 10900) @@ -10,7 +10,10 @@ Common bugs fixed in 3.0.20b include: - o + o A crash bug in winbindd + o Reporting files as read-only instead of returning the +correct error code of access denied + @@ -26,8 +29,13 @@ --- o Jeremy Allison [EMAIL PROTECTED] -o Gerald (Jerry) Carter [EMAIL PROTECTED] +* BUG 3088: Fix error condition for files on a read-write share + which cannot be read due to permissions. + + o Volker Lendecke [EMAIL PROTECTED] +* BUG 3068: Fix for winbindd crashed by empty DC alternative + name. Release Notes for older release follow:
svn commit: samba r10901 - branches/SAMBA_3_0/source/smbd trunk/source/smbd
Author: jerry Date: 2005-10-11 14:46:40 + (Tue, 11 Oct 2005) New Revision: 10901 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10901 Log: BUG 3145: Fix build issue regarding quota support on Solaris Modified: branches/SAMBA_3_0/source/smbd/quotas.c trunk/source/smbd/quotas.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/quotas.c === --- branches/SAMBA_3_0/source/smbd/quotas.c 2005-10-11 14:38:04 UTC (rev 10900) +++ branches/SAMBA_3_0/source/smbd/quotas.c 2005-10-11 14:46:40 UTC (rev 10901) @@ -414,7 +414,7 @@ static int quotastat; -static int xdr_getquota_args(XDR *xdrsp, struct getquota_args *args) +static int my_xdr_getquota_args(XDR *xdrsp, struct getquota_args *args) { if (!xdr_string(xdrsp, args-gqa_pathp, RQ_PATHLEN )) return(0); @@ -423,7 +423,7 @@ return (1); } -static int xdr_getquota_rslt(XDR *xdrsp, struct getquota_rslt *gqr) +static int my_xdr_getquota_rslt(XDR *xdrsp, struct getquota_rslt *gqr) { if (!xdr_int(xdrsp, quotastat)) { DEBUG(6,(nfs_quotas: Status bad or zero\n)); @@ -493,7 +493,7 @@ clnt-cl_auth = authunix_create_default(); DEBUG(9,(nfs_quotas: auth_success\n)); - clnt_stat=clnt_call(clnt, RQUOTAPROC_GETQUOTA, xdr_getquota_args, (caddr_t)args, xdr_getquota_rslt, (caddr_t)gqr, timeout); + clnt_stat=clnt_call(clnt, RQUOTAPROC_GETQUOTA, my_xdr_getquota_args, (caddr_t)args, my_xdr_getquota_rslt, (caddr_t)gqr, timeout); if (clnt_stat != RPC_SUCCESS) { DEBUG(9,(nfs_quotas: clnt_call fail\n)); Modified: trunk/source/smbd/quotas.c === --- trunk/source/smbd/quotas.c 2005-10-11 14:38:04 UTC (rev 10900) +++ trunk/source/smbd/quotas.c 2005-10-11 14:46:40 UTC (rev 10901) @@ -414,7 +414,7 @@ static int quotastat; -static int xdr_getquota_args(XDR *xdrsp, struct getquota_args *args) +static int my_xdr_getquota_args(XDR *xdrsp, struct getquota_args *args) { if (!xdr_string(xdrsp, args-gqa_pathp, RQ_PATHLEN )) return(0); @@ -423,7 +423,7 @@ return (1); } -static int xdr_getquota_rslt(XDR *xdrsp, struct getquota_rslt *gqr) +static int my_xdr_getquota_rslt(XDR *xdrsp, struct getquota_rslt *gqr) { if (!xdr_int(xdrsp, quotastat)) { DEBUG(6,(nfs_quotas: Status bad or zero\n)); @@ -493,7 +493,7 @@ clnt-cl_auth = authunix_create_default(); DEBUG(9,(nfs_quotas: auth_success\n)); - clnt_stat=clnt_call(clnt, RQUOTAPROC_GETQUOTA, xdr_getquota_args, (caddr_t)args, xdr_getquota_rslt, (caddr_t)gqr, timeout); + clnt_stat=clnt_call(clnt, RQUOTAPROC_GETQUOTA, my_xdr_getquota_args, (caddr_t)args, my_xdr_getquota_rslt, (caddr_t)gqr, timeout); if (clnt_stat != RPC_SUCCESS) { DEBUG(9,(nfs_quotas: clnt_call fail\n));
svn commit: samba r10902 - in branches/tmp/SAMBA_3_0_20B: . source/smbd
Author: jerry Date: 2005-10-11 14:56:44 + (Tue, 11 Oct 2005) New Revision: 10902 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10902 Log: adding quota fix from Alex Deiter Modified: branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt branches/tmp/SAMBA_3_0_20B/source/smbd/quotas.c Changeset: Modified: branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt === --- branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt 2005-10-11 14:46:40 UTC (rev 10901) +++ branches/tmp/SAMBA_3_0_20B/WHATSNEW.txt 2005-10-11 14:56:44 UTC (rev 10902) @@ -33,6 +33,10 @@ which cannot be read due to permissions. +o Alex Deiter [EMAIL PROTECTED] +* BUG 3145: Fix build issue regarding quota support on Solaris. + + o Volker Lendecke [EMAIL PROTECTED] * BUG 3068: Fix for winbindd crashed by empty DC alternative name. Modified: branches/tmp/SAMBA_3_0_20B/source/smbd/quotas.c === --- branches/tmp/SAMBA_3_0_20B/source/smbd/quotas.c 2005-10-11 14:46:40 UTC (rev 10901) +++ branches/tmp/SAMBA_3_0_20B/source/smbd/quotas.c 2005-10-11 14:56:44 UTC (rev 10902) @@ -414,7 +414,7 @@ static int quotastat; -static int xdr_getquota_args(XDR *xdrsp, struct getquota_args *args) +static int my_xdr_getquota_args(XDR *xdrsp, struct getquota_args *args) { if (!xdr_string(xdrsp, args-gqa_pathp, RQ_PATHLEN )) return(0); @@ -423,7 +423,7 @@ return (1); } -static int xdr_getquota_rslt(XDR *xdrsp, struct getquota_rslt *gqr) +static int my_xdr_getquota_rslt(XDR *xdrsp, struct getquota_rslt *gqr) { if (!xdr_int(xdrsp, quotastat)) { DEBUG(6,(nfs_quotas: Status bad or zero\n)); @@ -493,7 +493,7 @@ clnt-cl_auth = authunix_create_default(); DEBUG(9,(nfs_quotas: auth_success\n)); - clnt_stat=clnt_call(clnt, RQUOTAPROC_GETQUOTA, xdr_getquota_args, (caddr_t)args, xdr_getquota_rslt, (caddr_t)gqr, timeout); + clnt_stat=clnt_call(clnt, RQUOTAPROC_GETQUOTA, my_xdr_getquota_args, (caddr_t)args, my_xdr_getquota_rslt, (caddr_t)gqr, timeout); if (clnt_stat != RPC_SUCCESS) { DEBUG(9,(nfs_quotas: clnt_call fail\n));
svn commit: samba r10903 - in branches/tmp/samba4-winsrepl: . source/auth/gensec source/dsdb source/dsdb/samdb source/dsdb/samdb/ldb_modules source/lib source/lib/ldb/common source/lib/ldb/ldb_tdb sou
Author: metze Date: 2005-10-11 15:21:00 + (Tue, 11 Oct 2005) New Revision: 10903 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10903 Log: [EMAIL PROTECTED] (orig r10891): tridge | 2005-10-11 07:01:52 +0200 I noticed that the secrets.db was not being backed up on my system due to msync/mmap not changing the mtime of the file. This patch ensures that for successfully completed transactions we update the mtime. I don't do this on all tdb writes as its too expensive, but doing it just on transactions is bearable, as those cost quite a lot anyway. [EMAIL PROTECTED] (orig r10892): tridge | 2005-10-11 08:21:07 +0200 - improved the handling of the special distinguishedName attribute - ensure we don't add attributes twice, should a user ask for the attribute twice. Do this in such a way that we don't become O(n^2) - removed some unused code [EMAIL PROTECTED] (orig r10893): tridge | 2005-10-11 12:53:28 +0200 add configure test for utime (needed for the previous utime patch) [EMAIL PROTECTED] (orig r10894): tridge | 2005-10-11 13:00:16 +0200 make the handling of dn/distinguishedName much closer to real ldap. Also ensure we put a objectclass on our private ldb's, so they have some chance of being stored in ldap if you want to [EMAIL PROTECTED] (orig r10895): tridge | 2005-10-11 14:25:55 +0200 allow 'dn=string' searches to work again. Windows doesn't allow these, but they are so very useful for things like [EMAIL PROTECTED] that I think its worth supporting them [EMAIL PROTECTED] (orig r10896): tridge | 2005-10-11 14:30:34 +0200 added a strcasestr() replacement function [EMAIL PROTECTED] (orig r10897): tridge | 2005-10-11 14:31:31 +0200 added in a hackish ldb proxy module that I am using to experiment with mmc management support Added: branches/tmp/samba4-winsrepl/source/dsdb/samdb/ldb_modules/proxy.c Modified: branches/tmp/samba4-winsrepl/ branches/tmp/samba4-winsrepl/source/auth/gensec/schannel_state.c branches/tmp/samba4-winsrepl/source/dsdb/config.mk branches/tmp/samba4-winsrepl/source/dsdb/samdb/samdb.c branches/tmp/samba4-winsrepl/source/lib/gendb.c branches/tmp/samba4-winsrepl/source/lib/ldb/common/ldb_match.c branches/tmp/samba4-winsrepl/source/lib/ldb/common/ldb_modules.c branches/tmp/samba4-winsrepl/source/lib/ldb/common/ldb_parse.c branches/tmp/samba4-winsrepl/source/lib/ldb/ldb_tdb/ldb_search.c branches/tmp/samba4-winsrepl/source/lib/ldb/tools/cmdline.c branches/tmp/samba4-winsrepl/source/lib/ldb/tools/ldbdel.c branches/tmp/samba4-winsrepl/source/lib/ldb/tools/ldbedit.c branches/tmp/samba4-winsrepl/source/lib/ldb/tools/ldbsearch.c branches/tmp/samba4-winsrepl/source/lib/replace/config.m4 branches/tmp/samba4-winsrepl/source/lib/replace/replace.c branches/tmp/samba4-winsrepl/source/lib/replace/replace.h branches/tmp/samba4-winsrepl/source/lib/tdb/common/transaction.c branches/tmp/samba4-winsrepl/source/lib/tdb/config.m4 branches/tmp/samba4-winsrepl/source/libnet/libnet_samsync_ldb.c branches/tmp/samba4-winsrepl/source/nbt_server/wins/winsdb.c branches/tmp/samba4-winsrepl/source/rpc_server/drsuapi/drsuapi_cracknames.c branches/tmp/samba4-winsrepl/source/rpc_server/lsa/dcesrv_lsa.c branches/tmp/samba4-winsrepl/source/rpc_server/samr/dcesrv_samr.c Changeset: Sorry, the patch is too large (1053 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10903
svn commit: samba r10904 - branches/SAMBA_3_0/source branches/SAMBA_3_0/source/script trunk/source trunk/source/script
Author: jerry Date: 2005-10-11 16:12:40 + (Tue, 11 Oct 2005) New Revision: 10904 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10904 Log: build patches from Marc Balmer [EMAIL PROTECTED] when builddir!=srcdir Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/script/installman.sh trunk/source/Makefile.in trunk/source/script/installman.sh Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2005-10-11 15:21:00 UTC (rev 10903) +++ branches/SAMBA_3_0/source/Makefile.in 2005-10-11 16:12:40 UTC (rev 10904) @@ -811,24 +811,24 @@ dynconfig.o: dynconfig.c Makefile @echo Compiling $*.c - @$(CC) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c dynconfig.c -o $@ + @$(CC) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c $(srcdir)/dynconfig.c -o $@ [EMAIL PROTECTED]@: dynconfig.c Makefile @if (: $@ || : $@) /dev/null 21; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi @echo Compiling $*.c with @PICFLAGS@ - @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c dynconfig.c -o $@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c $(srcdir)/dynconfig.c -o $@ @BROKEN_CC@-mv `echo $@ | sed -e 's%^.*/%%g' -e '[EMAIL PROTECTED]@$$%.o%'` $@ lib/version.o: lib/version.c include/version.h @echo Compiling $*.c - @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c lib/version.c -o $@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c $(srcdir)/lib/version.c -o $@ lib/[EMAIL PROTECTED]@: lib/version.c include/version.h @if (: $@ || : $@) /dev/null 21; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi @echo Compiling $*.c with @PICFLAGS@ - @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c lib/version.c -o $@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c $(srcdir)/lib/version.c -o $@ @BROKEN_CC@-mv `echo $@ | sed -e 's%^.*/%%g' -e '[EMAIL PROTECTED]@$$%.o%'` $@ smbd/build_options.o: smbd/build_options.c Makefile include/config.h include/build_env.h include/proto.h Modified: branches/SAMBA_3_0/source/script/installman.sh === --- branches/SAMBA_3_0/source/script/installman.sh 2005-10-11 15:21:00 UTC (rev 10903) +++ branches/SAMBA_3_0/source/script/installman.sh 2005-10-11 16:12:40 UTC (rev 10904) @@ -13,7 +13,7 @@ GROFF=$4# sh cmd line, including options fi -if test ! -d ../docs/manpages; then +if test ! -d $SRCDIR../docs/manpages; then echo No manpages present. SVN development version maybe? exit 0 fi Modified: trunk/source/Makefile.in === --- trunk/source/Makefile.in2005-10-11 15:21:00 UTC (rev 10903) +++ trunk/source/Makefile.in2005-10-11 16:12:40 UTC (rev 10904) @@ -820,24 +820,24 @@ dynconfig.o: dynconfig.c Makefile @echo Compiling $*.c - @$(CC) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c dynconfig.c -o $@ + @$(CC) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c $(srcdir)/dynconfig.c -o $@ [EMAIL PROTECTED]@: dynconfig.c Makefile @if (: $@ || : $@) /dev/null 21; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi @echo Compiling $*.c with @PICFLAGS@ - @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c dynconfig.c -o $@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c $(srcdir)/dynconfig.c -o $@ @BROKEN_CC@-mv `echo $@ | sed -e 's%^.*/%%g' -e '[EMAIL PROTECTED]@$$%.o%'` $@ lib/version.o: lib/version.c include/version.h @echo Compiling $*.c - @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c lib/version.c -o $@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c $(srcdir)/lib/version.c -o $@ lib/[EMAIL PROTECTED]@: lib/version.c include/version.h @if (: $@ || : $@) /dev/null 21; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi @echo Compiling $*.c with @PICFLAGS@ - @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c lib/version.c -o $@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c $(srcdir)/lib/version.c -o $@ @BROKEN_CC@-mv `echo $@ | sed -e 's%^.*/%%g' -e '[EMAIL PROTECTED]@$$%.o%'` $@ smbd/build_options.o: smbd/build_options.c Makefile include/config.h include/build_env.h include/proto.h Modified: trunk/source/script/installman.sh === --- trunk/source/script/installman.sh 2005-10-11 15:21:00 UTC (rev 10903) +++
svn commit: samba r10905 - in branches/tmp/SAMBA_3_0_20B/source: . script
Author: jerry Date: 2005-10-11 16:12:48 + (Tue, 11 Oct 2005) New Revision: 10905 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10905 Log: build patches from Marc Balmer [EMAIL PROTECTED] when builddir!=srcdir Modified: branches/tmp/SAMBA_3_0_20B/source/Makefile.in branches/tmp/SAMBA_3_0_20B/source/script/installman.sh Changeset: Modified: branches/tmp/SAMBA_3_0_20B/source/Makefile.in === --- branches/tmp/SAMBA_3_0_20B/source/Makefile.in 2005-10-11 16:12:40 UTC (rev 10904) +++ branches/tmp/SAMBA_3_0_20B/source/Makefile.in 2005-10-11 16:12:48 UTC (rev 10905) @@ -785,24 +785,24 @@ dynconfig.o: dynconfig.c Makefile @echo Compiling $*.c - @$(CC) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c dynconfig.c -o $@ + @$(CC) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c $(srcdir)/dynconfig.c -o $@ [EMAIL PROTECTED]@: dynconfig.c Makefile @if (: $@ || : $@) /dev/null 21; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi @echo Compiling $*.c with @PICFLAGS@ - @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c dynconfig.c -o $@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c $(srcdir)/dynconfig.c -o $@ @BROKEN_CC@-mv `echo $@ | sed -e 's%^.*/%%g' -e '[EMAIL PROTECTED]@$$%.o%'` $@ lib/version.o: lib/version.c include/version.h @echo Compiling $*.c - @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c lib/version.c -o $@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PIE_CFLAGS@ -c $(srcdir)/lib/version.c -o $@ lib/[EMAIL PROTECTED]@: lib/version.c include/version.h @if (: $@ || : $@) /dev/null 21; then rm -f $@; else \ dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi @echo Compiling $*.c with @PICFLAGS@ - @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c lib/version.c -o $@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAGS@ -c $(srcdir)/lib/version.c -o $@ @BROKEN_CC@-mv `echo $@ | sed -e 's%^.*/%%g' -e '[EMAIL PROTECTED]@$$%.o%'` $@ smbd/build_options.o: smbd/build_options.c Makefile include/config.h include/build_env.h include/proto.h Modified: branches/tmp/SAMBA_3_0_20B/source/script/installman.sh === --- branches/tmp/SAMBA_3_0_20B/source/script/installman.sh 2005-10-11 16:12:40 UTC (rev 10904) +++ branches/tmp/SAMBA_3_0_20B/source/script/installman.sh 2005-10-11 16:12:48 UTC (rev 10905) @@ -13,7 +13,7 @@ GROFF=$4# sh cmd line, including options fi -if test ! -d ../docs/manpages; then +if test ! -d $SRCDIR../docs/manpages; then echo No manpages present. SVN development version maybe? exit 0 fi
svn commit: samba r10907 - branches/SAMBA_3_0/source/libads branches/SAMBA_3_0/source/libsmb trunk/source/libads trunk/source/libsmb
Author: gd Date: 2005-10-11 16:27:05 + (Tue, 11 Oct 2005) New Revision: 10907 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10907 Log: Handle the case when we can't verify the PAC signature because the ticket was encrypted using a DES key (and the Windows KDC still puts CKSUMTYPE_HMAC_MD5_ARCFOUR in the PAC). In that case, return to old behaviour and ignore the PAC. Thanks to Chengjie Liu [EMAIL PROTECTED]. Guenther Modified: branches/SAMBA_3_0/source/libads/kerberos_verify.c branches/SAMBA_3_0/source/libsmb/clikrb5.c trunk/source/libads/kerberos_verify.c trunk/source/libsmb/clikrb5.c Changeset: Modified: branches/SAMBA_3_0/source/libads/kerberos_verify.c === --- branches/SAMBA_3_0/source/libads/kerberos_verify.c 2005-10-11 16:14:00 UTC (rev 10906) +++ branches/SAMBA_3_0/source/libads/kerberos_verify.c 2005-10-11 16:27:05 UTC (rev 10907) @@ -272,6 +272,7 @@ DATA_BLOB *session_key) { NTSTATUS sret = NT_STATUS_LOGON_FAILURE; + NTSTATUS pac_ret; DATA_BLOB auth_data; krb5_context context = NULL; krb5_auth_context auth_context = NULL; @@ -400,7 +401,8 @@ #endif /* continue when no PAC is retrieved - (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set) */ + (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, + or Kerberos tickets encryped using a DES key) - Guenther */ got_auth_data = get_auth_data_from_tkt(mem_ctx, auth_data, tkt); if (!got_auth_data) { @@ -409,10 +411,10 @@ if (got_auth_data pac_data != NULL) { - sret = decode_pac_data(mem_ctx, auth_data, context, keyblock, client_principal, authtime, pac_data); - if (!NT_STATUS_IS_OK(sret)) { - DEBUG(0,(ads_verify_ticket: failed to decode PAC_DATA: %s\n, nt_errstr(sret))); - goto out; + pac_ret = decode_pac_data(mem_ctx, auth_data, context, keyblock, client_principal, authtime, pac_data); + if (!NT_STATUS_IS_OK(pac_ret)) { + DEBUG(3,(ads_verify_ticket: failed to decode PAC_DATA: %s\n, nt_errstr(pac_ret))); + *pac_data = NULL; } data_blob_free(auth_data); } Modified: branches/SAMBA_3_0/source/libsmb/clikrb5.c === --- branches/SAMBA_3_0/source/libsmb/clikrb5.c 2005-10-11 16:14:00 UTC (rev 10906) +++ branches/SAMBA_3_0/source/libsmb/clikrb5.c 2005-10-11 16:27:05 UTC (rev 10907) @@ -689,6 +689,12 @@ input, cksum, checksum_valid); + if (ret) { + DEBUG(3,(smb_krb5_verify_checksum: krb5_c_verify_checksum() failed: %s\n, + error_message(ret))); + return ret; + } + if (!checksum_valid) ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; } Modified: trunk/source/libads/kerberos_verify.c === --- trunk/source/libads/kerberos_verify.c 2005-10-11 16:14:00 UTC (rev 10906) +++ trunk/source/libads/kerberos_verify.c 2005-10-11 16:27:05 UTC (rev 10907) @@ -272,6 +272,7 @@ DATA_BLOB *session_key) { NTSTATUS sret = NT_STATUS_LOGON_FAILURE; + NTSTATUS pac_ret; DATA_BLOB auth_data; krb5_context context = NULL; krb5_auth_context auth_context = NULL; @@ -400,7 +401,8 @@ #endif /* continue when no PAC is retrieved - (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set) */ + (like accounts that have the UF_NO_AUTH_DATA_REQUIRED flag set, + or Kerberos tickets encryped using a DES key) - Guenther */ got_auth_data = get_auth_data_from_tkt(mem_ctx, auth_data, tkt); if (!got_auth_data) { @@ -409,10 +411,10 @@ if (got_auth_data pac_data != NULL) { - sret = decode_pac_data(mem_ctx, auth_data, context, keyblock, client_principal, authtime, pac_data); - if (!NT_STATUS_IS_OK(sret)) { - DEBUG(0,(ads_verify_ticket: failed to decode PAC_DATA: %s\n, nt_errstr(sret))); - goto out; + pac_ret = decode_pac_data(mem_ctx, auth_data, context, keyblock, client_principal, authtime, pac_data); + if (!NT_STATUS_IS_OK(pac_ret)) { + DEBUG(3,(ads_verify_ticket: failed to decode PAC_DATA: %s\n, nt_errstr(pac_ret))); + *pac_data = NULL; } data_blob_free(auth_data); } Modified: trunk/source/libsmb/clikrb5.c
svn commit: samba r10909 - in branches/SAMBA_3_0/source: include libsmb utils
Author: jmcd Date: 2005-10-11 18:42:25 + (Tue, 11 Oct 2005) New Revision: 10909 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10909 Log: Give better shutdown messages Modified: branches/SAMBA_3_0/source/include/doserr.h branches/SAMBA_3_0/source/libsmb/doserr.c branches/SAMBA_3_0/source/utils/net_rpc.c Changeset: Modified: branches/SAMBA_3_0/source/include/doserr.h === --- branches/SAMBA_3_0/source/include/doserr.h 2005-10-11 17:36:29 UTC (rev 10908) +++ branches/SAMBA_3_0/source/include/doserr.h 2005-10-11 18:42:25 UTC (rev 10909) @@ -196,6 +196,7 @@ #define WERR_REG_FILE_INVALID W_ERROR(1017) #define WERR_NO_SUCH_SERVICE W_ERROR(1060) #define WERR_INVALID_SERVICE_CONTROL W_ERROR(1052) +#define WERR_MACHINE_LOCKED W_ERROR(1271) #define WERR_INVALID_SECURITY_DESCRIPTOR W_ERROR(1338) #define WERR_SERVER_UNAVAILABLE W_ERROR(1722) #define WERR_INVALID_FORM_NAME W_ERROR(1902) Modified: branches/SAMBA_3_0/source/libsmb/doserr.c === --- branches/SAMBA_3_0/source/libsmb/doserr.c 2005-10-11 17:36:29 UTC (rev 10908) +++ branches/SAMBA_3_0/source/libsmb/doserr.c 2005-10-11 18:42:25 UTC (rev 10909) @@ -66,6 +66,7 @@ { WERR_DFS_NO_SUCH_SERVER, WERR_DFS_NO_SUCH_SERVER }, { WERR_DFS_INTERNAL_ERROR, WERR_DFS_INTERNAL_ERROR }, { WERR_DFS_CANT_CREATE_JUNCT, WERR_DFS_CANT_CREATE_JUNCT }, + { WERR_MACHINE_LOCKED, WERR_MACHINE_LOCKED }, { WERR_INVALID_SECURITY_DESCRIPTOR, WERR_INVALID_SECURITY_DESCRIPTOR }, { WERR_INVALID_OWNER, WERR_INVALID_OWNER }, { WERR_SERVER_UNAVAILABLE, WERR_SERVER_UNAVAILABLE }, Modified: branches/SAMBA_3_0/source/utils/net_rpc.c === --- branches/SAMBA_3_0/source/utils/net_rpc.c 2005-10-11 17:36:29 UTC (rev 10908) +++ branches/SAMBA_3_0/source/utils/net_rpc.c 2005-10-11 18:42:25 UTC (rev 10909) @@ -4610,9 +4610,9 @@ if (NT_STATUS_IS_OK(result)) { d_printf(\nShutdown of remote machine succeeded\n); DEBUG(5,(Shutdown of remote machine succeeded\n)); - } else - DEBUG(0,(Shutdown of remote machine failed!\n)); - + } else { + DEBUG(1,(Shutdown of remote machine failed!\n)); + } return result; } @@ -4640,7 +4640,7 @@ int argc, const char **argv) { - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + WERROR result; const char *msg = This machine will be shutdown shortly; uint32 timeout = 20; #if 0 @@ -4676,16 +4676,19 @@ } /* create an entry */ - result = werror_to_ntstatus(rpccli_reg_shutdown(pipe_hnd, mem_ctx, msg, timeout, opt_reboot, opt_force)); + result = rpccli_reg_shutdown(pipe_hnd, mem_ctx, msg, timeout, opt_reboot, opt_force); - if (NT_STATUS_IS_OK(result)) { + if (W_ERROR_IS_OK(result)) { d_printf(\nShutdown of remote machine succeeded\n); - DEBUG(5,(Shutdown of remote machine succeeded\n)); + } else { + d_printf(\nShutdown of remote machine failed\n); + if (W_ERROR_EQUAL(result,WERR_MACHINE_LOCKED)) + d_printf(\nMachine locked, use -f switch to force\n); + else + d_printf(\nresult was: %s\n, dos_errstr(result)); } - else - DEBUG(0,(Shutdown of remote machine failed!\n)); - return result; + return werror_to_ntstatus(result); } /** @@ -4703,13 +4706,14 @@ int rc = run_rpc_command(NULL, PI_SHUTDOWN, 0, rpc_init_shutdown_internals, argc, argv); - if (rc == 0) - return rc; - DEBUG(1, (initshutdown pipe didn't work, trying winreg pipe\n)); + if (rc) { + DEBUG(1, (initshutdown pipe failed, trying winreg pipe\n)); + rc = run_rpc_command(NULL, PI_WINREG, 0, +rpc_reg_shutdown_internals, argc, argv); + } - return run_rpc_command(NULL, PI_WINREG, 0, rpc_reg_shutdown_internals, - argc, argv); + return rc; } /***
svn commit: samba r10910 - in trunk/source: include libsmb utils
Author: jmcd Date: 2005-10-11 18:53:13 + (Tue, 11 Oct 2005) New Revision: 10910 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10910 Log: Give better shutdown messages Modified: trunk/source/include/doserr.h trunk/source/libsmb/doserr.c trunk/source/utils/net_rpc.c Changeset: Modified: trunk/source/include/doserr.h === --- trunk/source/include/doserr.h 2005-10-11 18:42:25 UTC (rev 10909) +++ trunk/source/include/doserr.h 2005-10-11 18:53:13 UTC (rev 10910) @@ -196,6 +196,7 @@ #define WERR_REG_FILE_INVALID W_ERROR(1017) #define WERR_NO_SUCH_SERVICE W_ERROR(1060) #define WERR_INVALID_SERVICE_CONTROL W_ERROR(1052) +#define WERR_MACHINE_LOCKED W_ERROR(1271) #define WERR_INVALID_SECURITY_DESCRIPTOR W_ERROR(1338) #define WERR_EVENTLOG_FILE_CORRUPT W_ERROR(1500) #define WERR_SERVER_UNAVAILABLE W_ERROR(1722) Modified: trunk/source/libsmb/doserr.c === --- trunk/source/libsmb/doserr.c2005-10-11 18:42:25 UTC (rev 10909) +++ trunk/source/libsmb/doserr.c2005-10-11 18:53:13 UTC (rev 10910) @@ -66,6 +66,7 @@ { WERR_DFS_NO_SUCH_SERVER, WERR_DFS_NO_SUCH_SERVER }, { WERR_DFS_INTERNAL_ERROR, WERR_DFS_INTERNAL_ERROR }, { WERR_DFS_CANT_CREATE_JUNCT, WERR_DFS_CANT_CREATE_JUNCT }, + { WERR_MACHINE_LOCKED, WERR_MACHINE_LOCKED }, { WERR_INVALID_SECURITY_DESCRIPTOR, WERR_INVALID_SECURITY_DESCRIPTOR }, { WERR_INVALID_OWNER, WERR_INVALID_OWNER }, { WERR_SERVER_UNAVAILABLE, WERR_SERVER_UNAVAILABLE }, Modified: trunk/source/utils/net_rpc.c === --- trunk/source/utils/net_rpc.c2005-10-11 18:42:25 UTC (rev 10909) +++ trunk/source/utils/net_rpc.c2005-10-11 18:53:13 UTC (rev 10910) @@ -4610,9 +4610,9 @@ if (NT_STATUS_IS_OK(result)) { d_printf(\nShutdown of remote machine succeeded\n); DEBUG(5,(Shutdown of remote machine succeeded\n)); - } else - DEBUG(0,(Shutdown of remote machine failed!\n)); - + } else { + DEBUG(1,(Shutdown of remote machine failed!\n)); + } return result; } @@ -4640,7 +4640,7 @@ int argc, const char **argv) { - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; + WERROR result; const char *msg = This machine will be shutdown shortly; uint32 timeout = 20; #if 0 @@ -4676,16 +4676,19 @@ } /* create an entry */ - result = werror_to_ntstatus(rpccli_reg_shutdown(pipe_hnd, mem_ctx, msg, timeout, opt_reboot, opt_force)); + result = rpccli_reg_shutdown(pipe_hnd, mem_ctx, msg, timeout, opt_reboot, opt_force); - if (NT_STATUS_IS_OK(result)) { + if (W_ERROR_IS_OK(result)) { d_printf(\nShutdown of remote machine succeeded\n); - DEBUG(5,(Shutdown of remote machine succeeded\n)); + } else { + d_printf(\nShutdown of remote machine failed\n); + if (W_ERROR_EQUAL(result,WERR_MACHINE_LOCKED)) + d_printf(\nMachine locked, use -f switch to force\n); + else + d_printf(\nresult was: %s\n, dos_errstr(result)); } - else - DEBUG(0,(Shutdown of remote machine failed!\n)); - return result; + return werror_to_ntstatus(result); } /** @@ -4703,13 +4706,14 @@ int rc = run_rpc_command(NULL, PI_SHUTDOWN, 0, rpc_init_shutdown_internals, argc, argv); - if (rc == 0) - return rc; - DEBUG(1, (initshutdown pipe didn't work, trying winreg pipe\n)); + if (rc) { + DEBUG(1, (initshutdown pipe failed, trying winreg pipe\n)); + rc = run_rpc_command(NULL, PI_WINREG, 0, +rpc_reg_shutdown_internals, argc, argv); + } - return run_rpc_command(NULL, PI_WINREG, 0, rpc_reg_shutdown_internals, - argc, argv); + return rc; } /***
svn commit: samba r10911 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/param branches/SAMBA_3_0/source/passdb branches/SAMBA_3_0/source/rpc_server trunk/source/include trunk/source/par
Author: jmcd Date: 2005-10-11 20:14:04 + (Tue, 11 Oct 2005) New Revision: 10911 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10911 Log: part of #2861: add rename support for usrmgr.exe when using tdbsam This gets it working before replacing tdb with the samba4 version. Modified: branches/SAMBA_3_0/source/include/passdb.h branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/passdb/pdb_tdb.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c trunk/source/include/passdb.h trunk/source/param/loadparm.c trunk/source/passdb/pdb_interface.c trunk/source/passdb/pdb_tdb.c trunk/source/rpc_server/srv_samr_nt.c Changeset: Sorry, the patch is too large (1081 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=10911
Build status as of Wed Oct 12 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-10-11 00:00:33.0 + +++ /home/build/master/cache/broken_results.txt 2005-10-12 00:00:11.0 + @@ -1,17 +1,17 @@ -Build status as of Tue Oct 11 00:00:02 2005 +Build status as of Wed Oct 12 00:00:02 2005 Build counts: Tree Total Broken Panic ccache 10 2 0 distcc 11 3 0 -lorikeet-heimdal 12 6 0 -ppp 18 0 0 -rsync37 2 0 +lorikeet-heimdal 12 8 0 +ppp 17 0 0 +rsync33 2 0 samba2 0 0 samba-docs 0 0 0 -samba4 38 16 4 -samba_3_038 10 0 -smb-build29 5 0 -talloc 11 5 0 -tdb 9 4 0 +samba4 37 15 4 +samba_3_037 9 0 +smb-build28 5 0 +talloc 10 5 0 +tdb 34 4 0