AW: [Samba] net rpc utility to add machine account ?
Andrew, thanks for your reply. My problem is, how to join future clients. Either the machine is not builded up, or the admin is not available to let the machine join. So i want to make a list of machine-names and add them to the domain. But, if possible not with the two steps useradd and smbpasswd. My first thought, was to use the net rcp utility, but if that doesn't work, if go and write a simple wrapper-script arround useradd and smbpasswd. For some reasons we don't want to use the windows tools. cu Holgi -Ursprüngliche Nachricht- Von: Andrew Bartlett [mailto:[EMAIL PROTECTED] Gesendet: Samstag, 26. November 2005 09:43 An: Holger Wöhle Cc: samba@lists.samba.org Betreff: Re: [Samba] net rpc utility to add machine account ? On Mon, 2005-11-21 at 17:18 +0100, Holger Wöhle wrote: Hello, can i use the samba net utility to add a machine account to my samba domain ? I added add user script ass machine script a.s.o. The WinNT4.0 Tools Domain Manager and User Manager are working fine, but i want an easy solution for the linux cmdline. 'net rpc join' should do that. Run this on your linux clients to join them to the domain. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd -d nobody, listing still possible?
hi, i wondered why i can still list my shares with smbclient -NL localip, security = SHARE i just disable the user nobody? the log: [2005/11/27 12:05:48, 2] lib/interface.c:add_interface(81) added interface ip=192.168.10.66 bcast=192.168.10.255 nmask=255.255.255.0 [2005/11/27 12:05:48, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/27 12:05:48, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/11/27 12:05:48, 3] smbd/uid.c:push_conn_ctx(388) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/11/27 12:05:48, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/27 12:05:48, 3] smbd/server.c:main(839) loaded services [2005/11/27 12:05:48, 3] smbd/server.c:main(854) Becoming a daemon. [2005/11/27 12:05:48, 2] lib/tallocmsg.c:register_msg_pool_usage(56) Registered MSG_REQ_POOL_USAGE [2005/11/27 12:05:48, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/11/27 12:05:48, 3] printing/printing.c:start_background_queue(1321) start_background_queue: Starting background LPQ thread [2005/11/27 12:05:48, 2] smbd/server.c:open_sockets_smbd(334) waiting for a connection [2005/11/27 12:05:54, 3] smbd/oplock.c:init_oplocks(1380) open_oplock_ipc: opening loopback UDP socket. [2005/11/27 12:05:54, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(309) Linux kernel oplocks enabled [2005/11/27 12:05:54, 3] smbd/oplock.c:init_oplocks(1411) open_oplock ipc: pid = 5986, global_oplock_port = 32771 [2005/11/27 12:05:54, 3] smbd/process.c:process_smb(1114) Transaction 0 of length 183 [2005/11/27 12:05:54, 3] smbd/process.c:switch_message(900) switch message SMBnegprot (pid 5986) conn 0x0 [2005/11/27 12:05:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [MICROSOFT NETWORKS 1.03] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [MICROSOFT NETWORKS 3.0] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [LANMAN1.0] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [LM1.2X002] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [DOS LANMAN2.1] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(466) Requested protocol [Samba] [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_nt1(331) not using SPNEGO [2005/11/27 12:05:54, 3] smbd/negprot.c:reply_negprot(559) Selected protocol NT LANMAN 1.0 [2005/11/27 12:05:54, 3] smbd/process.c:process_smb(1114) Transaction 1 of length 142 [2005/11/27 12:05:54, 3] smbd/process.c:switch_message(900) switch message SMBsesssetupX (pid 5986) conn 0x0 [2005/11/27 12:05:54, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/11/27 12:05:54, 3] smbd/sesssetup.c:reply_sesssetup_and_X(751) wct=13 flg2=0xc801 [2005/11/27 12:05:54, 3] smbd/sesssetup.c:reply_sesssetup_and_X(897) Domain=[MIDEARTH] NativeOS=[Unix] NativeLanMan=[Samba 3.0.20b] PrimaryDomain=[null] [2005/11/27 12:05:54, 3] smbd/sesssetup.c:reply_sesssetup_and_X(912) sesssetupX:[EMAIL PROTECTED] [2005/11/27 12:05:54, 3] smbd/sesssetup.c:check_guest_password(115) Got anonymous request [2005/11/27 12:05:54, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/11/27 12:05:54,
RE: [Samba] smbpasswd -d nobody, listing still possible?
Julius, Set 'security = user'. Kind regards, Jeroen van Meeuwen -- kanarip -Original Message- Subject: [Samba] smbpasswd -d nobody, listing still possible? hi, i wondered why i can still list my shares with smbclient -NL localip, security = SHARE i just disable the user nobody? my conf: [global] workgroup = MIDEARTH netbios name = GANDALF security = SHARE message command = sh -c '/usr/kde/3.4/bin/winpopup-send.sh %s %m' bind interfaces only = yes interfaces = eth0 lo passdb backend = tdbsam guest account = nobody #logging log file = /tmp/samba.log log level = 3 [data] comment = Data path = /home/metalfan/Windows guest only = Yes writeable = Yes and the smbclient -NL localip output: Domain=[MIDEARTH] OS=[Unix] Server=[Samba 3.0.20b] Sharename Type Comment - --- dataDisk Data data2 Disk IPC$IPC IPC Service (Samba 3.0.20b) ADMIN$ IPC IPC Service (Samba 3.0.20b) Domain=[MIDEARTH] OS=[Unix] Server=[Samba 3.0.20b] Server Comment ---- GANDALF Samba 3.0.20b WorkgroupMaster ---- MIDEARTH shouldnt i just get some error like..no user.. ? greets Julius -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Losing wallpapers on roaming profiles
Hi! I'm getting difficulties with wallpapers on roaming profiles on a samba 3.0.9-2.3 under SuSE 9.2 with Windows XP Professional Clients. I discovered, by reading other postings concerning this topic, that Windows won't use jpegs as wallpapers on roaming profiles (converts them to bmp and stores them in Local Settings, which doesn't roam). So I converted the pictures to bmp myself an used them as wallpaper. Still they got lost most of the time. Has anyone encountered the same problem and found some solutions? Thanks, Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Red X and guest user message in logs
Joel Franco wrote: Try sniff the ethernet communication with ethereal in the server (within a VNC server is cool), or try to increase the log level (3 gives you a lot information). Too much information, unfortunately. :-( The problem happens at random, and setting log level to 3 for an undefined time I run the risk of getting out of disk space (I already tried). Maybe I could sniff, yes, but browsing through tons of ethernet packets looks like a rather extreme solution to me. -- Ciao, Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba domian and running services on XP ws
Hello Ppl advice me how can I force every ws in domain have particular service running ? other words - when any station login to domain(samba based) it get running just services I want ? -- Best regards, maxxik mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] useradd setuid bit
Hi! I've a little question: When the samba create machine account it's uid is 0 (root) or anything else? I've created a samba jail, and I want to know the useradd binary should be setuid or not. Thanks: -- Szalai Ákos [EMAIL PROTECTED] Andrews IT Engineering Kft signature.asc Description: Ez az üzenetrész digitális aláírással van ellátva -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to synchronise multiple samba server ?
Hi ! I got a new problem, the company I work for had just open a new office with a network ADSL link to the old one. We have one domain controler (samba on linux) and 50 workstations in windows XP. I need to put a second domain controler at the new office, but I don't know how to link the both and then to synchronise them ? (account and passwd) And finaly, if I reach this point, how can I do to know which one will validate my users ? Is there specials parameters I do write into smb.conf file ? Any help would be really apreciate... thx Au.Vf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problemi con samba
I've some problem with the configuration of two samba server. I've to PC, a laptot with debian etch samba 3.0.20b (PC2) wich with security=user always give me timeout, with security=share it works. The second a little home server with debian sarge (stable) samba 3.0.14a that with security=user and map to guest = Bad User, always let mi to mount the shared resource (if the username and password are correct it accept the login as the user specified, in any other combination, good username:bad password ecc.., it map the client to the guest account) The config file are exactly the same as described below. why the two server doesn't have the same bheaviour. ---CONF FILE-- [global] case sensitive = yes default case = lower preserve case = yes short preserve case = yes client lanman auth = no client ntlmv2 auth = yes client plaintext auth = no lanman auth = no ntlm auth = yes csc policy = disable disable netbios = yes display charset = UTF8 workgroup = universo server string = %h server [%i](Samba %v) guest account = nobody hide dot files = yes hide unreadable = yes inherit acls = yes inherit owner = yes inherit permissions = yes restrict anonymous = yes map to guest = Bad User log file = /var/log/samba/log.%m syslog = 3 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true invalid users = root load printers = no socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ---DIFFERENCE BETWEEN SMB.CONF--- comm -3 smb.192.168.5.50 smb.192.168.5.1 ; inherit owner = yes inherit owner = yes as the 3.0.14a-Debian doesn't recognize the inherit owner option ---FROM PC1(Samba 3.0.14a-Debian) to PC2(3.0.20b-Debian) smbclient -L 192.168.5.50 Password: session setup failed: Call timed out: server did not respond after 2 milliseconds ---FROM PC2(3.0.20b-Debian) to PC1(Samba 3.0.14a-Debian) smbclient -L 192.168.5.1 Password: Domain=[IOBAA] OS=[Unix] Server=[Samba 3.0.14a-Debian] Sharename Type Comment - --- IPC$IPC IPC Service (iobaa server [192.168.5.1] (Samba 3.0.14a-Debian)) ADMIN$ IPC IPC Service (iobaa server [192.168.5.1] (Samba 3.0.14a-Debian)) Domain=[IOBAA] OS=[Unix] Server=[Samba 3.0.14a-Debian] Server Comment ---- WorkgroupMaster ---- UNIVERSO EUROPA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help me .. SAMBA in AIX 5.0
Hi every one I am installing SAMBA in AIX 5.0 using SMIT application, but it fail. sysck: 3001-038 the name frec is not a known group for entry /usr/local/samba-3.0.20.0/bin/smbclient sysck: 3001-003 A value must be specified for group for entry /usr/local/samba-3.0.20.0/bin/smbclient Can you help me please Thanks you Saludos.. Ing. Marbellys Campos Alcalá Especialista de Proyectos Seguros Caroni, C.A. Tlf: 0286-7122156 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Setting up samba
I've setup samba on my slacware box. Here is my smb.conf: ###3 My SMB.CONF ###3 [EMAIL PROTECTED]:/usr/local/samba/bin# cat ../lib/smb.conf [global] workgroup = home netbios name = darkstar [videos] path = /mnt/backup public = yes writable = yes ###3 My TESTPARM SMB.CONF ###3 [EMAIL PROTECTED]:/usr/local/samba/bin# ./testparm ../lib/smb.conf Load smb config files from ../lib/smb.conf Processing section [videos] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = HOME [videos] path = /mnt/backup read only = No guest ok = Yes ###3 My Errors ###3 [EMAIL PROTECTED]:/usr/local/samba/bin# ./smbclient -L darkstar session request to DARKSTAR failed (Call returned zero bytes (EOF)) session request to *SMBSERVER failed (Call returned zero bytes (EOF)) ###3 Netsat -a ###3 [EMAIL PROTECTED]:/usr/local/samba/lib# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 *:time *:* LISTEN tcp0 0 *:3306 *:* LISTEN tcp0 0 *:submission*:* LISTEN tcp0 0 *:netbios-ssn *:* LISTEN tcp0 0 *:http *:* LISTEN tcp0 0 *:x11 *:* LISTEN tcp0 0 *:auth *:* LISTEN tcp0 0 *:ssh *:* LISTEN tcp0 0 *:smtp *:* LISTEN tcp0 0 darkstar.sontek.n:32909 www.google.com:http ESTABLISHED tcp0 0 darkstar.sontek.n:32908 www.google.com:http ESTABLISHED udp0 0 *:biff *:* udp0 0 darkstar.son:netbios-ns*:* udp0 0 *:netbios-ns *:* udp0 0 *:netbios-ns *:* udp0 0 darkstar.so:netbios-dgm*:* udp0 0 *:netbios-dgm *:* udp0 0 *:time *:* ###3 My script for starting samba ###3 [EMAIL PROTECTED]:/usr/local/samba/lib# cat /etc/rc.d/rc.samba #!/bin/sh /usr/local/samba/sbin/smbd -D #/usr/local/samba/sbin/winbindd -B /usr/local/samba/sbin/nmbd -D -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Workgroups in a single PDC
We wish to create multiple workgroups using a single domain SAMBA(LDAP) on a LINUX Server. The linux Server is the primary domain controller. or I need a linux/samba server per workgroup, if we has for example 30 workgrous, then?... Really we wish view on the windows network browser, groups and not all machines on a single group(domain). Thansks! -- Camilo Administrator IT --- Este mensaje fue enviado a traves del webmail corporativo de Pulxar. pgpjyHb8ErgJa.pgp Description: Firma digital PGP -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hiding and showing folders in Samba.
Hi, I am using Samba as a file server; with 11 users : usr1, usr2, . usr10, usr 11. There are 11 folders on the server : sfold1, sfold2, .. sfold10, sfold11 Each user has full access (read/write) to his/her folder and no access at all to the other folders. Therefore I would like to get each user to see his folder and none of the others when one access the samba-server. How can I do that ? I have tried to use the browseable, only user, and a few other flags but it did not work. Either the folder is visible to everyone or to nobody. Of course I still can control the access rights, but it would be cleaner if the non-accessible folders did show up at all. Has anyboby got this problem ? Does anyone know how to solve it ? Thanks in advance. Michel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.14a-2 / Cups problem
Hi, When I startup samba om my fileserver, it writes in samba.log the following message after a minute or 2: [2005/11/26 22:04:48, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection timed out After another minute or 3 samba continues to startup, getting ready to serve clients. The funny thing about it is that there is no printer connected to the fileserver, no queues defined, just cups is there (not running). Cups can't be undeleted by the way, too many dependencies. My general options are: [global] workgroup = HOMELAN server string = Fileserver hosts allow = 192.168.0. 127. log file = /var/log/samba/%m.log max log size = 250 security = user password level = 8 username level = 6 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd interfaces = 192.168.0.1/24 domain master = yes preferred master = yes wins support = yes dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no printable = no read only = no browseable = yes public = no load printers = no Is there a way to speed up the samba startup by telling it not to look to cups? Or should I recompile samba and use -disable-cups in the config line? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Rare problem using Samba and mounted directories
Hello, I am a Samba user, and I have been using long time without any big trouble. Last week I was working with a friend, using Fedora and Samba 3. Excuse me, I don't know exactly which Samba version. After some problems, we shared a directory (for example, /data). This works, fine. Then we created two new subdirectories: /data/a /data/b Then we access to shared resource using smbclient, without problems. When we mounted other partition to one directory, it disappers of smbclient listings! (not changing inside directory, just listing!). Permissions was enough to list, and to go inside (I checked using su and changing to samba user, etc.) The error log, just _listing_ this directory it was: get_lanman2_dir_entry:Couldn't stat [./a] permission denied I tried to use stat utility in a directory and b, without any problem. I tried to do a little program and to use stat call without any problem. I was confused, what it wrong? First time that I mount a partition to directory and happends this rare things! We was using 2.6 Kernel, original from Fedora, but I don't know exactly the version. I am sure that here somebody has had this problem and can send any suggestion to me. Thank you very much, PD: if it is needed tomorrow I will send Kernel version, Fedora Version, Samba version. But maybe anybody has any suggestion. -- Carles Pina i EstanyGPG id: 0x8CBDAE64 http://pinux.info Manresa - Barcelona -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] useradd setuid bit
On Fri, 2005-11-25 at 10:28 +0100, Szalai Ákos wrote: Hi! I've a little question: When the samba create machine account it's uid is 0 (root) or anything else? I've created a samba jail, and I want to know the useradd binary should be setuid or not. Machine accounts should most certainly *not* be uid 0. They are used for logins, and are valid user accounts in every respect (particularly with 3.0.21 when released). I see no reason why the useradd binary should be setuid, and I'm a little baffled by what would make you think it should be. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to synchronise multiple samba server ?
On Fri, 2005-11-25 at 11:24 +0100, Aurelien Vf wrote: Hi ! I got a new problem, the company I work for had just open a new office with a network ADSL link to the old one. We have one domain controler (samba on linux) and 50 workstations in windows XP. I need to put a second domain controler at the new office, but I don't know how to link the both and then to synchronise them ? (account and passwd) And finaly, if I reach this point, how can I do to know which one will validate my users ? Is there specials parameters I do write into smb.conf file ? Any help would be really apreciate... I am certain that the official samba 'How-To' and the 'By Example' documentation available at www.samba.org will tell you all you need to know. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.14a-2 / Cups problem
On Sun, 2005-11-27 at 01:01 +0100, Jurjan van Ginkel wrote: Hi, When I startup samba om my fileserver, it writes in samba.log the following message after a minute or 2: [2005/11/26 22:04:48, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection timed out After another minute or 3 samba continues to startup, getting ready to serve clients. The funny thing about it is that there is no printer connected to the fileserver, no queues defined, just cups is there (not running). Cups can't be undeleted by the way, too many dependencies. My general options are: [global] workgroup = HOMELAN server string = Fileserver hosts allow = 192.168.0. 127. log file = /var/log/samba/%m.log max log size = 250 security = user password level = 8 username level = 6 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd interfaces = 192.168.0.1/24 domain master = yes preferred master = yes wins support = yes dns proxy = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no printable = no read only = no browseable = yes public = no load printers = no Is there a way to speed up the samba startup by telling it not to look to cups? Or should I recompile samba and use -disable-cups in the config line? I've never done this so I am not familiar with its effects but did you try... disable spoolss = yes ? Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple Workgroups in a single PDC
On Fri, 2005-11-25 at 15:58 -0500, Camilo Alberto Cubillos Jiménez wrote: We wish to create multiple workgroups using a single domain SAMBA(LDAP) on a LINUX Server. The linux Server is the primary domain controller. or I need a linux/samba server per workgroup, if we has for example 30 workgrous, then?... Really we wish view on the windows network browser, groups and not all machines on a single group(domain). machines that aren't joined to the domain can have any workgroup assigned that they wish - but of course this means that the benefits a single point logon to domain to obtain access to resources is lost. Otherwise, you would need multiple domain controllers (or instances) and trusts between the domains. I believe that this topic is covered in the 'How-To' at www.samba.org Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is samba or a kernel bug causing my FC4 server to crash?
I've got a fully updated Fedora Core 4 server crashing hard every week or two. I use Samba via smbmount and autofs to read delete log files on 17 XP boxs and 6 NT4SP6 boxes as well as a couple other Windows files servers every 5 minutes. The first indication of a problem I get is smbmount stops working, then the server becomes unresponsive to the point where only a power slam will fix it, and it does fix it...for a few days. I've got Samba 3.0.14a-2 installed and have been updating my kernel as often as a new one is released. Currently I'm running 2.6.14-1.1637_FC4smp. Here are 4 seperate crash excerpts of the sytem log. Anybody know how to tell if samba is involved and if so, if it is responsible? Nov 8 17:15:14 poseidon automount[32023]: failed to mount /win/metal10 Nov 8 17:15:37 poseidon kernel: smb_add_request: request [efeff680, mid=36572] timed out! Nov 8 17:15:37 poseidon kernel: smb_writepage_sync: failed write, wsize=4096, write_ret=-5 Nov 8 17:15:37 poseidon kernel: smb_add_request: request [eb962080, mid=14] timed out! Nov 8 17:21:53 poseidon kernel: Unable to handle kernel paging request at virtual address 060 0 Nov 8 17:21:53 poseidon kernel: printing eip: Nov 8 17:21:53 poseidon kernel: f8b4b5a4 Nov 8 17:21:53 poseidon kernel: *pde = 37e1b001 Nov 8 17:21:53 poseidon kernel: Oops: [#2] Nov 8 17:21:53 poseidon kernel: SMP Nov 8 17:21:53 poseidon kernel: Modules linked in: nfs lockd nfs_acl smbfs radeon drm parport_pc lp parport autofs4 i2c_dev i2c_core rfcomm l2cap bluetooth sunrpc ipv6 dm_mod video button battery ac uhci_hcd ehci_hcd hw_random shpchp e1000 floppy mptspi sg ext3 jbd megaraid_mbox megaraid_mm m ptscsih mptbase sd_mod scsi_mod Nov 8 17:21:53 poseidon kernel: CPU:3 Nov 8 17:21:53 poseidon kernel: EIP:0060:[f8b4b5a4]Not tainted VLI Nov 8 17:21:53 poseidon kernel: EFLAGS: 00010206 (2.6.13-1.1532_FC4smp) Nov 8 17:21:53 poseidon kernel: EIP is at smbiod+0xef/0x184 [smbfs] Nov 8 17:21:53 poseidon kernel: eax: 12221400 ebx: d1de9000 ecx: eceb6f98 edx: 0321cf60 Nov 8 17:21:53 poseidon kernel: esi: 0600 edi: eceb6000 ebp: eceb6fc4 esp: eceb6fbc Nov 8 17:21:53 poseidon kernel: ds: 007b es: 007b ss: 0068 Nov 8 17:21:53 poseidon kernel: Process smbiod (pid: 16251, threadinfo=eceb6000 task=ed2b8aa0) Nov 8 17:21:53 poseidon kernel: Stack: f8b4cbd7 eceb6000 ed2b8aa0 c01347c2 eceb6fd0 eceb 6fd0 f8b4b4b5 Nov 8 17:21:53 poseidon kernel: c0101ca1 Nov 8 17:21:53 poseidon kernel: Nov 8 17:21:53 poseidon kernel: Call Trace: Nov 8 17:21:53 poseidon kernel: [c01347c2] autoremove_wake_function+0x0/0x37 Nov 8 17:21:53 poseidon kernel: [f8b4b4b5] smbiod+0x0/0x184 [smbfs] Nov 8 17:21:53 poseidon kernel: [c0101ca1] kernel_thread_helper+0x5/0xb Nov 8 17:21:53 poseidon kernel: Code: 0f 85 90 00 00 00 f0 0f ba 35 6c 48 b5 f8 01 b8 c8 25 b5 f8 e8 0c ca 7c c7 8b 1d c0 25 b5 f8 81 fb c0 25 b5 f8 74 79 8b 33 eb 0e 8b 06 89 f3 81 fe c0 25 b5 f8 74 50 89 c6 8b 43 08 85 c0 75 eb Nov 8 18:02:42 poseidon syslogd 1.4.1: restart. Oct 26 09:30:11 poseidon kernel: smb_lookup: find //fabnet failed, error=-5 Oct 26 09:30:11 poseidon kernel: smb_add_request: request [e1a5e280, mid=104] timed out! Oct 26 09:30:11 poseidon kernel: smb_lookup: find //fabnet failed, error=-5 Oct 26 09:30:11 poseidon kernel: smb_add_request: request [c5610280, mid=65] timed out! Oct 26 09:30:11 poseidon kernel: smb_lookup: find //mdsystem failed, error=-5 Oct 26 09:30:15 poseidon ntpd[2219]: ntpd exiting on signal 15 Oct 26 09:30:15 poseidon rpc.statd[1782]: Caught signal 15, un-registering and exiting. Oct 26 09:30:15 poseidon auditd[1796]: The audit daemon is exiting. Oct 26 09:30:15 poseidon kernel: audit(1130333415.760:21310): audit_pid=0 old=1796 by auid=4294967 295 Oct 26 09:30:15 poseidon kernel: audit(1130333415.900:21311): SELinux: unrecognized netlink messa ge type=1009 for sclass=49 Oct 26 09:30:15 poseidon kernel: Oct 26 09:30:15 poseidon kernel: audit(1130333415.900:21311): arch=4003 syscall=102 success=ye s exit=16 a0=b a1=bfc8d790 a2=80510f8 a3=bfc93bb8 items=0 pid=18765 auid=4294967295 uid=0 gid=0 eu id=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=auditctl exe=/sbin/auditctl Oct 26 09:30:15 poseidon kernel: audit(1130333415.900:21311): saddr=1000 Oct 26 09:30:15 poseidon kernel: audit(1130333415.900:21311): nargs=6 a0=3 a1=bfc91a1c a2=10 a3=0 a4=bfc93bb8 a5=c Oct 26 09:30:16 poseidon kernel: audit(1130333416.000:21312): SELinux: unrecognized netlink messa ge type=1009 for sclass=49 Oct 26 09:30:16 poseidon kernel: Oct 26 09:30:16 poseidon kernel: audit(1130333416.000:21312): arch=4003 syscall=102 success=ye s exit=16 a0=b a1=bfc8d780
Re: [Samba] Is samba or a kernel bug causing my FC4 server to crash?
On Sun, 2005-11-27 at 20:22 -0500, Jason Welter wrote: I've got a fully updated Fedora Core 4 server crashing hard every week or two. I use Samba via smbmount and autofs to read delete log files on 17 XP boxs and 6 NT4SP6 boxes as well as a couple other Windows files servers every 5 minutes. The first indication of a problem I get is smbmount stops working, then the server becomes unresponsive to the point where only a power slam will fix it, and it does fix it...for a few days. I've got Samba 3.0.14a-2 installed and have been updating my kernel as often as a new one is released. Currently I'm running 2.6.14-1.1637_FC4smp. Here are 4 seperate crash excerpts of the sytem log. Anybody know how to tell if samba is involved and if so, if it is responsible? Nov 8 17:15:14 poseidon automount[32023]: failed to mount /win/metal10 Nov 8 17:15:37 poseidon kernel: smb_add_request: request [efeff680, mid=36572] timed out! Nov 8 17:15:37 poseidon kernel: smb_writepage_sync: failed write, wsize=4096, write_ret=-5 Nov 8 17:15:37 poseidon kernel: smb_add_request: request [eb962080, mid=14] timed out! Nov 8 17:21:53 poseidon kernel: Unable to handle kernel paging request at virtual address 060 0 Nov 8 17:21:53 poseidon kernel: printing eip: Nov 8 17:21:53 poseidon kernel: f8b4b5a4 Nov 8 17:21:53 poseidon kernel: *pde = 37e1b001 Nov 8 17:21:53 poseidon kernel: Oops: [#2] Nov 8 17:21:53 poseidon kernel: SMP Nov 8 17:21:53 poseidon kernel: Modules linked in: nfs lockd nfs_acl smbfs radeon drm parport_pc lp parport autofs4 i2c_dev i2c_core rfcomm l2cap bluetooth sunrpc ipv6 dm_mod video button battery ac uhci_hcd ehci_hcd hw_random shpchp e1000 floppy mptspi sg ext3 jbd megaraid_mbox megaraid_mm m ptscsih mptbase sd_mod scsi_mod Nov 8 17:21:53 poseidon kernel: CPU:3 Nov 8 17:21:53 poseidon kernel: EIP:0060:[f8b4b5a4]Not tainted VLI Nov 8 17:21:53 poseidon kernel: EFLAGS: 00010206 (2.6.13-1.1532_FC4smp) Nov 8 17:21:53 poseidon kernel: EIP is at smbiod+0xef/0x184 [smbfs] Nov 8 17:21:53 poseidon kernel: eax: 12221400 ebx: d1de9000 ecx: eceb6f98 edx: 0321cf60 Nov 8 17:21:53 poseidon kernel: esi: 0600 edi: eceb6000 ebp: eceb6fc4 esp: eceb6fbc Nov 8 17:21:53 poseidon kernel: ds: 007b es: 007b ss: 0068 Nov 8 17:21:53 poseidon kernel: Process smbiod (pid: 16251, threadinfo=eceb6000 task=ed2b8aa0) Nov 8 17:21:53 poseidon kernel: Stack: f8b4cbd7 eceb6000 ed2b8aa0 c01347c2 eceb6fd0 eceb 6fd0 f8b4b4b5 Nov 8 17:21:53 poseidon kernel: c0101ca1 Nov 8 17:21:53 poseidon kernel: Nov 8 17:21:53 poseidon kernel: Call Trace: Nov 8 17:21:53 poseidon kernel: [c01347c2] autoremove_wake_function+0x0/0x37 Nov 8 17:21:53 poseidon kernel: [f8b4b4b5] smbiod+0x0/0x184 [smbfs] Nov 8 17:21:53 poseidon kernel: [c0101ca1] kernel_thread_helper+0x5/0xb Nov 8 17:21:53 poseidon kernel: Code: 0f 85 90 00 00 00 f0 0f ba 35 6c 48 b5 f8 01 b8 c8 25 b5 f8 e8 0c ca 7c c7 8b 1d c0 25 b5 f8 81 fb c0 25 b5 f8 74 79 8b 33 eb 0e 8b 06 89 f3 81 fe c0 25 b5 f8 74 50 89 c6 8b 43 08 85 c0 75 eb Nov 8 18:02:42 poseidon syslogd 1.4.1: restart. Oct 26 09:30:11 poseidon kernel: smb_lookup: find //fabnet failed, error=-5 Oct 26 09:30:11 poseidon kernel: smb_add_request: request [e1a5e280, mid=104] timed out! Oct 26 09:30:11 poseidon kernel: smb_lookup: find //fabnet failed, error=-5 Oct 26 09:30:11 poseidon kernel: smb_add_request: request [c5610280, mid=65] timed out! Oct 26 09:30:11 poseidon kernel: smb_lookup: find //mdsystem failed, error=-5 Oct 26 09:30:15 poseidon ntpd[2219]: ntpd exiting on signal 15 Oct 26 09:30:15 poseidon rpc.statd[1782]: Caught signal 15, un-registering and exiting. Oct 26 09:30:15 poseidon auditd[1796]: The audit daemon is exiting. Oct 26 09:30:15 poseidon kernel: audit(1130333415.760:21310): audit_pid=0 old=1796 by auid=4294967 295 Oct 26 09:30:15 poseidon kernel: audit(1130333415.900:21311): SELinux: unrecognized netlink messa ge type=1009 for sclass=49 Oct 26 09:30:15 poseidon kernel: Oct 26 09:30:15 poseidon kernel: audit(1130333415.900:21311): arch=4003 syscall=102 success=ye s exit=16 a0=b a1=bfc8d790 a2=80510f8 a3=bfc93bb8 items=0 pid=18765 auid=4294967295 uid=0 gid=0 eu id=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm=auditctl exe=/sbin/auditctl Oct 26 09:30:15 poseidon kernel: audit(1130333415.900:21311): saddr=1000 Oct 26 09:30:15 poseidon kernel: audit(1130333415.900:21311): nargs=6 a0=3 a1=bfc91a1c a2=10 a3=0 a4=bfc93bb8 a5=c Oct 26 09:30:16 poseidon kernel: audit(1130333416.000:21312): SELinux: unrecognized netlink messa ge type=1009 for sclass=49 Oct 26
[Samba] winbind cache time
Heya, We use ntlm_auth in conjunction with our squid proxy server. Ntlm_auth authenticates against our Windows 2003 SP1 DC's. Our AD domain requires users to change password every 90 days. We sometimes have an issue where an expiring account (our users tend to ignore the warning And only change when forced to) does not authenticate with squid and falls back to basic Authentication, which if we put the username and password in, and it works. At first we changed the passwords to see if it made a difference, and it appeared not to. Until I disables winbindd's cache with the -n switch. Now changes to the accounts directly affected squid, which is what should happen. Problem solved. I need to tell the operations guys the maximum time that winbinnd keeps cached results. The man page just says that the parameter exists with no indication about the default value, And I also came up with this in a google search: http://lists.samba.org/archive/samba-technical/2003-February/027095.html Which confused me a bit. Is the argument to winbind cache time in seconds? And what is the default value for this parameter? With that in mind, how long after a password change can a user be guaranteed To be authenticated properly with ntlm_auth? Adam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem
On Sat, 2005-11-26 at 09:29 +0100, Tomasz Chmielewski wrote: John H Terpstra schrieb: On Friday 25 November 2005 17:41, Andreas Hasenack wrote: Em Sexta 25 Novembro 2005 21:45, John H Terpstra escreveu: With all due respect, I belive that your alarm and concern is a little excessive. What sort of response are you looking for? What are you hoping to achieve from your request? The point is not how often the wins service (or its machine) fails, but what happens to the rest of the network when it does. Considering netbios name resolution is not just about mapping name-IP, but also about locating services (who is the logon server? who is the domain master browser?), a single wins makes the windows network, which is already fragile, even more so. I've seen a wins server fail (kernel panic), and it wasn't pretty to the rest of the network. That failure was not the fault of the WINS server. Certainly the kernel panic wasn't the fault of Samba running WINS, but the consequences point us to the limitations of Samba. Even a single network disruption between WINS/PDC and the rest of your network can cause trouble similar to WINS/PDC kernel panicking. To prevent such cases, where networks are separate (i.e. in different cities) but use a single user database (in LDAP), I just set up PDCs instead of BDCs (they don't see each other via netbios anyway), and each of them is acting as a WINS server. I find it much more resistent to such failures. -- Tomek http://wpkg.org WPKG - software deployment and upgrades with Samba Are you replicating the LDAP database to each network? -- Marcus White [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The single WINS problem
On Saturday 26 November 2005 01:29, Tomasz Chmielewski wrote: John H Terpstra schrieb: On Friday 25 November 2005 17:41, Andreas Hasenack wrote: Em Sexta 25 Novembro 2005 21:45, John H Terpstra escreveu: With all due respect, I belive that your alarm and concern is a little excessive. What sort of response are you looking for? What are you hoping to achieve from your request? The point is not how often the wins service (or its machine) fails, but what happens to the rest of the network when it does. Considering netbios name resolution is not just about mapping name-IP, but also about locating services (who is the logon server? who is the domain master browser?), a single wins makes the windows network, which is already fragile, even more so. I've seen a wins server fail (kernel panic), and it wasn't pretty to the rest of the network. That failure was not the fault of the WINS server. Certainly the kernel panic wasn't the fault of Samba running WINS, but the consequences point us to the limitations of Samba. Ah, but we all have limitations. Remember, to err is human but to really stuff things up requires a computer. Even a single network disruption between WINS/PDC and the rest of your network can cause trouble similar to WINS/PDC kernel panicking. A wedged kernel is bad news! Mucho bad news! :-) To prevent such cases, where networks are separate (i.e. in different cities) but use a single user database (in LDAP), I just set up PDCs instead of BDCs (they don't see each other via netbios anyway), and each of them is acting as a WINS server. I find it much more resistent to such failures. Ah, so you followed my example in chapter 6 of Samba-3 by Example. It was added to the documentation because it works so well for the one company I know of that used it. Just make absolutely certain that the all PDCs run the same version of Samba. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo -g and -u problems ? no answer at my first post ?
Hi Anyone know my problems ? i don't have receive a answer or idea ;= = I have upgraded from 3.0.14a to 3.0.20b and now when i put wbinfo -u or wbinfo -g i have a error message : [EMAIL PROTECTED] samba]# wbinfo -g Error looking up domain groups [EMAIL PROTECTED] samba]# wbinfo -u Error looking up domain users [EMAIL PROTECTED] samba]# and into the log.winbind: [2005/11/28 06:13:20, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(461) [0]: request interface version [2005/11/28 06:13:20, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(494) [0]: request location of privileged pipe [2005/11/28 06:13:20, 3] nsswitch/winbindd_group.c:winbindd_list_groups(813) [0]: list groups [2005/11/28 06:13:20, 3] nsswitch/winbindd_group.c:get_sam_group_entries(528) get_sam_group_entries: Failed to enumerate domain local groups! [2005/11/28 06:13:20, 3] nsswitch/winbindd_group.c:get_sam_group_entries(528) get_sam_group_entries: Failed to enumerate domain local groups! [2005/11/28 06:13:20, 3] nsswitch/winbindd_group.c:get_sam_group_entries(528) get_sam_group_entries: Failed to enumerate domain local groups! but a /usr/bin/ntlm_auth works ! tyhanks for your help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Hiding and showing folders in Samba.
On Fri, Nov 25, 2005 at 07:06:53PM +0900, Michel Bouchet wrote: Hi, I am using Samba as a file server; with 11 users : usr1, usr2, . usr10, usr 11. There are 11 folders on the server : sfold1, sfold2, .. sfold10, sfold11 Each user has full access (read/write) to his/her folder and no access at all to the other folders. Therefore I would like to get each user to see his folder and none of the others when one access the samba-server. How can I do that ? You can use %U in home share declaration. In this case, user mount his /home/homedir, but not /home. WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 ext.203 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Share disconnect after inactivity
Hi, On Fri, Nov 25, 2005 at 04:33:47PM +0100, Andreas Schlager wrote: Hi list, I've the strange problem, that after some time of inactivity a share is being disconnected. This leads to a red 'X' in the Workplace's list of connected drives. When opening a disconnected drive, the drive is being reconnected. look to deadtime option in smb.conf(5) WBR -- Dmitriy Kirhlarov OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia P:+7 095 105 7247 ext.203 F:+7 095 105 7246 E:[EMAIL PROTECTED] OILspace - The resource enriched - www.oilspace.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Share disconnect after inactivity
Dmitriy Kirhlarov schrieb: Hi, On Fri, Nov 25, 2005 at 04:33:47PM +0100, Andreas Schlager wrote: Hi list, I've the strange problem, that after some time of inactivity a share is being disconnected. This leads to a red 'X' in the Workplace's list of connected drives. When opening a disconnected drive, the drive is being reconnected. look to deadtime option in smb.conf(5) WBR Hi Dimitriy, deadtime is set to 0 (= default value). Maybe the documentation is wrong here?? (it says: A deadtime of zero indicates that no auto-disconnection should be performed.) Or could it be a problem in the implementation? I've googled around and found that windows servers (NT4 and above) have a default disconnect time from 15 minutes. But with a windows server this wasn't a problem for me at any time. Regards, -Andreas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Hobbyist: Samba 2.2.8 auth fails
JYC Samba 2.2.8 (May 2005) on OVMS AXP 7.3-2 (TCPIP 5.4 ECO 5) My Windows clients are being blocked from reading their Samba shares with the message: \\szeged is not accessible. The server is not configured for transactions. The [homes] section of my smb.conf file has this: [homes] comment = User home directories read only = No strict locking = Yes I ran the smbclient command on the Samba server itself to view the shares available to users and with debug level set to 2 on the command line I got an NT_STATUS_BAD_NETWORK_NAME error as follows: $ smbclient -d 2 -l log.%S -U tbransco -L szeged stm_open: open /samba_root/lib/smb.conf, flags , fd = 3 stm_close: fd = 3 stm_open: open /samba_root/lib/smb.conf, flags , fd = 3 stm_close: fd = 3 stm_open: open /samba_root/lib/smb.conf, flags , fd = 3 stm_open: open /samba_root/lib/smb.conf, flags , fd = 4 stm_close: fd = 4 stm_close: fd = 3 stm_open: open /samba_root/lib/codepages/codepage.850, flags , fd = 3 stm_close: fd = 3 added interface ip=192.168.0.3 bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Got a positive name query response from 127.0.0.1 ( 192.168.0.3 ) stm_close: fd = 3 Password: Domain=[EREBUS] OS=[OpenVMS] Server=[Samba 2.2.8] tree connect failed: NT_STATUS_BAD_NETWORK_NAME stm_close: fd = 3 The log file, however, suggests problems first appear at the point where Samba translates VMS home directories into Unix format (see line with vfs_ChDir) [log.szeged] ... [2005/11/27 13:03:30, 3] DISK$PGM:[KITS.MISC.SAMBA.SOURCE.SMBD]SEC_CTX.C;3:(338$ 1 user groups: 128 [2005/11/27 13:03:30, 3] DISK$PGM:[KITS.MISC.SAMBA.SOURCE.VMS]VMS_SUPPORT.C;356$ vms_setuid: uid = 00800081 [2005/11/27 13:03:30, 3] DISK$PGM:[KITS.MISC.SAMBA.SOURCE.VMS]CVT_FILESPEC.C;59$ Convert to UNIX: DISK$USR:[TBRANSCO] - /DISK$USR/tbransco [2005/11/27 13:03:30, 3] DISK$PGM:[KITS.MISC.SAMBA.SOURCE.VMS]CVT_FILESPEC.C;59$ UNIX path: /disk$usr/tbransco [2005/11/27 13:03:30, 3] DISK$PGM:[KITS.MISC.SAMBA.SOURCE.VMS]VMS_SUPPORT.C;356$ vms_setuid: uid = 00800081, username = TBRANSCO, uic = 00800081 [2005/11/27 13:03:30, 3] DISK$PGM:[KITS.MISC.SAMBA.SOURCE.SMBD]VFS.C;8:(576) vfs_ChDir to [2005/11/27 13:03:30, 0] DISK$PGM:[KITS.MISC.SAMBA.SOURCE.SMBD]SERVICE.C;2:(597$ kiraly (192.168.0.4) Can't change directory to (invalid argument) Interestingly, I can use smbclient to browse the same home directory: $ smbclient \\szeged\tbransco -U tbransco%celina77 smb: \ dir ... 64226 blocks of size 32768. 62767 blocks available smb: \ PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r11932 - in trunk/source: groupdb include modules passdb rpc_server
Author: vlendec Date: 2005-11-27 11:29:58 + (Sun, 27 Nov 2005) New Revision: 11932 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11932 Log: Give a fresh start on lookup_name(), the old function was broken in several ways. For example, asking for DOMAIN\everyone always gave S-1-1-0. I'm only committing this to HEAD, this is quite intrusive I think. I definitely want it across, but only after some peer review. Jeremy, splitting this up might resolve some of the huge mess we have with BUILTIN. At least it makes some code paths a bit cleaner. I think it was an error to have parse_domain_user separate from actually looking up the name, so the new lookup_name unifies both. If an explicit domain was given, the backend to ask is clear. Don't do any fallback in that case. If no explicit domain was given, we have to do guesswork. I chose builtin, passdb, well-known ones and winbind in that order. One interesting thing: There is actually meaning in the lsa_lookupsids lookup_level. I asked a German w2k3 for an unqualified Everyone which it does not know, there it would be Jeder. What it did was to all trusted DCs with that unqualified name, and even the US NT4 that was queried did not know. Huh? The proxied question was with a lookup_level 3. When giving it that level, it only does the guesswork stuff with a level 1. My next guess is that lookup_level is some sort of bitmask. It might be interesting to play with the rest of the 32 bits Or it's a recursion count, who knows :-) Ah, also provide a template for pdb_lookup_names. Not used yet. Volker Modified: trunk/source/groupdb/mapping.c trunk/source/include/passdb.h trunk/source/modules/vfs_afsacl.c trunk/source/passdb/lookup_sid.c trunk/source/passdb/passdb.c trunk/source/passdb/pdb_interface.c trunk/source/passdb/util_sam_sid.c trunk/source/rpc_server/srv_lsa_nt.c trunk/source/rpc_server/srv_samr_nt.c Changeset: Sorry, the patch is too large (764 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11932
svn commit: samba r11933 - in trunk/source: . groupdb include lib modules nsswitch passdb rpc_server
Author: vlendec Date: 2005-11-27 18:57:20 + (Sun, 27 Nov 2005) New Revision: 11933 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11933 Log: Some more work on lookup_name(): For non-qualified names, attempt to implement the sequence documented under http://msdn.microsoft.com/library/en-us/secmgmt/security/lsalookupnames.asp Split util_sam_sid.c into util_wellknown.c and util_builtin.c, these two are really different. Volker Added: trunk/source/passdb/util_builtin.c trunk/source/passdb/util_wellknown.c Removed: trunk/source/passdb/util_sam_sid.c Modified: trunk/source/Makefile.in trunk/source/groupdb/mapping.c trunk/source/include/smb.h trunk/source/lib/util_sid.c trunk/source/modules/vfs_afsacl.c trunk/source/nsswitch/winbindd_lookupsids.c trunk/source/passdb/lookup_sid.c trunk/source/passdb/machine_sid.c trunk/source/rpc_server/srv_lsa_nt.c Changeset: Sorry, the patch is too large (976 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11933
svn commit: samba r11934 - in trunk/source/rpc_server: .
Author: vlendec
Date: 2005-11-27 19:58:07 + (Sun, 27 Nov 2005)
New Revision: 11934
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11934
Log:
Actually do a TODO
Volker
Modified:
trunk/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_samr_nt.c
===
--- trunk/source/rpc_server/srv_samr_nt.c 2005-11-27 18:57:20 UTC (rev
11933)
+++ trunk/source/rpc_server/srv_samr_nt.c 2005-11-27 19:58:07 UTC (rev
11934)
@@ -2758,7 +2758,7 @@
/* append the alias' RID to it */
if (!sid_append_rid(sid, alias_rid))
- return NT_STATUS_NO_SUCH_USER;
+ return NT_STATUS_NO_SUCH_ALIAS;
/*check if access can be granted as requested by client. */
@@ -2775,12 +2775,22 @@
if ( !NT_STATUS_IS_OK(status) )
return status;
- /*
-* we should check if the rid really exist !!!
-* JFM.
-*/
+ {
+ /* Check we actually have the requested alias */
+ fstring domain, name;
+ enum SID_NAME_USE type;
+ BOOL result;
- /* associate the user's SID with the new handle. */
+ become_root();
+ result = lookup_sid(sid, domain, name, type);
+ unbecome_root();
+
+ if (!result || (type != SID_NAME_ALIAS)) {
+ return NT_STATUS_NO_SUCH_ALIAS;
+ }
+ }
+
+ /* associate the alias SID with the new handle. */
if ((info = get_samr_info_by_sid(sid)) == NULL)
return NT_STATUS_NO_MEMORY;
svn commit: samba r11935 - in trunk/source/rpc_server: .
Author: vlendec
Date: 2005-11-27 20:53:07 + (Sun, 27 Nov 2005)
New Revision: 11935
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11935
Log:
Now that we have a reasonable lookup_name, actually use it to generate correct
error codes on object creation. When testing w2k3, they seem to use the same
routine even for renaming, the error codes are all the same depending on the
type of object you're about to stumble over.
Volker
Modified:
trunk/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: trunk/source/rpc_server/srv_samr_nt.c
===
--- trunk/source/rpc_server/srv_samr_nt.c 2005-11-27 19:58:07 UTC (rev
11934)
+++ trunk/source/rpc_server/srv_samr_nt.c 2005-11-27 20:53:07 UTC (rev
11935)
@@ -2229,6 +2229,43 @@
return r_u-status;
}
+/* W2k3 seems to use the same check for all 3 objects that can be created via
+ * SAMR, if you try to create for example Dialup as an alias it says
+ * NT_STATUS_USER_EXISTS. This is racy, but we can't really lock the user
+ * database. */
+
+static NTSTATUS can_create(const char *new_name)
+{
+ fstring domain, name;
+ enum SID_NAME_USE type;
+ DOM_SID tmp_sid;
+ BOOL result;
+
+ become_root();
+ /* Lookup in our local databases (only LOOKUP_NAME_ISOLATED set)
+* whether the name already exists */
+ result = lookup_name(new_name, LOOKUP_NAME_ISOLATED,
+domain, name, tmp_sid, type);
+ unbecome_root();
+
+ if (!result) {
+ return NT_STATUS_OK;
+ }
+
+ DEBUG(5, (trying to create %s, exists as %s\n,
+ new_name, sid_type_lookup(type)));
+
+ if (type == SID_NAME_DOM_GRP) {
+ return NT_STATUS_GROUP_EXISTS;
+ }
+ if (type == SID_NAME_ALIAS) {
+ return NT_STATUS_ALIAS_EXISTS;
+ }
+
+ /* Yes, the default is NT_STATUS_USER_EXISTS */
+ return NT_STATUS_USER_EXISTS;
+}
+
/***
_samr_create_user
Create an account, can be either a normal user or a machine.
@@ -2276,19 +2313,11 @@
rpcstr_pull(account, user_account.buffer, sizeof(account),
user_account.uni_str_len*2, 0);
strlower_m(account);
- pdb_init_sam(sam_pass);
-
- become_root();
- ret = pdb_getsampwnam(sam_pass, account);
- unbecome_root();
- if (ret == True) {
- /* this account exists: say so */
- pdb_free_sam(sam_pass);
- return NT_STATUS_USER_EXISTS;
+ nt_status = can_create(account);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
}
- pdb_free_sam(sam_pass);
-
/*
* HEADS UP! If we have to create a new user account, we have to get
* a new RID from somewhere. This used to be done by the passdb
@@ -2809,9 +2838,7 @@
static NTSTATUS set_user_info_7(const SAM_USER_INFO_7 *id7, SAM_ACCOUNT *pwd)
{
fstring new_name;
- SAM_ACCOUNT *check_acct = NULL;
NTSTATUS rc;
- BOOL check_rc;
if (id7 == NULL) {
DEBUG(5, (set_user_info_7: NULL id7\n));
@@ -2834,13 +2861,9 @@
simply that the rename fails with a slightly different status
code (like UNSUCCESSFUL instead of ALREADY_EXISTS). */
- pdb_init_sam(check_acct);
- check_rc = pdb_getsampwnam(check_acct, new_name);
- pdb_free_sam(check_acct);
-
- if (check_rc == True) {
- /* this account exists: say so */
- return NT_STATUS_USER_EXISTS;
+ rc = can_create(new_name);
+ if (!NT_STATUS_IS_OK(rc)) {
+ return rc;
}
rc = pdb_rename_sam_account(pwd, new_name);
@@ -4191,9 +4214,10 @@
unistr2_to_ascii(name, q_u-uni_acct_desc, sizeof(name)-1);
- /* check if group already exist */
- if ((grp=getgrnam(name)) != NULL)
- return NT_STATUS_GROUP_EXISTS;
+ r_u-status = can_create(name);
+ if (!NT_STATUS_IS_OK(r_u-status)) {
+ return r_u-status;
+ }
se_priv_copy( se_rights, se_add_users );
can_add_accounts = user_has_privileges( p-pipe_user.nt_user_token,
se_rights );
@@ -4281,6 +4305,11 @@
if (!sid_equal(dom_sid, get_global_sam_sid()))
return NT_STATUS_ACCESS_DENIED;
+ r_u-status = can_create(name);
+ if (!NT_STATUS_IS_OK(r_u-status)) {
+ return r_u-status;
+ }
+
unistr2_to_ascii(name, q_u-uni_acct_desc, sizeof(name)-1);
se_priv_copy( se_rights, se_add_users );
svn commit: samba r11936 - in branches/SAMBA_3_0/source/rpc_server: .
Author: jra Date: 2005-11-27 21:51:46 + (Sun, 27 Nov 2005) New Revision: 11936 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11936 Log: Fix bug in returning remote time found by Thomas Bork [EMAIL PROTECTED]. get_time_zone() was overwriting static buffer returned by gmtime(). Lars - this is a mandatory fix for the next patch... Jeremy. Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c Changeset: Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c === --- branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2005-11-27 20:53:07 UTC (rev 11935) +++ branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2005-11-27 21:51:46 UTC (rev 11936) @@ -1924,6 +1924,9 @@ TIME_OF_DAY_INFO *tod; struct tm *t; time_t unixdate = time(NULL); + /* We do this call first as if we do it *after* the gmtime call + it overwrites the pointed-to values. JRA */ + uint32 zone = get_time_zone(unixdate)/60; tod = TALLOC_P(p-mem_ctx, TIME_OF_DAY_INFO); if (!tod) @@ -1947,7 +1950,7 @@ t-tm_min, t-tm_sec, 0, - get_time_zone(unixdate)/60, + zone, 1, t-tm_mday, t-tm_mon + 1,
svn commit: samba r11937 - in trunk/source/rpc_server: .
Author: jra Date: 2005-11-27 21:51:48 + (Sun, 27 Nov 2005) New Revision: 11937 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11937 Log: Fix bug in returning remote time found by Thomas Bork [EMAIL PROTECTED]. get_time_zone() was overwriting static buffer returned by gmtime(). Lars - this is a mandatory fix for the next patch... Jeremy. Modified: trunk/source/rpc_server/srv_srvsvc_nt.c Changeset: Modified: trunk/source/rpc_server/srv_srvsvc_nt.c === --- trunk/source/rpc_server/srv_srvsvc_nt.c 2005-11-27 21:51:46 UTC (rev 11936) +++ trunk/source/rpc_server/srv_srvsvc_nt.c 2005-11-27 21:51:48 UTC (rev 11937) @@ -1924,6 +1924,9 @@ TIME_OF_DAY_INFO *tod; struct tm *t; time_t unixdate = time(NULL); + /* We do this call first as if we do it *after* the gmtime call + it overwrites the pointed-to values. JRA */ + uint32 zone = get_time_zone(unixdate)/60; tod = TALLOC_P(p-mem_ctx, TIME_OF_DAY_INFO); if (!tod) @@ -1947,7 +1950,7 @@ t-tm_min, t-tm_sec, 0, - get_time_zone(unixdate)/60, + zone, 1, t-tm_mday, t-tm_mon + 1,
Build status as of Mon Nov 28 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-11-27 00:00:40.0 + +++ /home/build/master/cache/broken_results.txt 2005-11-28 00:00:34.0 + @@ -1,17 +1,17 @@ -Build status as of Sun Nov 27 00:00:02 2005 +Build status as of Mon Nov 28 00:00:02 2005 Build counts: Tree Total Broken Panic ccache 33 5 0 -distcc 11 2 0 -lorikeet-heimdal 28 15 0 +distcc 13 1 0 +lorikeet-heimdal 28 14 0 ppp 17 0 0 -rsync10 2 0 +rsync10 1 0 samba3 0 0 samba-docs 0 0 0 -samba4 32 17 1 -samba_3_033 4 0 -smb-build24 2 0 -talloc 11 3 0 -tdb 8 3 0 +samba4 32 18 0 +samba_3_033 3 0 +smb-build24 1 0 +talloc 10 3 0 +tdb 8 2 0
svn commit: samba r11938 - in branches/SAMBA_3_0/source/client: .
Author: sfrench Date: 2005-11-28 05:43:21 + (Mon, 28 Nov 2005) New Revision: 11938 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11938 Log: Fix cifs to handle non-numeric uid and gid parameters and merge trunk and SAMBA_3 versions of mount.cifs and cleanup cifs vfs help. Modified version of patch from Olaf Kirch okir at SuSE dot de for Novell Bug 120601 Modified: branches/SAMBA_3_0/source/client/mount.cifs.c Changeset: Sorry, the patch is too large (336 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11938
svn commit: samba r11939 - in trunk/source/client: .
Author: sfrench Date: 2005-11-28 05:44:14 + (Mon, 28 Nov 2005) New Revision: 11939 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11939 Log: Merge trunk and SAMBA_3 versions of mount.cifs Modified: trunk/source/client/mount.cifs.c Changeset: Sorry, the patch is too large (336 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=11939
