[Samba] ntlm_auth: (pipe \PIPE\NETLOGON) has died or was never started (fd == -1)
I'm exeperiencing a strange ntlm_auth problem: I'm running two domain with a trust; the trusting one, (EUFEMIA with the PDC Beatrice) uses the WINS facility of the trusted one (LETTERE, PDC Alice). Users of EUFEMIA and LETTERE alike have a successful logon to Beatrice. LETTERE users do authenticate in Beatrice with ntlm_auth. EUFEMIA users do not: beatrice:/home# ntlm_auth --username user1 --password ** --domain EUFEMIA NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) (by the way wbinfo -a returns something similar): beatrice:/home# wbinfo -aEUFEMIA\\user1%** plaintext password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user EUFEMIA\\user1%** with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) error messsage was: No logon servers Could not authenticate user EUFEMIA\\user1%** with challenge/response Please note EUFEMIA\\user1 has login throught command: smbclient -UEUFEMIA\\user1%** -L beatrice. From Beatrice (and from Alice alike), I can correctly list the Browse master and PDC of EUFEMIA with nmblookup. nmblookup -S EUFEMIA returns bearice with the 1C tag (and 1D as well). I have no idea what No logon servers means. The logs from winbindd are: [2006/01/29 10:56:23, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [29121]: request interface version [2006/01/29 10:56:23, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [29121]: request location of privileged pipe [2006/01/29 10:56:23, 3] nsswitch/winbindd_misc.c:winbindd_info(248) [29121]: request misc info [2006/01/29 10:56:23, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(179) [29121]: pam auth EUFEMIA\user1 [2006/01/29 10:56:23, 3] nsswitch/winbindd_cm.c:connection_ok(724) Connection to for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or was never started (fd == -1) [2006/01/29 10:56:23, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109) cm_get_ipc_userpass: No auth-user defined [2006/01/29 10:56:33, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2006/01/29 10:56:33, 3] nsswitch/winbindd_cm.c:connection_ok(724) Connection to for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or was never started (fd == -1) [2006/01/29 10:56:33, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(109) cm_get_ipc_userpass: No auth-user defined [2006/01/29 10:56:43, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2006/01/29 10:56:43, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(361) Plain-text authentication for user EUFEMIA\user1 returned NT_STATUS_NO_LOGON_SERVERS (PAM: 4) [2006/01/29 10:56:43, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [29122]: request interface version [2006/01/29 10:56:43, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [29123]: request interface version [2006/01/29 10:56:43, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [29122]: request location of privileged pipe [2006/01/29 10:56:43, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [29123]: request location of privileged pipe [2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126) [29122]: getpwnam user1 [2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126) [29123]: getpwnam user1 [2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126) [29123]: getpwnam user1 [2006/01/29 10:56:43, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126) [29122]: getpwnam user1 What does Connection to for domain EUFEMIA (pipe \PIPE\NETLOGON) has died or was never started (fd == -1) mean? Alice is a Fedora Core 1 Samba3.0.21a server. Beatrice is a Debian GNU/Linux Samba3.0.14a server. I need ntlm_auth because squid runs on beatrice. beatrice:/home$ testparm -v | grep win name resolve order = wins lmhosts host bcast max wins ttl = 518400 min wins ttl = 21600 wins proxy = No wins server = (IP address of alice) wins support = No wins hook = wins partners = winbind separator = \ winbind cache time = 300 winbind enable local accounts = No winbind enum users = Yes winbind enum groups = Yes winbind use default domain = No winbind trusted domains only = No winbind nested groups = No I have level 10 log from winbindd and from smbd but they are huge. If you need them, just ask. Thank to everyone patient enought to read this post, Again, thank you, Francesco -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] question about ldapS and samba
Hi all just a question, i have 2 ldap servers, ( master / slave ) local they are running on 127.0.0.1:389 and 192.168.xx.xx:636 samba in the conf connects to 127.0.0.1 now i want too add the slave ldap server as backup ldap. now the problem ( i think ) its like this. server 1 ) samba 3.0.14a + master ldap (127.0.0.1:389 and 192.168.xx.100:636) server 2 no samba + slave ldap 127.0.0.1:389 and 192.168.xx.101:636 the question is now is it possible to have master ldap NON SSL , and slave ldap WITH SSL in the config below. and if so , how ? this is what i have in the smb.conf ## USER/LDAP SETTINGS username map = /etc/samba/users.map guest account = nobody obey pam restrictions = No ldap passwd sync = yes =passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=rotterdam,dc=bazuin,dc=nl ldap admin dn = cn=admin,dc=rotterdam,dc=bazuin,dc=nl ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap group suffix = ou=Groups ldap idmap suffix = ou=Users ldap delete dn = Yes = ldap ssl = no greets, Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntlm_auth: (pipe \PIPE\NETLOGON) has died or was never started (fd == -1)
On Sun, 2006-01-29 at 17:45 +0100, Francesco Malvezzi wrote: I'm exeperiencing a strange ntlm_auth problem: I'm running two domain with a trust; the trusting one, (EUFEMIA with the PDC Beatrice) uses the WINS facility of the trusted one (LETTERE, PDC Alice). Users of EUFEMIA and LETTERE alike have a successful logon to Beatrice. LETTERE users do authenticate in Beatrice with ntlm_auth. EUFEMIA users do not: beatrice:/home# ntlm_auth --username user1 --password ** --domain EUFEMIA NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e) This is your problem: [2006/01/29 10:56:33, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds For some reason, your server is not responding. perhaps samba3 is locked up talking to a backing LDAP server? What do the logs on the server show? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] linux group quota does not work as expected with 3.0.21a
Mon, Jan 30, 2006 at 11:09:10AM +0200, [EMAIL PROTECTED] написал: Searching through the sources I found vfs_default_quota.c module, It completely solves my problem with: vfs objects = default_quota default_quota:gid nolimit = no default_quota:gid = 10057 I set following config: [ISCMPD] comment = Work directories for ISCMPD department path = /var/work/smb_shares/ISCMPD valid users = @ISCMPD write list = @ISCMPD force group = qiscmpd force create mode = 0777 force directory mode = 0777 qiscmpd - is a linux group manually added for quotas: # cat /etc/group | grep qiscmpd qiscmpd:x:10057: # repquota -ag | grep iscmpd qiscmpd -- 778296 1000 1000 5102 0 0 When I try to copy files to quoted samba share, it copies ok, samba set correct permissions, and size of used blocks in repquota grows, but: 1. I can copy as much data as I want, not as quota says. 2. The size of quoted share shows as normal (full disk size), not as quoted. User quotas with 'force user' works OK. But I need only 'force group'. Can I make samba to work with group quotas? Samba compiled with --with-acl-support --with-winbind --with-smbmount --with-quotas --disable-cups -- Best regards, Palij Oleg, ISC (Pridn railway) xmpp://[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Active Directory NT_STATUS_ACCESS_DENIED - expired?
On Wed, 2006-01-25 at 11:42 +0100, Andreas Unterkircher wrote: Hello list, I'm using several samba server (mix between v2.2 and v3.0 versions) within an Active Directory domain. These servers are normal domain members and winbind is used to lookup the domain users on the linux machines. Sometimes it looks like that some of the servers get kicked out of the domain. In the samba logs suddenly NT_STATUS_ACCESS_DENIED messages appear and samba stopps authenticate users against domain. The computer account is still present in Active Directory. I've check if the account has expired but it's expired time is far away (9223372036854775807, in 2038 ...). The account is neither inactive, disabled or locked out. When I try to rejoin on the existing computer account (smbpasswd -j, net join) it works on samba side but in the domain controllers event log I see some of the following errors: The session setup from the computer SRV-MFM-30 failed to authenticate. The name of the account referenced in the security database is SRV-MFM-30$. The following error occurred: Access is denied. I have to remove the computer object and join the domain again. Then everything works again (for some time). This happens with security=domain (rpc) and also with security=ads (ldap,kdc,...). The timeframe ist mostly 2 or 3 months. Anyone has a clue what can cause this or encountered similar problems? Password expiry is configured from group or domain policy, not a value on the entry. The command 'net ads changetrustpw' should fix it. We should handle this automatically, but don't (please file a bug, if there isn't one already). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD and Samba BDC
On Tue, 2006-01-24 at 13:57 -0200, Marcelo H. Terres wrote: Hi. I don't find a way to make a Samba BDC replicate an AD Server. I need to authenticate in Samba BDC if my link with AD PDC goes down. I read that it is not possible. This is not possible with Samba3. Is this true ? Samba 4 will do this ? Samba4 has been demonstrated to 'take over' an AD domain, but we don't currently process continuous operation of a BDC (ie receiving updates as account change). I don't know what other consequences of running both Win2k3 and Samba4 in the same domain, as domain controllers will be. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Secure Share
On Tue, 2006-01-24 at 10:53 +0300, Webb, Mr Scott (CTR) wrote: I am trying to create an individual secure share in Samba. We have it loaded on a Solaris box and our users access the shares using Windows Explorer. It appears that everything I've read only allows me to create secure shares for all the shares. Is there a way to create individual secure shares? Those can be password protected or not. I'm a little unclear what you mean by a 'secure share'. Many aspects of the security protocols operate on the TCP session or the (potentially multiple) user contexts on that session. These include SMB signing in particular. We don't get the information on what share a user is after at that point. However, with %L (see the manpage) we can have two virtual names with different behaviours. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap not using kerberos (winbind rid idmap)
On Fri, 2006-01-27 at 16:15 +0100, Roman Sommer wrote: thanks for your reply. I was more thinking in terms of how to kerberize ldap queries rather than how to enable SSL/TLS :) Or is this setting supposed to enable spnego encrypted queries? Samba4 can do that kind of thing, but we don't do GSSAPI or NTLMSSP encryption of LDAP sockets in Samba3. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] userPassword in a LDAP database of a Samba3 domain
On Wed, 2006-01-25 at 14:09 -0200, fabricio bianco abreu wrote: Hi folks, My question is: Is there a way to populate userPassword attribute in the MD5 format so that users are not required to have their password changed? I believe a good opportunity to do so occurs whenever a user logs to the domain. Unfortunately this is not possible. I went to some very long lengths to 'get around' this problem, but for you, the best option is probably to force a password change, or make your users enter your password into something that gets the plaintext and validates it against the NTLM (then you can populate the md5 userPassword). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Fwd: Re: [Samba] Browse List propagation under Samba]
Adam Nielsen schrieb: It is configured as an NT domain controller and has been working well. I needed to add a routed (over VPN) connection to the system but cannot get the routed clients to access the browse list. The clients are all Windows XP professional. The remote client is not a domain member. All clients work when directly connected to the Samba server (broadcast), whether domain members or not. I run WINS support on Samba which is working. I can see my remote machine registered under WINS and can query the WINS database with nblookup from all clients. DNS is also fine (forward and reverse) from all clients. I can also manually attach to a share from the routed client with a UNC-Path. IP connectivity is fine between all machines in the network, windows connectivity also. It is just the browse list that doesn't work. I suspect that either broadcasting isn't working, i.e. pinging 10.8.x.255 won't reach the remote clients (or pinging that from the remote client won't reach Samba), or the remote machines are broadcasting for the browse list instead of contacting the WINS server directly. Have you told the client PCs the IP of the WINS server? (via DHCP or in the local machine's network config?) Cheers, Adam. Thanks for answering Adam, The remote client is to be reached over a routed VPN tunnel, so broadcasts won't reach the clients. That is the reason fior the WINS server. All client are getting their WINS server address correctly via DHCP (proved by nblookup) and they are not broadcasting (hybrid shows on the adapters, as it should and I have traced with Ethereal). What concerns me is the NetBIOS reply (NetServerGetInfo response) to server queries by the domain controller (is also the WINS server - all on Samba). The flags showing server type show (just the revelant flags for clarity): This is a workstation This is a server This is a Domain Controller This is an NT workstation This is an NT server This is NOT a potential browser This is NOT a master browser This is NOT a domain master browser But my config has: local master = yes preferred master = yes domain master = yes domain logons = yes There is clearly a mismatch between measured responses and the configuration in smb.conf. Is this a version issue. Would be pleased to receive any suggestions. Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BINGO - bug - 3.0.14, 3.0.21 intractable browsing problems
Okay, folks -- we've found the cause of the problem. To recap: With our Samba server as the master browser, the domain window in My Network Places is totally empty, irrespective of what client we use (Windows 98, 2000, XP). When Samba is not the master browser (i.e., another workstation is acting as the master browser), hosts are visible. When Samba is the master browser, the browse.dat and wins.dat files are populated correctly with the hosts on the network. Our browse.dat and wins.dat files are stored in /var/cache/samba. The directory had permissions of 744. With the permission set as 744, no worky. With the permissions set at 755, tada -- suddenly it works. A whole host of problems are resolved. A permissions problem (what we initially suspected) but not one that was simple to devine. The browse connections are made by an unprivileged user, and with permissions of 744, that user cannot enter the directory, even if the files are readable. This is the sort of problem that a perusal of the nmbd log should have made immediately obvious. If Samba can't read a vital file, shouldn't it be reporting that in the logs? We've reproduced the problem with the log level set at 9; though nmbd reports that the browse.dat file is being written to, it never says anything about being unable to read it or unable to enter the cache directory. If it had, we would have taken three minutes to fix this problem instead of three weeks. We didn't see an error to this effect in the session logs, either. Perhaps there's something misconfigured with our logging -- but it seems just as likely that Samba isn't reporting a failure to read the browse.dat and wins.dat files to the logs. -Stephen- stephen, i'm glad you found the answer. i'm afraid i wasn't much help at all now. -anthony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT 4 workstation joining Samba domain
taso wrote: Samba 3.0.21b with LDAP backend The transfer to the Sanba hosted domain appears to work, ie success message, but I can't log on to a domain account from that workstation, complains about missing machine account or incorrect password. Only NT4 workstations seem to be a problem, Win2k and XP are Ok. NT4 is maximally patched, updated and etc - no registry hacks however. I checked the LDAP database - a machine account is being created. I don't know if this counts as an official bug, but further investigation shows that the machine account created when an NT machine joins the domain is disabled, ie sambaAcctFlags = DW, whereas when a win2k or xp joins the domain sambaAcctFlags = W. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ntml_auth --require-membership-of
On Thu, 2006-01-19 at 12:42 -0600, Rex Dieter wrote: Andrew Bartlett wrote: On Wed, 2006-01-18 at 10:21 -0600, Rex Dieter wrote: Rex Dieter wrote: Rex Dieter wrote: I'm having trouble getting ntml_auth to recognize ActiveDirectory groups that aren't in AD\Users. In particular, we've a few groups in our department OU that I'd like to be able to use. If I specify any of our OU-specific groups, using something like: # ntlm_auth --username=foo --require-membership-of=AD\OUGroup1 password: I get: Winbindd lookupname failed to resolve AD\OUGroup1 into a SID! Turns out using wbinfo --name-to-sid=OUGroup1 So my question is: why can wbinfo resolve the name to a SID, but ntlm_auth can't? Sometimes this is a problem of timing, as ntlm_auth does this when squid is starting. I'm skeptical. I repeated this on several occasions on several different boxes. ntlm-auth *always* failed the same way when trying to resolve Groups not in the top-level AD\Users OU. Interesting. It should be asking the same question as wbinfo -n Can you chase this down a bit more, with the current code, and file a bug? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Secure Share
On Tue, 2006-01-31 at 13:04 +0300, Webb, Mr Scott (CTR) wrote: I have Samba loaded on a Solaris 8 box. And that is where the shares reside. Personnel use Windows Explorer and map a drive to these shares. Right now, it's wide open for anyone logged onto the domain. I'm trying to create a share in Samba that affords some kind of security, whether that is password protection, or group policy that only allows certain users access. Is this possible in Samba? To have multiple security configs in the smb.conf? If so, how do I do it? Samba honours the underlying unix access permissions, and this (setting unix permissions) is by far the most secure and effective way to protect data. Simply put your authorized users in a group, and set that group permission on the files/folders. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba RPM packages for all SuSE Linux products (was: Samba 3.0.21b Available for Download)
On Mon, Jan 30, 2006 at 08:33:50PM -0600, Gerald Carter wrote: [snip] Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ RPM packages of Samba 3.0.21b for all SuSE Linux products are available at ftp://ftp.SuSE.com/pub/projects/samba/3.0/ or http://ftp.SuSE.com/pub/projects/samba/3.0/ Currently there are packages for SuSE Linux (x86 and x86_64) 9.1, 9.2, 9.3, 10.0, UnitedLinux 1/ SuSE Linux Enterprise Server (SLES) 8, SLES 9, and factory (= the currently developed product). Packages for ppc are only available for 10.0, SLES 8, SLES 9, and factory as there are no other SuSE Linux product of this architecture. Please inform us if you have different architectures (ia64, s390) and like to see Samba RPM packages for these too. The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SuSE mirrors. A list of international mirror sites is at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html A list of mirrors in Germany is at http://www.novell.com/products/suselinux/downloads/ftp/germ_mirrors.html If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.0, then select 'component' Packaging and set 'assign to' to lmuelle at suse dot de. Or use http://bugzilla.Novell.com instead. Our customers, our products, our responsibility. Have a lot of fun... Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SuSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany pgpQUyAWO5gIZ.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba RPM packages for all SuSE Linux products
Lars Müller schrieb: On Mon, Jan 30, 2006 at 08:33:50PM -0600, Gerald Carter wrote: [snip] Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ RPM packages of Samba 3.0.21b for all SuSE Linux products are available at ftp://ftp.SuSE.com/pub/projects/samba/3.0/ or http://ftp.SuSE.com/pub/projects/samba/3.0/ Currently there are packages for SuSE Linux (x86 and x86_64) 9.1, 9.2, 9.3, 10.0, UnitedLinux 1/ SuSE Linux Enterprise Server (SLES) 8, SLES 9, and factory (= the currently developed product). Packages for ppc are only available for 10.0, SLES 8, SLES 9, and factory as there are no other SuSE Linux product of this architecture. Please inform us if you have different architectures (ia64, s390) and like to see Samba RPM packages for these too. The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SuSE mirrors. A list of international mirror sites is at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html A list of mirrors in Germany is at http://www.novell.com/products/suselinux/downloads/ftp/germ_mirrors.html If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.0, then select 'component' Packaging and set 'assign to' to lmuelle at suse dot de. Or use http://bugzilla.Novell.com instead. Our customers, our products, our responsibility. Have a lot of fun... Lars hi Lars, thx again for this fast work Regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: ntml_auth --require-membership-of
Andrew Bartlett wrote: Can you chase this down a bit more, with the current code, and file a bug? Can do. I'll retest with 3.0.21b, and file a bug if nothing changes. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows print queue not clearing: Part II
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Christian wrote: Sorry for the addendum, but I've also noticed the following entries in the logs: Jan 30 12:28:38 primary smbd[2577]: tdb(/var/cache/samba/printing/claser_3.tdb): rec_read bad magic 0x0 at offset=21904 Jan 30 12:28:38 primary smbd[2577]: [2006/01/30 12:28:38, 0] tdb/tdbutil.c:tdb_log(725) Jan 30 12:28:38 primary smbd[2577]: tdb(/var/cache/samba/printing/copier_4.tdb): rec_read bad magic 0xd9fee666 at offset=23256 Jan 30 12:28:38 primary smbd[2577]: [2006/01/30 12:28:38, 0] tdb/tdbutil.c:tdb_log(725) Jan 30 12:28:38 primary smbd[2577]: tdb(/var/cache/samba/printing/copier_2.tdb): rec_read bad magic 0x0 at offset=1 Lots of these. I've tried deleting the /var/cache/samba/printing/name.tdb but no luck. My config looks as such: Somethings wrong then. tdb corruption is pretty rare in my experience. I can't remember your original message but if the prnit job status in the Windows queue monitor says Printed, then the problem is that cups is not removing the job from the queue listing (i.e. you should see the same job shown via lpq). If the job stil shows on the Windows client as spooling, then please test 3.0.21b. The bug should be resolved (although a release earlier than 3.0.21b would probably fix the problem as well). There's not a single fix I can point you at to fix it. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD33I1IR7qMdg1EfYRAoeSAJ9AGrJPmcIa/+D5eTxR8Qs2uL0SKgCfXLMD EskM1LIukxxGDOm8Oe0qryQ= =Rdf7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Cannot map guest shares in 'security = SERVER' mode onsamba-3.0.9
Anybody out there, who has a samba server running in 'security = SERVER' mode, while providing a 'public/guest' share? Again, this used to work on samba-2.2.9!!! Could it be a bug in samba-3.0.9? Is there something that has to be changed on XP? I am willing to do more testing/trying/debugging Config and logs: http://lists.samba.org/archive/samba/2006-January/116901.html Thanks for any hint! Rene Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rene Kapeller wrote: I'm running samba-3.0.9-1.3E.3 and the manpage for smb.conf does not mention anything about 'map to guest = Bad Uid'. However I did add the line 'map to guest = Bad Uid' an run 'testparm /etc/samba/smb.conf'. The 'Bad uid' option is only available in 3.0.20 and later iirc. Also it is really only a supported option for security = {domain,ads} cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD3h/nIR7qMdg1EfYRAssXAJ4lfLLClfMrl9Hk5Fp5MSzxztn/lwCfZp4o nB6rfxPx2S/FpHl42lz7ijA= =BSEq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and add printer drivers from xp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 support_mail wrote: Assistant addition of pilot of printer: Impossible to install the pilot HP OfficeJet R80, Windows 2000 or XP, INTEL. Impossible to finish this operation Sounds like either (a) you don't have the correct access permissions on the [print$] share, or (b) you don't have the SePrintOperatorPrivilege assigned. : Jan 27 18:07:30 alpha smbd[4797]: supervision (192.168.0.10) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d} i know this is the printer in windows registry but i don 't understand realy the problem my var/cache/samba/printers seems to be ok and on window i haven't got another printers than printers server (one hp an one pdf). The couldn't find service message here is not a problem. Just informative. If you run smbd with a debug level of 10, I believe you will find that your are getting ACCESS_DENIED somewhere along the installation path. Try to figure out what you are getting this error. That will be the root cause of the problem. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD33lNIR7qMdg1EfYRAv4dAKCuQwVTP80QUGAFBndEbSanz2KcHwCguRD6 NJ3LMs1+iYdlU5PKcNhJhMc= =uMQH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba on FDC5
Anyone know what version will be on Fedora Core 5? Core 4 has 3.0.14a-2 Kent Nasveschuk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Print Migrator help needed...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aarti Varshney (asadhnan) wrote: This snippet from the error log: Looks like something is timing out... Anyone knows how to increase the timeout? Aarti, I don;t think it's a timeout issue. I think the client is just disconnecting due to the failed access check. ... 2006:01:25 15:35:38 Access Granted to: \\sambaShare 2006:01:25 15:35:38 Couldn't start the target spooler 2006:01:25 15:35:38 Remote Tree View Failed You can use the Manage you computer mmc plugin against the Samba box to test starting/stopping the internal spooler server (nothing to do with cups). to debug the access checks. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD33oaIR7qMdg1EfYRAhW/AJsFO2TXUt1gi54ENxeJJnmVYwyqnQCg8q/3 j2Lo2VKdc8nePrSNxpIP8Jc= =cR+X -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance problem. big amount of net traffic for file properties
I don't really understand what you mean by this , but I'm very interested in investigating this problem ... How could I diagnose this ? Is there a way to avoid this problem ? (Most of our XP workstation don't suffer from this) Thanks a lot ... Le Lundi 30 Janvier 2006 15:49, vous avez écrit : Marc Cousin wrote: Most (if not all) of the traffic from the XP workstation seems OK, except for this crazy retransmission of the same request ( not a tcp retransmission, the paquets have different tcp sequence numbers). Spooler traffic for GetPrinterData() perhaps? This is a known bug in the XP client spooler. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com !DSPAM:1,43de2775249941321212520! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] performance problem. big amount of net traffic for file properties
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc Cousin wrote: I don't really understand what you mean by this , but I'm very interested in investigating this problem ... How could I diagnose this ? Is there a way to avoid this problem ? (Most of our XP workstation don't suffer from this) Get a network trace in ethereal and look for lots of GetPrinterData() requests. In the packet payload you will see the string ChangeID. If this is your problem, then isolate that client or two and run (on the client) net stop spooler net start spooler Some drivers seem to trigger this behavior and sometimes it seems to be independent of the driver used. Are your XP clients running SP2 ? cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD34DeIR7qMdg1EfYRAuFLAKCPJEtDWVkMdVLud5ykJUtYHHeduwCfSqr1 2KNZrGTIud1UkrXjpwI9Oqk= =HT83 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Cannot map guest shares in 'security = SERVER' mode onsamba-3.0.9
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rene Kapeller wrote: Anybody out there, who has a samba server running in 'security = SERVER' mode, while providing a 'public/guest' share? Again, this used to work on samba-2.2.9!!! Could it be a bug in samba-3.0.9? There's a bug logged against security = domain configurations that is probably in the same area of the code. I'll look into it today. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD33qqIR7qMdg1EfYRAhLUAJ0YaBvsHyKEJRCnGRHDMmFB5MzLqwCghTSL nZL4FP6HXjEzh1Yx2Ai7gXs= =C+JQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] undefined reference to `swrap_close'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 imacat wrote: No, I think we need to avoid smbmnt getting these defines. This is a setuid app, and I'm worried by how socket wrapper (and the environment variable based changes in behaviour) would interact, in a security sense. Oh. Thank you for reminding me this. This is *really* a serious security issue. I've recompiled all my samba without socket_wrapper. Thanks again for pointing out this. No its not a security issue. The socket wrapper stuff is for development testing only. There is no production value in it. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD34L0IR7qMdg1EfYRAr2SAKCNmJ2jMEYFo3qJRxYTabcGrgXabQCgq2SD 0n1Yr8KFZXwjVbFJJVq1KIA= =2e+H -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Server shows Linux client IP addresses, not names
The smbstatus utility won't show the names of the Linux machines running in this workgroup, but it does show the names of the WinXP machines. It looks like this: $ smbstatus -b Samba version 3.0.10-1.4E.2 PID Username Group Machine --- 23158 steve users 192.168.0.10 (192.168.0.10) 18040 nancy users venus(192.168.0.3) 3001 nancy users mars (192.168.0.5) 2894 steve users 192.168.0.2 (192.168.0.2) The browse.dat file correctly shows the names and IP address of all machines in the workgroup, so obviously the names of the Linux machines are obtainable. The server is running Samba v3.0.10 on a CentOS machine. The Linux clients are running Samba 3.0.14a on Fedora Core 4 machines The Linux clients are running a minimal smb.conf, just enough (in theory) to provide a NetBIOS name for lookup by the server. This is the entire config file: [global] workgroup = WORKGROUP server string = Software Development max log size = 0 security = user So what am I missing to get the smbstatus util to reflect the names of my Linux machines? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba on Solaris 10 Sparc
Does anyone have a successful install of this? I tried installing it via the Sunfreeware binary and even though it installed, the service would never start. So I decided to remove that and compile it from source. When trying to compile from source, it always errors out. I would just like to hear from someone who has a successful install of Samba on Solaris 10 Sparc. Also, if anyone has a how-to posted somewhere with information unique to a Samba installation on Solaris 10 Sparc, that would be helpful as well. Thanks again everyone, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and add printer drivers from xp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 support_mail wrote: i put : log level = 10 in my smb.conf but nothing more come in syslog wath can i do for debuging step by step the action of xp when it copy the file and setprinter on samba ? thanks Set this in smb.conf debug level = 10 log file = /var/log/samba/log.%m debug timestamp = no max log size = 0 Make sure to create /var/log/samba. The debug info you need will be ni those log files. Not syslog. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD35cuIR7qMdg1EfYRAjZEAKDlbnD/nCDbcfKc2D6SmEr6zXfg3ACgkFNO WDGgCoPBmkSD6lgf8m73e9A= =bI9p -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA 3.0.21 - Compile error on SOLARIS 7 SOLARIS 2.5.1
Solved by 3.0.21b Many thanks to the Samba Team Pierre Pierre Lebrun a écrit : Hi, Compilation fails on Solaris 7 + GCC and Solaris 2.5.1 + SUN CC. Each time the problem is on winbind. I have no idea about what's going wrong. I didn't have any trouble with SAMBA 3.0.21rc1. Can you help me ? Thank you, Pierre - SOLARIS 7 - Configure ./configure --with-acl-support --with-ldap=no --disable-cups --enable-static=yes --with-included-popt $ gcc -v Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.7/3.0.3/specs Configured with: ../configure --with-as=/usr/local/bin/as --with-ld=/usr/local/bin/ld Thread model: posix gcc version 3.0.3 - ... Compiling utils/eventlogadm.c Linking bin/eventlogadm Compiling nsswitch/wbinfo.c Linking bin/wbinfo Compiling nsswitch/wb_common.c with -fPIC Compiling lib/replace1.c with -fPIC Compiling nsswitch/winbind_nss_solaris.c with -fPIC nsswitch/winbind_nss_solaris.c: In function `parse_response': nsswitch/winbind_nss_solaris.c:394: sizeof applied to an incomplete type nsswitch/winbind_nss_solaris.c:395: sizeof applied to an incomplete type nsswitch/winbind_nss_solaris.c:397: arithmetic on pointer to an incomplete type nsswitch/winbind_nss_solaris.c:421: arithmetic on pointer to an incomplete type nsswitch/winbind_nss_solaris.c:421: dereferencing pointer to incomplete type nsswitch/winbind_nss_solaris.c:423: `AF_INET6' undeclared (first use in this function) nsswitch/winbind_nss_solaris.c:423: (Each undeclared identifier is reported only once nsswitch/winbind_nss_solaris.c:423: for each function it appears in.) nsswitch/winbind_nss_solaris.c:423: arithmetic on pointer to an incomplete type nsswitch/winbind_nss_solaris.c:423: dereferencing pointer to incomplete type nsswitch/winbind_nss_solaris.c:433: arithmetic on pointer to an incomplete type nsswitch/winbind_nss_solaris.c:433: dereferencing pointer to incomplete type nsswitch/winbind_nss_solaris.c: In function `_nss_winbind_ipnodes_getbyname': nsswitch/winbind_nss_solaris.c:491: `AF_INET6' undeclared (first use in this function) nsswitch/winbind_nss_solaris.c: In function `_nss_winbind_hosts_getbyaddr': nsswitch/winbind_nss_solaris.c:540: `AF_INET6' undeclared (first use in this function) nsswitch/winbind_nss_solaris.c:546: `INET6_ADDRSTRLEN' undeclared (first use in this function) nsswitch/winbind_nss_solaris.c:546: warning: assignment makes pointer from integer without a cast make: *** [nsswitch/winbind_nss_solaris.po] Error 1 - SOLARIS 2.5.1 - Configure ./configure --with-acl-support --with-ldap=no --disable-cups --enable-static=yes --with-included-popt $ cc -V cc: WorkShop Compilers 5.0 98/12/15 C 5.0 ... Compiling lib/hmacmd5.c Compiling lib/arc4.c Compiling lib/iconv.c lib/iconv.c, line 139: warning: argument #2 is incompatible with prototype: prototype: pointer to pointer to const char : /usr/local/include/iconv.h, line 82 argument : pointer to pointer to char Compiling nsswitch/wb_client.c Compiling nsswitch/wb_common.c /usr/include/netdb.h, line 195: warning: dubious tag declaration: struct sockaddr_in nsswitch/wb_common.c, line 238: undefined symbol: socklen_t nsswitch/wb_common.c, line 238: syntax error before or at: errnosize nsswitch/wb_common.c, line 253: undefined symbol: errnosize nsswitch/wb_common.c, line 256: warning: argument #4 is incompatible with prototype: prototype: pointer to char : /usr/include/sys/socket.h, line 299 argument : pointer to int nsswitch/wb_common.c, line 284: cannot recover from previous errors cc: acomp failed for nsswitch/wb_common.c *** Error code 2 make: Fatal error: Command failed for target `nsswitch/wb_common.o' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.21 requires OS to be IPV6 Compliant ?
Pierre Lebrun a écrit : Hi, My last post about compilation problems of 3.0.21 on Solaris 2.5 and 7 has no answer,so I investigated a bit more further to try to find out the differences with 3.0.20b. Problems come from winbind_nss_solaris.c witch evolved a lot in 3.0.21. Several references are done to struct in6_addr witch are not defined on solaris 7 and older. If I'm not wrong in my diagnostic, is there a solution to allow compilation without IPV6 support ? Thank's for your help, Pierre Solved by 3.0.21b. Many thanks to the Samba Team Pierre -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and add printer drivers from xp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 support_mail wrote: Gerald Carter wrote: Set this in smb.conf debug level = 10 log file = /var/log/samba/log.%m debug timestamp = no max log size = 0 Make sure to create /var/log/samba. The debug info you need will be ni those log files. Not syslog. ok i have already this in my smb.conf, but now in my /var/log/samba/ i must have a look in the log.hostname, ip, smbd or nmbd ? log.hostname. You can move through the spooler rpc calls by grepping for SPOOLSS_ cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD35k8IR7qMdg1EfYRAoCkAJoDxiuK8laOVGG5NHSIuFZmOj1TWwCeMHyS r3dlVE2HwRGLR/RyA7JE85M= =d/Ku -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Question
On 1/29/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I got a quick question to ask is there any possible way to have only specific users to be able to access the folder for example. if i have folder called SHARE and inside the SHARE folder i have folder called confidential can i set the permission only management to access the share folder? if so how can i do that. Set the Unix permissions on the confidential folder so that only the desired users can access it. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple 2003 Servers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ian Barnes wrote: Here is the confusing part though, when I join the domain, it picks a random controller and joins to that one, no specific one. What I need to be able todo is to join one of them, and when that one fails, move over to another one. I have it on my plate to implement server affinity this week. Will be in the 3.0.22 release. I can try to send you a patch when I'm done. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD32/7IR7qMdg1EfYRAp2tAKCL0bGlSgfkAMbJt9N07jbqZ/08sgCeMePo BRt9AQQBbRIlpTpRfglEmFA= =5ZR2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] what with privileges
On 1/29/06, Playnet [EMAIL PROTECTED] wrote: Hello samba, I try add machine into domain. If i run smbldap-useradd manually, all ok. But from samba i get errors: Jan 29 22:47:04 sstand net: smbldap_open: cannot access LDAP when not root.. I think that this indicates that Samba isn't running smbldap-useradd as root because the account you're using doesn't have permission to add computers to the domain. If you don't have privileges enabled (enable privileges = no), then I think you need to use the root account to join the machine. If you do have privileges enabled (enable privileges = yes), then make sure that the account you're using has the SeMachineAccountPrivilege. See chapter 14 in the Samba HOWTO for details on privileges. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntlm_auth: (pipe \PIPE\NETLOGON) has died or was never started (fd == -1)
This is your problem: [2006/01/29 10:56:33, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds For some reason, your server is not responding. perhaps samba3 is locked up talking to a backing LDAP server? What do the logs on the server show? Thank you so much for the help. Yes, the backend is a LDAP server with more than 26000 users, and I'm never able to list all of them (of course timeout incurs), but it doesn't stop logons on the server, only ntln_auth. I try to attach the log you requested me (level 3). Regards Francesco Andrew Bartlett [2006/01/31 18:32:23, 3] smbd/service.c:close_cnum(830) 155.185.96.86 (155.185.96.86) closed connection to service IPC$ [2006/01/31 18:32:23, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2006/01/31 18:32:23, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/31 18:32:23, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/01/31 18:32:23, 3] smbd/server.c:exit_server(652) Server exit (normal exit) [2006/01/31 18:32:55, 3] smbd/oplock.c:init_oplocks(1351) open_oplock_ipc: opening loopback UDP socket. [2006/01/31 18:32:55, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2006/01/31 18:32:55, 3] smbd/oplock.c:init_oplocks(1382) open_oplock ipc: pid = 16574, global_oplock_port = 55883 [2006/01/31 18:32:55, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2006/01/31 18:32:55, 2] lib/access.c:check_access(324) Allowed connection from (155.185.96.86) [2006/01/31 18:32:55, 3] smbd/process.c:process_smb(1091) Transaction 0 of length 183 [2006/01/31 18:32:55, 3] smbd/process.c:switch_message(886) switch message SMBnegprot (pid 16574) conn 0x0 [2006/01/31 18:32:55, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/31 18:32:55, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [PC NETWORK PROGRAM 1.0] [2006/01/31 18:32:55, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [MICROSOFT NETWORKS 1.03] [2006/01/31 18:32:55, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [MICROSOFT NETWORKS 3.0] [2006/01/31 18:32:55, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LANMAN1.0] [2006/01/31 18:32:55, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [LM1.2X002] [2006/01/31 18:32:55, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [DOS LANMAN2.1] [2006/01/31 18:32:55, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [Samba] [2006/01/31 18:32:55, 3] smbd/negprot.c:reply_nt1(333) using SPNEGO [2006/01/31 18:32:55, 3] smbd/negprot.c:reply_negprot(555) Selected protocol NT LANMAN 1.0 [2006/01/31 18:32:55, 3] smbd/process.c:process_smb(1091) Transaction 1 of length 92 [2006/01/31 18:32:55, 3] smbd/process.c:switch_message(886) switch message SMBsesssetupX (pid 16574) conn 0x0 [2006/01/31 18:32:55, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/31 18:32:55, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=13 flg2=0xc801 [2006/01/31 18:32:55, 3] smbd/sesssetup.c:reply_sesssetup_and_X(801) Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] [2006/01/31 18:32:55, 3] smbd/sesssetup.c:reply_sesssetup_and_X(816) sesssetupX:[EMAIL PROTECTED] [2006/01/31 18:32:55, 3] smbd/sesssetup.c:check_guest_password(116) Got anonymous request [2006/01/31 18:32:55, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2006/01/31 18:32:55, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2006/01/31 18:32:55, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest authentication for user [] succeeded [2006/01/31 18:32:55, 3] smbd/password.c:register_vuid(222) User name: nobody Real name: nobody [2006/01/31 18:32:55, 3] smbd/password.c:register_vuid(241) UNIX uid 65534 is UNIX user nobody, and will be vuid 100 [2006/01/31 18:32:55, 3] smbd/process.c:process_smb(1091) Transaction 2 of length 84 [2006/01/31 18:32:55, 3] smbd/process.c:switch_message(886) switch message SMBtconX (pid 16574) conn 0x0 [2006/01/31 18:32:55, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/01/31 18:32:55, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2006/01/31 18:32:55, 2] lib/access.c:check_access(324) Allowed connection from (155.185.96.86) [2006/01/31 18:32:55, 3] smbd/service.c:make_connection_snum(479) Connect path is '/tmp' for service [IPC$] [2006/01/31 18:32:55, 3] lib/util_seaccess.c:se_access_check(251) [2006/01/31 18:32:55, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user
[Samba] 3.0.21b +pam_winbindd
Ive installed and configured samba using cd samba-3.0.21b/source ./autogen.sh ./configure --with-krb5=/usr/local \ --with-automount \ --with-pam \ --with-utmp \ --with-winbind \ --with-libsmbclient \ --with-ldap \ --with-netlib='-lresolv' make make install cp nsswitch/pam_winbind.so /usr/lib/security cp nsswitch/libnss_winbind.so /lib/nss_winbind.so.1 ln -s /lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.1 I can browse my samba shares and the active directory 2003 authentication works fine. Ive modified pam.conf so rlogin should use pam_winbind rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 rlogin auth sufficient /usr/lib/security/pam_winbind.so try_first_pass rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 however if I try and login using rlogin -l AD03+richard.batty localhost it fails but wbinfo --authenticate=AD03+richard.batty%password works fine, any ideas? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can I copy printer print drivers to a new server
Adam, Since I was working from home last night and couldn't really test the printing (the ultimate test is to get the printed page out of the printer), I didn't try any setdriver commands. Tried that this morning and all the pieces seem to work from the copied over driver files and ntdrivers.tdb. Thanks for all your assistance -- Rob Adam Nielsen said the following on 01/30/2006 11:31 PM: The issue of case not withstanding, notice how in the Samba-2 output, there are only two backslashes before the netbios name and the Samba-3 output has four. Is that normal? Is there something I need to do to fix it? Apparently not - I get the same thing here, on a 3.0.21rc2 server set up from scratch: Printer Driver Info 2: Version: [3] Driver Name: [e520] Architecture: [Windows NT x86] Driver Path: [PRINTERS\print$\W32X86\3\pscript5.dll] Datafile: [PRINTERS\print$\W32X86\3\e520.ppd] Configfile: [PRINTERS\print$\W32X86\3\ps5ui.dll] Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Anyone else seeing disk full errors?
Thanks Jeremy, I'll download that and give it tryout. ;-D -- Michael St. Laurent Hartwell Corporation This is the captain speaking. We may experience some turbulence... and then explode. -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Monday, January 30, 2006 2:50 PM To: Michael St. Laurent Cc: 'samba@lists.samba.org' Subject: Re: [Samba] Anyone else seeing disk full errors? On Mon, Jan 30, 2006 at 02:38:42PM -0800, Michael St. Laurent wrote: I'm seeing random disk full errors when saving large Excel files to a Samba share. The users will retry and the second or third time (usually the second time) it will save correctly. This is with version 3.0.21a on i386 Red Hat 9, kernel 2.4.20-31 patched with ACL. Can you please try the 3.0.21b release code to see if this problem is fixed ? It may be related to the oplock level 2 bug we just fixed. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.21b +pam_winbindd
Hi, On Tue, Jan 31, 2006 at 05:43:02PM -, Batty, Richard wrote: Ive installed and configured samba using cd samba-3.0.21b/source ./autogen.sh ./configure --with-krb5=/usr/local \ --with-automount \ --with-pam \ --with-utmp \ --with-winbind \ --with-libsmbclient \ --with-ldap \ --with-netlib='-lresolv' make make install cp nsswitch/pam_winbind.so /usr/lib/security cp nsswitch/libnss_winbind.so /lib/nss_winbind.so.1 ln -s /lib/nss_winbind.so.1 /usr/lib/nss_winbind.so.1 I can browse my samba shares and the active directory 2003 authentication works fine. Ive modified pam.conf so rlogin should use pam_winbind rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1 rlogin auth sufficient /usr/lib/security/pam_winbind.so try_first_pass rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1 What did pam_winbind.so wrote to the syslog ? however if I try and login using rlogin -l AD03+richard.batty localhost it fails Does it at least prompt you for a new password? Thanks, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE LINUX [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpGNxLSPOzFj.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] idmap ldap backend population
I'm trying to setup an idmap ldap backend for a Samba member server in an ADS domain. I'm using Samba 3.0.14a as distributed in Fedora Core 4. All the LDAP stuff seems to work, except the LDAP database is not being populated. The only thing happening is Samba modifying the ou=Idmap,dc=mydomain,dc=com dn. I was under the impression that Samba would automatically populate the LDAP database, like it does for a local idmap database. Or is one supposed to populate the database by hand? Thanks, Pim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 and german umlaute in filenames/ can not delete or rename files or dirs
Hello, i habe an Sama 3 Server with some shares. If I access these shares from Windows and if I generate new files or dirs with german umlaute everythink is OK. I can open theses files and I can open the directory. If I want do delete or rename the files or dirs with german umlaute I got an error message. I can not read the file from source. creating new dirptr 256 for path ./, expect_close = 1 [2006/01/31 20:03:42, 4] smbd/trans2.c:call_trans2findfirst(1739) dptr_num is 256, wcard = txtfileäöü.txt, attr = 22 [2006/01/31 20:03:42, 8] smbd/trans2.c:call_trans2findfirst(1744) dirpath=./ dontdescend= [2006/01/31 20:03:42, 5] smbd/files.c:file_new(139) allocated file structure 990, fnum = 5086 (1 used) [2006/01/31 20:03:42, 5] smbd/open.c:open_file_stat(2111) open_file_stat: 'opening' file .//txtfileäöü.txt [2006/01/31 20:03:42, 10] smbd/posix_acls.c:get_nt_acl(2732) get_nt_acl: called for file .//txtfileäöü.txt [2006/01/31 20:03:42, 5] lib/util_seaccess.c:se_access_check(308) se_access_check: access (1) granted. [2006/01/31 20:03:42, 8] smbd/trans2.c:get_lanman2_dir_entry(1076) get_lanman2_dir_entry:readdir on dirptr 0x8380b28 now at offset -1 [2006/01/31 20:03:42, 10] smbd/mangle_hash2.c:name_map(613) name_map: txtfileäöü.txt - 76C19102 - TWY7ZE~Q.TXT (cache=0) [2006/01/31 20:03:42, 8] smbd/trans2.c:get_lanman2_dir_entry(1076) get_lanman2_dir_entry:readdir on dirptr 0x8380b28 now at offset -1 [2006/01/31 20:03:42, 5] smbd/trans2.c:call_trans2findfirst(1792) call_trans2findfirst - (2) closing dptr_num 256 [2006/01/31 20:03:42, 4] smbd/dir.c:dptr_close_internal(238) closing dptr key 256 [2006/01/31 20:03:42, 3] smbd/error.c:error_packet(147) error packet at smbd/trans2.c(1808) cmd=50 (SMBtrans2) NT_STATUS_NO_SUCH_FILE Any idea how to fix this. thanks... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unavailable Domain
Hi, I have a samba 3.0.20 as domain master browser of a Windows network. Sometimes, the Windows workstations are getting a error: Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. I was trying to change the RequireSignOrSeal register value of the windows workstations, but this didn't work. Looking for a error on the logs of windows workstation with this problem, I can see a worstation trying to connect in other workstation, and it not on server. The server is ok, the os level is 100. I can't find log messages of this workstation trying to be the domain master. How can I fix this problem? This error occur with some users, and this is a problem for me. Edgar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] usermap ignored?
Hi listm i ran into some difficulties using samba 3.0.21b as an PDC while mapping e.g. root to administrator With samba 3.0.10 it worked - however i cannot find anything thats wrong. Can somebody please point me where to look at? Can i test the usermap functionality somehow except for logging in on windows machine as the mapped account? Should getent passwd reflect the mapping in any way? Important parts of my config: --- [global] security = user ... username map = /etc/samba/smbusers ... and ldap backend! --- And in /etc/samba/smbusers: --- root = administrator admin Also tried root = DOMAIN\administrator and root = DOMAIN/administrator --- All without luck! On my windows clients i can only log on using root not administrator With the same config 3.0.10 worked! What am i missing here? Did the behaviour change from 3.0.10 to 3.0.21? Thanks in advance for any help! Kind regards, Martin Hoffmann -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Slow Samba when added new hard drive
Hi, I've used Samba several years without any problems. Last week I added a new disk to my system, and Samba started to behave very strange. It's slow in terms of establish a connection and time to list directories. I've tried to resolve the problem without success. No other daemon has problems, both ftp and http works fine as well as internal communication. Below I've attached both samba log file and a tcpdump. The log file indicates some kind of timeout and the tcpdump shows ERROR: Unknown error (22,49152) in the reply message. I get the same problem with 3.0.8pre1-0.pre1.3 and 3.0.21a. I use Windows XP Professional and Xbox as clients to Samba. The system is running Fedora Core release 3 (2.6.9-1.667) with 9 hard drives (8 pata and 1 sata). I haven't changed anything, neither on the server or the clients more than added the new hard drive. Samba seems to be ok when I disconnect the new hard drive. Thanks, Fredrik From the logfile (smbd -D -d 5): [2006/01/31 21:08:05, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2006/01/31 21:08:05, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module guest did not want to specify a challenge [2006/01/31 21:08:05, 5] auth/auth.c:get_ntlm_challenge(95) auth_get_challenge: module sam did not want to specify a challenge [2006/01/31 21:08:05, 5] auth/auth.c:get_ntlm_challenge(135) auth_context challenge created by random [2006/01/31 21:08:05, 5] auth/auth.c:get_ntlm_challenge(136) challenge is: [2006/01/31 21:08:05, 5] lib/util.c:dump_data(2058) [000] B6 A0 82 E7 4E 2C 8F 0C N,.. [2006/01/31 21:08:25, 5] lib/util.c:show_msg(454) [2006/01/31 21:08:25, 5] lib/util.c:show_msg(464) size=230 smb_com=0x73 smb_rcls=22 smb_reh=0 smb_err=49152 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=1 smb_uid=100 smb_mid=3 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]= 132 (0x84) smb_bcc=187 [2006/01/31 21:08:25, 3] smbd/process.c:timeout_processing(1447) timeout_processing: End of file from client (client has disconnected). And from tcpdump: 21:12:14.973928 IP (tos 0x0, ttl 64, id 9491, offset 0, flags [none], proto 6, length: 204) xbox.1057 sharky.netbios-ssn: P 256:420(164) ack 94 win 64419 NBT Packet NBT Session Packet Flags=0x0 Length=160 (0xa0) SMB PACKET: SMBsesssetupX (REQUEST) SMB Command = 0x73 Error class = 0x0 Error code= 0 (0x0) Flags1= 0x8 Flags2= 0x1 Tree ID = 0 (0x0) Proc ID = 1 (0x1) UID = 0 (0x0) MID = 3 (0x3) Word Count= 12 (0xc) Com2=0xFF Res1=0x0 Off2=0 (0x0) MaxBuffer= WARNING: Short packet. Try increasing the snap length [|SMB] 21:12:14.991657 IP (tos 0x0, ttl 64, id 39111, offset 0, flags [DF], proto 6, length: 40) sharky.netbios-ssn xbox.1056: . [tcp sum ok] 1:1(0) ack 1 win 6432 21:12:15.013681 IP (tos 0x0, ttl 64, id 31537, offset 0, flags [DF], proto 6, length: 40) sharky.netbios-ssn xbox.1057: . [tcp sum ok] 94:94(0) ack 420 win 6432 21:12:15.252060 IP (tos 0x0, ttl 64, id 39113, offset 0, flags [DF], proto 6, length: 274) sharky.netbios-ssn xbox.1056: P 1:235(234) ack 1 win 6432 NBT Packet NBT Session Packet Flags=0x0 Length=230 (0xe6) SMB PACKET: SMBsesssetupX (REPLY) SMB Command = 0x73 Error class = 0x16 Error code= 49152 (0xc000) Flags1= 0x88 Flags2= 0x1 Tree ID = 0 (0x0) Proc ID = 1 (0x1) UID = 100 (0x64) MID = 3 (0x3) Word Count= 4 (0x4) SMBError = ERROR: Unknown error (22,49152) [000] FF 00 00 00 00 00 00 09 \377\000\000\000\000\000\000\011 [|SMB] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba daemons hang trying to lock locking.tdb
Hi, After upgrade to samba 3.0.21b, the behaviour is the same. I think the problem must be related to TDB (Trivial DB) code. The call fcntl64() is trying to lock for write the file /var/cache/locking.tdb, but with the F_SETLKW file control command. This control command waits if the file is blocked. If another process locks for write this file, can we get a deadlock? The fact is that some hours after start samba, some smbd daemons hangs waiting to get a write lock to locking.tdb file. The windows clients associated with these smbd daemons get stalled and the user must to reset the machine (or I kill -9 these daemons). Any clue? Thanks in advance. On Wed, 2006-01-25 at 16:11 +0100, Fermin Molina wrote: Hi, A day or so after starting samba, some daemons (diferent forks) begin to hang. Then, the WinXP clients hang too completely. When I try to figure out what is happen, I see that smbd daemons hangs always in a fcntl64() call: # strace -p 6414 Process 6414 attached - interrupt to quit fcntl64(14, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=3684, len=1} unfinished ... Process 6414 detached # The file descriptor 14 corresponds to /var/lib/samba/locking.tdb file. A backtrace using gdb from one stalled daemon: (gdb) bt #0 0x00faf402 in __kernel_vsyscall () #1 0x003dbd7a in fcntl () from /lib/libc.so.6 #2 0x008e50eb in tdb_set_lock_alarm () from /usr/sbin/smbd #3 0x008e5307 in tdb_set_lock_alarm () from /usr/sbin/smbd #4 0x008e5868 in tdb_chainlock () from /usr/sbin/smbd #5 0x00880da8 in get_share_mode_lock () from /usr/sbin/smbd #6 0x00881677 in get_delete_on_close_flag () from /usr/sbin/smbd #7 0x007718fb in reply_trans2 () from /usr/sbin/smbd #8 0x007906bc in smb_fn_name () from /usr/sbin/smbd #9 0x007913c4 in process_smb () from /usr/sbin/smbd #10 0x00791899 in smbd_process () from /usr/sbin/smbd #11 0x0096c5c0 in main () from /usr/sbin/smbd (gdb) A backtrace from another stalled daemon: (gdb) bt #0 0x00faf402 in __kernel_vsyscall () #1 0x003dbd7a in fcntl () from /lib/libc.so.6 #2 0x008e50eb in tdb_set_lock_alarm () from /usr/sbin/smbd #3 0x008e5307 in tdb_set_lock_alarm () from /usr/sbin/smbd #4 0x008e5868 in tdb_chainlock () from /usr/sbin/smbd #5 0x00880da8 in get_share_mode_lock () from /usr/sbin/smbd #6 0x0077ab8b in open_file_ntcreate () from /usr/sbin/smbd #7 0x0074a922 in reply_ntcreate_and_X () from /usr/sbin/smbd #8 0x007906bc in smb_fn_name () from /usr/sbin/smbd #9 0x007913c4 in process_smb () from /usr/sbin/smbd #10 0x00791899 in smbd_process () from /usr/sbin/smbd #11 0x0096c5c0 in main () from /usr/sbin/smbd (gdb) The number of smbd daemons stalled increases in time. I'm using FC4 with last updates installed and samba 3.0.21a. Maybe is a kernel related problem with file locking? Thanx in advance! -- Fermin Molina Ibarz Tècnic sistemes - ASIC Universitat de Lleida Tel: +34 973 702151 GPG: 0x060F857A -- Fermin Molina Ibarz Tècnic sistemes - ASIC Universitat de Lleida Tel: +34 973 702151 GPG: 0x060F857A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools equivalent (which doesn't need perl)?
i started using my own bash scripts using ldap-tools. would that be helpful for you? i think your tiny linux box is starting to drive you crazy, isn´t it :) (NSS, ... ) btw: i also thought that ldapsam:trusted completely bypasses NSS :-? Tomasz Chmielewski schrieb: Is there any smbldap-tools equivalent, which doesn't need perl (or python, or similar)? I installed Samba on an embedded system, which doesn't have perl installed, and I wonder how can I add users now? :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] usermap ignored?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Hoffmann wrote: Hi listm i ran into some difficulties using samba 3.0.21b as an PDC while mapping e.g. root to administrator With samba 3.0.10 it worked - however i cannot find anything thats wrong. Can somebody please point me where to look at? Can i test the usermap functionality somehow except for logging in on windows machine as the mapped account? Works fine here. I just tested it. Should getent passwd reflect the mapping in any way? no. it's internal to Samba. And in /etc/samba/smbusers: --- root = administrator admin Do you have any entries after this? If you run smbd with a debug level of 10, the resulting log file will show smbd parsing the username map file. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD38iCIR7qMdg1EfYRAqTmAKDH/Kaw1tSZXyHQPj10ffwsYZGPWACcCdV2 0mJ48sCtK9/hF29q15J+KTc= =Bwkz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: usermap ignored?
Martin Hoffmann wrote: i ran into some difficulties using samba 3.0.21b as an PDC while mapping e.g. root to administrator And in /etc/samba/smbusers: --- root = administrator admin definitely won't work. root = DOMAIN\administrator better, should(?) work. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba on Solaris with LDAP support
I had a similar problem when I was cross-compiling Samba for mipsel. It is most likely OpenLDAP issue. see config.log and look for lldap / libldap errors. You may also search for my posts in how does libldap detection work in ./configure script? thread on samba-technical list. After some deeper analysis of the config.log file, I discovered the problem was an ldap/openssl problem (specifically, I didn't build openssl with shared libraries). Recompiling those packages resolved the ldap problems I had during samba's configure. But now I've encountered a new problem when attempting to compile. The error message generated is not as detailed as I was hoping, and I'm not sure how to resolve this issue. Any ideas? Compiling passdb/pdb_ldap.c passdb/pdb_ldap.c: In function `pdb_init_ldapsam': passdb/pdb_ldap.c:4388: error: incompatible types in assignment *** Error code 1 The following command caused the error: gcc -I. -I/usr/src/samba-3.0.21a/source -I/usr/local/include -O3 -pipe -D_SAMBA_BUILD_ -I./popt -Iinclude -I/usr/src/samba-3.0.21a/source/include -I/usr/src/samba-3.0.21a/source/ubiqx -I/usr/src/samba-3.0.21a/source/tdb -I. -I/usr/local/include -I/usr/local/include -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DLDAP_DEPRECATED -DSUNOS5 -I/usr/src/samba-3.0.21a/source -D_SAMBA_BUILD_ -c passdb/pdb_ldap.c \ -o passdb/pdb_ldap.o make: Fatal error: Command failed for target `passdb/pdb_ldap.o' -Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] undefined reference to `swrap_close'
On Tue, 2006-01-31 at 09:32 -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 imacat wrote: No, I think we need to avoid smbmnt getting these defines. This is a setuid app, and I'm worried by how socket wrapper (and the environment variable based changes in behaviour) would interact, in a security sense. Oh. Thank you for reminding me this. This is *really* a serious security issue. I've recompiled all my samba without socket_wrapper. Thanks again for pointing out this. No its not a security issue. The socket wrapper stuff is for development testing only. There is no production value in it. I think the correct phrasing is that imacat's proposed fix would create a serious security issue on machines compiled with the socket wrapper code, and mistakenly deployed in production. That is why I said it was an incorrect fix. The correct fix (for the build issue) is not to have smbmnt built with those defines in place, so we link correctly. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with Slave LDAP server
winbindd on DCs is only necessary when using ntlm_auth or in trusted domains (maybe even in more szenarios). during my early samba tests (3.0.4 i guess) i had trouble to point a DC to more than one idmap backend (see threads on this list). i think this is already fixed. currently i don´t need this feature because i use idmap_rid greez Anthony Messina schrieb: ashok cvs wrote: Hi all Thanks for Replying , i have another query. In BDC , according the samba3-by example PDF, IDMAP is said to be pointed to Master LDAP Server. But in Master LDAP server i have samba 3.0.21, which is configured as PDC, i have created users and all windows users are able to login to PDC. but i have only these entries in ou=Idmap, in Master LDAP server dn:ou=Idmap,dc=mydomain,dc=com objectClass: Organizational Unit objectClass: SambaunixIdpool ou: idmap uidnumber: 1 gidnumber: 1 Apart from these entries in ou=Idmap, i donot have any other entries, i home some how feel, there should be more entires, ie when ever a user is created there should some entry. what is wrong, now since i have already created users, and all my windows clients are already joined, without disturibing the current environment, is it possible to correct the Idmap problem. please guide me Regards ashok On 1/27/06, *Anthony Messina* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: ashok cvs wrote: Hi all I have a samba PDC with LDAP with samba version 3.0.21,(domain=mydomain.com http://mydomain.com ). the samba and openldap are configured on a single system. i would like to setup samba BDC with slave LDAP server for domain mydomain.com http://mydomain.com and samba BDC is also having DNS server for domain . my query is, the nsswitch.conf and ldap.con of BDC should point to it's own LDAP server or Master LDAPserver and in smb.conf file of BDC, the passdb backed should point to master or slave. and smbpasswd -w password, (which password should i enter , the master LDAP server rootdn password or slave LDAP server rootdn passowrd) please guide me Regards ashok the bdc should point to its local ldap (slave) server. this is what gives you the ability to run as a *backup*. if you had both pdc and bdc pointing to the master ldap server and that server went down, your bdc is worthless. read the official how-to at samba.org http://samba.org. it describes the various options for setting up a pdc and bdc with ldap. http://samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html by far, the best is pointing the pdc at the master ldap server (read/write) and pointing the bdc at the slave server (read only). you will also need to point your nsswitch.conf and your ldap.conf on the bdc to the slave server (assuming your samba bdc is on the same host as your slave ldap server. -anthony i'll need some additional help from some experts on this one... afaik, idmap is not used when winbind isn't used and if your users share both posix and samba info together in ldap. if you have a samba pdc and bdc, with a properly set up ldap that has all posix/samba infor for each user combined, then you don't need winbind (because you're not pulling usernames from windows) and you don't need idmap. please correct me if i am wrong because this is how i understood the samba howto. though i can say, i don't use idmap anywhere and i have no problems mapping users effectively. -anthony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Member server not authenticating against Samba BDC
after PDC is down could you please check from a linux box, whether nmblookup domain1b and domain1c is available? maybe domain master = auto in smb.conf.BDC fixes it greez Anthony Messina schrieb: mallapadi niranjan wrote: Dear sir, We have a samba PDC with master LDAP server , with samba version being 3.0.21, on PDC. we have configured BDC with slave LDAP server and samba version being 3.0.21 on PDC. We have a Confiugred another linux system having samba 3.0.10 as Domain Member server for Domain. when the PDC is up, all the users are able to acces the member server but when the PDC is down, the users are able to login to domain but unable to access the Member server.. The error is There are currently no logon servers available to service the request. Please guide me Regards niranjan do you have security = domain password server = * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntlm_auth: (pipe \PIPE\NETLOGON) has died or was never started (fd == -1)
On Tue, 2006-01-31 at 18:40 +0100, Francesco Malvezzi wrote: This is your problem: [2006/01/29 10:56:33, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds For some reason, your server is not responding. perhaps samba3 is locked up talking to a backing LDAP server? What do the logs on the server show? Thank you so much for the help. Yes, the backend is a LDAP server with more than 26000 users, and I'm never able to list all of them (of course timeout incurs), but it doesn't stop logons on the server, only ntln_auth. Do you have 'ldapsam:trusted = yes' set in the smb.conf of the DC? This makes some of these operations much faster, which should allow it to return to winbindd quicker. This specialist optimisation requires that all users (including the guest account) be in LDAP, see the discussions on the list and the documentation. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba daemons hang trying to lock locking.tdb
On Tue, Jan 31, 2006 at 08:07:05PM +0100, Fermin Molina wrote: Hi, After upgrade to samba 3.0.21b, the behaviour is the same. I think the problem must be related to TDB (Trivial DB) code. The call fcntl64() is trying to lock for write the file /var/cache/locking.tdb, but with the F_SETLKW file control command. This control command waits if the file is blocked. If another process locks for write this file, can we get a deadlock? No, the fcntl locks are done to allow concurrent safe access to the tdb's. The only way you can get a deadlock is if there is a logic bug in the code, or if the underlying file system is hanging on granting a lock. /var/cache/locking.tdb is on a local filesystem on your machine, correct ? Oftentimes locks don't work correctly on remote mounted filesystems. The fact is that some hours after start samba, some smbd daemons hangs waiting to get a write lock to locking.tdb file. The windows clients associated with these smbd daemons get stalled and the user must to reset the machine (or I kill -9 these daemons). Any clue? We need more information on how to reproduce this, it's not a generic logic bug I believe as it's not been widely reported. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: usermap ignored?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: Martin Hoffmann wrote: i ran into some difficulties using samba 3.0.21b as an PDC while mapping e.g. root to administrator And in /etc/samba/smbusers: --- root = administrator admin definitely won't work. root = DOMAIN\administrator better, should(?) work. No. 'root = Administrator' does work when 'security = user'. You only need to qualify the name when security = {ads,domain} cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD380SIR7qMdg1EfYRAoRqAKCS+Eze88NaRStxw4FpVDmQTj/QsACgye73 hZoBDhjpIt8y654PI4iBexA= =P2uD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: usermap ignored?
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: Martin Hoffmann wrote: i ran into some difficulties using samba 3.0.21b as an PDC while mapping e.g. root to administrator And in /etc/samba/smbusers: --- root = administrator admin definitely won't work. root = DOMAIN\administrator better, should(?) work. No. 'root = Administrator' does work when 'security = user'. You only need to qualify the name when security = {ads,domain} Of course. I just assume everyone is running in ads/domain mode like me. (-: -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba as bdc
hi andrew, but this statement is in contrast to JHT on Re: [Samba] BDC, documentation, Machine Accounts Keep Expiring ??? greez Andrew Bartlett schrieb: On Wed, 2006-01-25 at 13:35 +0100, Andreas Fladischer wrote: [EMAIL PROTECTED] i have a samba server with ldap as pdc. everything works fine and now i'm testing samba as bdc. i copied the smb.conf from the pdc to the bdc and changed the domain master = yes to no! then i stopped the smb service on the pdc and tried to login on an winxp machine and this also worked (the log file show me that the login is on the bdc)! is it possible that the users can change their passwords when the pdc isn't available or must the pdc be online?how can i do this? The client's won't attempt to change passwords to a BDC. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba as bdc
On Tue, 2006-01-31 at 21:05 +0100, Michael Gasch wrote: hi andrew, but this statement is in contrast to JHT on Re: [Samba] BDC, documentation, Machine Accounts Keep Expiring The client's won't attempt to change passwords to a BDC. Clarification: the client won't attempt to change user passwords against a BDC. Machine accounts are a different (messier...) kettle of fish. If asked, a Samba BDC will actually change the password, if it can write to it's backing LDAP server, but that's irrelevant if the client doesn't ask. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools equivalent (which doesn't need perl)?
Michael Gasch schrieb: i started using my own bash scripts using ldap-tools. would that be helpful for you? Sure. Although I found some ldap-tools, but they were perl-based and had documentation in Russian :) i think your tiny linux box is starting to drive you crazy, isn´t it :) (NSS, ... ) baah, I can barely sleep :) btw: i also thought that ldapsam:trusted completely bypasses NSS :-? :))) it doesn't, but they work on it :)) -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba daemons hang trying to lock locking.tdb
Hi, On Tue, Jan 31, 2006 at 08:07:05PM +0100, Fermin Molina wrote: Hi, After upgrade to samba 3.0.21b, the behaviour is the same. I think the problem must be related to TDB (Trivial DB) code. The call fcntl64() is trying to lock for write the file /var/cache/locking.tdb, but with the F_SETLKW file control command. This control command waits if the file is blocked. If another process locks for write this file, can we get a deadlock? No, the fcntl locks are done to allow concurrent safe access to the tdb's. The only way you can get a deadlock is if there is a logic bug in the code, or if the underlying file system is hanging on granting a lock. Ok, I see. /var/cache/locking.tdb is on a local filesystem on your machine, correct ? Yes, it is. It's on a partition from a volume created on a Smart Array controller. Oftentimes locks don't work correctly on remote mounted filesystems. The fact is that some hours after start samba, some smbd daemons hangs waiting to get a write lock to locking.tdb file. The windows clients associated with these smbd daemons get stalled and the user must to reset the machine (or I kill -9 these daemons). Any clue? We need more information on how to reproduce this, it's not a generic logic bug I believe as it's not been widely reported. Ok. I will try to reproduce it (well, get debug data when it occurs) and I will send you. Only one question: what log level I need to configure in order the debug info I get will be useful to you? Thanks so much. /Fermin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba daemons hang trying to lock locking.tdb
On Tue, Jan 31, 2006 at 10:42:52PM +0100, Fermin Molina wrote: Ok. I will try to reproduce it (well, get debug data when it occurs) and I will send you. Only one question: what log level I need to configure in order the debug info I get will be useful to you? I need debug level 10 logs for all clients plus an ethereal trace between a hanging client and the server. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] double-clicking files gives error, yet file opens from application
Another strange problem: A Windows 2000 client opens a file on a Samba share to which the logged in user has access. Files appear in the share window. The files are, for example, Microsoft Word files with .doc extensions. The system recognises them as such and the appropriate icon is displayed. The user double-clicks on the icon and gets an error dialog saying Cannot find the file 'X:\sharename\filename.doc' (or one of its components). Make sure the path and filename are correct and that all required libraries are available. Yet, when the user opens the file from the application (e.g. starts Word, chooses open from the File menu, browses to the share), the file opens without trouble. I suspect this problem is not a new one. Does anybody have any advice? -Stephen- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Print Migrator help needed...
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aarti Varshney (asadhnan) wrote: This snippet from the error log: Looks like something is timing out... Anyone knows how to increase the timeout? Aarti, I don't think it's a timeout issue. I think the client is just disconnecting due to the failed access check. ... Both Arti and I can successfully individually add printers from windows clients. But in my case the spooler thing doesn't seem to exist. 2006:01:25 15:35:38 Access Granted to: \\sambaShare 2006:01:25 15:35:38 Couldn't start the target spooler 2006:01:25 15:35:38 Remote Tree View Failed You can use the Manage you computer mmc plugin against the Samba box to test starting/stopping the internal spooler server (nothing to do with cups). to debug the access checks. On a debian Sarge box this is what I get in the log for the machine connected from after using the mmc plugin: sh: line 1: /usr/lib/samba/svcctl/NETLOGON: No such file or directory sh: line 1: /usr/lib/samba/svcctl/Spooler: No such file or directory sh: line 1: /usr/lib/samba/svcctl/Spooler: No such file or directory It looks like the samba packages for Debian don't set it up: # ls /usr/lib/samba/ idmap vfs Should the Debian package set it up for me? Should I log another bug for Simo to look at? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windbind, 'template homedir', and macros
I am currently using Mssfu, nss_ldap, and pam_ldap to enable my linux boxes to auth against MsA.D. and get all their user info from MsA.D. I recently discovered that winbind can accomplish the same without Mssfu, as long as I'm content to be limitted by the winbind config directives 'template shell' and 'template homedir'. I'd like to drop sfu if I can. The 'template shell' limitation (all users have same login shell) is no problem for me. The 'template homedir' limitation (all users have homedir defined by recognized macros) might be a problem for me: I don't want all the homedirs to have the same parent dir, for performance reasons. The typical example given is 'template homedir = /home/%D/%U'. Since I only have one MsAD domain, this is really equivalent for me to 'template homedir = /home/%U'. Can anyone suggest a use of macros to spread the homedirs out thru multiple hierarchies? Does the %g macro (primary group) have meaning without NIS or mssfu? thanks -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems Compiling samba on HP-UX 11.00
Problems Compiling samba (samba-3.0.21a) on HP-UX 11.00 We have been experiencing some problems compiling samba with the config options below. When compiling the auth_script.c make fails. As a fix, we removed the conditional if/else/endif statements on lines 143/149/155 and it now seems to compile. Has anyone else had any similar problem when compiling without the ldap features or similar configure options? $ ./configure --without-ldap --with-winbind --without-ads --without-pam_smbpass --with-included-popt --without-aio-support --with-pam The make error I get Linking bin/smbd /usr/bin/ld: Unsatisfied symbols: auth_script_init (first referenced in auth/auth.o) (code) collect2: ld returned 1 exit status *** Error exit code 1 Regards Tony D Attention: The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of The Gribbles Group. Thank You. Whilst every effort has been made to ensure that this e-mail message and any attachments are free from viruses, you should scan this message and any attachments. Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachment. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] idmap ldap backend population
Nick S. Grechukh wrote: What do you mean 'automatically populate' ? it is *your* decision about how to organize account database in ldap. Everything is in Active Directory. I just need consistent sid to uid mapping across 6 Samba member servers. Currently, they all have different mappings using local winbind TDB's. These local backends have been populated automatically, but inconsistently. Consider http://www.idealx.org/prj/samba/index.en.html (manual and smbldap-tools itself) as travel guide. I looked at that, but I assumed this was primarily for using Samba as a PDC and looks like overkill for my purpose. I suppose my best option would be to use idmap_rid, were it not that Samba is compiled without idmap_rid support in Fedora Core 4. Thanks, Pim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Net rpc share migrate
I'm trying to migrate my NT4 PDC to samba. So I currently have a samba 3.0.14a serveur with ldap backend as running BDC. I successfully migrated SAM database with net vampire command. However when I tried to migrate shares (or files... same error) with this command : net rpc share migrate shares test -S 'SERVEURNT4' --acls -v -U Administrateur%secret I get this error : migrating: [test], path: F:\test, comment: , including share-ACLs DACL ACL Num ACEs: 2 revision: 2 --- ACE type: ACCESS ALLOWED (0) flags: 0 Specific bits: 0x1ff Permissions: 0x1f01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS WRITE_DAC_ACCESS READ_CONTROL_ACCESS DELETE_ACCESS SID: S-1-5-21-977737114-1106802783-817656539-500 ACE type: ACCESS ALLOWED (0) flags: 0 Specific bits: 0x1ff Permissions: 0x1f01ff: SYNCHRONIZE_ACCESS WRITE_OWNER_ACCESS WRITE_DAC_ACCESS READ_CONTROL_ACCESS DELETE_ACCESS SID: S-1-1-0 cannot add share: WERR_ACCESS_DENIED Here my samba configuration file and ldap structure : smb.conf [global] passdb backend = ldapsam:ldap://localhost, guest ldap admin dn = cn=Manager,dc=masociete,dc=fr ldap ssl = off ldap delete dn = no ldap user suffix = ou=Users ldap machine suffix = ou=Machines ldap group suffix = ou=Groups ldap suffix = dc=masociete,dc=fr workgroup = masociete netbios name = SAMBAMIGR encrypt passwords = yes os level = 0 domain logons = Yes domain master = No local master = No ; Utilisé lors du net vampire add machine script = /usr/sbin/smbldap-useradd -g sambamachines -w -c Samba Machine -d /dev/null -s /bin/false '%u' add user script = /usr/sbin/smbldap-useradd -g sambausers -c Samba User -d /home/%U -s /bin/false '%u' add group script = /usr/sbin/smbldap-groupadd '%g' add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user script = /usr/sbin/smbldap-userdel %u delete group script = /usr/sbin/smbldap-groupdel %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u security = user log file = /var/log/samba/%m.log log level = 10 # eviter les probleme de fichier ayant pour seul proprietaire un group force unknown acl user = yes #ldap idmap suffix = ou=Users nt acl support = yes inherit acls = yes [homes] comment = Home Directories path = /home/%U read only = No create mask = 0700 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes browseable = No share modes = No base.ldif dn: dc=masociete,dc=fr objectClass: dcObject objectClass: organization o: masociete dc: masociete # Conteneur d'utilisateurs Samba dn: ou=Users,dc=masociete,dc=fr objectclass: top objectclass: organizationalUnit ou: Users # Conteneur de groupes Samba dn: ou=Groups,dc=masociete,dc=fr objectclass: top objectclass: organizationalUnit ou: Groups # Conteneur de machines Samba dn: ou=Machines,dc=masociete,dc=fr objectclass: top objectclass: organizationalUnit ou: Machines Thanks for helping. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Secure Share
I have Samba loaded on a Solaris 8 box. And that is where the shares reside. Personnel use Windows Explorer and map a drive to these shares. Right now, it's wide open for anyone logged onto the domain. I'm trying to create a share in Samba that affords some kind of security, whether that is password protection, or group policy that only allows certain users access. Is this possible in Samba? To have multiple security configs in the smb.conf? If so, how do I do it? Thanks! Scott Webb Senior Consultant, Booz Allen Hamilton Content Staging Engineer, CDHQ, CFSOCC Camp As Sailiyah, Doha Qatar 318 432-7254 DSN 974 447-2156 HOME 974 578-8319 CELL -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 31, 2006 12:32 PM To: Webb, Mr Scott (CTR) Cc: samba@lists.samba.org Subject: Re: [Samba] Secure Share On Tue, 2006-01-24 at 10:53 +0300, Webb, Mr Scott (CTR) wrote: I am trying to create an individual secure share in Samba. We have it loaded on a Solaris box and our users access the shares using Windows Explorer. It appears that everything I've read only allows me to create secure shares for all the shares. Is there a way to create individual secure shares? Those can be password protected or not. I'm a little unclear what you mean by a 'secure share'. Many aspects of the security protocols operate on the TCP session or the (potentially multiple) user contexts on that session. These include SMB signing in particular. We don't get the information on what share a user is after at that point. However, with %L (see the manpage) we can have two virtual names with different behaviours. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba RPM packages for all SuSE Linux products
Hello Lars, Fantastic work - thanks. My Suse 9.3 x64 now works with your RPMs! I wonder if your expertise might help with my 'nemesis'. I have been compiling Samba-3-14 and Samba-3.21 for the last couple of weeks and have everything working nicely with the Samba commands but for the life of me I cannot get nsswitch to be called when I use 'getent passwd' or 'getent passwd username'. I compile with: ./configure --with-smbmount --enable-cups --with-ads --with-shared-modules=idmap_rid --with-pam --with-pam_smbpass I copy libnss_winbind.so to /lib and made a link to libnss_winbind.so.2 followed by 'ldconfig'. My nsswitch.conf reads 'passwd: files winbind' and group: files winbind'. I join the domain and all the wbinfo commands (-t -u -g -a) work perfectly and I watch the workings of winbind running in the foreground as 'winbind -n -i -d 4'. I have removed the nscd and libnscd RPMs from the system. However as soon as I try 'getent passwd' or 'getent passwd nkelly' or 'getent group' I see no response from winbind whatsoever. Clearly nsswitch is not finding or calling libnss_winbind.so - but I cannot see why. An indentical server running 3.0.14a works better - it responds to 'getent passwd nkelly' correctly but not to 'getent passwd'. Any ideas would be much appreciated as atlhough it is nice to have your RPMs, I would like to know where I went wrong. Many thanks Noel Lars Müller wrote: On Mon, Jan 30, 2006 at 08:33:50PM -0600, Gerald Carter wrote: [snip] Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ RPM packages of Samba 3.0.21b for all SuSE Linux products are available at ftp://ftp.SuSE.com/pub/projects/samba/3.0/ or http://ftp.SuSE.com/pub/projects/samba/3.0/ Currently there are packages for SuSE Linux (x86 and x86_64) 9.1, 9.2, 9.3, 10.0, UnitedLinux 1/ SuSE Linux Enterprise Server (SLES) 8, SLES 9, and factory (= the currently developed product). Packages for ppc are only available for 10.0, SLES 8, SLES 9, and factory as there are no other SuSE Linux product of this architecture. Please inform us if you have different architectures (ia64, s390) and like to see Samba RPM packages for these too. The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ There choose a mirror at the right top of the page. There are also a bunch of SuSE mirrors. A list of international mirror sites is at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html A list of mirrors in Germany is at http://www.novell.com/products/suselinux/downloads/ftp/germ_mirrors.html If you encounter any problem with these packages please don't blame the Samba Team. Instead file a bug to https://bugzilla.Samba.org/, pick product Samba 3.0, then select 'component' Packaging and set 'assign to' to lmuelle at suse dot de. Or use http://bugzilla.Novell.com instead. Our customers, our products, our responsibility. Have a lot of fun... Lars -- = Noel Kelly Citrus Networks m: 07939 528 478 t: 0870 731 f: 0870 732 e: [EMAIL PROTECTED] = -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about Samba
Dear Samba Team: I work as a systems engineer in the US for a growing publishing company. I have been charged with doing some research that will allow us to put together an infrastructure for our company. Currently we have a isolated Windows 2003 on AD domain. My manager, for personal and financial reasons would like to avoid having our other locations, across the United States, be Microsoft. The nature of our business has lead most of our users' systems to be Macintosh and we have many server systems that are Linux (Red Hat). We will have over 100 locations all within the states within a year or two. With this background you can probably guess my interest in Samba. However, while I'm familiar with Microsoft servers and OS, my knowledge of SMB and CIFS is limited. To converse bandwidth and improve user request/response times we would like to have all authentication done locally, even though we may only have one domain and many OUs or subdomains. Having looked and researched your website and reading about your latest release (two days old), it does seem like Samba is working hard to incorporate the AD technology. Since we are not in an immediate hurry at this time we have no experimented with 4.0.0, since you clearly state it's a ways away from being ready for production. Once the bugs are fixed and patched will you believe that Samba would be able to meet our vision of how we would like our network to work. One Microsoft DC running 2003 Active Directory, and many subdomains, or OUs with a Linux box taking care of all local traffic authentication, and file sharing. The Linux box will need to replicate and communicate with the DC running AD. I realize this may be premature, and not very detailed. This plan is somewhat in a gray area at this time, and we are simply trying to get some preliminary research done. If this is not the correct address or form in which to ask questions of this nature, I do apologize, and if you can respond with the proper address or link to the proper form I would appreciate it very much. In addition any further research material or links regarding your software would be very helpful. Thank you for your time. Sincerely, Steve Katzen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hi All, I'm new to Samba with LDAP and would like to setup a Samba PDC. I'm installing Debian 3.1 currently for the base of the system. I've tried to ggle and have found a few articles that tell how to do this in different ways. The problem is they vary in content and I don't know which would be the best starting/learning point. Anybody have a link to a decent HOWTO or similar? Thanks Eric -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Novice question - How to completely disable printing and /etc/printcap errors ?
On 1/26/06, Josh Kelley [EMAIL PROTECTED] wrote: The following (or something like it) was suggested earlier on the list by Jerry Carter: load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes Thanks, this worked, no more errors! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED was Re: Any ESRI users? Upgrade 3.0.14 to 3.0.21a broke Arcmap layer loading?
On 1/30/06, Jeremy Allison [EMAIL PROTECTED] wrote: We discovered an oplock logic bug in 3.0.21a which we'll be fixing in 3.0.21b. You might want to try turning them on again if you upgrade. Thanks for the headsup! I've been reading about oplocks (including the HOWTO) and it sounds like we don't need 'em. If I understand the HOWTO correctly, they don't sound like the world's greatest idea. Our network is reasonably fast and our user applications aren't moving tons of data back and forth. It's still puzzling me why oplocks are even *in* this picture since the ESRI applications should be opening files read-only, but maybe they aren't. I *am* wondering why the default setting for oplocks is on, when they sound somewhat risky. Do some Microsoft applications take it ill if they aren't available? thanks again Betsy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED was Re: Any ESRI users? Upgrade 3.0.14 to 3.0.21a broke Arcmap layer loading?
On Tue, Jan 31, 2006 at 08:54:43PM -0500, Elizabeth Schwartz wrote: Thanks for the headsup! I've been reading about oplocks (including the HOWTO) and it sounds like we don't need 'em. If I understand the HOWTO correctly, they don't sound like the world's greatest idea. Our network is reasonably fast and our user applications aren't moving tons of data back and forth. It's still puzzling me why oplocks are even *in* this picture since the ESRI applications should be opening files read-only, but maybe they aren't. I *am* wondering why the default setting for oplocks is on, when they sound somewhat risky. Do some Microsoft applications take it ill if they aren't available? No, but some Microsoft applications have *very* poor performance if they're not there. They aggregate system calls for bad programmers. Want to read a file a block at a time, then re-open it and read the next data block then close and do it again ? Some Microsoft apps (old versions of Office) do this. UNIX programmers learn early on to use aggregate functions to avoid system calls, as the cost of too many of them becomes apparent. oplocks hide that inside a clever redirector so Windows programmers never have to learn this lesson unless they want to. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] User Rights for shared files
Dear Members, Urgently iam in need of help!. I had configured new Redhat Enterprise 3 ES File Server. I have created the users and i have configured the samba server and done all the basic things. Iam able to do things. I have 4 groups each group i have more than 10 users each group has as shared folder there is no problem in this. We have 1 software in the server which is needed by all the users in all the groups. Software is installed in saperate folder named OPS. Now when the user login to this software from the remove windows clinet machine, it will create a lock file (.lck) under the software folder, when the second user access the same software the .lck file is to be used but now the file created in the software folder has different rights.(Example if the accounts dept user acc1 accessed the software the file created with rights RWX for owner, R for group and others.) Now i want to share that file for all the users who is using the software. How to do this?. How to set the rights 777 for all the files created under the folder software by default so that everyone can access that. Pls help me urgently. Thanks Regards, M.Saravanan CCAT LTD, 4204 Hong Kong Plaza, 188,Connaught Road West,Hong Kong. Phone : 2851 6318. Mobile: 6100 0856 email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User Rights for shared files
On 01-02-2006 3:02 Muthukumaran Saravanan wrote: Dear Members, Urgently iam in need of help!. I had configured new Redhat Enterprise 3 ES File Server. I have created the users and i have configured the samba server and done all the basic things. Iam able to do things. I have 4 groups each group i have more than 10 users each group has as shared folder there is no problem in this. We have 1 software in the server which is needed by all the users in all the groups. Software is installed in saperate folder named OPS. Now when the user login to this software from the remove windows clinet machine, it will create a lock file (.lck) under the software folder, when the second user access the same software the .lck file is to be used but now the file created in the software folder has different rights.(Example if the accounts dept user acc1 accessed the software the file created with rights RWX for owner, R for group and others.) Now i want to share that file for all the users who is using the software. How to do this?. How to set the rights 777 for all the files created under the folder software by default so that everyone can access that. Pls help me urgently. Hi, search for create mask on the smb.conf man: http://us3.samba.org/samba/docs/man/manpages-3/smb.conf.5.html regards, Ricardo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Browse List propagation under Samba
What concerns me is the NetBIOS reply (NetServerGetInfo response) to server queries by the domain controller (is also the WINS server - all on Samba). But my config has: local master = yes preferred master = yes domain master = yes domain logons = yes What happens if you put the os level option back to 33? (or 65.) I know it's a long shot, but just in case setting it to 255 is too high... There is clearly a mismatch between measured responses and the configuration in smb.conf. Is this a version issue. Would be pleased to receive any suggestions. I'm sorry I can't help further with this - you might want to post a new topic as it looks like Samba isn't becoming the browse master when it should, as opposed to being a browse list issue. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Server shows Linux client IP addresses, not names
So what am I missing to get the smbstatus util to reflect the names of my Linux machines? Well it doesn't seem to be a Samba issue at any rate - here only about 50% of the machines show a name, the other 50% are IP only...and they're all running XP. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Attempted intrusions
On Thu, 2006-01-19 at 20:21 +1100, Oygle wrote: I have noticed since commencing posts on this newsgroup, that there has been a significant increase in attempted intrusions, especially port 80. It's a pity that IP addresses are in the NG headers. :) Yeah, this has been reported before. It's really quite disturbing. You might like to try posting through some service that doesn't put the IP address in the header (maybe everyone does this to help track down abuse) but it's probably too late now. (-: Tim. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.21b: smbmount hangs
I compiled Samba 3.0.21b with options $: ./configure \ --with-smbmount \ --with-automount \ --sysconfdir=/etc \ --with-configdir=/etc \ --with-quotas \ --with-mysql-prefix=/usr/local/mysql \ --with-winbind \ --with-utmp \ --with-acl-support \ --with-aio-support \ --with-python=/usr/bin/python $: make make install I found that smbmount hangs. It mounts fine, I can access the mounted drive, but it doesn't terminate. $: smbmount //192.168.0.10/c$ /W2K-C/ -o debug=4,ro,credentials=/etc/w2k opts: ro opts: credentials=/etc/w2k mount.smbfs started (version 3.0.21b) added interface ip=192.168.1.1 bcast=192.168.255.255 nmask=255.255.0.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Connecting to 192.168.0.10 at port 445 6682: session request ok 6682: session setup ok 6682: tconx ok namecache_shutdown: Couldn't close namecache on top of gencache. [hanging here] 192.168.0.10 is the endpoint of a ppp link. This worked fine with 3.0.20. The machine runs Slackware 10.2 with kernel 2.6.16-rc1-mm4. -Joe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba RPM packages for all SuSE Linux products
Noel Kelly wrote: I wonder if your expertise might help with my 'nemesis'. I have been compiling Samba-3-14 and Samba-3.21 for the last couple of weeks and have everything working nicely with the Samba commands but for the life of me I cannot get nsswitch to be called when I use 'getent passwd' or 'getent passwd username'. For the benefit of others, the answer to this is to make symlinks from the /lib64 directory to the libnss_ libraries if the OS is 64bit. obvious of course - once you see it!. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Repost: Help - compilation of winbind_nss_solaris.c/3.0.21a/Solaris 7 and older fails
Solved by 3.0.21b Many thanks to Samba Team Pierre Pierre Lebrun a écrit : I would really appreciate help ! I did not have any reply to my two posts and I don't know what to do. I can't build 3.0.21a and I have to migrate 54 Solaris 2.5.1 servers from 2.2.8a to 3.0.x. I'm afraid we could not move to newer solaris versions before 12 or 18 months. Under is the problem description. Thank you for your help. Pierre - SOLARIS 7 - On Solaris 7 problem comes from winbind_nss_solaris.c on solaris 7 witch evolved a lot in 3.0.21 Several references are done to struct in6_addr witch are not defined on solaris 7 and older. I didn't have any trouble with SAMBA 3.0.21rc1 Platform Solaris 7 + GCC and Solaris 2.5.1 + SUN CC. --- Configure ./configure --with-acl-support --with-ldap=no --disable-cups --enable-static=yes --with-included-popt $ gcc -v Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.7/3.0.3/specs Configured with: ../configure --with-as=/usr/local/bin/as --with-ld=/usr/local/bin/ld Thread model: posix gcc version 3.0.3 - ... Compiling utils/eventlogadm.c Linking bin/eventlogadm Compiling nsswitch/wbinfo.c Linking bin/wbinfo Compiling nsswitch/wb_common.c with -fPIC Compiling lib/replace1.c with -fPIC Compiling nsswitch/winbind_nss_solaris.c with -fPIC nsswitch/winbind_nss_solaris.c: In function `parse_response': nsswitch/winbind_nss_solaris.c:394: sizeof applied to an incomplete type nsswitch/winbind_nss_solaris.c:395: sizeof applied to an incomplete type nsswitch/winbind_nss_solaris.c:397: arithmetic on pointer to an incomplete type nsswitch/winbind_nss_solaris.c:421: arithmetic on pointer to an incomplete type nsswitch/winbind_nss_solaris.c:421: dereferencing pointer to incomplete type nsswitch/winbind_nss_solaris.c:423: `AF_INET6' undeclared (first use in this function) nsswitch/winbind_nss_solaris.c:423: (Each undeclared identifier is reported only once nsswitch/winbind_nss_solaris.c:423: for each function it appears in.) nsswitch/winbind_nss_solaris.c:423: arithmetic on pointer to an incomplete type nsswitch/winbind_nss_solaris.c:423: dereferencing pointer to incomplete type nsswitch/winbind_nss_solaris.c:433: arithmetic on pointer to an incomplete type nsswitch/winbind_nss_solaris.c:433: dereferencing pointer to incomplete type nsswitch/winbind_nss_solaris.c: In function `_nss_winbind_ipnodes_getbyname': nsswitch/winbind_nss_solaris.c:491: `AF_INET6' undeclared (first use in this function) nsswitch/winbind_nss_solaris.c: In function `_nss_winbind_hosts_getbyaddr': nsswitch/winbind_nss_solaris.c:540: `AF_INET6' undeclared (first use in this function) nsswitch/winbind_nss_solaris.c:546: `INET6_ADDRSTRLEN' undeclared (first use in this function) nsswitch/winbind_nss_solaris.c:546: warning: assignment makes pointer from integer without a cast make: *** [nsswitch/winbind_nss_solaris.po] Error 1 - SOLARIS 2.5.1 - On Solaris 2.5.1 problem comes from nsswitch/wb_common.c where socklen_t type is not defined artexp$ diff /smb/tmp/samba-3.0.20b/source/nsswitch/wb_common.c /smb/tmp/samba-3.0.21a/source/nsswitch/wb_common.c 237c237,238 int connect_errno = 0, errnosize; --- int connect_errno = 0; socklen_t errnosize; 545a547,551 if ((request-extra_len != 0) (write_sock(request-extra_data, request-extra_len, request-flags WBFLAG_RECURSE) == -1)) { return NSS_STATUS_UNAVAIL; } -- Configure ./configure --with-acl-support --with-ldap=no --disable-cups --enable-static=yes --with-included-popt $ cc -V cc: WorkShop Compilers 5.0 98/12/15 C 5.0 ... Compiling lib/hmacmd5.c Compiling lib/arc4.c Compiling lib/iconv.c lib/iconv.c, line 139: warning: argument #2 is incompatible with prototype: prototype: pointer to pointer to const char : /usr/local/include/iconv.h, line 82 argument : pointer to pointer to char Compiling nsswitch/wb_client.c Compiling nsswitch/wb_common.c /usr/include/netdb.h, line 195: warning: dubious tag declaration: struct sockaddr_in nsswitch/wb_common.c, line 238: undefined symbol: socklen_t nsswitch/wb_common.c, line 238: syntax error before or at: errnosize nsswitch/wb_common.c, line 253: undefined symbol: errnosize nsswitch/wb_common.c, line 256: warning: argument #4 is incompatible with prototype: prototype: pointer to char : /usr/include/sys/socket.h, line 299 argument : pointer to int nsswitch/wb_common.c, line 284: cannot recover from previous errors cc: acomp failed for nsswitch/wb_common.c *** Error code 2 make: Fatal error: Command failed for target `nsswitch/wb_common.o' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r13256 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules lib
Author: abartlet Date: 2006-01-31 10:03:44 + (Tue, 31 Jan 2006) New Revision: 13256 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13256 Log: Free temporary memory on error cases, and try to clean up what's left earlier. Move gendb_search() to use talloc_vasprintf() and steal only the parts actually being used for the results. Andrew Bartlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c branches/SAMBA_4_0/source/lib/gendb.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-01-31 06:09:18 UTC (rev 13255) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c 2006-01-31 10:03:44 UTC (rev 13256) @@ -157,6 +157,7 @@ /* look again, this time at the copied attribute */ if (!msg2 || (attribute = ldb_msg_find_element(msg2, sambaPassword)) == NULL ) { + talloc_free(mem_ctx); /* Gah? where did it go? Oh well... */ return LDB_ERR_OPERATIONS_ERROR; } @@ -170,6 +171,7 @@ talloc_asprintf(mem_ctx, sambaPassword_handle: attempted set of multiple sambaPassword attributes on %s rejected, ldb_dn_linearize(mem_ctx, dn))); + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -184,6 +186,7 @@ talloc_asprintf(mem_ctx, sambaPassword_handle: attempted set of multiple sambaPassword attributes on %s rejected, ldb_dn_linearize(mem_ctx, dn))); + talloc_free(mem_ctx); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -212,6 +215,7 @@ /* Send the (modified) request of the original caller down to the database */ ret = ldb_next_request(module, modified_orig_request); if (ret) { + talloc_free(mem_ctx); return ret; } @@ -226,6 +230,8 @@ /* Find out the old passwords details of the user */ old_res = search_request-op.search.res; + talloc_steal(mem_ctx, old_res); + talloc_free(search_request); if (old_res-count != 1) { ldb_set_errstring(module, @@ -270,6 +276,9 @@ /* Find out the full details of the user */ res = search_request-op.search.res; + talloc_steal(mem_ctx, res); + talloc_free(search_request); + if (res-count != 1) { ldb_set_errstring(module, talloc_asprintf(mem_ctx, password_hash_handle: Modified: branches/SAMBA_4_0/source/lib/gendb.c === --- branches/SAMBA_4_0/source/lib/gendb.c 2006-01-31 06:09:18 UTC (rev 13255) +++ branches/SAMBA_4_0/source/lib/gendb.c 2006-01-31 10:03:44 UTC (rev 13256) @@ -42,7 +42,7 @@ int ret; if (format) { - vasprintf(expr, format, ap); + expr = talloc_vasprintf(mem_ctx, format, ap); if (expr == NULL) { return -1; } @@ -55,7 +55,7 @@ ret = ldb_search(ldb, basedn, scope, expr, attrs, res); if (ret == LDB_SUCCESS) { - talloc_steal(mem_ctx, res); + talloc_steal(mem_ctx, res-msgs); DEBUG(4,(gendb_search_v: %s %s - %d\n, basedn?ldb_dn_linearize(mem_ctx,basedn):NULL, @@ -63,13 +63,13 @@ ret = res-count; *msgs = res-msgs; - + talloc_free(res); } else { DEBUG(4,(gendb_search_v: search failed: %s, ldb_errstring(ldb))); ret = -1; } - free(expr); + talloc_free(expr); return ret; }
svn commit: samba r13257 - branches/SAMBA_3_0/source/python trunk/source/python
Author: lmuelle Date: 2006-01-31 10:39:45 + (Tue, 31 Jan 2006) New Revision: 13257 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13257 Log: Fix python build with older python versions (e.g. 2.2.1) like in United Linux 1 (UL) aka SuSE Linux Enterprise Server (SLES) 8. Modified: branches/SAMBA_3_0/source/python/setup.py trunk/source/python/setup.py Changeset: Modified: branches/SAMBA_3_0/source/python/setup.py === --- branches/SAMBA_3_0/source/python/setup.py 2006-01-31 10:03:44 UTC (rev 13256) +++ branches/SAMBA_3_0/source/python/setup.py 2006-01-31 10:39:45 UTC (rev 13257) @@ -63,9 +63,9 @@ next_is_flag = 0; elif lib == -Wl,-rpath: next_is_path = 1; -elif lib[0:2] in (-l): +elif lib[0:2] == (-l): libraries.append(lib[2:]) -elif lib[0:8] in (-pthread): +elif lib[0:8] == (-pthread): pass # Skip linker flags elif lib[0:2] == -L: library_dirs.append(lib[2:]) Modified: trunk/source/python/setup.py === --- trunk/source/python/setup.py2006-01-31 10:03:44 UTC (rev 13256) +++ trunk/source/python/setup.py2006-01-31 10:39:45 UTC (rev 13257) @@ -63,9 +63,9 @@ next_is_flag = 0; elif lib == -Wl,-rpath: next_is_path = 1; -elif lib[0:2] in (-l): +elif lib[0:2] == (-l): libraries.append(lib[2:]) -elif lib[0:8] in (-pthread): +elif lib[0:8] == (-pthread): pass # Skip linker flags elif lib[0:2] == -L: library_dirs.append(lib[2:])
svn commit: samba r13258 - in branches/SAMBA_4_0/source/lib/ldb/ldb_tdb: .
Author: abartlet Date: 2006-01-31 11:16:43 + (Tue, 31 Jan 2006) New Revision: 13258 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13258 Log: Fix the talloc heirachy for ldb_tdb. In the return value res-msgs, msgs was not a child of res, in the indexed path. Instead, it hung directly off the ldb, which was sometimes a long-term context. Also remove unused parameters. Found by --leak-report-full Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.h Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2006-01-31 10:39:45 UTC (rev 13257) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c 2006-01-31 11:16:43 UTC (rev 13258) @@ -665,7 +665,8 @@ ret = 0; if (ldb_match_msg(module-ldb, msg, tree, base, scope) == 1) { - ret = ltdb_add_attr_results(module, msg, attrs, (res-count), (res-msgs)); + ret = ltdb_add_attr_results(module, res, msg, + attrs, (res-count), (res-msgs)); } talloc_free(msg); if (ret != 0) { Modified: branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c === --- branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2006-01-31 10:39:45 UTC (rev 13257) +++ branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c 2006-01-31 11:16:43 UTC (rev 13258) @@ -40,8 +40,7 @@ /* add one element to a message */ -static int msg_add_element(struct ldb_context *ldb, - struct ldb_message *ret, +static int msg_add_element(struct ldb_message *ret, const struct ldb_message_element *el, int check_duplicates) { @@ -92,7 +91,7 @@ /* add the special distinguishedName element */ -static int msg_add_distinguished_name(struct ldb_module *module, struct ldb_message *msg) +static int msg_add_distinguished_name(struct ldb_message *msg) { struct ldb_message_element el; struct ldb_val val; @@ -105,7 +104,7 @@ val.data = (uint8_t *)ldb_dn_linearize(msg, msg-dn); val.length = strlen((char *)val.data); - ret = msg_add_element(module-ldb, msg, el, 1); + ret = msg_add_element(msg, el, 1); return ret; } @@ -119,7 +118,7 @@ unsigned int i; int check_duplicates = (ret-num_elements != 0); - if (msg_add_distinguished_name(module, ret) != 0) { + if (msg_add_distinguished_name(ret) != 0) { return -1; } @@ -129,7 +128,7 @@ if (h-flags LDB_ATTR_FLAG_HIDDEN) { continue; } - if (msg_add_element(ldb, ret, msg-elements[i], + if (msg_add_element(ret, msg-elements[i], check_duplicates) != 0) { return -1; } @@ -143,14 +142,14 @@ pull the specified list of attributes from a message */ static struct ldb_message *ltdb_pull_attrs(struct ldb_module *module, + TALLOC_CTX *mem_ctx, const struct ldb_message *msg, const char * const *attrs) { - struct ldb_context *ldb = module-ldb; struct ldb_message *ret; int i; - ret = talloc(ldb, struct ldb_message); + ret = talloc(mem_ctx, struct ldb_message); if (!ret) { return NULL; } @@ -184,7 +183,7 @@ } if (ldb_attr_cmp(attrs[i], distinguishedName) == 0) { - if (msg_add_distinguished_name(module, ret) != 0) { + if (msg_add_distinguished_name(ret) != 0) { return NULL; } continue; @@ -194,7 +193,7 @@ if (!el) { continue; } - if (msg_add_element(ldb, ret, el, 1) != 0) { + if (msg_add_element(ret, el, 1) != 0) { talloc_free(ret); return NULL; } @@ -296,23 +295,24 @@ add a set of attributes from a record to a set of results return 0 on success, -1 on failure */ -int ltdb_add_attr_results(struct ldb_module *module, struct ldb_message *msg, +int ltdb_add_attr_results(struct ldb_module *module, + TALLOC_CTX *mem_ctx, + struct ldb_message *msg,
svn commit: samba-web r906 - in trunk/news/releases: .
Author: lmuelle Date: 2006-01-31 11:45:04 + (Tue, 31 Jan 2006) New Revision: 906 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=906 Log: More precompiled binaries are available now. Modified: trunk/news/releases/3.0.21b.html Changeset: Modified: trunk/news/releases/3.0.21b.html === --- trunk/news/releases/3.0.21b.html2006-01-31 03:08:27 UTC (rev 905) +++ trunk/news/releases/3.0.21b.html2006-01-31 11:45:04 UTC (rev 906) @@ -14,7 +14,7 @@ If you prefer to download just the diff from 3.0.21a to 3.0.21b, the a href=/samba/ftp/patch-3.0.21a-3.0.21b.diffs.gzpatch file/a (a href=/samba/ftp/patch-3.0.21a-3.0.21b.diffs.ascgpg signature/a) is also available. - Precompiled packages for Fedora Core 4, RedHat 9, and Solaris are available in the + Precompiled packages for Fedora Core 4, RedHat 9, all SuSE Linux products, and Solaris are available in the a href=/samba/ftp/Binary_Packages/Binary_Packages download area/a. Packages for other platforms will be available shortly./p /div
svn commit: samba-web r907 - in trunk: .
Author: jerry Date: 2006-01-31 13:58:18 + (Tue, 31 Jan 2006) New Revision: 907 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=907 Log: adding SUSE to list of packages Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2006-01-31 11:45:04 UTC (rev 906) +++ trunk/index.html2006-01-31 13:58:18 UTC (rev 907) @@ -31,7 +31,7 @@ If you prefer to download just the diff from 3.0.21a to 3.0.21b, the a href=/samba/ftp/patch-3.0.21a-3.0.21b.diffs.gzpatch file/a (a href=/samba/ftp/patch-3.0.21a-3.0.21b.diffs.ascgpg signature/a) is also available. - Precompiled packages for Fedora Core 4, RedHat 9, and Solaris are available in the + Precompiled packages for Fedora Core 4, RedHat 9, SUSE platforms, and Solaris are available in the a href=/samba/ftp/Binary_Packages/Binary_Packages download area/a. Packages for other platforms will be available shortly./p
svn commit: samba r13259 - in trunk/source/include: .
Author: jra Date: 2006-01-31 17:36:12 + (Tue, 31 Jan 2006) New Revision: 13259 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13259 Log: Fix stupid bug Volker found for big-endian machines. Jeremy. Modified: trunk/source/include/smb.h Changeset: Modified: trunk/source/include/smb.h === --- trunk/source/include/smb.h 2006-01-31 11:16:43 UTC (rev 13258) +++ trunk/source/include/smb.h 2006-01-31 17:36:12 UTC (rev 13259) @@ -173,7 +173,7 @@ #define UCS2_CHAR(c) ((c) UCS2_SHIFT) /* return an ascii version of a ucs2 character */ -#define UCS2_TO_CHAR(c) ((c) 0xff) +#define UCS2_TO_CHAR(c) (((c) UCS2_SHIFT) 0xff) /* Copy into a smb_ucs2_t from a possibly unaligned buffer. Return the copied smb_ucs2_t */ #define COPY_UCS2_CHAR(dest,src) (((unsigned char *)(dest))[0] = ((unsigned char *)(src))[0],\
svn commit: samba r13260 - in branches/SAMBA_3_0/source/include: .
Author: jra Date: 2006-01-31 18:34:51 + (Tue, 31 Jan 2006) New Revision: 13260 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13260 Log: Fix stupid bug Volker found for big-endian machines. Jeremy. Modified: branches/SAMBA_3_0/source/include/smb.h Changeset: Modified: branches/SAMBA_3_0/source/include/smb.h === --- branches/SAMBA_3_0/source/include/smb.h 2006-01-31 17:36:12 UTC (rev 13259) +++ branches/SAMBA_3_0/source/include/smb.h 2006-01-31 18:34:51 UTC (rev 13260) @@ -173,7 +173,7 @@ #define UCS2_CHAR(c) ((c) UCS2_SHIFT) /* return an ascii version of a ucs2 character */ -#define UCS2_TO_CHAR(c) ((c) 0xff) +#define UCS2_TO_CHAR(c) (((c) UCS2_SHIFT) 0xff) /* Copy into a smb_ucs2_t from a possibly unaligned buffer. Return the copied smb_ucs2_t */ #define COPY_UCS2_CHAR(dest,src) (((unsigned char *)(dest))[0] = ((unsigned char *)(src))[0],\
svn commit: samba-web r908 - in trunk: . news/releases
Author: jerry Date: 2006-01-31 19:04:03 + (Tue, 31 Jan 2006) New Revision: 908 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=908 Log: adding AIX to the list of packages Modified: trunk/index.html trunk/news/releases/3.0.21b.html Changeset: Modified: trunk/index.html === --- trunk/index.html2006-01-31 13:58:18 UTC (rev 907) +++ trunk/index.html2006-01-31 19:04:03 UTC (rev 908) @@ -31,7 +31,7 @@ If you prefer to download just the diff from 3.0.21a to 3.0.21b, the a href=/samba/ftp/patch-3.0.21a-3.0.21b.diffs.gzpatch file/a (a href=/samba/ftp/patch-3.0.21a-3.0.21b.diffs.ascgpg signature/a) is also available. - Precompiled packages for Fedora Core 4, RedHat 9, SUSE platforms, and Solaris are available in the + Precompiled packages for Fedora Core 4, RedHat 9, AIX, Solaris, and SUSE platforms are available in the a href=/samba/ftp/Binary_Packages/Binary_Packages download area/a. Packages for other platforms will be available shortly./p Modified: trunk/news/releases/3.0.21b.html === --- trunk/news/releases/3.0.21b.html2006-01-31 13:58:18 UTC (rev 907) +++ trunk/news/releases/3.0.21b.html2006-01-31 19:04:03 UTC (rev 908) @@ -14,7 +14,7 @@ If you prefer to download just the diff from 3.0.21a to 3.0.21b, the a href=/samba/ftp/patch-3.0.21a-3.0.21b.diffs.gzpatch file/a (a href=/samba/ftp/patch-3.0.21a-3.0.21b.diffs.ascgpg signature/a) is also available. - Precompiled packages for Fedora Core 4, RedHat 9, all SuSE Linux products, and Solaris are available in the + Precompiled packages for Fedora Core 4, RedHat 9, AIX, all SuSE Linux products, and Solaris are available in the a href=/samba/ftp/Binary_Packages/Binary_Packages download area/a. Packages for other platforms will be available shortly./p /div
svn commit: samba r13261 - in trunk/source: utils web
Author: jra Date: 2006-01-31 21:54:22 + (Tue, 31 Jan 2006) New Revision: 13261 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13261 Log: Arr. Fix smbstatus and swat status to ignore bloody placeholder share mode entries (I hate these - I've had to add this filter code now to too many places :-). Jeremy. Modified: trunk/source/utils/status.c trunk/source/web/statuspage.c Changeset: Modified: trunk/source/utils/status.c === --- trunk/source/utils/status.c 2006-01-31 18:34:51 UTC (rev 13260) +++ trunk/source/utils/status.c 2006-01-31 21:54:22 UTC (rev 13261) @@ -101,6 +101,11 @@ static void print_share_mode(const struct share_mode_entry *e, const char *sharepath, const char *fname) { static int count; + + if (!is_valid_share_mode_entry(e)) { + return; + } + if (count==0) { d_printf(Locked files:\n); d_printf(Pid DenyMode Access R/WOplock SharePath Name\n); Modified: trunk/source/web/statuspage.c === --- trunk/source/web/statuspage.c 2006-01-31 18:34:51 UTC (rev 13260) +++ trunk/source/web/statuspage.c 2006-01-31 21:54:22 UTC (rev 13261) @@ -109,7 +109,13 @@ static void print_share_mode(const struct share_mode_entry *e, const char *sharepath, const char *fname) { char *utf8_fname; - int deny_mode = map_share_mode_to_deny_mode(e-share_access, + int deny_mode; + + if (!is_valid_share_mode_entry(e)) { + return; + } + + deny_mode = map_share_mode_to_deny_mode(e-share_access, e-private_options); printf(trtd%s/td,_(mapPid2Machine(e-pid)));
svn commit: samba r13262 - in branches/SAMBA_3_0/source: utils web
Author: jra Date: 2006-01-31 21:54:24 + (Tue, 31 Jan 2006) New Revision: 13262 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13262 Log: Arr. Fix smbstatus and swat status to ignore bloody placeholder share mode entries (I hate these - I've had to add this filter code now to too many places :-). Jeremy. Modified: branches/SAMBA_3_0/source/utils/status.c branches/SAMBA_3_0/source/web/statuspage.c Changeset: Modified: branches/SAMBA_3_0/source/utils/status.c === --- branches/SAMBA_3_0/source/utils/status.c2006-01-31 21:54:22 UTC (rev 13261) +++ branches/SAMBA_3_0/source/utils/status.c2006-01-31 21:54:24 UTC (rev 13262) @@ -101,6 +101,11 @@ static void print_share_mode(const struct share_mode_entry *e, const char *sharepath, const char *fname) { static int count; + + if (!is_valid_share_mode_entry(e)) { + return; + } + if (count==0) { d_printf(Locked files:\n); d_printf(Pid DenyMode Access R/WOplock SharePath Name\n); Modified: branches/SAMBA_3_0/source/web/statuspage.c === --- branches/SAMBA_3_0/source/web/statuspage.c 2006-01-31 21:54:22 UTC (rev 13261) +++ branches/SAMBA_3_0/source/web/statuspage.c 2006-01-31 21:54:24 UTC (rev 13262) @@ -109,7 +109,13 @@ static void print_share_mode(const struct share_mode_entry *e, const char *sharepath, const char *fname) { char *utf8_fname; - int deny_mode = map_share_mode_to_deny_mode(e-share_access, + int deny_mode; + + if (!is_valid_share_mode_entry(e)) { + return; + } + + deny_mode = map_share_mode_to_deny_mode(e-share_access, e-private_options); printf(trtd%s/td,_(mapPid2Machine(e-pid)));
svn commit: samba r13263 - in branches/SAMBA_4_0/source: build/m4 client
Author: jpeach Date: 2006-01-31 21:56:12 + (Tue, 31 Jan 2006) New Revision: 13263 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13263 Log: Check whether open(2) will accept the O_DIRECT flag. This should fix the build on NetBSD. Modified: branches/SAMBA_4_0/source/build/m4/rewrite.m4 branches/SAMBA_4_0/source/client/cifsddio.c Changeset: Modified: branches/SAMBA_4_0/source/build/m4/rewrite.m4 === --- branches/SAMBA_4_0/source/build/m4/rewrite.m4 2006-01-31 21:54:24 UTC (rev 13262) +++ branches/SAMBA_4_0/source/build/m4/rewrite.m4 2006-01-31 21:56:12 UTC (rev 13263) @@ -496,6 +496,18 @@ ;; esac +AC_CACHE_CHECK([for O_DIRECT flag to open(2)],samba_cv_HAVE_OPEN_O_DIRECT,[ +AC_TRY_COMPILE([ +#include unistd.h +#ifdef HAVE_FCNTL_H +#include fcntl.h +#endif], +[int fd = open(/dev/null, O_DIRECT);], +samba_cv_HAVE_OPEN_O_DIRECT=yes,samba_cv_HAVE_OPEN_O_DIRECT=no)]) +if test x$samba_cv_HAVE_OPEN_O_DIRECT = xyes; then +AC_DEFINE(HAVE_OPEN_O_DIRECT,1,[Whether the open(2) accepts O_DIRECT]) +fi + ### # test for where we get crypt() from AC_CHECK_LIB_EXT(crypt, CRYPT_LIBS, crypt) Modified: branches/SAMBA_4_0/source/client/cifsddio.c === --- branches/SAMBA_4_0/source/client/cifsddio.c 2006-01-31 21:54:24 UTC (rev 13262) +++ branches/SAMBA_4_0/source/client/cifsddio.c 2006-01-31 21:56:12 UTC (rev 13263) @@ -99,8 +99,13 @@ fdh-h.io_write = fd_write_func; fdh-h.io_seek = fd_seek_func; - if (options DD_DIRECT_IO) + if (options DD_DIRECT_IO) { +#ifdef HAVE_OPEN_O_DIRECT oflags |= O_DIRECT; +#else + DEBUG(1, (no support for direct IO on this platform\n)); +#endif + } if (options DD_SYNC_IO) oflags |= O_SYNC;
svn commit: samba r13264 - in branches/SAMBA_4_0/source/dsdb/samdb: .
Author: jpeach Date: 2006-01-31 22:41:53 + (Tue, 31 Jan 2006) New Revision: 13264 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13264 Log: Move declaration before code. Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c === --- branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2006-01-31 21:56:12 UTC (rev 13263) +++ branches/SAMBA_4_0/source/dsdb/samdb/cracknames.c 2006-01-31 22:41:53 UTC (rev 13264) @@ -55,7 +55,12 @@ TALLOC_CTX *tmp_ctx; struct ldb_dn *service_dn; char *service_dn_str; - + + const char *directory_attrs[] = { + sPNMappings, + NULL + }; + tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { return DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; @@ -65,10 +70,6 @@ CN=Directory Service,CN=Windows NT ,CN=Services,CN=Configuration); service_dn_str = ldb_dn_linearize(tmp_ctx, service_dn); - const char *directory_attrs[] = { - sPNMappings, - NULL - }; ret = ldb_search(ldb_ctx, service_dn, LDB_SCOPE_BASE, (objectClass=nTDSService), directory_attrs, res);
svn commit: samba r13265 - in branches/SAMBA_4_0/source/rpc_server/remote: .
Author: abartlet Date: 2006-01-31 22:58:50 + (Tue, 31 Jan 2006) New Revision: 13265 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13265 Log: Clarify how delegation works with the remote RPC backend. Andrew Bartlett Modified: branches/SAMBA_4_0/source/rpc_server/remote/README Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/remote/README === --- branches/SAMBA_4_0/source/rpc_server/remote/README 2006-01-31 22:41:53 UTC (rev 13264) +++ branches/SAMBA_4_0/source/rpc_server/remote/README 2006-01-31 22:58:50 UTC (rev 13265) @@ -1,7 +1,38 @@ -This smb.conf example should get you started: +This is an RPC backend that implements all operations in terms of +remote RPC operations. This may be useful in certain debugging +situations, where the traffic is encrypted, or you wish to validate +that IDL is correct before implementing full test clients, or with +windows clients. +There are two modes of operation: Password specified and delegated +credentials. + +Password specified: +--- + +This uses a static username/password in the config file, example: + +[global] dcerpc endpoint servers = remote dcerpc_remote:binding = ncacn_np:win2003 dcerpc_remote:username = administrator dcerpc_remote:password = PASSWORD dcerpc_remote:interfaces = samr, lsarpc, netlogon + +Delegated credentials: +-- + +If your incoming user is authenticated with Kerberos, and the machine +account for this Samba4 proxy server is 'trusted for delegation', then +the Samba4 proxy can forward the client's credentials to the target. + +You must be joined to the domain (net join domain member). + +To set 'trusted for delegation' with MMC, see the checkbox in the +Computer account property page under Users and Computers. + +[global] + dcerpc endpoint servers = remote + dcerpc_remote:binding = ncacn_np:win2003 + dcerpc_remote:interfaces = samr, lsarpc, netlogon +
svn commit: samba r13266 - in trunk/source/passdb: .
Author: vlendec Date: 2006-01-31 23:13:54 + (Tue, 31 Jan 2006) New Revision: 13266 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13266 Log: Fix stupid bug... Modified: trunk/source/passdb/pdb_tdb.c Changeset: Modified: trunk/source/passdb/pdb_tdb.c === --- trunk/source/passdb/pdb_tdb.c 2006-01-31 22:58:50 UTC (rev 13265) +++ trunk/source/passdb/pdb_tdb.c 2006-01-31 23:13:54 UTC (rev 13266) @@ -899,9 +899,9 @@ if (version == -1) { /* No key found, must be a new db */ - if (!tdb_store_int32(tdb, IDMAP_VERSION, -IDMAP_VERSION) != 0) { - DEBUG(0, (Could not store IDMAP_VERSION)); + if (tdb_store_int32(tdb, IDMAP_VERSION, + IDMAP_VERSION) != 0) { + DEBUG(0, (Could not store IDMAP_VERSION\n)); tdb_unlock_bystring(tdb, IDMAP_VERSION); return False; }
svn commit: samba r13267 - in trunk/source: groupdb passdb utils
Author: vlendec Date: 2006-01-31 23:21:47 + (Tue, 31 Jan 2006) New Revision: 13267 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13267 Log: Automatically create explicit group mappings for the primary group of users about to be added to pdb. This helps with smbpasswd -a but also usrmgr.exe for all the distros with per-user individual groups. Volker Modified: trunk/source/groupdb/mapping.c trunk/source/passdb/passdb.c trunk/source/utils/net_sam.c Changeset: Modified: trunk/source/groupdb/mapping.c === --- trunk/source/groupdb/mapping.c 2006-01-31 23:13:54 UTC (rev 13266) +++ trunk/source/groupdb/mapping.c 2006-01-31 23:21:47 UTC (rev 13267) @@ -180,6 +180,64 @@ } / + Map a unix group to a newly created mapping +/ +NTSTATUS map_unix_group(const struct group *grp, GROUP_MAP *pmap) +{ + NTSTATUS status; + GROUP_MAP map; + const char *grpname, *dom, *name; + uint32 rid; + + if (pdb_getgrgid(map, grp-gr_gid)) { + return NT_STATUS_GROUP_EXISTS; + } + + map.gid = grp-gr_gid; + grpname = grp-gr_name; + + if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + dom, name, NULL, NULL)) { + + const char *tmp = talloc_asprintf( + tmp_talloc_ctx(), Unix Group %s, grp-gr_name); + + DEBUG(5, (%s exists as %s\\%s, retrying as \%s\\n, + grpname, dom, name, tmp)); + grpname = tmp; + } + + if (lookup_name(tmp_talloc_ctx(), grpname, LOOKUP_NAME_ISOLATED, + NULL, NULL, NULL, NULL)) { + DEBUG(3, (\%s\ exists, can't map it\n, grp-gr_name)); + return NT_STATUS_GROUP_EXISTS; + } + + fstrcpy(map.nt_name, grpname); + + if (pdb_rid_algorithm()) { + rid = pdb_gid_to_group_rid( grp-gr_gid ); + } else { + if (!pdb_new_rid(rid)) { + DEBUG(3, (Could not get a new RID for %s\n, + grp-gr_name)); + return NT_STATUS_ACCESS_DENIED; + } + } + + sid_compose(map.sid, get_global_sam_sid(), rid); + map.sid_name_use = SID_NAME_DOM_GRP; + fstrcpy(map.comment, talloc_asprintf(tmp_talloc_ctx(), Unix Group %s, +grp-gr_name)); + + status = pdb_add_group_mapping_entry(map); + if (NT_STATUS_IS_OK(status)) { + *pmap = map; + } + return status; +} + +/ Return the sid and the type of the unix group. / Modified: trunk/source/passdb/passdb.c === --- trunk/source/passdb/passdb.c2006-01-31 23:13:54 UTC (rev 13266) +++ trunk/source/passdb/passdb.c2006-01-31 23:21:47 UTC (rev 13267) @@ -403,6 +403,7 @@ if (!pdb_gid_to_sid(pwd-pw_gid, group_sid)) { struct group *grp; + GROUP_MAP map; grp = getgrgid(pwd-pw_gid); if (grp == NULL) { @@ -412,13 +413,17 @@ goto done; } - DEBUG(1, (\nPrimary group %s of user %s is not mapped to - a domain group\n - Please add a mapping with\n\n - net sam mapunixgroup %s\n\n, - grp-gr_name, username, grp-gr_name)); - result = NT_STATUS_INVALID_PRIMARY_GROUP; - goto done; + DEBUG(5, (Primary group %s of user %s is not mapped to + a domain group, auto-mapping it\n, + grp-gr_name, username)); + result = map_unix_group(grp, map); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(1, (Failed to map group %s\n, grp-gr_name)); + goto done; + } + sid_copy(group_sid, map.sid); + DEBUG(5, (Mapped unix group %s to SID %s\n, + grp-gr_name, sid_string_static(group_sid))); } /* Now check that it's actually a domain group and not something Modified: trunk/source/utils/net_sam.c === --- trunk/source/utils/net_sam.c2006-01-31 23:13:54 UTC (rev 13266) +++ trunk/source/utils/net_sam.c2006-01-31 23:21:47 UTC (rev 13267) @@ -409,48 +409,8 @@ return -1; } - if (pdb_getgrgid(map, grp-gr_gid)) { -
svn commit: samba r13268 - in branches/SAMBA_4_0/source/lib/ldb/include: .
Author: tridge Date: 2006-01-31 23:37:56 + (Tue, 31 Jan 2006) New Revision: 13268 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13268 Log: fixed typo noticed by Aaron Seigo Modified: branches/SAMBA_4_0/source/lib/ldb/include/ldb.h Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/include/ldb.h === --- branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2006-01-31 23:21:47 UTC (rev 13267) +++ branches/SAMBA_4_0/source/lib/ldb/include/ldb.h 2006-01-31 23:37:56 UTC (rev 13268) @@ -589,7 +589,7 @@ - tdb://path - ldapi://path - ldap://host -- sqlite3://path +- sqlite://path \param ldb the context associated with the database (from ldb_init()) \param url the URL of the database to connect to, as noted above
Build status as of Wed Feb 1 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-01-31 00:00:40.0 + +++ /home/build/master/cache/broken_results.txt 2006-02-01 00:00:06.0 + @@ -1,17 +1,17 @@ -Build status as of Tue Jan 31 00:00:02 2006 +Build status as of Wed Feb 1 00:00:02 2006 Build counts: Tree Total Broken Panic ccache 6 2 0 -distcc 8 2 0 -lorikeet-heimdal 10 10 0 +distcc 9 2 0 +lorikeet-heimdal 9 9 0 ppp 17 0 0 rsync33 3 0 samba2 0 0 samba-docs 0 0 0 -samba4 35 23 2 +samba4 35 27 1 samba_3_034 5 0 -smb-build25 4 0 -talloc 6 3 0 -tdb 5 1 0 +smb-build23 4 0 +talloc 5 3 0 +tdb 4 1 0