[Samba] Problem with netbios names
hi, i've got big problem with samba, which acts as a fileserwer in company i work for. it's configured to be LMB and DMB and according to logs, it wins all elections. the problem is: i offer vpn access for few employees. one of them works with advanced excell (mainly) macros, which are linked across samba shares. he decided to recreate our shares structure on his home computer to test changes before making them on serwer, which is generally good idea, but he need also to change his computer name to the netbios name of our samba (links are configured as \\serwer_name\share\something) to make it work. now when this computer connects to VPN samba seems to forget own name. as i wrote - nmbd wins elections, employee's workstations are configured to use samba's ip as wins, but they all just keep trying to connect to .202 even if it's not connected anymore. the problem disapears when i restart nmbd (i think so) [global] dos charset = 852 unix charset = ISO8859-2 # workgroup = PRODRUK netbios name = PRODRUK_SERWER netbios aliases = SERWER server string = # time server = Yes load printers = No # os level = 254 preferred master = Yes domain master = Yes local master = Yes wins support = Yes ldap ssl = no name resolve order = lmhosts wins hosts bcast # create mask = 0771 force create mode = 0460 security mask = 0770 directory mask = 0770 force directory mode = 0770 directory security mask = 0770 map archive = yes map system = no map hidden = Yes # security = user guest ok = no encrypt passwords = yes interfaces = 192.168.169.2/255.255.255.0 127.0.0.1/255.0.0.0 bind interfaces only = yes hosts allow = 192.168.169. 127.0.0.1 # deadtime = 30 # syslog = 1 max log size = 1000 log file = /var/log/samba/log.%m log level = 2 [ and then individual shares ] any help appreciated regards, -- . . Marcin Kryczek . . . . . . . . . . . .RLU: #316599 . . . . Gentoo Linux Developer. . . . . . .mail: [EMAIL PROTECTED] . . . . . . . . . . . . . . . . . . . .PGP: 0xD6CFCCF1 . . . Key Fingerprint: EE8F E832 54E4 2456 C582 5B32 E10F EEDC D6CF CCF1 . pgpDRXWan4IsQ.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [HELP] Samba resets KickOffTime when changing password
hi, i experienced the following (buggy?) behaviour with samba v3.0.14a on debian and slapd 2.2.23-8 backend: when changing a domain userpassword (with smbpasswd or directly from windows client) sambaKickOffTime is handled correctly (= not reset). when changing a password with MS NT Usermanager, sambaKickOffTime is being reset (to 0 = never). is this intended behaviour by samba or Usermanager? i don´t want to blame the samba team for errors in MS code, of course!!! i just want to be sure that it´s no bug in the samba code or find somebody with experience in this. thanks for your help!!! -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT doesn't like that ... primary gid of user [info] is not a Domain group
Hello all, Sorry for my long post but is a very urgent situation (is required to configure 3 PDC in less then 4 hours) and i have not enough time to read and experiment so i am posting here my problem. Please read entire message (is a little bit long). I have already one PDC using samba-3.0.10-1.4E.2 (on RHEL4) which is working fine with windows 9x and xp clients, excepting one thing. All the time in smbd.log appears message: [2006/02/07 12:00:17, 1] rpc_server/srv_util.c:get_domain_user_groups(298) get_domain_user_groups: primary gid of user [info] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that OBS: User [info] is comming from an XP station already joined to domain. Googling, i found a partial explanation here: http://www-jerry.oit.duke.edu/linux/docs/samba/mapping_nt_groups_to_unix_groups.html On this PDC server, smb users has been created as following: useradd info useradd grig groupadd -g 1002 winusers after that i added info and grig to winusers group # cat /etc/group|grep win winusers:x:1002:info,grig id info uid=501(info) gid=501(info) groups=501(info),1002(winusers) id grig uid=502(grig) gid=502(grig) groups=502(grig),1002(winusers) first, i added unix root account to samba smbpaswd -a root and after that, regular users smbpasswd -a info smbpasswd -a grig so now, with this configuration after each station has been joined to my domain, i aget above error when user [info] is looged in. Net groupmap list show the following output: # net groupmap list System Operators (S-1-5-32-549) - -1 Domain Admins (S-1-5-21-3853285721-4159745161-3213124769-512) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-3853285721-4159745161-3213124769-514) - -1 Power Users (S-1-5-32-547) - -1 Domain Users (S-1-5-21-4124161332-916733439-2715427237-513) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Admins (S-1-5-21-4124161332-916733439-2715427237-512) - -1 Domain Guests (S-1-5-21-4124161332-916733439-2715427237-514) - -1 Account Operators (S-1-5-32-548) - -1 Domain Users (S-1-5-21-3853285721-4159745161-3213124769-513) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Now, i tryed to map winusers group to PDC Domain Users group: net groupmap add ntgroup=Domain Users unixgroup=winusers No rid or sid specified, choosing algorithmic mapping Successully added group Domain Users to the mapping db [EMAIL PROTECTED] ~]# net groupmap list System Operators (S-1-5-32-549) - -1 Domain Admins (S-1-5-21-3853285721-4159745161-3213124769-512) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Domain Guests (S-1-5-21-3853285721-4159745161-3213124769-514) - -1 Power Users (S-1-5-32-547) - -1 Domain Users (S-1-5-21-4124161332-916733439-2715427237-513) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Domain Admins (S-1-5-21-4124161332-916733439-2715427237-512) - -1 Domain Guests (S-1-5-21-4124161332-916733439-2715427237-514) - -1 Account Operators (S-1-5-32-548) - -1 Domain Users (S-1-5-21-3853285721-4159745161-3213124769-513) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 Domain Users (S-1-5-21-4124161332-916733439-2715427237-2005) - winusers NO LUCKmessage still persist in logs ... In this case, i configured another computer as PDC with the following changes: groupadd -g 1002 winusers #here each user has been created with default group winusers useradd -g 1002 info useradd -g 1002 grig # cat /etc/group|grep win winusers:x:1002: id info uid=502(info) gid=1002(winusers) groups=1002(winusers) id grig uid=502(grig) gid=1002(winusers) groups=1002(winusers) smbpaswd -a root smbpasswd -a info smbpasswd -a grig NOW, error message does NOT APPEAR in smbd.log BUT findsmb perl script (started on PDC) doesn't find any networked station (all are XP windows clients), just the linux PDC. This simptom does not affect all my windows stations, which can see and browse the network and access shares on PDC. NOTE: for netbios name resolution i am using another samba acting as wins server, located remote in another network. On incriminated PDC, i have these lines in smb.conf: os level = 65 domain master = Yes local master = Yes preferred master = Yes dns proxy = No name resolve order = bcast wins wins server = 10.0.0.111 remote announce = 10.0.0.13/NumeWorkGroup remote browse sync = 10.0.0.13 CAN ANYBODY HELP ME TO FIX THIS UNPLEASANT BEHAVIOR? WHICH ONE IS THE CORRECT WAY: users with the same group (GID) or users with unique group (GID) on creation time? Thanks in advance. Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] strange.. w
Hi, i saw something strange.. I dont think it's a samba point but if somebody could verify this. login on linux using ssh as a user and type w and let other people login after you logged on with ssh. and do the same but then su to root or use sudo w i have a listing in the first ( as user ) of 13 users but when i do sudo w i get 45 users. All users which logged in after my on console ( ssh ) are listed. ( all users after the pts/0 in this case ) I use debian Stable samba 3.0.14a. kernel 2.6.11 Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ldap authentication without 'ldap filter' parameter
Hello I'm trying to update samba from 3.0.11 to 3.0.21 and I noticed that the 'ldap filter' paramater has been removed. After some search, I read that I have to configure nss_ldap. But I don't know how to configure it properly to operate with our LDAP database. Let me explain : We used the 'ldap filter' parameter like this : ldap filter = ((iufmLogin=%u)(gecos=#*)) Our authentication is based on the 'iufmLogin' attribute (we cannot use the 'uid' attribute) and the gecos has to start with the '#' character for the user to be authenticated. But my problem is that I can't parameter the /etc/ldap.conf file to use these filters. I tried to put this in the /etc/ldap.conf file : pam_filter iufmLogin=%s pam_login_attribute iufmLogin But the system seems to ignore these filters and it only uses the 'uid' attribute when I try the 'getent passwd' command. Can someone explain me how to do this correctly ? Thanks Norbert Gomes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Vijay - kerberos + vsftpd
Hi, I have configured vsftpd on a RHEL 4 server box. Have configured Kerberos to work with the Windows 2003 Active Directory server and using the kinit klist command verify that the Kerberos authentication is working. What I would like to do is : Only for vsftpd the authentication should be against the Active Directory, Below is the output of the /etc/pam.d/vsftpd -- [EMAIL PROTECTED] ~]# cat /etc/pam.d/vsftpd #%PAM-1.0 auth required pam_krb5.so try_first_pass auth required pam_shells.so account required pam_krb5.so try_first_pass session required pam_krb5.so try_first_pass session required pam_loginuid.so [EMAIL PROTECTED] ~]# -- Output of klist command -- [EMAIL PROTECTED] ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting Expires Service principal 02/08/06 12:56:55 02/08/06 22:56:56 krbtgt/[EMAIL PROTECTED] renew until 02/09/06 12:56:55 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached [EMAIL PROTECTED] ~]# -- Please let me know what will be the new entries in the /etc/pam.d/vsftpd file and whether any other file is to be edited ? Kindly help. Regards, Vijay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap authentication without 'ldap filter' parameter
- Original Message - From: Norbert Gomes [EMAIL PROTECTED] To: samba samba@lists.samba.org Sent: Wednesday, February 08, 2006 5:46 AM Subject: [Samba] ldap authentication without 'ldap filter' parameter Hello I'm trying to update samba from 3.0.11 to 3.0.21 and I noticed that the 'ldap filter' paramater has been removed. After some search, I read that I have to configure nss_ldap. But I don't know how to configure it properly to operate with our LDAP database. Let me explain : We used the 'ldap filter' parameter like this : ldap filter = ((iufmLogin=%u)(gecos=#*)) Well, I understand your position. Tree management can be tough. What you could look at if you are using OpenLDAP is: http://www.openldap.org/software/man.cgi?query=slapo-rwmsektion=5apropos=0manpath=OpenLDAP+2.3-Release This is the rewrite module. It allows you to remap attributes and create conditional changes to client searches and server replies. It works for updates as well, so it's not just smoke and mirrors. This *might* help you out of your jam. I looked at this for our installation (we have a single tree that's used among several DC's with trusts), but with the impending changes for enumerating group RIDs, our own use of group mappings, future AD (read Samba 4) implementation and other political considerations, I've decided to script a tree transform instead. Cheers, Bill Our authentication is based on the 'iufmLogin' attribute (we cannot use the 'uid' attribute) and the gecos has to start with the '#' character for the user to be authenticated. But my problem is that I can't parameter the /etc/ldap.conf file to use these filters. I tried to put this in the /etc/ldap.conf file : pam_filter iufmLogin=%s pam_login_attribute iufmLogin But the system seems to ignore these filters and it only uses the 'uid' attribute when I try the 'getent passwd' command. Can someone explain me how to do this correctly ? Thanks Norbert Gomes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap authentication without 'ldap filter' parameter
Thank you for your reply Bill. This module don't seems to be implemented on openLDAP 2.2 Release and I can't modify our existent LDAP database. But I'll think of it if we decide to change the openLDAP release. What I would like to know is if it's possible to redefine the 'ldap filter' parameter in an other place than in the smb.conf file ? Thanks Norbert William Jojo a écrit : - Original Message - From: Norbert Gomes [EMAIL PROTECTED] To: samba samba@lists.samba.org Sent: Wednesday, February 08, 2006 5:46 AM Subject: [Samba] ldap authentication without 'ldap filter' parameter Hello I'm trying to update samba from 3.0.11 to 3.0.21 and I noticed that the 'ldap filter' paramater has been removed. After some search, I read that I have to configure nss_ldap. But I don't know how to configure it properly to operate with our LDAP database. Let me explain : We used the 'ldap filter' parameter like this : ldap filter = ((iufmLogin=%u)(gecos=#*)) Well, I understand your position. Tree management can be tough. What you could look at if you are using OpenLDAP is: http://www.openldap.org/software/man.cgi?query=slapo-rwmsektion=5apropos=0manpath=OpenLDAP+2.3-Release This is the rewrite module. It allows you to remap attributes and create conditional changes to client searches and server replies. It works for updates as well, so it's not just smoke and mirrors. This *might* help you out of your jam. I looked at this for our installation (we have a single tree that's used among several DC's with trusts), but with the impending changes for enumerating group RIDs, our own use of group mappings, future AD (read Samba 4) implementation and other political considerations, I've decided to script a tree transform instead. Cheers, Bill Our authentication is based on the 'iufmLogin' attribute (we cannot use the 'uid' attribute) and the gecos has to start with the '#' character for the user to be authenticated. But my problem is that I can't parameter the /etc/ldap.conf file to use these filters. I tried to put this in the /etc/ldap.conf file : pam_filter iufmLogin=%s pam_login_attribute iufmLogin But the system seems to ignore these filters and it only uses the 'uid' attribute when I try the 'getent passwd' command. Can someone explain me how to do this correctly ? Thanks Norbert Gomes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DFS redirection to sub-folders beyond share
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: Users\testuser which is mapped in DFS to \\fileserver1\share\Users\testuser file:///\\fileserver1\share\Users\testuser , which works easily in windows to seamless take the user who access \\domain\dfs\users\testuser file:///\\domain\dfs\users\testuser to the folder \\fileserver1\share\users\testuser file:///\\fileserver1\share\users\testuser . This does NOT work under smbclient. I think that we just need to be able to map users to something beyond the actual share. It looks like it could be fixed by modifying the code to handle the slashes correctly (see the error below). Here is the log from smbclient with the -d 3 debugging option: What would help to get this fixed is a simple example of this expressed as a set of Samba server-side DFS symlinks, so I can try and reproduce this. If I understand you correctly, Windows is just doing a tconX and the changing to the directory. Smbclient is not performing those extra steps for you. Nor will some older Microsoft clients (such as NT4 I expect). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD6ff6IR7qMdg1EfYRAjsAAJ945xK/TlmyFOGM8pW1R9rS1ayQsgCg8zQH 3q7Z3h9ufXqiTyAV3pAR6uI= =s93O -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Security
Dear all I have a samba 3.0.21 with openldap as a primary domain controller, and all my windows clients are joined to my domain. i have file servers (Domain Member servers - linux systems) which are given access for file sharing to my clients. so all the windows clients in my domain access the file server according to their user permissions. i also have some windows clients which are not joined to my domain, but are in the same network as my PDC. they are also able to access the file server, but it prompts for username and password, and user gives the username and password and access it. is there any way that the windows clients which are joined in my domain only should be able to access the file servers and the sysetms which are not joined should not be able to access file services. i don't want to implement ip level security on shares, as user can change the ip and access it. i would like to know if file servers which are in joined to my PDC can be given access to only windows clients which are joined to my domain, any other windows client which is not in OU=Computers ie which is not yet joined to my PDC should be denied. Is it possible ? please guide me Regards Niranjan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Print Migrator help needed...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Geoffrey Scott wrote: On a debian Sarge box this is what I get in the log for the machine connected from after using the mmc plugin: sh: line 1: /usr/lib/samba/svcctl/NETLOGON: No such file or directory sh: line 1: /usr/lib/samba/svcctl/Spooler: No such file or directory sh: line 1: /usr/lib/samba/svcctl/Spooler: No such file or directory I can't reproduce this failure anymore. I have you log files but I need your smb.conf. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD6gDjIR7qMdg1EfYRAkYSAJ9UkJpTjspykBqYAMBJecZCqXQs4wCgg5Db dy3PYt4FiiUbvub+2rB4rWQ= =plgz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Print Migrator help needed...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Geoffrey Scott wrote: On a debian Sarge box this is what I get in the log for the machine connected from after using the mmc plugin: sh: line 1: /usr/lib/samba/svcctl/NETLOGON: No such file or directory sh: line 1: /usr/lib/samba/svcctl/Spooler: No such file or directory sh: line 1: /usr/lib/samba/svcctl/Spooler: No such file or directory I can't reproduce this failure anymore. I have you log files but I need your smb.conf. Ahhhok. Apparently, there's a bug when you don't list any external services in smb.conf. Path forthcoming. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD6gSaIR7qMdg1EfYRAkEyAKCRC0pcMk/lVEgbFg2xbl/4Co1gCgCdHplf GF95kU30vaznronmznX5Di4= =uXM3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: Print Migrator help needed...
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gerald (Jerry) Carter wrote:
Gerald (Jerry) Carter wrote:
Geoffrey Scott wrote:
On a debian Sarge box this is what I get in the log for the machine
connected from after using the mmc plugin:
sh: line 1: /usr/lib/samba/svcctl/NETLOGON: No such file or directory
sh: line 1: /usr/lib/samba/svcctl/Spooler: No such file or directory
sh: line 1: /usr/lib/samba/svcctl/Spooler: No such file or directory
I can't reproduce this failure anymore. I have you log files but
I need your smb.conf.
Ahhhok. Apparently, there's a bug when you don't list any
external services in smb.conf. Patch forthcoming.
And here's the patch. Some older code that didn't get removed
during the latest rewrite.
cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD6gkNIR7qMdg1EfYRAvAnAJ9KVqfkhTioqy6qu1zDe3bf4SSiRACguib5
kEHh8BfbiPq4Xem8RPmPr3M=
=HsN2
-END PGP SIGNATURE-
Index: services/services_db.c
===
--- services/services_db.c (revision 13391)
+++ services/services_db.c (working copy)
@@ -436,7 +436,7 @@
for ( i=0; builtin_svcs[i].servicename; i++ )
add_new_svc_name( key, subkeys, builtin_svcs[i].servicename );
- for ( i=0; service_list[i]; i++ ) {
+ for ( i=0; service_list service_list[i]; i++ ) {
/* only add new services */
if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) )
Index: param/loadparm.c
===
--- param/loadparm.c(revision 13391)
+++ param/loadparm.c(working copy)
@@ -1655,8 +1655,6 @@
Globals.bASUSupport = True;
- Globals.szServicesList = str_list_make( Spooler NETLOGON, NULL );
-
/* User defined shares. */
pstrcpy(s, dyn_LOCKDIR);
pstrcat(s, /usershares);
Index: lib/util_str.c
===
--- lib/util_str.c (revision 13391)
+++ lib/util_str.c (working copy)
@@ -1852,6 +1852,9 @@
{
int i = 0;
+ if ( ! list )
+ return 0;
+
/* count the number of list members */
for ( i=0; *list; i++, list++ );
Index: rpc_server/srv_svcctl_nt.c
===
--- rpc_server/srv_svcctl_nt.c (revision 13391)
+++ rpc_server/srv_svcctl_nt.c (working copy)
@@ -72,7 +72,7 @@
/* services listed in smb.conf get the rc.init interface */
- for ( i=0; service_list[i]; i++ ) {
+ for ( i=0; service_list service_list[i]; i++ ) {
svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i]
);
svcctl_ops[i].ops = rcinit_svc_ops;
}
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] IntegraTUM WebDisk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Bley wrote: Hello everybody, IntegraTUM WebDisk is a free web application which gives you direct access to a file server. It is written using Java Servlets and the jCIFS library. Supported file servers are Samba, MS Windows and NetApp OnTAP and those based on the CIFS-protocol. (License is GPL) Maybe you can place a link on http://www.samba.org/samba/GUI/ ? WebDisk Homepage: http://sourceforge.net/projects/webdisk/ Screenshots: http://www.simple-groupware.de/cms/index.php?n=WebDisk.Screenshots Thanks and best regards, Thomas Bley Deryck, Would you take a look and pick this up for the sight. Thomas, deryck is our webmaster and will get in touch with you for any extra information he may need. cheers, jerry = I live in a Reply-to-All world. --- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD6gpCIR7qMdg1EfYRAvQWAJ4mbMowwBWfC1PtF0fFdsZoaCbMNQCfTcG/ 30gALZuqUors1ibjjCMLaV4= =yDFZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New trick for old dogs
We have been using Samba for many years. The company has just switched from an NT domain to an Active Directory domain. The new server is running Windows Server 2003. We are having trouble configuring our Solaris 8 server so it can join the domain as a server. Just getting Samba to compile and link was interesting enough. This included downloading and compiling a new version of the BerkeleyDB, libiconv, OpenLDAP, and Kerberos. Now that I have a compiled version I'm having trouble joining the domain. Just to make life interesting the terms in the error messages are not in terms our Windows admins understand and no one here is familiar with Kerberos. First is there a table match Kerberos terms with M$ Windows terms? Next what does this error mean? # /usr/local/samba/bin/net ads join GEDAS-US -S gdusrhd0002 -U sambajoin sambajoin's password: [2006/02/08 10:07:30, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed [2006/02/08 10:07:30, 0] utils/net_ads.c:ads_startup(191) ads_connect: Preauthentication failed # _ Darryl Baker Senior Unix Specialist gedas USA, Inc. Operational Services Business Unit 3800 Hamlin Road Auburn Hills, MI 48326 US phone +1-248-754-5341 fax +1-248-754-6399 [EMAIL PROTECTED] http://www.gedasusa.com _ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ldapsam last logon time
Hello, according to TOSHARG: sambaLogonTime:Integer - value currently unused. sambaLogoffTime:Integer - value currently unused. does anyone know when this is going to be implemented? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Primary Group ID (Well-Known RIDs)
Hello all, I have following situation: There are users that don't have the well-known RID 513, so groupmapping like Domain Users (S-1-5-21-domain SID part-513) - users doesn't have any effect. There are users that have the primary group RID 545, 2001 and 1201. That's somehow messy. Is there any chance to get the Domain Users into the well-known primary group rid 513? Does it then also make sense to give machines the well known group rid 515? Or is it better to change mapping by giving the rid explicitly? Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New trick for old dogs
Darryl, Is the Solaris Box ntp synced with the windows server? Regards, Nico - Original Message - From: Baker, Darryl [EMAIL PROTECTED] To: Samba (E-mail) samba@lists.samba.org Sent: Wednesday, February 08, 2006 4:09 PM Subject: [Samba] New trick for old dogs We have been using Samba for many years. The company has just switched from an NT domain to an Active Directory domain. The new server is running Windows Server 2003. We are having trouble configuring our Solaris 8 server so it can join the domain as a server. Just getting Samba to compile and link was interesting enough. This included downloading and compiling a new version of the BerkeleyDB, libiconv, OpenLDAP, and Kerberos. Now that I have a compiled version I'm having trouble joining the domain. Just to make life interesting the terms in the error messages are not in terms our Windows admins understand and no one here is familiar with Kerberos. First is there a table match Kerberos terms with M$ Windows terms? Next what does this error mean? # /usr/local/samba/bin/net ads join GEDAS-US -S gdusrhd0002 -U sambajoin sambajoin's password: [2006/02/08 10:07:30, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication failed [2006/02/08 10:07:30, 0] utils/net_ads.c:ads_startup(191) ads_connect: Preauthentication failed # _ Darryl Baker Senior Unix Specialist gedas USA, Inc. Operational Services Business Unit 3800 Hamlin Road Auburn Hills, MI 48326 US phone +1-248-754-5341 fax +1-248-754-6399 [EMAIL PROTECTED] http://www.gedasusa.com _ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap authentication without 'ldap filter' parameter
Norbert Gomes wrote: After some search, I read that I have to configure nss_ldap. But I don't know how to configure it properly to operate with our LDAP database. Let me explain : We used the 'ldap filter' parameter like this : ldap filter = ((iufmLogin=%u)(gecos=#*)) I think you want to use these settings in ldap.conf: nss_base_passwd ou=People,dc=example,dc=com?one?gecos=#* nss_map_attribute uid iufmLogin pam_login_attribute iufmLogin I'm not sure whether or not pam_login_attribute is strictly required. I'd try with just the first two settings, and leave it at that if things work as you expect. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldap authentication without 'ldap filter' parameter
OK, it seems to work better : the 'nss_map_attribute uid iufmLogin' tells the system to look at 'iufmLogin' instead of 'uid'. I will work out for the filters but I'm on a good way Thank you so much :-) Gordon Messmer a écrit : Norbert Gomes wrote: After some search, I read that I have to configure nss_ldap. But I don't know how to configure it properly to operate with our LDAP database. Let me explain : We used the 'ldap filter' parameter like this : ldap filter = ((iufmLogin=%u)(gecos=#*)) I think you want to use these settings in ldap.conf: nss_base_passwd ou=People,dc=example,dc=com?one?gecos=#* nss_map_attribute uid iufmLogin pam_login_attribute iufmLogin I'm not sure whether or not pam_login_attribute is strictly required. I'd try with just the first two settings, and leave it at that if things work as you expect. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Browse list propagation
I had some discussion about this problem at the end of January and have investigated further. The problem: Clients directly connected to the subnets of the Samba server get a browse list (network neigborhood), while clients that access the serveer over a router do not. there are no broadcasts, Samba is functioning as a WINS server and is working for all clients (nblookup proves this). I upgraded from 3.0.10 to 3.0.20b-1 but this made no difference. I have spent quite some time with Ethereal an notice that all clients request SRVSVC NetrServerGetInfo request (port 445) and the information is false in the response from the Samba server : This is NOT a potential browser This is NOT a master browser This is NOT a domain master browser although the smb.conf has: local master = yes preferred master = yes domain master = yes domain logons = yes The clients in the local subnets also request LANMAN NetServerEnum2 (Port 139) and receive the correct answer: This is a potential browser This is a master browser This is a domain master browser All clients are Windows XP Professional. What is curious is that it seems to be client driven. Why do the remote machines not ask on port 139? But also why is the Samba reply seemingly wrong on port 445? Would appreciate any hints or advice here. Bob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] displaying ntfs acls for a remote windows host
howdy all - I am hoping to be able to manipulate the NTFS acls on a remote windows host from a linux box. smbcacls, although fairly poorly documented, seems as if it will do what i need from a modifying standpoint. however, it doesn't look like it includes a switch to display acls for a file. can someone point me towards a utility or method of viewing acls on a remote host, if one exists? thanks much. -tucker -- Tucker Cunningham Integration Appliance Inc. email: [EMAIL PROTECTED] cell: 650.387.5980 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Anyone else seeing disk full errors?
I've upgraded our server to the 3.0.21b release but we still seem to sometimes get the bogus Disk Full error when saving Excel files. -- Michael St. Laurent Hartwell Corporation This is the captain speaking. We may experience some turbulence... and then explode. -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Monday, January 30, 2006 2:50 PM To: Michael St. Laurent Cc: 'samba@lists.samba.org' Subject: Re: [Samba] Anyone else seeing disk full errors? On Mon, Jan 30, 2006 at 02:38:42PM -0800, Michael St. Laurent wrote: I'm seeing random disk full errors when saving large Excel files to a Samba share. The users will retry and the second or third time (usually the second time) it will save correctly. This is with version 3.0.21a on i386 Red Hat 9, kernel 2.4.20-31 patched with ACL. Can you please try the 3.0.21b release code to see if this problem is fixed ? It may be related to the oplock level 2 bug we just fixed. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Anyone else seeing disk full errors?
On Wed, Feb 08, 2006 at 10:23:17AM -0800, Michael St. Laurent wrote: I've upgraded our server to the 3.0.21b release but we still seem to sometimes get the bogus Disk Full error when saving Excel files. Debug level 10 log ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Repost: Help - compilation of
Hello Pierre, I am also running Solaris 7 and cannot compile nsswitch/winbind_nss_solaris.c, even on 3.0.21b. The problem appears to be with the in6_addr structure (or the lack of it in Solaris 7 :-) Did you get specific help from the Samba team, or did upgrading to 3.0.21b solve your compilation problem for you? Thanks, Mike -- Mike Heffner BAE Systems -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind can see some groups but not others
Hello, I followed the steps at http://www.enterprisenetworkingplanet.com/netos/article.php/3487081 for adding a v3.0.21a samba and winbindd server to a MsAD domain and configuring nsswitch.conf to find passwd and group info from winbind. This seems to have worked out fine, except that I can't 'see' or 'recognize' certain groups via getent or via wbinfo -g. E.g. I can see the 'ccsd-staff' group via getent and wbinfo -g, but i don't see the 'ccsd-dept-www' group via either. Within the MsAD domain of concern, those two groups are basically the same, except the one that getent finds is in ou=people,dc=msoe,dc=edu and the one that it doesn't find is in ou=unixgroups,dc=msoe,dc=edu This makes me think there's an ldap basedn problem, but then, there's no ldap config needed or used by winbind, as far as i can tell. Anyone know what's wrong or have an idea of how to debug? Thanks -- Happy Landings, Jon Detert IT Systems Administrator, Milwaukee School of Engineering 1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Security
On Wed, 2006-02-08 at 19:47 +0530, ashok cvs wrote: Dear all i would like to know if file servers which are in joined to my PDC can be given access to only windows clients which are joined to my domain, any other windows client which is not in OU=Computers ie which is not yet joined to my PDC should be denied. Is it possible ? please guide me In short, no. There isn't a good way to tell from an incoming connection if the client machine is in a domain, and at best, it would be the same 'level of difficultly' as IP address based access controls. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory and Native Mode - NEw to Samba
On Mon, 2006-02-06 at 09:44 +1100, Ledesma, Pedro wrote: Hi, I would like to get some information about samba v2.x and Active directory Native mode. Samba 2.x is quite old now. Our Windows 2003 domain function is currently set to interim mode, we would like to raise the function level to Native. I am wondering if this will break users accessing samba shares. Depending on your setup, probably. I strongly suggest upgrading to Samba 3.0.21b, our latest release. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [resend] SAMBA and X509 certs ?
On Tue, 2006-02-07 at 10:14 +0100, romain BOTTAN wrote: Hello everybody, I'll try to find out some info about Samba and a way to put x509 authenticate method but i don't find anything clear about it. There are not many 'good' options to put x509 certificates into the Samba authentication space, and if very much depends on the client and domain environment. Perhaps you are looking for an AD implementation, with PKINIT on kerberos? This is the only real solution for windows clients. If you control the clients (say they run Linux), you could push all CIFS connections via a SSL tunnel, but Samba wouldn't 'know' about this, so would not actually authenticate the users as such. Perhaps you need to explain what you are trying to do a bit more. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbtree on localhost
Hi. tstparm /etc/samba/smb.conf shows some directories.. but smbtree doesn't show anything at all (from my samba server on localhost) what might be the reason? Do I have to open some ports? Using smbtree I can see other shares of WinXP servers. [global] server string=server workgroup=mygroup netbios name=hobbit [homes] read only=yes [D] path=/mnt/d read only=yes guest ok=yes [printers] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Profiles on different network?
Hi Joel, there is no magic which offers you the option to store a profile on serveral servers, the placement of the a users profile is i.e in the ad or ( when using samba ) in ldap is a unique entry. So if you use roaming Profiles, without caching them on the client machines an you have i.e many offices connected via i.e vpn and a user from Office A visits Office B and his profile is on the win/samba server of his home office A , he has to download it from there. So this takes time depending of the connection speed and the size of the profile. To make this stuff run proper make sure that wins is working over the whole network, and perhaps your internal nameserver setup. Also if the speed of the vpn isnt quick enough, cause either there is much other traffic or you have small bandwith in general buggy routing, buggy nic , false configured firewalls on win clients or gateways you will run into timeouts, and the win client decides to give the user a default profile, to short the login time. This is deeply hard stuff to configure, as so many functions are involved. In your case i would guess that you have a wins problem in one way which causes timeout at logon, so i would start here to debug, for example let that user login with that empty profile in office b and try thing like this \\profileserverofficeA\profilesuserpath\username ( you should find this path for that user with i.e usrmgr ) this must work ! If it isnt be sure that the cleint has the right win entries and try nmblookup etc ( note ping is here not enough for debug *g) Hope this helps Best Regards Joel Larsson schrieb: Hello Everyone. I have some trouble with my samba installation. I have two samba servers and one windows 2003 server. I also have two networks on different pysical locations, they are on different nets but everything is open between them. Lets call them location A and B. On location A i have a samba server as PDC, and a windows 2003 server as file server. On location B i have a samba server as fileserver. When people logon they always authenticate against the PDC. The profiles are downloaded from Windows 2003 machine for users in location A and from the sambaserver in location B for the users there. My biggest headache is that when a user from location B visits location A they cannot download the profile. There is no errormessage or anything. It just becomes a empty profile. When looking in the Profile handler thing in the System application the type is set to roaming BUT the type in use is local. I cannot figure out why this is. The other way around seems to work, when people from location A visits location B. The smb.conf from the machine at location B is at the bottom of the message. I have looked around everywhere but cannot find any information (I have tested alot of different configurations). You guys are my last chance :) Cheers, Joel [global] workgroup = SMB netbios name = luton server string = Samba Server %v hide files = /desktop.ini/ntuser.ini/ntuser.*/NTUSER.*/ printcap name = cups load printers = yes addprinter command = /usr/bin/smbaddprinter.pl printing = cups printer admin = @Domain Admins log file = /var/log/samba/log.%m max log size = 50 map to guest = bad user security = domain password server = 192.168.1.1 encrypt passwords = yes smb passwd file = /var/lib/samba/private/smbpasswd unix password sync = Yes pam password change = yes winbind use default domain = yes winbind cache time = 300 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 remote announce = 192.168.1.1 local master = yes os level = 33 domain master = no idmap uid = 1-2 idmap gid = 1-2 wins support = No wins server = 192.168.1.1 dns proxy = yes [home] comment = Hemkataloger browseable = yes writable = yes path = /share/home [backup] comment = Backup browseable = yes writable = yes path = /share/backup write list = @Domain Admins [groups] comment = Gruppkataloger browseable = yes writable = yes path = /share/groups write list = @Domain Users [profiles] path = /share/profiles browseable = yes guest ok = no csc policy = disable write list = @Domain Users # browseable = no # profile acls = yes # create mode = 0700 # directory mode = 0700 # read only = no # default case = lower # preserve case = no # short preserve case = no # case sensitive = no [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = yes printable = yes create mode = 0700 use client driver = No write list = @Domain Admins root print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. [print$] path = /var/lib/samba/printers browseable = yes read only = yes write list = @Domain Admins root guest ok = yes [tmp] comment = Temporary file space path = /tmp read only = no public = yes -- Mit freundlichen Gruessen
[Samba] win2k will not authenticate when logging in
For a few weeks now we have been trying to research why our domain will not authenticate when we are logging in. The Samba logs indicate that our computers properly add into the domain, however after rebooting and attempting to log in we recieve an error message stating that our computer account is not in the domain. After reading the logs we have realized that Samba is indeed recieving and verifying that the computer is allowed access to the domain, however it appears that Samba is not recieving a username/passwd with the login request. This in turns leaves Samba using nobody for the rest of the authentication sequence, and when it hands the connection over the IPC$ refusing access to the domain because we cannot allow anonymous access. Our server is setup is CentOS 4.1 64bit edition, Samba 3.0.21b, Pam, and OpenLDAP. I have included below the Samba log of when I attempt to log into the domain, and the samba configuration file. The logging level was set to 3 when these logs were taken. Also please be aware these files are edited for security, and ridiculous length. ** ***BEING DOMAIN LOGIN*** ** [2006/02/08 16:34:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/02/08 16:34:43, 3] smbd/uid.c:push_conn_ctx(393) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/02/08 16:34:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/02/08 16:34:43, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/08 16:34:43, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2006/02/08 16:34:43, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2006/02/08 16:34:43, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: guest authentication for user [] succeeded [2006/02/08 16:34:43, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(332) NTLMSSP Sign/Seal - Initialising with flags: [2006/02/08 16:34:43, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088235 [2006/02/08 16:34:43, 3] smbd/password.c:register_vuid(257) User name: nobody Real name: nobody [2006/02/08 16:34:43, 3] smbd/password.c:register_vuid(276) UNIX uid 99 is UNIX user nobody, and will be vuid 101 [2006/02/08 16:34:43, 3] smbd/process.c:process_smb(1194) Transaction 3 of length 82 [2006/02/08 16:34:43, 3] smbd/process.c:switch_message(993) switch message SMBtconX (pid 2789) conn 0x0 [2006/02/08 16:34:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/08 16:34:43, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2006/02/08 16:34:43, 2] lib/access.c:check_access(324) Allowed connection from (192.168.14.65) [2006/02/08 16:34:43, 3] smbd/service.c:make_connection_snum(488) Connect path is '/tmp' for service [IPC$] [2006/02/08 16:34:43, 3] lib/util_seaccess.c:se_access_check(250) [2006/02/08 16:34:43, 3] lib/util_seaccess.c:se_access_check(251) se_access_check: user sid is S-1-5-21-xxx-xxx-xxx-501 se_access_check: also S-1-5-21-xxx-xxx-xxx-514 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-32-546 se_access_check: also S-1-5-21-xxx-xxx-xxx-1199 [2006/02/08 16:34:43, 3] smbd/vfs.c:vfs_init_default(216) Initialising default vfs hooks [2006/02/08 16:34:43, 2] smbd/uid.c:change_to_user(230) change_to_user: SMB user (unix user nobody, vuid 101) not permitted access to share IPC$. [2006/02/08 16:34:43, 0] smbd/service.c:make_connection_snum(592) Can't become connected user! [2006/02/08 16:34:43, 3] smbd/connection.c:yield_connection(69) Yielding connection to IPC$ [2006/02/08 16:34:43, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(668) cmd=117 (SMBtconX) NT_STATUS_LOGON_FAILURE [2006/02/08 16:34:43, 3] smbd/process.c:process_smb(1194) Transaction 4 of length 43 [2006/02/08 16:34:43, 3] smbd/process.c:switch_message(993) switch message SMBulogoffX (pid 2789) conn 0x0 [2006/02/08 16:34:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/08 16:34:43, 3] smbd/reply.c:reply_ulogoffX(1606) ulogoffX vuid=101 [2006/02/08 16:34:43, 3] smbd/process.c:timeout_processing(1447) timeout_processing: End of file from client (client has disconnected). [2006/02/08 16:34:43, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/02/08 16:34:43, 2] smbd/server.c:exit_server(614) Closing connections [2006/02/08 16:34:43, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/02/08 16:34:43, 3] smbd/server.c:exit_server(655) Server exit (normal exit) [2006/02/08 16:34:43, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx
[Samba] Client printer install problem in Active Directory
Hello, I have been searching for an answer all day, via Google, and have yet to see this specific problem. I am having a problem configuring a RHEL 4.0 server to share a PDF creator in Active Directory. I had a PDF creator that worked on an old Red Hat 7.2 box, but have upgraded hardware and operating system. (using this configuration http://www.linux-sxs.org/networking/PDF_creation_using_Samba.html) The problem I have is when I try to connect or install the PDF creator on a Windows XP machine. I get prompted for a userid and password on the local server, and nothing works. I have tried root and a local user, both the local UNIX userid/password and the Active Directory userid/password. Each time I get the following error: The credentials supplied conflict with an existing set of credentials. Overwriting the existing set of credentials may cause some running applications to stop functioning. Do you really want to overwrite the existing set of credentials? Portions of the smb.conf in the original configuration have been deprecated so I am trying to do it using CUPS now. Here is my smb.conf [global] realm = ROOT.LOCAL password server = server.root.local server string = server2 hosts allow = 123.123. 127. printcap name = cups printing = cups load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 security = ADS socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = 123.123.12.12 dns proxy = no guest account = nobody invalid users = root winbind separator = + idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 winbind enum users=yes winbind enum groups=yes [PDF pickup] path = /usr/local/PDF browseable = yes writeable = yes guest ok = yes [printers] comment = All Printers path = /var/spool/samba/print printer = PDF_writer browseable = yes guest ok = yes printable = yes browseable - no [printer$] comment = printer driver share path = /usr/share/cups/model/distiller.ppd read only = yes public = yes Thank you for you help, in advance. Sam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with netbios names
now when this computer connects to VPN samba seems to forget own name. It sounds like this computer's NMB entry is overwriting Samba's. My guess is the only way to stop this is to 'ban' this user from accessing WINS and broadcasting NMB queries, so that they never reach nmbd and can't overwrite the real server's entry. This will mean however that the user will be unable to to access the real Samba server over the VPN. Alternatively you may find it better to map a network drive to the macros - so instead of accessing files as \\server\share\macro you map drive M: to \\server\share and then use M:\macro in the documents. That way your user can have M: pointing to a share on their local machine (or even use 'subst' to make a local folder appear as drive M:) and then at work have drive M: mapped to the server version. That way you could have two different computer names and just change the drive mapping to point to whichever version of the files you want. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 / 2.2 secret.tbd files
We have two solaris 9 boxes with Samba 3.0.20, which authenticate against a solaris 8 box with Samba 2.2.8a. My question is about the /usr/local/samba/private files secret.tbd and smbpasswd. We initially copied the smbpasswd from the 2.2.8a to the newer ones, but it is not often kept up to date. I was getting ready to work on setting up CFENGINE to keep the files in sync when I was just told that I should simply empty the smbpasswd files, as the authentication is done by the other system. However, if I delete an account from the smbpasswd file, it appears to loose direct access to the files on that server. We are having a lot of inconsistant problems with controlling access since moving files to the 3.0 systems, which I will discuss in another message after we clarify how things should be setup. The clients are all windows, but we don't have any windows servers. Linolil This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] filesize problem...
dear list, following problem with large files: server: samba 3.0.21b debian linux kernel 2.4.32 filesystem ext3 client: windows xp sp2 - i layed a tarball to the directory with a size of 35GB (also tested with a smaller filesize of 7.2 GB) - the filesystem shows the correct filesize. - looking via samba share, there's a filesize of 2.91GB??? - trying to copy a file bigger then 2.91 GB i get an error filesize exeeded smb.conf (relevant part): [global] snip / large readwrite = yes snip / [datenfriedhof] veto files = /lost+found/ comment = Festplatten f. Datensicherung writable = yes create mode = 0660 force create mode = 0660 directory mode = 2770 force directory mode = 2770 path = /datenfriedhof == any help appreciated regards, kurt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] help with Samba v. 3.0.21b authentication
Hi All, I have this strange problem that if the user has the same username in UNIX as in Windows, he can do net view \\server file://server/ with no problem but for users whose username is not the same on UNIX as it is in Windows, net view \\server file://server/ returns: System error 5 has occurred. Access is denied and if try to map a share, I see the following in the log.winbindd: [2006/02/07 15:38:00, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336) [0]: getpwnam WINTESTUSER [2006/02/07 15:38:00, 5] nsswitch/winbindd_user.c:getpwsid_sid2uid_recv(264) Could not query user's DOMAIN\wintestuser uid [2006/02/07 15:46:04, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(454) The user 'wintestuser' does not exist in unix. This is on Solaris 10 and Samba 3.0.21b, I am not using PAM for samba, not sure if that causes this problem. Other Samba servers with lower version (3.04) do not have this problem. Thanks for any help. Vahid. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] korean character sets
We have built a Suse Linux box as a member server to an existing NT 4 domain. kernel is 2.6.11.xxx samba is 3.0.13-xxx all local file systems are reiser. We installed samba from suse rpm's. We have noted that when we smbmount an existing nt 4 server, and the proceed to do a cp -R smbmountpoint localfilesystem we miss getting files that are named with Korean characters. The linux representation of these file names includes all kinds of weird ascii characters including things like |,,*. etc. I'm not sure if there is something I need to add to smb.conf to make sure that samba properly handles the additional code page, if gnu cp is broken, or if I need to add something to my linux mount command to instruct it to use unicode. Any pointers will be appreciated. -- David Bear phone: 480-965-8257 fax:480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 Beware the IP portfolio, everyone will be suspect of trespassing -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Office 2003 hangs when writing to share
I am having a problem writing/saving to a SMB share with O2K3(Word). In WORD, if I File/SaveAs \\machine\share\fred.doc - the windows machine hangs completely (Explorer+Word immediately, then all other processes after a period of say 1min). Most other scenarios succeed: ok: File/SaveAs C:\fred.doc, then move to \\machine\share using explorer. ok: Outlook.PST file on \\machine\share can be written to. ok: iTunes\library on \\machine\share\My Docs\iTunes\ can be written to. ok: Notepad save to \\machine\share succeeds. Permissions on the share/directory at the linux level (suse 9.3) are rwx/rwx/rwx. Create mask is 0777 (in fact all masks are 0777). locking = no strict locking = no Linux is SuSE 9.3 Samba is 3.0.9 Windows is XP SP2 Office is 2003 WinXP Firewall is OFF. WinXP and O2K3 are fresh installs. Any ideas pls? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot join windows XP machine to Samba Domain
Hi everybody, I have Samba 3.0.21b running LDAP with IDEALX 9.1 scripts on SuSE 10. The system has been working for many months with no issues. (Thanks to John T's initial help.) When I try to add XP machine to the domain, I receive the error message, many have received: user not found Of course, I am using root, and that is the administrative users. Some XP machines add properly, though. I read most of the posts on this, and it appeared to work with earlier versions of Samba. I will also try down revving Samba to see, as some have had issues. Any assistance or direction would be helpful. Thanks in advance. -- Steven C. Henry [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Xp Home hack + Domain join
Hello fellows, Does anyone of you has found the hack to permit win xp home edition to join a domain controller. I found somewhere on the net a software that does this. But it cost 145 $ US, so like the upgrade... ( the only difference in that i will not give the money to Bill Gates) My problem is with the password modification. Every times someone does change his password, he has to go onto the server and put his password again. If someone found a solution. I m running samba 3.X on a fedora 4. Thanks -- Franck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain user + local admin group
Howdy All, My samba server has decided to throw a hissy fit and its quite distressing ( not hair tearing out yet but will be soon ). Samba Version 3.02 To give domain users admin rights to their local machine I have in the past simply made domain users part of the local admin group. Perhaps not the most elegant solution , but it works. I today installed two more machines ( XP sp2 )onto the network and the machines joined the domain without any grief, and when you look at users and groups on the local machines the admin group has domain admins and the users group has domain users ( this done automatically by samba ) however if I try to add the domain users group to the local administrators group , which I have done on the other 60 machines on the network, the machine simply hangs and says it cant do it. Looking at top on the server there is an smbd process which is spawned ( and doesn't stop ) which is utilising 99.9% of the server cpu . This is a bad thing :( I have read the how-to and have gone back over previous emails on the subject and am none the wiser. I should add that I am far from an expert, and am trying to establish what has changed on the system which would cause this behaviour. So far the only thing I can see that I have done is to change the root password at the linux level ( I then changed the samba root password in desperation to the same thing with /etc/samba/smbpasswd root and entered the same password. Unfortunately no joy. using redhat9 and samba 3.02 I am reluctant to experiment much as this is a live system . Any and all help or ideas are appreciated Greg Andrews -- Greg Andrews System Manager RGTechnologies Pty Ltd 606 Skipton Street Ballarat 3350 613 53363603 0417 511 731 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] About join domain in different subnet.
Hi all: I have a question about join domain. If my samba server and domain controller are in different subnet (such as 192.168.1.x and 192.168.2.x), two conditions happened: ADS domain 1. if I use domain name, then join fail. 2. if I use IP address of domain controller, join success. However, in both cases I can't retrieve domain users/groups. Is it necessary for samba sever and domain controller in the same subnet in order to get domain users/list list? Can NT domain in different subnet? Thanks in advance. Latrell. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain user + local admin group
On Thu, 2006-02-09 at 17:27 +1100, Greg Andrews wrote: Howdy All, My samba server has decided to throw a hissy fit and its quite distressing ( not hair tearing out yet but will be soon ). Samba Version 3.02 To give domain users admin rights to their local machine I have in the past simply made domain users part of the local admin group. Perhaps not the most elegant solution , but it works. I today installed two more machines ( XP sp2 )onto the network and the machines joined the domain without any grief, and when you look at users and groups on the local machines the admin group has domain admins and the users group has domain users ( this done automatically by samba ) however if I try to add the domain users group to the local administrators group , which I have done on the other 60 machines on the network, the machine simply hangs and says it cant do it. Looking at top on the server there is an smbd process which is spawned ( and doesn't stop ) which is utilising 99.9% of the server cpu . This is a bad thing :( I have read the how-to and have gone back over previous emails on the subject and am none the wiser. I should add that I am far from an expert, and am trying to establish what has changed on the system which would cause this behaviour. So far the only thing I can see that I have done is to change the root password at the linux level ( I then changed the samba root password in desperation to the same thing with /etc/samba/smbpasswd root and entered the same password. Unfortunately no joy. using redhat9 and samba 3.02 I am reluctant to experiment much as this is a live system . Any and all help or ideas are appreciated doesn't strike me as having anything whatsoever to do with passwords...sounds more like a problem with group mapping... why don't you try posting up - or checking out for yourself... # net groupmap list # samba getlocalsid and see if the SID portion prior to RID's are all in alignment...sounds like something changed or the Domain Users SID isn't correct. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba/ldap network and domain setup advice
Hi, I am sure this has been discussed before but all the documentation I could find seems to be old. I have two main sites that make the core part of our network. They are connected by a link that is usually congested. On the first site, of about 500 users, we have implemented Samba/LDAP. I now need to work out what to do with the second site of about 1000 users. So the requirements are. 1. Some other applications are uisng LDAP authentication and all users from both sites need to authenticated. 2. Some users often travel between sites so it would be useful if they can log into samba at both places. 3. The link between the two sites is probably too slow for doing anything useful except perhaps LDAP replication. So what is the best way of going about this? Do I setup two domains? If I have two domains what is the best way of segregating users so that other LDAP applications can see all users. What have other people done in these types of situaitons and what things should I avoid or be aware of? Thanks, Abdul-Wahid -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] About join domain in different subnet.
Someone else on the list may correct me, but I think the problem is that the computer joining the domain is discovering the domain controller by broadcast -- and broadcasts don't cross the router. I suppose this might help you understand what you are dealing with: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/ NetworkBrowsing.html Somewhere in the network control panel, you can tell your windows workstation to use WINS first for name resolution, and if the remote samba is also acting as a wins server, that is the one you will want to use to discover the controller for your domain. Or perhaps you can customize the workstation's LMHOSTS file, prior to making the attempt to join the domain. On Feb 8, 2006, at 9:24 PM, Latrell wrote: Hi all: I have a question about join domain. If my samba server and domain controller are in different subnet (such as 192.168.1.x and 192.168.2.x), two conditions happened: ADS domain 1. if I use domain name, then join fail. 2. if I use IP address of domain controller, join success. However, in both cases I can't retrieve domain users/groups. Is it necessary for samba sever and domain controller in the same subnet in order to get domain users/list list? Can NT domain in different subnet? Thanks in advance. Latrell. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [resend] SAMBA and X509 certs ?
thank you for your answer, I will discuss with my team of active directory, kerberos and pkinit today. I think you understood our problem in the main facts, we have windowsXP clients (sp2, all fixes) and linux clients (debians, ubunto and others debian like). The main security problem is linked to the datas stored on the file server and the crossing of an open network (worldwide intranet) to connect our distant agencies. I think we're going to put as you propose a ssl tunnel controlled by a small openvpn server or ssltunel with a good control of certificates validity. The advantage of this solution is that we have lots of clients that implements certificates much better than 802.1X API in windows implements it. But the problem with this, as you said, samba will not deal with it, and we're going to ask for our customers to remember another login/pass... Andrew Bartlett a écrit : On Tue, 2006-02-07 at 10:14 +0100, romain BOTTAN wrote: Hello everybody, I'll try to find out some info about Samba and a way to put x509 authenticate method but i don't find anything clear about it. There are not many 'good' options to put x509 certificates into the Samba authentication space, and if very much depends on the client and domain environment. Perhaps you are looking for an AD implementation, with PKINIT on kerberos? This is the only real solution for windows clients. If you control the clients (say they run Linux), you could push all CIFS connections via a SSL tunnel, but Samba wouldn't 'know' about this, so would not actually authenticate the users as such. Perhaps you need to explain what you are trying to do a bit more. Andrew Bartlett -- = Romain BOTTAN ALCATEL CIT - Service Sécurité 26 Av. JF Champollion - BP 1076 31035 TOULOUSE cedex 1 Tél: +33(0)5 34 35 33 74 Port: +33(0)6 15 41 44 50 Fax: +33(0)5 34 35 33 99 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Fwd: [Samba] Is this option supported by a samba v3 PDC ?]
hi, i´m sorry to ask this again, but doesn´t anyone have an idea or link or ...? thx in advance! -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Fwd: [Samba] Understanding some Policies]
hi, i´m sorry to ask this again, but doesn´t anyone have an idea or link or ...? thx in advance! -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [resend] SAMBA and X509 certs ?
romain BOTTAN wrote: thank you for your answer, I will discuss with my team of active directory, kerberos and pkinit today. I think you understood our problem in the main facts, we have windowsXP clients (sp2, all fixes) and linux clients (debians, ubunto and others debian like). The main security problem is linked to the datas stored on the file server and the crossing of an open network (worldwide intranet) to connect our distant agencies. I think we're going to put as you propose a ssl tunnel controlled by a small openvpn server or ssltunel with a good control of certificates validity. The advantage of this solution is that we have lots of clients that implements certificates much better than 802.1X API in windows implements it. But the problem with this, as you said, samba will not deal with it, and we're going to ask for our customers to remember another login/pass... Andrew Bartlett a écrit : On Tue, 2006-02-07 at 10:14 +0100, romain BOTTAN wrote: Hello everybody, I'll try to find out some info about Samba and a way to put x509 authenticate method but i don't find anything clear about it. There are not many 'good' options to put x509 certificates into the Samba authentication space, and if very much depends on the client and domain environment. Perhaps you are looking for an AD implementation, with PKINIT on kerberos? This is the only real solution for windows clients. If you control the clients (say they run Linux), you could push all CIFS connections via a SSL tunnel, but Samba wouldn't 'know' about this, so would not actually authenticate the users as such. Perhaps you need to explain what you are trying to do a bit more. Andrew Bartlett what about some vpn tunnels between you local and remote networks? (perhaps you already have this) if you're considering using samba over the internet, it seems like site-to-site or vpn would serve you best in terms of security. that's what i do with my remote offices. -- My Website: http://messinet.com My Online Gallery: http://messinet.com/modules.php?name=Web_Linksl_op=visitlid=3 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r13389 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: vlendec
Date: 2006-02-08 10:36:13 + (Wed, 08 Feb 2006)
New Revision: 13389
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13389
Log:
get_ldap_filter is only used once, make it static
Modified:
branches/SAMBA_3_0/source/passdb/pdb_ldap.c
trunk/source/passdb/pdb_ldap.c
Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-02-08 05:14:48 UTC (rev
13388)
+++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-02-08 10:36:13 UTC (rev
13389)
@@ -3875,7 +3875,7 @@
return result;
}
-char *get_ldap_filter(TALLOC_CTX *mem_ctx, const char *username)
+static char *get_ldap_filter(TALLOC_CTX *mem_ctx, const char *username)
{
char *filter = NULL;
char *escaped = NULL;
Modified: trunk/source/passdb/pdb_ldap.c
===
--- trunk/source/passdb/pdb_ldap.c 2006-02-08 05:14:48 UTC (rev 13388)
+++ trunk/source/passdb/pdb_ldap.c 2006-02-08 10:36:13 UTC (rev 13389)
@@ -3875,7 +3875,7 @@
return result;
}
-char *get_ldap_filter(TALLOC_CTX *mem_ctx, const char *username)
+static char *get_ldap_filter(TALLOC_CTX *mem_ctx, const char *username)
{
char *filter = NULL;
char *escaped = NULL;
svn commit: samba r13390 - in branches/tmp: .
Author: vlendec Date: 2006-02-08 11:28:40 + (Wed, 08 Feb 2006) New Revision: 13390 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13390 Log: I'm about to mess with posix acls for a few days I think. Get me a private sandbox. Volker Added: branches/tmp/vl-posixacls/ Changeset: Copied: branches/tmp/vl-posixacls (from rev 13389, branches/SAMBA_3_0)
svn commit: samba r13391 - branches/SAMBA_3_0/source/nsswitch trunk/source/nsswitch
Author: gd
Date: 2006-02-08 11:57:38 + (Wed, 08 Feb 2006)
New Revision: 13391
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13391
Log:
Only fall into password change when ACB_PWNOEXP is not set
(got it wrong the first time as administrator has this flag set by
default).
Guenther
Modified:
branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
trunk/source/nsswitch/pam_winbind.c
Changeset:
Modified: branches/SAMBA_3_0/source/nsswitch/pam_winbind.c
===
--- branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-02-08 11:28:40 UTC
(rev 13390)
+++ branches/SAMBA_3_0/source/nsswitch/pam_winbind.c2006-02-08 11:57:38 UTC
(rev 13391)
@@ -419,7 +419,7 @@
/* handle the case where the auth was ok, but the password must expire
right now */
/* good catch from Ralf Haferkamp: an expiry of never is translated
to -1 */
- if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN )
+ if ( ! (response.data.auth.info3.acct_flags ACB_PWNOEXP)
(response.data.auth.policy.expire 0)
(response.data.auth.info3.pass_last_set_time +
response.data.auth.policy.expire time(NULL))) {
@@ -436,7 +436,7 @@
}
/* warn a user if the password is about to expire soon */
- if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN )
+ if ( ! (response.data.auth.info3.acct_flags ACB_PWNOEXP)
(response.data.auth.policy.expire)
(response.data.auth.info3.pass_last_set_time +
response.data.auth.policy.expire time(NULL) ) ) {
Modified: trunk/source/nsswitch/pam_winbind.c
===
--- trunk/source/nsswitch/pam_winbind.c 2006-02-08 11:28:40 UTC (rev 13390)
+++ trunk/source/nsswitch/pam_winbind.c 2006-02-08 11:57:38 UTC (rev 13391)
@@ -419,7 +419,7 @@
/* handle the case where the auth was ok, but the password must expire
right now */
/* good catch from Ralf Haferkamp: an expiry of never is translated
to -1 */
- if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN )
+ if ( ! (response.data.auth.info3.acct_flags ACB_PWNOEXP)
(response.data.auth.policy.expire 0)
(response.data.auth.info3.pass_last_set_time +
response.data.auth.policy.expire time(NULL))) {
@@ -436,7 +436,7 @@
}
/* warn a user if the password is about to expire soon */
- if ((response.data.auth.info3.user_rid != DOMAIN_USER_RID_ADMIN )
+ if ( ! (response.data.auth.info3.acct_flags ACB_PWNOEXP)
(response.data.auth.policy.expire)
(response.data.auth.info3.pass_last_set_time +
response.data.auth.policy.expire time(NULL) ) ) {
svn commit: samba r13392 - in branches/SAMBA_3_0/packaging/RHEL: .
Author: jerry
Date: 2006-02-08 14:18:05 + (Wed, 08 Feb 2006)
New Revision: 13392
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13392
Log:
check gcc version before trying 'make pch'. remove some historical actions
Modified:
branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl
Changeset:
Modified: branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl
===
--- branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl 2006-02-08 11:57:38 UTC
(rev 13391)
+++ branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl 2006-02-08 14:18:05 UTC
(rev 13392)
@@ -152,8 +152,19 @@
make showlayout
-make CFLAGS=$RPM_OPT_FLAGS -D_GNU_SOURCE proto pch
+make CFLAGS=$RPM_OPT_FLAGS -D_GNU_SOURCE proto
+## check for gcc 3.4 or later
+CC_VERSION=`${CC} --version | head -1 | awk '{print $3}'`
+CC_MAJOR=`echo ${CC_VERSION} | cut -d. -f 1`
+CC_MINOR=`echo ${CC_VERSION} | cut -d. -f 2`
+if [ ${CC_MAJOR} -ge 3 ]; then
+if [ ${CC_MAJOR} -gt 3 -o ${CC_MINOR} -ge 4 ]; then
+make pch
+fi
+fi
+
+
make CFLAGS=$RPM_OPT_FLAGS -D_GNU_SOURCE %{?_smp_mflags} \
all modules pam_smbpass
@@ -276,9 +287,7 @@
rm -rf $RPM_BUILD_ROOT
%post
-/sbin/chkconfig --add smb
-
-## deal with an upgrade from a broken 3.0.21a.1 RPM
+## deal with an upgrade from a broken 3.0.21b RPM
if [ $1 -eq 2 ]; then
if [ -d /var/cache/samba ]; then
for file in `ls /var/cache/samba/*tdb`; do
@@ -296,6 +305,7 @@
%preun
if [ $1 = 0 ] ; then
/sbin/chkconfig --del smb
+/sbin/chkconfig --del winbind
# rm -rf /var/log/samba/* /var/lib/samba/*
/sbin/service smb stop /dev/null 21
fi
@@ -303,7 +313,7 @@
%postun
if [ $1 -ge 1 ]; then
- %{initdir}/smb condrestart /dev/null 21
+ %{initdir}/smb restart /dev/null 21
fi
@@ -314,31 +324,11 @@
fi
%post common
-/sbin/chkconfig --add winbind
/sbin/ldconfig
-%preun common
-if [ $1 = 0 ] ; then
-/sbin/chkconfig --del winbind
-/sbin/service winbind stop /dev/null 21
-fi
-exit 0
+%postun common
+/sbin/ldconfig
-%postun common -p /sbin/ldconfig
-
-%triggerpostun -- samba 1.9.18p7
-if [ $1 != 0 ]; then
-/sbin/chkconfig --add smb
-fi
-
-%triggerpostun -- samba 2.0.5a-3
-if [ $1 != 0 ]; then
-[ ! -d /var/lock/samba ] mkdir -m 0755 /var/lock/samba
-[ ! -d /var/spool/samba ] mkdir -m 1777 /var/spool/samba
-chmod 644 /etc/services
-[ -f /etc/inetd.conf ] chmod 644 /etc/inetd.conf
-fi
-
###
## Files section ##
###
svn commit: samba r13393 - branches/SAMBA_3_0/source/lib branches/SAMBA_3_0/source/param branches/SAMBA_3_0/source/rpc_server branches/SAMBA_3_0/source/services trunk/source/lib trunk/source/param tru
Author: jerry
Date: 2006-02-08 15:09:09 + (Wed, 08 Feb 2006)
New Revision: 13393
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13393
Log:
Do not initialize the lp_svcctl_list() value since it is handled
internally in services_db.c now. This prevents internal services from
being listed twice (one internal and one external) when no
'svcctl list' parameter is explcitly set in smb.conf
Modified:
branches/SAMBA_3_0/source/lib/util_str.c
branches/SAMBA_3_0/source/param/loadparm.c
branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c
branches/SAMBA_3_0/source/services/services_db.c
trunk/source/lib/util_str.c
trunk/source/param/loadparm.c
trunk/source/rpc_server/srv_svcctl_nt.c
trunk/source/services/services_db.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/util_str.c
===
--- branches/SAMBA_3_0/source/lib/util_str.c2006-02-08 14:18:05 UTC (rev
13392)
+++ branches/SAMBA_3_0/source/lib/util_str.c2006-02-08 15:09:09 UTC (rev
13393)
@@ -1852,6 +1852,9 @@
{
int i = 0;
+ if ( ! list )
+ return 0;
+
/* count the number of list members */
for ( i=0; *list; i++, list++ );
Modified: branches/SAMBA_3_0/source/param/loadparm.c
===
--- branches/SAMBA_3_0/source/param/loadparm.c 2006-02-08 14:18:05 UTC (rev
13392)
+++ branches/SAMBA_3_0/source/param/loadparm.c 2006-02-08 15:09:09 UTC (rev
13393)
@@ -1655,8 +1655,6 @@
Globals.bASUSupport = True;
- Globals.szServicesList = str_list_make( Spooler NETLOGON, NULL );
-
/* User defined shares. */
pstrcpy(s, dyn_LOCKDIR);
pstrcat(s, /usershares);
Modified: branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c2006-02-08
14:18:05 UTC (rev 13392)
+++ branches/SAMBA_3_0/source/rpc_server/srv_svcctl_nt.c2006-02-08
15:09:09 UTC (rev 13393)
@@ -72,7 +72,7 @@
/* services listed in smb.conf get the rc.init interface */
- for ( i=0; service_list[i]; i++ ) {
+ for ( i=0; service_list service_list[i]; i++ ) {
svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i]
);
svcctl_ops[i].ops = rcinit_svc_ops;
}
Modified: branches/SAMBA_3_0/source/services/services_db.c
===
--- branches/SAMBA_3_0/source/services/services_db.c2006-02-08 14:18:05 UTC
(rev 13392)
+++ branches/SAMBA_3_0/source/services/services_db.c2006-02-08 15:09:09 UTC
(rev 13393)
@@ -436,7 +436,7 @@
for ( i=0; builtin_svcs[i].servicename; i++ )
add_new_svc_name( key, subkeys, builtin_svcs[i].servicename );
- for ( i=0; service_list[i]; i++ ) {
+ for ( i=0; service_list service_list[i]; i++ ) {
/* only add new services */
if ( regsubkey_ctr_key_exists( subkeys, service_list[i] ) )
Modified: trunk/source/lib/util_str.c
===
--- trunk/source/lib/util_str.c 2006-02-08 14:18:05 UTC (rev 13392)
+++ trunk/source/lib/util_str.c 2006-02-08 15:09:09 UTC (rev 13393)
@@ -1852,6 +1852,9 @@
{
int i = 0;
+ if ( ! list )
+ return 0;
+
/* count the number of list members */
for ( i=0; *list; i++, list++ );
Modified: trunk/source/param/loadparm.c
===
--- trunk/source/param/loadparm.c 2006-02-08 14:18:05 UTC (rev 13392)
+++ trunk/source/param/loadparm.c 2006-02-08 15:09:09 UTC (rev 13393)
@@ -1655,8 +1655,6 @@
Globals.bASUSupport = True;
- Globals.szServicesList = str_list_make( Spooler NETLOGON, NULL );
-
/* User defined shares. */
pstrcpy(s, dyn_LOCKDIR);
pstrcat(s, /usershares);
Modified: trunk/source/rpc_server/srv_svcctl_nt.c
===
--- trunk/source/rpc_server/srv_svcctl_nt.c 2006-02-08 14:18:05 UTC (rev
13392)
+++ trunk/source/rpc_server/srv_svcctl_nt.c 2006-02-08 15:09:09 UTC (rev
13393)
@@ -72,7 +72,7 @@
/* services listed in smb.conf get the rc.init interface */
- for ( i=0; service_list[i]; i++ ) {
+ for ( i=0; service_list service_list[i]; i++ ) {
svcctl_ops[i].name = talloc_strdup( svcctl_ops, service_list[i]
);
svcctl_ops[i].ops = rcinit_svc_ops;
}
Modified: trunk/source/services/services_db.c
===
--- trunk/source/services/services_db.c 2006-02-08 14:18:05 UTC (rev 13392)
+++
svn commit: samba r13394 - branches/SAMBA_3_0/source/rpcclient trunk/source/rpcclient
Author: vlendec Date: 2006-02-08 19:28:25 + (Wed, 08 Feb 2006) New Revision: 13394 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13394 Log: Fix rpcclient to obey the -W parameter. Not that I *like* the smbclient solution, but it does this particular job... :-) Volker Modified: branches/SAMBA_3_0/source/rpcclient/rpcclient.c trunk/source/rpcclient/rpcclient.c Changeset: Modified: branches/SAMBA_3_0/source/rpcclient/rpcclient.c === --- branches/SAMBA_3_0/source/rpcclient/rpcclient.c 2006-02-08 15:09:09 UTC (rev 13393) +++ branches/SAMBA_3_0/source/rpcclient/rpcclient.c 2006-02-08 19:28:25 UTC (rev 13394) @@ -689,6 +689,7 @@ struct in_addr server_ip; NTSTATUSnt_status; static int opt_port = 0; + fstring new_workgroup; /* make sure the vars that get altered (4th field) are in a fixed location or certain compilers complain */ @@ -755,11 +756,22 @@ if (!init_names()) return 1; + /* save the workgroup... + + FIXME!! do we need to do this for other options as well + (or maybe a generic way to keep lp_load() from overwriting + everything)? */ + + fstrcpy( new_workgroup, lp_workgroup() ); + /* Load smb.conf file */ if (!lp_load(dyn_CONFIGFILE,True,False,False,True)) fprintf(stderr, Can't load %s\n, dyn_CONFIGFILE); + if ( strlen(new_workgroup) != 0 ) + set_global_myworkgroup( new_workgroup ); + /* * Get password * from stdin if necessary Modified: trunk/source/rpcclient/rpcclient.c === --- trunk/source/rpcclient/rpcclient.c 2006-02-08 15:09:09 UTC (rev 13393) +++ trunk/source/rpcclient/rpcclient.c 2006-02-08 19:28:25 UTC (rev 13394) @@ -691,6 +691,7 @@ struct in_addr server_ip; NTSTATUSnt_status; static int opt_port = 0; + fstring new_workgroup; /* make sure the vars that get altered (4th field) are in a fixed location or certain compilers complain */ @@ -757,11 +758,22 @@ if (!init_names()) return 1; + /* save the workgroup... + + FIXME!! do we need to do this for other options as well + (or maybe a generic way to keep lp_load() from overwriting + everything)? */ + + fstrcpy( new_workgroup, lp_workgroup() ); + /* Load smb.conf file */ if (!lp_load(dyn_CONFIGFILE,True,False,False,True)) fprintf(stderr, Can't load %s\n, dyn_CONFIGFILE); + if ( strlen(new_workgroup) != 0 ) + set_global_myworkgroup( new_workgroup ); + /* * Get password * from stdin if necessary
svn commit: samba r13395 - in trunk/source: include libsmb rpc_parse rpc_server
Author: jra
Date: 2006-02-08 22:16:00 + (Wed, 08 Feb 2006)
New Revision: 13395
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13395
Log:
Add in userinfo26, re-enable userinfo25 - took the knowledge
from Samba4 on how to decode the 532 byte password buffers.
Getting closer to passing samba4 RPC-SCHANNEL test.
Jeremy.
Modified:
trunk/source/include/rpc_samr.h
trunk/source/libsmb/smbencrypt.c
trunk/source/rpc_parse/parse_samr.c
trunk/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: trunk/source/include/rpc_samr.h
===
--- trunk/source/include/rpc_samr.h 2006-02-08 19:28:25 UTC (rev 13394)
+++ trunk/source/include/rpc_samr.h 2006-02-08 22:16:00 UTC (rev 13395)
@@ -277,7 +277,14 @@
UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */
} SAM_USER_INFO_25;
+/* SAM_USER_INFO_26 */
+typedef struct sam_user_info_26
+{
+ uint8 pass[532];
+ uint8 pw_len;
+} SAM_USER_INFO_26;
+
/* SAM_USER_INFO_21 */
typedef struct sam_user_info_21
{
@@ -1272,6 +1279,7 @@
SAM_USER_INFO_23 *id23;
SAM_USER_INFO_24 *id24;
SAM_USER_INFO_25 *id25;
+ SAM_USER_INFO_26 *id26;
void* id; /* to make typecasting easy */
} info;
Modified: trunk/source/libsmb/smbencrypt.c
===
--- trunk/source/libsmb/smbencrypt.c2006-02-08 19:28:25 UTC (rev 13394)
+++ trunk/source/libsmb/smbencrypt.c2006-02-08 22:16:00 UTC (rev 13395)
@@ -531,6 +531,25 @@
}
/***
+ Decode an arc4 encrypted password change buffer.
+/
+
+void encode_or_decode_arc4_passwd_buffer(char pw_buf[532], const DATA_BLOB
*psession_key)
+{
+ struct MD5Context tctx;
+ unsigned char key_out[16];
+
+ /* Confounder is last 16 bytes. */
+
+ MD5Init(tctx);
+ MD5Update(tctx, pw_buf[516], 16);
+ MD5Update(tctx, psession_key-data, psession_key-length);
+ MD5Final(key_out, tctx);
+ /* arc4 with key_out. */
+ SamOEMhash(pw_buf, key_out, 516);
+}
+
+/***
Encrypt/Decrypt used for LSA secrets and trusted domain
passwords.
/
Modified: trunk/source/rpc_parse/parse_samr.c
===
--- trunk/source/rpc_parse/parse_samr.c 2006-02-08 19:28:25 UTC (rev 13394)
+++ trunk/source/rpc_parse/parse_samr.c 2006-02-08 22:16:00 UTC (rev 13395)
@@ -5404,13 +5404,41 @@
if (MARSHALLING(ps) (usr-pw_len != 0)) {
if (!prs_uint16(pw_len, ps, depth, usr-pw_len))
return False;
+ } else if (UNMARSHALLING(ps)) {
+ if (!prs_uint16(pw_len, ps, depth, usr-pw_len))
+ return False;
}
+
+ return True;
+}
+
+/***
+reads or writes a structure.
+/
+
+static BOOL sam_io_user_info26(const char *desc, SAM_USER_INFO_26 * usr,
+ prs_struct *ps, int depth)
+{
+ if (usr == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, sam_io_user_info26);
+ depth++;
+
if(!prs_align(ps))
return False;
+ if(!prs_uint8s(False, password, ps, depth, usr-pass,
+ sizeof(usr-pass)))
+ return False;
+
+ if (!prs_uint8(pw_len, ps, depth, usr-pw_len))
+ return False;
+
return True;
}
+
/*
init_sam_user_info23
@@ -6475,6 +6503,16 @@
}
ret = sam_io_user_info25(, ctr-info.id25, ps, depth);
break;
+ case 26:
+ if (UNMARSHALLING(ps))
+ ctr-info.id26 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_26,1);
+
+ if (ctr-info.id26 == NULL) {
+ DEBUG(2,(samr_io_userinfo_ctr: info pointer not
initialised\n));
+ return False;
+ }
+ ret = sam_io_user_info26(, ctr-info.id26, ps, depth);
+ break;
default:
DEBUG(2, (samr_io_userinfo_ctr: unknown switch level 0x%x\n,
ctr-switch_value));
ret = False;
Modified: trunk/source/rpc_server/srv_samr_nt.c
===
--- trunk/source/rpc_server/srv_samr_nt.c 2006-02-08 19:28:25 UTC (rev
13394)
+++ trunk/source/rpc_server/srv_samr_nt.c 2006-02-08 22:16:00 UTC (rev
13395)
@@ -3316,27 +3316,27 @@
break;
svn commit: samba r13396 - in branches/SAMBA_3_0/source: include libsmb rpc_parse rpc_server
Author: jra
Date: 2006-02-08 22:16:03 + (Wed, 08 Feb 2006)
New Revision: 13396
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13396
Log:
Add in userinfo26, re-enable userinfo25 - took the knowledge
from Samba4 on how to decode the 532 byte password buffers.
Getting closer to passing samba4 RPC-SCHANNEL test.
Jeremy.
Modified:
branches/SAMBA_3_0/source/include/rpc_samr.h
branches/SAMBA_3_0/source/libsmb/smbencrypt.c
branches/SAMBA_3_0/source/rpc_parse/parse_samr.c
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_samr.h
===
--- branches/SAMBA_3_0/source/include/rpc_samr.h2006-02-08 22:16:00 UTC
(rev 13395)
+++ branches/SAMBA_3_0/source/include/rpc_samr.h2006-02-08 22:16:03 UTC
(rev 13396)
@@ -277,7 +277,14 @@
UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */
} SAM_USER_INFO_25;
+/* SAM_USER_INFO_26 */
+typedef struct sam_user_info_26
+{
+ uint8 pass[532];
+ uint8 pw_len;
+} SAM_USER_INFO_26;
+
/* SAM_USER_INFO_21 */
typedef struct sam_user_info_21
{
@@ -1272,6 +1279,7 @@
SAM_USER_INFO_23 *id23;
SAM_USER_INFO_24 *id24;
SAM_USER_INFO_25 *id25;
+ SAM_USER_INFO_26 *id26;
void* id; /* to make typecasting easy */
} info;
Modified: branches/SAMBA_3_0/source/libsmb/smbencrypt.c
===
--- branches/SAMBA_3_0/source/libsmb/smbencrypt.c 2006-02-08 22:16:00 UTC
(rev 13395)
+++ branches/SAMBA_3_0/source/libsmb/smbencrypt.c 2006-02-08 22:16:03 UTC
(rev 13396)
@@ -531,6 +531,25 @@
}
/***
+ Decode an arc4 encrypted password change buffer.
+/
+
+void encode_or_decode_arc4_passwd_buffer(char pw_buf[532], const DATA_BLOB
*psession_key)
+{
+ struct MD5Context tctx;
+ unsigned char key_out[16];
+
+ /* Confounder is last 16 bytes. */
+
+ MD5Init(tctx);
+ MD5Update(tctx, pw_buf[516], 16);
+ MD5Update(tctx, psession_key-data, psession_key-length);
+ MD5Final(key_out, tctx);
+ /* arc4 with key_out. */
+ SamOEMhash(pw_buf, key_out, 516);
+}
+
+/***
Encrypt/Decrypt used for LSA secrets and trusted domain
passwords.
/
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_samr.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2006-02-08 22:16:00 UTC
(rev 13395)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_samr.c2006-02-08 22:16:03 UTC
(rev 13396)
@@ -5404,13 +5404,41 @@
if (MARSHALLING(ps) (usr-pw_len != 0)) {
if (!prs_uint16(pw_len, ps, depth, usr-pw_len))
return False;
+ } else if (UNMARSHALLING(ps)) {
+ if (!prs_uint16(pw_len, ps, depth, usr-pw_len))
+ return False;
}
+
+ return True;
+}
+
+/***
+reads or writes a structure.
+/
+
+static BOOL sam_io_user_info26(const char *desc, SAM_USER_INFO_26 * usr,
+ prs_struct *ps, int depth)
+{
+ if (usr == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, sam_io_user_info26);
+ depth++;
+
if(!prs_align(ps))
return False;
+ if(!prs_uint8s(False, password, ps, depth, usr-pass,
+ sizeof(usr-pass)))
+ return False;
+
+ if (!prs_uint8(pw_len, ps, depth, usr-pw_len))
+ return False;
+
return True;
}
+
/*
init_sam_user_info23
@@ -6475,6 +6503,16 @@
}
ret = sam_io_user_info25(, ctr-info.id25, ps, depth);
break;
+ case 26:
+ if (UNMARSHALLING(ps))
+ ctr-info.id26 = PRS_ALLOC_MEM(ps,SAM_USER_INFO_26,1);
+
+ if (ctr-info.id26 == NULL) {
+ DEBUG(2,(samr_io_userinfo_ctr: info pointer not
initialised\n));
+ return False;
+ }
+ ret = sam_io_user_info26(, ctr-info.id26, ps, depth);
+ break;
default:
DEBUG(2, (samr_io_userinfo_ctr: unknown switch level 0x%x\n,
ctr-switch_value));
ret = False;
Modified: branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
===
---
svn commit: samba r13397 - in branches/SAMBA_4_0/source/lib/talloc: .
Author: jpeach
Date: 2006-02-08 23:44:17 + (Wed, 08 Feb 2006)
New Revision: 13397
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13397
Log:
Propagate the error return from vsnprintf to trap the case where
we aren't linked against a C99 vsnprintf.
Modified:
branches/SAMBA_4_0/source/lib/talloc/talloc.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/talloc/talloc.c
===
--- branches/SAMBA_4_0/source/lib/talloc/talloc.c 2006-02-08 22:16:03 UTC
(rev 13396)
+++ branches/SAMBA_4_0/source/lib/talloc/talloc.c 2006-02-08 23:44:17 UTC
(rev 13397)
@@ -1011,7 +1011,9 @@
VA_COPY(ap2, ap);
- len = vsnprintf(NULL, 0, fmt, ap2);
+ if ((len = vsnprintf(NULL, 0, fmt, ap2)) = 0) {
+ return NULL;
+ }
ret = _talloc(t, len+1);
if (ret) {
@@ -1060,7 +1062,15 @@
VA_COPY(ap2, ap);
s_len = tc-size - 1;
- len = vsnprintf(NULL, 0, fmt, ap2);
+ if ((len = vsnprintf(NULL, 0, fmt, ap2)) = 0) {
+ /* Either the vsnprintf failed or the format resulted in
+* no characters being formatted. In the former case, we
+* ought to return NULL, in the latter we ought to return
+* the original string. Most current callers of this
+* function expect it to never return NULL.
+*/
+ return s;
+ }
s = talloc_realloc(NULL, s, char, s_len + len+1);
if (!s) return NULL;
Build status as of Thu Feb 9 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-02-08 00:00:04.0 + +++ /home/build/master/cache/broken_results.txt 2006-02-09 00:00:06.0 + @@ -1,17 +1,17 @@ -Build status as of Wed Feb 8 00:00:02 2006 +Build status as of Thu Feb 9 00:00:02 2006 Build counts: Tree Total Broken Panic ccache 32 6 0 -distcc 10 3 0 +distcc 9 2 0 lorikeet-heimdal 15 14 0 ppp 17 0 0 -rsync33 3 0 +rsync32 3 0 samba2 0 0 samba-docs 0 0 0 -samba4 35 18 2 -samba_3_034 10 0 +samba4 34 19 2 +samba_3_033 10 0 smb-build24 4 0 -talloc 7 4 0 -tdb 5 1 0 +talloc 14 5 0 +tdb 4 1 0
svn commit: samba r13398 - in trunk/source: include rpc_parse rpc_server
Author: jra
Date: 2006-02-09 00:23:38 + (Thu, 09 Feb 2006)
New Revision: 13398
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13398
Log:
Get closer to passing RPC-SCHANNEL test.
Jeremy.
Modified:
trunk/source/include/rpc_netlogon.h
trunk/source/rpc_parse/parse_net.c
trunk/source/rpc_server/srv_netlog.c
trunk/source/rpc_server/srv_netlog_nt.c
trunk/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: trunk/source/include/rpc_netlogon.h
===
--- trunk/source/include/rpc_netlogon.h 2006-02-08 23:44:17 UTC (rev 13397)
+++ trunk/source/include/rpc_netlogon.h 2006-02-09 00:23:38 UTC (rev 13398)
@@ -169,6 +169,57 @@
} NET_USER_INFO_2;
#endif
+/* NET_USER_INFO_2 */
+typedef struct net_user_info_2 {
+ uint32 ptr_user_info;
+
+ NTTIME logon_time;/* logon time */
+ NTTIME logoff_time; /* logoff time */
+ NTTIME kickoff_time; /* kickoff time */
+ NTTIME pass_last_set_time;/* password last set time */
+ NTTIME pass_can_change_time; /* password can change time */
+ NTTIME pass_must_change_time; /* password must change time */
+
+ UNIHDR hdr_user_name;/* username unicode string header */
+ UNIHDR hdr_full_name;/* user's full name unicode string header */
+ UNIHDR hdr_logon_script; /* logon script unicode string header */
+ UNIHDR hdr_profile_path; /* profile path unicode string header */
+ UNIHDR hdr_home_dir; /* home directory unicode string header */
+ UNIHDR hdr_dir_drive;/* home directory drive unicode string header
*/
+
+ uint16 logon_count; /* logon count */
+ uint16 bad_pw_count; /* bad password count */
+
+ uint32 user_rid; /* User RID */
+ uint32 group_rid; /* Group RID */
+
+ uint32 num_groups;/* num groups */
+ uint32 buffer_groups; /* undocumented buffer pointer to groups. */
+ uint32 user_flgs; /* user flags */
+
+ uint8 user_sess_key[16]; /* user session key */
+
+ UNIHDR hdr_logon_srv; /* logon server unicode string header */
+ UNIHDR hdr_logon_dom; /* logon domain unicode string header */
+
+ uint32 buffer_dom_id; /* undocumented logon domain id pointer */
+ uint8 lm_sess_key[8]; /* lm session key */
+ uint32 acct_flags; /* account flags */
+ uint32 unknown[7]; /* unknown */
+
+ UNISTR2 uni_user_name;/* username unicode string */
+ UNISTR2 uni_full_name;/* user's full name unicode string */
+ UNISTR2 uni_logon_script; /* logon script unicode string */
+ UNISTR2 uni_profile_path; /* profile path unicode string */
+ UNISTR2 uni_home_dir; /* home directory unicode string */
+ UNISTR2 uni_dir_drive;/* home directory drive unicode string */
+
+ UNISTR2 uni_logon_srv; /* logon server unicode string */
+ UNISTR2 uni_logon_dom; /* logon domain unicode string */
+
+ DOM_SID2 dom_sid; /* domain SID */
+} NET_USER_INFO_2;
+
/* NET_USER_INFO_3 */
typedef struct net_user_info_3 {
uint32 ptr_user_info;
Modified: trunk/source/rpc_parse/parse_net.c
===
--- trunk/source/rpc_parse/parse_net.c 2006-02-08 23:44:17 UTC (rev 13397)
+++ trunk/source/rpc_parse/parse_net.c 2006-02-09 00:23:38 UTC (rev 13398)
@@ -1295,7 +1295,7 @@
{
NET_ID_INFO_CTR *ctr = *pp_ctr;
- prs_debug(ps, depth, desc, smb_io_sam_info);
+ prs_debug(ps, depth, desc, smb_io_sam_info_ctr);
depth++;
if (UNMARSHALLING(ps)) {
@@ -1323,7 +1323,7 @@
break;
default:
/* PANIC! */
- DEBUG(4,(smb_io_sam_info: unknown switch_value!\n));
+ DEBUG(4,(smb_io_sam_info_ctr: unknown switch_value!\n));
break;
}
@@ -1350,8 +1350,10 @@
if(!prs_uint32(ptr_rtn_cred , ps, depth, sam-ptr_rtn_cred))
return False;
- if(!smb_io_cred(, sam-rtn_cred, ps, depth))
- return False;
+ if (sam-ptr_rtn_cred) {
+ if(!smb_io_cred(, sam-rtn_cred, ps, depth))
+ return False;
+ }
if(!prs_uint16(logon_level , ps, depth, sam-logon_level))
return False;
@@ -1700,7 +1702,7 @@
if(!smb_io_dom_sid2(, usr-dom_sid, ps, depth)) /* domain
SID */
return False;
- if (usr-buffer_other_sids) {
+ if (validation_level == 3 usr-buffer_other_sids) {
uint32 num_other_sids = usr-num_other_sids;
@@ -1776,7 +1778,7 @@
if(!prs_align_uint16(ps))
return False;
-
+
if(!prs_uint16(validation_level, ps, depth, q_l-validation_level))
return False;
Modified: trunk/source/rpc_server/srv_netlog.c
svn commit: samba r13399 - in branches/SAMBA_3_0/source: include rpc_parse rpc_server
Author: jra
Date: 2006-02-09 00:23:40 + (Thu, 09 Feb 2006)
New Revision: 13399
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13399
Log:
Get closer to passing RPC-SCHANNEL test.
Jeremy.
Modified:
branches/SAMBA_3_0/source/include/rpc_netlogon.h
branches/SAMBA_3_0/source/rpc_parse/parse_net.c
branches/SAMBA_3_0/source/rpc_server/srv_netlog.c
branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
Changeset:
Modified: branches/SAMBA_3_0/source/include/rpc_netlogon.h
===
--- branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-09 00:23:38 UTC
(rev 13398)
+++ branches/SAMBA_3_0/source/include/rpc_netlogon.h2006-02-09 00:23:40 UTC
(rev 13399)
@@ -169,6 +169,57 @@
} NET_USER_INFO_2;
#endif
+/* NET_USER_INFO_2 */
+typedef struct net_user_info_2 {
+ uint32 ptr_user_info;
+
+ NTTIME logon_time;/* logon time */
+ NTTIME logoff_time; /* logoff time */
+ NTTIME kickoff_time; /* kickoff time */
+ NTTIME pass_last_set_time;/* password last set time */
+ NTTIME pass_can_change_time; /* password can change time */
+ NTTIME pass_must_change_time; /* password must change time */
+
+ UNIHDR hdr_user_name;/* username unicode string header */
+ UNIHDR hdr_full_name;/* user's full name unicode string header */
+ UNIHDR hdr_logon_script; /* logon script unicode string header */
+ UNIHDR hdr_profile_path; /* profile path unicode string header */
+ UNIHDR hdr_home_dir; /* home directory unicode string header */
+ UNIHDR hdr_dir_drive;/* home directory drive unicode string header
*/
+
+ uint16 logon_count; /* logon count */
+ uint16 bad_pw_count; /* bad password count */
+
+ uint32 user_rid; /* User RID */
+ uint32 group_rid; /* Group RID */
+
+ uint32 num_groups;/* num groups */
+ uint32 buffer_groups; /* undocumented buffer pointer to groups. */
+ uint32 user_flgs; /* user flags */
+
+ uint8 user_sess_key[16]; /* user session key */
+
+ UNIHDR hdr_logon_srv; /* logon server unicode string header */
+ UNIHDR hdr_logon_dom; /* logon domain unicode string header */
+
+ uint32 buffer_dom_id; /* undocumented logon domain id pointer */
+ uint8 lm_sess_key[8]; /* lm session key */
+ uint32 acct_flags; /* account flags */
+ uint32 unknown[7]; /* unknown */
+
+ UNISTR2 uni_user_name;/* username unicode string */
+ UNISTR2 uni_full_name;/* user's full name unicode string */
+ UNISTR2 uni_logon_script; /* logon script unicode string */
+ UNISTR2 uni_profile_path; /* profile path unicode string */
+ UNISTR2 uni_home_dir; /* home directory unicode string */
+ UNISTR2 uni_dir_drive;/* home directory drive unicode string */
+
+ UNISTR2 uni_logon_srv; /* logon server unicode string */
+ UNISTR2 uni_logon_dom; /* logon domain unicode string */
+
+ DOM_SID2 dom_sid; /* domain SID */
+} NET_USER_INFO_2;
+
/* NET_USER_INFO_3 */
typedef struct net_user_info_3 {
uint32 ptr_user_info;
Modified: branches/SAMBA_3_0/source/rpc_parse/parse_net.c
===
--- branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-09 00:23:38 UTC
(rev 13398)
+++ branches/SAMBA_3_0/source/rpc_parse/parse_net.c 2006-02-09 00:23:40 UTC
(rev 13399)
@@ -1295,7 +1295,7 @@
{
NET_ID_INFO_CTR *ctr = *pp_ctr;
- prs_debug(ps, depth, desc, smb_io_sam_info);
+ prs_debug(ps, depth, desc, smb_io_sam_info_ctr);
depth++;
if (UNMARSHALLING(ps)) {
@@ -1323,7 +1323,7 @@
break;
default:
/* PANIC! */
- DEBUG(4,(smb_io_sam_info: unknown switch_value!\n));
+ DEBUG(4,(smb_io_sam_info_ctr: unknown switch_value!\n));
break;
}
@@ -1350,8 +1350,10 @@
if(!prs_uint32(ptr_rtn_cred , ps, depth, sam-ptr_rtn_cred))
return False;
- if(!smb_io_cred(, sam-rtn_cred, ps, depth))
- return False;
+ if (sam-ptr_rtn_cred) {
+ if(!smb_io_cred(, sam-rtn_cred, ps, depth))
+ return False;
+ }
if(!prs_uint16(logon_level , ps, depth, sam-logon_level))
return False;
@@ -1700,7 +1702,7 @@
if(!smb_io_dom_sid2(, usr-dom_sid, ps, depth)) /* domain
SID */
return False;
- if (usr-buffer_other_sids) {
+ if (validation_level == 3 usr-buffer_other_sids) {
uint32 num_other_sids = usr-num_other_sids;
@@ -1776,7 +1778,7 @@
if(!prs_align_uint16(ps))
return False;
-
+
if(!prs_uint16(validation_level,
svn commit: samba r13400 - in branches/SAMBA_4_0/source/lib/talloc: .
Author: jpeach
Date: 2006-02-09 00:49:03 + (Thu, 09 Feb 2006)
New Revision: 13400
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13400
Log:
Only return NULL from talloc_asprintf if vsnprintf returns an
error (ie. zero is not an error).
Modified:
branches/SAMBA_4_0/source/lib/talloc/talloc.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/talloc/talloc.c
===
--- branches/SAMBA_4_0/source/lib/talloc/talloc.c 2006-02-09 00:23:40 UTC
(rev 13399)
+++ branches/SAMBA_4_0/source/lib/talloc/talloc.c 2006-02-09 00:49:03 UTC
(rev 13400)
@@ -1011,7 +1011,7 @@
VA_COPY(ap2, ap);
- if ((len = vsnprintf(NULL, 0, fmt, ap2)) = 0) {
+ if ((len = vsnprintf(NULL, 0, fmt, ap2)) 0) {
return NULL;
}
svn commit: samba r13401 - in branches/SAMBA_4_0/source/lib/replace: .
Author: tridge
Date: 2006-02-09 00:50:48 + (Thu, 09 Feb 2006)
New Revision: 13401
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13401
Log:
remove the rename of the snprintf functions that simo accidentially
included in his last commit
Modified:
branches/SAMBA_4_0/source/lib/replace/snprintf.c
Changeset:
Modified: branches/SAMBA_4_0/source/lib/replace/snprintf.c
===
--- branches/SAMBA_4_0/source/lib/replace/snprintf.c2006-02-09 00:49:03 UTC
(rev 13400)
+++ branches/SAMBA_4_0/source/lib/replace/snprintf.c2006-02-09 00:50:48 UTC
(rev 13401)
@@ -1187,11 +1187,10 @@
return max;
}
- int smb_vsnprintf (char *str, size_t count, const char *fmt, va_list args)
+ int vsnprintf (char *str, size_t count, const char *fmt, va_list args)
{
return dopr(str, count, fmt, args);
}
-#define vsnprintf smb_vsnprintf
#endif
/* yes this really must be a ||. Don't muck with this (tridge)
@@ -1201,7 +1200,7 @@
* that doesn't work properly according to the autoconf test.
*/
#if !defined(HAVE_SNPRINTF) || !defined(HAVE_C99_VSNPRINTF)
-int smb_snprintf(char *str,size_t count,const char *fmt,...)
+ int snprintf(char *str,size_t count,const char *fmt,...)
{
size_t ret;
va_list ap;
@@ -1211,7 +1210,6 @@
va_end(ap);
return ret;
}
-#define snprintf smb_snprintf
#endif
#endif
svn commit: samba r13402 - in branches/SAMBA_4_0/source: auth/gensec rpc_server/netlogon torture/rpc
Author: abartlet Date: 2006-02-09 02:30:43 + (Thu, 09 Feb 2006) New Revision: 13402 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13402 Log: Make Samba4 pass a nastier RPC-SCHANNEL test. The new RPC-SCHANNEL test shows that the full credentials state must be kept in some shared memory, for some length of time. In particular, clients will reconnect with SCHANNEL (after loosing all connections) and expect that the credentials chain will remain in the same place. To achive this, we do the server-side crypto in a transaction, including the fetch/store of the shared state. Andrew Bartlett Modified: branches/SAMBA_4_0/source/auth/gensec/schannel.c branches/SAMBA_4_0/source/auth/gensec/schannel_sign.c branches/SAMBA_4_0/source/auth/gensec/schannel_state.c branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c branches/SAMBA_4_0/source/torture/rpc/schannel.c Changeset: Sorry, the patch is too large (698 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13402
svn commit: samba r13403 - in branches/SAMBA_4_0/source/smb_server: . smb
Author: abartlet
Date: 2006-02-09 03:04:48 + (Thu, 09 Feb 2006)
New Revision: 13403
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13403
Log:
Try to better handle a case where SPNEGO isn't available (allow us to
emulate the behaviour of XP standalone if required).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/smb_server/smb/negprot.c
branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c
branches/SAMBA_4_0/source/smb_server/smb_server.h
Changeset:
Modified: branches/SAMBA_4_0/source/smb_server/smb/negprot.c
===
--- branches/SAMBA_4_0/source/smb_server/smb/negprot.c 2006-02-09 02:30:43 UTC
(rev 13402)
+++ branches/SAMBA_4_0/source/smb_server/smb/negprot.c 2006-02-09 03:04:48 UTC
(rev 13403)
@@ -218,6 +218,22 @@
req_send_reply(req);
}
+static void reply_nt1_orig(struct smbsrv_request *req)
+{
+ /* Create a token value and add it to the outgoing packet. */
+ if (req-smb_conn-negotiate.encrypted_passwords) {
+ req_grow_data(req, 8);
+ /* note that we do not send a challenge at all if
+ we are using plaintext */
+ get_challenge(req-smb_conn, req-out.ptr);
+ req-out.ptr += 8;
+ SCVAL(req-out.vwv+1, VWV(16), 8);
+ }
+ req_push_str(req, NULL, lp_workgroup(), -1,
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
+ req_push_str(req, NULL, lp_netbios_name(), -1,
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
+ DEBUG(3,(not using SPNEGO\n));
+}
+
/
Reply for the nt protocol.
/
@@ -313,23 +329,13 @@
SSVALS(req-out.vwv+1,VWV(15), req-smb_conn-negotiate.zone_offset/60);
if (!negotiate_spnego) {
- /* Create a token value and add it to the outgoing packet. */
- if (req-smb_conn-negotiate.encrypted_passwords) {
- req_grow_data(req, 8);
- /* note that we do not send a challenge at all if
- we are using plaintext */
- get_challenge(req-smb_conn, req-out.ptr);
- req-out.ptr += 8;
- SCVAL(req-out.vwv+1, VWV(16), 8);
- }
- req_push_str(req, NULL, lp_workgroup(), -1,
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
- req_push_str(req, NULL, lp_netbios_name(), -1,
STR_UNICODE|STR_TERMINATE|STR_NOALIGN);
- DEBUG(3,(not using SPNEGO\n));
+ reply_nt1_orig(req);
} else {
struct cli_credentials *server_credentials;
struct gensec_security *gensec_security;
DATA_BLOB null_data_blob = data_blob(NULL, 0);
DATA_BLOB blob;
+ const char *oid;
NTSTATUS nt_status = gensec_server_start(req-smb_conn,
gensec_security,
req-smb_conn-connection-event.ctx);
@@ -366,31 +372,33 @@
gensec_set_credentials(gensec_security, server_credentials);
- nt_status = gensec_start_mech_by_oid(gensec_security,
GENSEC_OID_SPNEGO);
+ oid = GENSEC_OID_SPNEGO;
+ nt_status = gensec_start_mech_by_oid(gensec_security, oid);
if (NT_STATUS_IS_OK(nt_status)) {
/* Get and push the proposed OID list into the packets
*/
nt_status = gensec_update(gensec_security, req,
null_data_blob, blob);
if (!NT_STATUS_IS_OK(nt_status)
!NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- DEBUG(0, (Failed to get SPNEGO to give us the
first token: %s\n, nt_errstr(nt_status)));
- smbsrv_terminate_connection(req-smb_conn,
Failed to start SPNEGO - no first token\n);
- return;
+ DEBUG(1, (Failed to get SPNEGO to give us the
first token: %s\n, nt_errstr(nt_status)));
}
- } else {
+ }
+
+ if (!NT_STATUS_IS_OK(nt_status) !NT_STATUS_EQUAL(nt_status,
NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(5, (Failed to start SPNEGO, falling back to
NTLMSSP only: %s\n, nt_errstr(nt_status)));
- nt_status = gensec_start_mech_by_oid(gensec_security,
GENSEC_OID_NTLMSSP);
+ oid = GENSEC_OID_NTLMSSP;
+ nt_status = gensec_start_mech_by_oid(gensec_security,
oid);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, (Failed to start SPNEGO as
svn commit: samba r13404 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: abartlet
Date: 2006-02-09 03:05:22 + (Thu, 09 Feb 2006)
New Revision: 13404
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13404
Log:
Comments, whitespace.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/torture/rpc/schannel.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/schannel.c
===
--- branches/SAMBA_4_0/source/torture/rpc/schannel.c2006-02-09 03:04:48 UTC
(rev 13403)
+++ branches/SAMBA_4_0/source/torture/rpc/schannel.c2006-02-09 03:05:22 UTC
(rev 13404)
@@ -365,7 +365,7 @@
goto failed;
}
- /* do a couple of logins. We have *not* done a new serverauthenticate
*/
+ /* do a some SAMR operations. We have *not* done a new
serverauthenticate */
if (!test_samr_ops(p_samr2, test_ctx)) {
printf(Failed to process schannel secured SAMR ops (on fresh
connection)\n);
goto failed;
@@ -379,11 +379,11 @@
status = dcerpc_secondary_connection(p_samr2, p_netlogon2,
b);
-
if (!NT_STATUS_IS_OK(status)) {
goto failed;
}
+ /* and now setup an SCHANNEL bind on netlogon */
status = dcerpc_bind_auth(p_netlogon2, dcerpc_table_netlogon,
credentials, DCERPC_AUTH_TYPE_SCHANNEL,
dcerpc_auth_level(p_samr2-conn),
@@ -399,7 +399,8 @@
ret = False;
}
- /* And the more traditional style */
+ /* And the more traditional style, proving that the
+* credentials chaining state is fully present */
if (!test_netlogon_ops(p_netlogon2, test_ctx, credentials, creds)) {
printf(Failed to process schannel secured NETLOGON EX ops\n);
ret = False;
svn commit: samba r13405 - in branches/SAMBA_4_0/source/libcli/smb_composite: .
Author: abartlet
Date: 2006-02-09 03:06:02 + (Thu, 09 Feb 2006)
New Revision: 13405
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13405
Log:
Allow a fallback if SPNEGO is somehow disabled in the client, to just NTLMSSP.
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c
Changeset:
Modified: branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c
===
--- branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-02-09
03:05:22 UTC (rev 13404)
+++ branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-02-09
03:06:02 UTC (rev 13405)
@@ -326,7 +326,13 @@
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, (Failed to start set GENSEC client mechanism %s:
%s\n,
gensec_get_name_by_oid(chosen_oid),
nt_errstr(status)));
- return status;
+ chosen_oid = GENSEC_OID_NTLMSSP;
+ status = gensec_start_mech_by_oid(session-gensec, chosen_oid);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, (Failed to start set (fallback) GENSEC client
mechanism %s: %s\n,
+ gensec_get_name_by_oid(chosen_oid),
nt_errstr(status)));
+ return status;
+ }
}
status = gensec_update(session-gensec, state,
svn commit: samba r13406 - in trunk/source: include libsmb passdb rpc_parse rpc_server
Author: jra Date: 2006-02-09 07:03:16 + (Thu, 09 Feb 2006) New Revision: 13406 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13406 Log: Change the credentials code to be more like the Samba4 structure, makes fixes much easier to port. Fix the size of dc-sess_key to be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd store in secrets.tdb though. Should fix some uses of the dc-sess_key where we where assuming we could read 16 bytes. Jeremy. Modified: trunk/source/include/ntdomain.h trunk/source/include/rpc_dce.h trunk/source/libsmb/credentials.c trunk/source/libsmb/smbdes.c trunk/source/passdb/secrets.c trunk/source/rpc_parse/parse_rpc.c trunk/source/rpc_server/srv_netlog_nt.c Changeset: Sorry, the patch is too large (345 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13406
svn commit: samba r13407 - in branches/SAMBA_3_0/source: include libsmb passdb rpc_parse rpc_server
Author: jra Date: 2006-02-09 07:03:23 + (Thu, 09 Feb 2006) New Revision: 13407 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13407 Log: Change the credentials code to be more like the Samba4 structure, makes fixes much easier to port. Fix the size of dc-sess_key to be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd store in secrets.tdb though. Should fix some uses of the dc-sess_key where we where assuming we could read 16 bytes. Jeremy. Modified: branches/SAMBA_3_0/source/include/ntdomain.h branches/SAMBA_3_0/source/include/rpc_dce.h branches/SAMBA_3_0/source/libsmb/credentials.c branches/SAMBA_3_0/source/libsmb/smbdes.c branches/SAMBA_3_0/source/passdb/secrets.c branches/SAMBA_3_0/source/rpc_parse/parse_rpc.c branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c Changeset: Sorry, the patch is too large (345 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13407
