Re: [Samba] Smbpasswd in a cron job
Try echo -e ${PASSWD}\n${PASSWD} | smbpasswd -a -s ${USER} br, Sebastian pgpY2IZTjjNNb.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC/LDAP not mapping logon drive
Well it took forever (three days actually) to: 1) setup a working ldap server. Unix users now authenticate against the LDAP server perfectly. 2) Setup samba to use LDAP authentication. 3) Get the WindowsXP machines to become members of the domain. Everything seems to be working fine except for 1) roaming profiles, and 2) User's home directory (logon drive) doesn't get mapped during log in. So basically I can log in to the workstation. My user can even see their home directory shares (via the [homes] share) but it doesn't get mapped automatically as drive E: (or any other drive letter) when they log on. I can sort of live without roaming profiles but the failure to map the logon drive automagically isn't acceptable. Could somebody please help me?? I have the logon stuff setup as: logon path = \\%L\profiles\%U logon drive = E: logon home = \\%L\%U Which I think should map \\SERVER\USERNAME as drive E: autmatically whenever they log in (substituting the proper values for SERVER and USERNAME of course.) It doesn't work. The profile doesn't seem to roam either as I expect it would with logon path. The path exists and I have enabled the thingy in gpedit.msc which is required for WinXP machines. But this is really secondary. I need the logon drive fixed roaming profiles would just be a nice bonus. here's my full smb.conf, sorry to be so verbose but I wanted to include it all because I don't understand much of the LDAP, PDC or roaming profile entrystuff in this so I didn't want to miss something: -BEGIN /etc/samba/smb.conf --- [global] netbios name = SERVER workgroup = MYDOMAIN server string = LDAP PDC [on Gentoo :: Samba server %v] hosts allow = 10.166.10.0/24 127.0.0.0/8 security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = lo eth1 bind interfaces only = yes local master = yes os level = 65 domain master = yes preferred master = yes null passwords = no hide unreadable = yes hide dot files = yes domain logons = yes ;logon script = login.bat OR %U.bat logon path = \\%L\profiles\%U logon drive = E: logon home = \\%L\%U wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no time server = yes log file = /var/log/samba/log.%m max log size = 50 passdb backend = ldapsam:ldaps://127.0.0.1:636/ ldap passwd sync = Yes ldap suffix = dc=sanitized,dc=com ldap admin dn = cn=Manager,dc=sanitized,dc=com ldap ssl = yes ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=People ldap idmap suffix = ou=People add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add machine script = /usr/sbin/smbldap-useradd -w %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u [netlogon] path = /var/lib/samba/netlogon guest ok = no read only = yes browseable = no write list = root [profiles] path = /var/lib/samba/profiles browsable = no writable = yes create mode = 0644 directory mode = 0755 [homes] path = /home/%U browseable = no valid users = %S read only = no guest ok = no create mask = 0664 directory mask = 0775 inherit permissions = yes ;[public] ; comment = Public Stuff ; path = /public ; public = yes ; read only = yes ; browseable = yes ; write list = @users -END /etc/samba/smb.conf - Thanks, - Jeff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba as PDC with ldap
Hi rowland, tell me whats the problem, and i wil help you, if there are errors in my howto i'll fix this, but. The howto i wrote will work. i installed 3 servers with this and its working prefectly. /etc/ldap/ldap conf to point to your server HOST 127.0.0.1 BASE dc=domainname,dc=org or net or com or nothing(you do not have to use the last part, you just have to be consistant) This part, is done while you install the libnss-ldap and libpam-ldap and the defaults of the slapd config are used and are corrected. i think you edited this or already installed it. If you use the debian standard setting it wil work. Louis -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens rowland penny Verzonden: zondag 19 februari 2006 13:01 Aan: samba@lists.samba.org Onderwerp: [Samba] samba as PDC with ldap I have read louis`s howto from december, tried to use kunbuntu, this failed at the ldap server test stage, tried various things, could not make it work, so downloaded debian. Followed louis`s howto and compiled a 2.6.8 kernel (louis, the compile instructions do not work as given). Followed the howto, downloaded samba etc, setup slapd etc as per instructions and it failed again at the same place. So, I googled and found the the Linux Samba Openldap howto, printed this and read it, thats where I found the answer to the problem, Louis missed a bit, you have to edit /etc/ldap/ldap conf to point to your server HOST 127.0.0.1 BASE dc=domainname,dc=org or net or com or nothing(you do not have to use the last part, you just have to be consistant) This is where I come to my next problem, I cannot get the localsid. When I ask for it (net getlocalsid) I get this [2006/02/19 11:19:58, 0] lib/smbldap.c:smb_ldap_start_tls(546) Failed to issue the StartTLS instruction: Connect error I have googled, found a few instances of this with earlier versions of samba, so upgraded to 3.0.21b-1 from debian testing, it still gives same answer, anybody have an answer please. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC/LDAP not mapping logon drive
hello jeff Jeff Wiegley schrieb: Everything seems to be working fine except for 1) roaming profiles, and 2) User's home directory (logon drive) doesn't get mapped during log in. So basically I can log in to the workstation. My user can even see their home directory shares (via the [homes] share) but it doesn't get mapped automatically as drive E: (or any other drive letter) when they log on. my experience showed, that not all windows clients automatically map the drive. workaround: use net use e: /HOME in your logon script. roaming profiles: - please check, if your client is a correct member of the domain. - check unix rights of the filesystem. profiles needs profile acls = yes we're using following entries for the [profile] section: csc policy = disable browsable = no profile acls = yes path = /var/smbdata/profiles writable = yes create mask = 0600 directory mask = 0700 ;logon script = login.bat OR %U.bat you have comment out the logonscript? -- -- greetings, kurt, austria. (http://www.kwnet.at) === this is a posting from a samba *user* - not a samba developer. the posting is created on the base of experiences an may be faulty. so, if contains any mistakes, please feel free to correct it === -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Interrupt system call
Hi, Can anyone tell me why I Interrupt system call ? Feb 21 11:59:02 server /usr/sbin/cron[2224]: (job260) CMD (bash cat.sh) Feb 21 12:00:09 server syslog-ng[5073]: STATS: dropped 10 Feb 21 12:01:04 server vsftpd: Tue Feb 21 12:01:04 2006 [pid 2269] CONNECT: Client 10.90.1.1 Feb 21 12:01:07 server smbd[27407]: [2006/02/21 12:01:07, 0] tdb/tdbutil.c:tdb_log(772) Feb 21 12:01:07 server smbd[27407]: tdb(/etc/samba/secrets.tdb): tdb_lock failed on list 2 ltype=1 (Interrupted system call) Feb 21 12:01:07 server smbd[27407]: [2006/02/21 12:01:07, 0] tdb/tdbutil.c:tdb_chainlock_with_timeout_internal(82)Feb 21 12:01:07 brulx01 smbd[27407]: tdb_chainlock_with_timeout_internal: alarm (10) timed out for key replay cache mutex in tdb /etc/samba/secrets.tdb Feb 21 12:01:20 brulx01 smbd[29555]: [2006/02/21 12:01:20, 0] tdb/tdbutil.c:tdb_log(772) Thanks. Marco. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] help, we are running out of idmap uids
Dear Samba experts, Initially we set up winbind to the following: idmap uid = 1-2 thinking that 1 uids were sufficient for the number of users we would get. We also have defined our UNIX users from 20001 onwards. However, now I can see that our latest windows(idmap uid) users has uid 19123 and this troubles me. Since I cannot just extend the range to be say 1-3 because of our UNIX UIDs, I would like to ask if it is possible to define 2 ranges like: idmap uid = 1-2,3-4 I noticed that winbind will not automatically remove UIDs not used. For instance when a windows user is deleted. Is there a way to do this manually ? And will winbind then use the unused UIDs ? Kind regards, Hans. ** This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify the system manager at [EMAIL PROTECTED] This e-mail and its contents do not constitute and shall not be considered as a financial commitment of Maersk Olie og Gas AS and its affiliates. Maersk Olie og Gas AS expressly disclaims any responsibility as to the accuracy and use of this e-mail and its contents. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] nobody run add user script = /usr/sbin/useradd .....
Greetings! I have the following configuration: Two PDCs with Fedora Core 4: PDC1 and PDC2. PDC1 trusts PDC2, respectively PDC2 is trusted to PDC1. I join an XP workstation to PDC2. After restart i can see both domains in the login screen domain combo box. I can logon to PDC2 , but not to PDC1, since the PDC2's /etc/passwd lacks the username from PDC1 i am trying to log in with. To correct this i edit smb.conf adding this line: add user script = /usr/sbin/useradd %u -g users -s /bin/false -d /dev/null After another unsuccessful login to PDC1 (with username ivan for example) in the PDC2's log (/var/log/samba/winxp.log) can be seen the following lines: useradd: unable to lock password file useradd gave 1 When i try to access a share on PDC2 with a PDC1 user (ivan for example), useradd is executed successfully, and user ivan is added to /etc/passwd. I found out that during login add user script = /usr/sbin/useradd %u .. is executed with user nobody, and this user has no right to execute useradd, hence an error occurs. After that i added user nobody in the /etc/sudoers so he could execute sudo on PDC2: visudo -f sudoers %nobody ALL=/usr/sbin/useradd And edited smb.conf on PDC2 like this: add user script = sudo -u root /usr/sbin/useradd %u .. Now the logging to PDC1 works fine, but this is not normal! My question is: Is this a bug in samba, why when mapping a drive useradd runs as root (as described in the samba manual), but when logging, it runs as user nobody who has no right to execute useradd? If am wrong - correct me, or point me to another solution. Thanks in advance :-) - Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, more on new and used cars. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] My Network Places not finding Samba server
I assume I am doing(or not) something extremely simple that is causing my XP boxes to not see my linux(FC4) Samba server in the 'My Network Places'. I can access the shares by 'Map Network Drive' and using the IP address(192.168.0.1). I have set the workgroup name 'DAMEN' in the lmhosts file. 192.168.0.1 DAMEN I have set the workgroup in the smb.conf file. workgroup = damen netbios name = damen I have configured the Samba server to be the Domain Master Browser os level = 35 domain master = yes preferred master = yes wins support = yes I have configured the [global] to be browseable. browseable = yes public = yes I have set the XP box to be on a home network(not bussiness network) and workgroup to DAMEN. Any ideas? Thanks, Fred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Change smbpasswd in a cron job
On 2/20/06, Dennis Duggen [EMAIL PROTECTED] wrote: For a project we are trying to change the samba password automatically in a cron job. Since smbpasswd doesn't allow the password to be entered otherwise than though the console (user input). We found a solution to the input part though expect. But as thing go expect doesn't work in a cron job since it has no tty. Depending on your SAM backend, you may be able to edit the backend directly. For example, we have some perl scripts to change passwords by connecting directly to our LDAP server. I posted a copy of our script at http://www.jbc.edu/~josh/changepasswd.pl if you're interested. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] My Network Places not finding Samba server
Having the machine name equal to the workgroup name is a no-no, as far as I know. On O , 2006-02-21 at 08:15 -0600, Frederick C. Damen wrote: I assume I am doing(or not) something extremely simple that is causing my XP boxes to not see my linux(FC4) Samba server in the 'My Network Places'. I can access the shares by 'Map Network Drive' and using the IP address(192.168.0.1). I have set the workgroup name 'DAMEN' in the lmhosts file. 192.168.0.1 DAMEN I have set the workgroup in the smb.conf file. workgroup = damen netbios name = damen I have configured the Samba server to be the Domain Master Browser os level = 35 domain master = yes preferred master = yes wins support = yes I have configured the [global] to be browseable. browseable = yes public = yes I have set the XP box to be on a home network(not bussiness network) and workgroup to DAMEN. Any ideas? Thanks, Fred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] My Network Places not finding Samba server
Thanks. I removed the entry for DAMEN from lmhosts and restart smb/nmb and no change that I can see. Thanks, Fred Kristaps Rāts wrote: Having the machine name equal to the workgroup name is a no-no, as far as I know. On O , 2006-02-21 at 08:15 -0600, Frederick C. Damen wrote: I assume I am doing(or not) something extremely simple that is causing my XP boxes to not see my linux(FC4) Samba server in the 'My Network Places'. I can access the shares by 'Map Network Drive' and using the IP address(192.168.0.1). I have set the workgroup name 'DAMEN' in the lmhosts file. 192.168.0.1 DAMEN I have set the workgroup in the smb.conf file. workgroup = damen netbios name = damen I have configured the Samba server to be the Domain Master Browser os level = 35 domain master = yes preferred master = yes wins support = yes I have configured the [global] to be browseable. browseable = yes public = yes I have set the XP box to be on a home network(not bussiness network) and workgroup to DAMEN. Any ideas? Thanks, Fred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Primary and secondary group issues with Vintela VAS andSamba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc Donnelly wrote: what version of samba have you seen this on? -marc On Feb 20, 2006, at 4:18 PM, Golden Butler wrote: This is not a Vintela issue. I've experienced this with Samba and winbind, and I haven't found any solution to it yet. I really wish that this can be solved because it's a serious hinderance! This makes no sense to me. Can you send me some level 10 logs from smbd that illustrates the problem? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+ycTIR7qMdg1EfYRAhiqAJ4lW3r4hYruohwMlSjlKiNA8DYp6gCgly3k V0Ietz+Sq5GuVAWz+tJPdBc= =fjkQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticating Samba on NT4 SRV
Hi, I'm just using samba for few weeks and i'm triing to migrate all NT4 SAM base to Samba Linux. I'm working with Red Hat enterprise Linux ES 4.0 updated, openldap 2.2.13-4, samba samba-3.0.10-1.4E.2 and i've followed IDEALX migration procedure with smbldap-tools-0.9.3-1. Every configuration seems to be clean but not ;o) I'm using cleartext password in slapd.conf and smbldap.conf no md5, sha or ssha. I'm just using IDEALX procedure and when triing to pass the command : net rpc join -S PDC-NT4 -Uroot i've got : [2006/02/21 15:05:29, 3] param/loadparm.c:lp_load(3911) lp_load: refreshing parameters [2006/02/21 15:05:29, 3] param/loadparm.c:init_globals(1312) Initialising global parameters [2006/02/21 15:05:29, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2006/02/21 15:05:29, 3] param/loadparm.c:do_section(3404) Processing section [global] [2006/02/21 15:05:29, 2] lib/interface.c:add_interface(79) added interface ip=192.168.2.13 bcast=192.168.2.255 nmask=255.255.255.0 [2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name PDC-NT40x20 [2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name PDC-NT40x20 [2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name PDC-NT40x20 [2006/02/21 15:05:29, 3] libsmb/cliconnect.c:cli_start_connection(1388) Connecting to host=PDC-NT4 [2006/02/21 15:05:29, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.17 at port 445 [2006/02/21 15:05:29, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.2.17:445 (Connexion refusée) [2006/02/21 15:05:29, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.17 at port 139 [2006/02/21 15:05:29, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2006/02/21 15:05:29, 3] libsmb/trusts_util.c:just_change_the_password(43) just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! [2006/02/21 15:05:29, 1] utils/net_rpc.c:run_rpc_command(142) rpc command function failed! (NT_STATUS_ACCESS_DENIED) Password: seems to be password, credential problem but can't investigate which one. Then entered password and : [2006/02/21 15:06:45, 3] libsmb/cliconnect.c:cli_start_connection(1388) Connecting to host=PDC-NT4 [2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.17 at port 445 [2006/02/21 15:06:45, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.2.17:445 (Connexion refusée) [2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.17 at port 139 [2006/02/21 15:06:45, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2006/02/21 15:06:45, 3] libsmb/cliconnect.c:cli_start_connection(1388) Connecting to host=PDC-NT4 [2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.17 at port 445 [2006/02/21 15:06:45, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.2.17:445 (Connexion refusée) [2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.17 at port 139 Joined domain MONDOMAINE.FR. [2006/02/21 15:06:45, 2] utils/net.c:main(859) return code = 0 command : net rpc testjoin -S PDC-NT4 Join to 'MONDOMAINE.FR' is OK triing wbinfo -t checking the trust secret via RPC calls failed error code was (0x0) Could not check secret Bye the way using all smbldap-scripts and every things goes well with openldap. command : net rpc vampire -S PDC-NT4 -d3 [2006/02/21 15:09:12, 3] param/loadparm.c:lp_load(3911) lp_load: refreshing parameters [2006/02/21 15:09:12, 3] param/loadparm.c:init_globals(1312) Initialising global parameters [2006/02/21 15:09:12, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2006/02/21 15:09:12, 3] param/loadparm.c:do_section(3404) Processing section [global] [2006/02/21 15:09:12, 2] lib/interface.c:add_interface(79) added interface ip=192.168.2.13 bcast=192.168.2.255 nmask=255.255.255.0 [2006/02/21 15:09:12, 3] libsmb/cliconnect.c:cli_start_connection(1388) Connecting to host=PDC-NT4 [2006/02/21 15:09:12, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.17 at port 445 [2006/02/21 15:09:12, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.2.17:445 (Connexion refusée) [2006/02/21 15:09:12, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.17 at port 139 Fetching DOMAIN database Failed to fetch domain database: NT_STATUS_ACCESS_DENIED [2006/02/21 15:09:12, 1] utils/net_rpc.c:run_rpc_command(142)
Re: [Samba] help, we are running out of idmap uids
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hans B. Randgaard wrote: Initially we set up winbind to the following: idmap uid = 1-2 thinking that 1 uids were sufficient for the number of users we would get. We also have defined our UNIX users from 20001 onwards. However, now I can see that our latest windows(idmap uid) users has uid 19123 and this troubles me. Since I cannot just extend the range to be say 1-3 because of our UNIX UIDs, I would like to ask if it is possible to define 2 ranges like: idmap uid = 1-2,3-4 I noticed that winbind will not automatically remove UIDs not used. For instance when a windows user is deleted. Is there a way to do this manually ? And will winbind then use the unused UIDs ? Winbindd maintains a static mapping os DIS to Unix ids. Since SIDs are never reused, neither are the Unix ids. Ids are allocated in a monotonically increasing fashion so you're only current choice is to expand or move the idmap ranges. This has come up a lot ni the past, but all the proposed solutions were suboptimal IMO and therefore never integrated into source tree. I'm more than happy to try to find time to review patches, but I've got several ongoing projects right now and can't do this myself. Mostly, it would involve fixing the idmap range parser. Multiple ranges is not that hard to do I think. You deal with aa range in isolation until it has been exhausted and then move on to the next. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+zFvIR7qMdg1EfYRAsOeAJ4hGxDodU2tgwpQfxoMekRlZq2mqACfQN5E TyCbsVS1Wty65Cxd1TfGnz4= =qaCP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] safe_strcpy problem in Samba 3.0.10
Hi! We have a lot of logfiles showing zfl04.log.3: ERROR: string overflow by 1 (24 - 23) in safe_strcpy [organisation#rektorat#vrlehre#qe-eval] I found a reported bug producing this output within older Samba versions than 3.0.4 . But we use version 3.0.10 and no mangling method set within smb.conf . Therefore it should be the defaultvalue hash2 which doesn't have this flaw. Could anyone give me a hint? Thanks, Thomas -- * * Thomas Widhalm Unix Administrator * * University of Salzburg ITServices (ITS) * * Systems Management Unix Systems * * Hellbrunnerstr. 34 5020 Salzburg, Austria * * [EMAIL PROTECTED] +43/662/8044-6774 * * gpg: 6265BAE6 * * http://www.sbg.ac.at/zid/organisation/mitarbeiter/widhalm.htm * * signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba LDAP PDC BDC quit working
mallapadi niranjan wrote: Hi Craig Thanks for replying, The samba PDC gets rebooted because of Power outage, at night times. After the system gets rebooted, Scenario -01 1. Either some times the ldap gets hanged, (2.2.13) may be because of inconsistency. 2. since ldap hangs, samba doesn't come up properly. 3. so i run db_recover and try to start the ldap service and then samba Scenario-02 if LDAP doesn't hang, and samba comes up nicely, the computer had to rejoin. but in my ldapdatabase, in OU=Computers, all the computer accounts exist. with rid and Object class intact. but some how i don't know why i have to rejoin, Okay I just want to clarify this. After an unplanned reboot (power outage) , your PDC comes back up and you find that some of the computers in your domain need to rejoin the domain?? Do you have recent ldiff or slapcats indicating that most of these computers have the same properties in the LDAP database as before. Scenario-03. I take the regular backup of LDAP, to LDIF file, and restore with latest LDIF file, eventhough i don't get the Computer Accounts and also i lose user 's passwords, After restoring from LDIF file. Scenario-04 If i do safe reboot or shutdown, there 's no problem , the server works properly without any problem Regards Niranjan On 2/20/06, *Craig White* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote: Hi all I too have the same problem , i am also using samba 3.0.21 with openldap version 2.2.13 on Redhat Enterprise Linux 4 enterprise server. if the samba PDC gets rebooted aburuptly, some of my clients workstations (Windows 2000 professional) have to rejoin. i was asked to check whether RID of the computer name is correct(uid*2 + 1000) , ans whether computer names have SambaSAMAccount object class. eventhough my computernames' exist in the database with correct object class and rid, the clients have to be rejoined. this happens only when samba PDC with ldap gets rebooted abruptly. having said that, so i assume that LDAP is unable to maintain consistency when it gets rebooted. so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb files are there) and use db_recover in case of any crash of ldap. But if we take backup in LDIF file and restore it, but still my computer accounts are not getting back, i had to rejoin. this is the problem that i am having, but still could not find the correct solution. No - as you and he describe it, these are separate problems. Your issues is that PDC shouldn't get rebooted abruptly and newer versions of openldap have a script that automatically runs db_recover. This however doesn't come in the version of openldap that ships with RHEL You might want to set up a cron script that performs a slapcat on a more frequent basis so that if it is necessary to dump the entire LDAP DSA and reload from an ldif, the ldif is much more current and thus, you wouldn't have to rejoin many if any computers to the domain. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Effect of disabling LM/NTLMv1 auth on an AD?
Folks, Our campus AD team has decided that they ... Need to disable LM/NTLMv1 authentication support to provide greater security and be consistent with the CITES authentication roadmap. Noble thoughts, but there hasn't been much thought of the ramifications for other, interoperable systems like Samba. I can see that modern Samba versions support NTLMv1 and NTLMv2 methods. Theoretically, that should leave support for NTLMv2, and all should work. Practically, however, there is the question of what really happens with Samba member servers when one disables LM/NTLMv1 on the domain controllers?Can anyone speak to this? Thanks much, -Don Don Meyer [EMAIL PROTECTED] Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety. -- Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Adding machine account to LDAP with pdbedit fails
Arkadiy Chapkis - Arc wrote: That is what I thought. Should I submit a bug report for pdbedit? I don't see why not. Another thing I am looking for is help (or a suggestion). The problem is that I already have a userbase in LDAP with passwords in CRYPT format for logging into UNIX workstations. Is there a way to syncronize these passwords with Samba hashes? Not from the crypt hash, no. Is there a way to make a Samba password hashes from a cleartext password? Yes, the 'mkntpwd' program does that. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] unknown interface | win 2k server
Hi, I implemented a samba(3.0.14a-Debian) server here on my network. But i'm having problems with 2 stations. One is a win2k(profissional) and the other is a win 2k server (working like a station). When i tried join in a domain using the win2k(profissional) i receive the msg: unknown interface The strange is that it is happening only with this win2k station. I have others stations with the same OS and is working fine. What i do to fix this error? The second problem is with a win2k server that is working like a station. The machine joins with no problems in the domain. But the all users of the domain don`t have permission to shutdown, restart and any other operation that a administrator have. Look this text that i found on samba.org(how to): When a Windows NT4 (or later) client joins a domain, the domain global Domain Admins group is added to the membership of the local Administrators group on the client. Any user who is a member of the domain global Domain Admins group will have administrative rights on the Windows client. (chapter 14. What Rights and Privileges Will Permit Windows Client Administration?) What i need to do for the users of samba(smbpasswd) have permission of a local administrator? I tried find the answer on samba channel of server freenode but i not have successeful. How i fix this 2 problems? ps.: My configuration of samba can be found on: www.smartlinks.com.br/smb.conf thanks for all Augusto Morais -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to control who can log into the samba box
David Shapiro wrote: I have samba set up using winbind so that I can ssh into the box with my DOMAIN\mylogin. That's great...kind of. How do I control which users can login to the box? I usually do that by reconfiguring sshd for key-only authentication (that is, disable password based auth). Configure samba to hide or veto the ssh authorized_keys file, and you alone will have access to add keys for the users to whom you want to grant login privileges. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Packet send failed
I migrated a samba PDC (and WINS server) from 3.0.7 on Fedora Core 1 to new hardware running 3.0.14a on Fedora Core 4 using the procedure outlined in the Samba by Example docs. It appears to have been a success. I do see log messages like the following though: Feb 21 09:10:45 gecko nmbd[2450]: [2006/02/21 09:10:45, 0] libsmb/nmblib.c:send_udp(790) Feb 21 09:10:45 gecko nmbd[2450]: Packet send failed to 192.168.254.50(138) ERRNO=Operation not permitted There is no corresponding kernel iptables log entry so I don't think this communication is being blocked by the firewall. Also the firewall explicitly allows udp to port 138 on the local intranet. What else could it be and is it anything to worry about? Thanks, Mark Nienberg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to control who can log into the samba box
Do you have an example of the hide/veto option you used and sshd_config mod you did to do this? David David Shapiro Unix Team Lead 919-765-2011 Gordon Messmer [EMAIL PROTECTED] 2/21/2006 12:01:32 PM David Shapiro wrote: I have samba set up using winbind so that I can ssh into the box with my DOMAIN\mylogin. That's great...kind of. How do I control which users can login to the box? I usually do that by reconfiguring sshd for key-only authentication (that is, disable password based auth). Configure samba to hide or veto the ssh authorized_keys file, and you alone will have access to add keys for the users to whom you want to grant login privileges. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Outlook path to pst file is lost when using roaming profiles
Is nobody else losing their Outlook profile/path to pst when using roaming profiles? Doug P Douglas Phillipson wrote: We are having a problem getting the path to the Outlook PST file to move from machine to machine using roaming profiles (Samba 3.0.10 on RHEL 4). When a user logs off on one machine and logs on to another, the outlook path to the PST file is gone. I found this message in the archive back in 2002 but I see no resolution for it: http://lists.samba.org/archive/samba/2002-July/047507.html Here is the text from that post: Does anybody know how to manage roaming profiles with outlook 2002 ? I have XP boxes with roaming profiles and all work fine. The only problem is that XP doesn´t export the path where outlook stores ist .pst file. This is not the problem for the .pst file where outlook stores contacts and so. The path of the normal pst is on a network drive. But I have an IMAP mail account for every user and if you configure outlook for imap it creates another .pst file under the normal path ...Local Settings../outlook/ I am not able to store this file under a different path e.g. a network drive. I think that there are 2 ways for my problem: 1.) show outlook the path to a network drive for the imap pst as I did it for the normal pst -- I don´t know how 2.) export the whole outlook path under local settings -- It works, but not for a long time: After you create an outlook account for the first time, outlook adds a registry entry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -- ExcludeProfileDirs In this entry you can add directories of the roaming profile not to export. -- because of that, the outlook pst would not exported with the roaming profile. If I delete this entry on all workstations under the default and the user profile of the registry it works for some time. But after some time, I don´t know why the entry is back in the registry to not export the outlook folder. Does anybody have an idea ? Regards sven Has anybody else seen this problem or found a resolution? Thanks Doug P -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbpasswd in a cron job
Hi Sebastian echo -e ${PASSWD}\n${PASSWD} | smbpasswd -a -s ${USER} Thanks a lot, it worked nicely Dennis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to control who can log into the samba box
On 2/20/06, David Shapiro [EMAIL PROTECTED] wrote: I have samba set up using winbind so that I can ssh into the box with my DOMAIN\mylogin. That's great...kind of. How do I control which users can login to the box? As it stands now, all users in DOMAIN can log in, which is not desireable. Do I need to map domain groups to unix groups? Do I need to map domain users to the box some how? Even if I do that, how do I then set it up so some users can log into the server and others cannot? You should be able to use sshd_config's AllowUsers, DenyUsers, AllowGroups, and DenyGroups to do this. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: Print Migrator help needed...
Hi Jerry, At debug level 4 I am seeing these errors while migrating drivers to samba server from windows server. [2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 11413) conn 0x83f00f0 [2006/02/21 19:48:14, 3] smbd/sec_ctx.c:set_sec_ctx(287) setting sec ctx (70001, 70001) - sec_ctx_stack_ndx = 0 [2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \system32\spool\drivers\W32X86\PSCRIPT5.DLL. [2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143) error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2006/02/21 19:48:14, 3] smbd/process.c:process_smb(1114) Transaction 3400 of length 176 [2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 11413) conn 0x83f00f0 [2006/02/21 19:48:14, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \system32\spool\drivers\W32X86\APLWBGR1.PPD. [2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143) error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2006/02/21 19:48:14, 3] smbd/process.c:process_smb(1114) Transaction 3401 of length 170 [2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 11413) conn 0x83f00f0 [2006/02/21 19:48:14, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \system32\spool\drivers\W32X86\PS5UI.DLL. [2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143) error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2006/02/21 19:48:14, 3] smbd/process.c:process_smb(1114) Transaction 3402 of length 174 [2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 11413) conn 0x83f00f0 [2006/02/21 19:48:14, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \system32\spool\drivers\W32X86\PSCRIPT.HLP. [2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143) error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2006/02/21 19:48:14, 3] smbd/process.c:process_smb(1114) Transaction 3403 of length 174 [2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900) switch message SMBntcreateX (pid 11413) conn 0x83f00f0 [2006/02/21 19:48:14, 4] smbd/uid.c:change_to_user(217) change_to_user: Skipping user change - already user [2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330) nt_open_pipe: Opening pipe \system32\spool\drivers\W32X86\PSCRIPT.NTF. [2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143) error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND Any idea how to fix these. Thanks, Aarti. -Original Message- From: Aarti Varshney (asadhnan) Sent: Friday, February 17, 2006 2:34 PM To: 'Gerald (Jerry) Carter' Cc: samba@lists.samba.org Subject: RE: [Samba] RE: Print Migrator help needed... Hi Jerry, I cannot get drivers to migrate using the printmig.exe tool. Please see the samba log with log level of 3. w2k3-dc (192.168.1.13) closed connection to service print$ [2006/02/17 19:20:20, 1] smbd/service.c:make_connection_snum(662) w2k3-dc (192.168.1.13) connect to service print$ initially as user root (uid=0, gid=0) (pid 25564) [2006/02/17 19:20:20, 1] smbd/service.c:close_cnum(833) w2k3-dc (192.168.1.13) closed connection to service print$ [2006/02/17 19:20:20, 1] smbd/service.c:make_connection_snum(662) w2k3-dc (192.168.1.13) connect to service print$ initially as user root (uid=0, gid=0) (pid 25564) [2006/02/17 19:20:20, 0] printing/nt_printing.c:move_driver_to_download_area(1811) move_driver_to_download_area: Unable to rename [W32X86/BUPM815.GPD] to [W32X86/3/BUPM815.GPD] [2006/02/17 19:20:20, 1] smbd/service.c:close_cnum(833) w2k3-dc (192.168.1.13) closed connection to service print$ [2006/02/17 19:20:31, 1] smbd/service.c:make_connection_snum(662) w2k3-dc (192.168.1.13) connect to service print$ initially as user root (uid=0, gid=0) (pid 25564) [2006/02/17 19:20:31, 1] smbd/service.c:close_cnum(833) w2k3-dc (192.168.1.13) closed connection to service print$ [2006/02/17 19:20:31, 1] smbd/service.c:make_connection_snum(662) w2k3-dc (192.168.1.13) connect to service print$ initially as user root (uid=0, gid=0) (pid 25564) [2006/02/17 19:20:31, 0] printing/nt_printing.c:move_driver_to_download_area(1811) move_driver_to_download_area: Unable to rename [W32X86/CI8510.GPD] to [W32X86/3/CI8510.GPD] [2006/02/17 19:20:31, 1] smbd/service.c:close_cnum(833) w2k3-dc (192.168.1.13) closed connection to service print$ [2006/02/17 19:20:58, 1]
RE: [Samba] How to control who can log into the samba box
Edit the /etc/security/access.conf file. I had the same problem, but I changed this file to allow only memembers of an AD group to log in remotely. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Shapiro Sent: Monday, February 20, 2006 3:29 PM To: samba@lists.samba.org Subject: [Samba] How to control who can log into the samba box Hello, I have samba set up using winbind so that I can ssh into the box with my DOMAIN\mylogin. That's great...kind of. How do I control which users can login to the box? As it stands now, all users in DOMAIN can log in, which is not desireable. Do I need to map domain groups to unix groups? Do I need to map domain users to the box some how? Even if I do that, how do I then set it up so some users can log into the server and others cannot? David Shapiro Unix Team Lead 919-765-2011 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] configure samba
I want to install samba on an old Unix machine. When ./configure my source I get some warnings which I dont know if severe. I also get a Makefile but no make ??! A perhaps better config script needs Autoconf Tool Kit. Where can I find that? /Nils (Sweden) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WINS and INet~Services name
Hi, I've posted before about the problem with WINS and the INet~Services name IIS uses. (http://lists.samba.org/archive/samba/2005-August/110189.html) The problem I get is when any host running IIS tries to renew its names with the Samba WINS server (e.g. after the default 5-day period) the renewal fails for *all* names for the server. As I understand it the problem is with Samba's WINS server implementation not handling the mixed case Windows uses for the Inet~Services#1c name. (Am I correct in thinking all other NetBIOS names are upper case only?). So I was wondering, Samba Team, if this is going to be handled at some point? Should I put it in Bugzilla? I realise the general advice is to use a Microsoft WINS server in this kind of scenario but I like Samba, everything else works fine for me. (Disclaimer: I'm still running Samba 3.0.4 - as I said everything else works great - but I've looked out for a fix for this and I don't think it's been done to date). All the best, Leon... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trusted domains within a large enterprise
Hi Folks I need some advice on whether what I am doing is correct, initially from a logical perspective. My company (E.ON - large utility) has a large ADS system. We are retiring NT4 domains and I have been asked to transfer the SAMBA domain log-ins into ADS. I am initially testing my work on Linux RHEL 4, running SAMBA 3.10. The ADS system consists of a realm/forest PG.EON.NET (old Powergen) on server A, a realm/forest RETAIL.PG.EON.NET on server B and a new realm/forest UNIX.EONUK.INT on server C. There is a one-way trust system whereby C trusts A and B. A and B are running native AD on W2K3 and C is currently running mixed mode on W2K3. The idea is to place the UNIX machine accounts into C (no user accounts) and use it for authentication of users in the RETAIL/PG and eventually other areas. The Windows admin has stated that we should get the thing working on mixed mode then he'll transfer the system into native and see if we can continue as it is more lax. I have set-up the kerberos system on the SAMBA server and 'net ads join' works fine to the UNIX.EONUK.INT realm. 'wbinfo -u' and 'wbinfo -g' also work fine and produce accounts such as 'RETAIL +FRED'. I can even do a 'kinit' to get a ticket against the machine account. The number of accounts is ca. 13000 so I have put 'idmap uid = 1 - 4' into the smb.conf. I cannot get 'getent' to work, however and I see within the winbindd logs that it cannot map ids to SIDs. I also see within the logs the IP addresses of A and B, refusing requests from SAMBA, whereas I was under the impression that C would forward on requests for authentication or handle them for the SAMBA server(according to the Windows admins), and it looks as if it is receiving either redirection or 'nmbd' has asked who's RETAIL.PG.EON.NET'? and got an answer to query elsewhere than server C. The questions I have at this time: 1. Do I have to be running native mode on the W2K3 server for realm UNIX? 2. Is the one-way trust system here broken/a bit silly? 3. Is the only way forward to place the SAMBA servers machine accounts into the correct realms for each business? 4. Why does my brain hurt so much? Confused, and in dire need of help or beer, Adam -- Does dim atal y llanw! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Outlook path to pst file is lost when using roaming profiles
Hi, i have all kind of versions of outlook ( 2000/xp/2003) running with roaming profiles and samba pdc and i dont have any problem loosing the pst path, on win 2000/xp, perhaps this was a bug from outlook configured using with imap, check about that, note that every outlook patchlevel behaves different, so check the outlook patch level too. I dont recommend setting regs , for the default pst i think it is better to use a adm/ntconfig.pol Regards Douglas Phillipson schrieb: Is nobody else losing their Outlook profile/path to pst when using roaming profiles? Doug P Douglas Phillipson wrote: We are having a problem getting the path to the Outlook PST file to move from machine to machine using roaming profiles (Samba 3.0.10 on RHEL 4). When a user logs off on one machine and logs on to another, the outlook path to the PST file is gone. I found this message in the archive back in 2002 but I see no resolution for it: http://lists.samba.org/archive/samba/2002-July/047507.html Here is the text from that post: Does anybody know how to manage roaming profiles with outlook 2002 ? I have XP boxes with roaming profiles and all work fine. The only problem is that XP doesn´t export the path where outlook stores ist .pst file. This is not the problem for the .pst file where outlook stores contacts and so. The path of the normal pst is on a network drive. But I have an IMAP mail account for every user and if you configure outlook for imap it creates another .pst file under the normal path ...Local Settings../outlook/ I am not able to store this file under a different path e.g. a network drive. I think that there are 2 ways for my problem: 1.) show outlook the path to a network drive for the imap pst as I did it for the normal pst -- I don´t know how 2.) export the whole outlook path under local settings -- It works, but not for a long time: After you create an outlook account for the first time, outlook adds a registry entry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon -- ExcludeProfileDirs In this entry you can add directories of the roaming profile not to export. -- because of that, the outlook pst would not exported with the roaming profile. If I delete this entry on all workstations under the default and the user profile of the registry it works for some time. But after some time, I don´t know why the entry is back in the registry to not export the outlook folder. Does anybody have an idea ? Regards sven Has anybody else seen this problem or found a resolution? Thanks Doug P -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS and INet~Services name
On Tue, Feb 21, 2006 at 08:56:39PM +, Leon Stringer wrote: Hi, I've posted before about the problem with WINS and the INet~Services name IIS uses. (http://lists.samba.org/archive/samba/2005-August/110189.html) The problem I get is when any host running IIS tries to renew its names with the Samba WINS server (e.g. after the default 5-day period) the renewal fails for *all* names for the server. As I understand it the problem is with Samba's WINS server implementation not handling the mixed case Windows uses for the Inet~Services#1c name. (Am I correct in thinking all other NetBIOS names are upper case only?). No, that's not the issue, at least not with modern nmbd code. You might want to try upgrading from 3.0.4, I definately fixed case-sensitive bugs in this code between then and now. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.21b winbind crash
I'm using Samba 3.0.21b on SuSE 9.3 Pro (x86) with the binary RPMs from samba.org/suse.com (3.0.21b-1.1.2-SUSE-SL9.3) on a Domain Member Server in ADS mode with winbind against W2K3 SP1 AD servers and idmap uids/gids stored in a central OpenLDAP directory. Unfortunately, winbind gives me a hard time and reproducibly dies with a PANIC on a wbinfo -g, although I think I've followed TOSHARG's and S3bE's advices and have used it successfully in similar environments (although not with 3.0.21b) in the past. Can anyone shed some light on this? Below please find my smb.conf and level 10 log.winbindd (both slightly obfuscated to protect the innocent, but not mangled in any other way). I can provide Ethereal traces privately on request. - --- smb.conf --- [global] realm = YYY.DE workgroup = XXX security = ADS wins server = 172.16.1.1, 172.16.1.2 interfaces = 10.23.207.11 bind interfaces only = Yes ldap admin dn = cn=root,dc=yyy,dc=de ldap idmap suffix = ou=Idmap ldap suffix = dc=yyy,dc=de idmap backend = ldap:ldap://openldap idmap uid = 10500-2 idmap gid = 10500-2 winbind use default domain = Yes log level = 1 winbind:10 - --- log.winbindd --- 2006/02/22 00:29:44, 1] nsswitch/winbindd.c:main(979) winbindd version 3.0.21b-1.1.2-SUSE-SL9.3 started. Copyright The Samba Team 2000-2004 [2006/02/22 00:29:44, 2] nsswitch/winbindd_util.c:add_trusted_domain(174) Added domain XXX YYY.DE S-1-5-21-1004849351-3390790938-2803357102 [2006/02/22 00:29:44, 2] nsswitch/winbindd_util.c:add_trusted_domain(174) Added domain BUILTIN S-1-5-32 [2006/02/22 00:29:44, 2] nsswitch/winbindd_util.c:add_trusted_domain(174) Added domain MYSERVER S-1-5-21-4017196506-4081282237-3136230588 [2006/02/22 00:29:44, 10] nsswitch/winbindd_util.c:open_winbindd_socket(911) open_winbindd_socket: opened socket fd 12 [2006/02/22 00:29:44, 10] nsswitch/winbindd_util.c:open_winbindd_priv_socket(923) open_winbindd_priv_socket: opened socket fd 14 [2006/02/22 00:29:46, 5] nsswitch/winbindd_dual.c:async_reply_recv(192) Could not receive async reply [2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639) accepted socket 13 [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn INTERFACE_VERSION [2006/02/22 00:30:01, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(471) [0]: request interface version [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2006/02/22 00:30:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(504) [0]: request location of privileged pipe [2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639) accepted socket 17 [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn GID_TO_SID [2006/02/22 00:30:01, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(406) [0]: gid to sid 65533 [2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639) accepted socket 13 [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn INTERFACE_VERSION [2006/02/22 00:30:01, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(471) [0]: request interface version [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2006/02/22 00:30:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(504) [0]: request location of privileged pipe [2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639) accepted socket 17 [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn UID_TO_SID [2006/02/22 00:30:01, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(279) [0]: uid to sid 0 [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn GID_TO_SID [2006/02/22 00:30:01, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(406) [0]: gid to sid 0 [2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639) accepted socket 13 [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn INTERFACE_VERSION [2006/02/22 00:30:01, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(471) [0]: request interface version [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn WINBINDD_PRIV_PIPE_DIR [2006/02/22 00:30:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(504) [0]: request location of privileged pipe 2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639) accepted socket 18 [2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn GETGROUPS [2006/02/22 00:30:01, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925) [0]: getgroups root [2006/02/22 00:30:01, 6]
Re: [Samba] How to control who can log into the samba box
David Shapiro wrote: Do you have an example of the hide/veto option you used and sshd_config mod you did to do this? In smb.conf, you can use: veto files = /.ssh/ In sshd_config, you can set: PasswordAuthentication no Make sure you've put keys for your own account on the system, and are able to log in and su to root, before you make the latter change. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21b winbind crash
On Wed, Feb 22, 2006 at 01:07:32AM +0100, Thomas Limoncelli wrote: I'm using Samba 3.0.21b on SuSE 9.3 Pro (x86) with the binary RPMs from samba.org/suse.com (3.0.21b-1.1.2-SUSE-SL9.3) on a Domain Member Server in ADS mode with winbind against W2K3 SP1 AD servers and idmap uids/gids stored in a central OpenLDAP directory. Unfortunately, winbind gives me a hard time and reproducibly dies with a PANIC on a wbinfo -g, although I think I've followed TOSHARG's and S3bE's advices and have used it successfully in similar environments (although not with 3.0.21b) in the past. Can anyone shed some light on this? Below please find my smb.conf and level 10 log.winbindd (both slightly obfuscated to protect the innocent, but not mangled in any other way). I can provide Ethereal traces privately on request. Can you add the following line to the [global] section of your smb.conf. panic action = /bin/sleep 9 and then when winbindd crashes it will hang waiting for the sleep to finish. You can then attach to it with gdb and get a backtrace using the bt command. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Clients freezing when opening same files
Hi all, I've discovered that if someone opens a file on a Samba share (say a PDF file) then someone else comes along and tries to open it too, the program accessing the file on the second person's PC will freeze for a few minutes and then return a network error. If I kill Samba and restart it then the second person can open the file (because the lock has been released) but then anyone else trying to access it again will lock. What's the best way to solve this problem? I don't really want to disable locks, I just want the lock to fail which will hopefully cause the program to open the file without locking it (perhaps in 'read only' mode.) I've tried 'blocking locks = no' but that doesn't help, so I assume I'm probably going to have to disable something to do with the locks. Incidentally this was the same issue I had before, and using 'veto oplocks' for DLL files fixed this problem (the .EXE would freeze for 5-10 minutes when loading, then return an error saying it couldn't load the DLL.) In this case I think the locks are completely disabled for DLL files (i.e. they return success but they're not actually locked) but I don't want to do this for some formats (like Access or Excel.) Thanks, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] My Network Places not finding Samba server
I changed the smb.conf to have a different NetBios Name then the workgroup 'DAMEN'. There does not appear to any change from the XP 'My Network Places' Although the nmbd.log indicates that the name DAMEN00 is not found. [2006/02/21 21:24:14, 1] nmbd/nmbd_incomingrequests.c:process_node_status_request(328) process_node_status_request: status request for name DAMEN00 from IP 192.168.0.1 on subnet UNICAST_SUBNET - name not found. [2006/02/21 21:24:16, 1] nmbd/nmbd_incomingrequests.c:process_node_status_request(328) process_node_status_request: status request for name DAMEN00 from IP 192.168.0.1 on subnet UNICAST_SUBNET - name not found. Although 'nmblookup DAMEN' finds the name when executed on the linux box upon which smbd/nmbd is running. querying DAMEN on 192.168.255.255 192.168.0.1 DAMEN00 This appear to (not)work the same with or without DAMEN listed in the lmhosts file. Do I need to list the workgroup name somewhere else also? Thanks, Fred Frederick C. Damen wrote: Thanks. I removed the entry for DAMEN from lmhosts and restart smb/nmb and no change that I can see. Thanks, Fred Kristaps Rāts wrote: Having the machine name equal to the workgroup name is a no-no, as far as I know. On O , 2006-02-21 at 08:15 -0600, Frederick C. Damen wrote: I assume I am doing(or not) something extremely simple that is causing my XP boxes to not see my linux(FC4) Samba server in the 'My Network Places'. I can access the shares by 'Map Network Drive' and using the IP address(192.168.0.1). I have set the workgroup name 'DAMEN' in the lmhosts file. 192.168.0.1 DAMEN I have set the workgroup in the smb.conf file. workgroup = damen netbios name = damen I have configured the Samba server to be the Domain Master Browser os level = 35 domain master = yes preferred master = yes wins support = yes I have configured the [global] to be browseable. browseable = yes public = yes I have set the XP box to be on a home network(not bussiness network) and workgroup to DAMEN. Any ideas? Thanks, Fred -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Does anyone use rhosts or hosts equiv autentication in Samba ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, I'm looking to remove some more old code. Does anyone use either of these features currently? cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+/FsIR7qMdg1EfYRArhdAKC347t27A46P/N0XyzORPRoHIiaVgCeJ7t+ b/BBTdOp5TlyxSvP5TFVm/g= =/3dl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Fwd: New Unix user and group domain]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Some people might find this discussion about upcoming changes in 3.0.22 interesting. It might also be helpful to get some feedback from the field on the ramifications of the changes. cheers, jerry = I live in a Reply-to-All world--- Samba--- http://www.samba.org Centeris --- http://www.centeris.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+/HHIR7qMdg1EfYRAhKJAJ475j5lpzYWt6y/U8fpGX+8L8Ao9ACePyi+ dlhcDyMftFalMto8ONllg6Q= =9euO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Does anyone use rhosts or hosts equiv autentication in Samba ?
On Tue, 2006-02-21 at 23:06 -0600, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Folks, I'm looking to remove some more old code. Does anyone use either of these features currently? My guess is that nobody uses them, given what is required to use them (I think you have to manually load the module), and the segfault bugs that existed with only one report for so long. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Does anyone use rhosts or hosts equiv autentication in Samba ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett wrote: My guess is that nobody uses them, given what is required to use them (I think you have to manually load the module), and the segfault bugs that existed with only one report for so long. Yup. I agree. Which is why unless someone speaks out with a convincing argument, I'm voting to pull them from the 3.0.22 release. Thanks for the confirmation of my gut feeling. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD+/PZIR7qMdg1EfYRAhXUAJ9Mxnx0c2ScQftyq5WZKZJ1C5TlzgCgk65d /D1mkJp8sHreaWaZKZnV3ls= =73jv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Questions about sub-folders, access...?
Hi people, iam testing samba3 on freebsd 5.4, i install samba from ports with no problems, i have this simple smb.conf file: [global] workgroup = WORKGROUP netbios name = FREEBSD server string = Samba Server FreeBSD security = user encrypt passwords = yes [public] comment = %h Shared Public Directory path = /opt/test force directory mode = 0777 force create mode = 0777 force group = nobody force user = nobody public = yes writeable = yes read only = no My problem right now is that i want to create one folder with the user X inside this share and give access to user Y to that sub-folder, them i create the folder with the user X from windows 2000, smbd create the folder with this permisions: root# getfacl test #file:test #owner:65534 #group:0 user::rwx group::rwx other::rwx The owner is nobody like the smb.conf say, the group 0 is wheel, ok here everybody can access the folder, but what about if i only want to give access to the owner(X user) and the user Y...? Ok, after rading some docs, i do this: Go to freebsd login with root and change the folder rights: root# chown X:Y /opt/test/NewFolder root# chmod 770 /opt/test/NewFolder Now user X or Y if try to access the folder from windows 2000 smbd say \\Freebsd\public\test is not accessible Access is denied I have been reading the samba 3 by examples book 10.3.3 Share Point Directory and File Permisions, but didnt find the answer, and the chapter 15 of the samba how-to but they speak about the smb.conf shares, and i want to apply this to sub-folders i create inside of samba shares...? I think this can be done inside the Unix/Linux box with the root user but i still dont find the way, what i forget...? Hope you can help me people, thanks all for your time!!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r13589 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: jerry Date: 2006-02-21 14:03:15 + (Tue, 21 Feb 2006) New Revision: 13589 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13589 Log: Make sure we only try to close the tdbsam file in endsampwent() when we have a valid pwent list from a setsampwent(). Fixes a bug with the reference count on the open tdb. Modified: branches/SAMBA_3_0/source/passdb/pdb_tdb.c trunk/source/passdb/pdb_tdb.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_tdb.c === --- branches/SAMBA_3_0/source/passdb/pdb_tdb.c 2006-02-21 03:29:02 UTC (rev 13588) +++ branches/SAMBA_3_0/source/passdb/pdb_tdb.c 2006-02-21 14:03:15 UTC (rev 13589) @@ -50,6 +50,7 @@ TDB_DATA key; }; static struct pwent_list *tdbsam_pwent_list; +static BOOL pwent_initialized; /* GLOBAL TDB SAM CONTEXT */ @@ -292,6 +293,7 @@ } tdb_traverse( tdbsam, tdbsam_traverse_setpwent, NULL ); + pwent_initialized = True; return NT_STATUS_OK; } @@ -305,6 +307,13 @@ { struct pwent_list *ptr, *ptr_next; + /* close the tdb only if we have a valid pwent state */ + + if ( pwent_initialized ) { + DEBUG(7, (endtdbpwent: closed sam database.\n)); + tdbsam_close(); + } + /* clear out any remaining entries in the list */ for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) { @@ -312,11 +321,9 @@ DLIST_REMOVE( tdbsam_pwent_list, ptr ); SAFE_FREE( ptr-key.dptr); SAFE_FREE( ptr ); - } + } - DEBUG(7, (endtdbpwent: closed sam database.\n)); - - tdbsam_close(); + pwent_initialized = False; } /* Modified: trunk/source/passdb/pdb_tdb.c === --- trunk/source/passdb/pdb_tdb.c 2006-02-21 03:29:02 UTC (rev 13588) +++ trunk/source/passdb/pdb_tdb.c 2006-02-21 14:03:15 UTC (rev 13589) @@ -50,6 +50,7 @@ TDB_DATA key; }; static struct pwent_list *tdbsam_pwent_list; +static BOOL pwent_initialized; /* GLOBAL TDB SAM CONTEXT */ @@ -292,6 +293,7 @@ } tdb_traverse( tdbsam, tdbsam_traverse_setpwent, NULL ); + pwent_initialized = True; return NT_STATUS_OK; } @@ -305,6 +307,13 @@ { struct pwent_list *ptr, *ptr_next; + /* close the tdb only if we have a valid pwent state */ + + if ( pwent_initialized ) { + DEBUG(7, (endtdbpwent: closed sam database.\n)); + tdbsam_close(); + } + /* clear out any remaining entries in the list */ for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) { @@ -312,11 +321,9 @@ DLIST_REMOVE( tdbsam_pwent_list, ptr ); SAFE_FREE( ptr-key.dptr); SAFE_FREE( ptr ); - } + } - DEBUG(7, (endtdbpwent: closed sam database.\n)); - - tdbsam_close(); + pwent_initialized = False; } /*
svn commit: samba r13590 - branches/SAMBA_3_0/source/auth branches/SAMBA_3_0/source/pam_smbpass branches/SAMBA_3_0/source/passdb branches/SAMBA_3_0/source/rpc_server branches/SAMBA_3_0/source/smbd bra
Author: jerry Date: 2006-02-21 14:34:11 + (Tue, 21 Feb 2006) New Revision: 13590 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13590 Log: * replace all pdb_init_sam[_talloc]() calls with samu_new() * replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() Modified: branches/SAMBA_3_0/source/auth/auth_rhosts.c branches/SAMBA_3_0/source/auth/auth_sam.c branches/SAMBA_3_0/source/auth/auth_unix.c branches/SAMBA_3_0/source/auth/auth_util.c branches/SAMBA_3_0/source/pam_smbpass/pam_smb_acct.c branches/SAMBA_3_0/source/pam_smbpass/pam_smb_auth.c branches/SAMBA_3_0/source/pam_smbpass/pam_smb_passwd.c branches/SAMBA_3_0/source/passdb/passdb.c branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/passdb/pdb_smbpasswd.c branches/SAMBA_3_0/source/passdb/pdb_tdb.c branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/smbd/chgpasswd.c branches/SAMBA_3_0/source/smbd/lanman.c branches/SAMBA_3_0/source/utils/net_rpc_samsync.c branches/SAMBA_3_0/source/utils/net_sam.c branches/SAMBA_3_0/source/utils/pdbedit.c branches/SAMBA_3_0/source/utils/smbpasswd.c trunk/source/auth/auth_rhosts.c trunk/source/auth/auth_sam.c trunk/source/auth/auth_unix.c trunk/source/auth/auth_util.c trunk/source/pam_smbpass/pam_smb_acct.c trunk/source/pam_smbpass/pam_smb_auth.c trunk/source/pam_smbpass/pam_smb_passwd.c trunk/source/passdb/passdb.c trunk/source/passdb/pdb_interface.c trunk/source/passdb/pdb_smbpasswd.c trunk/source/passdb/pdb_tdb.c trunk/source/rpc_server/srv_netlog_nt.c trunk/source/rpc_server/srv_samr_nt.c trunk/source/smbd/chgpasswd.c trunk/source/smbd/lanman.c trunk/source/utils/net_rpc_samsync.c trunk/source/utils/net_sam.c trunk/source/utils/pdbedit.c trunk/source/utils/smbpasswd.c Changeset: Sorry, the patch is too large (2329 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13590
svn commit: samba r13591 - branches/SAMBA_3_0/source/lib trunk/source/lib
Author: jerry Date: 2006-02-21 15:47:19 + (Tue, 21 Feb 2006) New Revision: 13591 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13591 Log: I really have no idea how this code ever worked. And I have no idea why no one (including myself) caught this with a compiler warningMake sure new_chunk() actually returns a pointer to the allocated memory. SAMBA_3_0 now works again on Solaris. Modified: branches/SAMBA_3_0/source/lib/snprintf.c trunk/source/lib/snprintf.c Changeset: Modified: branches/SAMBA_3_0/source/lib/snprintf.c === --- branches/SAMBA_3_0/source/lib/snprintf.c2006-02-21 14:34:11 UTC (rev 13590) +++ branches/SAMBA_3_0/source/lib/snprintf.c2006-02-21 15:47:19 UTC (rev 13591) @@ -1112,25 +1112,28 @@ } static struct pr_chunk *new_chunk(void) { - struct pr_chunk *new = (struct pr_chunk *)malloc(sizeof(struct pr_chunk)); + struct pr_chunk *new_c = (struct pr_chunk *)malloc(sizeof(struct pr_chunk)); - if (!new) return NULL; + if ( !new_c ) + return NULL; - new-type = 0; - new-num = 0; - new-min = 0; - new-min_star = NULL; - new-max = -1; - new-max_star = NULL; - new-flags = 0; - new-cflags = 0; - new-start = 0; - new-len = 0; - new-value = 0; - new-fvalue = 0; - new-strvalue = NULL; - new-pnum = NULL; - new-next = NULL; + new_c-type = 0; + new_c-num = 0; + new_c-min = 0; + new_c-min_star = NULL; + new_c-max = -1; + new_c-max_star = NULL; + new_c-flags = 0; + new_c-cflags = 0; + new_c-start = 0; + new_c-len = 0; + new_c-value = 0; + new_c-fvalue = 0; + new_c-strvalue = NULL; + new_c-pnum = NULL; + new_c-next = NULL; + + return new_c; } static int add_cnk_list_entry(struct pr_chunk_x **list, Modified: trunk/source/lib/snprintf.c === --- trunk/source/lib/snprintf.c 2006-02-21 14:34:11 UTC (rev 13590) +++ trunk/source/lib/snprintf.c 2006-02-21 15:47:19 UTC (rev 13591) @@ -1112,25 +1112,28 @@ } static struct pr_chunk *new_chunk(void) { - struct pr_chunk *new = (struct pr_chunk *)malloc(sizeof(struct pr_chunk)); + struct pr_chunk *new_c = (struct pr_chunk *)malloc(sizeof(struct pr_chunk)); - if (!new) return NULL; + if ( !new_c ) + return NULL; - new-type = 0; - new-num = 0; - new-min = 0; - new-min_star = NULL; - new-max = -1; - new-max_star = NULL; - new-flags = 0; - new-cflags = 0; - new-start = 0; - new-len = 0; - new-value = 0; - new-fvalue = 0; - new-strvalue = NULL; - new-pnum = NULL; - new-next = NULL; + new_c-type = 0; + new_c-num = 0; + new_c-min = 0; + new_c-min_star = NULL; + new_c-max = -1; + new_c-max_star = NULL; + new_c-flags = 0; + new_c-cflags = 0; + new_c-start = 0; + new_c-len = 0; + new_c-value = 0; + new_c-fvalue = 0; + new_c-strvalue = NULL; + new_c-pnum = NULL; + new_c-next = NULL; + + return new_c; } static int add_cnk_list_entry(struct pr_chunk_x **list,
svn commit: samba r13593 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: jerry Date: 2006-02-21 16:46:21 + (Tue, 21 Feb 2006) New Revision: 13593 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13593 Log: consolidate pdb_set_sam_sids() into samu_set_unix() which was the only place it was called from. Modified: branches/SAMBA_3_0/source/passdb/passdb.c trunk/source/passdb/passdb.c Changeset: Sorry, the patch is too large (481 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13593
svn commit: samba r13595 - in trunk/source/utils: .
Author: jra Date: 2006-02-21 17:00:01 + (Tue, 21 Feb 2006) New Revision: 13595 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13595 Log: Got sense of NTSTATUS check reversed. Jeremy. Modified: trunk/source/utils/net_usershare.c Changeset: Modified: trunk/source/utils/net_usershare.c === --- trunk/source/utils/net_usershare.c 2006-02-21 17:00:00 UTC (rev 13594) +++ trunk/source/utils/net_usershare.c 2006-02-21 17:00:01 UTC (rev 13595) @@ -368,8 +368,8 @@ ntstatus = net_lookup_name_from_sid(ctx, psd-dacl-ace[num_aces].trustee, domain, name); - if (!NT_STATUS_IS_OK(ntstatus)) { - if (*domain) { + if (NT_STATUS_IS_OK(ntstatus)) { + if (domain *domain) { pstrcat(acl_str, domain); pstrcat(acl_str, sep_str); }
svn commit: samba r13597 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: lmuelle Date: 2006-02-21 17:19:20 + (Tue, 21 Feb 2006) New Revision: 13597 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13597 Log: krb5 error codes are defined as long. Modified: branches/SAMBA_3_0/source/libads/krb5_errs.c trunk/source/libads/krb5_errs.c Changeset: Modified: branches/SAMBA_3_0/source/libads/krb5_errs.c === --- branches/SAMBA_3_0/source/libads/krb5_errs.c2006-02-21 17:17:50 UTC (rev 13596) +++ branches/SAMBA_3_0/source/libads/krb5_errs.c2006-02-21 17:19:20 UTC (rev 13597) @@ -23,7 +23,7 @@ #ifdef HAVE_KRB5 static const struct { - int krb5_code; + long krb5_code; NTSTATUS ntstatus; } krb5_to_nt_status_map[] = { {KRB5_CC_IO, NT_STATUS_UNEXPECTED_IO_ERROR}, Modified: trunk/source/libads/krb5_errs.c === --- trunk/source/libads/krb5_errs.c 2006-02-21 17:17:50 UTC (rev 13596) +++ trunk/source/libads/krb5_errs.c 2006-02-21 17:19:20 UTC (rev 13597) @@ -23,7 +23,7 @@ #ifdef HAVE_KRB5 static const struct { - int krb5_code; + long krb5_code; NTSTATUS ntstatus; } krb5_to_nt_status_map[] = { {KRB5_CC_IO, NT_STATUS_UNEXPECTED_IO_ERROR},
svn commit: samba r13598 - branches/SAMBA_3_0/source/include trunk/source/include
Author: lmuelle Date: 2006-02-21 17:35:52 + (Tue, 21 Feb 2006) New Revision: 13598 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13598 Log: Defining KRB5KRB_ERR_RESPONSE_TOO_BIG if not defined which is the case for older krb5 implementations. Patch slightly modified from the version provided by Bj?\195?\182rn Jacke bjoern at j3e dot de at the samba-technical list after discussion on the list and by IRC. Thanks Bj?\195?\182rn! Modified: branches/SAMBA_3_0/source/include/includes.h trunk/source/include/includes.h Changeset: Modified: branches/SAMBA_3_0/source/include/includes.h === --- branches/SAMBA_3_0/source/include/includes.h2006-02-21 17:19:20 UTC (rev 13597) +++ branches/SAMBA_3_0/source/include/includes.h2006-02-21 17:35:52 UTC (rev 13598) @@ -1453,6 +1453,10 @@ #if defined(HAVE_KRB5) +#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG +#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) +#endif + #ifndef HAVE_KRB5_SET_REAL_TIME krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); #endif Modified: trunk/source/include/includes.h === --- trunk/source/include/includes.h 2006-02-21 17:19:20 UTC (rev 13597) +++ trunk/source/include/includes.h 2006-02-21 17:35:52 UTC (rev 13598) @@ -1454,6 +1454,10 @@ #if defined(HAVE_KRB5) +#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG +#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L) +#endif + #ifndef HAVE_KRB5_SET_REAL_TIME krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, int32_t microseconds); #endif
svn commit: samba r13599 - branches/SAMBA_3_0/source/libads trunk/source/libads
Author: lmuelle Date: 2006-02-21 17:48:20 + (Tue, 21 Feb 2006) New Revision: 13599 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13599 Log: krb5 error codes are defined as long. Also for the other direction. Modified: branches/SAMBA_3_0/source/libads/krb5_errs.c trunk/source/libads/krb5_errs.c Changeset: Modified: branches/SAMBA_3_0/source/libads/krb5_errs.c === --- branches/SAMBA_3_0/source/libads/krb5_errs.c2006-02-21 17:35:52 UTC (rev 13598) +++ branches/SAMBA_3_0/source/libads/krb5_errs.c2006-02-21 17:48:20 UTC (rev 13599) @@ -58,7 +58,7 @@ static const struct { NTSTATUS ntstatus; - int krb5_code; + long krb5_code; } nt_status_to_krb5_map[] = { {NT_STATUS_LOGON_FAILURE, KRB5KDC_ERR_PREAUTH_FAILED}, {NT_STATUS_NO_LOGON_SERVERS, KRB5_KDC_UNREACH}, Modified: trunk/source/libads/krb5_errs.c === --- trunk/source/libads/krb5_errs.c 2006-02-21 17:35:52 UTC (rev 13598) +++ trunk/source/libads/krb5_errs.c 2006-02-21 17:48:20 UTC (rev 13599) @@ -58,7 +58,7 @@ static const struct { NTSTATUS ntstatus; - int krb5_code; + long krb5_code; } nt_status_to_krb5_map[] = { {NT_STATUS_LOGON_FAILURE, KRB5KDC_ERR_PREAUTH_FAILED}, {NT_STATUS_NO_LOGON_SERVERS, KRB5_KDC_UNREACH},
svn commit: samba r13600 - branches/SAMBA_3_0/source/passdb trunk/source/passdb
Author: jerry Date: 2006-02-21 19:02:22 + (Tue, 21 Feb 2006) New Revision: 13600 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13600 Log: Move functions local to tdbsam to pdb_tdb.c Modified: branches/SAMBA_3_0/source/passdb/passdb.c branches/SAMBA_3_0/source/passdb/pdb_tdb.c trunk/source/passdb/passdb.c trunk/source/passdb/pdb_tdb.c Changeset: Sorry, the patch is too large (1677 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13600
svn commit: samba r13601 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/lib branches/SAMBA_3_0/source/passdb trunk/source/include trunk/source/lib trunk/source/passdb
Author: jerry Date: 2006-02-21 19:22:49 + (Tue, 21 Feb 2006) New Revision: 13601 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13601 Log: * Remove unused code from pdb_ldap.c * Add a 'struct passwd *' to the struct samu for later reference (I know this may be controversial but its easily reverted which is is why I'm checking this is as a seaparate patch before I get too deep). * Remove unix_homedir from struct samu {} and update the pdb wrapper functions associated with it. Modified: branches/SAMBA_3_0/source/include/passdb.h branches/SAMBA_3_0/source/lib/util_pw.c branches/SAMBA_3_0/source/passdb/passdb.c branches/SAMBA_3_0/source/passdb/pdb_get_set.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c trunk/source/include/passdb.h trunk/source/lib/util_pw.c trunk/source/passdb/passdb.c trunk/source/passdb/pdb_get_set.c trunk/source/passdb/pdb_ldap.c Changeset: Sorry, the patch is too large (429 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13601
svn commit: samba r13602 - in branches/tmp/vl-posixacls/source/smbd: .
Author: vlendec Date: 2006-02-21 21:03:06 + (Tue, 21 Feb 2006) New Revision: 13602 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13602 Log: Weird -- there is no type checking here... Modified: branches/tmp/vl-posixacls/source/smbd/vfs.c Changeset: Modified: branches/tmp/vl-posixacls/source/smbd/vfs.c === --- branches/tmp/vl-posixacls/source/smbd/vfs.c 2006-02-21 19:22:49 UTC (rev 13601) +++ branches/tmp/vl-posixacls/source/smbd/vfs.c 2006-02-21 21:03:06 UTC (rev 13602) @@ -111,10 +111,10 @@ vfswrap_chmod_acl, vfswrap_fchmod_acl, + vfswrap_acl_get_file, vfswrap_acl_get_fd, - vfswrap_acl_get_file, + vfswrap_acl_set_file, vfswrap_acl_set_fd, - vfswrap_acl_set_file, vfswrap_sys_acl_delete_def_file,
svn commit: samba r13603 - in trunk/source/smbd: .
Author: jra Date: 2006-02-21 23:21:26 + (Tue, 21 Feb 2006) New Revision: 13603 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13603 Log: Fix for bug #3512 use spnego=no and server signing=auto cause client to disconnect after negprot We missed one case of ignoring BSRSPYL . Merge for 3.0.21c. Jeremy. Modified: trunk/source/smbd/sesssetup.c Changeset: Modified: trunk/source/smbd/sesssetup.c === --- trunk/source/smbd/sesssetup.c 2006-02-21 21:03:06 UTC (rev 13602) +++ trunk/source/smbd/sesssetup.c 2006-02-21 23:21:26 UTC (rev 13603) @@ -70,6 +70,23 @@ } / + Start the signing engine if needed. Don't fail signing here. +/ + +static void sessionsetup_start_signing_engine(const auth_serversupplied_info *server_info, char *inbuf) +{ + if (!server_info-guest !srv_signing_started()) { + /* We need to start the signing engine +* here but a W2K client sends the old +* BSRSPYL signature instead of the +* correct one. Subsequent packets will +* be correct. +*/ + srv_check_sign_mac(inbuf, False); + } +} + +/ Send a security blob via a session setup reply. / @@ -355,15 +372,7 @@ SSVAL(outbuf, smb_uid, sess_vuid); - if (!server_info-guest !srv_signing_started()) { - /* We need to start the signing engine -* here but a W2K client sends the old -* BSRSPYL signature instead of the -* correct one. Subsequent packets will -* be correct. -*/ - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } /* wrap that up in a nice GSS-API wrapping */ @@ -436,16 +445,7 @@ SSVAL(outbuf,smb_uid,sess_vuid); - if (!server_info-guest !srv_signing_started()) { - /* We need to start the signing engine -* here but a W2K client sends the old -* BSRSPYL signature instead of the -* correct one. Subsequent packets will -* be correct. -*/ - - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } } @@ -1107,9 +1107,7 @@ /* current_user_info is changed on new vuid */ reload_services( True ); - if (!server_info-guest !srv_signing_started() !srv_check_sign_mac(inbuf, True)) { - exit_server(reply_sesssetup_and_X: bad smb signature); - } + sessionsetup_start_signing_engine(server_info, inbuf); SSVAL(outbuf,smb_uid,sess_vuid); SSVAL(inbuf,smb_uid,sess_vuid);
svn commit: samba r13604 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2006-02-21 23:21:28 + (Tue, 21 Feb 2006) New Revision: 13604 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13604 Log: Fix for bug #3512 use spnego=no and server signing=auto cause client to disconnect after negprot We missed one case of ignoring BSRSPYL . Merge for 3.0.21c. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c === --- branches/SAMBA_3_0/source/smbd/sesssetup.c 2006-02-21 23:21:26 UTC (rev 13603) +++ branches/SAMBA_3_0/source/smbd/sesssetup.c 2006-02-21 23:21:28 UTC (rev 13604) @@ -70,6 +70,23 @@ } / + Start the signing engine if needed. Don't fail signing here. +/ + +static void sessionsetup_start_signing_engine(const auth_serversupplied_info *server_info, char *inbuf) +{ + if (!server_info-guest !srv_signing_started()) { + /* We need to start the signing engine +* here but a W2K client sends the old +* BSRSPYL signature instead of the +* correct one. Subsequent packets will +* be correct. +*/ + srv_check_sign_mac(inbuf, False); + } +} + +/ Send a security blob via a session setup reply. / @@ -355,15 +372,7 @@ SSVAL(outbuf, smb_uid, sess_vuid); - if (!server_info-guest !srv_signing_started()) { - /* We need to start the signing engine -* here but a W2K client sends the old -* BSRSPYL signature instead of the -* correct one. Subsequent packets will -* be correct. -*/ - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } /* wrap that up in a nice GSS-API wrapping */ @@ -436,16 +445,7 @@ SSVAL(outbuf,smb_uid,sess_vuid); - if (!server_info-guest !srv_signing_started()) { - /* We need to start the signing engine -* here but a W2K client sends the old -* BSRSPYL signature instead of the -* correct one. Subsequent packets will -* be correct. -*/ - - srv_check_sign_mac(inbuf, False); - } + sessionsetup_start_signing_engine(server_info, inbuf); } } @@ -1107,9 +1107,7 @@ /* current_user_info is changed on new vuid */ reload_services( True ); - if (!server_info-guest !srv_signing_started() !srv_check_sign_mac(inbuf, True)) { - exit_server(reply_sesssetup_and_X: bad smb signature); - } + sessionsetup_start_signing_engine(server_info, inbuf); SSVAL(outbuf,smb_uid,sess_vuid); SSVAL(inbuf,smb_uid,sess_vuid);
Build status as of Wed Feb 22 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-02-21 00:00:09.0 + +++ /home/build/master/cache/broken_results.txt 2006-02-22 00:00:03.0 + @@ -1,17 +1,17 @@ -Build status as of Tue Feb 21 00:00:05 2006 +Build status as of Wed Feb 22 00:00:02 2006 Build counts: Tree Total Broken Panic -ccache 6 2 0 +ccache 7 2 0 distcc 8 2 0 -lorikeet-heimdal 14 14 0 -ppp 14 0 0 -rsync28 2 0 +lorikeet-heimdal 17 17 0 +ppp 15 0 0 +rsync29 2 0 samba2 0 0 samba-docs 0 0 0 -samba4 30 19 2 -samba_3_029 8 0 -smb-build20 3 0 -talloc 6 4 0 -tdb 4 1 0 +samba4 31 20 2 +samba_3_030 4 0 +smb-build21 3 0 +talloc 6 3 0 +tdb 5 1 0
svn commit: samba r13605 - in branches/SAMBA_4_0/source/script/tests: .
Author: abartlet Date: 2006-02-22 00:18:07 + (Wed, 22 Feb 2006) New Revision: 13605 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13605 Log: Use $BASEDN to ensure this works outside of the 'make test' rig. Andrew Bartlett Modified: branches/SAMBA_4_0/source/script/tests/test_ldap.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/test_ldap.sh === --- branches/SAMBA_4_0/source/script/tests/test_ldap.sh 2006-02-21 23:21:28 UTC (rev 13604) +++ branches/SAMBA_4_0/source/script/tests/test_ldap.sh 2006-02-22 00:18:07 UTC (rev 13605) @@ -73,7 +73,7 @@ fi echo Test Attribute Scope Query Control -nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=asq:1:member -s base -b 'CN=Administrators,CN=Builtin,DC=samba,DC=example,DC=com' | grep sAMAccountName | wc -l` +nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER --controls=asq:1:member -s base -b CN=Administrators,CN=Builtin,$BASEDN | grep sAMAccountName | wc -l` if [ $nentries -lt 1 ]; then echo Attribute Scope Query test returned 0 items failed=`expr $failed + 1`
svn commit: samba r13606 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules ldap_server
Author: abartlet Date: 2006-02-22 00:26:56 + (Wed, 22 Feb 2006) New Revision: 13606 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13606 Log: An attempt to fix #3525. The problem was that the supportedControls were being stolen into the result sent to the client, then talloc_free()ed. This caused them to be invalid on the next rootDSE query. This also tries to avoid attaching the result to the long-term samdb context, and avoids an extra loop in the result processing (pointed out by tridge). Andrew BARtlett Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c branches/SAMBA_4_0/source/ldap_server/ldap_backend.c Changeset: Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c === --- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c 2006-02-22 00:18:07 UTC (rev 13605) +++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c 2006-02-22 00:26:56 UTC (rev 13606) @@ -73,8 +73,12 @@ if (do_attribute(s-attrs, supportedControl)) { int i; for (i = 0; i priv-num_controls; i++) { + char *control = talloc_strdup(msg, priv-controls[i]); + if (!control) { + goto failed; + } if (ldb_msg_add_string(msg, supportedControl, - priv-controls[i]) != 0) { + control) != 0) { goto failed; } } Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2006-02-22 00:18:07 UTC (rev 13605) +++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2006-02-22 00:26:56 UTC (rev 13606) @@ -153,7 +153,7 @@ struct ldap_Result *done; struct ldapsrv_reply *ent_r, *done_r; void *local_ctx; - struct ldb_context *samdb = call-conn-ldb; + struct ldb_context *samdb = talloc_get_type(call-conn-ldb, struct ldb_context); struct ldb_dn *basedn; struct ldb_result *res = NULL; struct ldb_request lreq; @@ -163,13 +163,13 @@ int success_limit = 1; int result = LDAP_SUCCESS; int ldb_ret; - int i, j, y; + int i, j; DEBUG(10, (SearchRequest)); DEBUGADD(10, ( basedn: %s, req-basedn)); DEBUGADD(10, ( filter: %s\n, ldb_filter_from_tree(call, req-tree))); - local_ctx = talloc_named(call, 0, sldb_Search local memory context); + local_ctx = talloc_new(call); NT_STATUS_HAVE_NO_MEMORY(local_ctx); basedn = ldb_dn_explode(local_ctx, req-basedn); @@ -228,7 +228,8 @@ ldb_ret = ldb_request(samdb, lreq); - res = talloc_steal(samdb, lreq.op.search.res); + /* Ensure we don't keep the search results around for too long */ + res = talloc_steal(local_ctx, lreq.op.search.res); if (ldb_ret == LDB_SUCCESS) { for (i = 0; i res-count; i++) { @@ -253,14 +254,8 @@ continue; } ent-attributes[j].num_values = res-msgs[i]-elements[j].num_values; - ent-attributes[j].values = talloc_array(ent-attributes, - DATA_BLOB, ent-attributes[j].num_values); - NT_STATUS_HAVE_NO_MEMORY(ent-attributes[j].values); - for (y=0; y ent-attributes[j].num_values; y++) { - ent-attributes[j].values[y].length = res-msgs[i]-elements[j].values[y].length; - ent-attributes[j].values[y].data = talloc_steal(ent-attributes[j].values, - res-msgs[i]-elements[j].values[y].data); - } + ent-attributes[j].values = res-msgs[i]-elements[j].values; + talloc_steal(ent-attributes, res-msgs[i]-elements[j].values); } queue_reply: ldapsrv_queue_reply(call, ent_r); @@ -287,6 +282,7 @@ } if (res-controls) { done_r-msg-controls = (struct ldap_Control **)(res-controls); + talloc_steal(done_r, res-controls); } } else { DEBUG(10,(SearchRequest: error\n));
svn commit: samba r13607 - in branches/SAMBA_3_0/source/utils: .
Author: jra Date: 2006-02-22 00:34:35 + (Wed, 22 Feb 2006) New Revision: 13607 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13607 Log: Fix compile - don't ref auto variable in a structure initialization. Fix from Richard Bollinger [EMAIL PROTECTED]. Jeremy. Modified: branches/SAMBA_3_0/source/utils/pdbedit.c Changeset: Modified: branches/SAMBA_3_0/source/utils/pdbedit.c === --- branches/SAMBA_3_0/source/utils/pdbedit.c 2006-02-22 00:26:56 UTC (rev 13606) +++ branches/SAMBA_3_0/source/utils/pdbedit.c 2006-02-22 00:34:35 UTC (rev 13607) @@ -655,7 +655,7 @@ static char *pwd_can_change_time = NULL; static char *pwd_must_change_time = NULL; static char *pwd_time_format = NULL; - BOOL pw_from_stdin = False; + static BOOL pw_from_stdin = False; struct pdb_methods *bdef = NULL; poptContext pc;
svn commit: samba r13608 - in trunk/source/utils: .
Author: jra Date: 2006-02-22 00:34:36 + (Wed, 22 Feb 2006) New Revision: 13608 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13608 Log: Fix compile - don't ref auto variable in a structure initialization. Fix from Richard Bollinger [EMAIL PROTECTED]. Jeremy. Modified: trunk/source/utils/pdbedit.c Changeset: Modified: trunk/source/utils/pdbedit.c === --- trunk/source/utils/pdbedit.c2006-02-22 00:34:35 UTC (rev 13607) +++ trunk/source/utils/pdbedit.c2006-02-22 00:34:36 UTC (rev 13608) @@ -655,7 +655,7 @@ static char *pwd_can_change_time = NULL; static char *pwd_must_change_time = NULL; static char *pwd_time_format = NULL; - BOOL pw_from_stdin = False; + static BOOL pw_from_stdin = False; struct pdb_methods *bdef = NULL; poptContext pc;
svn commit: samba r13609 - in branches/SAMBA_4_0/source: ldap_server lib/ldb/common lib/ldb/include lib/ldb/ldb_ildap lib/ldb/ldb_sqlite3 lib/ldb/ldb_tdb lib/ldb/tools libcli/ldap
Author: idra Date: 2006-02-22 01:31:35 + (Wed, 22 Feb 2006) New Revision: 13609 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13609 Log: Get in the initial work on making ldb async Currently only ldb_ildap is async, the plan is to first make all backend support the async calls, and then remove the sync functions from backends and keep the only in the API. Modules will need to be transformed along the way. Simo Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c branches/SAMBA_4_0/source/lib/ldb/common/ldb.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.c branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c branches/SAMBA_4_0/source/libcli/ldap/ldap.c branches/SAMBA_4_0/source/libcli/ldap/ldap.h branches/SAMBA_4_0/source/libcli/ldap/ldap_client.c branches/SAMBA_4_0/source/libcli/ldap/ldap_client.h branches/SAMBA_4_0/source/libcli/ldap/ldap_controls.c branches/SAMBA_4_0/source/libcli/ldap/ldap_ildap.c Changeset: Sorry, the patch is too large (1807 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13609
svn commit: samba r13610 - in branches/SAMBA_3_0/source/param: .
Author: jra Date: 2006-02-22 01:31:43 + (Wed, 22 Feb 2006) New Revision: 13610 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13610 Log: Patch from Bjoern JACKE [EMAIL PROTECTED]. Don't default to /tmp if there is no path in the share, make it unavailable. All printer shares should have a path and IPC$ is already explicitly set to tmpdir(). Jeremy. Modified: branches/SAMBA_3_0/source/param/loadparm.c Changeset: Modified: branches/SAMBA_3_0/source/param/loadparm.c === --- branches/SAMBA_3_0/source/param/loadparm.c 2006-02-22 01:31:35 UTC (rev 13609) +++ branches/SAMBA_3_0/source/param/loadparm.c 2006-02-22 01:31:43 UTC (rev 13610) @@ -2929,10 +2929,12 @@ } if (ServicePtrs[iService]-szPath[0] == '\0' - strwicmp(ServicePtrs[iService]-szService, HOMES_NAME) != 0) { - DEBUG(0, (No path in service %s - using %s\n, - ServicePtrs[iService]-szService, tmpdir())); - string_set(ServicePtrs[iService]-szPath, tmpdir()); + strwicmp(ServicePtrs[iService]-szService, HOMES_NAME) != 0 + ServicePtrs[iService]-szMSDfsProxy[0] == '\0' + ) { + DEBUG(0, (WARNING: No path in service %s - making it unavailable!\n, + ServicePtrs[iService]-szService)); + ServicePtrs[iService]-bAvailable = False; } /* If a service is flagged unavailable, log the fact at level 0. */
svn commit: samba r13611 - in trunk/source/param: .
Author: jra Date: 2006-02-22 01:31:49 + (Wed, 22 Feb 2006) New Revision: 13611 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13611 Log: Patch from Bjoern JACKE [EMAIL PROTECTED]. Don't default to /tmp if there is no path in the share, make it unavailable. All printer shares should have a path and IPC$ is already explicitly set to tmpdir(). Jeremy. Modified: trunk/source/param/loadparm.c Changeset: Modified: trunk/source/param/loadparm.c === --- trunk/source/param/loadparm.c 2006-02-22 01:31:43 UTC (rev 13610) +++ trunk/source/param/loadparm.c 2006-02-22 01:31:49 UTC (rev 13611) @@ -2929,10 +2929,12 @@ } if (ServicePtrs[iService]-szPath[0] == '\0' - strwicmp(ServicePtrs[iService]-szService, HOMES_NAME) != 0) { - DEBUG(0, (No path in service %s - using %s\n, - ServicePtrs[iService]-szService, tmpdir())); - string_set(ServicePtrs[iService]-szPath, tmpdir()); + strwicmp(ServicePtrs[iService]-szService, HOMES_NAME) != 0 + ServicePtrs[iService]-szMSDfsProxy[0] == '\0' + ) { + DEBUG(0, (WARNING: No path in service %s - making it unavailable!\n, + ServicePtrs[iService]-szService)); + ServicePtrs[iService]-bAvailable = False; } /* If a service is flagged unavailable, log the fact at level 0. */
svn commit: samba r13612 - branches/SAMBA_3_0/source/client trunk/source/client
Author: tpot Date: 2006-02-22 03:12:00 + (Wed, 22 Feb 2006) New Revision: 13612 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13612 Log: #define NO_SYSLOG is dead as a doornail. Modified: branches/SAMBA_3_0/source/client/smbctool.c trunk/source/client/smbctool.c Changeset: Modified: branches/SAMBA_3_0/source/client/smbctool.c === --- branches/SAMBA_3_0/source/client/smbctool.c 2006-02-22 01:31:49 UTC (rev 13611) +++ branches/SAMBA_3_0/source/client/smbctool.c 2006-02-22 03:12:00 UTC (rev 13612) @@ -22,8 +22,6 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#define NO_SYSLOG - #include includes.h #include libsmbclient.h #include client/client_proto.h Modified: trunk/source/client/smbctool.c === --- trunk/source/client/smbctool.c 2006-02-22 01:31:49 UTC (rev 13611) +++ trunk/source/client/smbctool.c 2006-02-22 03:12:00 UTC (rev 13612) @@ -22,8 +22,6 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#define NO_SYSLOG - #include includes.h #include libsmbclient.h #include client/client_proto.h
svn commit: samba r13613 - in trunk/source: libsmb utils
Author: jra Date: 2006-02-22 04:56:50 + (Wed, 22 Feb 2006) New Revision: 13613 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13613 Log: First part of the bugfix for #3510 - net join fails against server with schannel disabled. Second part will come tomorrow (fixing net_rpc_join_ok()). Jeremy. Modified: trunk/source/libsmb/clientgen.c trunk/source/utils/net_rpc_join.c Changeset: Modified: trunk/source/libsmb/clientgen.c === --- trunk/source/libsmb/clientgen.c 2006-02-22 03:12:00 UTC (rev 13612) +++ trunk/source/libsmb/clientgen.c 2006-02-22 04:56:50 UTC (rev 13613) @@ -358,8 +358,14 @@ BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli) { - BOOL ret = cli_close(cli-cli, cli-fnum); + BOOL ret; + if (!cli) { + return False; + } + + ret = cli_close(cli-cli, cli-fnum); + if (!ret) { DEBUG(0,(cli_rpc_pipe_close: cli_close failed on pipe %s, fnum 0x%x Modified: trunk/source/utils/net_rpc_join.c === --- trunk/source/utils/net_rpc_join.c 2006-02-22 03:12:00 UTC (rev 13612) +++ trunk/source/utils/net_rpc_join.c 2006-02-22 04:56:50 UTC (rev 13613) @@ -88,10 +88,9 @@ struct cli_state *cli; TALLOC_CTX *mem_ctx; uint32 acb_info = ACB_WSTRUST; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); uint32 sec_channel_type; struct rpc_pipe_client *pipe_hnd = NULL; - struct rpc_pipe_client *netlogon_schannel_pipe = NULL; /* rpc variables */ @@ -325,29 +324,37 @@ goto done; } - netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli, + /* We can only check the schannel connection if the client is allowed + to do this and the server supports it. If not, just assume success + (after all the rpccli_netlogon_setup_creds() succeeded, and we'll + do the same again (setup creds) in net_rpc_join_ok(). JRA. */ + + if (lp_client_schannel() (neg_flags NETLOGON_NEG_SCHANNEL)) { + struct rpc_pipe_client *netlogon_schannel_pipe = + cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON, PIPE_AUTH_LEVEL_PRIVACY, domain, pipe_hnd-dc, result); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0, (Error in domain join verification (schannel setup failed): %s\n\n, - nt_errstr(result))); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0, (Error in domain join verification (schannel setup failed): %s\n\n, + nt_errstr(result))); - if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) -(sec_channel_type == SEC_CHAN_BDC) ) { - d_fprintf(stderr, Please make sure that no computer account\n -named like this machine (%s) exists in the domain\n, -global_myname()); + if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) +(sec_channel_type == SEC_CHAN_BDC) ) { + d_fprintf(stderr, Please make sure that no computer account\n +named like this machine (%s) exists in the domain\n, +global_myname()); + } + + goto done; } - - goto done; + cli_rpc_pipe_close(netlogon_schannel_pipe); } cli_rpc_pipe_close(pipe_hnd); - cli_rpc_pipe_close(netlogon_schannel_pipe); /* Now store the secret in the secrets database */
svn commit: samba r13614 - in branches/SAMBA_3_0/source: libsmb utils
Author: jra Date: 2006-02-22 04:56:53 + (Wed, 22 Feb 2006) New Revision: 13614 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13614 Log: First part of the bugfix for #3510 - net join fails against server with schannel disabled. Second part will come tomorrow (fixing net_rpc_join_ok()). Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c branches/SAMBA_3_0/source/utils/net_rpc_join.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c === --- branches/SAMBA_3_0/source/libsmb/clientgen.c2006-02-22 04:56:50 UTC (rev 13613) +++ branches/SAMBA_3_0/source/libsmb/clientgen.c2006-02-22 04:56:53 UTC (rev 13614) @@ -358,8 +358,14 @@ BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli) { - BOOL ret = cli_close(cli-cli, cli-fnum); + BOOL ret; + if (!cli) { + return False; + } + + ret = cli_close(cli-cli, cli-fnum); + if (!ret) { DEBUG(0,(cli_rpc_pipe_close: cli_close failed on pipe %s, fnum 0x%x Modified: branches/SAMBA_3_0/source/utils/net_rpc_join.c === --- branches/SAMBA_3_0/source/utils/net_rpc_join.c 2006-02-22 04:56:50 UTC (rev 13613) +++ branches/SAMBA_3_0/source/utils/net_rpc_join.c 2006-02-22 04:56:53 UTC (rev 13614) @@ -88,10 +88,9 @@ struct cli_state *cli; TALLOC_CTX *mem_ctx; uint32 acb_info = ACB_WSTRUST; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL; + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0); uint32 sec_channel_type; struct rpc_pipe_client *pipe_hnd = NULL; - struct rpc_pipe_client *netlogon_schannel_pipe = NULL; /* rpc variables */ @@ -325,29 +324,37 @@ goto done; } - netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli, + /* We can only check the schannel connection if the client is allowed + to do this and the server supports it. If not, just assume success + (after all the rpccli_netlogon_setup_creds() succeeded, and we'll + do the same again (setup creds) in net_rpc_join_ok(). JRA. */ + + if (lp_client_schannel() (neg_flags NETLOGON_NEG_SCHANNEL)) { + struct rpc_pipe_client *netlogon_schannel_pipe = + cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON, PIPE_AUTH_LEVEL_PRIVACY, domain, pipe_hnd-dc, result); - if (!NT_STATUS_IS_OK(result)) { - DEBUG(0, (Error in domain join verification (schannel setup failed): %s\n\n, - nt_errstr(result))); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0, (Error in domain join verification (schannel setup failed): %s\n\n, + nt_errstr(result))); - if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) -(sec_channel_type == SEC_CHAN_BDC) ) { - d_fprintf(stderr, Please make sure that no computer account\n -named like this machine (%s) exists in the domain\n, -global_myname()); + if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) +(sec_channel_type == SEC_CHAN_BDC) ) { + d_fprintf(stderr, Please make sure that no computer account\n +named like this machine (%s) exists in the domain\n, +global_myname()); + } + + goto done; } - - goto done; + cli_rpc_pipe_close(netlogon_schannel_pipe); } cli_rpc_pipe_close(pipe_hnd); - cli_rpc_pipe_close(netlogon_schannel_pipe); /* Now store the secret in the secrets database */
svn commit: samba r13615 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules lib/ldb/common lib/ldb/include lib/ldb/ldb_ildap lib/ldb/ldb_ldap lib/ldb/ldb_sqlite3 lib/ldb/ldb_tdb lib/ldb/modules nb
Author: idra Date: 2006-02-22 05:21:43 + (Wed, 22 Feb 2006) New Revision: 13615 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13615 Log: Make ldb_set_errstring get ldb instead of module as parameter. The module was just used to get to the ldb so it was meningless. Also add LDB_WAIT_ONCE e relative code in ldb_ildap.c Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/proxy.c branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c branches/SAMBA_4_0/source/lib/ldb/common/ldb.c branches/SAMBA_4_0/source/lib/ldb/common/ldb_debug.c branches/SAMBA_4_0/source/lib/ldb/include/ldb.h branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c branches/SAMBA_4_0/source/lib/ldb/modules/ldb_map.c branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c branches/SAMBA_4_0/source/nbt_server/wins/wins_ldb.c Changeset: Sorry, the patch is too large (631 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13615