Re: [Samba] Smbpasswd in a cron job

[Sebastian Held]

Try 

echo -e ${PASSWD}\n${PASSWD} | smbpasswd -a -s ${USER}

br,
Sebastian


pgpY2IZTjjNNb.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba PDC/LDAP not mapping logon drive

[Jeff Wiegley]

Well it took forever (three days actually) to:
 1) setup a working ldap server.
 Unix users now authenticate against the LDAP server perfectly.
 2) Setup samba to use LDAP authentication.
 3) Get the WindowsXP machines to become members of the domain.

Everything seems to be working fine except for
 1) roaming profiles, and
 2) User's home directory (logon drive) doesn't get mapped during
  log in.

So basically I can log in to the workstation. My user can even
see their home directory shares (via the [homes] share) but
it doesn't get mapped automatically as drive E: (or any other
drive letter) when they log on.

I can sort of live without roaming profiles but the failure to
map the logon drive automagically isn't acceptable.

Could somebody please help me??

I have the logon stuff setup as:
logon path = \\%L\profiles\%U
logon drive = E:
logon home = \\%L\%U

Which I think should map \\SERVER\USERNAME as drive E:
autmatically whenever they log in (substituting the proper
values for SERVER and USERNAME of course.)

It doesn't work. The profile doesn't seem to roam either as
I expect it would with logon path. The path exists and I have
enabled the thingy in gpedit.msc which is required for WinXP
machines. But this is really secondary. I need the logon drive
fixed roaming profiles would just be a nice bonus.

here's my full smb.conf, sorry to be so verbose but I wanted to
include it all because I don't understand much of the LDAP, PDC
or roaming profile entrystuff in this so I didn't want to miss
something:
-BEGIN /etc/samba/smb.conf 
---

[global]
netbios name = SERVER
workgroup = MYDOMAIN
server string = LDAP PDC [on Gentoo :: Samba server %v]

hosts allow = 10.166.10.0/24 127.0.0.0/8
security = user
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
interfaces = lo eth1
bind interfaces only = yes

local master = yes
os level = 65
domain master = yes
preferred master = yes

null passwords = no
hide unreadable = yes
hide dot files = yes

domain logons = yes
;logon script = login.bat OR %U.bat

logon path = \\%L\profiles\%U
logon drive = E:
logon home = \\%L\%U

wins support = yes
name resolve order = wins lmhosts host bcast
dns proxy = no

time server = yes
log file = /var/log/samba/log.%m
max log size = 50

passdb backend = ldapsam:ldaps://127.0.0.1:636/
ldap passwd sync = Yes
ldap suffix = dc=sanitized,dc=com
ldap admin dn = cn=Manager,dc=sanitized,dc=com
ldap ssl = yes
ldap group suffix = ou=Group
ldap user suffix = ou=People
ldap machine suffix = ou=People
ldap idmap suffix = ou=People
add user script = /usr/sbin/smbldap-useradd -m %u
ldap delete dn = Yes
#delete user script = /usr/sbin/smbldap-userdel %u
add machine script = /usr/sbin/smbldap-useradd -w %u
add group script = /usr/sbin/smbldap-groupadd -p %g
#delete group script = /usr/sbin/smbldap-groupdel %g
add user to group script = /usr/sbin/smbldap-groupmod -m %u %g
delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/sbin/smbldap-usermod -g %g %u

[netlogon]
path = /var/lib/samba/netlogon
guest ok = no
read only = yes
browseable = no
write list = root

[profiles]
path = /var/lib/samba/profiles
browsable = no
writable = yes
create mode = 0644
directory mode = 0755

[homes]
path = /home/%U
browseable = no
valid users = %S
read only = no
guest ok = no
create mask = 0664
directory mask = 0775
inherit permissions = yes

;[public]
; comment = Public Stuff
; path = /public
; public = yes
; read only = yes
; browseable = yes
; write list = @users
-END /etc/samba/smb.conf 
-


Thanks,

- Jeff
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] samba as PDC with ldap

[Louis van Belle]

Hi rowland, 

tell me whats the problem, and i wil help you,
if there are errors in my howto i'll fix this, but.

The howto i wrote will work.
i installed 3 servers with this and its working
prefectly.

/etc/ldap/ldap conf to point to your server
HOST 127.0.0.1
BASE dc=domainname,dc=org or net or com or nothing(you do 
not have to use the last part, you just have to be consistant)
 
This part, is done while you install the libnss-ldap and libpam-ldap
and the defaults of the slapd config are used and are corrected.

i think you edited this or already installed it.
If you use the debian standard setting it wil work.

Louis


-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] 
Namens rowland penny
Verzonden: zondag 19 februari 2006 13:01
Aan: samba@lists.samba.org
Onderwerp: [Samba] samba as PDC with ldap

I have read louis`s howto from december, tried to use 
kunbuntu, this failed at the ldap server test stage, tried 
various things, could not make it work, so downloaded debian. 
Followed louis`s howto and compiled a 2.6.8 kernel (louis, the 
compile instructions do not work as given). 
Followed the howto, downloaded samba etc, setup slapd etc as 
per instructions and it failed again at the same place.
So, I googled and found the the Linux Samba Openldap howto, 
printed this and read it, thats where I found the answer to 
the problem, Louis missed a bit, you have to edit 
/etc/ldap/ldap conf to point to your server
HOST 127.0.0.1
BASE dc=domainname,dc=org or net or com or nothing(you do 
not have to use the last part, you just have to be consistant)
This is where I come to my next problem, I cannot get the 
localsid. When I ask for it (net getlocalsid) I get this
[2006/02/19 11:19:58,  0] 
lib/smbldap.c:smb_ldap_start_tls(546)  Failed to issue the 
StartTLS instruction: Connect error
I have googled, found a few instances of this with earlier 
versions of samba, so upgraded to 3.0.21b-1 from debian 
testing, it still gives same answer, anybody have an answer please.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC/LDAP not mapping logon drive

[Kurt Weiss]

hello jeff

Jeff Wiegley schrieb:


Everything seems to be working fine except for
 1) roaming profiles, and
 2) User's home directory (logon drive) doesn't get mapped during
  log in.

So basically I can log in to the workstation. My user can even
see their home directory shares (via the [homes] share) but
it doesn't get mapped automatically as drive E: (or any other
drive letter) when they log on.


my experience showed, that not all windows clients automatically map the 
drive.

workaround: use net use e: /HOME in your logon script.

roaming profiles:
- please check, if your client is a correct member of the domain.
- check unix rights of the filesystem.
profiles needs
profile acls = yes
we're using following entries for the [profile] section:

   csc policy = disable
   browsable = no
   profile acls = yes
   path = /var/smbdata/profiles
   writable = yes
   create mask = 0600
   directory mask = 0700



;logon script = login.bat OR %U.bat


you have comment out the logonscript?

--
--
greetings,
kurt, austria. (http://www.kwnet.at)
===
this is a posting from a samba *user* - not a samba developer.
the posting is created on the base of experiences an may be faulty.
so, if contains any mistakes, please feel free to correct it
===
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Interrupt system call

[Meli Marco]

Hi, 

Can anyone tell me why I Interrupt system call ? 

 

Feb 21 11:59:02 server /usr/sbin/cron[2224]: (job260) CMD (bash cat.sh)

Feb 21 12:00:09 server syslog-ng[5073]: STATS: dropped 10

Feb 21 12:01:04 server vsftpd: Tue Feb 21 12:01:04 2006 [pid 2269] CONNECT:
Client 10.90.1.1

Feb 21 12:01:07 server smbd[27407]: [2006/02/21 12:01:07, 0]
tdb/tdbutil.c:tdb_log(772)

Feb 21 12:01:07 server smbd[27407]:   tdb(/etc/samba/secrets.tdb): tdb_lock
failed on list 2 ltype=1 (Interrupted system call)

Feb 21 12:01:07 server smbd[27407]: [2006/02/21 12:01:07, 0]
tdb/tdbutil.c:tdb_chainlock_with_timeout_internal(82)Feb 21 12:01:07 brulx01
smbd[27407]:   tdb_chainlock_with_timeout_internal: alarm (10) timed out for
key replay cache mutex in tdb /etc/samba/secrets.tdb

 

Feb 21 12:01:20 brulx01 smbd[29555]: [2006/02/21 12:01:20, 0]
tdb/tdbutil.c:tdb_log(772)

 

Thanks.

Marco.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] help, we are running out of idmap uids

[Hans B. Randgaard]

Dear Samba experts,

 

Initially we set up winbind to the following:

 

idmap uid = 1-2

 

thinking that 1 uids were sufficient

for the number of users we would get.

We also have defined our UNIX users

from 20001 onwards.

 

However, now I can see that our latest

windows(idmap uid) users has uid 19123

and this troubles me.

 

Since I cannot just extend the range to

be say 1-3 because of our UNIX

UIDs, I would like to ask if it is possible to

define 2 ranges like:

 

 idmap uid = 1-2,3-4

 

I noticed that winbind will not automatically

remove UIDs not used. For instance when

a windows user is deleted. Is there a way

to do this manually ?

And will winbind then use the unused UIDs ?

 

Kind regards, Hans.

 

 


**
This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they 
are addressed. If you have received this e-mail in error please notify 
the system manager at [EMAIL PROTECTED]

This e-mail and its contents do not constitute and shall not be 
considered as a financial commitment of Maersk Olie og Gas AS 
and its affiliates. 
Maersk Olie og Gas AS expressly disclaims any responsibility
as to the accuracy and use of this e-mail and its contents.
**

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] nobody run add user script = /usr/sbin/useradd .....

[Bojidar Penchev]

Greetings!  

  I have the following configuration:  

  Two PDCs with Fedora Core 4: PDC1 and PDC2.  

  PDC1 trusts  PDC2, respectively PDC2 is trusted to PDC1.  
  I join an XP workstation to PDC2. After restart i can see both domains   
in the login screen domain combo box.  
I can logon to PDC2 , but not to PDC1, since the PDC2's /etc/passwd  lacks 
the username from PDC1 i am trying to log in with. To correct  this i edit 
smb.conf adding this line: 


  add user script = /usr/sbin/useradd %u -g users -s /bin/false -d 
/dev/null  

After another unsuccessful login to PDC1 (with username ivan for  example) 
in the PDC2's log (/var/log/samba/winxp.log) can be seen the  following lines: 

  useradd: unable to lock password file  
  useradd gave 1  


  When i try to access a share on PDC2 with a PDC1 user (ivan for   
example), useradd is   executed successfully, and user ivan   is added to   
/etc/passwd.  

I found out that during login add user script = /usr/sbin/useradd %u  
.. is executed with user nobody, and this user has no right to  execute 
useradd, hence an error occurs. 

  After that i added user nobody in the /etc/sudoers so he could execute   
sudo on PDC2:  

  visudo -f sudoers  
  %nobody  ALL=/usr/sbin/useradd  

  And edited smb.conf on PDC2 like this:  

  add user script = sudo -u root /usr/sbin/useradd %u ..  


  Now the logging to PDC1 works fine, but this is not normal!  

  My question is:  
Is this a bug in samba, why when mapping a drive useradd runs as root  (as 
described in the samba manual), but when logging, it runs as user  nobody who 
has no right to execute useradd? 

  If am wrong - correct me, or point me to another solution.  
  
  Thanks in advance  :-)   

-
 Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews,  more on new 
and used cars.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] My Network Places not finding Samba server

[Frederick C. Damen]

I assume I am doing(or not) something extremely simple that is causing
my XP boxes to not see my linux(FC4) Samba server in the 'My Network 
Places'.


I can access the shares by 'Map Network Drive' and using the IP
address(192.168.0.1).
I have set the workgroup name 'DAMEN' in the lmhosts file.
192.168.0.1 DAMEN

I have set the workgroup in the smb.conf file.
   workgroup = damen
   netbios name = damen
I have configured the Samba server to be the Domain Master Browser
   os level = 35
  domain master = yes
   preferred master = yes
  wins support = yes
I have configured the [global] to be browseable.
   browseable = yes
   public = yes


I have set the XP box to be on a home network(not bussiness network) and
workgroup to DAMEN.

Any ideas?

Thanks,

Fred




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Change smbpasswd in a cron job

[Josh Kelley]

On 2/20/06, Dennis Duggen [EMAIL PROTECTED] wrote:
 For a project we are trying to change the samba password automatically
 in a cron job. Since smbpasswd doesn't allow the password to be entered
 otherwise than though the console (user input). We found a solution to
 the input part though expect. But as thing go expect doesn't work in a
 cron job since it has no tty.

Depending on your SAM backend, you may be able to edit the backend
directly.  For example, we have some perl scripts to change passwords
by connecting directly to our LDAP server.  I posted a copy of our
script at http://www.jbc.edu/~josh/changepasswd.pl if you're
interested.

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] My Network Places not finding Samba server

[Kristaps Rāts]

Having the machine name equal to the workgroup name is a no-no, as far
as I know.

On O , 2006-02-21 at 08:15 -0600, Frederick C. Damen wrote:
 I assume I am doing(or not) something extremely simple that is causing
 my XP boxes to not see my linux(FC4) Samba server in the 'My Network 
 Places'.
 
 I can access the shares by 'Map Network Drive' and using the IP
 address(192.168.0.1).
 I have set the workgroup name 'DAMEN' in the lmhosts file.
 192.168.0.1 DAMEN
 
 I have set the workgroup in the smb.conf file.
 workgroup = damen
 netbios name = damen
 I have configured the Samba server to be the Domain Master Browser
 os level = 35
domain master = yes
 preferred master = yes
wins support = yes
 I have configured the [global] to be browseable.
 browseable = yes
 public = yes
 
 
 I have set the XP box to be on a home network(not bussiness network) and
 workgroup to DAMEN.
 
 Any ideas?
 
 Thanks,
 
 Fred
 
 
 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] My Network Places not finding Samba server

[Frederick C. Damen]

Thanks. I removed the entry for DAMEN from lmhosts and restart smb/nmb and
no change that I can see.

Thanks,

Fred

Kristaps Rāts wrote:


Having the machine name equal to the workgroup name is a no-no, as far
as I know.

On O , 2006-02-21 at 08:15 -0600, Frederick C. Damen wrote:
 


I assume I am doing(or not) something extremely simple that is causing
my XP boxes to not see my linux(FC4) Samba server in the 'My Network 
Places'.


I can access the shares by 'Map Network Drive' and using the IP
address(192.168.0.1).
I have set the workgroup name 'DAMEN' in the lmhosts file.
192.168.0.1 DAMEN

I have set the workgroup in the smb.conf file.
   workgroup = damen
   netbios name = damen
I have configured the Samba server to be the Domain Master Browser
   os level = 35
  domain master = yes
   preferred master = yes
  wins support = yes
I have configured the [global] to be browseable.
   browseable = yes
   public = yes


I have set the XP box to be on a home network(not bussiness network) and
workgroup to DAMEN.

Any ideas?

Thanks,

Fred




   



 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Primary and secondary group issues with Vintela VAS andSamba

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marc Donnelly wrote:

 what version of samba have you seen this on?
 
 -marc
 
 On Feb 20, 2006, at 4:18 PM, Golden Butler wrote:
 
 This is not a Vintela issue.  I've experienced this with Samba and
 winbind, and I haven't found any solution to it yet. I really wish
 that this can be solved because it's a serious hinderance!

This makes no sense to me.  Can you send me some level 10
logs from smbd that illustrates the problem?




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD+ycTIR7qMdg1EfYRAhiqAJ4lW3r4hYruohwMlSjlKiNA8DYp6gCgly3k
V0Ietz+Sq5GuVAWz+tJPdBc=
=fjkQ
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Authenticating Samba on NT4 SRV

[fonteneau]

Hi,

I'm just using samba for few weeks and i'm triing to migrate all NT4 SAM 
base to Samba Linux.
I'm working with Red Hat enterprise Linux ES 4.0 updated, openldap 
2.2.13-4, samba samba-3.0.10-1.4E.2 and i've followed IDEALX migration 
procedure with smbldap-tools-0.9.3-1.


Every configuration seems to be clean but not ;o)

I'm using cleartext password in slapd.conf and smbldap.conf no md5, sha 
or ssha. I'm just using IDEALX procedure and when triing to pass the 
command :

net rpc join -S PDC-NT4 -Uroot i've got :

[2006/02/21 15:05:29, 3] param/loadparm.c:lp_load(3911)
 lp_load: refreshing parameters
[2006/02/21 15:05:29, 3] param/loadparm.c:init_globals(1312)
 Initialising global parameters
[2006/02/21 15:05:29, 3] param/params.c:pm_process(566)
 params.c:pm_process() - Processing configuration file 
/etc/samba/smb.conf

[2006/02/21 15:05:29, 3] param/loadparm.c:do_section(3404)
 Processing section [global]
[2006/02/21 15:05:29, 2] lib/interface.c:add_interface(79)
 added interface ip=192.168.2.13 bcast=192.168.2.255 nmask=255.255.255.0
[2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_lmhosts(855)
 resolve_lmhosts: Attempting lmhosts lookup for name PDC-NT40x20
[2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_wins(752)
 resolve_wins: Attempting wins lookup for name PDC-NT40x20
[2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_wins(755)
 resolve_wins: WINS server resolution selected and no WINS servers listed.
[2006/02/21 15:05:29, 3] libsmb/namequery.c:resolve_hosts(917)
 resolve_hosts: Attempting host lookup for name PDC-NT40x20
[2006/02/21 15:05:29, 3] libsmb/cliconnect.c:cli_start_connection(1388)
 Connecting to host=PDC-NT4
[2006/02/21 15:05:29, 3] lib/util_sock.c:open_socket_out(752)
 Connecting to 192.168.2.17 at port 445
[2006/02/21 15:05:29, 2] lib/util_sock.c:open_socket_out(789)
 error connecting to 192.168.2.17:445 (Connexion refusée)
[2006/02/21 15:05:29, 3] lib/util_sock.c:open_socket_out(752)
 Connecting to 192.168.2.17 at port 139
[2006/02/21 15:05:29, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
 cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED
[2006/02/21 15:05:29, 3] libsmb/trusts_util.c:just_change_the_password(43)
 just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2006/02/21 15:05:29, 1] utils/net_rpc.c:run_rpc_command(142)
 rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Password:

seems to be password, credential problem but can't investigate which one.

Then entered password and :

[2006/02/21 15:06:45, 3] libsmb/cliconnect.c:cli_start_connection(1388)
 Connecting to host=PDC-NT4
[2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752)
 Connecting to 192.168.2.17 at port 445
[2006/02/21 15:06:45, 2] lib/util_sock.c:open_socket_out(789)
 error connecting to 192.168.2.17:445 (Connexion refusée)
[2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752)
 Connecting to 192.168.2.17 at port 139
[2006/02/21 15:06:45, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181)
 lsa_io_sec_qos: length c does not match size 8
[2006/02/21 15:06:45, 3] libsmb/cliconnect.c:cli_start_connection(1388)
 Connecting to host=PDC-NT4
[2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752)
 Connecting to 192.168.2.17 at port 445
[2006/02/21 15:06:45, 2] lib/util_sock.c:open_socket_out(789)
 error connecting to 192.168.2.17:445 (Connexion refusée)
[2006/02/21 15:06:45, 3] lib/util_sock.c:open_socket_out(752)
 Connecting to 192.168.2.17 at port 139
Joined domain MONDOMAINE.FR.
[2006/02/21 15:06:45, 2] utils/net.c:main(859)
 return code = 0

command : net rpc testjoin -S PDC-NT4
Join to 'MONDOMAINE.FR' is OK

triing  wbinfo -t
checking the trust secret via RPC calls failed
error code was  (0x0)
Could not check secret

Bye the way using all smbldap-scripts and every things goes well with 
openldap.


command :  net rpc vampire -S PDC-NT4 -d3
[2006/02/21 15:09:12, 3] param/loadparm.c:lp_load(3911)
 lp_load: refreshing parameters
[2006/02/21 15:09:12, 3] param/loadparm.c:init_globals(1312)
 Initialising global parameters
[2006/02/21 15:09:12, 3] param/params.c:pm_process(566)
 params.c:pm_process() - Processing configuration file 
/etc/samba/smb.conf

[2006/02/21 15:09:12, 3] param/loadparm.c:do_section(3404)
 Processing section [global]
[2006/02/21 15:09:12, 2] lib/interface.c:add_interface(79)
 added interface ip=192.168.2.13 bcast=192.168.2.255 nmask=255.255.255.0
[2006/02/21 15:09:12, 3] libsmb/cliconnect.c:cli_start_connection(1388)
 Connecting to host=PDC-NT4
[2006/02/21 15:09:12, 3] lib/util_sock.c:open_socket_out(752)
 Connecting to 192.168.2.17 at port 445
[2006/02/21 15:09:12, 2] lib/util_sock.c:open_socket_out(789)
 error connecting to 192.168.2.17:445 (Connexion refusée)
[2006/02/21 15:09:12, 3] lib/util_sock.c:open_socket_out(752)
 Connecting to 192.168.2.17 at port 139
Fetching DOMAIN database
Failed to fetch domain database: NT_STATUS_ACCESS_DENIED
[2006/02/21 15:09:12, 1] utils/net_rpc.c:run_rpc_command(142)
 

Re: [Samba] help, we are running out of idmap uids

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hans B. Randgaard wrote:

 Initially we set up winbind to the following:
 idmap uid = 1-2
 thinking that 1 uids were sufficient
 for the number of users we would get.
 
 We also have defined our UNIX users
 from 20001 onwards.
 
 However, now I can see that our latest
 windows(idmap uid) users has uid 19123
 and this troubles me.
 
 Since I cannot just extend the range to
 be say 1-3 because of our UNIX
 UIDs, I would like to ask if it is possible to
 define 2 ranges like:
  idmap uid = 1-2,3-4
 I noticed that winbind will not automatically
 remove UIDs not used. For instance when
 a windows user is deleted. Is there a way
 to do this manually ?
 
 And will winbind then use the unused UIDs ?

Winbindd maintains a static mapping os DIS to Unix ids.
Since SIDs are never reused, neither are the Unix ids.
Ids are allocated in a monotonically increasing fashion
so you're only current choice is to expand or move
the idmap ranges.

This has come up a lot ni the past, but all the proposed
solutions were suboptimal IMO and therefore never integrated
into source tree.  I'm more than happy to try to find time
to review patches, but I've got several ongoing projects
right now and can't do this myself.

Mostly, it would involve fixing the idmap range parser.
Multiple ranges is not that hard to do I think.  You
deal with aa range in isolation until it has been exhausted
and then move on to the next.




cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD+zFvIR7qMdg1EfYRAsOeAJ4hGxDodU2tgwpQfxoMekRlZq2mqACfQN5E
TyCbsVS1Wty65Cxd1TfGnz4=
=qaCP
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] safe_strcpy problem in Samba 3.0.10

[Thomas Widhalm]

Hi!

We have a lot of logfiles showing 

zfl04.log.3:  ERROR: string overflow by 1 (24 - 23) in safe_strcpy
[organisation#rektorat#vrlehre#qe-eval]

I found a reported bug producing this output within older Samba versions
than 3.0.4 . But we use version 3.0.10 and no mangling method set within
smb.conf . Therefore it should be the defaultvalue hash2 which doesn't
have this flaw.

Could anyone give me a hint?

Thanks,
Thomas
-- 

*
* Thomas Widhalm Unix Administrator *
* University of Salzburg   ITServices (ITS) *
* Systems Management   Unix Systems *
* Hellbrunnerstr. 34 5020 Salzburg, Austria *
* [EMAIL PROTECTED] +43/662/8044-6774 *
* gpg: 6265BAE6 *
* http://www.sbg.ac.at/zid/organisation/mitarbeiter/widhalm.htm *
*





signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP PDC BDC quit working

[Philip Washington]

mallapadi niranjan wrote:


Hi Craig

Thanks for replying, The samba PDC gets rebooted because of Power 
outage, at night times.

After the system gets rebooted,
Scenario -01
1. Either some times the ldap gets hanged, (2.2.13) may be because of 
inconsistency.

2. since ldap hangs, samba doesn't come up properly.
3. so i run db_recover and try to start the ldap service and then samba

Scenario-02
if LDAP doesn't hang, and samba comes up nicely, the computer had to 
rejoin.
but in my ldapdatabase, in OU=Computers, all the computer accounts 
exist. with

rid and Object class intact.
but some how i don't know why i have to rejoin,

Okay I just want to clarify this. After an unplanned reboot (power 
outage) , your PDC comes back up and you find that some of the computers 
in your domain need to rejoin the domain??  Do you have recent ldiff or 
slapcats indicating that most of these computers have the same 
properties in the LDAP database as before.



Scenario-03.
I take the regular backup of LDAP, to LDIF file, and restore with 
latest LDIF file,
eventhough i don't get the Computer Accounts and also i lose user 's 
passwords,

After restoring from LDIF file.

Scenario-04
If i do safe reboot or shutdown, there 's no problem , the server 
works properly without any

problem

Regards
Niranjan


On 2/20/06, *Craig White* [EMAIL PROTECTED] 
mailto:[EMAIL PROTECTED] wrote:


On Mon, 2006-02-20 at 11:55 +0530, mallapadi niranjan wrote:
 Hi all


 I too have the same problem , i am also using samba 3.0.21 with
 openldap  version 2.2.13 on Redhat Enterprise Linux 4 enterprise
 server.
 if the samba PDC gets rebooted aburuptly,  some of my clients
 workstations (Windows 2000 professional) have to rejoin.
 i was asked to check whether RID of the computer name is
correct(uid*2
 + 1000) , ans whether
 computer names have SambaSAMAccount object class.
 eventhough my computernames' exist in the database with correct
object
 class and rid, the clients
 have to be rejoined. this happens only when samba PDC with ldap
gets
 rebooted abruptly.
 having said that, so i assume that LDAP is unable to maintain
 consistency when it gets rebooted.

 so i had kept DB_CONFIG file in /var/lib/ldap(this is where all bdb
 files are there) and use db_recover
 in case of any crash of ldap.

 But if we take backup in LDIF file and restore it, but still my
 computer accounts are not getting back, i had to rejoin.

 this is the problem that i am having, but still could not find the
 correct solution.

No - as you and he describe it, these are separate problems.

Your issues is that PDC shouldn't get rebooted abruptly and newer
versions of openldap have a script that automatically runs db_recover.
This however doesn't come in the version of openldap that ships with
RHEL

You might want to set up a cron script that performs a slapcat on
a more
frequent basis so that if it is necessary to dump the entire LDAP DSA
and reload from an ldif, the ldif is much more current and thus, you
wouldn't have to rejoin many if any computers to the domain.

Craig




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Effect of disabling LM/NTLMv1 auth on an AD?

[Don Meyer]

Folks,

Our campus AD team has decided that they ...

Need to disable LM/NTLMv1 authentication support to provide greater 
security and be consistent with the CITES authentication roadmap.


Noble thoughts, but there hasn't been much thought of the 
ramifications for other, interoperable systems like Samba.


I can see that modern Samba versions support NTLMv1 and NTLMv2 
methods.  Theoretically, that should leave support for NTLMv2, and 
all should work. Practically, however, there is the question of 
what really happens with Samba member servers when one disables 
LM/NTLMv1 on the domain controllers?Can anyone speak to this?


Thanks much,
-Don




Don Meyer   [EMAIL PROTECTED]
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

  They that can give up essential liberty to obtain a little 
temporary safety,
deserve neither liberty or safety. -- Benjamin Franklin, 1759 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Adding machine account to LDAP with pdbedit fails

[Gordon Messmer]

Arkadiy Chapkis - Arc wrote:
That is what I thought. Should I submit a bug report for pdbedit? 


I don't see why not.


Another thing I am looking for is help (or a suggestion). The problem
is that I already have a userbase in LDAP with passwords in CRYPT
format for logging into UNIX workstations. Is there a way to
syncronize these passwords with Samba hashes?


Not from the crypt hash, no.


Is there a way to make
a Samba password hashes from a cleartext password?


Yes, the 'mkntpwd' program does that.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] unknown interface | win 2k server

[Augusto Flavio]

Hi,


I implemented a samba(3.0.14a-Debian) server here on
my network. But i'm having problems with 2 stations.
One is a win2k(profissional) and the other is a win 2k
server (working like a station).

When i tried join in a domain using the
win2k(profissional) i receive the msg:

unknown interface

The strange is that it is happening only with this
win2k station. I have others stations with the same OS
and is working fine.

What i do to fix this error?


The second problem is with a win2k server that is
working like a station.

The machine joins with no problems in the domain. But
the all users of the domain don`t have permission to
shutdown, restart and any other operation that a
administrator have.

Look this text that i found on samba.org(how to):

When a Windows NT4 (or later) client joins a domain,
the domain global Domain Admins group is added to the
membership of the local Administrators group on the
client. Any user who is a member of the domain global
Domain Admins group will have administrative rights on
the Windows client. (chapter 14. What Rights and
Privileges Will Permit Windows Client Administration?)

What i need to do for the users of samba(smbpasswd)
have permission of a local administrator?


I tried find the answer on samba channel of server
freenode but i not have successeful.

How i fix this 2 problems?


ps.: My configuration of samba can be found on:
www.smartlinks.com.br/smb.conf


thanks for all


Augusto Morais
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to control who can log into the samba box

[Gordon Messmer]

David Shapiro wrote:
 
I have samba set up using winbind so that I can ssh into the box with

my DOMAIN\mylogin.  That's great...kind of.  How do  I control which
users can login to the box?


I usually do that by reconfiguring sshd for key-only authentication 
(that is, disable password based auth).  Configure samba to hide or veto 
the ssh authorized_keys file, and you alone will have access to add keys 
for the users to whom you want to grant login privileges.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Packet send failed

[Mark Nienberg]

I migrated a samba PDC (and WINS server) from 3.0.7 on Fedora Core 1 to 
new hardware running 3.0.14a on Fedora Core 4 using the procedure 
outlined in the Samba by Example docs.  It appears to have been a success.


I do see log messages like the following though:

Feb 21 09:10:45 gecko nmbd[2450]: [2006/02/21 09:10:45, 0] 
libsmb/nmblib.c:send_udp(790)


Feb 21 09:10:45 gecko nmbd[2450]:
Packet send failed to 192.168.254.50(138)
ERRNO=Operation not permitted

There is no corresponding kernel iptables log entry so I don't think 
this communication is being blocked by the firewall.  Also the firewall 
explicitly allows udp to port 138 on the local intranet.


What else could it be and is it anything to worry about?

Thanks, Mark Nienberg

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to control who can log into the samba box

[David Shapiro]

Do you have an example of the hide/veto option you used and sshd_config
mod you did to do this?  
 
David
 
David Shapiro
Unix Team Lead
919-765-2011

 Gordon Messmer [EMAIL PROTECTED] 2/21/2006 12:01:32 PM 

David Shapiro wrote:
  
 I have samba set up using winbind so that I can ssh into the box
with
 my DOMAIN\mylogin.  That's great...kind of.  How do  I control which
 users can login to the box?

I usually do that by reconfiguring sshd for key-only authentication 
(that is, disable password based auth).  Configure samba to hide or
veto 
the ssh authorized_keys file, and you alone will have access to add
keys 
for the users to whom you want to grant login privileges.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Outlook path to pst file is lost when using roaming profiles

[Douglas Phillipson]

Is nobody else losing their Outlook profile/path to pst when using 
roaming profiles?


Doug P

Douglas Phillipson wrote:
We are having a problem getting the path to the Outlook PST file to move 
from machine to machine using roaming profiles (Samba 3.0.10 on RHEL 4). 
 When a user logs off on one machine and logs on to another, the outlook 
path to the PST file is gone.  I found this message in the archive back 
in 2002 but I see no resolution for it:


http://lists.samba.org/archive/samba/2002-July/047507.html

Here is the text from that post:

Does anybody know how to manage roaming profiles with outlook 2002 ? I
have XP boxes with roaming profiles and all work fine. The only problem
is that
XP doesn´t export the path where outlook stores ist .pst file. This is
not the problem for the .pst file where outlook stores contacts and so.
The path of the normal pst is on a network drive.  But I have an IMAP
mail account for every user and if you configure outlook for imap it
creates another .pst file under the normal path ...Local
Settings../outlook/
I am not able to store this file under a different path e.g. a network
drive. I think that there are 2 ways for my problem:

1.) show outlook the path to a network drive for the imap pst as I did
it for the normal pst -- I don´t know how

2.) export the whole outlook path under local settings --

It works, but not for a long time:

After you create an outlook account for the first time, outlook adds a
registry entry under

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
-- ExcludeProfileDirs

In this entry you can add directories of the roaming profile not to
export. -- because of that, the outlook pst would not exported with the
roaming profile. If I delete this entry on all workstations under the
default and the user profile of the registry it works for some time.
But after some time, I don´t know why the entry is back in the registry
to not export the outlook folder.

Does anybody have an idea ?

Regards sven

Has anybody else seen this problem or found a resolution?

Thanks

Doug P

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbpasswd in a cron job

[Dennis Duggen]

Hi Sebastian

 echo -e ${PASSWD}\n${PASSWD} | smbpasswd -a -s ${USER}
Thanks a lot, it worked nicely

Dennis

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to control who can log into the samba box

[Josh Kelley]

On 2/20/06, David Shapiro [EMAIL PROTECTED] wrote:
 I have samba set up using winbind so that I can ssh into the box with
 my DOMAIN\mylogin.  That's great...kind of.  How do  I control which
 users can login to the box?  As it stands now, all users in DOMAIN can
 log in, which is not desireable.  Do I need to map domain groups to unix
 groups? Do I need to map domain users to the box some how?  Even if I do
 that, how do I then set it up so some users can log into the server and
 others cannot?

You should be able to use sshd_config's AllowUsers, DenyUsers,
AllowGroups, and DenyGroups to do this.

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] RE: Print Migrator help needed...

[Aarti Varshney \(asadhnan\)]

Hi Jerry,

At debug level 4 I am seeing these errors while migrating drivers to
samba server from windows server.
[2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900)
  switch message SMBntcreateX (pid 11413) conn 0x83f00f0
[2006/02/21 19:48:14, 3] smbd/sec_ctx.c:set_sec_ctx(287)
  setting sec ctx (70001, 70001) - sec_ctx_stack_ndx = 0
[2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330)
  nt_open_pipe: Opening pipe
\system32\spool\drivers\W32X86\PSCRIPT5.DLL.
[2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143)
  error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2006/02/21 19:48:14, 3] smbd/process.c:process_smb(1114)
  Transaction 3400 of length 176
[2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900)
  switch message SMBntcreateX (pid 11413) conn 0x83f00f0
[2006/02/21 19:48:14, 4] smbd/uid.c:change_to_user(217)
  change_to_user: Skipping user change - already user
[2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330)
  nt_open_pipe: Opening pipe
\system32\spool\drivers\W32X86\APLWBGR1.PPD.
[2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143)
  error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2006/02/21 19:48:14, 3] smbd/process.c:process_smb(1114)
  Transaction 3401 of length 170
[2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900)
  switch message SMBntcreateX (pid 11413) conn 0x83f00f0
[2006/02/21 19:48:14, 4] smbd/uid.c:change_to_user(217)
  change_to_user: Skipping user change - already user
[2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330)
  nt_open_pipe: Opening pipe \system32\spool\drivers\W32X86\PS5UI.DLL.
[2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143)
  error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2006/02/21 19:48:14, 3] smbd/process.c:process_smb(1114)
  Transaction 3402 of length 174
[2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900)
  switch message SMBntcreateX (pid 11413) conn 0x83f00f0
[2006/02/21 19:48:14, 4] smbd/uid.c:change_to_user(217)
  change_to_user: Skipping user change - already user
[2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330)
  nt_open_pipe: Opening pipe \system32\spool\drivers\W32X86\PSCRIPT.HLP.
[2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143)
  error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2006/02/21 19:48:14, 3] smbd/process.c:process_smb(1114)
  Transaction 3403 of length 174
[2006/02/21 19:48:14, 3] smbd/process.c:switch_message(900)
  switch message SMBntcreateX (pid 11413) conn 0x83f00f0
[2006/02/21 19:48:14, 4] smbd/uid.c:change_to_user(217)
  change_to_user: Skipping user change - already user
[2006/02/21 19:48:14, 4] smbd/nttrans.c:nt_open_pipe(330)
  nt_open_pipe: Opening pipe \system32\spool\drivers\W32X86\PSCRIPT.NTF.
[2006/02/21 19:48:14, 3] smbd/error.c:error_packet(143)
  error packet at smbd/nttrans.c(345) cmd=162 (SMBntcreateX)
NT_STATUS_OBJECT_NAME_NOT_FOUND

Any idea how to fix these.
Thanks,
Aarti. 

-Original Message-
From: Aarti Varshney (asadhnan) 
Sent: Friday, February 17, 2006 2:34 PM
To: 'Gerald (Jerry) Carter'
Cc: samba@lists.samba.org
Subject: RE: [Samba] RE: Print Migrator help needed...

Hi Jerry,

I cannot get drivers to migrate using the printmig.exe tool.
Please see the samba log with log level of 3.

  w2k3-dc (192.168.1.13) closed connection to service print$
[2006/02/17 19:20:20, 1] smbd/service.c:make_connection_snum(662)
  w2k3-dc (192.168.1.13) connect to service print$ initially as user
root (uid=0, gid=0) (pid 25564)
[2006/02/17 19:20:20, 1] smbd/service.c:close_cnum(833)
  w2k3-dc (192.168.1.13) closed connection to service print$
[2006/02/17 19:20:20, 1] smbd/service.c:make_connection_snum(662)
  w2k3-dc (192.168.1.13) connect to service print$ initially as user
root (uid=0, gid=0) (pid 25564)
[2006/02/17 19:20:20, 0]
printing/nt_printing.c:move_driver_to_download_area(1811)
  move_driver_to_download_area: Unable to rename [W32X86/BUPM815.GPD] to
[W32X86/3/BUPM815.GPD]
[2006/02/17 19:20:20, 1] smbd/service.c:close_cnum(833)
  w2k3-dc (192.168.1.13) closed connection to service print$
[2006/02/17 19:20:31, 1] smbd/service.c:make_connection_snum(662)
  w2k3-dc (192.168.1.13) connect to service print$ initially as user
root (uid=0, gid=0) (pid 25564)
[2006/02/17 19:20:31, 1] smbd/service.c:close_cnum(833)
  w2k3-dc (192.168.1.13) closed connection to service print$
[2006/02/17 19:20:31, 1] smbd/service.c:make_connection_snum(662)
  w2k3-dc (192.168.1.13) connect to service print$ initially as user
root (uid=0, gid=0) (pid 25564)
[2006/02/17 19:20:31, 0]
printing/nt_printing.c:move_driver_to_download_area(1811)
  move_driver_to_download_area: Unable to rename [W32X86/CI8510.GPD] to
[W32X86/3/CI8510.GPD]
[2006/02/17 19:20:31, 1] smbd/service.c:close_cnum(833)
  w2k3-dc (192.168.1.13) closed connection to service print$
[2006/02/17 19:20:58, 1] 

RE: [Samba] How to control who can log into the samba box

[Parker, Michael]

Edit the /etc/security/access.conf file.  I had the same problem, but I
changed this file to allow only memembers of an AD group to log in
remotely.

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of David Shapiro
Sent: Monday, February 20, 2006 3:29 PM
To: samba@lists.samba.org
Subject: [Samba] How to control who can log into the samba box

Hello,
 
I have samba set up using winbind so that I can ssh into the box with
my DOMAIN\mylogin.  That's great...kind of.  How do  I control which
users can login to the box?  As it stands now, all users in DOMAIN can
log in, which is not desireable.  Do I need to map domain groups to unix
groups? Do I need to map domain users to the box some how?  Even if I do
that, how do I then set it up so some users can log into the server and
others cannot?  
 
 
 
David Shapiro
Unix Team Lead
919-765-2011
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] configure samba

[Nils Wadell]

I want to install samba on an old Unix machine. When ./configure my 
source I get some warnings which I dont know if severe. I also get a 
Makefile but no make ??! A perhaps better config script needs 
Autoconf Tool Kit. Where can I find that?

/Nils (Sweden)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] WINS and INet~Services name

[Leon Stringer]

Hi,

I've posted before about the problem with WINS and the INet~Services
name IIS uses.
(http://lists.samba.org/archive/samba/2005-August/110189.html)

The problem I get is when any host running IIS tries to renew its names
with the Samba WINS server (e.g. after the default 5-day period) the
renewal fails for *all* names for the server.

As I understand it the problem is with Samba's WINS server
implementation not handling the mixed case Windows uses for the
Inet~Services#1c name. (Am I correct in thinking all other NetBIOS
names are upper case only?).

So I was wondering, Samba Team, if this is going to be handled at some
point? Should I put it in Bugzilla?

I realise the general advice is to use a Microsoft WINS server in this
kind of scenario but I like Samba, everything else works fine for me.

(Disclaimer: I'm still running Samba 3.0.4 - as I said everything else
works great - but I've looked out for a fix for this and I don't think
it's been done to date).

All the best,

Leon...

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Trusted domains within a large enterprise

[Adam Wainwright]

Hi Folks

I need some advice on whether what I am doing is correct, initially  
from a logical perspective.


My company (E.ON - large utility) has a large ADS system.  We are  
retiring NT4 domains and I have been asked to transfer the SAMBA  
domain log-ins into ADS.  I am initially testing my work on Linux  
RHEL 4, running SAMBA 3.10.


The ADS system consists of a realm/forest PG.EON.NET (old Powergen)  
on server A, a realm/forest RETAIL.PG.EON.NET on server B and a new  
realm/forest UNIX.EONUK.INT on server C.  There is a one-way trust  
system whereby C trusts A and B.  A and B are running native AD on  
W2K3 and C is currently running mixed mode on W2K3.  The idea is to  
place the UNIX machine accounts into C (no user accounts) and use it  
for authentication of users in the RETAIL/PG and eventually other  
areas.  The Windows admin has stated that we should get the thing  
working on mixed mode then he'll transfer the system into native and  
see if we can continue as it is more lax.


I have set-up the kerberos system on the SAMBA server and 'net ads  
join' works fine to the UNIX.EONUK.INT realm.  'wbinfo -u' and  
'wbinfo -g' also work fine and produce accounts such as 'RETAIL 
+FRED'.  I can even do a 'kinit' to get a ticket against the machine  
account.  The number of accounts is ca. 13000 so I have put 'idmap  
uid = 1 - 4' into the smb.conf.


I cannot get 'getent' to work, however and I see within the winbindd  
logs that it cannot map ids to SIDs.  I also see within the logs the  
IP addresses of A and B, refusing requests from SAMBA, whereas I was  
under the impression that C would forward on requests for  
authentication or handle them for the SAMBA server(according to the  
Windows admins), and it looks as if it is receiving either  
redirection or 'nmbd' has asked who's RETAIL.PG.EON.NET'? and got an  
answer to query elsewhere than server C.


The questions I have at this time:

1.  Do I have to be running native mode on the W2K3 server for realm  
UNIX?

2.  Is the one-way trust system here broken/a bit silly?
3.  Is the only way forward to place the SAMBA servers machine  
accounts into the correct realms for each business?

4.  Why does my brain hurt so much?

Confused, and in dire need of help or beer,

Adam


--
Does dim atal y llanw!

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Outlook path to pst file is lost when using roaming profiles

[Robert Schetterer]

Hi,
i have all kind of versions of outlook ( 2000/xp/2003) running with 
roaming profiles and samba pdc and i dont have any problem loosing the 
pst path, on win 2000/xp, perhaps this was a bug from outlook configured
using with imap, check about that, note that every outlook patchlevel 
behaves different, so check the outlook patch level too.

I dont recommend setting regs , for the default pst i think it is better
to use a adm/ntconfig.pol
Regards


Douglas Phillipson schrieb:
Is nobody else losing their Outlook profile/path to pst when using 
roaming profiles?


Doug P

Douglas Phillipson wrote:
We are having a problem getting the path to the Outlook PST file to 
move from machine to machine using roaming profiles (Samba 3.0.10 on 
RHEL 4).  When a user logs off on one machine and logs on to another, 
the outlook path to the PST file is gone.  I found this message in the 
archive back in 2002 but I see no resolution for it:


http://lists.samba.org/archive/samba/2002-July/047507.html

Here is the text from that post:

Does anybody know how to manage roaming profiles with outlook 2002 ? I
have XP boxes with roaming profiles and all work fine. The only problem
is that
XP doesn´t export the path where outlook stores ist .pst file. This is
not the problem for the .pst file where outlook stores contacts and so.
The path of the normal pst is on a network drive.  But I have an IMAP
mail account for every user and if you configure outlook for imap it
creates another .pst file under the normal path ...Local
Settings../outlook/
I am not able to store this file under a different path e.g. a network
drive. I think that there are 2 ways for my problem:

1.) show outlook the path to a network drive for the imap pst as I did
it for the normal pst -- I don´t know how

2.) export the whole outlook path under local settings --

It works, but not for a long time:

After you create an outlook account for the first time, outlook adds a
registry entry under

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
-- ExcludeProfileDirs

In this entry you can add directories of the roaming profile not to
export. -- because of that, the outlook pst would not exported with the
roaming profile. If I delete this entry on all workstations under the
default and the user profile of the registry it works for some time.
But after some time, I don´t know why the entry is back in the registry
to not export the outlook folder.

Does anybody have an idea ?

Regards sven

Has anybody else seen this problem or found a resolution?

Thanks

Doug P


--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] WINS and INet~Services name

[Jeremy Allison]

On Tue, Feb 21, 2006 at 08:56:39PM +, Leon Stringer wrote:
 Hi,
 
 I've posted before about the problem with WINS and the INet~Services
 name IIS uses.
 (http://lists.samba.org/archive/samba/2005-August/110189.html)
 
 The problem I get is when any host running IIS tries to renew its names
 with the Samba WINS server (e.g. after the default 5-day period) the
 renewal fails for *all* names for the server.
 
 As I understand it the problem is with Samba's WINS server
 implementation not handling the mixed case Windows uses for the
 Inet~Services#1c name. (Am I correct in thinking all other NetBIOS
 names are upper case only?).

No, that's not the issue, at least not with modern nmbd code.

You might want to try upgrading from 3.0.4, I definately fixed
case-sensitive bugs in this code between then and now.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.21b winbind crash

[Thomas Limoncelli]

I'm using Samba 3.0.21b on SuSE 9.3 Pro (x86) with the binary RPMs from 
samba.org/suse.com (3.0.21b-1.1.2-SUSE-SL9.3) on a Domain Member Server in ADS 
mode with winbind against W2K3 SP1 AD servers and idmap uids/gids stored in a 
central OpenLDAP directory.

Unfortunately, winbind gives me a hard time and reproducibly dies with a PANIC 
on a wbinfo -g, although I think I've followed TOSHARG's and S3bE's advices 
and have used it successfully in similar environments (although not with 
3.0.21b) in the past. Can anyone shed some light on this? Below please find my 
smb.conf and level 10 log.winbindd (both slightly obfuscated to protect the 
innocent, but not mangled in any other way). I can provide Ethereal traces 
privately on request.

- --- smb.conf ---
[global]
realm = YYY.DE
workgroup = XXX
security = ADS
wins server = 172.16.1.1, 172.16.1.2
interfaces = 10.23.207.11
bind interfaces only = Yes
ldap admin dn = cn=root,dc=yyy,dc=de
ldap idmap suffix = ou=Idmap
ldap suffix = dc=yyy,dc=de
idmap backend = ldap:ldap://openldap
idmap uid = 10500-2
idmap gid = 10500-2
winbind use default domain = Yes
log level = 1 winbind:10

- --- log.winbindd ---
2006/02/22 00:29:44, 1] nsswitch/winbindd.c:main(979)
  winbindd version 3.0.21b-1.1.2-SUSE-SL9.3 started.
  Copyright The Samba Team 2000-2004
[2006/02/22 00:29:44, 2] nsswitch/winbindd_util.c:add_trusted_domain(174)
  Added domain XXX YYY.DE S-1-5-21-1004849351-3390790938-2803357102
[2006/02/22 00:29:44, 2] nsswitch/winbindd_util.c:add_trusted_domain(174)
  Added domain BUILTIN  S-1-5-32
[2006/02/22 00:29:44, 2] nsswitch/winbindd_util.c:add_trusted_domain(174)
  Added domain MYSERVER  S-1-5-21-4017196506-4081282237-3136230588
[2006/02/22 00:29:44, 10] nsswitch/winbindd_util.c:open_winbindd_socket(911)
  open_winbindd_socket: opened socket fd 12
[2006/02/22 00:29:44, 10] 
nsswitch/winbindd_util.c:open_winbindd_priv_socket(923)
  open_winbindd_priv_socket: opened socket fd 14
[2006/02/22 00:29:46, 5] nsswitch/winbindd_dual.c:async_reply_recv(192)
  Could not receive async reply
[2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639)
  accepted socket 13
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn INTERFACE_VERSION
[2006/02/22 00:30:01, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(471)
  [0]: request interface version
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/02/22 00:30:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(504)
  [0]: request location of privileged pipe
[2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639)
  accepted socket 17
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn GID_TO_SID
[2006/02/22 00:30:01, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(406)
  [0]: gid to sid 65533
[2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639)
  accepted socket 13
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn INTERFACE_VERSION
[2006/02/22 00:30:01, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(471)
  [0]: request interface version
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/02/22 00:30:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(504)
  [0]: request location of privileged pipe
[2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639)
  accepted socket 17
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn UID_TO_SID
[2006/02/22 00:30:01, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(279)
  [0]: uid to sid 0
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn GID_TO_SID
[2006/02/22 00:30:01, 3] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(406)
  [0]: gid to sid 0
[2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639)
  accepted socket 13
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn INTERFACE_VERSION
[2006/02/22 00:30:01, 3] 
nsswitch/winbindd_misc.c:winbindd_interface_version(471)
  [0]: request interface version
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2006/02/22 00:30:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(504)
  [0]: request location of privileged pipe
2006/02/22 00:30:01, 6] nsswitch/winbindd.c:new_connection(639)
  accepted socket 18
[2006/02/22 00:30:01, 10] nsswitch/winbindd.c:process_request(325)
  process_request: request fn GETGROUPS
[2006/02/22 00:30:01, 3] nsswitch/winbindd_group.c:winbindd_getgroups(925)
  [0]: getgroups root
[2006/02/22 00:30:01, 6] 

Re: [Samba] How to control who can log into the samba box

[Gordon Messmer]

David Shapiro wrote:
Do you have an example of the hide/veto option you used and sshd_config 
mod you did to do this? 


In smb.conf, you can use:

veto files = /.ssh/

In sshd_config, you can set:

PasswordAuthentication no

Make sure you've put keys for your own account on the system, and are 
able to log in and su to root, before you make the latter change.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.21b winbind crash

[Jeremy Allison]

On Wed, Feb 22, 2006 at 01:07:32AM +0100, Thomas Limoncelli wrote:
 I'm using Samba 3.0.21b on SuSE 9.3 Pro (x86) with the binary RPMs from 
 samba.org/suse.com (3.0.21b-1.1.2-SUSE-SL9.3) on a Domain Member Server in 
 ADS mode with winbind against W2K3 SP1 AD servers and idmap uids/gids stored 
 in a central OpenLDAP directory.
 
 Unfortunately, winbind gives me a hard time and reproducibly dies with a 
 PANIC on a wbinfo -g, although I think I've followed TOSHARG's and S3bE's 
 advices and have used it successfully in similar environments (although not 
 with 3.0.21b) in the past. Can anyone shed some light on this? Below please 
 find my smb.conf and level 10 log.winbindd (both slightly obfuscated to 
 protect the innocent, but not mangled in any other way). I can provide 
 Ethereal traces privately on request.

Can you add the following line to the [global] section of your smb.conf.

panic action = /bin/sleep 9

and then when winbindd crashes it will hang waiting
for the sleep to finish. You can then attach to it with
gdb and get a backtrace using the bt command.

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Clients freezing when opening same files

[Adam Nielsen]

Hi all,

I've discovered that if someone opens a file on a Samba share (say a
PDF file) then someone else comes along and tries to open it too, the
program accessing the file on the second person's PC will freeze for a
few minutes and then return a network error.  If I kill Samba and
restart it then the second person can open the file (because the lock
has been released) but then anyone else trying to access it again will
lock.

What's the best way to solve this problem?  I don't really want to
disable locks, I just want the lock to fail which will hopefully cause
the program to open the file without locking it (perhaps in 'read only'
mode.)

I've tried 'blocking locks = no' but that doesn't help, so I assume I'm
probably going to have to disable something to do with the locks.
Incidentally this was the same issue I had before, and using 'veto
oplocks' for DLL files fixed this problem (the .EXE would freeze for
5-10 minutes when loading, then return an error saying it couldn't load
the DLL.)  In this case I think the locks are completely disabled for
DLL files (i.e. they return success but they're not actually locked)
but I don't want to do this for some formats (like Access or Excel.)

Thanks,
Adam.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] My Network Places not finding Samba server

[Frederick C. Damen]

I changed the smb.conf to have a different NetBios Name then the 
workgroup 'DAMEN'.

There does not appear to any change from the XP 'My Network Places'
Although the nmbd.log indicates that the name DAMEN00 is not found.
[2006/02/21 21:24:14, 1] 
nmbd/nmbd_incomingrequests.c:process_node_status_request(328)
 process_node_status_request: status request for name DAMEN00 from IP 
192.168.0.1 on subnet UNICAST_SUBNET -

name not found.
[2006/02/21 21:24:16, 1] 
nmbd/nmbd_incomingrequests.c:process_node_status_request(328)
 process_node_status_request: status request for name DAMEN00 from IP 
192.168.0.1 on subnet UNICAST_SUBNET -

name not found.

Although  'nmblookup DAMEN' finds the name when executed on the linux 
box upon which smbd/nmbd is running.

querying DAMEN on 192.168.255.255
192.168.0.1 DAMEN00

This appear to (not)work the same with or without DAMEN listed in the 
lmhosts file.

Do I need to list the workgroup name somewhere else also?

Thanks,

Fred


Frederick C. Damen wrote:

Thanks. I removed the entry for DAMEN from lmhosts and restart smb/nmb 
and

no change that I can see.

Thanks,

Fred

Kristaps Rāts wrote:


Having the machine name equal to the workgroup name is a no-no, as far
as I know.

On O , 2006-02-21 at 08:15 -0600, Frederick C. Damen wrote:
 


I assume I am doing(or not) something extremely simple that is causing
my XP boxes to not see my linux(FC4) Samba server in the 'My Network 
Places'.


I can access the shares by 'Map Network Drive' and using the IP
address(192.168.0.1).
I have set the workgroup name 'DAMEN' in the lmhosts file.
192.168.0.1 DAMEN

I have set the workgroup in the smb.conf file.
   workgroup = damen
   netbios name = damen
I have configured the Samba server to be the Domain Master Browser
   os level = 35
  domain master = yes
   preferred master = yes
  wins support = yes
I have configured the [global] to be browseable.
   browseable = yes
   public = yes


I have set the XP box to be on a home network(not bussiness network) 
and

workgroup to DAMEN.

Any ideas?

Thanks,

Fred




  



 





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Does anyone use rhosts or hosts equiv autentication in Samba ?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Folks,

I'm looking to remove some more old code.  Does anyone use
either of these features currently?




cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD+/FsIR7qMdg1EfYRArhdAKC347t27A46P/N0XyzORPRoHIiaVgCeJ7t+
b/BBTdOp5TlyxSvP5TFVm/g=
=/3dl
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [Fwd: New Unix user and group domain]

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Some people might find this discussion about upcoming
changes in 3.0.22 interesting.  It might also be helpful
to get some feedback from the field on the ramifications
of the changes.




cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD+/HHIR7qMdg1EfYRAhKJAJ475j5lpzYWt6y/U8fpGX+8L8Ao9ACePyi+
dlhcDyMftFalMto8ONllg6Q=
=9euO
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Does anyone use rhosts or hosts equiv autentication in Samba ?

[Andrew Bartlett]

On Tue, 2006-02-21 at 23:06 -0600, Gerald (Jerry) Carter wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Folks,
 
 I'm looking to remove some more old code.  Does anyone use
 either of these features currently?

My guess is that nobody uses them, given what is required to use them (I
think you have to manually load the module), and the segfault bugs that
existed with only one report for so long.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Does anyone use rhosts or hosts equiv autentication in Samba ?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andrew Bartlett wrote:

 My guess is that nobody uses them, given what is required 
 to use them (I think you have to manually load the module),
 and the segfault bugs that existed with only one report for
 so long.

Yup.  I agree.  Which is why unless someone speaks out with
a convincing argument, I'm voting to pull them from the
3.0.22 release.  Thanks for the confirmation of my gut feeling.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD+/PZIR7qMdg1EfYRAhXUAJ9Mxnx0c2ScQftyq5WZKZJ1C5TlzgCgk65d
/D1mkJp8sHreaWaZKZnV3ls=
=73jv
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Questions about sub-folders, access...?

[Alberto Moreno]

  Hi people, iam testing samba3 on freebsd 5.4, i install samba from ports
with no problems, i have this simple smb.conf file:

[global]
workgroup = WORKGROUP
netbios name = FREEBSD
server string = Samba Server FreeBSD
security = user
encrypt passwords = yes
[public]
comment = %h Shared Public Directory
path = /opt/test
force directory mode = 0777
force create mode = 0777
force group = nobody
force user = nobody
public = yes
writeable = yes
read only = no

   My problem right now is that i want to create one folder with the user X
inside this share and give access to  user Y to that sub-folder, them i
create the folder with the user X from windows 2000, smbd create the folder
with this permisions:

root# getfacl test
#file:test
#owner:65534
#group:0
user::rwx
group::rwx
other::rwx

  The owner is nobody like the smb.conf say, the group 0 is wheel, ok here
everybody can access the folder, but what about if i only want to give
access to the owner(X user) and the user Y...?

   Ok, after rading some docs, i do this:

Go to freebsd login with root and change the folder rights:

root# chown X:Y /opt/test/NewFolder
root# chmod 770 /opt/test/NewFolder

   Now user X or Y if try to access the folder from windows 2000 smbd say
\\Freebsd\public\test is not accessible Access is denied

   I have been reading the samba 3 by examples book 10.3.3 Share Point
Directory and File Permisions, but didnt find the answer, and the chapter
15 of the samba how-to but they speak about the smb.conf shares, and i want
to apply this to sub-folders i create inside of samba shares...?

   I think this can be done inside the Unix/Linux box with the root user but
i still dont find the way, what i forget...?

   Hope you can help me people, thanks all for your time!!!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

svn commit: samba r13589 - branches/SAMBA_3_0/source/passdb trunk/source/passdb

[jerry]

Author: jerry
Date: 2006-02-21 14:03:15 + (Tue, 21 Feb 2006)
New Revision: 13589

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13589

Log:
Make sure we only try to close the tdbsam file in endsampwent() when we 
have a valid pwent list from a setsampwent().  Fixes a bug with the
reference count on the open tdb.



Modified:
   branches/SAMBA_3_0/source/passdb/pdb_tdb.c
   trunk/source/passdb/pdb_tdb.c


Changeset:
Modified: branches/SAMBA_3_0/source/passdb/pdb_tdb.c
===
--- branches/SAMBA_3_0/source/passdb/pdb_tdb.c  2006-02-21 03:29:02 UTC (rev 
13588)
+++ branches/SAMBA_3_0/source/passdb/pdb_tdb.c  2006-02-21 14:03:15 UTC (rev 
13589)
@@ -50,6 +50,7 @@
TDB_DATA key;
 };
 static struct pwent_list *tdbsam_pwent_list;
+static BOOL pwent_initialized;
 
 /* GLOBAL TDB SAM CONTEXT */
 
@@ -292,6 +293,7 @@
}
 
tdb_traverse( tdbsam, tdbsam_traverse_setpwent, NULL );
+   pwent_initialized = True;
 
return NT_STATUS_OK;
 }
@@ -305,6 +307,13 @@
 {
struct pwent_list *ptr, *ptr_next;

+   /* close the tdb only if we have a valid pwent state */
+   
+   if ( pwent_initialized ) {
+   DEBUG(7, (endtdbpwent: closed sam database.\n));
+   tdbsam_close();
+   }
+   
/* clear out any remaining entries in the list */

for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) {
@@ -312,11 +321,9 @@
DLIST_REMOVE( tdbsam_pwent_list, ptr );
SAFE_FREE( ptr-key.dptr);
SAFE_FREE( ptr );
-   }
+   }   

-   DEBUG(7, (endtdbpwent: closed sam database.\n));
-
-   tdbsam_close();
+   pwent_initialized = False;
 }
 
 /*

Modified: trunk/source/passdb/pdb_tdb.c
===
--- trunk/source/passdb/pdb_tdb.c   2006-02-21 03:29:02 UTC (rev 13588)
+++ trunk/source/passdb/pdb_tdb.c   2006-02-21 14:03:15 UTC (rev 13589)
@@ -50,6 +50,7 @@
TDB_DATA key;
 };
 static struct pwent_list *tdbsam_pwent_list;
+static BOOL pwent_initialized;
 
 /* GLOBAL TDB SAM CONTEXT */
 
@@ -292,6 +293,7 @@
}
 
tdb_traverse( tdbsam, tdbsam_traverse_setpwent, NULL );
+   pwent_initialized = True;
 
return NT_STATUS_OK;
 }
@@ -305,6 +307,13 @@
 {
struct pwent_list *ptr, *ptr_next;

+   /* close the tdb only if we have a valid pwent state */
+   
+   if ( pwent_initialized ) {
+   DEBUG(7, (endtdbpwent: closed sam database.\n));
+   tdbsam_close();
+   }
+   
/* clear out any remaining entries in the list */

for ( ptr=tdbsam_pwent_list; ptr; ptr = ptr_next ) {
@@ -312,11 +321,9 @@
DLIST_REMOVE( tdbsam_pwent_list, ptr );
SAFE_FREE( ptr-key.dptr);
SAFE_FREE( ptr );
-   }
+   }   

-   DEBUG(7, (endtdbpwent: closed sam database.\n));
-
-   tdbsam_close();
+   pwent_initialized = False;
 }
 
 /*

svn commit: samba r13590 - branches/SAMBA_3_0/source/auth branches/SAMBA_3_0/source/pam_smbpass branches/SAMBA_3_0/source/passdb branches/SAMBA_3_0/source/rpc_server branches/SAMBA_3_0/source/smbd bra

[jerry]

Author: jerry
Date: 2006-02-21 14:34:11 + (Tue, 21 Feb 2006)
New Revision: 13590

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13590

Log:
* replace all pdb_init_sam[_talloc]() calls with samu_new()
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix()


Modified:
   branches/SAMBA_3_0/source/auth/auth_rhosts.c
   branches/SAMBA_3_0/source/auth/auth_sam.c
   branches/SAMBA_3_0/source/auth/auth_unix.c
   branches/SAMBA_3_0/source/auth/auth_util.c
   branches/SAMBA_3_0/source/pam_smbpass/pam_smb_acct.c
   branches/SAMBA_3_0/source/pam_smbpass/pam_smb_auth.c
   branches/SAMBA_3_0/source/pam_smbpass/pam_smb_passwd.c
   branches/SAMBA_3_0/source/passdb/passdb.c
   branches/SAMBA_3_0/source/passdb/pdb_interface.c
   branches/SAMBA_3_0/source/passdb/pdb_smbpasswd.c
   branches/SAMBA_3_0/source/passdb/pdb_tdb.c
   branches/SAMBA_3_0/source/rpc_server/srv_netlog_nt.c
   branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c
   branches/SAMBA_3_0/source/smbd/chgpasswd.c
   branches/SAMBA_3_0/source/smbd/lanman.c
   branches/SAMBA_3_0/source/utils/net_rpc_samsync.c
   branches/SAMBA_3_0/source/utils/net_sam.c
   branches/SAMBA_3_0/source/utils/pdbedit.c
   branches/SAMBA_3_0/source/utils/smbpasswd.c
   trunk/source/auth/auth_rhosts.c
   trunk/source/auth/auth_sam.c
   trunk/source/auth/auth_unix.c
   trunk/source/auth/auth_util.c
   trunk/source/pam_smbpass/pam_smb_acct.c
   trunk/source/pam_smbpass/pam_smb_auth.c
   trunk/source/pam_smbpass/pam_smb_passwd.c
   trunk/source/passdb/passdb.c
   trunk/source/passdb/pdb_interface.c
   trunk/source/passdb/pdb_smbpasswd.c
   trunk/source/passdb/pdb_tdb.c
   trunk/source/rpc_server/srv_netlog_nt.c
   trunk/source/rpc_server/srv_samr_nt.c
   trunk/source/smbd/chgpasswd.c
   trunk/source/smbd/lanman.c
   trunk/source/utils/net_rpc_samsync.c
   trunk/source/utils/net_sam.c
   trunk/source/utils/pdbedit.c
   trunk/source/utils/smbpasswd.c


Changeset:
Sorry, the patch is too large (2329 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13590

svn commit: samba r13591 - branches/SAMBA_3_0/source/lib trunk/source/lib

[jerry]

Author: jerry
Date: 2006-02-21 15:47:19 + (Tue, 21 Feb 2006)
New Revision: 13591

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13591

Log:
I really have no idea how this code ever worked.  And I have
no idea why no one (including myself) caught this with a compiler
warningMake sure new_chunk() actually returns a pointer
to the allocated memory.

SAMBA_3_0 now works again on Solaris.



Modified:
   branches/SAMBA_3_0/source/lib/snprintf.c
   trunk/source/lib/snprintf.c


Changeset:
Modified: branches/SAMBA_3_0/source/lib/snprintf.c
===
--- branches/SAMBA_3_0/source/lib/snprintf.c2006-02-21 14:34:11 UTC (rev 
13590)
+++ branches/SAMBA_3_0/source/lib/snprintf.c2006-02-21 15:47:19 UTC (rev 
13591)
@@ -1112,25 +1112,28 @@
 }
 
 static struct pr_chunk *new_chunk(void) {
-   struct pr_chunk *new = (struct pr_chunk *)malloc(sizeof(struct 
pr_chunk));
+   struct pr_chunk *new_c = (struct pr_chunk *)malloc(sizeof(struct 
pr_chunk));
 
-   if (!new) return NULL;
+   if ( !new_c ) 
+   return NULL;
 
-   new-type = 0;
-   new-num = 0;
-   new-min = 0;
-   new-min_star = NULL;
-   new-max = -1;
-   new-max_star = NULL;
-   new-flags = 0;
-   new-cflags = 0;
-   new-start = 0;
-   new-len = 0;
-   new-value = 0;
-   new-fvalue = 0;
-   new-strvalue = NULL;
-   new-pnum = NULL;
-   new-next = NULL;
+   new_c-type = 0;
+   new_c-num = 0;
+   new_c-min = 0;
+   new_c-min_star = NULL;
+   new_c-max = -1;
+   new_c-max_star = NULL;
+   new_c-flags = 0;
+   new_c-cflags = 0;
+   new_c-start = 0;
+   new_c-len = 0;
+   new_c-value = 0;
+   new_c-fvalue = 0;
+   new_c-strvalue = NULL;
+   new_c-pnum = NULL;
+   new_c-next = NULL;
+
+   return new_c;
 }
 
 static int add_cnk_list_entry(struct pr_chunk_x **list,

Modified: trunk/source/lib/snprintf.c
===
--- trunk/source/lib/snprintf.c 2006-02-21 14:34:11 UTC (rev 13590)
+++ trunk/source/lib/snprintf.c 2006-02-21 15:47:19 UTC (rev 13591)
@@ -1112,25 +1112,28 @@
 }
 
 static struct pr_chunk *new_chunk(void) {
-   struct pr_chunk *new = (struct pr_chunk *)malloc(sizeof(struct 
pr_chunk));
+   struct pr_chunk *new_c = (struct pr_chunk *)malloc(sizeof(struct 
pr_chunk));
 
-   if (!new) return NULL;
+   if ( !new_c ) 
+   return NULL;
 
-   new-type = 0;
-   new-num = 0;
-   new-min = 0;
-   new-min_star = NULL;
-   new-max = -1;
-   new-max_star = NULL;
-   new-flags = 0;
-   new-cflags = 0;
-   new-start = 0;
-   new-len = 0;
-   new-value = 0;
-   new-fvalue = 0;
-   new-strvalue = NULL;
-   new-pnum = NULL;
-   new-next = NULL;
+   new_c-type = 0;
+   new_c-num = 0;
+   new_c-min = 0;
+   new_c-min_star = NULL;
+   new_c-max = -1;
+   new_c-max_star = NULL;
+   new_c-flags = 0;
+   new_c-cflags = 0;
+   new_c-start = 0;
+   new_c-len = 0;
+   new_c-value = 0;
+   new_c-fvalue = 0;
+   new_c-strvalue = NULL;
+   new_c-pnum = NULL;
+   new_c-next = NULL;
+
+   return new_c;
 }
 
 static int add_cnk_list_entry(struct pr_chunk_x **list,

svn commit: samba r13593 - branches/SAMBA_3_0/source/passdb trunk/source/passdb

[jerry]

Author: jerry
Date: 2006-02-21 16:46:21 + (Tue, 21 Feb 2006)
New Revision: 13593

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13593

Log:
consolidate pdb_set_sam_sids() into samu_set_unix() which
was the only place it was called from.


Modified:
   branches/SAMBA_3_0/source/passdb/passdb.c
   trunk/source/passdb/passdb.c


Changeset:
Sorry, the patch is too large (481 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13593

svn commit: samba r13595 - in trunk/source/utils: .

[jra]

Author: jra
Date: 2006-02-21 17:00:01 + (Tue, 21 Feb 2006)
New Revision: 13595

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13595

Log:
Got sense of NTSTATUS check reversed.
Jeremy.

Modified:
   trunk/source/utils/net_usershare.c


Changeset:
Modified: trunk/source/utils/net_usershare.c
===
--- trunk/source/utils/net_usershare.c  2006-02-21 17:00:00 UTC (rev 13594)
+++ trunk/source/utils/net_usershare.c  2006-02-21 17:00:01 UTC (rev 13595)
@@ -368,8 +368,8 @@
 
ntstatus = net_lookup_name_from_sid(ctx, 
psd-dacl-ace[num_aces].trustee, domain, name);
 
-   if (!NT_STATUS_IS_OK(ntstatus)) {
-   if (*domain) {
+   if (NT_STATUS_IS_OK(ntstatus)) {
+   if (domain  *domain) {
pstrcat(acl_str, domain);
pstrcat(acl_str, sep_str);
}

svn commit: samba r13597 - branches/SAMBA_3_0/source/libads trunk/source/libads

[lmuelle]

Author: lmuelle
Date: 2006-02-21 17:19:20 + (Tue, 21 Feb 2006)
New Revision: 13597

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13597

Log:
krb5 error codes are defined as long.

Modified:
   branches/SAMBA_3_0/source/libads/krb5_errs.c
   trunk/source/libads/krb5_errs.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/krb5_errs.c
===
--- branches/SAMBA_3_0/source/libads/krb5_errs.c2006-02-21 17:17:50 UTC 
(rev 13596)
+++ branches/SAMBA_3_0/source/libads/krb5_errs.c2006-02-21 17:19:20 UTC 
(rev 13597)
@@ -23,7 +23,7 @@
 #ifdef HAVE_KRB5
 
 static const struct {
-   int krb5_code;
+   long krb5_code;
NTSTATUS ntstatus;
 } krb5_to_nt_status_map[] = {
{KRB5_CC_IO, NT_STATUS_UNEXPECTED_IO_ERROR},

Modified: trunk/source/libads/krb5_errs.c
===
--- trunk/source/libads/krb5_errs.c 2006-02-21 17:17:50 UTC (rev 13596)
+++ trunk/source/libads/krb5_errs.c 2006-02-21 17:19:20 UTC (rev 13597)
@@ -23,7 +23,7 @@
 #ifdef HAVE_KRB5
 
 static const struct {
-   int krb5_code;
+   long krb5_code;
NTSTATUS ntstatus;
 } krb5_to_nt_status_map[] = {
{KRB5_CC_IO, NT_STATUS_UNEXPECTED_IO_ERROR},

svn commit: samba r13598 - branches/SAMBA_3_0/source/include trunk/source/include

[lmuelle]

Author: lmuelle
Date: 2006-02-21 17:35:52 + (Tue, 21 Feb 2006)
New Revision: 13598

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13598

Log:
Defining KRB5KRB_ERR_RESPONSE_TOO_BIG if not defined which is the case
for older krb5 implementations.

Patch slightly modified from the version provided by Bj?\195?\182rn Jacke 
bjoern
at j3e dot de at the samba-technical list after discussion on the list
and by IRC.  Thanks Bj?\195?\182rn!

Modified:
   branches/SAMBA_3_0/source/include/includes.h
   trunk/source/include/includes.h


Changeset:
Modified: branches/SAMBA_3_0/source/include/includes.h
===
--- branches/SAMBA_3_0/source/include/includes.h2006-02-21 17:19:20 UTC 
(rev 13597)
+++ branches/SAMBA_3_0/source/include/includes.h2006-02-21 17:35:52 UTC 
(rev 13598)
@@ -1453,6 +1453,10 @@
 
 #if defined(HAVE_KRB5)
 
+#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
+#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
+#endif
+
 #ifndef HAVE_KRB5_SET_REAL_TIME
 krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, 
int32_t microseconds);
 #endif

Modified: trunk/source/include/includes.h
===
--- trunk/source/include/includes.h 2006-02-21 17:19:20 UTC (rev 13597)
+++ trunk/source/include/includes.h 2006-02-21 17:35:52 UTC (rev 13598)
@@ -1454,6 +1454,10 @@
 
 #if defined(HAVE_KRB5)
 
+#ifndef KRB5KRB_ERR_RESPONSE_TOO_BIG
+#define KRB5KRB_ERR_RESPONSE_TOO_BIG (-1765328332L)
+#endif
+
 #ifndef HAVE_KRB5_SET_REAL_TIME
 krb5_error_code krb5_set_real_time(krb5_context context, int32_t seconds, 
int32_t microseconds);
 #endif

svn commit: samba r13599 - branches/SAMBA_3_0/source/libads trunk/source/libads

[lmuelle]

Author: lmuelle
Date: 2006-02-21 17:48:20 + (Tue, 21 Feb 2006)
New Revision: 13599

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13599

Log:
krb5 error codes are defined as long.  Also for the other direction.

Modified:
   branches/SAMBA_3_0/source/libads/krb5_errs.c
   trunk/source/libads/krb5_errs.c


Changeset:
Modified: branches/SAMBA_3_0/source/libads/krb5_errs.c
===
--- branches/SAMBA_3_0/source/libads/krb5_errs.c2006-02-21 17:35:52 UTC 
(rev 13598)
+++ branches/SAMBA_3_0/source/libads/krb5_errs.c2006-02-21 17:48:20 UTC 
(rev 13599)
@@ -58,7 +58,7 @@
 
 static const struct {
NTSTATUS ntstatus;
-   int krb5_code;
+   long krb5_code;
 } nt_status_to_krb5_map[] = {
{NT_STATUS_LOGON_FAILURE, KRB5KDC_ERR_PREAUTH_FAILED},
{NT_STATUS_NO_LOGON_SERVERS, KRB5_KDC_UNREACH},

Modified: trunk/source/libads/krb5_errs.c
===
--- trunk/source/libads/krb5_errs.c 2006-02-21 17:35:52 UTC (rev 13598)
+++ trunk/source/libads/krb5_errs.c 2006-02-21 17:48:20 UTC (rev 13599)
@@ -58,7 +58,7 @@
 
 static const struct {
NTSTATUS ntstatus;
-   int krb5_code;
+   long krb5_code;
 } nt_status_to_krb5_map[] = {
{NT_STATUS_LOGON_FAILURE, KRB5KDC_ERR_PREAUTH_FAILED},
{NT_STATUS_NO_LOGON_SERVERS, KRB5_KDC_UNREACH},

svn commit: samba r13600 - branches/SAMBA_3_0/source/passdb trunk/source/passdb

[jerry]

Author: jerry
Date: 2006-02-21 19:02:22 + (Tue, 21 Feb 2006)
New Revision: 13600

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13600

Log:
Move functions local to tdbsam to pdb_tdb.c


Modified:
   branches/SAMBA_3_0/source/passdb/passdb.c
   branches/SAMBA_3_0/source/passdb/pdb_tdb.c
   trunk/source/passdb/passdb.c
   trunk/source/passdb/pdb_tdb.c


Changeset:
Sorry, the patch is too large (1677 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13600

svn commit: samba r13601 - branches/SAMBA_3_0/source/include branches/SAMBA_3_0/source/lib branches/SAMBA_3_0/source/passdb trunk/source/include trunk/source/lib trunk/source/passdb

[jerry]

Author: jerry
Date: 2006-02-21 19:22:49 + (Tue, 21 Feb 2006)
New Revision: 13601

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13601

Log:
* Remove unused code from pdb_ldap.c
* Add a 'struct passwd *' to the struct samu for later reference
  (I know this may be controversial but its easily reverted which is
  is why I'm checking this is as a seaparate patch before I get 
  too deep).
* Remove unix_homedir from struct samu {} and update the pdb wrapper
  functions associated with it.



Modified:
   branches/SAMBA_3_0/source/include/passdb.h
   branches/SAMBA_3_0/source/lib/util_pw.c
   branches/SAMBA_3_0/source/passdb/passdb.c
   branches/SAMBA_3_0/source/passdb/pdb_get_set.c
   branches/SAMBA_3_0/source/passdb/pdb_ldap.c
   trunk/source/include/passdb.h
   trunk/source/lib/util_pw.c
   trunk/source/passdb/passdb.c
   trunk/source/passdb/pdb_get_set.c
   trunk/source/passdb/pdb_ldap.c


Changeset:
Sorry, the patch is too large (429 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13601

svn commit: samba r13602 - in branches/tmp/vl-posixacls/source/smbd: .

[vlendec]

Author: vlendec
Date: 2006-02-21 21:03:06 + (Tue, 21 Feb 2006)
New Revision: 13602

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13602

Log:
Weird -- there is no type checking here...
Modified:
   branches/tmp/vl-posixacls/source/smbd/vfs.c


Changeset:
Modified: branches/tmp/vl-posixacls/source/smbd/vfs.c
===
--- branches/tmp/vl-posixacls/source/smbd/vfs.c 2006-02-21 19:22:49 UTC (rev 
13601)
+++ branches/tmp/vl-posixacls/source/smbd/vfs.c 2006-02-21 21:03:06 UTC (rev 
13602)
@@ -111,10 +111,10 @@
vfswrap_chmod_acl,
vfswrap_fchmod_acl,
 
+   vfswrap_acl_get_file,
vfswrap_acl_get_fd,
-   vfswrap_acl_get_file,
+   vfswrap_acl_set_file,
vfswrap_acl_set_fd,
-   vfswrap_acl_set_file,
 
vfswrap_sys_acl_delete_def_file,
 

svn commit: samba r13603 - in trunk/source/smbd: .

[jra]

Author: jra
Date: 2006-02-21 23:21:26 + (Tue, 21 Feb 2006)
New Revision: 13603

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13603

Log:
Fix for bug #3512 use spnego=no and server signing=auto cause client to 
disconnect after negprot
We missed one case of ignoring BSRSPYL .
Merge for 3.0.21c.
Jeremy.

Modified:
   trunk/source/smbd/sesssetup.c


Changeset:
Modified: trunk/source/smbd/sesssetup.c
===
--- trunk/source/smbd/sesssetup.c   2006-02-21 21:03:06 UTC (rev 13602)
+++ trunk/source/smbd/sesssetup.c   2006-02-21 23:21:26 UTC (rev 13603)
@@ -70,6 +70,23 @@
 }
 
 /
+ Start the signing engine if needed. Don't fail signing here.
+/
+
+static void sessionsetup_start_signing_engine(const auth_serversupplied_info 
*server_info, char *inbuf)
+{
+   if (!server_info-guest  !srv_signing_started()) {
+   /* We need to start the signing engine
+* here but a W2K client sends the old
+* BSRSPYL  signature instead of the
+* correct one. Subsequent packets will
+* be correct.
+*/
+   srv_check_sign_mac(inbuf, False);
+   }
+}
+
+/
  Send a security blob via a session setup reply.
 /
 
@@ -355,15 +372,7 @@

SSVAL(outbuf, smb_uid, sess_vuid);
 
-   if (!server_info-guest  !srv_signing_started()) {
-   /* We need to start the signing engine
-* here but a W2K client sends the old
-* BSRSPYL  signature instead of the
-* correct one. Subsequent packets will
-* be correct.
-*/
-   srv_check_sign_mac(inbuf, False);
-   }
+   sessionsetup_start_signing_engine(server_info, inbuf);
}
 
 /* wrap that up in a nice GSS-API wrapping */
@@ -436,16 +445,7 @@

SSVAL(outbuf,smb_uid,sess_vuid);
 
-   if (!server_info-guest  !srv_signing_started()) {
-   /* We need to start the signing engine
-* here but a W2K client sends the old
-* BSRSPYL  signature instead of the
-* correct one. Subsequent packets will
-* be correct.
-*/
-
-   srv_check_sign_mac(inbuf, False);
-   }
+   sessionsetup_start_signing_engine(server_info, inbuf);
}
}
 
@@ -1107,9 +1107,7 @@
/* current_user_info is changed on new vuid */
reload_services( True );
 
-   if (!server_info-guest  !srv_signing_started()  
!srv_check_sign_mac(inbuf, True)) {
-   exit_server(reply_sesssetup_and_X: bad smb signature);
-   }
+   sessionsetup_start_signing_engine(server_info, inbuf);
 
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);

svn commit: samba r13604 - in branches/SAMBA_3_0/source/smbd: .

[jra]

Author: jra
Date: 2006-02-21 23:21:28 + (Tue, 21 Feb 2006)
New Revision: 13604

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13604

Log:
Fix for bug #3512 use spnego=no and server signing=auto cause client to 
disconnect after negprot
We missed one case of ignoring BSRSPYL .
Merge for 3.0.21c.
Jeremy.

Modified:
   branches/SAMBA_3_0/source/smbd/sesssetup.c


Changeset:
Modified: branches/SAMBA_3_0/source/smbd/sesssetup.c
===
--- branches/SAMBA_3_0/source/smbd/sesssetup.c  2006-02-21 23:21:26 UTC (rev 
13603)
+++ branches/SAMBA_3_0/source/smbd/sesssetup.c  2006-02-21 23:21:28 UTC (rev 
13604)
@@ -70,6 +70,23 @@
 }
 
 /
+ Start the signing engine if needed. Don't fail signing here.
+/
+
+static void sessionsetup_start_signing_engine(const auth_serversupplied_info 
*server_info, char *inbuf)
+{
+   if (!server_info-guest  !srv_signing_started()) {
+   /* We need to start the signing engine
+* here but a W2K client sends the old
+* BSRSPYL  signature instead of the
+* correct one. Subsequent packets will
+* be correct.
+*/
+   srv_check_sign_mac(inbuf, False);
+   }
+}
+
+/
  Send a security blob via a session setup reply.
 /
 
@@ -355,15 +372,7 @@

SSVAL(outbuf, smb_uid, sess_vuid);
 
-   if (!server_info-guest  !srv_signing_started()) {
-   /* We need to start the signing engine
-* here but a W2K client sends the old
-* BSRSPYL  signature instead of the
-* correct one. Subsequent packets will
-* be correct.
-*/
-   srv_check_sign_mac(inbuf, False);
-   }
+   sessionsetup_start_signing_engine(server_info, inbuf);
}
 
 /* wrap that up in a nice GSS-API wrapping */
@@ -436,16 +445,7 @@

SSVAL(outbuf,smb_uid,sess_vuid);
 
-   if (!server_info-guest  !srv_signing_started()) {
-   /* We need to start the signing engine
-* here but a W2K client sends the old
-* BSRSPYL  signature instead of the
-* correct one. Subsequent packets will
-* be correct.
-*/
-
-   srv_check_sign_mac(inbuf, False);
-   }
+   sessionsetup_start_signing_engine(server_info, inbuf);
}
}
 
@@ -1107,9 +1107,7 @@
/* current_user_info is changed on new vuid */
reload_services( True );
 
-   if (!server_info-guest  !srv_signing_started()  
!srv_check_sign_mac(inbuf, True)) {
-   exit_server(reply_sesssetup_and_X: bad smb signature);
-   }
+   sessionsetup_start_signing_engine(server_info, inbuf);
 
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);

Build status as of Wed Feb 22 00:00:02 2006

[build]

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2006-02-21 
00:00:09.0 +
+++ /home/build/master/cache/broken_results.txt 2006-02-22 00:00:03.0 
+
@@ -1,17 +1,17 @@
-Build status as of Tue Feb 21 00:00:05 2006
+Build status as of Wed Feb 22 00:00:02 2006
 
 Build counts:
 Tree Total  Broken Panic 
-ccache   6  2  0 
+ccache   7  2  0 
 distcc   8  2  0 
-lorikeet-heimdal 14 14 0 
-ppp  14 0  0 
-rsync28 2  0 
+lorikeet-heimdal 17 17 0 
+ppp  15 0  0 
+rsync29 2  0 
 samba2  0  0 
 samba-docs   0  0  0 
-samba4   30 19 2 
-samba_3_029 8  0 
-smb-build20 3  0 
-talloc   6  4  0 
-tdb  4  1  0 
+samba4   31 20 2 
+samba_3_030 4  0 
+smb-build21 3  0 
+talloc   6  3  0 
+tdb  5  1  0 
 

svn commit: samba r13605 - in branches/SAMBA_4_0/source/script/tests: .

[abartlet]

Author: abartlet
Date: 2006-02-22 00:18:07 + (Wed, 22 Feb 2006)
New Revision: 13605

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13605

Log:
Use $BASEDN to ensure this works outside of the 'make test' rig.

Andrew Bartlett

Modified:
   branches/SAMBA_4_0/source/script/tests/test_ldap.sh


Changeset:
Modified: branches/SAMBA_4_0/source/script/tests/test_ldap.sh
===
--- branches/SAMBA_4_0/source/script/tests/test_ldap.sh 2006-02-21 23:21:28 UTC 
(rev 13604)
+++ branches/SAMBA_4_0/source/script/tests/test_ldap.sh 2006-02-22 00:18:07 UTC 
(rev 13605)
@@ -73,7 +73,7 @@
 fi
 
 echo Test Attribute Scope Query Control
-nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER 
--controls=asq:1:member -s base -b 
'CN=Administrators,CN=Builtin,DC=samba,DC=example,DC=com' | grep sAMAccountName 
| wc -l`
+nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER 
--controls=asq:1:member -s base -b CN=Administrators,CN=Builtin,$BASEDN | 
grep sAMAccountName | wc -l`
if [ $nentries -lt 1 ]; then
echo Attribute Scope Query test returned 0 items
failed=`expr $failed + 1`

svn commit: samba r13606 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules ldap_server

[abartlet]

Author: abartlet
Date: 2006-02-22 00:26:56 + (Wed, 22 Feb 2006)
New Revision: 13606

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13606

Log:
An attempt to fix #3525.

The problem was that the supportedControls were being stolen into the
result sent to the client, then talloc_free()ed.  This caused them to
be invalid on the next rootDSE query.

This also tries to avoid attaching the result to the long-term samdb
context, and avoids an extra loop in the result processing (pointed
out by tridge).

Andrew BARtlett

Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c
   branches/SAMBA_4_0/source/ldap_server/ldap_backend.c


Changeset:
Modified: branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c
===
--- branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c  2006-02-22 
00:18:07 UTC (rev 13605)
+++ branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/rootdse.c  2006-02-22 
00:26:56 UTC (rev 13606)
@@ -73,8 +73,12 @@
if (do_attribute(s-attrs, supportedControl)) {
int i;
for (i = 0; i  priv-num_controls; i++) {
+   char *control = talloc_strdup(msg, priv-controls[i]);
+   if (!control) {
+   goto failed;
+   }
if (ldb_msg_add_string(msg, supportedControl,
-   priv-controls[i]) != 0) {
+  control) != 0) {
goto failed;
}
}

Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c
===
--- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2006-02-22 
00:18:07 UTC (rev 13605)
+++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2006-02-22 
00:26:56 UTC (rev 13606)
@@ -153,7 +153,7 @@
struct ldap_Result *done;
struct ldapsrv_reply *ent_r, *done_r;
void *local_ctx;
-   struct ldb_context *samdb = call-conn-ldb;
+   struct ldb_context *samdb = talloc_get_type(call-conn-ldb, struct 
ldb_context);
struct ldb_dn *basedn;
struct ldb_result *res = NULL;
struct ldb_request lreq;
@@ -163,13 +163,13 @@
int success_limit = 1;
int result = LDAP_SUCCESS;
int ldb_ret;
-   int i, j, y;
+   int i, j;
 
DEBUG(10, (SearchRequest));
DEBUGADD(10, ( basedn: %s, req-basedn));
DEBUGADD(10, ( filter: %s\n, ldb_filter_from_tree(call, req-tree)));
 
-   local_ctx = talloc_named(call, 0, sldb_Search local memory context);
+   local_ctx = talloc_new(call);
NT_STATUS_HAVE_NO_MEMORY(local_ctx);
 
basedn = ldb_dn_explode(local_ctx, req-basedn);
@@ -228,7 +228,8 @@
 
ldb_ret = ldb_request(samdb, lreq);
 
-   res = talloc_steal(samdb, lreq.op.search.res);
+   /* Ensure we don't keep the search results around for too long */
+   res = talloc_steal(local_ctx, lreq.op.search.res);
 
if (ldb_ret == LDB_SUCCESS) {
for (i = 0; i  res-count; i++) {
@@ -253,14 +254,8 @@
continue;
}
ent-attributes[j].num_values = 
res-msgs[i]-elements[j].num_values;
-   ent-attributes[j].values = 
talloc_array(ent-attributes,
-   DATA_BLOB, 
ent-attributes[j].num_values);
-   
NT_STATUS_HAVE_NO_MEMORY(ent-attributes[j].values);
-   for (y=0; y  ent-attributes[j].num_values; 
y++) {
-   ent-attributes[j].values[y].length = 
res-msgs[i]-elements[j].values[y].length;
-   ent-attributes[j].values[y].data = 
talloc_steal(ent-attributes[j].values,
-   
res-msgs[i]-elements[j].values[y].data);
-   }
+   ent-attributes[j].values = 
res-msgs[i]-elements[j].values;
+   talloc_steal(ent-attributes, 
res-msgs[i]-elements[j].values);
}
 queue_reply:
ldapsrv_queue_reply(call, ent_r);
@@ -287,6 +282,7 @@
}
if (res-controls) {
done_r-msg-controls = (struct ldap_Control 
**)(res-controls);
+   talloc_steal(done_r, res-controls);
}
} else {
DEBUG(10,(SearchRequest: error\n));

svn commit: samba r13607 - in branches/SAMBA_3_0/source/utils: .

[jra]

Author: jra
Date: 2006-02-22 00:34:35 + (Wed, 22 Feb 2006)
New Revision: 13607

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13607

Log:
Fix compile - don't ref auto variable in a structure initialization.
Fix from Richard Bollinger [EMAIL PROTECTED].
Jeremy.

Modified:
   branches/SAMBA_3_0/source/utils/pdbedit.c


Changeset:
Modified: branches/SAMBA_3_0/source/utils/pdbedit.c
===
--- branches/SAMBA_3_0/source/utils/pdbedit.c   2006-02-22 00:26:56 UTC (rev 
13606)
+++ branches/SAMBA_3_0/source/utils/pdbedit.c   2006-02-22 00:34:35 UTC (rev 
13607)
@@ -655,7 +655,7 @@
static char *pwd_can_change_time = NULL;
static char *pwd_must_change_time = NULL;
static char *pwd_time_format = NULL;
-   BOOL pw_from_stdin = False;
+   static BOOL pw_from_stdin = False;
 
struct pdb_methods *bdef = NULL;
poptContext pc;

svn commit: samba r13608 - in trunk/source/utils: .

[jra]

Author: jra
Date: 2006-02-22 00:34:36 + (Wed, 22 Feb 2006)
New Revision: 13608

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13608

Log:
Fix compile - don't ref auto variable in a structure initialization.
Fix from Richard Bollinger [EMAIL PROTECTED].
Jeremy.

Modified:
   trunk/source/utils/pdbedit.c


Changeset:
Modified: trunk/source/utils/pdbedit.c
===
--- trunk/source/utils/pdbedit.c2006-02-22 00:34:35 UTC (rev 13607)
+++ trunk/source/utils/pdbedit.c2006-02-22 00:34:36 UTC (rev 13608)
@@ -655,7 +655,7 @@
static char *pwd_can_change_time = NULL;
static char *pwd_must_change_time = NULL;
static char *pwd_time_format = NULL;
-   BOOL pw_from_stdin = False;
+   static BOOL pw_from_stdin = False;
 
struct pdb_methods *bdef = NULL;
poptContext pc;

svn commit: samba r13609 - in branches/SAMBA_4_0/source: ldap_server lib/ldb/common lib/ldb/include lib/ldb/ldb_ildap lib/ldb/ldb_sqlite3 lib/ldb/ldb_tdb lib/ldb/tools libcli/ldap

[idra]

Author: idra
Date: 2006-02-22 01:31:35 + (Wed, 22 Feb 2006)
New Revision: 13609

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13609

Log:


Get in the initial work on making ldb async
Currently only ldb_ildap is async, the plan
is to first make all backend support the async calls,
and then remove the sync functions from backends and
keep the only in the API.

Modules will need to be transformed along the way.

Simo



Modified:
   branches/SAMBA_4_0/source/ldap_server/ldap_backend.c
   branches/SAMBA_4_0/source/lib/ldb/common/ldb.c
   branches/SAMBA_4_0/source/lib/ldb/common/ldb_modules.c
   branches/SAMBA_4_0/source/lib/ldb/include/ldb.h
   branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h
   branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c
   branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
   branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_index.c
   branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_search.c
   branches/SAMBA_4_0/source/lib/ldb/tools/cmdline.c
   branches/SAMBA_4_0/source/lib/ldb/tools/ldbsearch.c
   branches/SAMBA_4_0/source/libcli/ldap/ldap.c
   branches/SAMBA_4_0/source/libcli/ldap/ldap.h
   branches/SAMBA_4_0/source/libcli/ldap/ldap_client.c
   branches/SAMBA_4_0/source/libcli/ldap/ldap_client.h
   branches/SAMBA_4_0/source/libcli/ldap/ldap_controls.c
   branches/SAMBA_4_0/source/libcli/ldap/ldap_ildap.c


Changeset:
Sorry, the patch is too large (1807 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13609

svn commit: samba r13610 - in branches/SAMBA_3_0/source/param: .

[jra]

Author: jra
Date: 2006-02-22 01:31:43 + (Wed, 22 Feb 2006)
New Revision: 13610

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13610

Log:
Patch from Bjoern JACKE [EMAIL PROTECTED]. Don't default to
/tmp if there is no path in the share, make it unavailable.
All printer shares should have a path and IPC$ is already
explicitly set to tmpdir().
Jeremy.

Modified:
   branches/SAMBA_3_0/source/param/loadparm.c


Changeset:
Modified: branches/SAMBA_3_0/source/param/loadparm.c
===
--- branches/SAMBA_3_0/source/param/loadparm.c  2006-02-22 01:31:35 UTC (rev 
13609)
+++ branches/SAMBA_3_0/source/param/loadparm.c  2006-02-22 01:31:43 UTC (rev 
13610)
@@ -2929,10 +2929,12 @@
}
 
if (ServicePtrs[iService]-szPath[0] == '\0' 
-   strwicmp(ServicePtrs[iService]-szService, HOMES_NAME) != 0) {
-   DEBUG(0, (No path in service %s - using %s\n,
-  ServicePtrs[iService]-szService, tmpdir()));
-   string_set(ServicePtrs[iService]-szPath, tmpdir());
+   strwicmp(ServicePtrs[iService]-szService, HOMES_NAME) != 0 
+   ServicePtrs[iService]-szMSDfsProxy[0] == '\0'
+   ) {
+   DEBUG(0, (WARNING: No path in service %s - making it 
unavailable!\n,
+   ServicePtrs[iService]-szService));
+   ServicePtrs[iService]-bAvailable = False;
}
 
/* If a service is flagged unavailable, log the fact at level 0. */

svn commit: samba r13611 - in trunk/source/param: .

[jra]

Author: jra
Date: 2006-02-22 01:31:49 + (Wed, 22 Feb 2006)
New Revision: 13611

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13611

Log:
Patch from Bjoern JACKE [EMAIL PROTECTED]. Don't default to
/tmp if there is no path in the share, make it unavailable.
All printer shares should have a path and IPC$ is already
explicitly set to tmpdir().
Jeremy.

Modified:
   trunk/source/param/loadparm.c


Changeset:
Modified: trunk/source/param/loadparm.c
===
--- trunk/source/param/loadparm.c   2006-02-22 01:31:43 UTC (rev 13610)
+++ trunk/source/param/loadparm.c   2006-02-22 01:31:49 UTC (rev 13611)
@@ -2929,10 +2929,12 @@
}
 
if (ServicePtrs[iService]-szPath[0] == '\0' 
-   strwicmp(ServicePtrs[iService]-szService, HOMES_NAME) != 0) {
-   DEBUG(0, (No path in service %s - using %s\n,
-  ServicePtrs[iService]-szService, tmpdir()));
-   string_set(ServicePtrs[iService]-szPath, tmpdir());
+   strwicmp(ServicePtrs[iService]-szService, HOMES_NAME) != 0 
+   ServicePtrs[iService]-szMSDfsProxy[0] == '\0'
+   ) {
+   DEBUG(0, (WARNING: No path in service %s - making it 
unavailable!\n,
+   ServicePtrs[iService]-szService));
+   ServicePtrs[iService]-bAvailable = False;
}
 
/* If a service is flagged unavailable, log the fact at level 0. */

svn commit: samba r13612 - branches/SAMBA_3_0/source/client trunk/source/client

[tpot]

Author: tpot
Date: 2006-02-22 03:12:00 + (Wed, 22 Feb 2006)
New Revision: 13612

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13612

Log:
#define NO_SYSLOG is dead as a doornail.

Modified:
   branches/SAMBA_3_0/source/client/smbctool.c
   trunk/source/client/smbctool.c


Changeset:
Modified: branches/SAMBA_3_0/source/client/smbctool.c
===
--- branches/SAMBA_3_0/source/client/smbctool.c 2006-02-22 01:31:49 UTC (rev 
13611)
+++ branches/SAMBA_3_0/source/client/smbctool.c 2006-02-22 03:12:00 UTC (rev 
13612)
@@ -22,8 +22,6 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#define NO_SYSLOG
-
 #include includes.h
 #include libsmbclient.h
 #include client/client_proto.h

Modified: trunk/source/client/smbctool.c
===
--- trunk/source/client/smbctool.c  2006-02-22 01:31:49 UTC (rev 13611)
+++ trunk/source/client/smbctool.c  2006-02-22 03:12:00 UTC (rev 13612)
@@ -22,8 +22,6 @@
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
-#define NO_SYSLOG
-
 #include includes.h
 #include libsmbclient.h
 #include client/client_proto.h

svn commit: samba r13613 - in trunk/source: libsmb utils

[jra]

Author: jra
Date: 2006-02-22 04:56:50 + (Wed, 22 Feb 2006)
New Revision: 13613

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13613

Log:
First part of the bugfix for #3510 - net join fails
against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.

Modified:
   trunk/source/libsmb/clientgen.c
   trunk/source/utils/net_rpc_join.c


Changeset:
Modified: trunk/source/libsmb/clientgen.c
===
--- trunk/source/libsmb/clientgen.c 2006-02-22 03:12:00 UTC (rev 13612)
+++ trunk/source/libsmb/clientgen.c 2006-02-22 04:56:50 UTC (rev 13613)
@@ -358,8 +358,14 @@
 
 BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli)
 {
-   BOOL ret = cli_close(cli-cli, cli-fnum);
+   BOOL ret;
 
+   if (!cli) {
+   return False;
+   }
+
+   ret = cli_close(cli-cli, cli-fnum);
+
if (!ret) {
DEBUG(0,(cli_rpc_pipe_close: cli_close failed on pipe %s, 
  fnum 0x%x 

Modified: trunk/source/utils/net_rpc_join.c
===
--- trunk/source/utils/net_rpc_join.c   2006-02-22 03:12:00 UTC (rev 13612)
+++ trunk/source/utils/net_rpc_join.c   2006-02-22 04:56:50 UTC (rev 13613)
@@ -88,10 +88,9 @@
struct cli_state *cli;
TALLOC_CTX *mem_ctx;
 uint32 acb_info = ACB_WSTRUST;
-   uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+   uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? 
NETLOGON_NEG_SCHANNEL : 0);
uint32 sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
-   struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
 
/* rpc variables */
 
@@ -325,29 +324,37 @@
goto done;
}
 
-   netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
+   /* We can only check the schannel connection if the client is allowed
+  to do this and the server supports it. If not, just assume success
+  (after all the rpccli_netlogon_setup_creds() succeeded, and we'll
+  do the same again (setup creds) in net_rpc_join_ok(). JRA. */
+
+   if (lp_client_schannel()  (neg_flags  NETLOGON_NEG_SCHANNEL)) {
+   struct rpc_pipe_client *netlogon_schannel_pipe = 
+   
cli_rpc_pipe_open_schannel_with_key(cli,
PI_NETLOGON,
PIPE_AUTH_LEVEL_PRIVACY,
domain,
pipe_hnd-dc,
result);
 
-   if (!NT_STATUS_IS_OK(result)) {
-   DEBUG(0, (Error in domain join verification (schannel setup 
failed): %s\n\n,
- nt_errstr(result)));
+   if (!NT_STATUS_IS_OK(result)) {
+   DEBUG(0, (Error in domain join verification (schannel 
setup failed): %s\n\n,
+ nt_errstr(result)));
 
-   if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) 
-(sec_channel_type == SEC_CHAN_BDC) ) {
-   d_fprintf(stderr, Please make sure that no computer 
account\n
-named like this machine (%s) exists in the 
domain\n,
-global_myname());
+   if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) 
+(sec_channel_type == SEC_CHAN_BDC) ) {
+   d_fprintf(stderr, Please make sure that no 
computer account\n
+named like this machine (%s) exists 
in the domain\n,
+global_myname());
+   }
+
+   goto done;
}
-
-   goto done;
+   cli_rpc_pipe_close(netlogon_schannel_pipe);
}
 
cli_rpc_pipe_close(pipe_hnd);
-   cli_rpc_pipe_close(netlogon_schannel_pipe);
 
/* Now store the secret in the secrets database */
 

svn commit: samba r13614 - in branches/SAMBA_3_0/source: libsmb utils

[jra]

Author: jra
Date: 2006-02-22 04:56:53 + (Wed, 22 Feb 2006)
New Revision: 13614

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13614

Log:
First part of the bugfix for #3510 - net join fails
against server with schannel disabled. Second part
will come tomorrow (fixing net_rpc_join_ok()).
Jeremy.

Modified:
   branches/SAMBA_3_0/source/libsmb/clientgen.c
   branches/SAMBA_3_0/source/utils/net_rpc_join.c


Changeset:
Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c
===
--- branches/SAMBA_3_0/source/libsmb/clientgen.c2006-02-22 04:56:50 UTC 
(rev 13613)
+++ branches/SAMBA_3_0/source/libsmb/clientgen.c2006-02-22 04:56:53 UTC 
(rev 13614)
@@ -358,8 +358,14 @@
 
 BOOL cli_rpc_pipe_close(struct rpc_pipe_client *cli)
 {
-   BOOL ret = cli_close(cli-cli, cli-fnum);
+   BOOL ret;
 
+   if (!cli) {
+   return False;
+   }
+
+   ret = cli_close(cli-cli, cli-fnum);
+
if (!ret) {
DEBUG(0,(cli_rpc_pipe_close: cli_close failed on pipe %s, 
  fnum 0x%x 

Modified: branches/SAMBA_3_0/source/utils/net_rpc_join.c
===
--- branches/SAMBA_3_0/source/utils/net_rpc_join.c  2006-02-22 04:56:50 UTC 
(rev 13613)
+++ branches/SAMBA_3_0/source/utils/net_rpc_join.c  2006-02-22 04:56:53 UTC 
(rev 13614)
@@ -88,10 +88,9 @@
struct cli_state *cli;
TALLOC_CTX *mem_ctx;
 uint32 acb_info = ACB_WSTRUST;
-   uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
+   uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? 
NETLOGON_NEG_SCHANNEL : 0);
uint32 sec_channel_type;
struct rpc_pipe_client *pipe_hnd = NULL;
-   struct rpc_pipe_client *netlogon_schannel_pipe = NULL;
 
/* rpc variables */
 
@@ -325,29 +324,37 @@
goto done;
}
 
-   netlogon_schannel_pipe = cli_rpc_pipe_open_schannel_with_key(cli,
+   /* We can only check the schannel connection if the client is allowed
+  to do this and the server supports it. If not, just assume success
+  (after all the rpccli_netlogon_setup_creds() succeeded, and we'll
+  do the same again (setup creds) in net_rpc_join_ok(). JRA. */
+
+   if (lp_client_schannel()  (neg_flags  NETLOGON_NEG_SCHANNEL)) {
+   struct rpc_pipe_client *netlogon_schannel_pipe = 
+   
cli_rpc_pipe_open_schannel_with_key(cli,
PI_NETLOGON,
PIPE_AUTH_LEVEL_PRIVACY,
domain,
pipe_hnd-dc,
result);
 
-   if (!NT_STATUS_IS_OK(result)) {
-   DEBUG(0, (Error in domain join verification (schannel setup 
failed): %s\n\n,
- nt_errstr(result)));
+   if (!NT_STATUS_IS_OK(result)) {
+   DEBUG(0, (Error in domain join verification (schannel 
setup failed): %s\n\n,
+ nt_errstr(result)));
 
-   if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) 
-(sec_channel_type == SEC_CHAN_BDC) ) {
-   d_fprintf(stderr, Please make sure that no computer 
account\n
-named like this machine (%s) exists in the 
domain\n,
-global_myname());
+   if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) 
+(sec_channel_type == SEC_CHAN_BDC) ) {
+   d_fprintf(stderr, Please make sure that no 
computer account\n
+named like this machine (%s) exists 
in the domain\n,
+global_myname());
+   }
+
+   goto done;
}
-
-   goto done;
+   cli_rpc_pipe_close(netlogon_schannel_pipe);
}
 
cli_rpc_pipe_close(pipe_hnd);
-   cli_rpc_pipe_close(netlogon_schannel_pipe);
 
/* Now store the secret in the secrets database */
 

svn commit: samba r13615 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules lib/ldb/common lib/ldb/include lib/ldb/ldb_ildap lib/ldb/ldb_ldap lib/ldb/ldb_sqlite3 lib/ldb/ldb_tdb lib/ldb/modules nb

[idra]

Author: idra
Date: 2006-02-22 05:21:43 + (Wed, 22 Feb 2006)
New Revision: 13615

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13615

Log:

Make ldb_set_errstring get ldb instead of module as parameter.
The module was just used to get to the ldb so it was meningless.

Also add LDB_WAIT_ONCE e relative code in ldb_ildap.c


Modified:
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/kludge_acl.c
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/password_hash.c
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/proxy.c
   branches/SAMBA_4_0/source/dsdb/samdb/ldb_modules/samldb.c
   branches/SAMBA_4_0/source/lib/ldb/common/ldb.c
   branches/SAMBA_4_0/source/lib/ldb/common/ldb_debug.c
   branches/SAMBA_4_0/source/lib/ldb/include/ldb.h
   branches/SAMBA_4_0/source/lib/ldb/include/ldb_private.h
   branches/SAMBA_4_0/source/lib/ldb/ldb_ildap/ldb_ildap.c
   branches/SAMBA_4_0/source/lib/ldb/ldb_ldap/ldb_ldap.c
   branches/SAMBA_4_0/source/lib/ldb/ldb_sqlite3/ldb_sqlite3.c
   branches/SAMBA_4_0/source/lib/ldb/ldb_tdb/ldb_tdb.c
   branches/SAMBA_4_0/source/lib/ldb/modules/ldb_map.c
   branches/SAMBA_4_0/source/lib/ldb/modules/objectclass.c
   branches/SAMBA_4_0/source/nbt_server/wins/wins_ldb.c


Changeset:
Sorry, the patch is too large (631 lines) to include; please use WebSVN to see 
it!
WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=13615