[Samba] Samba 3.0.23 winbind use default domain = yes behaviour
Hello list, I encountered a problem in Samba 3.0.23 regarding the winbind use default domain = yes behaviour. It only works for the users an NOT anymore for the Group. So this make getent group to show NETBIOSDOMAINNAME/group which course mail squid configuration to fail. My squid configuration allowed access based on the AD groups, which are provided by Winbindd. Tested distribution: SuSE 9.0, CentOS 4.3 Samba build: Sernet 3.0.23 Is this a bug or is this by design? Does anybody know a way to getent group to honour the winbind use default domain = yes option? Regards, John The Netherlands. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR.exe not working properly
Hi there, I'm running Debian Sarge with the sernet-packages of Samba. Yesterday I updated from 3.0.22 to 3.0.23. When I start the usrmgr.exe, I still are able to modify users but I cannot see/modify groups anymore. Where could I start to find the problem? Thanks. Holger -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23 winbind use default domain = yes behaviour
Hi John,
this is already filed as a bug:
https://bugzilla.samba.org/show_bug.cgi?id=3920
and Jerry is working on it.
I'v attached an inofficial not supported patch against relaease 3.0.23
of nsswitch/winbindd_group.c which reverted the change and worked for me.
John schrieb:
Hello list,
I encountered a problem in Samba 3.0.23 regarding the winbind use default
domain = yes behaviour.
It only works for the users an NOT anymore for the Group. So this make
getent group to show NETBIOSDOMAINNAME/group which course mail squid
configuration to fail. My squid configuration allowed access based on the AD
groups, which are provided by Winbindd.
Tested distribution:
SuSE 9.0, CentOS 4.3
Samba build: Sernet 3.0.23
Is this a bug or is this by design? Does anybody know a way to getent group
to honour the winbind use default domain = yes option?
Regards,
John
The Netherlands.
--
Mit freundlichen Grüßen
Dietrich Streifert
Visionet GmbH
--- samba-3.0.23.orig/source/nsswitch/winbindd_group.c Fri Jun 23 15:16:50 2006
+++ samba-3.0.23/source/nsswitch/winbindd_group.c Thu Jul 13 10:34:06 2006
@@ -42,7 +42,7 @@
{
fstring full_group_name;
- fill_domain_username( full_group_name, dom_name, gr_name, False);
+ fill_domain_username( full_group_name, dom_name, gr_name, True);
gr-gr_gid = unix_gid;
@@ -146,7 +146,7 @@
/* Append domain name */
- fill_domain_username(name, domain-name, the_name, False);
+ fill_domain_username(name, domain-name, the_name, True);
len = strlen(name);
@@ -752,7 +752,7 @@
/* Fill in group entry */
fill_domain_username(domain_group_name, ent-domain_name,
-name_list[ent-sam_entry_index].acct_name, False);
+name_list[ent-sam_entry_index].acct_name, True);
result = fill_grent(group_list[group_list_ndx],
ent-domain_name,
@@ -929,7 +929,7 @@
groups.sam_entries)[i].acct_name;
fstring name;
- fill_domain_username(name, domain-name, group_name,
False);
+ fill_domain_username(name, domain-name, group_name,
True);
/* Append to extra data */
memcpy(extra_data[extra_data_len], name,
strlen(name));
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with winbind
Hello everyone! I have samba-3.0.10-1.4E.6 under CentOS 4.3 and have such a kind of problem with winbind: when i am adding one of the Windows users to group those changes are not visible on Linux box. For example, i've add user 'vic' to group Webmasters under Windows. I wait for 24 hours and after it i've entered command: # id vic uid=10124(vic) gid=10004(Domain Users) groups=10004(Domain Users) but when i've made: # getent group | grep Webmasters Webmasters:x:10047:user1,user2,user3,user4,vic,user5 As we can see user vic and other users are in group Webmasters. #id user5 uid=10068(user5) gid=10004(Domain Users) groups=10004(Domain Users),10047(Webmasters),10048(Power Users) i've reboted my PDC, restarted samba and winbind, but it didn't help me. What is the problem? Nikolay Krasko -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Attributes
Hi, [...] I was asked to implement logon and logoff control in our network. I read in the link below that those parameters are no used (unless not yet). Is there any other way to do it? Or any hope that it will be implemented soon? http://samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html sambaLogonTimeInteger value currently unused. sambaLogoffTimeInteger value currently unused. [...] Maybe this can help you: http://lists.samba.org/archive/samba/2006-January/115883.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USRMGR.exe not working properly
what do you see with the 'net groupmap list' command.. maybe you need to map them manually, (net group add .) coz' this became the default behavior for the 3.0.23 version... Cheers Collen Holger Wesser wrote: Hi there, I'm running Debian Sarge with the sernet-packages of Samba. Yesterday I updated from 3.0.22 to 3.0.23. When I start the usrmgr.exe, I still are able to modify users but I cannot see/modify groups anymore. Where could I start to find the problem? Thanks. Holger -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Q: mount -t smbfs: cli_negprot: SMB signing is mandatory and we have disabled it.
On 14 Jul 2006 at 15:47, Andrew Bartlett wrote: smbfs does not support SMB signing. Try the more modern cifsfs. Thanks for the hint, it actually helped. However I'm having the problem that mount -t cifs -ouser=uname //rkapoka1/HostData ~/stest works when entering the password interactively, while mount -t cifs -ocredentials=scred //rkapoka1/HostData ~/stest does not work when the correct password had been specified in the credential file as documented. OK, found that as well: there are no blanks allowed around '=' (in contradiction to cmb.conf standards. Maybe add an extra line of warning to the manual page of mount.cifs. Problem solved now, thanks for the excellent reply, and sorry about my dumbness. Ulrich -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4?
Gerald (Jerry) Carter wrote: If you need support for the SerNet packages, you will have to contact SerNet. Ok, clear. Does SerNet have their own SVN source of Samba then? Or are they using the one of samba.org? If not, what is the technical difference of enterprisesamba and the original samba then? The Fedora specfile provided with Samba is compatible with RHEL4. I don't build RHEL4 packages only because IMO if you pay for support for RedHat, installing non-vendor supplied packages would void your support agreement. Right, I only wanted to know if there are technical issues NOT to use the Fedora packages on RHEL4. Somebody in the list already gave a tip that there is a RHEL section in the packaging directory (tarball of 3.0.23), which contains the makerpms.sh script to create the RPMS for RHEL4. I'll use this one to create the RPMS for RHEL4, unless you say there is no difference with the src.rpm of Fedora. I'll ask Red Hat if I void the support agreement if I only use the Samba packages of samba.org on my RHEL4 server. I'd like to use the samba packages from the source on my servers, because I have very good experience with that. I'd like to mention the patch for W2k3 server SP1 that was created almost instantly by the Samba Team after the release of SP1 and a few other issues I had, like the DC (LDAP) server failover, were solved by the Samba Team. I doubt if I get this kind of support for Samba from Red Hat... Althought I could provide RPMS for the lates version of CentOS which should be binary comatible with RHEL4 systems. Correct, my Swiss colleague uses CentOS and he uses the Red Hat enterprisesamba packages of RHEL4 on his servers without problems. While I'm at it, is there any pressing need for 64-bit rpms as well? For me not, but maybe for others out there... ;) Regards, Alex. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4?
Don Meyer wrote: OK, my advice is to do the following: 1) Grab the latest 3.0.23 tarball from one of the Samba mirrors 2) expand it into a directory on your RHEL4 systems where you've been building packages 3) cd ./samba-3.0.23/packaging/RHEL/ 4) exec the command: . makerpms.sh 5) when the package build is finished: cd /usr/src/redhat/RPMS/i386/ You should have a nice set of up-to-date packages for your RHEL4 system in this directory. Thanks to Jerry and all the others for the attention in the last couple versions to the RHEL packaging... Thanx for the tip Don! Didn't know there was a RHEL section in the packaging directory. I played before with the makerpms.sh script for RHL9, so I know the drill... ;) Good tip for newbies though. ;) There are two caveats with this: a) The cache directory is moved from /var/cache/samba/ to /var/lib/samba/. This move does not adjust the SELinux labels when it creates the new directory, and since it copies files - the files are created with the incorrect labels inherited from the new directory. I only had to do it once, but IIRC - executing mv /var/cache/samba /var/lib before installing the new packages worked for me on a new system. Ok, the Samba databases are in RHL9 and Fedora already in the /var/lib/samba/ dir. The Samba database of hte Fedora source package I compiled and installed on RHEL4 are also in the /var/lib/samba/ dir. b) The smbd and nmbd services run fine under the standard RHEL4 selinux-policy-targeted ruleset. However, winbindd rules aren't in this set, and will fail if SELinux is enabled/enforcing.If you are running winbindd, (which you probably are in ads mode) you can deal with this problem in a number of ways: ... This will load some additional rules that will allow winbindd to run without any (significant) AVC errors. This should only need to be done once. Running winbindd failed indeed in the first instance on RHEL4 because of SELinux. In SELinux there is however a winbind_disable_trans boolean (in the file: /etc/selinux/targeted/booleans), which is default 0. If you change this to 1 and reboot the server, winbind will run smoothly on RHEL4. Regards, Alex. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Kerberos Keytab Code Update in 3.0.23
Jerry,
I'll have to check on the semantic checking for
the UPN attribute. I'd rather (for safety's sake)
just give it a value: host/${dNSHostName} attribute.
That way we know we are consistent.
The previous behavior was: host/[EMAIL PROTECTED] although I disagreed with
that format. I believe you've got the right value: host/[EMAIL PROTECTED]
Yeah but the previous default required you to have more
rights that Windows client required so we got slammed for
that.
Unfortunately there are many cases where DC Group Policies are cranked down
such that only Domain Admins can add/remove machines anyway.
Here's a thought; why not split the two functions?
Adding the machine to the domain (net ads join) handles just what is
necessary for that.
Creating the keytab (net ads keytab create) handles those specific
functions.
Adding additional service principals (net ads keytab add princ1 princ2 ...)
places these principals in other keytabs so the admin can move them to the
appropriate location and set permissions. An example of how this might work
would be that the service principal for http is placed in apache's home with
appropriate permissions so mod_auth_kerb functions using client auth.
Another might be to create a service principal for ldap and place it in /etc
with ownership ldap:nscd so nss_ldap can be configured with sasl gssapi and
proxy auth while maintaining nscd functionality.
If Samba needs some off-the-wall formats for its Kerberos principals in
order to respond to requests for \\HoStNaMe.DOMAIN\Share then create them in
memory on-the-fly as before the keytab management functions were added.
The only other issue that you may have addressed before - why waste the
effort of creating principals using all the encryption types that the client
supports when the only ones that will succeed are those that the server
supports?
Of course it would be nice if all the distributions of Linux, Solaris, AIX,
etc. had versions of kerberos that support rc4-hmac...
Thanks,
Scott
-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 13, 2006 5:35 PM
To: Scott Armstrong
Cc: 'Doug VanLeuven'; samba@lists.samba.org
Subject: Re: [Samba] Kerberos Keytab Code Update in 3.0.23
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott Armstrong wrote:
Or I could add a switch to 'net ads join' that said
create the UPN. I don't really want to make it
default behavior. Would that be acceptable?
That would be fine although if you can allow the format
of the hostname to be controllable that would be a bonus. I
think allowing as much as possible to be done at the
time the machine account is created is best.
I'll have to check on the semantic checking for
the UPN attribute. I'd rather (for safety's sake)
just give it a value: host/${dNSHostName} attribute.
That way we know we are consistent.
It's pretty labor intensive to have to log onto the
Windows DC afterward and run ADSIEdit in order to achieve
the same result that was the default before the code rewrite.
Yeah but the previous default required you to have more
rights that Windows client required so we got slammed for
that.
cheers, jerry
=
Samba--- http://www.samba.org
Centeris --- http://www.centeris.com
What man is a man who does not make the world better? --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
iD8DBQFEtrxtIR7qMdg1EfYRAvi4AJ0VrM6Y1GstFg9eN4z9F1I04ChC5ACg3AyS
y8sHkxCVnMo9FyFDFDqACH8=
=Etdm
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.23: assigning users to printers
Hello I just upgraded our PDC from 3.0.22 to 3.0.23 with all the bells and whistles. I am running OpenLdap as a backend and did what's been written in the Changelog regarding indexing. The new version started up fine and worked all right. Netlogons, shares, printing etc. I could also assign ACLs to my files as before. The PDC also works as a printserver running cups with the drivers stored in samba. The strange thing is that when in windows I want to assign a user to a printer it does not work any longer. A message comes up, telling me it could not be established that the printserver belongs to the domain. Funny thing is, that the printserver is the PDC. This problem only appears in 3.0.23. With 3.0.22 it works all right. Did I miss something?? Thanks for helping Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 43, Issue 20
Hello: I'm away on holidays right now! If this is an Urgent ticket please submit a repair ticket herehttp://ts.sd57.bc.ca I will be checking my mail still every few days Or Page #613-4732 Thanks Benny.nerd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.23: assigning users to printers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert Gehr wrote: The strange thing is that when in windows I want to assign a user to a printer it does not work any longer. A message comes up, telling me it could not be established that the printserver belongs to the domain. Funny thing is, that the printserver is the PDC. This problem only appears in 3.0.23. With 3.0.22 it works all right. A few people have reported this but I've never been able to reproduce it. Please file a bug report and attach a raw ethereal trace for me as well as level 10 debug log. Thanks. cheer, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEt40yIR7qMdg1EfYRAqirAJ96PSgY7hy5/zIlMHFa+yN6axlttACdGkOR zUuMXDPxnclh2j/JdfYrd04= =iSuh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USRMGR.exe not working properly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Holger Wesser wrote: Hi there, I'm running Debian Sarge with the sernet-packages of Samba. Yesterday I updated from 3.0.22 to 3.0.23. When I start the usrmgr.exe, I still are able to modify users but I cannot see/modify groups anymore. Where could I start to find the problem? Hmmm...works fine here. Are none of the groups listed ? What passdb backend are you using ? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEt42wIR7qMdg1EfYRAij3AKCqLVvNng6janii+qCO2fIS37+u/gCgqrE7 1QdgHbxGUC5HH+D2q3s6vtA= =URzF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Authenticate users through an AD trust
I've recently connected a Samba server to our domain
(ourdomain.dom) and configured it to send
authentication requests to AD. I can successfully
authenticate ourdomain.com users from the Samba
server.
ourdomain.com has a trust with a sister company
(theirdomain.com). With this trust we can assign NTFS
permissions to users within theirdomain.com to, for
example, file servers on ourdomain.com. We also have
numerous groups on ourdomain.com that include many
users from theirdomain.com.
The Samba server does not have access (due to a
firewall on theirdomain.com) to send auth reqeusts
directly to DCs on theirdomain.com. However,
ourdomain.com DCs can query theirdomain.com DCs (that
hole has been punched). In addition, our XP machines
can see and select theirdomain.com from the windows
login dropdown and authenticate with a theirdomain.com
user -- since the machines are connected to
ourdomain.com the auth request is sent through our DCs
to theirdomain.com.
I'm attempting to do something simliar with Samba:
allow users from theirdomain.com to authenticate even
though the Samba server is connected to
ourdomain.com (thus, the auth requests will flow
through ourdomain.com DCs to theirdomain.com DCs).
However, it doesn't appear to be working.
Here's the [global] section from smb.conf:
[global]
workgroup = OURDOMAIN
realm = OURDOMAIN.COM
preferred master = no
server string = Samba Server
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
printcap name = cups
printing = cups
idmap uid = 1-2
idmap gid = 1-2
And here's my krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = OURDOMAIN.COM
[realms]
THEIRDOMAIN.COM = {
kdc = dc1.ourdomain.com
}
OURDOMAIN.COM = {
kdc = dc1.ourdomain.com
}
[domain_realms]
.kerberos.server = OURDOMAIN.COM
I've been testing authentication by using:
kinit [EMAIL PROTECTED]
This asks me for a password and then successfully
authenticates.
kinit [EMAIL PROTECTED]
This gives me the following error:
kinit(v5): KRB5 error code 68 while getting initial
credentials
Sorry this is so long winded... I wanted to be sure to
give you the whole scenario. Thanks for any
assistance you can offer.
Josh
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Open files
Hello I'm running a Win2K box with a dialogic voice application. The prompt files are on an AIX 5.1 box. By using smbstatus I'm finding that the prompt files aren't closing. The open files build up until the server hits the per process limit, at which point everything falls apart. I was running samba 2.07, but I just upgraded to 3.0.23rc3 and I still have the problem. I used fuser and lsof to verify that the files were indeed open and owned by samba, so its not something as simple as a misunderstanding of locks. The files are being managed by the Dialogic library so it is unlikely to be an application problem, but to double check, I switched to NFS (ugh) and lsof shows no open files. Dialogic (now Intel) of course washes their hands in this, saying it doesn't happen with local files, it can't be there problem. I quesiton that logic since shared files are never quite the same. I'm running out of ideas. Jack -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] rpcclient: NT_STATUS_LOGON_FAILURE
hi to everyone, my name is Daniel and I'm currently trying to upload the driver for a printer in a company's network. The printer in question is a Kyocera Mita FS-C5016N, but actually that's not my problem. My problem is that I'm not able to execute RPC calls on my laptop,. I've successfully added the PostScript driver (with cupsaddsmb) to the Samba share print$, but I need to share the propretary/native driver for the Windows clients. The cupsaddsmb executes also rpcclient, but not through the network, but locally, and that seems to work. I can't simply execute no command of rpcclient! I'm working on a laptop (Windows XP Professional) and I'm connected through SSH (with putty) to a Linux server (as root). The name/ip of my laptop is PC-Daniel/192.168.100.117 and the username is Daniel. Here is the output of the command: output INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 added interface ip=192.168.100.4 bcast=192.168.100.255 nmask=255.255.255.0 Netbios name list:- my_netbios_names[0]=SERVER04 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb.conf Processing section [global] doing parameter workgroup = PANSUR doing parameter load printers = yes doing parameter printing = cups doing parameter printcap name = cups doing parameter printcap cache time = 750 doing parameter cups options = raw doing parameter printer admin = @ntadmin, root, administrator WARNING: The printer admin option is deprecated doing parameter username map = /etc/samba/smbusers doing parameter map to guest = Bad User doing parameter logon path = \\%L\profiles\.msprofile doing parameter logon home = \\%L\%U\.9xprofile doing parameter logon drive = P: doing parameter passdb backend = smbpasswd doing parameter domain logons = no doing parameter local master = yes doing parameter wins server = 192.168.100.1 doing parameter wins support = no doing parameter netbios name = server04 handle_netbios_name: set global_myname to: SERVER04 doing parameter add machine script = doing parameter preferred master = auto doing parameter encrypt passwords = yes doing parameter security = domain doing parameter password server = * doing parameter winbind separator = + doing parameter idmap uid = 1-2 doing parameter idmap gid = 1-2 doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind use default domain = yes doing parameter template homedir = /home/%U doing parameter template shell = /bin/false doing parameter hosts allow = 192.168.100. 127.0.0.1 doing parameter server string = %L pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_MEMBER Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF-16LE Registered charset UTF-16LE Attempting to register new charset UCS-2BE Registered charset UCS-2BE Attempting to register new charset UTF-16BE Registered charset UTF-16BE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset UTF-8 Registered charset UTF-8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset ISO-8859-1 Registered charset ISO-8859-1 Attempting to register new charset UCS2-HEX Registered charset UCS2-HEX Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Connecting to host=PC-DANIEL internal_resolve_name: looking up PC-DANIEL#20 Opening cache file at /var/lib/samba/gencache.tdb Returning valid cache entry: key = NBT/PC-DANIEL#20, value = 192.168.100.117:0, timeout = Fri Jul 14 15:46:58 2006 name PC-DANIEL#20 found. Connecting to 192.168.100.117 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE =
[Samba] Win2k Master Browser believes Linux box is master browser
Hi,
We currently have a very small network with a Windows Small Business
Server acting as an ADS Master Browser,
we also have a Debian Sarge Samba Server, this sharing a single
directory at the Share level (security is not really that dig a concern,
as this is open to anyone in the company).
The Samba server has the workgroup set the the same domain as the
Windows ADS, but it has not joined the domain.
In the windows logs we have the following errors (every so often):
error
Event Type: Error
Event Source: MRxSmb
Event Category: None
Event ID: 8003
Date: 14/07/2006
Time: 12:08:48
User: N/A
Computer: SBS-SRV
Description:
The master browser has received a server announcement from the
computer DEV that believes that it is the master browser for the
domain on transport NetBT_Tcpip_{86ADC2FD-1F86-41AB-AEC1. The master
browser is stopping or an election is being forced.
/error
After some searching on this mailing list and google, I came up with
some configuration options to add to the
smb.conf, but this mas not really helped eliminate the errors on the
Windows box.
The following options have been added/commented out:
; remote browse sync
; remote announce
domain master = no
os level =
If anyone can point to any more options, I need to alter or add, any
help would be greatly appreciated.
Thanks in advance
Mark
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Open files
On Fri, Jul 14, 2006 at 08:51:48AM -0400, Jack Gostl wrote: Hello I'm running a Win2K box with a dialogic voice application. The prompt files are on an AIX 5.1 box. By using smbstatus I'm finding that the prompt files aren't closing. The open files build up until the server hits the per process limit, at which point everything falls apart. I was running samba 2.07, but I just upgraded to 3.0.23rc3 and I still have the problem. I used fuser and lsof to verify that the files were indeed open and owned by samba, so its not something as simple as a misunderstanding of locks. The files are being managed by the Dialogic library so it is unlikely to be an application problem, but to double check, I switched to NFS (ugh) and lsof shows no open files. Dialogic (now Intel) of course washes their hands in this, saying it doesn't happen with local files, it can't be there problem. I quesiton that logic since shared files are never quite the same. I'm running out of ideas. Send in a debug level 10 log covering the point you think it should be closing the files. If an outstanding POSIX lock is held on a file it can be help open deliberately. To test this try setting posix locking = no. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NET ADS JOIN error
Can anyone shed some light on this error? I can't seem to find any information as to why it is failing. Thanks. USTR-MINT-A-1:~ # net ads join United States\Tredyffrin\Resources\Servers -U trimblrd trimblrd's password: Failed to pre-create the machine object in OU United States\Tredyffrin\Resources\Servers. I have tried two different domain admin accounts and I get the same error each time. It strange since the object already exists in AD. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Open files
- Original Message - From: Jeremy Allison [EMAIL PROTECTED] To: Jack Gostl [EMAIL PROTECTED] Cc: Samba samba@lists.samba.org Sent: Friday, July 14, 2006 10:56 AM Subject: Re: [Samba] Open files On Fri, Jul 14, 2006 at 08:51:48AM -0400, Jack Gostl wrote: Hello I'm running a Win2K box with a dialogic voice application. The prompt files are on an AIX 5.1 box. By using smbstatus I'm finding that the prompt files aren't closing. The open files build up until the server hits the per process limit, at which point everything falls apart. I was running samba 2.07, but I just upgraded to 3.0.23rc3 and I still have the problem. I used fuser and lsof to verify that the files were indeed open and owned by samba, so its not something as simple as a misunderstanding of locks. The files are being managed by the Dialogic library so it is unlikely to be an application problem, but to double check, I switched to NFS (ugh) and lsof shows no open files. Dialogic (now Intel) of course washes their hands in this, saying it doesn't happen with local files, it can't be there problem. I quesiton that logic since shared files are never quite the same. I'm running out of ideas. Send in a debug level 10 log covering the point you think it should be closing the files. If an outstanding POSIX lock is held on a file it can be help open deliberately. To test this try setting posix locking = no. Jeremy. Pardon the idiot questions. I added posix locking=no (with and without spaces) to the global section of smb.conf and got an error from testparms. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Open files
On Fri, Jul 14, 2006 at 11:10:44AM -0400, Jack Gostl wrote:
Pardon the idiot questions.
I added posix locking=no (with and without spaces) to the global section
of smb.conf and got an error from testparms.
You must have added something else... (just a point, don't add the characters
around it - that was to differentiate it from the rest of the email text).
Here's the definition from the source code :
{posix locking, P_BOOL, P_LOCAL, sDefault.bPosixLocking, NULL, NULL,
FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
So it's definately in there (a per-share parameter).
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joop Martens is afwezig/out of office.
I will be out of the office starting 14/07/2006 and will not return until 31/07/2006. Ik antwoord op uw bericht wanneer ik terug ben. Voor dringende zaken kunt u contact opnemen met: I will respond to your message when I’m back from holiday. For imported things you can contact: Paul de Bruijn ICT Lekkerland Nederland Conway Belgie Databases,Middleware en Beheer tel: +31 (0)40-2943039 +31 (0) 522-239870 email [EMAIL PROTECTED]-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NET ADS JOIN error
I get the same error either way. -Original Message- From: Howard Wilkinson [mailto:[EMAIL PROTECTED] Sent: Friday, July 14, 2006 11:16 AM To: Trimble, Ronald D; samba@lists.samba.org Subject: RE: [Samba] NET ADS JOIN error Check that the backslashes are not being interpolated by the shell you may want to try. net ads join United States\\Tredyffrin\\Resource\\Servers -U trimblrd Howard. Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL, United Kingdom Telephone: +44 20 76907075 Fax: +44 20 79230110 Mobile: +44 7980 639379 Company Email: [EMAIL PROTECTED] Website: http://www.cohtech.com http://www.cohtech.com/ From: [EMAIL PROTECTED] on behalf of Trimble, Ronald D Sent: Fri 2006-07-14 16:06 To: samba@lists.samba.org Subject: [Samba] NET ADS JOIN error Can anyone shed some light on this error? I can't seem to find any information as to why it is failing. Thanks. USTR-MINT-A-1:~ # net ads join United States\Tredyffrin\Resources\Servers -U trimblrd trimblrd's password: Failed to pre-create the machine object in OU United States\Tredyffrin\Resources\Servers. I have tried two different domain admin accounts and I get the same error each time. It strange since the object already exists in AD. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Open files
- Original Message -
From: Jeremy Allison [EMAIL PROTECTED]
To: Jack Gostl [EMAIL PROTECTED]
Cc: Jeremy Allison [EMAIL PROTECTED]; Samba samba@lists.samba.org
Sent: Friday, July 14, 2006 11:12 AM
Subject: Re: [Samba] Open files
On Fri, Jul 14, 2006 at 11:10:44AM -0400, Jack Gostl wrote:
Pardon the idiot questions.
I added posix locking=no (with and without spaces) to the global
section
of smb.conf and got an error from testparms.
You must have added something else... (just a point, don't add the
characters
around it - that was to differentiate it from the rest of the email text).
Here's the definition from the source code :
{posix locking, P_BOOL, P_LOCAL, sDefault.bPosixLocking, NULL,
NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},
So it's definately in there (a per-share parameter).
Jeremy.
Bingo! That did it. Now I'm sure there is a penalty for this, like two PCs
hitting the same file at the same time, right? I'm willing to live with that
for awhile.
I have the two debug 10 level log file, but one is on 2.07 and the other is
after I put in the posix locking = no. I would think that the 2.07 might be
of some use, but I'll understand if its not.
I guess the next step is to get 3.0.23 to compile on my AIX 5.3 test box,
and run the debug 10 again but without the posix lock = no.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Open files
On Fri, Jul 14, 2006 at 11:44:00AM -0400, Jack Gostl wrote: Bingo! That did it. Now I'm sure there is a penalty for this, like two PCs hitting the same file at the same time, right? I'm willing to live with that for awhile. Actually no, so long as all the clients are coming in from Windows everything will work fine. The posix locking parameter is used to make the Windows locks visible to local (or NFS) access. If all access is via Windows it doesn't cause any problems disabling it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NET ADS JOIN error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Trimble, Ronald D wrote: Can anyone shed some light on this error? I can't seem to find any information as to why it is failing. Thanks. USTR-MINT-A-1:~ # net ads join United States\Tredyffrin\Resources\Servers -U trimblrd trimblrd's password: Failed to pre-create the machine object in OU United States\Tredyffrin\Resources\Servers. If the account already exists, you don't need to specify the OU when joining. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEt71UIR7qMdg1EfYRAsVjAJ9kzvriagkMjRdCmVn3sn62gihXDACfU08V GHzyqKrVL1FkU+gD5RH+Jls= =tG/f -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NET ADS JOIN error
Check that the backslashes are not being interpolated by the shell you may want to try. net ads join United States\\Tredyffrin\\Resource\\Servers -U trimblrd Howard. Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL, United Kingdom Telephone: +44 20 76907075 Fax: +44 20 79230110 Mobile: +44 7980 639379 Company Email: [EMAIL PROTECTED] Website: http://www.cohtech.com http://www.cohtech.com/ From: [EMAIL PROTECTED] on behalf of Trimble, Ronald D Sent: Fri 2006-07-14 16:06 To: samba@lists.samba.org Subject: [Samba] NET ADS JOIN error Can anyone shed some light on this error? I can't seem to find any information as to why it is failing. Thanks. USTR-MINT-A-1:~ # net ads join United States\Tredyffrin\Resources\Servers -U trimblrd trimblrd's password: Failed to pre-create the machine object in OU United States\Tredyffrin\Resources\Servers. I have tried two different domain admin accounts and I get the same error each time. It strange since the object already exists in AD. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4?
At 05:15 AM 7/14/2006, Alex de Vaal wrote: b) The smbd and nmbd services run fine under the standard RHEL4 selinux-policy-targeted ruleset. However, winbindd rules aren't in this set, and will fail if SELinux is enabled/enforcing.If you are running winbindd, (which you probably are in ads mode) you can deal with this problem in a number of ways: ... This will load some additional rules that will allow winbindd to run without any (significant) AVC errors. This should only need to be done once. Running winbindd failed indeed in the first instance on RHEL4 because of SELinux. In SELinux there is however a winbind_disable_trans boolean (in the file: /etc/selinux/targeted/booleans), which is default 0. If you change this to 1 and reboot the server, winbind will run smoothly on RHEL4. Thanks Alex, this is the trick to disabling enforcement for a particular daemon/subsystem. There are a number of *_disable_trans boolean variables that essentially disable enforcement for the corresponding subsystem. When set to active (1), the boolean flag disables the context transition from the root state to the specific context. Since the base/root state has essentially unlimited access under the selinux targeted policy, the errors aren't generated and the blocks aren't enforced.Of course, this means the protections are disabled as well, but just for the winbind subsystem... Personally, I prefer to have the protections in place and will continue to augment the rules as necessary. Fortunately, the additional set of rules I've needed to add have been relatively stable over the past few builds. However, the winbind_disable_trans method is certainly much simpler. And would be recommended for those not worried about the security through the winbind service. BTW, the command to change this without editing a file is: setsebool -P winbind_disable_trans 1 Jerry, any thoughts on including this in the RHEL packaging? Perhaps the following logic flow: if SELinux is active and enforcing, if selinux-policy-targeted-sources package is not installed, if getsebool winbind_disable_trans = 0 then setsebool -P winbind_disable_trans 1 This could alleviate a whole lot of winbind problems for people installing RHEL-based packages, and as long as it is documented somewhere, is trivial/easy to undo for someone who wants to modify their SELinux config later. This also reminds me that I've been wanting to write up a similar patch to handle the selinux chcons for the /var/cache/samba/ -- /var/lib/samba/ transition... ;-) Cheers, -D Don Meyer [EMAIL PROTECTED] Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety. -- Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Excluding directories from a read-only = yes
I have a share with thousands of folders. In each of those folders there is another directory named 'files'. I want to be able to lock down these thousands of folders but allow r/w access to the 'files' folders inside of them. Is there anyway to do this in smb.conf? Thanks, Ed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Open files
I now have a coherent test. Run on 3.023rc3, with the failure, with debug 10. May I send it to you? Its about 85kb compressed (via Unix compress). - Original Message - From: Jeremy Allison [EMAIL PROTECTED] To: Jack Gostl [EMAIL PROTECTED] Cc: Jeremy Allison [EMAIL PROTECTED]; Samba samba@lists.samba.org Sent: Friday, July 14, 2006 11:45 AM Subject: Re: [Samba] Open files On Fri, Jul 14, 2006 at 11:44:00AM -0400, Jack Gostl wrote: Bingo! That did it. Now I'm sure there is a penalty for this, like two PCs hitting the same file at the same time, right? I'm willing to live with that for awhile. Actually no, so long as all the clients are coming in from Windows everything will work fine. The posix locking parameter is used to make the Windows locks visible to local (or NFS) access. If all access is via Windows it doesn't cause any problems disabling it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Inkjet printers and samba
Using shared windows printers (win xp typically) I can ususally printer from a linux/unix machine running samba. Most lasers work. There is a breed of inket printers that will not work though. You can pause the printer on the windows end and you will see the printjob, but it will not print when you resume. I am currently working with a Dell Photo 924. Any ideas on what it would take to make this thing print? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Open files
On Fri, Jul 14, 2006 at 12:20:57PM -0400, Jack Gostl wrote: I now have a coherent test. Run on 3.023rc3, with the failure, with debug 10. May I send it to you? Its about 85kb compressed (via Unix compress). Please test 3.0.23 final. You can send it to me but I might not get to it for a while. I have quite a few other things to work on. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Missing 'smbmount' on Ubuntu?
I have just started running Kubuntu Badger version 6.06. Although Samba seems to be installed, there is no smbmount program. What would I use to mount a samba share? Plain old 'mount -t smbfs'? Larry -- Larry Alkoff N2LA - Austin TX Using Thunderbird on Slackware Linux -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Moving homes from PDC server to large fileserver
Background: 10 windows clients which also boot linux and solaris. A samba PDC+LDAP(ver 3.0.22) working on a server local to the clients(ie on same subnet). Recently recieved large Sun fileserver to house all homes and lab data. It is hosted in the server room used by our university(so different subnet). All user and nis info is in our ldap server, so autofs is used on all of our linux and solaris boxes. Right now all homes are automounted to the Samba PDC server, so those posix locking errors show up. I read about the nis homedir and homedir map options and installed samba on the fileserver as a domain member. I can link directly to it using map network drive in windows. But when I log into the windows clients, the PDC still serves the homes from itself(having them automounted). My understanding was that these options would tell the client to do a smb connect to the filesever for the home directories. Here is the smb.conf of the PDC: [global] workgroup = CBI netbios name = PDC map to guest = Bad User encrypt passwords = yes passdb backend = ldapsam:ldap://xxx.xxx.xxx.xxx log level = 2 syslog = 0 time server = Yes deadtime = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-group-del '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon path = \\%L\profiles logon drive = X: logon home = \\%L\%U domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=samba,ou=DSA,dc=xxx,dc=xxx,dc=xxx ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=machines ldap passwd sync = Yes ldap suffix = dc=xxx,dc=xxx,dc=xxx ldap ssl = start tls ldap user suffix = ou=people ## printer admin = '@Print, Operators' printing = cups create mask = 0640 directory mask = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd nis homedir = yes homedir map = auto.home [homes] comment = Home Directories path = %p valid users = %S read only = No directory mask = 0700 locking = No [netlogon] comment = Network Logon Service path = /etc/samba/netlogon guest ok = Yes [profiles] path = /home/%u/.profile valid users = %U, '@Domain, Admins' force user = %U read only = No create mask = 0600 directory mask = 0700 profile acls = Yes browseable = No csc policy = disable And here is the smb.conf of the fileserver: [global] interfaces = ce0 127.0.0.1 bind interfaces only = yes encrypt passwords = yes workgroup = CBI security = domain name resolve order = wins bcast host deadtime = 5 ldap machine suffix = ou=machines ldap admin dn = cn=samba,ou=DSA,dc=xxx,dc=xxx,dc=xxx preferred master = no ldap idmap suffix = ou=Idmap allow trusted domains = yes netbios name = cajal lanman auth = YES ldap group suffix = ou=group wins support = no ldap user suffix = ou=people ldap suffix = dc=xxx,dc=xxx,dc=xxx ldap passwd sync = Yes ldap ssl = start tls wins server = xxx.xxx.xxx.xxx max smbd processes = 0 server string = cajal winbind trusted domains only = Yes os level = 8 passdb backend = ldapsam:ldap://xxx.xxx.xxx.xxx socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # auth methods = guest winbind local master = no domain master = no use spnego = yes # printer admin = @admin, @staff, unknown ntlm auth = YES syslog = 0 log level = 0 [homes] read only = No valid users = %S comment = Home Directories path = /tray1/home/%u Any ideas? Physics is like sex: sure, it may give some practical results, but that's not why we do it. ~ Richard Feynman __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: (Samba) Winbind dies
On Thursday July 13 2006 12:39 pm, you wrote: Dimitri Yioulos wrote: Serious apologies if this has been discussed before, but my search didn't turn up much: I have samba (kept up-to-date with latest) running on several CentOS 3 and 4 boxes as part of a Win2k3 domain. On one particular box, winbind dies on a regular basis (all the other installations run flawlessly). A quick restart, and we're good again. However, as this is a very active server that is accessed 18 hours a day, 7 days a week, I'm called at home during those few hours I spend there to restart winbind on this particular machine. The is the second report of winbindd crash in the krb5 libs. The other was an FC5 box. INTERNAL ERROR: Signal 6 in pid 23775 (3.0.23) ... Jul 12 18:26:06 norwell winbindd[23775]: BACKTRACE: 28 stack frames: #0 winbindd(log_stack_trace+0x2d) [0x5f5add] #1 winbindd(smb_panic+0x75) [0x5f5985] #2 winbindd [0x5e10d6] #3 /lib/tls/libc.so.6 [0x1b70d8] #4 /lib/tls/libc.so.6 (abort+0x1d5) [0x1b8705] #5 winbindd [0x61c6d2] #6 winbindd [0x61c955] #7 winbindd(cli_krb5_get_ticket+0x242) [0x61ce32] #8 winbindd(spnego_gen_negTokenTarg+0x62) [0x61e9c2] We're working on it. If you could get a backtrace including debugging symbols, that would help. cheers, jerry I posted a backtrace (at least, I think it was) of the core dump yesterday. Does that work to troubleshoot this issue? Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading from NT4 to Server 2003/Active Directory
Hi! We're in the process of upgrading our old NT4 PDCs to 2003 Server. We have several UNIX file servers that use Samba so Windows users can access files store on them. Currently, we've got Samba versions running from 2.2.7 up to 3. I've been doing some research on this, but there are some things that are unclear to me, and I'm hoping someone can answer what I am sure are some basic questions: 1) Is it a *requirement* to upgrade all Samba servers to version 3, with ADS support compiled in? I ask because in our testing, it seemed that if the samba server was already part of the Windows domain, everything worked fine after the upgrade to 2003 Server. Due to historical/legacy issues, we've had to keep older versions of Samba around. It would be ideal not to have to upgrade the older servers (at least in the short term...they certainly will be upgraded in the future) 2) Are there any issues I should be aware of during our upgrade to Active Directory? Again, our samba functionality is pretty basic - pretty much just UNIX file access for Windows clients. Tia, sorry if these seem like basic questions (now, back to reading samba docs!) -young -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Respawn of smbd
Hi, We are using Samba (Tried with both 3.0.22 and 3.0.23) in a Linux Server and two XP machines are connected to the same. Some stuff (like Printer Cancel) is not working from one XP (say PC1) and it is working from the other machine (say PC2). From the analysis, it is found that smbd child process for PC1 is getting exited often and another process for the same PC is getting created. It is working fine in PC2 Following is the code flow of smbd exit :- smbd_process( ) -- This function exits as the failure from receive_message_or_smb() |- receive_message_or_smb() -- Returns False |- receive_smb() -- Returns False |- receive_smb_raw() -- Returns False |- read_smb_length_return_keepalive() -- Returns -1 |- read_data() -- Returns 0 |- sys_read() -- Returns 0 (EOF of fd) Following is the smbd.conf : [global] interfaces = eth0 netbios name = abcd workgroup = ABCD server string = Abcd guest account = nobody guest ok = yes printcap name = cups load printers = yes printing = CUPS log file = /var/log/samba/log.%m max log size = 50 security = share socket options = TCP_NODELAY local master = no preferred master = no wins support = no wins proxy = no dns proxy = no disable spoolss = yes log level = 5 [printers] comment = Printers path = /var/spool/samba public = yes use client driver = yes writable = no printable = yes browsable = yes It will be helpful, if you provide some information on this issue, Thanks, ArunSign Up for your FREE eWallet at www.wallet365.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Question For Windows Clients
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dariusz Dwornikowski wrote: zdennis wrote: Ok, Here is my samba log. Authentication succeeds but my user still gets The system could not log you on. Make sure your User name and domain are correct... Any ideas? same problem here.. ping... anyone able to resolve this issue? Zach -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEt/rHMyx0fW1d8G0RAl6wAJ9EqczwpnfQdeWdDTGPf1eTbSiAPwCcCVz/ yUVPlOklnaInRGpmWXcX33A= =ddRx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Upgrading from NT4 to Server 2003/Active Directory
On Fri, Jul 14, 2006 at 02:26:15PM -0400, Sul, Young L wrote: 2) Are there any issues I should be aware of during our upgrade to Active Directory? Again, our samba functionality is pretty basic - pretty much just UNIX file access for Windows clients. One issue I'm aware of is that w2k3 if configured as a DC requires SMB signing by default. Samba 2.2 does not do it, and I'm not 100% certain the early Samba 3 versions did it correctly, recent 3.0 does. This means that your 2.2 servers will not be able to connect to the DCs anymore. There are registry settings on the DCs that remove this requirement, but not everyone is willing to do that. Volker pgp51dfeJM48r.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Question For Windows Clients
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry L. Kline wrote: zdennis wrote: My windows xp clients do not have the groups Domain Users, Domain Groups, Domain Admins, etc... Are they supposed to have those groups? My windows xp laptop has joined my domain, but I cannot login (even though my LDAP backend is getting queried successfully). I do not know if this might be a cause of the problem. After joining a domain, should my windows clients have the Domain * groups on the machine, or no ? Thanks, What does the command: net groupmap list produce on your PDC? Domain Admins (S-1-5-21-3040749549-2843134544-1782940832-512) - Domain Admins Domain Users (S-1-5-21-3040749549-2843134544-1782940832-513) - Domain Users Domain Guests (S-1-5-21-3040749549-2843134544-1782940832-514) - Domain Guests Domain Computers (S-1-5-21-3040749549-2843134544-1782940832-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators Account Operators (S-1-5-32-548) - Account Operators Print Operators (S-1-5-32-550) - Print Operators Backup Operators (S-1-5-32-551) - Backup Operators Replicators (S-1-5-32-552) - Replicators Zach -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEuBCdMyx0fW1d8G0RAt2PAJ0TLrhbzaKVVJCKFk40cKDOib9ymQCggsc6 TNwKoQ9SOfpP8LfizK/mT1A= =ET0x -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Question For Windows Clients
zdennis wrote: My windows xp clients do not have the groups Domain Users, Domain Groups, Domain Admins, etc... Are they supposed to have those groups? My windows xp laptop has joined my domain, but I cannot login (even though my LDAP backend is getting queried successfully). I do not know if this might be a cause of the problem. After joining a domain, should my windows clients have the Domain * groups on the machine, or no ? Thanks, What does the command: net groupmap list produce on your PDC? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Setting ACLs fail
Hello, Sven Strickroth sstrickroth at gym-oha.de wrote: when I try to Left-Click-Properties on any file or directory on my samba-server (named fileserver, my PDC) and select the security-tab, all acls are listed as before the upgrade from 3.0.21b to 3.0.23, but when I click on Add I get the following error: 'The program cannot open the required dialog box because it because it cannot determine whether the compter named FILESERVER is joined to the domain.' followed by 'Unable to display the user selection dialog. The system cannot find message text for message number 0x%1 in the message file for %2'. I've got the same problem. I'm unable to set ACLs on my Samba-Server, too. After downgrading it worked again, but it's not a real soloution to me. I don't believe it is a real windows bug, though it works with 3.0.21b. It would be great if you fix it. Regards, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] testing a 2000 queues print server with smbtorture
Hi everyone, I'm very interested in samba testing subject. Because I need to plan a samba/cups/linux 2000 queues print server migration from W2K. But before that, I wanted to generate the service load before listen users claiming the server is running under a low performance. Somebody knows a good test set to simulate printing share connections from clients in my print server using smbtorture? I don't know how to start... I didn't find any good source of information on how to test a samba server with smbtorture. Somebody knows any reference to suggest? Thanks in advance, Bruno Gomes Pessanha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing 'smbmount' on Ubuntu?
What would I use to mount a samba share? Plain old 'mount -t smbfs'? mount -t cifs //server/share /mount/point -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Binding to a local IP address when mounting smb file system.
I have completed the first draft of the patch to allow binding to local addresses. Many of the binaries do not fully support this option since I did not know a clean way to get the config info to them, didn't think it was really required for my needs. As far as I can tell, the libraries are well supported, so the applications can have support added as needed. smbmount and a few others *do* support the new options, and I have tested that smbmount works as I had hoped. The attached patch enables this behaviour: SMB client machine: eth0 IP: 172.2.2.230 netmask 255.255.255.0 eth1 IP: 172.2.2.231 netmask 255.255.255.0 eth2 IP: 173.2.2.232 netmask 255.255.255.0 ... local mount dirs: /mnt/smb1 /mnt/smb2 /mnt/smb3 SMB server is exporting share 'samba' I want to stress the SMB server as if many SMB clients are connecting. I can make arbitrarily many of the (virtual) interfaces on the client, but when mounting the SMB server, I want each mount point to use a specific interface and local IP. With my patch applied, I can bind the smbmount process to a particular local IP and device: smbmount //172.2.2.2/samba /mnt/smb2 -o local_dev=eth1,local_ip=173.2.2.231,username=lanforge,password=lanforge smbmount //172.2.2.2/samba /mnt/smb3 -o local_dev=eth2,local_ip=173.2.2.232,username=lanforge,password=lanforge ... As far as I can tell, the server treats each of the mounts as separate entities, accomplishing my goal. I would like to see this patch included in the official samba code, and would like your feedback on any changes needed to make that happen. I already know that I need to get rid of some of the debugging 'printf' statements, and will do that when the rest of the issues have been addressed. Thanks, Ben -- Ben Greear [EMAIL PROTECTED] Candela Technologies Inc http://www.candelatech.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Group Permission issue via winbindd?
Users are having trouble accessing Samba shares via winbindd in a NT domain. If the 'valid users' parameter for a share contained the user name for example as follows: valid users = DSP-John Then John who is a member of the DSP domain can access the share. If John is a member of a domain group called DSP-production, and the 'valid users' parameter is as follows: valid users = DSP-production He cannot access the share. I have tried this parameter with and without the '@' sign to no avail. This occurred after upgrading to 3.0.23 from 3.0.22 on a FreeBSD 6.1 server. This also occurs on another FreeBSD 5.4 server. Both are role server members bouncing user authentications off WinNT PDC/BDCs. I fixed the old nss_winbind.so library issue which got rid of some errors but I still am faced with the issue of group authentication. 'wbinfo -u' and 'wbinfo -g' reports information correctly. 'id DSP-John' appears to provide domain user information for that user including group membership. /var/log/messages reports the following error: Jul 14 15:57:00 aries winbindd[2705]: [2006/07/14 15:57:00, 0] rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356) Jul 14 15:57:00 aries winbindd[2705]: cli_rpc_pipe_open_ntlmssp_internal: cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED There is some information related to handling groups in the Release Notes for Samba 3.0.23. Am I being affected by that? ~Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cross-Subnet Browsing Problem
Hi all, I've had cross-subnet browsing working in Samba in the past, though I tend to struggle with it each time I set it up. For whatever reason, I can't seem to get things working this time. Summary: Only my desktop, not the file server, shows up in the desktop's Network Neighborhood. (I have left the machines running for several hours, in case there's a time-to-sync issue involved.) Details: The Samba server (ARISTOTLE) is in the 172.16.0.x subnet and my XP desktop (TIMAEUS) is in 192.168.0.x. There is no NAT or firewall running in between the subnets. Aristotle acts as a WINS server and is recognized as such in Timaeus' ipconfig output. Name lookups work fine, as verified by MS's nblookup tool. Also, I can browse shares on Aristotle using \\aristotle, so the problem is just that the server doesn't register for browsing. I ran a capture using ethereal, and everything in there looks OK. The desktop boots up and registers its name with WINS on the server. Shortly thereafter, the desktop looks up the DMB against WINS (which is the server - it's the only one on the network), and sends it a Backup List Request to which the server sends a Backup List Response naming itself as the backup server. And that's it. Now, from what I can tell from reading the SMB protocol specs, the desktop is supposed to contact the named backup server in order to sync up its browse list. But that doesn't happen - there's nothing else in the packet capture, and no errors anywhere in the level 3 Samba logs or in the desktop's event logs. So it seems like everything works except for the very last step. Any idea what's going on? What I'm guessing to be the relevant parts of smb.conf follow. If I can provide any more info, let me know. Thanks, Todd smb.conf: workgroup = SOPHROSUNE server string = File/Print Server security = user guest account = guest (this account exists on the server) local master = yes os level = 99 domain master = yes preferred master = yes domain logons = yes (last time I set this up, this seemed to be needed for cross-subnet browsing, but I don't really know. Something about IPC$ connections?) wins support = yes [homes] comment = Home Directories browseable = no writable = yes valid users = %S hosts allow = 192.168.0. hosts deny = 127.0.0.1 [netlogon] comment = Network Logon Service path = /usr/local/lib/samba/netlogon guest ok = yes writable = no share modes = no (Like domain logons, prior experiments seemed to show that this was needed, but I don't really know.) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-Subnet Browsing Problem
Hi On Fri, 2006-07-14 at 19:42 -0500, Todd Pytel wrote: Hi all, I've had cross-subnet browsing working in Samba in the past, though I tend to struggle with it each time I set it up. For whatever reason, I can't seem to get things working this time. Summary: Only my desktop, not the file server, shows up in the desktop's Network Neighborhood. (I have left the machines running for several hours, in case there's a time-to-sync issue involved.) Details: The Samba server (ARISTOTLE) is in the 172.16.0.x subnet and my XP desktop (TIMAEUS) is in 192.168.0.x. There is no NAT or firewall running in between the subnets. Aristotle acts as a WINS server and is recognized as such in Timaeus' ipconfig output. Name lookups work fine, as verified by MS's nblookup tool. Also, I can browse shares on Aristotle using \\aristotle, so the problem is just that the server doesn't register for browsing. I ran a capture using ethereal, and everything in there looks OK. The desktop boots up and registers its name with WINS on the server. Shortly thereafter, the desktop looks up the DMB against WINS (which is the server - it's the only one on the network), and sends it a Backup List Request to which the server sends a Backup List Response naming itself as the backup server. And that's it. Now, from what I can tell from reading the SMB protocol specs, the desktop is supposed to contact the named backup server in order to sync up its browse list. But that doesn't happen - there's nothing else in the packet capture, and no errors anywhere in the level 3 Samba logs or in the desktop's event logs. So it seems like everything works except for the very last step. Any idea what's going on? What I'm guessing to be the relevant parts of smb.conf follow. If I can provide any more info, let me know. Thanks, Todd smb.conf: workgroup = SOPHROSUNE server string = File/Print Server security = user guest account = guest (this account exists on the server) local master = yes os level = 99 domain master = yes preferred master = yes domain logons = yes (last time I set this up, this seemed to be needed for cross-subnet browsing, but I don't really know. Something about IPC$ connections?) wins support = yes [homes] comment = Home Directories browseable = no writable = yes valid users = %S hosts allow = 192.168.0. hosts deny = 127.0.0.1 [netlogon] comment = Network Logon Service path = /usr/local/lib/samba/netlogon guest ok = yes writable = no share modes = no (Like domain logons, prior experiments seemed to show that this was needed, but I don't really know.) I believe what you want is 'remote announce' - you can get a good definition of it's usage in the man page for smb.conf Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-Subnet Browsing Problem
Craig White wrote: I believe what you want is 'remote announce' - you can get a good definition of it's usage in the man page for smb.conf I've tried that as well (using remote announce = 192.168.0.255), but it didn't seem to make any difference. That might be a routing issue - I didn't thoroughly check whether the machine doing the routing will pass broadcasts like that. But in any event, my understanding is that the remote options were basically dirty hacks that shouldn't be necessary anyway. I know that in the past when I've had this working I didn't need to use them. --Todd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-Subnet Browsing Problem
On Fri, 2006-07-14 at 20:17 -0500, Todd Pytel wrote: Craig White wrote: I believe what you want is 'remote announce' - you can get a good definition of it's usage in the man page for smb.conf I've tried that as well (using remote announce = 192.168.0.255), but it didn't seem to make any difference. That might be a routing issue - I didn't thoroughly check whether the machine doing the routing will pass broadcasts like that. But in any event, my understanding is that the remote options were basically dirty hacks that shouldn't be necessary anyway. I know that in the past when I've had this working I didn't need to use them. you probably don't need that option if the clients know where to find the WINS servers (probably can set multiple WINS servers in DHCP configuration) Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-Subnet Browsing Problem
Craig White wrote: you probably don't need that option if the clients know where to find the WINS servers (probably can set multiple WINS servers in DHCP configuration) Yeah, the WINS server (which is just the single Samba server) is named in the DHCP options, so the Windows desktops are set up for it automatically. Again, all the name resolution works fine - the desktop can successfully view \\aristotle\username and do nblookups. Any other ideas? --Todd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-Subnet Browsing Problem
Todd Pytel wrote: Yeah, the WINS server (which is just the single Samba server) is named in the DHCP options, so the Windows desktops are set up for it automatically. Again, all the name resolution works fine - the desktop can successfully view \\aristotle\username and do nblookups. Any other ideas? is your windows computer set up to be a part of the SOPHROSUNE domain or workgroup? what i mean is, if the workgroup/domain is typo-d, then the windows computer will only see it's own workgroup. -- Anthony http://messinet.com http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PATCH: Binding to a local IP address when mounting smb file system.
Ben Greear wrote: I have completed the first draft of the patch to allow binding to local addresses. Many of the binaries do not fully support this option since I did not know a clean way to get the config info to them, didn't think it was really required for my needs. As far as I can tell, the libraries are well supported, so the applications can have support added as needed. smbmount and a few others *do* support the new options, and I have tested that smbmount works as I had hoped. The attached patch enables this behaviour: Seems my patch was too big for the list. Instead, please find it here: http://www.candelatech.com/oss/samba_local_bind2.patch SMB client machine: eth0 IP: 172.2.2.230 netmask 255.255.255.0 eth1 IP: 172.2.2.231 netmask 255.255.255.0 eth2 IP: 173.2.2.232 netmask 255.255.255.0 ... local mount dirs: /mnt/smb1 /mnt/smb2 /mnt/smb3 SMB server is exporting share 'samba' I want to stress the SMB server as if many SMB clients are connecting. I can make arbitrarily many of the (virtual) interfaces on the client, but when mounting the SMB server, I want each mount point to use a specific interface and local IP. With my patch applied, I can bind the smbmount process to a particular local IP and device: smbmount //172.2.2.2/samba /mnt/smb2 -o local_dev=eth1,local_ip=173.2.2.231,username=lanforge,password=lanforge smbmount //172.2.2.2/samba /mnt/smb3 -o local_dev=eth2,local_ip=173.2.2.232,username=lanforge,password=lanforge ... As far as I can tell, the server treats each of the mounts as separate entities, accomplishing my goal. I would like to see this patch included in the official samba code, and would like your feedback on any changes needed to make that happen. I already know that I need to get rid of some of the debugging 'printf' statements, and will do that when the rest of the issues have been addressed. Thanks, Ben -- Ben Greear [EMAIL PROTECTED] Candela Technologies Inc http://www.candelatech.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-Subnet Browsing Problem
Anthony Messina wrote: Todd Pytel wrote: Yeah, the WINS server (which is just the single Samba server) is named in the DHCP options, so the Windows desktops are set up for it automatically. Again, all the name resolution works fine - the desktop can successfully view \\aristotle\username and do nblookups. Any other ideas? is your windows computer set up to be a part of the SOPHROSUNE domain or workgroup? what i mean is, if the workgroup/domain is typo-d, then the windows computer will only see it's own workgroup. The workgroup is entered correctly on both the desktop and the server. --Todd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-Subnet Browsing Problem
Todd. I already used samba in network with more than one segment and never needed any remote ... option too, it worked even through a VPN. The samba books says to use that options when more than one WINS server are used, for example. Using the same WINS server in both networks, the name registration is already made in unicast, and it should pass through a router. Have you looked inside wins.dat and browse.dat on the samba server to see if is everything there? You said that you have already tested with nblookup (maybe looking there doesnt make sense then), but I think its easyer to see what your WINS server has to offer, what are the available resources and if theres any name that shouldnt be registered there that way. nbtstat -r, on the client shows that the names are really beeing resolved by the name server (WINS)? Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-Subnet Browsing Problem
Edmundo, Edmundo Valle Neto wrote: I already used samba in network with more than one segment and never needed any remote ... option too, it worked even through a VPN. The samba books says to use that options when more than one WINS server are used, for example. Using the same WINS server in both networks, the name registration is already made in unicast, and it should pass through a router. Right, this is just one WINS server, so it should just work. Like I said, I know I had it all working at one point without the remote options, and I don't think the network topology was significantly different back then. Have you looked inside wins.dat and browse.dat on the samba server to see if is everything there? You said that you have already tested with nblookup (maybe looking there doesnt make sense then), but I think its easyer to see what your WINS server has to offer, what are the available resources and if theres any name that shouldnt be registered there that way. browse.dat shows only the server, not the desktop - which is the problem, the browse lists aren't syncing... SOPHROSUNE c0001000 ARISTOTLE SOPHROSUNE ARISTOTLE 400d9b0b Server SOPHROSUNE wins.dat shows... __MSBROWSE__#01 1153237621 255.255.255.255 e4R ARISTOTLE#00 1153196794 172.16.0.1 66R ARISTOTLE#03 1153196794 172.16.0.1 66R ARISTOTLE#20 1153196794 172.16.0.1 66R SOPHROSUNE#00 1153237621 255.255.255.255 e4R SOPHROSUNE#1b 1153196794 172.16.0.1 64R SOPHROSUNE#1c 1153196794 172.16.0.1 e4R SOPHROSUNE#1e 1153237621 255.255.255.255 e4R TIMAEUS#00 1153237621 192.168.0.1 64R TIMAEUS#20 1153237621 192.168.0.1 64R Which shows at least that timaeus is properly registered. I can never keep the meanings of the other bits straight... nbtstat -r, on the client shows that the names are really beeing resolved by the name server (WINS)? nbtstat -r shows 0 names resolved/registered by broadcast, 2 names resolved by the name server, and 6 names registered by the name server. Sure looks like everything should work, doesn't it? :) --Todd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: svn commit: samba r17003 - in branches/SAMBA_3_0/source/libads: .
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Author: jra Date: 2006-07-13 00:11:34 + (Thu, 13 Jul 2006) New Revision: 17003 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17003 Log: Fix coverity #303 - possible null deref. Jerry please check this is your new code. It's right. Thanks. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEt46UIR7qMdg1EfYRArZPAKCxe0ITDMm124/0REMfvrLzq0aThQCdFwNg IYB9tAbTlbSpSLkZ6ntPd6M= =e0/z -END PGP SIGNATURE-
svn commit: samba r17032 - in branches/SAMBA_3_0/source: lib rpc_server script/tests utils
Author: vlendec
Date: 2006-07-14 17:46:06 + (Fri, 14 Jul 2006)
New Revision: 17032
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17032
Log:
I thought I had already merged this from trunk:
r16959 | vlendec | 2006-07-11 23:10:44 +0200 (Di, 11 Jul 2006) | 1 line
get_share_security does not need snum, activate RPC-SAMBA3-SRVSVC
Volker
Modified:
branches/SAMBA_3_0/source/lib/sharesec.c
branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c
branches/SAMBA_3_0/source/script/tests/test_posix_s3.sh
branches/SAMBA_3_0/source/utils/sharesec.c
Changeset:
Modified: branches/SAMBA_3_0/source/lib/sharesec.c
===
--- branches/SAMBA_3_0/source/lib/sharesec.c2006-07-14 05:43:00 UTC (rev
17031)
+++ branches/SAMBA_3_0/source/lib/sharesec.c2006-07-14 17:46:06 UTC (rev
17032)
@@ -108,7 +108,8 @@
Pull a security descriptor from the share tdb.
/
-SEC_DESC *get_share_security( TALLOC_CTX *ctx, int snum, size_t *psize)
+SEC_DESC *get_share_security( TALLOC_CTX *ctx, const char *servicename,
+ size_t *psize)
{
prs_struct ps;
fstring key;
@@ -122,12 +123,13 @@
/* Fetch security descriptor from tdb */
- slprintf(key, sizeof(key)-1, SECDESC/%s, lp_servicename(snum));
+ slprintf(key, sizeof(key)-1, SECDESC/%s, servicename);
if (tdb_prs_fetch(share_tdb, key, ps, ctx)!=0 ||
!sec_io_desc(get_share_security, psd, ps, 1)) {
- DEBUG(4,(get_share_security: using default secdesc for %s\n,
lp_servicename(snum) ));
+ DEBUG(4, (get_share_security: using default secdesc for %s\n,
+ servicename));
return get_share_security_default(ctx, psize,
GENERIC_ALL_ACCESS);
}
Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c
===
--- branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2006-07-14
05:43:00 UTC (rev 17031)
+++ branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c2006-07-14
17:46:06 UTC (rev 17032)
@@ -338,7 +338,7 @@
if (mem_ctx == NULL)
return False;
- psd = get_share_security(mem_ctx, snum, sd_size);
+ psd = get_share_security(mem_ctx, lp_servicename(snum), sd_size);
if (!psd)
goto out;
@@ -415,7 +415,7 @@
pstrcpy(passwd, );
- sd = get_share_security(ctx, snum, sd_size);
+ sd = get_share_security(ctx, lp_servicename(snum), sd_size);
init_srv_share_info502(sh502-info_502, net_name,
get_share_type(snum), remark, 0, 0x, 1, path, passwd, sd, sd_size);
init_srv_share_info502_str(sh502-info_502_str, net_name, remark,
path, passwd, sd, sd_size);
@@ -493,7 +493,7 @@
ZERO_STRUCTP(sh1501);
- sd = get_share_security(ctx, snum, sd_size);
+ sd = get_share_security(ctx, lp_servicename(snum), sd_size);
sh1501-sdb = make_sec_desc_buf(p-mem_ctx, sd_size, sd);
}
@@ -1684,7 +1684,8 @@
SEC_DESC *old_sd;
size_t sd_size;
- old_sd = get_share_security(p-mem_ctx, snum, sd_size);
+ old_sd = get_share_security(p-mem_ctx, lp_servicename(snum),
+ sd_size);
if (old_sd !sec_desc_equal(old_sd, psd)) {
if (!set_share_security(p-mem_ctx, share_name, psd))
Modified: branches/SAMBA_3_0/source/script/tests/test_posix_s3.sh
===
--- branches/SAMBA_3_0/source/script/tests/test_posix_s3.sh 2006-07-14
05:43:00 UTC (rev 17031)
+++ branches/SAMBA_3_0/source/script/tests/test_posix_s3.sh 2006-07-14
17:46:06 UTC (rev 17032)
@@ -34,6 +34,7 @@
raw=$raw RAW-SAMBA3HIDE RAW-SAMBA3BADPATH
rpc=RPC-AUTHCONTEXT RPC-BINDSAMBA3 RPC-NETLOGSAMBA3 RPC-SAMBA3SESSIONKEY
+rpc=$rpc RPC-SAMBA3-SRVSVC
tests=$base $raw $rpc
Modified: branches/SAMBA_3_0/source/utils/sharesec.c
===
--- branches/SAMBA_3_0/source/utils/sharesec.c 2006-07-14 05:43:00 UTC (rev
17031)
+++ branches/SAMBA_3_0/source/utils/sharesec.c 2006-07-14 17:46:06 UTC (rev
17032)
@@ -382,7 +382,8 @@
switch ( mode ) {
case SMB_ACL_VIEW:
- if (!(secdesc = get_share_security( ctx, snum, sd_size
)) ) {
+ if (!(secdesc = get_share_security( ctx, sharename,
+ sd_size )) ) {
fprintf(stderr, Unable to retrieve permissions
for share [%s]\n, sharename);
return -1;
}
svn commit: samba r17033 - branches/SAMBA_3_0/source/rpc_server trunk/source/rpc_server
Author: vlendec Date: 2006-07-14 17:53:45 + (Fri, 14 Jul 2006) New Revision: 17033 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17033 Log: Restructure init_srv_share_info_ctr so that there's only one loop, not a dozen or so. Next step will be to eliminate the explicit snum reference. Volker Modified: branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c trunk/source/rpc_server/srv_srvsvc_nt.c Changeset: Sorry, the patch is too large (745 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17033
svn commit: samba r17036 - in trunk: .
Author: jerry Date: 2006-07-14 21:48:39 + (Fri, 14 Jul 2006) New Revision: 17036 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17036 Log: gutting trunk to move to svn:externals Removed: trunk/docs/ trunk/examples/ trunk/packaging/ trunk/pcp/ trunk/source/ trunk/swat/ trunk/testsuite/ Changeset:
svn commit: samba r17037 - in trunk: .
Author: jerry Date: 2006-07-14 21:50:43 + (Fri, 14 Jul 2006) New Revision: 17037 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17037 Log: link directories to SAMBA_3_0 counterparts Modified: trunk/ Changeset: Property changes on: trunk ___ Name: svn:externals + docs svn://svnanon.samba.org/samba/branches/SAMBA_3_0/docs examples svn://svnanon.samba.org/samba/branches/SAMBA_3_0/examples packaging svn://svnanon.samba.org/samba/branches/SAMBA_3_0/packaging pcp svn://svnanon.samba.org/samba/branches/SAMBA_3_0/pcp source svn://svnanon.samba.org/samba/branches/SAMBA_3_0/source swat svn://svnanon.samba.org/samba/branches/SAMBA_3_0/swat testsuite svn://svnanon.samba.org/samba/branches/SAMBA_3_0/testsuite
svn commit: samba r17039 - in branches/SAMBA_3_0/source: include lib modules param rpc_server
Author: vlendec Date: 2006-07-14 22:06:38 + (Fri, 14 Jul 2006) New Revision: 17039 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17039 Log: Eliminate snum from enumshares and getshareinfo. Get rid of some pstrings. Volker Modified: branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/lib/substitute.c branches/SAMBA_3_0/source/modules/vfs_recycle.c branches/SAMBA_3_0/source/param/loadparm.c branches/SAMBA_3_0/source/rpc_server/srv_srvsvc_nt.c Changeset: Sorry, the patch is too large (722 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17039
svn commit: samba r17040 - in trunk: .
Author: jerry Date: 2006-07-14 22:07:19 + (Fri, 14 Jul 2006) New Revision: 17040 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17040 Log: add notice about svn:externals change Added: trunk/README.SAMBA_3_0 Changeset: Added: trunk/README.SAMBA_3_0 === --- trunk/README.SAMBA_3_0 2006-07-14 22:06:38 UTC (rev 17039) +++ trunk/README.SAMBA_3_0 2006-07-14 22:07:19 UTC (rev 17040) @@ -0,0 +1,3 @@ +This branch is a mirror of the SAMBA_3_0 devleopment tree +(svn://svnanon.samba.org/samba/branches/SAMBA_3_0) +using the svn:externals property settings.
svn commit: linux-cifs-client r56 - in branches/linux-converged-for-old-kernels/fs/cifs: .
Author: sfrench
Date: 2006-07-14 23:14:06 + (Fri, 14 Jul 2006)
New Revision: 56
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=56
Log:
fix minor build break
Modified:
branches/linux-converged-for-old-kernels/fs/cifs/cifsfs.c
Changeset:
Modified: branches/linux-converged-for-old-kernels/fs/cifs/cifsfs.c
===
--- branches/linux-converged-for-old-kernels/fs/cifs/cifsfs.c 2006-07-14
01:41:17 UTC (rev 55)
+++ branches/linux-converged-for-old-kernels/fs/cifs/cifsfs.c 2006-07-14
23:14:06 UTC (rev 56)
@@ -422,7 +422,6 @@
};
#endif
-#ifdef CONFIG_CIFS_EXPERIMENTAL
static void cifs_umount_begin(struct super_block * sblock)
{
struct cifs_sb_info *cifs_sb;
@@ -440,7 +439,7 @@
tcon-tidStatus = CifsExiting;
up(tcon-tconSem);
- /* cancel_brl_requests(tcon); */
+ /* cancel_brl_requests(tcon); */ /* BB mark all brl mids as exiting */
/* cancel_notify_requests(tcon); */
if(tcon-ses tcon-ses-server)
{
@@ -456,7 +455,6 @@
return;
}
-#endif
static int cifs_remount(struct super_block *sb, int *flags, char *data)
{
@@ -475,9 +473,7 @@
unless later we add lazy close of inodes or unless the kernel forgets to
call
us with the same number of releases (closes) as opens */
.show_options = cifs_show_options,
-#ifdef CONFIG_CIFS_EXPERIMENTAL
.umount_begin = cifs_umount_begin,
-#endif
.remount_fs = cifs_remount,
};
svn commit: samba r17042 - in branches/SAMBA_3_0_23/source/locking: .
Author: jra Date: 2006-07-14 23:52:59 + (Fri, 14 Jul 2006) New Revision: 17042 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17042 Log: Fix critical memleak in POSIX locks (only) code. This needs to be in 3.0.23a. Jeremy. Modified: branches/SAMBA_3_0_23/source/locking/brlock.c Changeset: Modified: branches/SAMBA_3_0_23/source/locking/brlock.c === --- branches/SAMBA_3_0_23/source/locking/brlock.c 2006-07-14 23:23:39 UTC (rev 17041) +++ branches/SAMBA_3_0_23/source/locking/brlock.c 2006-07-14 23:52:59 UTC (rev 17042) @@ -666,6 +666,7 @@ return NT_STATUS_NO_MEMORY; } br_lck-num_locks = count; + SAFE_FREE(br_lck-lock_data); br_lck-lock_data = (void *)tp; br_lck-modified = True; return NT_STATUS_OK; @@ -956,6 +957,7 @@ } br_lck-num_locks = count; + SAFE_FREE(br_lck-lock_data); br_lck-lock_data = (void *)tp; br_lck-modified = True;
Build status as of Sat Jul 15 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-07-14 00:00:18.0 + +++ /home/build/master/cache/broken_results.txt 2006-07-15 00:00:22.0 + @@ -1,4 +1,4 @@ -Build status as of Fri Jul 14 00:00:02 2006 +Build status as of Sat Jul 15 00:00:02 2006 Build counts: Tree Total Broken Panic @@ -7,12 +7,12 @@ distcc 31 2 0 lorikeet-heimdal 0 0 0 ppp 18 0 0 -rsync33 2 0 -samba30 7 0 +rsync31 1 0 +samba30 5 0 samba-docs 0 0 0 samba4 39 25 5 -samba_3_037 13 0 +samba_3_037 8 0 smb-build25 25 0 -talloc 31 12 0 +talloc 25 8 0 tdb 29 9 0
svn commit: samba r17043 - in branches/SAMBA_3_0/source/locking: .
Author: jra
Date: 2006-07-15 00:05:47 + (Sat, 15 Jul 2006)
New Revision: 17043
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17043
Log:
Fix memleak when processing CIFS POSIX lock/unlock
requests. Maybe the Linux kernel OOM killer will
be kinder to smbd now :-). Back to tdbtorture
tests on cifsfs.
Jeremy.
Modified:
branches/SAMBA_3_0/source/locking/brlock.c
Changeset:
Modified: branches/SAMBA_3_0/source/locking/brlock.c
===
--- branches/SAMBA_3_0/source/locking/brlock.c 2006-07-14 23:52:59 UTC (rev
17042)
+++ branches/SAMBA_3_0/source/locking/brlock.c 2006-07-15 00:05:47 UTC (rev
17043)
@@ -666,6 +666,7 @@
return NT_STATUS_NO_MEMORY;
}
br_lck-num_locks = count;
+ SAFE_FREE(br_lck-lock_data);
br_lck-lock_data = (void *)tp;
br_lck-modified = True;
return NT_STATUS_OK;
@@ -977,6 +978,7 @@
}
br_lck-num_locks = count;
+ SAFE_FREE(br_lck-lock_data);
br_lck-lock_data = (void *)tp;
br_lck-modified = True;
@@ -1052,7 +1054,7 @@
BOOL ret = True;
unsigned int i;
struct lock_struct lock;
- struct lock_struct *locks = (struct lock_struct *)br_lck-lock_data;
+ const struct lock_struct *locks = (struct lock_struct
*)br_lck-lock_data;
files_struct *fsp = br_lck-fsp;
lock.context.smbpid = smbpid;
@@ -1109,7 +,7 @@
{
unsigned int i;
struct lock_struct lock;
- struct lock_struct *locks = (struct lock_struct *)br_lck-lock_data;
+ const struct lock_struct *locks = (struct lock_struct
*)br_lck-lock_data;
files_struct *fsp = br_lck-fsp;
lock.context.smbpid = *psmbpid;
@@ -1123,7 +1125,7 @@
/* Make sure existing locks don't conflict */
for (i=0; i br_lck-num_locks; i++) {
- struct lock_struct *exlock = locks[i];
+ const struct lock_struct *exlock = locks[i];
BOOL conflict = False;
if (exlock-lock_flav == WINDOWS_LOCK) {
@@ -1163,7 +1165,6 @@
return NT_STATUS_OK;
}
-
/
Remove a particular pending lock.
/
svn commit: samba r17044 - in branches/SAMBA_3_0_23/source/locking: .
Author: jra Date: 2006-07-15 00:14:03 + (Sat, 15 Jul 2006) New Revision: 17044 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17044 Log: One more for 3.0.23a - fix a reference after free... (pointer swizzelling can be painful...). Jeremy. Modified: branches/SAMBA_3_0_23/source/locking/brlock.c Changeset: Modified: branches/SAMBA_3_0_23/source/locking/brlock.c === --- branches/SAMBA_3_0_23/source/locking/brlock.c 2006-07-15 00:05:47 UTC (rev 17043) +++ branches/SAMBA_3_0_23/source/locking/brlock.c 2006-07-15 00:14:03 UTC (rev 17044) @@ -959,6 +959,7 @@ br_lck-num_locks = count; SAFE_FREE(br_lck-lock_data); br_lck-lock_data = (void *)tp; + locks = (struct lock_struct *)br_lck-lock_data; br_lck-modified = True; /* Send unlock messages to any pending waiters that overlap. */
svn commit: samba r17046 - in branches/SAMBA_3_0/source/locking: .
Author: jra
Date: 2006-07-15 00:34:08 + (Sat, 15 Jul 2006)
New Revision: 17046
WebSVN:
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17046
Log:
Ensure we're using the right pointers ...
Jeremy.
Modified:
branches/SAMBA_3_0/source/locking/brlock.c
Changeset:
Modified: branches/SAMBA_3_0/source/locking/brlock.c
===
--- branches/SAMBA_3_0/source/locking/brlock.c 2006-07-15 00:31:48 UTC (rev
17045)
+++ branches/SAMBA_3_0/source/locking/brlock.c 2006-07-15 00:34:08 UTC (rev
17046)
@@ -723,7 +723,7 @@
Check if an unlock overlaps a pending lock.
/
-static BOOL brl_pending_overlap(struct lock_struct *lock, struct lock_struct
*pend_lock)
+static BOOL brl_pending_overlap(const struct lock_struct *lock, const struct
lock_struct *pend_lock)
{
if ((lock-start = pend_lock-start) (lock-start + lock-size
pend_lock-start))
return True;
@@ -739,7 +739,6 @@
static BOOL brl_unlock_windows(struct byte_range_lock *br_lck, const struct
lock_struct *plock)
{
unsigned int i, j;
- struct lock_struct *lock = NULL;
struct lock_struct *locks = (struct lock_struct *)br_lck-lock_data;
enum brl_type deleted_lock_type = READ_LOCK; /* shut the compiler
up */
@@ -748,7 +747,7 @@
is sorted in the zero zero case. */
for (i = 0; i br_lck-num_locks; i++) {
- lock = locks[i];
+ struct lock_struct *lock = locks[i];
if (lock-lock_type == WRITE_LOCK
brl_same_context(lock-context, plock-context)
@@ -770,7 +769,7 @@
#endif
for (i = 0; i br_lck-num_locks; i++) {
- lock = locks[i];
+ struct lock_struct *lock = locks[i];
/* Only remove our own locks that match in start, size, and
flavour. */
if (brl_same_context(lock-context, plock-context)
@@ -822,7 +821,7 @@
}
/* We could send specific lock info here... */
- if (brl_pending_overlap(lock, pend_lock)) {
+ if (brl_pending_overlap(plock, pend_lock)) {
DEBUG(10,(brl_unlock: sending unlock message to pid
%s\n,
procid_str_static(pend_lock-context.pid )));
@@ -844,7 +843,6 @@
static BOOL brl_unlock_posix(struct byte_range_lock *br_lck, const struct
lock_struct *plock)
{
unsigned int i, j, count;
- struct lock_struct *lock = NULL;
struct lock_struct *tp;
struct lock_struct *locks = (struct lock_struct *)br_lck-lock_data;
BOOL overlap_found = False;
@@ -873,12 +871,11 @@
count = 0;
for (i = 0; i br_lck-num_locks; i++) {
+ struct lock_struct *lock = locks[i];
struct lock_struct tmp_lock[3];
BOOL lock_was_added = False;
unsigned int tmp_count;
- lock = locks[i];
-
/* Only remove our own locks - ignore fnum. */
if (lock-lock_type == PENDING_LOCK ||
!brl_same_context(lock-context,
plock-context)) {
@@ -979,11 +976,10 @@
br_lck-num_locks = count;
SAFE_FREE(br_lck-lock_data);
- br_lck-lock_data = (void *)tp;
+ locks = br_lck-lock_data = (void *)tp;
br_lck-modified = True;
/* Send unlock messages to any pending waiters that overlap. */
- locks = tp;
for (j=0; j br_lck-num_locks; j++) {
struct lock_struct *pend_lock = locks[j];
@@ -994,7 +990,7 @@
}
/* We could send specific lock info here... */
- if (brl_pending_overlap(lock, pend_lock)) {
+ if (brl_pending_overlap(plock, pend_lock)) {
DEBUG(10,(brl_unlock: sending unlock message to pid
%s\n,
procid_str_static(pend_lock-context.pid )));
