[Samba] LDAP, groups, win groups
Completely stupid question here, but for some reason, I'm lost. I have ldap and everything setup fine w/ samba 3.0.22 - running as a PDC. (On CentOS 4.3, Openldap 2.3.24, smbldap-tools 0.92a) No Windows domain interactions. ADS or NT PDC is not involved. (No winbind) I can't figure out for the life of me, what commands to use to create a posix group and then assign ldap users to that group. *- Let assume I have a directory called accounting on my data share. *- I want to create a posix group called grp-acct (I used smbldap-groupadd -a grp-acct I assume that's right.) *- I want to add user gregs to the posix group grp-acct I'm not sure the best way to do this. I assume the smbldap-usermod -G gid) where gid is the gidNumber for the group grp-acct When I did that (smbldap-usermod) it doesn't appear that the user greg got added to that group. (id greg doesn't show membership.) (On that note, is there a way to query what users are members of a particular group, rather than what groups a single user belongs to?) As an aside, I assume that since I don't have a NT or AD domain with their windows groups I have to worry about, I don't need to create a windows group as well as a posix group and map the posix group to a windows group. I should just be able to create posix groups, add the local users to those groups, and then give rights to the directories I want that group to have rights to. Sorry for being so terribly dumb, but somehow I'm uncertain of the commands/utilities to best manage this in when using ldap. Recap: What commands to setup a posix group. (smbldap-groupadd -a?) What commands to add and remove users to/from that posix group? (smbldap-usermod?) TIA -Greg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot access WD's NetCenter drive from linux
* the client sends a Tree Connect AndX Request specifying the correct share path but only '00' as the password * the server responds with STATUS_WRONG_PASSWORD. The fact that, with cifs, the password is not being sent at the same time as the share specification would seem to suggest that something incorrect is taking place in the client software when sending the request. This indeed does appear to be the problem. Is 'mount' prompting you for the password, or are you specifying it as a mount option? Does it make a difference doing it the other way? (-o password=blah) If you disable CIFS UNIX extensions, does that make a difference? (echo 0 /proc/fs/cifs/LinuxExtensionsEnabled) Possibly the negotiation there is confusing the server. Does mount \\whatever --verbose -o blah give you any new information? That's pretty much everything I can think of, so sorry I couldn't be more helpful! Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
SOLVED - Re: [Samba] login to ms access db very slow on samba 3.x
Hello everybody, Hi Jorge We have found a solution to the problem I've posted earlier to this mailing list; see below for the full history. There was a function in our runtime application which would rebuild all links to external access tables each time the application was started. To keep it short, we're checking the presence of a certain value when starting (in the windows registry), and if it's already there the links won't be rebuilt. If it's absent, then we'll rebuild the links. Since we did that, everything runs smoothly again. We set everything back on the same share and we don't have to force nouser:nogroup anymore. Jorge, maybe your problem is of the same nature. I hope our solution will help you to solve your speed issues as well. Good luck :) Oli jorge santiago [EMAIL PROTECTED] wrote on 26.07.2006 22:22:24: Hi Oli, We have exactly the same problem here since we upgraded from samba 2.x to samba 3.x. The first user opens the database very fast, but every user who tries to open it after that opens it veeery slow. I've also tried every possible oplocks configuration with no success. We also have the same samba version (3.0.14a) on debian sarge. If anybody have solved this issue please post here your solution. Thanks a lot, jorge santiago. On 7/25/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: hi everybody we have been reading through the archives for quite some time now, and could not find a solution to our problem. please excuse if we overlooked something and our question was already answered elsewhere... we have Samba version 3.0.14a-Debian running on (you guessed it) debian with kernel 2.6.8-2-386. ever since our migration from samba 2.x we have speed issues with an ms access database which gets accessed by multiple users through an access2000 runtime application running on windows clients (2000 and XP). when users log in to the database, it takes 3min until the login-window pops up and users can enter their credentials. since things are not slow for the first user, but for every user that tries to login afterwards, we are suspecting some problems with the lock file of the db or with file ownership... also, transactions seem to be going on at normal speed once after users are logged in (also for users who encounter the slow login problem). after reading through old postings, we have disabled oplocks and level2 oplocks, also Kernel oplocks, with no success. we made a new share containing only the database file (which is about 410MB in size), with no success. after comparing the old 2.x setup with the new one, we noticed that on 2.x (where everything ran smooth) guest access was enabled and everybody was accessing the DB as user nobody of group nogroup, so we tried the same setup on our 3.x server, forcing user nobody and group nogroup on our new 3.x server, hoping that would solve the problem. nada. we have tried changing the tcp send/receive buffer size after reading through tcpdump logs, but that was probably too far off. it seemed to us that we were not the only ones with this specific problem, but every hint we found was pointing to disabling oplocks - which we did. maybe one of you guys can help us out? any hint or help will, of course, be highly appreciated. maybe we have misconfigured something? oli relevant sections of /etc/samba/smb.conf: # Global parameters [global] [...] veto oplock files = /*.doc/*.xls/*.pdf/*.mdb/*.bsd/*.MDB/*.BSD/*.bsa/*.BSA/*.lbd/*. LBD/*.ldb/*.LDB/ veto files = /lost*found/.bash_profile/.bashrc/aquota.*/.ARK_NOBACKUP/ lock spin time = 15 lock spin count = 100 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=2920 sync always = no strict sync = no kernel oplocks = No [...] [dbs] path = /var/samba/dbs read only = no guest ok = yes oplocks = no level2 oplocks = no strict locking = no fake oplocks = no create mask = 0777 directory mask = 0770 force create mode = 0777 force user = nobody force group = nogroup veto oplock files = /*.MDB/*.mdb/*.bsd/*.BSD/*.bsa/*.BSA/*.lbd/*.LBD/*.ldb/*.LDB/ [...] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange problem - Samba 3.0.23 on Solaris 9 Sparc
Hmmm, i'm going to check but that user is not logged, what we do is to login with an operator account, next we do a su - root and there we do 'groups $user'. Thanks! El Miércoles 26 Julio 2006 13:38, Gerald (Jerry) Carter escribió: Samuel Partida wrote: Our problem begins with a production Solaris 9 Sparc server, everything runs succesful, but there is just one user on the Active Directory that when we change some group membership, the changes are not reflected on the Solaris 9 server (verifying with groups command)... is very strange because for other users it is working perfectly. new group membership is guaranteed to be available when a user logins in. When you say you are using the 'groups' command to verify membership, is the user actually logging in? And 'su - $User' doesn't count here. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -- --- Samuel Partida Amores ISOTROL. Área de Seguridad. [EMAIL PROTECTED] Tfno. 955 036 836 --- -- --- Samuel Partida Amores ISOTROL. Área de Seguridad. [EMAIL PROTECTED] Tfno. 955 036 836 --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot access WD's NetCenter drive from linux
Thanks once again, Adam. Some more comments below... --- Adam Nielsen [EMAIL PROTECTED] wrote: * the client sends a Tree Connect AndX Request specifying the correct share path but only '00' as the password * the server responds with STATUS_WRONG_PASSWORD. This indeed does appear to be the problem. Is 'mount' prompting you for the password, or are you specifying it as a mount option? Does it make a difference doing it the other way? (-o password=blah) Makes no difference either way. If you disable CIFS UNIX extensions, does that make a difference? (echo 0 /proc/fs/cifs/LinuxExtensionsEnabled) Possibly the negotiation there is confusing the server. Makes no difference either. Does mount \\whatever --verbose -o blah give you any new information? Sure, but nothing useful. That's pretty much everything I can think of, so sorry I couldn't be more helpful! Cheers, Adam. Hey, no worries. I appreciate your efforts, nonetheless. I can only assume this is a bug in mount.cifs (which may have been fixed in later versions). But that's not the main problem anyway; the hang is. I've narrowed the problem behaviour down a bit. It happens when one process is already reading all the files in a directory under a samba share, and another process tries to do a read on one of the files in that directory. That's when the timeouts start to occur, and things freeze up. In terms of user actions, this happens when I use an image management program (picasa or gthumb, for example) to show thumbnails of all the JPEG files in a subdirectory of a samba share, and while the thumbnails are still loading for that directory, I double-click one of the thumbnails to try to view the image. From watching traffic in ethereal, the thumbnail loads are generating a steady flow of Read AndX Request packets from the client and Read AndX Response packets from the server (the image program is requesting the contents of each file). When I double-click the file, a new negotiate protocol request/response sequence occurs. The next Read AndX Request packet from the client (from the process loading the thumbnails) runs into problems: the server thinks the FID is invalid (the FID is definitely valid, since the server had returned it to the client and had transferred multiple MB's worth of data for it already at this point). Pure speculation here, but maybe the kernel-space samba client process gets confused and sends the read request on the newly negotiated connection, which causes confusion to ensue. A workaround is to let all the thumbnails load, and then to access one file at a time. No problems occur if I do this. This kinda sucks, but hey - it works at least. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot access WD's NetCenter drive from linux
Pure speculation here, but maybe the kernel-space samba client process gets confused and sends the read request on the newly negotiated connection, which causes confusion to ensue. What version of Samba are you running on the client? If you suspect it's a problem with the client, try using the userspace program smbclient to reproduce the problem. If you can reproduce it with smbclient, you could try compiling some alternate versions of Samba, and instead of installing them just run smbclient from the compilation directory. That would at least tell you whether there's a version of Samba that works successfully. I'd start with the same version that runs on the server, because if that version has problems I'd begin to wonder about the server. Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.23 - different errors on solaris 8 (Error in dskattr...)
Ralf Gross said: Gerald (Jerry) Carter said: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralf Gross wrote: After 'make install', I can still login, but smbclient gives me an error message if I try to list the content of a directory: Domain=[ERS] OS=[Unix] Server=[Samba 3.0.23] smb: \ ls do_list: [\*] NT_STATUS_OBJECT_PATH_NOT_FOUND Error in dskattr: NT_STATUS_OBJECT_PATH_NOT_FOUND ... vfs_extd_audit: opendir . ^^ Intermediate not found bang error packet at smbd/trans2.c(2919) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_PATH_NOT_FOUND I still have exactly the same problems with 3.0.23a. To be sure that no updates to my Solaris 8 broke something since compiling 3.0.22, I recompiled 3.0.22. But this is still woking fine! Thus there must be something with 3.0.23X that's not working with Solaris 8 here. The VFS interface changed. Did you recompile and reinstall the vfs_extd_audiit.so library? Do you get a failure without any VFS modules loaded? I have this file under /local/samba3023a/lib/vfs (my install prefix) -rwxr-xr-x 1 root root13280 Jul 24 14:10 extd_audit.so But I couldn't find a vfs_extd_audiit.so file. I compiled 3.0.23 from source with this configure options: ./configure --with-acl-support --prefix=/usr/local/samba3022-test --with-quotas --with-included-popt --without-ldap --with-vfs --enable-socket-wrapper Anything more I have to do to reinstall the vfs lib? Even if I uncomment all lines starting with vfs... I get the errors. do_list: [\*] NT_STATUS_OBJECT_PATH_NOT_FOUND Error in dskattr: NT_STATUS_OBJECT_PATH_NOT_FOUND Any more ideas about this? There must be something with 3.0.23(a), because 3.0.22 still compiles/runs without problems. I've no idea what theses errors are about. [-snip-] Linking nsswitch/libnss_wins.so ld: warning: option -o appears more than once, first setting taken [-snip-] Compiling groupdb/mapping.c with -fPIC Linking libsmbclient non-shared library bin/libsmbclient.a [-snip-] Compiling auth/auth_script.c with -fPIC Building plugin bin/script.so ld: warning: option -o appears more than once, first setting take [-snip-] Should I open a bug? Ralf -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem accessing shares after upgrade to 3.0.23
Hello list, after upgrading my debian Sarge distribution with apt-get to 3.0.23 i have some troubles to access 3 shares on Windows 2000 and 2003 Server. When trying to access them over smbclient i get the following error messages: :~# smbclient //ente/Axapta_Dokumente -U Administrator -d 2 added interface ip=192.168.100.121 bcast=192.168.100.255 nmask=255.255.255.0 Password: session setup failed: NT_STATUS_LOGON_FAILURE :~# smbclient //ente/Axapta_Dokumente -U Administrator -d 2 added interface ip=192.168.100.121 bcast=192.168.100.255 nmask=255.255.255.0 Password: Domain=[APE-BERLIN] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] smb: \ ls client_check_incoming_message: received message with mid 9 with no matching send record. SMB Signature verification failed on incoming packet! Server packet had invalid SMB signature! listing \* Error in dskattr: Server packet had invalid SMB signature! With kerberos authentication i get the same error. My smb.conf lists a server signing = auto All other signing are defaults. So anyone has an idea how to fix this? Thanks in advance -- Thorsten Systemadministrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot access WD's NetCenter drive from linux
What version of Samba are you running on the client? 3.0.10, as opposed to what I believe is 3.0.2 on the server. If you suspect it's a problem with the client, try using the userspace program smbclient to reproduce the problem. I tried to reproduce with smbclient, but failed. I opened two separate smbclient sessions. In one, I ran mget on a directory; in the other, while the mget was running, I did individual gets on files in that directory. No problems occurred. So I don't think the server is the problem. I need a non-interactive solution on the client side (for scripting, etc.), so I'll try seeing whether the samba client in FC5 works better. If so, I'll just upgrade my client machine. Maybe the mount.cifs problem will go away in the FC5 version as well. If not, I'll need to post again to this list. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and windows domain questions.
Hi all I have looked around to find a good answer to this question but so far not that much luck. Does samba has support for windows 2003 server domains? When using winbind do you need to have a samba server up and running with kerberos and all or can you connect to the domain directly? Thanks in advance =) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind cache
Hi all, we are having some troubles with the integration of some Solaris 9 Sparc servers on a Windows 2003 Server Active Directory domain. When we made the tests on a Solaris 9 Intel server, everything run successfully. After that we run some group membership tests, just changing users from one to another group on the W2K3 Server. We've seen on those tests that winbind was caching the group membership for some users (sometimes just for one user). The tests we have done from a local user on Solaris 9 server: 1 Run 'groups aduser', the group membership for aduser is shown. 2 Change 'aduser' membership on the AD server. 3 Run 'groups aduser', the group membership for aduser is shown but is not reflecting the changes made. 4 Restart winbind setting cache time to zero. 5 Repeat steps 1,2,3 and now it reflects all changes made on AD server. We have read the documentation and found two options: · Setting the cache time: winbind cache time = 0 (We don't know if zero is zero or it is unlimited time) · Running winbindd: winbindd -n (it is no caching mode) We still don't know really if the problem is from Winbind but the tests seem that setting out the winbind cache, the group membership resolution is more effective. The questions are, does someone know how the winbind cache works and how it could be effectively shut down to be sure it won't cache anything anymore? should we set the cache time to zero, another value, run winbindd with -n, do both things (cache time = 0 winbindd -n)? is there another site/doc where we should rtfm for winbind? did someone had similar troubles? By the way, the nscd is not running on the Solaris 9 server. Thanks! -- --- Samuel Partida Amores ISOTROL. Área de Seguridad. [EMAIL PROTECTED] Tfno. 955 036 836 --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SOLVED: 3.0.23 for Debian Sarge: LDAP problems
Hi all, Does anybody have an idea what the problem might be? I have found the reason for the problem: Samba 3.0.23 and 3.0.23a do not parse the passdb backend entry in the smb.conf correctly anymore (tested on Debian Sarge and FreeBSD 6.1). According to the smb.conf man page, it is allowed to put the ldap URIs in double qoutes: passdb backend = ldapsam:ldap://ldap-1.example.com \ ldap://ldap-2.example.com; This does not work for 3.0.23(a) anymore, it works as soon as you remove the double quotes. I guess it has to do with the fact that the use of multiple passdb backends is not supported with 3.0.23. Thanks, Uwe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldapsam ignores ldap user suffix when doing username lookup
hi, what about using ACLs to restrict uid-searches in the base for samba admin? greez Haas Florian wrote: Greetings. Since this is my first post to this list, hello everyone. Here's an issue concerning the ldapsam backend. I'm having a problem with the ldap user suffix param not being honored as expected. Specifically, when a user logs on, the ldap user suffix is ignored and the ldapsam backend attempts to lookup the user doing a full subtree search in the context defined by the ldap suffix param. This can easily be verified by setting the log level to 5, doing a domain logon, and then grepping for smbldap_search_ext in the smbd log. This issue has been raised before on this list, and has been answered by referring to the 3.0.11 changelog, which states this: If ldap user suffix or ldap machine suffix are defined in smb.conf, all user-accounts must reside below the user suffix, and all machine and inter-domain trust-accounts must be located below the machine suffix. Previous Samba releases would fall back to searching the 'ldap suffix' in some cases. Well, all user accounts in my setup do reside below the user suffix, and all machine accounts are below the machine suffix, yet it appears Samba falls back by default, which looks like quite the opposite of what said changelog entry claims. Looking at the source provided some insight. Mind you, I suck at C, so unfortunately I couldn't ever fix this issue (if it is one) myself, no matter how much I'd love to. :-) Here's the situation from my perspective: When looking up a user account, in pdb_ldap.c, ldapsam_getsampwnam() invokes ldapsam_search_suffix_by_name(), which in turn calls smbldap_search_suffix() in smbldap.c. smbldap_search_suffix() then invokes smbldap_search() with scope set to lp_ldap_suffix(), which corresponds to the full ldap suffix context. I wonder why ldapsam_getsampwnam() doesn't invoke an LDAP search call that is limited to the lp_ldap_user_suffix scope. Or do this first and then another search in the lp_ldap_machine_suffix scope after that, if for some reason the machine scope needs to be covered too. As I'm sure you'll agree, the large-scope search is a non-issue if your LDAP directory isn't huge, or if you have just one LDAP server, or the entire directory is fully replicated to all slave servers which any Samba DCs might talk to. However, if you have a large directory where user accounts are scattered over multiple OUs and the tree is heavily partitioned (as is not uncommon in Novell eDirectory setups), then any unnecessary cross-partition query becomes a real performance issue, especially if you have slow WAN links. Since this issue has been around for some time (I've just reproduced with 3.0.5, 3.0.14a and 3.0.20b -- I apologize for not having had time to compile and install the latest SVN trunk), I'm almost certain there's an obvious reason for this behavior, and/or an obvious workaround. Which I must have missed. Could a helpful subscriber enlighten me please? Thanks a lot. Best regards, Florian -- Mag.(FH) Florian G. Haas Systemingenieur Kapsch BusinessCom AG, Wienerbergstrasse 53, A-1121 Wien phone: +43 (5) 0811 5361 The information contained in this e-mail message is privileged and confidential and is for the exclusive use of the addressee. The person who receives this message and who is not the addressee, one of his employees or an agent entitled to hand it over to the addressee, is informed that he may not use, disclose or reproduce the contents thereof. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Incorrect handling of group permissions
Hello everyone, I have posted this problem report some time ago (see message nss_winbind does not recognize group membership sent on 24.07.2006), but there was no reply. The FreeBSD 6.1 server is a member of ADS domain. There is a directory named test with write permissions granted to user bill and group DOMAINNAME/algocod: #ls -al /tmp drwxrwx--- 2 billDOMAINNAME/algocod 512 Jul 24 14:16 test bill is a user registered in domain DOMAINNAME, but not a member of algocod group. He is able to read and write to and from directory test. But the user jim, who is a member of DOMAINNAME/algocod, cannot get access to it. log.winbindd contains a lot of messages like [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) request_len_recv: Invalid request size received: 1836 This problem appeared after upgrading from samba-3.0.22 to samba-3.0.23_1 (from FreeBSD ports collection). Please let me know if anyone has any idea on how to solve this problem. With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba still remembers the old domain name i used for testing
hello i tried to do a fresh start with erasing all tdb files but when i restart samba it still remembers the old domain name i used for testing net getlocalsid gives domain B and should give domain A. how to fix it ? thank you -- Éric LE HÉNAFF École normale supérieure - Centre de ressources informatiques Informaticien, Ingénieur développements et systèmes auprès des bibliothèques de l'ENS Préférez firefox! http://www.mozilla-europe.org/fr/ SVP, évitez de m'envoyer des attachements au format Word, Excel ou PowerPoint. Préférez les formats rtf, csv, html ou pdf au lieu des formats word et excel. Voir http://www.gnu.org/philosophy/no-word-attachments.fr.html pour plus d'explications. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba still remembers the old domain name i used for testing
éric le hénaff wrote: hello i tried to do a fresh start with erasing all tdb files but when i restart samba it still remembers the old domain name i used for testing net getlocalsid gives domain B and should give domain A. how to fix it ? thank you did you delete secrets.tdb? greez -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba still remembers the old domain name i used for testing
thanks for a so quick answer. yes i deleted secrets.tdb. that's what is strange! the server is a debian sarge box and puts tdb files all over the place. i deleted files in /var/lib/samba , /var/cache/samba , .var/run/samba and checked in all config files that the testing domain wasnt mentionned any more. Michael Gasch a écrit : éric le hénaff wrote: hello i tried to do a fresh start with erasing all tdb files but when i restart samba it still remembers the old domain name i used for testing net getlocalsid gives domain B and should give domain A. how to fix it ? thank you did you delete secrets.tdb? greez -- Éric LE HÉNAFF École normale supérieure - Centre de ressources informatiques Informaticien, Ingénieur développements et systèmes auprès des bibliothèques de l'ENS Préférez firefox! http://www.mozilla-europe.org/fr/ SVP, évitez de m'envoyer des attachements au format Word, Excel ou PowerPoint. Préférez les formats rtf, csv, html ou pdf au lieu des formats word et excel. Voir http://www.gnu.org/philosophy/no-word-attachments.fr.html pour plus d'explications. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
AW: [Samba] ldapsam ignores ldap user suffix when doing username lookup
Hello, -Ursprüngliche Nachricht- Von: Michael Gasch [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 27. Juli 2006 12:19 what about using ACLs to restrict uid-searches in the base for samba admin? Thanks. Just to see if I got your point correctly, you mean to disallow searches involving the uid attribute in the base context for the Samba admin proxy DN, and then re-allowing it a few levels below? I haven't tried, but I'm almost certain that after initial smbldap_search failure this would cause, Samba wouldn't descend into the OUs below and repeat the search (indeed, why should it?). So I'm afraid this would break domain logons altogether. I'm still trying to find out what's the rationale behind Samba not honoring the ldap user suffix param on initial user authentication. Could someone help me out on this? Cheers, Florian -- Mag.(FH) Florian G. Haas Systemingenieur Kapsch BusinessCom AG, Wienerbergstrasse 53, A-1121 Wien The information contained in this e-mail message is privileged and confidential and is for the exclusive use of the addressee. The person who receives this message and who is not the addressee, one of his employees or an agent entitled to hand it over to the addressee, is informed that he may not use, disclose or reproduce the contents thereof. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem accessing shares after upgrade to 3.0.23
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thorsten And Jeff, SMB Signature verification failed on incoming packet! Server packet had invalid SMB signature! listing \* Error in dskattr: Server packet had invalid SMB signature! Please double check smbclient is 3.0.23a although I expect it will have the same issue. If it does, would one of you file a bug report for me?Please attach a level 10 debug from smbclient and a raw network trace from ethereal as well. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyKWhIR7qMdg1EfYRAhSsAJkB0A7J8/1ZjbarQV2u7wJJ6R9sZACgpcXJ nl1J26eLT3vcWSuPm9CbzVE= =mLWa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind cache
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Samuel Partida wrote: 1 Run 'groups aduser', the group membership for aduser is shown 2 Change 'aduser' membership on the AD server. 3 Run 'groups aduser', the group membership for aduser is shown but is not reflecting the changes made. 4 Restart winbind setting cache time to zero. 5 Repeat steps 1,2,3 and now it reflects all changes made on AD server. Group membership is guaranteed to be reflected when the user logs in. running 'groups user' just answers out of cache. When the user logs in, we get the complete group membership in the Krb5 PAC or NetSamLogon() reply. So run step 2a: wbinfo -a 'AD\aduser%password' cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyKa1IR7qMdg1EfYRAt/pAKC/wrn/wyH3eFN95JGx6F7PsPZ27ACeO8Cy T6RQAlvikLCNxLAWYdqjkT0= =AGFm -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Incorrect handling of group permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Trifonov wrote: log.winbindd contains a lot of messages like [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) request_len_recv: Invalid request size received: 1836 Did you upgrade the nss_winbind.so library as well ? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyKbyIR7qMdg1EfYRAljxAJsFIzKXkWPup1+fBDvBHaNEUG8ttQCgz2SI AwuQ1goJnjU87kjN0tcWB9s= =xleH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to put a veto upon creating a directories
Samba Version 2.2.8 OS Sun Solaris 2.9 Hello All, I'm sorry for this may be silly question: i couldn't find how to forbid a samba users to create any directories. Is there any decision except writing script which will watch for the systems calls ? Thanks, Mikey -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED: 3.0.23 for Debian Sarge: LDAP problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Uwe Laverenz wrote: According to the smb.conf man page, it is allowed to put the ldap URIs in double qoutes: passdb backend = ldapsam:ldap://ldap-1.example.com \ ldap://ldap-2.example.com; This does not work for 3.0.23(a) anymore, it works as soon as you remove the double quotes. I guess it has to do with the fact that the use of multiple passdb backends is not supported with 3.0.23. H...that should work. It certainly wasn't an intentional change. This patch should correct it. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyK57IR7qMdg1EfYRAqamAJ4+ZuzIYSo+mVLzP+A6lLuVIJbTjQCfU00z uE5L9X0qFlyUbWs8I4xDqvM= =m0sZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED: 3.0.23 for Debian Sarge: LDAP problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This time with the correct file attached. Gerald (Jerry) Carter wrote: Uwe Laverenz wrote: According to the smb.conf man page, it is allowed to put the ldap URIs in double qoutes: passdb backend = ldapsam:ldap://ldap-1.example.com \ ldap://ldap-2.example.com; This does not work for 3.0.23(a) anymore, it works as soon as you remove the double quotes. I guess it has to do with the fact that the use of multiple passdb backends is not supported with 3.0.23. H...that should work. It certainly wasn't an intentional change. This patch should correct it. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyK8oIR7qMdg1EfYRAiq3AKCd/YR8VfSVbtWntjKFuyJ+P4wi4gCeIQ/u R8OXKwZA0GZGfZCNiIsvZ/4= =aL6q -END PGP SIGNATURE- === modified file 'source/passdb/pdb_ldap.c' --- source/passdb/pdb_ldap.c +++ source/passdb/pdb_ldap.c @@ -5489,14 +5489,14 @@ struct ldapsam_privates *ldap_state; char *uri = talloc_strdup( NULL, location ); - if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common( pdb_method, uri ))) { - return nt_status; - } - - /* the module itself stores a copy of the location so throw this one away */ - + trim_char( uri, '\', '\' ); + nt_status = pdb_init_ldapsam_common( pdb_method, uri ); if ( uri ) TALLOC_FREE( uri ); + + if ( !NT_STATUS_IS_OK(nt_status) ) { + return nt_status; + } (*pdb_method)-name = ldapsam_compat; @@ -5524,8 +5524,13 @@ DOM_SID secrets_domain_sid; pstring domain_sid_string; char *dn; - - nt_status = pdb_init_ldapsam_common(pdb_method, location); + char *uri = talloc_strdup( NULL, location ); + + trim_char( uri, '\', '\' ); + nt_status = pdb_init_ldapsam_common(pdb_method, uri); + if ( uri ) + TALLOC_FREE( uri ); + if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED: 3.0.23 for Debian Sarge: LDAP problems
On Thu, 2006-07-27 at 07:15 -0500, Gerald (Jerry) Carter wrote: Uwe Laverenz wrote: According to the smb.conf man page, it is allowed to put the ldap URIs in double qoutes: passdb backend = ldapsam:ldap://ldap-1.example.com \ ldap://ldap-2.example.com; This does not work for 3.0.23(a) anymore, it works as soon as you remove the double quotes. I guess it has to do with the fact that the use of multiple passdb backends is not supported with 3.0.23. H...that should work. It certainly wasn't an intentional change. This patch should correct it. No patch dude. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind dies redux
On Wednesday July 26 2006 12:07 pm, Dimitri Yioulos wrote: On Wednesday July 26 2006 11:33 am, you wrote: Dimitri Yioulos wrote: All, I fear I''ve become a pita with this, but windbind periodically dying on one of my machines is really starting to cause grief, and I have no idea what might be causing it, especially as the same config is used on several similar boxes which do not exhibit the problem. While I've posted the problem previously, I thought that maybe this latest log entry after winbind dies might help with finding the solution: Is there a bug # for this? If not, please make one. I'll do this shortly. lib/fault.c:dump_core(173) dumping core in /var/log/samba/cores/winbindd : 2 Time(s) lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 6 in pid 2102 (3.0.23) Please read the There's a abort() call somewhere Ok. Trouble-Shooting section of the Samba3-HOWTO : 1 Time(s) lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 6 in pid 9172 (3.0.23a) Please read the Trouble-Shooting section of the Samba3- HOWTO : 1 Time(s) lib/fault.c:fault_report(44)From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf : 2 Time(s) lib/util.c:log_stack_trace(1699) BACKTRACE: 26 stack frames #0 winbindd(log_stack_trace+0x2d) [0xcd2ded] #1 winbindd(smb_panic+0x75) [0xcd2c95] #2 winbindd [0xcbe3e6] #3 /lib/tls/libc.so.6 [0x28f0d8] #4 /lib/tls/libc.so.6(abort+0x1d5) [0x290705] #5 winbindd [0xcf99e2] #6 winbindd [0xcf9c65] #7 winbindd(cli_krb5_get_ticket+0x242) [0xcfa142] Can you get a backtrace with debug symbols? The only report of this I've seen was fixed by upgrading the krb5 libs. What server platform and krb5 version are you using? Server is CentOS 3.7. Krb version is 1.2.57. I've searched quite a bit about how to run a backtrace with debug symbols, but come up with nothing useful to me. I've found Tridge's backtrace script, but don't how to use it. I would appreciate your kind assistance with how to do the backtrace. Dimitri All. Forgive me. I must either be stupid, a poor researcher, blind, all of the above, a combination of the above, none of the above (the last choice unlikely). I've searched extensicely for a how-to on running a backtrace with debug symbols, but can find nothing to help me. I see how to run gdb, if that's the tool I should use, as in gdb /usr/sbin/winbind PID. But, part of the data returned is (no debugging symbols found). Arrrgh. Am I missing something obvious? Is the answer under my nose, and I'm just not seeing it? I'd like to provide all the information I can so that I might help you help me to solve my issue. But, I need your kind assistance on how to do this backtrace. Please don't be angry with me, I'm doin' my best here (and really am considered a nice person by my peers :-) ). Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED: 3.0.23 for Debian Sarge: LDAP problems
Hi Jerry, On Thu, Jul 27, 2006 at 07:18:48AM -0500, Gerald (Jerry) Carter wrote: H...that should work. It certainly wasn't an intentional change. This patch should correct it. I tested it on my FreeBSD workstation and it works perfectly. :) Thank you! Uwe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SOLVED: 3.0.23 for Debian Sarge: LDAP problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Uwe Laverenz wrote: Hi Jerry, On Thu, Jul 27, 2006 at 07:18:48AM -0500, Gerald (Jerry) Carter wrote: H...that should work. It certainly wasn't an intentional change. This patch should correct it. I tested it on my FreeBSD workstation and it works perfectly. :) Thank you! Great! I'll make sure it gets in 3.0.23b. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyLlEIR7qMdg1EfYRAtf5AJ9ARCFw475fr/nb9Hegr2Wf4vMHfQCfTVbY vuICXXvper4x5tmUITuZjjE= =vDp9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Incorrect handling of group permissions
Dear Jerry, log.winbindd contains a lot of messages like [2006/07/24 15:12:19, 0] nsswitch/winbindd.c:request_len_recv(517) request_len_recv: Invalid request size received: 1836 Did you upgrade the nss_winbind.so library as well ? Thank you very much for prompt reply. It seems that the install script upgraded them properly. At least, nss_winbind.so and winbindd have the same date. -r-xr-xr-x 1 root wheel 16664 Jul 24 13:39 /usr/local/lib/nss_winbind.so.1 -r-xr-xr-x 1 root wheel 748308 Jul 24 13:39 /usr/local/lib/nss_wins.so.1 -rwxr-xr-x 1 root wheel 2129111 Jul 24 13:39 /usr/local/sbin/winbindd I have also tried to copy nss_winbind.so from the build directory manually, but this did not change anything. The problem occurs with group permissions only. All users can read the directories which are owned by them and have user read permission. With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Incorrect handling of group permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Trifonov wrote: It seems that the install script upgraded them properly. At least, nss_winbind.so and winbindd have the same date. -r-xr-xr-x 1 root wheel 16664 Jul 24 13:39 /usr/local/lib/nss_winbind.so.1 -r-xr-xr-x 1 root wheel 748308 Jul 24 13:39 /usr/local/lib/nss_wins.so.1 These should in in /lib, not /usr/local/lib (unless you have explicitly configured NSS to look in /usr/local/lib which I don't know how to do). cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyMDFIR7qMdg1EfYRApxNAJ9YLr8rGGH+rL+UbGLWmq6YlGR2GgCgyh0n CS7QZY+OPXFPghlDGSN0Mr0= =tKyN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Incorrect handling of group permissions
Dear Jerry, -r-xr-xr-x 1 root wheel 16664 Jul 24 13:39 /usr/local/lib/nss_winbind.so.1 -r-xr-xr-x 1 root wheel 748308 Jul 24 13:39 /usr/local/lib/nss_wins.so.1 These should in in /lib, not /usr/local/lib (unless you have explicitly configured NSS to look in /usr/local/lib which I don't know how to do). FreeBSD's nsswitch seems to be able to look in /usr/local/lib. I have tried to create symlink to those libraries in /lib, but this did not change anything. These libraries were located in /usr/local/lib for previous Samba versions as well. But when I renamed nss_winbind.so.1, ADS user/group name resolution stopped to work at all. From this I conclude that nsswitch does recognize the library, but the library itself is broken somewhere. With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] A user having the same name as the samba server can not connect
Hi I discovered for the first time the following issue: a user having the same name as the samba server can not connect to any shared directory. I encountered this issue in the following configuration: + Samba server (samba-3.0.23-1.fc5) running on a Fedora Core 5 distribution. + Server hostname = bill + bill is also a user configured on the server + I added a different password for bill with the smbpasswd command + Samba configuration file: [global] workgroup = my_domain_name server string = My Server load printers = no security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no [htdocs_odin] comment = HTDOCS Directory path = /usr/local/bill/htdocs valid users = bill public = no writable = yes I solved this issue by changing the name of the server. However, if anyone had an explanation of this issue, I would appreciate. Thanks in advance, Medzner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Incorrect handling of group permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Trifonov wrote: FreeBSD's nsswitch seems to be able to look in /usr/local/lib. I have tried to create symlink to those libraries in /lib, but this did not change anything. These libraries were located in /usr/local/lib for previous Samba versions as well. But when I renamed nss_winbind.so.1, ADS user/group name resolution stopped to work at all. From this I conclude that nsswitch does recognize the library, but the library itself is broken somewhere. wok. Couple of questions. Sorry if you already provided this information but I can't remember. * Is this 3.0.23 ? or 3.0.23a ? * 32bit or 64bit system ? * Please send me the output from 'smbd -b'. Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyMb6IR7qMdg1EfYRAtUWAKCBYGsepVmikNcxIPc4HC/LG+U9OACeMown /+PQz/Xdkrr4zkbLDY9DePk= =7fFg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Incorrect handling of group permissions
Dear Jerry, wok. Couple of questions. Sorry if you already provided this information but I can't remember. * Is this 3.0.23 ? or 3.0.23a ? It is 3.0.23. * 32bit or 64bit system ? This is 32-bit Pentium 4. gcc version 3.4.4 [FreeBSD] 20050518 Could this be a compiler bug/feature? * Please send me the output from 'smbd -b'. Please see the attachment. With best regards, P. Trifonov Build environment: Built by:[EMAIL PROTECTED] Built on:Mon Jul 24 12:21:39 MSD 2006 Built using: cc Build host: FreeBSD dcn.research.dcn 6.1-RELEASE FreeBSD 6.1-RELEASE #1: Wed May 24 20:38:07 MSD 2006 [EMAIL PROTECTED]:/usr/src/sys/i386/compile/SERVER i386 SRCDIR: /usr/ports/net/samba3/work/samba-3.0.23/source BUILDDIR:/usr/ports/net/samba3/work/samba-3.0.23/source Paths: SBINDIR: /usr/local/sbin BINDIR: /usr/local/bin SWATDIR: /usr/local/share/swat CONFIGFILE: /usr/local/etc/smb.conf LOGFILEBASE: /var/log/samba LMHOSTSFILE: /usr/local/etc/lmhosts LIBDIR: /usr/local/lib/samba SHLIBEXT: so LOCKDIR: /var/db/samba PIDDIR: /var/run SMB_PASSWD_FILE: /usr/local/private/smbpasswd PRIVATE_DIR: /usr/local/private System Headers: HAVE_SYS_ACL_H HAVE_SYS_CDEFS_H HAVE_SYS_EXTATTR_H HAVE_SYS_FCNTL_H HAVE_SYS_FILIO_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_SOCKIO_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_TIME_H HAVE_SYS_TYPES_H HAVE_SYS_UIO_H HAVE_SYS_UNISTD_H HAVE_SYS_UN_H HAVE_SYS_WAIT_H Headers: HAVE_AIO_H HAVE_ARPA_INET_H HAVE_COM_ERR_H HAVE_CTYPE_H HAVE_DIRENT_H HAVE_DLFCN_H HAVE_FAM_H HAVE_FCNTL_H HAVE_FLOAT_H HAVE_GLOB_H HAVE_GRP_H HAVE_GSSAPI_H HAVE_INTTYPES_H HAVE_KRB5_H HAVE_LANGINFO_H HAVE_LBER_H HAVE_LDAP_H HAVE_LIMITS_H HAVE_LOCALE_H HAVE_MEMORY_H HAVE_NETINET_IN_SYSTM_H HAVE_NETINET_IP_H HAVE_NETINET_TCP_H HAVE_NET_IF_H HAVE_NSSWITCH_H HAVE_NSS_H HAVE_POLL_H HAVE_READLINE_HISTORY_H HAVE_READLINE_READLINE_H HAVE_RPCSVC_NIS_H HAVE_RPCSVC_YPCLNT_H HAVE_RPCSVC_YP_PROT_H HAVE_RPC_NETTYPE_H HAVE_RPC_RPC_H HAVE_SECURITY_PAM_APPL_H HAVE_SECURITY_PAM_MODULES_H HAVE_STDARG_H HAVE_STDINT_H HAVE_STDLIB_H HAVE_STRINGS_H HAVE_STRING_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_UNISTD_H HAVE_UTIME_H UTMP Options: HAVE_UTMP_H HAVE_UT_UT_HOST HAVE_UT_UT_NAME HAVE_UT_UT_TIME WITH_UTMP HAVE_* Defines: HAVE_ACL_GET_PERM_NP HAVE_ADDR_TYPE_IN_KRB5_ADDRESS HAVE_AP_OPTS_USE_SUBKEY HAVE_ASPRINTF HAVE_ASPRINTF_DECL HAVE_ATEXIT HAVE_BER_SCANF HAVE_C99_VSNPRINTF HAVE_CHECKSUM_IN_KRB5_CHECKSUM HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_COPY_AUTHENTICATOR HAVE_CRYPT HAVE_CUPS HAVE_DEVICE_MAJOR_FN HAVE_DEVICE_MINOR_FN HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DUP2 HAVE_ENCTYPE_ARCFOUR_HMAC_MD5 HAVE_ENDNETGRENT HAVE_ERRNO_DECL HAVE_ETYPE_IN_ENCRYPTEDDATA HAVE_EXECL HAVE_EXPLICIT_LARGEFILE_SUPPORT HAVE_EXTATTR_DELETE_FD HAVE_EXTATTR_DELETE_FILE HAVE_EXTATTR_DELETE_LINK HAVE_EXTATTR_GET_FD HAVE_EXTATTR_GET_FILE HAVE_EXTATTR_GET_LINK HAVE_EXTATTR_LIST_FD HAVE_EXTATTR_LIST_FILE HAVE_EXTATTR_LIST_LINK HAVE_EXTATTR_SET_FD HAVE_EXTATTR_SET_FILE HAVE_EXTATTR_SET_LINK HAVE_E_DATA_POINTER_IN_KRB5_ERROR HAVE_FAM_CHANGE_NOTIFY HAVE_FCHMOD HAVE_FCHOWN HAVE_FCNTL_LOCK HAVE_FREE_AP_REQ HAVE_FSTAT HAVE_FSYNC HAVE_FTRUNCATE HAVE_FTRUNCATE_EXTEND HAVE_FUNCTION_MACRO HAVE_GETCWD HAVE_GETDENTS HAVE_GETDIRENTRIES HAVE_GETGRENT HAVE_GETGRNAM HAVE_GETGROUPLIST HAVE_GETNETGRENT HAVE_GETRLIMIT HAVE_GETTIMEOFDAY_TZ HAVE_GLOB HAVE_GRANTPT HAVE_GSSAPI HAVE_GSS_DISPLAY_STATUS HAVE_ICONV HAVE_IFACE_AIX HAVE_IMMEDIATE_STRUCTURES HAVE_INITGROUPS HAVE_INNETGR HAVE_IPRINT HAVE_KRB5 HAVE_KRB5_ADDRESSES HAVE_KRB5_AUTH_CON_SETKEY HAVE_KRB5_CRYPTO HAVE_KRB5_CRYPTO_DESTROY HAVE_KRB5_CRYPTO_INIT HAVE_KRB5_DECODE_AP_REQ HAVE_KRB5_ENCTYPES_COMPATIBLE_KEYS HAVE_KRB5_FREE_DATA_CONTENTS HAVE_KRB5_FREE_ERROR_CONTENTS HAVE_KRB5_GET_DEFAULT_IN_TKT_ETYPES HAVE_KRB5_GET_KDC_CRED HAVE_KRB5_GET_PW_SALT HAVE_KRB5_KEYBLOCK_KEYVALUE HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK HAVE_KRB5_KRBHST_GET_ADDRINFO HAVE_KRB5_KT_COMPARE HAVE_KRB5_KT_FREE_ENTRY HAVE_KRB5_KU_OTHER_CKSUM HAVE_KRB5_MK_REQ_EXTENDED HAVE_KRB5_PRINCIPAL_COMPARE_ANY_REALM HAVE_KRB5_PRINCIPAL_GET_COMP_STRING HAVE_KRB5_SESSION_IN_CREDS HAVE_KRB5_SET_DEFAULT_IN_TKT_ETYPES HAVE_KRB5_STRING_TO_KEY HAVE_KRB5_STRING_TO_KEY_SALT HAVE_LDAP
Re: [Samba] Incorrect handling of group permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter, Dear Jerry, wok. Couple of questions. Sorry if you already provided this information but I can't remember. * Is this 3.0.23 ? or 3.0.23a ? It is 3.0.23. Please test 3.0.23a. I made some changes to the winbindd request and response structures to fix some alignment issues. Might not help you but it would be good to verify that the problem still exists after those changes. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyMoLIR7qMdg1EfYRAqUuAKDw0Wr8xgV+VEWQDqijrtTVciz/wQCeOodr 3/6KoS46cRRLZPsNPUjZSrw= =IZu9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems accessing shares with dollar signs
On 7/22/06, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: Josh Kelley wrote: From my CentOS 4.3 box running Samba 3.0.21b, mounting \\server\data$ (a Windows Server 2003 DC) or \\domain\data$ (the same share, shared over DFS) using mount.cifs doesn't give any errors, and I can do an ls of the top-level directory, but when I try to do an ls of a subdirectory, I get the top-level directory listing again. The CIFS fs did not support MS-DFS last I checked. It does; I am able to access other DFS shares (netlogon and sysvol are the only two I have configured), and I can see the top-level directory of data$ and software$, but I can't see any subdirectories. From the same box, using smbget or smbclient's mget command works. From the same box, using smbclient's tar command fails; What version of Samba are you using here ? 3.0.21b. I retested against 3.0.23a with the same results; I also noticed some errors similar to the following in smbclient's tar's output: Server packet had invalid SMB signature! opening remote file \Adobe\Adobe Acrobat 7.0 Professional\program files\Adobe\Acrobat 7.0\R (\Adobe\Adobe Acrobat 7.0 Professional\program files\Adobe\Acrobat 7.0\) (They were probably there earlier and I just overlooked them.) From my Fedora Core 5 box running Samba 3.0.23, mount.cifs gives the same symptoms. smbclient gives errors similar to the following upon cd'ing into most (but not all) subdirectories and then running ls: client_check_incoming_message: received message with mid 11 with no matching send record. SMB Signature verification failed on incoming packet! As a result, neither smbclient's mget nor its tar work. I'd file a bug. We will also need a level 10 debug log from the client and probably a raw network trace (included as attachments). Also please retest 3.0.23a (released yesterday). Thanks. I've been unable to replicate that exact error message in 3.0.23 or in 3.0.23a; I did take debug logs and network traces of the above errors and filed them as bug #3968. Thanks for your help. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba and domain authentification(newbie)
Hello! I want to make a samba server that let the users connected to domain to acces the shares without promting for password once they are authentificated to domain. I also want to restrict the acces on share to some usernames. I try to made this using the security setting to domain but it worked after i made coresponding usernames that i shared the resource. Can i make samba use the domain controler? Thanks in advice! -- Michael, [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] central samba server
I have about 10 linux/unix machines running samba, one of which should be a central samba server. Additionally, I have about 30 Windows machines. My problem is that I want the share(s) of the other linux/unix machines to be mounted on the samba server, so that they only can be access via this server. But if I run samba on the other linux/unix machines, I can also access their shares directly, what I want to disallow. So, is there a way to run samba on these machines and not to allow the shares to be accessed directly, but via my central samba server on which they are mounted? If I use 'browseable = no', they will not be seen but still be accessible. Using 'available = no', they cannot be accessed and not be mounted, as well. Any ideas? Axel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] idmap backend ad and trusted domains?
Hi, is idmap backend = ad with winbind nss info = sfu supposed to work with trusted domains? - Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fedora core 5 and Samba
Good Day: I have been trying all week to install the 23a version of Samba on a Fedora core 5 distribution. When I try to start smbd, the log indicates that the demon wont start because of an undefined symbol. Here is the message [2006/07/26 10:00:09, 0] smbd/server.c:main(847) smbd version 3.0.23-1.fc5 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 smbd: symbol lookup error: smbd: undefined symbol: cupsLangDefault Can anybody help me explain this and fix it? Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] central samba server
Hi, by using the hosts allow directive in the smb.conf you can specify which machines are allowed to access your server and which are not. So your slave servers should only be accessible by your master server and the master server may be accessible by every windows machine. you could also mount the other shares via NFS, so you would only need one samba server instead of ten. Since you need time for the server maintenance of each samba server this could be time-saving for you. Hope i got your problem and this helps Martin Axel Schmalowsky wrote: I have about 10 linux/unix machines running samba, one of which should be a central samba server. Additionally, I have about 30 Windows machines. My problem is that I want the share(s) of the other linux/unix machines to be mounted on the samba server, so that they only can be access via this server. But if I run samba on the other linux/unix machines, I can also access their shares directly, what I want to disallow. So, is there a way to run samba on these machines and not to allow the shares to be accessed directly, but via my central samba server on which they are mounted? If I use 'browseable = no', they will not be seen but still be accessible. Using 'available = no', they cannot be accessed and not be mounted, as well. Any ideas? Axel -- _/ _/_/ _/_/_/ Friedrich Alexander Universität Erlangen _/_/ _/ _/ Lehrstuhl für Sensorik _/_/ _/ Paul-Gordanstr. 5, 91052 Erlangen, Germany _/ _/_/ _/_/ _/ _/ _/ University of Erlangen _/_/ _/ _/ Department of Sensor Technology _/_/_/ _/_/ _/_/_/ Paul-Gordanstr. 5, 91052 Erlangen, Germany Dipl.-Ing. Martin Meiler tel.: (+49)-9131-85-23140 fax.: (+49)-9131-85-23133 email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] open_fake_file?
samba version 3.0.20b I haven't made any changes in the samba config file, only added the user to a new group. The user is getting prompted for password ( I am using Active Directory) and here's the log. [2006/07/27 10:19:51, 1] smbd/service.c:close_cnum(835) closed connection to service webshare [2006/07/27 10:22:01, 1] smbd/service.c:make_connection_snum(662) connect to service collectionsweb initially as user user1 (uid=46838, gid=12744) (pid 9182) [2006/07/27 10:33:06, 1] smbd/service.c:close_cnum(835) closed connection to service webshare [2006/07/27 10:34:59, 1] smbd/service.c:make_connection_snum(662) connect to service webshare initially as user user1 (uid=46838, gid=12744) (pid 9811) [2006/07/27 10:38:01, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(1006) api_pipe_bind_req: unknown auth type 9 requested. [2006/07/27 10:38:02, 1] smbd/fake_file.c:open_fake_file(114) open_fake_file_shared: access_denied to service[webshare] file[$Extend/$Quota:$Q:$INDEX_ALLOCATION] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fedora core 5 and Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kirk Henry wrote: Good Day: I have been trying all week to install the 23a version of Samba on a Fedora core 5 distribution. When I try to start smbd, the log indicates that the demon wont start because of an undefined symbol. Here is the message [2006/07/26 10:00:09, 0] smbd/server.c:main(847) smbd version 3.0.23-1.fc5 started. Copyright Andrew Tridgell and the Samba Team 1992-2006 smbd: symbol lookup error: smbd: undefined symbol: cupsLangDefault Yup. The cups maintainer went from 1.1 to 1.2 which is not API compatible. Either downgrade cups ot recompile Samba. And log a bug with Fedora. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEyOfBIR7qMdg1EfYRAhbWAJ0f+Z/ew/K/YTlvGYsqm0NXefpypQCdGN2m WXlJWpAL4F1elwRkrnarEf0= =Ko63 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Incorrect handling of group permissions
Dear Jerry, Please test 3.0.23a. I made some changes to the winbindd request and response structures to fix some alignment issues. Might not help you but it would be good to verify that the problem still exists after those changes. After installing 3.0.23a nothing has changed, except groups are now reported without domain name. There are still many messages about invalid request size With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] trust domain list
Hi everybody. When using the command: # net rpc trustdom list what is the difference in output between: The trusted domains list and trusting domains list? Which operations are performed in both actions? My example: net rpc trustdom list Trusted domains list: DOMA S-1-5-21-790525478-1844823847-725345543 DOMB S-1-5-21-776971034-1374619893-1389755056 Trusting domains list: DOMB S-1-5-21-776971034-1374619893-1389755056 Unable to find a suitable server domain controller is not responding Thank you. --- Bruno Gomes Pessanha -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba share on linux and Windows 2003 server R2
Hi everyone Has anyone been able to get windows 2003 server R2 to mount a Samba share from a RH9 server ? using Samba release 3.0.23a I haven't done this yet and if possible would like to know if it works before I make the attempt is there any bizarre things involved ? many thanks Marcus Hutchinson Digital Domain Venice CA 90293 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] no idmap backends compiled/installed - 3.0.23a
I believe I have tracked down the root of my problem...my ${PREFIX}/lib/idmap directory is empty. And I want to use idmap backend = ad. This is self compiled on Solaris 10 update 2 using only the Sun provided toolchain and libraries except for: krb5-1.5 openldap-2.3.24 Both the kerberos and the openldap libraries were installed in the samba ${PREFIX} directory. The configure script was: #!/bin/tcsh setenv CFLAGS -I/local/samba-3.0.23a/include setenv CPPFLAGS -I/local/samba-3.0.23a/include setenv LDFLAGS -L/local/samba-3.0.23a/lib -R/local/samba-3.0.23a/lib ./configure --prefix=/local/samba-3.0.23a \ --with-ads \ --with-acl-support \ --with-krb5=/local/samba-3.0.23a \ --disable-cups The contents of the source/sam directory after successfully running make are: -rw-r--r-- 1 501 other 11371 May 23 14:54 idmap.c -rw-r--r-- 1 501 other 15460 Jul 24 12:16 idmap.o -rw-r--r-- 1 501 other 9878 Jul 21 12:22 idmap_ad.c -rw-r--r-- 1 501 other 14917 Apr 19 22:29 idmap_ldap.c -rw-r--r-- 1 501 other 21368 Jul 24 12:16 idmap_ldap.o -rw-r--r-- 1 501 other 16239 Apr 19 22:29 idmap_rid.c -rw-r--r-- 1 501 other 10851 Apr 19 22:29 idmap_smbldap.c -rw-r--r-- 1 501 other 17518 Apr 19 22:29 idmap_tdb.c -rw-r--r-- 1 501 other 30260 Jul 24 12:16 idmap_tdb.o -rw-r--r-- 1 501 other 3347 May 23 14:54 idmap_util.c -rw-r--r-- 1 501 other 4156 Jul 24 12:16 idmap_util.o -rw-r--r-- 1 501 other 2935 Jul 10 12:27 nss_info.c -rw-r--r-- 1 501 other 4552 Jul 24 12:13 nss_info.o Any insight on how to get the idmap backends compiled and installed would be greatly appreciated. Thanks, Neal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] idmap backend ad and trusted domains?
On Thu, Jul 27, 2006 at 04:57:39PM +0200, Mark Proehl wrote: Hi, is idmap backend = ad with winbind nss info = sfu supposed to work with trusted domains? - Mark my problem is this: vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500 13 vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500 13 vm1:~ # wbinfo -S S-1-5-21-450098887-3131224273-1459421348-500 Could not convert sid S-1-5-21-450098887-3131224273-1459421348-500 to uid both domains are w2k3r2 domains. Samba is 3.0.23a. I suspect that winbind does not follow the ldap referral from it's own dc to the dc of the trusted domain. Or is there a problem with my setup: [global] workgroup = W2K3 realm = EXAMPLE.COM security = ADS use kerberos keytab = Yes log level = 10 panic action = sleep 1 idmap backend = ad idmap uid = 1-100 idmap gid = 1-100 winbind cache time = 10 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nss info = sfu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: no idmap backends compiled/installed - 3.0.23a
Neal A. Lucier wrote: I believe I have tracked down the root of my problem...my ${PREFIX}/lib/idmap directory is empty. And I want to use idmap backend = ad. ... ./configure --prefix=/local/samba-3.0.23a \ --with-ads \ --with-acl-support \ --with-krb5=/local/samba-3.0.23a \ --disable-cups ... Any insight on how to get the idmap backends compiled and installed would be greatly appreciated. ./configure --with-shared-modules=idmap_ad -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] no idmap backends compiled/installed - 3.0.23a
On Thu, 2006-07-27 at 14:52 -0400, Neal A. Lucier wrote: Any insight on how to get the idmap backends compiled and installed would be greatly appreciated. add --with-shared-modules=idmap_ad Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] idmap backend ad and trusted domains?
On Thu, 2006-07-27 at 20:53 +0200, Mark Proehl wrote: On Thu, Jul 27, 2006 at 04:57:39PM +0200, Mark Proehl wrote: Hi, is idmap backend = ad with winbind nss info = sfu supposed to work with trusted domains? - Mark my problem is this: vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500 13 vm1:~ # wbinfo -S S-1-5-21-4038355506-4058439304-2375676978-500 13 vm1:~ # wbinfo -S S-1-5-21-450098887-3131224273-1459421348-500 Could not convert sid S-1-5-21-450098887-3131224273-1459421348-500 to uid both domains are w2k3r2 domains. Samba is 3.0.23a. I suspect that winbind does not follow the ldap referral from it's own dc to the dc of the trusted domain. Seem this is a known bug: https://bugzilla.samba.org/show_bug.cgi?id=3661 Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with access to share after upgrading to 3.0.23(a)
Hi! I'm experiencing problems with access to one of shares on server with Samba working as PDC for windows clients, after I upgraded Samba from 3.0.22 to 3.0.23 (this problem also present in 3.0.23a). There are config section for this share: [domain] comment = Domain users exchange share path = /home/special/domain guest ok = No writeable = Yes create mask = 0664 directory mask = 0775 Access to directory in which share resides denied to world, so only members of group domain can access this share: root#earth:~ls -la /home/special/ ... drwxr-x--- 5 ntadmdomain512 1 Jul 18:52 domain In this group placed all users-members of domain, also me (antonz) : root#earth:~cat /etc/group |grep domain domain:*:250:ntadm,guest,antonz,oksana,valent . root#earth:~id antonz uid=1002(antonz) gid=1002(antonz) groups=1002(antonz), 0(wheel), 53(bind), 80(www), 103(sshspec), 200(staff), 201(admin), 202(automation), 250(domain) And this group domain also has mapping to domain-wide group Domain Users: root#earth:~net groupmap list Domain Users (S-1-5-21-397137-3877677318-3229927643-513) - domain Until recent upgrade everything was OK with access to this share, but now I'm receiving Error reading drive error from both Windows clients and smbclient: root#earth:~smbclient -I 10.25.1.1 -U antonz earth\\domain Password: Domain=[LIBRARY] OS=[Unix] Server=[Samba 3.0.23a] smb: \ ls NT_STATUS_NETWORK_ACCESS_DENIED listing \* 0 blocks of size 0. 61680 blocks available smb: \ Everything other goes well: domain logins, roaming profiles storing and retrieving, accessing other shares with more simple access rights (also user's homes). Samba config files was not changed when updating. Unfortunately, I cannot downgrade to 3.0.22 to at least test thing with it, it seems that TDB format changed between versions, and previous version didn't work at all, yelling about unknown TDB format. Here is log level 2 report when I'm tried to connect. I can provide log level 3 or higher if needed. /var/log/samba/samba.10.25.1.16.log [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [homes] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [print$] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [printers] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [profile] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [hp1100] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [netlogon] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [ftp] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [cdrom] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [public] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [domain] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [WWW] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] param/loadparm.c:do_section(3704) Processing section [rnb] [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] lib/interface.c:add_interface(81) added interface ip=10.0.1.251 bcast=10.0.1.255 nmask=255.255.255.0 [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] lib/interface.c:add_interface(81) added interface ip=10.25.1.1 bcast=10.25.1.255 nmask=255.255.255.0 [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] lib/interface.c:add_interface(81) added interface ip=10.25.2.1 bcast=10.25.2.255 nmask=255.255.255.0 [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)] lib/interface.c:add_interface(81) added interface ip=195.245.194.78 bcast=195.245.194.79 nmask=255.255.255.252 [2006/07/27 21:17:46, 2, pid=94387, effective(0, 0), real(0, 0)]
Re: [Samba] Problems with access to share after upgrading to 3.0.23(a)
On Thu, Jul 27, 2006 at 09:52:40PM +0300, Anton N. Breusov wrote: Hi! I'm experiencing problems with access to one of shares on server with Samba working as PDC for windows clients, after I upgraded Samba from 3.0.22 to 3.0.23 (this problem also present in 3.0.23a). There are config section for this share: [domain] comment = Domain users exchange share path = /home/special/domain guest ok = No writeable = Yes create mask = 0664 directory mask = 0775 Access to directory in which share resides denied to world, so only members of group domain can access this share: root#earth:~ls -la /home/special/ ... drwxr-x--- 5 ntadmdomain512 1 Jul 18:52 domain In this group placed all users-members of domain, also me (antonz) : root#earth:~cat /etc/group |grep domain domain:*:250:ntadm,guest,antonz,oksana,valent . root#earth:~id antonz uid=1002(antonz) gid=1002(antonz) groups=1002(antonz), 0(wheel), 53(bind), 80(www), 103(sshspec), 200(staff), 201(admin), 202(automation), 250(domain) And this group domain also has mapping to domain-wide group Domain Users: root#earth:~net groupmap list Domain Users (S-1-5-21-397137-3877677318-3229927643-513) - domain Until recent upgrade everything was OK with access to this share, but now I'm receiving Error reading drive error from both Windows clients and smbclient: root#earth:~smbclient -I 10.25.1.1 -U antonz earth\\domain Password: Domain=[LIBRARY] OS=[Unix] Server=[Samba 3.0.23a] smb: \ ls NT_STATUS_NETWORK_ACCESS_DENIED listing \* 0 blocks of size 0. 61680 blocks available smb: \ It would be interesting to see what the token looks like for this access. Can you get a debug level 10 log from the smbclient access please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] W2K3 Domain - Can't Connect to Share?
I have a linux box, Samba 3.0.23a, that is joined to a W2K3 domain. I cannot connect to the MP3s share (all legal!) on this system - I can connect to home directories and printers. When I try to connect to MP3s as any user on the domain, I get an Access is denied message, or it prompts me for the username and password again. I am using Winbind (if that matters), so none of these accounts exist locally on the system. Here is the applicable part of my smb.conf: [MP3s] path = /home/samba/MP3s ; writeable = no browseable = yes valid users = @MASSIVEGEEK+Domain Users writeable = yes And here is the actual file permissions: drwxrwx--- 93 root domain users 4096 Jul 14 18:54 MP3s Any ideas here? I've tried connecting from several different systems (XP, 2003, Linux), with no luck. Here is output from smbclient: [EMAIL PROTECTED] ~]# smbclient //mggryphont.massivegeek.local/MP3s -U MASSIVEGEEK\\mgwinxpvm1vpn -d 2 added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Password: Domain=[MASSIVEGEEK] OS=[Unix] Server=[Samba 3.0.23a-1.fc5.1] tree connect failed: NT_STATUS_ACCESS_DENIED Thank you! Nolan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't authenticate after upgrade to 3.0.23a
On Tuesday 25 July 2006 01:26, Jeremy Allison wrote: On Tue, Jul 25, 2006 at 12:34:55AM -0400, Michael W. Holdeman wrote: after upgrading from 3.0.22 to 3.0.23a I can't get at any of my shares, except public. All worked before. here is my smb.conf file. everytime I try to browse or mount any of the other shares it errors out and tells me the shares dont exist, this is with konqueror, winxp, or smb4k. Any suggestions appreciated. You have two very strange [global] settings. force user = mike security = share Why security=share ? If your global setting is such that all users are mike, why not just use the default security = user, allow guests and force all users to mike. What are you trying to achieve here ? Jeremy. I just switched to share security because I can not get any authentication with user anymore. It asks for my ID and password but will not authenticate. I have rerun smbpasswd -a mike then the password, but it will not authenticate. If I rebuild 3.0.22-r2 it will work sometimes. I would prefer user level security but can't get it to work. Mike -- Michael W. Holdeman Powered by Gentoo Linux www.gentoo.org | Kernel 2.6.15-ck2 | VMWare Workstation 5.5.1 vmware.com | Win4LinPro 6.1.1-03 win4lin.com | | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't authenticate after upgrade to 3.0.23a
On Thu, Jul 27, 2006 at 04:46:30PM -0400, Michael W. Holdeman wrote: I just switched to share security because I can not get any authentication with user anymore. It asks for my ID and password but will not authenticate. I have rerun smbpasswd -a mike then the password, but it will not authenticate. If I rebuild 3.0.22-r2 it will work sometimes. I would prefer user level security but can't get it to work. User level security is infinately preferable. Post logs from smbd with smbclient failing to connect when you have added user mike in user level security. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't authenticate after upgrade to 3.0.23a
On Thursday 27 July 2006 16:35, Jeremy Allison wrote: On Thu, Jul 27, 2006 at 04:46:30PM -0400, Michael W. Holdeman wrote: I just switched to share security because I can not get any authentication with user anymore. It asks for my ID and password but will not authenticate. I have rerun smbpasswd -a mike then the password, but it will not authenticate. If I rebuild 3.0.22-r2 it will work sometimes. I would prefer user level security but can't get it to work. User level security is infinately preferable. Post logs from smbd with smbclient failing to connect when you have added user mike in user level security. Jeremy. OK here goes. This is a laptop I use for work, I use it on 2 LAN's at 2 different jobs I have. Both access points are set up for 192.168.14.102 to lease to teh laptop as an IP. The laptop is running Gentoo, and samba is for access by VMWare and XP-pro for some legacy apps for Fire Department record keeping and reporting. The vm needs access to teh shares so teh data can be accessible to teh linux side for reporting and analysis. Kernel is 2.6.17-ck2, smb.conf is here. [global] log file = /var/log/samba/log.%m restrict anonymous = no ldap ssl = No socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 force directory mode = 1777 hosts deny = 0.0.0.0/0 force group = samba interfaces = 192.168.14.102 127.0.0.1 domain master = yes preferred master = yes os level = 99 name resolve order = wins lmhosts bcast guest ok = yes hosts allow = 127.0.0.1 192.168.14.0/24 192.168.0.0/24 192.168.111.0/24 wins support = true max protocol = NT server string = Samba Server %v remote announce = 192.168.14.255/PTFD workgroup = PTFD force create mode = 1777 server signing = Auto force user = mike preload = global firehouse qb data homes itfe max log size = 50 #bind interfaces only = yes remote browse sync = 192.168.111.255 192.168.14.102 192.168.14.107 192.168.14.108 acl compatibility = winnt security = user [homes] browseable = no read only = no write list = %u path = /home/%u force user = %u comment = Home directory for %S valid users = %u [firehouse] read only = no valid users = mike,guest read list = guest username = mike,guest,@users,@wheel,@samba write list = mike case sensitive = no msdfs proxy = no path = /home/mike/mydata/data/fh5/FH6 [itfe] read only = no valid users = mike,guest read list = guest username = mike,guest,@users,@wheel,@samba write list = mike case sensitive = no msdfs proxy = no path = /home/mike/mydata/data/itfe [qb] read only = no valid users = mike,guest read list = guest username = mike,guest,@users,@wheel,@samba write list = mike case sensitive = no msdfs proxy = no path = /home/mike/mydata/data/qb/ [public] comment = shared path = /mnt/public Error from smb4k: params.c:OpenConfFile() - Unable to open configuration file /etc/samba/smb.conf: Permission denied Can't load /etc/samba/smb.conf - run testparm to debug it Anonymous login successful 28295: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) SMB connection failed (it mounts [public] fine) log.smbd: [2006/07/27 11:15:57, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2006/07/27 11:15:57, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2006/07/27 11:20:36, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/27 11:45:24, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/27 11:47:34, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/27 19:00:18, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 (I'm not worried about the cups error right now, it works... log.nmbd: Samba server CHIEFNB is now a domain master browser for workgroup PTFD on subnet UNICAST_SUBNET * [2006/07/27 19:00:19, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(290) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup PTFD on subnet 192.168.14.102 [2006/07/27 19:00:19, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(303) become_domain_master_browser_bcast: querying subnet 192.168.14.102 for domain master browser on workgroup PTFD [2006/07/27 19:00:19, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(233) become_domain_master_query_success: There is already a domain master browser at IP 192.168.14.14 for workgroup PTFD registered on subnet 192.168.14.102. I don't understand why I dont see any errors regarding the refused connection. Access attempts from Konqueror just tells me: The file or folder smb://chiefnb/qb does not exist. This is after browsing to teh share?
Re: [Samba] can't authenticate after upgrade to 3.0.23a
On Thu, Jul 27, 2006 at 07:10:45PM -0400, Michael W. Holdeman wrote: OK here goes. This is a laptop I use for work, I use it on 2 LAN's at 2 different jobs I have. Both access points are set up for 192.168.14.102 to lease to teh laptop as an IP. The laptop is running Gentoo, and samba is for access by VMWare and XP-pro for some legacy apps for Fire Department record keeping and reporting. The vm needs access to teh shares so teh data can be accessible to teh linux side for reporting and analysis. log.smbd: [2006/07/27 11:15:57, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2006/07/27 11:15:57, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2006/07/27 11:20:36, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/27 11:45:24, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/27 11:47:34, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/27 19:00:18, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 There are no errors here. You need to repeat the experiment with smbd -d10, and just one smbclient connection. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't authenticate after upgrade to 3.0.23a
On Thursday 27 July 2006 18:50, Jeremy Allison wrote: On Thu, Jul 27, 2006 at 07:10:45PM -0400, Michael W. Holdeman wrote: OK here goes. This is a laptop I use for work, I use it on 2 LAN's at 2 different jobs I have. Both access points are set up for 192.168.14.102 to lease to teh laptop as an IP. The laptop is running Gentoo, and samba is for access by VMWare and XP-pro for some legacy apps for Fire Department record keeping and reporting. The vm needs access to teh shares so teh data can be accessible to teh linux side for reporting and analysis. log.smbd: [2006/07/27 11:15:57, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2006/07/27 11:15:57, 0] printing/print_cups.c:cups_cache_reload(85) Unable to connect to CUPS server localhost - Connection refused [2006/07/27 11:20:36, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/27 11:45:24, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/27 11:47:34, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 [2006/07/27 19:00:18, 0] smbd/server.c:main(847) smbd version 3.0.23a started. Copyright Andrew Tridgell and the Samba Team 1992-2006 There are no errors here. You need to repeat the experiment with smbd -d10, and just one smbclient connection. Jeremy. like this? log.smbd: [2006/07/27 19:39:28, 2] lib/interface.c:add_interface(81) added interface ip=192.168.14.102 bcast=192.168.14.255 nmask=255.255.255.0 [2006/07/27 19:39:28, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2006/07/27 19:39:28, 5] lib/util.c:init_names(286) Netbios name list:- my_netbios_names[0]=CHIEFNB [2006/07/27 19:39:28, 3] smbd/server.c:main(877) loaded services [2006/07/27 19:39:28, 0] smbd/server.c:main(881) standard input is not a socket, assuming -D option [2006/07/27 19:39:28, 3] smbd/server.c:main(892) Becoming a daemon. [2006/07/27 19:39:28, 8] lib/util.c:fcntl_lock(1952) fcntl_lock fd=6 op=13 offset=0 count=1 type=0 [2006/07/27 19:39:28, 3] lib/util.c:fcntl_lock(1965) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) [2006/07/27 19:39:28, 0] lib/pidfile.c:pidfile_create(93) ERROR: smbd is already running. File /var/run/samba/smbd.pid exists and process id 28221 is running. -- Michael W. Holdeman Powered by Gentoo Linux www.gentoo.org | Kernel 2.6.15-ck2 | VMWare Workstation 5.5.1 vmware.com | Win4LinPro 6.1.1-03 win4lin.com | | -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can't authenticate after upgrade to 3.0.23a
On Thu, Jul 27, 2006 at 07:42:21PM -0400, Michael W. Holdeman wrote: like this? log.smbd: [2006/07/27 19:39:28, 2] lib/interface.c:add_interface(81) added interface ip=192.168.14.102 bcast=192.168.14.255 nmask=255.255.255.0 [2006/07/27 19:39:28, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2006/07/27 19:39:28, 5] lib/util.c:init_names(286) Netbios name list:- my_netbios_names[0]=CHIEFNB [2006/07/27 19:39:28, 3] smbd/server.c:main(877) loaded services [2006/07/27 19:39:28, 0] smbd/server.c:main(881) standard input is not a socket, assuming -D option [2006/07/27 19:39:28, 3] smbd/server.c:main(892) Becoming a daemon. [2006/07/27 19:39:28, 8] lib/util.c:fcntl_lock(1952) fcntl_lock fd=6 op=13 offset=0 count=1 type=0 [2006/07/27 19:39:28, 3] lib/util.c:fcntl_lock(1965) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) [2006/07/27 19:39:28, 0] lib/pidfile.c:pidfile_create(93) ERROR: smbd is already running. File /var/run/samba/smbd.pid exists and process id 28221 is running. Getting better - but all this shows is that an smbd is already running when you try and start the smbd -d10 for the test. killall smbd first, check none is running using ps, then start smbd -d10 Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] W2K3 Domain - Can't Connect to Share?
Nolan Garrett wrote: I have a linux box, Samba 3.0.23a, that is joined to a W2K3 domain. I cannot connect to the MP3s share (all legal!) on this system - I can connect to home directories and printers. When I try to connect to MP3s as any user on the domain, I get an Access is denied message, or it prompts me for the username and password again. I am using Winbind (if that matters), so none of these accounts exist locally on the system. Here is the applicable part of my smb.conf: [MP3s] path = /home/samba/MP3s ; writeable = no browseable = yes valid users = @MASSIVEGEEK+Domain Users writeable = yes And here is the actual file permissions: drwxrwx--- 93 root domain users 4096 Jul 14 18:54 MP3s Any ideas here? I've tried connecting from several different systems (XP, 2003, Linux), with no luck. Here is output from smbclient: [EMAIL PROTECTED] ~]# smbclient //mggryphont.massivegeek.local/MP3s -U MASSIVEGEEK\\mgwinxpvm1vpn -d 2 added interface ip=192.168.0.1 bcast=192.168.0.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 Password: Domain=[MASSIVEGEEK] OS=[Unix] Server=[Samba 3.0.23a-1.fc5.1] tree connect failed: NT_STATUS_ACCESS_DENIED Thank you! Nolan Your valid users looks a little funny. Have you tried valid users = @Domain Users instead? I'm assuming that your server is a member of the domain. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] expand_file segfault compatibility with VPS and reiserfs
Hello, In regards to this thread: http://lists.samba.org/archive/samba/2005-September/58.html I might be seeing a similar compatibility with this call is on Virtuozzo based system. cat /etc/redhat-release Red Hat Linux release 9 (Shrike) uname -a Linux hostname 2.6.8-022stab078.9-enterprise #1 SMP Thu Jun 8 12:38:51 MSD 2006 i686 athlon i386 GNU/Linux mount /dev/vzfs on / type reiserfs (rw,usrquota,grpquota) vzfs on /tmp type vzfs (rw,noatime,nosuid,nodev,noexec) proc on /proc type proc (rw,nodiratime) devpts on /dev/pts type devpts (rw) And I'm getting the following in the logs: [2006/07/27 20:31:37, 0] tdb/tdbutil.c:tdb_log(783) tdb(/var/lib/samba/locking.tdb): expand_file ftruncate to 49152 failed (Permission denied) [2006/07/27 20:31:37, 0] lib/util.c:smb_panic(1592) PANIC (pid 10004): Could not store share mode entry [2006/07/27 20:31:37, 0] lib/util.c:log_stack_trace(1699) BACKTRACE: 13 stack frames: #0 smbd(log_stack_trace+0x22) [0x8229612] #1 smbd(smb_panic+0x60) [0x82294d0] #2 smbd(get_share_mode_lock+0) [0x81dab90] #3 smbd(talloc_free+0x7d) [0x822efbd] #4 smbd(open_directory+0x3d5) [0x80d5ce5] #5 smbd(reply_ntcreate_and_X+0xb36) [0x80a8976] #6 smbd [0x80e8154] #7 smbd [0x80e83bd] #8 smbd [0x80e85e5] #9 smbd(smbd_process+0x155) [0x80e9475] #10 smbd(main+0x8ed) [0x82bea1d] #11 /lib/libc.so.6(__libc_start_main+0xa9) [0x402a062d] #12 smbd(yp_get_default_domain+0xad) [0x80828d1] [2006/07/27 20:31:37, 0] lib/fault.c:dump_core(168) unable to change to /var/log/samba/cores/smbdrefusing to dump core [2006/07/27 20:31:37, 1] smbd/service.c:make_connection_snum(941) mobilez (66.108.113.197) connect to service theuser initially as user theuser (uid=2524, gid=2524) (pid 22056) Any help would be appreciated. --- Hans Zaunere / President / New York PHP www.nyphp.org / www.nyphp.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r17265 - in branches/SAMBA_4_0/source/rpc_server/netlogon: .
Author: metze Date: 2006-07-27 09:37:55 + (Thu, 27 Jul 2006) New Revision: 17265 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17265 Log: some reformatting metze Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c === --- branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2006-07-26 17:34:50 UTC (rev 17264) +++ branches/SAMBA_4_0/source/rpc_server/netlogon/dcerpc_netlogon.c 2006-07-27 09:37:55 UTC (rev 17265) @@ -55,9 +55,7 @@ } pipe_state = talloc(dce_call-context, struct server_pipe_state); - if (!pipe_state) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(pipe_state); pipe_state-client_challenge = *r-in.credentials; @@ -152,9 +150,7 @@ } creds = talloc(mem_ctx, struct creds_CredentialState); - if (!creds) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(creds); creds_server_init(creds, pipe_state-client_challenge, pipe_state-server_challenge, mach_pwd, @@ -412,9 +408,7 @@ struct netr_SamInfo6 *sam6; user_info = talloc(mem_ctx, struct auth_usersupplied_info); - if (!user_info) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(user_info); user_info-flags = 0; user_info-mapped_state = False; @@ -446,22 +440,18 @@ user_info-client.domain_name = r-in.logon.password-identity_info.domain_name.string; user_info-workstation_name = r-in.logon.password-identity_info.workstation.string; + user_info-flags |= USER_INFO_INTERACTIVE_LOGON; user_info-password_state = AUTH_PASSWORD_HASH; + user_info-password.hash.lanman = talloc(user_info, struct samr_Password); - if (!user_info-password.hash.lanman) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(user_info-password.hash.lanman); *user_info-password.hash.lanman = r-in.logon.password-lmpassword; user_info-password.hash.nt = talloc(user_info, struct samr_Password); - if (!user_info-password.hash.nt) { - return NT_STATUS_NO_MEMORY; - } + NT_STATUS_HAVE_NO_MEMORY(user_info-password.hash.nt); *user_info-password.hash.nt = r-in.logon.password-ntpassword; - user_info-flags |= USER_INFO_INTERACTIVE_LOGON; - - break; + break; case 2: case 6: @@ -491,15 +481,12 @@ NT_STATUS_NOT_OK_RETURN(nt_status); nt_status = auth_convert_server_info_sambaseinfo(mem_ctx, server_info, sam); - NT_STATUS_NOT_OK_RETURN(nt_status); /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ /* It appears that level 6 is not individually encrypted */ - if ((r-in.validation_level != 6) -memcmp(sam-key.key, zeros, - sizeof(sam-key.key)) != 0) { - + if ((r-in.validation_level != 6) + memcmp(sam-key.key, zeros, sizeof(sam-key.key)) != 0) { /* This key is sent unencrypted without the ARCFOUR flag set */ if (creds-negotiate_flags NETLOGON_NEG_ARCFOUR) { creds_arcfour_crypt(creds, @@ -510,9 +497,8 @@ /* Don't crypt an all-zero key, it would give away the NETLOGON pipe session key */ /* It appears that level 6 is not individually encrypted */ - if ((r-in.validation_level != 6) -memcmp(sam-LMSessKey.key, zeros, - sizeof(sam-LMSessKey.key)) != 0) { + if ((r-in.validation_level != 6) + memcmp(sam-LMSessKey.key, zeros, sizeof(sam-LMSessKey.key)) != 0) { if (creds-negotiate_flags NETLOGON_NEG_ARCFOUR) { creds_arcfour_crypt(creds, sam-LMSessKey.key, @@ -571,8 +557,8 @@ return nt_status; } - if (!dce_call-conn-auth_state.auth_info - || dce_call-conn-auth_state.auth_info-auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { + if (!dce_call-conn-auth_state.auth_info || + dce_call-conn-auth_state.auth_info-auth_type != DCERPC_AUTH_TYPE_SCHANNEL) { return NT_STATUS_INTERNAL_ERROR; } return netr_LogonSamLogon_base(dce_call, mem_ctx, r, creds); @@ -909,9 +895,7 @@ r-in.credential, r-out.return_authenticator,
svn commit: samba r17266 - in branches/tmp/vl-messaging/source/lib: .
Author: vlendec Date: 2006-07-27 09:40:55 + (Thu, 27 Jul 2006) New Revision: 17266 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17266 Log: In the cluster case with IP addresses, 20 bytes are not enough Modified: branches/tmp/vl-messaging/source/lib/messages_tdb.c Changeset: Modified: branches/tmp/vl-messaging/source/lib/messages_tdb.c === --- branches/tmp/vl-messaging/source/lib/messages_tdb.c 2006-07-27 09:37:55 UTC (rev 17265) +++ branches/tmp/vl-messaging/source/lib/messages_tdb.c 2006-07-27 09:40:55 UTC (rev 17266) @@ -72,7 +72,7 @@ static TDB_DATA message_key_pid(struct process_id pid) { - static char key[20]; + static char key[32]; TDB_DATA kbuf; slprintf(key, sizeof(key)-1, PID/%s, procid_str_static(pid));
svn commit: samba r17267 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: metze Date: 2006-07-27 10:02:21 + (Thu, 27 Jul 2006) New Revision: 17267 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17267 Log: - add an async interface for gensec_update() to the public gensec api - note this is still uses the sync update() hook of the gensec modules but it allows me to fix the callers first Later auth_check_password() will also get an async version, so that we can later implement an async version of auth_winbind using async IRPC to the winbind task. metze Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.c branches/SAMBA_4_0/source/auth/gensec/gensec.h Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec.c 2006-07-27 09:40:55 UTC (rev 17266) +++ branches/SAMBA_4_0/source/auth/gensec/gensec.c 2006-07-27 10:02:21 UTC (rev 17267) @@ -904,6 +904,83 @@ return gensec_security-ops-update(gensec_security, out_mem_ctx, in, out); } +struct gensec_update_request { + struct gensec_security *gensec_security; + DATA_BLOB in; + DATA_BLOB out; + NTSTATUS status; + void (*callback)(struct gensec_update_request *req, void *private_data); + void *private_data; +}; + +static void gensec_update_async_timed_handler(struct event_context *ev, struct timed_event *te, + struct timeval t, void *ptr) +{ + struct gensec_update_request *req = talloc_get_type(ptr, struct gensec_update_request); + req-status = req-gensec_security-ops-update(req-gensec_security, req, req-in, req-out); + req-callback(req, req-private_data); +} + +/** + * Next state function for the GENSEC state machine async version + * + * @param gensec_security GENSEC State + * @param in The request, as a DATA_BLOB + * @param callback The function that will be called when the operation is + * finished, it should return gensec_update_recv() to get output + * @param private_data A private pointer that will be passed to the callback function + */ + +_PUBLIC_ void gensec_update_send(struct gensec_security *gensec_security, const DATA_BLOB in, +void (*callback)(struct gensec_update_request *req, void *private_data), +void *private_data) +{ + struct gensec_update_request *req = NULL; + struct timed_event *te = NULL; + + req = talloc(gensec_security, struct gensec_update_request); + if (!req) goto failed; + req-gensec_security= gensec_security; + req-in = in; + req-out= data_blob(NULL, 0); + req-callback = callback; + req-private_data = private_data; + + te = event_add_timed(gensec_security-event_ctx, req, +timeval_zero(), +gensec_update_async_timed_handler, req); + if (!te) goto failed; + + return; + +failed: + talloc_free(req); + callback(NULL, private_data); +} + +/** + * Next state function for the GENSEC state machine + * + * @param req GENSEC update request state + * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on + * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx + * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent, + *or NT_STATUS_OK if the user is authenticated. + */ +_PUBLIC_ NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_CTX *out_mem_ctx, DATA_BLOB *out) +{ + NTSTATUS status; + + NT_STATUS_HAVE_NO_MEMORY(req); + + *out = req-out; + talloc_steal(out_mem_ctx, out-data); + status = req-status; + + talloc_free(req); + return status; +} + /** * Set the requirement for a certain feature on the connection * Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.h === --- branches/SAMBA_4_0/source/auth/gensec/gensec.h 2006-07-27 09:40:55 UTC (rev 17266) +++ branches/SAMBA_4_0/source/auth/gensec/gensec.h 2006-07-27 10:02:21 UTC (rev 17267) @@ -33,6 +33,7 @@ #define GENSEC_OID_KERBEROS5_USER2USER 1 2 840 113554 1 2 2 3 struct gensec_security; +struct gensec_update_request; struct gensec_target { const char *principal; const char *hostname;
svn commit: samba r17268 - in branches/SAMBA_4_0/source/smb_server/smb2: .
Author: metze Date: 2006-07-27 10:03:54 + (Thu, 27 Jul 2006) New Revision: 17268 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17268 Log: change the smb2 session setup to use the new gensec_update_send/recv() api metze Modified: branches/SAMBA_4_0/source/smb_server/smb2/sesssetup.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/smb2/sesssetup.c === --- branches/SAMBA_4_0/source/smb_server/smb2/sesssetup.c 2006-07-27 10:02:21 UTC (rev 17267) +++ branches/SAMBA_4_0/source/smb_server/smb2/sesssetup.c 2006-07-27 10:03:54 UTC (rev 17268) @@ -28,11 +28,78 @@ #include smb_server/smb2/smb2_server.h #include smbd/service_stream.h -static NTSTATUS smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_sesssetup *io) +static void smb2srv_sesssetup_send(struct smb2srv_request *req, union smb_sesssetup *io) { + uint16_t unknown1; + + if (NT_STATUS_IS_OK(req-status)) { + unknown1 = 0x0003; + } else if (NT_STATUS_EQUAL(req-status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + unknown1 = 0x0002; + } else { + smb2srv_send_error(req, req-status); + return; + } + + SMB2SRV_CHECK(smb2srv_setup_reply(req, 0x08, True, io-smb2.out.secblob.length)); + + SSVAL(req-out.hdr, SMB2_HDR_UNKNOWN1, unknown1); + SBVAL(req-out.hdr, SMB2_HDR_UID, io-smb2.out.uid); + + SSVAL(req-out.body, 0x02, io-smb2.out._pad); + SMB2SRV_CHECK(smb2_push_o16s16_blob(req-out, 0x04, io-smb2.out.secblob)); + + smb2srv_send_reply(req); +} + +struct smb2srv_sesssetup_callback_ctx { + struct smb2srv_request *req; + union smb_sesssetup *io; + struct smbsrv_session *smb_sess; +}; + +static void smb2srv_sesssetup_callback(struct gensec_update_request *greq, void *private_data) +{ + struct smb2srv_sesssetup_callback_ctx *ctx = talloc_get_type(private_data, +struct smb2srv_sesssetup_callback_ctx); + struct smb2srv_request *req = ctx-req; + union smb_sesssetup *io = ctx-io; + struct smbsrv_session *smb_sess = ctx-smb_sess;; + struct auth_session_info *session_info = NULL; NTSTATUS status; + + status = gensec_update_recv(greq, req, io-smb2.out.secblob); + if (NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + goto done; + } else if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + status = gensec_session_info(smb_sess-gensec_ctx, session_info); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + /* Ensure this is marked as a 'real' vuid, not one +* simply valid for the session setup leg */ + status = smbsrv_session_sesssetup_finished(smb_sess, session_info); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + req-session = smb_sess; + +done: + io-smb2.out.uid = smb_sess-vuid; +failed: + req-status = auth_nt_status_squash(status); + smb2srv_sesssetup_send(req, io); +} + +static void smb2srv_sesssetup_backend(struct smb2srv_request *req, union smb_sesssetup *io) +{ + NTSTATUS status; + struct smb2srv_sesssetup_callback_ctx *callback_ctx; struct smbsrv_session *smb_sess = NULL; - struct auth_session_info *session_info = NULL; uint64_t vuid; io-smb2.out._pad = 0; @@ -51,7 +118,7 @@ req-smb_conn-connection-event.ctx); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, (Failed to start GENSEC server code: %s\n, nt_errstr(status))); - return status; + goto failed; } gensec_set_credentials(gensec_ctx, req-smb_conn-negotiate.server_credentials); @@ -63,12 +130,15 @@ status = gensec_start_mech_by_oid(gensec_ctx, GENSEC_OID_SPNEGO); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, (Failed to start GENSEC SPNEGO server code: %s\n, nt_errstr(status))); - return status; + goto failed; } /* allocate a new session */ smb_sess = smbsrv_session_new(req-smb_conn, gensec_ctx); - NT_STATUS_HAVE_NO_MEMORY(smb_sess); + if (!smb_sess) { + status = NT_STATUS_INSUFFICIENT_RESOURCES; + goto failed; + } status = smbsrv_smb2_init_tcons(smb_sess); if (!NT_STATUS_IS_OK(status)) { goto failed; @@ -79,7 +149,8 @@ } if (!smb_sess) { - return NT_STATUS_USER_SESSION_DELETED; + status = NT_STATUS_USER_SESSION_DELETED; +
svn commit: samba r17269 - in branches/tmp/vl-messaging/source: lib tdb
Author: ab Date: 2006-07-27 10:32:12 + (Thu, 27 Jul 2006) New Revision: 17269 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17269 Log: Several modifications inspired by Volker's comments: - packing/unpacking functions are replaced by tdb_pack/unpack - lockd messages registration is moved to dbwrap_msg module - unlocking destructor added in db_msg_fetch_locked patches from Aleksey Fedoseev Modified: branches/tmp/vl-messaging/source/lib/dbwrap_msg.c branches/tmp/vl-messaging/source/lib/messages_socket.c branches/tmp/vl-messaging/source/lib/messages_stream.c branches/tmp/vl-messaging/source/tdb/tdbutil.c Changeset: Sorry, the patch is too large (545 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17269
svn commit: samba r17270 - in branches/SAMBA_4_0/source/auth: .
Author: metze Date: 2006-07-27 11:24:18 + (Thu, 27 Jul 2006) New Revision: 17270 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17270 Log: split the logic of saying this auth backend wants to handle this request from the password checking. This will help to make the password checking hook async later metze Modified: branches/SAMBA_4_0/source/auth/auth.c branches/SAMBA_4_0/source/auth/auth.h branches/SAMBA_4_0/source/auth/auth_anonymous.c branches/SAMBA_4_0/source/auth/auth_developer.c branches/SAMBA_4_0/source/auth/auth_sam.c branches/SAMBA_4_0/source/auth/auth_unix.c branches/SAMBA_4_0/source/auth/auth_winbind.c Changeset: Modified: branches/SAMBA_4_0/source/auth/auth.c === --- branches/SAMBA_4_0/source/auth/auth.c 2006-07-27 10:32:12 UTC (rev 17269) +++ branches/SAMBA_4_0/source/auth/auth.c 2006-07-27 11:24:18 UTC (rev 17270) @@ -174,16 +174,20 @@ for (method = auth_ctx-methods; method; method = method-next) { NTSTATUS result; - result = method-ops-check_password(method, mem_ctx, user_info, server_info); - - /* check if the module did anything */ - if (!NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) { - method_name = method-ops-name; - nt_status = result; - break; + /* check if the module wants to chek the password */ + result = method-ops-want_check(method, mem_ctx, user_info); + if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) { + DEBUG(11,(auth_check_password: %s had nothing to say\n, method-ops-name)); + continue; } - DEBUG(11,(auth_check_password: %s had nothing to say\n, method-ops-name)); + method_name = method-ops-name; + nt_status = result; + + if (!NT_STATUS_IS_OK(nt_status)) break; + + nt_status = method-ops-check_password(method, mem_ctx, user_info, server_info); + break; } if (!NT_STATUS_IS_OK(nt_status)) { Modified: branches/SAMBA_4_0/source/auth/auth.h === --- branches/SAMBA_4_0/source/auth/auth.h 2006-07-27 10:32:12 UTC (rev 17269) +++ branches/SAMBA_4_0/source/auth/auth.h 2006-07-27 11:24:18 UTC (rev 17270) @@ -35,7 +35,8 @@ /* version 2 - initial samba4 version - metze */ /* version 3 - subsequent samba4 version - abartlet */ /* version 4 - subsequent samba4 version - metze */ -#define AUTH_INTERFACE_VERSION 4 +/* version 0 - till samba4 is stable - metze */ +#define AUTH_INTERFACE_VERSION 0 #define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */ #define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */ @@ -134,6 +135,11 @@ NTSTATUS (*get_challenge)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *challenge); + /* Given the user supplied info, check if this backend want to handle the password checking */ + + NTSTATUS (*want_check)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info); + /* Given the user supplied info, check a password */ NTSTATUS (*check_password)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, Modified: branches/SAMBA_4_0/source/auth/auth_anonymous.c === --- branches/SAMBA_4_0/source/auth/auth_anonymous.c 2006-07-27 10:32:12 UTC (rev 17269) +++ branches/SAMBA_4_0/source/auth/auth_anonymous.c 2006-07-27 11:24:18 UTC (rev 17270) @@ -30,21 +30,36 @@ * anonymou logons to be dealt with in one place. Non-anonymou logons 'fail' * and pass onto the next module. **/ +static NTSTATUS anonymous_want_check(struct auth_method_context *ctx, +TALLOC_CTX *mem_ctx, +const struct auth_usersupplied_info *user_info) +{ + if (user_info-client.account_name *user_info-client.account_name) { + return NT_STATUS_NOT_IMPLEMENTED; + } + + return NT_STATUS_OK; +} + +/** + * Return a anonymous logon for anonymous users (username = ) + * + * Typically used as the first module in the auth chain, this allows + * anonymou logons to be dealt with in one place. Non-anonymou logons 'fail' + * and pass onto the next module. + **/ static NTSTATUS anonymous_check_password(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **_server_info) { - if
svn commit: samba r17271 - in branches: SAMBA_3_0/source/passdb SAMBA_3_0_23/source/passdb
Author: jerry Date: 2006-07-27 12:20:19 + (Thu, 27 Jul 2006) New Revision: 17271 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17271 Log: Fix a regression in the ldapsam uri syntax. Allow multiple LDAP URIs to be grouped by Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c branches/SAMBA_3_0_23/source/passdb/pdb_ldap.c Changeset: Modified: branches/SAMBA_3_0/source/passdb/pdb_ldap.c === --- branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-07-27 11:24:18 UTC (rev 17270) +++ branches/SAMBA_3_0/source/passdb/pdb_ldap.c 2006-07-27 12:20:19 UTC (rev 17271) @@ -5492,15 +5492,15 @@ struct ldapsam_privates *ldap_state; char *uri = talloc_strdup( NULL, location ); - if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common( pdb_method, uri ))) { + trim_char( uri, '\', '\' ); + nt_status = pdb_init_ldapsam_common( pdb_method, uri ); + if ( uri ) + TALLOC_FREE( uri ); + + if ( !NT_STATUS_IS_OK(nt_status) ) { return nt_status; } - /* the module itself stores a copy of the location so throw this one away */ - - if ( uri ) - TALLOC_FREE( uri ); - (*pdb_method)-name = ldapsam_compat; ldap_state = (struct ldapsam_privates *)((*pdb_method)-private_data); @@ -5527,8 +5527,13 @@ DOM_SID secrets_domain_sid; pstring domain_sid_string; char *dn; + char *uri = talloc_strdup( NULL, location ); - nt_status = pdb_init_ldapsam_common(pdb_method, location); + trim_char( uri, '\', '\' ); + nt_status = pdb_init_ldapsam_common(pdb_method, uri); + if ( uri ) + TALLOC_FREE( uri ); + if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } Modified: branches/SAMBA_3_0_23/source/passdb/pdb_ldap.c === --- branches/SAMBA_3_0_23/source/passdb/pdb_ldap.c 2006-07-27 11:24:18 UTC (rev 17270) +++ branches/SAMBA_3_0_23/source/passdb/pdb_ldap.c 2006-07-27 12:20:19 UTC (rev 17271) @@ -5489,15 +5489,15 @@ struct ldapsam_privates *ldap_state; char *uri = talloc_strdup( NULL, location ); - if (!NT_STATUS_IS_OK(nt_status = pdb_init_ldapsam_common( pdb_method, uri ))) { + trim_char( uri, '\', '\' ); + nt_status = pdb_init_ldapsam_common( pdb_method, uri ); + if ( uri ) + TALLOC_FREE( uri ); + + if ( !NT_STATUS_IS_OK(nt_status) ) { return nt_status; } - /* the module itself stores a copy of the location so throw this one away */ - - if ( uri ) - TALLOC_FREE( uri ); - (*pdb_method)-name = ldapsam_compat; ldap_state = (*pdb_method)-private_data; @@ -5524,8 +5524,13 @@ DOM_SID secrets_domain_sid; pstring domain_sid_string; char *dn; + char *uri = talloc_strdup( NULL, location ); - nt_status = pdb_init_ldapsam_common(pdb_method, location); + trim_char( uri, '\', '\' ); + nt_status = pdb_init_ldapsam_common(pdb_method, uri); + if ( uri ) + TALLOC_FREE( uri ); + if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; }
svn commit: samba r17272 - in branches/SAMBA_4_0/source/auth/gensec: .
Author: metze Date: 2006-07-27 12:59:41 + (Thu, 27 Jul 2006) New Revision: 17272 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17272 Log: move the callback stuff into a substructure metze Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.c Changeset: Modified: branches/SAMBA_4_0/source/auth/gensec/gensec.c === --- branches/SAMBA_4_0/source/auth/gensec/gensec.c 2006-07-27 12:20:19 UTC (rev 17271) +++ branches/SAMBA_4_0/source/auth/gensec/gensec.c 2006-07-27 12:59:41 UTC (rev 17272) @@ -909,8 +909,10 @@ DATA_BLOB in; DATA_BLOB out; NTSTATUS status; - void (*callback)(struct gensec_update_request *req, void *private_data); - void *private_data; + struct { + void (*fn)(struct gensec_update_request *req, void *private_data); + void *private_data; + } callback; }; static void gensec_update_async_timed_handler(struct event_context *ev, struct timed_event *te, @@ -918,7 +920,7 @@ { struct gensec_update_request *req = talloc_get_type(ptr, struct gensec_update_request); req-status = req-gensec_security-ops-update(req-gensec_security, req, req-in, req-out); - req-callback(req, req-private_data); + req-callback.fn(req, req-callback.private_data); } /** @@ -940,11 +942,11 @@ req = talloc(gensec_security, struct gensec_update_request); if (!req) goto failed; - req-gensec_security= gensec_security; - req-in = in; - req-out= data_blob(NULL, 0); - req-callback = callback; - req-private_data = private_data; + req-gensec_security= gensec_security; + req-in = in; + req-out= data_blob(NULL, 0); + req-callback.fn= callback; + req-callback.private_data = private_data; te = event_add_timed(gensec_security-event_ctx, req, timeval_zero(),
svn commit: samba r17273 - in branches/SAMBA_4_0/source/auth: .
Author: metze Date: 2006-07-27 13:02:27 + (Thu, 27 Jul 2006) New Revision: 17273 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17273 Log: add an async version of auth_check_password() on the public auth interface and implement the sync version as wrapper to auth_check_password_send/recv() as next all callers need to be converted to the async interface and then the modules metze Modified: branches/SAMBA_4_0/source/auth/auth.c branches/SAMBA_4_0/source/auth/auth.h Changeset: Modified: branches/SAMBA_4_0/source/auth/auth.c === --- branches/SAMBA_4_0/source/auth/auth.c 2006-07-27 12:59:41 UTC (rev 17272) +++ branches/SAMBA_4_0/source/auth/auth.c 2006-07-27 13:02:27 UTC (rev 17273) @@ -21,7 +21,6 @@ #include includes.h #include dlinklist.h -#include lib/ldb/include/ldb.h #include auth/auth.h #include lib/events/events.h #include build.h @@ -104,8 +103,25 @@ return NT_STATUS_OK; } +struct auth_check_password_sync_state { + BOOL finished; + NTSTATUS status; + struct auth_serversupplied_info *server_info; +}; + +static void auth_check_password_sync_callback(struct auth_check_password_request *req, + void *private_data) +{ + struct auth_check_password_sync_state *s = talloc_get_type(private_data, + struct auth_check_password_sync_state); + + s-finished = True; + s-status = auth_check_password_recv(req, s, s-server_info); +} + /** * Check a user's Plaintext, LM or NTLM password. + * (sync version) * * Check a user's password, as given in the user_info struct and return various * interesting details in the server_info struct. @@ -114,13 +130,15 @@ * struct. When the return is other than NT_STATUS_OK the contents * of that structure is undefined. * - * @param user_info Contains the user supplied components, including the passwords. - * - * @param auth_context Supplies the challenges and some other data. - * Must be created with make_auth_context(), and the challenges should be + * @param auth_ctx Supplies the challenges and some other data. + * Must be created with auth_context_create(), and the challenges should be * filled in, either at creation or by calling the challenge geneation * function auth_get_challenge(). * + * @param user_info Contains the user supplied components, including the passwords. + * + * @param mem_ctx The parent memory context for the server_info structure + * * @param server_info If successful, contains information about the authentication, *including a SAM_ACCOUNT struct describing the user. * @@ -133,74 +151,209 @@ const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { + struct auth_check_password_sync_state *sync_state; + NTSTATUS status; + + DEBUG(3, (auth_check_password: Checking password for unmapped user [EMAIL PROTECTED], + user_info-client.domain_name, user_info-client.account_name, user_info-workstation_name)); + + sync_state = talloc_zero(auth_ctx, struct auth_check_password_sync_state); + NT_STATUS_HAVE_NO_MEMORY(sync_state); + + auth_check_password_send(auth_ctx, user_info, auth_check_password_sync_callback, sync_state); + + while (!sync_state-finished) { + event_loop_once(auth_ctx-event_ctx); + } + + status = sync_state-status; + + if (NT_STATUS_IS_OK(status)) { + *server_info = talloc_steal(mem_ctx, sync_state-server_info); + + DEBUG(5,(auth_check_password: authentication for user [%s\\%s] succeeded\n, +(*server_info)-domain_name, (*server_info)-account_name)); + } else { + DEBUG(2,(auth_check_password: authentication for user [%s\\%s] FAILED with error %s\n, +user_info-mapped.domain_name, user_info-mapped.account_name, +nt_errstr(status))); + } + + talloc_free(sync_state); + return status; +} + +struct auth_check_password_request { + struct auth_context *auth_ctx; + const struct auth_usersupplied_info *user_info; + struct auth_serversupplied_info *server_info; + struct auth_method_context *method; + NTSTATUS status; + struct { + void (*fn)(struct auth_check_password_request *req, void *private_data); + void *private_data; + } callback; +}; + +static void auth_check_password_async_timed_handler(struct event_context *ev, struct timed_event *te, + struct timeval t, void *ptr) +{ + struct auth_check_password_request
svn commit: samba r17274 - in branches/SAMBA_4_0/source/smb_server/smb: .
Author: metze Date: 2006-07-27 14:19:51 + (Thu, 27 Jul 2006) New Revision: 17274 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17274 Log: fix typos metze Modified: branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c === --- branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c2006-07-27 13:02:27 UTC (rev 17273) +++ branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c2006-07-27 14:19:51 UTC (rev 17274) @@ -271,8 +271,8 @@ sess-spnego.out.workgroup); if (!req-smb_conn-negotiate.done_sesssetup) { - req-smb_conn-negotiate.max_send = sess-nt1.in.bufsize; - req-smb_conn-negotiate.client_caps = sess-nt1.in.capabilities; + req-smb_conn-negotiate.max_send = sess-spnego.in.bufsize; + req-smb_conn-negotiate.client_caps = sess-spnego.in.capabilities; } vuid = SVAL(req-in.hdr,HDR_UID);
svn commit: samba r17275 - in branches/SAMBA_4_0/source/param: .
Author: metze Date: 2006-07-27 14:47:28 + (Thu, 27 Jul 2006) New Revision: 17275 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17275 Log: ignore generated header metze Modified: branches/SAMBA_4_0/source/param/ Changeset: Property changes on: branches/SAMBA_4_0/source/param ___ Name: svn:ignore - *.pc proto.h *.d *.po32 *.po + *.pc proto.h *.d *.po32 *.po share_proto.h
svn commit: samba r17276 - in branches/SAMBA_3_0/source/locking: .
Author: jra Date: 2006-07-27 15:23:46 + (Thu, 27 Jul 2006) New Revision: 17276 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17276 Log: Don't change the POSIX lock ref count if posix locking = no. Jeremy. Modified: branches/SAMBA_3_0/source/locking/brlock.c Changeset: Modified: branches/SAMBA_3_0/source/locking/brlock.c === --- branches/SAMBA_3_0/source/locking/brlock.c 2006-07-27 14:47:28 UTC (rev 17275) +++ branches/SAMBA_3_0/source/locking/brlock.c 2006-07-27 15:23:46 UTC (rev 17276) @@ -1326,8 +1326,8 @@ } } - if (num_deleted_windows_locks) { - /* Reduce the Windows lock reference count on this dev/ino pair. */ + if(lp_posix_locking(fsp-conn-cnum) num_deleted_windows_locks) { + /* Reduce the Windows lock POSIX reference count on this dev/ino pair. */ reduce_windows_lock_ref_count(fsp, num_deleted_windows_locks); } }
svn commit: samba r17277 - in branches/SAMBA_4_0/source/libcli/smb_composite: .
Author: metze Date: 2006-07-27 16:20:59 + (Thu, 27 Jul 2006) New Revision: 17277 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17277 Log: we need to trigger an event when we return directly, otherwise the callers callback function will not be called and the caller is hanging forever... metze Modified: branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c === --- branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-07-27 15:23:46 UTC (rev 17276) +++ branches/SAMBA_4_0/source/libcli/smb_composite/sesssetup.c 2006-07-27 16:20:59 UTC (rev 17277) @@ -462,7 +462,7 @@ /* no session setup at all in earliest protocol varients */ if (session-transport-negotiate.protocol PROTOCOL_LANMAN1) { ZERO_STRUCT(io-out); - c-state = COMPOSITE_STATE_DONE; + composite_done(c); return c; }
svn commit: samba r17278 - in branches/SAMBA_4_0/source/libcli: .
Author: metze Date: 2006-07-27 16:44:59 + (Thu, 27 Jul 2006) New Revision: 17278 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17278 Log: fix un uninitialized value found by valgrind metze Modified: branches/SAMBA_4_0/source/libcli/clilist.c Changeset: Modified: branches/SAMBA_4_0/source/libcli/clilist.c === --- branches/SAMBA_4_0/source/libcli/clilist.c 2006-07-27 16:20:59 UTC (rev 17277) +++ branches/SAMBA_4_0/source/libcli/clilist.c 2006-07-27 16:44:59 UTC (rev 17278) @@ -274,6 +274,7 @@ state.mem_ctx = talloc_init(smbcli_list_old); state.dirlist_len = 0; state.total_received = 0; + state.data_level = RAW_SEARCH_DATA_SEARCH; state.dirlist = talloc_new(state.mem_ctx); mask = talloc_strdup(state.mem_ctx, Mask);
svn commit: samba r17279 - in branches/SAMBA_3_0/source/locking: .
Author: vlendec Date: 2006-07-27 17:23:57 + (Thu, 27 Jul 2006) New Revision: 17279 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17279 Log: conn-cnum is the tid we've given to the client. This has nothing to do with our internal share number. Funny that it worked at all :-) Volker Modified: branches/SAMBA_3_0/source/locking/brlock.c Changeset: Modified: branches/SAMBA_3_0/source/locking/brlock.c === --- branches/SAMBA_3_0/source/locking/brlock.c 2006-07-27 16:44:59 UTC (rev 17278) +++ branches/SAMBA_3_0/source/locking/brlock.c 2006-07-27 17:23:57 UTC (rev 17279) @@ -792,7 +792,7 @@ br_lck-modified = True; /* Unlock the underlying POSIX regions. */ - if(lp_posix_locking(br_lck-fsp-conn-cnum)) { + if(lp_posix_locking(SNUM(br_lck-fsp-conn))) { release_posix_lock_windows_flavour(br_lck-fsp, plock-start, plock-size, @@ -943,7 +943,7 @@ } /* Unlock any POSIX regions. */ - if(lp_posix_locking(br_lck-fsp-conn-cnum)) { + if(lp_posix_locking(SNUM(br_lck-fsp-conn))) { release_posix_lock_posix_flavour(br_lck-fsp, plock-start, plock-size, @@ -1069,7 +1069,7 @@ * This only conflicts with Windows locks, not POSIX locks. */ - if(lp_posix_locking(fsp-conn-cnum) (lock_flav == WINDOWS_LOCK)) { + if(lp_posix_locking(SNUM(fsp-conn)) (lock_flav == WINDOWS_LOCK)) { ret = is_posix_locked(fsp, start, size, lock_type, WINDOWS_LOCK); DEBUG(10,(brl_locktest: posix start=%.0f len=%.0f %s for fnum %d file %s\n, @@ -1135,7 +1135,7 @@ * see if there is a POSIX lock from a UNIX or NFS process. */ - if(lp_posix_locking(fsp-conn-cnum)) { + if(lp_posix_locking(SNUM(fsp-conn))) { BOOL ret = is_posix_locked(fsp, pstart, psize, plock_type, POSIX_LOCK); DEBUG(10,(brl_lockquery: posix start=%.0f len=%.0f %s for fnum %d file %s\n, @@ -1218,7 +1218,7 @@ struct process_id pid = procid_self(); BOOL unlock_individually = False; - if(lp_posix_locking(fsp-conn-cnum)) { + if(lp_posix_locking(SNUM(fsp-conn))) { /* Check if there are any Windows locks associated with this dev/ino pair that are not this fnum. If so we need to call unlock on each @@ -1326,7 +1326,7 @@ } } - if(lp_posix_locking(fsp-conn-cnum) num_deleted_windows_locks) { + if(lp_posix_locking(SNUM(fsp-conn)) num_deleted_windows_locks) { /* Reduce the Windows lock POSIX reference count on this dev/ino pair. */ reduce_windows_lock_ref_count(fsp, num_deleted_windows_locks); }
svn commit: samba r17280 - in branches/SAMBA_4_0/source/smb_server/smb: .
Author: metze Date: 2006-07-27 18:06:09 + (Thu, 27 Jul 2006) New Revision: 17280 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17280 Log: NT_STATUS_INVALID_HANDLE maps to ERRbadfid, which is wrong in this places, so only overwrite ERRbaduid and ERRinvnid when NTSTATUS support is given. metze Modified: branches/SAMBA_4_0/source/smb_server/smb/receive.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/smb/receive.c === --- branches/SAMBA_4_0/source/smb_server/smb/receive.c 2006-07-27 17:23:57 UTC (rev 17279) +++ branches/SAMBA_4_0/source/smb_server/smb/receive.c 2006-07-27 18:06:09 UTC (rev 17280) @@ -501,16 +501,19 @@ /* see if the vuid is valid */ if ((flags NEED_SESS) !req-session) { + status = NT_STATUS_DOS(ERRSRV, ERRbaduid); /* amazingly, the error code depends on the command */ switch (type) { - case SMBntcreateX: - case SMBntcancel: - case SMBulogoffX: - status = NT_STATUS_DOS(ERRSRV, ERRbaduid); - break; - default: + case SMBntcreateX: + case SMBntcancel: + case SMBulogoffX: + break; + default: + if (req-smb_conn-config.nt_status_support + req-smb_conn-negotiate.client_caps CAP_STATUS32) { status = NT_STATUS_INVALID_HANDLE; - break; + } + break; } /* * TODO: @@ -530,16 +533,19 @@ /* does this protocol need a valid tree connection? */ if ((flags NEED_TCON) !req-tcon) { + status = NT_STATUS_DOS(ERRSRV, ERRinvnid); /* amazingly, the error code depends on the command */ switch (type) { - case SMBntcreateX: - case SMBntcancel: - case SMBtdis: - status = NT_STATUS_DOS(ERRSRV, ERRinvnid); - break; - default: + case SMBntcreateX: + case SMBntcancel: + case SMBtdis: + break; + default: + if (req-smb_conn-config.nt_status_support + req-smb_conn-negotiate.client_caps CAP_STATUS32) { status = NT_STATUS_INVALID_HANDLE; - break; + } + break; } /* * TODO:
svn commit: samba r17281 - in branches/SAMBA_4_0/source/lib/cmdline: .
Author: metze Date: 2006-07-27 18:08:12 + (Thu, 27 Jul 2006) New Revision: 17281 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17281 Log: we now have client/server max protol metze Modified: branches/SAMBA_4_0/source/lib/cmdline/popt_common.c Changeset: Modified: branches/SAMBA_4_0/source/lib/cmdline/popt_common.c === --- branches/SAMBA_4_0/source/lib/cmdline/popt_common.c 2006-07-27 18:06:09 UTC (rev 17280) +++ branches/SAMBA_4_0/source/lib/cmdline/popt_common.c 2006-07-27 18:08:12 UTC (rev 17281) @@ -118,7 +118,7 @@ break; case 'm': - lp_set_cmdline(max protocol, arg); + lp_set_cmdline(client max protocol, arg); break; case 'R':
svn commit: samba r17282 - in branches/SAMBA_4_0/source/script/tests: .
Author: metze Date: 2006-07-27 18:10:56 + (Thu, 27 Jul 2006) New Revision: 17282 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17282 Log: test some simple operation with the LANMAN1 and LANMAN2 protocol, that finally tests our RAW_SESSSETUP_OLD code metze Modified: branches/SAMBA_4_0/source/script/tests/test_smbclient.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/test_smbclient.sh === --- branches/SAMBA_4_0/source/script/tests/test_smbclient.sh2006-07-27 18:08:12 UTC (rev 17281) +++ branches/SAMBA_4_0/source/script/tests/test_smbclient.sh2006-07-27 18:10:56 UTC (rev 17282) @@ -16,7 +16,9 @@ failed=0 runcmd() { - testit $1 bin/smbclient //$SERVER/tmp -W $DOMAIN -U$USERNAME%$PASSWORD + name=$1 + shift + testit $name bin/smbclient //$SERVER/tmp -W $DOMAIN -U$USERNAME%$PASSWORD $@ } incdir=`dirname $0` @@ -79,6 +81,10 @@ # remove that file echo rm tmpfilex | runcmd Removing file || failed=`expr $failed + 1` +# do some simple operations using old protocol versions +echo ls | runcmd List directory with LANMAN1 -m LANMAN1 || failed=`expr $failed + 1` +echo ls | runcmd List directory with LANMAN2 -m LANMAN2 || failed=`expr $failed + 1` + rm -f tmpfile tmpfile-old tmpfilex testok $0 $failed
svn commit: samba r17283 - in branches/SAMBA_4_0/source/smb_server/smb: .
Author: metze Date: 2006-07-27 19:07:15 + (Thu, 27 Jul 2006) New Revision: 17283 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17283 Log: use the async calls of auth_check_password() and gensec_update() in the smb server. metze Modified: branches/SAMBA_4_0/source/smb_server/smb/reply.c branches/SAMBA_4_0/source/smb_server/smb/sesssetup.c Changeset: Sorry, the patch is too large (835 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17283
svn commit: samba r17284 - in branches/SAMBA_4_0/source/auth/ntlmssp: .
Author: metze Date: 2006-07-27 19:20:57 + (Thu, 27 Jul 2006) New Revision: 17284 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17284 Log: move the input checking stuff from ntlmssp_update() into its own function. metze Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c Changeset: Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c2006-07-27 19:07:15 UTC (rev 17283) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c2006-07-27 19:20:57 UTC (rev 17284) @@ -108,29 +108,13 @@ } } -/** - * Next state function for the wrapped NTLMSSP state machine - * - * @param gensec_security GENSEC state, initialised to NTLMSSP - * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on - * @param in The request, as a DATA_BLOB - * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx - * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent, - *or NT_STATUS_OK if the user is authenticated. - */ - -static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, - TALLOC_CTX *out_mem_ctx, - const DATA_BLOB input, DATA_BLOB *out) +static NTSTATUS gensec_ntlmssp_update_find(struct gensec_ntlmssp_state *gensec_ntlmssp_state, + const DATA_BLOB input, uint32_t *idx) { - struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security-private_data; - NTSTATUS status; - + struct gensec_security *gensec_security = gensec_ntlmssp_state-gensec_security; uint32_t ntlmssp_command; - int i; + uint32_t i; - *out = data_blob(NULL, 0); - if (gensec_ntlmssp_state-expected_state == NTLMSSP_DONE) { /* We are strict here because other modules, which we * don't fully control (such as GSSAPI) are also @@ -140,12 +124,6 @@ return NT_STATUS_INVALID_PARAMETER; } - if (!out_mem_ctx) { - /* if the caller doesn't want to manage/own the memory, - we can put it on our context */ - out_mem_ctx = gensec_ntlmssp_state; - } - if (!input.length) { switch (gensec_ntlmssp_state-role) { case NTLMSSP_CLIENT: @@ -179,27 +157,53 @@ } for (i=0; i ARRAY_SIZE(ntlmssp_callbacks); i++) { - if (ntlmssp_callbacks[i].role == gensec_ntlmssp_state-role -ntlmssp_callbacks[i].ntlmssp_command == ntlmssp_command) { - status = ntlmssp_callbacks[i].fn(gensec_security, out_mem_ctx, input, out); - break; + if (ntlmssp_callbacks[i].role == gensec_ntlmssp_state-role + ntlmssp_callbacks[i].ntlmssp_command == ntlmssp_command) { + *idx = i; + return NT_STATUS_OK; } } - if (i == ARRAY_SIZE(ntlmssp_callbacks)) { + DEBUG(1, (failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n, + gensec_ntlmssp_state-role, ntlmssp_command)); - DEBUG(1, (failed to find NTLMSSP callback for NTLMSSP mode %u, command %u\n, - gensec_ntlmssp_state-role, ntlmssp_command)); - - return NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_INVALID_PARAMETER; +} + +/** + * Next state function for the wrapped NTLMSSP state machine + * + * @param gensec_security GENSEC state, initialised to NTLMSSP + * @param out_mem_ctx The TALLOC_CTX for *out to be allocated on + * @param in The request, as a DATA_BLOB + * @param out The reply, as an talloc()ed DATA_BLOB, on *out_mem_ctx + * @return Error, MORE_PROCESSING_REQUIRED if a reply is sent, + *or NT_STATUS_OK if the user is authenticated. + */ + +static NTSTATUS gensec_ntlmssp_update(struct gensec_security *gensec_security, + TALLOC_CTX *out_mem_ctx, + const DATA_BLOB input, DATA_BLOB *out) +{ + struct gensec_ntlmssp_state *gensec_ntlmssp_state = gensec_security-private_data; + NTSTATUS status; + uint32_t i; + + *out = data_blob(NULL, 0); + + if (!out_mem_ctx) { + /* if the caller doesn't want to manage/own the memory, + we can put it on our context */ + out_mem_ctx = gensec_ntlmssp_state; } - if (!NT_STATUS_IS_OK(status)) { - /* error or more processing required */ - return status; - } + status = gensec_ntlmssp_update_find(gensec_ntlmssp_state, input, i); + NT_STATUS_NOT_OK_RETURN(status); + + status =
svn commit: samba r17285 - in branches/SAMBA_4_0/source/auth/ntlmssp: .
Author: metze Date: 2006-07-27 19:33:15 + (Thu, 27 Jul 2006) New Revision: 17285 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17285 Log: some reformating metze Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c Changeset: Modified: branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c === --- branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c2006-07-27 19:20:57 UTC (rev 17284) +++ branches/SAMBA_4_0/source/auth/ntlmssp/ntlmssp.c2006-07-27 19:33:15 UTC (rev 17285) @@ -35,15 +35,28 @@ static const struct ntlmssp_callbacks { enum ntlmssp_role role; - enum ntlmssp_message_type ntlmssp_command; - NTSTATUS (*fn)(struct gensec_security *gensec_security, - TALLOC_CTX *out_mem_ctx, - DATA_BLOB in, DATA_BLOB *out); + enum ntlmssp_message_type command; + NTSTATUS (*sync_fn)(struct gensec_security *gensec_security, + TALLOC_CTX *out_mem_ctx, + DATA_BLOB in, DATA_BLOB *out); } ntlmssp_callbacks[] = { - {NTLMSSP_CLIENT, NTLMSSP_INITIAL, ntlmssp_client_initial}, - {NTLMSSP_SERVER, NTLMSSP_NEGOTIATE, ntlmssp_server_negotiate}, - {NTLMSSP_CLIENT, NTLMSSP_CHALLENGE, ntlmssp_client_challenge}, - {NTLMSSP_SERVER, NTLMSSP_AUTH, ntlmssp_server_auth}, + { + .role = NTLMSSP_CLIENT, + .command= NTLMSSP_INITIAL, + .sync_fn= ntlmssp_client_initial, + },{ + .role = NTLMSSP_SERVER, + .command= NTLMSSP_NEGOTIATE, + .sync_fn= ntlmssp_server_negotiate, + },{ + .role = NTLMSSP_CLIENT, + .command= NTLMSSP_CHALLENGE, + .sync_fn= ntlmssp_client_challenge, + },{ + .role = NTLMSSP_SERVER, + .command= NTLMSSP_AUTH, + .sync_fn= ntlmssp_server_auth, + } }; @@ -158,7 +171,7 @@ for (i=0; i ARRAY_SIZE(ntlmssp_callbacks); i++) { if (ntlmssp_callbacks[i].role == gensec_ntlmssp_state-role - ntlmssp_callbacks[i].ntlmssp_command == ntlmssp_command) { + ntlmssp_callbacks[i].command == ntlmssp_command) { *idx = i; return NT_STATUS_OK; } @@ -200,7 +213,7 @@ status = gensec_ntlmssp_update_find(gensec_ntlmssp_state, input, i); NT_STATUS_NOT_OK_RETURN(status); - status = ntlmssp_callbacks[i].fn(gensec_security, out_mem_ctx, input, out); + status = ntlmssp_callbacks[i].sync_fn(gensec_security, out_mem_ctx, input, out); NT_STATUS_NOT_OK_RETURN(status); return NT_STATUS_OK;
svn commit: linux-cifs-client r65 - in branches: linux-2.6-cifs-git-devel/fs/cifs linux-converged-for-old-kernels/fs/cifs
Author: jra Date: 2006-07-27 22:37:06 + (Thu, 27 Jul 2006) New Revision: 65 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=65 Log: Allow Windows blocking locks to be cancelled via a CANCEL_LOCK call. TODO - restrict this to servers that support NT_STATUS codes (Win9x will probably not support this call). Jeremy. Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c branches/linux-2.6-cifs-git-devel/fs/cifs/netmisc.c branches/linux-2.6-cifs-git-devel/fs/cifs/smberr.h branches/linux-2.6-cifs-git-devel/fs/cifs/transport.c branches/linux-converged-for-old-kernels/fs/cifs/cifssmb.c branches/linux-converged-for-old-kernels/fs/cifs/netmisc.c branches/linux-converged-for-old-kernels/fs/cifs/smberr.h branches/linux-converged-for-old-kernels/fs/cifs/transport.c Changeset: Sorry, the patch is too large (381 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=65
Build status as of Fri Jul 28 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-07-27 00:00:03.0 + +++ /home/build/master/cache/broken_results.txt 2006-07-28 00:00:05.0 + @@ -1,18 +1,18 @@ -Build status as of Thu Jul 27 00:00:02 2006 +Build status as of Fri Jul 28 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 -ccache 26 4 0 -distcc 27 2 0 +ccache 25 4 0 +distcc 26 2 0 lorikeet-heimdal 0 0 0 -ppp 16 0 0 -rsync32 2 0 +ppp 15 0 0 +rsync30 2 0 samba0 0 0 samba-docs 0 0 0 -samba4 38 26 4 -samba_3_035 7 0 +samba4 38 27 3 +samba_3_034 6 0 smb-build26 26 0 -talloc 29 10 0 -tdb 20 7 0 +talloc 28 9 0 +tdb 17 7 0
svn commit: linux-cifs-client r66 - in branches: linux-2.6-cifs-git-devel/fs/cifs linux-converged-for-old-kernels/fs/cifs
Author: jra Date: 2006-07-28 01:47:29 + (Fri, 28 Jul 2006) New Revision: 66 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=66 Log: Make unlocks on close work correctly against W2K3, also allow signals to interrupt blocking locks on against Windows servers. I do this by storing a list of locks we've obtained on a fid, and remove them on close. I also allow unlocks across the whole file by unlocking those locks we have stored that are overlapped by the unlock request. This should make lots more Linux code work against Windows filestores. Jeremy. Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/cifsglob.h branches/linux-2.6-cifs-git-devel/fs/cifs/file.c branches/linux-2.6-cifs-git-devel/fs/cifs/transport.c branches/linux-converged-for-old-kernels/fs/cifs/cifsglob.h branches/linux-converged-for-old-kernels/fs/cifs/file.c branches/linux-converged-for-old-kernels/fs/cifs/transport.c Changeset: Sorry, the patch is too large (455 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=66
svn commit: samba r17286 - in branches/SAMBA_4_0/source: lib/tls web_server
Author: abartlet Date: 2006-07-28 03:51:20 + (Fri, 28 Jul 2006) New Revision: 17286 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17286 Log: Simply fail the tls_initialise if we don't have TLS compiled in. Adjust the web_server code to cope with this. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/tls/tls.c branches/SAMBA_4_0/source/web_server/web_server.c Changeset: Modified: branches/SAMBA_4_0/source/lib/tls/tls.c === --- branches/SAMBA_4_0/source/lib/tls/tls.c 2006-07-27 19:33:15 UTC (rev 17285) +++ branches/SAMBA_4_0/source/lib/tls/tls.c 2006-07-28 03:51:20 UTC (rev 17286) @@ -634,8 +634,8 @@ #else -/* for systems without tls we just map the tls socket calls to the - normal socket calls */ +/* for systems without tls we just fail the operations, and the caller + * will retain the original socket */ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx) { @@ -650,9 +650,6 @@ struct fd_event *fde, const char *plain_chars) { - if (plain_chars) { - return socket; - } return NULL; } Modified: branches/SAMBA_4_0/source/web_server/web_server.c === --- branches/SAMBA_4_0/source/web_server/web_server.c 2006-07-27 19:33:15 UTC (rev 17285) +++ branches/SAMBA_4_0/source/web_server/web_server.c 2006-07-28 03:51:20 UTC (rev 17286) @@ -194,6 +194,7 @@ struct task_server *task = talloc_get_type(conn-private, struct task_server); struct esp_data *edata = talloc_get_type(task-private, struct esp_data); struct websrv_context *web; + struct socket_context *tls_socket; web = talloc_zero(conn, struct websrv_context); if (web == NULL) goto failed; @@ -209,9 +210,16 @@ websrv_timeout, web); /* Overwrite the socket with a (possibly) TLS socket */ - conn-socket = tls_init_server(edata-tls_params, conn-socket, - conn-event.fde, GPHO); - if (conn-socket == NULL) goto failed; + tls_socket = tls_init_server(edata-tls_params, conn-socket, +conn-event.fde, GPHO); + /* We might not have TLS, or it might not have initilised */ + if (tls_socket) { + talloc_unlink(conn, conn-socket); + talloc_steal(conn, tls_socket); + conn-socket = tls_socket; + } else { + DEBUG(3, (TLS not available for web_server connections\n)); + } return;