Re: [Samba] valid users problem with 3.0.23a
Thanks a lot guys. That temp fix worked like a charm Jerry. Regards, Franz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] UPDATED!! Problem with PRODUCTION machine, please respond quickly!!
Dear Samba guru's… Regarding my problem: I have a problem when I try to remove some files on a samba share… I see this in my samba.log: [2006/08/04 10:58:55, 1] smbd/posix_acls.c:store_inheritance_attributes(252) store_inheritance_attribute: Error Permission denied I think the problem has something to do with inheriting rights (as the error above suggests). Our provisioning system uses a set of scripts to provide webspace and set Frontpage Server Extentions for IIS customers. Just before trying to delete some files (which gives an error) another script comes by to set some rights. This is when the above error is logged! Our provisioning system worked great for a while, but since we had a major crash (hardware related) last week this changed. Now I'm thinking realy hard what might have been changed since then. All I can come up with is that we mounted with user_xattr support (before we only had acl support). We where planning to enable user_xattr for a number of reasons, but didn't got to it yet. When everything was down anyway, we decided the enable this wright away (thinking it should have absolutely no impact). Where we wrong about this? Could it be that since we turned user_xattr on, the acl inheritance isn't working like it did before? Or do I have to put some extra parameters in the smb.conf to get it to work now? We use Samba 3.0.21b-1 which is a member of a W2K3 AD domain by the way. Hope someone can help… Sander -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] UPDATED!! Problem with PRODUCTION machine, please respond quickly!!
Dear Samba guru's… Regarding my problem: I have a problem when I try to remove some files on a samba share… I see this in my samba.log: [2006/08/04 10:58:55, 1] smbd/posix_acls.c:store_inheritance_attributes(252) store_inheritance_attribute: Error Permission denied I think the problem has something to do with inheriting rights (as the error above suggests). Our provisioning system uses a set of scripts to provide webspace and set Frontpage Server Extentions for IIS customers. Just before trying to delete some files (which gives an error) another script comes by to set some rights. This is when the above error is logged! Worked great before... So all I can come up with is that we mounted with user_xattr support (before we only had acl support). Could it be that since we turned user_xattr on, the acl inheritance isn't working like it did before? Or do I have to put some extra parameters in the smb.conf to get it to work now? We use Samba 3.0.21b-1 which is a member of a W2K3 AD domain by the way. Hope someone can help… Sander -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA as Domain Controller using FreeBSD 6.1
Hello everyone! Good Day! I am using FreeBSD 6.1/6.x version of Operating System. I plan to switch my existing PDC Win2k Advanced server to FreeBSD with the power of Samba. Anybody may I know of how would you setup SAMBA as PDC in FreeBSD 6.x? I know this is not good question for asking HOWTO but the good procedures and right samba configurations might lead me up during installation process. I am hoping for your kind consideration and favorable response. Great many thanks. Regards, James G. Corteciano -- ___ Get your free email from http://mymail.bsdmail.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Heavy Samba usage crashed server
Is there a way to check whether heavy Samba usage can crash server? Thanks Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] user.SAMBA_PAI and ACL inheritance
I have just enabled user_xattr on the partition where my samba share is on. Now when I use getfattr I see the extended attribute user.SAMBA_PAI on my files. But ACL inheritance isn't taking place... When I (from within Windows) click on Properties Security Advanced an then enable Allow inheritable permissions... on a certain file, then the attribute user.SAMBA_PAI disappears and the ACL rights are inherited?! Changing map acl inheritance between yes or no does not change this behavior. Can someone enlighten me on how this should work (let files inherit acls) an why this worked when the share was mounted without user_xattr? I use samba 3.0.21b-1 by the way... and here is my smb.conf: [global] security = ads password server = server01 encrypt passwords = true workgroup = workgroup realm = DOMAIN.LOCAL netbios name = server02 log file = /var/log/samba/samba.log log level = 2 syslog = 0 # ea support = yes nt acl support = yes # map acl inherit = yes change notify timeout = 5 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = yes [wwwroot] comment = wwwroot path = /usr/home/ws.old/wws01 read only = no browsable = yes writable = yes dos filemode = yes acl group control = yes veto oplock files = /*.mdb/*.MDB/ create mask = 0770 force create mode = 0440 directory mask = 0771 force directory mode = 0771 security mask = 0777 force security mode = 0440 directory security mask = 0777 force directory security mode = 0771 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd doesn't prompt root for password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Skwar wrote: Hello. When I run smbpasswd from samba 3.0.23a on a MIPSEL system running Linux 2.4.20 as root, I'm NEVER asked for a password. Even when I create a new user in smbpasswd, I'm not asked: Please file a bug an attach the gzipped config.log from your build. Thanks. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE1yrRIR7qMdg1EfYRAn9mAKDhMhH2QHypbfpKfEdfAMiVi8P9OwCgnv0U J5A75qR7QKD0M8c8zAWg2hk= =7dDK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Clarifying how permissions work
On Sun, 6 Aug 2006 19:34:36 -0500 [EMAIL PROTECTED] wrote: Just one question for you all. Am I correct in assuming that Samba file permissions are linked to Linux? As in, I create a home directory called /home/user. The directory /home is shared. If I set the owner of the 'user' directory to the user called 'user', and changed the file permissions to 700, that would mean only 'user' and 'root' would be able to access that directory from a Windows PC? Cheers. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba That's right, no matters if you share the directory /home/user or not. The share have to be available to the user through Samba and to access the share correctly the Linux permissions have to be those whose permit the access through Linux system normally. Greetings. -- Miguel Da Silva. Servicio de Informatica. Facultad de Ciencias. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Out Of office
Ik ben afwezig vanaf 29/07/2006 en ik ben niet eerder terug dan 23/08/2006. Ik ben met verlof van 31 juli tot en met 22 augustus. Voor dringende zaken kan je mailen naar [EMAIL PROTECTED] - DISCLAIMER : De personeelsleden van het agentschap doen hun best om in e-mails betrouwbare informatie te geven. Toch kan niemand rechten doen gelden op basis van deze inhoud. Als in de e-mail een stellingname voorkomt, is dat niet noodzakelijk het standpunt van het agentschap. Rechtsgeldige beslissingen of officiele standpunten worden alleen per brief toegestuurd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Heavy Samba usage crashed server
Richard Collyer wrote: On Mon, August 7, 2006 11:48 am, Komal Shah wrote: Is there a way to check whether heavy Samba usage can crash server? Get lots of clients to connect and look at random files. Get all the machines you can to search and some to virus scan the network drive as this will replicate very heavy usage. CHeers Richard Is there a way to control the number of times a file can be open concurrently? Either with Samba or with RHEL4? Maybe this is a good control measure. Limit the number of concurrent opens for any file. This way, if more than 20 people try to open the same file, we can restrict access allowing the system to keep up. Thanks Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user.SAMBA_PAI and ACL inheritance
On 8/7/06, S. J. van Harmelen [EMAIL PROTECTED] wrote: Changing map acl inheritance between yes or no does not change this behavior. Have you tried setting inherit acls = yes ? Honestly, i'm not sure why it would have worked before other than the filesystem propagating the posix default acls. Were you able to set specifc permissions for a specific user before and have it inherited? Sander, sorry for the multiple replies to you, just migrating email and having issues with the list... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 'ldap machine suffix' is ignored?
Hi, all! I'm using samba-3.0.23 (Revision: 16921, from ports collection, under FreeBSD 6.1 with OpenLDAP 2.3.24 smbldap-tools-0.9.2a) as PDC with following config: [global] dos charset = CP1251 unix charset = KOI8-R workgroup = DOMAIN server string = Samba Server password server = passdb backend = ldapsam passwd program = /usr/local/sbin/smbldap-passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *all*authentication*tokens*updated* log level = 10 log file = /var/log/samba/%m.log max smbd processes = 30 add user script = /usr/local/sbin/smbldap-useradd -a -m %u delete user script = /usr/local/sbin/smbldap-userdel %u add group script = /usr/local/sbin/smbldap-groupadd -p %g delete group script = /usr/local/sbin/smbldap-groupdel %g add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u add machine script = /usr/local/sbin/smbldap-useradd -w %u domain logons = Yes os level = 256 domain master = Yes dns proxy = No wins support = Yes ldap admin dn = cn=root,dc=mydomain,dc=ru ldap delete dn = Yes ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=ru ldap ssl = no ldap user suffix = ou=users idmap backend = ldap:ldap://localhost idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = Yes admin users = admin hosts allow = X.X.X.128/255.255.255.128# my net hosts deny = ALL [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon guest ok = Yes browseable = No share modes = No And I can't join domain from WinXP workstation (WINHOST, for ex.) with the error No such user smbldap-useradd -w %u works perfectly and adds winhost$ to ou=computers , ldapsearch found it. The part of winhost.log: [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user winhost$ [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is winhost$ [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is winhost$ [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in winhost$ [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [winhost$]! [2006/08/07 16:35:12, 3] passdb/pdb_interface.c:pdb_default_create_user(363) _samr_create_user: Running the command `/usr/local/sbin/smbldap-useradd -w winhost$' gave 0 [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user winhost$ [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is winhost$ [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(93) Trying _Get_Pwnam(), username as uppercase is winhost$ [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in winhost$ [2006/08/07 16:35:12, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [winhost$]! [2006/08/07 16:35:12, 3] passdb/pdb_interface.c:pdb_default_create_user(376) pdb_default_create_user: failed to create a new user structure: NT_STATUS_NO_SUCH_USER [2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_debug(84) 00 samr_io_r_create_user [2006/08/07 16:35:12, 6] rpc_parse/parse_prs.c:prs_debug(84) 00 smb_io_pol_hnd user_pol [2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint32(704) data1: [2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0004 data2: [2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint16(675) 0008 data3: [2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint16(675) 000a data4: [2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint8s(851) 000c data5: 00 00 00 00 00 00 00 00 [2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0014 access_granted: [2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_uint32(704) 0018 user_rid : [2006/08/07 16:35:12, 5] rpc_parse/parse_prs.c:prs_ntstatus(763) 001c status: NT_STATUS_NO_SUCH_USER When samba searches winhost$, it search in ou=users!! The part of debug.log: Aug 7 16:35:12 main slapd[28229]: conn=19118 op=3 SRCH base=ou=users,dc=mydomain,dc=ru scope=1 deref=0 filter=((objectClass=posixAccount)(uid=winhost$)) Aug 7 16:35:12 main slapd[28229]: conn=19118 op=3 SRCH attr=uid
[Samba] Documentation of 3.0.23a VFS modules?
Hello! When I have a look at /usr/lib/samba/vfs, I find the following files, which I suppose that they are VFS modules: audit.so cap.so default_quota.so expand_msdfs.so extd_audit.so fake_perms.so full_audit.so netatalk.so readonly.so recycle.so shadow_copy.so Where can I find documentation about what those modules do and how to configure those modules (if needed)? Thanks, Alexander Skwar -- Why would anyone want to be called Later? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Documentation of 3.0.23a VFS modules?
Hello Alexander, In the samba source directory, look under docs/htmldocs/Samba3-HOWTO. The file is called VFS.html. Regards, Franz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Documentation of 3.0.23a VFS modules?
Franz Strebel wrote: In the samba source directory, look under docs/htmldocs/Samba3-HOWTO. The file is called VFS.html. Hi! Thanks, I didn't know about this file. However, not all of the modules are documented there. Missing are: - cap.so - expand_msdfs.so - full_audit.so - readonly.so Where can I find more information? Thanks, Alexander Skwar -- I'm a GENIUS! I want to dispute sentence structure with SUSAN SONTAG!! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Identically named users and groups
We have a Linux user and group with the same name (username prox, group name prox) and a Samba share with force user = prox set. Since upgrading from Samba 3.0.21b to Samba 3.0.23a, that share no longer works. smbclient gives the following error when connecting to the share: tree connect failed: NT_STATUS_NO_SUCH_USER The Samba server logs the following error: [2006/08/07 09:38:26, 1] auth/auth_util.c:create_token_from_username(1060) prox is a Domain Group, not a user So Samba no longer likes having a user and group by the same name. Is this an intentional change in Samba 3.0.23, or is it a bug? I don't remember seeing anything about it in the release notes. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] On-the-Fly Creation of Machine Trust Accounts Problem
Using Samba 3.0.23a-1.fc5.1 When I try to add XP workstation to the domain using Network ID wizard (from XP) it fails. add machine script is: /usr/sbin/useradd -d /dev/null -g 500 -s /bin/false -M %u What happens is a unix account (in passwd file) is created with LOWER-CASE username. Account is added to smbpasswd in UPPER-CASE. XP reports error A device attached to the system is not functioning. Manually changing unix account to upper case works. This worked fined using Samba 2.x Any suggestions or which version of Samba should I roll back to?? Thanks Lee Baker This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient of the message you must not use, disclose, distribute, copy, print or take action in reliance on it. If you have received this email in error please notify the sender and delete the original message from your system. The views expressed in this email are those of the individual sender, except where the sender specifically states them to be the views of The McAuley Catholic High School. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user.SAMBA_PAI and ACL inheritance
Yes, I have tried inherit acls = yes, but this doesn't seem to make any difference... I think your wright do, Ik think that before the default ACLs where propagated. So how can I regain this functionality without turning off user_xattr which I need for some other functionalities... On ma, 2006-08-07 at 08:34 -0400, James McDonough wrote: On 8/7/06, S. J. van Harmelen [EMAIL PROTECTED] wrote: Changing map acl inheritance between yes or no does not change this behavior. Have you tried setting inherit acls = yes ? Honestly, i'm not sure why it would have worked before other than the filesystem propagating the posix default acls. Were you able to set specifc permissions for a specific user before and have it inherited? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Heavy Samba usage crashed server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Komal, Is there a way to control the number of times a file can be open concurrently? Either with Samba or with RHEL4? Maybe this is a good control measure. Limit the number of concurrent opens for any file. This way, if more than 20 people try to open the same file, we can restrict access allowing the system to keep up. Samba is limited only by the capacity of the server (RAM and CPU). If you want to limit connections to the server look at 'max smbd processes' in smb.conf(5). cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE103XIR7qMdg1EfYRAjQPAJ43Z/N52wyNvYtucNQ/77q+u9vONgCg0fKZ ETCHs8uZx6AUzNjveKBpgTQ= =g0EN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] converting Linux users paswords to Samba
On Mon, 7 Aug 2006, FTuzi wrote: I have a Fedora 5 system with about 300 users and 2 printers. Samba is running on the sole server. There are also about 2 dozen Windows XP computers in use, but there is no domain and no Active Directory. All the computers are standalone. Users desire to use the Samba printers and access their home directories in the Linux system. I have setup and have Samba running fine. Using Webmin, I converted all Linux users to Samba users. BUT the passwords don't convert. I don't believe there is any way of converting the passwords. Both Unix and Windows use a one-way hash system. It's possible to get the hashed password from the cleartext password, but not vice versa. (That's enough for authentication purposes because it allows you to verify a password, which is all you need.) Since Unix/Linux and Windows/Samba use different one-way hash schemes from each other, you will have to create the Windows hashes[1], and that requires access to the cleartext passwords, which you don't have available on a Unix/Linux system. So, you're going to have to have users re-enter their passwords. One possible solution to this problem is to assign every user a new password for Samba only and let them know what it is, then give them a mechanism to change both. By the way, I would probably go ahead and set up the Linux machine as a domain controller. That won't help your passwords issue, but at some point you may want to have people logon to Windows machines and they might as well be able to use a unified set of accounts to do it. Also, if the users need to use Samba shares regularly, it's just as easy for them to logon at the beginning of the session. That way they only have to type their password when they logon to the Windows machine and not every time they access a new share. - Logan [1] There are actually two types: Lan Manager (LM) and Windows NT (NT). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'ldap machine suffix' is ignored?
And I can't join domain from WinXP workstation (WINHOST, for ex.) with the error No such user smbldap-useradd -w %u works perfectly and adds winhost$ to ou=computers , ldapsearch found it. Maybe an issue with nss_ldap configuration. What's the output of 'id winhost$' ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'ldap machine suffix' is ignored?
On Mon, 7 Aug 2006, Mike A. Kuznetsov wrote: I'm using samba-3.0.23 (Revision: 16921, from ports collection, under FreeBSD 6.1 with OpenLDAP 2.3.24 smbldap-tools-0.9.2a) as PDC with following config: [ snip snip snip... ] [global] ldap group suffix = ou=groups ldap idmap suffix = ou=idmap ldap machine suffix = ou=computers ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=ru And I can't join domain from WinXP workstation (WINHOST, for ex.) with the error No such user I believe in newer versions of Samba, ldap suffix is no longer added to ldap machine suffix or to any of the others. So, you need to put this instead: ldap group suffix = ou=groups,dc=mydomain,dc=ru ldap idmap suffix = ou=idmap,dc=mydomain,dc=ru ldap machine suffix = ou=computers,dc=mydomain,dc=ru This seems to have changed sometime between 3.0.10 and 3.0.22, although when specifically it changed I don't know. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, We have a Linux user and group with the same name (username prox, group name prox) and a Samba share with force user = prox set. Since upgrading from Samba 3.0.21b to Samba 3.0.23a, that share no longer works. smbclient gives the following error when connecting to the share: tree connect failed: NT_STATUS_NO_SUCH_USER The Samba server logs the following error: [2006/08/07 09:38:26, 1] auth/auth_util.c:create_token_from_username(1060) prox is a Domain Group, not a user So Samba no longer likes having a user and group by the same name. Is this an intentional change in Samba 3.0.23, or is it a bug? I don't remember seeing anything about it in the release notes. We think that we have this fixed in the current SAMBA_3_0_RELEASE. Would you mind testing this and letting me know? You can grab it from svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE or rsync;//rsync.samba.org/ftp/unpacked/samba_3_0_release. I'll hold 3.0.23b until I hear from you. Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE11PrIR7qMdg1EfYRAjBmAKDkFM5/L1fdGKy97rbzky0y4cvb6gCgtkgM P2F5fJqC/zMD1Ye/lJ355mU= =Y8l/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Connection reset by peer
Hi, We are seeing this on our Fedora Core 2 machine when accessing the share from a Windows 2003 box. Any help will be greatly appreciated. This is the smb.conf file : [global] smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u pam password change = yes obey pam restrictions = yes encrypt passwords = yes unix password sync = no security = share socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = no server string = Samba Server load printers = no username map = /etc/samba/user.map log file = /var/log/samba/%m.log name resolve order = host smb ports = 139 [samba] path = /samba writable = yes guest ok = yes guest account = root This is the error : Aug 4 13:34:35 Server nmbd[26773]: Samba name server Server has stopped being a local master browser for workgroup WORKGROUP on subnet 10.140.18.178 Aug 4 13:34:35 Server nmbd[26773]: Aug 4 13:34:35 Server nmbd[26773]: * Aug 4 13:34:52 Server nmbd[26773]: [2006/08/04 13:34:52, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) Aug 4 13:34:52 Server nmbd[26773]: * Aug 4 13:34:52 Server nmbd[26773]: Aug 4 13:34:52 Server nmbd[26773]: Samba name server Server is now a local master browser for workgroup WORKGROUP on subnet 10.140.18.178 Aug 4 13:34:52 Server nmbd[26773]: Aug 4 13:34:52 Server nmbd[26773]: * Aug 4 13:41:35 Server nmbd[26773]: [2006/08/04 13:41:35, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(311) Aug 4 13:41:35 Server nmbd[26773]: process_local_master_announce: Server Dell1 at IP 10.140.19.48 is announcing itself as a local master browser for workgroup WORKGROUP and we think we are master. Forcing election. Aug 4 13:41:35 Server nmbd[26773]: [2006/08/04 13:41:35, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149) Aug 4 13:41:35 Server nmbd[26773]: * Aug 4 13:41:35 Server nmbd[26773]: Aug 4 13:41:35 Server nmbd[26773]: Samba name server Server has stopped being a local master browser for workgroup WORKGROUP on subnet 10.140.18.178 Aug 4 13:41:35 Server nmbd[26773]: Aug 4 13:41:35 Server nmbd[26773]: * Aug 4 13:41:53 Server nmbd[26773]: [2006/08/04 13:41:53, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) Aug 4 13:41:53 Server nmbd[26773]: * Aug 4 13:41:53 Server nmbd[26773]: Aug 4 13:41:53 Server nmbd[26773]: Samba name server Server is now a local master browser for workgroup WORKGROUP on subnet 10.140.18.178 Aug 4 13:41:53 Server nmbd[26773]: Aug 4 13:41:53 Server nmbd[26773]: * Aug 4 14:04:38 Server gdm[1881]: Maximum number of open XDMCP sessions from host :::127.0.0.1 reached Aug 4 14:33:09 Server smbd[31523]: [2006/08/04 14:33:09, 0] lib/util_sock.c:write_socket_data(430) Aug 4 14:33:09 Server smbd[31523]: write_socket_data: write failure. Error = Connection reset by peer Aug 4 14:33:09 Server smbd[31523]: [2006/08/04 14:33:09, 0] lib/util_sock.c:write_socket(455) Aug 4 14:33:09 Server smbd[31523]: write_socket: Error writing 51 bytes to socket 22: ERRNO = Connection reset by peer Aug 4 14:33:09 Server smbd[31523]: [2006/08/04 14:33:09, 0] lib/util_sock.c:send_smb(647) Aug 4 14:33:09 Server smbd[31523]: Error writing 51 bytes to client. -1. (Connection reset by peer) Thanks, Sameer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Attempting to Join Domain
Okay guys, Im trying to get samba 3.0.23a to join a Windows Domain (no suprise right) Anyways, i ran net rpc join -U [adminaccount], it asked for the password to [adminaccount] and said the domain was joined. Then i ran net ads join -U [adminaccount], it asked for the passsword to [adminaccount] and after typing it in, it says [2006/08/07 10:35:56, 0] utils/net_ads.c:ads_startup(286) ads_connect: Invalid or incomplete multibyte or wide character This is using a fresh install, just compiled. Thanks --adam -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.7/410 - Release Date: 8/5/2006 E-mail correspondence to and from this address may be subject to the North Carolina Public Records Law and may be disclosed to third parties by an authorized county official. If you have received this communication in error , please do not distribute it. Please notify the sender by E-mail at the address shown and delete the original message. Thank you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user.SAMBA_PAI and ACL inheritance
P.S. I should also mention that the logfile gives me this error while setting the inheritance flags: [2006/08/04 10:58:55, 1] smbd/posix_acls.c:store_inheritance_attributes(252) store_inheritance_attribute: Error Permission denied On ma, 2006-08-07 at 08:34 -0400, James McDonough wrote: On 8/7/06, S. J. van Harmelen [EMAIL PROTECTED] wrote: Changing map acl inheritance between yes or no does not change this behavior. Have you tried setting inherit acls = yes ? Honestly, i'm not sure why it would have worked before other than the filesystem propagating the posix default acls. Were you able to set specifc permissions for a specific user before and have it inherited? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bug with net rpc list trustdom?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Guido Lorenzutti wrote: When a do net rpc list trustdom I must provide a username and password for the domain admin. But if I want to revoke a trustdom I don't have to provide anything. Not a passowrd, not a user. Is this OK? Im using samba 3.0.14 in a Debian Stable. The 'net rpc' interface connects over the network (possibly loopback). However 'net rpc trustdom revoke' just operates on secrets.tdb and removes the domain trust password. No network needed. But you do have to run the command as root. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE11bPIR7qMdg1EfYRAmFCAJ9LyH/3HGEj/6RHGNse6/B46YJcmQCfZJEs FILbZcpPtOQ+1gfALGt8yNQ= =hJqB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] On-the-Fly Creation of Machine Trust Accounts Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lee Baker wrote: Using Samba 3.0.23a-1.fc5.1 When I try to add XP workstation to the domain using Network ID wizard (from XP) it fails. add machine script is: /usr/sbin/useradd -d /dev/null -g 500 -s /bin/false -M %u What happens is a unix account (in passwd file) is created with LOWER-CASE username. Account is added to smbpasswd in UPPER-CASE. This is fixed in 3.0.23b whici will be out as soon as I receive confirmation on one final bug fix. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE11czIR7qMdg1EfYRAm3ZAJ9pNUaS4O+H+ZBXvf90INNsYCHQ9QCeNb4z T0kh8TxgfmkTWuBWXddZJxw= =ppHU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with PRODUCTION machine, please respond quickly!!
# file: frontpg.lck # owner: mpsfrontpageacct # group: Domain\040Admins user::r-- user:wws01$:rwx user:w3svc5175754_anon_xi:rw- group::r-- group:Admins_xil123:rw- mask::rwx other::--- I'm trying to delete using the account mpsfrontpageacct which has Domain \040Admins as default group... I see the problem. It's actually a bug. The owner has only 'r' access to the file but to store the ACL inheritance EA we need 'rw'. I'll take a look at it. You can fix this by temporarily changing the user access to 'rw' then deleting the file. Jeremy. Is there a way around this? I need this user to be able to store the ACL inheritance EA with just having 'r' access, but being the owner of the file! Being the owner why shouldn't I be able to change this? Sander -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Attempting to Join Domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Wenner wrote: Okay guys, Im trying to get samba 3.0.23a to join a Windows Domain (no suprise right) Anyways, i ran net rpc join -U [adminaccount], it asked for the password to [adminaccount] and said the domain was joined. Then i ran net ads join -U [adminaccount], it asked for the passsword to [adminaccount] and after typing it in, it says [2006/08/07 10:35:56, 0] utils/net_ads.c:ads_startup(286) ads_connect: Invalid or incomplete multibyte or wide character This is using a fresh install, just compiled. I need more context to know the root cause of the error. Probably a level 10 debug log is enough. We've fixed some errors in this code (DNS SRV lookups). Would you please test the SAMBA_3_0_RELEASE tree first? It's available at svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE or rsync://rsync.samba.org/ftp/unpacked/samba_3_0_release cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE12WwIR7qMdg1EfYRAvgSAJ4hm8+g6dOkLA68tS36SUGoIZsGJgCgv4d5 nHVB4fLRvPZZk4+e+ASQtWw= =SmdY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer settings don't stick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen Thomas wrote: 1. Does ntforms.tdb only store certain standard settings (page size, orientation, whatever) or can it hold anything a Windows printer driver cares to throw at it? ntforms only stores paper sizes. ntprinters store the per user printer information. 2. Do I need to make ntforms.tdb writable by anybody other than root (for example, should I set it to root:lpadmin rwxrwxr-x like the directory where print$ is mapped)? No. The tdb is opened as root and smbd does the appropriate access checks internally. 3. Is that amount of DCERPC traffic normal, or is this likely to be a bonehead Windows driver trying over and over again to read some kind of status data back from the printer? It can be both depending on the driver. If it's the exact same request over and over, it's probably the XP spooler caught in a loop. 4. Where should I be looking to find out how to decipher the DCERPC traffic? Use ethereal (now called wireshark). Best SMB/CIFS/MS-RPC anaylzer around. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE12eAIR7qMdg1EfYRAnYGAJ4gTywP+3PpjrQY8XYg7544WdUKhACdFr7l sMSyevoXjvLGJglstd9XmRI= =MoEV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'ldap machine suffix' is ignored?
I think I read somewhere that 'ldap machine suffix' is used only if winbindd is used as well. Peter -- Peter Rindfuss Wissenschaftszentrum Berlin fuer Sozialforschung (Social Science Research Center Berlin, Germany) email: [EMAIL PROTECTED] phone: +49-30-25491-566 fax: +49-30-25491-558 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'ldap machine suffix' is ignored?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Rindfuss wrote: I think I read somewhere that 'ldap machine suffix' is used only if winbindd is used as well. Nope. The problem was more likely the fact that nss_ldap was not searching the DIT for machine accounts. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE12mWIR7qMdg1EfYRArzzAKCiFeSQZTAU4uDrYttNM/Ei8UVxQQCgysIe 6s/KiYzuNMAyT9ac+HH58pg= =3F6h -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Point-and-install driver location problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roshan Sembacuttiaratchy wrote: I'm trying to configure my Samba server to support Point-and-install driver installation of a CUPS printer (the printer works with Samba when Point-and-install is not configured, and the driver is installed manually on Windows XP). I've gone through the actual configuration process, and am able now to just install the printer on Windows XP machines via the Samba-supplied driver. when I click on the printer properties and look at the printer driver path in Windows, I see a problem though, as the UNC name for the printer server is prefixed by *4* backslashes, instead of 2. ( SATURN\print$\ ). I'm guessing this is what then causes Windows to behave very strangely and continue to prompt for printer drivers. Nope. That's not the problem. The code has been that way for a really long time. I'd recommend looking at a level 10 debug log from smbd instead. The printer driver was installed through rpcclient, using the following command line: I know I started this but I really wish people would install using a real Windows client instead. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE12apIR7qMdg1EfYRAmteAKCrN9rYiekknZpdYPGGk20zAvr+8gCgsXzp W5kOt+jTjGFDN7qf0vc3W2A= =O1Te -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] W2k logged out workstations keep 'alive' at smbstatus (3.0.23a)
Hi, I am still trying to solve the following problem. At first my context now: -Slackware 10.2 ( no PAM ), Samba 3.0.23a, OpenLdap 2.3.24, smbldap-tools 0.9.2. and before: -Slackware 10.0, Samba 3.0.10, Openldap 2.2.x, smbldap-tools 0.8x Before upgrading, I was using a solution to deny simultaneous logins, using a solution that is very similar to the solution in the Chapter 25: limiting logon connect, of the book The Official Samba-3 HOWTO and Reference Guide. Results were not 'precise' for the known reasons, but used to do the job. After upgrading, even after logoffs, smbstatus still reports users as logged, so, the confusion was made. I had to disable my control, and the problems with simultaneous logins came back ( this behaviour is not accepted by company politics). I have read Changelogs, including samba.wiki and tried some searchs at google and lists archive. I think I was unhappy with strings I used to search, because I couldn't get a tip to solve the problem. So, could someone help me with this problem? Have I missed something important? Some reading recommended? What kind of additional information I can provide to help without polluting the list? Its very important to solve this behaviour, because the company politics. I thank you for your attention. Regards, Freitas. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] OS/2 client crash on Find Close2
Hello, I have just migrated an old OS/2 file server to a Linux box with Samba 3.0.23a. Now the OS/2 clients crash from time to time. I found a way to reproduce/force the crash using PMMail and did some experiments. The popuplog.os2 on the clients (Warp4 and eComStation) always names a sys3175 in pmshell.exe / doscall1.dll. Using Ethereal and comparing the network traffic between a) a client and the Samba server and b) the same client and an OS/2 server (in this setup the client doesn't crash) I found at least one difference in the SMB protocol. It is the Find Close2 Response SMB message. Here is the packet from the Samba server logged by Ethereal: ---START- No. TimeSourceDestination Protocol Info 153 02:09:53.405713 192.168.1.223 192.168.1.1 SMB Find Close2 Response Frame 153 (97 bytes on wire, 97 bytes captured) Arrival Time: Aug 7, 2006 02:09:53.405713000 Time delta from previous packet: 0.000384000 seconds Time since reference or first frame: 58.338749000 seconds Frame Number: 153 Packet Length: 97 bytes Capture Length: 97 bytes Protocols in frame: eth:ip:tcp:nbss:smb Ethernet II, Src: srv3.taegi.eideltown.de (00:01:af:01:a0:a2), Dst: Intel_3a:01:e1 (00:02:b3:3a:01:e1) Destination: Intel_3a:01:e1 (00:02:b3:3a:01:e1) Source: srv3.taegi.eideltown.de (00:01:af:01:a0:a2) Type: IP (0x0800) Frame check sequence: 0x94bcdc1f [correct] Internet Protocol, Src: 192.168.1.223 (192.168.1.223), Dst: 192.168.1.1 (192.168.1.1) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 00.. = Differentiated Services Codepoint: Default (0x00) ..0. = ECN-Capable Transport (ECT): 0 ...0 = ECN-CE: 0 Total Length: 79 Identification: 0xcd9b (52635) Flags: 0x04 (Don't Fragment) 0... = Reserved bit: Not set .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0xe8dc [correct] Good: True Bad : False Source: 192.168.1.223 (192.168.1.223) Destination: 192.168.1.1 (192.168.1.1) Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1024 (1024), Seq: 45598, Ack: 1364, Len: 39 Source port: netbios-ssn (139) Destination port: 1024 (1024) Sequence number: 45598(relative sequence number) Next sequence number: 45637(relative sequence number) Acknowledgement number: 1364(relative ack number) Header length: 20 bytes Flags: 0x0018 (PSH, ACK) 0... = Congestion Window Reduced (CWR): Not set .0.. = ECN-Echo: Not set ..0. = Urgent: Not set ...1 = Acknowledgment: Set 1... = Push: Set .0.. = Reset: Not set ..0. = Syn: Not set ...0 = Fin: Not set Window size: 5360 Checksum: 0x60fa [correct] SEQ/ACK analysis This is an ACK to the segment in frame: 152 The RTT to ACK the segment was: 0.000384000 seconds NetBIOS Session Service Message Type: Session message Flags: 0x00 ...0 = Add 0 to length Length: 35 SMB (Server Message Block Protocol) SMB Header Server Component: SMB Response to: 152 Time from request: 0.000384000 seconds SMB Command: Find Close2 (0x34) Error Class: Success (0x00) Reserved: 00 Error Code: No Error Flags: 0x88 1... = Request/Response: Message is a response to the client/redirector .0.. = Notify: Notify client only on open ..0. = Oplocks: OpLock not requested/granted ...0 = Canonicalized Pathnames: Pathnames are not canonicalized 1... = Case Sensitivity: Path names are caseless ..0. = Receive Buffer Posted: Receive buffer has not been posted ...0 = Lock and Read: LockRead, WriteUnlock are not supported Flags2: 0x0001 0... = Unicode Strings: Strings are ASCII .0.. = Error Code Type: Error codes are DOS error codes ..0. = Execute-only Reads: Don't permit reads if execute-only ...0 = Dfs: Don't resolve pathnames with Dfs 0... = Extended Security Negotiation: Extended security negotiation is not supported .0.. = Long Names Used: Path names in request are not long file names .0.. = Security Signatures: Security signatures are not supported ..0. = Extended Attributes: Extended attributes are not supported ...1 = Long Names Allowed: Long file names are
[Samba] samba 3.0.23a + ldap as PDC - should work, but why?
I've got an issue with roaming profiles with samba 3.0.23a and an LDAP backend. I can use the ldap to authenticate an NT and a local user, and I know alot about PAM, NSS, and general linux. BUT, I can't get ANY roaming profiles to work. Other than my domain name changed for security purposes, the following is my smb.conf file. (I first used SWAT, then did more customization) smb.conf= = [global] workgroup = DOMAIN.COM netbios name = PDC server string = PDC interfaces = eth0 bind interfaces only = Yes update encrypted = Yes private dir = /data/samba/private passdb backend = ldapsam:ldap://127.0.0.1/ client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 10 syslog = 0 password server = PDC log file = /data/samba/logs/sambalog #max log size = 50 enable core files = No smb ports = 139 name resolve order = wins bcast hosts time server = Yes deadtime = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u #shutdown script = /var/lib/samba/scripts/shutdown.sh #abort shutdown script = /sbin/shutdown -c logon script = logon.bat logon path = \\%L\%U\.msprofile logon drive = h: logon home = \\%L\%U server schannel = auto client schannel = auto domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = uid=root,dc=domain,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=domain,dc=com ldap ssl = no ldap user suffix = ou=Users #utmp = Yes profile acls = Yes map acl inherit = Yes printing = cups case sensitive = Yes hide unreadable = Yes hide files = /desktop.ini/ veto oplock files = /*.doc/*.xls/*.mdb/ admin users=root Administrator [homes] comment = Home Directories valid users = %S read only = No create mask = 0644 directory mask = 0775 hide files = /desktop.ini/ browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /data/samba/print/drivers guest ok = Yes [netlogon] comment = Network Logon Service path = /data/samba/netlogon browseable = No locking = No [profiles] # chmod 1777 /home/%U/.msprofile path = /home/%U/.msprofile read only = no profile acls = yes create mask = 0600 directory mask = 0700 browseable = No nt acl support = Yes force user = %U valid users = %U @Domain Admins [profdata] comment = Profile Data Share path = /data/samba/profdata read only = No create mask = 0644 directory mask = 0755 browseable = No hide files = /desktop.ini/ csc policy = disable [shared] comment = Network Shares path = /data/samba/shared read only = No guest ok = Yes = end smb.conf Also, here's a few ls's so you can see about my permissions. # ls -al /data/samba/profdata total 24K drwxr-xr-x 6 root root 4.0K Aug 3 14:41 . drwxr-xr-x 9 root root 4.0K Aug 3 14:28 .. drwxr-xr-x 11 Administrator Domain Admins 4.0K Aug 3 15:42 Administrator drwxr-xr-x 12 user1Domain Users 4.0K Aug 4 08:22 user1 drwxr-xr-x 10 root Domain Admins 4.0K Aug 3 14:30 root drwxr-xr-x 2 user2Domain Users 4.0K Aug 3 13:04 user2 and user1's .msprofile: # ls -al /home/user1/.msprofile total 820K drwxrwxrwt 9 user1 Domain Users 4.0K Aug 7 12:02 . drwxr-xr-x 43 user1 Domain Users 4.0K Aug 7 08:44 .. drwxrwxr-x 6 user1 Domain Users 4.0K Aug 7 07:40 Application Data drwxrwxr-x 2 user1 Domain Users
Re: [Samba] samba 3.0.23a + ldap as PDC - should work, but why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Mason wrote: [profiles] # chmod 1777 /home/%U/.msprofile path = /home/%U/.msprofile read only = no profile acls = yes create mask = 0600 directory mask = 0700 browseable = No nt acl support = Yes force user = %U valid users = %U @Domain Admins The %U in force user and valid users has no affect. It says restrict connections to whoever is connecting and force them to be who they already are. I'd recommend dropping valid suers from [profiles] altogether. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE15YWIR7qMdg1EfYRAqzvAKDxCYtNZsha0VTPHhG+JYu5KQ/YdgCgqW9a +exNOTqTnnbKdZ9ZKAiErGE= =rybR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba, ldap and sco.. help please?
The subject pretty much sums it up. SCO, Samba and LDAP.. only, we're not using LDAP. I got dropped into the middle of this project with little information about much of anything and I'm not a native to SCO and I'm unfamiliar with Samba, however I will be as informative as possible. # uname -a SCO_SV smbpsrv1 3.2 5.0.6 i386 # /usr/local/samba/bin/smbd -V Version 2.0.7 The admin of this box wants to upgrade Samba to version 3.0.14 in the hopes that it will fix some performance and access/compatability issues, however I'm running in to some problems with a missing ldap library. To my knowledge, we're not using ldap for password auth. And the old version of Samba doesn't require this library. When we try to run the new version of samba out of the test directory, trying to place the old config file where it would be called from (assuming /etc/samba or /usr/bin/.. to be honest, we aren't sure where the new config goes and there is no documentation for it), we get the error message; # /sambastuff/samba/dist/usr/sbin/smbd dynamic linker : /sambastuff/samba/dist/usr/sbin/smbd : error opening /usr/lib/libldap-2.2.so.7 Killed With my limited experience with not only Samba, but SCO as well, I'm at a loss. I come from a Linux and FreeBSD background and SCO is considerably different for me. Any help or insight would be *greatly* appreciated. Thanks, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble installing applications from samba share using Windows Vista
I am having trouble installing applications onto a Vista machine from a Samba 3.0.23a share. I keep getting a Windows error telling me that the network path could not be found after I double click setup.exe. I can copy the files from the share to my local hard drive and install no problem. I can also copy them to a W2K share and install from there no problem. So, it seems the be Samba related. Everthing else that I have tried with Samba and Vista seems to be working. I can execute other programs from the share, for example. Has anyone else noticed this problem? And have a solution? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Explorer hangs when clicking on a samba share
Hi Miguel! I set the debug level to 10, and nothing is really jumping out at me. After further investigation, I found out that samba drive comes up fine in Windows 2000. The problem seems to be with Windows XP. I can go to the DOS prompt and pull up files on the samba drive with no problems. The hanging only occurs when I click on the samba drive in Windows Explorer on my XP workstation. Do you have any ideas? Thanks! Tim It seems Windows Explorer is trying to refresh (or something like this) the content of the Samba drive. Try to check the Samba logs to see if there's something useful there. Greetings. -- Miguel Da Silva. Servicio de Informatica. Facultad de Ciencias. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ERRDOS - ERRnoaccess (Access denied.)
No matter what I do to configure samba and/or my linux client, I get this error. Can someone take a look at the particulars below and see if you can help me out? Thanks [EMAIL PROTECTED]:~$ cat /etc/samba/smb.conf [global] # Do something sensible when Samba crashes: mail the admin a backtrace panic action = /usr/share/samba/panic-action %d workgroup = Javector netbios name = debian01 encrypt passwords = true passdb backend = tdbsam guest security = user socket options = TCP_NODELAY [homes] read only = no browseable = no create mode = 0750 [shared] path = /backups/smb/shared valid users = mhansen mark lorraine elizabeth public = no writeable = yes printable = no create mask = 0765 = This line is in the client machine's /etc/fstab: //debian01/shared /smb/debian01-shared smbfs rw,lfs,user,auto,credentials=/etc/javector/.debian01creds 0 0 = [EMAIL PROTECTED]:~$ cat /etc/javector/.debian01creds username=adminusr password=admin = I have added adminusr on the samba server via smbpasswd debian01:/home/mhansen# smbpasswd -a adminusr New SMB password: Retype new SMB password: == I have restarted samba debian01:/home/mhansen# /etc/init.d/samba restart Stopping Samba daemons: nmbd smbd. Starting Samba daemons: nmbd smbd. == but, when I try to mount client machine soabookdev:~# mount /smb/debian01-shared 18145: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Identically named users and groups
On 8/7/06, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: Josh, So Samba no longer likes having a user and group by the same name. Is this an intentional change in Samba 3.0.23, or is it a bug? I don't remember seeing anything about it in the release notes. We think that we have this fixed in the current SAMBA_3_0_RELEASE. Would you mind testing this and letting me know? You can grab it from svn://svnanon.samba.org/samba/branches/SAMBA_3_0_RELEASE or rsync;//rsync.samba.org/ftp/unpacked/samba_3_0_release. I'll hold 3.0.23b until I hear from you. Thanks. Sorry, I tried the SAMBA_3_0_RELEASE branch and am still seeing the same problem. Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbpasswd doesn't prompt root for password
· Gerald (Jerry) Carter [EMAIL PROTECTED]: Please file a bug an attach the gzipped config.log from your build. https://bugzilla.samba.org/show_bug.cgi?id=4007 Thanks. NP Alexander Skwar -- Wie man sein Kind nicht nennen sollte: Franz Iskaner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Server signing bugs with CIFS VFS client
Since upgrading to Samba 3.0.23a, mounting a Samba share using mount.cifs generates the following errors in the Samba server's logs: Aug 7 17:45:08 pccentos4 smbd[5345]: [2006/08/07 17:45:08, 0] libsmb/smb_signing.c:srv_check_incoming_message(720) Aug 7 17:45:08 pccentos4 smbd[5345]: srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of Aug 7 17:45:08 pccentos4 smbd[5345]: [2006/08/07 17:45:08, 0] libsmb/smb_signing.c:srv_check_incoming_message(724) Aug 7 17:45:08 pccentos4 smbd[5345]: srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of The errors appear to be harmless. I get similar errors even after applying the patch from https://bugzilla.samba.org/show_bug.cgi?id=4003 or trying SAMBA_3_0_RELEASE. (I was also getting permission denied errors using CIFS VFS to access a Samba 3.0.23a server, but those appear to be fixed in SAMBA_3_0_RELEASE.) Josh Kelley -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23a on AIX
Has anyone managed to compile Samba 3.0.23a on AIX 4.3? I am getting a linker error: Linking libsmbclient shared library bin/libsmbclient.so ld: 0711-781 ERROR: TOC overflow. TOC size: 72976 Maximum size: 65536 make: 1254-004 The error code from the last command is 1. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba 3.0.23a + ldap as PDC - should work, but why?
Fix for my own problem: Case Sensitivity Looking at level 10 logs for a few hours, if finally hit me. It is looking for ntuser.dat where as the Default User profile provided NTUSER.DAT and I have case sensitivity on... took it off and it worked. THanks. -Original Message- From: [EMAIL PROTECTED] on behalf of John Mason Sent: Mon 8/7/2006 1:05 PM To: samba@lists.samba.org Subject: [Samba] samba 3.0.23a + ldap as PDC - should work, but why? I've got an issue with roaming profiles with samba 3.0.23a and an LDAP backend. I can use the ldap to authenticate an NT and a local user, and I know alot about PAM, NSS, and general linux. BUT, I can't get ANY roaming profiles to work. Other than my domain name changed for security purposes, the following is my smb.conf file. (I first used SWAT, then did more customization) smb.conf= = [global] workgroup = DOMAIN.COM netbios name = PDC server string = PDC interfaces = eth0 bind interfaces only = Yes update encrypted = Yes private dir = /data/samba/private passdb backend = ldapsam:ldap://127.0.0.1/ client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 10 syslog = 0 password server = PDC log file = /data/samba/logs/sambalog #max log size = 50 enable core files = No smb ports = 139 name resolve order = wins bcast hosts time server = Yes deadtime = 10 socket options = TCP_NODELAY SO_RCVBUF=8192 printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u #shutdown script = /var/lib/samba/scripts/shutdown.sh #abort shutdown script = /sbin/shutdown -c logon script = logon.bat logon path = \\%L\%U\.msprofile logon drive = h: logon home = \\%L\%U server schannel = auto client schannel = auto domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = uid=root,dc=domain,dc=com ldap delete dn = Yes ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=domain,dc=com ldap ssl = no ldap user suffix = ou=Users #utmp = Yes profile acls = Yes map acl inherit = Yes printing = cups case sensitive = Yes hide unreadable = Yes hide files = /desktop.ini/ veto oplock files = /*.doc/*.xls/*.mdb/ admin users=root Administrator [homes] comment = Home Directories valid users = %S read only = No create mask = 0644 directory mask = 0775 hide files = /desktop.ini/ browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /data/samba/print/drivers guest ok = Yes [netlogon] comment = Network Logon Service path = /data/samba/netlogon browseable = No locking = No [profiles] # chmod 1777 /home/%U/.msprofile path = /home/%U/.msprofile read only = no profile acls = yes create mask = 0600 directory mask = 0700 browseable = No nt acl support = Yes force user = %U valid users = %U @Domain Admins [profdata] comment = Profile Data Share path = /data/samba/profdata read only = No create mask = 0644 directory mask = 0755 browseable = No hide files = /desktop.ini/ csc policy = disable [shared] comment = Network Shares path = /data/samba/shared read only = No guest ok = Yes = end smb.conf Also, here's a few ls's so you can see about my permissions. # ls -al /data/samba/profdata total 24K drwxr-xr-x 6 root root 4.0K Aug 3 14:41 . drwxr-xr-x 9 root root 4.0K Aug 3 14:28 .. drwxr-xr-x 11 Administrator Domain Admins 4.0K Aug 3 15:42 Administrator drwxr-xr-x 12
Re: [Samba] Samba Point-and-install driver location problems
On Mon, Aug 07, 2006 at 11:13:29AM -0500, Gerald (Jerry) Carter scribbled: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roshan Sembacuttiaratchy wrote: when I click on the printer properties and look at the printer driver path in Windows, I see a problem though, as the UNC name for the printer server is prefixed by *4* backslashes, instead of 2. ( SATURN\print$\ ). I'm guessing this is what then causes Windows to behave very strangely and continue to prompt for printer drivers. Nope. That's not the problem. The code has been that way for a really long time. I'd recommend looking at a level 10 debug log from smbd instead. I'll check that out tomorrow and post again with the results. The printer driver was installed through rpcclient, using the following command line: I know I started this but I really wish people would install using a real Windows client instead. Ideally, I would have wanted to do that too, but despite being authenticated to the Samba machine as root, the New Driver button was disabled. This happened with both the stock Samba Ubuntu package, as well as the one built from standard samba sources. Thanks for your input, Roshan -- http://roshan.info Take my advice, I'm not using it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] disabling roaming profiles for some networks only
Hey everyone. We have two offices accessing the same Samba server, which is a PDC and file server. The server is located in one of the offices, but the other office is only connected by a relatively slow link (1.5 megabit/s). I'm looking for a way to turn off roaming profiles only for those users which are at the remote site. (It's a tad inconvenient when it takes an hour or two to login due to a 1 GB roaming profile!) I could turn roaming profiles off for everyone, but we do have some users here at the same site as the server who don't have their own computers and could take advantage of roaming profiles. Obviously, I can do this by running the Group Policy editor on every machine at the remote site, but I'd really like something where this can be controlled by the server. I know I can leave logon path and logon home undefined and that will turn off roaming profiles for everyone, but I only want to turn it off for users on a certain network. So, is there any way to do that? - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Server signing bugs with CIFS VFS client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh Kelley wrote: Since upgrading to Samba 3.0.23a, mounting a Samba share using mount.cifs generates the following errors in the Samba server's logs: Aug 7 17:45:08 pccentos4 smbd[5345]: [2006/08/07 17:45:08, 0] libsmb/smb_signing.c:srv_check_incoming_message(720) Aug 7 17:45:08 pccentos4 smbd[5345]: srv_check_incoming_message: BAD SIG: seq 2 wanted SMB signature of Aug 7 17:45:08 pccentos4 smbd[5345]: [2006/08/07 17:45:08, 0] libsmb/smb_signing.c:srv_check_incoming_message(724) Aug 7 17:45:08 pccentos4 smbd[5345]: srv_check_incoming_message: BAD SIG: seq 2 got SMB signature of The errors appear to be harmless. I get similar errors even after applying the patch from https://bugzilla.samba.org/show_bug.cgi?id=4003 or trying SAMBA_3_0_RELEASE. (I was also getting permission denied errors using CIFS VFS to access a Samba 3.0.23a server, but those appear to be fixed in SAMBA_3_0_RELEASE.) There was a client signing fix as well. But I'm pretty sure Steve has his own signing code. Not sure. Can you send me another level 10 server log with this? Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE178xIR7qMdg1EfYRAjgNAKCxQ/ma4k3zdbUkB5FbRawyIl4HhwCcDP0f mRrw5p8PjD7zm+jxXPFBEnE= =GClx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] disabling roaming profiles for some networks only
On Mon, 2006-08-07 at 17:23 -0500, Logan Shaw wrote: Hey everyone. We have two offices accessing the same Samba server, which is a PDC and file server. The server is located in one of the offices, but the other office is only connected by a relatively slow link (1.5 megabit/s). I'm looking for a way to turn off roaming profiles only for those users which are at the remote site. (It's a tad inconvenient when it takes an hour or two to login due to a 1 GB roaming profile!) I could turn roaming profiles off for everyone, but we do have some users here at the same site as the server who don't have their own computers and could take advantage of roaming profiles. Obviously, I can do this by running the Group Policy editor on every machine at the remote site, but I'd really like something where this can be controlled by the server. I know I can leave logon path and logon home undefined and that will turn off roaming profiles for everyone, but I only want to turn it off for users on a certain network. So, is there any way to do that? Set the logon home and logon path explicitly in the passdb backend for the users who need it and leave the general ones blank. You must use either the tdbsam or ldapsam backlends to do that. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] On-the-Fly Creation of Machine Trust Accounts Problem
Using Samba 3.0.23a-1.fc5.1 When I try to add XP workstation to the domain using Network ID wizard (from XP) it fails. add machine script is: /usr/sbin/useradd -d /dev/null -g 500 -s /bin/false -M %u What happens is a unix account (in passwd file) is created with LOWER-CASE username. Account is added to smbpasswd in UPPER-CASE. XP reports error A device attached to the system is not functioning. Manually changing unix account to upper case works. This worked fined using Samba 2.x Any suggestions or which version of Samba should I roll back to?? Thanks Lee Baker This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient of the message you must not use, disclose, distribute, copy, print or take action in reliance on it. If you have received this email in error please notify the sender and delete the original message from your system. The views expressed in this email are those of the individual sender, except where the sender specifically states them to be the views of The McAuley Catholic High School. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.23a on AIX
On Mon, 7 Aug 2006, Stephen Boyd wrote: Has anyone managed to compile Samba 3.0.23a on AIX 4.3? I am getting a linker error: Linking libsmbclient shared library bin/libsmbclient.so ld: 0711-781 ERROR: TOC overflow. TOC size: 72976 Maximum size: 65536 make: 1254-004 The error code from the last command is 1. Look at the patch for Bug #3981 I posted yesterday. Cheers, Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windows 2000/xp authentication through samba/ldap?
I run the computers in a small shop and want to change my users from using the local accounts on their windows boxes to a central account managed through ldap (openldap). I now have samba working with ldap and using ldap for authenticating shares as windows users ask for those shares to be mounted to their workstations. What I want is for the initial ctl-alt-del login to authenticate through samba to ldap. It looked like pGina could do this without the samba layer in the middle, but I'm not able to get pGina to work. The program keeps complaining with the ldap plugin that it is not able to authenticate to ldap. I don't mind which way this works, either windows-samba-ldap or windows-ldap. Any suggestions on what to try next, how to setup samba, or how to fix pGina? Mike -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Client/server test harness - Crucible 1.6
Hi all, At OLS last month I presented about doing automated client/server testing of NFSv4. In and after that talk there was some discussion with Steve French about using the same framework for testing Samba, so I thought it might be worthwhile to post about the framework on this list. We've also just put out a new 1.6 release of Crucible; I've attached the release notice below. The OLS presentation on NFSv4 testing is available here: http://developer.osdl.org/dev/nfsv4/site/documentation/OLS06.OSDL.v09.odp however it is mainly presenting results and mentions the framework only briefly; the talk I gave at OSCON about using Crucible with Xen is probably a better overview: http://crucible.sourceforge.net/docs/oscon_2006.pdf Briefly, Crucible is a collection of bash and perl tools (originally inspired by the Samba build farm, in fact) for patching/booting kernels on multiple machines and coordinating testing on them. It uses a network filesystem for communication between SUTs and the test driver, and can be customized and extended with bash, perl, or other scripting languages. In the case that a machine's test kernel has failed, it is able to get the console messages and reset the machine back to a known-good kernel. We've also added a network emulation layer (NetEm) that allows for injecting network issues during test runs, so you can see how the services respond as the network condition deteriorates. Crucible will also automatically download and run tests on non-kernel things, such as associated user-space libraries, tools, and so forth. We're using Crucible to test Inkscape and Cairo, and of course testing Crucible itself too. ;-) Steve French pointed out that most of the work done for automating the testing of NFS can be reused for testing any other filesystem, so I would love to explore how to use this for testing Samba. Bryce Hi all, With the positive responses from the OSCON talk about Crucible, we've put together a new 1.6 release of it, available here: http://prdownloads.sourceforge.net/crucible/crucible-1.6.tar.gz Crucible is a set of tools for automatically running tests on software patches. It is suited to doing tests of kernel code or of applications, and is designed for doing network testing between multiple machines. For more info, please see: http://crucible.sourceforge.net/ There's been a *bunch* of changes since 1.5 (mostly thanks to JasonN), including: * Kerberos support for test plans * Incorporated Linux::Bootloader, etc. for building/booting kernel * Automatic update to EXTRAVERSION in kernel makefile * Support for build-only testing of non-kernel components * Bunch of cleanup and bug fixes * New features 'delete' and 'requeue' for the 'testrun' tool, for administrative control over problematic test runs. * New features 'lnimage', 'lsimage', 'mkimage', 'conlog', and 'power' to 'sut' tool. These allow easy, uniform access to functionality in systemimager, conserver, and the remote power management tools. * Test plan commands have been converted into regular bash scripts. This makes customization of Crucible quite straightforward and easy. * Syntax of run_profile.txt files altered, so can now be sourced directly in scripts. This eliminates a lot of the nutty sed|cut clutter that we'd been doing previously, and allows simplification of scripts. Bryce -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OS/2 client crash on Find Close2
On Mon, Aug 07, 2006 at 07:44:12PM +0200, Andreas Taegener wrote: Hello, I have just migrated an old OS/2 file server to a Linux box with Samba 3.0.23a. Now the OS/2 clients crash from time to time. I found a way to reproduce/force the crash using PMMail and did some experiments. The popuplog.os2 on the clients (Warp4 and eComStation) always names a sys3175 in pmshell.exe / doscall1.dll. Using Ethereal and comparing the network traffic between a) a client and the Samba server and b) the same client and an OS/2 server (in this setup the client doesn't crash) I found at least one difference in the SMB protocol. It is the Find Close2 Response SMB message. Kukks - could you please investigate. Sorry, I have to delegate OS/2 fixes as I don't have a client setup that's easy to get to. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem applying printer drivers
Hi all, I setting up a new BDC (192.168.2.200 - ubuntu dapper) assisting a PDC(192.168.1.195 - debian sarge) to manage MYDOMAIN a separate Building. The problem I come up with is trying to apply printer drivers, I can upload the driver to \\BDC\print$ but when I apply the driver it returns Printer setting could not be saved. Access is denied Any Ideas? Wisu smb.conf -- [global] unix charset = LOCALE workgroup = MYDOMAIN server string = BDC Saharjo PO - Samba %v passdb backend = ldapsam:ldap://192.168.2.200 ldap://192.168.1.195; enable privileges = Yes username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts printcap name = cups add user script = /usr/sbin/smbldap-useradd -m %u add group script = /usr/sbin/smbldap-groupadd -p %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w '%u' logon drive = H: domain logons = Yes preferred master = No domain master = No wins server = 192.168.1.195 ldap admin dn = cn=Manager,dc=mydomain,dc=co,dc=id ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=mydomain,dc=co,dc=id ldap ssl = no ldap user suffix = ou=Users idmap backend = ldap:ldap://192.168.2.200 idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes printing = cups cups options = raw print command = lpq command = %p lprm command = use client driver = Yes hide unreadable = Yes [homes] comment = %u's Home Directories at Saharjo PO valid users = %S read only = No inherit permissions = Yes browseable = No [printers] comment = All Printers path = /srv/samba/spool guest ok = Yes printable = Yes browseable = No [print$] comment = Printer Drivers path = /srv/samba/drivers write list = administrator, wisu read only = No create mask = 0600 directory mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] biometrics in samba 4
Hello Lads, I am not a programmer in any shape or form, so bare with me. Windows AD can support biometric devices, such as fingerprint logins, it actually stores the fingerprint in the database. Will it be possible to store this information in a Samba4 AD enviroment? Cheers, Adrian Sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r17437 - in branches/SAMBA_3_0_RELEASE/source: auth libsmb passdb smbd
Author: jerry Date: 2006-08-07 12:12:20 + (Mon, 07 Aug 2006) New Revision: 17437 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17437 Log: sync valid users and server signing fixes Modified: branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c branches/SAMBA_3_0_RELEASE/source/smbd/service.c branches/SAMBA_3_0_RELEASE/source/smbd/share_access.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c === --- branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c 2006-08-07 12:04:28 UTC (rev 17436) +++ branches/SAMBA_3_0_RELEASE/source/auth/auth_util.c 2006-08-07 12:12:20 UTC (rev 17437) @@ -1052,9 +1052,9 @@ return NT_STATUS_NO_MEMORY; } - if (!lookup_name(tmp_ctx, username, LOOKUP_NAME_ALL, + if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL, NULL, NULL, user_sid, type)) { - DEBUG(1, (lookup_name for %s failed\n, username)); + DEBUG(1, (lookup_name_smbconf for %s failed\n, username)); goto done; } Modified: branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c === --- branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c 2006-08-07 12:04:28 UTC (rev 17436) +++ branches/SAMBA_3_0_RELEASE/source/libsmb/smb_signing.c 2006-08-07 12:12:20 UTC (rev 17437) @@ -847,6 +847,9 @@ while (get_sequence_for_reply(data-outstanding_packet_list, mid, dummy_seq)) ; + + /* cancel doesn't send a reply so doesn't burn a sequence number. */ + data-send_seq_num -= 1; } /*** Modified: branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c === --- branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c 2006-08-07 12:04:28 UTC (rev 17436) +++ branches/SAMBA_3_0_RELEASE/source/passdb/lookup_sid.c 2006-08-07 12:12:20 UTC (rev 17437) @@ -61,6 +61,9 @@ name = talloc_strdup(tmp_ctx, full_name); } + DEBUG(10,(lookup_name: %s = %s (domain), %s (name)\n, + full_name, domain, name)); + if ((domain == NULL) || (name == NULL)) { DEBUG(0, (talloc failed\n)); return False; @@ -353,6 +356,72 @@ return True; } +/ + Names from smb.conf can be unqualified. eg. valid users = foo + These names should never map to a remote name. Try global_sam_name()\foo, + and then Unix Users\foo (or Unix Groups\foo). +/ + +BOOL lookup_name_smbconf(TALLOC_CTX *mem_ctx, +const char *full_name, int flags, +const char **ret_domain, const char **ret_name, +DOM_SID *ret_sid, enum SID_NAME_USE *ret_type) +{ + char *qualified_name; + const char *p; + + /* NB. No winbindd_separator here as lookup_name needs \\' */ + if ((p = strchr_m(full_name, *lp_winbind_separator())) != NULL) { + + /* The name is already qualified with a domain. */ + + if (*lp_winbind_separator() != '\\') { + char *tmp; + + /* lookup_name() needs '\\' as a separator */ + + tmp = talloc_strdup(mem_ctx, full_name); + if (!tmp) { + return False; + } + tmp[p - full_name] = '\\'; + full_name = tmp; + } + + return lookup_name(mem_ctx, full_name, flags, + ret_domain, ret_name, + ret_sid, ret_type); + } + + /* Try with our own SAM name. */ + qualified_name = talloc_asprintf(mem_ctx, %s\\%s, + get_global_sam_name(), + full_name ); + if (!qualified_name) { + return False; + } + + if (lookup_name(mem_ctx, qualified_name, flags, + ret_domain, ret_name, + ret_sid, ret_type)) { + return True; + } + + /* Finally try with Unix Users or Unix Group */ + qualified_name = talloc_asprintf(mem_ctx, %s\\%s, + flags LOOKUP_NAME_GROUP ? + unix_groups_domain_name() : + unix_users_domain_name(), + full_name ); + if (!qualified_name) { + return False; + } + +
svn commit: samba-web r1024 - in trunk/devel: .
Author: deryck Date: 2006-08-07 13:29:42 + (Mon, 07 Aug 2006) New Revision: 1024 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1024 Log: Update the devel page given our recent SVN reorg. jerry, you might want to look at this just to make sure it's accurate. deryck Modified: trunk/devel/index.html Changeset: Modified: trunk/devel/index.html === --- trunk/devel/index.html 2006-08-04 14:04:33 UTC (rev 1023) +++ trunk/devel/index.html 2006-08-07 13:29:42 UTC (rev 1024) @@ -30,19 +30,14 @@ ul lih4emTRUNK/em/h4 -pThis is the current development branch, based on the Samba 3.0 -code base. It is, obviously, not stable, as it is the ground where -features for future stable releases in the Samba 3.0.x series are implemented and tested./p -pExample checkout command:/p/li +pbNOTE:/b TRUNK is no longer used for development. See the news item + a href=http://news.samba.org/developers/svn_repo_reorganized/;SVN Repo + Reorganzied/a for more info./p /ul -pre -svn co svn://svnanon.samba.org/samba/trunk samba-trunk -/pre - ul lih4emSAMBA_3_0/em/h4 -pThis is the development area for the 3.0.x production releases./p +pThis is the current development branch for 3.0.x production releases./p pExample checkout command:/p/li /ul @@ -62,6 +57,20 @@ ul + lih4SAMBA_3_0_X/h4 + pAfter a release, a SAMBA_3_0_X branch is created, where X is the latest + release number (SAMBA_3_0_23, for example). This branch is a copy of + SAMBA_3_0_RELEASE at the time of release and is used for bug fixes only, so + that development may continue in SAMBA_3_0./p + pExample checkout command (remember to substitute for current release):/p + /li + /ul + +pre +svn co svn://svnanon.samba.org/samba/branches/SAMBA_3_0_23 samba_3.0.23 +/pre + + ul lih4emSAMBA_4_0/em/h4 pThis is the research branch for Samba 4. a href=/samba/ftp/samba4/Technical Previews/a of this code base are available
svn commit: samba r17440 - in branches/SAMBA_3_0_RELEASE: .
Author: jerry Date: 2006-08-07 16:40:37 + (Mon, 07 Aug 2006) New Revision: 17440 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17440 Log: updating release notes for 3.0.23b -- please review Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-08-07 15:41:43 UTC (rev 17439) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-08-07 16:40:37 UTC (rev 17440) @@ -1,6 +1,6 @@ === - Release Notes for Samba 3.0.23a - Jul 21, 2006 + Release Notes for Samba 3.0.23b + Aug 7, 2006 === This is the latest stable release of Samba. This is the version @@ -9,6 +9,123 @@ original 3.0.23 release regarding new features and difference in behavior from previous releases. +Common bugs fixed in 3.0.23b include: + + o Ambiguity with unqualified names in smb.conf parameters +such as force user and valid users. + o Errors in 'net ads join' caused by bad IP address in the list +of domain controllers. + o SMB signing errors in the client and server code. + o Domain join failures when using smbpasswd on a Samba PDC. + + +Member servers, domain accounts, and smb.conf += + +Since Samba 3.0.8, it has been recommended that all domain accounts +listed in smb.conf on a member server be fully qualified with +the domain name. This is now a requirement. All unqualified names +are assumed to be local to the Unix host, either as part of the +server's local passdb or in the local system list of accounts +(e.g. /etc/passwd or /etc/group). + +The reason for this change is that smbd has transitioned from +access checks based on string comparisons to token based +authorization. All names are resolved to a SID and they verified +against the logged on user's NT user token. Local names will +resolve to a local SID, while qualified domain names will resolve +to the appropriate domain SID. + +If the member server is not running winbindd at all, domain +accounts will be implicitly mapped to local accounts and their +tokens will be modified appropriately to reflect the local +SID and group membership. + +For example, the following share will restrict access to the +domain group Linux Admins and the local group srvadmin. + +[restricted] + path = /data + valid users = +DOMAIN\Linux Admins +srvadmin + +Note that to restrict the [homes] share on a member server, it +is necessary to prefix the %S valid to valid users. + +[global] + security = {domain,ads} + workgroup = DOM + winbind separator = + +[homes] + valid users = DOM+%S + + + +## +Changes +### + +Changes since 3.0.23 + + +commits +--- +o Michael Adams [EMAIL PROTECTED] +* Fix memory leaks on error paths in 'net ads join'. + + +o Jeremy Allison [EMAIL PROTECTED] +* BUG 3962: Fix memory leak when enumerating print jobs. +* Fix file access flags for the Linux CIFS fs client. +* Fix memory leaks in the smbclient DFS code. +* BUG 3967: Fix SMB signing client bug in trans calls. +* BUG 3985: Ensure in msdfs we check for our NetBIOS aliases. +* Added lookup_name_smbconf() to be called when looking up names + from smb.conf. Unqualified names are assumed to be local. +* BUG 4003: Fix SMB signing server error in NTcancel reply. + + +o Gerald (Jerry) Carter [EMAIL PROTECTED] +* Fix a few smbldap_open(): Cannot open when not root bugs when + viewing or modifying local group membership. +* Make LsaLookupSids() reply include the full SID of unresolved + SIDs. +* BUG 3957: Prevent returning strange DC IP addresses by zeroing + memory in the SRV hostlist in case there is not an A record for + each SRV name. +* BUG 3964: normalize the case of usernames prior to getpwnam() + call in the smbpasswd backend. +* Cleanup the 'net ads help join' output and document createupn + and createcomputer options. +* Fix a regression in the ldapsam URI syntax. Allow multiple + LDAP URIs to be grouped by . + + +o William Charles [EMAIL PROTECTED] +* BUG 3959: Remove rand() from SRV RR comparison to fix crashes + in qsort(). + + +o Guenther Deschner [EMAIL PROTECTED] +* Fix memory leaks in pam_winbind. +* Save the logon script path from the info3 in the PAM session + allowing other PAM modules to pick it up from there. + + +o Volker Lendecke [EMAIL PROTECTED] +* BUG 3991: Fix problem with user tokens on standalone systems + configured to use a username map. +* Fix bug where
svn commit: samba r17441 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze Date: 2006-08-07 17:25:52 + (Mon, 07 Aug 2006) New Revision: 17441 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17441 Log: add some more attribute with credentials in them metze Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2006-08-07 16:40:37 UTC (rev 17440) +++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2006-08-07 17:25:52 UTC (rev 17441) @@ -386,14 +386,21 @@ DRSUAPI_ATTRIBUTE_invocationId = 0x00020073, DRSUAPI_ATTRIBUTE_dMDLocation = 0x00020024, DRSUAPI_ATTRIBUTE_ntSecurityDescriptor = 0x00020119, + DRSUAPI_ATTRIBUTE_currentValue = 0x0009001b, DRSUAPI_ATTRIBUTE_objectSid = 0x00090092, DRSUAPI_ATTRIBUTE_dBCSPwd = 0x00090037,/* lmPwdHash */ DRSUAPI_ATTRIBUTE_unicodePwd= 0x0009005a,/* ntPwdHash */ DRSUAPI_ATTRIBUTE_ntPwdHistory = 0x0009005e, + DRSUAPI_ATTRIBUTE_priorValue= 0x00090064, DRSUAPI_ATTRIBUTE_lmPwdHistory = 0x000900a0, DRSUAPI_ATTRIBUTE_supplementalCredentials = 0x0009007d, + DRSUAPI_ATTRIBUTE_trustAuthIncoming = 0x00090081, + DRSUAPI_ATTRIBUTE_trustAuthOutgoing = 0x00090087, DRSUAPI_ATTRIBUTE_systemFlags = 0x00090177, DRSUAPI_ATTRIBUTE_serverReference = 0x00090203, + DRSUAPI_ATTRIBUTE_serverReferenceBL = 0x00090204, + DRSUAPI_ATTRIBUTE_initialAuthIncoming = 0x0009021b, + DRSUAPI_ATTRIBUTE_initialAuthOutgoing = 0x0009021c, DRSUAPI_ATTRIBUTE_objectCategory= 0x0009030e, DRSUAPI_ATTRIBUTE_msDS_Behavior_Version = 0x000905b3, DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber = 0x000906f6, @@ -543,6 +550,7 @@ [case(0x0009072c)] drsuapi_DsAttributeValueCtrDNString dn_string; [case(0x0009026a)] drsuapi_DsAttributeValueCtrDNString dn_string; [case(0x00090203)] drsuapi_DsAttributeValueCtrDNString dn_string; + [case(0x00090204)] drsuapi_DsAttributeValueCtrDNString dn_string; /* NTTIME_1sec */ [case(0x00020002)] drsuapi_DsAttributeValueCtrNTTIME_1sec nttime_1sec;
svn commit: samba r17443 - in branches/SAMBA_3_0_RELEASE: .
Author: jerry Date: 2006-08-07 18:25:04 + (Mon, 07 Aug 2006) New Revision: 17443 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17443 Log: fix typo noticed by Derrell Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-08-07 17:26:51 UTC (rev 17442) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2006-08-07 18:25:04 UTC (rev 17443) @@ -23,11 +23,11 @@ = Since Samba 3.0.8, it has been recommended that all domain accounts -listed in smb.conf on a member server be fully qualified with -the domain name. This is now a requirement. All unqualified names -are assumed to be local to the Unix host, either as part of the -server's local passdb or in the local system list of accounts -(e.g. /etc/passwd or /etc/group). +listed in smb.conf on a member server be fully qualified with the +domain name. This is now a requirement. All unqualified names are +assumed to be local to the Unix host, either as part of the server's +local passdb or in the local system list of accounts (e.g. /etc/passwd +or /etc/group). The reason for this change is that smbd has transitioned from access checks based on string comparisons to token based @@ -48,8 +48,9 @@ path = /data valid users = +DOMAIN\Linux Admins +srvadmin -Note that to restrict the [homes] share on a member server, it -is necessary to prefix the %S valid to valid users. +Note that to restrict the [homes] share on a member server to the +owner of that directory, it is necessary to prefix the %S value +to valid users. [global] security = {domain,ads}
svn commit: samba r17444 - in branches: SAMBA_3_0/packaging/RHEL SAMBA_3_0_23/packaging/RHEL
Author: jerry Date: 2006-08-07 18:25:28 + (Mon, 07 Aug 2006) New Revision: 17444 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17444 Log: put pam and nss libs in samba-common on RHEL for compatibility with system provides rpms Modified: branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl branches/SAMBA_3_0_23/packaging/RHEL/samba.spec.tmpl Changeset: Modified: branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl === --- branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl 2006-08-07 18:25:04 UTC (rev 17443) +++ branches/SAMBA_3_0/packaging/RHEL/samba.spec.tmpl 2006-08-07 18:25:28 UTC (rev 17444) @@ -351,11 +351,6 @@ %{_sbindir}/nmbd %{_sbindir}/winbindd -%attr(755,root,root) /%{_lib}/libnss_wins.so* -%attr(755,root,root) /%{_lib}/libnss_winbind.so* -%attr(755,root,root) /%{_lib}/security/pam_winbind.so -%attr(755,root,root) /%{_lib}/security/pam_smbpass.so - %{_bindir}/mksmbpasswd.sh %{_bindir}/smbcontrol %{_bindir}/smbstatus @@ -379,7 +374,6 @@ %{_mandir}/man8/nmbd.8* %{_mandir}/man8/pdbedit.8* %{_mandir}/man8/smbd.8* -%{_mandir}/man7/pam_winbind.7* %{_mandir}/man8/tdbbackup.8* %{_mandir}/man8/tdbdump.8* %{_mandir}/man8/winbindd.8* @@ -462,6 +456,11 @@ %config(noreplace) %{_sysconfdir}/samba/smb.conf %config(noreplace) %{_sysconfdir}/samba/lmhosts +%attr(755,root,root) /%{_lib}/libnss_wins.so* +%attr(755,root,root) /%{_lib}/libnss_winbind.so* +%attr(755,root,root) /%{_lib}/security/pam_winbind.so +%attr(755,root,root) /%{_lib}/security/pam_smbpass.so + %{_includedir}/libsmbclient.h %{_libdir}/libsmbclient.a %{_libdir}/libsmbclient.so* @@ -483,6 +482,7 @@ %{_mandir}/man5/lmhosts.5* %{_mandir}/man8/smbpasswd.8* %{_mandir}/man7/libsmbclient.7* +%{_mandir}/man7/pam_winbind.7* %changelog * Fri Jan 16 2004 Gerald (Jerry) Carter [EMAIL PROTECTED],org Modified: branches/SAMBA_3_0_23/packaging/RHEL/samba.spec.tmpl === --- branches/SAMBA_3_0_23/packaging/RHEL/samba.spec.tmpl2006-08-07 18:25:04 UTC (rev 17443) +++ branches/SAMBA_3_0_23/packaging/RHEL/samba.spec.tmpl2006-08-07 18:25:28 UTC (rev 17444) @@ -351,11 +351,6 @@ %{_sbindir}/nmbd %{_sbindir}/winbindd -%attr(755,root,root) /%{_lib}/libnss_wins.so* -%attr(755,root,root) /%{_lib}/libnss_winbind.so* -%attr(755,root,root) /%{_lib}/security/pam_winbind.so -%attr(755,root,root) /%{_lib}/security/pam_smbpass.so - %{_bindir}/mksmbpasswd.sh %{_bindir}/smbcontrol %{_bindir}/smbstatus @@ -379,7 +374,6 @@ %{_mandir}/man8/nmbd.8* %{_mandir}/man8/pdbedit.8* %{_mandir}/man8/smbd.8* -%{_mandir}/man7/pam_winbind.7* %{_mandir}/man8/tdbbackup.8* %{_mandir}/man8/tdbdump.8* %{_mandir}/man8/winbindd.8* @@ -462,6 +456,11 @@ %config(noreplace) %{_sysconfdir}/samba/smb.conf %config(noreplace) %{_sysconfdir}/samba/lmhosts +%attr(755,root,root) /%{_lib}/libnss_wins.so* +%attr(755,root,root) /%{_lib}/libnss_winbind.so* +%attr(755,root,root) /%{_lib}/security/pam_winbind.so +%attr(755,root,root) /%{_lib}/security/pam_smbpass.so + %{_includedir}/libsmbclient.h %{_libdir}/libsmbclient.a %{_libdir}/libsmbclient.so* @@ -483,6 +482,7 @@ %{_mandir}/man5/lmhosts.5* %{_mandir}/man8/smbpasswd.8* %{_mandir}/man7/libsmbclient.7* +%{_mandir}/man7/pam_winbind.7* %changelog * Fri Jan 16 2004 Gerald (Jerry) Carter [EMAIL PROTECTED],org
svn commit: samba r17446 - in branches/SAMBA_3_0/source/utils: .
Author: vlendec Date: 2006-08-07 20:15:31 + (Mon, 07 Aug 2006) New Revision: 17446 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17446 Log: Fix some C++ warnings and two memleaks found by Coverity, IDs 304 and 305. Volker Modified: branches/SAMBA_3_0/source/utils/ntlm_auth.c Changeset: Modified: branches/SAMBA_3_0/source/utils/ntlm_auth.c === --- branches/SAMBA_3_0/source/utils/ntlm_auth.c 2006-08-07 18:55:42 UTC (rev 17445) +++ branches/SAMBA_3_0/source/utils/ntlm_auth.c 2006-08-07 20:15:31 UTC (rev 17446) @@ -676,10 +676,13 @@ return; } else if (strncmp(buf, GK, 2) == 0) { DEBUG(10, (Requested NTLMSSP session key\n)); - if(have_session_key) - x_fprintf(x_stdout, GK %s\n, base64_encode_data_blob(session_key)); - else + if(have_session_key) { + char *key64 = base64_encode_data_blob(session_key); + x_fprintf(x_stdout, GK %s\n, key64?key64:NULL); + SAFE_FREE(key64); + } else { x_fprintf(x_stdout, BH\n); + } data_blob_free(request); return; @@ -803,7 +806,9 @@ DEBUG(10, (Requested session key\n)); if(have_session_key) { - x_fprintf(x_stdout, GK %s\n, base64_encode_data_blob(session_key)); + char *key64 = base64_encode_data_blob(session_key); + x_fprintf(x_stdout, GK %s\n, key64?key64:NULL); + SAFE_FREE(key64); } else { x_fprintf(x_stdout, BH\n); @@ -873,7 +878,7 @@ char *user, *pass; user=buf; - pass=memchr(buf,' ',length); + pass=(char *)memchr(buf,' ',length); if (!pass) { DEBUG(2, (Password not found. Denying access\n)); x_fprintf(x_stdout, ERR\n); @@ -1318,7 +1323,8 @@ return False; } - principal = SMB_MALLOC(spnego.negTokenInit.mechListMIC.length+1); + principal = (char *)SMB_MALLOC( + spnego.negTokenInit.mechListMIC.length+1); if (principal == NULL) { DEBUG(1, (Could not malloc principal\n)); @@ -1963,7 +1969,7 @@ exit(0); } - c=memchr(buf,'\n',sizeof(buf)-1); + c=(char *)memchr(buf,'\n',sizeof(buf)-1); if (c) { *c = '\0'; length = c-buf;
svn commit: samba r17448 - in branches/SAMBA_4_0/source/libnet: .
Author: mimir Date: 2006-08-07 20:29:18 + (Mon, 07 Aug 2006) New Revision: 17448 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17448 Log: Define macros to set fields in api function modifying user account. rafal Modified: branches/SAMBA_4_0/source/libnet/libnet_user.c branches/SAMBA_4_0/source/libnet/libnet_user.h Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_user.c === --- branches/SAMBA_4_0/source/libnet/libnet_user.c 2006-08-07 20:28:09 UTC (rev 17447) +++ branches/SAMBA_4_0/source/libnet/libnet_user.c 2006-08-07 20:29:18 UTC (rev 17448) @@ -543,42 +543,39 @@ user = info-out.info.info21; mod-fields = 0;/* reset flag field before setting individual flags */ - /* -* account name change -*/ - if (r-in.account_name != NULL - !strequal_w(user-account_name.string, r-in.account_name)) { + /* account name change */ + SET_FIELD_LSA_STRING(r-in, user, mod, account_name, USERMOD_FIELD_ACCOUNT_NAME); - mod-account_name = talloc_strdup(mem_ctx, r-in.account_name); - if (mod-account_name == NULL) return NT_STATUS_NO_MEMORY; + /* full name change */ + SET_FIELD_LSA_STRING(r-in, user, mod, full_name, USERMOD_FIELD_FULL_NAME); - mod-fields |= USERMOD_FIELD_ACCOUNT_NAME; - } + /* description change */ + SET_FIELD_LSA_STRING(r-in, user, mod, comment, USERMOD_FIELD_DESCRIPTION); - /* -* full name change -*/ - if (r-in.full_name != NULL - !strequal_w(user-full_name.string, r-in.full_name)) { - - mod-full_name = talloc_strdup(mem_ctx, r-in.full_name); - if (mod-full_name == NULL) return NT_STATUS_NO_MEMORY; + /* comment change */ + SET_FIELD_LSA_STRING(r-in, user, mod, comment, USERMOD_FIELD_COMMENT); - mod-fields |= USERMOD_FIELD_FULL_NAME; - } + /* home directory change */ + SET_FIELD_LSA_STRING(r-in, user, mod, home_directory, USERMOD_FIELD_HOME_DIRECTORY); - /* -* description change -*/ - if (r-in.description != NULL - !strequal_w(user-description.string, r-in.description)) { + /* home drive change */ + SET_FIELD_LSA_STRING(r-in, user, mod, home_drive, USERMOD_FIELD_HOME_DRIVE); - mod-description = talloc_strdup(mem_ctx, r-in.description); - if (mod-description == NULL) return NT_STATUS_NO_MEMORY; + /* logon script change */ + SET_FIELD_LSA_STRING(r-in, user, mod, logon_script, USERMOD_FIELD_LOGON_SCRIPT); - mod-fields |= USERMOD_FIELD_DESCRIPTION; - } + /* profile path change */ + SET_FIELD_LSA_STRING(r-in, user, mod, profile_path, USERMOD_FIELD_PROFILE_PATH); + /* allow password change time */ + SET_FIELD_NTTIME(r-in, user, mod, allow_password_change, USERMOD_FIELD_ALLOW_PASS_CHG); + + /* force password change time */ + SET_FIELD_NTTIME(r-in, user, mod, force_password_change, USERMOD_FIELD_FORCE_PASS_CHG); + + /* account expiry change */ + SET_FIELD_NTTIME(r-in, user, mod, acct_expiry, USERMOD_FIELD_ACCT_EXPIRY); + return NT_STATUS_OK; } Modified: branches/SAMBA_4_0/source/libnet/libnet_user.h === --- branches/SAMBA_4_0/source/libnet/libnet_user.h 2006-08-07 20:28:09 UTC (rev 17447) +++ branches/SAMBA_4_0/source/libnet/libnet_user.h 2006-08-07 20:29:18 UTC (rev 17448) @@ -49,15 +49,40 @@ const char *account_name; const char *full_name; const char *description; + const char *home_directory; + const char *home_drive; const char *comment; const char *logon_script; const char *profile_path; struct timeval *acct_expiry; struct timeval *allow_password_change; struct timeval *force_password_change; + struct timeval *last_logon; + struct timeval *last_logoff; + struct timeval *last_password_change; uint32_t acct_flags; } in; struct { const char *error_string; } out; }; + + +#define SET_FIELD_LSA_STRING(new, current, mod, field, flag) \ + if (new.field != NULL \ + !strequal_w(current-field.string, new.field)) { \ + \ + mod-field = talloc_strdup(mem_ctx, new.field); \ + if (mod-field == NULL) return NT_STATUS_NO_MEMORY; \ + \ + mod-fields |= flag; \ + } + +#define SET_FIELD_NTTIME(new, current, mod, field, flag) \ + if (new.field != 0) { \ + NTTIME newval =
svn commit: samba r17449 - in branches/SAMBA_4_0/source/torture/libnet: .
Author: mimir Date: 2006-08-07 20:30:58 + (Mon, 07 Aug 2006) New Revision: 17449 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17449 Log: Add another field to the test before expanding the whole test to more complex form. rafal Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_user.c Changeset: Modified: branches/SAMBA_4_0/source/torture/libnet/libnet_user.c === --- branches/SAMBA_4_0/source/torture/libnet/libnet_user.c 2006-08-07 20:29:18 UTC (rev 17448) +++ branches/SAMBA_4_0/source/torture/libnet/libnet_user.c 2006-08-07 20:30:58 UTC (rev 17449) @@ -296,6 +296,7 @@ { NTSTATUS status; const char *binding; + struct dcerpc_binding *bind; struct dcerpc_pipe *p; TALLOC_CTX *prep_mem_ctx, *mem_ctx; struct policy_handle h; @@ -303,6 +304,7 @@ const char *name = TEST_USERNAME; struct libnet_context *ctx; struct libnet_ModifyUser req; + struct timeval allow_pass_chg; BOOL ret = True; prep_mem_ctx = talloc_init(prepare test_deleteuser); @@ -331,10 +333,21 @@ mem_ctx = talloc_init(test_modifyuser); + status = dcerpc_parse_binding(mem_ctx, binding, bind); + if (!NT_STATUS_IS_OK(status)) { + ret = False; + goto done; + } + ZERO_STRUCT(req); req.in.user_name = TEST_USERNAME; req.in.domain_name = lp_workgroup(); req.in.account_name = TEST_CHANGEDUSERNAME; + req.in.logon_script = start_login.cmd; + + if (gettimeofday(allow_pass_chg, NULL) == 0) { + req.in.allow_password_change = allow_pass_chg; + } status = libnet_ModifyUser(ctx, mem_ctx, req); if (!NT_STATUS_IS_OK(status)) {
svn commit: samba r17450 - in branches/SAMBA_4_0/source/libnet: .
Author: mimir Date: 2006-08-07 20:43:06 + (Mon, 07 Aug 2006) New Revision: 17450 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17450 Log: A bit more protection against memory allocation errors. rafal Modified: branches/SAMBA_4_0/source/libnet/libnet_user.h Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_user.h === --- branches/SAMBA_4_0/source/libnet/libnet_user.h 2006-08-07 20:30:58 UTC (rev 17449) +++ branches/SAMBA_4_0/source/libnet/libnet_user.h 2006-08-07 20:43:06 UTC (rev 17450) @@ -82,7 +82,8 @@ if (new.field != 0) { \ NTTIME newval = timeval_to_nttime(new.field); \ if (newval != current-field) { \ - mod-field = talloc_memdup(mem_ctx, new.field, sizeof(*new.field)); \ + mod-field = talloc_memdup(mem_ctx, new.field, sizeof(*new.field)); \ + if (mod-field == NULL) return NT_STATUS_NO_MEMORY; \ mod-fields |= flag; \ } \ }
Build status as of Tue Aug 8 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-08-07 00:00:10.0 + +++ /home/build/master/cache/broken_results.txt 2006-08-08 00:00:03.0 + @@ -1,18 +1,18 @@ -Build status as of Mon Aug 7 00:00:02 2006 +Build status as of Tue Aug 8 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 -ccache 25 4 0 -distcc 26 2 0 +ccache 24 4 0 +distcc 24 2 0 lorikeet-heimdal 0 0 0 ppp 15 0 0 -rsync26 0 0 +rsync24 0 0 samba0 0 0 samba-docs 0 0 0 -samba4 37 22 2 -samba_3_035 7 1 +samba4 36 22 2 +samba_3_035 6 0 smb-build22 22 0 talloc 27 10 0 -tdb 16 7 0 +tdb 18 8 0