[Samba] invalind encoding
Hi, in my network i have both windows XP and linux (ubuntu dapper) computers. For share files, i have installed a samba server (3.0.14a) on a debian sarge 3.1 The probleme is when i create a folder with a windows computer like Mes vidéos it don't appear like this on nautilus under linux and if i create the same folder from linux it don't appear well on windows explorer. Probably it is the charset encoding is bad. in the smb.conf on my server i append in the global section : unix charset = iso8859-1 codepage = cp850 i think i must use spécific codepage and / or charset with nls for the mount command on the linux client Have you an idea ? Thanks for your help bye Gweltaz siviniant -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd: Exceeding 200 client connections, no idle connection found
What is the status of https://bugzilla.samba.org/show_bug.cgi?id=3204 ? I am using latest available version of Samba from samba.org and it seems that this issue is not solved. Thanks Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] XP clients disconnected during trasnfer of larger files tothe samba server
Any suggestions to look into, or more debug info required? The box is running centos 4.3 final, up to date with the latest versions of CentOS updates,, it's running something like 3.0.10 or .11 - can't recall. 1:22 am. Off to bed... Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derrick MacPherson Sent: Thursday, August 10, 2006 5:47 PM To: samba@lists.samba.org Subject: [Samba] XP clients disconnected during trasnfer of larger files tothe samba server i'm having an issue when transferring large files to the samba servers from an xp client - files about 1GB or larger. about 70% into the transfer i get a network share no longer exists error and the transfer fails. I can pull down from the server fine with no issues. The XP machines are authenticating from a different Samba server though the problem is with that machine as well. Error and config posted below: (FYI - transfering same files and such work fine via FTP) My secondary server config: netbios name = 3Dsrv workgroup = VFX security = user server string = %h server (3D FileServer) password server = 192.168.0.210 username map = /etc/samba/smbusers idmap uid = 15000-2 idmap gid = 15000-2 name resolve order = bcast hosts template primary group = Domain Users template shell = /bin/bash winbind separator = + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16384 \ SO_RCVBUF=16384 oplocks = no smb log - i think this is relevant, though not sure: 2006/08/10 11:53:56, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2006/08/10 11:53:56, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2006/08/10 11:53:56, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2006/08/10 11:53:56, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer Primary server config: [global] name resolve order = bcast hosts passwd chat debug = yes idmap gid = 15000-2 passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew \sUNIX\spassword:* %n\n passwd program = /usr/bin/passwd %u netbios name = 2DSRV printing = CUPS idmap uid = 15000-2 logon script = logon.bat workgroup = VFX os level = 128 printcap name = CUPS security = user add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u delete user script = /usr/sbin/userdel -r %u log level = 4 add group script = /usr/sbin/groupadd %g socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u logon drive = domain master = yes username map = /etc/samba/smbusers use spnego = no encrypt passwords = yes passdb backend = tdbsam logon home = wins support = true server string = %h server (Domain Controller) unix password sync = yes logon path = add user script = /usr/sbin/useradd -m %u domain logons = yes -- Derrick MacPherson [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can't join a computer to my Samba PDC.
Benoit Callebaut [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I have installed Samba 3.0.22 amd 64 from Debian installed. Samba is working perfectly well a file server. But I can't join a computer to it either via a Win2K client or using the net rpc join command. Winbind,smbd and nmbd are running. I receive messages like given identification informations conflict with existing one Make sure you have no drives mapped to the server before joining the workstation to the domain. I have seen messages similar to this when mapped drives exist. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
At 00:44 11.08.2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david, HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier [Samba] Compiling and Configuring Samba for Mandrival) [EMAIL PROTECTED]:~ smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED ... I have attached a level 10 debug if that will help. This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 Hi, I have the same problem with a simple security = user, non-LDAP, non-windbindd etc. setup. I can workaround this for gid=100/groupname=users with: valid users = S-1-5-21-1540046517-542637695-1028676802-1201 My net getlocalsid: SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802 These didn't work: valid users = +users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = +Unix Group\users valid users = S-1-22-2-100 This seems also to be related on which versions of samba were working before on a machine (seems to depend on the contents of the .tdb), but so far I could always reproduce it when I delete most of the .tdb's except printer related and secrets.tdb. Maybe some net groupmap statements are now necessary for simple setups as well? bye, Franz. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] print command disabled when smbd linked against CUPS - why?
I know the 'print command' directive is disabled when printing via CUPS, the man page says so. Can anybody explain _why_ this is the case? My situation: I'm administering a package that shares a server with other applications. This proprietary unix package needs some help printing with the layout etc. so various sed/awk scripts need to take place before printing. This has been running using a print command in smb.conf for many years now, with great results. This was a server dedicated to our package. Now, after an update, we're going to share a Suse SLES 10 box, and samba is linked against CUPS. If CUPS were disabled, all printers must be configured manually - that wouldn't raise my popularity with the boys from central IT administration. Why isn't is possible to have a few printers with 'print command' and all other printers using CUPS? I don't understand the rationale behind this decision. Or do I really have to define a dozen specialized CUPS filters, where I have the script that works with 'print command' ready for testing now? That doesn't sound too attractive either. Thanks, Jurriaan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new problem: PDC is not member of own domain? (was: 'ldap machine suffix' is ignored?)
Mike A. Kuznetsov schrieb: If I try to save new permissions (without extended acl's, but they are supported) I see error (in russian in original, translate not equal): We havn't know about machine PDC - does it member of domain DOMAIN? Did you join your PDC to the domain? Something along the line of net rpc join -U root -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Out Of office
Ik ben afwezig vanaf 29/07/2006 en ik ben niet eerder terug dan 23/08/2006. Ik ben met verlof van 31 juli tot en met 22 augustus. Voor dringende zaken kan je mailen naar [EMAIL PROTECTED] - DISCLAIMER : De personeelsleden van het agentschap doen hun best om in e-mails betrouwbare informatie te geven. Toch kan niemand rechten doen gelden op basis van deze inhoud. Als in de e-mail een stellingname voorkomt, is dat niet noodzakelijk het standpunt van het agentschap. Rechtsgeldige beslissingen of officiele standpunten worden alleen per brief toegestuurd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] print command disabled when smbd linked against CUPS - why?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jurriaan Kalkman wrote: I know the 'print command' directive is disabled when printing via CUPS, the man page says so. Technically the print command is disabled when linked against libcups.so and you have printing = cups in a printer section. You can specify 'printing = bsd' for an individual printer and use a print command. Can anybody explain _why_ this is the case? Because when linked against libcups.so and configured to use cups, smbd talks to the library directly. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3HlbIR7qMdg1EfYRAkV4AKCLa3iC6y9TtyAry0XZincVRF044gCdF40C 9uX5pYp/XUz2CiDLeSY1dfA= =JUuS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd: Exceeding 200 client connections, no idle connection found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Komal Shah wrote: What is the status of https://bugzilla.samba.org/show_bug.cgi?id=3204 ? I am using latest available version of Samba from samba.org and it seems that this issue is not solved. Are you on FreeBSD as well ? I can't reproduce this bug. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3HnSIR7qMdg1EfYRAjhGAJ9NAbZN5RjSXMB6qSA5XLtG0Gz2lwCeOzAu Q+bdmBGPIRHybE4sxzpNsjs= =h3oC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: I have the same problem with a simple security = user, non-LDAP, non-windbindd etc. setup. I can workaround this for gid=100/groupname=users with: valid users = S-1-5-21-1540046517-542637695-1028676802-1201 My net getlocalsid: SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802 These didn't work: valid users = +users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = +Unix Group\users valid users = S-1-22-2-100 ok. Found the problem. It's smbpasswd. If you use tdbsam everything is fine. Patch forthcoming shortly. Sorry. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3H5VIR7qMdg1EfYRAlqTAJ0ZcnKBwL4cTSqjcjq5rHpITHoG7ACg633E fiP3Ihqaeu+zHUfltU8CbJE= =YTCJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] group changes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam Williams wrote: I'm not sure what you mean by user private groups. in /etc/group I have groups like: executive:x:743:usera,userb,userc and then in smb.conf in my shares i'll have valid users = @executive and it used to work fine but with 3.0.23b I had to use the nett add goupname unixgroup=executive to get groups working in samba, and I never had to do that before. Found the bug. Patch forthcoming shortly. You're using smbpasswd right ? jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3H+gIR7qMdg1EfYRAviDAKCqWyYnlvaRFNTqvkF0fI7ZwFpxbACg6UT5 0R6E4aLZ6CaXPy3qrxmOgy0= =CLnU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Incorrect handling of group permissions
Dear Samba developers, Please let me know if there are any solutions for the bug https://bugzilla.samba.org/show_bug.cgi?id=3990 It still does not work with samba-3.0.23b. The problem occurred on a production server, and I do not feel comfortable with world write permissions needed to overcome it. Many thanks in advance. With best regards, P. Trifonov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Password Chat/Sync problems with 3.0.23
Please ignore my colossal stupidity - I had an extra '%n' at the end of the chat string!!! Apologies all... Hi, Following an upgrade to 3.0.23, it appears that my UNIX password sync/chat is no longer working (although I can't confirm it wasn't broken in 3.0.21, it was working before). The XP clients throw up a no permission to change password error when the users attempt to renew passwords. I've carefully checked my password chat script and it appears to be OK. The logs files show: snip . [2006/08/11 12:26:14, 3] smbd/chgpasswd.c:chgpasswd(462) chgpasswd: Password change (as_root=Yes) for user: tester [2006/08/11 12:26:14, 3] smbd/chgpasswd.c:findpty(105) pty: try to open ptyp0, line was /dev/ptyXX [2006/08/11 12:26:14, 3] smbd/chgpasswd.c:findpty(105) pty: try to open ptyp1, line was /dev/ptyp0 [2006/08/11 12:26:14, 3] smbd/chgpasswd.c:chat_with_program(351) chat_with_program: Cannot Allocate pty for password change: tester . /snip relevant portion of smb.conf is: snip passdb backend = tdbsam passwd program = /root/smbpass.sh %u passwd chat = *Password* %n\n *Password* %n\n *Changed* %n\n passwd chat debug = yes unix password sync = Yes username map = /usr/local/etc/samba/smbusers /snip I've tried to simplify my password chat script to the simplest possible variation for test purposes: #!/bin/sh /usr/bin/passwd -l $1 echo Password Changed Thanks in advance... Rob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems trusting a w2003 domain server from samba 3
I have samba 3 PDC (SAMBA domain with hostname pevpdc) on CentOS 3.7 (package is named samba-3.0.9-1.3E.7) and I have a w2k3 sp1 domain (W2003 domain with hostname mailserver). The last is in mixed mode and is an exchange server and the former is without winbind, using smbpasswd backend and security = user in smb.conf. I would like to authenticate mailserver users through samba mgmt. So if I understand correctly, I need one-way trust relashionship where the SAMBA domain is the trusting one, while the W2003 domain is the trusted one. From w2003, in AD domains and trusts I create the new one-way-incoming trust specifying SAMBA as the domain and a password for the trust; then I select to confirm the incoming trust and so I have to specify an administrative user/password on SAMBA domain, but I get at the end of the wizard: The verification of the incoming trust failed with the following error(s): The target system PEVPDC does not support NetLogon trust password verification. A secure channel reset will be attempted. The secure channel reset failed with error 1355: The specified domain either does not exist or could not be contacted. and also in the same window: Before this trust can function it must also be created in the other domain. Ensure that the same trust password is used in both domains. I click anyway the Finish button, as I can validate in a second moment. In samba I run as root net rpc trustdom establish PEVIANIMAIL Password: [here I use the trust password supplied on the mailserver wizard] I get: Could not connect to server MAILSERVER [2006/08/11 14:47:58, 0] rpc_client/cli_pipe.c:cli_nt_session_open(1451) cli_nt_session_open: cli_nt_create failed on pipe \wkssvc to machine MAILSERVER. Error was NT_STATUS_ACCESS_DENIED [2006/08/11 14:47:58, 0] utils/net_rpc.c:rpc_trustdom_establish(4363) Couldn't not initialise wkssvc pipe What are the bits I'm missing? Would be sufficient to use winbind on samba? In this case is it the implementation of winbind doable without stopping samba services? What is the message related with the 1355 error in w2003 about secure channel? Thanks in advance for your help. Best regards, Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] new problem: PDC is not member of own domain? (was: 'ldap machine suffix' is ignored?)
Wolfgang Ratzka пишет: Mike A. Kuznetsov schrieb: If I try to save new permissions (without extended acl's, but they are supported) I see error (in russian in original, translate not equal): We havn't know about machine PDC - does it member of domain DOMAIN? Did you join your PDC to the domain? Something along the line of net rpc join -U root Yes, I tried it and PDC successfully joined DOMAIN But it didn't help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP+Samba only posixaccount possible?
Hi!Is it possible to get the samba authenticate a user and map to his homedirectory only using posixaccount or are there some attributes that windows absolutely require like in the samba-objectclasses?Any configuration examples if this is possible.I have been experimenting with pam.d/samba using pam_ldap.so module, but no success so far.Currently I have setup the server so it can authenticate a ssh user from ldap, using posixaccount attributes. and that works great.Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
I had the same problem on AIX with Samba 3.0.23b upgrading Samba 3.0.23a. The solution I found was to change all valid users to users. The documents still say valid users is acceptable; but it would not work once I went to 3.0.23b. Lamar -Original Message- From: Franz Sirl [mailto:[EMAIL PROTECTED] Sent: Friday, August 11, 2006 4:20 AM To: Gerald (Jerry) Carter Cc: samba Subject: Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect. At 00:44 11.08.2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david, HELP! On mandriva, I compiled samba from source and got it running, but I cannot connect from windows. (see my post from earlier [Samba] Compiling and Configuring Samba for Mandrival) [EMAIL PROTECTED]:~ smbclient //bonza/office Password: Domain=[RB_LAW] OS=[Unix] Server=[Samba 3.0.23b] tree connect failed: NT_STATUS_ACCESS_DENIED ... I have attached a level 10 debug if that will help. This is a standalone server. Attachments get stripped from the list. I need your smb.conf, a level 10 debug log from smbd, and output from the following tow commands * pdbedit -L -w | cut -d: -f1 * net groupmap list | cut -d\( -f1 Hi, I have the same problem with a simple security = user, non-LDAP, non-windbindd etc. setup. I can workaround this for gid=100/groupname=users with: valid users = S-1-5-21-1540046517-542637695-1028676802-1201 My net getlocalsid: SID for domain HOSTNAME is: S-1-5-21-1540046517-542637695-1028676802 These didn't work: valid users = +users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = +Unix Group\users valid users = S-1-22-2-100 This seems also to be related on which versions of samba were working before on a machine (seems to depend on the contents of the .tdb), but so far I could always reproduce it when I delete most of the .tdb's except printer related and secrets.tdb. Maybe some net groupmap statements are now necessary for simple setups as well? bye, Franz. Privileged and Confidential. This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Rankin wrote: From: Gerald (Jerry) Carter [EMAIL PROTECTED] ok. Found the problem. It's smbpasswd. If you use tdbsam everything is fine. Patch forthcoming shortly. Sorry. Aahah! I knew the coffee would help ; - ) Hey folks, Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch). It passes very basic testing for standalone servers using smbpasswd. And still has some discussion to go through before it will go into the tree for 3.0.23c. Also available at http://www.samba.org/~jerry/patches/ if the attachment gets messed up. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3J18IR7qMdg1EfYRAjK4AJ9bRS+cXFU0L3nMm9g+Hi+ExeXNxgCfb2/x Omcesq0DAeSWNOv0SGj5q6I= =LfCs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerald (Jerry) Carter wrote: Hey folks, Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch). Once more with feeling (and the attachment) jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3J3XIR7qMdg1EfYRAr/7AKDdjS+QHraNnUoT5pG/viQsFwcRbgCeNuBy H0ug4P2fgBPHZYDG3dgh9WI= =XCBZ -END PGP SIGNATURE- diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23b/source/auth/auth_util.c samba-3.0.23b-patched/source/auth/auth_util.c --- samba-3.0.23b/source/auth/auth_util.c 2006-08-07 11:46:33.0 -0500 +++ samba-3.0.23b-patched/source/auth/auth_util.c 2006-08-11 10:03:44.0 -0500 @@ -1052,9 +1052,8 @@ return NT_STATUS_NO_MEMORY; } - if (!lookup_name_smbconf(tmp_ctx, username, LOOKUP_NAME_ALL, -NULL, NULL, user_sid, type)) { - DEBUG(1, (lookup_name_smbconf for %s failed\n, username)); + if (!lookup_user_smbconf(tmp_ctx, username, user_sid, type)) { + DEBUG(1, (lookup_user_smbconf(%s) failed\n, username)); goto done; } diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23b/source/include/smb.h samba-3.0.23b-patched/source/include/smb.h --- samba-3.0.23b/source/include/smb.h 2006-07-10 11:27:52.0 -0500 +++ samba-3.0.23b-patched/source/include/smb.h 2006-08-11 10:03:44.0 -0500 @@ -272,7 +272,7 @@ #define LOOKUP_NAME_REMOTE 2 /* Ask others */ #define LOOKUP_NAME_ALL (LOOKUP_NAME_ISOLATED|LOOKUP_NAME_REMOTE) -#define LOOKUP_NAME_GROUP4 /* This is a NASTY hack for valid users = @foo +#define LOOKUP_NAME_GROUP4 /* (unused) This is a NASTY hack for valid users = @foo * where foo also exists in as user. */ /** diff -urN --exclude-from=/home/drizzt/jerry/tmp/diff.excludes samba-3.0.23b/source/passdb/lookup_sid.c samba-3.0.23b-patched/source/passdb/lookup_sid.c --- samba-3.0.23b/source/passdb/lookup_sid.c2006-08-07 11:46:33.0 -0500 +++ samba-3.0.23b-patched/source/passdb/lookup_sid.c2006-08-11 10:03:44.0 -0500 @@ -120,63 +120,6 @@ goto failed; } - /* -* Nasty hack necessary for too common scenarios: -* -* For 'valid users = +users' we know users is most probably not -* BUILTIN\users but the unix group users. This hack requires the -* admin to explicitly qualify BUILTIN if BUILTIN\users is meant. -* -* Please note that LOOKUP_NAME_GROUP can not be requested via for -* example lsa_lookupnames, it only comes into this routine via -* the expansion of group names coming in from smb.conf -*/ - - if ((flags LOOKUP_NAME_GROUP) ((grp = getgrnam(name)) != NULL)) { - - GROUP_MAP map; - - if (pdb_getgrgid(map, grp-gr_gid)) { - /* The hack gets worse. Handle the case where we have -* 'force group = +unixgroup' but unixgroup has a -* group mapping */ - - if (sid_check_is_in_builtin(map.sid)) { - domain = talloc_strdup( - tmp_ctx, builtin_domain_name()); - } else { - domain = talloc_strdup( - tmp_ctx, get_global_sam_name()); - } - - sid_copy(sid, map.sid); - type = map.sid_name_use; - goto ok; - } - - /* If we are using the smbpasswd backend, we need to use the -* algorithmic mapping for the unix group we find. This is -* necessary because when creating the NT token from the unix -* gid list we got from initgroups() we use gid_to_sid() that -* uses algorithmic mapping if pdb_rid_algorithm() is true. */ - - if (pdb_rid_algorithm() - (grp-gr_gid max_algorithmic_gid())) { - domain = talloc_strdup(tmp_ctx, get_global_sam_name()); - sid_compose(sid, get_global_sam_sid(), - pdb_gid_to_group_rid(grp-gr_gid)); - type = SID_NAME_DOM_GRP; - goto ok; - } - - if (lookup_unix_group_name(name, sid)) { - domain = talloc_strdup(tmp_ctx, -
[Samba] Domain migration from 2.2.x to 3.0.x
Hi, One of my customers is running a pretty old Redhat 8 (Psyche) server with Samba 2.2.something (I think 7). Next week I'm planned to upgrade his Redhat platform to SuSE 9.3 and also update his samba to 3.0.23b. My biggest worry is that this customer has about 14 workstations already in the 2.2.x domain. I would like to know WHAT to do so I won't have to re-add all those machines again, as this will take up a lot of my time. Eg Upgrading Samba without losing the workstation accounts etc... Thanks in advance (and cheers)... -- Rory Vieira rory dot vieira at gmail dot com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] share access problem with %G
Hi, I learning samba on SUSE 9.3 linux box. I followed the Samba Small Office Networking example to configure the server, but I have problem to access the share accounts / finsvcs until I changed the valid users from %G to @acctsdep. Here are the output from the console when I accessing the share accounts server01:~ # smbclient //server01/accounts -U jackyacct Password: Domain=[DOMAIN00] OS=[Unix] Server=[Samba 3.0.13-1.3-SUSE] tree connect failed: NT_STATUS_ACCESS_DENIED Could anyone tell me what I missed or I must setup the valid users using @UNIX-GROUP ? [global] workgroup = DOMAIN00 server string = SERVER01 map to guest = Bad User passwd program = /usr/bin/passwd %u username map = /etc/samba/smbusers #passwd chat = *New*Password* %n\n*Re-enter*new*password* %n\n *Password*changed* add user script = /usr/sbin/useradd -m '%u' delete user script = /usr/sbin/userdel -r '%u' add group script = /usr/sbin/groupadd '%g' delete group script = /usr/sbin/groupdel '%g' add user to group script = /usr/sbin/usermod -G '%g' '%u' force create mode = 0660 force directory mode = 0770 unix password sync = Yes printcap cache time = 750 printcap name = cups add machine script = /usr/sbin/useradd -c Machine Trust Account -d /var/lib/nobody -s /bin/false %m$ logon script = %u.bat logon path = \\%L\profiles\.msprofilefile://%25L/profiles/.msprofile logon drive = P: #logon home = \\%L\%U\.9xprofile file://%25L/%25U/.9xprofile domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap ssl = no printer admin = @ntadmin, root, administrator cups options = raw local master = Yes security = user [accounts] comment = Accounting Files path = /data/accounts #valid users = @acctsdep valid users = %g read only = No [finsvcs] comment = Financial Service Files path = /data/finsvcs valid users = %G read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] share access problem with %G
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jacky Chan wrote: [finsvcs] comment = Financial Service Files path = /data/finsvcs valid users = %G read only = No This makes no sense. It says to only allow whatever the user's primary group is. What are you trying to achieve? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3KjuIR7qMdg1EfYRAmRrAJ9mpmqpJRzym35gcMJgLK6ZpeIaAQCfWf6o xkvOfE1OQDenQCTFWQsZmMQ= =TiBb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: problems trusting a w2003 domain server from samba 3
It seems that I didn't understand quite well the concepts of trusting and trusted... :-( Watching deeper the documents at http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html and http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbb_act_kxlx.mspx?mfr=true and http://support.microsoft.com/default.aspx?scid=kb;en-us;325874 I understood that I had to establish the opposite of what I was trying to do... So, the configuration should be supported also without winbind on samba part. And infact I successfully created on samba server the inter domain trust account and then on w2003 I successfully created the OUTGOING trust for SAMBA domain. At the end I disabled the sid history for the users (i don't know if it is correct…) with the command: netdom trust W2003 /domain:SAMBA /quarantine:No /userO:admin_user /passwordo:admin_user_password MySamba users can now be granted access to resources in the AD domain. Infact if I create a share on the mailserver server, I can connect from a windows xp workstation of the SAMBA domain, without password asked. And this happens if for example I set different passwords for the user in the SAMBA domain and in the W2003 domain. SUCCESS! The problem is: On windows xp workstation connected as user gcecchi (authenticated on SAMBA domain) I have outlook 2003 that is configured for accessing mailserver on W2003 domain. When I open outllok, it always asks me the mailserver password, either in the case that the two domain passwords for the user are the same, or if they are different. Before trusting, if the passwords were different, there were the popup asking the one of the mailserver, otherwise the connection was (implicitly I suppose) attempted with the logon password and it succeeded How can I manage this and prevent outlook from asking password Any help would be appreciated. Thanks Gianluca On 8/11/06, Gianluca Cecchi [EMAIL PROTECTED] wrote: I have samba 3 PDC (SAMBA domain with hostname pevpdc) on CentOS 3.7 (package is named samba-3.0.9-1.3E.7) and I have a w2k3 sp1 domain (W2003 domain with hostname mailserver). The last is in mixed mode and is an exchange server and the former is without winbind, using smbpasswd backend and security = user in smb.conf. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] share access problem with %G
Hi Jerry, I followed the example ( http://de.samba.org/samba/docs/man/Samba-Guide/small.html) to study Samba. The configuration is came from the Samba example and I may not fully understood the configuration. I have a unix user jackyacct and assigned acctsdep as primary group. The unix directory access right is 775 and the group owner is acctsdep. The example mentioned Network users will be given access to these shares by way of group membership. Is %G means, all user within the group can access the share accounts ? I have tried %G and it does't work, after I did some research, I changed it to @unixgroup and it work finally. What %G means in this Samba example ? On 8/11/06, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jacky Chan wrote: [finsvcs] comment = Financial Service Files path = /data/finsvcs valid users = %G read only = No This makes no sense. It says to only allow whatever the user's primary group is. What are you trying to achieve? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3KjuIR7qMdg1EfYRAmRrAJ9mpmqpJRzym35gcMJgLK6ZpeIaAQCfWf6o xkvOfE1OQDenQCTFWQsZmMQ= =TiBb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] XP clients disconnected during trasnfer of larger files tothe samba server - BUMP
Anyone? Bueller? On Fri, 2006-08-11 at 01:23 -0700, Derrick MacPherson wrote: Any suggestions to look into, or more debug info required? The box is running centos 4.3 final, up to date with the latest versions of CentOS updates,, it's running something like 3.0.10 or .11 - can't recall. 1:22 am. Off to bed... Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derrick MacPherson Sent: Thursday, August 10, 2006 5:47 PM To: samba@lists.samba.org Subject: [Samba] XP clients disconnected during trasnfer of larger files tothe samba server i'm having an issue when transferring large files to the samba servers from an xp client - files about 1GB or larger. about 70% into the transfer i get a network share no longer exists error and the transfer fails. I can pull down from the server fine with no issues. The XP machines are authenticating from a different Samba server though the problem is with that machine as well. Error and config posted below: (FYI - transfering same files and such work fine via FTP) My secondary server config: netbios name = 3Dsrv workgroup = VFX security = user server string = %h server (3D FileServer) password server = 192.168.0.210 username map = /etc/samba/smbusers idmap uid = 15000-2 idmap gid = 15000-2 name resolve order = bcast hosts template primary group = Domain Users template shell = /bin/bash winbind separator = + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16384 \ SO_RCVBUF=16384 oplocks = no smb log - i think this is relevant, though not sure: 2006/08/10 11:53:56, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2006/08/10 11:53:56, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2006/08/10 11:53:56, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2006/08/10 11:53:56, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer Primary server config: [global] name resolve order = bcast hosts passwd chat debug = yes idmap gid = 15000-2 passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew \sUNIX\spassword:* %n\n passwd program = /usr/bin/passwd %u netbios name = 2DSRV printing = CUPS idmap uid = 15000-2 logon script = logon.bat workgroup = VFX os level = 128 printcap name = CUPS security = user add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u delete user script = /usr/sbin/userdel -r %u log level = 4 add group script = /usr/sbin/groupadd %g socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u logon drive = domain master = yes username map = /etc/samba/smbusers use spnego = no encrypt passwords = yes passdb backend = tdbsam logon home = wins support = true server string = %h server (Domain Controller) unix password sync = yes logon path = add user script = /usr/sbin/useradd -m %u domain logons = yes -- Derrick MacPherson [EMAIL PROTECTED] -- Derrick MacPherson [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba server print objects view in windows
Thanks for your reply! This has been really fun trying to configure Samba and learning the Linux world at the same time, it is indeed fascinating. I need the list to be browseable by users so that they can pick which printer they will want to install on their desktop, that which they may not know the name of, so I need to solve this problem with load printers = yes. Which brings up another question I hadwhen I set the browseable = yes and guest = yes in the printers section of smb.conf, testparm reveals that that section has browseable = no. Is that a default so that there is not a potential security hole and cannot be changed? I am thinking that this may solve this refresh issue but more, and more I am thinking that it is something different. Our environment is really unique in the sense that I would like this Samba server to be a MEMBER SERVER (non-PDC) of a Domain that is used strictly for print services and where access is governed by, and checked against accounts and associated permissions in active directory. It is part of the Microsoft AD domain currently. This is where the Samba concept gets confusing to me.what services do I need for this environment? NSS is currently configured to use LDAP to authenticate accounts on this Samba server (which is how all Unix servers in this environment are set up), but do I need that anymore now that it is part of an AD domain? What about winbind? I noticed in windows that the ACL's on these printers contained cryptic SID's at one point, I then turned on winbind and now those SIDs are resolved and show real AD accounts (much to my satisfaction) Winbind is used to resolve SIDs, what should be used to authenticate? That net rpc grant rights command does not work, it does not recognize my domain admin account on the already existing Active Directory domain. Thanks again for all the help! -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, August 10, 2006 2:03 PM To: Anni Evanoff Cc: samba@lists.samba.org Subject: Re: [Samba] samba server print objects view in windows -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anni Evanoff wrote: Printers and Faxes applet view seems to constantly refresh every five seconds..and with a list of about 2500 printers, it is nearly impossible to scroll down to a specific printer and connect to it before the refresh. This is most likely caused by MS' decision to break the print change notify protocol in Windows XP sp2. This is obviously not a viable solution for users. You can set load printers = no and have the user enter the UNC path in Start - Run to connect to the printer. Also if someone has the time to explain how I can take the printer admin line out, since it gives a deprecation error. I know I can get rid of the printer admin parameter with a permission assigned to an AD group (or should it be a group defined on the Samba server?) called the SePrinterOperatorprivilege, right? Yup. net rpc grant 'DOMAIN\Domain Admins' SePrintOperatorPrivilege - -U 'DOMAIN\Administrator' cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE257xIR7qMdg1EfYRAvI2AKCnyZsxtsVmk3BynkcfFB0gb7TQUACg3ezg esyRGbrWmUJlWn5MxeHmuBA= =aUiO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Connection Scripts
Hi all, I have a Samba Server(3.0.20B) setup on an AIX box with Windows clients accessing different Samba shares in support of ClearCase version control system. I want to put more security controls in place via Samba connection scripts to enforce that they are logged on to their Windows workstation with the same userid that they are trying to connect to the samba share. It appears that the Samba environment variables only capture the client ip address(%I) and client hostname(%M). Any help will be greatly appreciated. Thanks, Maurice Forte Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
At 17:08 11.08.2006, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Rankin wrote: From: Gerald (Jerry) Carter [EMAIL PROTECTED] ok. Found the problem. It's smbpasswd. If you use tdbsam everything is fine. Patch forthcoming shortly. Sorry. Aahah! I knew the coffee would help ; - ) Hey folks, Please try the attached patch (samba-3.0.23b-lookup_name_smbconf_v1.patch). It passes very basic testing for standalone servers using smbpasswd. And still has some discussion to go through before it will go into the tree for 3.0.23c. Also available at http://www.samba.org/~jerry/patches/ if the attachment gets messed up. Hi Jerry, the patch fixes the valid users problem for me. Or, to come back to the list of different syntaxes, these work: valid users = +users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 These didn't work: valid users = +Unix Group\users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-22-2-100 Thanks for the patch! On a side note, 3.0.23 series fixed the long delay/hang when accessing a samba share in explorer after a long pause nuisance for me, thanks for this as well! bye, Franz. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+Samba only posixaccount possible?
On Fri, 11 Aug 2006, Juha-Matti Ung wrote: Hi!Is it possible to get the samba authenticate a user and map to his homedirectory only using posixaccount or are there some attributes that windows absolutely require like in the samba-objectclasses? I'm 99% certain this isn't possible. Windows uses a different password hashing scheme from what Unix/Linux systems use, so the user's password must be stored in both forms. The only exception might be if you want to make your Windows machines send plaintext passwords, but I'm not even sure if that's supported on newer versions of Windows. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: the patch fixes the valid users problem for me. Or, to come back to the list of different syntaxes, these work: valid users = +users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 These didn't work: valid users = +Unix Group\users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-22-2-100 Thanks for the patch! I understand why now these don't work now. Second round of patches on the way. On a side note, 3.0.23 series fixed the long delay/hang when accessing a samba share in explorer after a long pause nuisance for me, thanks for this as well! Good news :-) Thanks. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3M4BIR7qMdg1EfYRAks4AJ9V0AWVUzuGwmGaPsWVo8QjIGTXJQCeLu+D 51IPyqOeK1dQIkUJqTVIf4k= =IhPQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain migration from 2.2.x to 3.0.x
On Fri, 11 Aug 2006, Rory Vieira wrote: One of my customers is running a pretty old Redhat 8 (Psyche) server with Samba 2.2.something (I think 7). Next week I'm planned to upgrade his Redhat platform to SuSE 9.3 and also update his samba to 3.0.23b. I did almost the exact same thing going from RedHat 7.2 with Samba 2.2 to Slackware 10.2 with Samba 3.0.22, and managed to pull it off with no real problems. My biggest worry is that this customer has about 14 workstations already in the 2.2.x domain. I would like to know WHAT to do so I won't have to re-add all those machines again, as this will take up a lot of my time. From memory, I believe you need to do the following: 1) Copy the machine accounts over, preserving the flags, the LM and NT hashed passwords, etc. They are just smbpasswd entries with special usernames (with $ in them), so this isn't all that complicated. With only 14 machines, I might just do it by hand. 2) Make sure the new server has the same NetBIOS name as the old. (This might not be necessary. On the other hand, you probably want to do it anyway.) 3) Make sure the new server has the same domain as the old. 4) Make sure the new server has the same SID as the old. There are lots of ways of doing this, but I believe the one I used was to run rpcclient's lookupsids command against the domain itself to get the old SID on 2.2.x, then I used net setlocalsid to set it on the new 3.0.22 system. Or something along those lines. :-) 5) This might or might not be necessary, but make sure the machine accounts have the same SID as before as well. That list might not be complete. For me, things were easier since I was moving from one machine to another in the process, so I could compare settings on both and make changes incrementally until I was satisfied everything was good. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Franz Sirl wrote: the patch fixes the valid users problem for me. Or, to come back to the list of different syntaxes, these work: valid users = +users valid users = S-1-5-21-1540046517-542637695-1028676802-1201 These didn't work: valid users = +Unix Group\users valid users = +HOSTNAME\users valid users = +BUILTIN\users valid users = S-1-22-2-100 Please test the patch. Supersedes the previous one. Also available from http://www.samba.org/~jerry/patches/ It's semi-ok that syntax you list doesn't work. You should really only worry about +users for local group names. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3NHbIR7qMdg1EfYRAj3nAJ4wtGGV5gZdfPex6VoqV0oR56U5jQCfenpt nngKKBmiJcVOXVi60MoQk4w= =e+/6 -END PGP SIGNATURE- Index: groupdb/mapping.c === --- groupdb/mapping.c (revision 17493) +++ groupdb/mapping.c (working copy) @@ -195,7 +195,7 @@ fstrcpy(map.nt_name, grpname); if (pdb_rid_algorithm()) { - rid = pdb_gid_to_group_rid( grp-gr_gid ); + rid = algorithmic_pdb_gid_to_group_rid( grp-gr_gid ); } else { if (!pdb_new_rid(rid)) { DEBUG(3, (Could not get a new RID for %s\n, Index: passdb/util_unixsids.c === --- passdb/util_unixsids.c (revision 17493) +++ passdb/util_unixsids.c (working copy) @@ -42,6 +42,12 @@ return sid_append_rid(sid, uid); } +BOOL uid_to_unix_groups_sid(gid_t gid, DOM_SID *sid) +{ + sid_copy(sid, global_sid_Unix_Groups); + return sid_append_rid(sid, gid); +} + const char *unix_users_domain_name(void) { return Unix User; Index: passdb/lookup_sid.c === --- passdb/lookup_sid.c (revision 17493) +++ passdb/lookup_sid.c (working copy) @@ -43,7 +43,6 @@ DOM_SID sid; enum SID_NAME_USE type; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); - struct group *grp; if (tmp_ctx == NULL) { DEBUG(0, (talloc_new failed\n)); @@ -120,63 +119,6 @@ goto failed; } - /* -* Nasty hack necessary for too common scenarios: -* -* For 'valid users = +users' we know users is most probably not -* BUILTIN\users but the unix group users. This hack requires the -* admin to explicitly qualify BUILTIN if BUILTIN\users is meant. -* -* Please note that LOOKUP_NAME_GROUP can not be requested via for -* example lsa_lookupnames, it only comes into this routine via -* the expansion of group names coming in from smb.conf -*/ - - if ((flags LOOKUP_NAME_GROUP) ((grp = getgrnam(name)) != NULL)) { - - GROUP_MAP map; - - if (pdb_getgrgid(map, grp-gr_gid)) { - /* The hack gets worse. Handle the case where we have -* 'force group = +unixgroup' but unixgroup has a -* group mapping */ - - if (sid_check_is_in_builtin(map.sid)) { - domain = talloc_strdup( - tmp_ctx, builtin_domain_name()); - } else { - domain = talloc_strdup( - tmp_ctx, get_global_sam_name()); - } - - sid_copy(sid, map.sid); - type = map.sid_name_use; - goto ok; - } - - /* If we are using the smbpasswd backend, we need to use the -* algorithmic mapping for the unix group we find. This is -* necessary because when creating the NT token from the unix -* gid list we got from initgroups() we use gid_to_sid() that -* uses algorithmic mapping if pdb_rid_algorithm() is true. */ - - if (pdb_rid_algorithm() - (grp-gr_gid max_algorithmic_gid())) { - domain = talloc_strdup(tmp_ctx, get_global_sam_name()); - sid_compose(sid, get_global_sam_sid(), - pdb_gid_to_group_rid(grp-gr_gid)); - type = SID_NAME_DOM_GRP; - goto ok; - } - - if (lookup_unix_group_name(name,
Re: [Samba] Domain migration from 2.2.x to 3.0.x
be sure to copy over all of the .tdb files under /var/*/samba Logan Shaw wrote: On Fri, 11 Aug 2006, Rory Vieira wrote: One of my customers is running a pretty old Redhat 8 (Psyche) server with Samba 2.2.something (I think 7). Next week I'm planned to upgrade his Redhat platform to SuSE 9.3 and also update his samba to 3.0.23b. I did almost the exact same thing going from RedHat 7.2 with Samba 2.2 to Slackware 10.2 with Samba 3.0.22, and managed to pull it off with no real problems. My biggest worry is that this customer has about 14 workstations already in the 2.2.x domain. I would like to know WHAT to do so I won't have to re-add all those machines again, as this will take up a lot of my time. From memory, I believe you need to do the following: 1) Copy the machine accounts over, preserving the flags, the LM and NT hashed passwords, etc. They are just smbpasswd entries with special usernames (with $ in them), so this isn't all that complicated. With only 14 machines, I might just do it by hand. 2) Make sure the new server has the same NetBIOS name as the old. (This might not be necessary. On the other hand, you probably want to do it anyway.) 3) Make sure the new server has the same domain as the old. 4) Make sure the new server has the same SID as the old. There are lots of ways of doing this, but I believe the one I used was to run rpcclient's lookupsids command against the domain itself to get the old SID on 2.2.x, then I used net setlocalsid to set it on the new 3.0.22 system. Or something along those lines. :-) 5) This might or might not be necessary, but make sure the machine accounts have the same SID as before as well. That list might not be complete. For me, things were easier since I was moving from one machine to another in the process, so I could compare settings on both and make changes incrementally until I was satisfied everything was good. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
From: Gerald (Jerry) Carter [EMAIL PROTECTED] Please test the patch. Supersedes the previous one. Also available from http://www.samba.org/~jerry/patches/ It's semi-ok that syntax you list doesn't work. You should really only worry about +users for local group names. OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. [EMAIL PROTECTED] src]# ll total 36072 drwxr-xr-x 9 david david 4096 Jul 21 11:26 samba-3.0.23a/ -rw-rw-r-- 1 david david 17683518 Jul 21 11:30 samba-3.0.23a.tar.gz drwxr-xr-x 9 david david 4096 Aug 11 15:08 samba-3.0.23b/ -rwxr--r-- 1 david david11033 Aug 11 12:11 samba-3.0.23b-lookup_name_smbconf_v1.patch* -rw-r--r-- 1 root root 17686227 Aug 8 07:50 samba-3.0.23b.tar.gz [EMAIL PROTECTED] src]# patch -p0 samba-3.0.23b-lookup_name_smbconf_v1.patch patching file samba-3.0.23b/source/auth/auth_util.c Hunk #1 FAILED at 1052. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/auth/auth_util.c.rej patching file samba-3.0.23b/source/include/smb.h Hunk #1 FAILED at 272. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/include/smb.h.rej patching file samba-3.0.23b/source/passdb/lookup_sid.c Hunk #1 FAILED at 120. Hunk #2 FAILED at 300. 2 out of 2 hunks FAILED -- saving rejects to file samba-3.0.23b/source/passdb/lookup_sid.c.rej patching file samba-3.0.23b/source/passdb/pdb_interface.c Hunk #1 FAILED at 1532. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/passdb/pdb_interface.c.rej patching file samba-3.0.23b/source/smbd/service.c Hunk #1 FAILED at 443. 1 out of 1 hunk FAILED -- saving rejects to file samba-3.0.23b/source/smbd/service.c.rej patching file samba-3.0.23b/source/smbd/share_access.c Hunk #1 FAILED at 94. Hunk #2 FAILED at 108. 2 out of 2 hunks FAILED -- saving rejects to file samba-3.0.23b/source/smbd/share_access.c.rej I know this is basic, but I haven't done it before and 'man patch' is not that helpful. -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Apply patches to Samba
We are using samba. I need help with 2 things: 1. how do I find out what version of samba am I using. Its on a Solaris ( http://www.experts-exchange.com/Networking/Unix_Networking/Q_21951745.html# ) 8 box. 2. ow do I apply the patch for the following vulnerability? http://www.samba.org/samba/security/CAN-2006-3403.html ( http://www.samba.org/samba/security/CAN-2006-3403.html ) When I click on the patch, it displays the code ( http://www.experts-exchange.com/Networking/Unix_Networking/Q_21951745.html# ). I am new to Solaris (which I am sure you can make out) so I need instructions on how to find current samba version installed and instructions to apply the above patch. Please be as detailed as possible. Thanks! - CONFIDENTIALITY NOTICE: The information in this E-Mail may be confidential and may be legally privileged. It is intended solely for the addressee(s). If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on this e-mail, is prohibited and may be unlawful. If you have received this E-Mail message in error, notify the sender by reply E-Mail and delete the message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. [EMAIL PROTECTED] src]# ll total 36072 drwxr-xr-x 9 david david 4096 Jul 21 11:26 samba-3.0.23a/ -rw-rw-r-- 1 david david 17683518 Jul 21 11:30 samba-3.0.23a.tar.gz drwxr-xr-x 9 david david 4096 Aug 11 15:08 samba-3.0.23b/ -rwxr--r-- 1 david david11033 Aug 11 12:11 samba-3.0.23b-lookup_name_smbconf_v1.patch* -rw-r--r-- 1 root root 17686227 Aug 8 07:50 samba-3.0.23b.tar.gz run the following commands $ wget \ http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2.patch $ tar zxvf samba-3.0.23b.tar.gz $ cd samba-3.0.23b $ patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch $ cd source $ make proto $ make cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3On1IR7qMdg1EfYRAs4OAKDHBqGBULjGY+FgcumMniQfDQpBRwCfaOKq UHEnR8Nz3CACkxbGsPkotOc= =HJuv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
From: Gerald (Jerry) Carter [EMAIL PROTECTED] david rankin wrote: OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. run the following commands $ wget \ http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2.patch $ tar zxvf samba-3.0.23b.tar.gz $ cd samba-3.0.23b All done, that's how I compiled it from source the first time. $ patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch $ cd source $ make proto $ make I must be having a really really bad day [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch patching file source/auth/auth_util.c Hunk #1 FAILED at 1052. 1 out of 1 hunk FAILED -- saving rejects to file source/auth/auth_util.c.rej patching file source/include/smb.h Hunk #1 FAILED at 272. 1 out of 1 hunk FAILED -- saving rejects to file source/include/smb.h.rej patching file source/passdb/lookup_sid.c Hunk #1 FAILED at 120. Hunk #2 FAILED at 300. 2 out of 2 hunks FAILED -- saving rejects to file source/passdb/lookup_sid.c.rej patching file source/passdb/pdb_interface.c Hunk #1 FAILED at 1532. 1 out of 1 hunk FAILED -- saving rejects to file source/passdb/pdb_interface.c.rej patching file source/smbd/service.c Hunk #1 FAILED at 443. 1 out of 1 hunk FAILED -- saving rejects to file source/smbd/service.c.rej patching file source/smbd/share_access.c Hunk #1 FAILED at 94. Hunk #2 FAILED at 108. 2 out of 2 hunks FAILED -- saving rejects to file source/smbd/share_access.c.rej Go Figure??? -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] share access problem with %G
On Sat, 12 Aug 2006 00:14:37 +0800 Jacky Chan [EMAIL PROTECTED] wrote: Hi Jerry, I followed the example ( http://de.samba.org/samba/docs/man/Samba-Guide/small.html) to study Samba. The configuration is came from the Samba example and I may not fully understood the configuration. I have a unix user jackyacct and assigned acctsdep as primary group. The unix directory access right is 775 and the group owner is acctsdep. The example mentioned Network users will be given access to these shares by way of group membership. Is %G means, all user within the group can access the share accounts ? I have tried %G and it does't work, after I did some research, I changed it to @unixgroup and it work finally. What %G means in this Samba example ? On 8/11/06, Gerald (Jerry) Carter [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jacky Chan wrote: [finsvcs] comment = Financial Service Files path = /data/finsvcs valid users = %G read only = No This makes no sense. It says to only allow whatever the user's primary group is. What are you trying to achieve? cheers, jerry %G returns the primary group of an user and valid users accepts @group_name as a valid value (there are others). I've never tested something like @%G. At smb.conf man page you'll find an explanation of how this stanza works, the values you can use and also how they can be used. If used correctly it will help you a lot. Good luck. -- Miguel Da Silva. Servicio de Informatica. Facultad de Ciencias. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 david rankin wrote: [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch patching file source/auth/auth_util.c Hunk #1 FAILED at 1052. 1 out of 1 hunk FAILED -- saving rejects to file No idea. I double checked the patch to make sure it applies cleanly. jerry6 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3P1SIR7qMdg1EfYRAuSqAKCbPOl9kpvZQp7l9QBHKmRwAk/sTwCgzrHX yaRNb4QimA/JAxbNpI5Ayfc= =vkbr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PrintPreview extremely slow with Samba network printers
I am using Microsoft .NET (2.0) PrintPreviewDialog to preview reports, and all works well when the Windows default printer is set to a local printer or a network printer on a Windows server, but if I set it to a Samba network printer, it slows down to a crawl. With a Windows server network printer, it takes about 10 seconds to render 100 pages. With a Samba network printer, it takes over 5 minutes! I can see that the preview control is generating heavy network traffic (5-6% of a 1GB network connection) continuously throughout the 5 minutes it takes to generate the preview, which probably is why it is so slow. My environment: Workstation: 3.2 GHz Dual Xeon, 1GB RAM, 1GB NIC, OS: WinXP SP2 Server: Dual Xeon 2.8 GHz, 2GB RAM, 1GB NIC, OS: RH ES 3.x Samba version: Samba 3.0.9. The printer is a HP LaserJet 4200N. I have tried different printer drivers, printers and Samba servers + versions. I am hoping there is a setting or similar in Samba that would resolve this. My current smb.conf: [global] Netbios name = main-lin5 workgroup = acme os level = 33 security = user server string = Samba Server hosts allow = 10. 127. hide unreadable = yes browseable = yes encrypt passwords = yes add machine script = /usr/sbin/useradd -c 'Machine account' -d /dev/null -g 100 -s /bin/false -M %u wins support = yes create mask = 0660 directory mask = 0770 # Start of Lock specific settings oplocks = no level2 oplocks = no strict locking = no # End of Lock specific settings printcap name = /etc/printcap load printers = yes use client driver = yes printing = lprng log file = /var/log/samba/%m.log log level = 1 max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes [netlogon] comment = Network Logon Service path = /d1/home/netlogon guest ok = no writable = no write list = @mis share modes = no [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = no printable = yes [tmp] comment = Temporary file space path = /tmp read only = no public = yes snip (more disk shares...) Any help on this would be greatly appreciated! Thanks, Lars __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba log hell
Setup: Running Gentoo linux 2.6X kenel Samba 3.0.23 I'm having a time getting samba working after having it working for mnths. I did do a major update world. That kind of update on Gentoo can involve many other apps. At the end when adjusting files under /etc/ that may have newer versions, I rejected the new smb.conf keeping my old config which is still in place so the trouble may be coming from somewhere else. It seems something has suddenly chagned whereby I cannot access any linux shares from windows. Attempting to get some details of the failure from the logs seem fruitless since the log output is literally huge and nothing stands out with big letters `error'. Maybe some kind soul can tell me what would be usefull to post here. I'm just not prepared to understand 670 lines of output for one connection attempt. And that is with `log level' cranked down to 3. The following area from one of the two logs produced by this connection attempt, seems to be important but even this small chunk defies understanding far as I can see: The `Sid' lines seem to be telling something but who knows what. Then finally it shows a ACCESS_DENIED. `reader' and `Harry' are the only two authorized users and listed as `valid users' on each share in smb.conf. (I've inlined smb.conf for reference following this message and log output.) What provoked this piece of log is an attempt from machine `harvey' to login to samba share on machine `reader'. The incoming user is also `reader'. [...] [2006/08/11 13:38:11, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid reader does not start with 'S-'. [2006/08/11 13:38:11, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid Harry does not start with 'S-'. [2006/08/11 13:38:11, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/08/11 13:38:11, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/08/11 13:38:11, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/08/11 13:38:11, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/08/11 13:38:11, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2006/08/11 13:38:11, 3] smbd/uid.c:push_conn_ctx(345) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2006/08/11 13:38:11, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2006/08/11 13:38:11, 3] smbd/sec_ctx.c:pop_sec_ctx(339) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/08/11 13:38:11, 2] smbd/service.c:make_connection_snum(571) user 'reader' (from session setup) not permitted to access this share (smReader) [2006/08/11 13:38:11, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED [2006/08/11 13:38:11, 3] smbd/process.c:process_smb(1110) Transaction 4 of length 43 [2006/08/11 13:38:11, 3] smbd/process.c:switch_message(914) switch message SMBulogoffX (pid 4834) conn 0x0 [2006/08/11 13:38:11, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/08/11 13:38:11, 3] smbd/reply.c:reply_ulogoffX(1618) ulogoffX vuid=101 [2006/08/11 13:38:11, 3] smbd/process.c:timeout_processing(1359) timeout_processing: End of file from client (client has disconnected). [2006/08/11 13:38:11, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/08/11 13:38:11, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2006/08/11 13:38:11, 3] smbd/server.c:exit_server_common(675) Server exit (normal exit) [2006/08/11 13:38:11, 3] auth/auth.c:check_ntlm_password(221) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [...] Then about 60 more lines and I see: [2006/08/11 14:05:19, 3] auth/auth.c:check_ntlm_password(270) check_ntlm_password: sam authentication for user [reader] succeeded === smb.conf: #=== Global Settings = [global] # 1. Server Naming Options: # workgroup = NT-Domain-Name or Workgroup-Name workgroup = home # netbios name is the name you will see in Network Neighbourhood, # but defaults to your hostname ; netbios name = name_of_this_server # server string is the equivalent of the NT Description field server string = Samba_%v # Message command is run by samba when a popup message is sent to it. # The example below is for use with LinPopUp: ; message command = /usr/bin/linpopup %f %m %s; rm %s # 2. Printing Options: # CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = cups load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported
Re: [Samba] 3.0.20 - 3.0.23 SID/group error?? Won't connect.
On Friday 11 August 2006 18:04, david rankin wrote: From: Gerald (Jerry) Carter [EMAIL PROTECTED] david rankin wrote: OK, Help, what am I doing wrong with the patch?? How do is get the patch installed? Here is what I did that didn't work. run the following commands $ wget \ http://www.samba.org/~jerry/patches/samba-3.0.23b-lookup_name_smbconf_v2. patch $ tar zxvf samba-3.0.23b.tar.gz $ cd samba-3.0.23b All done, that's how I compiled it from source the first time. $ patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch $ cd source $ make proto $ make I must be having a really really bad day [EMAIL PROTECTED] samba-3.0.23b]# patch -p1 ../samba-3.0.23b-lookup_name_smbconf_v1.patch Notice you are still using v1: the patch ends in v2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba log hell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Setup: Running Gentoo linux 2.6X kenel Samba 3.0.23 I would recommend you start by getting 3.0.23b + the lookup_name_smbconf_v2.patch file from http://www.samba.org/~jerry/patches/ It seems something has suddenly chagned whereby I cannot access any linux shares from windows. Yup. You need 3.0.23b plus the patch I posted today. You're using an smbpasswd file right ? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3R9hIR7qMdg1EfYRAvgoAJ9V9q93WhiYR6rqQEYGJUroOqhf/wCguI31 YCpHQPR7milZy/CkBtvQxL8= =07Sy -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba log hell
Gerald (Jerry) Carter [EMAIL PROTECTED] writes: It seems something has suddenly chagned whereby I cannot access any linux shares from windows. Yup. You need 3.0.23b plus the patch I posted today. You're using an smbpasswd file right ? Yes, Ok, working on it, but I don't understand why this quit working suddenly. I'll need to by-pass the gentoo installation or apps proceedure and build it myself to get that version. What do you think is going to change by doing this? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba log hell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Gerald (Jerry) Carter [EMAIL PROTECTED] writes: It seems something has suddenly chagned whereby I cannot access any linux shares from windows. Yup. You need 3.0.23b plus the patch I posted today. You're using an smbpasswd file right ? Yes, Ok, working on it, but I don't understand why this quit working suddenly. I would suggest reviewing the archive for the list over the past two weeks. What do you think is going to change by doing this? We fixed bugs that are probably affecting your installation. If you don't want to to go the trouble of getting the latest code, that's up to you. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3TcXIR7qMdg1EfYRAniNAKDgPLfCub8p3yzBpoL9SrqOgvcMxACg6lLN fbcLMee2GLvDGlR3UXtsMl4= =i7u/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] XP clients disconnected during trasnfer of larger files tothe samba server
What am I missing? Is ther esome more info I can add to get someone to respond? Is there a better place to be getting help? -Original Message- From: Derrick MacPherson Sent: Friday, August 11, 2006 1:23 AM To: Derrick MacPherson; samba@lists.samba.org Subject: RE: [Samba] XP clients disconnected during trasnfer of larger files tothe samba server Any suggestions to look into, or more debug info required? The box is running centos 4.3 final, up to date with the latest versions of CentOS updates,, it's running something like 3.0.10 or .11 - can't recall. 1:22 am. Off to bed... Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Derrick MacPherson Sent: Thursday, August 10, 2006 5:47 PM To: samba@lists.samba.org Subject: [Samba] XP clients disconnected during trasnfer of larger files tothe samba server i'm having an issue when transferring large files to the samba servers from an xp client - files about 1GB or larger. about 70% into the transfer i get a network share no longer exists error and the transfer fails. I can pull down from the server fine with no issues. The XP machines are authenticating from a different Samba server though the problem is with that machine as well. Error and config posted below: (FYI - transfering same files and such work fine via FTP) My secondary server config: netbios name = 3Dsrv workgroup = VFX security = user server string = %h server (3D FileServer) password server = 192.168.0.210 username map = /etc/samba/smbusers idmap uid = 15000-2 idmap gid = 15000-2 name resolve order = bcast hosts template primary group = Domain Users template shell = /bin/bash winbind separator = + socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=16384 \ SO_RCVBUF=16384 oplocks = no smb log - i think this is relevant, though not sure: 2006/08/10 11:53:56, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2006/08/10 11:53:56, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2006/08/10 11:53:56, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2006/08/10 11:53:56, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer Primary server config: [global] name resolve order = bcast hosts passwd chat debug = yes idmap gid = 15000-2 passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew \sUNIX\spassword:* %n\n passwd program = /usr/bin/passwd %u netbios name = 2DSRV printing = CUPS idmap uid = 15000-2 logon script = logon.bat workgroup = VFX os level = 128 printcap name = CUPS security = user add machine script = /usr/sbin/useradd -s /bin/false/ -d /var/lib/nobody %u delete user script = /usr/sbin/userdel -r %u log level = 4 add group script = /usr/sbin/groupadd %g socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u logon drive = domain master = yes username map = /etc/samba/smbusers use spnego = no encrypt passwords = yes passdb backend = tdbsam logon home = wins support = true server string = %h server (Domain Controller) unix password sync = yes logon path = add user script = /usr/sbin/useradd -m %u domain logons = yes -- Derrick MacPherson [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r17487 - in branches/SAMBA_3_0/examples/LDAP: .
Author: abartlet Date: 2006-08-11 06:44:31 + (Fri, 11 Aug 2006) New Revision: 17487 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17487 Log: Allocate some OID space for Samba4, so we don't trip on each other. Andrew Bartlett Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema Changeset: Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema === --- branches/SAMBA_3_0/examples/LDAP/samba.schema 2006-08-11 04:47:46 UTC (rev 17486) +++ branches/SAMBA_3_0/examples/LDAP/samba.schema 2006-08-11 06:44:31 UTC (rev 17487) @@ -14,6 +14,10 @@ ## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes ## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses ## +## Samba4 +## 1.3.6.1.4.1.7165.4.1.x - attributetypes +## 1.3.6.1.4.1.7165.4.2.x - objectclasses +## ## - READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS -- ## ## Run the 'get_next_oid' bash script in this directory to find the @@ -38,6 +42,7 @@ # objectIdentifier Samba3 SambaRoot:2 # objectIdentifier Samba3Attrib Samba3:1 # objectIdentifier Samba3ObjectClass Samba3:2 +# objectIdentifier Samba4 SambaRoot:4 ##HISTORICAL ##
svn commit: samba r17488 - in branches/SAMBA_4_0/source: lib lib/crypto torture/local
Author: metze Date: 2006-08-11 08:02:43 + (Fri, 11 Aug 2006) New Revision: 17488 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17488 Log: - add SHA1 and HMACSHA1 functions, based on rfc 2104,2202,3174 - and add torture tests also based on the rfc's metze Added: branches/SAMBA_4_0/source/lib/crypto/hmacsha1.c branches/SAMBA_4_0/source/lib/crypto/hmacsha1.h branches/SAMBA_4_0/source/lib/crypto/hmacsha1test.c branches/SAMBA_4_0/source/lib/crypto/sha1.c branches/SAMBA_4_0/source/lib/crypto/sha1.h branches/SAMBA_4_0/source/lib/crypto/sha1test.c Modified: branches/SAMBA_4_0/source/lib/basic.mk branches/SAMBA_4_0/source/lib/crypto/crypto.h branches/SAMBA_4_0/source/torture/local/config.mk Changeset: Sorry, the patch is too large (838 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17488
svn commit: samba r17489 - in branches/SAMBA_4_0/source/script/tests: .
Author: metze Date: 2006-08-11 09:35:52 + (Fri, 11 Aug 2006) New Revision: 17489 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17489 Log: run the crypto tests with test metze Modified: branches/SAMBA_4_0/source/script/tests/test_local.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/test_local.sh === --- branches/SAMBA_4_0/source/script/tests/test_local.sh2006-08-11 08:02:43 UTC (rev 17488) +++ branches/SAMBA_4_0/source/script/tests/test_local.sh2006-08-11 09:35:52 UTC (rev 17489) @@ -3,7 +3,7 @@ local_tests=LOCAL-NTLMSSP LOCAL-TALLOC LOCAL-MESSAGING LOCAL-IRPC local_tests=$local_tests LOCAL-BINDING LOCAL-IDTREE LOCAL-SOCKET local_tests=$local_tests LOCAL-PAC LOCAL-STRLIST LOCAL-SDDL LOCAL-NDR -local_tests=$local_tests LOCAL-EVENT +local_tests=$local_tests LOCAL-EVENT LOCAL-CRYPTO-SHA1 LOCAL-CRYPTO-HMACSHA1 if [ $# -lt 0 ]; then cat EOF
svn commit: samba r17490 - in branches/SAMBA_4_0/source/lib/crypto: .
Author: metze Date: 2006-08-11 10:49:38 + (Fri, 11 Aug 2006) New Revision: 17490 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17490 Log: add all test values from rfc 2202 metze Modified: branches/SAMBA_4_0/source/lib/crypto/hmacsha1test.c Changeset: Modified: branches/SAMBA_4_0/source/lib/crypto/hmacsha1test.c === --- branches/SAMBA_4_0/source/lib/crypto/hmacsha1test.c 2006-08-11 09:35:52 UTC (rev 17489) +++ branches/SAMBA_4_0/source/lib/crypto/hmacsha1test.c 2006-08-11 10:49:38 UTC (rev 17490) @@ -1,9 +1,37 @@ +/* + Unix SMB/CIFS implementation. + HMAC SHA-1 tests + Copyright (C) Stefan Metzmacher + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ #include includes.h - #include lib/crypto/crypto.h struct torture_context; +static DATA_BLOB data_blob_repeat_byte(uint8_t byte, size_t length) +{ + DATA_BLOB b = data_blob(NULL, length); + memset(b.data, byte, length); + return b; +} + +/* + This uses the test values from rfc2202 +*/ BOOL torture_local_crypto_hmacsha1(struct torture_context *torture) { BOOL ret = True; @@ -11,33 +39,59 @@ struct { DATA_BLOB key; DATA_BLOB data; - DATA_BLOB digest; + DATA_BLOB sha1; } testarray[] = { { - .key= strhex_to_data_blob(0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b), + .key= data_blob_repeat_byte(0x0b, 20), .data = data_blob_string_const(Hi There), - .digest = strhex_to_data_blob(b617318655057264e28bc0b6fb378c8ef146be00) + .sha1 = strhex_to_data_blob(b617318655057264e28bc0b6fb378c8ef146be00) + },{ + .key= data_blob_string_const(Jefe), + .data = data_blob_string_const(what do ya want for nothing?), + .sha1 = strhex_to_data_blob(effcdf6ae5eb2fa2d27416d5f184df9c259a7c79) + },{ + .key= data_blob_repeat_byte(0xaa, 20), + .data = data_blob_repeat_byte(0xdd, 50), + .sha1 = strhex_to_data_blob(125d7342b9ac11cd91a39af48aa17b4f63f175d3) + },{ + .key= strhex_to_data_blob(0102030405060708090a0b0c0d0e0f10111213141516171819), + .data = data_blob_repeat_byte(0xcd, 50), + .sha1 = strhex_to_data_blob(4c9007f4026250c6bc8414f9bf50c86c2d7235da) + },{ + .key= data_blob_repeat_byte(0x0c, 20), + .data = data_blob_string_const(Test With Truncation), + .sha1 = strhex_to_data_blob(4c1a03424b55e07fe7f27be1d58bb9324a9a5a04) + /* sha1-96 = 0x4c1a03424b55e07fe7f27be1 */ + },{ + .key= data_blob_repeat_byte(0xaa, 80), + .data = data_blob_string_const(Test Using Larger Than Block-Size Key - Hash Key First), + .sha1 = strhex_to_data_blob(aa4ae5e15272d00e95705637ce8a3b55ed402112) + },{ + .key= data_blob_repeat_byte(0xaa, 80), + .data = data_blob_string_const(Test Using Larger Than Block-Size Key +and Larger Than One Block-Size Data), + .sha1 = strhex_to_data_blob(e8e99d0f45237d786d6bbaa7965c7808bbff1a91) } }; for (i=0; i ARRAY_SIZE(testarray); i++) { struct HMACSHA1Context ctx; - uint8_t digest[SHA1HashSize]; + uint8_t sha1[SHA1HashSize]; int e; hmac_sha1_init(testarray[i].key.data, testarray[i].key.length, ctx); hmac_sha1_update(testarray[i].data.data, testarray[i].data.length, ctx); - hmac_sha1_final(digest, ctx); + hmac_sha1_final(sha1, ctx); - e = memcmp(testarray[i].digest.data, - digest, - MIN(testarray[i].digest.length, SHA1HashSize)); + e = memcmp(testarray[i].sha1.data, + sha1, + MIN(testarray[i].sha1.length, sizeof(sha1))); if (e != 0) { - printf(test[%u]: failed\n, i); +
svn commit: samba r17491 - in branches/SAMBA_4_0/source/torture/local: .
Author: metze Date: 2006-08-11 11:23:50 + (Fri, 11 Aug 2006) New Revision: 17491 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17491 Log: I forgot to commit this...fix make test...sorry:-) metze Modified: branches/SAMBA_4_0/source/torture/local/local.c Changeset: Modified: branches/SAMBA_4_0/source/torture/local/local.c === --- branches/SAMBA_4_0/source/torture/local/local.c 2006-08-11 10:49:38 UTC (rev 17490) +++ branches/SAMBA_4_0/source/torture/local/local.c 2006-08-11 11:23:50 UTC (rev 17491) @@ -51,6 +51,8 @@ TALLOC_CTX *mem_ctx = talloc_autofree_context(); register_torture_op(LOCAL-TALLOC, torture_local_talloc); + register_torture_op(LOCAL-CRYPTO-SHA1, torture_local_crypto_sha1); + register_torture_op(LOCAL-CRYPTO-HMACSHA1, torture_local_crypto_hmacsha1); for (i = 0; suite_generators[i]; i++) torture_register_suite(suite_generators[i](mem_ctx));
svn commit: samba r17492 - in branches/SAMBA_4_0/source: lib/crypto torture/local
Author: metze Date: 2006-08-11 11:26:58 + (Fri, 11 Aug 2006) New Revision: 17492 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17492 Log: add a test with the example values from rfc1321 (MD5) metze Added: branches/SAMBA_4_0/source/lib/crypto/md5test.c Modified: branches/SAMBA_4_0/source/torture/local/config.mk branches/SAMBA_4_0/source/torture/local/local.c Changeset: Added: branches/SAMBA_4_0/source/lib/crypto/md5test.c === --- branches/SAMBA_4_0/source/lib/crypto/md5test.c 2006-08-11 11:23:50 UTC (rev 17491) +++ branches/SAMBA_4_0/source/lib/crypto/md5test.c 2006-08-11 11:26:58 UTC (rev 17492) @@ -0,0 +1,87 @@ +/* + Unix SMB/CIFS implementation. + MD5 tests + Copyright (C) Stefan Metzmacher + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h +#include lib/crypto/crypto.h + +struct torture_context; + +/* + This uses the test values from rfc1321 +*/ +BOOL torture_local_crypto_md5(struct torture_context *torture) +{ + BOOL ret = True; + uint32_t i; + struct { + DATA_BLOB data; + DATA_BLOB md5; + } testarray[] = { + { + .data = data_blob_string_const(), + .md5= strhex_to_data_blob(d41d8cd98f00b204e9800998ecf8427e) + },{ + .data = data_blob_string_const(a), + .md5= strhex_to_data_blob(0cc175b9c0f1b6a831c399e269772661) + },{ + .data = data_blob_string_const(abc), + .md5= strhex_to_data_blob(900150983cd24fb0d6963f7d28e17f72) + },{ + .data = data_blob_string_const(message digest), + .md5= strhex_to_data_blob(f96b697d7cb7938d525a2f31aaf161d0) + },{ + .data = data_blob_string_const(abcdefghijklmnopqrstuvwxyz), + .md5= strhex_to_data_blob(c3fcd3d76192e4007dfb496cca67e13b) + },{ + .data = data_blob_string_const(ABCDEFGHIJKLMNOPQRSTUVWXYZ +abcdefghijklmnopqrstuvwxyz +0123456789), + .md5= strhex_to_data_blob(d174ab98d277d9f5a5611c2c9f419d9f) + },{ + .data = data_blob_string_const(123456789012345678901234567890 + 123456789012345678901234567890 +12345678901234567890), + .md5= strhex_to_data_blob(57edf4a22be3c955ac49da2e2107b67a) + } + }; + + for (i=0; i ARRAY_SIZE(testarray); i++) { + struct MD5Context ctx; + uint8_t md5[16]; + int e; + + MD5Init(ctx); + MD5Update(ctx, testarray[i].data.data, testarray[i].data.length); + MD5Final(md5, ctx); + + e = memcmp(testarray[i].md5.data, + md5, + MIN(testarray[i].md5.length, sizeof(md5))); + if (e != 0) { + printf(hmacsha1 test[%u]: failed\n, i); + dump_data(0, testarray[i].data.data, testarray[i].data.length); + dump_data(0, testarray[i].md5.data, testarray[i].md5.length); + dump_data(0, md5, sizeof(md5)); + ret = False; + } + } + + return ret; +} Modified: branches/SAMBA_4_0/source/torture/local/config.mk === --- branches/SAMBA_4_0/source/torture/local/config.mk 2006-08-11 11:23:50 UTC (rev 17491) +++ branches/SAMBA_4_0/source/torture/local/config.mk 2006-08-11 11:26:58 UTC (rev 17492) @@ -8,6 +8,7 @@ OBJ_FILES = \ iconv.o \ ../../lib/talloc/testsuite.o \ + ../../lib/crypto/md5test.o \ ../../lib/crypto/sha1test.o \ ../../lib/crypto/hmacsha1test.o \ messaging.o \ Modified: branches/SAMBA_4_0/source/torture/local/local.c === --- branches/SAMBA_4_0/source/torture/local/local.c 2006-08-11 11:23:50 UTC (rev
svn commit: samba r17493 - in branches/SAMBA_4_0/source/lib/crypto: .
Author: metze Date: 2006-08-11 11:47:11 + (Fri, 11 Aug 2006) New Revision: 17493 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17493 Log: fix typo metze Modified: branches/SAMBA_4_0/source/lib/crypto/md5test.c Changeset: Modified: branches/SAMBA_4_0/source/lib/crypto/md5test.c === --- branches/SAMBA_4_0/source/lib/crypto/md5test.c 2006-08-11 11:26:58 UTC (rev 17492) +++ branches/SAMBA_4_0/source/lib/crypto/md5test.c 2006-08-11 11:47:11 UTC (rev 17493) @@ -75,7 +75,7 @@ md5, MIN(testarray[i].md5.length, sizeof(md5))); if (e != 0) { - printf(hmacsha1 test[%u]: failed\n, i); + printf(md5 test[%u]: failed\n, i); dump_data(0, testarray[i].data.data, testarray[i].data.length); dump_data(0, testarray[i].md5.data, testarray[i].md5.length); dump_data(0, md5, sizeof(md5));
svn commit: samba r17494 - in branches/SAMBA_4_0/source: lib/crypto torture/local
Author: metze Date: 2006-08-11 13:13:03 + (Fri, 11 Aug 2006) New Revision: 17494 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17494 Log: add tests for the example values from rfc 1320 (MD4) metze Added: branches/SAMBA_4_0/source/lib/crypto/md4test.c Modified: branches/SAMBA_4_0/source/torture/local/config.mk branches/SAMBA_4_0/source/torture/local/local.c Changeset: Added: branches/SAMBA_4_0/source/lib/crypto/md4test.c === --- branches/SAMBA_4_0/source/lib/crypto/md4test.c 2006-08-11 11:47:11 UTC (rev 17493) +++ branches/SAMBA_4_0/source/lib/crypto/md4test.c 2006-08-11 13:13:03 UTC (rev 17494) @@ -0,0 +1,84 @@ +/* + Unix SMB/CIFS implementation. + MD4 tests + Copyright (C) Stefan Metzmacher 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h +#include lib/crypto/crypto.h + +struct torture_context; + +/* + This uses the test values from rfc1320 +*/ +BOOL torture_local_crypto_md4(struct torture_context *torture) +{ + BOOL ret = True; + uint32_t i; + struct { + DATA_BLOB data; + DATA_BLOB md4; + } testarray[] = { + { + .data = data_blob_string_const(), + .md4= strhex_to_data_blob(31d6cfe0d16ae931b73c59d7e0c089c0) + },{ + .data = data_blob_string_const(a), + .md4= strhex_to_data_blob(bde52cb31de33e46245e05fbdbd6fb24) + },{ + .data = data_blob_string_const(abc), + .md4= strhex_to_data_blob(a448017aaf21d8525fc10ae87aa6729d) + },{ + .data = data_blob_string_const(message digest), + .md4= strhex_to_data_blob(d9130a8164549fe818874806e1c7014b) + },{ + .data = data_blob_string_const(abcdefghijklmnopqrstuvwxyz), + .md4= strhex_to_data_blob(d79e1c308aa5bbcdeea8ed63df412da9) + },{ + .data = data_blob_string_const(ABCDEFGHIJKLMNOPQRSTUVWXYZ +abcdefghijklmnopqrstuvwxyz +0123456789), + .md4= strhex_to_data_blob(043f8582f241db351ce627e153e7f0e4) + },{ + .data = data_blob_string_const(123456789012345678901234567890 + 123456789012345678901234567890 +12345678901234567890), + .md4= strhex_to_data_blob(e33b4ddc9c38f2199c3e7b164fcc0536) + } + }; + + for (i=0; i ARRAY_SIZE(testarray); i++) { + uint8_t md4[16]; + int e; + + mdfour(md4, testarray[i].data.data, testarray[i].data.length); + + e = memcmp(testarray[i].md4.data, + md4, + MIN(testarray[i].md4.length, sizeof(md4))); + if (e != 0) { + printf(md4 test[%u]: failed\n, i); + dump_data(0, testarray[i].data.data, testarray[i].data.length); + dump_data(0, testarray[i].md4.data, testarray[i].md4.length); + dump_data(0, md4, sizeof(md4)); + ret = False; + } + } + + return ret; +} Modified: branches/SAMBA_4_0/source/torture/local/config.mk === --- branches/SAMBA_4_0/source/torture/local/config.mk 2006-08-11 11:47:11 UTC (rev 17493) +++ branches/SAMBA_4_0/source/torture/local/config.mk 2006-08-11 13:13:03 UTC (rev 17494) @@ -8,6 +8,7 @@ OBJ_FILES = \ iconv.o \ ../../lib/talloc/testsuite.o \ + ../../lib/crypto/md4test.o \ ../../lib/crypto/md5test.o \ ../../lib/crypto/sha1test.o \ ../../lib/crypto/hmacsha1test.o \ Modified: branches/SAMBA_4_0/source/torture/local/local.c === --- branches/SAMBA_4_0/source/torture/local/local.c 2006-08-11 11:47:11 UTC (rev 17493) +++ branches/SAMBA_4_0/source/torture/local/local.c 2006-08-11 13:13:03 UTC (rev
svn commit: samba r17495 - in branches/SAMBA_4_0/source/script/tests: .
Author: metze Date: 2006-08-11 13:16:59 + (Fri, 11 Aug 2006) New Revision: 17495 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17495 Log: run LOCAL-CRYPTO-MD4 and LOCAL-CRYPTO-MD5 with make test metze Modified: branches/SAMBA_4_0/source/script/tests/test_local.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/test_local.sh === --- branches/SAMBA_4_0/source/script/tests/test_local.sh2006-08-11 13:13:03 UTC (rev 17494) +++ branches/SAMBA_4_0/source/script/tests/test_local.sh2006-08-11 13:16:59 UTC (rev 17495) @@ -3,7 +3,8 @@ local_tests=LOCAL-NTLMSSP LOCAL-TALLOC LOCAL-MESSAGING LOCAL-IRPC local_tests=$local_tests LOCAL-BINDING LOCAL-IDTREE LOCAL-SOCKET local_tests=$local_tests LOCAL-PAC LOCAL-STRLIST LOCAL-SDDL LOCAL-NDR -local_tests=$local_tests LOCAL-EVENT LOCAL-CRYPTO-SHA1 LOCAL-CRYPTO-HMACSHA1 +local_tests=$local_tests LOCAL-EVENT LOCAL-CRYPTO-MD4 LOCAL-CRYPTO-MD5 +local_tests=$local_tests LOCAL-CRYPTO-SHA1 LOCAL-CRYPTO-HMACSHA1 if [ $# -lt 0 ]; then cat EOF
svn commit: samba r17496 - in branches/SAMBA_3_0/source/utils: .
Author: jra Date: 2006-08-11 18:09:59 + (Fri, 11 Aug 2006) New Revision: 17496 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17496 Log: net groupmap add could add uninitialized sid_name_type entries to the group mapping db. Ensure this can't happen. Jeremy. Modified: branches/SAMBA_3_0/source/utils/net_groupmap.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_groupmap.c === --- branches/SAMBA_3_0/source/utils/net_groupmap.c 2006-08-11 13:16:59 UTC (rev 17495) +++ branches/SAMBA_3_0/source/utils/net_groupmap.c 2006-08-11 18:09:59 UTC (rev 17496) @@ -188,7 +188,14 @@ uint32 rid = 0; int i; GROUP_MAP map; - + const char *name_type; + + ZERO_STRUCT(map); + + /* Default is domain group. */ + map.sid_name_use = SID_NAME_DOM_GRP; + name_type = domain group; + /* get the options */ for ( i=0; iargc; i++ ) { if ( !StrnCaseCmp(argv[i], rid, strlen(rid)) ) { @@ -237,15 +244,21 @@ case 'b': case 'B': map.sid_name_use = SID_NAME_WKN_GRP; + name_type = wellknown group; break; case 'd': case 'D': map.sid_name_use = SID_NAME_DOM_GRP; + name_type = domain group; break; case 'l': case 'L': map.sid_name_use = SID_NAME_ALIAS; + name_type = alias (local) group; break; + default: + d_fprintf(stderr, unknown group type %s\n, type); + return -1; } } else { @@ -316,8 +329,8 @@ return -1; } - d_printf(Successfully added group %s to the mapping db\n, -map.nt_name); + d_printf(Successfully added group %s to the mapping db as a %s\n, +map.nt_name, name_type); return 0; } @@ -413,15 +426,19 @@ * Allow changing of group type only between domain and local * We disallow changing Builtin groups !!! (SID problem) */ - if (sid_type != SID_NAME_UNKNOWN) { - if (map.sid_name_use == SID_NAME_WKN_GRP) { - d_fprintf(stderr, You can only change between domain and local groups.\n); - return -1; - } - - map.sid_name_use=sid_type; + + if (sid_type == SID_NAME_UNKNOWN) { + d_fprintf(stderr, Can't map to an unknown group type.\n); + return -1; } + if (map.sid_name_use == SID_NAME_WKN_GRP) { + d_fprintf(stderr, You can only change between domain and local groups.\n); + return -1; + } + + map.sid_name_use=sid_type; + /* Change comment if new one */ if ( ntcomment[0] ) fstrcpy( map.comment, ntcomment );
svn commit: samba r17497 - in branches/SOC/sree/ui: .
Author: sree Date: 2006-08-11 18:51:31 + (Fri, 11 Aug 2006) New Revision: 17497 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17497 Log: First experiments with GridLayout Very rough code. Modified: branches/SOC/sree/ui/newuser.html Changeset: Modified: branches/SOC/sree/ui/newuser.html === --- branches/SOC/sree/ui/newuser.html 2006-08-11 18:09:59 UTC (rev 17496) +++ branches/SOC/sree/ui/newuser.html 2006-08-11 18:51:31 UTC (rev 17497) @@ -13,33 +13,53 @@ w1.setShowMaximize(false); w1.setShowMinimize(false); +g1 = new QxGridLayout; +g1.setLocation(20, 4); +g1.setDimension(auto, auto); +g1.setRowCount(6); +g1.setColumnCount(2); +g1.setVerticalSpacing(4); +g1.setHorizontalSpacing(6); +g1.setColumnHorizontalAlignment(0, left); +g1.setColumnVerticalAlignment(0, middle); -//TODO: Use a layout control - +g1.setColumnWidth(0, 110); +g1.setColumnWidth(1, 140); + +for(var i=0; i6;i++) +g1.setRowHeight(i, 20); + +w1.add(g1); + +l1 = new QxAtom(Username:); txtUsername = new QxTextField; -txtUsername.setLocation(20,0); - +l2 = new QxAtom(Unixname:); txtUnixname = new QxTextField; -txtUnixname.setLocation(20,20); - +l3 = new QxAtom(Full name:); txtFullname = new QxTextField; -txtFullname.setLocation(20,40); - +l4 = new QxAtom(Description:); txtDescription = new QxTextField; -txtDescription.setLocation(20,60); -w1.add(txtUsername, txtUnixname, txtFullname, txtDescription); +g1.add(l1, 0, 0); +g1.add(txtUsername, 1, 0); +g1.add(l2, 0, 1); +g1.add(txtUnixname, 1, 1); +g1.add(l3, 0, 2); +g1.add(txtFullname, 1, 2); +g1.add(l4, 0, 3); +g1.add(txtDescription, 1, 3); +l5 = new QxAtom(Password:); txtPassword = new QxPasswordField; -txtPassword.setLocation(20,80); - +l6 = new QxAtom(Confirm Password:); txtConfirmPassword = new QxPasswordField; -txtConfirmPassword.setLocation(20,100); - -w1.add(txtPassword, txtConfirmPassword); +g1.add(l5, 0, 4); +g1.add(txtPassword, 1, 4); +g1.add(l6, 0, 5); +g1.add(txtConfirmPassword, 1, 5); + //TODO: add checkboxes - d.add(w1); w1.open();
svn commit: samba r17498 - in branches/SAMBA_3_0_23/source/utils: .
Author: jra Date: 2006-08-11 18:59:44 + (Fri, 11 Aug 2006) New Revision: 17498 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17498 Log: Add similar clarifications to 3.0.23 code. Uninitialized variable not a problem though in this branch. Jeremy. Modified: branches/SAMBA_3_0_23/source/utils/net_groupmap.c Changeset: Modified: branches/SAMBA_3_0_23/source/utils/net_groupmap.c === --- branches/SAMBA_3_0_23/source/utils/net_groupmap.c 2006-08-11 18:51:31 UTC (rev 17497) +++ branches/SAMBA_3_0_23/source/utils/net_groupmap.c 2006-08-11 18:59:44 UTC (rev 17498) @@ -192,7 +192,8 @@ uint32 rid = 0; gid_t gid; int i; - + const char *name_type = domain group; + /* get the options */ for ( i=0; iargc; i++ ) { if ( !StrnCaseCmp(argv[i], rid, strlen(rid)) ) { @@ -236,15 +237,21 @@ case 'b': case 'B': sid_type = SID_NAME_WKN_GRP; + name_type = wellknown group; break; case 'd': case 'D': sid_type = SID_NAME_DOM_GRP; + name_type = domain group; break; case 'l': case 'L': sid_type = SID_NAME_ALIAS; + name_type = alias (local) group; break; + default: + d_fprintf(stderr, unknown group type %s\n, type); + return -1; } } else { @@ -317,7 +324,8 @@ return -1; } - d_printf(Successfully added group %s to the mapping db\n, ntgroup); + d_printf(Successfully added group %s to the mapping db as a %s\n, + ntgroup, name_type); return 0; } @@ -413,15 +421,18 @@ * Allow changing of group type only between domain and local * We disallow changing Builtin groups !!! (SID problem) */ - if (sid_type != SID_NAME_UNKNOWN) { - if (map.sid_name_use == SID_NAME_WKN_GRP) { - d_fprintf(stderr, You can only change between domain and local groups.\n); - return -1; - } - - map.sid_name_use=sid_type; + if (sid_type == SID_NAME_UNKNOWN) { + d_fprintf(stderr, Can't map to an unknown group type.\n); + return -1; } + if (map.sid_name_use == SID_NAME_WKN_GRP) { + d_fprintf(stderr, You can only change between domain and local groups.\n); + return -1; + } + + map.sid_name_use=sid_type; + /* Change comment if new one */ if ( ntcomment[0] ) fstrcpy( map.comment, ntcomment );
svn commit: linux-cifs-client r68 - in branches/linux-2.6-cifs-git-devel/fs/cifs: .
Author: sfrench Date: 2006-08-11 22:04:45 + (Fri, 11 Aug 2006) New Revision: 68 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=linux-cifs-clientrev=68 Log: Merge with cifs git tree (and minor tweak to jra's earlier patch to shrink it by not altering header_assemble) Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/cifsencrypt.c branches/linux-2.6-cifs-git-devel/fs/cifs/cifsproto.h branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c branches/linux-2.6-cifs-git-devel/fs/cifs/misc.c branches/linux-2.6-cifs-git-devel/fs/cifs/transport.c Changeset: Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/cifsencrypt.c === --- branches/linux-2.6-cifs-git-devel/fs/cifs/cifsencrypt.c 2006-07-29 00:17:01 UTC (rev 67) +++ branches/linux-2.6-cifs-git-devel/fs/cifs/cifsencrypt.c 2006-08-11 22:04:45 UTC (rev 68) @@ -277,7 +277,8 @@ return; memset(password_with_pad, 0, CIFS_ENCPWD_SIZE); - strncpy(password_with_pad, ses-password, CIFS_ENCPWD_SIZE); + if(ses-password) + strncpy(password_with_pad, ses-password, CIFS_ENCPWD_SIZE); if((ses-server-secMode SECMODE_PW_ENCRYPT) == 0) if(extended_security CIFSSEC_MAY_PLNTXT) { Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/cifsproto.h === --- branches/linux-2.6-cifs-git-devel/fs/cifs/cifsproto.h 2006-07-29 00:17:01 UTC (rev 67) +++ branches/linux-2.6-cifs-git-devel/fs/cifs/cifsproto.h 2006-08-11 22:04:45 UTC (rev 68) @@ -66,9 +66,8 @@ extern int cifs_inet_pton(int, char * source, void *dst); extern int map_smb_to_linux_error(struct smb_hdr *smb); extern void header_assemble(struct smb_hdr *, char /* command */ , - const struct cifsTconInfo *, - __u16 mid, - int /* length of fixed section (word count) in two byte units */); + const struct cifsTconInfo *, int /* length of + fixed section (word count) in two byte units */); extern int small_smb_init_no_tc(const int smb_cmd, const int wct, struct cifsSesInfo *ses, void ** request_buf); Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c === --- branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c 2006-07-29 00:17:01 UTC (rev 67) +++ branches/linux-2.6-cifs-git-devel/fs/cifs/cifssmb.c 2006-08-11 22:04:45 UTC (rev 68) @@ -201,8 +201,7 @@ return -ENOMEM; } - header_assemble((struct smb_hdr *) *request_buf, smb_command, tcon, - tcon ? GetNextMid(tcon-ses-server) : 0, wct); + header_assemble((struct smb_hdr *) *request_buf, smb_command, tcon,wct); if(tcon != NULL) cifs_stats_inc(tcon-num_smbs_sent); @@ -346,7 +345,7 @@ *response_buf = *request_buf; header_assemble((struct smb_hdr *) *request_buf, smb_command, tcon, - tcon ? GetNextMid(tcon-ses-server) : 0, wct /*wct */ ); + wct /*wct */ ); if(tcon != NULL) cifs_stats_inc(tcon-num_smbs_sent); Modified: branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c === --- branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c 2006-07-29 00:17:01 UTC (rev 67) +++ branches/linux-2.6-cifs-git-devel/fs/cifs/connect.c 2006-08-11 22:04:45 UTC (rev 68) @@ -182,6 +182,7 @@ while ((server-tcpStatus != CifsExiting) (server-tcpStatus != CifsGood)) { + try_to_freeze(); if(server-protocolType == IPV6) { rc = ipv6_connect(server-addr.sockAddr6,server-ssocket); } else { @@ -2042,8 +2043,9 @@ /* send SMBsessionSetup here */ header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX, - NULL /* no tCon exists yet */ , GetNextMid(ses-server), 13 /* wct */ ); + NULL /* no tCon exists yet */ , 13 /* wct */ ); + smb_buffer-Mid = GetNextMid(ses-server); pSMB-req_no_secext.AndXCommand = 0xFF; pSMB-req_no_secext.MaxBufferSize = cpu_to_le16(ses-server-maxBuf); pSMB-req_no_secext.MaxMpxCount = cpu_to_le16(ses-server-maxReq); @@ -2334,8 +2336,9 @@ /* send SMBsessionSetup here */ header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX, - NULL /* no tCon exists yet */ , GetNextMid(ses-server), 12 /* wct */ ); + NULL /* no tCon exists yet */ , 12 /* wct */ ); + smb_buffer-Mid = GetNextMid(ses-server); pSMB-req.hdr.Flags2 |=
svn commit: samba r17499 - in branches/SAMBA_4_0/source: scripting/libjs setup
Author: abartlet Date: 2006-08-11 22:11:29 + (Fri, 11 Aug 2006) New Revision: 17499 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17499 Log: Open the main database only the minimum times during a provision. This causes things to operate as just one transaction (locally), and to make a minimum of TCP connections when connecting to a remote LDAP server. Taking advantage of this, create another file to handle loading the Samba4 specific schema extensions. Also comment out 'middleName' and reassign the OID to one in the Samba4 range, as it is 'stolen' from a netscape range that is used in OpenLDAP and interenet standards for 'ref'. Andrew Bartlett Added: branches/SAMBA_4_0/source/setup/schema_samba4.ldif Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js branches/SAMBA_4_0/source/setup/schema.ldif Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-08-11 18:59:44 UTC (rev 17498) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-08-11 22:11:29 UTC (rev 17499) @@ -189,24 +189,12 @@ /* erase an ldb, removing all records */ -function ldb_erase_partitions(info, dbname) +function ldb_erase_partitions(info, ldb) { var rootDSE_attrs = new Array(namingContexts); - var ldb = ldb_init(); var lp = loadparm_init(); var j; - ldb.session_info = info.session_info; - ldb.credentials = info.credentials; - - - ldb.filename = dbname; - - var connect_ok = ldb.connect(dbname); - assert(connect_ok); - - ldb.transaction_start(); - var res = ldb.search((objectClass=*), , ldb.SCOPE_BASE, rootDSE_attrs); assert(typeof(res) != undefined); assert(res.length == 1); @@ -237,45 +225,13 @@ } } } - - var commit_ok = ldb.transaction_commit(); - if (!commit_ok) { - info.message(ldb commit failed: + ldb.errstring() + \n); - assert(add_ok); - } } -/* - setup a ldb in the private dir - */ -function setup_ldb(ldif, info, dbname) +function open_ldb(info, dbname, erase) { - var erase = true; - var extra = ; - var failok = false; var ldb = ldb_init(); - var lp = loadparm_init(); ldb.session_info = info.session_info; ldb.credentials = info.credentials; - - if (arguments.length = 4) { - extra = arguments[3]; - } - - if (arguments.length = 5) { - erase = arguments[4]; -} - - if (arguments.length == 6) { - failok = arguments[5]; -} - - var src = lp.get(setup directory) + / + ldif; - - var data = sys.file_load(src); - data = data + extra; - data = substitute_var(data, info.subobj); - ldb.filename = dbname; var connect_ok = ldb.connect(dbname); @@ -290,7 +246,21 @@ if (erase) { ldb_erase(ldb); } + return ldb; +} + +/* + setup a ldb in the private dir + */ +function setup_add_ldif(ldif, info, ldb, failok) +{ + var lp = loadparm_init(); + var src = lp.get(setup directory) + / + ldif; + + var data = sys.file_load(src); + data = substitute_var(data, info.subobj); + var add_ok = ldb.add(data); if (!add_ok) { info.message(ldb load failed: + ldb.errstring() + \n); @@ -298,7 +268,22 @@ assert(add_ok); } } - if (add_ok) { + return add_ok; +} + +function setup_ldb(ldif, info, dbname) +{ + var erase = true; + var failok = false; + + if (arguments.length = 4) { + erase = arguments[3]; +} + if (arguments.length == 5) { + failok = arguments[4]; +} + var ldb = open_ldb(info, dbname, erase); + if (setup_add_ldif(ldif, info, ldb, erase, failok)) { var commit_ok = ldb.transaction_commit(); if (!commit_ok) { info.message(ldb commit failed: + ldb.errstring() + \n); @@ -310,35 +295,20 @@ /* setup a ldb in the private dir */ -function setup_ldb_modify(ldif, info, dbname) +function setup_ldb_modify(ldif, info, ldb) { - var ldb = ldb_init(); var lp = loadparm_init(); - ldb.session_info = info.session_info; - ldb.credentials = info.credentials; var src = lp.get(setup directory) + / + ldif; var data = sys.file_load(src); data = substitute_var(data, info.subobj); - ldb.filename = dbname; - - var connect_ok = ldb.connect(dbname); - assert(connect_ok); - - ldb.transaction_start(); - var mod_ok = ldb.modify(data); if (!mod_ok) { info.message(ldb load failed: +
svn commit: samba r17500 - in branches/SOC/mkhl/ldb-map/modules: .
Author: mkhl Date: 2006-08-11 22:36:53 + (Fri, 11 Aug 2006) New Revision: 17500 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17500 Log: Add function to check whether we are supposed to use a local partition at all. Skip requests targeted at the local db if we aren't supposed to use it. Martin Modified: branches/SOC/mkhl/ldb-map/modules/ldb_map.c Changeset: Modified: branches/SOC/mkhl/ldb-map/modules/ldb_map.c === --- branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-08-11 22:11:29 UTC (rev 17499) +++ branches/SOC/mkhl/ldb-map/modules/ldb_map.c 2006-08-11 22:36:53 UTC (rev 17500) @@ -228,6 +228,20 @@ /* Dealing with DNs for different partitions * = */ +/* Check whether any data should be stored in the local partition. */ +static +BOOL +map_check_local_db(struct ldb_module *module) +{ + const struct ldb_map_context *data = map_get_context(module); + + if (!data-remote_base_dn || !data-local_base_dn) { + return False; + } + + return True; +} + /* WARK: verbatim copy from ldb_dn.c */ static struct ldb_dn_component @@ -2334,6 +2348,11 @@ return LDB_ERR_OPERATIONS_ERROR; } + /* There is no local db, stop searching */ + if (!map_check_local_db(ac-module)) { + return map_up_callback(ldb, ac-orig_req, ares); + } + /* Prepare local search context */ sc = map_init_search_context(ac, ares); if (sc == NULL) { @@ -2598,8 +2617,8 @@ ac-local_req-op.add.message = local; ac-remote_req-op.add.message = remote; - if (local-num_elements == 0) { - /* No local data, just run the remote request */ + if ((local-num_elements == 0) || (!map_check_local_db(ac-module))) { + /* No local data or db, just run the remote request */ talloc_free(ac-local_req); req-handle = h;/* return our own handle to deal with this call */ return map_add_do_remote(h); @@ -2761,8 +2780,8 @@ ac-local_req-op.mod.message = local; ac-remote_req-op.mod.message = remote; - if (local-num_elements == 0) { - /* No local data, just run the remote request */ + if ((local-num_elements == 0) || (!map_check_local_db(ac-module))) { + /* No local data or db, just run the remote request */ talloc_free(ac-local_req); req-handle = h;/* return our own handle to deal with this call */ return map_modify_do_remote(h); @@ -2877,16 +2896,11 @@ *(ac-remote_req) = *req; /* copy the request */ ac-remote_req-op.del.dn = ldb_dn_map_local(module, ac-remote_req, req-op.del.dn); - /* The DN didn't change, so just pretend we were never here */ - /* TODO:: It's actually quite common for DNs not to change -*until the remote one is rebased, so we need a -*different way to test here. - if (ldb_dn_compare(module-ldb, ac-remote_req-op.del.dn, - req-op.del.dn) == 0) { - talloc_free(h); - return ldb_next_request(module, req); + /* No local db, just run the remote request */ + if (!map_check_local_db(ac-module)) { + req-handle = h;/* return our own handle to deal with this call */ + return map_delete_do_remote(h); } - */ ac-remote_req-context = NULL; ac-remote_req-callback = NULL; @@ -3032,6 +3046,12 @@ ac-remote_req-context = NULL; ac-remote_req-callback = NULL; + /* No local db, just run the remote request */ + if (!map_check_local_db(ac-module)) { + req-handle = h;/* return our own handle to deal with this call */ + return map_rename_do_remote(h); + } + /* Prepare the fixup operation */ /* TODO: use GUIDs here instead -- or skip it when GUIDs are used. */ ac-down_req = map_build_fixup_req(ac, req-op.rename.newdn, ac-remote_req-op.rename.newdn);
svn commit: samba r17501 - in branches/SOC/mkhl/samdb-map/ldb_modules: .
Author: abartlet Date: 2006-08-11 22:53:21 + (Fri, 11 Aug 2006) New Revision: 17501 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=17501 Log: Samba accepts both string and binary forms of objectSid attributes in some places. This causes problems when we talk to an OpenLDAP server that assumes this is a binary quanity, particularly on searches. This patch adds this canonicolisation to the translations we do. Andrew Bartlett Modified: branches/SOC/mkhl/samdb-map/ldb_modules/entryUUID.c Changeset: Modified: branches/SOC/mkhl/samdb-map/ldb_modules/entryUUID.c === --- branches/SOC/mkhl/samdb-map/ldb_modules/entryUUID.c 2006-08-11 22:36:53 UTC (rev 17500) +++ branches/SOC/mkhl/samdb-map/ldb_modules/entryUUID.c 2006-08-11 22:53:21 UTC (rev 17501) @@ -75,6 +75,28 @@ return out; } +/* The backend holds binary sids, so just copy them back */ +static struct ldb_val sid_copy(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + ldb_handler_copy(module-ldb, ctx, val, out); + + return out; +} + +/* Ensure we always convert sids into binary, so the backend doesn't have to know about both forms */ +static struct ldb_val sid_always_binary(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) +{ + struct ldb_val out = data_blob(NULL, 0); + const struct ldb_attrib_handler *handler = ldb_attrib_handler(module-ldb, objectSid); + + if (handler-canonicalise_fn(module-ldb, ctx, val, out) != LDB_SUCCESS) { + return data_blob(NULL, 0); + } + + return out; +} + const struct ldb_map_attribute entryUUID_attributes[] = { /* objectGUID */ @@ -89,7 +111,19 @@ }, }, }, + /* objectSid */ { + .local_name = objectSid, + .type = MAP_CONVERT, + .u = { + .convert = { + .remote_name = objectSid, + .convert_local = sid_always_binary, + .convert_remote = sid_copy, + }, + }, + }, + { .local_name = whenCreated, .type = MAP_RENAME, .u = {
Build status as of Sat Aug 12 00:00:01 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-08-11 00:00:21.0 + +++ /home/build/master/cache/broken_results.txt 2006-08-12 00:00:03.0 + @@ -1,18 +1,18 @@ -Build status as of Fri Aug 11 00:00:02 2006 +Build status as of Sat Aug 12 00:00:01 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 -ccache 23 4 0 -distcc 25 2 0 +ccache 22 4 0 +distcc 24 2 0 lorikeet-heimdal 0 0 0 -ppp 13 0 0 +ppp 12 0 0 rsync24 0 0 samba0 0 0 samba-docs 0 0 0 -samba4 35 23 2 -samba_3_032 9 0 +samba4 35 18 2 +samba_3_032 6 0 smb-build20 20 0 -talloc 17 6 0 -tdb 17 6 0 +talloc 16 5 0 +tdb 16 8 0