[Samba] Local groups invisible (ldapsam 3.0.23b, 3.0.23c)
Hello all, I'm running samba3 as domain controller. I have upgraded samba from 3.0.22 to 3.0.23b and faced an issue with groups display: samba does not see any groups. net rpc group -U Administrator returns empty set. usrmgr.exe does not show any groups also. Groups are present in ldap, nss_ldap works fine: # id asv uid=2005(asv) gid=513(Domain Users) groups=513(Domain Users), 2001(CORE) This issue has been described before (in 3.0.23a), but proposed patch http://us3.samba.org/samba/patches/patch-3.0.23a-samr_alias.patch is already included in 3.0.23b and 3.0.23c, but it does not help in my installation. Upgrade to 3.0.23c does not help also. Platform: FreeBSD6.1-RELEASE (i386), samba installed from ports. -- mccloud@ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] On access scanning with samba-vscan
Hi, I am trying to configure Samba as blocking virus transfer so that shares can be safe. I am using redhat el3 and fc4. I want to install samba-vscan, clamd. I have tried to install it from tar packages but i couldn't succeed it. I have read some HOWTO's but I still face the same problems. Are there any documents that explain exactly how its going to be? Thanks Okan Bostan This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] On access scanning with samba-vscan
Okan, I am trying to configure Samba as blocking virus transfer so that shares can be safe. I am using redhat el3 and fc4. I want to install samba-vscan, clamd. I have tried to install it from tar packages but i couldn't succeed it. My colleage has been using the rpm's from samba.org on fc4 without a glitch. I've been using clamav as my samba scanner on SuSE for quite some time now, with nice results. It does have it's impact though... On your share go: [share] vfs objects = vscan-clamav vscan-clamav: config-file = /etc/samba/vscan-clamav.conf Now vscan-clamav.conf: # # /etc/samba/vscan-clamav.conf # [samba-vscan] ; run-time configuration for vscan-samba using ; clamd ; all options are set to default values ; do not scan files larger than X bytes. If set to 0 (default), ; this feature is disable (i.e. all files are scanned) max file size = 10485760 ; log all file access (yes/no). If set to yes, every access will ; be logged. If set to no (default), only access to infected files ; will be logged verbose file logging = no ; if set to yes (default), a file will be scanned while opening scan on open = yes ; if set to yes, a file will be scanned while closing (default is yes) scan on close = yes ; if communication to clamd fails, should access to file denied? ; (default: yes) deny access on error = no ; if daemon failes with a minor error (corruption, etc.), ; should access to file denied? ; (default: yes) deny access on minor error = no ; send a warning message via Windows Messenger service ; when virus is found? ; (default: yes) send warning message = yes ; what to do with an infected file ; quarantine: try to move to quantine directory ; delete: delete infected file ; nothing:do nothing (default) infected file action = quarantine ; where to put infected files - you really want to change this! quarantine directory = /opt/clamav/quarantine ; prefix for files in quarantine quarantine prefix = vir- ; as Windows tries to open a file multiple time in a (very) short time ; of period, samba-vscan use a last recently used file mechanism to avoid ; multiple scans of a file. This setting specified the maximum number of ; elements of the last recently used file list. (default: 100) max lru files entries = 100 ; an entry is invalidad after lru file entry lifetime (in seconds). ; (Default: 5) lru file entry lifetime = 5 ; exclude files from being scanned based on the MIME-type! Semi-colon ; seperated list (default: empty list). Use this with care! exclude file types = ; socket name of clamd (default: /var/run/clamd). Setting will be ignored if ; libclamav is used clamd socket name = /tmp/clamd ; limits, if vscan-clamav was build for using the clamav library (libclamav) ; instead of clamd ; maximum number of files in archive (default: 1000) libclamav max files in archive = 1000 ; maximum archived file size, in bytes (default: 10 MB) libclamav max archived file size = 5242880 ; maximum recursion level (default: 5) libclamav max recursion level = 5 --- This should do the trick quite nicely I think... Obviously you need a running clam daemon for this to work. Note that this is a working example for me using ClamAV. You *should* have some examples on your system (/usr/share/doc/somewhere) that target other scanners too... You should be able to use any of them. I'm currently working on making Norman AV working with Samba :) Hope this helps, -- Rory Vieira rory dot vieira at gmail dot com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] arrange users write permission on mounted share
Setup: Genoo linux samba-3.0.23a How can I arrange for normal user to have write permission on cifs mounted share, when the share is winxp. I've just been resorting to using root account for that, but it is getting where I often need to write as user for one reason or another. smbmount and mount.cifs both say to use uid=USERNAME to say who owns files on the mounted device but that still doesn't allow a user to write there. My current mount command from fstab looks like this (wrapped for mail): //chub/chub-e/mnt/chub-e \ cifs noauto,username=reader,uid=reader,credentials=/etc/samba/CifsCredentials -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Strange Usermapping problem with 3.0.23b
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthias Schündehütte wrote: On 2006-08-29 18:21:18 +0200, Gerald (Jerry) Carter [EMAIL PROTECTED] said: Matthias Schuendehuette wrote: DOMAIN\WinUser is mapped to UnixUser DOMAIN\UnixUser is mapped to DefaultUser (I have a line DefaultUser = * in my 'smbusers.map'-file) I just fixed this for 3.0.23c. Sorry Jerry, but this does *not* work for me: Too late now. Would have been good to know on Thursday. Oh well Could you retest 3.0.23c please? Just to make sure there was no confusion with the patches. All my tests passed. If you can reproduce the issue with 3.0.23c, just let me know and I'll look back into it. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE+aXCIR7qMdg1EfYRAiQ0AJ4/+2p1HcdNaaeIlpSWAw8Cxro46QCglL2T 3hceleTjZ7W37bpu/mAk3To= =3WcP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profiles errors and shares not disconnecting
Hi, We are using Samba 3.0.22 on FreeBSD 5.5 PDC with ldap backend and roaming profiles. We meet some difficulties when users logout from some Windows 2000 SP4 clients, and storing their profiles back to the Samba server. The file NTUSER.DAT seems to be uploaded and stored in lowercase, as ntuser.dat. Then, when users try to reopen a win session, they get a corrupted new profile. This new profile is fully broken, since it's not possible to modify any options that affect NTUSER.DAT. When they disconnect, smbstatus shows the user as connected on the machine for a long time ( from 15 minutes to hours ) after he has logged out. The shares that has been mounted on the client do not seem to be disconnected. Here is the output of smbstatus for user test 15 minutes afters he has logged out : Samba version 3.0.22 PID Username Group Machine --- 30017 testwusers pc0507 (10.12.220.73) Service pid machine Connected at --- public 30017 pc0507 Fri Sep 1 10:14:37 2006 public 30017 pc0507 Fri Sep 1 10:14:36 2006 netlogon 30017 pc0507 Fri Sep 1 10:14:35 2006 test 30017 pc0507 Fri Sep 1 10:14:36 2006 profiles 30017 pc0507 Fri Sep 1 10:14:34 2006 IPC$ 30017 pc0507 Fri Sep 1 10:14:38 2006 test 30017 pc0507 Fri Sep 1 10:14:37 2006 No locked files Here is some relevant part of smb.conf : [global] workgroup = DOMAIN1 netbios name = PDC server string = Samba %v PDC interfaces = lo0, fxp0 security = user encrypt passwords = yes enable privileges = yes username map = /usr/local/etc/smbusers.map log level = 1 log file = /var/log/samba/smb.log max log size = 16384 debug uid = Yes announce version = 5.3 time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=32768 SO_SNDBUF=32768 load printers = No logon path = \\%L\profiles\%U logon drive = u: logon home = \\%L\%U domain logons = yes os level = 255 preferred master = yes domain master = yes passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap admin dn = cn=samba,ou=Applications,dc=domain1 ldap suffix = dc=domain1 ldap machine suffix = ou=computers ldap user suffix = ou=users ldap group suffix = ou=groups ldap passwd sync = no ldap replication sleep = 3 ldap ssl = no utmp = yes wins support = yes dns proxy = yes hosts allow = 127.0.0.1/24, 10.12. dos charset = 850 unix charset = ISO8859-15 [homes] read only = No create mask= 0600 directory mask = 0700 browseable = No force user = %U valid users= %S max connections= 8 [netlogon] path = /export/samba/netlogon browseable = no writable = no [profiles] path = /export/samba/profiles read only = No create mask= 0600 directory mask = 0700 browseable = No profile acls = yes csc policy = disable force user = %U [public] path = /export/public browseable = yes read only = no create mask= 0640 directory mask = 0770 force group= wusers valid users= @wadms,@wusers --- EOF Is there a way to force these shares to close really when users logout ? Thank for your help. -- Philippe -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Domain SID does not match built in domain groups SIDs...
Jason Shaw [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Would remapping them correct the SIDs? Can I just use a LDAP editor and manually change the SID to what it should be without screwing up other things? To my understanding, all the important Samba data is stored in LDAP. So I shouldn't have to worry about the contents of smbpasswd, secrets.tdb, or anything of that nature, right? Given I can just edit the SIDs, I do know that I may have to restart the SMB daemon, rejoin some users to groups, correct the local administrators group on workstations, etc. I understand the clean up, I don't want to ruin anything else that's not a simple text edit or command call. There is a utility that allows you to change the domain's SID. Search the archives and the documentation for net setlocalsid I do not want to change the domain or the server SID. Doing so would invalid the users I have already entered. I just want to fix a couple of groups that have bad SIDs. It sounds as if you are saying that the users have the same SID as the domain. However some groups have incorrect SID's. If you are keeping the POSIX and Windows user information in LDAP, you can do the following: Make a backup of the folder containing the ldap data. Use ldapsearch to export the contents of the ldap directory to a file. This provides a second backup Use ldapsearch to dump the group information to a file. Modify the SID information in the second (group) file and use ldapmodify to bring the correct information back into the ldap directory. This is based on the assumption that the domain's SID is correct and the users' SID's are correct. Only the groups' SID's are incorrect. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r18004 - in branches/SAMBA_3_0/source/libads: .
Author: jra Date: 2006-09-02 06:28:48 + (Sat, 02 Sep 2006) New Revision: 18004 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18004 Log: If you're writing out a krb5.conf, at least get the syntax right... :-). Jeremy. Modified: branches/SAMBA_3_0/source/libads/kerberos.c Changeset: Modified: branches/SAMBA_3_0/source/libads/kerberos.c === --- branches/SAMBA_3_0/source/libads/kerberos.c 2006-09-02 05:55:47 UTC (rev 18003) +++ branches/SAMBA_3_0/source/libads/kerberos.c 2006-09-02 06:28:48 UTC (rev 18004) @@ -505,9 +505,9 @@ realm_upper = talloc_strdup(fname, realm); strupper_m(realm_upper); - file_contents = talloc_asprintf(fname, [libdefaults]\n\tdefault_realm = %s\n + file_contents = talloc_asprintf(fname, [libdefaults]\n\tdefault_realm = %s\n\n [realms]\n\t%s = {\n - \t\tkdc = %s\n]\n, + \t\tkdc = %s\n\t}\n, realm_upper, realm_upper, inet_ntoa(ip)); if (!file_contents) {
Re: svn commit: samba r17990 - in branches/SAMBA_4_0/source/librpc/rpc:.
On Fri, Sep 01, 2006 at 01:06:40PM +0200, Stefan (metze) Metzmacher wrote: Hi Tridge, /* + handle timeouts of a dcerpc connect +*/ +static void dcerpc_connect_timeout_handler(struct event_context *ev, struct timed_event *te, + struct timeval t, void *private) +{ + struct composite_context *c = talloc_get_type(private, struct composite_context); + DEBUG(0,(DCERPC CONNECT TIMEOUT\n)); + composite_error(c, NT_STATUS_IO_TIMEOUT); + composite_done(c); +} this is wrong, composite_error() already calls the callback and frees 'c' and composite_done() would use freed memory Though I sometimes think it would be more convenient to be able to first set the status code with composite_error() and then do something more, before calling the callback and freeing the composite context. cheers, -- Rafal Szczesniak Samba Team member http://www.samba.org signature.asc Description: Digital signature
svn commit: samba r18005 - in branches: SAMBA_3_0/source/libsmb SAMBA_3_0_23/source/libsmb
Author: vlendec Date: 2006-09-02 19:18:49 + (Sat, 02 Sep 2006) New Revision: 18005 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18005 Log: The ntlmssp fix is not correct yet, working on it Modified: branches/SAMBA_3_0/source/libsmb/ntlmssp.c branches/SAMBA_3_0_23/source/libsmb/ntlmssp.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/ntlmssp.c === --- branches/SAMBA_3_0/source/libsmb/ntlmssp.c 2006-09-02 06:28:48 UTC (rev 18004) +++ branches/SAMBA_3_0/source/libsmb/ntlmssp.c 2006-09-02 19:18:49 UTC (rev 18005) @@ -816,14 +816,13 @@ SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state-lm_resp.data, session_key.data); DEBUG(10,(ntlmssp_server_auth: Created NTLM session key.\n)); + dump_data_pw(LM session key:\n, session_key.data, session_key.length); } else { - static const uint8 zeros[24] = { 0, }; - SMBsesskeygen_lm_sess_key( - lm_session_key.data, zeros, - session_key.data); + /* use the key unmodified - it's +* probably a NULL key from the guest +* login */ + session_key = lm_session_key; } - dump_data_pw(LM session key:\n, session_key.data, -session_key.length); } else { DEBUG(10,(ntlmssp_server_auth: Failed to create NTLM session key.\n)); session_key = data_blob(NULL, 0); Modified: branches/SAMBA_3_0_23/source/libsmb/ntlmssp.c === --- branches/SAMBA_3_0_23/source/libsmb/ntlmssp.c 2006-09-02 06:28:48 UTC (rev 18004) +++ branches/SAMBA_3_0_23/source/libsmb/ntlmssp.c 2006-09-02 19:18:49 UTC (rev 18005) @@ -749,14 +749,13 @@ SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state-lm_resp.data, session_key.data); DEBUG(10,(ntlmssp_server_auth: Created NTLM session key.\n)); + dump_data_pw(LM session key:\n, session_key.data, session_key.length); } else { - static const uint8 zeros[24] = { 0, }; - SMBsesskeygen_lm_sess_key( - lm_session_key.data, zeros, - session_key.data); + /* use the key unmodified - it's +* probably a NULL key from the guest +* login */ + session_key = lm_session_key; } - dump_data_pw(LM session key:\n, session_key.data, -session_key.length); } else { DEBUG(10,(ntlmssp_server_auth: Failed to create NTLM session key.\n)); session_key = data_blob(NULL, 0);
svn commit: samba r18006 - in branches/SAMBA_3_0/source: include libads libsmb
Author: jra Date: 2006-09-02 19:27:44 + (Sat, 02 Sep 2006) New Revision: 18006 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18006 Log: Actually a smaller change than it looks. Leverage the get_dc_list code to get the _kerberos. names for site support. This way we don't depend on one KDC to do ticket refresh. Even though we know it's up when we add it, it may go down when we're trying to refresh. Jeremy. Modified: branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/libads/dns.c branches/SAMBA_3_0/source/libads/kerberos.c branches/SAMBA_3_0/source/libsmb/namecache.c branches/SAMBA_3_0/source/libsmb/namequery.c Changeset: Modified: branches/SAMBA_3_0/source/include/smb.h === --- branches/SAMBA_3_0/source/include/smb.h 2006-09-02 19:18:49 UTC (rev 18005) +++ branches/SAMBA_3_0/source/include/smb.h 2006-09-02 19:27:44 UTC (rev 18006) @@ -1789,6 +1789,9 @@ unsigned port; }; +/* Special name type used to cause a _kerberos DNS lookup. */ +#define KDC_NAME_TYPE 0xDCDC + /* Used by the SMB signing functions. */ typedef struct smb_sign_info { Modified: branches/SAMBA_3_0/source/libads/dns.c === --- branches/SAMBA_3_0/source/libads/dns.c 2006-09-02 19:18:49 UTC (rev 18005) +++ branches/SAMBA_3_0/source/libads/dns.c 2006-09-02 19:27:44 UTC (rev 18006) @@ -649,18 +649,20 @@ Query with optional sitename. / -NTSTATUS ads_dns_query_dcs_internal(TALLOC_CTX *ctx, - const char *domain, +NTSTATUS ads_dns_query_internal(TALLOC_CTX *ctx, + const char *servicename, + const char *realm, const char *sitename, struct dns_rr_srv **dclist, int *numdcs ) { char *name; if (sitename) { - name = talloc_asprintf(ctx, _ldap._tcp.%s._sites.dc._msdcs.%s, - sitename, domain ); + name = talloc_asprintf(ctx, %s._tcp.%s._sites.dc._msdcs.%s, + servicename, sitename, realm ); } else { - name = talloc_asprintf(ctx, _ldap._tcp.dc._msdcs.%s, domain ); + name = talloc_asprintf(ctx, %s._tcp.dc._msdcs.%s, + servicename, realm ); } if (!name) { return NT_STATUS_NO_MEMORY; @@ -673,18 +675,45 @@ / NTSTATUS ads_dns_query_dcs(TALLOC_CTX *ctx, - const char *domain, + const char *realm, struct dns_rr_srv **dclist, int *numdcs ) { NTSTATUS status; char *sitename = sitename_fetch(); - status = ads_dns_query_dcs_internal(ctx, domain, sitename, dclist, numdcs); + status = ads_dns_query_internal(ctx, _ldap, realm, sitename, + dclist, numdcs); if (sitename !NT_STATUS_IS_OK(status)) { /* Sitename DNS query may have failed. Try without. */ - status = ads_dns_query_dcs_internal(ctx, domain, NULL, dclist, numdcs); + status = ads_dns_query_internal(ctx, _ldap, realm, NULL, + dclist, numdcs); } SAFE_FREE(sitename); return status; } + +/ + Query for AD KDC's. Transparently use sitename. + Even if our underlying kerberos libraries are UDP only, this + is pretty safe as it's unlikely that a KDC supports TCP and not UDP. +/ + +NTSTATUS ads_dns_query_kdcs(TALLOC_CTX *ctx, + const char *realm, + struct dns_rr_srv **dclist, + int *numdcs ) +{ + NTSTATUS status; + char *sitename = sitename_fetch(); + + status = ads_dns_query_internal(ctx, _kerberos, realm, sitename, + dclist, numdcs); + if (sitename !NT_STATUS_IS_OK(status)) { + /* Sitename DNS query may have failed. Try without. */ + status = ads_dns_query_internal(ctx, _kerberos, realm, NULL, + dclist, numdcs); + } + SAFE_FREE(sitename); + return status; +} Modified: branches/SAMBA_3_0/source/libads/kerberos.c === --- branches/SAMBA_3_0/source/libads/kerberos.c 2006-09-02 19:18:49 UTC (rev 18005) +++ branches/SAMBA_3_0/source/libads/kerberos.c 2006-09-02 19:27:44 UTC (rev
svn commit: samba r18007 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2006-09-02 20:17:05 + (Sat, 02 Sep 2006) New Revision: 18007 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18007 Log: Ensure we don't namecache KDC entries with port 88 as a generic DC (that should be the LDAP port). Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/namequery.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/namequery.c === --- branches/SAMBA_3_0/source/libsmb/namequery.c2006-09-02 19:27:44 UTC (rev 18006) +++ branches/SAMBA_3_0/source/libsmb/namequery.c2006-09-02 20:17:05 UTC (rev 18007) @@ -1197,6 +1197,8 @@ SRV record lookup */ if (resolve_ads(name, KDC_NAME_TYPE, return_iplist, return_count)) { result = True; + /* Ensure we don't namecache this with the KDC port. */ + name_type = KDC_NAME_TYPE; goto done; } } else if(strequal( tok, ads)) {
svn commit: samba r18008 - in branches: SAMBA_3_0/source/libsmb SAMBA_3_0_23/source/libsmb
Author: vlendec Date: 2006-09-02 21:41:28 + (Sat, 02 Sep 2006) New Revision: 18008 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18008 Log: Ok, same fix as before. But this time also allocate the session key. This had worked in one test, no idea what memory I've overwritten that time. This time it survives the unpatched w2k password change. Volker Modified: branches/SAMBA_3_0/source/libsmb/ntlmssp.c branches/SAMBA_3_0_23/source/libsmb/ntlmssp.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/ntlmssp.c === --- branches/SAMBA_3_0/source/libsmb/ntlmssp.c 2006-09-02 20:17:05 UTC (rev 18007) +++ branches/SAMBA_3_0/source/libsmb/ntlmssp.c 2006-09-02 21:41:28 UTC (rev 18008) @@ -813,16 +813,25 @@ if (lm_session_key.data lm_session_key.length = 8) { if (ntlmssp_state-lm_resp.data ntlmssp_state-lm_resp.length == 24) { session_key = data_blob_talloc(ntlmssp_state-mem_ctx, NULL, 16); + if (session_key.data == NULL) { + return NT_STATUS_NO_MEMORY; + } SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state-lm_resp.data, session_key.data); DEBUG(10,(ntlmssp_server_auth: Created NTLM session key.\n)); - dump_data_pw(LM session key:\n, session_key.data, session_key.length); } else { - /* use the key unmodified - it's -* probably a NULL key from the guest -* login */ - session_key = lm_session_key; + static const uint8 zeros[24] = { 0, }; + session_key = data_blob_talloc( + ntlmssp_state-mem_ctx, NULL, 16); + if (session_key.data == NULL) { + return NT_STATUS_NO_MEMORY; + } + SMBsesskeygen_lm_sess_key( + lm_session_key.data, zeros, + session_key.data); } + dump_data_pw(LM session key:\n, session_key.data, +session_key.length); } else { DEBUG(10,(ntlmssp_server_auth: Failed to create NTLM session key.\n)); session_key = data_blob(NULL, 0); Modified: branches/SAMBA_3_0_23/source/libsmb/ntlmssp.c === --- branches/SAMBA_3_0_23/source/libsmb/ntlmssp.c 2006-09-02 20:17:05 UTC (rev 18007) +++ branches/SAMBA_3_0_23/source/libsmb/ntlmssp.c 2006-09-02 21:41:28 UTC (rev 18008) @@ -746,16 +746,25 @@ if (lm_session_key.data lm_session_key.length = 8) { if (ntlmssp_state-lm_resp.data ntlmssp_state-lm_resp.length == 24) { session_key = data_blob_talloc(ntlmssp_state-mem_ctx, NULL, 16); + if (session_key.data == NULL) { + return NT_STATUS_NO_MEMORY; + } SMBsesskeygen_lm_sess_key(lm_session_key.data, ntlmssp_state-lm_resp.data, session_key.data); DEBUG(10,(ntlmssp_server_auth: Created NTLM session key.\n)); - dump_data_pw(LM session key:\n, session_key.data, session_key.length); } else { - /* use the key unmodified - it's -* probably a NULL key from the guest -* login */ - session_key = lm_session_key; + static const uint8 zeros[24] = { 0, }; + session_key = data_blob_talloc( + ntlmssp_state-mem_ctx, NULL, 16); + if (session_key.data == NULL) { + return NT_STATUS_NO_MEMORY; + } + SMBsesskeygen_lm_sess_key( + lm_session_key.data, zeros, + session_key.data); } + dump_data_pw(LM session key:\n, session_key.data, +session_key.length); } else {
svn commit: samba r18009 - in branches/SAMBA_3_0: examples/libsmbclient source/include source/lib source/libsmb
Author: derrell Date: 2006-09-02 21:47:56 + (Sat, 02 Sep 2006) New Revision: 18009 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18009 Log: Fixes bug 4026. This completes the work Jeremy began last week, disambiguating the meaning of c_time. (In POSIX terminology, c_time means status Change time, not create time.) All uses of c_time, a_time and m_time have now been replaced with change_time, access_time, and write_time, and when creation time is intended, create_time is used. Additionally, the capability of setting and retrieving the create time have been added to the smbc_setxattr() and smbc_getxattr() functions. An example of setting all four times can be seen with the program examples/libsmbclient/testacl with the following command line similar to: testacl -f -S system.*:CREATE_TIME:10,ACCESS_TIME:100060,WRITE_TIME:100120,CHANGE_TIME:100180 'smb://server/share/testfile.txt' The -f option turns on the new mode which uses full time names in the attribute specification (e.g. ACCESS_TIME vs A_TIME). Modified: branches/SAMBA_3_0/examples/libsmbclient/testacl.c branches/SAMBA_3_0/source/include/libsmb_internal.h branches/SAMBA_3_0/source/lib/time.c branches/SAMBA_3_0/source/libsmb/clifile.c branches/SAMBA_3_0/source/libsmb/clirap.c branches/SAMBA_3_0/source/libsmb/libsmbclient.c Changeset: Sorry, the patch is too large (1259 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18009
svn commit: samba r18010 - in branches/SAMBA_3_0/source: libads nsswitch
Author: jra Date: 2006-09-02 23:06:21 + (Sat, 02 Sep 2006) New Revision: 18010 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18010 Log: Ensure we don't timeout twice to the same server in winbindd when it's down and listed in the -ve connection cache. Fix memory leak, reduce timeout for cldap calls - minimum 3 secs. Jeremy. Modified: branches/SAMBA_3_0/source/libads/cldap.c branches/SAMBA_3_0/source/libads/kerberos.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/libads/cldap.c === --- branches/SAMBA_3_0/source/libads/cldap.c2006-09-02 21:47:56 UTC (rev 18009) +++ branches/SAMBA_3_0/source/libads/cldap.c2006-09-02 23:06:21 UTC (rev 18010) @@ -188,6 +188,8 @@ DATA_BLOB blob; DATA_BLOB os1, os2, os3; int i1; + /* half the time of a regular ldap timeout, not less than 3 seconds. */ + unsigned int al_secs = MAX(3,lp_ldap_timeout()/2); char *p; blob = data_blob(NULL, 8192); @@ -200,7 +202,7 @@ /* Setup timeout */ gotalarm = 0; CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(lp_ldap_timeout()); + alarm(al_secs); /* End setup timeout. */ ret = read(sock, blob.data, blob.length); Modified: branches/SAMBA_3_0/source/libads/kerberos.c === --- branches/SAMBA_3_0/source/libads/kerberos.c 2006-09-02 21:47:56 UTC (rev 18009) +++ branches/SAMBA_3_0/source/libads/kerberos.c 2006-09-02 23:06:21 UTC (rev 18010) @@ -494,10 +494,13 @@ kdc_str = talloc_asprintf(mem_ctx, %s\tkdc = %s\n, kdc_str, inet_ntoa(ip_srv[i].ip)); if (!kdc_str) { + SAFE_FREE(ip_srv); return NULL; } } + SAFE_FREE(ip_srv); + DEBUG(10,(get_kdc_ip_string: Returning %s\n, kdc_str )); Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-02 21:47:56 UTC (rev 18009) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-02 23:06:21 UTC (rev 18010) @@ -791,17 +791,22 @@ char *saf_servername = saf_fetch( domain-name ); int retries; - if ((mem_ctx = talloc_init(cm_open_connection)) == NULL) + if ((mem_ctx = talloc_init(cm_open_connection)) == NULL) { + SAFE_FREE(saf_servername); return NT_STATUS_NO_MEMORY; + } /* we have to check the server affinity cache here since later we selecte a DC based on response time and not preference */ - if ( saf_servername ) - { + /* Check the negative connection cache + before talking to it. It going down may have + triggered the reconnection. */ + + if ( saf_servername NT_STATUS_IS_OK(check_negative_conn_cache( domain-name, saf_servername))) { + /* convert an ip address to a name */ - if ( is_ipaddress( saf_servername ) ) - { + if ( is_ipaddress( saf_servername ) ) { fstring saf_name; struct in_addr ip; @@ -814,9 +819,7 @@ domain-name, saf_servername, NT_STATUS_UNSUCCESSFUL); } - } - else - { + } else { fstrcpy( domain-dcname, saf_servername ); }
Build status as of Sun Sep 3 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-09-02 00:00:04.0 + +++ /home/build/master/cache/broken_results.txt 2006-09-03 00:00:19.0 + @@ -1,19 +1,19 @@ -Build status as of Sat Sep 2 00:00:02 2006 +Build status as of Sun Sep 3 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 ccache 25 4 0 -distcc 25 2 0 +distcc 27 2 0 ldb 28 5 0 lorikeet-heimdal 0 0 0 ppp 17 0 0 rsync30 3 0 samba0 0 0 samba-docs 0 0 0 -samba4 38 21 2 -samba_3_035 4 0 +samba4 38 22 1 +samba_3_035 5 0 smb-build25 0 0 talloc 32 4 0 -tdb 30 3 0 +tdb 30 4 0
svn commit: samba r18011 - in branches/SAMBA_3_0: examples/libsmbclient source/libsmb
Author: derrell Date: 2006-09-03 00:50:34 + (Sun, 03 Sep 2006) New Revision: 18011 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18011 Log: Should fix bug 3835. Jeremy: requires your eyes... If the remote connection timed out while cli_list() was retrieving its list of files, the error was not returned to the user, e.g. via smbc_opendir(), so the user didn't have a way to know to set the timeout longer and try again. This problem would occur when a very large directory is being read with a too-small timeout on the cli. Jeremy, although there were a couple of areas that needed to be handled, I needed to make one change that you should bless, in libsmb/clientgen.c. It was setting cli-smb_rw_error = smb_read_error; but smb_read_error is zero, so this had no effect. I'm now doing cli-smb_rw_error = READ_TIMEOUT; instead, and according to the OP, these (cumulative) changes (in a slightly different form) solve the problem. Please confirm this smb_rw_error change will have no other adverse effects that you can see. Derrell Modified: branches/SAMBA_3_0/examples/libsmbclient/Makefile branches/SAMBA_3_0/source/libsmb/clientgen.c branches/SAMBA_3_0/source/libsmb/clilist.c branches/SAMBA_3_0/source/libsmb/libsmbclient.c Changeset: Modified: branches/SAMBA_3_0/examples/libsmbclient/Makefile === --- branches/SAMBA_3_0/examples/libsmbclient/Makefile 2006-09-02 23:06:21 UTC (rev 18010) +++ branches/SAMBA_3_0/examples/libsmbclient/Makefile 2006-09-03 00:50:34 UTC (rev 18011) @@ -6,10 +6,12 @@ -I/usr/include/glib-1.2 \ -I/usr/lib/glib/include + DEFS = -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE CFLAGS = -O0 -g -I$(SAMBA_INCL) $(EXTLIB_INCL) $(DEFS) LDFLAGS = -L/usr/local/samba/lib +LIBSMBCLIENT = /usr/local/samba/lib/libsmbclient.so TESTS= testsmbc \ tree \ @@ -26,43 +28,43 @@ testsmbc: testsmbc.o @echo Linking testsmbc - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $ -lsmbclient + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $ $(LIBSMBCLIENT) tree: tree.o @echo Linking tree - @$(CC) `gtk-config --cflags` $(CFLAGS) $(LDFLAGS) -o $@ `gtk-config --libs` -lsmbclient $ + @$(CC) `gtk-config --cflags` $(CFLAGS) $(LDFLAGS) -o $@ `gtk-config --libs` $(LIBSMBCLIENT) $ testacl: testacl.o @echo Linking testacl - @$(CC) `gtk-config --cflags` $(CFLAGS) $(LDFLAGS) -o $@ `gtk-config --libs` -lsmbclient -lpopt $ + @$(CC) `gtk-config --cflags` $(CFLAGS) $(LDFLAGS) -o $@ `gtk-config --libs` $(LIBSMBCLIENT) -lpopt $ testbrowse: testbrowse.o @echo Linking testbrowse - @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ -lsmbclient -lpopt $ + @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LIBSMBCLIENT) -lpopt $ testbrowse2: testbrowse2.o @echo Linking testbrowse2 - @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ -lsmbclient -lpopt $ + @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LIBSMBCLIENT) -lpopt $ teststat: teststat.o @echo Linking teststat - @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ /usr/local/samba/lib/libsmbclient.so -lpopt $ + @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LIBSMBCLIENT) -lpopt $ teststat2: teststat2.o @echo Linking teststat2 - @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ /usr/local/samba/lib/libsmbclient.so -lpopt $ + @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LIBSMBCLIENT) -lpopt $ testchmod: testchmod.o @echo Linking testchmod - @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ /usr/local/samba/lib/libsmbclient.so -lpopt $ + @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LIBSMBCLIENT) -lpopt $ testutime: testutime.o @echo Linking testutime - @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ /usr/local/samba/lib/libsmbclient.so -lpopt $ + @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LIBSMBCLIENT) -lpopt $ testread: testread.o @echo Linking testread - @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ /usr/local/samba/lib/libsmbclient.so -lpopt $ + @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LIBSMBCLIENT) -lpopt $ smbsh: make -C smbwrapper Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c === --- branches/SAMBA_3_0/source/libsmb/clientgen.c2006-09-02 23:06:21 UTC (rev 18010) +++ branches/SAMBA_3_0/source/libsmb/clientgen.c2006-09-03 00:50:34 UTC (rev 18011) @@ -79,7 +79,6 @@ BOOL cli_receive_smb(struct cli_state *cli) { - extern int smb_read_error; BOOL ret; /* fd == -1 causes segfaults -- Tom ([EMAIL PROTECTED]) */ @@ -107,9 +106,9 @@ } /* If the server is not responding, note that now */ - if (!ret) { - cli-smb_rw_error = smb_read_error; +DEBUG(0, (Receiving SMB: Server stopped responding\n)); + cli-smb_rw_error = READ_TIMEOUT; close(cli-fd); cli-fd
Re: svn commit: samba r18011 - in branches/SAMBA_3_0: examples/libsmbclient source/libsmb
On Sun, Sep 03, 2006 at 12:50:36AM +, [EMAIL PROTECTED] wrote: Jeremy: requires your eyes... If the remote connection timed out while cli_list() was retrieving its list of files, the error was not returned to the user, e.g. via smbc_opendir(), so the user didn't have a way to know to set the timeout longer and try again. This problem would occur when a very large directory is being read with a too-small timeout on the cli. Jeremy, although there were a couple of areas that needed to be handled, I needed to make one change that you should bless, in libsmb/clientgen.c. It was setting cli-smb_rw_error = smb_read_error; but smb_read_error is zero, so this had no effect. I'm now doing cli-smb_rw_error = READ_TIMEOUT; instead, and according to the OP, these (cumulative) changes (in a slightly different form) solve the problem. Please confirm this smb_rw_error change will have no other adverse effects that you can see. The change shouldn't have any adverse effects, but what I'm curious about is why 'smb_read_error' was zero at that point ? All paths through that code should end up setting 'smb_read_error' nonzero on error or timeout. Did you reproduce this ? Is so, set the debugger to break on read_socket_with_timeout() and walk through the function. Tell me how it exits on timeout with smb_read_error == 0. That's where the real bug is. The patch you added may just be a band-aid on this. Jeremy.
svn commit: samba r18012 - in branches/SAMBA_3_0: examples/libsmbclient source/libsmb
Author: derrell Date: 2006-09-03 01:37:26 + (Sun, 03 Sep 2006) New Revision: 18012 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18012 Log: Should fix bug 4018. NetApp filers expect paths in Open AndX Request to have a leading slash. Windows clients send the leading slash, so we should too. Modified: branches/SAMBA_3_0/examples/libsmbclient/testread.c branches/SAMBA_3_0/source/libsmb/libsmbclient.c Changeset: Modified: branches/SAMBA_3_0/examples/libsmbclient/testread.c === --- branches/SAMBA_3_0/examples/libsmbclient/testread.c 2006-09-03 00:50:34 UTC (rev 18011) +++ branches/SAMBA_3_0/examples/libsmbclient/testread.c 2006-09-03 01:37:26 UTC (rev 18012) @@ -55,6 +55,7 @@ { ret = smbc_read(fd, buffer, sizeof(buffer)); savedErrno = errno; +if (ret 0) fwrite(buffer, 1, ret, stdout); } while (ret 0); smbc_close(fd); Modified: branches/SAMBA_3_0/source/libsmb/libsmbclient.c === --- branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2006-09-03 00:50:34 UTC (rev 18011) +++ branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2006-09-03 01:37:26 UTC (rev 18012) @@ -414,7 +414,15 @@ } -safe_strcpy(path, p, path_len - 1); +/* + * Prepend a leading slash if there's a file path, as required by + * NetApp filers. + */ +*path = '\0'; +if (*p != '\0') { +*path = '/'; +safe_strcpy(path + 1, p, path_len - 2); +} all_string_sub(path, /, \\, 0);
svn commit: samba r18013 - in branches/SAMBA_3_0/source: include libsmb
Author: derrell Date: 2006-09-03 02:10:24 + (Sun, 03 Sep 2006) New Revision: 18013 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18013 Log: Fix for bug (enhancement) 3684. Provide a new option to specify the share mode to be used when opening a file. Modified: branches/SAMBA_3_0/source/include/libsmb_internal.h branches/SAMBA_3_0/source/include/libsmbclient.h branches/SAMBA_3_0/source/libsmb/libsmbclient.c Changeset: Modified: branches/SAMBA_3_0/source/include/libsmb_internal.h === --- branches/SAMBA_3_0/source/include/libsmb_internal.h 2006-09-03 01:37:26 UTC (rev 18012) +++ branches/SAMBA_3_0/source/include/libsmb_internal.h 2006-09-03 02:10:24 UTC (rev 18013) @@ -90,6 +90,12 @@ BOOL _full_time_names; /* + * The share mode of a file being opened. To match POSIX semantics + * (and maintain backward compatibility), DENY_NONE is the default. + */ + smbc_share_mode _share_mode; + +/* * Authentication function which includes the context. This will be * used if set; otherwise context-callbacks.auth_fn() will be used. */ Modified: branches/SAMBA_3_0/source/include/libsmbclient.h === --- branches/SAMBA_3_0/source/include/libsmbclient.h2006-09-03 01:37:26 UTC (rev 18012) +++ branches/SAMBA_3_0/source/include/libsmbclient.h2006-09-03 02:10:24 UTC (rev 18013) @@ -141,7 +141,21 @@ #define SMBC_DOS_MODE_DIRECTORY 0x10 #define SMBC_DOS_MODE_ARCHIVE0x20 +/* + * Valid values for the option open_share_mode, when calling + * smbc_option_set() + */ +typedef enum smbc_share_mode +{ +SMBC_SHAREMODE_DENY_DOS = 0, +SMBC_SHAREMODE_DENY_ALL = 1, +SMBC_SHAREMODE_DENY_WRITE = 2, +SMBC_SHAREMODE_DENY_READ= 3, +SMBC_SHAREMODE_DENY_NONE= 4, +SMBC_SHAREMODE_DENY_FCB = 7 +} smbc_share_mode; + #ifndef ENOATTR # define ENOATTR ENOENT/* No such attribute */ #endif Modified: branches/SAMBA_3_0/source/libsmb/libsmbclient.c === --- branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2006-09-03 01:37:26 UTC (rev 18012) +++ branches/SAMBA_3_0/source/libsmb/libsmbclient.c 2006-09-03 02:10:24 UTC (rev 18013) @@ -1120,7 +1120,8 @@ cli_dfs_make_full_path( targetpath, targetcli-desthost, targetcli-share, temppath); } - if ((fd = cli_open(targetcli, targetpath, flags, DENY_NONE)) 0) { + if ((fd = cli_open(targetcli, targetpath, flags, + context-internal-_share_mode)) 0) { /* Handle the error ... */ @@ -6166,6 +6167,8 @@ context-options.browse_max_lmb_count = 3;/* # LMBs to query */ context-options.urlencode_readdir_entries = False;/* backward compat */ context-options.one_share_per_server = False;/* backward compat */ +context-internal-_share_mode = SMBC_SHAREMODE_DENY_NONE; +/* backward compat */ context-open = smbc_open_ctx; context-creat = smbc_creat_ctx; @@ -6301,6 +6304,7 @@ { va_list ap; union { +int i; BOOL b; smbc_get_auth_data_with_context_fn auth_fn; void *v; @@ -6327,6 +6331,15 @@ option_value.b = (BOOL) va_arg(ap, int); context-internal-_full_time_names = option_value.b; +} else if (strcmp(option_name, open_share_mode) == 0) { +/* + * The share mode to use for files opened with + * smbc_open_ctx(). The default is SMBC_SHAREMODE_DENY_NONE. + */ +option_value.i = va_arg(ap, int); +context-internal-_share_mode = +(smbc_share_mode) option_value.i; + } else if (strcmp(option_name, auth_function) == 0) { /* * Use the new-style authentication function which includes
Re: svn commit: samba r18011 - in branches/SAMBA_3_0: examples/libsmbclient source/libsmb
Jeremy Allison [EMAIL PROTECTED] writes: On Sun, Sep 03, 2006 at 12:50:36AM +, [EMAIL PROTECTED] wrote: Please confirm this smb_rw_error change will have no other adverse effects that you can see. The change shouldn't have any adverse effects, but what I'm curious about is why 'smb_read_error' was zero at that point ? All paths through that code should end up setting 'smb_read_error' nonzero on error or timeout. I may, have inferred a non-truth. I'll set that back to smb_read_error and have Henrik test it with the other, clearly-required fixes in this patch and see what happens. He has an environment set up that seems to easily reproduce the problem, so we'll know quickly. Thanks! Derrell
svn commit: samba r18014 - in branches/SAMBA_3_0/source/libsmb: .
Author: derrell Date: 2006-09-03 02:28:22 + (Sun, 03 Sep 2006) New Revision: 18014 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18014 Log: revert a possibly unnecessary change Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clientgen.c === --- branches/SAMBA_3_0/source/libsmb/clientgen.c2006-09-03 02:10:24 UTC (rev 18013) +++ branches/SAMBA_3_0/source/libsmb/clientgen.c2006-09-03 02:28:22 UTC (rev 18014) @@ -79,6 +79,7 @@ BOOL cli_receive_smb(struct cli_state *cli) { + extern int smb_read_error; BOOL ret; /* fd == -1 causes segfaults -- Tom ([EMAIL PROTECTED]) */ @@ -108,7 +109,7 @@ /* If the server is not responding, note that now */ if (!ret) { DEBUG(0, (Receiving SMB: Server stopped responding\n)); - cli-smb_rw_error = READ_TIMEOUT; + cli-smb_rw_error = smb_read_error; close(cli-fd); cli-fd = -1; return ret;
svn commit: samba r18015 - in branches/SAMBA_3_0/source: libads nsswitch
Author: jra Date: 2006-09-03 03:46:07 + (Sun, 03 Sep 2006) New Revision: 18015 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18015 Log: Try and detect network failures immediately in set_dc_type_and_flags(). Fix problem when DC is down in ads_connect, where we fall back to NetBIOS and try exactly the same IP addresses we just put in the negative connection cache We can never succeed, so don't try lookups a second time. Jeremy. Modified: branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/libads/ldap.c === --- branches/SAMBA_3_0/source/libads/ldap.c 2006-09-03 02:28:22 UTC (rev 18014) +++ branches/SAMBA_3_0/source/libads/ldap.c 2006-09-03 03:46:07 UTC (rev 18015) @@ -286,6 +286,26 @@ if ( !NT_STATUS_IS_OK(check_negative_conn_cache(realm, server)) ) continue; + + if (!got_realm) { + /* realm in this case is a workgroup name. We need + to ignore any IP addresses in the negative connection + cache that match ip addresses returned in the ad realm + case. It sucks that I have to reproduce the logic above... */ + c_realm = ads-server.realm; + if ( !c_realm || !*c_realm ) { + if ( !ads-server.workgroup || !*ads-server.workgroup ) { + c_realm = lp_realm(); + } + } + if (c_realm *c_realm + !NT_STATUS_IS_OK(check_negative_conn_cache(c_realm, server))) { + /* Ensure we add the workgroup name for this + IP address as negative too. */ + add_failed_connection_entry( realm, server, NT_STATUS_UNSUCCESSFUL ); + continue; + } + } if ( ads_try_connect(ads, server) ) { SAFE_FREE(ip_list); Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-03 02:28:22 UTC (rev 18014) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-03 03:46:07 UTC (rev 18015) @@ -594,7 +594,7 @@ /* For active directory servers, try to get the ldap server name. None of these failures should be considered critical for now */ - if ( lp_security() == SEC_ADS ) { + if (lp_security() == SEC_ADS) { ADS_STRUCT *ads; ads = ads_init(realm, domainname, NULL); @@ -976,10 +976,11 @@ TALLOC_CTX *mem_ctx = NULL; struct rpc_pipe_client *cli; POLICY_HND pol; - + char *domain_name = NULL; char *dns_name = NULL; DOM_SID *dom_sid = NULL; + int try_count = 0; ZERO_STRUCT( ctr ); @@ -991,8 +992,10 @@ return; } + try_again: + result = init_dc_connection(domain); - if (!NT_STATUS_IS_OK(result)) { + if (!NT_STATUS_IS_OK(result) || try_count 2) { DEBUG(5, (set_dc_type_and_flags: Could not open a connection to %s: (%s)\n, domain-name, nt_errstr(result))); domain-initialized = True; @@ -1007,7 +1010,9 @@ PI_LSARPC_DS on domain %s: (%s)\n, domain-name, nt_errstr(result))); domain-initialized = True; - return; + /* We want to detect network failures asap to try another dc. */ + try_count++; + goto try_again; } result = rpccli_ds_getprimarydominfo(cli, cli-cli-mem_ctx, @@ -1028,7 +1033,9 @@ if (cli == NULL) { domain-initialized = True; - return; + /* We want to detect network failures asap to try another dc. */ + try_count++; + goto try_again; } mem_ctx = talloc_init(set_dc_type_and_flags on domain %s\n,