[Samba] winbind and SBS 2003
Hi, I want vpn clients which have a valid x509 Cert and a valid user account in the M$ domain can access to the LAN. The M$ DC is an SBS2003 Server in mixed mode. I don't want to manage two user db's. I want the vpn server to ask the domain controller for a valid user account.So I've installed the nessecary stuff on the vpn server. The interresting things here are: samba/winbind 3.0.22 samba-common. After a while of testings and changes everything was working fine. Then one day the vpn/samba server became the same netbios name like the M$ DC accidantily.Now every time the vpn server becomes online, the SBS Server is inaccessible for the internal M$ clients, but the vpn client can still access the LAN. On some machines are popups like The IP you are using is already in use, but it isn't. Nevertheless the NIC is getting disabled. The DC is also the dhcp server. I've renamed the samba netbios- name of course and deleted the machine account on the DC. Also I've deleted the *.tdb's on the samba machine and the samba machine became another IP-address. Then I've let the samba server rejoin the M$ Domain successfully. I can get the DC accounts by using wbinfo -u and -g. getent is working also. ntlm_auth username= also. Everything seems to be fine, but the internal network is breaking down by DC strike. DC's system eventlog is saying: The session could not be established, because the security database could not determine a trust account accordingly the asking computer. (Sorry, this is my translation from german. It may be not exactly the same word by word, like the original english event description. Event ID is: 5723, source: NETLOGON) That's it in the event logs. A browstat status on DC is listing: Status for domain DOMAIN on transport \Device\NetBT_Tcpip_{0D040CB9-B2E6-4BE5-BF6A-59E9C86B54EA} Browsing is active on domain. Master browser name is: TEST Master browser is running build 3790 2 backup servers retrieved from master TEST \\UMS \\TEST There are 13 servers in domain DOMAIN on transport \Device\NetBT_Tcpip_{0D040CB9-B2E6-4BE5-BF6A-59E9C86B54EA} There are 2 domains in domain DOMAIN on transport \Device\NetBT_Tcpip_{0D040CB9-B2E6-4BE5-BF6A-59E9C86B54EA} A nmblookup -M DOMAIN: TEST When network is going down on the samba server, everything awakes... The event log o n the local XP clients complains something like: There is no Domain Controller available by following reason: the RPC call was aborting Event ID:5719 The event log on UMS, the backup browser complains:The reading of the backuplist aborted because there is no master browser accessible The backup browser could not get a serverlist from the master browser on the network {... }Event ID:8021. It looks like the SBS2003 machine can't 'forget' that a second machine with the same netbios name was appearing in the network. Perhaps the reason therefore is the special SBS license. However, perhaps someone has done the same experiences and maybe, much more important, worked out a solution for this problem. The smb.conf: [global] workgroup = DOMAIN os level = 0 preferred master = No local master = No domain master = No wins server = 172.16.5.60 interfaces = eth1 log file = /var/log/samba/log.%m max log size = 1000 syslog = 6 security = Domain passdb backend = tdbsam obey pam restrictions = yes invalid users = root passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . ;domain logons = yes ;logon drive = H: ;logon home = \\%N\%U ;logon script = logon.cmd socket options = TCP_NODELAY winbind separator = + winbind enum users = yes winbind enum groups = yes idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/false Thanks for answer Hugo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] hide files not work
Hi I'm using samba 3 I want to hide dot files I used hide files = .* hide dot files = yes and even veto file no success at all, help would be greatly appreciate. cheers chaminda -- This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure.Ministry of Finance Planning does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by Ministry of Finance Planning Sri Lanka in this regard. To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Printing problems with samba 3.0.23c and NT4
Hi everyone! I have upgrade my fileserver from samba2-smbpasswd to samba3.0.23c with LDAP-PDC. Now i can't print to the printers on that server with NT4. net use ... is functional, but if I print to that printer, I get the error - free translated from german message - The syntax of the filename, directory name or the disc-label is wrong. WinXP hasn't that problem. The share is defined in this way: [global] ... printing = BSD ... [pspdf] path = /tmp printable = yes print command = /usr/local/bin/samba2pdf %s %U use client driver = yes I have played with use client driver, with no success. Is the printing-support for NT4 broken? Thanks a lot in advance Andreas Pohl [EMAIL PROTECTED] -- INTERMET Ueckermünde D-17373 Ueckermünde, Eggesiner Str. 11 Tel.: +49 (0) 39771 2120, Fax: +49 (0) 39771 21210 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] More problems with samba 3.0.23c and NT4
Hi everyone! I have some trouble with samba 3.0.23 as PDC for NT4 workstations with SP6a. I have upgraded from samba2. 1. The ntconfig.pol from the netlogon-share does'nt work. I get a prf1.tmp in the User-Profile-Folder and the policy wouldn't mix to the registry. In the Event-Log I found an entry RegLoadKey ist mit dem Fehler 87 für C:\WINNT\Profiles\aba\prfD.tmp gescheitert. EventId:1000 from Userenv. The same with an XP-computer works without problems. 2. I haven't the security-tag in the property-window of a file or directory on the samba-shares. The tab is there under winxp but not in NT4. Is there something broken?? Thanks, Andreas Pohl [EMAIL PROTECTED] -- INTERMET Ueckermünde D-17373 Ueckermünde, Eggesiner Str. 11 Tel.: +49 (0) 39771 2120, Fax: +49 (0) 39771 21210 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with FC4 Samba 3.0.23a and Windows XP PRO 2002
Hello all! I have just upgraded a system that previously had SAMBA running on an SCO Unix server with various flavors of Window clients XP, 98, ME, Media, 2000, etc. I was using plain text passwords and USER authentication. I upgraded the server to a FC4 Box with SAMBA 3.0.23a All of the clients reconnected to their shares/printers EXCEPT the Windows XP PRO 2002 clients (2). The log files for samba show: [2006/09/12 11:40:24, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User graham ! I am confused as to why these two machines are asking for (getting) smb_pam_auth when I am using plain text passwords Any help out there? Thanks for any thoughts Mark Mark L. Wise, President Alpha II Service, Inc. 1312 Epworth Ave Reynoldsburg, Ohio 43068-2116 614 868-5033 (Phone) 614 868-1060 (Fax) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] New Samba GroupMapping
Hello List, In my logfile I found: Sep 11 18:40:58 gateway smbd[92133]: [2006/09/11 18:40:58, 0] auth/auth_util.c:create_builtin_administrators(785) Sep 11 18:40:58 gateway smbd[92133]: create_builtin_administrators: Failed to create Administrators Sep 11 18:40:58 gateway smbd[92133]: [2006/09/11 18:40:58, 0] auth/auth_util.c:create_builtin_users(751) Sep 11 18:40:58 gateway smbd[92133]: create_builtin_users: Failed to create Users Someone gave me the advice to read 'WhatsNEW'! Group Mapping Changes = The default mapping entries for groups such as Domain Admins are no longer created when using an smbpasswd file or a tdbsam passdb backend. This means that it is necessary to use 'net groupmap add' rather than 'net groupmap modify' to set these entries. This change has no effect on winbindd's IDmap functionality for domain groups. What does that means? The default mapping entries were now made only whenn using LDAP? It is not a problem to create the entries by hand or script but it would be usefull having a table with the sid key's or am i wrong? Another Problem ist getting the usersidlist. # net usersidlist [2006/09/14 12:30:00, 0] utils/net_rpc.c:net_usersidlist(4716) Could not get the user/sid list Why? I foudn no answer in the web. Thnx regards CAT -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd wont start
Hi Tim, maybe you have a corrupted tdb. You could check with tdbbackup -v NAME.tdb in /var/lib/samba/ also, normally I would expect the tdb's to be in /var/lib/samba and only the PID's in /var/run/samba/ Rolf On Thu, 14 Sep 2006, Tim wrote: My samba has been setup in its current configuration for around 9 months and has worked without a problem, over the weekend my windows boxes were unable to access the samba shares. Using SWAT I found that the smbd was not starting. I have tried the following: Trying to start smbd (as root) from the cli with: smbd start Seems to execute the command and gave no errors but still swat says that smbd has not been started. If I run smbstatus (as root) from the cli I get Titan:/home/mit# smbstatus sessionid.tdb not initialised /var/run/samba/connections.tdb not initialised This is normal if an SMB client has never connected to your server. /var/run/samba/locking.tdb not initialised This is normal if an SMB client has never connected to your server. Titan:/home/mit# If I run testparm from cli I get Titan:/home/mit# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [printers] Processing section [print$] Processing section [MP3] Processing section [PICTURES] Processing section [VIDEO] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] ? ? ? ? workgroup = HOME ? ? ? ? server string = %h server (Samba %v) ? ? ? ? obey pam restrictions = Yes ? ? ? ? passdb backend = tdbsam, ? ? ? ? passwd program = /usr/bin/passwd %u ? ? ? ? passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ? ? ? ? syslog = 0 ? ? ? ? log file = /var/log/samba/log.%m ? ? ? ? max log size = 1000 ? ? ? ? server signing = auto ? ? ? ? preferred master = No ? ? ? ? domain master = No ? ? ? ? panic action = /usr/share/samba/panic-action %d ? ? ? ? invalid users = root [homes] ? ? ? ? comment = Home Directories ? ? ? ? invalid users = ? ? ? ? read only = No ? ? ? ? create mask = 0640 ? ? ? ? directory mask = 0750 ? ? ? ? browseable = No [printers] ? ? ? ? comment = All Printers ? ? ? ? path = /tmp ? ? ? ? create mask = 0700 ? ? ? ? printable = Yes ? ? ? ? browseable = No [print$] ? ? ? ? comment = Printer Drivers ? ? ? ? path = /var/lib/samba/printers [MP3] ? ? ? ? path = /mnt/usbhd/mp3/ ? ? ? ? read only = No ? ? ? ? hosts allow = **.**.**.**/**.**.**.** [PICTURES] ? ? ? ? path = /mnt/usbhd/Pictures/ ? ? ? ? read only = No ? ? ? ? hosts allow = **.**.**.**/**.**.**.** [VIDEO] ? ? ? ? path = /mnt/usbhd/Video ? ? ? ? read only = No I have checked the logs for any error and this is the smbd log which give this: [2006/09/13 20:12:20, 0] lib/util.c:log_stack_trace(1699) ? BACKTRACE: 7 stack frames: ? ?#0 smbd(log_stack_trace+0x23) [0x822b763] ? ?#1 smbd(smb_panic+0x46) [0x822b856] ? ?#2 smbd [0x81ea941] ? ?#3 smbd(initialize_password_db+0xe) [0x81ea98e] ? ?#4 smbd(main+0x591) [0x82c1cd1] ? ?#5 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7c44ea8] ? ?#6 smbd [0x8082a31] [2006/09/13 20:12:20, 0] lib/util.c:smb_panic(1600) ? smb_panic(): calling panic action [/usr/share/samba/panic-action 6192] [2006/09/13 20:12:20, 0] lib/util.c:smb_panic(1608) ? smb_panic(): action returned status 0 [2006/09/13 20:12:20, 0] lib/fault.c:dump_core(173) ? dumping core in /var/log/samba/cores/smbd I checked the reference /var/log/samba/cores/smbd but its not a txt based file so I can't say what is in it. My distro is debian testing with 2.6.15 kernel (from debian) Samba is 3.0.23 (normal apt install from debian) Any suggestions Tim P.S. Sorry for then long post-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NMB not starting when SMB started
Hi, NMB service is not started when i start smb service. I got to started manually the nmb service after i have started the smb service. Linux version : SLES10 and SLES9 samba version : 3.0.22 What could be wrong ? _ Block pop-up ads with MSN Toolbar. http://toolbar.msn.com.my/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2003 SP1 breaks kerberos on samba?
Hi I have got a Windows 2003 With SP1 domain controller and I'm moving my ISA Proxy to the Squid but I need to integrate the authentication. If I use the basic authentication it works but I need to integrate with AD. I have seen that after the SP1 on Windows it have been impossible to implemented. I not expert on Linux, could you help me to implement that solution? Sorry about my English I'm from Mozambique(not English native language). Thx Arafat M. Bique IT Management Administering and Supporting Systems MCSE - Microsoft Certified System Engineer MCSA - Microsoft Certified System Administrator CCNA - Cisco Certified Network Associate email:[EMAIL PROTECTED] Web:http://www.bci.co.mz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba tuning advise
Helo, We use a big fileserver running Linux/Samba as fileshare. We are facing performances problems for which we'd like some advise : Clients are OS2(LanManager) and windows 2000 reading and writing lots of files in the same directory on the fileshare. We currently have more than 80 000 files in the directory (files size is about 100 Bytes). Could you please advise us some Samba tuning you would apply in a such situation. I'm sure you also have some recommendations on Linux parameters like filsystem type, general kernel/network settings. Feel free to forward this to whoever who could help us. Regards. Salutations / Kind Regards Fabrice -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Support of Samba on RHEL4?
Hello, A while ago I asked what kind of Samba packages I could use on RHEL4. If I use the packages from www.samba.org then I'd void the support agreement with Red Hat. (...) Downloading and investigating the latest Samba source package from RHN (samba-3.0.10-1.4E.9.src.rpm) told me that the Samba package of RHN is based on the native 3.0.10 Samba package of samba.org with some necessary patches (samba-3.0.10-winbindd_2k3sp1.patch, samba-3.0.10-ldap-failover-timeout-backport.patch are the most important ones for me), while even the patches come from samba.org In samba-3.0.10-ldap-failover-timeout-backport.patch I found this statement: + /* Setup alarm timeout Do we need both of these ? JRA. */ This is from Jeremy Allison of samba.org... Is there any technical reason NOT to use the packages of samba.org on RHEL4? Regarding the above info I'd like to use the original samba packages on RHEL4. If I only void support for Samba at Red Hat, so be it. I'm convinced I'm better off with Samba support at samba.org... Regards, Alex. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday 12 July 2006 13:22 To: Alex de Vaal Cc: samba@lists.samba.org Subject: Re: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex de Vaal wrote: Can somebody of the Samba team explain me the difference of Fedora packages or Enterprise packages (http://enterprisesamba.com/) of Samba on Red Hat Enterprise Linux 4? ... First I tried the RHEL4 packages from enterprisesamba.com, but these packages always ended up with the error message Segmentation fault while I used net ads join; If you need support for the SerNet packages, you will have to contact SerNet. Therefore I compiled the Fedora source package on RHEL4; this went well. ... I'd like to continue with the Fedora Samba package on my RHEL4 server, but I'd like to know why or why NOT to use it! (and why I have to use the packages of enterprisesamba.com) The Fedora specfile provided with Samba is compatible with RHEL4. I don't build RHEL4 packages only because IMO if you pay for support for RedHat, installing non-vendor supplied packages would void your support agreement. Althought I could provide RPMS for the lates version of CentOS which should be binary comatible with RHEL4 systems. While I'm at it, is there any pressing need for 64-bit rpms as well? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEtNtRIR7qMdg1EfYRAisqAKDja37hQJsPyRdnflsgIefpmdCdBACg6iBC HrDJ2aTmeSFe5WkZa6UlxH0= =8Vw4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23c compatibility with openldap versions
Are all versions of openldap compatible with Samba 3.0.23c? If no, please let me know the least version of openldap which I need to have for Samba 3.0.23c working? Thanks, Dil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE [Samba] Printing problems with samba 3.0.23c and NT4
Hi, I have the same problem on a NT4 SP3. I must made a workaround (using direct print, without pass by samba), but the problem still present. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] a écrit sur 13/09/2006 10:36:01 : Hi everyone! I have upgrade my fileserver from samba2-smbpasswd to samba3.0.23c with LDAP-PDC. Now i can't print to the printers on that server with NT4. net use ... is functional, but if I print to that printer, I get the error - free translated from german message - The syntax of the filename, directory name or the disc-label is wrong. WinXP hasn't that problem. The share is defined in this way: [global] ... printing = BSD ... [pspdf] path = /tmp printable = yes print command = /usr/local/bin/samba2pdf %s %U use client driver = yes I have played with use client driver, with no success. Is the printing-support for NT4 broken? Thanks a lot in advance Andreas Pohl [EMAIL PROTECTED] -- INTERMET Ueckermünde D-17373 Ueckermünde, Eggesiner Str. 11 Tel.: +49 (0) 39771 2120, Fax: +49 (0) 39771 21210 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba tuning advise
On Thu, Sep 14, 2006 at 08:08:07PM +0200, [EMAIL PROTECTED] wrote: Helo, We use a big fileserver running Linux/Samba as fileshare. We are facing performances problems for which we'd like some advise : Clients are OS2(LanManager) and windows 2000 reading and writing lots of files in the same directory on the fileshare. We currently have more than 80 000 files in the directory (files size is about 100 Bytes). Could you please advise us some Samba tuning you would apply in a such situation. I'm sure you also have some recommendations on Linux parameters like filsystem type, general kernel/network settings. Feel free to forward this to whoever who could help us. Here's a copy of an old mail of mine So here's how to set up an application that needs large number of files per directory in a way that doesn't damage performance. Firstly, you need to canonicalize all the files in the directory to have one case, upper or lower - take your pick (I chose upper as all my files were already upper case names). Then set up a new custom share for the application as follows: [bigshare] path = /home/jeremy/tmp/manyfilesdir read only = no case sensitive = True default case = upper preserve case = no short preserve case = no Of course, use your own path and settings, but set the case options to match the case of all the files in your directory. The path should point at the large directory needed for the application - any new files created in there and in any paths under it will be forced by smbd into upper case - but smbd will no longer have to scan the directory for names - it knows that if a file doesn't exist in upper case then it doesn't exist at all. The secret to this is really in the case sensitive = True line - it tells smbd never to scan for case-insensitive versions of names. So if an application asks for a file called FOO, and it can't be found by a simple stat call, then smbd will return file not found immediately without scanning the containing directory for a version of a different case. The other xxx case xxx lines make this work by forcing a consistent case on all files created by smbd. Remember, all files and directories under the path directory must be in upper case with this smb.conf stanza as smbd won't be able to find lower case filenames with these settings. Also note this is done on a per-share basis, allowing this to be set only for a share servicing an application with this problematic behaviour (using large numbers of entries in a directory) - the rest of your smbd shares don't need to be affected. This makes smbd *much* faster when dealing with large directories. My test case has over 100,000 files and smbd now deals with this very efficiently. So please give this a test if you have problems with Samba and large sized directories. Remember this is in SVN code only, it isn't in the 3.0.11 pre releases or rc candidates, as we need to ensure this new code is correct. If you can help me test it it'll be in 3.0.12 (security problems notwithstanding :-). Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] CIFS file permission
Hello, I am facing a weired problem with CIFS.I am mounting Windows Share using CIFS.Mount works properly.Permission of files and folders are -rwxrwxrwx Now the problem is if I change the read only attribute from Windows machine of the share permission of Linux is r-xr-xr-x, which is expected behaviour. But if i remove the read only attribute on Windows Linux permission is not getting updated. Any idea? Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] profiles on two domains
Hi, We (being a College dept) have a staff network and a student lab, each residing on separate networks and samba domains. Staff can log into STAFFNET, whose PDC is STAFFSERVER. Students can log into STULAB, whose PDC is STUDENTSERVER. There's a one-way trust relationship between the two domains. STUDENTSERVER is the only machine on the student network allowed to talk to STAFFSERVER. STULAB trusts STAFFNET. Passwords are all stored in the same LDAP database. The SIDs refer to STAFFNET. I'd like staff to be able to log in to STULAB, but be given a student-like experience. With the above setup, they can authenticate to STAFFNET and so log in to Windows, but they can't retrieve their (STAFFNET) profile or access their home directory. Is it possible for samba on STUDENTSERVER to mangle the profile path and home directory for our STAFFNET users, or possibly force in what it thinks is right for STULAB? Thanks Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] accessing windows shared folders from vmware guest linux
Hi, i've just installed vmware 5.5 on a win2k SP4 machine, and i've installed a Suse 10.1 on the virtual machine. actually i'm using *only* the command line interface on linux, my goal is only to be able to compile the C++ source files i have on my windows partition with gcc on linux. in order to do this, i need to mount my windows partition in my linux, and i need to be able to write as well, as some files (other than just the object files) are generated while compiling. i think this should be possible by mounting the windows folders using samba. so i've installed samba on my linux (Version 3.0.22-11-SUSE-CODE10), and tried to connect to my windows shared folders. however, i always get some authentication or access failure. for instance, the following command: smbclient //fili/xlibs -U dvergnaud raises the following error: session setup failed: NT_STATUS_LOGON_FAILURE of course the computer does exist, the windows folder is shared, and the username and password are correct. if i try something like this: smbmount //fili/xlibs /mnt/temp -o username=dvergnaud i get the following error: 3600: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed the weird thing is, it all works fine when doing it from another linux computer (where linux runs natively). that means, as i see it, that either there's a problem with VMware and samba working together, or my samba client is not properly configured -- although i'm not aware that it's much configurable... has anyone already had such a problem? or does anyone have an idea what i'm doing wrong? thx a lot for helping me out! David -- View this message in context: http://www.nabble.com/accessing-windows-shared-folders-from-vmware-guest-linux-tf2276814.html#a6322998 Sent from the Samba - General forum at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo -t error when samba server is restarted and windows 2000 domain server keeps running
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 11:52 AM, Urik escreveu: I allways use 'net rpc join' - allways with 'rpc' option. I did not run 'net join' when machine is working normally. By mistake I included content of smb.conf that was made for testing. Production smb.conf has workgroup = METAL, other setting are same. Ok, can you try a 'net join' under normal circunstances? :) Increase the loglevel/debuglevel and attach the relevant part (the one while you are joining). Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCpr1Cj65ZxU4gPQRAhtDAJ4zVACGhbF4vYVLxbXSxqF9ze58JACgkq3g fnfyom+PyRhEZF+9bIfBncs= =011W -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with FC4 Samba 3.0.23a and Windows XP PRO 2002
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 03:15 PM, Mark L. Wise escreveu: Hello all! I have just upgraded a system that previously had SAMBA running on an SCO Unix server with various flavors of Window clients XP, 98, ME, Media, 2000, etc. I was using plain text passwords and USER authentication. I upgraded the server to a FC4 Box with SAMBA 3.0.23a There are several changes in the 3.0.23 series, did you read about that changes and how it could impact your installation/configuration? All of the clients reconnected to their shares/printers EXCEPT the Windows XP PRO 2002 clients (2). The log files for samba show: [2006/09/12 11:40:24, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User graham ! I am confused as to why these two machines are asking for (getting) smb_pam_auth when I am using plain text passwords Any help out there? Probably, you will need to attach your smb.conf and a more verbose log, increase the loglevel/debuglevel). Thanks for any thoughts Mark Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCpuJCj65ZxU4gPQRAk03AJ498Pzoc9skF/V/BSbIScsZlygGBwCdGghM Qd4s1SFOrRphSJXJWUAFVMk= =MpJh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba tuning advise
You should also consider increase the SO_SNDBUF and SO_RCVBUF in socket options. I have used values like 16384 and got some performance increase for reading and writing to the shares. Increase this value in your environment to get and test one good for you. On 9/14/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Helo, We use a big fileserver running Linux/Samba as fileshare. We are facing performances problems for which we'd like some advise : Clients are OS2(LanManager) and windows 2000 reading and writing lots of files in the same directory on the fileshare. We currently have more than 80 000 files in the directory (files size is about 100 Bytes). Could you please advise us some Samba tuning you would apply in a such situation. I'm sure you also have some recommendations on Linux parameters like filsystem type, general kernel/network settings. Feel free to forward this to whoever who could help us. Regards. Salutations / Kind Regards Fabrice -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to change perimissions across a directory tree
Hello all, I have samba 3 with a share named shareA using these settings: [shareA] comment = Directory Amministrazione path = /col/shareA browseable = no valid users = @amm force group = amm public = no writable = yes create mask = 0770 directory mask = 0770 printable = no where user1, user2, user3 and user4 belong to amm group. I would like to differentiate permissions and have them become something like: 1) these users: user1 user2 read only to the directory: \shareA\dir1 \shareA\dir2 2) these users: user3 user4 read wrtite to the directory: \shareA\dir1 \shareA\dir2 3) user1 user2 user3 user4 read wrtite to the directories \shareA\dir3 \shareA\dir4 4) full control for user1, user2, user3 and user4 to the other directories under \shareA (as is now for all what is under \shareA) Thanks in advance. Bye, Gianluca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More problems with samba 3.0.23c and NT4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/14/2006 03:33 AM, A. Pohl escreveu: Hi everyone! I have some trouble with samba 3.0.23 as PDC for NT4 workstations with SP6a. I have upgraded from samba2. There are an important number of changes in the Samba 3.0.23 series, did you check the NEWS and upgrade information to see how it impacts your configuration? 1. The ntconfig.pol from the netlogon-share does'nt work. I get a prf1.tmp in the User-Profile-Folder and the policy wouldn't mix to the registry. In the Event-Log I found an entry RegLoadKey ist mit dem Fehler 87 für C:\WINNT\Profiles\aba\prfD.tmp gescheitert. EventId:1000 from Userenv. The same with an XP-computer works without problems. Are you upgrading from one version of Samba to a new one, or is this a fresh installation? 2. I haven't the security-tag in the property-window of a file or directory on the samba-shares. The tab is there under winxp but not in NT4. Sorry, I don't know about this detail. Is there something broken?? Maybe. Can you send your smb.conf? If you can, increase the loglevel and send the important part (while doing a login). Thanks, Andreas Pohl [EMAIL PROTECTED] Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCqeeCj65ZxU4gPQRAsh6AJ9mlY0lFGBhWOBh6tt5O6v3KdxP2wCgnMM2 os5gjvv2uYdksrqDOYLh3A8= =4Asv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems with FC4 Samba 3.0.23a and Windows XP PRO 2002
I upgraded the server to a FC4 Box with SAMBA 3.0.23a There are several changes in the 3.0.23 series, did you read about that changes and how it could impact your installation/configuration? I'm going to show my ignorance here, but I need the information :-) Where do I read about the changes between the versions? Probably, you will need to attach your smb.conf and a more verbose log, increase the loglevel/debuglevel). How do I increase the loglevel/debuglevel? Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hide files not work
I have the same problem... For several workstation, I have the desktop.ini that is displayed in several menu. I try to put hide files = /RECYCLER/desktop.ini/Desktop.ini/Thumbs.db/ in the profile section, but it doesn't work!!! Should I change the parameter declaration on an other section? But I try in the global but no changes!! Thanks for your help, Mike - Original Message - From: C.Rathnasinghe [EMAIL PROTECTED] To: samba@lists.samba.org Sent: vendredi 15 septembre 2006 11 h 38 GMT+0100 Subject: [Samba] hide files not work Hi I'm using samba 3 I want to hide dot files I used hide files = .* hide dot files = yes and even veto file no success at all, help would be greatly appreciate. cheers chaminda -- This e-mail message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please return the message to the sender by replying to it and then delete the message from your computer. Internet e-mails are not necessarily secure.Ministry of Finance Planning does not accept responsibility for changes made to this message after it was sent. Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by Ministry of Finance Planning Sri Lanka in this regard. -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Time take to copy file from Samba to Windows XP
Hello, How much time should it take to copy 1Gb to 5Gb from from Samba server to Windows Xp in gigabit network? Default Samba configs, a single copy of a 1GB file takes about 70 seconds to complete, about 14MBps, 117Mbps, about 11% network utilization. A Windows 2003 server, similar hardware, same network connection, can transfer the same 1GB file in about 28 seconds, 36MBps, 292Mbps, almost 30% network utilization. Apache takes 16 seconds, 64MBps, 512Mbps, over 50% network utilization. What can be done to speed up transfer rate? Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour when joining the domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 01:24 AM, Christian Tardif escreveu: Just installed a new SAMBA-LDAP-PDC server on my network. I followed the Linux Samba-OpenLDAP Howto, revision 20060710, so I would assume my setup is correct. My LDAP setup is a master/slave setup. The master is on a remote server, and the lave is local. When joining the domain (WinXP), it sometimes takes three-four times to be able to reach the domain(user administrator with uidNumber to 0). Ive been able to see that it first creates the machine account not as a sambaSamAccount, but as a regular posix account. After some trials, it finally welcomes me to the domain. But the problem is that this machine account is created in a disabled status. In order to log on the domain with a regular user account, I have to first enable the machine account (which is OK but...). Hmmm, AFAIK, the master should be on the PDC. My best guest (if I understood correctly) is that your problem is the use of slave LDAP as PDC. My questions are why is it so long to create the machine account? Why is it creating it asa posix-only account at first? Why, finally, is it creating it in a disabled state? Strange things could happen on Microsoft Windows networks. :) Let's try to work on te samba side first to check if it is the problem, if you can change the slave LDAP to a master one and test again, it could lead us to better ideas/conclusions. Thanks, Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCq2dCj65ZxU4gPQRAk1nAJ9H+CY9fxO8l+T70tQy4q6FXY9oyQCgicR4 27x/JXGFjCZBgwQ+0xpIRzY= =Da75 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] re: Support of Samba on RHEL4?
Alex, I could not agree more with you. BTW, perhaps you already know, but just in case: If you want to see the patches applied to a package during its history, and you don't need to dig into the sources themselves, you can query the changelog for an rpm package without having to download sources: rpm -q --changelog package for example for my samba-3.0.10-1.4E.2 rpm -q --changelog samba * Wed May 11 2005 Jay Fenlason [EMAIL PROTECTED] 3.0.10-1.4E.2 - include the -bug157208 patch. to close bz#157208 CRM 511318 - smbfs dont respect uid and gid options when mounting * Fri Apr 29 2005 Jay Fenlason [EMAIL PROTECTED] - include the -smbspool pattch from RHEL-3, to close bz#155350 SAMBA client working, printer configuration not working - include the -winbindd_2k3sp1 patch to allow Samba to authenticate against a Windows 2003 SP1 machine. This closes bz#154558 Winbind refuses to authenticate against Windows 2003 SP1 * Wed Mar 30 2005 Jay Fenlason [EMAIL PROTECTED] 3.0.10-1.4E.1 - try the -gcc4 patch, to see if it solves problems with nmbd crashing. bz#150582 ? nmbd dies when windows client requests browse list * Tue Jan 04 2005 Jay Fenlason [EMAIL PROTECTED] 3.0.10-1.4E - Upgrade to 3.0.10, to close bz#143983 This obsoletes the -CAN-2004-1154 patch. - Include the -64bit patch from Nalin. This closes bz#142873 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password Change WinXP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 02:53 AM, Martin Hochreiter escreveu: Hi! I am running Samba 3.23c with Ldap. Recently I changed my password via smbpasswd on the PDC. The mailserver and the Webserver (both are querying a replication of the ldap) have the new password - also a W2K workstation does but on the WinXP clients that are using the domain too I have to use the old password. Is there a reason for that? No. Something is wrong somewhere. Do you have a local account on WinXP? lg Martin Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCqojCj65ZxU4gPQRAk25AJoDZXXc96YZnUMKxSR28y9n8BqTugCZAWPr dRrUHmMk3VQ/3z1QLDYEUvA= =JgtV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] hide files not work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 06:38 AM, C.Rathnasinghe escreveu: Hi I'm using samba 3 I want to hide dot files I used hide files = .* hide dot files = yes 'hide dot files' should be yes (default). Remove the options from your smb.conf and run a testparm -v, and then check what is the value of 'hide dot files'. If should work out of the box, without extra options like 'hide files = .*', anyway, if it is really not working it looks like a bug, let's test a couple of things first before bug the Samba Developers. ;) and even veto file no success at all, help would be greatly appreciate. It is really strange. Can you please send you smb.conf and the version of samba you are using. cheers chaminda Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCqmuCj65ZxU4gPQRAjvpAJ0dbouhZPSqFeeXxPWJGR4MbBgw4wCfat6K bdt5PF4dJOWwNg6johYTH+0= =tt01 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with FC4 Samba 3.0.23a and Windows XP PRO 2002
On Friday September 15 2006 9:19 am, Mark L. Wise wrote: I upgraded the server to a FC4 Box with SAMBA 3.0.23a There are several changes in the 3.0.23 series, did you read about that changes and how it could impact your installation/configuration? I'm going to show my ignorance here, but I need the information :-) Where do I read about the changes between the versions? www.samba.org/samba/history/samba-3.0.23.html Probably, you will need to attach your smb.conf and a more verbose log, increase the loglevel/debuglevel). How do I increase the loglevel/debuglevel? smb.conf Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour when joining the domain
Felipe Augusto van de Wiel wrote: Hmmm, AFAIK, the master should be on the PDC. My best guest (if I understood correctly) is that your problem is the use of slave LDAP as PDC. You're probably right, but the fact that I'll have more than one samba server to be served by the same directory tree does not allow me to go into this direction. I HAVE to stick with a master/slave scheme. Unless you have a way to permit machine accounts to be created on a local directory tree while users are on a master directory tree and replicated locally. I don't think I had any problem when I did my first testss. The ldap database whas, in fact, locally defined. Strange things could happen on Microsoft Windows networks. :) Let's try to work on te samba side first to check if it is the problem, if you can change the slave LDAP to a master one and test again, it could lead us to better ideas/conclusions. -- Christian Tardif Servinfo [EMAIL PROTECTED] 514.237.6332 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 PDC - trouble renaming domain member computer
All, I've got a Samba 3 PDC serving numerous XP clients, and I'm getting an error I wouldn't have expected. When trying to rename an XP machine joined to the domain (via netdom renamecomputer), the command fails unless the specified domain user has UID 0. The command in question: netdom renamecomputer %COMPUTERNAME% /newname:%NEWNAME% /userD:DOMAIN\USER /passwordd:PASSWORD /force fails with error 5: Access is denied for UID 0 accounts, and succeeds for an account with UID 0. Some background: I have the following group mappings: net groupmap list Domain Administrators (S-1-5-21-1079125125-2089603153-60846589-512) - Domain Admins Domain Users (S-1-5-21-1079125125-2089603153-60846589-513) - Domain Users Domain Guests (S-1-5-21-1079125125-2089603153-60846589-514) - Domain Guests Domain Admins has a few members; among them, account testadmin has UID 0, and account printsetup has UID 12632. Domain Admins has the following rights: net rpc rights list Domain Admins SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege Domain Admins members have no individual rights assigned; rights are assigned to the group only. So, it comes down to this: printsetup and testadmin have the same rights, the same group memberships, the same everything except UID. I've looked through the available rights list in the Samba docs and didn't see a specific rename computer right, and I would have expected membership in Domain Admins to be sufficient. However, I've found that UID 0 accounts can't rename domain computers; UID 0 accounts can. Is this a known issue? I haven't seen anything in the docs, but I'll be digging in again shortly. High-level debugs available upon request. Thanks, Ryan - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behaviour when joining the domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 10:56 AM, Christian Tardif escreveu: Felipe Augusto van de Wiel wrote: Hmmm, AFAIK, the master should be on the PDC. My best guest (if I understood correctly) is that your problem is the use of slave LDAP as PDC. You're probably right, but the fact that I'll have more than one samba server to be served by the same directory tree does not allow me to go into this direction. I HAVE to stick with a master/slave scheme. No problem at all. But the PDC and the master should work together. I have a network with one master (PDC) and eight slaves (BDCs). Unless you have a way to permit machine accounts to be created on a local directory tree while users are on a master directory tree and replicated locally. On my network it is alittle bit different because we keep manual control of all the machines on the domain, so we create them manually. :) I don't think I had any problem when I did my first testss. The ldap database whas, in fact, locally defined. As I said, you can have multiple servers, as long as the PDC plays with the LDAP master. :) The don't need to be in the same machine. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrMrCj65ZxU4gPQRArHAAKCSIjIO5okSy0eCYtqh8bCKReMmLwCgnr9Q mVEdRn9NU99NUNvdGXrXQTU= =FvEg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] No predefined Groups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 06:12 PM, Sven Kusig escreveu: Hello, I have set up a Samba-Server (samba-3.0.23a-0.1.34.x86_64.rpm and after that samba-3.0.23c-0.1.36.x86_64.rpm) as PDC and tdbsam-passdb backend. I can add XP-Computers and Users to the Domain, but the Domain-Users has problems with Access-Rights on the Win-XP-Systems. The Reason is (i think so) that samba has not generated the typical Groups: Result from 'net groupmap list' = nothing ! I have added the 'Domain Admins' 'Domain Guests' manualy with the 'net groupmap add ...', but this was not the hit. On a second machine with the identical smb.conf-File but Samba version '3.0.20b-3.3-SUSE' all is fine ('net groupmap list' shows 3 Domaingroups and 9 Localgroups). What can be the reason and how i can fix that ? The default group entries changed in the new 3.0.23, did you the changes in the 3.0.23 release notes? LDAP Changes There has also been a minor update the Samba LDAP schema file. A substring matching rule has been added to the sambaSID attribute definition. For OpenLDAP servers, this will require the addition of 'index sambaSID sub' to the slapd.conf configuration file. It will be necessary to run slapindex after making this change. There has been no change to actual data storage schema. Thanks Sven Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrO/Cj65ZxU4gPQRAv0+AJ92DtiVeRbN50SS2iuDGIUTRGhUHgCgqMLN rLsWHxsRkZt7/lZz/ChgQDE= =jlgS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/14/2006 10:16 AM, Kashif Ali Bukhari escreveu: Hello list i want to configure samba as PDC along with linux accounting system and also tell me if any webbased configuration tool for such thing Read the official Samba HOWTO from the samba.org webpage, and also the Samba By Example, both documents can lead you to sucessful PDC configuration. There are webbased tools depending on what you need/want, you could check phpLdapAdmin, LAM (LDAP-Account-Manager), Samba Console (IDEALX), SWAT and probably the new tools from the Google Summer of Code, you can also check Pagode/Jegue (Brazilian tool). Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrRDCj65ZxU4gPQRAsu3AJ48syA6SCyVZ8n9UJ8K8+yyZnq7+gCfSEUB j5j+iBwwhmZLplO/Rwc6ixc= =l098 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] (no subject)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 04:40 AM, [EMAIL PROTECTED] escreveu: Hi everyone! I have two strange problems I cannot solve with my PDC SAMBA: 1) From every XP Pro PC I can access but sometimes I have to try 5 or 6 times to enter my domain. Then, once entered, everything works good, until next login, when I have the same problem. This is what I can see in SAMBA log file: [2006/09/12 09:17:42, 1] smbd/service.c:close_cnum(835) mario (192.168.1.101) closed connection to service mario [2006/09/12 09:19:44, 0] lib/util_sock.c:get_peer_addr(1150) getpeername failed. Error was Transport endpoint is not connected [2006/09/12 09:19:44, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2006/09/12 09:19:44, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2006/09/12 09:19:44, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2006/09/12 09:19:47, 1] smbd/service.c:make_connection_snum(642) 2) From a Win 2000 Pro PC I cannot login as the same user that works on the XP. It says something like there is not enough space on the server and it cannot create profile, but it's impossible,I have more than GBs free on my server. Plase, help me! :-) We will need the smb.conf to check your configuration and try to figure out what's going on. Did you really have space and permission in the profiles directory on your Samba Server? Thanks a lot in advance Stefano Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrSRCj65ZxU4gPQRAozTAJ4s2EMJRZMGwhf/OCL4JRI51fcyiACfePMV lcenXW7WOETStMgfmGE4LSA= =mZ1+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rogue smbd processes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 06:08 PM, Jonathan M. Prigot escreveu: This is a follow-on to my previous message about some 3.0.23b Solaris smbd processes going rogue and eating CPU time. One characteristic of the processes are that the effective UID of the process is the user's UID, rather than root's which is what a see for the well behaved processes. Any ideas how that could be happening so that I can get closer to a solution? Thanks. Are you upgrading? It could be a regression in the code. Can you outline changes in the server and environment between the last working version and the new one? If this is a new setup, are you using system policies or other time of resource limitation/control? Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrZ6Cj65ZxU4gPQRAlZLAJ9Ick8k6XK2x8e/TKPYw/bVCRgOQACfUbn0 xqx/zN8zFO50BQaeJIvA6Gc= =s8Nc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sizing a print server for 10'000 users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 11:18 AM, Charles Bueche escreveu: Hi, I'm building a print-to-PDF queue system for a customer. A Samba queue pass jobs to Ghostscript. The PDF output is then provided back to the user (by email or web URL). Do you really need to use samba for that? You can have CUPS working as a print-to-PDF system. I don't have anything against Samba, but you could reduce one layer in your design. My question is on server sizing. It will be on Linux (SLES 9) and will only host the print queue, nothing else. Samba will be joined in the ADS domain, so I can recognize the submitting user (%u). Hmmm, ok, it answer partially the above question, perhaps you can have the same behaviour using IPP. Every Windows client will have the print queue defined. What happen with the connection ? do I assume Samba will see 10'000 permanent connections ? Or only when printing ? AFAIR, printer shares don't stay open, which means that the share will be _really_ used when you print to it. And then, when several client submit print jobs at the same time, does Samba serialize the calls to my script ? Or should I assume I can be called 10'000x in parallel (assuming 10'000 users click Print at the same time) ? I think you will have bottlenecks in Samba and Ghostscript itself, because you need time to generate the PDFs and you will also have the bottleneck of write to disk and send e-mails. Depends on the implementation of your script, but you can easily figure that out testing with only two clients and big files, I don't think your problem will be related to the number of clients but with the size of files. I'm as well interested at building a small admin web page where one can see the queue, the last 10 job entries, the load, possibly a usage graph, etc. Sounds like CUPS to me. :) Hints from a similar setup are welcome. TIA, Charles I think you can extend CUPS to what you need. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrjECj65ZxU4gPQRApwBAJ90q58Ly6Okl0djO1uE9JkiqoPjSgCgvmLb +x7MMVzGKHL5CxdOauQNSfA= =8wGV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + start tls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 11:09 AM, aza zel escreveu: hi people, i have problems with samba option ldap ssl= start tls. ¿where samba looks public key server certificate?, because when i try with this option, i cant connect to samba shares, and i think is because the samba cant found the public key certificate to use. The correct option is start_tls, but it is the default option, you don't need to setup this. And the key server is not related with Samba, this option just tells samba to use SSL when talking with the LDAP server. Salu2 Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrncCj65ZxU4gPQRAn1vAJ9R7y+pz4DT2tr4fr8cyHMXbfJ5UQCbBOgI kVFWs2BNDOc6ZSBGp8He2Vs= =lYz+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA TO AD MIGRATION
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 09:26 AM, Patrick AUDON escreveu: Hi to all, I know that a few posts treat this subject, but I can't found the good answer to my problem. I actually have a Samba domain based on a smbpasswd backend. That's good. :) I must migrate to an AD 2003 and all is working correctly if I don't select the SID history migration. That's sad. :( If I select this 'SID history migration' option, I received a message 'Could not verify Auditing and TcpipClientSupport on Domains' and the end of the message is 'A specified privilege does not exist'. Could someone help me ? In the Microsoft documentation, it is specified that the auditing must be enabled, but Samba can't support it. It is also specified that a regkey must be set to 1 ; how to do it in Samba ? I'm not quite sure why do you migrate from Samba to Microsoft Windows, but it looks like one of the problems with lots of registry option on the MS Windows part, which would be hard to figure out and help you. :( regkeys in samba usually are options inside the smb.conf file, but it is not the exactly same thing. Thanks. Patrick Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrpzCj65ZxU4gPQRApJyAKCZvBilF+V5ssyTbAhpFjAt4skhdwCfa0dI fogM2uM4lAok5P3bYq7d074= =jX9j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security with normal profiles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 08:28 AM, Thierry Lacoste escreveu: Following TOSHARG and Samba 3 by examples I implemented Folder redirection plus some security restrictions by building a custom NTUSER.DAT which is the default profile of my users. The problem is that each user has read/write access to its profile share therefore he can replace its NTUSER.DAT. This is why I chose mandatory profiles. Is there another solution? From the beloved smb.conf manpage: The share and the path must be readable by the user for the preferences and directories to be loaded onto the Windows NT client. The share must be writeable when the user logs in for the first time, in order that the Windows NT client can create the NTuser.dat and other directories. Thereafter, the directo‐ ries and any of the contents can, if required, be made read-only. It is not advisable that the NTuser.dat file be made read-only - rename it to NTuser.man to achieve the desired effect (aMANdatory profile). The problem with mandatory profiles is that some settings are not saved: for instance the Favorites folder; I did not redirect it because I read in several books that only the Desktop, My documents, Application Data and Start Menu can be redirected. Is there a way to save Favorites with mandatory profiles? Hmmm, not sure... probably no, because it is a mandatory profile, but you can save it on alternative paths, I don't why to do that. :( Regards, Thierry. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrsJCj65ZxU4gPQRArfQAKCGmwLy6Y10iOBw1g1CnhlhzqWXbQCgzR8e xLdR7DZXmW+2ZTuIr+3Hnno= =yppA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 PDC - trouble renaming domain member computer
Sorry, forgot the obvious stuff: Samba 3.0.14a on Debian Sarge (stock install). LDAP backend, using ldapsam_compat. Everything else works great, so I don't think it's a Samba config problem. ryan punt [EMAIL PROTECTED] 9/15/2006 9:04:09 AM All, I've got a Samba 3 PDC serving numerous XP clients, and I'm getting an error I wouldn't have expected. When trying to rename an XP machine joined to the domain (via netdom renamecomputer), the command fails unless the specified domain user has UID 0. The command in question: netdom renamecomputer %COMPUTERNAME% /newname:%NEWNAME% /userD:DOMAIN\USER /passwordd:PASSWORD /force fails with error 5: Access is denied for UID 0 accounts, and succeeds for an account with UID 0. Some background: I have the following group mappings: net groupmap list Domain Administrators (S-1-5-21-1079125125-2089603153-60846589-512) - Domain Admins Domain Users (S-1-5-21-1079125125-2089603153-60846589-513) - Domain Users Domain Guests (S-1-5-21-1079125125-2089603153-60846589-514) - Domain Guests Domain Admins has a few members; among them, account testadmin has UID 0, and account printsetup has UID 12632. Domain Admins has the following rights: net rpc rights list Domain Admins SeMachineAccountPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeRemoteShutdownPrivilege SeDiskOperatorPrivilege Domain Admins members have no individual rights assigned; rights are assigned to the group only. So, it comes down to this: printsetup and testadmin have the same rights, the same group memberships, the same everything except UID. I've looked through the available rights list in the Samba docs and didn't see a specific rename computer right, and I would have expected membership in Domain Admins to be sufficient. However, I've found that UID 0 accounts can't rename domain computers; UID 0 accounts can. Is this a known issue? I haven't seen anything in the docs, but I'll be digging in again shortly. High-level debugs available upon request. Thanks, Ryan - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba/PAM/winbind/ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 06:50 PM, Matt Herzog escreveu: I have the winbind login working on FC5 but now logins to local accounts cannot authenticate. My config files are here: http://www.pigeonnier.org/nsswitch.conf http://www.pigeonnier.org/pam.d/ http://www.pigeonnier.org/krb.conf Again, if I try to ssh in as a user that exists only as a local account on the remote host, I am rejected. User msh is -not- a AD account and only exists on the FC5 server province From the /var/log/secure file: Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT! Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.76.121.62 user=msh Sep 12 16:58:35 province sshd[11521]: Failed password for msh from 198.76.121.62 port 58069 ssh2 Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account): requirement uid 100 not met by user msh Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by PAM account configuration Well, for some reason your pam requires that your user has an uid less than 100, I don't know why, but it doesn't looks like to be related with Samba. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrvECj65ZxU4gPQRAuiQAJ9f6kbvBFaZw8RQ/4WdQEHdMQvHYwCeLGHC 96WqOsJkCUNBjpbax4FV7K0= =EsSt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.23c and CUPS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 10:56 AM, Dale Schroeder escreveu: After upgrading to 3.0.23c, only 3 of 12 installed printers reappeared. Which tdb or other file got corrupted? Maybe ntprinters? Dale Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCr/8Cj65ZxU4gPQRAibXAJ9h5amKgpNLjkYtVNL4FVao0itmogCeJk6r fQw8jlrWOg3nmht4yayiEPk= =DQtp -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + start tls
On Fri, Sep 15, 2006 at 11:34:04AM -0300, Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The correct option is start_tls, but it is the default option, you don't need to setup this. And the key server is not related with Samba, this option just tells samba to use SSL when talking with the LDAP server. I have winbind working nicely with AD here. It took a while to figure out but now AD user accounts can ssh into my Linux boxen reliably, which is really all I needed; just ssh access. But I want to make sure all the LDAP traffic is secured via TLS/SSL. On my network if I run nmap on the Win2K AD server I see that port 636 is open. So I generated a cert file on the Win2K server and converted it to a PEM file (using openssl on Linux) and placed it in /etc/openldap/cacerts and made sure it was world readable. My ldap.conf file looks like this: #--- BASEdc=cinteractive, dc=com URI ldaps://attu.binteractive.com:636 debug 256 logdir /var/log/ldap.errors host BATTU base BINTERACTIVE.COM ssl yes TLS_CACERT /etc/openldap/cacerts/battu.pem pam_password md5 # The ldap log file I set up is empty. Nothing ever gets written to it. Every time I su to root on the Linux servers I see: TLS certificate verification: Error, unable to get local issuer certificate TLS: can't connect. I'm not looking to run slapd on this server. LDAP and winbind are used only to allow users to login via ssh with their AD credentials. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Copying file failed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 10:08 AM, Benoit Delagarde escreveu: Hello, I have a Debian Stable (Sarge) with a samba to share file with windows client. All is working fine but 2 files generates errors when i try to copy it. The transfer begins, but stops in the middle of the file, and freeze. The error message is (French translation): Unable to copy file_name.psd : Network name is no more available I do not understand why I cannot copy those files from Samba. All other file in this folder are downloadable, I can copy it using the Linux command cp, ect... I also shared bigger file without problems. It is usually related to DNS problems or name resolution problems (WINS), it could also be a network problem, althought it is a little bit rare. To obtain it I have upload it on an FTP (from the server) and then download on my windows, and the file come without error. Does anybody help me? I can't found any valid raison for the problem. I join the smb.conf. You could check with testparm your smb.conf, also send it attached in the next message, but probably we will need a log with increased loglevel/debuglevel. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCsXvCj65ZxU4gPQRAqppAJkBjTEr8iXkI/dfv6griBxcVcQ/YgCeO0p5 dGPFhxVh0DXdjZwiHVKqoO8= =O+4J -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows XP Machine,
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 09:05 AM, Per Qvindesland escreveu: Hello List, I have a odd problem and I should perhaps ask this on msn or something like that :) but I am running a ldc with ldap, everything works like a charm but on one of the machine a newly installed one which is joined to the domain can't for some reason see the files on one machine, now both machines can see shares on other machines but not between each other, does anyone has any idea of what could be causing this? by the way both machines are getting their ips from the same dhcp server so there should not be any conflict there. Name conflict? Special permissions or policies? Kind regards Per Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCsY6Cj65ZxU4gPQRAm7XAKChSiR6hr6mqBpbFHWfER4GfBAi4wCgj+Bm km0tPIHWKp6e3Pe69VxnSis= =1AOD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Authentication problems after upgrading to 3.0.23c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 08:51 AM, Giddings, Bret escreveu: Hi there, Since upgrading our debian sarge boxes to 3.0.23c, we have found that we are unable to connect to shares using the official hostname of the servers (short or fully qualified) but can still use its netbios aliases (again, short or fully qualified). As nothing else has changed in our configuration, I think that the change of behaviour is down to the newer release and can find nothing in the release notes that would indicate that we have to add any new settings into smb.conf. Anyone else seen this and have any solutions? Jerry is reading the list (don't know if he saw this message), but you could forward your message to samba-technical if it really looks like a bug/regression. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCsbdCj65ZxU4gPQRAnR8AKC6wl+gbJ8FsABk6A6RStUiqaog4QCfckWB Bvhd2/yuxwVTC/d7xbpH6fw= =LfZt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solution to archive bit problem
For all of you out there using Google (or whatever your favorite search engine) to try to find a solution to archive bit madness with Samba, I have a workaround for you. Call it a solution if you want to, because it will solve the problem regardless of whether it is an application or Samba issue. Prerequisites: 1) You must have the the acl packages installed 2) user_xattr and acl must be set on the volume where your Samba shares reside in fstab 3) The time stamp for file modification must be updated when modified even when the archive bit is not being set (verify this by using stat -c %y foo.txt) Resolution: Add this command to a nightly cron to run BEFORE your backups (run as root): find /share/ -name '*' -mtime 0 -exec setfattr --name=user.DOSATTRIB --value=0x30783230 {} \; Replace /share/ with whatever the path to the root of your Samba share directory where all of your shares are located. This SHOULD set the archive bit properly for files modified within the past 24 hours. Make sure that the user account your backup software uses has full access to all files and folders. If you are having trouble as I was with the archive bit, I hope you find this and it solves your problem. Thanks to all that helped me with this issue. If anyone sees an error in the above, please follow up with a correction. Thanks, Aaron Kincer -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE : [Samba] SAMBA TO AD MIGRATION
Hi, Thanks for the the answer. I must migrate because my site communicate with 2 other, which are using Windows 2003 AD server, and I can't trust there domain. Also, we use applications which need W2K3. Do you have informations about the regkey parameter using ? Thanks. Regards. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Felipe Augusto van de Wiel Envoyé : vendredi 15 septembre 2006 16:37 À : samba@lists.samba.org Objet : Re: [Samba] SAMBA TO AD MIGRATION -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 09:26 AM, Patrick AUDON escreveu: Hi to all, I know that a few posts treat this subject, but I can't found the good answer to my problem. I actually have a Samba domain based on a smbpasswd backend. That's good. :) I must migrate to an AD 2003 and all is working correctly if I don't select the SID history migration. That's sad. :( If I select this 'SID history migration' option, I received a message 'Could not verify Auditing and TcpipClientSupport on Domains' and the end of the message is 'A specified privilege does not exist'. Could someone help me ? In the Microsoft documentation, it is specified that the auditing must be enabled, but Samba can't support it. It is also specified that a regkey must be set to 1 ; how to do it in Samba ? I'm not quite sure why do you migrate from Samba to Microsoft Windows, but it looks like one of the problems with lots of registry option on the MS Windows part, which would be hard to figure out and help you. :( regkeys in samba usually are options inside the smb.conf file, but it is not the exactly same thing. Thanks. Patrick Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCrpzCj65ZxU4gPQRApJyAKCZvBilF+V5ssyTbAhpFjAt4skhdwCfa0dI fogM2uM4lAok5P3bYq7d074= =jX9j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Support of Samba on RHEL4?
Alex, I tried running Samba on RHEL4 Update 2 (on VMWare) and ran into some issues and I can provide you my opinion. Take care when making any decisions. There are quite a few things to consider: 1) Is having support from Red Hat on Samba necessary? 2) Are you confident enough in yourself to go off the beaten path from Red Hat? 3) Have you considered other vendors for support on Samba itself? 4) Would upper management (if any) hold you responsible for going off the support path in the event of an issue? 5) Do you have an adequate test environment? If you are going away from Red Hat support, #5 is critical. They test and test and test (or at least should) packages prior to pushing them out. They will know or be able to quickly find solutions to common problems with their packages. There are some caveats to that statement, so let me get to a bit more meat. Let's face it--the packages in RHEL4 for Samba are just plain old. Red Hat has back-ported security fixes and even some bug fixes, but I know without a doubt that not all bugs have been addressed. RHEL5 will be out in the coming future. Perhaps it will provide newer packages. I urge you to investigate and consider that route if you are extremely nervous about losing support on Samba from them. In my case, I've chosen to move my production File Server to Ubuntu 6.06 Server (well, I have loaded the latest distro upgrade) running Samba 3.0.22 after I complete quite a bit of testing. I just found myself banging my head against the wall with my smb.conf in ways that I shouldn't have to since the problems were with bugs in the older Samba that haven't been back-ported. The instant I transferred my smb.conf over to the new Ubuntu server, my bugs went away. The one exception is the archive bit issue I've been posting about lately. The bottom line in my humble opinion is that if you go your own way, you shift burden of responsibility more to yourself than Red Hat. Of course, if you have the hardware (or a VMWare/Xen virtual server) you could always run parallel using two servers with a Red Hat approved Samba version as a control and your own Samba server with identical configurations (minus Samba version) for production and work out non-bug related issues with their help on your reference server. This won't help you in resolving bug-related issues, but it could help provide you with a warm fuzzy-feeling. This would be less than ideal since the versions are so far apart. I know you asked for technical reasons, but you should be aware that not all of the factors in the equation are technical when considering a production server. Hope that helps. Aaron Kincer Alex de Vaal wrote: Hello, A while ago I asked what kind of Samba packages I could use on RHEL4. If I use the packages from www.samba.org then I'd void the support agreement with Red Hat. (...) Downloading and investigating the latest Samba source package from RHN (samba-3.0.10-1.4E.9.src.rpm) told me that the Samba package of RHN is based on the native 3.0.10 Samba package of samba.org with some necessary patches (samba-3.0.10-winbindd_2k3sp1.patch, samba-3.0.10-ldap-failover-timeout-backport.patch are the most important ones for me), while even the patches come from samba.org In samba-3.0.10-ldap-failover-timeout-backport.patch I found this statement: + /* Setup alarm timeout Do we need both of these ? JRA. */ This is from Jeremy Allison of samba.org... Is there any technical reason NOT to use the packages of samba.org on RHEL4? Regarding the above info I'd like to use the original samba packages on RHEL4. If I only void support for Samba at Red Hat, so be it. I'm convinced I'm better off with Samba support at samba.org... Regards, Alex. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday 12 July 2006 13:22 To: Alex de Vaal Cc: samba@lists.samba.org Subject: Re: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex de Vaal wrote: Can somebody of the Samba team explain me the difference of Fedora packages or Enterprise packages (http://enterprisesamba.com/) of Samba on Red Hat Enterprise Linux 4? ... First I tried the RHEL4 packages from enterprisesamba.com, but these packages always ended up with the error message Segmentation fault while I used net ads join; If you need support for the SerNet packages, you will have to contact SerNet. Therefore I compiled the Fedora source package on RHEL4; this went well. ... I'd like to continue with the Fedora Samba package on my RHEL4 server, but I'd like to know why or why NOT to use it! (and why I have to use the packages of enterprisesamba.com) The Fedora specfile provided with Samba is compatible with RHEL4. I don't build RHEL4 packages only because IMO if you pay for support for RedHat, installing non-vendor supplied packages would void
Re: [Samba] samba/PAM/winbind/ssh
On Fri, Sep 15, 2006 at 11:42:12AM -0300, Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2006 06:50 PM, Matt Herzog escreveu: I have the winbind login working on FC5 but now logins to local accounts cannot authenticate. My config files are here: http://www.pigeonnier.org/nsswitch.conf http://www.pigeonnier.org/pam.d/ http://www.pigeonnier.org/krb.conf Again, if I try to ssh in as a user that exists only as a local account on the remote host, I am rejected. User msh is -not- a AD account and only exists on the FC5 server province From the /var/log/secure file: Sep 12 16:58:29 province sshd[11521]: reverse mapping checking getaddrinfo for zogness.cinteractive.com failed - POSSIBLE BREAK-IN ATTEMPT! Sep 12 16:58:33 province sshd[11521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.76.121.62 user=msh Sep 12 16:58:35 province sshd[11521]: Failed password for msh from 198.76.121.62 port 58069 ssh2 Sep 12 16:58:39 province sshd[11521]: pam_succeed_if(sshd:account): requirement uid 100 not met by user msh Sep 12 16:58:39 province sshd[11521]: fatal: Access denied for user msh by PAM account configuration Well, for some reason your pam requires that your user has an uid less than 100, I don't know why, but it doesn't looks like to be related with Samba. Kind regards, Thanks. My problem was solved by Red Hat's authconfig utility. I am still kicking myself for not having run it before. As it turns out, Red Hat's PAM config for winbind authentication puts the line: session sufficientpam_mkhomedir.so skel=/etc/skel umask=0027 in /etc/pam.d/sshd while in Debian that same line needs to be in /etc/pam.d/system-auth. -- Announcing your plans is a good way to hear the gods' laughter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 45, Issue 18
David Bear [EMAIL PROTECTED] wrote : I have read through some of the info on using dfs roots and I am needing some advice. Since a unc is still \\servername\ based it occurs to me that the only way to do this properly is to create a smb.conf file that publishes a netbios name like \\dfsroot -- Then, to create a failover system, I would take that config file and copy it around to multiple samba server. Then, have some kind of watch or heartbeat like monitor (that would only monitor where the name and services called \\dfsroot was still alive and responding) that would wait untill \\dfsroot no longer responded (where ever it was). Then, if \\dfsroot failed to respond, it new \\dfsroot smbserver would be launched to take over. Conceptually, the smb service that is known as \\dfsroot really is just a 'share directory service'. It doesn't have to have any other shares that it serves. It could be guest readable. You got it! If you have significant users mapping through \\dfsroot, you want a high availiabilty setup. We have \\dfs1 \\dfs2 that are frontended with a old network load balancer. We're about to move to sles 10 w/ Linux Virtual Server and Linux HA. The name we tell the users - \\dfs is registered in WINS DNS to point to the IP of the load balancer. Our code that creates the dfs symlinks makes the links on dfs1 dfs2 -- you could also rsync regularly, etc. Very infrequently we have a problem with the 2 systems linking to different places. If you want to use a something closer to your model you can use smbclient to probe \\dfsroot and then startup your backup system on a failure. If I remember right you could have \\dfsroot guest readable -- however I think users would not get a bad password error on the net use and get confused. They would be into the dfs server as guest, but then fail to map to the final server if they used a bad password. Hopefully your users are signed on to the desktops w/ domain userids. We've found that net use \\dfs\home\userid /user:different doesn't work well because winxp will connect to \\dfs as different but then goes back to the default (logged on) userid on the dfs redirect. Bill Marshall Integrated Technology Delivery, Server Operations Rochester PC Server Team Rochester, MN -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security with normal profiles
Thanks a lot. It is not advisable that the NTuser.dat file be made read-only This indeed limits my options. I guess I'll have to stik to mandatory profiles. Can somebody share his experience with redirecting Favorites to the user's home share? I fond contradictory informations wether it's possible to do that. Regards, Thierry. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] /etc/init.d/samba profile
I have a question about using the /etc/init.d/samba script on irix. I see that in that script, the acceptable arguments to it are start, stop and profile. Start and stop are pretty obvious, but can anyone explain to me what profile does? -Renee -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] /etc/init.d/samba profile
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 02:45 PM, Renee Ramsdell escreveu: I have a question about using the /etc/init.d/samba script on irix. I see that in that script, the acceptable arguments to it are start, stop and profile. Start and stop are pretty obvious, but can anyone explain to me what profile does? I'm using Debian and I don't have profile as an option in my samba init.d script, but one easy way to find out is to edit the file and check it out. ;) If you don't like bash script, just attach the file and send to the list so we can check it out and tell you. -Renee Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCv2tCj65ZxU4gPQRAlLWAKCi43XquCUv6rvH+cARVreYXDrjSgCgqcu2 xheTU8YurjC0LDiX1JZeHGU= =JrDI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to change perimissions across a directory tree
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 09:52 AM, Gianluca Cecchi escreveu: Hello all, I have samba 3 with a share named shareA using these settings: [shareA] comment = Directory Amministrazione path = /col/shareA browseable = no valid users = @amm force group = amm public = no writable = yes create mask = 0770 directory mask = 0770 printable = no where user1, user2, user3 and user4 belong to amm group. I would like to differentiate permissions and have them become something like: 1) these users: user1 user2 read only to the directory: \shareA\dir1 \shareA\dir2 2) these users: user3 user4 read wrtite to the directory: \shareA\dir1 \shareA\dir2 3) user1 user2 user3 user4 read wrtite to the directories \shareA\dir3 \shareA\dir4 4) full control for user1, user2, user3 and user4 to the other directories under \shareA (as is now for all what is under \shareA) You should look for ACLs. You can use it in your filesystem to achieve what you want. The Samba documentation covers it. (BTW, I'm talking about POSIX ACL). :-) Thanks in advance. Bye, Gianluca Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCv4jCj65ZxU4gPQRApbmAJ9l/uUJsDX7uWimjRuSEcEM9uSHXgCfTBML VbBxT++AwWw71cY9ApYJHwU= =F53G -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] SAMBA TO AD MIGRATION
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 12:45 PM, Patrick AUDON escreveu: Hi, Thanks for the the answer. I must migrate because my site communicate with 2 other, which are using Windows 2003 AD server, and I can't trust there domain. Also, we use applications which need W2K3. Do you have informations about the regkey parameter using ? regkey is not a parameter it is just a way to view it. :) Basically, there are parameters that were created to work in the same way that some of the Windows keys, just it. Thanks. Regards. Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCv7zCj65ZxU4gPQRAq4tAJ4yOICyRRDuLj4kd8CgSNGHsM+AIwCfeLlD IwBPkT3A12AjujQ1MTQvP34= =vqaB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + start tls
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2006 12:24 PM, Matt Herzog escreveu: On Fri, Sep 15, 2006 at 11:34:04AM -0300, Felipe Augusto van de Wiel wrote: The correct option is start_tls, but it is the default option, you don't need to setup this. And the key server is not related with Samba, this option just tells samba to use SSL when talking with the LDAP server. I have winbind working nicely with AD here. It took a while to figure out but now AD user accounts can ssh into my Linux boxen reliably, which is really all I needed; just ssh access. But I want to make sure all the LDAP traffic is secured via TLS/SSL. Ok, but this is not Samba part of the job. :) If Samba is not talking with your LDAP server, then this parameter has no effect. You should do the TLS/SSL configurations on your LDAP server. And you should use kerberos to have real security in your smb network. On my network if I run nmap on the Win2K AD server I see that port 636 is open. So I generated a cert file on the Win2K server and converted it to a PEM file (using openssl on Linux) and placed it in /etc/openldap/cacerts and made sure it was world readable. My ldap.conf file looks like this: If it is a PEM with private certificate, shouldn't be world readable. #--- BASEdc=cinteractive, dc=com URI ldaps://attu.binteractive.com:636 debug 256 logdir /var/log/ldap.errors host BATTU base BINTERACTIVE.COM ssl yes TLS_CACERT /etc/openldap/cacerts/battu.pem pam_password md5 # The ldap log file I set up is empty. Nothing ever gets written to it. Increase the log level on slapd.conf. Every time I su to root on the Linux servers I see: TLS certificate verification: Error, unable to get local issuer certificate TLS: can't connect. I'm not looking to run slapd on this server. LDAP and winbind are used only to allow users to login via ssh with their AD credentials. Ok, it is a configuration of libldap and other software that will use resources to query LDAP server. But AIUI you are not using Samba to query LDAP, you are using winbind to do that, and then, your question is a little bit off-topic here. ;) Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCv+9Cj65ZxU4gPQRAoKCAKCqXb+x1B3XI929b5gVoAmZW0c/CgCgxsQw 8UqEnltKCKcDWYGw4mgxnAQ= =5y38 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] inherit owner
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2006 04:47 PM, Scott M Parrish escreveu: Which version of Samba do you use? There is a thread that myabe could help you: http://www.gatago.com/linux/samba/14523698.html I'm using 3.0.23a for Fedora Core 5. If I'm reading that posting series right, than the problem was that his version was too early, and that as of 3.0.15 the Inherit owner option is there. Yes, that's why I asked your Samba version. And considering this, there is a chance that it might be a bug, but I don't have the time to check it on a near future, so perhaps you could try to test it on another box (with other distribution, just in case) and report it as a bug (if it was confirmed). You can also check other points like FileSystem ACL and other policies that could have an impact in your configuration. Still not working for me though :-( Kind regards, - -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFFCwB7Cj65ZxU4gPQRAkXCAKDN9tQRx8lQpDIbixwl7OSJTpAu+ACfdCD/ GVxb3iFsnFiwumHJM7fnUMc= =ud2K -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.10 - nmb problems
When I first startup smb service smb restart nmbd seems to be starting up correctly. nmblookup -M chemistry querying chemistry on 128.148.nnn.255 128.148.nnn.server's-ip chemistry1d and nmblookup -B SERVER __SAMBA__ querying __SAMBA__ on 128.148.nnn.server's-ip server's ip __SAMBA__ 00 This quickly changes to nmblookup -M chemistry querying chemistry on 128.148.nnn.255 some client's ip chemistry 1d nmblookup -B SERVER __SAMBA__ querying __SAMBA__ on 128.148.nnn.server's-ip name_query failed to find name __SAMBA__ I tried using the same smb.conf from samba3.0.9. I have tried and am still trying minor modifications. For instance I changed interfaces = 128.148.nnn.nnn/24 127.0.0.1 to interfaces = eth0, lo bind interfaces only = yes I added remote browse sync with the subnets which the server is used. Is there a simple solution? Should I downgrade to 3.0.9 if I can? Should I upgrade to which version of samba I am running a RedHat system 2.6.9-42.0.2ELsmp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd wont start
On Friday 15 September 2006 07:42, you wrote: Hi Tim, Here the contents of /var/lib/samba Titan:/var/lib/samba# ls account_policy.tdb ntforms.tdb perfmon secrets.tdb group_mapping.tdb ntprinters.tdb printers share_info.tdb ntdrivers.tdb passdb.tdb registry.tdb Yep. tdbbackup -v group_mapping.tdb gives here: group_mapping.tdb : 16 records and /var/run/samba Titan:/var/run/samba# ls lang_en.tdb messages.tdb nmbd.pid perfmon unexpected.tdb is the nmbd still running? But the smbd is not? If you use ps aux | grep nmbd is there a process? Otherwise you might have a stale pid, then you can just delete the pid file and start the services again. Titan:/var/lib/samba# ps aux | grep nmbd root 4792 0.0 0.1 5872 1380 ?Ss Sep13 0:01 /usr/sbin/nmbd -D root 23882 0.0 0.0 1952 608 pts/1R+ 20:50 0:00 grep nmbd I killed the nmbd process off and tried restarting both, nmbd started and smbd failed I assume when you typed NAME I should of used one of the .tdb files, but which one??? Try first passwd.tdb Titan:/var/lib/samba# tdbbackup -v group_mapping.tdb group_mapping.tdb : 13 records Titan:/var/lib/samba# tdbbackup -v passdb.tdb passdb.tdb : 51 records Titan:/var/lib/samba# tdbbackup -v ntdrivers.tdb ntdrivers.tdb : 1 records Titan:/var/lib/samba# tdbbackup -v ntprinters.tdb ntprinters.tdb : 4 records Titan:/var/lib/samba# tdbbackup -v registry.tdb registry.tdb : 48 records Titan:/var/lib/samba# tdbbackup -v share_info.tdb share_info.tdb : 1 records Titan:/var/lib/samba# tdbbackup -v ntforms.tdb ntforms.tdb : 0 records Titan:/var/lib/samba# tdbbackup -v secrets.tdb secrets.tdb : 1 records Still no Samba Tim Yahoo! Photos is now offering a quality print service from just 7p a photo. http://uk.photos.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + start tls
On Fri, Sep 15, 2006 at 04:32:13PM -0300, Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have winbind working nicely with AD here. It took a while to figure out but now AD user accounts can ssh into my Linux boxen reliably, which is really all I needed; just ssh access. But I want to make sure all the LDAP traffic is secured via TLS/SSL. Ok, but this is not Samba part of the job. :) If Samba is not talking with your LDAP server, then this parameter has no effect. You should do the TLS/SSL configurations on your LDAP server. And you should use kerberos to have real security in your smb network. There is no pure LDAP server. There is only the Win2K server that does Microsoft's AD which (unless I am mistaken) is part LDAP, part Kerberos and part SMB. The Kerberos part works fine. The ssh logins through AD work fine. The problem is that I'm connected on port [EMAIL PROTECTED] ~]# net ads info LDAP server: 198.78.123.2 LDAP server name: battu Realm: BINTERACTIVE.COM Bind Path: dc=BINTERACTIVE,dc=COM LDAP port: 389 Server time: Fri, 15 Sep 2006 15:53:49 GMT KDC server: 198.78.123.2 Server time offset: 97 If it is a PEM with private certificate, shouldn't be world readable. OK, so what should the perms be? 0400? Ok, it is a configuration of libldap and other software that will use resources to query LDAP server. But AIUI you are not using Samba to query LDAP, you are using winbind to do that, and then, your question is a little bit off-topic here. ;) Yes. I suppose you are right. I need to subscribe to an LDAP list as well. -- Announcing your plans is a good way to hear the gods' laughter. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Machine account question / unjoining a domain
Hi to all, When I join a machine to a Samba domain, a machine account is created in the Samba domain controller's database. When I unjoin a machine from a Samba domain, the machine account is not deleted, but remains in the PDC's database. Is that - because I misconfigured something in smb.conf - a script specified in my smb.conf is not working correctly - by design. If by design, is it - by Microsoft design - by Samba design If it is by Samba design, why so ? Best regards, Peter Rindfuss -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] restrict ssh login by Win2K AD group
Hello again. I'm hoping there is some way I can restrict ssh login through the AD to my Linux servers. I only have one group of users on the domain that needs ssh access. So far I see lots of ways to add or map or join Linux to Windows groups but I would rather be able to say: no to all AD users and groups and yes to all users in the specific AD group named developers Is there some way to specify just one AD valid group for ssh access? Thanks. -- Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password problem, W2000, Samba3, Debian-Etch
Hello, we have been running SuSE 9.3 on server and Win98SE, Win2000 and XP-Clients with Samba 3 without any problems After setting up the server with Debian Etch and Samba 3 (PDC) only WIN98SE users can logon. On Win2000 and XP only one user can logon without problems (password not changed, everything the same as all the other users), all others are being rejected. Machine-accounts seem okay useradd -g100 -u9100 -d /home/XP/winclient1 -s /sbin/false -cwinclient1 winclient1$ smbpasswd -a -m winclient1 The clients are the same as with SuSE, no change. Since on user can logon in SuSE as well as on Debian, the password-encrypting seems to be compatible. But why do all the other get the announcement: bad password. [2006/09/14 14:45:08, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [dg] - [dg] - [dg] succeeded [2006/09/14 14:45:16, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: authentication for user [dg] - [dg] - [dg] succeeded [2006/09/14 14:45:46, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [dg] - [dg] FAILED with error NT_STATUS_WRONG_PASSWORD Why Thank you for helping __ Erweitern Sie FreeMail zu einem noch leistungsstärkeren E-Mail-Postfach! Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.23c Upgrade Errors
On my 3rd and final Debian server (upgraded in reverse order of importance), the upgrade from 3.0.22 to 3.0.23c is producing segfault errors ( Security is ADS). The log from the system attempting to connect is provided below. The other two had a few issues, but were fixable. To make the other two work, I had to change the winbind separator from + to the default \. I changed all references in smb.conf and the user mapping file to reflect that. My one username mapping was changed from root = DOMAIN\Administrator to root = @DOMAIN\Domain Admins. I then had to rejoin the domain and reboot the system. On the broken system wbinfo -u and -g pull in all users and groups from the active directory pdc. Logs smbd, nmbd, and winbindd do not show anything indicating trouble. I'm really stumped after two successful upgrades. Thanks, Dale [2006/09/15 16:04:14, 0] lib/fault.c:fault_report(41) === [2006/09/15 16:04:14, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 6 in pid 2566 (3.0.23c) Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/09/15 16:04:14, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2006/09/15 16:04:14, 0] lib/fault.c:fault_report(45) === [2006/09/15 16:04:14, 0] lib/util.c:smb_panic(1592) PANIC (pid 2566): internal error [2006/09/15 16:04:14, 0] lib/util.c:log_stack_trace(1699) BACKTRACE: 24 stack frames: #0 /usr/sbin/smbd(log_stack_trace+0x23) [0x822d243] #1 /usr/sbin/smbd(smb_panic+0x48) [0x822d0c8] #2 /usr/sbin/smbd [0x821adec] #3 [0xe420] #4 /lib/tls/libc.so.6(abort+0x109) [0x401df0c9] #5 /usr/sbin/smbd [0x823285b] #6 /usr/sbin/smbd(_talloc_realloc+0x3d) [0x82330ed] #7 /usr/sbin/smbd(add_sid_to_array+0x40) [0x82276f0] #8 /usr/sbin/smbd(create_token_from_username+0x571) [0x826c9f1] #9 /usr/sbin/smbd(user_in_group_sid+0x65) [0x826cf25] #10 /usr/sbin/smbd(user_in_group+0xf3) [0x826d123] #11 /usr/sbin/smbd(user_in_list+0xdc) [0x809841c] #12 /usr/sbin/smbd(map_username+0x3f2) [0x8094002] #13 /usr/sbin/smbd [0x80bece7] #14 /usr/sbin/smbd [0x80bfc05] #15 /usr/sbin/smbd [0x80c0334] #16 /usr/sbin/smbd(reply_sesssetup_and_X+0xfb7) [0x80c1647] #17 /usr/sbin/smbd [0x80e9c5f] #18 /usr/sbin/smbd [0x80e9e84] #19 /usr/sbin/smbd [0x80ea0a2] #20 /usr/sbin/smbd(smbd_process+0x155) [0x80eaf85] #21 /usr/sbin/smbd(main+0x92e) [0x82c273e] #22 /lib/tls/libc.so.6(__libc_start_main+0xc8) [0x401c9ea8] #23 /usr/sbin/smbd [0x8082dd1] [2006/09/15 16:04:14, 0] lib/util.c:smb_panic(1600) smb_panic(): calling panic action [/usr/share/samba/panic-action 2566] [2006/09/15 16:04:14, 0] lib/util.c:smb_panic(1608) smb_panic(): action returned status 0 [2006/09/15 16:04:14, 0] lib/fault.c:dump_core(173) dumping core in /var/log/samba/cores/smbd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Time take to copy file from Samba to Windows XP
Hello, How much time should it take to copy 1Gb to 5Gb from from Samba server to Windows Xp in gigabit network? Default Samba configs, a single copy of a 1GB file takes about 70 seconds to complete, about 14MBps, 117Mbps, about 11% network utilization. A Windows 2003 server, similar hardware, same network connection, can transfer the same 1GB file in about 28 seconds, 36MBps, 292Mbps, almost 30% network utilization. Apache takes 16 seconds, 64MBps, 512Mbps, over 50% network utilization. What can be done to speed up transfer rate? Regards, Komal -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: samba Digest, Vol 45, Issue 19
When is samba 4 expected? regards -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] accessing windows shared folders from vmware guest linux
pagod wrote: if i try something like this: smbmount //fili/xlibs /mnt/temp -o username=dvergnaud i get the following error: 3600: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed the weird thing is, it all works fine when doing it from another linux computer (where linux runs natively). that means, as i see it, that either there's a problem with VMware and samba working together, or my samba client is not properly configured -- although i'm not aware that it's much configurable... has anyone already had such a problem? or does anyone have an idea what i'm doing wrong? Vmware itself is not a problem. I use it without problem and I believe some of the samba developement is done on vmware machines. Things to check are firewalling on the Linux box, and which of the available vmware network options you used. Bridged, private or NAT. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r18543 - in branches/SAMBA_3_0/source/nsswitch: .
Author: vlendec Date: 2006-09-15 06:14:50 + (Fri, 15 Sep 2006) New Revision: 18543 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18543 Log: Fix Coverity ID#312 Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-09-15 05:18:53 UTC (rev 18542) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2006-09-15 06:14:50 UTC (rev 18543) @@ -952,6 +952,7 @@ DEBUG(0,(wcache_get_creds: bad entry for [CRED/%s] - deleting\n, sidstr)); wcache_delete(CRED/%s, sidstr); + centry_free(centry); return NT_STATUS_OBJECT_NAME_NOT_FOUND; }
svn commit: samba r18544 - in branches/SAMBA_4_0/source: build/m4 lib/replace
Author: metze Date: 2006-09-15 07:54:13 + (Fri, 15 Sep 2006) New Revision: 18544 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18544 Log: - use AC_LIBREPLACE_LOCATION_CHECKS in samba4 - to get the ordering right we need to specify AC_CANONICAL_BUILD explicit - add AC_CANONICAL_TARGET metze Modified: branches/SAMBA_4_0/source/build/m4/check_path.m4 branches/SAMBA_4_0/source/lib/replace/libreplace.m4 Changeset: Modified: branches/SAMBA_4_0/source/build/m4/check_path.m4 === --- branches/SAMBA_4_0/source/build/m4/check_path.m42006-09-15 06:14:50 UTC (rev 18543) +++ branches/SAMBA_4_0/source/build/m4/check_path.m42006-09-15 07:54:13 UTC (rev 18544) @@ -5,6 +5,8 @@ dnl --- dnl +AC_LIBREPLACE_LOCATION_CHECKS + # # Directory handling stuff to support both the # legacy SAMBA directories and FHS compliant Modified: branches/SAMBA_4_0/source/lib/replace/libreplace.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace.m4 2006-09-15 06:14:50 UTC (rev 18543) +++ branches/SAMBA_4_0/source/lib/replace/libreplace.m4 2006-09-15 07:54:13 UTC (rev 18544) @@ -15,7 +15,9 @@ LIBREPLACEOBJ=replace.o AC_SUBST(LIBREPLACEOBJ) +AC_CANONICAL_BUILD AC_CANONICAL_HOST +AC_CANONICAL_TARGET echo LIBREPLACE_LOCATION_CHECKS: END ]) dnl end AC_LIBREPLACE_LOCATION_CHECKS
svn commit: samba r18545 - in branches/SAMBA_4_0/source: .
Author: metze Date: 2006-09-15 08:10:49 + (Fri, 15 Sep 2006) New Revision: 18545 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18545 Log: if yapp isn't availabe touch the target file, as it is commited to svn, to prevent rebuilding. we do make everything make everything make bin/smbtorture make test in the buildfarm and rebuilding parts isn't that nice metze Modified: branches/SAMBA_4_0/source/main.mk Changeset: Modified: branches/SAMBA_4_0/source/main.mk === --- branches/SAMBA_4_0/source/main.mk 2006-09-15 07:54:13 UTC (rev 18544) +++ branches/SAMBA_4_0/source/main.mk 2006-09-15 08:10:49 UTC (rev 18545) @@ -208,14 +208,16 @@ @CPP=$(CPP) PERL=$(PERL) srcdir=$(srcdir) $(srcdir)/script/build_idl.sh PARTIAL $(PIDL_ARGS) pidl/lib/Parse/Pidl/IDL.pm: pidl/idl.yp - -$(YAPP) -s -m 'Parse::Pidl::IDL' -o pidl/lib/Parse/Pidl/IDL.pm pidl/idl.yp + -$(YAPP) -s -m 'Parse::Pidl::IDL' -o pidl/lib/Parse/Pidl/IDL.pm pidl/idl.yp ||\ + touch pidl/lib/Parse/Pidl/IDL.pm smb_interfaces: pidl/smb_interfaces.pm $(PERL) -Ipidl $(srcdir)/script/build_smb_interfaces.pl \ include/smb_interfaces.h pidl/smb_interfaces.pm: pidl/smb_interfaces.yp - -$(YAPP) -s -m 'smb_interfaces' -o pidl/smb_interfaces.pm pidl/smb_interfaces.yp + -$(YAPP) -s -m 'smb_interfaces' -o pidl/smb_interfaces.pm pidl/smb_interfaces.yp ||\ + touch pidl/smb_interfaces.pm include/config.h: @echo include/config.h not present
svn commit: samba r18546 - in branches/SAMBA_3_0_23/source/lib: .
Author: jra Date: 2006-09-15 09:05:24 + (Fri, 15 Sep 2006) New Revision: 18546 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18546 Log: Fix the build - ensure we have become_root_uid_only available. Jeremy. Modified: branches/SAMBA_3_0_23/source/lib/util_sec.c Changeset: Modified: branches/SAMBA_3_0_23/source/lib/util_sec.c === --- branches/SAMBA_3_0_23/source/lib/util_sec.c 2006-09-15 08:10:49 UTC (rev 18545) +++ branches/SAMBA_3_0_23/source/lib/util_sec.c 2006-09-15 09:05:24 UTC (rev 18546) @@ -52,10 +52,16 @@ remember what uid we got started as - this allows us to run correctly as non-root while catching trapdoor systems / + void sec_init(void) { - initial_uid = geteuid(); - initial_gid = getegid(); + static int initialized; + + if (!initialized) { + initial_uid = geteuid(); + initial_gid = getegid(); + initialized = 1; + } } / @@ -252,10 +258,9 @@ / and restore them! / -void restore_re_uid(void) + +static void restore_re_uid_fromroot(void) { - set_effective_uid(0); - #if USE_SETRESUID setresuid(saved_ruid, saved_euid, -1); #elif USE_SETREUID @@ -274,8 +279,35 @@ assert_uid(saved_ruid, saved_euid); } +void restore_re_uid(void) +{ + set_effective_uid(0); + restore_re_uid_fromroot(); +} / + Lightweight become root - no group change. +/ + +void become_root_uid_only(void) +{ + save_re_uid(); + set_effective_uid(0); +} + +/ + Lightweight unbecome root - no group change. Expects we are root already, + saves errno across call boundary. +/ + +void unbecome_root_uid_only(void) +{ + int saved_errno = errno; + restore_re_uid_fromroot(); + errno = saved_errno; +} + +/ save the real and effective gid for later restoration. Used by the getgroups code /
svn commit: samba r18547 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_23/source/smbd
Author: jra Date: 2006-09-15 09:06:36 + (Fri, 15 Sep 2006) New Revision: 18547 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18547 Log: Add in fixes to mangling dir code - ensure don't look in the paths for wcard - always read directly from incoming packet. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/dir.c branches/SAMBA_3_0/source/smbd/trans2.c branches/SAMBA_3_0_23/source/smbd/dir.c branches/SAMBA_3_0_23/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/dir.c === --- branches/SAMBA_3_0/source/smbd/dir.c2006-09-15 09:05:24 UTC (rev 18546) +++ branches/SAMBA_3_0/source/smbd/dir.c2006-09-15 09:06:36 UTC (rev 18547) @@ -61,6 +61,7 @@ uint32 attr; char *path; BOOL has_wild; /* Set to true if the wcard entry has MS wildcard characters in it. */ + BOOL did_stat; /* Optimisation for non-wcard searches. */ }; static struct bitmap *dptr_bmap; @@ -535,6 +536,11 @@ return TellDir(dptr-dir_hnd); } +BOOL dptr_has_wild(struct dptr_struct *dptr) +{ + return dptr-has_wild; +} + / Return the next visible file name, skipping veto'd and invisible files. / @@ -557,8 +563,6 @@ const char *dptr_ReadDirName(struct dptr_struct *dptr, long *poffset, SMB_STRUCT_STAT *pst) { - pstring pathreal; - SET_STAT_INVALID(*pst); if (dptr-has_wild) { @@ -571,55 +575,62 @@ return NULL; } - /* We know the stored wcard contains no wildcard characters. See if we can match - with a stat call. If we can't, then set has_wild to true to - prevent us from doing this on every call. */ + if (!dptr-did_stat) { + pstring pathreal; - /* First check if it should be visible. */ - if (!is_visible_file(dptr-conn, dptr-path, dptr-wcard, pst, True)) { - dptr-has_wild = True; - return dptr_normal_ReadDirName(dptr, poffset, pst); - } + /* We know the stored wcard contains no wildcard characters. See if we can match + with a stat call. If we can't, then set did_stat to true to + ensure we only do this once and keep searching. */ - if (VALID_STAT(*pst)) { - /* We need to set the underlying dir_hdn offset to -1 also as - this function is usually called with the output from TellDir. */ - dptr-dir_hnd-offset = *poffset = END_OF_DIRECTORY_OFFSET; - return dptr-wcard; - } + dptr-did_stat = True; - pstrcpy(pathreal,dptr-path); - pstrcat(pathreal,/); - pstrcat(pathreal,dptr-wcard); + /* First check if it should be visible. */ + if (!is_visible_file(dptr-conn, dptr-path, dptr-wcard, pst, True)) { + /* This only returns False if the file was found, but + is explicitly not visible. Set us to end of directory, + but return NULL as we know we can't ever find it. */ + dptr-dir_hnd-offset = *poffset = END_OF_DIRECTORY_OFFSET; + return NULL; + } - if (SMB_VFS_STAT(dptr-conn,pathreal,pst) == 0) { - /* We need to set the underlying dir_hdn offset to -1 also as - this function is usually called with the output from TellDir. */ - dptr-dir_hnd-offset = *poffset = END_OF_DIRECTORY_OFFSET; - return dptr-wcard; - } else { - /* If we get any other error than ENOENT or ENOTDIR - then the file exists we just can't stat it. */ - if (errno != ENOENT errno != ENOTDIR) { - /* We need to set the underlying dir_hdn offset to -1 also as + if (VALID_STAT(*pst)) { + /* We need to set the underlying dir_hnd offset to -1 also as this function is usually called with the output from TellDir. */ dptr-dir_hnd-offset = *poffset = END_OF_DIRECTORY_OFFSET; return dptr-wcard; } - } - /* In case sensitive mode we don't search - we know if it doesn't exist - with a stat we will fail. */ + pstrcpy(pathreal,dptr-path); + pstrcat(pathreal,/); + pstrcat(pathreal,dptr-wcard); - if (dptr-conn-case_sensitive) { - /* We need to set the underlying dir_hdn offset to -1 also as - this function is usually called with the output from TellDir. */ - dptr-dir_hnd-offset = *poffset = END_OF_DIRECTORY_OFFSET; -
svn commit: samba r18548 - in branches/SAMBA_4_0/source/lib/socket: .
Author: metze Date: 2006-09-15 09:30:32 + (Fri, 15 Sep 2006) New Revision: 18548 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18548 Log: don't use #elif as we don't notice when 2 HAVE_IFACE_ versions are defined try to find the problem on Tru64...where configure says the AIX method finds 1 interface but later can't compile netif.c. (revision 18486 was the last that detects ifconf with 2 interfaces) metze Modified: branches/SAMBA_4_0/source/lib/socket/netif.c Changeset: Modified: branches/SAMBA_4_0/source/lib/socket/netif.c === --- branches/SAMBA_4_0/source/lib/socket/netif.c2006-09-15 09:06:36 UTC (rev 18547) +++ branches/SAMBA_4_0/source/lib/socket/netif.c2006-09-15 09:30:32 UTC (rev 18548) @@ -152,7 +152,9 @@ return total; } -#elif HAVE_IFACE_IFREQ +#define _FOUND_IFACE_ANY +#endif /* HAVE_IFACE_IFCONF */ +#ifdef HAVE_IFACE_IFREQ #ifndef I_STR #include sys/stropts.h @@ -247,7 +249,9 @@ return total; } -#elif HAVE_IFACE_AIX +#define _FOUND_IFACE_ANY +#endif /* HAVE_IFACE_IFREQ */ +#ifdef HAVE_IFACE_AIX / this one is for AIX (tested on 4.2) @@ -335,7 +339,9 @@ return total; } -#else /* a dummy version */ +#define _FOUND_IFACE_ANY +#endif /* HAVE_IFACE_AIX */ +#ifndef _FOUND_IFACE_ANY static int _get_interfaces(struct iface_struct *ifaces, int max_interfaces) { return -1;
svn commit: samba r18549 - in branches/SAMBA_4_0/source: build/m4 lib/replace
Author: metze Date: 2006-09-15 10:54:18 + (Fri, 15 Sep 2006) New Revision: 18549 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18549 Log: move gcc version check to libreplace and reorder the tests a bit for nicer output metze Modified: branches/SAMBA_4_0/source/build/m4/check_cc.m4 branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 Changeset: Modified: branches/SAMBA_4_0/source/build/m4/check_cc.m4 === --- branches/SAMBA_4_0/source/build/m4/check_cc.m4 2006-09-15 09:30:32 UTC (rev 18548) +++ branches/SAMBA_4_0/source/build/m4/check_cc.m4 2006-09-15 10:54:18 UTC (rev 18549) @@ -7,12 +7,6 @@ AC_LIBREPLACE_CC_CHECKS -if test x$GCC = xyes ; then - AC_MSG_CHECKING([for version of gcc]) - GCC_VERSION=`$CC -dumpversion` - AC_MSG_RESULT(${GCC_VERSION}) -fi - # # Set the debug symbol option if we have # --enable-*developer or --enable-debug Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2006-09-15 09:30:32 UTC (rev 18548) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2006-09-15 10:54:18 UTC (rev 18549) @@ -28,19 +28,23 @@ savedCFLAGS=$CFLAGS AC_PROG_CC CFLAGS=$savedCFLAGS -AC_ISC_POSIX +AC_PROG_CC_C99 +if test x$GCC = xyes ; then + AC_MSG_CHECKING([for version of gcc]) + GCC_VERSION=`$CC -dumpversion` + AC_MSG_RESULT(${GCC_VERSION}) +fi AC_USE_SYSTEM_EXTENSIONS -AC_PROG_CC_C99 +AC_C_BIGENDIAN AC_C_INLINE -AC_C_BIGENDIAN +LIBREPLACE_C99_STRUCT_INIT([],[AC_MSG_WARN([c99 structure initializer are not supported])]) + AC_PROG_INSTALL - +AC_ISC_POSIX AC_EXTENSION_FLAG(_XOPEN_SOURCE_EXTENDED) AC_EXTENSION_FLAG(_OSF_SOURCE) -LIBREPLACE_C99_STRUCT_INIT([],[AC_MSG_WARN([c99 structure initializer are not supported])]) - AC_SYS_LARGEFILE dnl Add #include for broken IRIX header files
svn commit: samba r18551 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2006-09-15 14:05:28 + (Fri, 15 Sep 2006) New Revision: 18551 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18551 Log: Implement a 30 seconds from startup, during which we try hard to connect a DC even if we might be offline. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h === --- branches/SAMBA_3_0/source/nsswitch/winbindd.h 2006-09-15 12:45:08 UTC (rev 18550) +++ branches/SAMBA_3_0/source/nsswitch/winbindd.h 2006-09-15 14:05:28 UTC (rev 18551) @@ -169,6 +169,7 @@ BOOL primary; /* is this our primary domain ? */ BOOL internal; /* BUILTIN and member SAM */ BOOL online; /* is this domain available ? */ + BOOL startup; /* are we in the first 30 seconds after fork ? */ /* Lookup methods for this domain (LDAP or RPC) */ struct winbindd_methods *methods; Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-15 12:45:08 UTC (rev 18550) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-15 14:05:28 UTC (rev 18551) @@ -912,8 +912,8 @@ { for (i=0; inum_dcs; i++) { DEBUG(10, (find_new_dc: open_any_socket_out failed for - domain %s address %s\n, - domain-name, inet_ntoa(dcs[i].ip) )); + domain %s address %s. Error was %s\n, + domain-name, inet_ntoa(dcs[i].ip), strerror(errno) )); winbind_add_failed_connection_entry(domain, dcs[i].name, NT_STATUS_UNSUCCESSFUL); } Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-09-15 12:45:08 UTC (rev 18550) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-09-15 14:05:28 UTC (rev 18551) @@ -582,7 +582,7 @@ /* Ensure any negative cache entries with the netbios or realm names are removed. */ -static void winbindd_flush_negative_conn_cache(struct winbindd_domain *domain) +void winbindd_flush_negative_conn_cache(struct winbindd_domain *domain) { flush_negative_conn_cache_for_domain(domain-name); if (*domain-alt_name) { @@ -681,6 +681,7 @@ int fdpair[2]; struct winbindd_cli_state state; extern BOOL override_logfile; + time_t startup_time; if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) { DEBUG(0, (Could not open child pipe: %s\n, @@ -764,6 +765,9 @@ message_register(MSG_WINBIND_ONLINE,child_msg_online); message_register(MSG_WINBIND_ONLINESTATUS,child_msg_onlinestatus); + child-domain-startup = True; + startup_time = time(NULL); + while (1) { int ret; @@ -780,6 +784,13 @@ GetTimeOfDay(now); + if (child-domain-startup (now.tv_sec startup_time + 30)) { + /* No longer in startup mode. */ + DEBUG(10,(fork_domain_child: domain %s no longer in 'startup' mode.\n, + child-domain-name )); + child-domain-startup = False; + } + tp = get_timed_events_timeout(t); if (tp) { DEBUG(11,(select will use timeout of %u.%u seconds\n, Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-09-15 12:45:08 UTC (rev 18550) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_pam.c 2006-09-15 14:05:28 UTC (rev 18551) @@ -1208,6 +1208,18 @@ parse_domain_user(state-request.data.auth.user, name_domain, name_user); + if (domain-online == False domain-startup) { + /* Logons are very important to users. If we're offline and + we get a request within the first 30 seconds of startup, + try very hard to find a DC and go online. */ + + DEBUG(10,(winbindd_dual_pam_auth: domain: %s offline and auth + request in startup mode.\n, domain-name )); + + winbindd_flush_negative_conn_cache(domain); + set_dc_type_and_flags(domain); + } +
svn commit: samba r18552 - in branches/SAMBA_3_0/source: libads nsswitch
Author: jra Date: 2006-09-15 14:18:52 + (Fri, 15 Sep 2006) New Revision: 18552 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18552 Log: Ensure the sitename matches before we SAF store a DC in ADS mode. Jeremy. Modified: branches/SAMBA_3_0/source/libads/ldap.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/libads/ldap.c === --- branches/SAMBA_3_0/source/libads/ldap.c 2006-09-15 14:05:28 UTC (rev 18551) +++ branches/SAMBA_3_0/source/libads/ldap.c 2006-09-15 14:18:52 UTC (rev 18552) @@ -115,7 +115,6 @@ return result; } -#ifdef HAVE_KRB5 /** Do client and server sitename match ? **/ @@ -139,7 +138,6 @@ ads-config.client_site_name ? ads-config.client_site_name : NULL)); return False; } -#endif /* try a connection to a given ldap server, returning True and setting the servers IP @@ -394,8 +392,10 @@ } /* cache the successful connection for workgroup and realm */ - saf_store( ads-server.workgroup, inet_ntoa(ads-ldap_ip)); - saf_store( ads-server.realm, inet_ntoa(ads-ldap_ip)); + if (ads_sitename_match(ads)) { + saf_store( ads-server.workgroup, inet_ntoa(ads-ldap_ip)); + saf_store( ads-server.realm, inet_ntoa(ads-ldap_ip)); + } ldap_set_option(ads-ld, LDAP_OPT_PROTOCOL_VERSION, version); Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-15 14:05:28 UTC (rev 18551) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-15 14:18:52 UTC (rev 18552) @@ -754,7 +754,6 @@ ads-auth.flags |= ADS_AUTH_NO_BIND; if (ads_try_connect( ads, inet_ntoa(ip) ) ) { - char *sitename = sitename_fetch(); /* We got a cldap packet. */ fstrcpy(name, ads-config.ldap_server_name); namecache_store(name, 0x20, 1, ip_list); @@ -769,9 +768,12 @@ create_local_private_krb5_conf_for_domain(realm, domainname, ip); + + /* Ensure we contact this DC also. */ + saf_store( domainname, name); + saf_store( realm, name); } #endif - SAFE_FREE(sitename); ads_destroy( ads ); return True; }
svn commit: samba r18553 - in branches/SAMBA_4_0/source/lib/socket: .
Author: metze Date: 2006-09-15 14:30:23 + (Fri, 15 Sep 2006) New Revision: 18553 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18553 Log: - confdefs.h is always included in configure checks no need to include them explicit - undefine _XOPEN_SOURCE_EXTENDED for the AIX interface detection test #define _XOPEN_SOURCE_EXTENDED 1 brings in sa_len to sockaddr on Tru64 which means the AIX code compiles... metze Modified: branches/SAMBA_4_0/source/lib/socket/config.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/socket/config.m4 === --- branches/SAMBA_4_0/source/lib/socket/config.m4 2006-09-15 14:18:52 UTC (rev 18552) +++ branches/SAMBA_4_0/source/lib/socket/config.m4 2006-09-15 14:30:23 UTC (rev 18553) @@ -114,7 +114,7 @@ AC_TRY_RUN([ #define HAVE_IFACE_AIX 1 #define AUTOCONF_TEST 1 -#include confdefs.h +#undef _XOPEN_SOURCE_EXTENDED #include ${srcdir-.}/lib/socket/netif.c], samba_cv_HAVE_IFACE_AIX=yes,samba_cv_HAVE_IFACE_AIX=no,samba_cv_HAVE_IFACE_AIX=cross)]) if test x$samba_cv_HAVE_IFACE_AIX = xyes; then @@ -126,7 +126,6 @@ AC_TRY_RUN([ #define HAVE_IFACE_IFCONF 1 #define AUTOCONF_TEST 1 -#include confdefs.h #include ${srcdir-.}/lib/socket/netif.c], samba_cv_HAVE_IFACE_IFCONF=yes,samba_cv_HAVE_IFACE_IFCONF=no,samba_cv_HAVE_IFACE_IFCONF=cross)]) if test x$samba_cv_HAVE_IFACE_IFCONF = xyes; then @@ -139,7 +138,6 @@ AC_TRY_RUN([ #define HAVE_IFACE_IFREQ 1 #define AUTOCONF_TEST 1 -#include confdefs.h #include ${srcdir-.}/lib/socket/netif.c], samba_cv_HAVE_IFACE_IFREQ=yes,samba_cv_HAVE_IFACE_IFREQ=no,samba_cv_HAVE_IFACE_IFREQ=cross)]) if test x$samba_cv_HAVE_IFACE_IFREQ = xyes; then
svn commit: samba r18554 - in branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl: .
Author: jelmer Date: 2006-09-15 14:32:30 + (Fri, 15 Sep 2006) New Revision: 18554 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18554 Log: Fix warnings about [out] arguments. Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/NDR.pm Changeset: Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/NDR.pm === --- branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/NDR.pm2006-09-15 14:30:23 UTC (rev 18553) +++ branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/NDR.pm2006-09-15 14:32:30 UTC (rev 18554) @@ -109,6 +109,15 @@ @bracket_array = @{$e-{ARRAY_LEN}}; } + if (has_property($e, out)) { + my $needptrs = 1; + + if (has_property($e, string)) { $needptrs++; } + if ($#bracket_array = 0) { $needptrs = 0; } + + nonfatal($e, [out] argument `$e-{NAME}' not a pointer) if ($needptrs $e-{POINTERS}); + } + # Parse the [][][][] style array stuff for my $i (0 .. $#bracket_array) { my $d = $bracket_array[$#bracket_array - $i]; @@ -543,11 +552,6 @@ push (@{$e-{DIRECTION}}, in) if (has_property($x, in)); push (@{$e-{DIRECTION}}, out) if (has_property($x, out)); - nonfatal($x, `$e-{NAME}' is [out] argument but not a pointer or array) - if ($e-{LEVELS}[0]-{TYPE} ne POINTER and - $e-{LEVELS}[0]-{TYPE} ne ARRAY and - grep(/out/, @{$e-{DIRECTION}})); - push (@elements, $e); }
svn commit: samba r18555 - in branches/SAMBA_4_0/source/rpc_server/common: .
Author: metze Date: 2006-09-15 14:42:24 + (Fri, 15 Sep 2006) New Revision: 18555 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18555 Log: use C:\ as default not C: metze Modified: branches/SAMBA_4_0/source/rpc_server/common/share_info.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/common/share_info.c === --- branches/SAMBA_4_0/source/rpc_server/common/share_info.c2006-09-15 14:32:30 UTC (rev 18554) +++ branches/SAMBA_4_0/source/rpc_server/common/share_info.c2006-09-15 14:42:24 UTC (rev 18555) @@ -87,7 +87,7 @@ return talloc_strdup(mem_ctx, ); } - p = talloc_strdup(mem_ctx, share_string_option(scfg, SHARE_PATH, )); + p = talloc_strdup(mem_ctx, share_string_option(scfg, SHARE_PATH, /)); if (!p) { return NULL; }
svn commit: samba r18556 - in branches/SAMBA_3_0/source/utils: .
Author: vlendec Date: 2006-09-15 15:27:13 + (Fri, 15 Sep 2006) New Revision: 18556 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18556 Log: Implement net sam policy, thanks to Karolin Seeger [EMAIL PROTECTED]. Volker Modified: branches/SAMBA_3_0/source/utils/net_sam.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_sam.c === --- branches/SAMBA_3_0/source/utils/net_sam.c 2006-09-15 14:42:24 UTC (rev 18555) +++ branches/SAMBA_3_0/source/utils/net_sam.c 2006-09-15 15:27:13 UTC (rev 18556) @@ -387,6 +387,80 @@ } /* + * Change account policies + */ + +static int net_sam_policy(int argc, const char **argv) +{ + + const char *account_policy = NULL; + uint32 value, old_value; + int field; + + if ((argc 1) || (argc 2)) { + d_fprintf(stderr, usage: net sam policy \account policy\ + - show current value\n); + d_fprintf(stderr, usage: net sam policy \account policy\ + value - set a new value\n); + return -1; + } + + account_policy = argv[0]; + field = account_policy_name_to_fieldnum(account_policy); + + if (field == 0) { + char *apn = account_policy_names_list(); + d_fprintf(stderr, No account policy by that name!\n); + if (apn) { + d_fprintf(stderr, Valid account policies + are:\n%s\n, apn); + } + SAFE_FREE(apn); + return -1; + } + + if (!pdb_get_account_policy(field, old_value)) { + fprintf(stderr, Valid account policy, but unable to + fetch value!\n); + return -1; + } + + if (argc == 1) { + /* +* Just read the value +*/ + + printf(Account policy \%s\ description: %s\n, + account_policy, account_policy_get_desc(field)); + printf(Account policy \%s\ value is: %d\n, account_policy, + old_value); + return 0; + } + + /* +* Here we know we have 2 args, so set it +*/ + + value = strtoul(argv[1], NULL, 10); + + printf(Account policy \%s\ description: %s\n, account_policy, + account_policy_get_desc(field)); + printf(Account policy \%s\ value was: %d\n, account_policy, + old_value); + + if (!pdb_set_account_policy(field, value)) { + d_fprintf(stderr, Setting account policy %s to %u failed \n, + account_policy, value); + } + + printf(Account policy \%s\ value is now: %d\n, account_policy, + value); + + return 0; +} + + +/* * Map a unix group to a domain group */ @@ -1232,6 +1306,8 @@ Show details of a SAM entry }, { set, net_sam_set, Set details of a SAM account }, + { policy, net_sam_policy, + Set account policies }, #ifdef HAVE_LDAP { provision, net_sam_provision, Provision a clean User Database },
svn commit: samba r18557 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2006-09-15 16:03:11 + (Fri, 15 Sep 2006) New Revision: 18557 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18557 Log: If you've set security=ads, do the DNS queries first. Doing otherwise means site support doesn't work correctly. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-15 15:27:13 UTC (rev 18556) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-15 16:03:11 UTC (rev 18557) @@ -832,7 +832,6 @@ return True; } -#ifdef WITH_ADS if (sec == SEC_ADS) { /* We need to make sure we know the local site before doing any DNS queries, as this will restrict the @@ -843,18 +842,16 @@ We deliberately don't care about the return here. */ get_dc_name(domain-name, lp_realm(), dcname, ip); + + /* Now do the site-specific AD dns lookup. */ + get_sorted_dc_list(domain-alt_name, ip_list, iplist_size, True); } -#endif - /* try standard netbios queries first */ + /* try standard netbios queries if no ADS */ - get_sorted_dc_list(domain-name, ip_list, iplist_size, False); + if (iplist_size==0) + get_sorted_dc_list(domain-name, ip_list, iplist_size, False); - /* check for security = ads and use DNS if we can */ - - if ( iplist_size==0 sec == SEC_ADS ) - get_sorted_dc_list(domain-alt_name, ip_list, iplist_size, True); - /* FIXME!! this is where we should re-insert the GETDC requests --jerry */ /* now add to the dc array. We'll wait until the last minute
svn commit: samba r18558 - in branches/SAMBA_4_0/source: param rpc_server/common rpc_server/srvsvc
Author: idra Date: 2006-09-15 16:27:55 + (Fri, 15 Sep 2006) New Revision: 18558 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18558 Log: Fix ShareCheck which was assuming all paths are C:\ Also cope with the fact that we define the FSTYPE as NTFS by default. We never use this anywhere else, so we may just change it, but just detect the fact and return DISK in share_classic for now. Modified: branches/SAMBA_4_0/source/param/share_classic.c branches/SAMBA_4_0/source/rpc_server/common/share_info.c branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c Changeset: Modified: branches/SAMBA_4_0/source/param/share_classic.c === --- branches/SAMBA_4_0/source/param/share_classic.c 2006-09-15 16:03:11 UTC (rev 18557) +++ branches/SAMBA_4_0/source/param/share_classic.c 2006-09-15 16:27:55 UTC (rev 18558) @@ -84,6 +84,9 @@ if (lp_print_ok(s-snum)) { return PRINTER; } + if (strcmp(NTFS, lp_fstype(s-snum)) == 0) { + return DISK; + } return lp_fstype(s-snum); } Modified: branches/SAMBA_4_0/source/rpc_server/common/share_info.c === --- branches/SAMBA_4_0/source/rpc_server/common/share_info.c2006-09-15 16:03:11 UTC (rev 18557) +++ branches/SAMBA_4_0/source/rpc_server/common/share_info.c2006-09-15 16:27:55 UTC (rev 18558) @@ -87,10 +87,13 @@ return talloc_strdup(mem_ctx, ); } - p = talloc_strdup(mem_ctx, share_string_option(scfg, SHARE_PATH, /)); + p = talloc_strdup(mem_ctx, share_string_option(scfg, SHARE_PATH, )); if (!p) { return NULL; } + if (p[0] == '\0') { + return p; + } all_string_sub(p, /, \\, 0); return talloc_asprintf(mem_ctx, C:%s, p); Modified: branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c === --- branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c 2006-09-15 16:03:11 UTC (rev 18557) +++ branches/SAMBA_4_0/source/rpc_server/srvsvc/dcesrv_srvsvc.c 2006-09-15 16:27:55 UTC (rev 18558) @@ -455,7 +455,7 @@ NTSTATUS nterr; struct share_info *info; struct share_context *sctx; - + nterr = share_get_context(mem_ctx, sctx); if (!NT_STATUS_IS_OK(nterr)) { return ntstatus_to_werror(nterr); @@ -481,14 +481,17 @@ } W_ERROR_HAVE_NO_MEMORY(info-type); - /* Windows will send a path in a form of C:\example\path */ - if (r-in.info.info502-path[1] == ':') { - info-path = talloc_strdup(info, r-in.info.info502-path[2]); - } else { - info-path = talloc_strdup(info, r-in.info.info502-path); + if (r-in.info.info502-path r-in.info.info502-path[0]) { + /* Windows will send a path in a form of C:\example\path */ + if (strncmp(r-in.info.info502-path, C:, 2) == 0) { + info-path = talloc_strdup(info, r-in.info.info502-path[2]); + } else { + /* very strange let's try to set as is */ + info-path = talloc_strdup(info, r-in.info.info502-path); + } + W_ERROR_HAVE_NO_MEMORY(info-path); + all_string_sub(info-path, \\, /, 0); } - W_ERROR_HAVE_NO_MEMORY(info-path); - all_string_sub(info-path, \\, /, 0); if (r-in.info.info502-comment r-in.info.info502-comment[0]) { info-comment = talloc_strdup(info, r-in.info.info502-comment); @@ -998,7 +1001,67 @@ static WERROR srvsvc_NetShareSetInfo(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct srvsvc_NetShareSetInfo *r) { - DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); + NTSTATUS nterr; + struct share_context *sctx = NULL; + struct share_config *scfg = NULL; + + ZERO_STRUCT(r-out); + + /* TODO: - access check +*/ + + if (strcmp(, r-in.share_name) == 0) { + return WERR_INVALID_PARAM; + } + + nterr = share_get_context(mem_ctx, sctx); + if (!NT_STATUS_IS_OK(nterr)) { + return ntstatus_to_werror(nterr); + } + + switch (r-in.level) { + case 0: + { + return WERR_NOT_SUPPORTED; + } + case 1: + { + return WERR_NOT_SUPPORTED; + } + case 2: + { + return WERR_NOT_SUPPORTED; + } + case
svn commit: samba r18559 - in branches/SAMBA_4_0/source/pidl: lib/Parse/Pidl tests
Author: jelmer Date: 2006-09-15 17:34:46 + (Fri, 15 Sep 2006) New Revision: 18559 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18559 Log: [string] always applies to the last pointer Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/NDR.pm branches/SAMBA_4_0/source/pidl/tests/ndr_string.pl Changeset: Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/NDR.pm === --- branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/NDR.pm2006-09-15 16:27:55 UTC (rev 18558) +++ branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/NDR.pm2006-09-15 17:34:46 UTC (rev 18559) @@ -204,7 +204,8 @@ } } - if (scalar(@size_is) == 0 and has_property($e, string)) { + if (scalar(@size_is) == 0 and has_property($e, string) and + $i == $e-{POINTERS}) { $is_string = 1; $is_varying = $is_conformant = has_property($e, noheader)?0:1; delete($e-{PROPERTIES}-{string}); Modified: branches/SAMBA_4_0/source/pidl/tests/ndr_string.pl === --- branches/SAMBA_4_0/source/pidl/tests/ndr_string.pl 2006-09-15 16:27:55 UTC (rev 18558) +++ branches/SAMBA_4_0/source/pidl/tests/ndr_string.pl 2006-09-15 17:34:46 UTC (rev 18559) @@ -4,7 +4,7 @@ # Published under the GNU General Public License use strict; -use Test::More tests = 2 * 8; +use Test::More tests = 3 * 8; use FindBin qw($RealBin); use lib $RealBin/../lib; use lib $RealBin; @@ -53,3 +53,32 @@ if (r.in.data[4] != 0) return 4; '); + +test_samba4_ndr(string-out, +' + [public] void TestString([out,string] uint8 **data); +', +' + uint8_t data[] = { 0x03, 0x00, 0x00, 0x00, + \'f\', \'o\', \'o\', 0 }; + DATA_BLOB b = { data, 8 }; + struct ndr_pull *ndr = ndr_pull_init_blob(b, NULL); + struct TestString r; + char *str = NULL; + r.out.data = str; + + if (NT_STATUS_IS_ERR(ndr_pull_TestString(ndr, NDR_IN, r))) + return 1; + + if (r.out.data == NULL) + return 2; + + if (*r.out.data == NULL) + return 3; + + if (strncmp(r.out.data, foo, 3) != 0) + return 3; + + if (r.in.data[4] != 0) + return 4; +');
svn commit: samba r18560 - in branches/SAMBA_3_0/source: . include libmsrpc librpc/gen_ndr rpc_client rpcclient utils
Author: jerry Date: 2006-09-15 18:32:43 + (Fri, 15 Sep 2006) New Revision: 18560 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18560 Log: * Add in the winreg and initshutdown IDL files * rename PI_SHUTDOWN from include/smb.h to PI_INITSHUTDOWN for compatibility with pidl libndr output Added: branches/SAMBA_3_0/source/librpc/gen_ndr/cli_initshutdown.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_initshutdown.h branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.h branches/SAMBA_3_0/source/librpc/gen_ndr/initshutdown.h branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_initshutdown.c branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_initshutdown.h branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.c branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.h branches/SAMBA_3_0/source/librpc/gen_ndr/srv_initshutdown.c branches/SAMBA_3_0/source/librpc/gen_ndr/srv_initshutdown.h branches/SAMBA_3_0/source/librpc/gen_ndr/srv_winreg.c branches/SAMBA_3_0/source/librpc/gen_ndr/srv_winreg.h branches/SAMBA_3_0/source/librpc/gen_ndr/winreg.h Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c branches/SAMBA_3_0/source/rpc_client/cli_shutdown.c branches/SAMBA_3_0/source/rpcclient/cmd_shutdown.c branches/SAMBA_3_0/source/utils/net_rpc.c Changeset: Sorry, the patch is too large (8809 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18560
svn commit: samba r18561 - in branches/SAMBA_4_0/source: lib/registry librpc/idl rpc_server/winreg torture/rpc
Author: jerry Date: 2006-09-15 18:34:03 + (Fri, 15 Sep 2006) New Revision: 18561 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18561 Log: Fix [out] pointers in winreg IDL Modified: branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc.c branches/SAMBA_4_0/source/librpc/idl/winreg.idl branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c branches/SAMBA_4_0/source/torture/rpc/winreg.c Changeset: Modified: branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc.c === --- branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc.c2006-09-15 18:32:43 UTC (rev 18560) +++ branches/SAMBA_4_0/source/lib/registry/reg_backend_rpc.c2006-09-15 18:34:03 UTC (rev 18561) @@ -152,7 +152,7 @@ /* Then, open the handle using the hive */ memset(r, 0, sizeof(struct winreg_OpenKey)); -r.in.handle = (((struct rpc_key_data *)h-backend_data)-pol); +r.in.parent_handle = (((struct rpc_key_data *)h-backend_data)-pol); init_winreg_String(r.in.keyname, name); r.in.unknown = 0x; r.in.access_mask = 0x0200; @@ -230,7 +230,7 @@ r.in.handle = mykeydata-pol; r.in.enum_index = n; r.in.name = namebuf; - r.in.class = classbuf; + r.in.keyclass = classbuf; r.in.last_changed_time = change_time; r.out.name = namebuf; @@ -249,7 +249,7 @@ struct winreg_CreateKey r; init_winreg_String(r.in.name, name); - init_winreg_String(r.in.class, NULL); + init_winreg_String(r.in.keyclass, NULL); r.in.handle = parent-backend_data; r.out.new_handle = talloc(mem_ctx, struct policy_handle); @@ -292,10 +292,10 @@ } if (W_ERROR_IS_OK(r.out.result)) { - mykeydata-num_subkeys = r.out.num_subkeys; - mykeydata-num_values = r.out.num_values; - mykeydata-max_valnamelen = r.out.max_valnamelen; - mykeydata-max_valdatalen = r.out.max_valbufsize; + mykeydata-num_subkeys = *r.out.num_subkeys; + mykeydata-num_values = *r.out.num_values; + mykeydata-max_valnamelen = *r.out.max_valnamelen; + mykeydata-max_valdatalen = *r.out.max_valbufsize; } return r.out.result; Modified: branches/SAMBA_4_0/source/librpc/idl/winreg.idl === --- branches/SAMBA_4_0/source/librpc/idl/winreg.idl 2006-09-15 18:32:43 UTC (rev 18560) +++ branches/SAMBA_4_0/source/librpc/idl/winreg.idl 2006-09-15 18:34:03 UTC (rev 18561) @@ -109,7 +109,7 @@ WERROR winreg_CreateKey( [in,ref] policy_handle *handle, [in] winreg_String name, - [in] winreg_String class, + [in] winreg_String keyclass, [in] uint32 options, [in] winreg_AccessMask access_mask, [in,unique] winreg_SecBuf *secdesc, @@ -144,7 +144,7 @@ [in,ref]policy_handle*handle, [in]uint32 enum_index, [in,out,ref]winreg_StringBuf *name, - [in,out,unique] winreg_StringBuf *class, + [in,out,unique] winreg_StringBuf *keyclass, [in,out,unique] NTTIME *last_changed_time ); @@ -198,7 +198,7 @@ /**/ /* Function: 0x0f */ WERROR winreg_OpenKey( - [in,ref] policy_handle *handle, + [in,ref] policy_handle *parent_handle, [in] winreg_String keyname, [in] uint32 unknown, [in] winreg_AccessMask access_mask, @@ -211,14 +211,14 @@ [in,ref] policy_handle *handle, [in] winreg_String class_in, [out] winreg_String *class_out, - [out] uint32 num_subkeys, - [out] uint32 max_subkeylen, - [out] uint32 max_subkeysize, - [out] uint32 num_values, - [out] uint32 max_valnamelen, - [out] uint32 max_valbufsize, - [out] uint32 secdescsize, - [out] NTTIME last_changed_time + [out] uint32 *num_subkeys, + [out] uint32 *max_subkeylen, + [out] uint32 *max_subkeysize, + [out] uint32 *num_values, + [out] uint32 *max_valnamelen, + [out] uint32 *max_valbufsize, + [out] uint32 *secdescsize, + [out] NTTIME *last_changed_time ); /**/ @@ -290,7 +290,7 @@ /* Function: 0x1a */ WERROR winreg_GetVersion( [in,ref] policy_handle *handle, - [out]uint32 version + [out]uint32
svn commit: samba r18562 - in branches/SAMBA_3_0/source/include: .
Author: jerry Date: 2006-09-15 18:54:37 + (Fri, 15 Sep 2006) New Revision: 18562 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18562 Log: quick build fix rather than rolling back (I didn't actually intend the previous commit but got confused between Samab 3 4 branches) Modified: branches/SAMBA_3_0/source/include/charset.h Changeset: Modified: branches/SAMBA_3_0/source/include/charset.h === --- branches/SAMBA_3_0/source/include/charset.h 2006-09-15 18:34:03 UTC (rev 18561) +++ branches/SAMBA_3_0/source/include/charset.h 2006-09-15 18:54:37 UTC (rev 18562) @@ -26,6 +26,9 @@ #ifndef strlen_m #define strlen_m strlen #endif +#ifndef strlen_m_term +#define strlen_m_term strlen +#endif #define NUM_CHARSETS 5
svn commit: samba r18563 - in branches/SAMBA_4_0/source/lib: replace socket
Author: tridge Date: 2006-09-15 19:14:36 + (Fri, 15 Sep 2006) New Revision: 18563 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18563 Log: - move more of the header checks into lib/replace/ - change the test for net/if.h to do a full compile, not just an existance test. net/if.h is completely broken on hpux, and can never compile (it uses stuff before it defines it), so by using a AC_TRY_COMPILE() test we avoid using net/if.h on hpux, which should fix the build Modified: branches/SAMBA_4_0/source/lib/replace/libreplace.m4 branches/SAMBA_4_0/source/lib/socket/config.m4 Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/libreplace.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace.m4 2006-09-15 18:54:37 UTC (rev 18562) +++ branches/SAMBA_4_0/source/lib/replace/libreplace.m4 2006-09-15 19:14:36 UTC (rev 18563) @@ -88,6 +88,33 @@ fi +AC_CHECK_HEADERS(sys/syslog.h syslog.h) +AC_CHECK_HEADERS(sys/time.h time.h) +AC_CHECK_HEADERS(stdarg.h vararg.h) +AC_CHECK_HEADERS(sys/socket.h netinet/in.h netdb.h arpa/inet.h) +AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h) +AC_CHECK_HEADERS(sys/sockio.h sys/un.h) + + +dnl we need to check that net/if.h really can be used, to cope with hpux +dnl where including it always fails +AC_TRY_COMPILE([ + #include stdio.h + #if STDC_HEADERS + # include stdlib.h + # include stddef.h + #else + # if HAVE_STDLIB_H + # include stdlib.h + # endif + #endif + #if HAVE_SYS_SOCKET_H + # include sys/socket.h + #endif], + [#include net/if.h], + AC_DEFINE(HAVE_NET_IF_H, 1, usability of net/if.h)) + + AC_CACHE_CHECK([for broken inet_ntoa],samba_cv_REPLACE_INET_NTOA,[ AC_TRY_RUN([ #include stdio.h @@ -117,10 +144,6 @@ [socklen_t foo;],, [AC_DEFINE(socklen_t, int,[Socket length type])]) -AC_CHECK_HEADERS(sys/syslog.h syslog.h) -AC_CHECK_HEADERS(sys/time.h time.h) -AC_CHECK_HEADERS(sys/socket.h netinet/in.h) -AC_CHECK_HEADERS(stdarg.h vararg.h) AC_CHECK_FUNCS(seteuid setresuid setegid setresgid chroot bzero strerror) AC_CHECK_FUNCS(vsyslog setlinebuf mktime ftruncate chsize rename) AC_CHECK_FUNCS(waitpid strlcpy strlcat innetgr initgroups memmove strdup) Modified: branches/SAMBA_4_0/source/lib/socket/config.m4 === --- branches/SAMBA_4_0/source/lib/socket/config.m4 2006-09-15 18:54:37 UTC (rev 18562) +++ branches/SAMBA_4_0/source/lib/socket/config.m4 2006-09-15 19:14:36 UTC (rev 18563) @@ -1,5 +1,3 @@ -AC_CHECK_HEADERS(sys/socket.h sys/sockio.h sys/un.h) - AC_CHECK_FUNCS(writev) AC_CHECK_FUNCS(readv) @@ -98,10 +96,7 @@ dnl don't build ipv6 by default, unless the above test enables it, or dnl the configure uses --with-static-modules=socket_ipv6 -AC_CHECK_HEADERS(arpa/inet.h net/if.h netdb.h netinet/in.h sys/time.h) -AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h) - ## # look for a method of finding the list of network interfaces #
svn commit: samba r18564 - in branches/SAMBA_4_0/source: ntvfs ntvfs/cifs_posix_cli script/tests
Author: sfrench Date: 2006-09-15 19:24:38 + (Fri, 15 Sep 2006) New Revision: 18564 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18564 Log: update for cifs unix/posix extensions stub version to build and beginnings of smbtorture test for it Added: branches/SAMBA_4_0/source/ntvfs/cifs_posix_cli/vfs_cifs_posix.c Removed: branches/SAMBA_4_0/source/ntvfs/cifs_posix_cli/vfs_simple.c Modified: branches/SAMBA_4_0/source/ntvfs/cifs_posix_cli/svfs_util.c branches/SAMBA_4_0/source/ntvfs/config.mk branches/SAMBA_4_0/source/script/tests/mktestsetup.sh branches/SAMBA_4_0/source/script/tests/tests_quick.sh Changeset: Sorry, the patch is too large (2134 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18564
svn commit: samba r18565 - in branches/SAMBA_4_0/source: librpc librpc/idl pidl pidl/lib/Parse/Pidl/Samba4/NDR rpc_server/echo torture/rpc
Author: jelmer Date: 2006-09-15 20:07:55 + (Fri, 15 Sep 2006) New Revision: 18565 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18565 Log: Fix echo.idl to be Samba3-, MIDL and midlc compatible Modified: branches/SAMBA_4_0/source/librpc/config.mk branches/SAMBA_4_0/source/librpc/idl/echo.idl branches/SAMBA_4_0/source/pidl/TODO branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm branches/SAMBA_4_0/source/rpc_server/echo/rpc_echo.c branches/SAMBA_4_0/source/torture/rpc/echo.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/config.mk === --- branches/SAMBA_4_0/source/librpc/config.mk 2006-09-15 19:24:38 UTC (rev 18564) +++ branches/SAMBA_4_0/source/librpc/config.mk 2006-09-15 20:07:55 UTC (rev 18565) @@ -618,11 +618,11 @@ # End SUBSYSTEM dcerpc -[MODULE::RPC_EJS_ECHO] -INIT_FUNCTION = ejs_init_rpcecho -OBJ_FILES = gen_ndr/ndr_echo_ejs.o -SUBSYSTEM = smbcalls -PUBLIC_DEPENDENCIES = dcerpc NDR_ECHO EJSRPC +#[MODULE::RPC_EJS_ECHO] +#INIT_FUNCTION = ejs_init_rpcecho +#OBJ_FILES = gen_ndr/ndr_echo_ejs.o +#SUBSYSTEM = smbcalls +#PUBLIC_DEPENDENCIES = dcerpc NDR_ECHO EJSRPC [MODULE::RPC_EJS_MISC] INIT_FUNCTION = ejs_init_misc Modified: branches/SAMBA_4_0/source/librpc/idl/echo.idl === --- branches/SAMBA_4_0/source/librpc/idl/echo.idl 2006-09-15 19:24:38 UTC (rev 18564) +++ branches/SAMBA_4_0/source/librpc/idl/echo.idl 2006-09-15 20:07:55 UTC (rev 18565) @@ -34,7 +34,7 @@ /* test strings */ void echo_TestCall ( [in,string,charset(UTF16)] uint16 *s1, - [out,string,charset(UTF16)] uint16 *s2 + [out,string,charset(UTF16)] uint16 **s2 ); Modified: branches/SAMBA_4_0/source/pidl/TODO === --- branches/SAMBA_4_0/source/pidl/TODO 2006-09-15 19:24:38 UTC (rev 18564) +++ branches/SAMBA_4_0/source/pidl/TODO 2006-09-15 20:07:55 UTC (rev 18565) @@ -1,3 +1,6 @@ +- EJS output backend shouldn't use the NDR levels stuff but instead + as the C levels and NDR levels don't necessarily match. + - warn about [out] attributes on pointers (midl/samba3 compatibility) - true multiple dimension array / strings in arrays support Modified: branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm === --- branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm 2006-09-15 19:24:38 UTC (rev 18564) +++ branches/SAMBA_4_0/source/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm 2006-09-15 20:07:55 UTC (rev 18565) @@ -7,6 +7,10 @@ package Parse::Pidl::Samba4::NDR::Parser; +require Exporter; [EMAIL PROTECTED] = qw(Exporter); [EMAIL PROTECTED] = qw(is_charset_array); + use strict; use Parse::Pidl::Typelist qw(hasType getType mapType); use Parse::Pidl::Util qw(has_property ParseExpr print_uuid); Modified: branches/SAMBA_4_0/source/rpc_server/echo/rpc_echo.c === --- branches/SAMBA_4_0/source/rpc_server/echo/rpc_echo.c2006-09-15 19:24:38 UTC (rev 18564) +++ branches/SAMBA_4_0/source/rpc_server/echo/rpc_echo.c2006-09-15 20:07:55 UTC (rev 18565) @@ -68,7 +68,7 @@ static NTSTATUS echo_TestCall(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct echo_TestCall *r) { - r-out.s2 = talloc_strdup(mem_ctx, this is a test string); + *r-out.s2 = talloc_strdup(mem_ctx, this is a test string); return NT_STATUS_OK; } Modified: branches/SAMBA_4_0/source/torture/rpc/echo.c === --- branches/SAMBA_4_0/source/torture/rpc/echo.c2006-09-15 19:24:38 UTC (rev 18564) +++ branches/SAMBA_4_0/source/torture/rpc/echo.c2006-09-15 20:07:55 UTC (rev 18565) @@ -209,8 +209,10 @@ { NTSTATUS status; struct echo_TestCall r; + char *s = NULL; r.in.s1 = input string; + r.out.s2 = s; printf(\nTesting TestCall\n); status = dcerpc_echo_TestCall(p, mem_ctx, r); @@ -219,6 +221,11 @@ return False; } + if (!strcmp(s, input string)) { + printf(Didn't receive back same string\n); + return False; + } + return True; }
svn commit: samba r18566 - in branches/SAMBA_4_0/source: librpc/idl rpc_server/winreg torture/rpc
Author: tridge Date: 2006-09-15 20:36:38 + (Fri, 15 Sep 2006) New Revision: 18566 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18566 Log: fixed the winreg pipe and winreg tests Jerry, there is a big difference on the wire between these two: [out] uint32 x; and [out] uint32 *x; if you change from [out] uint32 x; then you need to change to: [out,ref] uint32 *x; otherwise it changes the format on the wire, which means we are no longer compatible with MS servers. but be aware that even if you change to a ref ptr, you also need to change all the client code to set all the return variables in the out part of the structure. That's why I don't like the MIDL restriction of forcing the use of ref pointers for output variables - it makes life much harder when writing client code, and makes the code much more error prone (just look at all the extra code needed to make this work again). I know we could auto-allocate these variables in the generated client side NDR code, but if we did that then we would have no way of doing a _real_ ref out pointer, which we really wanted to set to some already allocated variable. So please hold off on changing our idl to use the MIDL convention for output variables until Jelmer and I have had a good chat about this :-) Modified: branches/SAMBA_4_0/source/librpc/idl/winreg.idl branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c branches/SAMBA_4_0/source/torture/rpc/winreg.c Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/winreg.idl === --- branches/SAMBA_4_0/source/librpc/idl/winreg.idl 2006-09-15 20:07:55 UTC (rev 18565) +++ branches/SAMBA_4_0/source/librpc/idl/winreg.idl 2006-09-15 20:36:38 UTC (rev 18566) @@ -211,14 +211,14 @@ [in,ref] policy_handle *handle, [in] winreg_String class_in, [out] winreg_String *class_out, - [out] uint32 *num_subkeys, - [out] uint32 *max_subkeylen, - [out] uint32 *max_subkeysize, - [out] uint32 *num_values, - [out] uint32 *max_valnamelen, - [out] uint32 *max_valbufsize, - [out] uint32 *secdescsize, - [out] NTTIME *last_changed_time + [out,ref] uint32 *num_subkeys, + [out,ref] uint32 *max_subkeylen, + [out,ref] uint32 *max_subkeysize, + [out,ref] uint32 *num_values, + [out,ref] uint32 *max_valnamelen, + [out,ref] uint32 *max_valbufsize, + [out,ref] uint32 *secdescsize, + [out,ref] NTTIME *last_changed_time ); /**/ @@ -289,8 +289,8 @@ /**/ /* Function: 0x1a */ WERROR winreg_GetVersion( - [in,ref] policy_handle *handle, - [out]uint32 *version + [in,ref] policy_handle *handle, + [out,ref]uint32 *version ); /**/ Modified: branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c === --- branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2006-09-15 20:07:55 UTC (rev 18565) +++ branches/SAMBA_4_0/source/rpc_server/winreg/rpc_winreg.c2006-09-15 20:36:38 UTC (rev 18566) @@ -523,7 +523,11 @@ DCESRV_PULL_HANDLE_FAULT(h, r-in.handle, HTYPE_REGKEY); + r-out.version = talloc(mem_ctx, uint32_t); + NT_STATUS_HAVE_NO_MEMORY(r-out.version); + *r-out.version = 5; + return WERR_OK; } Modified: branches/SAMBA_4_0/source/torture/rpc/winreg.c === --- branches/SAMBA_4_0/source/torture/rpc/winreg.c 2006-09-15 20:07:55 UTC (rev 18565) +++ branches/SAMBA_4_0/source/torture/rpc/winreg.c 2006-09-15 20:36:38 UTC (rev 18566) @@ -54,10 +54,12 @@ { NTSTATUS status; struct winreg_GetVersion r; - + uint32_t v; printf(\ntesting GetVersion\n); + ZERO_STRUCT(r); r.in.handle = handle; + r.out.version = v; status = dcerpc_winreg_GetVersion(p, mem_ctx, r); @@ -372,10 +374,24 @@ { NTSTATUS status; struct winreg_QueryInfoKey r; + uint32_t num_subkeys, max_subkeylen, max_subkeysize, + num_values, max_valnamelen, max_valbufsize, + secdescsize; + NTTIME last_changed_time; printf(\ntesting QueryInfoKey\n); + ZERO_STRUCT(r); r.in.handle = handle; + r.out.num_subkeys = num_subkeys; + r.out.max_subkeylen = max_subkeylen; + r.out.max_subkeysize = max_subkeysize; + r.out.num_values = num_values; + r.out.max_valnamelen = max_valnamelen; + r.out.max_valbufsize = max_valbufsize; + r.out.secdescsize = secdescsize; +
svn commit: samba r18567 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: tridge Date: 2006-09-15 20:55:43 + (Fri, 15 Sep 2006) New Revision: 18567 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18567 Log: fixed the winreg js code for the new names of the fields in winreg.idl When changing a field name in idl, please remember to check for use of those functions in any js code as well. Modified: branches/SAMBA_4_0/source/scripting/libjs/winreg.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/winreg.js === --- branches/SAMBA_4_0/source/scripting/libjs/winreg.js 2006-09-15 20:36:38 UTC (rev 18566) +++ branches/SAMBA_4_0/source/scripting/libjs/winreg.js 2006-09-15 20:55:43 UTC (rev 18567) @@ -80,7 +80,7 @@ } io = irpcObj(); - io.input.handle = handle; + io.input.parent_handle = handle; io.input.keyname = hpath; io.input.unknown = 0; io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED; @@ -122,10 +122,10 @@ io.input.name.length = 0; io.input.name.size = 32; io.input.name.name = NULL; - io.input.class = new Object(); - io.input.class.length = 0; - io.input.class.size = 1024; - io.input.class.name = NULL; + io.input.keyclass = new Object(); + io.input.keyclass.length = 0; + io.input.keyclass.size = 1024; + io.input.keyclass.name = NULL; io.input.last_changed_time = 0; var idx = 0; @@ -239,7 +239,7 @@ var io = irpcObj(); io.input.handle = handle; io.input.name = key; - io.input.class = NULL; + io.input.keyclass = NULL; io.input.options = 0; io.input.access_mask = this.SEC_FLAG_MAXIMUM_ALLOWED; io.input.secdesc = NULL;
svn commit: samba r18568 - in branches/SAMBA_4_0/source/ntvfs/simple: .
Author: tridge Date: 2006-09-15 20:57:29 + (Fri, 15 Sep 2006) New Revision: 18568 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18568 Log: this warning is not needed now that it is the job of the unixuid ntvfs module to handle euid Modified: branches/SAMBA_4_0/source/ntvfs/simple/vfs_simple.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/simple/vfs_simple.c === --- branches/SAMBA_4_0/source/ntvfs/simple/vfs_simple.c 2006-09-15 20:55:43 UTC (rev 18567) +++ branches/SAMBA_4_0/source/ntvfs/simple/vfs_simple.c 2006-09-15 20:57:29 UTC (rev 18568) @@ -76,8 +76,6 @@ ntvfs-private_data = private; - DEBUG(0,(WARNING: ntvfs simple: connect to share [%s] with ROOT privileges!!!\n,sharename)); - return NT_STATUS_OK; }
svn commit: samba r18569 - in branches/SAMBA_4_0/source/script/tests: .
Author: tridge Date: 2006-09-15 21:05:03 + (Fri, 15 Sep 2006) New Revision: 18569 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18569 Log: add really simple testing of the 'simple' ntvfs backend, so we know when it breaks. It isn't much good as a template for developers to use unless it works :-) Added: branches/SAMBA_4_0/source/script/tests/test_simple.sh Modified: branches/SAMBA_4_0/source/script/tests/mktestsetup.sh branches/SAMBA_4_0/source/script/tests/tests_all.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/mktestsetup.sh === --- branches/SAMBA_4_0/source/script/tests/mktestsetup.sh 2006-09-15 20:57:29 UTC (rev 18568) +++ branches/SAMBA_4_0/source/script/tests/mktestsetup.sh 2006-09-15 21:05:03 UTC (rev 18569) @@ -119,6 +119,11 @@ cifs:domain = $DOMAIN cifs:share = tmp +[simple] + path = $TMPDIR + read only = no + ntvfs handler = simple + [cifsposixtestshare] read only = no ntvfs handler = cifsposix Added: branches/SAMBA_4_0/source/script/tests/test_simple.sh === --- branches/SAMBA_4_0/source/script/tests/test_simple.sh 2006-09-15 20:57:29 UTC (rev 18568) +++ branches/SAMBA_4_0/source/script/tests/test_simple.sh 2006-09-15 21:05:03 UTC (rev 18569) @@ -0,0 +1,34 @@ +#!/bin/sh +# run a quick set of filesystem tests + +if [ $# -lt 3 ]; then +cat EOF +Usage: test_simple.sh UNC USERNAME PASSWORD first smbtorture args +EOF +exit 1; +fi + +unc=$1 +username=$2 +password=$3 +start=$4 +shift 4 +ADDARGS=$* + +incdir=`dirname $0` +. $incdir/test_functions.sh + +tests=BASE-RW1 + +failed=0 +for t in $tests; do +if [ ! -z $start -a $start != $t ]; then + continue; +fi +start= +name=$t +testit $name $VALGRIND bin/smbtorture $TORTURE_OPTIONS $ADDARGS $unc -U$username%$password $t || failed=`expr $failed + 1` +done + +testok $0 $failed + Property changes on: branches/SAMBA_4_0/source/script/tests/test_simple.sh ___ Name: svn:executable + * Modified: branches/SAMBA_4_0/source/script/tests/tests_all.sh === --- branches/SAMBA_4_0/source/script/tests/tests_all.sh 2006-09-15 20:57:29 UTC (rev 18568) +++ branches/SAMBA_4_0/source/script/tests/tests_all.sh 2006-09-15 21:05:03 UTC (rev 18569) @@ -13,3 +13,4 @@ $SRCDIR/script/tests/test_pidl.sh || failed=`expr $failed + $?` $SRCDIR/script/tests/test_smbclient.sh $SERVER $USERNAME $PASSWORD $DOMAIN $PREFIX || failed=`expr $failed + $?` $SRCDIR/script/tests/test_cifsdd.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` + $SRCDIR/script/tests/test_simple.sh //$SERVER/simple $USERNAME $PASSWORD || failed=`expr $failed + $?`
svn commit: samba r18570 - in branches/SAMBA_4_0/source: ntvfs/cifs_posix_cli script/tests
Author: sfrench Date: 2006-09-15 21:39:38 + (Fri, 15 Sep 2006) New Revision: 18570 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18570 Log: Fix up function names in cifs unix/posix extensions backend. Enable tiny quick test for torture for them Added: branches/SAMBA_4_0/source/ntvfs/cifs_posix_cli/cifsposix.h Removed: branches/SAMBA_4_0/source/ntvfs/cifs_posix_cli/cvfs.h Modified: branches/SAMBA_4_0/source/ntvfs/cifs_posix_cli/README branches/SAMBA_4_0/source/ntvfs/cifs_posix_cli/svfs_util.c branches/SAMBA_4_0/source/ntvfs/cifs_posix_cli/vfs_cifs_posix.c branches/SAMBA_4_0/source/script/tests/mktestsetup.sh branches/SAMBA_4_0/source/script/tests/tests_quick.sh Changeset: Sorry, the patch is too large (1129 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18570
svn commit: samba r18571 - in branches/SAMBA_4_0/source/script/tests: .
Author: tridge Date: 2006-09-15 22:39:30 + (Fri, 15 Sep 2006) New Revision: 18571 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18571 Log: try to make it a lot more obvious when 'make test' or 'make quicktest' has failed. The output was too subtle for people who aren't used to it. Modified: branches/SAMBA_4_0/source/script/tests/selftest.sh branches/SAMBA_4_0/source/script/tests/test_functions.sh branches/SAMBA_4_0/source/script/tests/tests_all.sh branches/SAMBA_4_0/source/script/tests/tests_client.sh branches/SAMBA_4_0/source/script/tests/tests_quick.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/selftest.sh === --- branches/SAMBA_4_0/source/script/tests/selftest.sh 2006-09-15 21:39:38 UTC (rev 18570) +++ branches/SAMBA_4_0/source/script/tests/selftest.sh 2006-09-15 22:39:30 UTC (rev 18571) @@ -107,8 +107,10 @@ bin/nmblookup $CONFIGURATION -U $SERVER $NETBIOSNAME # start off with 0 failures - failed=0 - export failed +failed=0 +export failed +totalfailed=0 +export totalfailed . script/tests/tests_$TESTS.sh exit $failed @@ -137,4 +139,4 @@ done fi -teststatus $ARG0 $failed +teststatus $ARG0 $totalfailed Modified: branches/SAMBA_4_0/source/script/tests/test_functions.sh === --- branches/SAMBA_4_0/source/script/tests/test_functions.sh2006-09-15 21:39:38 UTC (rev 18570) +++ branches/SAMBA_4_0/source/script/tests/test_functions.sh2006-09-15 22:39:30 UTC (rev 18571) @@ -100,7 +100,7 @@ date echo Testing $name else - echo Testing $name ($failed) + echo Testing $name (`expr $failed + $totalfailed` test failed so far) fi smbd_check_only SMBD_IS_UP=yes @@ -167,11 +167,14 @@ name=`basename $1` failed=$2 - if [ x$failed = x0 ];then - echo TEST STATUS: $failed; - else - echo TEST STATUS: $failed; - fi + echo TEST STATUS: $failed failures; + test x$failed = x0 || { +cat EOF + +*** TESTSUITE FAILED *** + +EOF + } exit $failed } @@ -180,3 +183,6 @@ export MALLOC_CHECK_ fi +# initialise the local failed variable to zero when starting each of the tests +failed=0 + Modified: branches/SAMBA_4_0/source/script/tests/tests_all.sh === --- branches/SAMBA_4_0/source/script/tests/tests_all.sh 2006-09-15 21:39:38 UTC (rev 18570) +++ branches/SAMBA_4_0/source/script/tests/tests_all.sh 2006-09-15 22:39:30 UTC (rev 18571) @@ -1,16 +1,16 @@ #!/bin/sh - $SRCDIR/script/tests/test_ejs.sh $DOMAIN $USERNAME $PASSWORD || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_ldap.sh $SERVER $USERNAME $PASSWORD || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_nbt.sh $SERVER || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_quick.sh //$SERVER/cifs $USERNAME $PASSWORD || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_rpc.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_net.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_session_key.sh $SERVER $USERNAME $PASSWORD $DOMAIN $NETBIOSNAME || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_binding_string.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_echo.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_posix.sh //$SERVER/tmp $USERNAME $PASSWORD || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_local.sh || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_pidl.sh || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_smbclient.sh $SERVER $USERNAME $PASSWORD $DOMAIN $PREFIX || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_cifsdd.sh $SERVER $USERNAME $PASSWORD $DOMAIN || failed=`expr $failed + $?` - $SRCDIR/script/tests/test_simple.sh //$SERVER/simple $USERNAME $PASSWORD || failed=`expr $failed + $?` + $SRCDIR/script/tests/test_ejs.sh $DOMAIN $USERNAME $PASSWORD || totalfailed=`expr $totalfailed + $?` + $SRCDIR/script/tests/test_ldap.sh $SERVER $USERNAME $PASSWORD || totalfailed=`expr $totalfailed + $?` + $SRCDIR/script/tests/test_nbt.sh $SERVER || totalfailed=`expr $totalfailed + $?` + $SRCDIR/script/tests/test_quick.sh //$SERVER/cifs $USERNAME $PASSWORD || totalfailed=`expr $totalfailed + $?` + $SRCDIR/script/tests/test_rpc.sh $SERVER $USERNAME $PASSWORD $DOMAIN || totalfailed=`expr $totalfailed + $?` + $SRCDIR/script/tests/test_net.sh $SERVER $USERNAME $PASSWORD $DOMAIN || totalfailed=`expr $totalfailed + $?` + $SRCDIR/script/tests/test_session_key.sh $SERVER $USERNAME $PASSWORD $DOMAIN
svn commit: samba r18572 - in branches/SAMBA_3_0/source: . include librpc/gen_ndr librpc/ndr rpc_client rpc_parse rpc_server rpcclient script/tests
Author: jelmer Date: 2006-09-15 22:49:27 + (Fri, 15 Sep 2006) New Revision: 18572 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18572 Log: Use the autogenerated client and server for the echo interface and implement some of the missing functions. RPC-ECHO now passes against Samba3. Added: branches/SAMBA_3_0/source/librpc/gen_ndr/cli_echo.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_echo.h branches/SAMBA_3_0/source/librpc/gen_ndr/echo.h branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_echo.c branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_echo.h branches/SAMBA_3_0/source/librpc/gen_ndr/srv_echo.c branches/SAMBA_3_0/source/librpc/gen_ndr/srv_echo.h Removed: branches/SAMBA_3_0/source/include/rpc_echo.h branches/SAMBA_3_0/source/rpc_client/cli_echo.c branches/SAMBA_3_0/source/rpc_parse/parse_echo.c branches/SAMBA_3_0/source/rpc_server/srv_echo.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/include/rpc_client.h branches/SAMBA_3_0/source/include/smb.h branches/SAMBA_3_0/source/librpc/ndr/ndr_basic.c branches/SAMBA_3_0/source/rpc_server/srv_echo_nt.c branches/SAMBA_3_0/source/rpc_server/srv_pipe.c branches/SAMBA_3_0/source/rpcclient/cmd_echo.c branches/SAMBA_3_0/source/script/tests/test_posix_s3.sh Changeset: Sorry, the patch is too large (3536 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18572
svn commit: samba r18573 - in branches/SAMBA_4_0/testprogs/ejs: .
Author: tridge Date: 2006-09-15 22:56:45 + (Fri, 15 Sep 2006) New Revision: 18573 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18573 Log: disable the echo.js testing of echo_TestCall() for now. Jelmer, we need to fix pidl to be able to handle the double pointers in the ejs generated code Modified: branches/SAMBA_4_0/testprogs/ejs/echo.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/echo.js === --- branches/SAMBA_4_0/testprogs/ejs/echo.js2006-09-15 22:49:27 UTC (rev 18572) +++ branches/SAMBA_4_0/testprogs/ejs/echo.js2006-09-15 22:56:45 UTC (rev 18573) @@ -222,7 +222,9 @@ test_EchoData(echo); test_SinkData(echo); test_SourceData(echo); -test_TestCall(echo); + +print(SKIPPING test_TestCall as pidl cannot generate code for it\n); +/* test_TestCall(echo); */ test_TestCall2(echo); test_TestSleep(echo); test_TestEnum(echo);