Re: [Samba] GFS and samba
Hi, just as a remark: we are using also a cluster filesystem together with samba and nfs (StorNEXT). In the beginning we had some problem with NFS (kernel panic), caused by the file locking. However, we are using one SAMBA server for the home shares and another for the group shares. Two addional nodes are exporting everything using NFS. Therefore we do not have a concurrent situation of two samba server exporting the same stuff. For NFS it works! We have 6 NFS file server working on the same file base. But I never tested what will happen, when to samba server are starting to access the same file on different server. My suggestion would be, it CAN work, if the GFS is correctly locking the file, if one once write access to a file. However, a cluster solution for samba would be MUCH better! Bye, Peer Andrew Bartlett schrieb: On Wed, 2006-09-27 at 17:20 +0200, sandra-llistes wrote: Hello, We have two Fedora 5 Servers clustered with GFS. We installed samba and exported the same shares in both of them. All went fine at first, with people accessing to theirs own files and so, but for some programs (minitab, matlab, ...) people need to access the same file at once. Then samba begins to fail and clients hang. In order to fix samba is necessary to restart the service. We've tried to put the shares in a filesystem without GFS and all goes well, people can access the same file without problems simultaneously. This certainly looks weird. If the files are only ever accessed from one node, then it *should* work, but I don't know if this is something that has been tested with GFS specifically. Serious damage starts to happen when we have Samba accessing the same files on both nodes, because all the state information isn't shared between nodes. (Proposals for a scalable solution for Samba to do this are due on samba-technical in the next week). If you are only using one node for Samba, it should be the same as a local non-cluster filesystem, so perhaps raise this with the GFS developers. Andrew Bartlett -- Mit freundlichem Gruss Peer-Joachim Koch _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] prevent users from logging in as nobody
but this is not the right setup. the guest account is required to have the N flag to serve several functions (browsing, share listing, IPC$ connections, ...) why don´t you set guest ok = no globally? micha Jeff Davis wrote: Found the problem - the nobody account in LDAP had the sambaAccountFlags set to [NU] Removed the N (no password required) and voila - no more nobody logins -Jeff Rune Tønnesen wrote: Jeff Davis skrev: OK, probably a rookie question, but I've got some users that have been logging in to the domain as nobody... What do I need to change to disable this? Thanks, -Jeff Hi Jeff Please check whether the user nobody is mapped to guest or false password. Regards Rune -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] About access controlling of sub directories of a shared directory
Dear All, I am using samba server for file sharing. I gave a lot file to be shared by users. But i want to control the access of sub folders of a shared folder.How can i do it?I am trying for last few days but i have failed. Please help me if posible. It is to mention that my server is at Red Hat Linux 9.0 and users are at Windows. Hope to hear from you soon. Best Regards Md. Maidul Islam Junior Engineering Executive Systems Services Limited House 39, Road 14/A Dhanmondi, Dhaka, Bangladesh Phone:+88 02 8151162-4 - Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help! mount error 11 - can't find any info on this!!
I had a similar error, but it was from linux to linux. I updated samba on both machines (with yum, as I'm on Fedora) and that fixed it. bart3r wrote: When I try to mount a windows share, I am getting the following error message: mount error 11 = Resource temporarily unavailable Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) I am running this command: mount.cifs //192.168.1.2/Clinic /mnt/clinic/ -o username=administrator,password=x,rw In /var/log/messages, i get the following: kernel: CIFS VFS: cifs_mount failed w/return code = -11 I cannot find any documentation about this error, and no one else seems to be getting it. Does anyone know anything about this problem, and how I can resolve this issue. Any info would be great. Thankyou. Andrew. -- View this message in context: http://www.nabble.com/help%21-mount-error-11---can%27t-find-any-info-on-this%21%21-tf1243401.html#a6511109 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password protecting sharing
On large networks, like the one I have in campus, (around 400 computers) how do I set up a password with which I can restrict access to those with whom I have shared the sharing password and not others. My network uses dynamic ip address so, it is not possible to deny access to specific ipaddress -- Puneit Singh 0091-9350832020 Registered Linux User #431278 Registered Linux Machine #336341 pgpXLvU1xgveG.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cannot get samba 3.0 to work
I just upgraded from samba 2.2.8 to Samba 3.0. The upgrade coincided with upgrading from UnixWare 7.1.1 to 7.1.4. I can map a network drive just fine with 2.2.8 but cannot with 3.0. I try to enter the user1 id and password and it just rejects it each time. Here is my smb.conf file: #Global Settings = [global] workgroup = MYGROUP local master = no browseable = yes printcap name = lpstat load printers = yes printing = sysv deadtime = 5 guest account = user1 log file = /usr/lib/samba/var/log.%m max log size = 10 security = user encrypt passwords = yes smb passwd file = /etc/smbpasswd socket options = TCP_NODELAY IPTOS_LOWDELAY # Share Definitions == [pp_forms] comment = Maestro Docs path = /state read only = no guest = yes guest only = yes [printers] path = /var/spool/samba browseable = no writable = no printable = yes print command = /usr/bin/lp -c -d%p %s; rm %s [user1] comment = USER1 Share path = /ws/wp5_10_root/usr/users/pplus browsable = no writable = yes force user = user1 public = yes [ws_dir] comment = WSDIR Share path = /ws/wp5_10_root browsable = no writable = yes force user = user1 public = yes Chuck -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Critical Bug in Samba 2.0.23c-1 Debian ?
After an update to the new Samba-Version, samba can not interpered the variable %D and %m that I have set in ldap as profilpath. Samba create an directroy %D\%m. Can somebody help me please. With friendly greetings Manuel Erber -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Truncated username error?
I'm seeing an odd problem when a user here tries to edit images on a 3.0.10 Samba server running on a Centos 4.4 machine. There is a couldn't find service error, but the username given is only seven characters instead of the eight required. The error occurs specifically when trying to Save As in Photoshop, which itself complains that the disk is full, even though it isn't. Save As works with (for instance) Powerpoint, so there doesn't seem to be anything wrong with the share itself. I'd be grateful for any suggestions. Adam pgpmMQqdfX300.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net getlocalsid Segmentation Fault
Hi Try to turn off selinux (/etc/selinux/config, line: SELINUX=permissive and restart server) Lukasz. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] valid users and lost password on windows xp
On Monday 11 September 2006 15:21 Luca Ferrari's cat, walking on the keyboard, wrote: Hi all, in my network we're using samba as a disk share for users. Each user can access users thru his unix login name and password, but sometimes I experience that Windows xp (prof.) loses the password, so it prompts the user again for the it. In particular, after a smbpasswd password change, I have one machine that, even if mounting the share as a network disk (with username and password specified and the checkbox to store at reboot is checked) each day requires the user to insert the password. In particular the computer always proposes a default username composed by \\computer_name\windows_username. Is there any way to fix this problem? Anyone knows where and how to interact with the stored network-password in a windows system? I found that, mounting directly the shares (without connecting them to a network disk) and checking the store password checkbox the system does store the password! Thus the problem seems to be that it looses the password only if the shares are mounted as network disks. Please note that such computer (like others in my network that have no problems) mounts two shares, both of them with a valid users pragma. Any idea? Thanks, Luca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] initialise_wins failing - failed to open wins.tdb
Hi Guys, Since the automatic fedora update to 23c I'm having problems with samba crashing when a share access is attempted. However, I also notice that the nmbd daemon isn't being started up properly (though its startup script, through init.d, shows it as starting up OK). The error that is being shown in the logs is: [2006/09/28 20:06:35, 0] nmbd/nmbd_winsserver.c:initialise_wins(580) initialise_wins: failed to open wins.tdb. Error was Permission denied Now I've tried to google for wins.tdb and can't find much on it, other than it should be located in /var/lib/samba (which it isn't). Any ideas for where it might have gone (I haven't deleted it in anyway)? or what the issue might be with this? Regards, Bevan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem with cups and samba: printing is disabled
Hi, I've got a windows printer that is no more working. If I try to see the status of the printer I get: server:~ # lpc status la02 la02: printer is on device 'smb' speed -1 queuing is enabled printing is disabled no entries daemon present that means printing is no enabled. If I try to enable the printer I cannot get the printer enabled: server:~ # lpadmin -p la02 -E server:~ # lpc status la02 la02: printer is on device 'smb' speed -1 queuing is enabled printing is disabled no entries daemon present In the printers.conf file there's the message: Printer la02 Info la02 DeviceURI smb://guest:[EMAIL PROTECTED]/l_a02 State Stopped StateMessage Call timed out: server did not respond after 1 milliseconds closing remote file _stdin_ Accepting Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 /Printer but if I smbclient to the printer I cannot connect! Any idea? Thanks, Luca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to add unicode support to samba-2.0.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jack dang wrote: I've thought of that before, but the overall binary size (smbd + nmbd, not to mention some basic authentication functionality I may need afterwards)is over 50M, nearly 60M. Sounds like you're doing something wrong in the compile. For 3.0.23 without any tweaking except --disable-cups and --without-ads I get: $ ls -l bin/ total - -rwx-- 1 jerry users 1098984 2006-09-28 04:16 nmbd* - -rwx-- 1 jerry users 3437176 2006-09-28 04:16 smbd* cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFG5MbIR7qMdg1EfYRAkaLAJ95zziw6CUVw2pROTKD0AagdFg0mQCdFEUT SyG2PY1jGcwaSKzWllJGnXQ= =79bJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3.0.23 docs in Japanese
Hi All, I have downloaded samba-3.0.23. But the source doesn't contain docs in japanese. The welcome.html ( located under /usr/local/samba/swat/lang/ja/help/welcome.html) contains many links which are broken. How can I get SWAT docs in Japanese. Kindly help. Thanks, Pavan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Truncated username error?
On Wed, 27 Sep 2006, Gerald (Jerry) Carter wrote: Adam Huffman wrote: No, it's an XP SP2 client. It may actually be unconnected with this save as problem, but it is logged at the same time. My gut says it probably is unrelated Looks like the problem goes away with a newer version of Photoshop, so that truncated username message is indeed harmless, as others have found. Sorry for the noise. Adam pgpdpaHbAWRD7.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windows AD member
Hello all, I have a big problem. I have samba 3.0.23c with ldap backend configured. On the network, I have windows 2000, windows XP and one windows 2003 as member of samba domain. Samba runs well until last weeks when users start problems conectivity with the domain. After some debug, I discover nmbd stop responding. When I run comand smbclient to samba server, I have the following respons: session setup failed: Call timed out: server did not respond after 2 milliseconds If I restart samba, this work again for some time. First, I think that was appening because I have AD as member of samba domain, so I put AD in a workgroup. During some days the scenario works but today the problem come back. What can I do to solve this? thanks, -- Filipe Dias da Mota iPortalMais - Serviços de Internet e Redes, Lda. www.iportalmais.com TEL: +351 22 510 64 76 GSM: +351 93 449 12 42 FAX: +351 22 518 97 22 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot overwrite the Excel file
Hello, I submitted following question before, however I'd like to ask you all about the Excel file problem once again. It seems that when overwrite Excel file, the client try to get ACL from Samba and the Excel file is set to read only file. I think the cause of this is like that the translation of SID fails due to reset the w and x bit of the owner for some reasons. Does anyone know this kind of problem? Hello, I have problem of saving Excel file on Samba share. After saving Excel file, it cannot save to the share any more. And also I got following message like: The file was saved successfully, but saved file cannot re-open because of not enough memory available. Please close the file. I got this problem for Excel file only, other file e.g. Word file can save fine. The version of Samba is 3.0.1. Does anyone know this problem and either fixed or not? If it already fixed, please let me know from which version of Samba is fixed. Thank you in advance. Best regards, Kotaro Kawamura [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows AD member
Filipe Mota wrote: Hello all, I have a big problem. I have samba 3.0.23c with ldap backend configured. On the network, I have windows 2000, windows XP and one windows 2003 as member of samba domain. Samba runs well until last weeks when users start problems conectivity with the domain. After some debug, I discover nmbd stop responding. When I run comand smbclient to samba server, I have the following respons: session setup failed: Call timed out: server did not respond after 2 milliseconds If I restart samba, this work again for some time. First, I think that was appening because I have AD as member of samba domain, so I put AD in a workgroup. During some days the scenario works but today the problem come back. What can I do to solve this? thanks, I think the basic idea is to recognize that computer software is written by humans and will contain errors. The source of the errors is not always obvious. Therefore system administrators live by the rule if it ain't broke, don't fix it! The question is, what features do you need in your set up? Normally, a Linux distribution ships with an integrated set of software that is believed to be stable and to work together. You will get bug fixes and security updates for that distribution. You install more recent versions of software at your peril. On a production server, you should only do this if you need a feature that is not working in the version shipped with your distribution (whether it is not there or simply not working properly). You have installed 3.0.23c, which is very recent. Nmbd is crashing probably because it doesn't work quite right with other software on your system. Unless you really need something that 3.0.23c provides, I would advise you to downgrade to the version that shipped with your distribution. If you do need to run 3.0.23c, or if that is the version that shipped with your distribution, try setting the log level to 10 in smb.conf and see what results you get. Also, check the other logs to see if there some evidence of a problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX Testers Needed.
Hi, On 9/12/06, William Jojo [EMAIL PROTECTED] wrote: Hello AIX folks, I am changing the packaging of Samba for AIX. Presently Samba is built with a truckload of static libs and bound up in a package that has no other support for the supporting infrastructure. That's good news! What I'd like to do instead is make as much of the package dependant upon shared libs and to allow for completeness of the package. In other words, BDB, OpenSSL, OpenLDAP, SASL, KRB5, libiconv and gcc shared libs are all included as *complete* packages; you'll have an LDAP server, Kerberos support, SSL and Berkeley tools for hot backups and recovery. Great, i'll test here in a 5.3 server and give some feedback about its behavior. Have you tried using it with Symas CDS? -- Carlos Eduardo Pedroza Santiviago -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX Testers Needed.
- Original Message - From: Stefan (metze) Metzmacher [EMAIL PROTECTED] To: Carlos Eduardo Pedroza Santiviago [EMAIL PROTECTED] Cc: William Jojo [EMAIL PROTECTED]; samba@lists.samba.org; samba-technical@lists.samba.org Sent: Thursday, September 28, 2006 8:31 AM Subject: Re: AIX Testers Needed. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carlos Eduardo Pedroza Santiviago schrieb: Hi, What I'd like to do instead is make as much of the package dependant upon shared libs and to allow for completeness of the package. In other words, BDB, OpenSSL, OpenLDAP, SASL, KRB5, libiconv and gcc shared libs are all included as *complete* packages; you'll have an LDAP server, Kerberos support, SSL and Berkeley tools for hot backups and recovery. It would be really nice to have some more AIX machines in our build-farm! How many? I'm adding 8 more CPUs and 16GB to our 560 Saturday (which is one of many reasons my AIX patches are way behind) I can create you a .4 entitled VIOC (presented as 2 VCPU with SMT, so 4 logical CPU) with 2 GB memory. How much disk does it need? Btw: the SAMBA_3_0 branch currently fails to build on AIX, http://build.samba.org/?function=View+Build;host=aix1;tree=samba_3_0;compiler=gcc with: ld: 0711-783 WARNING: TOC overflow. TOC size: 90328 Maximum size: 65536 Extra instructions are being generated for each reference to a TOC symbol if the symbol is in the TOC overflow area. I fixed this a couple of times. :-) You need -bbigtoc anywhere you do linking (shared libs, execs, etc) http://build.samba.org/?function=View+Build;host=oehmesrs6k;tree=samba_3_0;compiler=cc the problem here is known, the pidl generated files are commited to the svn tree without using --uint-enums and the cc compiler rejects to compile enums with negative values... It would be nice to get this problems fixed... Which cc compiler? I'll look it up. Cheers, Bill metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG8Czm70gjA5TCD8RArrFAJ4mg5fWq+5oVoXK/nmfGe6FdLMTqQCeNYk4 DLmjC5PCKxvZ/s2zxfTvpH8= =krXU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 PDC - trouble renaming domain member computer
As it turns out, I've got the same problem with the 3.0.23c .debs (I was using 3.0.14a debian stock). Again, to summarize: Samba 3 PDC, using LDAPSAM. Group mappings are correct, my domain admins group has privileges: SeMachineAccountPrivilege SeRemoteShutdownPrivilege SePrintOperatorPrivilege SeAddUsersPrivilege SeDiskOperatorPrivilege Members of the domain admins group can join machines to the domain, but can't rename domain computers (either via netdom or the GUI). XP throws error, access is denied. Everything else work perfectly. I've filed a bug report, #4116. Does anyone have any ideas? Thanks, Ryan - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] GFS and samba
Hi Andrew, We open a bug-request to GFS-developers and send an e-mail to linux-cluster list but received no answers yet. As I said the files aren't accessed simoultaneously, one Node (node1) is sharing information about programs used in our university (share1), this share is used by windows clients that only are connected to node1. Other clients (Linux) connect to node2 that shares the same, but that clients aren't accessing to the same information because the programs used are different. Any idees in order to debug it? It's good news to know that clusterizable samba is a proposal and I will subscribe to samba-technical to read about that. I read too that we can put samba configuration and files in the GFS filesystem in order to share states,information,locks and so on. We are mounting a test environment with two test servers, one GFS filesystem and samba to see what configurations can be used to make it working better. Best Regards, Sandra Andrew Bartlett wrote: On Wed, 2006-09-27 at 17:20 +0200, sandra-llistes wrote: Hello, We have two Fedora 5 Servers clustered with GFS. We installed samba and exported the same shares in both of them. All went fine at first, with people accessing to theirs own files and so, but for some programs (minitab, matlab, ...) people need to access the same file at once. Then samba begins to fail and clients hang. In order to fix samba is necessary to restart the service. We've tried to put the shares in a filesystem without GFS and all goes well, people can access the same file without problems simultaneously. This certainly looks weird. If the files are only ever accessed from one node, then it *should* work, but I don't know if this is something that has been tested with GFS specifically. Serious damage starts to happen when we have Samba accessing the same files on both nodes, because all the state information isn't shared between nodes. (Proposals for a scalable solution for Samba to do this are due on samba-technical in the next week). If you are only using one node for Samba, it should be the same as a local non-cluster filesystem, so perhaps raise this with the GFS developers. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PAM vs smbpasswd oddity
I'm guessing that PAM authentication with RADIUS wont work with SAMBA at all now in my instance, especially if the passwords being returned to SAMBA from the RADIUS server are clear text (which they are). Can someone confirm this for me? Thanks, r Russell Handorf wrote: I've tried setting the security level to being from user to share. It now logs me in as guest from all workstations for some reason. Here is the smb.conf file once again for all to review: [global] workgroup = snip server string = samba file netbios name = Fileserver log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = True local master = Yes domain master = True dns proxy = yes remote announce = 192.168.0.255 os level = 40 ;domain logons = yes ;logon script = logon.bat ;logon home = \\%G\%U\.profile name resolve order = wins lmhosts bcast wins proxy = yes ;preserve case = yes ;short preserve case = yes wins support= yes #was user / share security = user #must be set to 'no' to use PAM encrypt passwords = No update encrypted = No allow trusted domains = Yes #min password length = 6 null passwords = No [homes] comments = Home Dir browsable = no writable = yes hide dot files = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no write list = domain_admin [Profiles] path = /%G/%U/.profile browseable = no guest ok = yes [public] path = /samba/public valid users = users force group = users writeable = Yes guest ok = No Russell Handorf wrote: Hi Folks, so now I've managed to trick the authentication server to caching the one time passwords for me. I'm down to the last two problems: 1. Something odd that I've noticed is that when I use PAM authentication Windows clients are outright refused. When I enable encrypted passwords, therefor disabling PAM, I'm then able to log in but with the use of static passwords. The error that the Windows clients get is the following: \\IP-ADDRESS is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The account is not authorized to log in from this station. So the question here is that why doesnt this work when I use PAM authentication, but it does work when I use smbpasswd?!? 2. I've since tried mounting the share on a linux box to see what was happening. I notice the following behavior with this command: mount -t smbfs -o username=rhandorf //localhost/rhandorf /mnt/home/ Once I log in, I'm able to browse the directory without *any* problems. So if I can solve #1, I'll be a happy camper! Does anyone have any ideas? Thanks again, r -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows AD member
Gary Dale wrote: Filipe Mota wrote: Hello all, I have a big problem. I have samba 3.0.23c with ldap backend configured. On the network, I have windows 2000, windows XP and one windows 2003 as member of samba domain. Samba runs well until last weeks when users start problems conectivity with the domain. After some debug, I discover nmbd stop responding. When I run comand smbclient to samba server, I have the following respons: session setup failed: Call timed out: server did not respond after 2 milliseconds If I restart samba, this work again for some time. First, I think that was appening because I have AD as member of samba domain, so I put AD in a workgroup. During some days the scenario works but today the problem come back. What can I do to solve this? thanks, I think the basic idea is to recognize that computer software is written by humans and will contain errors. The source of the errors is not always obvious. Therefore system administrators live by the rule if it ain't broke, don't fix it! The question is, what features do you need in your set up? Normally, a Linux distribution ships with an integrated set of software that is believed to be stable and to work together. You will get bug fixes and security updates for that distribution. You install more recent versions of software at your peril. On a production server, you should only do this if you need a feature that is not working in the version shipped with your distribution (whether it is not there or simply not working properly). You have installed 3.0.23c, which is very recent. Nmbd is crashing probably because it doesn't work quite right with other software on your system. Unless you really need something that 3.0.23c provides, I would advise you to downgrade to the version that shipped with your distribution. If you do need to run 3.0.23c, or if that is the version that shipped with your distribution, try setting the log level to 10 in smb.conf and see what results you get. Also, check the other logs to see if there some evidence of a problem. I'm using debian distro as operating system. Before I start to have this problem, I haved samba 3.0.14 install from debian distro. Everything working for almost 1 year. But I needed to change hardware and I reinstalled my server with the same version. The problems start at this time. I tried a lot of things to solve this problems, the last one was upgrade samba. I tried to set log to level 10 and more but I can see any thing. The only conclusion of my debug is when some one try to access to AD server trhought samba, nmbd stop respond. But it don't stop at the first connect. It's ramdom!! Very strange. I'm not sure if problem is in samba server or in AD. I need to use AD server because I have some aplication who need to be install on windows. Could be a bug on samba, a virus, one of the aplication I use in AD? I don't know... Does some one have an idea or a scenario like this one? Thanks, -- Filipe Dias da Mota iPortalMais - Serviços de Internet e Redes, Lda. www.iportalmais.com TEL: +351 22 510 64 76 GSM: +351 93 449 12 42 FAX: +351 22 518 97 22 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] refuse machine password change policy
We have a PDC and BDC with Samba 3.0.23a and an LDAP backend. The refuse machine password change policy was set on both (and both restarted). Computers on that domain seem to ignore the setting, as confirmed both by a packet capture and by looking at it in the backend. Is the policy fully supported in Samba? Any ideas? Thanks! It has been over a year since I looked at this, but at that time with 3.0.20 this setting only affected what Samba returned when a client asked what the policy was, Samba did not enforce the policy on the server side. In my testing clients only honored it and did not try to change their machine passwords when the policy was set at the time they joined the domain. John Janosik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX Testers Needed.
- Original Message - From: Stefan (metze) Metzmacher [EMAIL PROTECTED] To: William Jojo [EMAIL PROTECTED] Cc: Carlos Eduardo Pedroza Santiviago [EMAIL PROTECTED]; samba@lists.samba.org; samba-technical@lists.samba.org Sent: Thursday, September 28, 2006 10:30 AM Subject: Re: AIX Testers Needed. http://build.samba.org/?function=View+Build;host=aix1;tree=samba_3_0;compiler=gcc with: ld: 0711-783 WARNING: TOC overflow. TOC size: 90328 Maximum size: 65536 Extra instructions are being generated for each reference to a TOC symbol if the symbol is in the TOC overflow area. I fixed this a couple of times. :-) You need -bbigtoc anywhere you do linking (shared libs, execs, etc) In samba4 we use this: CPP= ccache gcc -E CPPFLAGS = -I./include -I. -I./lib -D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H CC = ccache gcc CFLAGS = -Wall -I./include -I. -I./lib -D_SAMBA_BUILD_=4 - -DHAVE_CONFIG_H PICFLAG= -O2 LD = ccache gcc LDFLAGS= -Wl,-brtl,-bexpall,-bbigtoc -L./bin STLD = /usr/bin/ar STLD_FLAGS = -rcs SHLD = ccache gcc SHLD_FLAGS = -Wl,-G,-bexpall -L./bin SHLIBEXT = so should I change SHLD_FLAGS to -Wl,-G,-bexpall,-bbigtoc -L./bin ? Definitely. :-) Cheers, Bill -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG9x2m70gjA5TCD8RArCNAJ0R6EHTuTkKM2rb3FlqoWq9Ld9EkwCfXql4 f6SRDgmj5razPa7NZcw9F9E= =FnjF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PAM vs smbpasswd oddity *solved*
So yeah, after a little bit more searching I found the solution mentioned here http://lists.samba.org/archive/samba/2003-May/00.html If there only were a way to have both clear and encrypted enabled at the same time! Then, and only then would life be peachy. r Russell Handorf wrote: I'm guessing that PAM authentication with RADIUS wont work with SAMBA at all now in my instance, especially if the passwords being returned to SAMBA from the RADIUS server are clear text (which they are). Can someone confirm this for me? Thanks, r Russell Handorf wrote: I've tried setting the security level to being from user to share. It now logs me in as guest from all workstations for some reason. Here is the smb.conf file once again for all to review: [global] workgroup = snip server string = samba file netbios name = Fileserver log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = True local master = Yes domain master = True dns proxy = yes remote announce = 192.168.0.255 os level = 40 ;domain logons = yes ;logon script = logon.bat ;logon home = \\%G\%U\.profile name resolve order = wins lmhosts bcast wins proxy = yes ;preserve case = yes ;short preserve case = yes wins support= yes #was user / share security = user #must be set to 'no' to use PAM encrypt passwords = No update encrypted = No allow trusted domains = Yes #min password length = 6 null passwords = No [homes] comments = Home Dir browsable = no writable = yes hide dot files = yes [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes writable = no share modes = no write list = domain_admin [Profiles] path = /%G/%U/.profile browseable = no guest ok = yes [public] path = /samba/public valid users = users force group = users writeable = Yes guest ok = No Russell Handorf wrote: Hi Folks, so now I've managed to trick the authentication server to caching the one time passwords for me. I'm down to the last two problems: 1. Something odd that I've noticed is that when I use PAM authentication Windows clients are outright refused. When I enable encrypted passwords, therefor disabling PAM, I'm then able to log in but with the use of static passwords. The error that the Windows clients get is the following: \\IP-ADDRESS is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions. The account is not authorized to log in from this station. So the question here is that why doesnt this work when I use PAM authentication, but it does work when I use smbpasswd?!? 2. I've since tried mounting the share on a linux box to see what was happening. I notice the following behavior with this command: mount -t smbfs -o username=rhandorf //localhost/rhandorf /mnt/home/ Once I log in, I'm able to browse the directory without *any* problems. So if I can solve #1, I'll be a happy camper! Does anyone have any ideas? Thanks again, r -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Autentication against BDC first
Hi all, I have this question, I ve got a master LDAP server on a remote place and i want to install a PDC and a BDC and a slave ldap server in other place. Mi question is... may I force de WorkStations logging (read the information )against the BDC first than PDC, so the READ trafic goes to the Slave Ldap??? The problem is the network avoid READ traffic. In the Samba FAQ recomends that the: PDC---use de Master Ldap and the BDC ---use a Slave Ldap this is a network map for the idea: MASTER LDAP on Remote Site | | Wan | | SMB PDC SMB BDC Slave Ldap on LAN | | | WS So when I log into the WS the BDC ask to the local Slave LDAP trough the LAN network. And if i need to change a password of the user on PDC goes trough WAN and modify the master LDAP and this then modify the Slave LDAP trough the WAN. So... my question is can I configure my BDC with the priority. Maybe... on the PDC set: domainsmaster=yes domainlogons=no and on the BDC domainmaster=no domainlogons=yes. Many many thanks and scuse my poor english. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX Testers Needed.
- Original Message - From: Stefan (metze) Metzmacher [EMAIL PROTECTED] To: William Jojo [EMAIL PROTECTED] Cc: samba@lists.samba.org; samba-technical@lists.samba.org Sent: Thursday, September 28, 2006 9:50 AM Subject: Re: AIX Testers Needed. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi William, It would be really nice to have some more AIX machines in our build-farm! How many? I'm adding 8 more CPUs and 16GB to our 560 Saturday (which is one of many reasons my AIX patches are way behind) I can create you a .4 entitled VIOC (presented as 2 VCPU with SMT, so 4 logical CPU) with 2 GB memory. How much disk does it need? 1GB free disk would be nice, but 2GB memory isn't needed 512MB would do it really fine. It would be nice to have each production release of AIX in the farm. Ok, so 512MB it is. How about a 5.2 and 5.3 system? Just need some specifics on rootpw and any other specifics that are important. I can get those systems rockin' next week for you. (Gotta find my later 5.2 CD's for virtual support, but the 5.3 I can do immediately) Btw: the SAMBA_3_0 branch currently fails to build on AIX, I fixed this a couple of times. :-) You need -bbigtoc anywhere you do linking (shared libs, execs, etc) Ah, thanks! I somehow gets lost somewhere in samba3's configure after it's added to DYNEXP, I'm debugging this currently. http://build.samba.org/?function=View+Build;host=oehmesrs6k;tree=samba_3_0;compiler=cc the problem here is known, the pidl generated files are commited to the svn tree without using --uint-enums and the cc compiler rejects to compile enums with negative values... Which cc compiler? I'll look it up. I don't know, it's AIX 5.2 but with the --uint-enums flags it build fine on samba4..., so we could workarround. That's a gcc option, correct? and you're compiling with cc? I'll have to svn the samba_3_0 tree and try it here to get the specifics. Cheers, Bill metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG9Mpm70gjA5TCD8RAhGEAJ9oOP/yMqejwPBgW2qVTBW+YQGCMACcD5RM qePSlZ2uR+oVzfwSi8vXdZQ= =9SNv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: AIX Testers Needed.
Do we have or can we have access to this server as well and help to decode? David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefan (metze) Metzmacher Sent: Thursday, September 28, 2006 8:51 AM To: William Jojo Cc: samba@lists.samba.org; samba-technical@lists.samba.org Subject: Re: AIX Testers Needed. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi William, It would be really nice to have some more AIX machines in our build-farm! How many? I'm adding 8 more CPUs and 16GB to our 560 Saturday (which is one of many reasons my AIX patches are way behind) I can create you a .4 entitled VIOC (presented as 2 VCPU with SMT, so 4 logical CPU) with 2 GB memory. How much disk does it need? 1GB free disk would be nice, but 2GB memory isn't needed 512MB would do it really fine. It would be nice to have each production release of AIX in the farm. Btw: the SAMBA_3_0 branch currently fails to build on AIX, I fixed this a couple of times. :-) You need -bbigtoc anywhere you do linking (shared libs, execs, etc) Ah, thanks! I somehow gets lost somewhere in samba3's configure after it's added to DYNEXP, I'm debugging this currently. http://build.samba.org/?function=View+Build;host=oehmesrs6k;tree=samb a_3_0;compiler=cc the problem here is known, the pidl generated files are commited to the svn tree without using --uint-enums and the cc compiler rejects to compile enums with negative values... Which cc compiler? I'll look it up. I don't know, it's AIX 5.2 but with the --uint-enums flags it build fine on samba4..., so we could workarround. metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG9Mpm70gjA5TCD8RAhGEAJ9oOP/yMqejwPBgW2qVTBW+YQGCMACcD5RM qePSlZ2uR+oVzfwSi8vXdZQ= =9SNv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How do I force other domains to work?
I am trying to get the other domains in my tree to work with my samba implementation. I have copied all the necessary config files from another samba server that does work. On this server however, I get strange results from the wbinfo -sequence command. linux:/ # wbinfo --sequence LAC : DISCONNECTED EU : DISCONNECTED AP : DISCONNECTED UIS : DISCONNECTED M1016 : 1 BUILTIN : 1 NA : 51137274 All the other domains are Disconnected (-1) if you look in the logs. I desperately need these to get connected so I can authenticate their users. What could be wrong? Thanks, Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot connect to a windows network
Hello, I am trying to use Samba to let me mount windows network drives on an Ubuntu Dapper Server installation that I am using as a desktop. Using: testparm my smb.conf seems to be ok. Using smbclient -L GM.local -U username -p Gives me a full listing of all network drives, which again seems to be good. So now I try this: sudo mount -t smbfs -o username=username \//GM.local/DC4 /mnt/win_share/ Password: 25031: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) SMB connection failed Then i tried the same command again: sudo mount -t smbfs -o username=username \//GM.local/DC4 /mnt/win_share/ cli_negprot: SMB signing is mandatory and we have disabled it. 25115: protocol negotiation failed SMB connection failed I seem to get different error messages for no apparent reason. If anyone can suggest a way for me to mount these network drives, please help. BTW - I can connect to the network folders using CIFS on my Mac, so I know that I have the correct settings (although I cant find the printers from my Mac) Thanks in advance Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot connect to a windows network
Using an Ubuntu Server install as a desktop? Interesting . . . Anyway, are you certain the server is resolving the computer names to IP addresses? Regardless, here is the command you need. I just tested it on my Ubuntu 6.06 server and it works: mount -t smbfs -o lfs,username=your.domain.username,password=your.password //computer.or.server.name/share.name /local.path.you.are.mounting.to/subdirectory.if.you.want/ You can leave out the password if you want and enter it manually. Give this a shot and see what happens. Oh, make sure a firewall isn't blocking your connection on either end as well. Hope that helps. Aaron Kincer Nick Black wrote: Hello, I am trying to use Samba to let me mount windows network drives on an Ubuntu Dapper Server installation that I am using as a desktop. Using: testparm my smb.conf seems to be ok. Using smbclient -L GM.local -U username -p Gives me a full listing of all network drives, which again seems to be good. So now I try this: sudo mount -t smbfs -o username=username \//GM.local/DC4 /mnt/win_share/ Password: 25031: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) SMB connection failed Then i tried the same command again: sudo mount -t smbfs -o username=username \//GM.local/DC4 /mnt/win_share/ cli_negprot: SMB signing is mandatory and we have disabled it. 25115: protocol negotiation failed SMB connection failed I seem to get different error messages for no apparent reason. If anyone can suggest a way for me to mount these network drives, please help. BTW - I can connect to the network folders using CIFS on my Mac, so I know that I have the correct settings (although I cant find the printers from my Mac) Thanks in advance Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot connect to a windows network
(had to resend this with the right email address for the list) Forgot to tell you to use sudo of you aren't using the root account. So append sudo in front of that as you have in your other command. One more thing--the lfs option enables files greater than 2GB. smbclient chokes on them if you don't (at least in my experience). Nick Black wrote: Hello, I am trying to use Samba to let me mount windows network drives on an Ubuntu Dapper Server installation that I am using as a desktop. Using: testparm my smb.conf seems to be ok. Using smbclient -L GM.local -U username -p Gives me a full listing of all network drives, which again seems to be good. So now I try this: sudo mount -t smbfs -o username=username \//GM.local/DC4 /mnt/win_share/ Password: 25031: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) SMB connection failed Then i tried the same command again: sudo mount -t smbfs -o username=username \//GM.local/DC4 /mnt/win_share/ cli_negprot: SMB signing is mandatory and we have disabled it. 25115: protocol negotiation failed SMB connection failed I seem to get different error messages for no apparent reason. If anyone can suggest a way for me to mount these network drives, please help. BTW - I can connect to the network folders using CIFS on my Mac, so I know that I have the correct settings (although I cant find the printers from my Mac) Thanks in advance Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
FW: [Samba] Cant correctly join windows 2K3 domain with Gentoo
Whoops, keep forgettingto hit Respond to all. -Original Message- From: Guillermo Gutierrez Sent: Wednesday, September 27, 2006 1:14 PM To: 'Aaron Kincer' Subject: RE: [Samba] Cant correctly join windows 2K3 domain with Gentoo Please help me. I wound up not being able to log back in to my samba server. I realize thatI can boot up to the live cd and undo my changes. But I really could use some sama expertise in realizing my goal of connecting it to an Active Directory domain AND being able to utilize single-sign on fr ssh and console. -Original Message- From: Aaron Kincer [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 27, 2006 10:32 AM To: Guillermo Gutierrez Subject: Re: [Samba] Cant correctly join windows 2K3 domain with Gentoo You are asking the wrong person--I don't know. Send it to the list. Guillermo Gutierrez wrote: Yes, I want a single-signon so that I can log onto the samba server with using an active directory domain user. But if the instructions are using ldap to join the active directory domain, should I need winbind at all? -Original Message- From: Aaron Kincer [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 27, 2006 8:17 AM To: Guillermo Gutierrez Subject: Re: [Samba] Cant correctly join windows 2K3 domain with Gentoo Gotcha. I'm not immediately aware of why you would want to do this unless you are providing shell-based services and want a single sign-on for that in addition to Active Directory accounts. I've never tried that, so maybe someone here will want to give you more info. I just tried logging into my samba server using a domain account and it wasn't very cooperative. I tried using the short name (just the username) and got an access denied. When I used the domainname+username, an interesting thing happened. A directory under /home/domainname/ was created for the user, but no login occurred. I did find this webpage that seems to claim to offer what you need: http://weblog.bignerdranch.com/?p=6 Hope that helps. Guillermo Gutierrez wrote: Forgive my ambiguity, I am not able to log in to the samba server itself using a domain login. -Original Message- From: Aaron Kincer [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 27, 2006 7:43 AM To: Guillermo Gutierrez Cc: samba@lists.samba.org Subject: Re: [Samba] Cant correctly join windows 2K3 domain with Gentoo What are you trying to log in to? Do you mean connect to a share or log in to the samba server itself on a shell? Guillermo Gutierrez wrote: Well...eventually I continued on to the net ads join command but I still couldn't get any domain users or groups to show. After that I started up winbind and a few minutes later I saw users and groups. Even though I can see domain info usingthe getent passwd command I still cannot log in as a domain user. -Original Message- From: Aaron Kincer [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 27, 2006 6:21 AM To: Guillermo Gutierrez Cc: samba@lists.samba.org Subject: Re: [Samba] Cant correctly join windows 2K3 domain with Gentoo Have you performed a net ads join command yet? Guillermo Gutierrez wrote: Help me please, I am getting desparate. I have tried to the follow the following how-to for joining a Gentoo Linux samba server to a windows 2003 domain and cant seem to get the the getent passwd command to any domain users. Here is the document that I was following: http://gentoo-wiki.com/HOWTO_Adding_a_Samba_Server_into_an_existing _ A D _D omain Here is my smb.conf as well: # Global Configurations [global] # Netbios Identification netbios name = Solidus workgroup = marketscan realm = MARKETSCAN.COM server string = %h, Gentoo Samba Server %v # Logging Options log file = /var/log/samba/log.%m max log size = 50 log level = 5 # smb password backend # commented out to see if changing it to ldapsam works any better ; passdb backend = tdbsam passdb backend = ldapsam:ldap://10.11.3.177 # Winbind, Domain Options password server = * encrypt passwords = yes security = ads client signing = yes template homedir = /home/MARKETSCAN/%U template shell = /bin/bash winbind enum users = yes winbind enum groups = yes winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 # Network Settings socket options = TCP_NODELAY interfaces = eth0 lo bind interfaces only = yes socket address = 10.11.3.210 # Master Browser options local master = no os level = 2 # WINS and DNS Options wins server = 10.11.3.177 dns proxy = yes # Share level configuration settings # #
[Samba] cifs reading Samba mounted share...permissions error
I have a Samba 3.0.23a-1.fc5.1 configured on a Fedora 5 server. It's joined to an Active Directory 2003 domain controller using Winbind, etc. I'm able to connect from various workstations using active directory user accounts/credentials just fine to shares on this server, permissions work, and all is well. I'm guessing this is set up correctly. However, from another Fedora 5 server, using cifs, I can mount shares on this server, and can list directories/files, but when I try to read or write any files, I can a permission denied error. So to summarize, if I go to an XP workstation in which I'm logged in as domain administrator, go to run and type: \\FEDORASERVER\SHARENAME I can see files, read files and write to files as domain\administrator has full access to these files/directories. However, if from another Fedora 5 server, I mount the share using: mount -rw -t cifs -o user=domain\\administrator,pass=password //FEDORASERVER/SHARENAME /share/FEDORASERVER/SHARENAME/ I can list files, but when trying to do a cat on any file, I get: cat: /share/FEDORASERVER/SHARENAME/test.txt: Permission denied Can someone help with this issue? Shouldn't I be able to read/write from either source exactly the same? Thanks, Max -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] grant access to a file inside a forbidden directory
On Thu, 2006-09-21 at 08:56 +, Toni Casueps wrote: We have a directory where only one person can enter, but there is a file inside which needs to be accessed by other people (that person doesn't want to put that file in a common directory). I have found that if I make a hard link to that file it can be accessed, if the hard link and the directory where it lies have the right permissions. But hard links have a problem, they get unlinked when they are written. I guess the program that writes it instead of updating the file it creates a new one and then deletes the old one, which is the one I linked, so that there are two different files after that, and not one. I think a symlink wouldn't do this but the symlink can't enter the directory because of the permissions. I thought of putting that file into a separate subdirectory and linking to that directory, but I can't hard link a directory. Can you think of any other possibilities? Now I have not tried this, but it may work. creates a new dir in forbidden dir. put global file in this dir. bind mount this dir outside forbidden dir. share the bind mount. -- Regards, Christopher Barry Manager of Information Systems SilverStorm Technologies, Inc. O: 610-233-4870 F: 610-233-4777 C: 267-242-9306 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS over subnets
On Thu, 2006-09-28 at 04:14 +0200, Hoggins! wrote: Hello, I'm trying to make browsing work over several routed subnets, but obviously, something goes wrong. Here's the situation : !---! ! hgsserver ! (SAMBA HOST) !---! | | | |192.168.2.0/24 !--! 192.168.3.0/24 |-! wifigate !- - - - | !--! (several wireless WinXP boxes) | | !--! ! WinXP box! ! hoggins! !--! SNIP... My browse.dat does not contain all I need, it just contains my machine (hoggins) and the server. I would like to have all the other hosts that are on subnet 192.168.3.0/24. These hosts have received the server's IP address as the WINS server in their DHCP transaction, and I can see they communicate with it when doing an ethereal analysis. But the browse list remains desperately empty from these hosts. Any ideas on how to solve this really annoying problem ? Thanks in advance, Hoggins! For each host on 192.168.3.0/24, manually add in the WINS address of hgsserver in the wireless NIC configuration. Because WINS does not jump routers, you'll need to tell the client where to find this information. -- Regards, Christopher Barry Manager of Information Systems SilverStorm Technologies, Inc. O: 610-233-4870 F: 610-233-4777 C: 267-242-9306 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: WINS over subnets
Barry, Christopher a écrit : On Thu, 2006-09-28 at 04:14 +0200, Hoggins! wrote: SNIP... For each host on 192.168.3.0/24, manually add in the WINS address of hgsserver in the wireless NIC configuration. Because WINS does not jump routers, you'll need to tell the client where to find this information. Well, I already did that. It's not manually added, but it's sent through DHCP. I checked that every machine on 192.168.3.0/24 had the correct info. So I don't really think the problem comes from the clients, but from the server instead. My firewall is apparently not the problem, because it blocks nothing on this side. My opinion is that my server configuration is faulty. Did you have a look at it, and did you find errors ? I'm actually thinking of starting from scratch, but I'm not even sure this will solve my problems. Thanks anyway. If anyone can help me on this, it would be wonderful. Hoggins! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: AIX Testers Needed.
Hi Stefan, Bill, How do we participate in this? Can I have a user access to login to your farm and help you test SAMBA on AIX. Possible and in the future for AIX 5.3 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefan (metze) Metzmacher Sent: Thursday, September 28, 2006 10:50 AM To: William Jojo Cc: samba@lists.samba.org; samba-technical@lists.samba.org Subject: Re: AIX Testers Needed. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Bill, of many reasons my AIX patches are way behind) I can create you a .4 entitled VIOC (presented as 2 VCPU with SMT, so 4 logical CPU) with 2 GB memory. How much disk does it need? 1GB free disk would be nice, but 2GB memory isn't needed 512MB would do it really fine. It would be nice to have each production release of AIX in the farm. Ok, so 512MB it is. How about a 5.2 and 5.3 system? Just need some specifics on rootpw and any other specifics that are important. I can get those systems rockin' next week for you. (Gotta find my later 5.2 CD's for virtual support, but the 5.3 I can do immediately) That's fine! see http://build.samba.org/instructions.html for what we need. having ssh access as user build would also be cool to track down specific bugs, but it's not strictly needed. http://build.samba.org/?function=View+Build;host=oehmesrs6k;tree=samb a_3_0;compiler=cc the problem here is known, the pidl generated files are commited to the svn tree without using --uint-enums and the cc compiler rejects to compile enums with negative values... Which cc compiler? I'll look it up. I don't know, it's AIX 5.2 but with the --uint-enums flags it build fine on samba4..., so we could workarround. That's a gcc option, correct? and you're compiling with cc? no a pidl option. see the generated code in librpc/gen_ndr/ in samba3 it gets commited to svn as samba3 should not depend on pidl. in samba4 we recreate this files with each build, because samba4 replies on working perl and includes pidl. So we know how a fix for samba3 could look like, just pass --uint-enums to pidl when generating the files. But we need a bit of discussion about this. But it will be fixed for the next official release! metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG+80m70gjA5TCD8RAvC9AJ9aRSG/cKC5Y++LYPI1KM2apVA57QCfW6Ua ttiN0c9J/NSW6z7qXfyizJM= =bE5b -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: cifs reading Samba mounted share...permissions error
Max Kipness max at assuredata.com writes: However, if from another Fedora 5 server, I mount the share using: mount -rw -t cifs -o user=domain\\administrator,pass=password //FEDORASERVER/SHARENAME /share/FEDORASERVER/SHARENAME/ I can list files, but when trying to do a cat on any file, I get: cat: /share/FEDORASERVER/SHARENAME/test.txt: Permission denied You might want to try adding noperm as a mount option. Read the man page for mount.cifs to see if this is suitable in your situation. Akemi -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain problem... (other way)
27 sep 2006 kl. 16:26 skrev Elvis Aaron Presley: I used net rpc join -S server32 -U Administrador to add the linux machine to the domain. The net ad leave is for the kerberos method if I'm not in a mistake. Do you mean remove all computer accounts at the domain server? !!??!?!?!!??!? Noo! Just the Samba account. You can't add it again if its there. (Well, you can reset AD accounts also.) Elvis -Mensaje original- De: Henrik Zagerholm [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 27 de septiembre de 2006 15:40 Para: Elvis Aaron Presley CC: 'Lista Samba' Asunto: Re: [Samba] Domain problem... (other way) I would remove any computer accounts in AD. You think should have used net ad leave before uninstall. Do you use net rpc join or net ads join? 27 sep 2006 kl. 14:44 skrev Elvis Aaron Presley: Ok, I see there is no solution for this strange situation... Now, I want to reinstall samba and winbind. I'll delete the user and the computer at the domain. I'll uninstall samba and winbind using apt-get on my debian How can I deatach the machine from the domain on linux? Is there something more to do to start again? Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: miércoles, 27 de septiembre de 2006 12:59 Para: 'Lista Samba' Asunto: RE: [Samba] Domain problem... Hello, I've tried what you said and restarted samba and winbind... But no success... :( After that, I re-joined to the domain, but the same result... I see when I tried to rejoin to the domain in the PDC w2000 event log a 5722 event. This is the error message: The session setup from the computer ORACLE failed to authenticate. The name of the account referenced in the security database is ORACLE$. The following error occurred: Access is denied. But the user exist at the domain. ¿? I see the log at /var/log/samba/log.winbindd with this: [2006/09/27 11:39:50, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 11:39:50, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm The log at /var/log/samba/log.wb-RXN32 has: [2006/09/27 12:07:04, 0] libsmb/credentials.c:creds_client_check(256) creds_client_check: credentials check failed. [2006/09/27 12:07:04, 0] rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(898) rpccli_netlogon_sam_network_logon: credentials chain check failed [2006/09/27 12:07:04, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network address for KDC in requested realm [2006/09/27 12:07:04, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain RXN32 failed: Cannot resolve network address for KDC in requested realm But I'm not using kerberos. In addition, this errors are present too in other older dates, and the server was working fine at that dates. What can I do? I need to share folder on my debian to domain users... :S Elvis -Mensaje original- De: Henrik Zagerholm [mailto:[EMAIL PROTECTED] Enviado el: miércoles, 27 de septiembre de 2006 9:30 Para: Elvis Aaron Presley CC: 'Lista Samba' Asunto: Re: [Samba] Domain problem... Hello, winbind enum users = yes winbind enum groups = yes also check that getent passwd shows domain users. Cheers, Henrik 27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley: Nobody knows any information or test for me? :( Elvis -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006 14:04 Para: Lista Samba Asunto: [Samba] Domain problem... Hello all, This is the first time I write to the list. Sorry about my english... My Debian Sarge server was working perfectly with samba and winbind as a normal client in a Domain enviroment. I was able to share folders on my linux machine giving rights to the domain users. Everything was working until one day in that it crashed for some reason I don't know. I didn't touch anything of my config files (smb.conf,nsswitch.conf) so I suppose it's ok. The problem is that now, I can't do wbinfo -u successfully. It returns Error looking domain users, so I can't share directories with domain users. Enviroment info: PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS server Debian: domain client (ip 192.168.1.249,netbios-name oracle) with DNS server Other clients in the network uses DNS1 192.168.1.102 and DNS2 192.168.1.249 ... I don't know if this info is relevant. net rpc join -S server32 -U Administrador%pass returns Joined domain RXN32. wbinfo -m returns RXN32 - is the netbios name of the domain wbinfo -t returns checking the trust secret via RPC calls succeeded wbinfo -u returns Error looking up
Re: [Samba] WINS over subnets
Barry, Christopher wrote: For each host on 192.168.3.0/24, manually add in the WINS address of hgsserver in the wireless NIC configuration. Because WINS does not jump routers, you'll need to tell the client where to find this information. This is not entirely correct. Many routers can be configured to forward NetBIOS and WINS frames. Firewalls that split subnets off different interfaces can do it too. However, it can be messy to forward broadcast frames. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX Testers Needed.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carlos Eduardo Pedroza Santiviago schrieb: Hi, What I'd like to do instead is make as much of the package dependant upon shared libs and to allow for completeness of the package. In other words, BDB, OpenSSL, OpenLDAP, SASL, KRB5, libiconv and gcc shared libs are all included as *complete* packages; you'll have an LDAP server, Kerberos support, SSL and Berkeley tools for hot backups and recovery. It would be really nice to have some more AIX machines in our build-farm! Btw: the SAMBA_3_0 branch currently fails to build on AIX, http://build.samba.org/?function=View+Build;host=aix1;tree=samba_3_0;compiler=gcc with: ld: 0711-783 WARNING: TOC overflow. TOC size: 90328 Maximum size: 65536 Extra instructions are being generated for each reference to a TOC symbol if the symbol is in the TOC overflow area. http://build.samba.org/?function=View+Build;host=oehmesrs6k;tree=samba_3_0;compiler=cc the problem here is known, the pidl generated files are commited to the svn tree without using --uint-enums and the cc compiler rejects to compile enums with negative values... It would be nice to get this problems fixed... metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG8Czm70gjA5TCD8RArrFAJ4mg5fWq+5oVoXK/nmfGe6FdLMTqQCeNYk4 DLmjC5PCKxvZ/s2zxfTvpH8= =krXU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Password Change On Windows
Hi Community. I have at least just one short question. Is it possible to configure SAMBA in a way, that it notice the password change on Winn 2000 or Win XP system and adjust this password change in it's one password file without using LDAP or other password server? Thanks VJ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX Testers Needed.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi William, It would be really nice to have some more AIX machines in our build-farm! How many? I'm adding 8 more CPUs and 16GB to our 560 Saturday (which is one of many reasons my AIX patches are way behind) I can create you a .4 entitled VIOC (presented as 2 VCPU with SMT, so 4 logical CPU) with 2 GB memory. How much disk does it need? 1GB free disk would be nice, but 2GB memory isn't needed 512MB would do it really fine. It would be nice to have each production release of AIX in the farm. Btw: the SAMBA_3_0 branch currently fails to build on AIX, I fixed this a couple of times. :-) You need -bbigtoc anywhere you do linking (shared libs, execs, etc) Ah, thanks! I somehow gets lost somewhere in samba3's configure after it's added to DYNEXP, I'm debugging this currently. http://build.samba.org/?function=View+Build;host=oehmesrs6k;tree=samba_3_0;compiler=cc the problem here is known, the pidl generated files are commited to the svn tree without using --uint-enums and the cc compiler rejects to compile enums with negative values... Which cc compiler? I'll look it up. I don't know, it's AIX 5.2 but with the --uint-enums flags it build fine on samba4..., so we could workarround. metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG9Mpm70gjA5TCD8RAhGEAJ9oOP/yMqejwPBgW2qVTBW+YQGCMACcD5RM qePSlZ2uR+oVzfwSi8vXdZQ= =9SNv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX Testers Needed.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 William Jojo schrieb: - Original Message - From: Stefan (metze) Metzmacher [EMAIL PROTECTED] To: Carlos Eduardo Pedroza Santiviago [EMAIL PROTECTED] Cc: William Jojo [EMAIL PROTECTED]; samba@lists.samba.org; samba-technical@lists.samba.org Sent: Thursday, September 28, 2006 8:31 AM Subject: Re: AIX Testers Needed. Carlos Eduardo Pedroza Santiviago schrieb: Hi, What I'd like to do instead is make as much of the package dependant upon shared libs and to allow for completeness of the package. In other words, BDB, OpenSSL, OpenLDAP, SASL, KRB5, libiconv and gcc shared libs are all included as *complete* packages; you'll have an LDAP server, Kerberos support, SSL and Berkeley tools for hot backups and recovery. It would be really nice to have some more AIX machines in our build-farm! How many? I'm adding 8 more CPUs and 16GB to our 560 Saturday (which is one of many reasons my AIX patches are way behind) I can create you a .4 entitled VIOC (presented as 2 VCPU with SMT, so 4 logical CPU) with 2 GB memory. How much disk does it need? Btw: the SAMBA_3_0 branch currently fails to build on AIX, http://build.samba.org/?function=View+Build;host=aix1;tree=samba_3_0;compiler=gcc with: ld: 0711-783 WARNING: TOC overflow. TOC size: 90328 Maximum size: 65536 Extra instructions are being generated for each reference to a TOC symbol if the symbol is in the TOC overflow area. I fixed this a couple of times. :-) You need -bbigtoc anywhere you do linking (shared libs, execs, etc) In samba4 we use this: CPP= ccache gcc -E CPPFLAGS = -I./include -I. -I./lib -D_SAMBA_BUILD_=4 -DHAVE_CONFIG_H CC = ccache gcc CFLAGS = -Wall -I./include -I. -I./lib -D_SAMBA_BUILD_=4 - -DHAVE_CONFIG_H PICFLAG= -O2 LD = ccache gcc LDFLAGS= -Wl,-brtl,-bexpall,-bbigtoc -L./bin STLD = /usr/bin/ar STLD_FLAGS = -rcs SHLD = ccache gcc SHLD_FLAGS = -Wl,-G,-bexpall -L./bin SHLIBEXT = so should I change SHLD_FLAGS to -Wl,-G,-bexpall,-bbigtoc -L./bin ? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG9x2m70gjA5TCD8RArCNAJ0R6EHTuTkKM2rb3FlqoWq9Ld9EkwCfXql4 f6SRDgmj5razPa7NZcw9F9E= =FnjF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX Testers Needed.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 William Jojo schrieb: Definitely. :-) ok, commited in rev 18975(samba4) and rev 18976(samba3) metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG+awm70gjA5TCD8RAtzTAKCAn1t+nEL5MfnF/edKFc1BhDvuWQCfXEtp hecqF4EOVYU+JEcMxIgZ9R4= =QdnF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX Testers Needed.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Bill, of many reasons my AIX patches are way behind) I can create you a .4 entitled VIOC (presented as 2 VCPU with SMT, so 4 logical CPU) with 2 GB memory. How much disk does it need? 1GB free disk would be nice, but 2GB memory isn't needed 512MB would do it really fine. It would be nice to have each production release of AIX in the farm. Ok, so 512MB it is. How about a 5.2 and 5.3 system? Just need some specifics on rootpw and any other specifics that are important. I can get those systems rockin' next week for you. (Gotta find my later 5.2 CD's for virtual support, but the 5.3 I can do immediately) That's fine! see http://build.samba.org/instructions.html for what we need. having ssh access as user build would also be cool to track down specific bugs, but it's not strictly needed. http://build.samba.org/?function=View+Build;host=oehmesrs6k;tree=samba_3_0;compiler=cc the problem here is known, the pidl generated files are commited to the svn tree without using --uint-enums and the cc compiler rejects to compile enums with negative values... Which cc compiler? I'll look it up. I don't know, it's AIX 5.2 but with the --uint-enums flags it build fine on samba4..., so we could workarround. That's a gcc option, correct? and you're compiling with cc? no a pidl option. see the generated code in librpc/gen_ndr/ in samba3 it gets commited to svn as samba3 should not depend on pidl. in samba4 we recreate this files with each build, because samba4 replies on working perl and includes pidl. So we know how a fix for samba3 could look like, just pass --uint-enums to pidl when generating the files. But we need a bit of discussion about this. But it will be fixed for the next official release! metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG+80m70gjA5TCD8RAvC9AJ9aRSG/cKC5Y++LYPI1KM2apVA57QCfW6Ua ttiN0c9J/NSW6z7qXfyizJM= =bE5b -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with printing
When I try to add drivers through windows gui by connecting to samba server \\server and printers and faxes I got errror saying that the location does not have correct drivers for the printer. This is correct. I think you are just doing it wrong. To add drivers you don't connect to printer. The correct sequence is this: ( direct quote from official HOWTO ) ... Installation of a valid printer driver is not straightforward. You must attempt to view the printer properties for the printer to which you want the driver assigned. Open Windows Explorer, open Network Neighborhood, browse to the Samba host, open Samba's Printers folder, right-click on the printer icon, and select Properties You are now trying to view printer and driver properties for a queue that has this default |NULL| driver assigned. This will result in the following error message: “ Device settings cannot be displayed. The driver for the specified printer is not installed, only spooler properties will be displayed. Do you want to install the driver now?” Do /not/ click on Yes! Instead, click on No in the error dialog. Now you will be presented with the printer properties window. From here, the way to assign a driver to a printer is open. You now have the choice of: * Select a driver from the pop-up list of installed drivers. Initially this list will be empty. * Click on New Driver to install a new printer driver (which will start up the APW). Once the APW is started, the procedure is exactly the same as the one you are familiar with in Windows (we assume here that you are familiar with the printer driver installations procedure on Windows NT). Make sure your connection is, in fact, set up as a user with printer admin privileges (if in doubt, use *smbstatus* to check for this). If you wish to install printer drivers for client operating systems other than Windows NT x86, you will need to use the Sharing tab of the printer properties dialog. Assuming you have connected with an administrative (or root) account (as named by the printer admin parameter), you will also be able to modify other printer properties such as ACLs and default device settings using this dialog. ... Bartosz Wegrzyn - maillists wrote: Hello, I set samba using this config: [global] workgroup = MYGROUP server string = Samba Server printcap name = /etc/printcap load printers = yes printing = cups cups options = raw #guest account = nobody printer admin = blwegrzyn root log file = /var/log/samba/%m.log max log size = 50 security = user dns proxy = no [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes writable = no printable = yes [print$] path = /data/printer guest ok = yes browseable = yes read only = yes write list = blwegrzyn root wegrzyn create mask = 0644 directory mask = 0755 [data] path = /data valid users = blwegrzyn wegrzyn read only = No I added users blwegrzyn root and wegrzyn using smbpasswd -a tool. I can connect to server and browse printers. When I try to add drivers through windows gui by connecting to samba server \\server and printers and faxes I got errror saying that the location does not have correct drivers for the printer. I used exacly same config with fedora2 and it worked great. Now I am using fedora 4. I can access data share without any problems. When I access shares I see also this error: [2006/09/24 12:14:29, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(993) api_pipe_bind_req: unknown auth type 9 requested. in samba log file I am able to add printers , but I cannot add drivers using print$ share. I have to use regular windows wizard and add printers manually. Now, problem, When I try to print to this printers it takes very long. About 5-7 minutes. When I do capture on samba server I see traffic on 445 for that time. Any ideas what am I doing wrong. Samba version: samba-3.0.14a-2 samba-common-3.0.14a-2 samba-swat-3.0.14a-2 system-config-samba-1.2.31-1 samba-client-3.0.14a-2 I tried also to upgrade to latest version, but no luck same problems Thx -- Mike Starov [EMAIL PROTECTED] CME Resource, Inc. Roseville, CA 95661 www.netce.com (916) 783-4238 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: WINS over subnets
On Thu, 2006-09-28 at 19:00 +0200, Hoggins! wrote: Barry, Christopher a écrit : On Thu, 2006-09-28 at 04:14 +0200, Hoggins! wrote: SNIP... For each host on 192.168.3.0/24, manually add in the WINS address of hgsserver in the wireless NIC configuration. Because WINS does not jump routers, you'll need to tell the client where to find this information. Well, I already did that. It's not manually added, but it's sent through DHCP. I checked that every machine on 192.168.3.0/24 had the correct info. So I don't really think the problem comes from the clients, but from the server instead. My firewall is apparently not the problem, because it blocks nothing on this side. My opinion is that my server configuration is faulty. Did you have a look at it, and did you find errors ? I'm actually thinking of starting from scratch, but I'm not even sure this will solve my problems. Thanks anyway. If anyone can help me on this, it would be wonderful. Hoggins! does the WINS server have a route to this wireless net, or is it responding out the default gateway? have you tcpdumped the interfaces on anything yet? -- Regards, Christopher Barry Manager of Information Systems SilverStorm Technologies, Inc. O: 610-233-4870 F: 610-233-4777 C: 267-242-9306 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] windows AD member
Filipe Mota wrote: Gary Dale wrote: Filipe Mota wrote: Hello all, I have a big problem. I have samba 3.0.23c with ldap backend configured. On the network, I have windows 2000, windows XP and one windows 2003 as member of samba domain. Samba runs well until last weeks when users start problems conectivity with the domain. After some debug, I discover nmbd stop responding. When I run comand smbclient to samba server, I have the following respons: session setup failed: Call timed out: server did not respond after 2 milliseconds If I restart samba, this work again for some time. First, I think that was appening because I have AD as member of samba domain, so I put AD in a workgroup. During some days the scenario works but today the problem come back. What can I do to solve this? thanks, I think the basic idea is to recognize that computer software is written by humans and will contain errors. The source of the errors is not always obvious. Therefore system administrators live by the rule if it ain't broke, don't fix it! The question is, what features do you need in your set up? Normally, a Linux distribution ships with an integrated set of software that is believed to be stable and to work together. You will get bug fixes and security updates for that distribution. You install more recent versions of software at your peril. On a production server, you should only do this if you need a feature that is not working in the version shipped with your distribution (whether it is not there or simply not working properly). You have installed 3.0.23c, which is very recent. Nmbd is crashing probably because it doesn't work quite right with other software on your system. Unless you really need something that 3.0.23c provides, I would advise you to downgrade to the version that shipped with your distribution. If you do need to run 3.0.23c, or if that is the version that shipped with your distribution, try setting the log level to 10 in smb.conf and see what results you get. Also, check the other logs to see if there some evidence of a problem. I'm using debian distro as operating system. Before I start to have this problem, I haved samba 3.0.14 install from debian distro. Everything working for almost 1 year. But I needed to change hardware and I reinstalled my server with the same version. The problems start at this time. I tried a lot of things to solve this problems, the last one was upgrade samba. I tried to set log to level 10 and more but I can see any thing. The only conclusion of my debug is when some one try to access to AD server trhought samba, nmbd stop respond. But it don't stop at the first connect. It's ramdom!! Very strange. I'm not sure if problem is in samba server or in AD. I need to use AD server because I have some aplication who need to be install on windows. Could be a bug on samba, a virus, one of the aplication I use in AD? I don't know... Does some one have an idea or a scenario like this one? Thanks, Debian/Sarge is rock solid stable. You can measure server uptime in years. I'm looking after several Debian/Sarge servers and have had no problems with them. Of course, I'm not doing anything fancy - just connecting a few workstations in SOHO settings. Still NMBD should not be stopping. Have you considered the possibility that you may have a hardware problem? Given that the problem persists over different versions of Samba, it's either hardware or configuration. Can your post your smb.conf and maybe I can find something in it. Also, check your disks for errors and run memtest on your server. You may also want to track down a CPU checker (don't ask me, but I'm sure someone sells one). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: AIX Testers Needed.
Hi Stefan, Bill, How do we participate in this? Can I have a user access to login to your farm and help you test SAMBA on AIX. Possible and in the future for AIX 5.3 David -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefan (metze) Metzmacher Sent: Thursday, September 28, 2006 10:50 AM To: William Jojo Cc: samba@lists.samba.org; samba-technical@lists.samba.org Subject: Re: AIX Testers Needed. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Bill, of many reasons my AIX patches are way behind) I can create you a .4 entitled VIOC (presented as 2 VCPU with SMT, so 4 logical CPU) with 2 GB memory. How much disk does it need? 1GB free disk would be nice, but 2GB memory isn't needed 512MB would do it really fine. It would be nice to have each production release of AIX in the farm. Ok, so 512MB it is. How about a 5.2 and 5.3 system? Just need some specifics on rootpw and any other specifics that are important. I can get those systems rockin' next week for you. (Gotta find my later 5.2 CD's for virtual support, but the 5.3 I can do immediately) That's fine! see http://build.samba.org/instructions.html for what we need. having ssh access as user build would also be cool to track down specific bugs, but it's not strictly needed. http://build.samba.org/?function=View+Build;host=oehmesrs6k;tree=samb a_3_0;compiler=cc the problem here is known, the pidl generated files are commited to the svn tree without using --uint-enums and the cc compiler rejects to compile enums with negative values... Which cc compiler? I'll look it up. I don't know, it's AIX 5.2 but with the --uint-enums flags it build fine on samba4..., so we could workarround. That's a gcc option, correct? and you're compiling with cc? no a pidl option. see the generated code in librpc/gen_ndr/ in samba3 it gets commited to svn as samba3 should not depend on pidl. in samba4 we recreate this files with each build, because samba4 replies on working perl and includes pidl. So we know how a fix for samba3 could look like, just pass --uint-enums to pidl when generating the files. But we need a bit of discussion about this. But it will be fixed for the next official release! metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFG+80m70gjA5TCD8RAvC9AJ9aRSG/cKC5Y++LYPI1KM2apVA57QCfW6Ua ttiN0c9J/NSW6z7qXfyizJM= =bE5b -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Yet more printing troubles
I've gone through the docs and the how to's. I've installed a printer under cups, in fact under cups it was a breeze. Its a Sharp MX4501. I have a ppd file for it, it works great from my linux workstation. I've set up a printer share under samba on my domain controller. The windows machines find it, download the driver and then give the error: The 'Sharp-4501' printer driver is not installed on this computer. Some printer properties will not be accessible unless you install the printer driver. Do you want to install the printer driver now? When I check the \windows\system32\spool\drivers\w32x86\ folder, I find the drivers there. When i run rpcclient -Uroot%password -c 'getdriver Sharp-4501' DOMAIN CONTOLLER I get the list of files that I should get. When I run the same command against a windows XP box, i get the same list of drivers, but the dependancy drivers (the long list) is in reverse order from the one I get from the linux machine. does this make a difference? If so, then I would need to re-install the driver again from the rpcclient -c 'adddriver' command, but with the files in the opposite order. I'm happy to supply any information that I might need to. However, its 6:00 pm and i have appointments tonight and probably won't be able to give you any more information before tomorrow. This problem has been driving me crazy for a week. Fedora Core 4, Cups 1.2.1 Samba 3.0.23a Thanks in advance. -- Curtis Maurand Senior Network Systems Engineer BlueTarp Financial, Inc. 443 Congress St. 6th Floor Portland, ME 04101 207.797.5900 x233 (office) 207.797.3833 (fax) mailto:[EMAIL PROTECTED] http://www.bluetarp.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password Change On Windows
Volker Jahns wrote: Hi Community. I have at least just one short question. Is it possible to configure SAMBA in a way, that it notice the password change on Winn 2000 or Win XP system and adjust this password change in it's one password file without using LDAP or other password server? Thanks VJ If your Samba server is the domain controller, then this is how it normally operates - just set Unix Password Sync on. If the Samba server is a member server, set the password server to the domain controller. I haven't done this myself with a server that also served up Unix/Linux accounts, but iI don't think it synchronises the Unix password in this mode. Perhaps one of the list's gurus can correct me on that. The trick isn't in getting Samba to notice - it's that Samba, when acting as a domain controller, handles the Unix password change too. This is only necessary if your server is allowing Unix/Linux users to log on. For simple file and print services, all you need is the Windows password when Samba provides the services. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam_winbind causing local user login failures on 3.0.23c ... and a couple of other things
All, I'm currently running a CentOS 4.4 x86_64 server and wanted to have single-signon for Active Directory users on my domain. CentOS 4.4 comes with Samba 3.0.10-1.4E.9, which ends up filling my logs with messages related to the BUILTIN users/groups. I have a few local user accounts on the server for testing, etc. Since issues related to winbind and BUILTIN users/groups have recently been resolved, I decided to update Samba. I downloaded the Fedora Core RPM for 3.0.23c, rebuilt it on my server and installed it. In order to have a fresh start, I moved the /var/cache/samba directory elsewhere. I successfully completed the following steps: - kinit [EMAIL PROTECTED] - net ads join -Uadministrator - service winbind start - service smb start - wbinfo -u - wbinfo -g - wbinfo -t - wbinfo -n userid I've listed 3 issues ... the first I've solved, but I don't understand why it behaves as it does, the second is more of a question on lower/mixed case group/user ids, but the third issue is related to pam_winbind not allowing local users to login and is causing me lots of grief ... ISSUE #1 I had a problem with getent passwd userid ... it did not print anything to my screen. My logs were full of messages such as: Sep 28 16:42:01 computer1 winbindd[6372]: [2006/09/28 16:42:01, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(491) Sep 28 16:42:01 computer1 winbindd[6372]: rid_idmap_get_id_from_sid: no suitable range available for sid: S-xx Obviously the SIDS were not getting mapped to the UID/GID. My smb.conf file is below: [global] workgroup = DOMAIN realm = DOMAIN.EXAMPLE.COM server string = computer1 interfaces = eth0 security = ADS allow trusted domains = No password server = kdc1.example.com log file = /var/log/samba/%m.log max log size = 1024 smb ports = 445 name resolve order = host deadtime = 15 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 100-1000 idmap gid = 100-1000 idmap backend = rid:BUILTIN=100-499,DOMAIN=500-1000 template homedir = /data/domain/%U template shell = /bin/bash winbind use default domain = Yes winbind nested groups = Yes # winbind refresh tickets = Yes # winbind offline logon = Yes winbind enum users = No winbind enum groups = No load printers = Yes cups options = raw I decided to rearrange the line idmap backend to the following: idmap backend = rid:DOMAIN=500-1000,BUILTIN=100-499 and now getent passwd userid WORKED! The rid_idmap_get_id_from_sid error messages are gone. I don't understand why the order of DOMAIN/BUILTIN should make a difference in winbind being able to map a RID to a SID. Please explain, or is this a bug? ISSUE #2 I decided to also change winbind use default domain to No. I restarted winbind and smb and doing a wbinfo -g resulted in lowercase group names, whereas leaving it as Yes returned mixed case group names, such as: With winbind use default domain = Yes # wbinfo -g . WaterGroup . With winbind use default domain = No # wbinfo -g . DOMAIN\watergroup . Is this significant? is WaterGroup interpretted the same as DOMAIN\watergroup? It appears case is ignored for user and group names. Is this correct? What is the proper way to specify user and group names in smb.conf? ISSUE #3 At this point I am able to login using ADS credentials and all is good, HOWEVER, I CANNOT login using a LOCAL user account. If I comment out the pam_winbind lines in /etc/pam.d/system-auth, I can login, but now I have no ADS authenticated logins. /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass require_membership_of=WaterGroup authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so broken_shadow account sufficient/lib/security/$ISA/pam_succeed_if.so uid 100 quiet account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_winbind.so account required /lib/security/$ISA/pam_permit.so passwordrequisite /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/$ISA/pam_winbind.so use_authtok passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel
Re: [Samba] Cannot connect to a windows network
Nick Black wrote: sudo mount -t smbfs -o username=username \//GM.local/DC4 /mnt/win_share/ ...^Is this '\' a typo? If it's in the command line you are actually emitting, it won't work. Cheersm GaryB-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Change system/samba password via webmin
Hi List, I need my users to change their passwords, so I defined them as webmin users and gived them access only to the system/change password option to do so. So far so good... they changed their system passwords (in order to access email) but the change it's not reflected in samba passwords. I defined the option change password in other modules in webmin but it doesn't works, I also have in the smb.conf unix password sync = yes but the same. I will appreciate if somebody can give me an idea about how to ride this, or maybe using another app? o_0 Thanks in advance. --Ivan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Change system/samba password via webmin
Ivan Arteaga wrote: Hi List, I need my users to change their passwords, so I defined them as webmin users and gived them access only to the system/change password option to do so. So far so good... they changed their system passwords (in order to access email) but the change it's not reflected in samba passwords. I defined the option change password in other modules in webmin but it doesn't works, I also have in the smb.conf unix password sync = yes but the same. I will appreciate if somebody can give me an idea about how to ride this, or maybe using another app? o_0 Thanks in advance. --Ivan. I'm not quite sure what you are asking. Assuming that when you say system password, you are referring to the Windows domain password, and when you say Samba password, you are referring to the Unix/Linux password, then one obvious place to check is password change dialog in smb.conf. It has to match what your Unix/Linux password program is doing (it use expect to get the passwd prompts and feed it the passwords). Otherwise, check the list archives. There have been a couple other similar problems recently that had different solutions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Change system/samba password via webmin
Hi, Basically what I need is the windows users be able to change the unix/linux password because when I installed the server I defined the same username as pass. I am running sendmail and samba(PDC) in the same box, so the system password is the same mail and windows domain pass. And I want to find an easy way for the users change the initial password for their own. I defined the users in the webmin as webmin users and gived them access to the /change system pass/ option in the Samba module 'Configure automatic Unix and Samba user synchronization' But it only changes the system pass, not the samba pass. Do you have any ideas? Thanks in advance ^^ --Ivan. -Original Message- From: Gary Dale [mailto:[EMAIL PROTECTED] Sent: Thursday, September 28, 2006 10:11 PM To: Ivan Arteaga; samba@lists.samba.org Subject: Re: [Samba] Change system/samba password via webmin Ivan Arteaga wrote: Hi List, I need my users to change their passwords, so I defined them as webmin users and gived them access only to the system/change password option to do so. So far so good... they changed their system passwords (in order to access email) but the change it's not reflected in samba passwords. I defined the option change password in other modules in webmin but it doesn't works, I also have in the smb.conf unix password sync = yes but the same. I will appreciate if somebody can give me an idea about how to ride this, or maybe using another app? o_0 Thanks in advance. --Ivan. I'm not quite sure what you are asking. Assuming that when you say system password, you are referring to the Windows domain password, and when you say Samba password, you are referring to the Unix/Linux password, then one obvious place to check is password change dialog in smb.conf. It has to match what your Unix/Linux password program is doing (it use expect to get the passwd prompts and feed it the passwords). Otherwise, check the list archives. There have been a couple other similar problems recently that had different solutions. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Welcome - Important Next Step
Thanks for joining GetItFree.net. Please take a moment to add our email to your address book. If you haven't already done so, post or send your personal link: http://www.getitfree.net/xxwuwkfzw to your friends and tell them about our site. Refer as many friends as you can! When you have referred some friends, you can check the status on your free Adobe Photoshop Elements 3.0 Windows at http://www.getitfree.net/index.php?target=account_giftu=zgjwwhw Best wishes, - Bryan [EMAIL PROTECTED] To stop getting getitfree updates, visit: http://www.getitfree.net/index.php?target=unsubscribeu=xwuwkfzwmid=1159444582851174 Alternatively, you may send a written request to: www.getitfree.net 540 University Ave. Suite 50 Palo Alto, CA 94301 PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r18970 - in branches/SAMBA_4_0/source/lib/replace: .
Author: tridge Date: 2006-09-28 06:43:27 + (Thu, 28 Sep 2006) New Revision: 18970 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18970 Log: avoid strndup and strnlen on AIX. They are quite broken. See http://lists.samba.org/archive/samba-technical/2004-August/036915.html Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 branches/SAMBA_4_0/source/lib/replace/replace.h Changeset: Modified: branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 === --- branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2006-09-28 03:21:49 UTC (rev 18969) +++ branches/SAMBA_4_0/source/lib/replace/libreplace_cc.m4 2006-09-28 06:43:27 UTC (rev 18970) @@ -66,6 +66,8 @@ fi ;; *aix*) + AC_DEFINE(BROKEN_STRNDUP, 1, [Whether strndup is broken]) + AC_DEFINE(BROKEN_STRNLEN, 1, [Whether strnlen is broken]) if test ${GCC} != yes; then ## for funky AIX compiler using strncpy() CFLAGS=$CFLAGS -D_LINUX_SOURCE_COMPAT -qmaxmem=32000 Modified: branches/SAMBA_4_0/source/lib/replace/replace.h === --- branches/SAMBA_4_0/source/lib/replace/replace.h 2006-09-28 03:21:49 UTC (rev 18969) +++ branches/SAMBA_4_0/source/lib/replace/replace.h 2006-09-28 06:43:27 UTC (rev 18970) @@ -121,12 +121,14 @@ size_t rep_strlcat(char *d, const char *s, size_t bufsize); #endif -#ifndef HAVE_STRNDUP +#if (defined(BROKEN_STRNDUP) || !defined(HAVE_STRNDUP)) +#undef HAVE_STRNDUP #define strndup rep_strndup char *rep_strndup(const char *s, size_t n); #endif -#ifndef HAVE_STRNLEN +#if (defined(BROKEN_STRNLEN) || !defined(HAVE_STRNLEN)) +#undef HAVE_STRNLEN #define strnlen rep_strnlen size_t rep_strnlen(const char *s, size_t n); #endif
svn commit: samba r18971 - in branches/SAMBA_4_0/source: lib/registry/common libcli/auth torture/rpc
Author: tridge Date: 2006-09-28 06:44:47 + (Thu, 28 Sep 2006) New Revision: 18971 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18971 Log: avoid strndup is a few places. Fixes a minor memory leak, and should fix RPC-LSA on AIX. Modified: branches/SAMBA_4_0/source/lib/registry/common/reg_util.c branches/SAMBA_4_0/source/libcli/auth/session.c branches/SAMBA_4_0/source/torture/rpc/lsa.c branches/SAMBA_4_0/source/torture/rpc/session_key.c Changeset: Modified: branches/SAMBA_4_0/source/lib/registry/common/reg_util.c === --- branches/SAMBA_4_0/source/lib/registry/common/reg_util.c2006-09-28 06:43:27 UTC (rev 18970) +++ branches/SAMBA_4_0/source/lib/registry/common/reg_util.c2006-09-28 06:44:47 UTC (rev 18971) @@ -171,9 +171,9 @@ if(strchr(name, '\\')) predeflength = strchr(name, '\\')-name; else predeflength = strlen(name); - predefname = strndup(name, predeflength); + predefname = talloc_strndup(mem_ctx, name, predeflength); error = reg_get_predefined_key_by_name(handle, predefname, predef); - SAFE_FREE(predefname); + talloc_free(predefname); if(!W_ERROR_IS_OK(error)) { return error; Modified: branches/SAMBA_4_0/source/libcli/auth/session.c === --- branches/SAMBA_4_0/source/libcli/auth/session.c 2006-09-28 06:43:27 UTC (rev 18970) +++ branches/SAMBA_4_0/source/libcli/auth/session.c 2006-09-28 06:44:47 UTC (rev 18971) @@ -97,7 +97,8 @@ caller should free the returned string */ -char *sess_decrypt_string(DATA_BLOB *blob, const DATA_BLOB *session_key) +char *sess_decrypt_string(TALLOC_CTX *mem_ctx, + DATA_BLOB *blob, const DATA_BLOB *session_key) { DATA_BLOB out; int slen; @@ -107,7 +108,7 @@ return NULL; } - out = data_blob(NULL, blob-length); + out = data_blob_talloc(mem_ctx, NULL, blob-length); if (!out.data) { return NULL; } @@ -117,19 +118,23 @@ if (IVAL(out.data, 4) != 1) { DEBUG(0,(Unexpected revision number %d in session crypted string\n, IVAL(out.data, 4))); + data_blob_free(out); return NULL; } slen = IVAL(out.data, 0); if (slen blob-length - 8) { DEBUG(0,(Invalid crypt length %d\n, slen)); + data_blob_free(out); return NULL; } - ret = strndup((const char *)(out.data+8), slen); + ret = talloc_strndup(mem_ctx, (const char *)(out.data+8), slen); data_blob_free(out); + DEBUG(0,(decrypted string '%s' of length %d\n, ret, slen)); + return ret; } Modified: branches/SAMBA_4_0/source/torture/rpc/lsa.c === --- branches/SAMBA_4_0/source/torture/rpc/lsa.c 2006-09-28 06:43:27 UTC (rev 18970) +++ branches/SAMBA_4_0/source/torture/rpc/lsa.c 2006-09-28 06:44:47 UTC (rev 18971) @@ -976,7 +976,8 @@ blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length); - secret2 = sess_decrypt_string(blob1, session_key); + secret2 = sess_decrypt_string(mem_ctx, + blob1, session_key); if (strcmp(secret1, secret2) != 0) { printf(Returned secret '%s' doesn't match '%s'\n, @@ -1036,7 +1037,8 @@ blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length); - secret4 = sess_decrypt_string(blob1, session_key); + secret4 = sess_decrypt_string(mem_ctx, + blob1, session_key); if (strcmp(secret3, secret4) != 0) { printf(Returned NEW secret %s doesn't match %s\n, secret4, secret3); @@ -1048,7 +1050,8 @@ blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length); - secret2 = sess_decrypt_string(blob1, session_key); + secret2 = sess_decrypt_string(mem_ctx, + blob1, session_key); if (strcmp(secret1, secret2) != 0) { printf(Returned OLD
svn commit: samba r18972 - in branches/SAMBA_4_0/source/smb_server/smb: .
Author: tridge Date: 2006-09-28 06:49:14 + (Thu, 28 Sep 2006) New Revision: 18972 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18972 Log: we don't need this now all builds in the build farm are limited to 150 file descriptors. We'll pretty quickly find leaks :) Modified: branches/SAMBA_4_0/source/smb_server/smb/receive.c Changeset: Modified: branches/SAMBA_4_0/source/smb_server/smb/receive.c === --- branches/SAMBA_4_0/source/smb_server/smb/receive.c 2006-09-28 06:44:47 UTC (rev 18971) +++ branches/SAMBA_4_0/source/smb_server/smb/receive.c 2006-09-28 06:49:14 UTC (rev 18972) @@ -78,18 +78,6 @@ smb_conn-statistics.last_request_time = cur_time; - /* a temporary hack to allow me to find a possible file descriptor leak in - build farm machines (tridge) */ - { - static int maxfd; - int xfd = open(/dev/null, O_RDONLY); - close(xfd); - if (xfd maxfd) { - maxfd = xfd; - DEBUG(0,(MAXFD=%d\n, maxfd)); - } - } - /* see if its a special NBT packet */ if (CVAL(blob.data, 0) != 0) { req = smbsrv_init_request(smb_conn);
svn commit: samba-web r1047 - in trunk: .
Author: deryck Date: 2006-09-28 12:19:39 + (Thu, 28 Sep 2006) New Revision: 1047 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1047 Log: Set RSS for samba.org to use news.samba.org feed. deryck Modified: trunk/header_columns.html Changeset: Modified: trunk/header_columns.html === --- trunk/header_columns.html 2006-09-27 22:57:36 UTC (rev 1046) +++ trunk/header_columns.html 2006-09-28 12:19:39 UTC (rev 1047) @@ -2,7 +2,7 @@ link rel=stylesheet href=/samba/style/common.css type=text/css media=all / link rel=stylesheet href=/samba/style/columns.css type=text/css media=all / link rel=shortcut icon href=/samba/images/favicon.ico / -link rel=alternate href=/samba/news/sambanews.xml type=application/rss+xml title=Samba News / +link rel=alternate href=http://news.samba.org/feeds/sambanews/; type=application/rss+xml title=Samba News / !--[if gte IE 5.5] style type=text/css
svn commit: samba r18973 - in branches/SAMBA_3_0/source: .
Author: metze Date: 2006-09-28 14:08:44 + (Thu, 28 Sep 2006) New Revision: 18973 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18973 Log: we should always set LDFLAGS and DYNEXP depending on the host_os but disable building of shared libs and modules whe enable_shared != yes Also make it easier to track down the problem with lost LDFLAGS values on AIX. metze Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/configure.in Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2006-09-28 06:49:14 UTC (rev 18972) +++ branches/SAMBA_3_0/source/Makefile.in 2006-09-28 14:08:44 UTC (rev 18973) @@ -904,12 +904,16 @@ .SUFFIXES: .c .o [EMAIL PROTECTED]@ .lo SHOWFLAGS: - @echo Using FLAGS = $(FLAGS) - @echo LIBS = $(LIBS) - @echo LDSHFLAGS = $(LDSHFLAGS) - @echo LDFLAGS = $(LDFLAGS) - @echo PIE_CFLAGS = @PIE_CFLAGS@ + @echo Using FLAGS = $(FLAGS) + @echo LIBS= $(LIBS) + @echo LDFLAGS = $(LDFLAGS) + @echo DYNEXP = $(DYNEXP) + @echo PIE_CFLAGS = @PIE_CFLAGS@ @echo PIE_LDFLAGS = @PIE_LDFLAGS@ + @echo LDSHFLAGS = $(LDSHFLAGS) + @echo SHLIBEXT= @SHLIBEXT@ + @echo SONAMEFLAG = @SONAMEFLAG@ + @echo PICFLAGS= @PICFLAGS@ MAKEDIR = || exec false; \ if test -d $$dir; then :; else \ Modified: branches/SAMBA_3_0/source/configure.in === --- branches/SAMBA_3_0/source/configure.in 2006-09-28 06:49:14 UTC (rev 18972) +++ branches/SAMBA_3_0/source/configure.in 2006-09-28 14:08:44 UTC (rev 18973) @@ -615,6 +615,7 @@ esac DYNEXP= +AC_SUBST(DYNEXP) dnl Add modules that have to be built by default here dnl These have to be built static: @@ -1642,15 +1643,14 @@ PICSUFFIX=po SHLIBEXT=so -if test $enable_shared = yes; then - # this bit needs to be modified for each OS that supports share libs - # You need to specify how to create a shared library and - # how to compile C code to produce PIC object files +# this bit needs to be modified for each OS that supports share libs +# You need to specify how to create a shared library and +# how to compile C code to produce PIC object files - AC_MSG_CHECKING([ability to build shared libraries]) +AC_MSG_CHECKING([ability to build shared libraries]) - # and these are for particular systems - case $host_os in +# and these are for particular systems +case $host_os in *linux*) AC_DEFINE(LINUX,1,[Whether the host os is linux]) BLDSHARED=true if test ${ac_cv_gnu_ld_no_default_allow_shlib_undefined} = yes; then @@ -1826,18 +1826,39 @@ *) AC_DEFINE(STAT_ST_BLOCKSIZE,512) ;; - esac - AC_SUBST(DYNEXP) - AC_MSG_RESULT($BLDSHARED) - AC_MSG_CHECKING([linker flags for shared libraries]) - AC_MSG_RESULT([$LDSHFLAGS]) - AC_MSG_CHECKING([compiler flags for position-independent code]) - AC_MSG_RESULT([$PICFLAGS]) +esac + +if test $enable_shared != yes; then + BLDSHARED=false fi +AC_MSG_RESULT($BLDSHARED) + +AC_MSG_CHECKING([LDFLAGS]) +AC_MSG_RESULT([$LDFLAGS]) +AC_MSG_CHECKING([DYNEXP]) +AC_MSG_RESULT([$DYNEXP]) + ### # test whether building a shared library actually works if test $BLDSHARED = true; then + +AC_MSG_CHECKING([SHLD]) +AC_MSG_RESULT([$SHLD]) +AC_MSG_CHECKING([LDSHFLAGS]) +AC_MSG_RESULT([$LDSHFLAGS]) + +AC_MSG_CHECKING([SHLIBEXT]) +AC_MSG_RESULT([$SHLIBEXT]) +AC_MSG_CHECKING([SONAMEFLAG]) +AC_MSG_RESULT([$SONAMEFLAG]) + +AC_MSG_CHECKING([PICFLAGS]) +AC_MSG_RESULT([$PICFLAGS]) + +AC_MSG_CHECKING([NSSSONAMEVERSIONSUFFIX]) +AC_MSG_RESULT([$NSSSONAMEVERSIONSUFFIX]) + AC_CACHE_CHECK([whether building shared libraries actually works], [ac_cv_shlib_works],[ # try building a trivial shared library @@ -1849,6 +1870,7 @@ `eval echo $SHLD` `eval echo $LDSHFLAGS` -o shlib.$SHLIBEXT \ shlib.$PICSUFFIX ac_cv_shlib_works=yes rm -f shlib.$SHLIBEXT shlib.$PICSUFFIX + ]) if test $ac_cv_shlib_works = no; then BLDSHARED=false
svn commit: samba r18974 - in branches/SAMBA_4_0/source/build/m4: .
Author: metze Date: 2006-09-28 15:10:11 + (Thu, 28 Sep 2006) New Revision: 18974 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18974 Log: we don't have the configure check that sets ac_cv_gnu_ld_no_default_allow_shlib_undefined and as -Wl,--allow-shlib-undefined is supported on SuSE 7.3 I don't see a problem is always pass it explicit metze Modified: branches/SAMBA_4_0/source/build/m4/check_ld.m4 Changeset: Modified: branches/SAMBA_4_0/source/build/m4/check_ld.m4 === --- branches/SAMBA_4_0/source/build/m4/check_ld.m4 2006-09-28 14:08:44 UTC (rev 18973) +++ branches/SAMBA_4_0/source/build/m4/check_ld.m4 2006-09-28 15:10:11 UTC (rev 18974) @@ -42,11 +42,7 @@ case $host_os in *linux*) BLDSHARED=true - if test ${ac_cv_gnu_ld_no_default_allow_shlib_undefined} = yes; then - SHLD_FLAGS=-shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined - else - SHLD_FLAGS=-shared -Wl,-Bsymbolic - fi + SHLD_FLAGS=-shared -Wl,-Bsymbolic -Wl,--allow-shlib-undefined LDFLAGS=-Wl,--export-dynamic PICFLAG=-fPIC SONAMEFLAG=-Wl,-soname=
svn commit: samba r18975 - in branches/SAMBA_4_0/source/build/m4: .
Author: metze Date: 2006-09-28 15:12:44 + (Thu, 28 Sep 2006) New Revision: 18975 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18975 Log: follow the advice from William Jojo [EMAIL PROTECTED] and pass -bbigtoc also to the linker when building shared libs metze Modified: branches/SAMBA_4_0/source/build/m4/check_ld.m4 Changeset: Modified: branches/SAMBA_4_0/source/build/m4/check_ld.m4 === --- branches/SAMBA_4_0/source/build/m4/check_ld.m4 2006-09-28 15:10:11 UTC (rev 18974) +++ branches/SAMBA_4_0/source/build/m4/check_ld.m4 2006-09-28 15:12:44 UTC (rev 18975) @@ -95,7 +95,7 @@ ;; *aix*) BLDSHARED=true - SHLD_FLAGS=-Wl,-G,-bexpall + SHLD_FLAGS=-Wl,-G,-bexpall,-bbigtoc LDFLAGS=-Wl,-brtl,-bexpall,-bbigtoc # as AIX code is always position independent... PICFLAG=-O2
svn commit: samba r18977 - in branches/SAMBA_4_0/source/scripting/libjs: .
Author: abartlet Date: 2006-09-28 16:58:28 + (Thu, 28 Sep 2006) New Revision: 18977 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18977 Log: Seperate these asserts, so we know which fired. Andrew Bartlett Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js Changeset: Modified: branches/SAMBA_4_0/source/scripting/libjs/provision.js === --- branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-09-28 15:13:08 UTC (rev 18976) +++ branches/SAMBA_4_0/source/scripting/libjs/provision.js 2006-09-28 16:58:28 UTC (rev 18977) @@ -550,7 +550,8 @@ var attrs = new Array(objectGUID); res = ldb.search(objectGUID=*, subobj.BASEDN, ldb.SCOPE_BASE, attrs); - assert(res.length == 1 res[0].objectGUID != undefined) + assert(res.length == 1); + assert(res[0].objectGUID != undefined); subobj.DOMAINGUID = res[0].objectGUID; subobj.HOSTGUID = searchone(ldb, subobj.BASEDN, ((objectClass=computer)(cn= + subobj.NETBIOSNAME + )), objectGUID);
svn commit: samba r18978 - in branches/SAMBA_4_0/source/lib/ldb/common: .
Author: abartlet Date: 2006-09-28 17:06:38 + (Thu, 28 Sep 2006) New Revision: 18978 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18978 Log: Fix bug found by: http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ The issue here is that if the UTF8 conversion fails, because this isn't actually UTF8 data, then we need to do a binary compare instead. Andrew Bartlett Modified: branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c Changeset: Modified: branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c === --- branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c 2006-09-28 16:58:28 UTC (rev 18977) +++ branches/SAMBA_4_0/source/lib/ldb/common/attrib_handlers.c 2006-09-28 17:06:38 UTC (rev 18978) @@ -184,10 +184,19 @@ return (int)(toupper(*s1)) - (int)(toupper(*s2)); utf8str: - /* non need to recheck from the start, just from the first utf8 char found */ + /* no need to recheck from the start, just from the first utf8 char found */ b1 = u1 = ldb_casefold(ldb, mem_ctx, s1); b2 = u2 = ldb_casefold(ldb, mem_ctx, s2); - + + if (u1 u2) { + /* Both strings converted correctly */ + } else { + /* One of the strings was not UTF8, so we have no options but to do a binary compare */ + + u1 = s1; + u2 = s2; + } + while (*u1 *u2) { if (*u1 != *u2) break; @@ -202,9 +211,10 @@ while (*u2 == ' ') u2++; } ret = (int)(*u1 - *u2); + talloc_free(b1); talloc_free(b2); - + return ret; }
svn commit: samba r18979 - in branches/SAMBA_4_0/source: script/tests setup
Author: abartlet Date: 2006-09-28 17:08:17 + (Thu, 28 Sep 2006) New Revision: 18979 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18979 Log: With these extra indexes (also added for the normal case) and a DB_CONFIG file, we now get reasonable enought performance to pass 'make test' against OpenLDAP. We do have to double the maximum runtime for the torture client however. Andrew Bartlett Modified: branches/SAMBA_4_0/source/script/tests/mktestsetup.sh branches/SAMBA_4_0/source/script/tests/selftest.sh branches/SAMBA_4_0/source/setup/provision_init.ldif Changeset: Modified: branches/SAMBA_4_0/source/script/tests/mktestsetup.sh === --- branches/SAMBA_4_0/source/script/tests/mktestsetup.sh 2006-09-28 17:06:38 UTC (rev 18978) +++ branches/SAMBA_4_0/source/script/tests/mktestsetup.sh 2006-09-28 17:08:17 UTC (rev 18979) @@ -71,7 +71,7 @@ export NETBIOSNAME rm -rf $PREFIX/* -mkdir -p $PRIVATEDIR $ETCDIR $PIDDIR $NCALRPCDIR $LOCKDIR $TMPDIR $TLSDIR $LDAPDIR/db +mkdir -p $PRIVATEDIR $ETCDIR $PIDDIR $NCALRPCDIR $LOCKDIR $TMPDIR $TLSDIR $LDAPDIR/db $LDAPDIR/db/bdb-logs $LDAPDIR/db/tmp if [ -z $VALGRIND ]; then nativeiconv=true @@ -339,9 +339,11 @@ index gidNumber eq index unixName eq index privilege eq -index nCName eq +index nCName eq pres index lDAPDisplayName eq index subClassOf eq +index dnsRoot eq +index nETBIOSName eq pres overlay syncprov syncprov-checkpoint 100 10 @@ -349,6 +351,33 @@ EOF +cat $LDAPDIR/db/DB_CONFIG EOF +# + # Set the database in memory cache size. + # + set_cachesize 0 5242880 + + + # + # Set database flags (this is a test environment, we don't need to fsync()). + # + set_flags DB_TXN_NOSYNC + + # + # Set log values. + # + set_lg_regionmax104857 + set_lg_max 1048576 + set_lg_bsize209715 + set_lg_dir $LDAPDIR/db/bdb-logs + + + # + # Set temporary file creation directory. + # + set_tmp_dir $LDAPDIR/db/tmp +EOF + PROVISION_OPTIONS=$CONFIGURATION --host-name=$NETBIOSNAME --host-ip=127.0.0.1 PROVISION_OPTIONS=$PROVISION_OPTIONS --quiet --domain $DOMAIN --realm $REALM PROVISION_OPTIONS=$PROVISION_OPTIONS --adminpass $PASSWORD --root=$ROOT Modified: branches/SAMBA_4_0/source/script/tests/selftest.sh === --- branches/SAMBA_4_0/source/script/tests/selftest.sh 2006-09-28 17:06:38 UTC (rev 18978) +++ branches/SAMBA_4_0/source/script/tests/selftest.sh 2006-09-28 17:08:17 UTC (rev 18979) @@ -69,6 +69,8 @@ echo LDAP PROVISIONING failed: $srcdir/bin/smbscript $srcdir/setup/provision $PROVISION_OPTIONS --ldap-backend=$LDAPI exit 1; } +#LDAP is slow +TORTURE_MAXTIME=`expr $TORTURE_MAXTIME '*' 2` fi SMBD_TEST_FIFO=$PREFIX/smbd_test.fifo Modified: branches/SAMBA_4_0/source/setup/provision_init.ldif === --- branches/SAMBA_4_0/source/setup/provision_init.ldif 2006-09-28 17:06:38 UTC (rev 18978) +++ branches/SAMBA_4_0/source/setup/provision_init.ldif 2006-09-28 17:08:17 UTC (rev 18979) @@ -12,6 +12,8 @@ @IDXATTR: nCName @IDXATTR: lDAPDisplayName @IDXATTR: subClassOf [EMAIL PROTECTED]: dnsRoot [EMAIL PROTECTED]: nETBIOSName dn: @ATTRIBUTES userPrincipalName: CASE_INSENSITIVE
svn commit: samba r18980 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jra Date: 2006-09-28 18:08:03 + (Thu, 28 Sep 2006) New Revision: 18980 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18980 Log: Be a little more intelligent about startup_time, move into the domain struct. Allow message to go online to set this state and cope with removing it. Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd.h === --- branches/SAMBA_3_0/source/nsswitch/winbindd.h 2006-09-28 17:08:17 UTC (rev 18979) +++ branches/SAMBA_3_0/source/nsswitch/winbindd.h 2006-09-28 18:08:03 UTC (rev 18980) @@ -169,7 +169,8 @@ BOOL primary; /* is this our primary domain ? */ BOOL internal; /* BUILTIN and member SAM */ BOOL online; /* is this domain available ? */ - BOOL startup; /* are we in the first 30 seconds after fork ? */ + time_t startup_time; /* When we set startup true. */ + BOOL startup; /* are we in the first 30 seconds after startup_time ? */ /* Lookup methods for this domain (LDAP or RPC) */ struct winbindd_methods *methods; Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-28 17:08:17 UTC (rev 18979) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c2006-09-28 18:08:03 UTC (rev 18980) @@ -84,6 +84,15 @@ TALLOC_FREE(domain-check_online_event); } + /* Are we still in startup mode ? */ + + if (domain-startup (now-tv_sec domain-startup_time + 30)) { + /* No longer in startup mode. */ + DEBUG(10,(check_domain_online_handler: domain %s no longer in 'startup' mode.\n, + domain-name )); + domain-startup = False; + } + /* We've been told to stay offline, so stay that way. */ @@ -125,8 +134,13 @@ return; } + /* If we're in statup mode, check again in 10 seconds, not in + lp_winbind_cache_time() seconds (which is 5 mins by default). */ + domain-check_online_event = add_timed_event( NULL, - timeval_current_ofs(lp_winbind_cache_time(), 0), + domain-startup ? + timeval_current_ofs(10,0) : + timeval_current_ofs(lp_winbind_cache_time(), 0), check_domain_online_handler, check_domain_online_handler, domain); @@ -161,6 +175,9 @@ GetTimeOfDay(now); set_event_dispatch_time(krb5_ticket_gain_handler, now); domain-online = True; + + /* Ok, we're out of any startup mode now... */ + domain-startup = False; } / @@ -179,7 +196,8 @@ } /* We've been told it's safe to go online and - try and connect to a DC. But I don't believe it... + try and connect to a DC. But I don't believe it + because network manager seems to lie. Wait at least 5 seconds. Heuristics suck... */ if (!domain-check_online_event) { @@ -189,6 +207,11 @@ struct timeval tev; GetTimeOfDay(tev); + + /* Go into startup mode again. */ + domain-startup_time = tev.tv_sec; + domain-startup = True; + tev.tv_sec += 5; set_event_dispatch_time(check_domain_online_handler, tev); } Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-09-28 17:08:17 UTC (rev 18979) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-09-28 18:08:03 UTC (rev 18980) @@ -613,7 +613,7 @@ to force a reconnect now. */ for (domain = domain_list(); domain; domain = domain-next) { - DEBUG(5,(child_msg_online: marking %s online.\n, domain-name)); + DEBUG(5,(child_msg_online: requesting %s to go online.\n, domain-name)); winbindd_flush_negative_conn_cache(domain); set_domain_online_request(domain); } @@ -682,7 +682,6 @@ int fdpair[2]; struct winbindd_cli_state state; extern BOOL
svn commit: samba r18981 - in branches/SAMBA_3_0/source: libmsrpc librpc/gen_ndr librpc/idl rpc_client utils
Author: jerry Date: 2006-09-28 21:19:08 + (Thu, 28 Sep 2006) New Revision: 18981 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18981 Log: * cleanup some vestiges of old cli_reg.c code and mark some TODO items in cac_winreg.c * Get 'net rpc registry enumerate' to list values again * Fix winreg.idl QueryInfoKey(). The max_subkeysize is the max_classlen (we previously had this correct in Samba3) * fix valgrind error about uninitialized memory and use-before-set on size value inmemset() call * Fix key enumeration in 'net rpc registry enumerate' * regenerate gen_dir files based on local pidl patches Please note that the generated ndr files are from my local copy of pidl. If you need to regenerate, please apply the patch that I posted to the samba-technical list earlier today. Modified: branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_dfs.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_echo.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_eventlog.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_initshutdown.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_lsa.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_netlogon.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_srvsvc.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_svcctl.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_unixinfo.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.c branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.h branches/SAMBA_3_0/source/librpc/gen_ndr/cli_wkssvc.c branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.c branches/SAMBA_3_0/source/librpc/gen_ndr/srv_winreg.c branches/SAMBA_3_0/source/librpc/gen_ndr/srv_winreg.h branches/SAMBA_3_0/source/librpc/gen_ndr/winreg.h branches/SAMBA_3_0/source/librpc/idl/winreg.idl branches/SAMBA_3_0/source/rpc_client/cli_reg.c branches/SAMBA_3_0/source/utils/net.h branches/SAMBA_3_0/source/utils/net_rpc_registry.c Changeset: Sorry, the patch is too large (5384 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18981
svn commit: samba r18982 - in branches/SAMBA_3_0/source: . libads libgpo libsmb
Author: gd Date: 2006-09-28 21:33:54 + (Thu, 28 Sep 2006) New Revision: 18982 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18982 Log: Move the gpo related functions to libgpo. Guenther Added: branches/SAMBA_3_0/source/libgpo/ branches/SAMBA_3_0/source/libgpo/gpo_ldap.c branches/SAMBA_3_0/source/libgpo/gpo_parse.c branches/SAMBA_3_0/source/libgpo/gpo_util.c Removed: branches/SAMBA_3_0/source/libads/gpo.c branches/SAMBA_3_0/source/libads/gpo_util.c branches/SAMBA_3_0/source/libsmb/gpo.c Modified: branches/SAMBA_3_0/source/Makefile.in Changeset: Sorry, the patch is too large (1449 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18982
Re: svn commit: samba r18978 - in branches/SAMBA_4_0/source/lib/ldb/common: .
On Thu, 2006-09-28 at 17:06 +, [EMAIL PROTECTED] wrote: Author: abartlet Date: 2006-09-28 17:06:38 + (Thu, 28 Sep 2006) New Revision: 18978 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18978 Log: Fix bug found by: http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ The issue here is that if the UTF8 conversion fails, because this isn't actually UTF8 data, then we need to do a binary compare instead. I think we should just fail. Why should we compare wrong data anyway? Can you give me a valid case where we want to allow invalid utf8 strings? Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org
svn commit: samba r18983 - in branches/SAMBA_3_0/source: include libgpo
Author: gd Date: 2006-09-28 23:04:17 + (Thu, 28 Sep 2006) New Revision: 18983 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18983 Log: Add some comments for the LDAP based GPO routines. Guenther Modified: branches/SAMBA_3_0/source/include/gpo.h branches/SAMBA_3_0/source/libgpo/gpo_ldap.c branches/SAMBA_3_0/source/libgpo/gpo_util.c Changeset: Modified: branches/SAMBA_3_0/source/include/gpo.h === --- branches/SAMBA_3_0/source/include/gpo.h 2006-09-28 21:33:54 UTC (rev 18982) +++ branches/SAMBA_3_0/source/include/gpo.h 2006-09-28 23:04:17 UTC (rev 18983) @@ -20,11 +20,11 @@ enum GPO_LINK_TYPE { - GP_LINK_UNKOWN, - GP_LINK_MACHINE, - GP_LINK_SITE, - GP_LINK_DOMAIN, - GP_LINK_OU + GP_LINK_UNKOWN = 0, + GP_LINK_MACHINE = 1, + GP_LINK_SITE= 2, + GP_LINK_DOMAIN = 3, + GP_LINK_OU = 4 }; /* GPO_OPTIONS */ @@ -41,8 +41,6 @@ struct GROUP_POLICY_OBJECT { uint32 options; /* GPFLAGS_* */ uint32 version; - uint16 version_user; - uint16 version_machine; const char *ds_path; const char *file_sys_path; const char *display_name; @@ -65,8 +63,8 @@ /* 'gPOptions', maybe a bitmask as well */ enum GPO_INHERIT { - GPOPTIONS_INHERIT, - GPOPTIONS_BLOCK_INHERITANCE + GPOPTIONS_INHERIT = 0, + GPOPTIONS_BLOCK_INHERITANCE = 1 }; /* 'flags' in a 'groupPolicyContainer' object */ Modified: branches/SAMBA_3_0/source/libgpo/gpo_ldap.c === --- branches/SAMBA_3_0/source/libgpo/gpo_ldap.c 2006-09-28 21:33:54 UTC (rev 18982) +++ branches/SAMBA_3_0/source/libgpo/gpo_ldap.c 2006-09-28 23:04:17 UTC (rev 18983) @@ -22,6 +22,10 @@ #ifdef HAVE_LDAP +/ + parse the raw extension string into a GP_EXT structure +/ + ADS_STATUS ads_parse_gp_ext(TALLOC_CTX *mem_ctx, const char *extension_raw, struct GP_EXT *gp_ext) @@ -131,6 +135,10 @@ return ADS_ERROR(LDAP_NO_MEMORY); } +/ + parse the raw link string into a GP_LINK structure +/ + ADS_STATUS ads_parse_gplink(TALLOC_CTX *mem_ctx, const char *gp_link_raw, uint32 options, @@ -206,6 +214,10 @@ return ADS_ERROR(LDAP_NO_MEMORY); } +/ + helper call to get a GP_LINK structure from a linkdn +/ + ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *link_dn, @@ -238,6 +250,7 @@ return ADS_ERROR(LDAP_NO_SUCH_ATTRIBUTE); } + /* perfectly leggal to have no options */ if (!ads_pull_uint32(ads, res, gPOptions, gp_options)) { DEBUG(10,(ads_get_gpo_link: no 'gPOptions' attribute found\n)); gp_options = 0; @@ -248,6 +261,10 @@ return ads_parse_gplink(mem_ctx, gp_link, gp_options, gp_link_struct); } +/ + helper call to add a gp link +/ + ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *link_dn, @@ -260,7 +277,6 @@ const char *gp_link, *gp_link_new; ADS_MODLIST mods; - /* although ADS allows to set anything here, we better check here if * the gpo_dn is sane */ @@ -288,14 +304,10 @@ } ads_msgfree(ads, res); - if (gp_link_new == NULL) { - return ADS_ERROR(LDAP_NO_MEMORY); - } + ADS_ERROR_HAVE_NO_MEMORY(gp_link_new); mods = ads_init_mods(mem_ctx); - if (mods == NULL) { - return ADS_ERROR(LDAP_NO_MEMORY); - } + ADS_ERROR_HAVE_NO_MEMORY(mods); status = ads_mod_str(mem_ctx, mods, gPLink, gp_link_new); if (!ADS_ERR_OK(status)) { @@ -305,6 +317,10 @@ return ads_gen_mod(ads, link_dn, mods); } +/ + helper call to delete add a gp link +/ + /* untested broken */ ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, @@ -349,14 +365,10 @@ /* gp_link_new = talloc_asprintf(mem_ctx, %s[%s;%d], gp_link, gpo_dn, gpo_opt); */
svn commit: samba r18985 - in branches/SAMBA_3_0/source: . libgpo
Author: gd Date: 2006-09-28 23:49:36 + (Thu, 28 Sep 2006) New Revision: 18985 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18985 Log: Add parse_gpt_ini() to parse GPT.INI files using iniparser. Guenther Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/libgpo/gpo_parse.c Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2006-09-28 23:13:15 UTC (rev 18984) +++ branches/SAMBA_3_0/source/Makefile.in 2006-09-28 23:49:36 UTC (rev 18985) @@ -615,7 +615,7 @@ $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) $(POPT_LIB_OBJ) \ $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(SERVER_MUTEX_OBJ) \ $(AFS_OBJ) $(AFS_SETTOKEN_OBJ) $(REGFIO_OBJ) $(READLINE_OBJ) \ - $(LDB_OBJ) $(LIBGPO_OBJ) lib/display_sec.o + $(LDB_OBJ) $(LIBGPO_OBJ) $(INIPARSER_OBJ) lib/display_sec.o CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(SECRETS_OBJ) @@ -1031,9 +1031,9 @@ @echo Linking $@ @$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(TOOL_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) -Lbin -lsmbclient -bin/[EMAIL PROTECTED]@: $(NET_OBJ) @BUILD_POPT@ bin/.dummy +bin/[EMAIL PROTECTED]@: $(NET_OBJ) @BUILD_POPT@ @BUILD_INIPARSER@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) $(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) + @$(CC) $(FLAGS) @PIE_LDFLAGS@ -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(UUID_LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) $(TERMLDFLAGS) $(TERMLIBS) $(NSCD_LIBS) @INIPARSERLIBS@ bin/[EMAIL PROTECTED]@: $(PROFILES_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ Modified: branches/SAMBA_3_0/source/libgpo/gpo_parse.c === --- branches/SAMBA_3_0/source/libgpo/gpo_parse.c2006-09-28 23:13:15 UTC (rev 18984) +++ branches/SAMBA_3_0/source/libgpo/gpo_parse.c2006-09-28 23:49:36 UTC (rev 18985) @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * Group Policy Object Support - * Copyright (C) Guenther Deschner 2005 + * Copyright (C) Guenther Deschner 2005-2006 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -19,41 +19,264 @@ */ #include includes.h +#include iniparser/src/iniparser.h -#ifdef HAVE_LDAP +/ + parse the local gpt.ini file +/ #define GPT_INI_SECTION_GENERAL General #define GPT_INI_PARAMETER_VERSION Version #define GPT_INI_PARAMETER_DISPLAYNAME displayName -struct gpt_ini { +NTSTATUS parse_gpt_ini(TALLOC_CTX *mem_ctx, const char *filename, uint32 *version, char **display_name) +{ + NTSTATUS result; + uint32 v; + char *name = NULL; + dictionary *d; + + d = iniparser_load(filename); + if (d == NULL) { + return NT_STATUS_NO_SUCH_FILE; + } + + if ((name = iniparser_getstring(d, GPT_INI_SECTION_GENERAL + :GPT_INI_PARAMETER_DISPLAYNAME, NULL)) == NULL) { + DEBUG(1,(parse_gpt_ini: no name\n)); + /* + result = NT_STATUS_INTERNAL_DB_CORRUPTION; + goto out; + */ + } + + if (name display_name) { + *display_name = talloc_strdup(mem_ctx, name); + if (*display_name == NULL) { + result = NT_STATUS_NO_MEMORY; + goto out; + } + } + + if ((v = iniparser_getint(d, GPT_INI_SECTION_GENERAL + :GPT_INI_PARAMETER_VERSION, Undefined)) == Undefined) { + DEBUG(10,(parse_gpt_ini: no version\n)); + result = NT_STATUS_INTERNAL_DB_CORRUPTION; + goto out; + } + + if (version) { + *version = v; + } + + result = NT_STATUS_OK; + out: + if (d) { + iniparser_freedict(d); + } + + return result; +} + +#if 0 /* not yet */ + +/ + parse the Version section from gpttmpl file +/ + +#define GPTTMPL_SECTION_VERSION Version +#define GPTTMPL_PARAMETER_REVISION Revision +#define GPTTMPL_PARAMETER_SIGNATURE signature +#define GPTTMPL_CHICAGO $CHICAGO$ /* whatever this is good for... */ +#define GPTTMPL_SECTION_UNICODE Unicode +#define GPTTMPL_PARAMETER_UNICODE Unicode + +static NTSTATUS parse_gpttmpl(dictionary *d, uint32
Build status as of Fri Sep 29 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-09-28 00:00:04.0 + +++ /home/build/master/cache/broken_results.txt 2006-09-29 00:00:37.0 + @@ -1,21 +1,21 @@ -Build status as of Thu Sep 28 00:00:02 2006 +Build status as of Fri Sep 29 00:00:02 2006 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 45 6 0 -distcc 45 7 0 -ldb 41 5 0 -libreplace 42 1 0 -lorikeet-heimdal 19 15 0 -ppp 18 0 0 -rsync45 12 0 +ccache 40 8 0 +distcc 40 7 0 +ldb 37 5 0 +libreplace 38 1 0 +lorikeet-heimdal 7 6 0 +ppp 17 0 0 +rsync40 12 0 samba0 0 0 samba-docs 0 0 0 -samba4 43 14 5 -samba_3_042 20 1 +samba4 38 7 1 +samba_3_040 14 1 smb-build31 3 0 -talloc 45 3 0 -tdb 43 2 0 +talloc 41 4 0 +tdb 39 4 0
svn commit: samba r18986 - in branches/SAMBA_3_0/source: . include libgpo
Author: gd Date: 2006-09-29 01:27:54 + (Fri, 29 Sep 2006) New Revision: 18986 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18986 Log: Add some more GPO download helper functions. Guenther Added: branches/SAMBA_3_0/source/libgpo/gpo_fetch.c Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/include/gpo.h Changeset: Modified: branches/SAMBA_3_0/source/Makefile.in === --- branches/SAMBA_3_0/source/Makefile.in 2006-09-28 23:49:36 UTC (rev 18985) +++ branches/SAMBA_3_0/source/Makefile.in 2006-09-29 01:27:54 UTC (rev 18986) @@ -267,7 +267,8 @@ libaddns/dnsupresp.o libaddns/dnsupdate.o libaddns/dnsgss.o LIBADDNS_OBJ = $(LIBADDNS_OBJ0) $(TALLOC_OBJ) -LIBGPO_OBJ0 = libgpo/gpo_ldap.o libgpo/gpo_parse.o libgpo/gpo_util.o +LIBGPO_OBJ0 = libgpo/gpo_ldap.o libgpo/gpo_parse.o libgpo/gpo_util.o \ + libgpo/gpo_fetch.o LIBGPO_OBJ = $(LIBGPO_OBJ0) LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \ Modified: branches/SAMBA_3_0/source/include/gpo.h === --- branches/SAMBA_3_0/source/include/gpo.h 2006-09-28 23:49:36 UTC (rev 18985) +++ branches/SAMBA_3_0/source/include/gpo.h 2006-09-29 01:27:54 UTC (rev 18986) @@ -90,3 +90,6 @@ char **snapins; char **snapins_guid; }; + +#define GPO_CACHE_DIR gpo_cache +#define GPT_INI GPT.INI Added: branches/SAMBA_3_0/source/libgpo/gpo_fetch.c === --- branches/SAMBA_3_0/source/libgpo/gpo_fetch.c2006-09-28 23:49:36 UTC (rev 18985) +++ branches/SAMBA_3_0/source/libgpo/gpo_fetch.c2006-09-29 01:27:54 UTC (rev 18986) @@ -0,0 +1,237 @@ +/* + * Unix SMB/CIFS implementation. + * Group Policy Object Support + * Copyright (C) Guenther Deschner 2005-2006 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include includes.h + +/ + explode the GPO CIFS URI into their components +/ + +NTSTATUS ads_gpo_explode_filesyspath(ADS_STRUCT *ads, +TALLOC_CTX *mem_ctx, +const char *file_sys_path, +char **server, +char **service, +char **nt_path, +char **unix_path) +{ + fstring tok; + pstring path; + + *server = NULL; + *service = NULL; + *nt_path = NULL; + *unix_path = NULL; + + if (!next_token(file_sys_path, tok, \\, sizeof(tok))) { + return NT_STATUS_INVALID_PARAMETER; + } + + if ((*server = talloc_strdup(mem_ctx, tok)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if (!next_token(file_sys_path, tok, \\, sizeof(tok))) { + return NT_STATUS_INVALID_PARAMETER; + } + + if ((*service = talloc_strdup(mem_ctx, tok)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + + if ((*nt_path = talloc_asprintf(mem_ctx, \\%s, file_sys_path)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + + pstrcpy(path, lock_path(GPO_CACHE_DIR)); + pstrcat(path, /); + pstrcat(path, file_sys_path); + pstring_sub(path, \\, /); + + if ((*unix_path = talloc_strdup(mem_ctx, path)) == NULL) { + return NT_STATUS_NO_MEMORY; + } + + return NT_STATUS_OK; +} + +/ + prepare the local disc storage for unix_path +/ + +NTSTATUS ads_gpo_prepare_local_store(ADS_STRUCT *ads, +TALLOC_CTX *mem_ctx, +const char *unix_path) +{ + const char *top_dir = lock_path(GPO_CACHE_DIR); + char *current_dir; + fstring tok; + + current_dir = talloc_strdup(mem_ctx, top_dir); + NT_STATUS_HAVE_NO_MEMORY(current_dir); + + if ((mkdir(top_dir, 0644))
svn commit: samba r18987 - in branches/SAMBA_3_0/source/utils: .
Author: gd Date: 2006-09-29 01:42:28 + (Fri, 29 Sep 2006) New Revision: 18987 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18987 Log: Add some usage prints for net ads gpo. Guenther Modified: branches/SAMBA_3_0/source/utils/net_ads_gpo.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_ads_gpo.c === --- branches/SAMBA_3_0/source/utils/net_ads_gpo.c 2006-09-29 01:27:54 UTC (rev 18986) +++ branches/SAMBA_3_0/source/utils/net_ads_gpo.c 2006-09-29 01:42:28 UTC (rev 18987) @@ -46,15 +46,18 @@ TALLOC_CTX *mem_ctx; ADS_STRUCT *ads; ADS_STATUS status; - const char *attrs[] = {distinguishedName, userAccountControl, NULL}; + const char *attrs[] = { userAccountControl, NULL }; LDAPMessage *res = NULL; const char *filter; char *dn = NULL; struct GROUP_POLICY_OBJECT *gpo_list; uint32 uac = 0; uint32 flags = 0; + struct GROUP_POLICY_OBJECT *gpo; + NTSTATUS result; if (argc 1) { + printf(usage: net ads gpo effective username|machinename\n); return -1; } @@ -99,7 +102,7 @@ flags |= GPO_LIST_FLAG_MACHINE; } - printf(%s: '%s' has dn: '%s'\n, + printf(\n%s: '%s' has dn: '%s'\n\n, (uac UF_WORKSTATION_TRUST_ACCOUNT) ? machine : user, argv[0], dn); @@ -108,19 +111,29 @@ goto out; } - printf(unsorted full dump of all GPOs for this machine:\n); + for (gpo = gpo_list; gpo; gpo = gpo-next) { - { - struct GROUP_POLICY_OBJECT *gpo = gpo_list; + char *server, *share, *nt_path, *unix_path; - for (gpo = gpo_list; gpo; gpo = gpo-next) { - dump_gpo(mem_ctx, gpo); + printf(--\n); + printf(Name:\t\t\t%s\n, gpo-display_name); + printf(LDAP GPO version:\t%d (user: %d, machine: %d)\n, + gpo-version, + GPO_VERSION_USER(gpo-version), + GPO_VERSION_MACHINE(gpo-version)); + + result = ads_gpo_explode_filesyspath(ads, mem_ctx, gpo-file_sys_path, +server, share, nt_path, unix_path); + if (!NT_STATUS_IS_OK(result)) { + printf(got: %s\n, nt_errstr(result)); } + + printf(GPO stored on server: %s, share: %s\n, server, share); + printf(\tremote path:\t%s\n, nt_path); + printf(\tlocal path:\t%s\n, unix_path); } - printf(sorted full dump of all GPOs valid for this machine:\n); - -out: + out: ads_memfree(ads, dn); ads_msgfree(ads, res); @@ -214,6 +227,7 @@ uint32 flags = 0; if (argc 1) { + printf(usage: net ads gpo apply username|machinename\n); return -1; } @@ -291,6 +305,7 @@ struct GP_LINK gp_link; if (argc 1) { + printf(usage: net ads gpo getlink linkname\n); return -1; } @@ -327,6 +342,7 @@ TALLOC_CTX *mem_ctx; if (argc 2) { + printf(usage: net ads gpo addlink linkdn gpodn [options]\n); return -1; } @@ -397,6 +413,7 @@ TALLOC_CTX *mem_ctx; struct GROUP_POLICY_OBJECT gpo; uint32 sysvol_gpt_version; + char *display_name; if (argc 1) { return -1; @@ -424,14 +441,17 @@ } dump_gpo(mem_ctx, gpo); -#if 0 - status = ADS_ERROR_NT(ads_gpo_get_sysvol_gpt_version(ads, mem_ctx, gpo.file_sys_path, sysvol_gpt_version)); + + status = ADS_ERROR_NT(ads_gpo_get_sysvol_gpt_version(ads, mem_ctx, +gpo.file_sys_path, + sysvol_gpt_version, +display_name)); if (!ADS_ERR_OK(status)) { goto out; } printf(sysvol GPT version: %d\n, sysvol_gpt_version); -#endif + out: talloc_destroy(mem_ctx); ads_destroy(ads);
svn commit: samba r18988 - in branches/SAMBA_3_0/source: libgpo utils
Author: gd Date: 2006-09-29 01:49:26 + (Fri, 29 Sep 2006) New Revision: 18988 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18988 Log: Check and refresh expired GPOs. Guenther Modified: branches/SAMBA_3_0/source/libgpo/gpo_util.c branches/SAMBA_3_0/source/utils/net_ads_gpo.c Changeset: Modified: branches/SAMBA_3_0/source/libgpo/gpo_util.c === --- branches/SAMBA_3_0/source/libgpo/gpo_util.c 2006-09-29 01:42:28 UTC (rev 18987) +++ branches/SAMBA_3_0/source/libgpo/gpo_util.c 2006-09-29 01:49:26 UTC (rev 18988) @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * Group Policy Object Support - * Copyright (C) Guenther Deschner 2005 + * Copyright (C) Guenther Deschner 2005-2006 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -522,4 +522,127 @@ return ADS_ERROR(LDAP_SUCCESS); } +/ + check wether the version number in a GROUP_POLICY_OBJECT match those of the + locally stored version. If not, fetch the required policy via CIFS +/ + +NTSTATUS check_refresh_gpo(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + struct GROUP_POLICY_OBJECT *gpo, + struct cli_state **cli_out) +{ + NTSTATUS result; + char *server, *share, *nt_path, *unix_path; + uint32 sysvol_gpt_version = 0; + char *display_name; + struct cli_state *cli = NULL; + + result = ads_gpo_explode_filesyspath(ads, mem_ctx, gpo-file_sys_path, +server, share, nt_path, unix_path); + + if (!NT_STATUS_IS_OK(result)) { + goto out; + } + + result = ads_gpo_get_sysvol_gpt_version(ads, mem_ctx, + unix_path, + sysvol_gpt_version, + display_name); + if (!NT_STATUS_IS_OK(result) + !NT_STATUS_EQUAL(result, NT_STATUS_NO_SUCH_FILE)) { + DEBUG(10,(check_refresh_gpo: failed to get local gpt version: %s\n, + nt_errstr(result))); + goto out; + } + + while (gpo-version sysvol_gpt_version) { + + DEBUG(1,(check_refresh_gpo: need to refresh GPO\n)); + + if (*cli_out == NULL) { + + result = cli_full_connection(cli, global_myname(), +server, /* ads-config.ldap_server_name, */ +NULL, 0, +share, A:, +ads-auth.user_name, NULL, ads-auth.password, + CLI_FULL_CONNECTION_USE_KERBEROS, +Undefined, NULL); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(10,(check_refresh_gpo: failed to connect: %s\n, nt_errstr(result))); + goto out; + } + + *cli_out = cli; + } + + result = ads_fetch_gpo_files(ads, mem_ctx, *cli_out, gpo); + if (!NT_STATUS_IS_OK(result)) { + goto out; + } + + result = ads_gpo_get_sysvol_gpt_version(ads, mem_ctx, + unix_path, + sysvol_gpt_version, + display_name); + if (!NT_STATUS_IS_OK(result)) { + DEBUG(10,(check_refresh_gpo: failed to get local gpt version: %s\n, + nt_errstr(result))); + goto out; + } + + if (gpo-version == sysvol_gpt_version) { + break; + } + } + + DEBUG(10,(Name:\t\t\t%s\n, gpo-display_name)); + DEBUGADD(10,(sysvol GPT version:\t%d (user: %d, machine: %d)\n, + sysvol_gpt_version, + GPO_VERSION_USER(sysvol_gpt_version), + GPO_VERSION_MACHINE(sysvol_gpt_version))); + DEBUGADD(10,(LDAP GPO version:\t%d (user: %d, machine: %d)\n, + gpo-version, + GPO_VERSION_USER(gpo-version), + GPO_VERSION_MACHINE(gpo-version))); + + result = NT_STATUS_OK; + + out: + return result; + +} + +/ + check wether the version numbers in the
Re: svn commit: samba r18978 - in branches/SAMBA_4_0/source/lib/ldb/common: .
On Thu, 2006-09-28 at 18:53 -0400, simo wrote: On Thu, 2006-09-28 at 17:06 +, [EMAIL PROTECTED] wrote: Author: abartlet Date: 2006-09-28 17:06:38 + (Thu, 28 Sep 2006) New Revision: 18978 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18978 Log: Fix bug found by: http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ The issue here is that if the UTF8 conversion fails, because this isn't actually UTF8 data, then we need to do a binary compare instead. I think we should just fail. Why should we compare wrong data anyway? Can you give me a valid case where we want to allow invalid utf8 strings? Imagine a qsort() function, based on this comparison: What would happen if two strings always returned '-1' against each other, even if reversed? I'm not sure there is a valid way to fail this, and given this is the default comparison function, a binary compare seems reasonable to me... Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part
svn commit: samba r18989 - in branches/SAMBA_4_0/source: ldap_server libcli/ldap libcli/util
Author: abartlet Date: 2006-09-29 04:45:15 + (Fri, 29 Sep 2006) New Revision: 18989 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=18989 Log: Fixes found by these two LDAP testsuites: - http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/ - http://gleg.net/protover_ldap_sample.shtml Also fixes found by a subsequent audit of the code for similar issues. Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c branches/SAMBA_4_0/source/libcli/ldap/ldap.c branches/SAMBA_4_0/source/libcli/util/asn1.c Changeset: Modified: branches/SAMBA_4_0/source/ldap_server/ldap_backend.c === --- branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2006-09-29 01:49:26 UTC (rev 18988) +++ branches/SAMBA_4_0/source/ldap_server/ldap_backend.c2006-09-29 04:45:15 UTC (rev 18989) @@ -220,6 +220,10 @@ scope = LDB_SCOPE_SUBTREE; success_limit = 0; break; + default: + result = LDAP_PROTOCOL_ERROR; + errstr = Invalid scope; + break; } if (req-num_attributes = 1) { Modified: branches/SAMBA_4_0/source/libcli/ldap/ldap.c === --- branches/SAMBA_4_0/source/libcli/ldap/ldap.c2006-09-29 01:49:26 UTC (rev 18988) +++ branches/SAMBA_4_0/source/libcli/ldap/ldap.c2006-09-29 04:45:15 UTC (rev 18989) @@ -949,8 +949,14 @@ r-mechanism = LDAP_AUTH_MECH_SIMPLE; asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0)); pwlen = asn1_tag_remaining(data); + if (pwlen == -1) { + return False; + } if (pwlen != 0) { char *pw = talloc_size(msg, pwlen+1); + if (!pw) { + return False; + } asn1_read(data, pw, pwlen); pw[pwlen] = '\0'; r-creds.password = pw; @@ -974,6 +980,9 @@ r-creds.SASL.secblob = NULL; } asn1_end_tag(data); + } else { + /* Neither Simple nor SASL bind */ + return False; } asn1_end_tag(data); break; @@ -1096,8 +1105,9 @@ ldap_decode_attrib(msg, data, mod.attrib); asn1_end_tag(data); if (!add_mod_to_array_talloc(msg, mod, -r-mods, r-num_mods)) - break; +r-mods, r-num_mods)) { + return False; + } } asn1_end_tag(data); @@ -1146,6 +1156,9 @@ asn1_start_tag(data, ASN1_APPLICATION_SIMPLE(LDAP_TAG_DelRequest)); len = asn1_tag_remaining(data); + if (len == -1) { + return False; + } dn = talloc_size(msg, len+1); if (dn == NULL) break; @@ -1179,9 +1192,13 @@ char *newsup; asn1_start_tag(data, ASN1_CONTEXT_SIMPLE(0)); len = asn1_tag_remaining(data); + if (len == -1) { + return False; + } newsup = talloc_size(msg, len+1); - if (newsup == NULL) - break; + if (newsup == NULL) { + return False; + } asn1_read(data, newsup, len); newsup[len] = '\0'; r-newsuperior = newsup; Modified: branches/SAMBA_4_0/source/libcli/util/asn1.c === --- branches/SAMBA_4_0/source/libcli/util/asn1.c2006-09-29 01:49:26 UTC (rev 18988) +++ branches/SAMBA_4_0/source/libcli/util/asn1.c2006-09-29 04:45:15 UTC (rev 18989) @@ -396,6 +396,9 @@ nesting-start = data-ofs; nesting-next = data-nesting; data-nesting = nesting; + if (asn1_tag_remaining(data) == -1) { + return False; + } return !data-has_error; } @@ -426,11 +429,21 @@ /* work out how many bytes are left in this nested tag */ int asn1_tag_remaining(struct asn1_data *data) { + int remaining; + if (data-has_error)