Re: [Samba] Can connect to shares via IP but not hostname
Scott schrieb: John Drescher wrote: On 12/7/06, Scott [EMAIL PROTECTED] wrote: Last night I upgraded my FC5 to samba-3.0.23c from 3.0.21b. As a result I can no longer browse shares on the samba server via \\hostname\share\. I can, however, access everything as usual via \\10.0.0.2\share\. Nothing else in my config has changed. The hostname resolves from all machines on the domain correctly so it's doesn't appear to be a name resolution issue. I can see the root shares on the samba server, but when I try to browse them I get the error: \\hostname\share refers to a location that is unavailable. It could be on a hard drive... I reverted back to 3.0.21b and the error persists. All clients are having the same identical problem. TIA. Is nmbd running on the server? Yes. There are no unusual errors in smbd.log or nmbd.log, either. I can see all the network shares, including those on the samba server, via smbtree. -Scott Are you using ADS kerberos authentication in your network? If so, your kerberos might be broken. When you are using the hostname, the client tries to authenticate via kerberos ticket. If this fails, it's over. When you are using the IP address, the client does not get a ticket for the server (requesting a ticket for 192.168.10.11 instead hostname - but the ADS server only has a ticket for hostname). After that, the client uses NTLM authentication. If this succeeds you become transparently connected to the server. To verify, if this situation matches yours, you could examine your level 10 logs or - better - have a look at the network traces. Bye, Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Anonymous access in windows 2003 sp1
Hi all After I joined domain, I want to mount a share using domain account, the following is my command: smbmount //172.23.26.83/share1 /tmp/sp1/ -o username=administrator,password=password What I got was : 3231: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed The detail debug messages are as follows: mount.smbfs started (version 3.0.23d) added interface ip=172.23.26.83 bcast=172.23.26.255 nmask=255.255.255.0 Connecting to 172.23.26.83 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option TCP_KEEPCNT = 9 socket option TCP_KEEPIDLE = 7200 socket option TCP_KEEPINTVL = 75 socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 50160 socket option SO_RCVBUF = 87378 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 3231: session request ok write_socket(3,183) write_socket(3,183) wrote 183 got smb length of 85 size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=3231 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=40960 (0xA000) smb_vwv[ 8]= 12 (0xC) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=0 (0x0) smb_vwv[12]=53722 (0xD1DA) smb_vwv[13]=42882 (0xA782) smb_vwv[14]=50970 (0xC71A) smb_vwv[15]= 8193 (0x2001) smb_vwv[16]= 2302 (0x8FE) smb_bcc=16 [000] 69 A0 DB 89 48 E0 65 C6 4E 00 41 00 53 00 00 00 i...H.e. N.A.S... size=85 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=49153 smb_tid=0 smb_pid=3231 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=7 (0x7) smb_vwv[ 1]=12803 (0x3203) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=40960 (0xA000) smb_vwv[ 8]= 12 (0xC) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=33011 (0x80F3) smb_vwv[11]=0 (0x0) smb_vwv[12]=53722 (0xD1DA) smb_vwv[13]=42882 (0xA782) smb_vwv[14]=50970 (0xC71A) smb_vwv[15]= 8193 (0x2001) smb_vwv[16]= 2302 (0x8FE) smb_bcc=16 [000] 69 A0 DB 89 48 E0 65 C6 4E 00 41 00 53 00 00 00 i...H.e. N.A.S... write_socket(3,142) write_socket(3,142) wrote 142 got smb length of 64 size=64 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=16385 smb_tid=0 smb_pid=3231 smb_uid=100 smb_mid=2 smt_wct=3 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=1 (0x1) smb_bcc=23 [000] 55 6E 69 78 00 53 61 6D 62 61 20 33 2E 30 2E 32 Unix.Sam ba 3.0.2 [010] 31 63 00 4E 41 53 00 1c.NAS. 3231: session setup ok write_socket(3,76) write_socket(3,76) wrote 76 got smb length of 35 size=35 smb_com=0x75 smb_rcls=1 smb_reh=0 smb_err=5 smb_flg=136 smb_flg2=1 smb_tid=0 smb_pid=3231 smb_uid=100 smb_mid=3 smt_wct=0 smb_bcc=0 3231: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed The cifs mount also can't work: mount error 13 = Permission denied Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) Could someone help me? Is there's a solution other than add anonymous logon to per-window2 2000 security group (because security issue.)? Thanks a lot, Latrell. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Latrell Wang 王獻綱 Sent: Wednesday, December 06, 2006 2:51 PM To: samba@lists.samba.org Subject: [Samba] Anonymous access in windows 2003 sp1 Hi all: As far as I know, win2k3 sp1 disable anonymous access by default. It will remove user “anonymous logon” from pre-windows 2000 compatible access group. Under such circumstance, smbmount will not success because anonymous access will be blocked. One way to solve the problem is to re-add anonymous logon to pre-windows 2000 compatible access group. However, it seems to be a security hole. Does anyone encounter the same problem? How do you get around the problem? My samba version is 3.0.21c. Thanks for any replies, Latrell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and automount?
Hello, I´d like to ask someone if there is a way how to use samba and winbind to automaticaly mount users homedirs that is on w2k3 server share? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Issues with samba PDC + WinXP clients
Hello, I've been trying to configure samba 3.0.23d to work as PDC for a few days now. I can successfully join computer to domain but logging with user credentials fails with error message: The system can not log you on due to the following error: The system cannot find message text for message number 0x%1 in the message file for %2 Eventlog on windows side doesnt show anything usefull. I did all registry tricks on windows side (Sign secure channel). Heres my smb.conf: [global] ; General setting netbios name = SMBADS workgroup = TESTDOMAIN os level = 64 wins support = true ; PDC Settings preferred master = yes local master = yes domain master = yes domain logons = yes security = user encrypt passwords = true ; Log settings log level = 2 log file = /var/log/samba/log.%m syslog = 0 server string = SAMBA-LDAP PDC Server %v ; user profiles and home directory logon home = \\%L\%U\ logon drive = h: logon path = \\%L\profiles\%U logon script = netlogon.bat ; LDAP Configuration passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=example,dc=com ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=example,dc=com ldap delete dn = no ldap password sync = yes enable privileges = yes [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes browseable = No [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and automount?
Could you elaborate your setup a little? I assume that clients are linux? http://lists.samba.org/archive/samba/2006-September/125059.html I think that scenario is very similar to yours ? -- Mikko Koppanen Jiří Červenka wrote: Hello, I´d like to ask someone if there is a way how to use samba and winbind to automaticaly mount users homedirs that is on w2k3 server share? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Enum groups of a user Samba 3.0.23
Hello list, I wonder if I can somehow enumerate all local groups a user is member of? Regards, Henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble getting samba AD integration to work
Thank you! Yes taking the .COM off fixed my issues!! Man I wish there was more intuitive errors on here ;-) Thanks again! On 12/7/06, Rashid N. Achilov [EMAIL PROTECTED] wrote: On Friday 08 December 2006 04:33, soleblazer wrote: I have followed the steps to get Samba setup as a member of AD. Following the instructions I was able to get the samba server added to the AD. When I run wbinfo -g for example, I see all of the groups on the AD. If I do something like kinit with my AD login, I enter my password and it works. I enter a bad AD password and it fails. Have you test your join with net ads join? Is it OK? Are you really sure, that your workgroup= should be MYDOMAIN.COM, not MYDOMAIN? Can you connect to your Samba box with MMC from Windows Machine (Manage-Connect to another computer)? -- With Best Regards. Rashid N. Achilov (RNA1-RIPE), Web: http://www.askd.ru/~shelton OOO ACK telecommunications administrator, e-mail: achilov-rn [at] askd.ru PGP: 83 CD E2 A7 37 4A D5 81 D6 D6 52 BF C9 2F 85 AF 97 BE CB 0A -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 LDAP backend cannot authenticate
Brad Askew schrieb: Aside from using smbldap-populate, the directory is pretty flat, I used smbldap-useradd to add one user to the directory. I have set up the indices as follows. I'm pretty new to the LDAP stuff and probably can't help you much, but: One mean detail i forgot when setting up my users was to set their passwords with smbldap-passwd. You certainly did so, didn't you? timbo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD integration checklist
Hi, I compiled Samba 3.0.23d on a CentOS 4.4 machine. Then I configured /etc/krb5.conf for my domain. Was able to successfully run kinit and join my Windows 2003 domain with a net ads join. Net ads user and net ads group returns the users and the groups of the domain. So far so good. I'm kinda stuck on the next step. I would like to grant access to the share defined in smb.conf to anybody in the domain. How do I make it authenticate users on the domain instead of using the server? Content of smb.conf: [global] workgroup = BENCHCAN server string = Virtual Linux wins server = 192.168.64.20 netbios name = BACKUP realm = BENCHMARKCANADA.COM password server = castor-srvr1.benchmarkcanada.com security = ADS [share] path = / guest ok = no read only = no Thanks! Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] can't add user to samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 while trying to add a user to samba i.e smbpasswd -a user i get the following error init_ldap_from_sam: User's Primary Group SID (S-1-22-2-2009) is not for this domain (S-1-5-21-2472404719-3990724825-3229645963), cannot add to LDAP! ldapsam_add_sam_account: init_ldap_from_sam failed! Failed to add entry for user foma. Failed to modify password entry for user foma tried adding the sid via net groupmap add rid=513|sid=S-1-22-2-2009 unixgroup=foma ntgroup=S-1-5-21-2472404719-3990724825-3229645963 (this does not return an error . it does fail if rid=513 is ommited) when i add -d4 in debug out put i find this [2006/12/08 11:17:07, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2213) ldapsam_getgroup: Did not find group adding entry for group foma failed basicly i am stumped at this point ps: this is with samba 3.0.23b (under freebsd 6.1) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRXmQvNbpM15f9s9nAQJVnQP/Yape9pdAMo89ZIHwOVx3FDRBAhozptlr tDXzRvDF/XKlctR6IIKXx8QgtocP6Z2EgOlEFMK6/xUYelJKbEiC/3T1ChHbCzn2 iysF/kdsac8FEpVI2uuu3alJsGqYdMTAi8ccO7EYWJRoBgGWaVoN151x0PCTt+UJ 3HByIcN00Dg= =vk5e -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
Native mode, global groups. Try the test server with a stock installation and adding ACLs and extended DOS attributes. If you do not have success with that, I can only conclude there is corruption in your AD forest. That isn't unheard of by the way. If you upgraded from mixed mode to native mode, I'd wager a good chance that your corruption started there. James A. Dinkel wrote: The tdb thing didn’t work. Are you running your Win 2000 domain in mixed-mode or native-mode? (ours is native mode, so I’m wondering if that is a problem for samba). Also what is the scope on your groups, we have “global” for the scope on all our groups. **James Dinkel** Network Engineer Butler County of Kansas //There are 10 types of people in the world: those who understand binary, and those who don't.// *From:* Aaron Kincer [mailto:[EMAIL PROTECTED] *Sent:* Thursday, December 07, 2006 5:43 PM *To:* James A. Dinkel *Cc:* samba@lists.samba.org *Subject:* Re: [Samba] Does Samba/Winbind not follow nested groups in AD?!? I had some problems with authentication on a Red Hat server due to corrupted .tdb files in /var/cache/samba and fixed it by deleting them. You could give it a shot by stopping Samba and Winbind, backing up those files to be safe, delete them and restart Samba and WInbind. If that doesn't work, I suspect there is a problem with your AD forest. All the pieces should be there for you. On 12/7/06, *James A. Dinkel* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Well, I think I'm giving up. I've tried following that guide. I've tried replacing my smb.conf to look just like yours. I've tried a bunch of other things that I though might do something. For the life of me, I can not get nested groups to work on this server. James Dinkel -Original Message- From: Aaron Kincer James, You are correct--I don't have windbind nested groups = yes set in my smb.conf. Yes, default 3.0.22. I followed the Ubuntu configuration instructions to the letter found in the Ubuntu forums that I've posted before with only the changes you've seen in my smb.conf. Here is the link to the forum post: http://ubuntuforums.org/archive/index.php/t-91510.html If you have a machine you can throw together as a test machine, fire it up as a stock install and follow these instructions to the letter (if you didn't on your production box) and see if you have any success. Here's where the rubber meets the road. If your test machine correctly nests permissions, then there is something wrong with your production config. If it doesn't, then you have something going on in Active Directory. One more thing--I'm using POSIX ACLs for permissions. Are you? James A. Dinkel wrote: -Original Message- From: Matt Skerritt There is an option in smb.conf called winbind nested groups ... and the help text from swat says: winbind nested groups (G) If set to yes, this parameter activates the support for nested groups. Nested groups are also called local groups or aliases. They work like their counterparts in Windows: Nested groups are defined locally on any machine (they are shared between DC's through their SAM) and can contain users and global groups from any trusted SAM. To be able to use nested groups, you need to run nss_winbind. Please note that per 3.0.3 this is a new feature, so handle with care. Default: winbind nested groups = no So I'm guessing that you want to set winbind nested groups = yes in your smb.conf. -- Matt Skerritt [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] I've put the winbind nested groups = yes in the global section of my samba.conf. (Sorry, I did go over the swat help text, I must have missed this). I went ahead and rebooted the server and tried it again, but it's still a no-go. Aaron, in the smb.conf you showed me, you did not have winbind nested groups = yes ?!? I don't remember if you've told me, but are you using the default Samba 3.0.22 that comes with Ubuntu 6.06? Could there be something wrong with my Winbind setup? Something that has to do with nss_winbind maybe? Is there any way I can test this from the Samba server, using wbinfo maybe? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] A mass O trouble with solaris 10 and Samba+ADS
I have been having a great deal of trouble compiling Samba on Solaris 10 with ADS support. Kerberos compiles fine. Samba does not configure with the standard Solaris LDAP libraries and fails in the following way.: checking for ldap_initialize... no configure: error: Active Directory support requires ldap_initialize And is caused by: configure:35160: checking for ldap_initialize configure:35217: gcc -o conftest -O -D_SAMBA_BUILD_ -D_LARGEFILE_SOURCE -D_REENTRANT -D_FILE_OFFSET_BITS=64 -DLDAP_DE PRECATED -lthread conftest.c -lldap -lresolv -lnsl -lsocket 5 Undefined first referenced symbol in file ldap_initialize /var/tmp//ccGc936o.o ld: fatal: Symbol referencing errors. No output written to conftest collect2: ld returned 1 exit status configure:35223: $? = 1 As documented elsewhere you can use the OpenLDAP libraries: Compiling these requires setting CFLAGS=-D_AVL_H inorder to compile them. I configured OpenLDAP as follows: ./configure -prefix=/usr/local/opt/openldap-2.3.27 -with-shared=no make install Then running samba configuration with these setting: LDFAGS=-L/usr/local/opt/openldap-2.3.27/lib CPPFLAGS=-I/usr/local/opt/openldap-2.3.27/include ./configure --prefix=/usr/local/opt/samba/samba-3.0.23d --with-automount --with-nisplus-home --with-acl-support --with-ads --=/usr/local/opt/krb5/krb5-1.5.1 Gives the following error: checking for ldap_dn2ad_canonical... no configure: error: libldap is needed for LDAP support The problem being seen in config.log Undefined first referenced symbol in file ldap_dn2ad_canonical/var/tmp//ccI8vbBq.o ld: fatal: Symbol referencing errors. No output written to conftest collect2: ld returned 1 exit status configure:35045: $? = 1 configure: failed program was: However configure works if OpenLDAP is compiled with shared libraries! i.e OpenLDAP configured with ./configure -prefix=/usr/local/opt/openldap-2.3.27 -with-shared=yes I have yet to find out why this works with shared libraries but not with static ones (which is what I want). The failure to configure with static libraries seems to be because Openldap's configure picks up the presence of libsasl on Solaris 10 (not present on solaris 9) and uses code found in it. The compile line invoked by Samba's configure does not include -lsasl and hence it fails to compile the program and give the above misleading error. Setting LDFLAGS=-L/usr/local/opt/openldap-2.3.27/lib -lsasl Makes configure work and samba compiles clean with only the static libraries. Also re-compiling OpenLDAP with ./configure -prefix=/usr/local/opt/openldap-2.3.27 -with-shared=no -with-cyrus-sasl=no Also produces a set of (static) openldap libraries that Samba configure copes with without adding -lsasl to the LDFLAGS. So my questions. 1. Are these known bugs? - i.e. if openldap was compiled with sasl support then the compilation line requires a -lsasl. Is configure going to be fixed? 2. For samba purposes is removing libldap's dependency on sasl going to break or limit the functionality of samba in any way? In my case I am not intending to use the OpenLDAP libraries for anything other than Samba. 3. Will samba ever be fixed to compile/configure with native Solaris LDAP libraries. 4. It would be nice to see this documented somewhere, my googleing found little on this topic. Thanks in advance. RB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] howto upgrade/transfer samba domain-user + domain-group data to a new windows 2003 act
You could do what we do - just replace the local machine policies each time you rev the policy set. They're stored in c:\windows\system32\grouppolicy. Using gpscript.exe (Google for it, don't have a specific site) you can dump the contents of either registry.pol file to text. You can also recombine textfiles back into a .pol file, and subsequently rev the gpt.ini file so your new .pol files are utilized. Finding the registry paths to GPOs will take some digging in ADM templates, but if you open the templates with Wordpad you can search for the description you're looking for, and eventually figure out how to format the registry entry. For example, gpscript.exe will dump GPOs like this: /KEY:Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate /VALUE:DisableWindowsUpdateAccess /TYPE:REG_DWORD /DATA:D 0x0001 /SET The KEY value is relative to HKCU or HKLM, depending on whether you're dumped the machine or user policy. The above entry is from user, and disables access to Windows Update. It's not as slick or easy as AD, but it's certainly cheaper, especially if you don't rev your policies that often. Ryan Urs Rau [EMAIL PROTECTED] 12/7/2006 2:52 PM Thanks Michael, On 12/6/06, Michael Schurter [EMAIL PROTECTED] wrote: Urs Rau wrote: We have two basic needs that demand we now introduce active directory servers to our previously 'windows server free' office. One we want to manage the windows xp sp2 desktops using group policies and secondly we have a need to start using shared calendaring. Alternatively, I would also welcome any suggestions that would allow us to use microsoft outlook shared calendaring and enable us to manage the windows xp workstations using group policies, using any other configuration, preferably open source of course. ;-) Group Policy Management in Samba: http://samba.org/samba/docs/man/Samba-HOWTO-Collection/PolicyMgmt.html Not sure if I am missing the trees for the forrest but to me that page seems to support my conclusion. That if I want to use Group Policy features with Samba I _do need_ active directory. I could try to use the older NT4 style System Policies but that is not what I am after, I am after using the _Group_ Policy features that only come with using active directory? Or did I miss something? -- Urs Rau -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can connect to shares via IP but not hostname
Martin Zielinski wrote: Scott schrieb: John Drescher wrote: On 12/7/06, Scott [EMAIL PROTECTED] wrote: Last night I upgraded my FC5 to samba-3.0.23c from 3.0.21b. As a result I can no longer browse shares on the samba server via \\hostname\share\. I can, however, access everything as usual via \\10.0.0.2\share\. Nothing else in my config has changed. The hostname resolves from all machines on the domain correctly so it's doesn't appear to be a name resolution issue. I can see the root shares on the samba server, but when I try to browse them I get the error: \\hostname\share refers to a location that is unavailable. It could be on a hard drive... I reverted back to 3.0.21b and the error persists. All clients are having the same identical problem. TIA. Is nmbd running on the server? Yes. There are no unusual errors in smbd.log or nmbd.log, either. I can see all the network shares, including those on the samba server, via smbtree. -Scott Are you using ADS kerberos authentication in your network? If so, your kerberos might be broken. I'm not using AD. This is a samba box acting as a DC. When you are using the hostname, the client tries to authenticate via kerberos ticket. If this fails, it's over. I'll look into this next. Could it be a PAM issue? -Scott -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
Just a little update. I've found out about the 'id' command and the 'wbinfo -r' command. Both of those commands do NOT return any domain groups that are parents over domain groups for the user. I don't know if this gives any ideas or means anything to anybody. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can connect to shares via IP but not hostname
On Friday 08 December 2006 11:59, Scott wrote: This is a samba box acting as a DC. See the section Procedure 3.5. Server Validation Steps in http://us1.samba.org/samba/docs/man/Samba-Guide/secure.html. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issues with samba PDC + WinXP clients
Greeting mikko, Don't use the registry modification! It is not necessary and cause security vulnerability on the Windows professionnal client. Your LDAP section seen not to be configure correctly on the smb.conf. But it's is not the actual problem with the error message. I can't remember what is the problem, but it is very simple to resolve. I will make some test to have the same error...surely not to long to reproduce :-). If you use LDAP, I suggest you to not use logon options in Samba but use the LDAP options in the directory. By example: logon home -- sambaHomePath logon path -- sambaProfilePath logon drive -- sambaHomeDrive logon script -- sambaLogonScript Robert Hello, I've been trying to configure samba 3.0.23d to work as PDC for a few days now. I can successfully join computer to domain but logging with user credentials fails with error message: The system can not log you on due to the following error: The system cannot find message text for message number 0x%1 in the message file for %2 Eventlog on windows side doesnt show anything usefull. I did all registry tricks on windows side (Sign secure channel). Heres my smb.conf: [global] ; General setting netbios name = SMBADS workgroup = TESTDOMAIN os level = 64 wins support = true ; PDC Settings preferred master = yes local master = yes domain master = yes domain logons = yes security = user encrypt passwords = true ; Log settings log level = 2 log file = /var/log/samba/log.%m syslog = 0 server string = SAMBA-LDAP PDC Server %v ; user profiles and home directory logon home = \\%L\%U\ logon drive = h: logon path = \\%L\profiles\%U logon script = netlogon.bat ; LDAP Configuration passdb backend = ldapsam:ldap://127.0.0.1 ldap suffix = dc=example,dc=com ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=example,dc=com ldap delete dn = no ldap password sync = yes enable privileges = yes [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes browseable = No [profiles] path = /var/lib/samba/profiles read only = no create mask = 0600 directory mask = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD integration checklist
-Original Message- From: Simon Renshaw Sent: Friday, December 08, 2006 10:13 AM Hi, I compiled Samba 3.0.23d on a CentOS 4.4 machine. Then I configured /etc/krb5.conf for my domain. Was able to successfully run kinit and join my Windows 2003 domain with a net ads join. Net ads user and net ads group returns the users and the groups of the domain. So far so good. I'm kinda stuck on the next step. I would like to grant access to the share defined in smb.conf to anybody in the domain. How do I make it authenticate users on the domain instead of using the server? Content of smb.conf: [global] workgroup = BENCHCAN server string = Virtual Linux wins server = 192.168.64.20 netbios name = BACKUP realm = BENCHMARKCANADA.COM password server = castor-srvr1.benchmarkcanada.com security = ADS [share] path = / guest ok = no read only = no Thanks! Simon You need this in your global section: idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes encrypt passwords = yes And this in your share section: valid users = @BENCHCAN\domain users Although this will give all your users access to / which doesn't seem like a good idea, but I assume this is just for testing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows clients aren't synching profiles
Hi. I used to have samba set up on a Fedora Core 3 server that acted as a PDC for a dozen Windows XP clients. I hade roaming profiles working fine. Then I decided to upgrade (reformat) to Fedora Core 6 for the added harware support. I didn't save the right files and hosed my roaming profile (SID issue, I guess). Now I'm remaking the PDC on Fedora Core 6. I'll start everyone off with a fresh profile. I've gotten most of the way there. The Windows XP clients can join the new domain and the users can log into the domain. My problem is that even though users can write to \\%L\Profiles\%U, XP doesn't s seen to even try to write there upon logging off. And it isn't reading from there at log on either. I don't think it's a permissions issue. If I have restrictive permissions on /home/profiles, Windows complains at log on, but when the permissions are set to allow writing, Windows doesn't even try to use the roaming profile share. Here's the output of testparm: [EMAIL PROTECTED] samba]# testparm Load smb config files from /etc/samba/smb.conf Processing section [homes] Processing section [netlogon] Processing section [Profiles] Processing section [printers] Processing section [temp] Processing section [public] Processing section [production] Processing section [database] Processing section [optical] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions [global] workgroup = QUALITY server string = interfaces = 192.168.6.0/24 passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* username map = /etc/samba/smbusers unix password sync = Yes log file = /var/log/samba/%m.log max log size = 50 keepalive = 30 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap logon drive = P: domain logons = Yes os level = 33 preferred master = Yes domain master = Yes dns proxy = No remote announce = 192.168.6.255 hosts allow = 192.168.6., 127. cups options = raw [homes] comment = Home Directory read only = No create mask = 0600 directory mask = 0700 browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes share modes = No [Profiles] path = /home/profiles read only = No guest ok = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [temp] comment = Temporary File Space - Keep Clear path = /home/temp read only = No create mask = 0660 directory mask = 01770 guest ok = Yes [public] comment = Public Stuff path = /home/public create mask = 0664 directory mask = 02775 guest ok = Yes [production] comment = Other Work path = /home/production create mask = 0664 directory mask = 02775 guest ok = Yes [database] comment = QC Database path = /home/database create mask = 0660 directory mask = 02770 [optical] comment = Optical Drive path = /media/cdrecorder guest ok = Yes And here is a directory listing that shows my unix permissions: [EMAIL PROTECTED] home]# ll total 48 drwx-- 2 alexdomain_users 4096 Dec 6 19:45 alex drwx-- 21 davedomain_users 4096 Dec 7 18:52 dave drwx-- 2 dominic domain_users 4096 Dec 6 19:45 dominic drwx-- 2 gilda domain_users 4096 Dec 6 19:45 gilda drwx-- 2 karine domain_users 4096 Dec 6 19:45 karine drwx-- 2 laura domain_users 4096 Dec 6 19:45 laura drwx-- 2 lucydomain_users 4096 Dec 6 19:45 lucy drwxr-xr-x 2 rootdomain_users 4096 Dec 6 19:47 netlogon drwxr-xr-x 6 rootdomain_users 4096 Dec 7 18:32 profiles drwx-- 2 stacey domain_users 4096 Dec 6 19:45 stacey drwx-- 2 tanya domain_users 4096 Dec 6 19:45 tanya And the profiles directory: [EMAIL PROTECTED] profiles]# ll -a total 36 drwxr-xr-x 5 root domain_users 4096 Dec 7 19:18 . drwxr-xr-x 13 root root 4096 Dec 6 19:47 .. drwx--+ 2 alex domain_users 4096 Dec 7 16:24 alex drwx--+ 7 laura domain_users 4096 Dec 7 18:34 laura drwx--+ 2 tanya domain_users 4096 Dec 7 17:55 tanya One thing I noticed that's different this time is that the samba is using ACLs. The three directories listed above were created automatically when those users first signed on. They stay empty, but they should contain the users' profiles. Here is what the ACLs look like: [EMAIL PROTECTED] profiles]# getfacl laura # file: laura # owner: laura # group: domain_users user::rwx group::--- other::--- default:user::rwx default:group::---
[Samba] winbindd to NT 4.0
Hi, I have a Samba server Version 3.0.14a-2. It has been working flawlessly for close to a year. I utilize winbindd to a NT4.0 domain to authenticate users to my Samba shares. All of a sudden, the shares are no longer accessible to Windows machines. An ls on an example directory shows: drwxrws--- 15 root 1 4096 Dec 6 11:21 AC_Manuals This is wierd because the 1 should show AVMAX+Domain Admins So wbinfo -g works. It displays the Domain Accounts on my NT4.0 PDC. However, when I try and chown a directory, this is what I get: [EMAIL PROTECTED] GFM_Shares]# chown -R root:'amvax+domain admins' AC_Manuals/ chown: `root:amvax+domain admins': invalid group Nor can I use setfacl commands. net rpc join worked fine for me when I tried to re-join the Domain I am not running nscd Any suggestions would be appreciated. Cheers, Travis Bullock -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD integration checklist
Thanks for the reply. You are correct, I'm testing on a virtual machine. I modified smb.conf with the lines you said but when I try to access the share, I keep getting prompted for my user/pass. Any idea? Simon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James A. Dinkel Sent: 8 décembre, 2006 13:05 To: samba@lists.samba.org Subject: RE: [Samba] AD integration checklist -Original Message- From: Simon Renshaw Sent: Friday, December 08, 2006 10:13 AM Hi, I compiled Samba 3.0.23d on a CentOS 4.4 machine. Then I configured /etc/krb5.conf for my domain. Was able to successfully run kinit and join my Windows 2003 domain with a net ads join. Net ads user and net ads group returns the users and the groups of the domain. So far so good. I'm kinda stuck on the next step. I would like to grant access to the share defined in smb.conf to anybody in the domain. How do I make it authenticate users on the domain instead of using the server? Content of smb.conf: [global] workgroup = BENCHCAN server string = Virtual Linux wins server = 192.168.64.20 netbios name = BACKUP realm = BENCHMARKCANADA.COM password server = castor-srvr1.benchmarkcanada.com security = ADS [share] path = / guest ok = no read only = no Thanks! Simon You need this in your global section: idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes encrypt passwords = yes And this in your share section: valid users = @BENCHCAN\domain users Although this will give all your users access to / which doesn't seem like a good idea, but I assume this is just for testing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows clients aren't synching profiles
I'm not sure if this will help. It's the output of C:\WINDOWS\Debug\UserMode\userenv.log. I cleared the file and then logged out and logged back in. USERENV(424.598) 14:19:32:636 UnloadUserProfile: Entering, hProfile = 0x16f4 USERENV(424.598) 14:19:32:636 GetInterface: Returning rpc binding handle USERENV(28c.aa0) 14:19:32:652 IProfileSecurityCallBack: client authenticated. USERENV(28c.aa0) 14:19:32:652 DropClientContext: Got client token 0964, sid = S-1-5-18 USERENV(28c.aa0) 14:19:32:652 MIDL_user_allocate enter USERENV(28c.aa0) 14:19:32:652 DropClientContext: load profile object successfully made USERENV(28c.aa0) 14:19:32:652 DropClientContext: Returning 0 USERENV(424.598) 14:19:32:652 UnLoadUserProfile: Calling DropClientToken (as self) succeeded USERENV(28c.2a4) 14:19:32:652 IProfileSecurityCallBack: client authenticated. USERENV(28c.2a4) 14:19:32:669 UnloadUserProfileP: Entering, hProfile = 0x950 USERENV(28c.2a4) 14:19:32:669 UnloadUserProfileP: ImpersonateUser 0964, old token is USERENV(28c.2a4) 14:19:32:685 GetExclusionListFromRegistry: Policy list is empty, returning user list = Local Settings;Temporary Internet Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook USERENV(28c.2a4) 14:19:32:685 CSyncManager::EnterLock S-1-5-21-1078081533-1004336348-725345543-500 USERENV(28c.2a4) 14:19:32:685 CSyncManager::EnterLock: No existing entry found USERENV(28c.2a4) 14:19:32:685 CSyncManager::EnterLock: New entry created USERENV(28c.2a4) 14:19:32:685 CHashTable::HashAdd: S-1-5-21-1078081533-1004336348-725345543-500 added in bucket 15 USERENV(28c.2a4) 14:19:32:685 UnloadUserProfileP: Wait succeeded. In critical section. USERENV(28c.2a4) 14:19:32:945 MyRegUnloadKey: user hive is already scheduled for unloading USERENV(28c.2a4) 14:19:32:945 MyRegUnLoadKey: Returning 0. USERENV(28c.2a4) 14:19:32:945 UnloadUserProfileP: Didn't unload user profile err = 19 USERENV(28c.2a4) 14:19:32:962 MyRegUnloadKey: user hive is already scheduled for unloading USERENV(28c.2a4) 14:19:32:962 MyRegUnLoadKey: Returning 0. USERENV(28c.2a4) 14:19:32:962 UnLoadClassHive: failed to unload classes key with 13 USERENV(28c.2a4) 14:19:32:962 UnloadUserProfileP: Didn't unload user classes. USERENV(28c.2a4) 14:19:34:263 HandleRegKeyLeak: RegSaveKey succeeded! USERENV(28c.2a4) 14:19:34:263 HandleRegKeyLeak: hkCurrentUser closed USERENV(28c.2a4) 14:19:34:279 UnloadUserProfileP: Impersonated user USERENV(28c.2a4) 14:19:34:279 UnloadUserProfileP: Writing local ini file USERENV(28c.2a4) 14:19:34:296 UnloadUserProfileP: Reverting to Self USERENV(28c.2a4) 14:19:34:296 UnloadUserProfileP: exitting and cleaning up USERENV(28c.2a4) 14:19:34:296 UnloadUserProfileP: Reverted back to user USERENV(28c.2a4) 14:19:34:296 CSyncManager::LeaveLock S-1-5-21-1078081533-1004336348-725345543-500 USERENV(28c.2a4) 14:19:34:296 CSyncManager::LeaveLock: Lock released USERENV(28c.2a4) 14:19:34:296 CHashTable::HashDelete: S-1-5-21-1078081533-1004336348-725345543-500 deleted USERENV(28c.2a4) 14:19:34:296 CSyncManager::LeaveLock: Lock deleted USERENV(28c.2a4) 14:19:34:312 UnloadUserProfileP: Leave critical section. USERENV(28c.2a4) 14:19:34:312 UnloadUserProfileP: Leaving with a return value of 1 USERENV(28c.2a4) 14:19:34:312 UnloadUserProfileI: returning 0 USERENV(424.598) 14:19:34:312 UnloadUserProfile: Calling UnloadUserProfileI succeeded USERENV(28c.3c4) 14:19:34:312 IProfileSecurityCallBack: client authenticated. USERENV(28c.3c4) 14:19:34:312 ReleaseClientContext: Releasing context USERENV(28c.3c4) 14:19:34:312 ReleaseClientContext_s: Releasing context USERENV(28c.3c4) 14:19:34:312 MIDL_user_free enter USERENV(424.598) 14:19:34:328 ReleaseInterface: Releasing rpc binding handle USERENV(424.598) 14:19:34:328 UnloadUserProfile: returning 1 USERENV(b20.aa4) 14:19:36:362 LibMain: Process Name: C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\HumGSS.exe USERENV(b20.aa4) 14:19:36:378 LibMain: Process Name: C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\HumGSS.exe USERENV(b20.aa4) 14:19:36:394 LibMain: Process Name: C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\HumGSS.exe USERENV(b20.aa4) 14:19:36:411 LibMain: Process Name: C:\Program Files\Hummingbird\Connectivity\10.00\NFS Maestro\HumGSS.exe USERENV(28c.290) 14:19:42:935 UnloadUserProfile: Entering, hProfile = 0x76c USERENV(28c.290) 14:19:42:935 UnloadUserProfile: In console winlogon process USERENV(28c.290) 14:19:42:935 UnloadUserProfileP: Entering, hProfile = 0x76c USERENV(28c.290) 14:19:42:935 AbleToBypassCSC: Try to bypass CSC USERENV(28c.290) 14:19:42:951 AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 85 USERENV(28c.290) 14:19:42:951 AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 2109 USERENV(28c.290) 14:19:42:951 AbleToBypassCSC: Share \\isis\dave mapped to drive F. Returned Path F:\profile USERENV(28c.290) 14:19:42:951 UnLoadUserProfileP: CSC bypassed.
RE: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
Updating to 3.0.23c fixed it!! I didn't even change my config. I just uninstalled the Ubuntu packages with apt-get remove samba-common samba winbind, added Samba.com's Debian Sarge repository and did apt-get update apt-get install samba samba-common winbind and it installed the newer packages from the Sarge repo. This fixed my nested domain groups problem, hopefully it didn't introduce any new ones. I've only done this on my test server. After a little more QA I'll do this on my semi-production server. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows clients aren't synching profiles
Sorry for wasting people's times. I fixed the problem by formatting one of the clients and reinstalling XP. Since all the existing clients have the problem, I guess I'll have to format them too. I wonder what caused it. It could be patches from Microsoft. Or maybe some software installed company wide. Or maybe it has something to do with how all the computers were previously connected to a domain. I'll reinstall SP2 and all the patches and see if that stops it from working. If so I'll let you know. _ Download now! Visit http://www.telusmobility.com/msnxbox/ to enter and see how cool it is to get Messenger with you on your cell phone. http://www.telusmobility.com/msnxbox/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD integration checklist
At 12:05 PM 12/8/2006, James A. Dinkel wrote: -Original Message- From: Simon Renshaw Sent: Friday, December 08, 2006 10:13 AM Hi, I compiled Samba 3.0.23d on a CentOS 4.4 machine. Then I configured /etc/krb5.conf for my domain. Was able to successfully run kinit and join my Windows 2003 domain with a net ads join. Net ads user and net ads group returns the users and the groups of the domain. I'm kinda stuck on the next step. I would like to grant access to the share defined in smb.conf to anybody in the domain. How do I make it authenticate users on the domain instead of using the server? ... You need this in your global section: idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes encrypt passwords = yes And this in your share section: valid users = @BENCHCAN\domain users Although this will give all your users access to / which doesn't seem like a good idea, but I assume this is just for testing. Don't forget the necessary modifications to nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind Cheers, -Don Don Meyer [EMAIL PROTECTED] Network Manager, ACES Academic Computing Facility Technical System Manager, ACES TeleNet System UIUC College of ACES, Information Technology and Communication Services They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty or safety. -- Benjamin Franklin, 1759 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and automount?
I´ll try both suggestion. Now I´m testing solution using pam_mount. I´m gonna use this setup in computer classroom on 17 computers where users change very often. I´m not sure which solution would be more suitable for me. Thanks for reply Jiri Cybionet napsal(a): Greeting Jiří, Not sure but can you just use DFS or make a mount point on your samba server with the W3k share and use this repository to stock all your home directory. Then you don't have to automatically mount individual directory. Pretty sure that will work. Or maybe someone have a better idea!?. Robert Hello, I´d like to ask someone if there is a way how to use samba and winbind to automaticaly mount users homedirs that is on w2k3 server share? Thanks. __ Informace od NOD32 1911 (20061208) __ Tato zprava byla proverena antivirovym systemem NOD32. http://www.nod32.cz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Shares mount on linux but not windows?
Curious. I have a gentoo server running 3.0.23d that simply serves out shares. It is a domain member, but not a pdc. From another linux server, I can mount up shares without a hitch. But from a windows box, I keep getting prompted for credentials. I am not seeing anything substantial in the logs. SMB.CONF [global] workgroup = UNICITY realm = MYREALM.MYDOMAIN.COM netbios name = SERVER server string = SERVER interfaces = 192.168.56.26 127. bind interfaces only = yes security = ADS log file = /var/log/samba/log.%m max log size = 8164 name resolve order = hosts wins bcast socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 os level = 5 preferred master = no local master = no domain master = no dns proxy = no wins proxy = no wins server = 192.168.57.124 template shell = /bin/bash unix extensions = no winbind enum users = yes idmap uid = 1-2 idmap gid = 1-2 winbind uid = 1-2 winbind gid = 1-2 winbind enum groups = yes winbind separator = + winbind use default domain = yes encrypt passwords = yes hosts allow = 192.168. 127. load printers = no smb ports = 139 [myshare] comment = My fileshare path = /home/MYDOMAIN/myhome invalid users = root valid users = me public = no writable = yes printable = no create mask = 0777 directory mask = 0777 -- Brian An adventure is never an adventure when it's happening. Challenging experiences need time to ferment, and an adventure is simply physical and emotional discomfort recollected in tranquility. -- Tim Cahill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD integration checklist
-Original Message- From: Don Meyer Sent: Friday, December 08, 2006 2:12 PM Don't forget the necessary modifications to nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind Cheers, -Don That's right. Although, I do not have winbind after the shadow directive, and I've never seen any documentation saying you need it, just after passwd and group. Also, I believe this is also required in /etc/pam.d/samba: auth required pam_winbind.so account required pam_winbind.so but I've never tried it without this. James -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does Samba/Winbind not follow nested groups in AD?!?
Congratulations! I stand corrected. I said I thought upgrading wasn't the route, but I guess you were right all along. Curious that I don't see that behavior. Who knows what gremlins were biting you and not me despite us having the same OS, Samba version and AD environment. Hopefully Feisty Fawn will use newer Samba packages by default. James A. Dinkel wrote: Updating to 3.0.23c fixed it!! I didn't even change my config. I just uninstalled the Ubuntu packages with apt-get remove samba-common samba winbind, added Samba.com's Debian Sarge repository and did apt-get update apt-get install samba samba-common winbind and it installed the newer packages from the Sarge repo. This fixed my nested domain groups problem, hopefully it didn't introduce any new ones. I've only done this on my test server. After a little more QA I'll do this on my semi-production server. James Dinkel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD integration checklist
On Fri, 2006-12-08 at 15:23 -0600, James A. Dinkel wrote: That's right. Although, I do not have winbind after the shadow directive, and I've never seen any documentation saying you need it, just after passwd and group. You are right, winbindd shouldn;t be used after shadow as there is no such nss stack in winbindd Also, I believe this is also required in /etc/pam.d/samba: auth required pam_winbind.so account required pam_winbind.so but I've never tried it without this. If you wish your users be authenticated via winbindd against the DC, yes, and you should also add it to the session and password pam stacks. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.23c won't let NT4 access shares
Scott samba at troutpocket.org writes: Larry wrote: Larry omega at portal.ca writes: NT4.0 SP4 gives me this error when trying to access a Samba 3.0.23c server. \\Omega300\files is not accessable The specific network password is not correct. ... I'm having a similar problem after upgrading. Can you access it via \\ip-address-of-Omega300\files? That worked for me, yet I have no fix yet. -Scott When I tried that from the Win98 box, it asked for a password then everything was fine. The browser window on the NT4 box doesn't have an address box; when I typed \\192.168.0.106\files into IE, I got the same not accessable, bad password message as before. My problem is not that omega300 cannot be found, everybody can see it and all the hosts and lmhosts files are properly populated. My problem is that the password, which should be unencrypted, is not properly understood by the Samba host. Thanks for your interest. I wasn't sure if anybody even saw this. Larry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Shares mount on linux but not windows?
OK, here's a strange twist: [2006/12/08 17:45:17, 2] smbd/service.c:make_connection_snum(580) user 'ubackup' (from session setup) not permitted to access this share (batkins) [2006/12/08 17:45:17, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED I'm logged in under my own user account (batkins), but it is trying to authenticate me using the user account ubackup, both of which are AD accounts. Brian An adventure is never an adventure when it's happening. Challenging experiences need time to ferment, and an adventure is simply physical and emotional discomfort recollected in tranquility. -- Tim Cahill Brian Atkins wrote: Curious. I have a gentoo server running 3.0.23d that simply serves out shares. It is a domain member, but not a pdc. From another linux server, I can mount up shares without a hitch. But from a windows box, I keep getting prompted for credentials. I am not seeing anything substantial in the logs. SMB.CONF [global] workgroup = UNICITY realm = MYREALM.MYDOMAIN.COM netbios name = SERVER server string = SERVER interfaces = 192.168.56.26 127. bind interfaces only = yes security = ADS log file = /var/log/samba/log.%m max log size = 8164 name resolve order = hosts wins bcast socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 os level = 5 preferred master = no local master = no domain master = no dns proxy = no wins proxy = no wins server = 192.168.57.124 template shell = /bin/bash unix extensions = no winbind enum users = yes idmap uid = 1-2 idmap gid = 1-2 winbind uid = 1-2 winbind gid = 1-2 winbind enum groups = yes winbind separator = + winbind use default domain = yes encrypt passwords = yes hosts allow = 192.168. 127. load printers = no smb ports = 139 [myshare] comment = My fileshare path = /home/MYDOMAIN/myhome invalid users = root valid users = me public = no writable = yes printable = no create mask = 0777 directory mask = 0777 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD integration checklist
On Fri, 2006-12-08 at 17:35 -0600, Don Meyer wrote: Interestingly, I've never modified my /etc/pam.d/samba -- mainly because I make the modifications in /etc/pam.d/system-auth, so the AD-based auth can take effect for all services. Sorry I didn't realize this was about the samba pam conf file specifically, I'd say that for samba pam_winbindd is completely unnecessary, system-auth is the right place for general authentication. The one slight hiccup I am seeing is for console logins: locally defined users can log onto the console successfully -- if they use there AD password, they are accepted on the first password prompt. However, if they use their locally defined password (shadow) at the console, then they are subjected to a second password prompt each time -- and it doesn't matter whether they enter the local password correctly on the first prompt, it only matters on the second one. Is there something about my placement/ordering above that might be causing this? put the option use_first_pass on the second module in the stack, so that it doesn't ask for a new password, but try with the one provided to the first module. Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot create writeable share - tried many different things
Hi, I appreciate any help that can be given. For the life of me, I cannot create a writeable share on a specific box - a fairly new install of Fedora Core 5. I have posted on several forums over the past 2 weeks, but haven't gotten anywhere with the advice given, so I'm turning to this list as my last hope. This box runs as an NIS client, but I have had no problems with NIS. The problem occurs whether I use an NIS user, or if I create a user local to the box. I apologize for the length of this message (and mind-numbing thoroughness), but I sincerely want to convey what I have done, step by step, in order to simplify this as much as possible: Yum reports this as my samba version : Name : samba Arch : i386 Version: 3.0.23c Release: 1.fc5 ** I create a directory to share as follows: [EMAIL PROTECTED] samba]# mkdir /samba [EMAIL PROTECTED] samba]# chmod 777 /samba [EMAIL PROTECTED] samba]# chown osc:osc /samba osc is a local account, so I set the local password and the smb password to be the same: [EMAIL PROTECTED] samba]# passwd osc [EMAIL PROTECTED] samba]# smbpasswd osc ** I have simplified my smb.conf to the following, taken from various docs and how-tos (and I have tried many different variations of this, using force user, browseable, writable, force group, etc.) [EMAIL PROTECTED] samba]$ cat /etc/samba/smb.conf [global] workgroup = SCHOOL [testshare] path = /samba read only = No force user = osc guest ok = Yes [EMAIL PROTECTED] samba]$ testparm Load smb config files from /etc/samba/smb.conf Processing section [testshare] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = SCHOOL [testshare] path = /samba force user = osc read only = No guest ok = Yes ** As the user osc, I verify that I can create files and directories in the /samba directory: [EMAIL PROTECTED] ~]$ cd /samba [EMAIL PROTECTED] samba]$ touch test1.txt [EMAIL PROTECTED] samba]$ mkdir dir1 [EMAIL PROTECTED] samba]$ ls -al /samba total 28 drwxrwxrwx 3 osc osc 4096 Dec 8 21:07 . drwxr-xr-x 27 root root 4096 Dec 8 21:01 .. drwxrwxr-x 2 osc osc 4096 Dec 8 21:07 dir1 -rw-rw-r-- 1 osc osc 0 Dec 8 21:07 test1.txt **I return to my home directory, where I have a file called test2.txt that I am going to try to upload [EMAIL PROTECTED] ~]$ cd [EMAIL PROTECTED] ~]$ ls -l total 4 -rw-rw-r-- 1 osc osc 4 Dec 8 21:07 test2.txt ** I successfully connect to the Samba server on localhost, and can retrieve files. However, I cannot create a directory or put my test2.txt file. [EMAIL PROTECTED] ~]$ smbclient -U osc //jefferson/testshare Password: Domain=[JEFFERSON] OS=[Unix] Server=[Samba 3.0.23c-1.fc5] smb: \ ls . D0 Fri Dec 8 21:07:57 2006 .. D0 Fri Dec 8 21:01:42 2006 dir1D0 Fri Dec 8 21:07:57 2006 test1.txt0 Fri Dec 8 21:11:38 2006 50600 blocks of size 8388608. 47597 blocks available smb: \ get test1.txt getting file \test1.txt of size 0 as test1.txt (0.0 kb/s) (average 0.0 kb/s) smb: \ mkdir dir2 NT_STATUS_ACCESS_DENIED making remote directory \dir2 smb: \ put test2.txt NT_STATUS_ACCESS_DENIED opening remote file \test2.txt smb: \ exit ** I return to my home directory and the samba directory. I have successfully downloaded the test1.txt file, but was not successful in creating a new directory or putting a new file. You may have noticed that test1.txt is a zero-length file, but I have also successfully downloaded larger files with no problem. [EMAIL PROTECTED] ~]$ ls -l total 4 -rw-r--r-- 1 osc osc 0 Dec 8 2006 test1.txt -rw-rw-r-- 1 osc osc 4 Dec 8 21:07 test2.txt [EMAIL PROTECTED] ~]$ ls -al /samba total 28 drwxrwxrwx 3 osc osc 4096 Dec 8 21:07 . drwxr-xr-x 27 root root 4096 Dec 8 21:01 .. drwxrwxr-x 2 osc osc 4096 Dec 8 21:07 dir1 -rw-rw-r-- 1 osc osc 0 Dec 8 21:11 test1.txt As I wrote above, I have tried many different variations in the smb.conf. I also have tried many different variations of setting permissions on the directory, including the sticky bit and suid. I have tried accessing the share from Windows boxes and other Linux boxes. Reading files is always permitted, but I cannot write files or create directories. I appreciate any help anyone can give. I am pulling my hair out over this one! Oscar -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind + PPP
On Mon, 2006-11-27 at 15:42 -0500, Leclerc, Sébastien wrote: Hello, I tried various settings to authenticate my PPP (l2tp) users via winbind (ntlm_auth), without success... I use ppp 2.4.3 and Samba 3.0.22-2tr. My distribution is Trustix 2.2 What is working : - mschapv2 authentication with chap-secrets (nomppe, novj, novjccomp) - wbinfo -g, wbinfo -u, getent passwd and getent group - net ads info and net ads status - ntlm_auth --username X --domain Y What is not working : - ntlm_auth --username X --domain Y --diagnostics - authentication with the winbind plugin in options.l2tpd I verified the paths to the winbind plugin and to ntlm_auth, and both are ok... Any ideas ? What user are you running ntlm_auth as? They must be in the group that can access the privileged pipe. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Heimdal Kerberos V Authentication
On Tue, 2006-12-05 at 10:53 +0100, Ludek Finstrle wrote: Hello, I see no way to authenticate Samba againist Kerberos without AD. As I know samba doesn't use userPassword but it use sambaLMPassword and sambaNTPassword instead (due to different encryption). So what's the difference between storing Kerberos data in LDAP and storing it separately? Am I missing something important? I answer myself: http://sial.org/howto/kerberos/windows/ BTW still I see no way to authenticate Samba PDC againist Kerberos without AD. Indeed, that's why I'm working so hard on Samba4. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba r20079 - in branches/SAMBA_4_0/source: libnet librpc/idl torture/rpc
Author: metze Date: 2006-12-08 17:34:15 + (Fri, 08 Dec 2006) New Revision: 20079 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20079 Log: the 2nd guid is the source_dsa invocation_id not the objectGUID, this wasn't noticed because on the 1st dc in the forest both have the same value metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl branches/SAMBA_4_0/source/torture/rpc/drsuapi.c branches/SAMBA_4_0/source/torture/rpc/dssync.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 03:47:55 UTC (rev 20078) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 17:34:15 UTC (rev 20079) @@ -118,6 +118,7 @@ struct drsuapi_DsReplicaObjectIdentifier nc; struct GUID destination_dsa_guid; struct GUID source_dsa_guid; + struct GUID source_dsa_invocation_id; struct drsuapi_DsReplicaHighWaterMark highwatermark; struct drsuapi_DsReplicaCoursorCtrEx *uptodateness_vector; uint32_t replica_flags; @@ -1555,7 +1556,7 @@ if (drsuapi_h-remote_info28.supported_extensions DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) { r-in.level = 8; r-in.req.req8.destination_dsa_guid = partition-destination_dsa_guid; - r-in.req.req8.source_dsa_guid = partition-source_dsa_guid; + r-in.req.req8.source_dsa_invocation_id = partition-source_dsa_invocation_id; r-in.req.req8.naming_context = partition-nc; r-in.req.req8.highwatermark= partition-highwatermark; r-in.req.req8.uptodateness_vector = partition-uptodateness_vector; @@ -1571,7 +1572,7 @@ } else { r-in.level = 5; r-in.req.req5.destination_dsa_guid = partition-destination_dsa_guid; - r-in.req.req5.source_dsa_guid = partition-source_dsa_guid; + r-in.req.req5.source_dsa_invocation_id = partition-source_dsa_invocation_id; r-in.req.req5.naming_context = partition-nc; r-in.req.req5.highwatermark= partition-highwatermark; r-in.req.req5.uptodateness_vector = partition-uptodateness_vector; Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2006-12-08 03:47:55 UTC (rev 20078) +++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2006-12-08 17:34:15 UTC (rev 20079) @@ -230,7 +230,7 @@ typedef struct { GUID destination_dsa_guid; - GUID source_dsa_guid; + GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */ [ref] drsuapi_DsReplicaObjectIdentifier *naming_context; drsuapi_DsReplicaHighWaterMark highwatermark; drsuapi_DsReplicaCoursorCtrEx *uptodateness_vector; @@ -258,7 +258,7 @@ typedef struct { GUID destination_dsa_guid; - GUID source_dsa_guid; + GUID source_dsa_invocation_id; /* the 'invocationId' field of the CN=NTDS Settings object */ [ref] drsuapi_DsReplicaObjectIdentifier *naming_context; drsuapi_DsReplicaHighWaterMark highwatermark; drsuapi_DsReplicaCoursorCtrEx *uptodateness_vector; Modified: branches/SAMBA_4_0/source/torture/rpc/drsuapi.c === --- branches/SAMBA_4_0/source/torture/rpc/drsuapi.c 2006-12-08 03:47:55 UTC (rev 20078) +++ branches/SAMBA_4_0/source/torture/rpc/drsuapi.c 2006-12-08 17:34:15 UTC (rev 20079) @@ -553,7 +553,7 @@ nc.dn = priv-domain_obj_dn?priv-domain_obj_dn:; r.in.req.req5.destination_dsa_guid = GUID_random(); - r.in.req.req5.source_dsa_guid = null_guid; + r.in.req.req5.source_dsa_invocation_id = null_guid; r.in.req.req5.naming_context= nc; r.in.req.req5.highwatermark.tmp_highest_usn = 0; r.in.req.req5.highwatermark.reserved_usn= 0; @@ -575,7 +575,7 @@ nc.dn = priv-domain_obj_dn?priv-domain_obj_dn:; r.in.req.req8.destination_dsa_guid = GUID_random(); - r.in.req.req8.source_dsa_guid = null_guid; +
svn commit: samba r20080 - in branches/SAMBA_4_0/source/libcli/util: .
Author: metze Date: 2006-12-08 18:01:30 + (Fri, 08 Dec 2006) New Revision: 20080 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20080 Log: add error code that maps to NT_STATUS_INVALID_NETWORD_RESPONSE metze Modified: branches/SAMBA_4_0/source/libcli/util/doserr.c branches/SAMBA_4_0/source/libcli/util/doserr.h Changeset: Modified: branches/SAMBA_4_0/source/libcli/util/doserr.c === --- branches/SAMBA_4_0/source/libcli/util/doserr.c 2006-12-08 17:34:15 UTC (rev 20079) +++ branches/SAMBA_4_0/source/libcli/util/doserr.c 2006-12-08 18:01:30 UTC (rev 20080) @@ -36,6 +36,7 @@ { WERR_BADFID, WERR_BADFID }, { WERR_BADFUNC, WERR_BADFUNC }, { WERR_BAD_NETPATH, WERR_BAD_NETPATH }, + { WERR_BAD_NET_RESP, WERR_BAD_NET_RESP }, { WERR_UNEXP_NET_ERR, WERR_UNEXP_NET_ERR }, { WERR_INSUFFICIENT_BUFFER, WERR_INSUFFICIENT_BUFFER }, { WERR_NO_SUCH_SHARE, WERR_NO_SUCH_SHARE }, Modified: branches/SAMBA_4_0/source/libcli/util/doserr.h === --- branches/SAMBA_4_0/source/libcli/util/doserr.h 2006-12-08 17:34:15 UTC (rev 20079) +++ branches/SAMBA_4_0/source/libcli/util/doserr.h 2006-12-08 18:01:30 UTC (rev 20080) @@ -174,6 +174,7 @@ #define WERR_GENERAL_FAILURE W_ERROR(31) #define WERR_NOT_SUPPORTED W_ERROR(50) #define WERR_BAD_NETPATH W_ERROR(53) +#define WERR_BAD_NET_RESP W_ERROR(58) #define WERR_UNEXP_NET_ERR W_ERROR(59) #define WERR_PRINTQ_FULL W_ERROR(61) #define WERR_NO_SPOOL_SPACE W_ERROR(62)
svn commit: samba r20081 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-08 18:06:38 + (Fri, 08 Dec 2006) New Revision: 20081 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20081 Log: pull the whole schema partition metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:01:30 UTC (rev 20080) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:06:38 UTC (rev 20081) @@ -122,6 +122,9 @@ struct drsuapi_DsReplicaHighWaterMark highwatermark; struct drsuapi_DsReplicaCoursorCtrEx *uptodateness_vector; uint32_t replica_flags; + + struct drsuapi_DsReplicaObjectListItemEx *first_object; + struct drsuapi_DsReplicaObjectListItemEx *last_object; } schema; struct becomeDC_fsmo { @@ -1583,6 +1586,11 @@ r-in.req.req5.h1 = 0; } +DEBUG(0,(start NC[%s] tmp_highest_usn[%llu] highest_usn[%llu]\n, + partition-nc.dn, + partition-highwatermark.tmp_highest_usn, + partition-highwatermark.highest_usn)); + /* * we should try to use the drsuapi_p-pipe here, as w2k3 does * but it seems that some extra flags in the DCERPC Bind call @@ -1614,6 +1622,77 @@ becomeDC_drsuapi3_pull_schema_recv); } +static WERROR becomeDC_drsuapi_pull_partition_recv(struct libnet_BecomeDC_state *s, + struct becomeDC_partition *partition, + struct drsuapi_DsGetNCChanges *r) +{ + struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL; + struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL; + uint32_t out_level = 0; + struct GUID *source_dsa_guid; + struct GUID *source_dsa_invocation_id; + struct drsuapi_DsReplicaHighWaterMark *new_highwatermark; + struct drsuapi_DsReplicaObjectListItemEx *first_object; + struct drsuapi_DsReplicaObjectListItemEx *cur; + + if (!W_ERROR_IS_OK(r-out.result)) { + return r-out.result; + } + + if (r-out.level == 1) { + out_level = 1; + ctr1 = r-out.ctr.ctr1; + } else if (r-out.level == 2) { + out_level = 1; + ctr1 = r-out.ctr.ctr2.ctr.mszip1.ctr1; + } else if (r-out.level == 6) { + out_level = 6; + ctr6 = r-out.ctr.ctr6; + } else if (r-out.level == 7 + r-out.ctr.ctr7.level == 6 + r-out.ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP) { + out_level = 6; + ctr6 = r-out.ctr.ctr7.ctr.mszip6.ctr6; + } else { + return WERR_BAD_NET_RESP; + } + + switch (out_level) { + case 1: + source_dsa_guid = ctr1-source_dsa_guid; + source_dsa_invocation_id= ctr1-source_dsa_invocation_id; + new_highwatermark = ctr1-new_highwatermark; + first_object= ctr1-first_object; + break; + case 6: + source_dsa_guid = ctr6-source_dsa_guid; + source_dsa_invocation_id= ctr6-source_dsa_invocation_id; + new_highwatermark = ctr6-new_highwatermark; + first_object= ctr6-first_object; + break; + } + + partition-highwatermark= *new_highwatermark; + partition-source_dsa_guid = *source_dsa_guid; + partition-source_dsa_invocation_id = *source_dsa_invocation_id; + + if (!partition-first_object) { + partition-first_object = talloc_steal(s, first_object); + } else { + partition-last_object-next_object = talloc_steal(partition-last_object, + first_object); + } + for (cur = first_object; cur-next_object; cur = cur-next_object) {} + partition-last_object = cur; + +DEBUG(0,(end NC[%s] tmp_highest_usn[%llu] highest_usn[%llu]\n, + partition-nc.dn, + partition-highwatermark.tmp_highest_usn, + partition-highwatermark.highest_usn)); + + return WERR_OK; +} + static void becomeDC_drsuapi3_pull_schema_recv(struct rpc_request *req) { struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, @@ -1621,17 +1700,25 @@ struct composite_context *c = s-creq; struct drsuapi_DsGetNCChanges *r = talloc_get_type(req-ndr.struct_ptr, struct drsuapi_DsGetNCChanges); + WERROR status; c-status = dcerpc_ndr_request_recv(req);
svn commit: samba r20082 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_24/source/nsswitch
Author: jra Date: 2006-12-08 18:07:44 + (Fri, 08 Dec 2006) New Revision: 20082 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20082 Log: When fork_domain_child is forked when we're offline the child inherits *all* active check_online timout handlers. This is bad when it's not our domain (ie. BUILTIN). Jeremy. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-12-08 18:06:38 UTC (rev 20081) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-12-08 18:07:44 UTC (rev 20082) @@ -755,6 +755,7 @@ { int fdpair[2]; struct winbindd_cli_state state; + struct winbindd_domain *domain; extern BOOL override_logfile; if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) { @@ -844,6 +845,16 @@ child-domain-startup_time = time(NULL); } + for (domain = domain_list(); domain; domain = domain-next) { + if (domain != child-domain) { + /* Ensure we have no check_online events pending + that are not on this domain. */ + if (domain-check_online_event) { + TALLOC_FREE(domain-check_online_event); + } + } + } + while (1) { int ret; Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c 2006-12-08 18:06:38 UTC (rev 20081) +++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c 2006-12-08 18:07:44 UTC (rev 20082) @@ -755,6 +755,7 @@ { int fdpair[2]; struct winbindd_cli_state state; + struct winbindd_domain *domain; extern BOOL override_logfile; if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) { @@ -844,6 +845,16 @@ child-domain-startup_time = time(NULL); } + for (domain = domain_list(); domain; domain = domain-next) { + if (domain != child-domain) { + /* Ensure we have no check_online events pending + that are not on this domain. */ + if (domain-check_online_event) { + TALLOC_FREE(domain-check_online_event); + } + } + } + while (1) { int ret;
svn commit: samba r20084 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-08 18:13:49 + (Fri, 08 Dec 2006) New Revision: 20084 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20084 Log: pull the config partition metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:08:30 UTC (rev 20083) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:13:49 UTC (rev 20084) @@ -125,7 +125,7 @@ struct drsuapi_DsReplicaObjectListItemEx *first_object; struct drsuapi_DsReplicaObjectListItemEx *last_object; - } schema; + } schema, config; struct becomeDC_fsmo { const char *dns_name; @@ -1693,6 +1693,8 @@ becomeDC_drsuapi3_pull_schema_recv); } +static void becomeDC_drsuapi3_pull_config_send(struct libnet_BecomeDC_state *s); + static void becomeDC_drsuapi3_pull_schema_recv(struct rpc_request *req) { struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, @@ -1719,6 +1721,56 @@ return; } + becomeDC_drsuapi3_pull_config_send(s); +} + +static void becomeDC_drsuapi3_pull_config_recv(struct rpc_request *req); + +static void becomeDC_drsuapi3_pull_config_send(struct libnet_BecomeDC_state *s) +{ + s-config.nc.guid = GUID_zero(); + s-config.nc.sid= s-zero_sid; + s-config.nc.dn = s-forest.config_dn_str; + + s-config.destination_dsa_guid = s-drsuapi2.bind_guid; + + s-config.replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE + | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP + | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS + | DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_IN_PROGRESS + | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED + | DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES; + + becomeDC_drsuapi_pull_partition_send(s, s-drsuapi2, s-drsuapi3, s-config, + becomeDC_drsuapi3_pull_config_recv); +} + +static void becomeDC_drsuapi3_pull_config_recv(struct rpc_request *req) +{ + struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, + struct libnet_BecomeDC_state); + struct composite_context *c = s-creq; + struct drsuapi_DsGetNCChanges *r = talloc_get_type(req-ndr.struct_ptr, + struct drsuapi_DsGetNCChanges); + WERROR status; + + c-status = dcerpc_ndr_request_recv(req); + if (!composite_is_ok(c)) return; + + status = becomeDC_drsuapi_pull_partition_recv(s, s-config, r); + if (!W_ERROR_IS_OK(status)) { + composite_error(c, werror_to_ntstatus(status)); + return; + } + + talloc_free(r); + + if (s-config.highwatermark.tmp_highest_usn s-config.highwatermark.highest_usn) { + becomeDC_drsuapi_pull_partition_send(s, s-drsuapi2, s-drsuapi3, s-config, + becomeDC_drsuapi3_pull_config_recv); + return; + } + becomeDC_connect_ldap2(s); }
svn commit: samba r20085 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-08 18:22:26 + (Fri, 08 Dec 2006) New Revision: 20085 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20085 Log: add _part to structure elements metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:13:49 UTC (rev 20084) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:22:26 UTC (rev 20085) @@ -125,7 +125,7 @@ struct drsuapi_DsReplicaObjectListItemEx *first_object; struct drsuapi_DsReplicaObjectListItemEx *last_object; - } schema, config; + } schema_part, config_part; struct becomeDC_fsmo { const char *dns_name; @@ -1676,20 +1676,20 @@ static void becomeDC_drsuapi3_pull_schema_send(struct libnet_BecomeDC_state *s) { - s-schema.nc.guid = GUID_zero(); - s-schema.nc.sid= s-zero_sid; - s-schema.nc.dn = s-forest.schema_dn_str; + s-schema_part.nc.guid = GUID_zero(); + s-schema_part.nc.sid = s-zero_sid; + s-schema_part.nc.dn= s-forest.schema_dn_str; - s-schema.destination_dsa_guid = s-drsuapi2.bind_guid; + s-schema_part.destination_dsa_guid = s-drsuapi2.bind_guid; - s-schema.replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE - | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP - | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS - | DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_IN_PROGRESS - | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED - | DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES; + s-schema_part.replica_flags= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE + | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP + | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS + | DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_IN_PROGRESS + | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED + | DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES; - becomeDC_drsuapi_pull_partition_send(s, s-drsuapi2, s-drsuapi3, s-schema, + becomeDC_drsuapi_pull_partition_send(s, s-drsuapi2, s-drsuapi3, s-schema_part, becomeDC_drsuapi3_pull_schema_recv); } @@ -1707,7 +1707,7 @@ c-status = dcerpc_ndr_request_recv(req); if (!composite_is_ok(c)) return; - status = becomeDC_drsuapi_pull_partition_recv(s, s-schema, r); + status = becomeDC_drsuapi_pull_partition_recv(s, s-schema_part, r); if (!W_ERROR_IS_OK(status)) { composite_error(c, werror_to_ntstatus(status)); return; @@ -1715,8 +1715,8 @@ talloc_free(r); - if (s-schema.highwatermark.tmp_highest_usn s-schema.highwatermark.highest_usn) { - becomeDC_drsuapi_pull_partition_send(s, s-drsuapi2, s-drsuapi3, s-schema, + if (s-schema_part.highwatermark.tmp_highest_usn s-schema_part.highwatermark.highest_usn) { + becomeDC_drsuapi_pull_partition_send(s, s-drsuapi2, s-drsuapi3, s-schema_part, becomeDC_drsuapi3_pull_schema_recv); return; } @@ -1728,20 +1728,20 @@ static void becomeDC_drsuapi3_pull_config_send(struct libnet_BecomeDC_state *s) { - s-config.nc.guid = GUID_zero(); - s-config.nc.sid= s-zero_sid; - s-config.nc.dn = s-forest.config_dn_str; + s-config_part.nc.guid = GUID_zero(); + s-config_part.nc.sid = s-zero_sid; + s-config_part.nc.dn= s-forest.config_dn_str; - s-config.destination_dsa_guid = s-drsuapi2.bind_guid; + s-config_part.destination_dsa_guid = s-drsuapi2.bind_guid; - s-config.replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE - | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP - | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS - | DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_IN_PROGRESS - | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED - | DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES; + s-config_part.replica_flags= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE + | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP + | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS + |
svn commit: samba r20086 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-08 18:29:44 + (Fri, 08 Dec 2006) New Revision: 20086 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20086 Log: pull domain partition metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:22:26 UTC (rev 20085) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:29:44 UTC (rev 20086) @@ -125,7 +125,7 @@ struct drsuapi_DsReplicaObjectListItemEx *first_object; struct drsuapi_DsReplicaObjectListItemEx *last_object; - } schema_part, config_part; + } schema_part, config_part, domain_part; struct becomeDC_fsmo { const char *dns_name; @@ -1774,6 +1774,56 @@ becomeDC_connect_ldap2(s); } +static void becomeDC_drsuapi3_pull_domain_recv(struct rpc_request *req); + +static void becomeDC_drsuapi3_pull_domain_send(struct libnet_BecomeDC_state *s) +{ + s-domain_part.nc.guid = GUID_zero(); + s-domain_part.nc.sid = s-zero_sid; + s-domain_part.nc.dn= s-domain.dn_str; + + s-domain_part.destination_dsa_guid = s-drsuapi2.bind_guid; + + s-domain_part.replica_flags= DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE + | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP + | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS + | DRSUAPI_DS_REPLICA_NEIGHBOUR_FULL_IN_PROGRESS + | DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED + | DRSUAPI_DS_REPLICA_NEIGHBOUR_COMPRESS_CHANGES; + + becomeDC_drsuapi_pull_partition_send(s, s-drsuapi2, s-drsuapi3, s-domain_part, + becomeDC_drsuapi3_pull_domain_recv); +} + +static void becomeDC_drsuapi3_pull_domain_recv(struct rpc_request *req) +{ + struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, + struct libnet_BecomeDC_state); + struct composite_context *c = s-creq; + struct drsuapi_DsGetNCChanges *r = talloc_get_type(req-ndr.struct_ptr, + struct drsuapi_DsGetNCChanges); + WERROR status; + + c-status = dcerpc_ndr_request_recv(req); + if (!composite_is_ok(c)) return; + + status = becomeDC_drsuapi_pull_partition_recv(s, s-domain_part, r); + if (!W_ERROR_IS_OK(status)) { + composite_error(c, werror_to_ntstatus(status)); + return; + } + + talloc_free(r); + + if (s-domain_part.highwatermark.tmp_highest_usn s-domain_part.highwatermark.highest_usn) { + becomeDC_drsuapi_pull_partition_send(s, s-drsuapi2, s-drsuapi3, s-domain_part, + becomeDC_drsuapi3_pull_domain_recv); + return; + } + + composite_error(c, NT_STATUS_NOT_IMPLEMENTED); +} + static NTSTATUS becomeDC_ldap2_modify_computer(struct libnet_BecomeDC_state *s) { int ret; @@ -1885,7 +1935,7 @@ c-status = becomeDC_ldap2_move_computer(s); if (!composite_is_ok(c)) return; - composite_error(c, NT_STATUS_NOT_IMPLEMENTED); + becomeDC_drsuapi3_pull_domain_send(s); } struct composite_context *libnet_BecomeDC_send(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_BecomeDC *r)
svn commit: samba r20087 - in branches: SAMBA_3_0/source/lib SAMBA_3_0/source/nsswitch SAMBA_3_0_24/source/lib SAMBA_3_0_24/source/nsswitch
Author: jra Date: 2006-12-08 18:40:13 + (Fri, 08 Dec 2006) New Revision: 20087 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20087 Log: Ensure we clean up any random pending events we may have inherited from our parent in the winbindd forked child. Jeremy. Modified: branches/SAMBA_3_0/source/lib/events.c branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c branches/SAMBA_3_0_24/source/lib/events.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c Changeset: Modified: branches/SAMBA_3_0/source/lib/events.c === --- branches/SAMBA_3_0/source/lib/events.c 2006-12-08 18:29:44 UTC (rev 20086) +++ branches/SAMBA_3_0/source/lib/events.c 2006-12-08 18:40:13 UTC (rev 20087) @@ -130,3 +130,18 @@ } return num_events; } + +/* Returns 1 if event was found and cancelled, 0 otherwise. */ + +int cancel_named_event(const char *event_name) +{ + struct timed_event *te; + + for (te = timed_events; te; te = te-next) { + if (strcmp(event_name, te-event_name) == 0) { + TALLOC_FREE(te); + return 1; + } + } + return 0; +} Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-12-08 18:29:44 UTC (rev 20086) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_dual.c 2006-12-08 18:40:13 UTC (rev 20087) @@ -845,16 +845,22 @@ child-domain-startup_time = time(NULL); } + /* Ensure we have no pending check_online events other + than one for this domain. */ + for (domain = domain_list(); domain; domain = domain-next) { if (domain != child-domain) { - /* Ensure we have no check_online events pending - that are not on this domain. */ if (domain-check_online_event) { TALLOC_FREE(domain-check_online_event); } } } + /* Ensure we're not handling an event inherited from + our parent. */ + + cancel_named_event(krb5_ticket_refresh_handler); + while (1) { int ret; Modified: branches/SAMBA_3_0_24/source/lib/events.c === --- branches/SAMBA_3_0_24/source/lib/events.c 2006-12-08 18:29:44 UTC (rev 20086) +++ branches/SAMBA_3_0_24/source/lib/events.c 2006-12-08 18:40:13 UTC (rev 20087) @@ -130,3 +130,18 @@ } return num_events; } + +/* Returns 1 if event was found and cancelled, 0 otherwise. */ + +int cancel_named_event(const char *event_name) +{ + struct timed_event *te; + + for (te = timed_events; te; te = te-next) { + if (strcmp(event_name, te-event_name) == 0) { + TALLOC_FREE(te); + return 1; + } + } + return 0; +} Modified: branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c === --- branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c 2006-12-08 18:29:44 UTC (rev 20086) +++ branches/SAMBA_3_0_24/source/nsswitch/winbindd_dual.c 2006-12-08 18:40:13 UTC (rev 20087) @@ -845,16 +845,22 @@ child-domain-startup_time = time(NULL); } + /* Ensure we have no pending check_online events other + than one for this domain. */ + for (domain = domain_list(); domain; domain = domain-next) { if (domain != child-domain) { - /* Ensure we have no check_online events pending - that are not on this domain. */ if (domain-check_online_event) { TALLOC_FREE(domain-check_online_event); } } } + /* Ensure we're not handling an event inherited from + our parent. */ + + cancel_named_event(krb5_ticket_refresh_handler); + while (1) { int ret;
svn commit: samba r20088 - in branches/SAMBA_4_0/source/libnet: .
Author: metze Date: 2006-12-08 18:52:29 + (Fri, 08 Dec 2006) New Revision: 20088 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20088 Log: implement DsReplicaUpdateRefs() calls for all partitions metze Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c Changeset: Modified: branches/SAMBA_4_0/source/libnet/libnet_become_dc.c === --- branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:40:13 UTC (rev 20087) +++ branches/SAMBA_4_0/source/libnet/libnet_become_dc.c 2006-12-08 18:52:29 UTC (rev 20088) @@ -1795,6 +1795,12 @@ becomeDC_drsuapi3_pull_domain_recv); } +static void becomeDC_drsuapi_update_refs_send(struct libnet_BecomeDC_state *s, + struct becomeDC_drsuapi *drsuapi, + struct becomeDC_partition *partition, + void (*recv_fn)(struct rpc_request *req)); +static void becomeDC_drsuapi2_update_refs_schema_recv(struct rpc_request *req); + static void becomeDC_drsuapi3_pull_domain_recv(struct rpc_request *req) { struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, @@ -1821,6 +1827,111 @@ return; } + becomeDC_drsuapi_update_refs_send(s, s-drsuapi2, s-schema_part, + becomeDC_drsuapi2_update_refs_schema_recv); +} + +static void becomeDC_drsuapi_update_refs_send(struct libnet_BecomeDC_state *s, + struct becomeDC_drsuapi *drsuapi, + struct becomeDC_partition *partition, + void (*recv_fn)(struct rpc_request *req)) +{ + struct composite_context *c = s-creq; + struct rpc_request *req; + struct drsuapi_DsReplicaUpdateRefs *r; + const char *ntds_guid_str; + const char *ntds_dns_name; + + r = talloc(s, struct drsuapi_DsReplicaUpdateRefs); + if (composite_nomem(r, c)) return; + + ntds_guid_str = GUID_string(r, s-dest_dsa.ntds_guid); + if (composite_nomem(ntds_guid_str, c)) return; + + ntds_dns_name = talloc_asprintf(r, %s._msdcs.%s, + ntds_guid_str, + s-domain.dns_name); + if (composite_nomem(ntds_dns_name, c)) return; + + r-in.bind_handle = drsuapi-bind_handle; + r-in.level = 1; + r-in.req.req1.naming_context = partition-nc; + r-in.req.req1.dest_dsa_dns_name= ntds_dns_name; + r-in.req.req1.dest_dsa_guid= s-dest_dsa.ntds_guid; + r-in.req.req1.options = DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE + | DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE + | DRSUAPI_DS_REPLICA_UPDATE_0x0010; + + req = dcerpc_drsuapi_DsReplicaUpdateRefs_send(drsuapi-pipe, r, r); + composite_continue_rpc(c, req, recv_fn, s); +} + +static void becomeDC_drsuapi2_update_refs_config_recv(struct rpc_request *req); + +static void becomeDC_drsuapi2_update_refs_schema_recv(struct rpc_request *req) +{ + struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, + struct libnet_BecomeDC_state); + struct composite_context *c = s-creq; + struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(req-ndr.struct_ptr, + struct drsuapi_DsReplicaUpdateRefs); + + c-status = dcerpc_ndr_request_recv(req); + if (!composite_is_ok(c)) return; + + if (!W_ERROR_IS_OK(r-out.result)) { + composite_error(c, werror_to_ntstatus(r-out.result)); + return; + } + + talloc_free(r); + + becomeDC_drsuapi_update_refs_send(s, s-drsuapi2, s-config_part, + becomeDC_drsuapi2_update_refs_config_recv); +} + +static void becomeDC_drsuapi2_update_refs_domain_recv(struct rpc_request *req); + +static void becomeDC_drsuapi2_update_refs_config_recv(struct rpc_request *req) +{ + struct libnet_BecomeDC_state *s = talloc_get_type(req-async.private, + struct libnet_BecomeDC_state); + struct composite_context *c = s-creq; + struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(req-ndr.struct_ptr, + struct drsuapi_DsReplicaUpdateRefs); + + c-status = dcerpc_ndr_request_recv(req); + if (!composite_is_ok(c)) return; + + if (!W_ERROR_IS_OK(r-out.result)) { + composite_error(c, werror_to_ntstatus(r-out.result)); + return; + } + + talloc_free(r); + + becomeDC_drsuapi_update_refs_send(s,
svn commit: samba r20089 - in branches: SAMBA_3_0/source SAMBA_3_0/source/modules SAMBA_3_0_24/source SAMBA_3_0_24/source/modules
Author: jmcd Date: 2006-12-08 18:56:01 + (Fri, 08 Dec 2006) New Revision: 20089 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20089 Log: Put gpfs acl function into vfs_gpfs module. Thanks to Gomati Mohanan [EMAIL PROTECTED]. Also fix fields for sec_desc differences between 3.0 and 3.0.24 in nfs4_acls.c. Added: branches/SAMBA_3_0/source/modules/README-gpfs-acl.txt branches/SAMBA_3_0_24/source/modules/README-gpfs-acl.txt Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/modules/vfs_gpfs.c branches/SAMBA_3_0_24/source/Makefile.in branches/SAMBA_3_0_24/source/modules/nfs4_acls.c branches/SAMBA_3_0_24/source/modules/vfs_gpfs.c Changeset: Sorry, the patch is too large (1457 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20089
Build status as of Sat Dec 9 00:00:02 2006
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2006-12-08 00:00:17.0 + +++ /home/build/master/cache/broken_results.txt 2006-12-09 00:01:16.0 + @@ -1,4 +1,4 @@ -Build status as of Fri Dec 8 00:00:02 2006 +Build status as of Sat Dec 9 00:00:02 2006 Build counts: Tree Total Broken Panic @@ -11,11 +11,11 @@ libreplace 41 2 0 lorikeet-heimdal 36 20 0 ppp 18 0 0 -rsync43 4 0 +rsync44 4 0 samba0 0 0 samba-docs 0 0 0 samba4 42 32 0 -samba_3_044 35 0 +samba_3_044 17 0 smb-build41 2 0 talloc 44 2 0 tdb 43 2 0
svn commit: samba r20090 - in branches: SAMBA_3_0/source/auth SAMBA_3_0/source/groupdb SAMBA_3_0/source/lib SAMBA_3_0/source/nsswitch SAMBA_3_0/source/passdb SAMBA_3_0/source/rpcclient SAMBA_3_0/sourc
Author: jra Date: 2006-12-09 02:58:18 + (Sat, 09 Dec 2006) New Revision: 20090 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20090 Log: Fix a class of bugs found by James Peach. Ensure we never mix malloc and talloc'ed contexts in the add_XX_to_array() and add_XX_to_array_unique() calls. Ensure that these calls always return False on out of memory, True otherwise and always check them. Ensure that the relevent parts of the conn struct and the nt_user_tokens are TALLOC_DESTROYED not SAFE_FREE'd. James - this should fix your crash bug in both branches. Jeremy. Modified: branches/SAMBA_3_0/source/auth/auth_util.c branches/SAMBA_3_0/source/groupdb/mapping.c branches/SAMBA_3_0/source/groupdb/mapping_ldb.c branches/SAMBA_3_0/source/groupdb/mapping_tdb.c branches/SAMBA_3_0/source/lib/privileges.c branches/SAMBA_3_0/source/lib/system_smbd.c branches/SAMBA_3_0/source/lib/util.c branches/SAMBA_3_0/source/lib/util_sid.c branches/SAMBA_3_0/source/lib/util_str.c branches/SAMBA_3_0/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0/source/nsswitch/winbindd_async.c branches/SAMBA_3_0/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0/source/nsswitch/winbindd_group.c branches/SAMBA_3_0/source/nsswitch/winbindd_rpc.c branches/SAMBA_3_0/source/nsswitch/winbindd_util.c branches/SAMBA_3_0/source/passdb/pdb_interface.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c branches/SAMBA_3_0/source/rpcclient/cmd_samr.c branches/SAMBA_3_0/source/smbd/conn.c branches/SAMBA_3_0/source/smbd/service.c branches/SAMBA_3_0_24/source/auth/auth_util.c branches/SAMBA_3_0_24/source/groupdb/mapping.c branches/SAMBA_3_0_24/source/groupdb/mapping_ldb.c branches/SAMBA_3_0_24/source/groupdb/mapping_tdb.c branches/SAMBA_3_0_24/source/lib/privileges.c branches/SAMBA_3_0_24/source/lib/system_smbd.c branches/SAMBA_3_0_24/source/lib/util.c branches/SAMBA_3_0_24/source/lib/util_sid.c branches/SAMBA_3_0_24/source/lib/util_str.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_ads.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_async.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_cm.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_group.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_rpc.c branches/SAMBA_3_0_24/source/nsswitch/winbindd_util.c branches/SAMBA_3_0_24/source/passdb/pdb_interface.c branches/SAMBA_3_0_24/source/passdb/pdb_ldap.c branches/SAMBA_3_0_24/source/rpcclient/cmd_samr.c branches/SAMBA_3_0_24/source/smbd/conn.c branches/SAMBA_3_0_24/source/smbd/service.c Changeset: Sorry, the patch is too large (2089 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20090
svn commit: samba r20091 - in branches/SAMBA_4_0/source/lib/util: .
Author: tridge Date: 2006-12-09 03:12:33 + (Sat, 09 Dec 2006) New Revision: 20091 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20091 Log: remove blank lines at the end of text lines loaded from a file Modified: branches/SAMBA_4_0/source/lib/util/util_file.c Changeset: Modified: branches/SAMBA_4_0/source/lib/util/util_file.c === --- branches/SAMBA_4_0/source/lib/util/util_file.c 2006-12-09 02:58:18 UTC (rev 20090) +++ branches/SAMBA_4_0/source/lib/util/util_file.c 2006-12-09 03:12:33 UTC (rev 20091) @@ -263,7 +263,6 @@ talloc_steal(ret, p); memset(ret, 0, sizeof(ret[0])*(i+2)); - if (numlines) *numlines = i; ret[0] = p; for (s = p, i=0; s p+size; s++) { @@ -275,6 +274,13 @@ if (s[0] == '\r') s[0] = 0; } + /* remove any blank lines at the end */ + while (i 0 ret[i-1][0] == 0) { + i--; + } + + if (numlines) *numlines = i; + return ret; }
svn commit: samba r20092 - in branches/SAMBA_4_0/source/torture: . raw
Author: tridge Date: 2006-12-09 03:16:17 + (Sat, 09 Dec 2006) New Revision: 20092 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=20092 Log: added a locking benchmark that should be good for benchmarking communitcation in a CIFS clustered server. It tries to keep the connections full by setting up the next lock as each lock is done. The locking pattern is similar to the local filesystem ping pong test in junkcode, forcing a communication between nodes on each request Added: branches/SAMBA_4_0/source/torture/raw/lockbench.c Modified: branches/SAMBA_4_0/source/torture/config.mk branches/SAMBA_4_0/source/torture/raw/raw.c Changeset: Modified: branches/SAMBA_4_0/source/torture/config.mk === --- branches/SAMBA_4_0/source/torture/config.mk 2006-12-09 03:12:33 UTC (rev 20091) +++ branches/SAMBA_4_0/source/torture/config.mk 2006-12-09 03:16:17 UTC (rev 20092) @@ -78,6 +78,7 @@ raw/context.o \ raw/write.o \ raw/lock.o \ + raw/lockbench.o \ raw/rename.o \ raw/eas.o \ raw/streams.o \ Added: branches/SAMBA_4_0/source/torture/raw/lockbench.c === --- branches/SAMBA_4_0/source/torture/raw/lockbench.c 2006-12-09 03:12:33 UTC (rev 20091) +++ branches/SAMBA_4_0/source/torture/raw/lockbench.c 2006-12-09 03:16:17 UTC (rev 20092) @@ -0,0 +1,196 @@ +/* + Unix SMB/CIFS implementation. + + locking benchmark + + Copyright (C) Andrew Tridgell 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include includes.h +#include torture/torture.h +#include libcli/raw/libcliraw.h +#include system/time.h +#include system/filesys.h +#include libcli/libcli.h +#include torture/util.h +#include lib/events/events.h +#include lib/cmdline/popt_common.h + +#define CHECK_STATUS(status, correct) do { \ + if (!NT_STATUS_EQUAL(status, correct)) { \ + printf((%s) Incorrect status %s - should be %s\n, \ + __location__, nt_errstr(status), nt_errstr(correct)); \ + goto failed; \ + }} while (0) + +#define BASEDIR \\benchlock +#define FNAME BASEDIR \\lock.dat + +static int nprocs; +static int lock_failed; + +struct benchlock_state { + struct smbcli_state *cli; + int fnum; + int offset; + int count; + union smb_lock io; + struct smb_lock_entry lock[2]; + struct smbcli_request *req; +}; + +static void lock_completion(struct smbcli_request *); + +/* + send the next lock request +*/ +static void lock_send(struct benchlock_state *state) +{ + state-io.lockx.in.file.fnum = state-fnum; + state-io.lockx.in.ulock_cnt = 1; + state-lock[0].pid = state-cli-session-pid; + state-lock[1].pid = state-cli-session-pid; + state-lock[0].offset = state-offset; + state-lock[1].offset = (state-offset+1)%nprocs; + state-req = smb_raw_lock_send(state-cli-tree, state-io); + if (state-req == NULL) { + DEBUG(0,(Failed to setup lock\n)); + lock_failed++; + } + state-req-async.private = state; + state-req-async.fn = lock_completion; + state-offset = (state-offset+1)%nprocs; +} + +/* + called when a lock completes +*/ +static void lock_completion(struct smbcli_request *req) +{ + struct benchlock_state *state = (struct benchlock_state *)req-async.private; + NTSTATUS status = smbcli_request_simple_recv(req); + if (!NT_STATUS_IS_OK(status)) { + lock_failed++; + DEBUG(0,(Lock failed - %s\n, nt_errstr(status))); + } else { + state-count++; + lock_send(state); + } +} + +/* + benchmark locking calls +*/ +BOOL torture_bench_lock(struct torture_context *torture) +{ + BOOL ret = True; + TALLOC_CTX *mem_ctx = talloc_new(torture); + int i; + int timelimit = torture_setting_int(torture, timelimit, 10); + struct timeval tv; + struct event_context *ev = event_context_find(mem_ctx); + struct benchlock_state *state; + int total = 0, loops=0; + NTSTATUS status; + + nprocs =