Re: [Samba] deny second or multiple logins
Am Dienstag, den 03.04.2007, 21:47 +0200 schrieb Helmut Hullen: Hallo, Marcus, Du meintest am 03.04.07 zum Thema Re: [Samba] deny second or multiple logins: RESULT=$(smbstatus -d0 -b -u $1 2 /dev/null | grep $1 | awk '{print $5}' | uniq | wc -l) test $RESULT -eq 1 || exit 1 --- That's no good idea. Try test $RESULT -eq 0 Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or higher. Hmmm, if the value of RESULUT is not 1 or higher, the scipt has to exit 1 (not ok), which is correct, because in this case the same userid tries to connect from different IPs. Ciao! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hallo, Marcus, Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins: test $RESULT -eq 1 || exit 1 --- That's no good idea. Try test $RESULT -eq 0 Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or higher. Hmmm, if the value of RESULUT is not 1 or higher, That's the DOS way ... the scipt has to exit 1 (not ok), which is correct, because in this case the same userid tries to connect from different IPs. Your script returns with 1 also if $RESULT is 0. My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the last line in the script). Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsupported nsswitch entry
isn't password change done through PAM, not nsswitch Collen. Robert Steinmetz AIA wrote: After upgrading Samba on Solaris 8 I am unable to change passwords nsswitch.conf passwd: files winbind Attempting to change passwords results in; # passwd root passwd: Unsupported nsswitch entry for passwd:. Use -r repository . Unexpected failure. Password file/table unchanged. How do you get Solaris to recognize the winbind entry? I have installed the winbind library. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SambasSID with 1 ldap-server and 3 samba-servers
hi list! we are storing our user data in one central ldap database. to handle the big amount of data (some hundred terabytes) we are using currently 3 samba servers (called cindy01, cindy02 and cindy03 , and more to come!) which (of course?) have diffrent SIDs. right now the credentials are stored in identical smbpasswd files on every samba server but we want to migrate wo ldap. the problem i see is that in ldap i can only store one SambaSID per user, so which SID should i take? the last part of the SambaSID (from unix uid) would be the same for all samba servers, but what about the leading part? we do not need any domain controller functionality, our users just mount their samba shares. is it possible to use only on SID on all samba servers or what would be the side effects? thanks in advance for any hints! regards markus +-+ | Markus Krause, Mogli-Soft | | Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL| | by order of the | |Computing Center of the Max-Planck-Institute of Biochemistry | +++ | E-Mail: [EMAIL PROTECTED] | Tel.: 089 - 89 40 85 99 | | [EMAIL PROTECTED] | Fax.: 089 - 89 40 85 98 | | Skype: markus.krause | iChat: [EMAIL PROTECTED] | +++ -- This message was sent using https://webmail2.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SambasSID with 1 ldap-server and 3 samba-servers
the last part of the SambaSID (from unix uid) would be the same for all samba servers, but what about the leading part? I guess this is why you need a PDC so I suggest what works for me: Set up a Samba PDC, using LDAP. Have the other severs get unix user credentials from PDC via winbind. Now SIDs are consistent on all servers. If you need consistent Unix uids as well use an Ldap Idmap which is accessed by all your servers. Bert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] %LOGONSERVER% variable in netlogon/Default User folder redirection
Hi, (This is taken form here : http://samba.org/samba/docs/man/Samba-Guide/happy.html#redirfold ) I'm using folder redirection so I have a NTUSER.DAT file in the netlogon directory on the logon server (the primary domain controler), which I edited with regedit to set up some folders so that they point to the logon server by using the %LOGONSERVER% variable, and it seems it doesn't work if I change this variable for the logon server netbios name. The thing is that the users data is in the Primary Domain Controler, and when they log in byt the Backup Domain Controler this variable becames the netbios name of the Backup Domain Controler, where are not the users profile data. Is there a way to define this field in NTUSER.DAT so it always point to the Primary Domain Controler? Example: I want to change in NTUSER.DAT (with regedit, the User Shell Folders key ) Desktop REG_SZ %LOGONSERVER%\profdata\%USERNAME%\Desktop by: Desktop REG_SZ \\PDC\profdata\%USERNAME%\Desktop It shoud work but it doesn't. Any tips please? Thanks a lot. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems setting up Samba-3 as PDC
Hi all, it's been a long time since I last posted something to this list as it's been a long time since I administered Samba, so please bear with me :-) I need to setup a PDC on Samba 3. To achieve this I followed the steps described on the Samba docs and on some other websites I found after googling for a while. From the Samba side everything seems to be OK: Apr 3 15:30:06 v601 nmbd[11664]: Samba server V601 is now a domain master browser for workgroup MYDOMAIN.COM on subnet 192.168.1.11 So far, so good... it was an easy task. Now problems arise when I want the WinXP Professional clients to join that domain (full disclosure here: I'm a Windows user by market contamination so maybe I'm overseeing something obvious during the process). This is the error message I get when trying to join the domain: DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain mydomain.com: The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.com The following domain controllers were identified by the query: v601.mydomain.com Common causes of this error include: - Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses. - Domain controllers registered in DNS are not connected to the network or are not running. For information about correcting this problem, click Help. First off, I had to manually add that SRV record on my named.conf. I've been told that all needed entries are created automatically on the DNS when you are on a Windows environment... Secondly, AFAIK the DNS has been setup correctly for both direct and reverse queries. That's why I must raise an eyebrow when I see such an error message popping up So... is there anything I have forgotten to set up things correctly?? TIA and regards, Martin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Changing winbind's user settings of an AD-User
Hi, I set up a Win2k3 AD and joined Samba 3.0.24 sucessfully. getent passwd lists all Linux and AD users correctly. [...] UIB+knieschewski:*:1:1:Sebastian Knieschewski:/home/UIB/knieschewski:/bin/bash Now I want to change the home directory of some users. Is there any way to do this??? I expected the home-dir entries to be stored in the AD, but there isn't a trace, so there must be a place to find on my linux machine. In other words, I'm looking for a file like /etc/passwd for changing settings for the AD-Users. Any hints? Any ideas? Let me know if you need some more config-infos. Thanks in advance. Sebastian Knieschewski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] Samba - LDAP - Kerberos
I already thought that this is not possible. Is there no other way of authenticating samba? PAM, SASL, ANYTHING. I mean, I like samba, but in terms of user authentication it really isn't flexible. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba not calling add user script
Hello, samba. I'm trying to add users via add user script, and when I doing it from work-station its doen't work, seems that samba don't call script. The add machine script working ok the same time. Also when I checking from server with command net rpc user add testuser samba calling script and its working ok. Whats might be wrong? Here is my relevant config: security = user domain logons = Yes os level = 32 preferred master = Yes domain master = Yes add user script = /usr/sbin/pw useradd -n %u -d /usr/local/samba/homes/%u -m -g ntusers -s /usr/sbin/nologin -w none add machine script = /usr/sbin/pw useradd -n %u -d /nonexistent -g computers -s /usr/sbin/nologin -w none winbind use default domain = Yes samba-3.0.24 FreeBSD 6.2. TIA, Roman. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mac OSX Samba Q
Hi, As long as your Quark documents have extentions, this should not be an issue. If you do have issues you might want to use AFP. You could install netatalk which is a great piece of software that allows you to setup afp shares on your linux box. This works fine sharing the same shares as samba, as long as you use the veto files = option in smb.conf to hide all the hidden Apple folders. http://netatalk.sourceforge.net/ Regards, Mark On Tue, Apr 03, 2007 at 04:56:40PM -0300, Dawn Marie Perry wrote: Are Samba Quark compatible? -- Dawn Marie [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SID resolution to Username
Hello, I have two Samba 3.0.22 PDCs and each trust each other. When I add an user of each domain to the permissions of a file on a windows machine (W2k, WXP), it shows for them DOMAIN\USERNAME. Everything is fine. But when i close the permission window and reopen it, then the user out of the trusted domain is only shown as SID. The one of the own domain is resolved fine. This happens on clients of both domains. Any ideas? Regards Marc -- Marc Muehlfeld Zentrum fuer Humangenetik und Laboratoriumsmedizin Dr. Klein und Dr. Rost Lochhamer Str. 29 - D-82152 Martinsried Telefon: +49(0)89/895578-0 - Fax: +49(0)89/895578-78 http://www.medizinische-genetik.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - LDAP - Kerberos
On Tue, 2007-04-03 at 21:47 -0400, Sean Elble wrote: On 4/3/07 1:20 PM, Jörg Herzinger [EMAIL PROTECTED] wrote: Hello. I'm trying to implement a single-sign-on system with MIT-Kerberos and OpenLDAP. These two are currently working pretty well, but now I'm trying to add samba to this system. I've found a lot of tutorials about samba PDC with LDAP backend, but this is of course not quite what I want. My passwords are stored in the kerberos database and userdata is stored in LDAP. Is there a way to authenticate samba through LDAP/Kerberos? Or is it maybe possible to authenticate samba through PAM? It's an idea a lot of people want to implement, but sadly, it is not possible for Samba to use a Kerberos password database, at least not while using encrypted passwords. The reason being is that, when Samba uses encrypted passwords, it has no access to the password itself, only the hashed representation. In addition, the encryption hash, if you will, that Windows uses is nothing like the encryption hash used by Kerberos. This is a bit of a simplification, but it is how I understand it. This is incorrect. Heimdal can use Samba's password database as a backend, because the sambaNTPassword is what Microsoft made the arcfour-hmac-md5 kerberos key out of. I have achieved a sort of single-sign-on environment by using Samba's password script functionality to change both the Samba password (stored in a LDAP backend) and the Kerberos password at the same time. My particular setup involves Samba running on the same machine as the KDC daemon, which allows me to use these Samba parameters in smb.conf: unix password sync = yes passwd program = /usr/kerberos/sbin/kadmin.local -q 'cpw %u' passwd chat = Authenticating as principal*\nEnter password for principal *%u*:* %n\n \nRe-enter password for principal *%u*:* %n\n \nPassword for *%u@* changed.\n This probably would not be the best setup in an enterprise environment, but at my in-home lab where I play with this kind of stuff, it works just fine, as long as my users remember to change their passwords via Windows (i.e. Not your typical passwd/kpasswd programs). Hope that helps . . . The other option is the smbk5pwd module for openldap, and setting 'ldap password sync = yes'. I've not used it myself, but I'm told it works. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] General question about 'smbclient'
On Tue, Apr 03, 2007 at 09:56:05AM +0200, André Jee wrote: As above, From what I understand (also obvious from the package name) is that 'smbclient' is only a client. You can browse shares or use it for troubleshooting. Does it have any affect on the actual samba server? You can also use it to mount shares. I mean does this package have to be installed in order for a samba server to work properly? No it does not need to be installed for samba to work. It seems to be that this package can be removed, I just want to make sure that it's not an important part of the samba server. Thanks -- Cheers, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] General question about 'smbclient'
On Wed, Apr 04, 2007 at 01:04:51PM +0100, Mark Adams wrote: On Tue, Apr 03, 2007 at 09:56:05AM +0200, André Jee wrote: As above, From what I understand (also obvious from the package name) is that 'smbclient' is only a client. You can browse shares or use it for troubleshooting. Does it have any affect on the actual samba server? You can also use it to mount shares. Sorry this was wrong - I was thinking of smbmount/smbfs I mean does this package have to be installed in order for a samba server to work properly? No it does not need to be installed for samba to work. It seems to be that this package can be removed, I just want to make sure that it's not an important part of the samba server. Thanks -- Cheers, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] General question about 'smbclient'
Mark, Thanks for the confirmation. Regards, Andre Original Message Subject: Re:[Samba] General question about 'smbclient' From: Mark Adams [EMAIL PROTECTED] To: André Jee [EMAIL PROTECTED] Cc: samba@lists.samba.org Date: Wed Apr 04 2007 14:11:34 GMT+0200 (Romance Daylight Time) On Wed, Apr 04, 2007 at 01:04:51PM +0100, Mark Adams wrote: On Tue, Apr 03, 2007 at 09:56:05AM +0200, André Jee wrote: As above, From what I understand (also obvious from the package name) is that 'smbclient' is only a client. You can browse shares or use it for troubleshooting. Does it have any affect on the actual samba server? You can also use it to mount shares. Sorry this was wrong - I was thinking of smbmount/smbfs I mean does this package have to be installed in order for a samba server to work properly? No it does not need to be installed for samba to work. It seems to be that this package can be removed, I just want to make sure that it's not an important part of the samba server. Thanks -- Cheers, Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - LDAP - Kerberos
The other option is the smbk5pwd module for openldap, and setting 'ldap password sync = yes'. I've not used it myself, but I'm told it works. Hmm, thanks, but this module is just a dirty trick in my eyes and it works just for Heimdal Kerberos but I use MIT-Kerberos. I almost can't believe that samba supports no other way of authenticating local users than its own database. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Issue with pam_winbind for MS AD authentication and module options
Hello! I've configured samba with winbind and pam_winbind module to authenticate users that connect to my linux box against MS AD. Works like a charm. If a user exists both in AD and locally, login should assume local users. Again, it works pretty well (It seems at least with my current config). If my AD server goes down for any reason, local users should be able to login. For example, root has to login always no matter if my AD server exploded. That's where is the problem. When I shutdown my AD server and I try to login with a local user (root as well), my guess is that it seems that pam_winbind waits for a very very long time trying to find my AD server to authenticate that even the local login times out. I don't really know if that is the reason for this behaviour, but if it is, I'm wondering if there is a hidden or maybe a new timeout option for pam_winbind module as I didn't found anything related in the man pages and the mailing lists archive. Or maybe if login finds the user in the local database, bypass winbind authentication, don't know if that is possible. The reason why I came up with this idea is that when the AD server is down and I try to login with root for eg. over and over many times, after a while it goes (looks like pam config order is right), but a few minutes later it won't again, which made me thought that perhaps winbind or pam_winbind are trying to estabilish a connection with AD and somehow because of that the whole process slows down so much that even local login times out. Samba is configured to catch UID's, GID's from AD using SFU and ad idmap backend. Only users that are members of a specified AD group are able to login. The purpose of the machine is to be an application server and share folders based on AD users and group permissions. My system is RHEL AS3 with update 7 and samba-3.0.24 Below are my pam lines in the system-auth file: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so try_first_pass require_membership_of=DOMAIN+group authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so nullok_secure account sufficient/lib/security/$ISA/pam_winbind.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session required /lib/security/$ISA/pam_mkhomedir.so umask=0022 skel=/etc/skel Considering that if a user exists both in the local user database and AD, login has to assume local user (seems to be working fine), could someone give me a hint if I'm in the right path, and maybe an idea why or what I could do when my AD servers goes down to my local users (including root) log in normally?? Any help will be greatly appreciated, Andre -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issue with pam_winbind for MS AD authentication and module options
Hi, maybe this isn't exactly what you're looking for, but it could help you: pam_ccreds cached credentials, this should give you full access to your server even if the ad-server is down. I haven't used this module yet. Just found it today while looking for a solution concerning a similar issue. Good luck! Sebastian Knieschewski -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris 10 Samba and AD using LDAP
Environment: Solaris 10, Samba 3.0.24 and LDAP client (native to Solaris 10). The Solaris machine/Samba is running LDAP client, pointing at a Windows 2003 R2 LDAP server. We wish to have the Samba instance look to the Windows machine for user authentication, single sign-on. Ideally, when a user is writing files on the Samba share, the file attributes reflect the Windows attributes and these are gathered from the Active Directory via LDAP. LDAP/Kerberos functionality has been verified (klist, kinit, etc). 1. When compiling Samba we receive the following error: Configure: Warning: Disabling Active Directory Support (requires ldap_initialize). We are in the process of chasing this error down. 2. Most documentation has the Samba machine running as a BDC. We want the Samba/Solaris 10 machine to use LDAP for user authentication. Will Samba use a Windows 2003 LDAP server for user authentication, providing single sign on? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issue with pam_winbind for MS AD authentication and moduleoptions
Hello! passwd, shadow and group looks as follows in nsswitch.conf: passwd: files winbind shadow: files group: files group What really confuses me is that when my AD server is up and running, root or any local user logs in with no problem. And even when AD server is down, after trying a zillion times, root and other local users login, and then if I log them out and try again a few minutes later it won't go again, then again after a few minutes it works again and it keeps going like that. My guess is that when it's not going pam_winbind and winbind are trying to connect to the AD Server resulting in a huge delay in the login process afecting also local users login. That's why I was wondering if there is a timeout option or something for pam_winbind to avoid that. Well, that's my guess I could be wrong and maybe the problem is something else. Anyway thank's so far for your help, if you or anyone has a light... Andre Miles, Noal wrote: You have files before winbind in /etc/nsswitch.conf for passwd, shadow, group? Noal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andre Fernando Goldacker Sent: Wednesday, April 04, 2007 8:40 AM To: samba@lists.samba.org Subject: [Samba] Issue with pam_winbind for MS AD authentication and moduleoptions Hello! I've configured samba with winbind and pam_winbind module to authenticate users that connect to my linux box against MS AD. Works like a charm. If a user exists both in AD and locally, login should assume local users. Again, it works pretty well (It seems at least with my current config). If my AD server goes down for any reason, local users should be able to login. For example, root has to login always no matter if my AD server exploded. That's where is the problem. When I shutdown my AD server and I try to login with a local user (root as well), my guess is that it seems that pam_winbind waits for a very very long time trying to find my AD server to authenticate that even the local login times out. I don't really know if that is the reason for this behaviour, but if it is, I'm wondering if there is a hidden or maybe a new timeout option for pam_winbind module as I didn't found anything related in the man pages and the mailing lists archive. Or maybe if login finds the user in the local database, bypass winbind authentication, don't know if that is possible. The reason why I came up with this idea is that when the AD server is down and I try to login with root for eg. over and over many times, after a while it goes (looks like pam config order is right), but a few minutes later it won't again, which made me thought that perhaps winbind or pam_winbind are trying to estabilish a connection with AD and somehow because of that the whole process slows down so much that even local login times out. Samba is configured to catch UID's, GID's from AD using SFU and ad idmap backend. Only users that are members of a specified AD group are able to login. The purpose of the machine is to be an application server and share folders based on AD users and group permissions. My system is RHEL AS3 with update 7 and samba-3.0.24 Below are my pam lines in the system-auth file: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so try_first_pass require_membership_of=DOMAIN+group authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so nullok_secure account sufficient/lib/security/$ISA/pam_winbind.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session required /lib/security/$ISA/pam_mkhomedir.so umask=0022 skel=/etc/skel Considering that if a user exists both in the local user database and AD, login has to assume local user (seems to be working fine), could someone give me a hint if I'm in the right path, and maybe an idea why or what I could do when my AD servers goes down to my local users (including root) log in normally?? Any help will be greatly appreciated, Andre -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Failed to verify incoming ticket! When clients use netbios names only!
Hi, I have set up our samba box in 'ADS' mode; the problem I have is clients connecting to the server can not do so by using its netbios name. Only when they use the IP address of the machine are they able to be authenticated and browse the box. When clients connect via the netbios name this message will appear in my samba logs with the IP of the connecting client; smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! Additionally, If a client connects successfully via the IP of the samba server, the log file is named in the clients netbios name rather than their IP. eg machinenetbiosname.log will contain [2007/04/04 15:13:00, 1] smbd/service.c:make_connection_snum(642) netbiosnameofmachine (192.168.16.203) signed connect to service data initially as user DOMAIN+gorby (uid=10002, gid=10004) (pid 4329) Can some one tell me what's happening here? ;) thor:/var/log/samba# cat /etc/samba/smb.conf [global] winbind use default domain = yes winbind separator = + client use spnego = yes use spnego = yes server signing = auto client signing = auto netbios name = THOR idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash workgroup = DOMAIN server string = Thor security = ads hosts allow = 192.168.16. load printers = no cups options = raw log file = /var/log/samba/%m.log max log size = 50 password server = SERVER01 encrypt passwords = yes realm = DOMAIN passdb backend = tdbsam local master = no domain master = no wins support = no wins server = 192.168.16.3 dns proxy = no hostname lookups = yes name resolve order = lmhosts host wins dns bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 [data] comment = path = /data Valid Users = +DOMAIN+domain users writeable = yes browseable = yes [ftp] comment = FTP area path = /data/ftp Valid Users = +DOMAIN+domain users writeable = yes browseable = yes thor:/var/log/samba# wbinfo -u works! wbinfo -g works passwd: files winbind shadow: files winbind group: files winbind #hosts: db files nisplus nis dns hosts: files winbind # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc:nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind rpc:files services: files winbind netgroup: files winbind publickey: nisplus automount: files winbind aliases:files nisplus cat /etc/resolv.conf search DOMAIN.NAME nameserver 192.168.16.3 (also the PDC) thor:/var/log/samba# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.16.4thor.DOMAIN.NAME thor 192.168.16.3server01.DOMAIN.NAME server01 thor:/var/log/samba# kinit administrator@ mailto:[EMAIL PROTECTED] DOMAIN.NAME mailto:[EMAIL PROTECTED]'s administrator@ mailto:[EMAIL PROTECTED] DOMAIN.NAME mailto:[EMAIL PROTECTED]'s 's Password: kinit: NOTICE: ticket renewable lifetime is 1 week thor:/var/log/samba# cat /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = DOMAIN.NAME dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes krb4_get_tickets = false [realms] DOMAIN.NAME = { kdc = server01:88 } [domain_realm] .server01 = DOMAIN.NAME server01 = DOMAIN.NAME [kdc] profile = /var/lib/heimdal-kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to verify incoming ticket! When clients use netbios names only!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 m.bland wrote: thor:/var/log/samba# cat /etc/samba/smb.conf [global] workgroup = DOMAIN realm = DOMAIN Are these really the same value ? ... thor:/var/log/samba# cat /etc/krb5.conf [libdefaults] default_realm = DOMAIN.NAME cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8GbIR7qMdg1EfYRAuqRAKCQXy8POjaFF9IyvZjpInVG08j2vwCgyYEF wR6kgQb/nFF7t3DppDHWyVQ= =ye1d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unsupported nsswitch entry
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Collen Blijenberg wrote: isn't password change done through PAM, not nsswitch The Solaris passwd command is a bit borken in my experience. I recommend using kpasswd for change AD domain user passwords. # passwd root passwd: Unsupported nsswitch entry for passwd:. Use -r repository . Unexpected failure. Password file/table unchanged. How do you get Solaris to recognize the winbind entry? I have installed the winbind library. IIRC, this has to be passwd -r files root cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8IXIR7qMdg1EfYRAkQhAJ9k9hDQNxEgkEX2oVpnB2rndsiIdACeI58U DXQaffmZVsUKkLP5/QaKw3M= =QRqF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] home shares and thunderbird profiles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: On Mon, Apr 02, 2007 at 11:08:14AM -0700, Mark Nienberg wrote: We find it convenient to keep thunderbird email client profiles on our home shares rather than in our user profiles, as is the default. From time to time some users experience the dreaded delayed write failed error for certain thunderbird files. The only solution seems to be to log off and log on again. (after clicking OK to accept the error about seven times). This almost always means a network problem (it's a client oplock break response failure). The only time I ever see this in my environment is when you are re-exporting NFS home directories. Firefox has the same problem. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8KCIR7qMdg1EfYRAvFAAKDAo9/iik97uZ1J2hUl9S8Nf6pVKQCg32j7 C02TMFcWjdlH54tKrc/CrhU= =cfss -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Changing winbind's user settings of an AD-User
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sebastian Knieschewski wrote: Hi, I set up a Win2k3 AD and joined Samba 3.0.24 sucessfully. getent passwd lists all Linux and AD users correctly. [...] UIB+knieschewski:*:1:1:Sebastian Knieschewski:/home/UIB/knieschewski:/bin/bash Now I want to change the home directory of some users. Is there any way to do this??? I expected the home-dir entries to be stored in the AD, but there isn't a trace, so there must be a place to find on my linux machine. In other words, I'm looking for a file like /etc/passwd for changing settings for the AD-Users. Set winbind nss info = rfc2307 or sfu depending on your domain schema. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8MBIR7qMdg1EfYRAtK7AJ4qMV9MAgDmQu2fUmmpX2sELF471ACffreb spLyieUVyjorw/5P9IFVjII= =cYL7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to change SID in ntuser.dat?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stefan, Hello, i try to migrate user/groups from NT4 PDC to Samba3 with LDAP backend. There is already an NIS-Server with Samba runing, so there exists two userlists. I migrated the user/ groups from windows via net rpc vampire and added/changed the UID´s from the NIS-Server but didn´t change the SID. A teammate told me, there could be some access problems, if i don´t change the SID. So i tried to change the SID in ntuser.dat to produce a samba equal SID (RID = 2xUID +1000). /usr/bin/profiles dumps me only the reghive, but doesn´t change the SID. I´m using Samba 3.0.24. Grab the profiles tool from 3.0.25pre2. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8NjIR7qMdg1EfYRAinvAKCiX+DuZ2fgQPknmnvFNnjyqtAl4QCgknON EHVzlO7finn1Rz7HJevmQfY= =N6Vn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] creating NTConfig.POL
I have an NTConfig.POL I created from poledit with the Windows 2000 Administrator toolkit. It contains my WSUS configuration, and NTConfig.POL is placed in my [netlogon] share and is being loaded fine by the clients. Is this still the propery way to create NTConfig.POL files, or is there a newer utility I should be using? I'm looking at Vista and it uses .admx templates, which I guess aren't compatible with the Windows 2000 poledit.exe I'm using. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does samba support ipv6 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Hi All, Am fairly new to samba and using samba-3.0.22. Is there any option for configurimng samba so that it supports ipv6 or any patch which will help us to enable ipv6 ?? None that are current. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8jtIR7qMdg1EfYRAmggAKCL3DsAAJBKPxbb3kO6pvm7M93fLwCePZjs SolboHoAQoPDOFzzOOabdAI= =RJqP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cups and inf file with hp laserjet 4000
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Miguel Angel Miranda wrote: Hi, im having the very same problem described in this thread (October 2004), http://lists.samba.org/archive/samba/2004-October/094840.html the user got zero responses, does somebody have a response or comment now (march 2007)? My advice is to not use cupsmbadd. Use a real windows client to upload the driver. cheers. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8ppIR7qMdg1EfYRAsrYAKDVkP/RLwMzFZL1+VHBD6ORFT7QWgCg5TVb XU9eBQsN9W1Xu3wouizgQTs= =jtL6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbclient and long share names
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leif Adeloew wrote: Hi, Have been trying to find info on how to tune samba/smbclient to show shares with long names. E.g a share named Production Documents on a WIN 2000 server is not shown in 'browsing' list (smbclient -L boxname) whereas Cetal Backup is. This is fixed in reetn Samba version. Starting with 3.0.23 IIRC. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8qkIR7qMdg1EfYRArtxAJ92OIHO/P7C9pLOSlp2lSv9jq+wXgCfeNH0 iALG7xjYcS2zxulk3Pih/SU= =JJHg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: NDN: Re: [Samba] Move local profile to domain profile.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Charles Marcus wrote: Post Office wrote: Sorry. Your message could not be delivered to: Jonathan DEL CAMPO /jdc/ .Y (Mailbox or Conference is full.) Would one of the list admins PLEASE remove this guy from the list? I've been getting NDRs from him for as long as I can remember... Done. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8tCIR7qMdg1EfYRAkuHAKDrtWLPtly2sOaGFtytaxxhkr505wCgn5xH pRC6oNottfZjmxJ6VurxsdQ= =K4dt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind occasionally failing to find domain controllers for trusted domains
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Haar wrote: Hi there We have a bunch of Win2K3 trusted domains that are parts of other forests from our own Win2K3 forest. ... Have I missed something that could make these trusts more reliable? We are running Samba-3.0.24 under CentOS4.4 We should be talking to DNS anyways in this case. Can you DNS resolve teh SRV records for the trusted domain? Do you have host listed in the name resolve order option in smb.conf ? cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE8xNIR7qMdg1EfYRAoj8AJ94N3JZ6wnjWswrOwEEiOUumGKhYwCg3yFx dzLXWx7KLUe/LCjzAE+1tBU= =ePHX -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Issue with pam_winbind for MS AD authentication and moduleoptions
I made a mistake, group in nsswitch.conf looks like this: group:files winbind sorry about that!! Andre Andre Fernando Goldacker wrote: Hello! passwd, shadow and group looks as follows in nsswitch.conf: passwd: files winbind shadow: files group: files group What really confuses me is that when my AD server is up and running, root or any local user logs in with no problem. And even when AD server is down, after trying a zillion times, root and other local users login, and then if I log them out and try again a few minutes later it won't go again, then again after a few minutes it works again and it keeps going like that. My guess is that when it's not going pam_winbind and winbind are trying to connect to the AD Server resulting in a huge delay in the login process afecting also local users login. That's why I was wondering if there is a timeout option or something for pam_winbind to avoid that. Well, that's my guess I could be wrong and maybe the problem is something else. Anyway thank's so far for your help, if you or anyone has a light... Andre Miles, Noal wrote: You have files before winbind in /etc/nsswitch.conf for passwd, shadow, group? Noal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andre Fernando Goldacker Sent: Wednesday, April 04, 2007 8:40 AM To: samba@lists.samba.org Subject: [Samba] Issue with pam_winbind for MS AD authentication and moduleoptions Hello! I've configured samba with winbind and pam_winbind module to authenticate users that connect to my linux box against MS AD. Works like a charm. If a user exists both in AD and locally, login should assume local users. Again, it works pretty well (It seems at least with my current config). If my AD server goes down for any reason, local users should be able to login. For example, root has to login always no matter if my AD server exploded. That's where is the problem. When I shutdown my AD server and I try to login with a local user (root as well), my guess is that it seems that pam_winbind waits for a very very long time trying to find my AD server to authenticate that even the local login times out. I don't really know if that is the reason for this behaviour, but if it is, I'm wondering if there is a hidden or maybe a new timeout option for pam_winbind module as I didn't found anything related in the man pages and the mailing lists archive. Or maybe if login finds the user in the local database, bypass winbind authentication, don't know if that is possible. The reason why I came up with this idea is that when the AD server is down and I try to login with root for eg. over and over many times, after a while it goes (looks like pam config order is right), but a few minutes later it won't again, which made me thought that perhaps winbind or pam_winbind are trying to estabilish a connection with AD and somehow because of that the whole process slows down so much that even local login times out. Samba is configured to catch UID's, GID's from AD using SFU and ad idmap backend. Only users that are members of a specified AD group are able to login. The purpose of the machine is to be an application server and share folders based on AD users and group permissions. My system is RHEL AS3 with update 7 and samba-3.0.24 Below are my pam lines in the system-auth file: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so try_first_pass require_membership_of=DOMAIN+group authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so nullok_secure account sufficient/lib/security/$ISA/pam_winbind.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session required /lib/security/$ISA/pam_mkhomedir.so umask=0022 skel=/etc/skel Considering that if a user exists both in the local user database and AD, login has to assume local user (seems to be working fine), could someone give me a hint if I'm in the right path, and maybe an idea why or what I could do when my AD servers goes down to my local users (including root) log in normally?? Any help will be greatly appreciated, Andre -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: home shares and thunderbird profiles
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: On Mon, Apr 02, 2007 at 11:08:14AM -0700, Mark Nienberg wrote: We find it convenient to keep thunderbird email client profiles on our home shares rather than in our user profiles, as is the default. From time to time some users experience the dreaded delayed write failed error for certain thunderbird files. The only solution seems to be to log off and log on again. (after clicking OK to accept the error about seven times). This almost always means a network problem (it's a client oplock break response failure). The only time I ever see this in my environment is when you are re-exporting NFS home directories. Firefox has the same problem. I am seeing the Firefox problem too, but the home directories are not on NFS. It happens less often for Firefox, but that is probably because there is less writing to be done. (The Firefox profiles do not include the browser cache, which is local to each machine). I have not seen the problem on any other shares, but the home share is the only one with Thunderbird and Firefox profiles. So far, I have not been able to identify a hardware culprit, but I am still keeping an eye out for one. Thanks very much for the information. Mark Nienberg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] creating NTConfig.POL
On Wed, 2007-04-04 at 09:58 -0500, Adam Williams wrote: I have an NTConfig.POL I created from poledit with the Windows 2000 Administrator toolkit. It contains my WSUS configuration, and NTConfig.POL is placed in my [netlogon] share and is being loaded fine by the clients. Is this still the propery way to create NTConfig.POL files, or is there a newer utility I should be using? I'm looking at Vista and it uses .admx templates, which I guess aren't compatible with the Windows 2000 poledit.exe I'm using. Yes, that is the proper way to configure Policies until Samba supports GPOs. This summer I will probably create policy templates for Vista to be used with the Policy Editor (they will be in .adm format). Currently I have a few custom templates for the Policy Editor available at: http://www.pcc-services.com/custom_poledit.html I am in the process of updating them to include IE7 policies (among other policies). If you are in need of any policy that is not in these templates, please let me know so I can add them as I update the templates. I have a working IE7 template at: http://files.pcc-services.com/files/samba/ I have run into a few snags that look like they are simply bugs with IE7 and am trying to work with Microsoft to fix them (imagine that), although I don't know if they will be fixed - I think I can create work arounds that should be easy to implement if they aren't fixed. Anyway, if you need any policies you can email me directly - as I want to be finished with a new custom_policy template sometime this month. Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] deny second or multiple logins
Hello Helmut, Am Mittwoch, den 04.04.2007, 08:55 +0200 schrieb Helmut Hullen: Hallo, Marcus, Du meintest am 04.04.07 zum Thema Re: [Samba] deny second or multiple logins: test $RESULT -eq 1 || exit 1 --- That's no good idea. Try test $RESULT -eq 0 Then the return level is 0 (= ok) for 0 , and it's 1 (not ok) for 1 or higher. Hmmm, if the value of RESULUT is not 1 or higher, That's the DOS way ... the scipt has to exit 1 (not ok), which is correct, because in this case the same userid tries to connect from different IPs. Your script returns with 1 also if $RESULT is 0. My version returns with 0 if $RESULT is 0, otherwise with 1 (if it's the last line in the script). Okay, let's finish this 1 or 0 result question, because this is not the main problem. The preexec parameter thing does not solve the problem of denying multiple logins. The user is still able to login, but no shares are mounted. And as I wrote in of my last emails, windows reconnects its shares every few minutes. In this case, the script doesn't know anymore which client PC was the user's first and therefore the script is blocking all client PCs, the first client and all following clients (of the user). To avoid this one has to set lock files with username and IP. These lock files could be removed with the postexec parameter. But what happens if a client PCs crashes and doesn't disconnect its shares? The postexec command will not run and if the user tries to connect from a different machine (or his machine is getting a new IP by dhcp after restart), the existing lock file is blocking the complete user. Any other ideas? Did nobody solve this problem? Ciao, Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Registry on server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: Hi, all, I can connect to the 'registry' of our Samba server using regedt32; I can't however change/add entries even though I start the program as Domain Admin. You have to be a member of the BUILTIN\Administrators group on Samba server (and be running - Samba 3.0.20). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE9k5IR7qMdg1EfYRAsxIAJ9abjVZZswmQvLz7RG8Q3dpzQNivQCdFYDU R9sPSkeytomo2dFoy6uj4n0= =o2ch -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: winbind: BUILTIN\users group gid 1001 conflict
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christoph Peus wrote: Don Piven wrote: Sez Christoph Peus: Hi everybody, I've joined a fileserver running samba 3.0.24 to an AD domain using winbind and noticed that samba maps the users group SID (5-1-5-32-545) to gid 1001 automatically. This seems to conflict with one of ~2000 mappings I had to inject in winbinds winbindd_idmap.tdb by use of net idmap dump/restore, because the I don't remember but I assume the restore sets the UID and GID HWM values right ? Thanks for the hint, but both are set to 1000-6, which is - as far as I know - the correct setting if domain users/groups SIDs shall resolve to uids/gids of this range. Definitely sounds like the HWM values are wrong. Winbindd uses these records to determine the next available uid/gid which can be allocated. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE9pcIR7qMdg1EfYRAuavAJ9IqEa/u5AnRlb6fQaYe24WL8lw/ACgr4ac KmW60GT60+7Paw837lPcQuQ= =GvfJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: roaming profile not uploaded correctly when logging outfor the first time
Tomasz Chmielewski wrote: Does it happen for you with XP or 2000? I'm certain it happens with 2000. I'm not sure if it happens with XP or not. Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3.0.24 patched drive mapping prompting for username/password and fails..
This weekend upgraded a Solaris 9 system which has been using samba-3.0.10 for a while without any problems to version 24 with patches applied. When Samba-3.0.10 is running, can browse to share as well as map it without getting any prompts or failures. Under 3.0.24, get prompted for username and password and still not allowed into share. User is on Windows XP professional and AD server is Windows 2000 Server. [global] hide unreadable = Yes workgroup = adtestnetbios realm = adtest.com security = ADS encrypt passwords = yes log level = 4 idmap uid = 1-35000 idmap gid = 1-35000 winbind enum users = yes winbind enum groups = yes template homedir = /u/%U template shell = /bin/csh winbind use default domain = yes winbind cache time = 600 client schannel = no username map = /usr/local/samba/lib/users.map [u] comment = Monarch's u directory path = /u public = no create mask = 0660 read only = No directory mask = 0770 browseable = Yes force group = group valid users = root,monarch,@xyzusers [public] comment = Monarch's public directory public = no path = /u/public read only = No create mask = 0660 directory mask = 0770 browseable = Yes force group = group valid users = root,monarch,@xyzusers [user] comment = User's home directory path = /u/%U writable = yes public = no create mask = 0660 directory mask = 0770 browseable = Yes force group = group valid users = root,monarch,@xyzusers [stock] comment = Monarch's stock directory path = /u/stock read only = no public = no create mask = 0660 directory mask = 0770 browseable = Yes force group = group valid users = root,monarch,@xyzusers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Issue with pam_winbind for MS AD authentication and moduleoptions
I haven't tested but perhaps this pam entry in system-auth will help (insert before winbind account entry) account sufficient/lib/security/$ISA/pam_succeed_if.so uid 100 quiet Noal -Original Message- From: Andre Fernando Goldacker [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 04, 2007 11:06 AM To: Andre Fernando Goldacker Cc: Miles, Noal; samba@lists.samba.org Subject: Re: [Samba] Issue with pam_winbind for MS AD authentication and moduleoptions I made a mistake, group in nsswitch.conf looks like this: group:files winbind sorry about that!! Andre Andre Fernando Goldacker wrote: Hello! passwd, shadow and group looks as follows in nsswitch.conf: passwd: files winbind shadow: files group: files group What really confuses me is that when my AD server is up and running, root or any local user logs in with no problem. And even when AD server is down, after trying a zillion times, root and other local users login, and then if I log them out and try again a few minutes later it won't go again, then again after a few minutes it works again and it keeps going like that. My guess is that when it's not going pam_winbind and winbind are trying to connect to the AD Server resulting in a huge delay in the login process afecting also local users login. That's why I was wondering if there is a timeout option or something for pam_winbind to avoid that. Well, that's my guess I could be wrong and maybe the problem is something else. Anyway thank's so far for your help, if you or anyone has a light... Andre Miles, Noal wrote: You have files before winbind in /etc/nsswitch.conf for passwd, shadow, group? Noal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andre Fernando Goldacker Sent: Wednesday, April 04, 2007 8:40 AM To: samba@lists.samba.org Subject: [Samba] Issue with pam_winbind for MS AD authentication and moduleoptions Hello! I've configured samba with winbind and pam_winbind module to authenticate users that connect to my linux box against MS AD. Works like a charm. If a user exists both in AD and locally, login should assume local users. Again, it works pretty well (It seems at least with my current config). If my AD server goes down for any reason, local users should be able to login. For example, root has to login always no matter if my AD server exploded. That's where is the problem. When I shutdown my AD server and I try to login with a local user (root as well), my guess is that it seems that pam_winbind waits for a very very long time trying to find my AD server to authenticate that even the local login times out. I don't really know if that is the reason for this behaviour, but if it is, I'm wondering if there is a hidden or maybe a new timeout option for pam_winbind module as I didn't found anything related in the man pages and the mailing lists archive. Or maybe if login finds the user in the local database, bypass winbind authentication, don't know if that is possible. The reason why I came up with this idea is that when the AD server is down and I try to login with root for eg. over and over many times, after a while it goes (looks like pam config order is right), but a few minutes later it won't again, which made me thought that perhaps winbind or pam_winbind are trying to estabilish a connection with AD and somehow because of that the whole process slows down so much that even local login times out. Samba is configured to catch UID's, GID's from AD using SFU and ad idmap backend. Only users that are members of a specified AD group are able to login. The purpose of the machine is to be an application server and share folders based on AD users and group permissions. My system is RHEL AS3 with update 7 and samba-3.0.24 Below are my pam lines in the system-auth file: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so try_first_pass require_membership_of=DOMAIN+group authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so nullok_secure account sufficient/lib/security/$ISA/pam_winbind.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session required /lib/security/$ISA/pam_mkhomedir.so umask=0022 skel=/etc/skel Considering that if a user exists both in the local user database and AD, login
Re: [Samba] How to change SID in ntuser.dat?
No one? How can i change SID in ntuser.dat? Stefan Drees schrieb: Hello, i try to migrate user/groups from NT4 PDC to Samba3 with LDAP backend. There is already an NIS-Server with Samba runing, so there exists two userlists. I migrated the user/ groups from windows via net rpc vampire and added/changed the UID´s from the NIS-Server but didn´t change the SID. A teammate told me, there could be some access problems, if i don´t change the SID. So i tried to change the SID in ntuser.dat to produce a samba equal SID (RID = 2xUID +1000). /usr/bin/profiles dumps me only the reghive, but doesn´t change the SID. I´m using Samba 3.0.24. Any hints? Regards Stefan D. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to change SID in ntuser.dat?
Sorry, i try to explain again. I want to migrate nt4 user and groups von nt4 pdc to samba3 with net rpc vampire. Normally samba generate new SID´s like this: 2*UID + 1000. Now i want to change the nt4 user SID´s to the style samba would calculate them. The reason for this, a friend told me there are some access problems if i leave the original NT4 SID. I tried the /usr/bin/profiles binary, but this seems only to work for NT4/W2K and not for XP. Hope its better now :-). Sorry, for my bad english. Regards Stefan D. Fred Nuffer schrieb: Even after reading this I am not entirely sure what you are asking. If you want to change the owners of the existing profiles, you would use moveuser.exe from the server resource kits. Stefan Drees wrote: No one? How can i change SID in ntuser.dat? Stefan Drees schrieb: Hello, i try to migrate user/groups from NT4 PDC to Samba3 with LDAP backend. There is already an NIS-Server with Samba runing, so there exists two userlists. I migrated the user/ groups from windows via net rpc vampire and added/changed the UID´s from the NIS-Server but didn´t change the SID. A teammate told me, there could be some access problems, if i don´t change the SID. So i tried to change the SID in ntuser.dat to produce a samba equal SID (RID = 2xUID +1000). /usr/bin/profiles dumps me only the reghive, but doesn´t change the SID. I´m using Samba 3.0.24. Any hints? Regards Stefan D. -- Best regards, L. Fred Nuffer Support Systems Analyst, Senior Parking and Transportation Services Office: (520)621-5021 Cell: (520)307-2306 Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbd trying to use incorrect am-utils paths
Hello I am running samba on a RHEL 3 system and am having problems with file systems that are automounted by am-utils. [EMAIL PROTECTED] www]$ /usr/sbin/smbd -V Version 3.0.9-1.3E.12 [EMAIL PROTECTED] samba]# cd /fs/icdlraid [EMAIL PROTECTED] icdlraid]# pwd /a/icdl/export/raid smb.conf has an entry for this filesystem as... [icdlraid2] path = /fs/icdlraid2 public = yes writable = yes browsable = no And the error that shows up in the log is... [2007/04/04 16:51:12, 0] smbd/service.c:set_current_service(51) chdir (/a/icdl/export/raid2) failed [2007/04/04 16:51:12, 1] smbd/service.c:close_cnum(841) catoctin (128.8.130.207) closed connection to service icdlraid2 /fs/icdlraid2 is one of the paths I want smbd to use and it does the initial mount correctly. After some idle time, the automounter unmounts the filesystem and the /a/icdl/export/raid2 path is no longer valid. smbd is trying to use the back end path instead of the original /fs/icdlraid2 path which would make the automounter remount the file system. When this happens, the user has to remount their smb mounts to start using it again. Are there any options available to affect the path used in this case? Thanks -Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind occasionally failing to find domain controllers for trusted domains
Gerald (Jerry) Carter wrote: Jason Haar wrote: Hi there We have a bunch of Win2K3 trusted domains that are parts of other forests from our own Win2K3 forest. ... We should be talking to DNS anyways in this case. Can you DNS resolve teh SRV records for the trusted domain? Absolutely. The Samba servers just use the local Active Directory DNS servers - and indeed they can resolve these domains correctly (e.g the SRV records for _ldap._tcp.DOMAIN) Do you have host listed in the name resolve order option in smb.conf ? It's set to lmhosts wins host bcast, and /etc/nsswitch.conf is set to hosts: files dns Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Use of cache_peer login=username:password
I'm running squid 2.6.11 on FreeBSD with a parent cache that requires authentication in order to access any web sites. It's been suggested to us by the department that runs the upstream cache that we can make some sites accessible without the client having to authenticate by getting our local squid to supply the username password to the upstream cache for those sites. It users the cache_peer login= syntax. Unfortunately, the configuration they sent me doesn't work - I get the following error:FATAL: ERROR: cache_peer xxx.xxx.xxx.xxx specified twice. Here is the relavent section of squid.conf (IP address, username password have been removed!) #Define acl for all source addresses acl rest src 0.0.0.0/0.0.0.0 # #Define acl for proxy bypass addresses (squid does authentication for these) acl safe dstdomain /usr/local/etc/squid/safe.conf #Supply username password for sites defined in safe.conf cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=username:password cache_peer_access xxx.xxx.xxx.xxx allow safe cache_peer_access xxx.xxx.xxx.xxx deny rest #Require authentication for all other sites cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS cache_peer_access xxx.xxx.xxx.xxx deny safe cache_peer_access xxx.xxx.xxx.xxx allow rest Can anyone suggest a way to implement this that gets around the duplicate cache_peer problem? Cheers, Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to change SID in ntuser.dat?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stefan Drees wrote: Sorry, i try to explain again. I want to migrate nt4 user and groups von nt4 pdc to samba3 with net rpc vampire. Normally samba generate new SID´s like this: 2*UID + 1000. Now i want to change the nt4 user SID´s to the style samba would calculate them. The reason for this, a friend told me there are some access problems if i leave the original NT4 SID. I tried the /usr/bin/profiles binary, but this seems only to work for NT4/W2K and not for XP. Hope its better now :-). Sorry, for my bad english. I already answered you here: http://lists.samba.org/archive/samba/2007-April/130849.html cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFGdQIR7qMdg1EfYRAtuMAKDmdoMxlR3eAjL/QN7D9uXxX2ZGngCgvsI4 19bAUgq3//HxGnljyhkXkI4= =EVOF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Use of cache_peer login=username:password
Oops, sorry, wrong mailing list! Ian On Thu Apr 5 9:08 , [EMAIL PROTECTED] sent: I'm running squid 2.6.11 on FreeBSD with a parent cache that requires authentication in order to access any web sites. It's been suggested to us by the department that runs the upstream cache that we can make some sites accessible without the client having to authenticate by getting our local squid to supply the username password to the upstream cache for those sites. It users the cache_peer login= syntax. Unfortunately, the configuration they sent me doesn't work - I get the following error:FATAL: ERROR: cache_peer xxx.xxx.xxx.xxx specified twice. Here is the relavent section of squid.conf (IP address, username password have been removed!) #Define acl for all source addresses acl rest src 0.0.0.0/0.0.0.0 # #Define acl for proxy bypass addresses (squid does authentication for these) acl safe dstdomain /usr/local/etc/squid/safe.conf #Supply username password for sites defined in safe.conf cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=username:password cache_peer_access xxx.xxx.xxx.xxx allow safe cache_peer_access xxx.xxx.xxx.xxx deny rest #Require authentication for all other sites cache_peer xxx.xxx.xxx.xxx parent 8080 3130 default no-query login=PASS cache_peer_access xxx.xxx.xxx.xxx deny safe cache_peer_access xxx.xxx.xxx.xxx allow rest Can anyone suggest a way to implement this that gets around the duplicate cache_peer problem? Cheers, Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to change SID in ntuser.dat?
Many thanks, i will try today. Gerald (Jerry) Carter schrieb: Stefan Drees wrote: Sorry, i try to explain again. I want to migrate nt4 user and groups von nt4 pdc to samba3 with net rpc vampire. Normally samba generate new SID´s like this: 2*UID + 1000. Now i want to change the nt4 user SID´s to the style samba would calculate them. The reason for this, a friend told me there are some access problems if i leave the original NT4 SID. I tried the /usr/bin/profiles binary, but this seems only to work for NT4/W2K and not for XP. Hope its better now :-). Sorry, for my bad english. I already answered you here: http://lists.samba.org/archive/samba/2007-April/130849.html cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Rev 5328: rename internal function _key_exists to smbconf_key_exists in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5328 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Wed 2007-04-04 08:03:13 +0200 message: rename internal function _key_exists to smbconf_key_exists modified: source/utils/net_conf.cnet_conf.c-20070228210606-uywdn1acd043wgvt-1 === modified file 'source/utils/net_conf.c' --- a/source/utils/net_conf.c 2007-04-04 05:56:31 + +++ b/source/utils/net_conf.c 2007-04-04 06:03:13 + @@ -311,7 +311,7 @@ /* * check if a subkey of KEY_SMBCONF of a given name exists */ -static BOOL _key_exists(TALLOC_CTX *ctx, const char *subkeyname) +static BOOL smbconf_key_exists(TALLOC_CTX *ctx, const char *subkeyname) { BOOL ret = False; WERROR werr = WERR_OK; @@ -428,7 +428,7 @@ } } else { - if (_key_exists(ctx, servicename)) { + if (smbconf_key_exists(ctx, servicename)) { werr = reg_delkey_internal(ctx, servicename); if (!W_ERROR_IS_OK(werr)) { goto done;
svn commit: samba r22071 - in branches/SAMBA_3_0/source/utils: .
Author: abartlet Date: 2007-04-04 06:03:54 + (Wed, 04 Apr 2007) New Revision: 22071 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22071 Log: Make the error message for incorrect use of '-c' show the parameter as used. This means that smbpasswd -c user (which in htpasswd creates a new file) and smbpasswd -c /not/my/smb.conf should give errors an admin will think to chase down. Andrew Bartlett Modified: branches/SAMBA_3_0/source/utils/smbpasswd.c Changeset: Modified: branches/SAMBA_3_0/source/utils/smbpasswd.c === --- branches/SAMBA_3_0/source/utils/smbpasswd.c 2007-04-04 04:57:30 UTC (rev 22070) +++ branches/SAMBA_3_0/source/utils/smbpasswd.c 2007-04-04 06:03:54 UTC (rev 22071) @@ -190,7 +190,7 @@ if (!lp_load(configfile,True,False,False,True)) { fprintf(stderr, Can't load %s - run testparm to debug it\n, - dyn_CONFIGFILE); + configfile); exit(1); }
svn commit: samba r22072 - in branches/SAMBA_4_0/source/cluster/ctdb/include: .
Author: tridge Date: 2007-04-04 06:06:52 + (Wed, 04 Apr 2007) New Revision: 22072 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22072 Log: in order to implement the opendb ctdb backend, I've found that the existing ctdb_call() mechanism isn't sufficient. The main problem is that the operations on the record need to be done with a lock held while a local posix file operation is happening. We can't use a ctdb_call callback function to do the actual file opens, renames, unlinks etc as the callback would run on the wrong node. So this commit adds the prototypes for two new ctdb API functions which will make a opendb backend easier. Volker will probably recognise these functions as they are basically the same as what he did in his earlier Samba clustering code :-) Modified: branches/SAMBA_4_0/source/cluster/ctdb/include/ctdb.h Changeset: Modified: branches/SAMBA_4_0/source/cluster/ctdb/include/ctdb.h === --- branches/SAMBA_4_0/source/cluster/ctdb/include/ctdb.h 2007-04-04 06:03:54 UTC (rev 22071) +++ branches/SAMBA_4_0/source/cluster/ctdb/include/ctdb.h 2007-04-04 06:06:52 UTC (rev 22072) @@ -148,4 +148,19 @@ int ctdb_send_message(struct ctdb_context *ctdb, uint32_t vnn, uint32_t srvid, TDB_DATA data); +/* + fetch and lock a ctdb record. Underneath this will force the + dmaster for the record to be moved to the local node. + + The lock is released when is talloc_free() is called on the + returned ctdb_record_handle. +*/ +struct ctdb_record_handle *ctdb_fetch_lock(struct ctdb_db_context *ctdb_db, TDB_DATA key, TDB_DATA *data); + +/* + change the data in a record held with a ctdb_record_handle + if the new data is zero length, this implies a delete of the record + */ +int ctdb_record_store(struct ctdb_record_handle *rec, TDB_DATA data); + #endif
Rev 5329: replace remaining occurrence of global by GLOBAL_NAME in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5329 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Wed 2007-04-04 08:08:51 +0200 message: replace remaining occurrence of global by GLOBAL_NAME modified: source/utils/net_conf.cnet_conf.c-20070228210606-uywdn1acd043wgvt-1 === modified file 'source/utils/net_conf.c' --- a/source/utils/net_conf.c 2007-04-04 06:03:13 + +++ b/source/utils/net_conf.c 2007-04-04 06:08:51 + @@ -855,7 +855,7 @@ goto done; } - if (strequal(sharename, global)) { + if (strequal(sharename, GLOBAL_NAME)) { d_fprintf(stderr, ERROR: 'global' is not a valid share name.\n); goto done;
Rev 5330: inject personal TODO-file for work on registry in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5330 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Wed 2007-04-04 08:10:53 +0200 message: inject personal TODO-file for work on registry added: source/TODO.registry.ma todo.registry.ma-20070404061017-mw7eb61m4bxpc71a-1 === added file 'source/TODO.registry.ma' --- a/source/TODO.registry.ma 1970-01-01 00:00:00 + +++ b/source/TODO.registry.ma 2007-04-04 06:10:53 + @@ -0,0 +1,5 @@ +* check existence and readability of input file for import +* check existence of given share for setparm (maybe create) +* check existence of share and value for delparm and getparm +* validate parameters given with setparm +
Rev 5331: merge from upstream in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5331 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Wed 2007-04-04 08:38:04 +0200 message: merge from upstream added: source/librpc/gen_ndr/cli_epmapper.c cli_epmapper.c-20070403170203-rdwbebk190mr9cja-1 source/librpc/gen_ndr/cli_epmapper.h cli_epmapper.h-20070403170205-rfiryuzext1ycpr0-1 source/librpc/gen_ndr/epmapper.h epmapper.h-20070403170206-qv3w6ndl5njusjit-1 source/librpc/gen_ndr/ndr_epmapper.c ndr_epmapper.c-20070403170207-x8t9glzat4pzm5tb-1 source/librpc/gen_ndr/ndr_epmapper.h ndr_epmapper.h-20070403170208-o2dur3fm34aeteoi-1 source/librpc/gen_ndr/srv_epmapper.c srv_epmapper.c-20070403170208-02ihlmghu3zs7q15-1 source/librpc/gen_ndr/srv_epmapper.h srv_epmapper.h-20070403170209-9a3e4o7pzn1ilb3y-1 source/librpc/idl/epmapper.idl epmapper.idl-20070403170210-0k84uu3o5jls0kqn-1 source/rpc_server/srv_epmapper_nt.c srv_epmapper_nt.c-20070403170211-b6ngpcng3nazasd4-1 modified: REVISION REVISION-20060530022625-68239662668b41c3 source/Makefile.in Makefile.in-20060530022626-b16dac2328ebe703 source/configure.inconfigure.in-20060530022626-07e74bc1e326c82d source/include/rpc_client.hrpc_client.h-20060530022627-a1348238a742e548 source/include/rpc_spoolss.h rpc_spoolss.h-20060530022627-b4ca4f41d6f3318a source/include/smb.h smb.h-20060530022627-6c2e6fe4eb631e83 source/librpc/gen_ndr/tables.c tables.c-20070228131337-h30woa85dkj703vy-1 source/librpc/ndr/ndr_basic.c ndr_basic.c-20060908151645-5zx7mkkabpiwuown-8 source/nsswitch/idmap.cidmap.c-20061212152801-ke1ub3n5v1jjf8gy-1 source/nsswitch/winbind_nss_aix.c winbind_nss_aix.c-20060530022627-35f94002ce51b07f source/nsswitch/winbindd_cred_cache.c winbindd_cred_cache.c-20060530090220-371737f9d1fbc477 source/passdb/pdb_interface.c pdb_interface.c-20060530022627-3c8946ee9faabfaa source/rpc_parse/parse_rpc.c parse_rpc.c-20060530022627-8beb03beffb0d17d source/rpc_parse/parse_spoolss.c parse_spoolss.c-20060530022627-fa1aa2a302bed8cf source/rpc_server/srv_dfs_nt.c srv_dfs_nt.c-20060530022627-a82f062db21a3f85 source/rpc_server/srv_pipe.c srv_pipe.c-20060530022627-4557e12950afc71b source/rpc_server/srv_spoolss_nt.c srv_spoolss_nt.c-20060530022627-659fb3668dc35c9b source/rpcclient/cmd_spoolss.c cmd_spoolss.c-20060530022627-1e09d30e6466cebd source/smbd/ipc.c ipc.c-20060530022627-701a160811794d2c source/smbd/lanman.c lanman.c-20060530022627-4d3ad959fbca66cf source/smbd/msdfs.cmsdfs.c-20060530024146-252992a3c60c990c source/smbd/quotas.c quotas.c-20060530022627-f2ef4e7853114181 source/smbd/trans2.c trans2.c-20060530022627-7ce34cd85c3f02f5 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-04-04 00:12:04 -0500 message: [EMAIL PROTECTED] (r22069) 2007-04-03 23:28:28 -0500 (Tue, 03 Apr 2007) BUG 4447: Fix compile failure on AIX 5.2 (patch from William Jojo [EMAIL PROTECTED]) merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-04-04 00:10:15 -0500 message: [EMAIL PROTECTED] (r22067) 2007-04-03 22:54:30 -0500 (Tue, 03 Apr 2007) - fix --with-fhs, where confdir is set to \${sysconfdir} but sysconfdir wasn't defined in our Makefile - add localstatedir for completeness metze merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-04-04 00:05:49 -0500 message: [EMAIL PROTECTED] (r22066) 2007-04-03 21:57:01 -0500 (Tue, 03 Apr 2007) Ensure that winbind can resolve SIDs in the S-1-22-{1,2} domain to a uid.gid using the idmap_passdb backend. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-04-04 00:03:58 -0500 message: [EMAIL PROTECTED] (r22065) 2007-04-03 19:03:12 -0500 (Tue, 03 Apr 2007) First logic change I've found :-(. We were being too restrictive about strings being NULL. If an info level doesn't use a subformat the subformat string may be missing (null). Add debug
svn commit: samba r22073 - in branches/tmp/vl-messaging/source/lib: .
Author: vlendec Date: 2007-04-04 12:07:19 + (Wed, 04 Apr 2007) New Revision: 22073 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22073 Log: Fix an obvious typo while looking at it... Modified: branches/tmp/vl-messaging/source/lib/messages_dgram.c Changeset: Modified: branches/tmp/vl-messaging/source/lib/messages_dgram.c === --- branches/tmp/vl-messaging/source/lib/messages_dgram.c 2007-04-04 06:06:52 UTC (rev 22072) +++ branches/tmp/vl-messaging/source/lib/messages_dgram.c 2007-04-04 12:07:19 UTC (rev 22073) @@ -54,7 +54,7 @@ sent = sys_sendto(socket_fd, li-msg, li-msg-len, 0, (struct sockaddr *)sunaddr, sizeof(sunaddr)); - if(send 0) { + if(sent 0) { if(sent != li-msg-len) { DEBUG(0, (tried to send %d bytes, send returned %d ?? \n, li-msg-len, sent));
svn commit: samba r22074 - in branches/SAMBA_4_0: . source/script/tests
Author: jelmer Date: 2007-04-04 12:23:10 + (Wed, 04 Apr 2007) New Revision: 22074 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22074 Log: More refactoring. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/script/tests/Samba3.pm branches/SAMBA_4_0/source/script/tests/Samba4.pm branches/SAMBA_4_0/source/script/tests/selftest.pl Changeset: Property changes on: branches/SAMBA_4_0 ___ Name: bzr:merge ...skipped... Modified: branches/SAMBA_4_0/source/script/tests/Samba3.pm === --- branches/SAMBA_4_0/source/script/tests/Samba3.pm2007-04-04 12:07:19 UTC (rev 22073) +++ branches/SAMBA_4_0/source/script/tests/Samba3.pm2007-04-04 12:23:10 UTC (rev 22074) @@ -121,9 +121,9 @@ return $failed; } -sub setup_env($$) +sub setup_env($$$) { - my ($self, $name) = @_; + my ($self, $name, $socket_wrapper_dir) = @_; } 1; Modified: branches/SAMBA_4_0/source/script/tests/Samba4.pm === --- branches/SAMBA_4_0/source/script/tests/Samba4.pm2007-04-04 12:07:19 UTC (rev 22073) +++ branches/SAMBA_4_0/source/script/tests/Samba4.pm2007-04-04 12:23:10 UTC (rev 22074) @@ -68,8 +68,7 @@ $self-provision_ldap(); } - warn(Not using socket wrapper, but also not running as root. Will not be able to listen on proper ports) unless - defined($socket_wrapper_dir) or $ == 0; + SocketWrapper::set_default_iface(1); unlink($env_vars-{SMBD_TEST_FIFO}); POSIX::mkfifo($env_vars-{SMBD_TEST_FIFO}, 0700); @@ -115,21 +114,22 @@ return $pid; } -sub wait_for_start($) +sub wait_for_start($$) { + my ($self, $testenv_vars) = @_; # give time for nbt server to register its names print delaying for nbt name registration\n; # This will return quickly when things are up, but be slow if we # need to wait for (eg) SSL init - system(bin/nmblookup $ENV{CONFIGURATION} $ENV{SERVER}); - system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{SERVER}); - system(bin/nmblookup $ENV{CONFIGURATION} $ENV{SERVER}); - system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{NETBIOSNAME}); - system(bin/nmblookup $ENV{CONFIGURATION} $ENV{NETBIOSNAME}); - system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{NETBIOSNAME}); - system(bin/nmblookup $ENV{CONFIGURATION} $ENV{NETBIOSNAME}); - system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} $testenv_vars-{SERVER}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} -U $testenv_vars-{SERVER} $testenv_vars-{SERVER}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} $testenv_vars-{SERVER}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} -U $testenv_vars-{SERVER} $testenv_vars-{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} $testenv_vars-{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} -U $testenv_vars-{SERVER} $testenv_vars-{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} $testenv_vars-{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} -U $testenv_vars-{SERVER} $testenv_vars-{NETBIOSNAME}); } sub provision($$$) @@ -177,9 +177,18 @@ return $failed; } -sub setup_env($$) +sub setup_env($$$) { - my ($self, $name) = @_; + my ($self, $name, $path, $socket_wrapper_dir) = @_; + + my $env = $self-provision($name, $path); + + $self-check_or_start($env, $socket_wrapper_dir, + ($ENV{SMBD_MAX_TIME} or 5400)); + + $self-wait_for_start($env); + + return $env; } 1; Modified: branches/SAMBA_4_0/source/script/tests/selftest.pl === --- branches/SAMBA_4_0/source/script/tests/selftest.pl 2007-04-04 12:07:19 UTC (rev 22073) +++ branches/SAMBA_4_0/source/script/tests/selftest.pl 2007-04-04 12:23:10 UTC (rev 22074) @@ -369,8 +369,6 @@ $ENV{SRCDIR} = $srcdir; -my $testsdir = $srcdir/script/tests; - my $tls_enabled = not $opt_quick; my $from_build_farm = (defined($ENV{RUN_FROM_BUILD_FARM}) and ($ENV{RUN_FROM_BUILD_FARM} eq yes)); @@ -399,6 +397,8 @@ { $socket_wrapper_dir = SocketWrapper::setup_dir($prefix/w); print SOCKET_WRAPPER_DIR=$socket_wrapper_dir\n; +} else { + warn(Not using socket wrapper, but also not running as root. Will not be able to listen on proper ports) unless $ == 0; } my $target; @@ -431,15 +431,10 @@ close(SKIP); } -my $testenv_vars; -$testenv_vars = $target-provision(dc, $prefix/dc); +my $testenv_vars = $target-setup_env(dc, $prefix/dc,
Rev 11785: More refactoring. in file:///home/jelmer/bzr.samba/SAMBA_4_0/
At file:///home/jelmer/bzr.samba/SAMBA_4_0/ revno: 11785 revision-id: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: SAMBA_4_0 timestamp: Wed 2007-04-04 15:22:46 +0200 message: More refactoring. modified: source/script/tests/Samba3.pm svn-v2:[EMAIL PROTECTED] source/script/tests/Samba4.pm svn-v2:[EMAIL PROTECTED] source/script/tests/selftest.pl svn-v2:[EMAIL PROTECTED] === modified file 'source/script/tests/Samba3.pm' --- a/source/script/tests/Samba3.pm 2007-03-21 15:57:07 + +++ b/source/script/tests/Samba3.pm 2007-04-04 13:22:46 + @@ -121,9 +121,9 @@ return $failed; } -sub setup_env($$) +sub setup_env($$$) { - my ($self, $name) = @_; + my ($self, $name, $socket_wrapper_dir) = @_; } 1; === modified file 'source/script/tests/Samba4.pm' --- a/source/script/tests/Samba4.pm 2007-03-27 04:21:16 + +++ b/source/script/tests/Samba4.pm 2007-04-04 13:22:46 + @@ -68,8 +68,7 @@ $self-provision_ldap(); } - warn(Not using socket wrapper, but also not running as root. Will not be able to listen on proper ports) unless - defined($socket_wrapper_dir) or $ == 0; + SocketWrapper::set_default_iface(1); unlink($env_vars-{SMBD_TEST_FIFO}); POSIX::mkfifo($env_vars-{SMBD_TEST_FIFO}, 0700); @@ -115,21 +114,22 @@ return $pid; } -sub wait_for_start($) +sub wait_for_start($$) { + my ($self, $testenv_vars) = @_; # give time for nbt server to register its names print delaying for nbt name registration\n; # This will return quickly when things are up, but be slow if we # need to wait for (eg) SSL init - system(bin/nmblookup $ENV{CONFIGURATION} $ENV{SERVER}); - system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{SERVER}); - system(bin/nmblookup $ENV{CONFIGURATION} $ENV{SERVER}); - system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{NETBIOSNAME}); - system(bin/nmblookup $ENV{CONFIGURATION} $ENV{NETBIOSNAME}); - system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{NETBIOSNAME}); - system(bin/nmblookup $ENV{CONFIGURATION} $ENV{NETBIOSNAME}); - system(bin/nmblookup $ENV{CONFIGURATION} -U $ENV{SERVER} $ENV{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} $testenv_vars-{SERVER}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} -U $testenv_vars-{SERVER} $testenv_vars-{SERVER}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} $testenv_vars-{SERVER}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} -U $testenv_vars-{SERVER} $testenv_vars-{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} $testenv_vars-{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} -U $testenv_vars-{SERVER} $testenv_vars-{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} $testenv_vars-{NETBIOSNAME}); + system(bin/nmblookup $testenv_vars-{CONFIGURATION} -U $testenv_vars-{SERVER} $testenv_vars-{NETBIOSNAME}); } sub provision($$$) @@ -177,9 +177,18 @@ return $failed; } -sub setup_env($$) +sub setup_env($$$) { - my ($self, $name) = @_; + my ($self, $name, $path, $socket_wrapper_dir) = @_; + + my $env = $self-provision($name, $path); + + $self-check_or_start($env, $socket_wrapper_dir, + ($ENV{SMBD_MAX_TIME} or 5400)); + + $self-wait_for_start($env); + + return $env; } 1; === modified file 'source/script/tests/selftest.pl' --- a/source/script/tests/selftest.pl 2007-03-21 16:26:25 + +++ b/source/script/tests/selftest.pl 2007-04-04 13:22:46 + @@ -369,8 +369,6 @@ $ENV{SRCDIR} = $srcdir; -my $testsdir = $srcdir/script/tests; - my $tls_enabled = not $opt_quick; my $from_build_farm = (defined($ENV{RUN_FROM_BUILD_FARM}) and ($ENV{RUN_FROM_BUILD_FARM} eq yes)); @@ -399,6 +397,8 @@ { $socket_wrapper_dir = SocketWrapper::setup_dir($prefix/w); print SOCKET_WRAPPER_DIR=$socket_wrapper_dir\n; +} else { + warn(Not using socket wrapper, but also not running as root. Will not be able to listen on proper ports) unless $ == 0; } my $target; @@ -431,15 +431,10 @@ close(SKIP); } -my $testenv_vars; -$testenv_vars = $target-provision(dc, $prefix/dc); +my $testenv_vars = $target-setup_env(dc, $prefix/dc, $socket_wrapper_dir); foreach (keys %$testenv_vars) { $ENV{$_} = $testenv_vars-{$_}; } -SocketWrapper::set_default_iface(1); -$target-check_or_start($testenv_vars, $socket_wrapper_dir, - ($ENV{SMBD_MAX_TIME} or 5400)); - SocketWrapper::set_default_iface(6); my $interfaces = join(',', (127.0.0.6/8, @@ -463,6 +458,8 @@ my @todo = (); +my $testsdir = $srcdir/script/tests; + if ($opt_quick) {
svn commit: samba r22075 - in branches/SAMBA_4_0/source/script/tests: .
Author: abartlet Date: 2007-04-04 12:39:44 + (Wed, 04 Apr 2007) New Revision: 22075 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22075 Log: Configure the bitwise match plugin, until it becomes accepted upstream. Andrew Bartlett Modified: branches/SAMBA_4_0/source/script/tests/mk-fedora-ds.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/mk-fedora-ds.sh === --- branches/SAMBA_4_0/source/script/tests/mk-fedora-ds.sh 2007-04-04 12:23:10 UTC (rev 22074) +++ branches/SAMBA_4_0/source/script/tests/mk-fedora-ds.sh 2007-04-04 12:39:44 UTC (rev 22075) @@ -65,6 +65,23 @@ ls | grep -v ^00core | xargs rm ) +cat $FEDORA_DS_DIR/dse.ldifEOF +dn: cn=bitwise,cn=plugins,cn=config +objectClass: top +objectClass: nsSlapdPlugin +objectClass: extensibleObject +cn: bitwise +nsslapd-pluginPath: $FEDORA_DS_PREFIX/lib/fedora-ds/plugins/libbitwise-plugin.so +nsslapd-pluginInitfunc: bitwise_init +nsslapd-pluginType: matchingRule +nsslapd-pluginEnabled: on +nsslapd-pluginId: bitwise +nsslapd-pluginVersion: 1.1.0a3 +nsslapd-pluginVendor: Fedora Project +nsslapd-pluginDescription: Allow bitwise matching rules + +EOF + $srcdir/bin/ad2oLschema $CONFIGURATION -H $PRIVATEDIR/sam.ldb --option=convert:target=fedora-ds -I $srcdir/setup/schema-map-fedora-ds-1.0 -O $FEDORA_DS_DIR/schema/99_ad.ldif 2 PROVISION_OPTIONS=$PROVISION_OPTIONS --ldap-module=nsuniqueid
svn commit: samba r22076 - in branches/SAMBA_4_0/source/script/tests: .
Author: abartlet Date: 2007-04-04 12:40:19 + (Wed, 04 Apr 2007) New Revision: 22076 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22076 Log: Fill in short and long domain names into the generated krb5.conf Modified: branches/SAMBA_4_0/source/script/tests/mktestdc.sh Changeset: Modified: branches/SAMBA_4_0/source/script/tests/mktestdc.sh === --- branches/SAMBA_4_0/source/script/tests/mktestdc.sh 2007-04-04 12:39:44 UTC (rev 22075) +++ branches/SAMBA_4_0/source/script/tests/mktestdc.sh 2007-04-04 12:40:19 UTC (rev 22076) @@ -217,11 +217,16 @@ forwardable = yes [realms] - SAMBA.EXAMPLE.COM = { + $REALM = { kdc = 127.0.0.1:88 admin_server = 127.0.0.1:88 default_domain = $DNSNAME } + $DOMAIN = { + kdc = 127.0.0.1:88 + admin_server = 127.0.0.1:88 + default_domain = $DNSNAME + } [appdefaults] pkinit_anchors = FILE:$CAFILE
svn commit: samba r22077 - in branches/SAMBA_4_0: . source/rpc_server/epmapper source/script/tests
Author: jelmer Date: 2007-04-04 14:24:44 + (Wed, 04 Apr 2007) New Revision: 22077 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22077 Log: Import only necessary test variables, more refactoring. Modified: branches/SAMBA_4_0/ branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c branches/SAMBA_4_0/source/script/tests/SocketWrapper.pm branches/SAMBA_4_0/source/script/tests/mktestdc.sh branches/SAMBA_4_0/source/script/tests/selftest.pl branches/SAMBA_4_0/source/script/tests/tests_quick.sh Changeset: Property changes on: branches/SAMBA_4_0 ___ Name: bzr:merge ...skipped... Modified: branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c === --- branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c 2007-04-04 12:40:19 UTC (rev 22076) +++ branches/SAMBA_4_0/source/rpc_server/epmapper/rpc_epmapper.c 2007-04-04 14:24:44 UTC (rev 22077) @@ -80,8 +80,7 @@ } -static error_status_t dcesrv_epm_Insert(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, -struct epm_Insert *r) +static error_status_t dcesrv_epm_Insert(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct epm_Insert *r) { DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } Modified: branches/SAMBA_4_0/source/script/tests/SocketWrapper.pm === --- branches/SAMBA_4_0/source/script/tests/SocketWrapper.pm 2007-04-04 12:40:19 UTC (rev 22076) +++ branches/SAMBA_4_0/source/script/tests/SocketWrapper.pm 2007-04-04 14:24:44 UTC (rev 22077) @@ -31,6 +31,7 @@ { my ($pcap_file) = @_; + $ENV{SOCKET_WRAPPER_PCAP_FILE} = $pcap_file; } sub set_default_iface($) Modified: branches/SAMBA_4_0/source/script/tests/mktestdc.sh === --- branches/SAMBA_4_0/source/script/tests/mktestdc.sh 2007-04-04 12:40:19 UTC (rev 22076) +++ branches/SAMBA_4_0/source/script/tests/mktestdc.sh 2007-04-04 14:24:44 UTC (rev 22077) @@ -300,7 +300,6 @@ echo PASSWORD=$PASSWORD echo SRCDIR=$SRCDIR echo PREFIX=$PREFIX -echo SMBD_LOGLEVEL=$SMBD_LOGLEVEL echo LDAPDIR=$LDAPDIR echo PROVISION_OPTIONS=$PROVISION_OPTIONS echo PROVISION_ACI=$PROVISION_ACI Modified: branches/SAMBA_4_0/source/script/tests/selftest.pl === --- branches/SAMBA_4_0/source/script/tests/selftest.pl 2007-04-04 12:40:19 UTC (rev 22076) +++ branches/SAMBA_4_0/source/script/tests/selftest.pl 2007-04-04 14:24:44 UTC (rev 22077) @@ -387,14 +387,13 @@ my @torture_options = (); if ($opt_socket_wrapper_pcap) { - $ENV{SOCKET_WRAPPER_PCAP_FILE} = $opt_socket_wrapper_pcap; + SocketWrapper::setup_pcap($opt_socket_wrapper_pcap); # Socket wrapper pcap implies socket wrapper $opt_socket_wrapper = 1; } my $socket_wrapper_dir; -if ($opt_socket_wrapper) -{ +if ($opt_socket_wrapper) { $socket_wrapper_dir = SocketWrapper::setup_dir($prefix/w); print SOCKET_WRAPPER_DIR=$socket_wrapper_dir\n; } else { @@ -433,10 +432,13 @@ my $testenv_vars = $target-setup_env(dc, $prefix/dc, $socket_wrapper_dir); -foreach (keys %$testenv_vars) { $ENV{$_} = $testenv_vars-{$_}; } - SocketWrapper::set_default_iface(6); +foreach (PASSWORD, DOMAIN, SERVER, CONFIGURATION, + USERNAME, PREFIX, NETBIOSNAME, KRB5_CONFIG) { + $ENV{$_} = $testenv_vars-{$_}; +} + my $interfaces = join(',', (127.0.0.6/8, 127.0.0.7/8, 127.0.0.8/8, @@ -514,7 +516,7 @@ next; } - # $target-setup_env($envname); + # $target-setup_env($envname, $prefix/$envname, $socket_wrapper_dir); if ($from_build_farm) { run_test_buildfarm($name, $cmd, $i, $suitestotal); Modified: branches/SAMBA_4_0/source/script/tests/tests_quick.sh === --- branches/SAMBA_4_0/source/script/tests/tests_quick.sh 2007-04-04 12:40:19 UTC (rev 22076) +++ branches/SAMBA_4_0/source/script/tests/tests_quick.sh 2007-04-04 14:24:44 UTC (rev 22077) @@ -7,4 +7,3 @@ $SRCDIR/script/tests/test_nbt.sh $SERVER $USERNAME $PASSWORD $SRCDIR/script/tests/test_quick.sh //$SERVER/cifs $USERNAME $PASSWORD $SRCDIR/script/tests/test_rpc_quick.sh $SERVER $USERNAME $PASSWORD $DOMAIN -#$SRCDIR/script/tests/test_cifsposix.sh //$SERVER/cifsposixtestshare $USERNAME $PASSWORD || totalfailed=`expr $totalfailed + $?`
Rev 11788: Import only necessary test variables, more refactoring. in file:///home/jelmer/bzr.samba/SAMBA_4_0/
At file:///home/jelmer/bzr.samba/SAMBA_4_0/ revno: 11788 revision-id: [EMAIL PROTECTED] parent: svn-v2:[EMAIL PROTECTED] committer: Jelmer Vernooij [EMAIL PROTECTED] branch nick: SAMBA_4_0 timestamp: Wed 2007-04-04 17:24:19 +0200 message: Import only necessary test variables, more refactoring. modified: source/rpc_server/epmapper/rpc_epmapper.c svn-v2:[EMAIL PROTECTED] source/script/tests/SocketWrapper.pm svn-v2:[EMAIL PROTECTED] source/script/tests/mktestdc.sh svn-v2:[EMAIL PROTECTED] source/script/tests/selftest.pl svn-v2:[EMAIL PROTECTED] source/script/tests/tests_quick.sh svn-v2:[EMAIL PROTECTED] === modified file 'source/rpc_server/epmapper/rpc_epmapper.c' --- a/source/rpc_server/epmapper/rpc_epmapper.c 2007-01-17 14:49:36 + +++ b/source/rpc_server/epmapper/rpc_epmapper.c 2007-04-04 15:24:19 + @@ -80,8 +80,7 @@ } -static error_status_t dcesrv_epm_Insert(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, -struct epm_Insert *r) +static error_status_t dcesrv_epm_Insert(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct epm_Insert *r) { DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } === modified file 'source/script/tests/SocketWrapper.pm' --- a/source/script/tests/SocketWrapper.pm 2007-03-12 00:24:03 + +++ b/source/script/tests/SocketWrapper.pm 2007-04-04 15:24:19 + @@ -31,6 +31,7 @@ { my ($pcap_file) = @_; + $ENV{SOCKET_WRAPPER_PCAP_FILE} = $pcap_file; } sub set_default_iface($) === modified file 'source/script/tests/mktestdc.sh' --- a/source/script/tests/mktestdc.sh 2007-04-04 12:40:19 + +++ b/source/script/tests/mktestdc.sh 2007-04-04 15:24:19 + @@ -300,7 +300,6 @@ echo PASSWORD=$PASSWORD echo SRCDIR=$SRCDIR echo PREFIX=$PREFIX -echo SMBD_LOGLEVEL=$SMBD_LOGLEVEL echo LDAPDIR=$LDAPDIR echo PROVISION_OPTIONS=$PROVISION_OPTIONS echo PROVISION_ACI=$PROVISION_ACI === modified file 'source/script/tests/selftest.pl' --- a/source/script/tests/selftest.pl 2007-04-04 12:23:10 + +++ b/source/script/tests/selftest.pl 2007-04-04 15:24:19 + @@ -387,14 +387,13 @@ my @torture_options = (); if ($opt_socket_wrapper_pcap) { - $ENV{SOCKET_WRAPPER_PCAP_FILE} = $opt_socket_wrapper_pcap; + SocketWrapper::setup_pcap($opt_socket_wrapper_pcap); # Socket wrapper pcap implies socket wrapper $opt_socket_wrapper = 1; } my $socket_wrapper_dir; -if ($opt_socket_wrapper) -{ +if ($opt_socket_wrapper) { $socket_wrapper_dir = SocketWrapper::setup_dir($prefix/w); print SOCKET_WRAPPER_DIR=$socket_wrapper_dir\n; } else { @@ -433,10 +432,13 @@ my $testenv_vars = $target-setup_env(dc, $prefix/dc, $socket_wrapper_dir); -foreach (keys %$testenv_vars) { $ENV{$_} = $testenv_vars-{$_}; } - SocketWrapper::set_default_iface(6); +foreach (PASSWORD, DOMAIN, SERVER, CONFIGURATION, + USERNAME, PREFIX, NETBIOSNAME, KRB5_CONFIG) { + $ENV{$_} = $testenv_vars-{$_}; +} + my $interfaces = join(',', (127.0.0.6/8, 127.0.0.7/8, 127.0.0.8/8, @@ -514,7 +516,7 @@ next; } - # $target-setup_env($envname); + # $target-setup_env($envname, $prefix/$envname, $socket_wrapper_dir); if ($from_build_farm) { run_test_buildfarm($name, $cmd, $i, $suitestotal); === modified file 'source/script/tests/tests_quick.sh' --- a/source/script/tests/tests_quick.sh2007-03-07 20:33:15 + +++ b/source/script/tests/tests_quick.sh2007-04-04 15:24:19 + @@ -7,4 +7,3 @@ $SRCDIR/script/tests/test_nbt.sh $SERVER $USERNAME $PASSWORD $SRCDIR/script/tests/test_quick.sh //$SERVER/cifs $USERNAME $PASSWORD $SRCDIR/script/tests/test_rpc_quick.sh $SERVER $USERNAME $PASSWORD $DOMAIN -#$SRCDIR/script/tests/test_cifsposix.sh //$SERVER/cifsposixtestshare $USERNAME $PASSWORD || totalfailed=`expr $totalfailed + $?`
svn commit: samba r22078 - in branches/SAMBA_3_0/source/libads: .
Author: metze Date: 2007-04-04 14:50:39 + (Wed, 04 Apr 2007) New Revision: 22078 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22078 Log: fix memory leak in not often used code, we only use it if the server doesn't support GSS-SPNEGO in SASL can someone please review this, maybe it's also for 3.0.25 metze Modified: branches/SAMBA_3_0/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_0/source/libads/sasl.c === --- branches/SAMBA_3_0/source/libads/sasl.c 2007-04-04 14:24:44 UTC (rev 22077) +++ branches/SAMBA_3_0/source/libads/sasl.c 2007-04-04 14:50:39 UTC (rev 22078) @@ -301,7 +301,7 @@ uint32 minor_status; gss_name_t serv_name; gss_buffer_desc input_name; - gss_ctx_id_t context_handle; + gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_OID mech_type = GSS_C_NULL_OID; gss_buffer_desc output_token, input_token; uint32 ret_flags, conf_state; @@ -368,8 +368,6 @@ return ADS_ERROR_GSS(gss_rc, minor_status); } - context_handle = GSS_C_NO_CONTEXT; - input_token.value = NULL; input_token.length = 0; @@ -478,6 +476,8 @@ failed: gss_release_name(minor_status, serv_name); + if (context_handle != GSS_C_NO_CONTEXT) + gss_delete_sec_context(min_status, context_handle, GSS_C_NO_BUFFER); krb5_free_principal(ctx, principal); krb5_free_context(ctx);
svn commit: samba-web r1098 - in trunk: . download
Author: deryck Date: 2007-04-04 15:36:45 + (Wed, 04 Apr 2007) New Revision: 1098 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1098 Log: Fix up some bad links. Modified: trunk/archives.html trunk/download/index.html trunk/search.html Changeset: Modified: trunk/archives.html === --- trunk/archives.html 2007-03-28 14:49:57 UTC (rev 1097) +++ trunk/archives.html 2007-04-04 15:36:45 UTC (rev 1098) @@ -73,7 +73,7 @@ blockquotebInportant:/b Currently the Samba mailing list archives hosted here on samba.org do not support searching./blockquote -blockquoteHowever, you can access a searchable copy of the archives at a href=http://marc.theaimsgroup.com/;http://marc.theaimsgroup.com//a, a href=http://groups.google.com/;groups.google.com/a, and a href=http://mail-archive.com/;mail-archive.com/a./blockquote +blockquoteHowever, you can access a searchable copy of the archives at a href=http://marc.info/;http://marc.info//a, a href=http://groups.google.com/;groups.google.com/a, and a href=http://mail-archive.com/;mail-archive.com/a./blockquote br / Modified: trunk/download/index.html === --- trunk/download/index.html 2007-03-28 14:49:57 UTC (rev 1097) +++ trunk/download/index.html 2007-04-04 15:36:45 UTC (rev 1098) @@ -105,7 +105,6 @@ td ul lia href=http://www.amigasamba.org/;Amiga/a/li - lia href=http://www.editcorp.com/sambaix/;MPE/iX/a/li /ul /td /tr Modified: trunk/search.html === --- trunk/search.html 2007-03-28 14:49:57 UTC (rev 1097) +++ trunk/search.html 2007-04-04 15:36:45 UTC (rev 1098) @@ -6,6 +6,6 @@ p Searchable mailing list archives are available at a -href=http://marc.theaimsgroup.com/;http://marc.theaimsgroup.com//a +href=http://marc.info/;http://marc.info//a !--#include virtual=/samba/footer.html --
svn commit: samba r22079 - in branches: SAMBA_3_0/source/libads SAMBA_3_0_25/source/libads
Author: jra Date: 2007-04-04 17:38:12 + (Wed, 04 Apr 2007) New Revision: 22079 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22079 Log: Tsk, tsk, Metze didn't compile before check-in :-). Merge the memory leak fix (with fix :-) to 3.0.25. Jeremy. Modified: branches/SAMBA_3_0/source/libads/sasl.c branches/SAMBA_3_0_25/source/libads/sasl.c Changeset: Modified: branches/SAMBA_3_0/source/libads/sasl.c === --- branches/SAMBA_3_0/source/libads/sasl.c 2007-04-04 14:50:39 UTC (rev 22078) +++ branches/SAMBA_3_0/source/libads/sasl.c 2007-04-04 17:38:12 UTC (rev 22079) @@ -477,7 +477,7 @@ gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) - gss_delete_sec_context(min_status, context_handle, GSS_C_NO_BUFFER); + gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); krb5_free_principal(ctx, principal); krb5_free_context(ctx); Modified: branches/SAMBA_3_0_25/source/libads/sasl.c === --- branches/SAMBA_3_0_25/source/libads/sasl.c 2007-04-04 14:50:39 UTC (rev 22078) +++ branches/SAMBA_3_0_25/source/libads/sasl.c 2007-04-04 17:38:12 UTC (rev 22079) @@ -301,7 +301,7 @@ uint32 minor_status; gss_name_t serv_name; gss_buffer_desc input_name; - gss_ctx_id_t context_handle; + gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_OID mech_type = GSS_C_NULL_OID; gss_buffer_desc output_token, input_token; uint32 ret_flags, conf_state; @@ -368,8 +368,6 @@ return ADS_ERROR_GSS(gss_rc, minor_status); } - context_handle = GSS_C_NO_CONTEXT; - input_token.value = NULL; input_token.length = 0; @@ -478,6 +476,8 @@ failed: gss_release_name(minor_status, serv_name); + if (context_handle != GSS_C_NO_CONTEXT) + gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); krb5_free_principal(ctx, principal); krb5_free_context(ctx);
Re: svn commit: samba r22079 - in branches: SAMBA_3_0/source/libads SAMBA_3_0_25/source/libads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Log: Tsk, tsk, Metze didn't compile before check-in :-). Merge the memory leak fix (with fix :-) to 3.0.25. Jeremy. grr, sorry I have copied it from another working tree... metz -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGE+uIm70gjA5TCD8RArjvAKCeWkH3hl0tdh6qdCa24pQGXCIZ3wCg0iNl bgcjYMDlCBYyOgFZ36KyUsQ= =op+y -END PGP SIGNATURE-
Rev 5332: merge from upstream in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5332 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Wed 2007-04-04 23:07:35 +0200 message: merge from upstream modified: REVISION REVISION-20060530022625-68239662668b41c3 source/libads/sasl.c sasl.c-20060530022627-de2e2050d01ecfd2 source/utils/smbpasswd.c smbpasswd.c-20060530022628-991ec5b2d7d6c4b9 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-04-04 12:00:28 -0500 message: [EMAIL PROTECTED] (r22078) 2007-04-04 09:50:39 -0500 (Wed, 04 Apr 2007) fix memory leak in not often used code, we only use it if the server doesn't support GSS-SPNEGO in SASL can someone please review this, maybe it's also for 3.0.25 metze merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-04-04 06:01:54 -0500 message: [EMAIL PROTECTED] (r22071) 2007-04-04 01:03:54 -0500 (Wed, 04 Apr 2007) Make the error message for incorrect use of '-c' show the parameter as used. This means that smbpasswd -c user (which in htpasswd creates a new file) and smbpasswd -c /not/my/smb.conf should give errors an admin will think to chase down. Andrew Bartlett === modified file 'REVISION' --- a/REVISION 2007-04-04 05:12:04 + +++ b/REVISION 2007-04-04 17:00:28 + @@ -2,9 +2,9 @@ URL: svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0 Repository Root: svn+ssh://svn.samba.org/home/svn/samba Repository UUID: 0c0555d6-39d7-0310-84fc-f1cc0bd64818 -Revision: 22069 +Revision: 22078 Node Kind: directory -Last Changed Author: jerry -Last Changed Rev: 22069 -Last Changed Date: 2007-04-03 23:28:28 -0500 (Tue, 03 Apr 2007) +Last Changed Author: metze +Last Changed Rev: 22078 +Last Changed Date: 2007-04-04 09:50:39 -0500 (Wed, 04 Apr 2007) === modified file 'source/libads/sasl.c' --- a/source/libads/sasl.c 2007-03-15 23:14:31 + +++ b/source/libads/sasl.c 2007-04-04 17:00:28 + @@ -301,7 +301,7 @@ uint32 minor_status; gss_name_t serv_name; gss_buffer_desc input_name; - gss_ctx_id_t context_handle; + gss_ctx_id_t context_handle = GSS_C_NO_CONTEXT; gss_OID mech_type = GSS_C_NULL_OID; gss_buffer_desc output_token, input_token; uint32 ret_flags, conf_state; @@ -368,8 +368,6 @@ return ADS_ERROR_GSS(gss_rc, minor_status); } - context_handle = GSS_C_NO_CONTEXT; - input_token.value = NULL; input_token.length = 0; @@ -478,6 +476,8 @@ failed: gss_release_name(minor_status, serv_name); + if (context_handle != GSS_C_NO_CONTEXT) + gss_delete_sec_context(min_status, context_handle, GSS_C_NO_BUFFER); krb5_free_principal(ctx, principal); krb5_free_context(ctx); === modified file 'source/utils/smbpasswd.c' --- a/source/utils/smbpasswd.c 2007-03-11 17:02:04 + +++ b/source/utils/smbpasswd.c 2007-04-04 11:01:54 + @@ -190,7 +190,7 @@ if (!lp_load(configfile,True,False,False,True)) { fprintf(stderr, Can't load %s - run testparm to debug it\n, - dyn_CONFIGFILE); + configfile); exit(1); }
Rev 5333: Change behind the scenes: globals are now stored in a subkey in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5333 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Thu 2007-04-05 01:00:49 +0200 message: Change behind the scenes: globals are now stored in a subkey named global of KEY_SMBCONF instead of as values directly under KEY_SMBCONF. This makes many things easier and more consistent. modified: source/utils/net_conf.cnet_conf.c-20070228210606-uywdn1acd043wgvt-1 === modified file 'source/utils/net_conf.c' --- a/source/utils/net_conf.c 2007-04-04 06:08:51 + +++ b/source/utils/net_conf.c 2007-04-04 23:00:49 + @@ -199,7 +199,7 @@ WERROR werr = WERR_OK; char *path = NULL; - if ((subkeyname == NULL) || (strequal(subkeyname, GLOBAL_NAME))) { + if (subkeyname == NULL) { path = talloc_strdup(ctx, KEY_SMBCONF); } else { @@ -333,43 +333,6 @@ return ret; } -static WERROR delete_globals(TALLOC_CTX *ctx) -{ - WERROR werr = WERR_OK; - struct registry_key *key; - uint32 idx = 0; -struct registry_value *valvalue = NULL; -char *valname = NULL; - - werr = smbconf_open_basepath(ctx, REG_KEY_WRITE, key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - for (idx = 0; -W_ERROR_IS_OK(werr = reg_enumvalue(ctx, key, idx, valname, - valvalue)); -idx++) - { - DEBUG(3, (deleting global parameter %s, valname)); - werr = reg_deletevalue(key, valname); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, Error deleting value '%s': %s.\n, - valname, dos_errstr(werr)); - goto done; - } - } - if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { - d_fprintf(stderr, Error enumerating values: %s\n, - dos_errstr(werr)); - goto done; - } - werr = WERR_OK; - -done: - return werr; -} - static WERROR list_values(TALLOC_CTX *ctx, struct registry_key *key) { WERROR werr = WERR_OK; @@ -414,30 +377,15 @@ d_printf([%s]\n, servicename); } else { - if (share-service == GLOBAL_SECTION_SNUM) { - werr = delete_globals(ctx); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, - Error deleting globals: %s\n, - dos_errstr(werr)); - goto done; - } - werr = smbconf_open_basepath(ctx, REG_KEY_WRITE, key); + if (smbconf_key_exists(ctx, servicename)) { + werr = reg_delkey_internal(ctx, servicename); if (!W_ERROR_IS_OK(werr)) { goto done; } } - else { - if (smbconf_key_exists(ctx, servicename)) { - werr = reg_delkey_internal(ctx, servicename); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - } - werr = reg_createkey_internal(ctx, servicename, key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } + werr = reg_createkey_internal(ctx, servicename, key); + if (!W_ERROR_IS_OK(werr)) { + goto done; } } @@ -573,18 +521,29 @@ goto done; } - d_printf(\n[global]\n); - if (!W_ERROR_IS_OK(list_values(ctx, base_key))) { - goto done; + if (smbconf_key_exists(ctx, GLOBAL_NAME)) { + werr = reg_openkey(ctx, base_key, GLOBAL_NAME, + REG_KEY_READ, sub_key); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, Error opening subkey '%s' : %s\n, + subkey_name, dos_errstr(werr)); + goto done; + } + d_printf([%s]\n, GLOBAL_NAME); + if (!W_ERROR_IS_OK(list_values(ctx, sub_key))) { + goto done; + } + d_printf(\n); } - - d_printf(\n); for (idx_key = 0; W_ERROR_IS_OK(werr = reg_enumkey(ctx, base_key, idx_key, subkey_name, NULL)); idx_key++) { +
Rev 5334: make setparm create the share (key) if it does not exist. in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5334 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Thu 2007-04-05 01:06:36 +0200 message: make setparm create the share (key) if it does not exist. is this a good idea? at this moment, I think so ... especially useful for [global] modified: source/utils/net_conf.cnet_conf.c-20070228210606-uywdn1acd043wgvt-1 === modified file 'source/utils/net_conf.c' --- a/source/utils/net_conf.c 2007-04-04 23:00:49 + +++ b/source/utils/net_conf.c 2007-04-04 23:06:36 + @@ -922,7 +922,12 @@ type = strdup_lower(argv[2]); value_str = argv[3]; - werr = smbconf_open_path(ctx, service, REG_KEY_READ, key); + if (!smbconf_key_exists(ctx, service)) { + werr = reg_createkey_internal(ctx, service, key); + } + else { + werr = smbconf_open_path(ctx, service, REG_KEY_READ, key); + } if (!W_ERROR_IS_OK(werr)) { goto done; }
Rev 5335: collected some todos / thoughts in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5335 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Thu 2007-04-05 01:07:53 +0200 message: collected some todos / thoughts modified: source/TODO.registry.ma todo.registry.ma-20070404061017-mw7eb61m4bxpc71a-1 === modified file 'source/TODO.registry.ma' --- a/source/TODO.registry.ma 2007-04-04 06:10:53 + +++ b/source/TODO.registry.ma 2007-04-04 23:07:53 + @@ -2,4 +2,13 @@ * check existence of given share for setparm (maybe create) * check existence of share and value for delparm and getparm * validate parameters given with setparm - +* clean usage of talloc in import_process_service (create local subctx) +* remove type cmdline parameter from net conf setparm + (should be determined from parameter name - loadparm.c) +* make setparm create service if it does not exist +* there is one problem with import: global is currently always + initialized. when it is not present in input file, and import + is called without share parameter, registry [global] is empty after + import - think about how to handle this +* think about handling [global]: maybe we should ensure that the + global key always exists (possibly empty)?
Rev 5336: merge from upstream in http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/
At http://samba.sernet.de/ma/bzr/SAMBA_3_0-registry.bzr/ revno: 5336 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Michael Adam [EMAIL PROTECTED] branch nick: SAMBA_3_0-registry.bzr timestamp: Thu 2007-04-05 01:13:29 +0200 message: merge from upstream modified: REVISION REVISION-20060530022625-68239662668b41c3 source/libads/sasl.c sasl.c-20060530022627-de2e2050d01ecfd2 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: [EMAIL PROTECTED] branch nick: SAMBA_3_0.bzr timestamp: Wed 2007-04-04 18:00:42 -0500 message: [EMAIL PROTECTED] (r22079) 2007-04-04 12:38:12 -0500 (Wed, 04 Apr 2007) Tsk, tsk, Metze didn't compile before check-in :-). Merge the memory leak fix (with fix :-) to 3.0.25. Jeremy. === modified file 'REVISION' --- a/REVISION 2007-04-04 17:00:28 + +++ b/REVISION 2007-04-04 23:00:42 + @@ -2,9 +2,9 @@ URL: svn+ssh://svn.samba.org/home/svn/samba/branches/SAMBA_3_0 Repository Root: svn+ssh://svn.samba.org/home/svn/samba Repository UUID: 0c0555d6-39d7-0310-84fc-f1cc0bd64818 -Revision: 22078 +Revision: 22079 Node Kind: directory -Last Changed Author: metze -Last Changed Rev: 22078 -Last Changed Date: 2007-04-04 09:50:39 -0500 (Wed, 04 Apr 2007) +Last Changed Author: jra +Last Changed Rev: 22079 +Last Changed Date: 2007-04-04 12:38:12 -0500 (Wed, 04 Apr 2007) === modified file 'source/libads/sasl.c' --- a/source/libads/sasl.c 2007-04-04 17:00:28 + +++ b/source/libads/sasl.c 2007-04-04 23:00:42 + @@ -477,7 +477,7 @@ gss_release_name(minor_status, serv_name); if (context_handle != GSS_C_NO_CONTEXT) - gss_delete_sec_context(min_status, context_handle, GSS_C_NO_BUFFER); + gss_delete_sec_context(minor_status, context_handle, GSS_C_NO_BUFFER); krb5_free_principal(ctx, principal); krb5_free_context(ctx);
svn commit: samba r22080 - in branches: SAMBA_3_0/source/modules SAMBA_3_0_25/source/modules
Author: jra Date: 2007-04-04 23:33:07 + (Wed, 04 Apr 2007) New Revision: 22080 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22080 Log: Fix directory recycle module bug #4486. Jeremy. Modified: branches/SAMBA_3_0/source/modules/vfs_recycle.c branches/SAMBA_3_0_25/source/modules/vfs_recycle.c Changeset: Modified: branches/SAMBA_3_0/source/modules/vfs_recycle.c === --- branches/SAMBA_3_0/source/modules/vfs_recycle.c 2007-04-04 17:38:12 UTC (rev 22079) +++ branches/SAMBA_3_0/source/modules/vfs_recycle.c 2007-04-04 23:33:07 UTC (rev 22080) @@ -311,24 +311,49 @@ } /** - * Check if needle is contained exactly in haystack - * @param haystack list of parameters separated by delimimiter character - * @param needle string to be matched exactly to haystack - * @return True if found + * Check if any of the components of exclude_list are contained in path. + * Return True if found **/ -static BOOL checkparam(const char **haystack_list, const char *needle) + +static BOOL matchdirparam(const char **dir_exclude_list, char *path) { - int i; + char *startp = NULL, *endp = NULL; - if (haystack_list == NULL || haystack_list[0] == NULL || - *haystack_list[0] == '\0' || needle == NULL || *needle == '\0') { + if (dir_exclude_list == NULL || dir_exclude_list[0] == NULL || + *dir_exclude_list[0] == '\0' || path == NULL || *path == '\0') { return False; } - for(i=0; haystack_list[i] ; i++) { - if(strequal(haystack_list[i], needle)) { - return True; + /* +* Walk the components of path, looking for matches with the +* exclude list on each component. +*/ + + for (startp = path; startp; startp = endp) { + int i; + + while (*startp == '/') { + startp++; } + endp = strchr(startp, '/'); + if (endp) { + *endp = '\0'; + } + + for(i=0; dir_exclude_list[i] ; i++) { + if(unix_wild_match(dir_exclude_list[i], startp)) { + /* Repair path. */ + if (endp) { + *endp = '/'; + } + return True; + } + } + + /* Repair path. */ + if (endp) { + *endp = '/'; + } } return False; @@ -485,11 +510,7 @@ goto done; } - /* FIXME: this check will fail if we have more than one level of directories, -* we shoud check for every level 1, 1/2, 1/2/3, 1/2/3/4 -* ---simo -*/ - if (checkparam(recycle_exclude_dir(handle), path_name)) { + if (matchdirparam(recycle_exclude_dir(handle), path_name)) { DEBUG(3, (recycle: directory %s is excluded \n, path_name)); rc = SMB_VFS_NEXT_UNLINK(handle, file_name); goto done; Modified: branches/SAMBA_3_0_25/source/modules/vfs_recycle.c === --- branches/SAMBA_3_0_25/source/modules/vfs_recycle.c 2007-04-04 17:38:12 UTC (rev 22079) +++ branches/SAMBA_3_0_25/source/modules/vfs_recycle.c 2007-04-04 23:33:07 UTC (rev 22080) @@ -311,24 +311,49 @@ } /** - * Check if needle is contained exactly in haystack - * @param haystack list of parameters separated by delimimiter character - * @param needle string to be matched exactly to haystack - * @return True if found + * Check if any of the components of exclude_list are contained in path. + * Return True if found **/ -static BOOL checkparam(const char **haystack_list, const char *needle) + +static BOOL matchdirparam(const char **dir_exclude_list, char *path) { - int i; + char *startp = NULL, *endp = NULL; - if (haystack_list == NULL || haystack_list[0] == NULL || - *haystack_list[0] == '\0' || needle == NULL || *needle == '\0') { + if (dir_exclude_list == NULL || dir_exclude_list[0] == NULL || + *dir_exclude_list[0] == '\0' || path == NULL || *path == '\0') { return False; } - for(i=0; haystack_list[i] ; i++) { - if(strequal(haystack_list[i], needle)) { - return True; + /* +* Walk the components of path, looking for matches with the +* exclude list on each component. +*/ + + for (startp = path; startp; startp = endp) { + int i; + + while (*startp == '/') { + startp++; } + endp = strchr(startp, '/'); + if (endp) { +
svn commit: samba-docs r1087 - in trunk/manpages-3: .
Author: jra Date: 2007-04-04 23:33:39 + (Wed, 04 Apr 2007) New Revision: 1087 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1087 Log: Update docs for #4486. Jeremy. Modified: trunk/manpages-3/vfs_recycle.8.xml Changeset: Modified: trunk/manpages-3/vfs_recycle.8.xml === --- trunk/manpages-3/vfs_recycle.8.xml 2007-03-28 00:15:16 UTC (rev 1086) +++ trunk/manpages-3/vfs_recycle.8.xml 2007-04-04 23:33:39 UTC (rev 1087) @@ -151,6 +151,7 @@ listitem paraList of files that should not be put into the repository when deleted, but deleted in the normal way. + Wildcards such as * and ? are supported. /para /listitem /varlistentry @@ -160,7 +161,7 @@ listitem paraList of directories whose files should not be put into the repository when deleted, but deleted in the - normal way. + normal way. Wildcards such as * and ? are supported. /para /listitem /varlistentry
Build status as of Thu Apr 5 00:00:02 2007
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2007-04-04 00:01:12.0 + +++ /home/build/master/cache/broken_results.txt 2007-04-05 00:01:03.0 + @@ -1,24 +1,24 @@ -Build status as of Wed Apr 4 00:00:02 2007 +Build status as of Thu Apr 5 00:00:02 2007 Build counts: Tree Total Broken Panic SOC 0 0 0 build_farm 0 0 0 -ccache 33 7 0 +ccache 35 7 0 ctdb 0 0 0 distcc 1 0 0 -ldb 32 5 0 -libreplace 31 3 0 -lorikeet-heimdal 29 17 0 -pidl 20 2 0 -ppp 14 0 0 -rsync32 11 0 +ldb 34 5 0 +libreplace 33 3 0 +lorikeet-heimdal 31 18 0 +pidl 21 2 0 +ppp 15 0 0 +rsync34 11 0 samba0 0 0 samba-docs 0 0 0 samba-gtk4 4 0 -samba4 35 13 0 -samba_3_038 22 1 -smb-build32 31 0 -talloc 33 1 0 -tdb 32 2 0 +samba4 37 13 0 +samba_3_040 21 1 +smb-build33 32 0 +talloc 35 1 0 +tdb 34 2 0
Rev 69: merge from ronnies branch in http://samba.org/~tridge/ctdb
revno: 69 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: tridge timestamp: Thu 2007-04-05 13:19:06 +1000 message: merge from ronnies branch added: ctdb_fetch.c ctdb_fetch.c-20070405031748-f7gslozfj3rwh5ie-1 tests/bench1.shbench1.sh-20070405031753-caneu8tv5v8e93ws-1 tests/fetch.sh fetch.sh-20070405031756-lomzqpjyqg3xd1kv-1 modified: Makefile.inmakefile.in-20061117234101-o3qt14umlg9en8z0-1 common/ctdb_call.c ctdb_call.c-20061128065342-to93h6eejj5kon81-1 common/ctdb_ltdb.c ctdb_ltdb.c-20061128065342-to93h6eejj5kon81-2 ctdb_test.cctdb_test.c-20061117234101-o3qt14umlg9en8z0-16 include/ctdb.h ctdb.h-20061117234101-o3qt14umlg9en8z0-11 include/ctdb_private.h ctdb_private.h-20061117234101-o3qt14umlg9en8z0-13 merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: ronnie timestamp: Thu 2007-04-05 13:18:31 +1000 message: merge fetch code from ronnie, and add a simple fetch test merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Wed 2007-04-04 21:15:56 +1000 message: first test of forced migration of records. compiles but not tested. merged: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Ronnie sahlberg [EMAIL PROTECTED] branch nick: ctdb timestamp: Wed 2007-04-04 15:05:35 +1000 message: tridge Diff too large for email (663, the limit is 200).
Rev 70: merge fetch code from ronnie, and add a simple fetch test in http://samba.org/~tridge/ctdb
revno: 70 revision-id: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] parent: [EMAIL PROTECTED] committer: Andrew Tridgell [EMAIL PROTECTED] branch nick: ronnie timestamp: Thu 2007-04-05 13:18:31 +1000 message: merge fetch code from ronnie, and add a simple fetch test added: ctdb_fetch.c ctdb_fetch.c-20070405031748-f7gslozfj3rwh5ie-1 tests/bench1.shbench1.sh-20070405031753-caneu8tv5v8e93ws-1 tests/fetch.sh fetch.sh-20070405031756-lomzqpjyqg3xd1kv-1 modified: Makefile.inmakefile.in-20061117234101-o3qt14umlg9en8z0-1 common/ctdb_call.c ctdb_call.c-20061128065342-to93h6eejj5kon81-1 ctdb_test.cctdb_test.c-20061117234101-o3qt14umlg9en8z0-16 Diff too large for email (429, the limit is 200).
svn commit: samba r22083 - in branches/SAMBA_4_0/source/cluster/ctdb: .
Author: tridge Date: 2007-04-05 04:08:00 + (Thu, 05 Apr 2007) New Revision: 22083 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22083 Log: opendb backend to ctdb now passes simple tests Modified: branches/SAMBA_4_0/source/cluster/ctdb/opendb_ctdb.c Changeset: Modified: branches/SAMBA_4_0/source/cluster/ctdb/opendb_ctdb.c === --- branches/SAMBA_4_0/source/cluster/ctdb/opendb_ctdb.c2007-04-05 03:51:49 UTC (rev 22082) +++ branches/SAMBA_4_0/source/cluster/ctdb/opendb_ctdb.c2007-04-05 04:08:00 UTC (rev 22083) @@ -193,9 +193,14 @@ TDB_DATA dbuf; DATA_BLOB blob; NTSTATUS status; - + dbuf = lck-data; + if (dbuf.dsize == 0) { + /* empty record in ctdb means the record isn't there */ + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + blob.data = dbuf.dptr; blob.length = dbuf.dsize;
svn commit: samba r22085 - in branches/SAMBA_4_0/source/cluster/ctdb: .
Author: tridge Date: 2007-04-05 04:23:57 + (Thu, 05 Apr 2007) New Revision: 22085 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=22085 Log: correct copyright on opendb_ctdb.c Modified: branches/SAMBA_4_0/source/cluster/ctdb/opendb_ctdb.c Changeset: Modified: branches/SAMBA_4_0/source/cluster/ctdb/opendb_ctdb.c === --- branches/SAMBA_4_0/source/cluster/ctdb/opendb_ctdb.c2007-04-05 04:20:55 UTC (rev 22084) +++ branches/SAMBA_4_0/source/cluster/ctdb/opendb_ctdb.c2007-04-05 04:23:57 UTC (rev 22085) @@ -1,7 +1,8 @@ /* Unix SMB/CIFS implementation. - Copyright (C) Andrew Tridgell 2004 + Copyright (C) Ronnie Sahlberg 2007 + Copyright (C) Andrew Tridgell 2007 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by