[Samba] winbind authentication performance: lookup_groupmem in large sites
Hello, I have set up winbind to authenticate linux pc's to a windows 2003 AD. The authentication works, but the performance is not good (takes over 5 minutes) PRELIMINARY --- OS: ubuntu 7.04 Samba: 3.0.24 AD: windows 2003 ANALYSIS - After analyzing the log.winbindd file in log level 10, I can see three major parts 1) lookup and authenticate the user - performance OK [2007/06/25 14:31:50, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETPWNAM [2007/06/25 14:31:50, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(336) [0]: getpwnam sergeyf [2007/06/25 14:31:50, 10] sam/idmap_util.c:idmap_sid_to_uid(70) idmap_sid_to_uid: sid = [S-1-5-21-xx-x-x-x] internal_get_id_from_sid: record S-1-5-21-xx-x-x-x - UID 87023 2) list all groups this user is member of. - performance OK [2007/06/25 14:31:54, 10] nsswitch/winbindd.c:process_request(287) process_request: request fn GETGROUPS [2007/06/25 14:31:54, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1017) [0]: getgroups sergeyf ... internal_get_id_from_sid: ID_GROUPID fetching record S-1-5-21-xx-x-x-xxx - GID 10513 ... (more than 50 groups) 3) Per group list all members of that group - BOTTLENECK [2007/06/25 17:18:02, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1665) lookup_groupmem: [Cached] - doing backend query for info for domain [2007/06/25 17:18:02, 10] nsswitch/winbindd_ads.c:lookup_groupmem(879) ads: lookup_groupmem POST sid=S-1-5-21-xx-x-x- ... Step 3 is the one causing the delay because each group has about a 1000 users If I interrupt the login, I actually see I am logged in, but in the background the process of listing the groups continues. STEPS ALREADY TAKEN --- After I found this, I thought the problem had to be related to one of these settings: winbind expand groups = 0 winbind nested groups = no Both settings where default settings first (1 and yes respectively), but after setting them to the values 0 and no, winbind still performed the lookup group members . I also found this mailpost: http://archives.free.net.ph/message/20070613.052201.64562430.en.html It mentions that this step should actually be asynchronous. When will that be implemented? SOLUTION? - This is my question to the list: Is there a workaround or what settings do I need to apply. Thanks in advance, Filip Sergeys STRICTLY PERSONAL AND CONFIDENTIAL This message may contain confidential and proprietary material for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient please contact the sender and delete all copies. Dit bericht is enkel bestemd voor de aangeduide ontvangers en kan vertrouwelijke informatie bevatten. Als u niet de ontvanger bent, dan mag u de inhoud van dit bericht niet bekendmaken noch kopiëren. Als u dit bericht per vergissing ontvangen heeft, gelieve er de afzender of De Post onmiddellijk van op de hoogte te brengen en het bericht vervolgens te verwijderen. Ce message est uniquement destiné aux destinataires indiqués et peut contenir des informations confidentielles. Si vous n'êtes pas le destinataire, vous ne devez pas révéler le contenu de ce message ou en prendre copie. Si vous avez reçu ce message par erreur, veuillez en informer l'expéditeur, ou La Poste immédiatement, avant de le supprimer. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: problem after update 3.0.22 - 3.0.24 [SOLVED]
Carsten John wrote: A closer look shows the following problems: - a domain member server (samba 3.0.22) can't be accessed any more. The samba on the PDC are showing a succeeding auth request for the user, but the windows box claims access rights problems. This is a minor problem, as we could temporarily go around that by mounting the necessary filesystem via NFS to the PDC and exporting them from there. - our logon script (which uses ifmember.exe to check the group membership of the user for printer mapping) does not work any more. Testing ifmember.exe /list directly at the windows command line shows that group memberships are not reported any more. - additionally some users are reporting problems accessing shares with special access groups (couldn't really verify that so far) Hi everybody, after having RTFM: http://www.samba.org/samba/docs/man/Samba3-HOWTO/groupmapping.html the samba CHANGENOTES: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/ChangeNotes.html and the following HOWTO: http://thegoldenear.org/toolbox/unices/samba-3-pdc-print-server-debian-etch.html I finally figure out the problem. The unix groups are no longer automgically mapped to windows domain groups. So I had simply top add all the necessary unix group to the list of windows domain groups by: $groupmap add ntgroup=$group unixgroup=$group type=d After doing that for every needed group, ifmember.exe works like a charm and the users with access problems are back in business again. As a result of the upgrade I would recommend (at least for myself), that it is really important to stay current with the samba development and changes, even if everything runs fine so far. Thanks Carsten -- Max Planck Institut fuer marine Mikrobiologie - Network Administration - Celsiustr. 1 D-28359 Bremen Tel.: +49 421 2028568 Fax.: +49 421 2028565 PGP public key:http://www.mpi-bremen.de/Carsten_John.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
Hi all, I am doing some research on Samba+OpenLDAP (+DHCP+DNS) with the intention of getting rid of the Micro$oft licenses necessary to maintain the Server products from such company. One of the aims I have is to demonstrate other people in my company that an open source alternative can work as well as (or even better than) a propietary solution. At the moment, I am getting desperated trying to find out what is going wrong when I try to add a Win XP machine to the domain I have recently created. I have read about 6-7 tutorials to date and changed the *.conf files a hundred times and still the Win XP machine refuses to join the domain. I have already searched the samba forums and checked the bugs present in the version I am using and I have found nothing related to my problem. The technical details are the following: When I attempt to join the domain via the GUI, Win tells me username could not be found and so does when I try the same thing via CLI (the domain is called eremu and the user, password and machinename are ok): 8 C:\netdom /domain:eremu /user:root /password:SECRETPASS member mikelvm /joindomain NetDom 1.8 @1997-98. Written by Christophe Robert - Microsoft. Searching PDC for domain EREMU ... Found PDC \\SAMBA Connecting to \\SAMBA with user account root ... Querying domain information on PDC \\SAMBA ... Querying domain information on computer \\MIKELVM ... Verifying if computer account exists on \\SAMBA ... Connecting to \\SAMBA with user account root ... Resetting secure channel ... Changing computer account on PDC \\SAMBA ... The username could not be found. 8 ¿Have you ever experienced such error? I have read about some people that have dealt with such error, but they have posted no solution at all. FYI, I can access samba shares using the same user (root) but the machine cannot join the domain. I have fixed all the machine policies and registry stuff (requiresignorseal and so on...) and still nothing. Also, the command: ldapsearch -x -h localhost -D 'cn=root,dc=eremu,dc=org' -W '(ou=Users)' works like a charm. The smb.conf is the following: 8 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 netbios name = SAMBA workgroup = EREMU server string = Servidor centralizado security = user enable privileges = yes interfaces = lo eth0 # bind interfaces = yes encrypt passwords = yes domain master = yes preferred master = yes null passwords = yes hide unreadable = yes hide dot files = yes browseable = yes domain logons = yes logon script = login.bat OR %U.bat logon path = \\%L\profiles\%U logon drive = Z: logon home = \\%L\%U\.9xprofile time server = yes printcap name = cups printing = cups show add printer wizard = no wins support = yes name resolve order = wins lmhosts host bcast dns proxy = no log file = /var/log/samba/log.%m log level = 1 max log size = 1 unix charset = ISO8859-1 dos charset = 850 # LDAP add user script = /usr/sbin/smbldap-useradd -m %u delete user script = /usr/sbin/smbldap-userdel -r %u add group script = /usr/sbin/smbldap-groupadd %g delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u add machine script = /usr/sbin/smbldap-useradd -w %u passdb backend = ldapsam:ldap://localhost:389/ ldap delete dn = Yes ldap ssl = no ldap suffix = dc=eremu,dc=org ldap admin dn = cn=root,dc=eremu,dc=org ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Idmap ldap passwd sync = yes [netlogon] path = /var/lib/samba/netlogon guest ok = Yes browseable = no write list = root [profiles] path = /var/lib/samba/profiles writable = yes browsable = no create mode = 0644 directory mode = 0755 guest ok = yes [homes] path = /home/%U browseable = no valid users = %S read only = no create mask = 0664 directory mask = 0775 8 The slapd.conf is the following:
Re: [Samba] winbind authentication performance: lookup_groupmem in large sites
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SERGEYS Filip wrote: 3) Per group list all members of that group - BOTTLENECK [2007/06/25 17:18:02, 10] nsswitch/winbindd_cache.c:lookup_groupmem(1665) lookup_groupmem: [Cached] - doing backend query for info for domain [2007/06/25 17:18:02, 10] nsswitch/winbindd_ads.c:lookup_groupmem(879) ads: lookup_groupmem POST sid=S-1-5-21-xx-x-x- In older samba releases we needed to lookup each member in AD which in the upcoming 3.0.26 release will be done much more efficient. You can try the SAMBA_3_0_26 branch to check whether this fixes your performance problem. Thanks, Guenther - -- Günther DeschnerGPG-ID: 8EE11688 Red Hat [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFGgPRWSOk3aI7hFogRAhrjAJ95hF6DjRjTaVQjktfvPLVbwZMtWQCfV63x vRtdQsQIF9JMKrEPEmNpXlw= =dlTH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 54, Issue 28
Hello, I am out of the office from Thursday June 14th until Tuesday June 26th. I will get back to you as soon as I can. Thanks, ~Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: problem after update 3.0.22 - 3.0.24 [SOLVED]
The unix groups are no longer automgically mapped to windows domain groups. So I had simply top add all the necessary unix group to the list of windows domain groups by: $groupmap add ntgroup=$group unixgroup=$group type=d Witch groups have you added? The mapped group should be still exists in the new samba installation On our server all the previously groups seems correctly mapped again with the new samba. There are only some difference: in 3.0.14 some unused groups are mapped to a single number System Operators (S-1-5-32-549) - -1 Replicators (S-1-5-32-552) - -1 Guests (S-1-5-32-546) - -1 Power Users (S-1-5-32-547) - -1 Print Operators (S-1-5-32-550) - -1 Administrators (S-1-5-32-544) - -1 Account Operators (S-1-5-32-548) - -1 Backup Operators (S-1-5-32-551) - -1 Users (S-1-5-32-545) - -1 but with the new samba 3.0.24 this groups disappears from the net groupmap list output. These group are not necessary and nobody use them. The main groups are mapped correctly Domain Guests (S-1-5-21-64X-514) - msguests Domain Users (S-1-5-21-64X-513) - msusers Domain Admins (S-1-5-21-64X-512) - msadmins Alessandro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
Hello! A few days ago I received a filesystem memory corruption notification from Debian's Linux kernel (2.6.20), which automatically unmounted my root partition. Upon closer investigation, I found that something had overwritten most of my data, XFS's superblocks and other metadata structures. That means from partition offset 0x200. At the time of the error, the only services I was using were Samba with Unix Extensions enabled, LVM2 which managed the mountpoint where I was writing to through Samba, and XFS, which managed both my / and the LVM's partition's files. / was a single partition on one disk, /storage was the LVM managed partition made up of multiple disks. I noticed the corruption issue on the server around the time my Bittorrent client Deluge Torrent (http://download.deluge-torrent.org/stable/deluge-0.5.1.1.tar.gz) was allocating space for a download. The client machine was Gentoo suspend2-sources 2.6.21-r6. I'm not saying this is Samba's bug for sure, but I am trying to find out what's responsible. I've had long chats with people involved with XFS in the #xfs chatroom on Freenode, and they've stated that XFS has checks that prevent itself from writing to block 0, the same block that now holds some unknown structure of data and a file path of the file my torrent client seemed to be allocating. As I'm not a Linux developer, I lack the experience to go digging the source code. I did not take note of the kernel messages that were displayed before I rebooted the machine, because I had no expectation of such a disaster, and hoped a reboot would fix everything. All I have now to help find the cause of this problem is the trashed filesystem. The memory and disk itself were tested and are healthy. Clearly a software error. Example output from offset 0x200 on the root disk: 0260 00 00 00 00 00 00 00 00 d4 3e 00 00 00 00 01 00 |...| 0270 9f 01 12 00 07 00 00 00 40 00 00 00 99 41 7c 46 |[EMAIL PROTECTED]|F| 0280 71 7a 09 00 00 fd 00 00 00 00 00 00 24 08 00 00 |qz..$...| 0290 00 00 00 00 86 01 00 00 f1 03 00 00 00 00 00 00 || 02a0 2f 73 74 6f 72 61 67 65 00 53 6f 66 74 77 61 72 |/storage.Softwar| 02b0 65 2f 57 69 6e 64 6f 77 73 2f 47 61 6d 65 73 2f |e/Windows/Games/| 02c0 54 69 74 61 6e 20 51 75 65 73 74 20 2d 2d 20 49 |Titan Quest -- I| 02d0 6d 6d 6f 72 74 61 6c 20 54 68 72 6f 6e 65 2f 54 |mmortal Throne/T| 02e0 69 74 61 6e 2e 51 75 65 73 74 2e 49 6d 6d 6f 72 |itan.Quest.Immor| 02f0 74 61 6c 2e 54 68 72 6f 6e 65 2d 55 6e 6c 65 61 |tal.Throne-Unlea| 0300 73 68 65 64 2f 75 6e 6c 2d 74 71 69 74 2e 70 61 |shed/unl-tqit.pa| 0310 72 74 31 35 2e 72 61 72 00 42 42 42 18 01 00 00 |rt15.rar.BBB| 0320 00 00 00 00 00 01 00 00 10 00 00 00 e9 00 00 00 || 0330 69 8a 82 e8 ad de e1 fe 00 fd 00 00 00 00 00 00 |i...| 0340 25 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |%...| 0350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || The rest of the data on this corrupted filesystem is filled with similar data blocks -- unknown metadata around a filepath referring to /storage. Just as if something had done filelistings of /storage, and output its memory structures onto the raw device. If some Samba developers recognize this structure (perhaps it's something that's supposed to be in-memory before sending via SMB), please let me know. The filesystem on /storage (LVM managed), did not seem to be corrupted, and at least showed its contents when I did a quick check with a LiveCD. I understand that Samba is supposed to drop its privileges after a connection, but I assume it has to run some parts as root, especially because I set the dos style file permission changing option (to allow groups to change perms, not only owners) also on. The feature didn't work though, but the option was set in smb.conf. This is a major issue, but due to the lack of helpful info, I'm forced to ask in various places. Perhaps Deluge Torrent's allocation routines got Samba confused? There aren't many suspects -- either Samba, XFS (which probably is more common than Samba, so less likely) or the rest of the kernel (which, again, is unlikely). LVM is so low level and less complex than all others, so chances of it messing up like this are microscopic. Syslog-and-friends don't even care about files, and Exim does not run as root after starting up. The peculiar thing is, that the info that was written on top of /dev/hdb3 contains the filepaths of /storage, so I'm betting it had something to do with Samba, which at the time was actively dealing with /storage. It was a conservative home machine, so I'm pretty confident to rule out man-made timebombs. Thank you in advance for any helpful replies! Hopefully I/we can find the cause of this, because I'd take a dead actuator any day over overwritten data -- easier to restore :) -- To unsubscribe from
RE: [Samba] Moving user accounts from a domain to another - andchanging their logins
Hi Francis I don't know that much about Windows accounts, but one thing I learned is that the SID is hugely important. As some directories/files are named after the SID in a user's profile, I figure that they are part of the problem, if not the main problem. It's not something I've done personally - but the place I used to work used the MS Migration Tool for migrating profiles etc... http://www.microsoft.com/downloads/details.aspx?FamilyID=4af2d2c9-f16c-4 c52-a203-8daf944dd555displaylang=en Alex -- Alex Harrington - IT Support, Longhill High School t: 01273 304086 | e: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
I have had the same problem with a similar setup for at least 3 years. My solution is to create the account for the windows workstation either via the smbldap-useradd and the linux useradd commands or a gui wizard that does this for me. I currently use ldap-account-manager http://lam.sourceforge.net/ for as well as user management. And then after the account is created the windows add to domain boxes work. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient -M problem
I have a samba server, from which I want send message to a WinXP client with smbclient -M XPclient and I get the error: Connection to XPclient failed. smbclient -L XPclient, return NT_STATUS_ACCESSED_DENIED ping XPclient responds ok what I must do? Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
This is a major issue, but due to the lack of helpful info, I'm forced to ask in various places. Perhaps Deluge Torrent's allocation routines got Samba confused? Most likely something in the Kernel got them mucked up. Or your hardware is junk. There aren't many suspects -- either Samba, XFS (which probably is more common than Samba, so less likely) No, XFS would be my first suspect with LVM a close second, and hardware a third. I'd eat my hat if Samba had anything to do with this other than dispatching a write request (which it is the kernels job to deal with sanely). Samba or other applications do not deal with disk geometry. or the rest of the kernel (which, again, is unlikely). Why? LVM is so low level and less complex than all others, False. so chances of it messing up like this are microscopic. Why? Syslog-and-friends don't even care about files, What does this mean? Of course they care about files The peculiar thing is, that the info that was written on top of /dev/hdb3 contains the filepaths of /storage, so I'm betting it had Ah, IDE hardware. So that puts it solidly on the suspect list. something to do with Samba EXTREMELY doubtful. , which at the time was actively dealing with /storage. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
Adam Tauno Williams wrote: This is a major issue, but due to the lack of helpful info, I'm forced to ask in various places. Perhaps Deluge Torrent's allocation routines got Samba confused? Most likely something in the Kernel got them mucked up. Or your hardware is junk. I've done occasional memtests for a few days straight, and all have ended successfully. If it wasn't one of those one-in-a-quintillion chances that the sun flipped the necessary bits in memory, I'm betting on software bugs. There aren't many suspects -- either Samba, XFS (which probably is more common than Samba, so less likely) No, XFS would be my first suspect with LVM a close second, and hardware a third. I'd eat my hat if Samba had anything to do with this other than dispatching a write request (which it is the kernels job to deal with sanely). Samba or other applications do not deal with disk geometry. I'm sure someone will eat their hat if this problem's origin is ever found, but my goal is not to suggest the sauce, but to try and stop this from ever recurring to me, or to someone else :) Why? Why? Okay, I admit that those were only my guesses. Syslog-and-friends don't even care about files, What does this mean? Of course they care about files I just can't see how syslog and such small (code-wise) and stable services can all of a sudden take input from some file listing and output it to a raw device. The peculiar thing is, that the info that was written on top of /dev/hdb3 contains the filepaths of /storage, so I'm betting it had Ah, IDE hardware. So that puts it solidly on the suspect list. Yes, most disks nowadays are IDE. If you meant to say PATA, then root was PATA, the LVM disks were on SATA. What part do you suspect exactly? The controller inside the motherboard? The disk itself has no bad blocks, and was monitored minutely, and tested every few days with the SMART self-tests. something to do with Samba EXTREMELY doubtful. , which at the time was actively dealing with /storage. That EXTREMELY doubtful will probably be the answer from the kernel mailinglist, from the XFS developers, from the LVM developers and from the hardware makers, but unfortunately the wasn't me way of handling possible bugs is useless, I feel. I'd appreciate if some would take a look at the output I pasted instead, which I'll add again, because I accidentally left out a few lines from the beginning. 0200 00 42 42 42 18 01 00 00 00 00 00 00 00 01 00 00 |.BBB| 0210 10 00 00 00 e9 00 00 00 69 8a 17 9a 99 19 01 26 |i..| 0220 00 fd 00 00 00 00 00 00 24 08 00 00 00 00 00 00 |$...| 0230 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || 0240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || * 0260 00 00 00 00 00 00 00 00 d4 3e 00 00 00 00 01 00 |...| 0270 9f 01 12 00 07 00 00 00 40 00 00 00 99 41 7c 46 |[EMAIL PROTECTED]|F| 0280 71 7a 09 00 00 fd 00 00 00 00 00 00 24 08 00 00 |qz..$...| 0290 00 00 00 00 86 01 00 00 f1 03 00 00 00 00 00 00 || 02a0 2f 73 74 6f 72 61 67 65 00 53 6f 66 74 77 61 72 |/storage.Softwar| 02b0 65 2f 57 69 6e 64 6f 77 73 2f 47 61 6d 65 73 2f |e/Windows/Games/| 02c0 54 69 74 61 6e 20 51 75 65 73 74 20 2d 2d 20 49 |Titan Quest -- I| 02d0 6d 6d 6f 72 74 61 6c 20 54 68 72 6f 6e 65 2f 54 |mmortal Throne/T| 02e0 69 74 61 6e 2e 51 75 65 73 74 2e 49 6d 6d 6f 72 |itan.Quest.Immor| 02f0 74 61 6c 2e 54 68 72 6f 6e 65 2d 55 6e 6c 65 61 |tal.Throne-Unlea| 0300 73 68 65 64 2f 75 6e 6c 2d 74 71 69 74 2e 70 61 |shed/unl-tqit.pa| 0310 72 74 31 35 2e 72 61 72 00 42 42 42 18 01 00 00 |rt15.rar.BBB| 0320 00 00 00 00 00 01 00 00 10 00 00 00 e9 00 00 00 || 0330 69 8a 82 e8 ad de e1 fe 00 fd 00 00 00 00 00 00 |i...| 0340 25 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |%...| 0350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || My idea is, that if I could find out what wanted to write or made up the above datastructure, I could start tracing the steps backwards and with luck find out the reason why this ended up in near the superblock. You, Adam, did not even mention the only physical evidence I have to help find the source of this problem -- do you just lack the experience with Samba's inner structures and source, or simply did not have any ideas as to what might've conjured this data up? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] migrating samba files, preserving permissions
Hi, Is there a way to migrate the files and shares and preserve the AD group permissions? scp retains the modification time and such, but not the AD group information. --sharif -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
On 6/26/2007, Andri ([EMAIL PROTECTED]) wrote: I've done occasional memtests for a few days straight, and all have ended successfully. If it wasn't one of those one-in-a-quintillion chances that the sun flipped the necessary bits in memory, I'm betting on software bugs. Memtest is hardly a reliable test for memory. I have had bad memory pass test for days on end. The best way I've ever found to reliably find bad memory is compile something big, like X. If your memory is bad, you'll find out pretty quick... -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Notes when changing network IP Addresses
I struggled for this for a few hours, so in case anyone else has this problem in the future: I just switched over a network from public IP addresses to a private subnet (10.100.X.X). After which and I started having problems with our NT Workstations accessing the Backup Domain Controller. So, I looked at the config for our BDC and everything looked fine, except whenever I tried to use any net rpc commands I would always get the Unable to find a suitable server error (couldn't rejoin the domain, etc). Upon further investigation I also got those errors on the Primary Domain Controller !?! All the while, all of our Win2K and WinXP clients worked perfectly. So, knowing that when working with a mixed winnt/win2k/winxp network that the WINS Server had to be specified in a win2k server/clients for any winnt clients to access them, I re-read the Network Browsing Chapter of the Samba How-to Collection. It turns out that the WINS Database on the PDC still had the old IP Addresses of the PDC and BDC. So, I stopped the nmb service on the PDC and deleted the wins database and restarted nmb - everything once again started working as it should. Hope this helps a future problem for someone, Mike Petersen [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Moving user accounts from a domain to another - and changing their logins
I've had sort of an idea, I'd like to know whether it sounds good or not... Given that the main problem seems to be with the user hives (ntuser.dat), I thought about this scenario: - brute force copy all the profiles from the old PDC to the new PDC, appropriate mv/chown; - take all ntuser.dat files from the old domain users, name them after the user (for instance); - connect as a local admin to a machine in the new domain, have all the hives handy; - open regedit, and then for each hive: * load it under HKEY_USERS, * modify the ACLs so that the matching new user gets all the rights, * unload it; - overwrite all hives on the new profiles with the ones corrected via the step above. What do you think? Is there some crucial part that I'm missing? -- Francis Galiegue, [EMAIL PROTECTED] 12bis rue de la Pierre Levée, 75011 PARIS +33143381980, +33683877875 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't get single sign on to work after joining linux to an AD domain
Hi all, I am trying to join PClinuxOS 2007 to an Active Directory domain, I was able to get it to join following a guide off of Linux Magazine's website. I can't post the URL because you need to be registered to view the article so I have taken the liberty of copying and pasting the article at the end of this message. Anyways what is happening is while I was able to get linux to join the domain, I am still unable to sign onto the linux box with one of the domain user accounts. When I do an wbinfo -g I am able to see all the domain groups. I am also able to view all the users using the -u switch. We are running Windows Server 2003 R2, I would post log files but I am not exactly sure where or what to look for. Here is the copy of the article as promised: /Listing One: smb.conf options for Winbind workgroup= MYWG security= Domain encrypt passwords= Yes password server= 192.168.1.1 winbind use default domain= Yes idmap uid= 2000-25000 idmap gid= 2000-25000 template shell= /bin/bash template homedir= /home/% U The first four lines in Listing One are fairly straightforward, and might appear on any Samba server on the network. They set the workgroup/domain name, tell Samba to use domain-level security, enable encrypted passwords, and specify the password server system (that is, the domain controller). The remaining lines in this listing set Winbind-specific options. *The idmap uid and idmap gid options set the range of UID and GID numbers that Winbind (its NSS components, specifically) may assign. These UID and GID values should not be used by local users, but you can change them from the values set in Listing One, if you like. These options are necessary because NT domain controllers don't maintain Linux-style UID and GID numbers, so Winbind must make these values up itself. *The template shell and template homedir options set the default shell and home directory. The %U in the latter option stands in for the username. As with idmap uid and idmap gid, these options are necessary because NT domain controllers don't maintain the information. While you've now told your Linux system how to find the domain controller and manage accounts, you must still join the domain --- that is, notify the domain controller about the new member. This can be done using the net command: # net join member --U adminuser When you type this command, adminuser is the username of an administrative user on the domain controller. On Windows systems, this is likely to be Administrator. On domain controllers that use Linux and Samba, it could be something else, so check your domain controller configuration. Samba domain controllers may also need a machine trust account that's been prepared on the domain controller itself. (Samba domain controller configuration is well beyond the scope of this article.) Running the Daemon At this point, you can start running the Winbind daemon, winbindd: # /usr/sbin/winbindd --i This command runs the daemon and (because of the --i option) sends log information to standard output rather than to a log file. Launching the daemon in this way works well for testing, but in the long term, you're better off putting this command (without the --i option) in a startup script. In fact, if you installed Winbind from a Linux package, it should have come with a System V- like startup script to start Winbind, so look for such a script and use your distribution's System V package management utilities (such as chkconfig or rc-update) to activate it in your default runlevel. The Winbind daemon manages the actual connection to the domain controller. PAM and NSS then consult this daemon to do their jobs. You can check basic operations using the wbinfo command. The --t option causes this program to check the basic connection of Winbind to the domain controller. It should return a message like this: $ wbinfo --t checking the trust secret via RPC calls succeeded You can also use the --u option to obtain a list of accounts managed by the domain controller. If one or both of these calls fail, review your configuration and consult your log files for clues about what's going wrong. Configuring PAM PAM is controlled through files in /etc/pam.d/. For the most part, these files control how specific programs interact with PAM. For instance, /etc/pam.d/login tells the login program how to use PAM. These configurations vary greatly from one distribution to another, but they all consist of a series of stacks --- auth, account, session, and password. Each stack consists of one or more lines that begin with the relevant keyword. Each stack manages a particular sub-task, such as authentication (auth) or verifying account accessibility (account). Modifying a PAM configuration to include a new authentication tool, such as Winbind, is a matter of adding lines to one or more of the auth and account stacks, and possibly modifying other lines. Listing Two
Re: [Samba] migrating samba files, preserving permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sharif islam wrote: Hi, Is there a way to migrate the files and shares and preserve the AD group permissions? scp retains the modification time and such, but not the AD group information. xcopy /o or robocopy.exe cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgUh0IR7qMdg1EfYRArJCAJ9nN1asVmtR9WzYozwGG8EXGioe3wCg6Zc7 +81fZAau+GFV90lT7e3F0og= =eEkO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating samba files, preserving permissions
Is there a way to migrate the files and shares and preserve the AD group permissions? scp retains the modification time and such, but not the AD group information. Your question is too vague to give a solid answer, but, just backup and restore with a tool (NOT ssh, tar, etc...) that supports EA. If your source filesystem is a Samba system then using star in exustar mode should work. If you are coming from a real Windows box then you probably need to backup and restore with a Windows utility. -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
On Tue, 2007-06-26 at 12:00 -0400, Charles Marcus wrote: On 6/26/2007, Andri ([EMAIL PROTECTED]) wrote: I've done occasional memtests for a few days straight, and all have ended successfully. If it wasn't one of those one-in-a-quintillion chances that the sun flipped the necessary bits in memory, I'm betting on software bugs. Memtest is hardly a reliable test for memory. I have had bad memory pass test for days on end. The best way I've ever found to reliably find bad memory is compile something big, like X. If your memory is bad, you'll find out pretty quick... The real solution is to use ECC memory. :) -- Adam Tauno Williams, Network Systems Administrator Consultant - http://www.whitemiceconsulting.com Developer - http://www.opengroupware.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
Great!!! I have created a couple of machine accounts through the LAM utility and I have eventually been able to join the domain. Thank you very much for your help. John Drescher-2 wrote: I have had the same problem with a similar setup for at least 3 years. My solution is to create the account for the windows workstation either via the smbldap-useradd and the linux useradd commands or a gui wizard that does this for me. I currently use ldap-account-manager http://lam.sourceforge.net/ for as well as user management. And then after the account is created the windows add to domain boxes work. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- View this message in context: http://www.nabble.com/Samba-and-LDAP%3A-Trouble-adding-Win-XP-machines-to-the-domain-tf3981091.html#a11310118 Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] two questions about samba
thanks for the info about the workstations option i have workstations that are named student01 02 03, etc and staf01 02 03 when i specify staf* or student* it does not allow the account access. if i specify staf01 it will allow that machine to log on. know of a way to specify groups of workstations? On Fri, June 22, 2007 3:35 pm, Chris Smith said: On Friday 22 June 2007, Jack Mendez wrote: I would like to deny users access to the pdc based on the hostname. so if username1 logs into computer1, that is allowed, if the user logs of, and goes on to computer2, it will be denied because computer2 is a staff machine I don't think this is valid with the smbpasswd backend With but a tdbsam backend you can use: net sam set workstations Ldap has a entry for this as well (don't know it off the top of my head). we have students that will sometimes try to use staff machines and i want the login to fail. i have lots of log entries that look like. Hmmm...don't know what those entries have to do with it. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Currently on 3.0.10 and want to upgrade to 3.0.25a
William Jojo wrote: is? Seems to me to be a big jump. Does 25a have all of the changes Before you start up the samba 3.0.25a server, make sure to do a testparm on your smb.conf file to make sure you don't have any options that are now unsupported. Eric Feldhusen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] migrating samba files, preserving permissions
On 6/26/07, Adam Tauno Williams [EMAIL PROTECTED] wrote: Is there a way to migrate the files and shares and preserve the AD group permissions? scp retains the modification time and such, but not the AD group information. Your question is too vague to give a solid answer, but, just backup and restore with a tool (NOT ssh, tar, etc...) that supports EA. If your source filesystem is a Samba system then using star in exustar mode should work. If you are coming from a real Windows box then you probably need to backup and restore with a Windows utility. Sorry for not being clear. Here's more information. We are moving the samba server to a different linux machine, but authenticating against the same Active Directory. In the conf file, we have idmap uid = 1-60. For instance, my uid is 10001 in the old machine. However, in the new machine, it is, lets say 10004. How would I make sure that the new uid/gid is mapping to the same windows sid? I saw a tool called tdbdump. If I copy the winbind cache from the old machine and use it in the new machine, will that keep the same mapping? --sharif -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
Adam Tauno Williams wrote: On Tue, 2007-06-26 at 12:00 -0400, Charles Marcus wrote: On 6/26/2007, Andri ([EMAIL PROTECTED]) wrote: I've done occasional memtests for a few days straight, and all have ended successfully. If it wasn't one of those one-in-a-quintillion chances that the sun flipped the necessary bits in memory, I'm betting on software bugs. Memtest is hardly a reliable test for memory. I have had bad memory pass test for days on end. The best way I've ever found to reliably find bad memory is compile something big, like X. If your memory is bad, you'll find out pretty quick... The real solution is to use ECC memory. :) It's a headless server without X, but I've compiled plenty of other applications on it without issues. That includes Linux. The chance that a bit flipping on the exact location that directs Samba's (or the filesystem's or what-not's) output, and it ending up on another (and raw) device is something I really can't believe happening. Like the XFS guys said, memory corruption errors might not necessarily be because of faulty hardware. Even if this issue is related to the SATA controller's driver, I wish to find out the origin of the data structures I've pasted twice now, because I believe tracing them might hold the key to this mystery. Of course, I lack the expertise to scan a driver's source code for such possible mistakes, but at least I can let the author know and ask for their assistance. Blaming hardware for uncommon and unexpected behavior is not always the reasonable thing to do. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't get single sign on to work after joining linux to an AD domain
First of all that guide is faulty as you need security = ADS and not Domain. I think you should look at the Samba By Example or the official How- To on samba.org If you then have problems/questions please post them here. Cheers, henrik 26 jun 2007 kl. 18:54 skrev Justin Ehrlichman: Hi all, I am trying to join PClinuxOS 2007 to an Active Directory domain, I was able to get it to join following a guide off of Linux Magazine's website. I can't post the URL because you need to be registered to view the article so I have taken the liberty of copying and pasting the article at the end of this message. Anyways what is happening is while I was able to get linux to join the domain, I am still unable to sign onto the linux box with one of the domain user accounts. When I do an wbinfo -g I am able to see all the domain groups. I am also able to view all the users using the -u switch. We are running Windows Server 2003 R2, I would post log files but I am not exactly sure where or what to look for. Here is the copy of the article as promised: /Listing One: smb.conf options for Winbind workgroup= MYWG security= Domain encrypt passwords= Yes password server= 192.168.1.1 winbind use default domain= Yes idmap uid= 2000-25000 idmap gid= 2000-25000 template shell= /bin/bash template homedir= /home/% U The first four lines in Listing One are fairly straightforward, and might appear on any Samba server on the network. They set the workgroup/domain name, tell Samba to use domain-level security, enable encrypted passwords, and specify the password server system (that is, the domain controller). The remaining lines in this listing set Winbind-specific options. *The idmap uid and idmap gid options set the range of UID and GID numbers that Winbind (its NSS components, specifically) may assign. These UID and GID values should not be used by local users, but you can change them from the values set in Listing One, if you like. These options are necessary because NT domain controllers don't maintain Linux-style UID and GID numbers, so Winbind must make these values up itself. *The template shell and template homedir options set the default shell and home directory. The %U in the latter option stands in for the username. As with idmap uid and idmap gid, these options are necessary because NT domain controllers don't maintain the information. While you've now told your Linux system how to find the domain controller and manage accounts, you must still join the domain --- that is, notify the domain controller about the new member. This can be done using the net command: # net join member --U adminuser When you type this command, adminuser is the username of an administrative user on the domain controller. On Windows systems, this is likely to be Administrator. On domain controllers that use Linux and Samba, it could be something else, so check your domain controller configuration. Samba domain controllers may also need a machine trust account that's been prepared on the domain controller itself. (Samba domain controller configuration is well beyond the scope of this article.) Running the Daemon At this point, you can start running the Winbind daemon, winbindd: # /usr/sbin/winbindd --i This command runs the daemon and (because of the --i option) sends log information to standard output rather than to a log file. Launching the daemon in this way works well for testing, but in the long term, you're better off putting this command (without the --i option) in a startup script. In fact, if you installed Winbind from a Linux package, it should have come with a System V- like startup script to start Winbind, so look for such a script and use your distribution's System V package management utilities (such as chkconfig or rc-update) to activate it in your default runlevel. The Winbind daemon manages the actual connection to the domain controller. PAM and NSS then consult this daemon to do their jobs. You can check basic operations using the wbinfo command. The --t option causes this program to check the basic connection of Winbind to the domain controller. It should return a message like this: $ wbinfo --t checking the trust secret via RPC calls succeeded You can also use the --u option to obtain a list of accounts managed by the domain controller. If one or both of these calls fail, review your configuration and consult your log files for clues about what's going wrong. Configuring PAM PAM is controlled through files in /etc/pam.d/. For the most part, these files control how specific programs interact with PAM. For instance, /etc/pam.d/login tells the login program how to use PAM. These configurations vary greatly from one distribution to another, but they all consist of a series of stacks --- auth, account, session, and password. Each stack consists of one or more lines that begin with the
[Samba] quickbooks 2003 multiuser
I apologize if this has already been asked. In my searching, I have not found a clear answer. How do you setup Samba for Quickbooks 2003 multi-user? I appreciate any help. Gary -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] quickbooks 2003 multiuser
Gary Attaway wrote: I apologize if this has already been asked. In my searching, I have not found a clear answer. How do you setup Samba for Quickbooks 2003 multi-user? I appreciate any help. Gary for a access style database like quickbooks, I would turn off all oplocks... -- Ray Klassen Computer SysAdmin MCC Supportive Care Services -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NTConfig.pol
Hi list. I've just configured a PDC server using RedHat Enterprise Linux 4 (update 5) and Samba 3.0.25a. Everithing is working fine. I'm not using LDAP and all my client machines are installed with Windows XP Professional. I used the Mike Petersen website ( http://www.pcc-services.com/custom_poledit.html) to help me creating the NTConfig.pol file and created custom profiles folder for each user. My PDC has three distincts groups. I've mapped them using the same name for both NTGroup and UnixGroup (net groupmap add ntgroup=XXX unixgroup=XXX). I'm not using any Windows default groups (Power Users, Users, etc). The strange scenario is that my clients are only reading the NTConfig.pol during their first logon in a machine, after that it seems that it assumes some defaults configurations and don't read my NTConfig.pol file anymore. Thks in advance, Diego. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [Fwd: Problems with samba and windows 2000 professional]
Good day, I've posted this request again, as it got hijacked and probably ignored. I'm having issues with a small company with the following setup... 1. Windows 2003 active directory server (server.company.local) 2. samba 3.0.25 linux server (serve2.company.local) 3. windows xp and windows 2000 professional clients. All clients are part of the ads structure. What's happening is the client's running windows xp can access the samba shares with no issues what so ever, but the windows 2000 professional clients keep popping up an incorrect password window asking for a proper username and password to access the server and it's shares. Even if you enter a correct username, it rejects it. I see no errors with the linux/samba server tied to the domain. It just seems that I'm missing something in regards to the windows 2000 professional clients passing username/password info. I'm totally stuck at this point. Here is the config files from the linux/samba server. /etc/samba/smb.conf - [global] workgroup = company server string = Company File Server security = ads printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no password server = SERVER realm = COMPANY.LOCAL encrypt passwords = yes winbind enum users = yes winbind enum groups = yes winbind separator = + idmap uid = 1-2 idmap gid = 1-2 log level = 10 # template shell = /bin/false ;[homes] ; comment = Home Directories ; browseable = no ; writable = yes ; template shell = /bin/false ; winbind use default domain = no [apps] comment = Application Share path = /home/samba/apps writeable = yes browseable = yes inherit acls = yes inherit permissions = yes create mask = 700 directory mask = 700 valid users =@COMPANY+Domain Users admin users =@COMPANY+Domain Admins [share] comment = Company Central Share path = /home/samba/share writeable = yes browseable = yes inherit acls = yes inherit permissions = yes create mask = 700 directory mask = 700 valid users =@COMPANY+Domain Users admin users =@COMPANY+Domain Admins [images] comment = Company Desktop image files path = /home/samba/images writeable = yes browseable = yes inherit acls = yes inherit permissions = yes create mask = 700 directory mask = 700 valid users =@COMPANY+Domain Users admin users =@COMPANY+Domain Admins /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = COMPANY.LOCAL dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] COMPANY.LOCAL = { kdc = server.company.local admin_server = server.company.local default_domain = company.local } [domain_realm] .company.local = COMPANY.LOCAL company.local = COMPANY.LOCAL [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } - Thanks ahead of time. Frank Thomas Frank Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The process cannot access the file because another process has locked a portion of the file
I have a directory in a linux server (Debian) and it was exported by nfs to another linux server (Debian). In this last server, the directory was included in smb.conf (Samba) for Windows users. I can access the share from windows and create news files, but I cannot move files inside the subdirectories of the share. When I try to do this, I receive the follow message: Cannot copy file_name. The process cannot access the file because another process has locked a portion of the file. Anybody knows something about it? Sandra -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
XFS eats files. Did you lose power or did your system crash? XFS is very good at losing files. Other than that, LVM is the next culprit. Samba only opens and writes to files. It has no code to do anything else in it. On Tue, 2007-06-26 at 15:35 +0300, Andri wrote: Hello! A few days ago I received a filesystem memory corruption notification from Debian's Linux kernel (2.6.20), which automatically unmounted my root partition. Upon closer investigation, I found that something had overwritten most of my data, XFS's superblocks and other metadata structures. That means from partition offset 0x200. At the time of the error, the only services I was using were Samba with Unix Extensions enabled, LVM2 which managed the mountpoint where I was writing to through Samba, and XFS, which managed both my / and the LVM's partition's files. / was a single partition on one disk, /storage was the LVM managed partition made up of multiple disks. I noticed the corruption issue on the server around the time my Bittorrent client Deluge Torrent (http://download.deluge-torrent.org/stable/deluge-0.5.1.1.tar.gz) was allocating space for a download. The client machine was Gentoo suspend2-sources 2.6.21-r6. I'm not saying this is Samba's bug for sure, but I am trying to find out what's responsible. I've had long chats with people involved with XFS in the #xfs chatroom on Freenode, and they've stated that XFS has checks that prevent itself from writing to block 0, the same block that now holds some unknown structure of data and a file path of the file my torrent client seemed to be allocating. As I'm not a Linux developer, I lack the experience to go digging the source code. I did not take note of the kernel messages that were displayed before I rebooted the machine, because I had no expectation of such a disaster, and hoped a reboot would fix everything. All I have now to help find the cause of this problem is the trashed filesystem. The memory and disk itself were tested and are healthy. Clearly a software error. Example output from offset 0x200 on the root disk: 0260 00 00 00 00 00 00 00 00 d4 3e 00 00 00 00 01 00 |...| 0270 9f 01 12 00 07 00 00 00 40 00 00 00 99 41 7c 46 |[EMAIL PROTECTED]|F| 0280 71 7a 09 00 00 fd 00 00 00 00 00 00 24 08 00 00 |qz..$...| 0290 00 00 00 00 86 01 00 00 f1 03 00 00 00 00 00 00 || 02a0 2f 73 74 6f 72 61 67 65 00 53 6f 66 74 77 61 72 |/storage.Softwar| 02b0 65 2f 57 69 6e 64 6f 77 73 2f 47 61 6d 65 73 2f |e/Windows/Games/| 02c0 54 69 74 61 6e 20 51 75 65 73 74 20 2d 2d 20 49 |Titan Quest -- I| 02d0 6d 6d 6f 72 74 61 6c 20 54 68 72 6f 6e 65 2f 54 |mmortal Throne/T| 02e0 69 74 61 6e 2e 51 75 65 73 74 2e 49 6d 6d 6f 72 |itan.Quest.Immor| 02f0 74 61 6c 2e 54 68 72 6f 6e 65 2d 55 6e 6c 65 61 |tal.Throne-Unlea| 0300 73 68 65 64 2f 75 6e 6c 2d 74 71 69 74 2e 70 61 |shed/unl-tqit.pa| 0310 72 74 31 35 2e 72 61 72 00 42 42 42 18 01 00 00 |rt15.rar.BBB| 0320 00 00 00 00 00 01 00 00 10 00 00 00 e9 00 00 00 || 0330 69 8a 82 e8 ad de e1 fe 00 fd 00 00 00 00 00 00 |i...| 0340 25 08 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |%...| 0350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || The rest of the data on this corrupted filesystem is filled with similar data blocks -- unknown metadata around a filepath referring to /storage. Just as if something had done filelistings of /storage, and output its memory structures onto the raw device. If some Samba developers recognize this structure (perhaps it's something that's supposed to be in-memory before sending via SMB), please let me know. The filesystem on /storage (LVM managed), did not seem to be corrupted, and at least showed its contents when I did a quick check with a LiveCD. I understand that Samba is supposed to drop its privileges after a connection, but I assume it has to run some parts as root, especially because I set the dos style file permission changing option (to allow groups to change perms, not only owners) also on. The feature didn't work though, but the option was set in smb.conf. This is a major issue, but due to the lack of helpful info, I'm forced to ask in various places. Perhaps Deluge Torrent's allocation routines got Samba confused? There aren't many suspects -- either Samba, XFS (which probably is more common than Samba, so less likely) or the rest of the kernel (which, again, is unlikely). LVM is so low level and less complex than all others, so chances of it messing up like this are microscopic. Syslog-and-friends don't even care about files, and Exim does not run as root after starting up. The peculiar thing is, that the info that was written on top of /dev/hdb3 contains the filepaths of /storage, so I'm betting it had something to do with
[Samba] Problem with AD
Hi All, New to the list here. I am trying to connect my samba box to an Windows Server 2003 box (yuck). My users want to be able to access shares on the samba box with the same credentials they used to login into the windows domain. Am I correct in thinking this is possible? As far as I can tell from numerous tutorials and docs, I am. Anyway, I downloaded MIT's kerberos5 1.6.1, dod configure (with no extra options), make make install, everything worked just fine. Here is my krb5.conf ---SNIP--- [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = EAGLE-SYSTEMS.LOCAL [realms] EAGLE-SYSTEMS.LOCAL = { kdc = esass001.eagle-systems.local } [domain_realms] .kerberos.server = EAGLE-SYSTEMS.LOCAL --SNIP- I ran kinit and It seems to have worked! Awesome, here is what klist says --SNIP--- Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 06/26/07 09:39:03 06/26/07 19:39:07 krbtgt/EAGLE- [EMAIL PROTECTED] renew until 06/27/07 09:39:03 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached ---SNIP- Next, I compiled samba 3.0.25a on Slackware Linux 11. Here are the option I used with configure: ./configure --with-ads --with-krb5=/usr/local --with-winbind --with-libmsrpc --with-acl-support --with-ldap It configures, compiles and installs without errors. Here is my smb.conf --SNIP-- [global] workgroup = EAGLE-SYSTEMS realm = EAGLE-SYSTEMS.LOCAL preferred master = no server string = Eagle FTP Server security = ADS password server = 192.168.0.20 encrypt passwords = yes log level = 3 client use spnego = Yes netbios name = FTP log file = /var/log/samba/%m max log size = 50 winbind separator = + printcap name = cups printing = cups idmap uid = 1-2 idmap gid = 1-2 [safety] path = /home/safety comment = Safety Officer valid users = sellis read only = No browseable = No -SNIP-- Notice that for the safety share, I have a valid user called sellis, which is a user in the Active Directory. I ran testparm and it said everything was ok. I fired up smbd and nmbd and they run fine. Next I ran: # ./net ads join -U esasadmin esasadmin's password: Using short domain name -- EAGLE-SYSTEMS Joined 'FTP' to realm 'EAGLE-SYSTEMS.LOCAL' And it seems to have worked. I look under 'Computers' in active directory and sure enough, FTP shows up in the list. Next I edited /etc/nsswitch.conf and changed the passw and group lines to look like this: passwd: compat winbind group: compat winbind No I fired up winbindd and it looked good. However, when ever I run wbinfo -u, I see no list of users (it says: Error looking up domain users). I check to make sure winbindd is still running, but I it isn't. I looked and the logs for winbindd (specifically log.wb-EAGLE-SYSTEMS) and it shows this: -SNIP- [2007/06/26 14:50:50, 3] nsswitch/winbindd_misc.c:winbindd_dual_list_trusted_domains(121) [ 898]: list trusted domains [2007/06/26 14:50:50, 0] lib/fault.c:fault_report(41) === [2007/06/26 14:50:50, 0] lib/fault.c:fault_report(42) INTERNAL ERROR: Signal 11 in pid 899 (3.0.25a) Please read the Trouble-Shooting section of the Samba3-HOWTO [2007/06/26 14:50:50, 0] lib/fault.c:fault_report(44) From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf [2007/06/26 14:50:50, 0] lib/fault.c:fault_report(45) === [2007/06/26 14:50:50, 0] lib/util.c:smb_panic(1632) PANIC (pid 899): internal error [2007/06/26 14:50:50, 0] lib/util.c:log_stack_trace(1736) BACKTRACE: 24 stack frames: #0 ./winbindd(log_stack_trace+0x26) [0x800bec88] #1 ./winbindd(smb_panic+0x76) [0x800beb18] #2 ./winbindd [0x800ac248] #3 ./winbindd [0x800ac256] #4 [0xe420] #5 ./winbindd(cm_connect_sam+0x79) [0x8005b915] #6 ./winbindd [0x8005ebbb] #7 ./winbindd [0x8005f6f2] #8 ./winbindd [0x8004970f] #9 ./winbindd [0x80049bb9] #10 ./winbindd [0x8004ccb2] #11 ./winbindd(winbindd_dual_list_trusted_domains+0x9d) [0x80056b5c] #12 ./winbindd [0x80063f40] #13 ./winbindd [0x800656f5] #14 ./winbindd [0x80063bba] #15 ./winbindd(async_request+0x154) [0x800637cc] #16 ./winbindd(init_child_connection+0x219) [0x80047221] #17 ./winbindd(async_domain_request+0xed) [0x80063ced] #18 ./winbindd [0x80046c76] #19 ./winbindd(rescan_trusted_domains+0x45) [0x80046ffb] #20 ./winbindd [0x8003f95d] #21 ./winbindd(main+0x652) [0x800404b3] #22 /lib/tls/libc.so.6(__libc_start_main+0xd4) [0xb7c60e14] #23 ./winbindd [0x8003e661] [2007/06/26 14:50:50, 0] lib/fault.c:dump_core(181) dumping core in /usr/local/samba/var/cores/winbindd --SNIP-- The interesting thing is that
[Samba] URGENT! Windows Server 2003 SP2 broke samba
Reading the How To Compile Samba leads me to this question. Must I compile Samba with AD support as described in that document in order for the Samba server to be able to have userids/passwords authenticated by a W2K3/SP2 AD? I only need to be able to continue to provide access to users' Unix home directories from their PCs via a Windows login script that includes: net use s: \\sambasvr\username (where username is the same for both Unix and Windows). Gee! I wish I had seen this coming! Charles -Original Message- From: John H Terpstra [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Mon, 25 Jun 2007 7:54 pm Subject: Re: [Samba] URGENT! Windows Server 2003 SP2 broke samba On Monday 25 June 2007 12:32, [EMAIL PROTECTED] wrote: After applying SP2 to our Windows Server 2003 domain controller, we are unable to access Samba Version 3.0.4 shared user diectories. Access fails with these message: unable to validate password for user USER in domain DOMAIN to Domain controller \\DOODAH. Error was NT_STATUS_ACCESS_DENIED. If no one has experienced and resolved this, how do I debug this situation? Thanks, in advance, for any help offered. Please update to the current version of Samba as soon as possible. The version you are using has many problems with Windows 2003/XP. The current version is 3.0.25a - yours dates back to around December 2003 - that is very old, out of date, and will not work with SP2 or later. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. =0 Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. =0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
On Tue, 26 Jun 2007, Andri wrote: Adam Tauno Williams wrote: On Tue, 2007-06-26 at 12:00 -0400, Charles Marcus wrote: On 6/26/2007, Andri ([EMAIL PROTECTED]) wrote: I've done occasional memtests for a few days straight, and all have ended successfully. If it wasn't one of those one-in-a-quintillion chances that the sun flipped the necessary bits in memory, I'm betting on software bugs. Memtest is hardly a reliable test for memory. I have had bad memory pass test for days on end. The best way I've ever found to reliably find bad memory is compile something big, like X. If your memory is bad, you'll find out pretty quick... The real solution is to use ECC memory. :) It's a headless server without X, but I've compiled plenty of other applications on it without issues. That includes Linux. The chance that a bit flipping on the exact location that directs Samba's (or the filesystem's or what-not's) output, and it ending up on another (and raw) device is something I really can't believe happening. Like the XFS guys said, memory corruption errors might not necessarily be because of faulty hardware. Even if this issue is related to the SATA controller's driver, I wish to find out the origin of the data structures I've pasted twice now, because I believe tracing them might hold the key to this mystery. Of course, I lack the expertise to scan a driver's source code for such possible mistakes, but at least I can let the author know and ask for their assistance. Blaming hardware for uncommon and unexpected behavior is not always the reasonable thing to do. Samba uses standard system calls to create, modify, and delete files. It does not write to random bits of /dev/hda. If you have filesystem corruption, then the problem lies elsewhere. Maybe the data you found came from Samba (indirectly through files your Bittorrent client was saving to a Samba share), but that does not imply that Samba was the cause of the problem. When Samba used the system call write() - or whatever optimized system call it uses - some other piece of software (XFS, LVM, Linux kernel IDE driver) placed that data in the wrong place on the disk. In my experience (which only counts as anecdotal evidence anyways), disk hardware failures are usually easily detected as ever-increasing bad block counts reported by the disk's S.M.A.R.T. firmware. If the disk still works normally and is not reporting any SMART errors, then you can probably rule out hardware. I'm not saying it is impossible for Samba to create this problem, but since Samba uses standard system calls and has no reason to write directly to the /dev/hda raw device, it seems far more likely that the software which does actually write to the raw device (XFS, LVM, Linux kernel) is the culprit. Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
OT: ECC Memory - WAS: Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
The best way I've ever found to reliably find bad memory is compile something big, like X. If your memory is bad, you'll find out pretty quick... The real solution is to use ECC memory. :) Curious... I recall reading somewhere that ECC memory was considerably slower than non-ECC, and its benefits was mostly sales hype - ie, its ECC was not precisely reliable... Anyone know of an authoritative answer to this question? -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] two questions about samba
On Tuesday 26 June 2007, Jack Mendez wrote: i have workstations that are named student01 02 03, etc and staf01 02 03 when i specify staf* or student* it does not allow the account access. if i specify staf01 it will allow that machine to log on. know of a way to specify groups of workstations? You can put multiple workstations in the argument: net sam set workstations stafusername staf01,staf02,staf03 Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Moving user accounts from a domain to another - and changing their logins
Le mardi 26 juin 2007, Francis Galiegue a écrit : I've had sort of an idea, I'd like to know whether it sounds good or not... Answer to self: nope. It mostly works, but mostly != fully. The other method does work. So I'll stick to it... -- Francis Galiegue, [EMAIL PROTECTED] 12bis rue de la Pierre Levée, 75011 PARIS +33143381980, +33683877875 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: OT: ECC Memory - WAS: Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
I recall reading somewhere that ECC memory was considerably slower than non-ECC, and its benefits was mostly sales hype - ie, its ECC was not precisely reliable... Neither are true. Anyone know of an authoritative answer to this question? I use ECC memory in all of my servers and the main benefit is that if you ever get a single correction you probably have a hardware problem. On these systems machine check exceptions are logged in the bios for each memory problem seen. If you see more than one of these it is highly likely that your hardware is the problem. If you have the correct hardware and your kernel has the CONFIG_X86_MCE and CONFIG_X86_MCE_INTEL or CONFIG_X86_MCE_AMD you should be able to view these errors on a running system by executing mcelog. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] URGENT! Windows Server 2003 SP2 broke samba
On Tue, 26 Jun 2007, [EMAIL PROTECTED] wrote: Reading the How To Compile Samba leads me to this question. Must I compile Samba with AD support as described in that document in order for the Samba server to be able to have userids/passwords authenticated by a W2K3/SP2 AD? I only need to be able to continue to provide access to users' Unix home directories from their PCs via a Windows login script that includes: net use s: \\sambasvr\username (where username is the same for both Unix and Windows). Gee! I wish I had seen this coming! Charles I seem to remove 2003 SP2 changed some default to require a more secure authentication method. However, you can change that back using the Default Domain Policy. Grr, does this ring a bell for anyone? I can't remember the specifics. In any case, it is perfectly possible to run security=domain and join an AD forest. We do it here. Andy-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: OT: ECC Memory - WAS: Re: [Samba] Possible Filesystem Corruptionwith Samba 3.0.25a (with XFS and LVM)
While slower, it has benefits for something like a database server. For a home machine, the added expense and slower speed are not worth it. Not exactly a definitive answer as there is gray area but for a production server, I'd throw in ecc Sent via BlackBerry from T-Mobile -Original Message- From: Charles Marcus [EMAIL PROTECTED] Date: Tue, 26 Jun 2007 16:26:25 To:samba@lists.samba.org Subject: OT: ECC Memory - WAS: Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM) The best way I've ever found to reliably find bad memory is compile something big, like X. If your memory is bad, you'll find out pretty quick... The real solution is to use ECC memory. :) Curious... I recall reading somewhere that ECC memory was considerably slower than non-ECC, and its benefits was mostly sales hype - ie, its ECC was not precisely reliable... Anyone know of an authoritative answer to this question? -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
El Martes, 26 de Junio de 2007 10:23, mikelOn escribió: add user script = /usr/sbin/smbldap-useradd -m %u If your users are Windows users you should add an '-a' here, and add the users with the '-a' flag. Like this: add user script = /usr/sbin/smbldap-useradd -m -a %u delete user script = /usr/sbin/smbldap-userdel -r %u add group script = /usr/sbin/smbldap-groupadd %g You should add '-a -p' here: add group script = /usr/sbin/smbldap-groupadd -m -a %g P.S.: ¿Can it have anything to do with other stuff such as the DNS server? Perhaps yes... I have a Samba server with OpenLDAP acting as a PDC and we use dnsmasq as our DNS server. It's small, fast and deals very well with Samba and Windows clients. We use it also as DHCP server so all the machines have the correct IP, DNS server, WINS Server and so on. One question... the user mikelvm is a regular UNIX user or one added with the smbldap-useradd tool? -- Asier. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.25b Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == I feel like an Appalachian miner that just found a new vein of coal! -- Jeremy Allison after finding a new set of NTSTATUS codes returned by NTcreateX. == Release Announcements = This is the third production release of the Samba 3.0.25 code base and is the version that servers should be run for for all current bug fixes. Major bug fixes included in Samba 3.0.25b are: o Offline caching of files with Windows XP/Vista clients. o Improper cleanup of expired or invalid byte range locks on files. o Crashes is idmap_ldap and idmap_rid. Changes to 'net idmap dump' === A change in command line syntax and behavior was introduced in the 3.0.25 release series where the command $ net idmap dump /.../path/to/idmap.tdb would overwrite the tdb instead of dumping its contents to standard output as was the case in releases prior to Samba 3.0.25. The changed has been reverted in 3.0.25b and the semantics from 3.0.24 and earlier releases have been restored. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.25b.html Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgXvNIR7qMdg1EfYRAi/0AKCpoiyVN/J5023+/oxXkAs+bq902QCgzkG5 G9BxlOo0ew1bLW6yXjExy88= =3Lbd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] workgroup to domain migration question
Hi all I try to transform our old workgroup to a domain. I read a lot of doc about that and smb-ldap tools. I cannot use smb-ldap tools because I have a running ldap database with our unix accounts. I build my own script to update our database. Questions : - For the admin account I modify the uid=admin, uidNumber=1033 and gid=512 to secure the server root account. (no homeDirectory and loginShell). It is correct ? - For the accounts : Administrators, Account Operators, Print Operators, Backup Operators et Replicators which are the correct SID ? S-1-5-32-544 or a form like S-1-5-21-374813769-5580279-1681509432-544 ? - For the sambaSID users I use the localSID + uidNumber it is ok ? - For the sambaSid groups unix (each user have this own group) I use localsid + uidNumber + 1000 The primaryGroupSID are needed ? if yes which ? - For hosts I use localsid + uidNumber + 2000 ok ? Could you help me to clarify that ? Thanks in advance Guy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Possible Filesystem Corruption with Samba 3.0.25a (with XFS and LVM)
Glad to finally see a reply not 100% about my hardware. Andrew Morgan wrote: Samba uses standard system calls to create, modify, and delete files. It does not write to random bits of /dev/hda. If you have filesystem corruption, then the problem lies elsewhere. It's not FS corruption per se, it's just that something wrote over the FS. Maybe the data you found came from Samba (indirectly through files your Bittorrent client was saving to a Samba share), but that does not imply that Samba was the cause of the problem. When Samba used the system call write() - or whatever optimized system call it uses - some other piece of software (XFS, LVM, Linux kernel IDE driver) placed that data in the wrong place on the disk. Possible, of course, but I or some more knowledgeable person could start tracing if the origin of the data is found :) In my experience (which only counts as anecdotal evidence anyways), disk hardware failures are usually easily detected as ever-increasing bad block counts reported by the disk's S.M.A.R.T. firmware. If the disk still works normally and is not reporting any SMART errors, then you can probably rule out hardware. I have, and hoped my first hint of 'hardware is healthy' in my first posting would satisfy others :) As I've explained, this issue has little to do with the hardware, and more with seeming structured data being placed over my root partition. This would be a good time to mention that while checking the other blocks with similar structure, I discovered a similarity -- they seem to start with 0x47 0x71 as can be seen from the example below that I took from offset ~38MB. 0140 00 00 00 00 00 00 00 00 47 71 00 00 00 00 01 00 |Gq..| 0150 89 00 12 00 07 00 00 00 40 00 00 00 b6 08 67 46 |[EMAIL PROTECTED]| 0160 17 59 0c 00 00 fd 00 00 00 00 00 00 80 47 79 c0 |.Y...Gy.| 0170 00 00 00 00 57 31 00 00 e8 03 00 00 00 00 00 00 |W1..| 0180 2f 73 74 6f 72 61 67 65 00 4d 65 64 69 61 2f 41 |/storage.Media/A| 0190 75 64 69 6f 2f 4d 75 73 69 63 2f 41 6c 62 75 6d |udio/Music/Album| 01a0 73 2f 42 6c 69 6e 6b 20 31 38 32 2f 45 6e 65 6d |s/Blink 182/Enem| 01b0 61 20 6f 66 20 74 68 65 20 53 74 61 74 65 2f 30 |a of the State/0| 01c0 31 20 2d 20 42 6c 69 6e 6b 20 31 38 32 20 2d 20 |1 - Blink 182 - | 01d0 44 75 6d 70 77 65 65 64 2e 6d 70 33 00 20 56 65 |Dumpweed.mp3. Ve| 01e0 73 6b 69 20 2d 20 4c 6f 68 75 74 75 73 65 6b 73 |ski - Lohutuseks| 01f0 20 c3 9c 6d 62 65 72 20 4d 61 61 69 6c 6d 61 2e | ..mber Maailma.| 0200 6d 70 33 00 20 01 00 00 00 00 00 00 10 01 00 00 |mp3. ...| 0210 10 00 00 00 c9 00 00 00 41 92 47 41 ad de e1 fe |A.GA| 0220 00 fd 00 00 00 00 00 00 91 78 62 b8 00 00 00 00 |.xb.| 0230 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || 0240 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || * 0260 00 00 00 00 00 00 00 00 47 71 00 00 00 00 01 00 |Gq..| 0270 89 00 12 00 07 00 00 00 40 00 00 00 69 09 67 46 |[EMAIL PROTECTED]| 0280 bb 20 06 00 00 fd 00 00 00 00 00 00 91 78 62 b8 |. ...xb.| 0290 00 00 00 00 09 39 00 00 e8 03 00 00 00 00 00 00 |.9..| 02a0 2f 73 74 6f 72 61 67 65 00 4d 65 64 69 61 2f 41 |/storage.Media/A| 02b0 75 64 69 6f 2f 4d 75 73 69 63 2f 41 6c 62 75 6d |udio/Music/Album| 02c0 73 2f 4a 61 6d 65 73 20 42 6c 75 6e 74 2f 42 61 |s/James Blunt/Ba| 02d0 63 6b 20 74 6f 20 42 65 64 6c 61 6d 2f 30 31 20 |ck to Bedlam/01 | 02e0 2d 20 4a 61 6d 65 73 20 42 6c 75 6e 74 20 2d 20 |- James Blunt - | 02f0 48 69 67 68 2e 6d 70 33 00 41 6d 61 6e 64 61 20 |High.mp3.Amanda | 0300 4c 65 61 72 20 2d 20 45 6e 69 67 6d 61 20 28 47 |Lear - Enigma (G| 0310 69 76 65 20 41 20 42 69 74 20 6f 66 20 4d 6d 68 |ive A Bit of Mmh| 0320 20 74 6f 20 4d 65 29 2e 6d 70 33 00 28 01 00 00 | to Me).mp3.(...| 0330 00 00 00 00 f8 00 00 00 10 00 00 00 a9 00 00 00 || 0340 b1 83 9c 3f ad de e1 fe 00 fd 00 00 00 00 00 00 |...?| 0350 22 36 36 5a 00 00 00 00 01 00 00 00 00 00 00 00 |66Z| 0360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 || I myself cannot identify if these look like some filesystem journal entries or packets Samba made up when trying to reply to a CIFS dirlist, but perhaps someone else can. I can see that the music file paths listed above look combined -- as if the James Blunt entry overwrote the entry that was there before. My wild guess is that this was not the first time something out of the ordinary was written to these blocks. I had my torrent client download overnight, so parts of this so called corruption could've just occured throughout the night. Seemed that the kernel discovered the corruption after I started my second download in the morning. The music
Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
On 6/26/07, Asier Baranguán [EMAIL PROTECTED] wrote: El Martes, 26 de Junio de 2007 10:23, mikelOn escribió: add user script = /usr/sbin/smbldap-useradd -m %u If your users are Windows users you should add an '-a' here, and add the users with the '-a' flag. Like this: add user script = /usr/sbin/smbldap-useradd -m -a %u delete user script = /usr/sbin/smbldap-userdel -r %u add group script = /usr/sbin/smbldap-groupadd %g You should add '-a -p' here: add group script = /usr/sbin/smbldap-groupadd -m -a %g Thanks for the info. Perhaps I have that wrong too and that is the reason it fails causing me to have to do this manually on the linux side before the windows side. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
Just to make it clear that its not normal a system really need to have accounts created that way. I dont think is a good idea to call a workaround used on a system that someone didnt got it working properly (who knows why) as a solution, samba works very fine creating workstation accounts automatically when joining the clients and can even use accounts other than root trough privileges to join the client. The list has several posts about that and the samba documentation shows how to do that automatically and manually. But anyway if the user that asked simply said that its fine for him that way, and dropped the thread ... Regards. Edmundo Valle Neto mikelOn escreveu: Great!!! I have created a couple of machine accounts through the LAM utility and I have eventually been able to join the domain. Thank you very much for your help. John Drescher-2 wrote: I have had the same problem with a similar setup for at least 3 years. My solution is to create the account for the windows workstation either via the smbldap-useradd and the linux useradd commands or a gui wizard that does this for me. I currently use ldap-account-manager http://lam.sourceforge.net/ for as well as user management. And then after the account is created the windows add to domain boxes work. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
Asier Baranguán escreveu: El Martes, 26 de Junio de 2007 10:23, mikelOn escribió: add user script = /usr/sbin/smbldap-useradd -m %u If your users are Windows users you should add an '-a' here, and add the users with the '-a' flag. Like this: add user script = /usr/sbin/smbldap-useradd -m -a %u Not really, theres nothing wrong with that. If you use the User Manager windows application, the posix account is created and samba creates the rest. If you are using the shell, then yes, -a is needed (but typing it IN THE SHELL not inside smb.conf). You can consult the samba documentation or idealx documentation about setting those options. The difference is that with -a you will receive an error, but the user will be created anyway. delete user script = /usr/sbin/smbldap-userdel -r %u add group script = /usr/sbin/smbldap-groupadd %g You should add '-a -p' here: add group script = /usr/sbin/smbldap-groupadd -m -a %g Same thing. And I dont know what -m means to smbldap-groupadd script. P.S.: ¿Can it have anything to do with other stuff such as the DNS server? Perhaps yes... I have a Samba server with OpenLDAP acting as a PDC and we use dnsmasq as our DNS server. It's small, fast and deals very well with Samba and Windows clients. We use it also as DHCP server so all the machines have the correct IP, DNS server, WINS Server and so on. One question... the user mikelvm is a regular UNIX user or one added with the smbldap-useradd tool? Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
John Drescher escreveu: On 6/26/07, Asier Baranguán [EMAIL PROTECTED] wrote: El Martes, 26 de Junio de 2007 10:23, mikelOn escribió: add user script = /usr/sbin/smbldap-useradd -m %u If your users are Windows users you should add an '-a' here, and add the users with the '-a' flag. Like this: add user script = /usr/sbin/smbldap-useradd -m -a %u delete user script = /usr/sbin/smbldap-userdel -r %u add group script = /usr/sbin/smbldap-groupadd %g You should add '-a -p' here: add group script = /usr/sbin/smbldap-groupadd -m -a %g Thanks for the info. Perhaps I have that wrong too and that is the reason it fails causing me to have to do this manually on the linux side before the windows side. John If you are talking about your problem creating machine accounts, absolutely not. Machine accounts are created using the add machine script, not cited above. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba Digest, Vol 54, Issue 29
Hello, I am out of the office from Thursday June 14th until Tuesday June 26th. I will get back to you as soon as I can. Thanks, ~Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Samba-AD HowTo Was: RE: [Samba] Can't get single sign on to work after joining linux toan AD domain
Hi all, i've just gone through a fairly long and involved troubleshooting process trying to do something similar to the problem described below and just as a general observation, the documentation available for joining a Samba Server to an AD domain tends to be disjointed and difficult to find. The Samba By Example doesn't really mention Samba in an AD network at all and the Official HOWTO is useful but somewhat limited. Is there an effort underway to bring this all together in an AD HOWTO at all? i would be happy to lend my ignorance to any efforts in that direction as a pair of eyes with very little Samba knowledge behind them (i'm a Windows Admin by trade). i considered attempting to write it myself but i'm not sure that my experience would be sufficient to make a decent job of it. Perhaps someone from the Samba team could comment, or contact me regarding producing an AD integrated Samba HOWTO. As i said, i'm happy to provide what assistance i can or if required, to make the attempt on my own at least to get a first draft together. i'll warn you though, my drafts may be in MS Word format ;) Finally, if i'm missing some critical URL and the doco i'm after is just sitting there waiting for me to find it, would someone please point it out? Please? Cheers, m. Michael Cleghorn System Network Administrator Risk Management Technologies 5 Ventnor Avenue West Perth WA 6005 AUSTRALIA Tel: +61 8 9322 1711 Fax: +61 8 9322 1794 Web: www.rmt.com.au Please Note: The contents of this e-mail transmission are intended solely for the named recipients and may be confidential, privileged, or otherwise protected from disclosure in the public interest. The use, reproduction, disclosure, or distribution of the contents of this e-mail transmission by any person other than the named recipients is expressly prohibited. If you are not a named recipient please notify the sender immediately. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Henrik Zagerholm Sent: Wednesday, 27 June 2007 2:49 AM To: Justin Ehrlichman Cc: samba@lists.samba.org Subject: Re: [Samba] Can't get single sign on to work after joining linux toan AD domain First of all that guide is faulty as you need security = ADS and not Domain. I think you should look at the Samba By Example or the official How- To on samba.org If you then have problems/questions please post them here. Cheers, henrik 26 jun 2007 kl. 18:54 skrev Justin Ehrlichman: Hi all, I am trying to join PClinuxOS 2007 to an Active Directory domain, I was able to get it to join following a guide off of Linux Magazine's website. I can't post the URL because you need to be registered to view the article so I have taken the liberty of copying and pasting the article at the end of this message. Anyways what is happening is while I was able to get linux to join the domain, I am still unable to sign onto the linux box with one of the domain user accounts. When I do an wbinfo -g I am able to see all the domain groups. I am also able to view all the users using the -u switch. We are running Windows Server 2003 R2, I would post log files but I am not exactly sure where or what to look for. Here is the copy of the article as promised: /Listing One: smb.conf options for Winbind workgroup= MYWG security= Domain encrypt passwords= Yes password server= 192.168.1.1 winbind use default domain= Yes idmap uid= 2000-25000 idmap gid= 2000-25000 template shell= /bin/bash template homedir= /home/% U The first four lines in Listing One are fairly straightforward, and might appear on any Samba server on the network. They set the workgroup/domain name, tell Samba to use domain-level security, enable encrypted passwords, and specify the password server system (that is, the domain controller). The remaining lines in this listing set Winbind-specific options. *The idmap uid and idmap gid options set the range of UID and GID numbers that Winbind (its NSS components, specifically) may assign. These UID and GID values should not be used by local users, but you can change them from the values set in Listing One, if you like. These options are necessary because NT domain controllers don't maintain Linux-style UID and GID numbers, so Winbind must make these values up itself. *The template shell and template homedir options set the default shell and home directory. The %U in the latter option stands in for the username. As with idmap uid and idmap gid, these options are necessary because NT domain controllers don't maintain the information. While you've now told your Linux system how to find the domain controller and manage accounts, you must still join the domain --- that is, notify the domain controller about the new member. This can be done using the net command: # net join member --U adminuser When you type this command,
RE: [Samba] [Fwd: Problems with samba and windows 2000 professional]
Hi Frank, i have just been reading through recent posts and reading Mike Petersen's Notes when changing network IP Addresses and it occurs to me that you're like to be dealing with the same problem. XP and 2K deal with WINS resolution in subtly different ways. Worth looking at. And thanks Mike, your post has already helped, though not in the way you probably imagined :) Cheers, m. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Frank Thomas Sent: Wednesday, 27 June 2007 3:18 AM To: samba@lists.samba.org Subject: [Samba] [Fwd: Problems with samba and windows 2000 professional] Good day, I've posted this request again, as it got hijacked and probably ignored. I'm having issues with a small company with the following setup... 1. Windows 2003 active directory server (server.company.local) 2. samba 3.0.25 linux server (serve2.company.local) 3. windows xp and windows 2000 professional clients. All clients are part of the ads structure. What's happening is the client's running windows xp can access the samba shares with no issues what so ever, but the windows 2000 professional clients keep popping up an incorrect password window asking for a proper username and password to access the server and it's shares. Even if you enter a correct username, it rejects it. I see no errors with the linux/samba server tied to the domain. It just seems that I'm missing something in regards to the windows 2000 professional clients passing username/password info. I'm totally stuck at this point. Here is the config files from the linux/samba server. /etc/samba/smb.conf - [global] workgroup = company server string = Company File Server security = ads printcap name = /etc/printcap load printers = yes cups options = raw log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = no password server = SERVER realm = COMPANY.LOCAL encrypt passwords = yes winbind enum users = yes winbind enum groups = yes winbind separator = + idmap uid = 1-2 idmap gid = 1-2 log level = 10 # template shell = /bin/false ;[homes] ; comment = Home Directories ; browseable = no ; writable = yes ; template shell = /bin/false ; winbind use default domain = no [apps] comment = Application Share path = /home/samba/apps writeable = yes browseable = yes inherit acls = yes inherit permissions = yes create mask = 700 directory mask = 700 valid users =@COMPANY+Domain Users admin users =@COMPANY+Domain Admins [share] comment = Company Central Share path = /home/samba/share writeable = yes browseable = yes inherit acls = yes inherit permissions = yes create mask = 700 directory mask = 700 valid users =@COMPANY+Domain Users admin users =@COMPANY+Domain Admins [images] comment = Company Desktop image files path = /home/samba/images writeable = yes browseable = yes inherit acls = yes inherit permissions = yes create mask = 700 directory mask = 700 valid users =@COMPANY+Domain Users admin users =@COMPANY+Domain Admins /etc/krb5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = COMPANY.LOCAL dns_lookup_realm = false dns_lookup_kdc = true ticket_lifetime = 24h forwardable = yes [realms] COMPANY.LOCAL = { kdc = server.company.local admin_server = server.company.local default_domain = company.local } [domain_realm] .company.local = COMPANY.LOCAL company.local = COMPANY.LOCAL [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } - Thanks ahead of time. Frank Thomas Frank Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] URGENT! Windows Server 2003 SP2 broke samba
On Tuesday 26 June 2007 15:17, [EMAIL PROTECTED] wrote: Reading the How To Compile Samba leads me to this question. Must I compile Samba with AD support as described in that document in order for the Samba server to be able to have userids/passwords authenticated by a W2K3/SP2 AD? It is preferable to compile with LDAP and Kerberos support - not essential. I only need to be able to continue to provide access to users' Unix home directories from their PCs via a Windows login script that includes: net use s: \\sambasvr\username (where username is the same for both Unix and Windows). Gee! I wish I had seen this coming! Windows updates change key networking DLLs. The result if often a need for Samba to support new network operations. It is therefore a really good practice to keep your Samba up to date, add to that the security fixes etc. and it is an even more desirable practice to keep with the flow. In the absence of Samba updates you will almost certainly eventually experience client connectivity problems - time and circumstance have a way of doing that at the most inopportune moment. - John T. Charles -Original Message- From: John H Terpstra [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Mon, 25 Jun 2007 7:54 pm Subject: Re: [Samba] URGENT! Windows Server 2003 SP2 broke samba On Monday 25 June 2007 12:32, [EMAIL PROTECTED] wrote: After applying SP2 to our Windows Server 2003 domain controller, we are unable to access Samba Version 3.0.4 shared user diectories. Access fails with these message: unable to validate password for user USER in domain DOMAIN to Domain controller \\DOODAH. Error was NT_STATUS_ACCESS_DENIED. If no one has experienced and resolved this, how do I debug this situation? Thanks, in advance, for any help offered. Please update to the current version of Samba as soon as possible. The version you are using has many problems with Windows 2003/XP. The current version is 3.0.25a - yours dates back to around December 2003 - that is very old, out of date, and will not work with SP2 or later. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. =0 Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. =0 -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. pgp6hKggOc1bA.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Samba-AD HowTo Was: RE: [Samba] Can't get single sign on to work after joining linux toan AD domain
I am the author of Samba3-ByExample - so I'll take the bait. On Tuesday 26 June 2007 20:25, Address for list subcriptions wrote: Hi all, i've just gone through a fairly long and involved troubleshooting process trying to do something similar to the problem described below and just as a general observation, the documentation available for joining a Samba Server to an AD domain tends to be disjointed and difficult to find. The Samba By Example doesn't really mention Samba in an AD network at all OK. That suprises me greatly. The second edition - chapter 7, section 7.3.4 deal specifically with that. What makes you think it does not? and the Official HOWTO is useful but somewhat limited. Is there an effort underway to bring this all together in an AD HOWTO at all? You offer to help fix this is most appreciated. Please send me your patches. i would be happy to lend my ignorance to any efforts in that direction as a pair of eyes with very little Samba knowledge behind them (i'm a Windows Admin by trade). i considered attempting to write it myself but i'm not sure that my experience would be sufficient to make a decent job of it. If nothing else, it will help you to articulate your problem so that we can understand what may be missing from the current documentation. Perhaps someone from the Samba team could comment, or contact me regarding producing an AD integrated Samba HOWTO. As i said, i'm happy to provide what assistance i can or if required, to make the attempt on my own at least to get a first draft together. i'll warn you though, my drafts may be in MS Word format ;) Yuck! What a sordid choice! Not even OpenOffice? ;-) Finally, if i'm missing some critical URL and the doco i'm after is just sitting there waiting for me to find it, would someone please point it out? Please? I thought I did. - John T. Cheers, m. Michael Cleghorn System Network Administrator Risk Management Technologies 5 Ventnor Avenue West Perth WA 6005 AUSTRALIA Tel: +61 8 9322 1711 Fax: +61 8 9322 1794 Web: www.rmt.com.au Please Note: The contents of this e-mail transmission are intended solely for the named recipients and may be confidential, privileged, or otherwise protected from disclosure in the public interest. The use, reproduction, disclosure, or distribution of the contents of this e-mail transmission by any person other than the named recipients is expressly prohibited. If you are not a named recipient please notify the sender immediately. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Henrik Zagerholm Sent: Wednesday, 27 June 2007 2:49 AM To: Justin Ehrlichman Cc: samba@lists.samba.org Subject: Re: [Samba] Can't get single sign on to work after joining linux toan AD domain First of all that guide is faulty as you need security = ADS and not Domain. I think you should look at the Samba By Example or the official How- To on samba.org If you then have problems/questions please post them here. Cheers, henrik 26 jun 2007 kl. 18:54 skrev Justin Ehrlichman: Hi all, I am trying to join PClinuxOS 2007 to an Active Directory domain, I was able to get it to join following a guide off of Linux Magazine's website. I can't post the URL because you need to be registered to view the article so I have taken the liberty of copying and pasting the article at the end of this message. Anyways what is happening is while I was able to get linux to join the domain, I am still unable to sign onto the linux box with one of the domain user accounts. When I do an wbinfo -g I am able to see all the domain groups. I am also able to view all the users using the -u switch. We are running Windows Server 2003 R2, I would post log files but I am not exactly sure where or what to look for. Here is the copy of the article as promised: /Listing One: smb.conf options for Winbind workgroup= MYWG security= Domain encrypt passwords= Yes password server= 192.168.1.1 winbind use default domain= Yes idmap uid= 2000-25000 idmap gid= 2000-25000 template shell= /bin/bash template homedir= /home/% U The first four lines in Listing One are fairly straightforward, and might appear on any Samba server on the network. They set the workgroup/domain name, tell Samba to use domain-level security, enable encrypted passwords, and specify the password server system (that is, the domain controller). The remaining lines in this listing set Winbind-specific options. *The idmap uid and idmap gid options set the range of UID and GID numbers that Winbind (its NSS components, specifically) may assign. These UID and GID values should not be used by local users, but you can change them from the values set in Listing One, if you like. These options are necessary because NT domain controllers don't maintain Linux-style UID and GID numbers, so Winbind must make
Re: [Samba] Samba and LDAP: Trouble adding Win XP machines to the domain
If you are talking about your problem creating machine accounts, absolutely not. Machine accounts are created using the add machine script, not cited above. Thanks. It looks like I did not read that clearly. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: Samba-AD HowTo Was: RE: [Samba] Can't get single sign on to workafter joining linux toan AD domain
For everyone else's reference, John just gave me a call and issued a challenge to put my money where my (big) mouth is. So i'll be doing some work on the documentation in the next little while, specifically to do with adding Samba member servers to an AD infrastructure. If you have troubleshooting tips you picked up, or suggestions of things that need to be included, please let me know. We shall see if i have bitten off more than i can chew :) i would also like to thank John publicly for the care that he obviously takes to make sure that the Samba experience is a pleasant one for the rest of us n00bs. Cheers, m. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John H Terpstra Sent: Wednesday, 27 June 2007 11:34 AM To: samba@lists.samba.org Subject: Re: Samba-AD HowTo Was: RE: [Samba] Can't get single sign on to workafter joining linux toan AD domain I am the author of Samba3-ByExample - so I'll take the bait. On Tuesday 26 June 2007 20:25, Address for list subcriptions wrote: Hi all, i've just gone through a fairly long and involved troubleshooting process trying to do something similar to the problem described below and just as a general observation, the documentation available for joining a Samba Server to an AD domain tends to be disjointed and difficult to find. The Samba By Example doesn't really mention Samba in an AD network at all OK. That suprises me greatly. The second edition - chapter 7, section 7.3.4 deal specifically with that. What makes you think it does not? and the Official HOWTO is useful but somewhat limited. Is there an effort underway to bring this all together in an AD HOWTO at all? You offer to help fix this is most appreciated. Please send me your patches. i would be happy to lend my ignorance to any efforts in that direction as a pair of eyes with very little Samba knowledge behind them (i'm a Windows Admin by trade). i considered attempting to write it myself but i'm not sure that my experience would be sufficient to make a decent job of it. If nothing else, it will help you to articulate your problem so that we can understand what may be missing from the current documentation. Perhaps someone from the Samba team could comment, or contact me regarding producing an AD integrated Samba HOWTO. As i said, i'm happy to provide what assistance i can or if required, to make the attempt on my own at least to get a first draft together. i'll warn you though, my drafts may be in MS Word format ;) Yuck! What a sordid choice! Not even OpenOffice? ;-) Finally, if i'm missing some critical URL and the doco i'm after is just sitting there waiting for me to find it, would someone please point it out? Please? I thought I did. - John T. Cheers, m. Michael Cleghorn System Network Administrator Risk Management Technologies 5 Ventnor Avenue West Perth WA 6005 AUSTRALIA Tel: +61 8 9322 1711 Fax: +61 8 9322 1794 Web: www.rmt.com.au Please Note: The contents of this e-mail transmission are intended solely for the named recipients and may be confidential, privileged, or otherwise protected from disclosure in the public interest. The use, reproduction, disclosure, or distribution of the contents of this e-mail transmission by any person other than the named recipients is expressly prohibited. If you are not a named recipient please notify the sender immediately. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Henrik Zagerholm Sent: Wednesday, 27 June 2007 2:49 AM To: Justin Ehrlichman Cc: samba@lists.samba.org Subject: Re: [Samba] Can't get single sign on to work after joining linux toan AD domain First of all that guide is faulty as you need security = ADS and not Domain. I think you should look at the Samba By Example or the official How- To on samba.org If you then have problems/questions please post them here. Cheers, henrik 26 jun 2007 kl. 18:54 skrev Justin Ehrlichman: Hi all, I am trying to join PClinuxOS 2007 to an Active Directory domain, I was able to get it to join following a guide off of Linux Magazine's website. I can't post the URL because you need to be registered to view the article so I have taken the liberty of copying and pasting the article at the end of this message. Anyways what is happening is while I was able to get linux to join the domain, I am still unable to sign onto the linux box with one of the domain user accounts. When I do an wbinfo -g I am able to see all the domain groups. I am also able to view all the users using the -u switch. We are running Windows Server 2003 R2, I would post log files but I am not exactly sure where or what to look for. Here is the copy of the article as promised: /Listing One: smb.conf options for Winbind workgroup= MYWG security= Domain encrypt passwords= Yes password server= 192.168.1.1 winbind use
Samba 3.0.25b Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == I feel like an Appalachian miner that just found a new vein of coal! -- Jeremy Allison after finding a new set of NTSTATUS codes returned by NTcreateX. == Release Announcements = This is the third production release of the Samba 3.0.25 code base and is the version that servers should be run for for all current bug fixes. Major bug fixes included in Samba 3.0.25b are: o Offline caching of files with Windows XP/Vista clients. o Improper cleanup of expired or invalid byte range locks on files. o Crashes is idmap_ldap and idmap_rid. Changes to 'net idmap dump' === A change in command line syntax and behavior was introduced in the 3.0.25 release series where the command $ net idmap dump /.../path/to/idmap.tdb would overwrite the tdb instead of dumping its contents to standard output as was the case in releases prior to Samba 3.0.25. The changed has been reverted in 3.0.25b and the semantics from 3.0.24 and earlier releases have been restored. Download Details The uncompressed tarballs and patch files have been signed using GnuPG (ID 6568B7EA). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.25b.html Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGgXXJIR7qMdg1EfYRAgpTAKCSqJwc9NLNTIbkqX65K3DQ9Bd21gCgm45g nFn+43T9rYxA21ys5tq2TF8= =4EAe -END PGP SIGNATURE-
svn commit: samba r23605 - in branches/SAMBA_4_0/source/script: .
Author: kai Date: 2007-06-26 06:04:14 + (Tue, 26 Jun 2007) New Revision: 23605 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23605 Log: Update mkversion.sh to support git and git-svn checkouts. Jerry, did I get you right that you'll merge this to 3_0 yourself? Kai Modified: branches/SAMBA_4_0/source/script/mkversion.sh Changeset: Modified: branches/SAMBA_4_0/source/script/mkversion.sh === --- branches/SAMBA_4_0/source/script/mkversion.sh 2007-06-26 05:08:50 UTC (rev 23604) +++ branches/SAMBA_4_0/source/script/mkversion.sh 2007-06-26 06:04:14 UTC (rev 23605) @@ -104,6 +104,18 @@ TMP_CLEAN_TREE=`echo -e ${BZR_INFO} | grep 'clean:' |sed -e 's/clean: \([a-zA-Z]*\).*/\1/'` fi +if test x${HAVEVER} != xyes;then + HAVEGIT=no +GIT_INFO=`git show --abbrev-commit HEAD 2/dev/null` + TMP_REVISION=`echo -e ${GIT_INFO} | grep 'commit ' |sed -e 's/commit \([0-9a-f]*\).*/\1/'` + if test -n $TMP_REVISION;then + HAVEGIT=yes +HAVEVER=yes + fi + TMP_MIRRORED_REVISION=`echo -e ${GIT_INFO} | grep 'git-svn-id' |sed -e 's#^[ ^t]*git-svn-id: svn+ssh://svn.samba.org/data/svn/samba/branches/\(SAMBA_[34]_[0-9]\(_[0-9]\+\)[EMAIL PROTECTED]).*#\1#'` +fi + + if test x${HAVESVN} = xyes;then SAMBA_VERSION_STRING=${SAMBA_VERSION_STRING}-SVN-build-${TMP_REVISION} echo #define SAMBA_VERSION_SVN_REVISION ${TMP_REVISION} $OUTPUT_FILE @@ -130,6 +142,14 @@ fi SAMBA_VERSION_STRING=${SAMBA_VERSION_STRING}-BZR-${TMP_BZR_REVISION_STR} +elif test x${HAVEGIT} = xyes;then + TMP_GIT_REVISION_STR=${TMP_REVISION} + + if test -n $TMP_MIRRORED_REVISION; then + TMP_GIT_REVISION_STR=${TMP_GIT_REVISION_STR}-[SVN-${TMP_MIRRORED_REVISION}] + fi + + SAMBA_VERSION_STRING=${SAMBA_VERSION_STRING}-GIT-${TMP_GIT_REVISION_STR} else SAMBA_VERSION_STRING=${SAMBA_VERSION_STRING}-SVN-build-UNKNOWN fi
svn commit: samba-docs r1128 - in trunk: manpages-3 smbdotconf/misc
Author: obnox Date: 2007-06-26 08:11:40 + (Tue, 26 Jun 2007) New Revision: 1128 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1128 Log: Fix a couple of tags. It is a little cumbersome for me to debug my manpage-sourcecode since I can only see useful output once It is on http://samba.org/~samba-bugs/docs/ ... :-/ (I have not yet come across a system that can produce readable manpage output from the source.) Michael Modified: trunk/manpages-3/smb.conf.5.xml trunk/smbdotconf/misc/include.xml trunk/smbdotconf/misc/registryshares.xml Changeset: Modified: trunk/manpages-3/smb.conf.5.xml === --- trunk/manpages-3/smb.conf.5.xml 2007-06-22 22:44:13 UTC (rev 1127) +++ trunk/manpages-3/smb.conf.5.xml 2007-06-26 08:11:40 UTC (rev 1128) @@ -724,17 +724,18 @@ listitemparaShare definitions stored in registry are used. This is triggered by setting the global parameter parameterregistry shares/parameter to - termyes/term in termsmb.conf/term. + quoteyes/quote in emphasissmb.conf/emphasis. /para - paraNote: Shares defined in termsmb.conf/term always take priority over + + paraNote: Shares defined in emphasissmb.conf/emphasis always take priority over shares of the same name defined in registry. /para/listitem - listitemparaGlobal termsmb.conf/term options stored in + listitemparaGlobal emphasissmb.conf/emphasis options stored in registry are used. This is triggered by a new special meaning of the - parameter parameterinclude = registry/parameter in - the [global] section of termsmb.conf/term. + parameter smbconfoption name=includeregistry/smbconfoption in + the [global] section of emphasissmb.conf/emphasis. This reads the content of the global configuration section from the regsitry and includes the result with the same priorities as @@ -746,7 +747,7 @@ para Even when global registry options are used, the initial source of - configuration is still the termsmb.conf/term file. + configuration is still the emphasissmb.conf/emphasis file. It is this possible though, to produce a registry-only configuration with a minimal configuration file like this: programlisting @@ -755,8 +756,10 @@ /programlisting This is also currently the only supported configuration with global registry options activated. More precisely, it is only supported to - specify options in termsmb.conf/term emphbefore/emph the - occurrence of parameterinclude = registry/parameter. + specify options in emphasissmb.conf/emphasis + emphasisbefore/emphasis the + occurrence of + smbconfoption name=includeregistry/smbconfoption. /para para @@ -769,22 +772,24 @@ do not see the configuration they loaded once it is active. This phenomenon can of course also be triggered by specifying parameterlock directory/parameter after the - parameterinclude = registry/parameter directive. This is why + smbconfoption name=includeregistry/smbconfoption directive. + This is why this type of configuration is classified unsupported above. /para para The registry configuration can be accessed with - tools like termregedit/term or termnet rpc - registry/term in the key - termHKLM\Software\Samba\smbconf/term. + tools like emphasisregedit/emphasis or emphasisnet rpc + registry/emphasis in the key + emphasisliteralHKLM\Software\Samba\smbconf/literal/emphasis. - More conveniently, the termconf/term subcommand of the + More conveniently, the emphasisconf/emphasis subcommand of the citerefentryrefentrytitlenet/refentrytitle manvolnum7/manvolnum/citerefentry utility offers a dedicated interface to read and write the registry based configuration locally, i.e. directly - on the server. + accessing the database file, circumventing the + server. /para /refsect1 Modified: trunk/smbdotconf/misc/include.xml === --- trunk/smbdotconf/misc/include.xml 2007-06-22 22:44:13 UTC (rev 1127) +++ trunk/smbdotconf/misc/include.xml 2007-06-26 08:11:40 UTC (rev 1128) @@ -15,9 +15,10 @@ /para
Re: svn commit: samba-docs r1128 - in trunk: manpages-3 smbdotconf/misc
[EMAIL PROTECTED] пишет: Author: obnox Date: 2007-06-26 08:11:40 + (Tue, 26 Jun 2007) New Revision: 1128 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1128 Log: Fix a couple of tags. It is a little cumbersome for me to debug my manpage-sourcecode since I can only see useful output once It is on http://samba.org/~samba-bugs/docs/ ... :-/ (I have not yet come across a system that can produce readable manpage output from the source.) A regular Ubuntu setup should be OK to generate manpages from our documentation build system. -- / Alexander Bokovoy Samba Team http://www.samba.org/ ALT Linux Team http://www.altlinux.org/ Midgard Project Ry http://www.midgard-project.org/
svn commit: lorikeet r758 - in trunk/heimdal: . doc kdc lib/hx509 lib/krb5 lib/ntlm tests tests/gss tests/kdc
Author: lha Date: 2007-06-26 08:54:28 + (Tue, 26 Jun 2007) New Revision: 758 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=758 Log: Merged with Heimdal svn revision 21323 Added: trunk/heimdal/lib/hx509/version-script.map Modified: trunk/heimdal/ChangeLog trunk/heimdal/doc/setup.texi trunk/heimdal/kdc/default_config.c trunk/heimdal/kdc/kdc.h trunk/heimdal/kdc/krb5tgs.c trunk/heimdal/kdc/pkinit.c trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/Makefile.am trunk/heimdal/lib/hx509/cert.c trunk/heimdal/lib/hx509/cms.c trunk/heimdal/lib/hx509/crypto.c trunk/heimdal/lib/hx509/file.c trunk/heimdal/lib/hx509/hx509.h trunk/heimdal/lib/hx509/hxtool-commands.in trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/ks_file.c trunk/heimdal/lib/hx509/test_ca.in trunk/heimdal/lib/hx509/test_cert.in trunk/heimdal/lib/hx509/test_chain.in trunk/heimdal/lib/hx509/test_cms.in trunk/heimdal/lib/krb5/pkinit.c trunk/heimdal/lib/krb5/principal.c trunk/heimdal/lib/ntlm/ntlm.c trunk/heimdal/tests/ChangeLog trunk/heimdal/tests/gss/check-context.in trunk/heimdal/tests/kdc/check-referral.in Changeset: Sorry, the patch is too large (2711 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=758
svn commit: samba r23606 - in branches: SAMBA_3_0/source/script SAMBA_3_0_26/source/script
Author: kai Date: 2007-06-26 09:10:30 + (Tue, 26 Jun 2007) New Revision: 23606 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23606 Log: Merge Samba4 mkversion.sh to Samba3. Modified: branches/SAMBA_3_0/source/script/mkversion.sh branches/SAMBA_3_0_26/source/script/mkversion.sh Changeset: Modified: branches/SAMBA_3_0/source/script/mkversion.sh === --- branches/SAMBA_3_0/source/script/mkversion.sh 2007-06-26 06:04:14 UTC (rev 23605) +++ branches/SAMBA_3_0/source/script/mkversion.sh 2007-06-26 09:10:30 UTC (rev 23606) @@ -16,12 +16,19 @@ SAMBA_VERSION_MAJOR=`sed -n 's/^SAMBA_VERSION_MAJOR=//p' $SOURCE_DIR$VERSION_FILE` SAMBA_VERSION_MINOR=`sed -n 's/^SAMBA_VERSION_MINOR=//p' $SOURCE_DIR$VERSION_FILE` SAMBA_VERSION_RELEASE=`sed -n 's/^SAMBA_VERSION_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` + SAMBA_VERSION_REVISION=`sed -n 's/^SAMBA_VERSION_REVISION=//p' $SOURCE_DIR$VERSION_FILE` + +SAMBA_VERSION_TP_RELEASE=`sed -n 's/^SAMBA_VERSION_TP_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` SAMBA_VERSION_PRE_RELEASE=`sed -n 's/^SAMBA_VERSION_PRE_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` SAMBA_VERSION_RC_RELEASE=`sed -n 's/^SAMBA_VERSION_RC_RELEASE=//p' $SOURCE_DIR$VERSION_FILE` + SAMBA_VERSION_IS_SVN_SNAPSHOT=`sed -n 's/^SAMBA_VERSION_IS_SVN_SNAPSHOT=//p' $SOURCE_DIR$VERSION_FILE` + +SAMBA_VERSION_RELEASE_NICKNAME=`sed -n 's/^SAMBA_VERSION_RELEASE_NICKNAME=//p' $SOURCE_DIR$VERSION_FILE` + SAMBA_VERSION_VENDOR_SUFFIX=`sed -n 's/^SAMBA_VERSION_VENDOR_SUFFIX=//p' $SOURCE_DIR$VERSION_FILE` -SAMBA_VENDOR_PATCH=`sed -n 's/^SAMBA_VENDOR_PATCH=//p' $SOURCE_DIR$VERSION_FILE` +SAMBA_VERSION_VENDOR_PATCH=`sed -n 's/^SAMBA_VERSION_VENDOR_PATCH=//p' $SOURCE_DIR$VERSION_FILE` echo /* Autogenerated by script/mkversion.sh */ $OUTPUT_FILE @@ -37,12 +44,15 @@ ## -## maybe add 3.0.22a or 3.0.22pre1 or 3.0.22rc1 +## maybe add 3.0.22a or 4.0.0tp11 or 3.0.22pre1 or 3.0.22rc1 ## We do not do pre or rc version on patch/letter releases ## if test -n ${SAMBA_VERSION_REVISION};then SAMBA_VERSION_STRING=${SAMBA_VERSION_STRING}${SAMBA_VERSION_REVISION} echo #define SAMBA_VERSION_REVISION \${SAMBA_VERSION_REVISION}\ $OUTPUT_FILE +elif test -n ${SAMBA_VERSION_TP_RELEASE};then +SAMBA_VERSION_STRING=${SAMBA_VERSION_STRING}tp${SAMBA_VERSION_TP_RELEASE} +echo #define SAMBA_VERSION_TP_RELEASE ${SAMBA_VERSION_TP_RELEASE} $OUTPUT_FILE elif test -n ${SAMBA_VERSION_PRE_RELEASE};then ## maybe add 3.0.22pre2 SAMBA_VERSION_STRING=${SAMBA_VERSION_STRING}pre${SAMBA_VERSION_PRE_RELEASE} @@ -53,70 +63,123 @@ fi ## -## Add the vendor string if present -## -if test -n ${SAMBA_VERSION_VENDOR_SUFFIX};then -echo #define SAMBA_VERSION_VENDOR_SUFFIX ${SAMBA_VERSION_VENDOR_SUFFIX} $OUTPUT_FILE -if test -n ${SAMBA_VENDOR_PATCH};then -echo #define SAMBA_VENDOR_PATCH ${SAMBA_VENDOR_PATCH} $OUTPUT_FILE -fi -fi - - - -## ## SVN revision number? ## if test x${SAMBA_VERSION_IS_SVN_SNAPSHOT} = xyes;then _SAVE_LANG=${LANG} LANG= -HAVESVN=no -svn info ${SOURCE_DIR} /dev/null 21 HAVESVN=yes -TMP_REVISION=`(svn info ${SOURCE_DIR} 2/dev/null || svk info ${SOURCE_DIR} 2/dev/null) |grep 'Last Changed Rev.*:' |sed -e 's/Last Changed Rev.*: \([0-9]*\).*/\1/'` -if test x${HAVESVN} = xno;then +HAVEVER=no + +if test x${HAVEVER} != xyes;then + HAVESVN=no + SVN_INFO=`svn info ${SOURCE_DIR} 2/dev/null` + TMP_REVISION=`echo -e ${SVN_INFO} | grep 'Last Changed Rev.*:' |sed -e 's/Last Changed Rev.*: \([0-9]*\).*/\1/'` + if test -n $TMP_REVISION; then + HAVESVN=yes + HAVEVER=yes + fi +fi + +if test x${HAVEVER} != xyes;then HAVESVK=no - svk info ${SOURCE_DIR} /dev/null 21 HAVESVK=yes - TMP_MIRRORED_REVISION=`(svk info ${SOURCE_DIR} 2/dev/null) |grep 'Mirrored From:.*samba\.org.*' |sed -e 's/Mirrored From: .* Rev\..* \([0-9]*\).*/\1/'` + SVK_INFO=`svk info ${SOURCE_DIR} 2/dev/null` + TMP_REVISION=`echo -e ${SVK_INFO} | grep 'Last Changed Rev.*:' |sed -e 's/Last Changed Rev.*: \([0-9]*\).*/\1/'` + if test -n $TMP_REVISION; then + HAVESVK=yes + HAVEVER=yes + fi + TMP_MIRRORED_REVISION=`echo -e ${SVK_INFO} | grep 'Mirrored From:.*samba\.org.*' |sed -e 's/Mirrored From: .* Rev\..* \([0-9]*\).*/\1/'` +fi + +if test x${HAVEVER} != xyes;then + HAVEBZR=no + BZR_INFO=`bzr version-info --check-clean ${SOURCE_DIR} 2/dev/null` + TMP_REVISION=`echo -e ${BZR_INFO} | grep 'revno:' |sed -e 's/revno: \([0-9]*\).*/\1/'` + if test -n $TMP_REVISION; then + HAVEBZR=yes + HAVEVER=yes + fi + TMP_MIRRORED_REVISION=`echo -e ${BZR_INFO} | grep 'revision-id: svn-v1:[EMAIL PROTECTED]' |sed -e 's/revision-id: svn-v1:\([0-9]*\)@0c0555d6-39d7-0310-84fc-f1cc0bd64818.*/\1/'` +
svn commit: samba r23607 - in branches: SAMBA_3_0/source SAMBA_3_0/source/include SAMBA_3_0/source/libads SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source SAMBA_3_0_26/source/include SAMBA_3_0_26/source/
Author: gd Date: 2007-06-26 09:15:37 + (Tue, 26 Jun 2007) New Revision: 23607 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23607 Log: Add legacy support for Services for Unix (SFU) 2.0. Guenther Modified: branches/SAMBA_3_0/source/Makefile.in branches/SAMBA_3_0/source/include/ads.h branches/SAMBA_3_0/source/libads/ldap_schema.c branches/SAMBA_3_0/source/nsswitch/idmap_ad.c branches/SAMBA_3_0_26/source/Makefile.in branches/SAMBA_3_0_26/source/include/ads.h branches/SAMBA_3_0_26/source/libads/ldap_schema.c branches/SAMBA_3_0_26/source/nsswitch/idmap_ad.c Changeset: Sorry, the patch is too large (597 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23607
Re: svn commit: samba-docs r1128 - in trunk: manpages-3 smbdotconf/misc
On Tue, Jun 26, 2007 at 12:23:41PM +0400, Alexander Bokovoy wrote: [EMAIL PROTECTED] пишет: Author: obnox Date: 2007-06-26 08:11:40 + (Tue, 26 Jun 2007) New Revision: 1128 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1128 Log: Fix a couple of tags. It is a little cumbersome for me to debug my manpage-sourcecode since I can only see useful output once It is on http://samba.org/~samba-bugs/docs/ ... :-/ (I have not yet come across a system that can produce readable manpage output from the source.) A regular Ubuntu setup should be OK to generate manpages from our documentation build system. Ok thanks, I will try that! (And maybe see, what is the problem on all the debian and suse systems i tried... :-) Michael -- Michael Adam [EMAIL PROTECTED] SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE
svn commit: samba r23608 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: gd Date: 2007-06-26 09:41:14 + (Tue, 26 Jun 2007) New Revision: 23608 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23608 Log: Just inline comment cosmetics. Guenther Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ad.c branches/SAMBA_3_0_26/source/nsswitch/idmap_ad.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-06-26 09:15:37 UTC (rev 23607) +++ branches/SAMBA_3_0/source/nsswitch/idmap_ad.c 2007-06-26 09:41:14 UTC (rev 23608) @@ -680,7 +680,7 @@ */ / - Initialize the {sfu,rfc2307} state + Initialize the {sfu,sfu20,rfc2307} state ***/ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) @@ -701,10 +701,6 @@ return NT_STATUS_OK; } -/ - Initialize the {sfu,rfc2307} state - ***/ - static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) { /* Sanity check if we have previously been called with a @@ -722,6 +718,7 @@ return NT_STATUS_OK; } + static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) { /* Sanity check if we have previously been called with a Modified: branches/SAMBA_3_0_26/source/nsswitch/idmap_ad.c === --- branches/SAMBA_3_0_26/source/nsswitch/idmap_ad.c2007-06-26 09:15:37 UTC (rev 23607) +++ branches/SAMBA_3_0_26/source/nsswitch/idmap_ad.c2007-06-26 09:41:14 UTC (rev 23608) @@ -680,7 +680,7 @@ */ / - Initialize the {sfu,rfc2307} state + Initialize the {sfu,sfu20,rfc2307} state ***/ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) @@ -701,10 +701,6 @@ return NT_STATUS_OK; } -/ - Initialize the {sfu,rfc2307} state - ***/ - static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) { /* Sanity check if we have previously been called with a @@ -722,6 +718,7 @@ return NT_STATUS_OK; } + static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) { /* Sanity check if we have previously been called with a
svn commit: samba r23609 - in branches: SAMBA_3_0/source/libsmb SAMBA_3_0_26/source/libsmb
Author: gd Date: 2007-06-26 10:19:06 + (Tue, 26 Jun 2007) New Revision: 23609 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23609 Log: Removing more redundant codepaths out of smb_krb5_renew_ticket(). Thanks Volker for the pointer hint :) Guenther Modified: branches/SAMBA_3_0/source/libsmb/clikrb5.c branches/SAMBA_3_0_26/source/libsmb/clikrb5.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clikrb5.c === --- branches/SAMBA_3_0/source/libsmb/clikrb5.c 2007-06-26 09:41:14 UTC (rev 23608) +++ branches/SAMBA_3_0/source/libsmb/clikrb5.c 2007-06-26 10:19:06 UTC (rev 23609) @@ -1140,7 +1140,11 @@ krb5_context context = NULL; krb5_ccache ccache = NULL; krb5_principal client = NULL; + krb5_creds creds, creds_in, *creds_out = NULL; + ZERO_STRUCT(creds); + ZERO_STRUCT(creds_in); + initialize_krb5_error_table(); ret = krb5_init_context(context); if (ret) { @@ -1178,39 +1182,17 @@ #ifdef HAVE_KRB5_GET_RENEWED_CREDS /* MIT */ { - krb5_creds creds; - - ZERO_STRUCT(creds); - ret = krb5_get_renewed_creds(context, creds, client, ccache, CONST_DISCARD(char *, service_string)); if (ret) { DEBUG(10,(smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n, error_message(ret))); goto done; } - - /* hm, doesn't that create a new one if the old one wasn't there? - Guenther */ - ret = krb5_cc_initialize(context, ccache, client); - if (ret) { - goto done; - } - - ret = krb5_cc_store_cred(context, ccache, creds); - - if (expire_time) { - *expire_time = (time_t) creds.times.endtime; - } - - krb5_free_cred_contents(context, creds); } #elif defined(HAVE_KRB5_GET_KDC_CRED) /* Heimdal */ { krb5_kdc_flags flags; - krb5_creds creds_in; - krb5_realm *client_realm; - krb5_creds *creds; + krb5_realm *client_realm = NULL; - ZERO_STRUCT(creds_in); - ret = krb5_copy_principal(context, client, creds_in.client); if (ret) { goto done; @@ -1237,33 +1219,39 @@ flags.i = 0; flags.b.renewable = flags.b.renew = True; - ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, creds_in, creds); + ret = krb5_get_kdc_cred(context, ccache, flags, NULL, NULL, creds_in, creds_out); if (ret) { DEBUG(10,(smb_krb5_renew_ticket: krb5_get_kdc_cred failed: %s\n, error_message(ret))); goto done; } - - /* hm, doesn't that create a new one if the old one wasn't there? - Guenther */ - ret = krb5_cc_initialize(context, ccache, creds_in.client); - if (ret) { - goto done; - } - - ret = krb5_cc_store_cred(context, ccache, creds); - if (expire_time) { - *expire_time = (time_t) creds-times.endtime; - } - - krb5_free_cred_contents(context, creds_in); - krb5_free_creds(context, creds); + creds = *creds_out; } #else #error NO_SUITABLE_KRB5_TICKET_RENEW_FUNCTION_AVAILABLE #endif + /* hm, doesn't that create a new one if the old one wasn't there? - Guenther */ + ret = krb5_cc_initialize(context, ccache, client); + if (ret) { + goto done; + } + + ret = krb5_cc_store_cred(context, ccache, creds); + if (expire_time) { + *expire_time = (time_t) creds.times.endtime; + } + done: + krb5_free_cred_contents(context, creds_in); + + if (creds_out) { + krb5_free_creds(context, creds_out); + } else { + krb5_free_cred_contents(context, creds); + } + if (client) { krb5_free_principal(context, client); } Modified: branches/SAMBA_3_0_26/source/libsmb/clikrb5.c === --- branches/SAMBA_3_0_26/source/libsmb/clikrb5.c 2007-06-26 09:41:14 UTC (rev 23608) +++ branches/SAMBA_3_0_26/source/libsmb/clikrb5.c 2007-06-26 10:19:06 UTC (rev 23609) @@ -1140,7 +1140,11 @@ krb5_context context = NULL; krb5_ccache ccache = NULL; krb5_principal client = NULL; + krb5_creds creds, creds_in, *creds_out = NULL; + ZERO_STRUCT(creds); + ZERO_STRUCT(creds_in); +
svn commit: lorikeet r759 - in trunk/heimdal/lib/hx509: .
Author: lha Date: 2007-06-26 10:27:40 + (Tue, 26 Jun 2007) New Revision: 759 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=759 Log: Merged with Heimdal svn revision 21325 Modified: trunk/heimdal/lib/hx509/version-script.map Changeset: Modified: trunk/heimdal/lib/hx509/version-script.map === --- trunk/heimdal/lib/hx509/version-script.map 2007-06-26 08:54:28 UTC (rev 758) +++ trunk/heimdal/lib/hx509/version-script.map 2007-06-26 10:27:40 UTC (rev 759) @@ -33,7 +33,7 @@ hx509_cert_find_subjectAltName_otherName; hx509_cert_free; hx509_cert_get_SPKI; - hx509_cert_attribute + hx509_cert_attribute; hx509_cert_get_attribute; hx509_cert_get_base_subject; hx509_cert_get_friendly_name; @@ -45,7 +45,7 @@ hx509_cert_init; hx509_cert_init_data; hx509_cert_keyusage_print; - hx509_cert + hx509_cert; hx509_cert_ref; hx509_cert_set_friendly_name; hx509_certs_add;
svn commit: lorikeet r760 - in trunk/heimdal: . lib/hx509 lib/krb5
Author: lha Date: 2007-06-26 11:15:08 + (Tue, 26 Jun 2007) New Revision: 760 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=760 Log: Merged with Heimdal svn revision 21332 Modified: trunk/heimdal/ChangeLog trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/version-script.map trunk/heimdal/lib/krb5/get_cred.c trunk/heimdal/lib/krb5/krb5_get_credentials.3 Changeset: Modified: trunk/heimdal/ChangeLog === --- trunk/heimdal/ChangeLog 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/ChangeLog 2007-06-26 11:15:08 UTC (rev 760) @@ -1,3 +1,11 @@ +2007-06-26 Love H�rnquist �strand [EMAIL PROTECTED] + + * lib/krb5/get_cred.c: Add krb5_get_renewed_creds. + + * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds + + * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo. + 2007-06-25 Love H�rnquist �strand [EMAIL PROTECTED] * doc/setup.texi: Add example for pkinit_win2k_require_binding Modified: trunk/heimdal/lib/hx509/ChangeLog === --- trunk/heimdal/lib/hx509/ChangeLog 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/lib/hx509/ChangeLog 2007-06-26 11:15:08 UTC (rev 760) @@ -1,3 +1,11 @@ +2007-06-26 Love H�rnquist �strand [EMAIL PROTECTED] + + * version-script.map: Export more crap^W semiprivate functions. + + * hxtool.c: don't _hx509_abort + + * version-script.map: add missing ; + 2007-06-25 Love H�rnquist �strand [EMAIL PROTECTED] * cms.c: Use hx509_crypto_random_iv. Modified: trunk/heimdal/lib/hx509/hxtool.c === --- trunk/heimdal/lib/hx509/hxtool.c2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/lib/hx509/hxtool.c2007-06-26 11:15:08 UTC (rev 760) @@ -32,7 +32,7 @@ */ #include hx_locl.h -RCSID($Id: hxtool.c 21312 2007-06-25 18:27:28Z lha $); +RCSID($Id: hxtool.c 21330 2007-06-26 11:09:55Z lha $); #include hxtool-commands.h #include sl.h @@ -1917,7 +1917,8 @@ lock_strings(lock, opt-pass_strings); ret = hx509_crl_alloc(context, crl); -if (ret) _hx509_abort(hx509_crl_alloc); +if (ret) + errx(1, crl alloc); if (opt-signer_string == NULL) errx(1, signer missing); Modified: trunk/heimdal/lib/hx509/version-script.map === --- trunk/heimdal/lib/hx509/version-script.map 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/lib/hx509/version-script.map 2007-06-26 11:15:08 UTC (rev 760) @@ -183,10 +183,36 @@ hx509_verify_set_time; hx509_verify_signature; hx509_pem_write; + hx509_pem_add_header; + hx509_pem_find_header; + hx509_pem_free_header; + _hx509_write_file; _hx509_map_file; _hx509_map_file_os; _hx509_unmap_file; _hx509_unmap_file_os; + _hx509_certs_keys_free; + _hx509_certs_keys_get; + _hx509_request_init; + _hx509_request_set_name; + _hx509_request_set_email; + _hx509_request_set_SubjectPublicKeyInfo; + _hx509_request_to_pkcs10; + _hx509_request_to_pkcs10; + _hx509_request_free; + _hx509_private_key_ref; + _hx509_private_key_free; + _hx509_private_key2SPKI; + _hx509_generate_private_key_init; + _hx509_generate_private_key_is_ca; + _hx509_generate_private_key_bits; + _hx509_generate_private_key; + _hx509_generate_private_key_free; + _hx509_cert_assign_key; + _hx509_cert_private_key; + _hx509_name_from_Name; + decode_CertificationRequest; + free_CertificationRequest; local: *; }; Modified: trunk/heimdal/lib/krb5/get_cred.c === --- trunk/heimdal/lib/krb5/get_cred.c 2007-06-26 10:27:40 UTC (rev 759) +++ trunk/heimdal/lib/krb5/get_cred.c 2007-06-26 11:15:08 UTC (rev 760) @@ -33,7 +33,7 @@ #include krb5_locl.h -RCSID($Id: get_cred.c 21253 2007-06-21 04:24:24Z lha $); +RCSID($Id: get_cred.c 21327 2007-06-26 10:54:15Z lha $); /* * Take the `body' and encode it into `padata' using the credentials @@ -1210,3 +1210,62 @@ krb5_cc_store_cred(context, ccache, *out_creds); return ret; } + +/* + * + */ + +krb5_error_code KRB5_LIB_FUNCTION +krb5_get_renewed_creds(krb5_context context, + krb5_creds *creds, + krb5_const_principal client, + krb5_ccache ccache, + const
svn commit: lorikeet r761 - in trunk/heimdal/lib/hx509: .
Author: lha Date: 2007-06-26 12:12:22 + (Tue, 26 Jun 2007) New Revision: 761 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=761 Log: Merged with Heimdal svn revision 21333 Modified: trunk/heimdal/lib/hx509/version-script.map Changeset: Modified: trunk/heimdal/lib/hx509/version-script.map === --- trunk/heimdal/lib/hx509/version-script.map 2007-06-26 11:15:08 UTC (rev 760) +++ trunk/heimdal/lib/hx509/version-script.map 2007-06-26 12:12:22 UTC (rev 761) @@ -194,6 +194,8 @@ _hx509_certs_keys_free; _hx509_certs_keys_get; _hx509_request_init; + _hx509_request_add_dns_name; + _hx509_request_add_email; _hx509_request_set_name; _hx509_request_set_email; _hx509_request_set_SubjectPublicKeyInfo;
svn commit: lorikeet r762 - in trunk/heimdal/lib/hx509: .
Author: lha Date: 2007-06-26 12:45:44 + (Tue, 26 Jun 2007) New Revision: 762 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=762 Log: Merged with Heimdal svn revision 21340 Modified: trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/req.c trunk/heimdal/lib/hx509/version-script.map Changeset: Modified: trunk/heimdal/lib/hx509/ChangeLog === --- trunk/heimdal/lib/hx509/ChangeLog 2007-06-26 12:12:22 UTC (rev 761) +++ trunk/heimdal/lib/hx509/ChangeLog 2007-06-26 12:45:44 UTC (rev 762) @@ -1,5 +1,11 @@ 2007-06-26 Love H�rnquist �strand [EMAIL PROTECTED] + * version-script.map: Add initialize_hx_error_table_r. + + * req.c: Move _hx509_request_print here. + + * hxtool.c: use _hx509_request_print + * version-script.map: Export more crap^W semiprivate functions. * hxtool.c: don't _hx509_abort Modified: trunk/heimdal/lib/hx509/hxtool.c === --- trunk/heimdal/lib/hx509/hxtool.c2007-06-26 12:12:22 UTC (rev 761) +++ trunk/heimdal/lib/hx509/hxtool.c2007-06-26 12:45:44 UTC (rev 762) @@ -32,7 +32,7 @@ */ #include hx_locl.h -RCSID($Id: hxtool.c 21330 2007-06-26 11:09:55Z lha $); +RCSID($Id: hxtool.c 21338 2007-06-26 12:40:56Z lha $); #include hxtool-commands.h #include sl.h @@ -1204,58 +1204,21 @@ int pkcs10_print(struct pkcs10_print_options *opt, int argc, char **argv) { -size_t size, length; +size_t length; int ret, i; void *p; printf(pkcs10 print\n); for (i = 0; i argc; i++) { - CertificationRequest req; - CertificationRequestInfo *rinfo; - ret = _hx509_map_file(argv[i], p, length, NULL); if (ret) err(1, map_file: %s: %d, argv[i], ret); - ret = decode_CertificationRequest(p, length, req, size); + ret = _hx509_request_print(context, stdout, p, length); _hx509_unmap_file(p, length); if (ret) - errx(1, failed to parse file %s: %d, argv[i], ret); - - rinfo = req.certificationRequestInfo; - - { - char *subject; - hx509_name n; - - ret = _hx509_name_from_Name(rinfo-subject, n); - if (ret) - abort(); - - ret = hx509_name_to_string(n, subject); - hx509_name_free(n); - if (ret) - abort(); - - printf(name: %s\n, subject); - free(subject); - } - - if (rinfo-attributes rinfo-attributes-len) { - int j; - - printf(Attributes:\n); - - for (j = 0; j rinfo-attributes-len; j++) { - char *str; - hx509_oid_sprint(rinfo-attributes-val[j].type, str); - printf(\toid: %s\n, str); - free(str); - } - } - - free_CertificationRequest(req); + hx509_err(context, 1, ret, Failed to print file %s, argv[ i]); } return 0; Modified: trunk/heimdal/lib/hx509/req.c === --- trunk/heimdal/lib/hx509/req.c 2007-06-26 12:12:22 UTC (rev 761) +++ trunk/heimdal/lib/hx509/req.c 2007-06-26 12:45:44 UTC (rev 762) @@ -33,7 +33,7 @@ #include hx_locl.h #include pkcs10_asn1.h -RCSID($Id: req.c 20934 2007-06-06 15:30:02Z lha $); +RCSID($Id: req.c 21335 2007-06-26 12:18:33Z lha $); struct hx509_request_data { hx509_name name; @@ -215,3 +215,58 @@ return ret; } + +int +_hx509_request_print(hx509_context context, FILE *f, const void *data, size_t len) +{ +CertificationRequest req; +CertificationRequestInfo *rinfo; +size_t size; +int ret; + +ret = decode_CertificationRequest(data, len, req, size); +if (ret) { + hx509_set_error_string(context, 0, ret, Failed to decode request); + return ret; +} + +rinfo = req.certificationRequestInfo; + +{ + char *subject; + hx509_name n; + + ret = _hx509_name_from_Name(rinfo-subject, n); + if (ret) { + hx509_set_error_string(context, 0, ret, Failed to extract name); + free_CertificationRequest(req); + return ret; + } + ret = hx509_name_to_string(n, subject); + hx509_name_free(n); + if (ret) { + hx509_set_error_string(context, 0, ret, Failed to print name); + free_CertificationRequest(req); + return ret; + } + + fprintf(f, name: %s\n, subject); + free(subject); +} + +if (rinfo-attributes rinfo-attributes-len) { + int j; + + fprintf(f, Attributes:\n); + + for (j = 0; j rinfo-attributes-len; j++) { + char *str; + hx509_oid_sprint(rinfo-attributes-val[j].type, str); + fprintf(f, \toid: %s\n, str); + free(str);
svn commit: samba r23610 - in branches: SAMBA_3_0/source/lib SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/lib SAMBA_3_0_26/source/nsswitch
Author: obnox Date: 2007-06-26 13:45:07 + (Tue, 26 Jun 2007) New Revision: 23610 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23610 Log: Move some winbindd_cache specific flags and actions back to winbindd_cache.c. The generic mechanism should open the cache tdb readonly and with default flags. Michael Modified: branches/SAMBA_3_0/source/lib/util_tdb.c branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c branches/SAMBA_3_0_26/source/lib/util_tdb.c branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_tdb.c === --- branches/SAMBA_3_0/source/lib/util_tdb.c2007-06-26 10:19:06 UTC (rev 23609) +++ branches/SAMBA_3_0/source/lib/util_tdb.c2007-06-26 13:45:07 UTC (rev 23610) @@ -1005,12 +1005,7 @@ v_status.unknown_key = False; v_status.success = True; - tdb = tdb_open_log(tdb_path, - WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - lp_winbind_offline_logon() - ? TDB_DEFAULT - : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), - O_RDWR|O_CREAT, 0600); + tdb = tdb_open_log(tdb_path, 0, TDB_DEFAULT, O_RDONLY, 0); if (!tdb) { v_status.tdb_error = True; v_status.success = False; @@ -1182,4 +1177,3 @@ return ret; } - Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-06-26 10:19:06 UTC (rev 23609) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_cache.c 2007-06-26 13:45:07 UTC (rev 23610) @@ -3279,14 +3279,32 @@ int winbindd_validate_cache(void) { - int ret; + int ret = -1; + const char *tdb_path = lock_path(winbindd_cache.tdb); + TDB_CONTEXT *tdb = NULL; DEBUG(10, (winbindd_validate_cache: replacing panic function\n)); smb_panic_fn = validate_panic; + + tdb = tdb_open_log(tdb_path, + WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, + ( lp_winbind_offline_logon() +? TDB_DEFAULT +: TDB_DEFAULT | TDB_CLEAR_IF_FIRST ), + O_RDWR|O_CREAT, + 0600); + if (!tdb) { + DEBUG(0, (winbindd_validate_cache: + error opening/initializing tdb\n)); + goto done; + } + tdb_close(tdb); + ret = tdb_validate(lock_path(winbindd_cache.tdb), cache_traverse_validate_fn); +done: DEBUG(10, (winbindd_validate_cache: restoring panic function\n)); smb_panic_fn = smb_panic; return ret; Modified: branches/SAMBA_3_0_26/source/lib/util_tdb.c === --- branches/SAMBA_3_0_26/source/lib/util_tdb.c 2007-06-26 10:19:06 UTC (rev 23609) +++ branches/SAMBA_3_0_26/source/lib/util_tdb.c 2007-06-26 13:45:07 UTC (rev 23610) @@ -1005,12 +1005,7 @@ v_status.unknown_key = False; v_status.success = True; - tdb = tdb_open_log(tdb_path, - WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - lp_winbind_offline_logon() - ? TDB_DEFAULT - : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST), - O_RDWR|O_CREAT, 0600); + tdb = tdb_open_log(tdb_path, 0, TDB_DEFAULT, O_RDONLY, 0); if (!tdb) { v_status.tdb_error = True; v_status.success = False; @@ -1182,4 +1177,3 @@ return ret; } - Modified: branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c === --- branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c 2007-06-26 10:19:06 UTC (rev 23609) +++ branches/SAMBA_3_0_26/source/nsswitch/winbindd_cache.c 2007-06-26 13:45:07 UTC (rev 23610) @@ -3279,14 +3279,32 @@ int winbindd_validate_cache(void) { - int ret; + int ret = -1; + const char *tdb_path = lock_path(winbindd_cache.tdb); + TDB_CONTEXT *tdb = NULL; DEBUG(10, (winbindd_validate_cache: replacing panic function\n)); smb_panic_fn = validate_panic; + + tdb = tdb_open_log(tdb_path, + WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, + ( lp_winbind_offline_logon() +? TDB_DEFAULT +: TDB_DEFAULT | TDB_CLEAR_IF_FIRST ), + O_RDWR|O_CREAT, + 0600); + if (!tdb) { + DEBUG(0, (winbindd_validate_cache: + error opening/initializing tdb\n)); +
svn commit: lorikeet r763 - in trunk/heimdal/lib/hx509: .
Author: lha Date: 2007-06-26 14:27:06 + (Tue, 26 Jun 2007) New Revision: 763 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=763 Log: Merged with Heimdal svn revision 21347 Modified: trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/hxtool-commands.in trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/req.c trunk/heimdal/lib/hx509/test_ca.in trunk/heimdal/lib/hx509/test_req.in trunk/heimdal/lib/hx509/version-script.map Changeset: Sorry, the patch is too large (506 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=763
svn commit: lorikeet r764 - in trunk/heimdal/tests: . kdc
Author: lha Date: 2007-06-26 15:21:53 + (Tue, 26 Jun 2007) New Revision: 764 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=764 Log: Merged with Heimdal svn revision 21349 Modified: trunk/heimdal/tests/ChangeLog trunk/heimdal/tests/kdc/check-pkinit.in Changeset: Modified: trunk/heimdal/tests/ChangeLog === --- trunk/heimdal/tests/ChangeLog 2007-06-26 14:27:06 UTC (rev 763) +++ trunk/heimdal/tests/ChangeLog 2007-06-26 15:21:53 UTC (rev 764) @@ -1,5 +1,7 @@ 2007-06-26 Love H�rnquist �strand [EMAIL PROTECTED] + * kdc/check-pkinit.in: Fix hxtool issue-certificate --req. + * kdc/check-referral.in: Spelling. 2007-06-22 Love H�rnquist �strand [EMAIL PROTECTED] Modified: trunk/heimdal/tests/kdc/check-pkinit.in === --- trunk/heimdal/tests/kdc/check-pkinit.in 2007-06-26 14:27:06 UTC (rev 763) +++ trunk/heimdal/tests/kdc/check-pkinit.in 2007-06-26 15:21:53 UTC (rev 764) @@ -31,7 +31,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $Id: check-pkinit.in 20749 2007-05-31 17:34:17Z lha $ +# $Id: check-pkinit.in 21348 2007-06-26 15:12:59Z lha $ # srcdir=@srcdir@ @@ -130,7 +130,7 @@ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ --type=pkinit-kdc \ --pk-init-principal=krbtgt/[EMAIL PROTECTED] \ - --req=req-kdc.der \ + --req=PKCS10:req-kdc.der \ --certificate=FILE:kdc.crt || exit 1 echo issue user certificate (pkinit san) @@ -138,14 +138,14 @@ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ --type=pkinit-client \ --pk-init-principal=[EMAIL PROTECTED] \ - --req=req-pkinit.der \ + --req=PKCS10:req-pkinit.der \ --certificate=FILE:pkinit.crt || exit 1 echo issue user 2 certificate (no san) ${hxtool} issue-certificate \ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ --type=pkinit-client \ - --req=req-pkinit2.der \ + --req=PKCS10:req-pkinit2.der \ --certificate=FILE:pkinit2.crt || exit 1 echo issue user 3 certificate (ms san) @@ -153,7 +153,7 @@ --ca-certificate=FILE:$objdir/ca.crt,${keyfile} \ --type=pkinit-client \ --ms-upn=[EMAIL PROTECTED] \ - --req=req-pkinit2.der \ + --req=PKCS10:req-pkinit2.der \ --certificate=FILE:pkinit3.crt || exit 1
svn commit: samba-docs r1129 - in trunk/smbdotconf/security: .
Author: jpeach Date: 2007-06-26 17:50:20 + (Tue, 26 Jun 2007) New Revision: 1129 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1129 Log: Double-up on some backslashes so they don't get interpreted by nroff. Modified: trunk/smbdotconf/security/passwdchat.xml trunk/smbdotconf/security/restrictanonymous.xml Changeset: Modified: trunk/smbdotconf/security/passwdchat.xml === --- trunk/smbdotconf/security/passwdchat.xml2007-06-26 08:11:40 UTC (rev 1128) +++ trunk/smbdotconf/security/passwdchat.xml2007-06-26 17:50:20 UTC (rev 1129) @@ -30,7 +30,7 @@ paraThe string can contain the macro parameter moreinfo=none%n/parameter which is substituted for the new password. The chat sequence can also contain the standard -macros \n, \r, \t and \s to +macros \\n, \\r, \\t and \\s to give line-feed, carriage-return, tab and space. The chat sequence string can also contain a '*' which matches any sequence of characters. Double quotes can be used to collect strings with spaces in them into a single string./para @@ -41,7 +41,7 @@ paraIf the smbconfoption name=pam password change/ parameter is set to constantyes/constant, the chat pairs may be matched in any order, and success is determined by the PAM result, not any particular - output. The \n macro is ignored for PAM conversions. + output. The \\n macro is ignored for PAM conversions. /para /description Modified: trunk/smbdotconf/security/restrictanonymous.xml === --- trunk/smbdotconf/security/restrictanonymous.xml 2007-06-26 08:11:40 UTC (rev 1128) +++ trunk/smbdotconf/security/restrictanonymous.xml 2007-06-26 17:50:20 UTC (rev 1129) @@ -8,8 +8,8 @@ group list information is returned for an anonymous connection. and mirrors the effects of the programlisting -HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ - Control\LSA\RestrictAnonymous +HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\ + Control\\LSA\\RestrictAnonymous /programlisting registry key in Windows 2000 and Windows NT. When set to 0, user and group list information is returned to anyone who asks. When set
Re: svn commit: samba r23558 - in branches/SAMBA_4_0/testprogs/ejs: .
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] schrieb: Author: abartlet Date: 2007-06-21 05:14:13 + (Thu, 21 Jun 2007) New Revision: 23558 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23558 Log: MMC seems to ask for this, so I think we need to include it in our schema. Andrew Bartlett Modified: branches/SAMBA_4_0/testprogs/ejs/minschema.js Changeset: Modified: branches/SAMBA_4_0/testprogs/ejs/minschema.js === --- branches/SAMBA_4_0/testprogs/ejs/minschema.js 2007-06-21 01:28:33 UTC (rev 23557) +++ branches/SAMBA_4_0/testprogs/ejs/minschema.js 2007-06-21 05:14:13 UTC (rev 23558) @@ -73,6 +73,7 @@ subClassOf, governsID, possSuperiors, +possibleInferiors, this attribute is constructed and we should generate it instead of store it... metze -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGgVQLm70gjA5TCD8RAkaIAKCgkPE3U8E/eQ93PXJM3onKWxABnACg0mLx iEQ/+7wVOBr+HFrH8PSL+R8= =JTDS -END PGP SIGNATURE-
svn commit: samba r23611 - in branches: SAMBA_3_0/source/nsswitch SAMBA_3_0_26/source/nsswitch
Author: jpeach Date: 2007-06-26 18:18:44 + (Tue, 26 Jun 2007) New Revision: 23611 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23611 Log: Fix typo in error message. Modified: branches/SAMBA_3_0/source/nsswitch/idmap_rid.c branches/SAMBA_3_0_26/source/nsswitch/idmap_rid.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/idmap_rid.c === --- branches/SAMBA_3_0/source/nsswitch/idmap_rid.c 2007-06-26 13:45:07 UTC (rev 23610) +++ branches/SAMBA_3_0/source/nsswitch/idmap_rid.c 2007-06-26 18:18:44 UTC (rev 23611) @@ -79,7 +79,7 @@ if (lp_idmap_gid(low_gid, high_gid)) { if ((ctx-low_id != low_gid) || (ctx-high_id != high_uid)) { - DEBUG(1, (ERROR: idmap uid irange must match idmap gid range\n)); + DEBUG(1, (ERROR: idmap uid range must match idmap gid range\n)); ret = NT_STATUS_UNSUCCESSFUL; goto failed; } Modified: branches/SAMBA_3_0_26/source/nsswitch/idmap_rid.c === --- branches/SAMBA_3_0_26/source/nsswitch/idmap_rid.c 2007-06-26 13:45:07 UTC (rev 23610) +++ branches/SAMBA_3_0_26/source/nsswitch/idmap_rid.c 2007-06-26 18:18:44 UTC (rev 23611) @@ -79,7 +79,7 @@ if (lp_idmap_gid(low_gid, high_gid)) { if ((ctx-low_id != low_gid) || (ctx-high_id != high_uid)) { - DEBUG(1, (ERROR: idmap uid irange must match idmap gid range\n)); + DEBUG(1, (ERROR: idmap uid range must match idmap gid range\n)); ret = NT_STATUS_UNSUCCESSFUL; goto failed; }
svn commit: samba r23612 - in branches: SAMBA_3_0/source/utils SAMBA_3_0_25/source/utils SAMBA_3_0_26/source/utils
Author: vlendec Date: 2007-06-26 19:15:26 + (Tue, 26 Jun 2007) New Revision: 23612 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23612 Log: Revert 'net idmap dump' to the 3.0.24 behaviour. Modified: branches/SAMBA_3_0/source/utils/net_idmap.c branches/SAMBA_3_0_25/source/utils/net_idmap.c branches/SAMBA_3_0_26/source/utils/net_idmap.c Changeset: Modified: branches/SAMBA_3_0/source/utils/net_idmap.c === --- branches/SAMBA_3_0/source/utils/net_idmap.c 2007-06-26 18:18:44 UTC (rev 23611) +++ branches/SAMBA_3_0/source/utils/net_idmap.c 2007-06-26 19:15:26 UTC (rev 23612) @@ -28,50 +28,51 @@ } } while(0) /*** - Dump the current idmap + Helper function for net_idmap_dump. Dump one entry. **/ -static int net_idmap_dump(int argc, const char **argv) +static int net_idmap_dump_one_entry(TDB_CONTEXT *tdb, + TDB_DATA key, + TDB_DATA data, + void *unused) { - TALLOC_CTX *ctx; - char *filename; - - if (argc != 1) { - return net_help_idmap(argc, argv); + if (strcmp((char *)key.dptr, USER HWM) == 0) { + printf(USER HWM %d\n, IVAL(data.dptr,0)); + return 0; } - if (! winbind_ping()) { - d_fprintf(stderr, To use net idmap Winbindd must be running.\n); - return -1; + if (strcmp((char *)key.dptr, GROUP HWM) == 0) { + printf(GROUP HWM %d\n, IVAL(data.dptr,0)); + return 0; } - ctx = talloc_new(NULL); - ALLOC_CHECK(ctx); + if (strncmp((char *)key.dptr, S-, 2) != 0) + return 0; - filename = talloc_strdup(ctx, argv[0]); - ALLOC_CHECK(filename); + printf(%s %s\n, data.dptr, key.dptr); + return 0; +} - /* filename must be absolute */ - if (*filename != '/') { - char path[4096]; - - filename = getcwd(path, 4095); - if ( ! filename) { - d_fprintf(stderr, Failed to obtain full output file path); - talloc_free(ctx); - return -1; - } +/*** + Dump the current idmap + **/ +static int net_idmap_dump(int argc, const char **argv) +{ + TDB_CONTEXT *idmap_tdb; - filename = talloc_asprintf(ctx, %s/%s, path, argv[0]); - ALLOC_CHECK(filename); - } + if ( argc != 1 ) + return net_help_idmap( argc, argv ); - if ( ! winbind_idmap_dump_maps(ctx, filename)) { - d_fprintf(stderr, Failed to obtain idmap data from winbindd\n); - talloc_free(ctx); + idmap_tdb = tdb_open_log(argv[0], 0, TDB_DEFAULT, O_RDONLY, 0); + + if (idmap_tdb == NULL) { + d_fprintf(stderr, Could not open idmap: %s\n, argv[0]); return -1; } - talloc_free(ctx); + tdb_traverse(idmap_tdb, net_idmap_dump_one_entry, NULL); + + tdb_close(idmap_tdb); + return 0; } Modified: branches/SAMBA_3_0_25/source/utils/net_idmap.c === --- branches/SAMBA_3_0_25/source/utils/net_idmap.c 2007-06-26 18:18:44 UTC (rev 23611) +++ branches/SAMBA_3_0_25/source/utils/net_idmap.c 2007-06-26 19:15:26 UTC (rev 23612) @@ -28,50 +28,51 @@ } } while(0) /*** - Dump the current idmap + Helper function for net_idmap_dump. Dump one entry. **/ -static int net_idmap_dump(int argc, const char **argv) +static int net_idmap_dump_one_entry(TDB_CONTEXT *tdb, + TDB_DATA key, + TDB_DATA data, + void *unused) { - TALLOC_CTX *ctx; - char *filename; - - if (argc != 1) { - return net_help_idmap(argc, argv); + if (strcmp(key.dptr, USER HWM) == 0) { + printf(USER HWM %d\n, IVAL(data.dptr,0)); + return 0; } - if (! winbind_ping()) { - d_fprintf(stderr, To use net idmap Winbindd must be running.\n); - return -1; + if (strcmp(key.dptr, GROUP HWM) == 0) { + printf(GROUP HWM %d\n, IVAL(data.dptr,0)); + return 0; } - ctx = talloc_new(NULL); - ALLOC_CHECK(ctx); + if (strncmp(key.dptr, S-, 2) != 0) + return 0; - filename = talloc_strdup(ctx, argv[0]); -
svn commit: samba r23613 - in branches/SAMBA_3_0_RELEASE: . source/utils
Author: jerry Date: 2007-06-26 19:23:07 + (Tue, 26 Jun 2007) New Revision: 23613 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23613 Log: pull in net idmap change from the 3.0.25 tree Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt branches/SAMBA_3_0_RELEASE/source/utils/net_idmap.c Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2007-06-26 19:15:26 UTC (rev 23612) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2007-06-26 19:23:07 UTC (rev 23613) @@ -76,8 +76,10 @@ o Volker Lendecke [EMAIL PROTECTED] * Fix record state check error when reviewing entries in nmbd's WINS database. +* Revert 'net idmap dump' behavior to 3.0.24 behavior to fix change + in command line syntax that would overwrite winbindd_idmap.tdb. + - o Justin Maggard [EMAIL PROTECTED] * Don't expire a password if it's explicitly set as ACB_PWNOTREQ. Modified: branches/SAMBA_3_0_RELEASE/source/utils/net_idmap.c === --- branches/SAMBA_3_0_RELEASE/source/utils/net_idmap.c 2007-06-26 19:15:26 UTC (rev 23612) +++ branches/SAMBA_3_0_RELEASE/source/utils/net_idmap.c 2007-06-26 19:23:07 UTC (rev 23613) @@ -28,50 +28,51 @@ } } while(0) /*** - Dump the current idmap + Helper function for net_idmap_dump. Dump one entry. **/ -static int net_idmap_dump(int argc, const char **argv) +static int net_idmap_dump_one_entry(TDB_CONTEXT *tdb, + TDB_DATA key, + TDB_DATA data, + void *unused) { - TALLOC_CTX *ctx; - char *filename; - - if (argc != 1) { - return net_help_idmap(argc, argv); + if (strcmp(key.dptr, USER HWM) == 0) { + printf(USER HWM %d\n, IVAL(data.dptr,0)); + return 0; } - if (! winbind_ping()) { - d_fprintf(stderr, To use net idmap Winbindd must be running.\n); - return -1; + if (strcmp(key.dptr, GROUP HWM) == 0) { + printf(GROUP HWM %d\n, IVAL(data.dptr,0)); + return 0; } - ctx = talloc_new(NULL); - ALLOC_CHECK(ctx); + if (strncmp(key.dptr, S-, 2) != 0) + return 0; - filename = talloc_strdup(ctx, argv[0]); - ALLOC_CHECK(filename); + printf(%s %s\n, data.dptr, key.dptr); + return 0; +} - /* filename must be absolute */ - if (*filename != '/') { - char path[4096]; - - filename = getcwd(path, 4095); - if ( ! filename) { - d_fprintf(stderr, Failed to obtain full output file path); - talloc_free(ctx); - return -1; - } +/*** + Dump the current idmap + **/ +static int net_idmap_dump(int argc, const char **argv) +{ + TDB_CONTEXT *idmap_tdb; - filename = talloc_asprintf(ctx, %s/%s, path, argv[0]); - ALLOC_CHECK(filename); - } + if ( argc != 1 ) + return net_help_idmap( argc, argv ); - if ( ! winbind_idmap_dump_maps(ctx, filename)) { - d_fprintf(stderr, Failed to obtain idmap data from winbindd\n); - talloc_free(ctx); + idmap_tdb = tdb_open_log(argv[0], 0, TDB_DEFAULT, O_RDONLY, 0); + + if (idmap_tdb == NULL) { + d_fprintf(stderr, Could not open idmap: %s\n, argv[0]); return -1; } - talloc_free(ctx); + tdb_traverse(idmap_tdb, net_idmap_dump_one_entry, NULL); + + tdb_close(idmap_tdb); + return 0; }
svn commit: samba r23614 - in tags: .
Author: jerry Date: 2007-06-26 19:26:20 + (Tue, 26 Jun 2007) New Revision: 23614 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23614 Log: have to recut the tarball to removing the 3.0.25b release tag Removed: tags/release-3-0-25b/ Changeset:
svn commit: samba-docs r1130 - in trunk/manpages-3: .
Author: idra Date: 2007-06-26 19:29:31 + (Tue, 26 Jun 2007) New Revision: 1130 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=1130 Log: Make the manpage reflect the command behavior Modified: trunk/manpages-3/net.8.xml Changeset: Modified: trunk/manpages-3/net.8.xml === --- trunk/manpages-3/net.8.xml 2007-06-26 17:50:20 UTC (rev 1129) +++ trunk/manpages-3/net.8.xml 2007-06-26 19:29:31 UTC (rev 1130) @@ -1166,10 +1166,11 @@ /refsect2 refsect2 -titleIDMAP DUMP lt;output filegt;/title +titleIDMAP DUMP lt;local tdb file namegt;/title para -Dumps the mappings in the specified output file. +Dumps the mappings contained in the local tdb file specified. +This command is useful to dump only the mappings produced by the idmap_tdb backend. /para /refsect2
svn commit: samba r23615 - in branches/SAMBA_3_0_RELEASE: .
Author: jerry Date: 2007-06-26 19:33:47 + (Tue, 26 Jun 2007) New Revision: 23615 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23615 Log: adding a note about the 'net idmap dump' change Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2007-06-26 19:26:20 UTC (rev 23614) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2007-06-26 19:33:47 UTC (rev 23615) @@ -15,6 +15,20 @@ o Crashes is idmap_ldap and idmap_rid. +Changes to 'net idmap dump' +--- + +A change in command line syntax and behavior was introduced in the +3.0.25 release series where the command + + $ net idmap dump /.../path/to/idmap.tdb + +would overwrite the tdb instead of dumping its contents to standard +output as was the case in releases priro to Samba 3.0.25. The +changed has been reverted in 3.0.25b and the semantics from 3.0.24 +and earlier releases have been restored. + + ## Changes ###
svn commit: samba r23616 - in branches: SAMBA_3_0/source/include SAMBA_3_0/source/rpc_parse SAMBA_3_0/source/rpc_server SAMBA_3_0_25/source/include SAMBA_3_0_25/source/rpc_parse SAMBA_3_0_25/source/rp
Author: jmcd Date: 2007-06-26 20:09:41 + (Tue, 26 Jun 2007) New Revision: 23616 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23616 Log: Fix bugzilla #4719: must change password is not set from usrmgr.exe. This was only affecting the newer versions of usrmgr.exe, because they use a user_info_25 struct. The password is getting set separately inside that code, so the password last set time was getting set from the password change logic. We also were not parsing a number of fields (like logon hours) from the user_info_25. That should also be fixed. Modified: branches/SAMBA_3_0/source/include/rpc_samr.h branches/SAMBA_3_0/source/rpc_parse/parse_samr.c branches/SAMBA_3_0/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0/source/rpc_server/srv_samr_util.c branches/SAMBA_3_0_25/source/include/rpc_samr.h branches/SAMBA_3_0_25/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_25/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_25/source/rpc_server/srv_samr_util.c branches/SAMBA_3_0_26/source/include/rpc_samr.h branches/SAMBA_3_0_26/source/rpc_parse/parse_samr.c branches/SAMBA_3_0_26/source/rpc_server/srv_samr_nt.c branches/SAMBA_3_0_26/source/rpc_server/srv_samr_util.c Changeset: Sorry, the patch is too large (505 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23616
svn commit: samba r23617 - in branches/SAMBA_3_0_RELEASE: .
Author: jerry Date: 2007-06-26 20:27:19 + (Tue, 26 Jun 2007) New Revision: 23617 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23617 Log: fix typos Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt Changeset: Modified: branches/SAMBA_3_0_RELEASE/WHATSNEW.txt === --- branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2007-06-26 20:09:41 UTC (rev 23616) +++ branches/SAMBA_3_0_RELEASE/WHATSNEW.txt 2007-06-26 20:27:19 UTC (rev 23617) @@ -16,7 +16,7 @@ Changes to 'net idmap dump' +=== A change in command line syntax and behavior was introduced in the 3.0.25 release series where the command @@ -24,7 +24,7 @@ $ net idmap dump /.../path/to/idmap.tdb would overwrite the tdb instead of dumping its contents to standard -output as was the case in releases priro to Samba 3.0.25. The +output as was the case in releases prior to Samba 3.0.25. The changed has been reverted in 3.0.25b and the semantics from 3.0.24 and earlier releases have been restored.
svn commit: samba-web r1129 - in trunk: . history
Author: jerry Date: 2007-06-26 20:35:53 + (Tue, 26 Jun 2007) New Revision: 1129 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1129 Log: announce 3.0.25b Added: trunk/history/samba-3.0.25b.html Modified: trunk/header_columns.html trunk/history/header_history.html trunk/history/samba-3.0.25a.html trunk/index.html Changeset: Modified: trunk/header_columns.html === --- trunk/header_columns.html 2007-06-11 17:50:58 UTC (rev 1128) +++ trunk/header_columns.html 2007-06-26 20:35:53 UTC (rev 1129) @@ -130,9 +130,9 @@ div class=releases h4Current Stable Release/h4 ul -lia href=/samba/ftp/stable/samba-3.0.25a.tar.gzSamba 3.0.25a (gzipped)/a/li -lia href=/samba/history/samba-3.0.25a.htmlRelease Notes/a/li -lia href=/samba/ftp/stable/samba-3.0.25a.tar.ascSignature/a/li +lia href=/samba/ftp/stable/samba-3.0.25b.tar.gzSamba 3.0.25b (gzipped)/a/li +lia href=/samba/history/samba-3.0.25b.htmlRelease Notes/a/li +lia href=/samba/ftp/stable/samba-3.0.25b.tar.ascSignature/a/li /ul h4Historical/h4 Modified: trunk/history/header_history.html === --- trunk/history/header_history.html 2007-06-11 17:50:58 UTC (rev 1128) +++ trunk/history/header_history.html 2007-06-26 20:35:53 UTC (rev 1129) @@ -77,6 +77,7 @@ div class=notes h6Release Notes/h6 ul +lia href=samba-3.0.25b.htmlsamba-3.0.25b/a/li lia href=samba-3.0.25a.htmlsamba-3.0.25a/a/li lia href=samba-3.0.25.htmlsamba-3.0.25/a/li lia href=samba-3.0.24.htmlsamba-3.0.24/a/li Modified: trunk/history/samba-3.0.25a.html === --- trunk/history/samba-3.0.25a.html2007-06-11 17:50:58 UTC (rev 1128) +++ trunk/history/samba-3.0.25a.html2007-06-26 20:35:53 UTC (rev 1129) @@ -141,7 +141,7 @@ /pre pPlease refer to the original a href=/samba/history/samba-3.0.25.htmlSamba -3.0.25 Release Notes/a for more details of changes from previous releases./p +3.0.25 Release Notes/a for more details regarding changes in previous releases./p /body /html Added: trunk/history/samba-3.0.25b.html === --- trunk/history/samba-3.0.25b.html2007-06-11 17:50:58 UTC (rev 1128) +++ trunk/history/samba-3.0.25b.html2007-06-26 20:35:53 UTC (rev 1129) @@ -0,0 +1,149 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Release Notes Archive/title +/head + +body + + H2Samba 3.0.25b Available for Download/H2 + +p +pre + === + Release Notes for Samba 3.0.25b + June 26, 2007 + === + +This is the third production release of the Samba 3.0.25 code +base and is the version that servers should be run for for all +current bug fixes. + +Major bug fixes included in Samba 3.0.25b are: + + o Offline caching of files with Windows XP/Vista clients. + o Improper cleanup of expired or invalid byte range locks +on files. + o Crashes is idmap_ldap and idmap_rid. + + +Changes to 'net idmap dump' +=== + +A change in command line syntax and behavior was introduced in the +3.0.25 release series where the command + + $ net idmap dump /.../path/to/idmap.tdb + +would overwrite the tdb instead of dumping its contents to standard +output as was the case in releases prior to Samba 3.0.25. The +changed has been reverted in 3.0.25b and the semantics from 3.0.24 +and earlier releases have been restored. + + +## +Changes +### + +Changes since 3.0.25a +- + +o Jeremy Allison [EMAIL PROTECTED] +* BUG 4655: Fix client parsing bug in spoolss EnumPrinterDataEx(). +* Ensure that proper oplock break requests occur during file open + and performing internal checks for compatible open modes. +* Fix offline file caching with Windows XP/Vista clients. +* Coverity fixes. +* Ensure that winbindd reports the correct client connection + details in response to a SIGUSR2. +* Fix timespec_current() to return the correct nano-second time. +* Fix lock logic inconsistencies in tdb_traverse(). +* Remove restriction on string length for rpcclient commands. +* BUG 4683: Fix LSA crash bug. +* BUG 3204: Fix file descriptor leak in the parent winbindd when + child processes hang. +* Avoid calling rename_open_files() when the old and new names + are identical. +* BUG 4689: Fix bug in new change notify code caused by not + ignoring the max_params_return value and as a resulting
svn commit: samba r23618 - in tags: .
Author: jerry Date: 2007-06-26 20:36:23 + (Tue, 26 Jun 2007) New Revision: 23618 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23618 Log: tagging 3.0.25b Added: tags/release-3-0-25b/ Changeset: Copied: tags/release-3-0-25b (from rev 23617, branches/SAMBA_3_0_RELEASE)
svn commit: samba r23619 - in branches/SAMBA_3_0/source/nsswitch: .
Author: jerry Date: 2007-06-26 21:22:01 + (Tue, 26 Jun 2007) New Revision: 23619 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=23619 Log: Fix compile warning in fill_grent_mem() caused by mismatched counter size. Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_group.c Changeset: Modified: branches/SAMBA_3_0/source/nsswitch/winbindd_group.c === --- branches/SAMBA_3_0/source/nsswitch/winbindd_group.c 2007-06-26 20:36:23 UTC (rev 23618) +++ branches/SAMBA_3_0/source/nsswitch/winbindd_group.c 2007-06-26 21:22:01 UTC (rev 23619) @@ -543,7 +543,7 @@ n_glist = 1; for ( i=0; imax_depth glist; i++ ) { - size_t n_members = 0; + uint32 n_members = 0; char **members = NULL; NTSTATUS nt_status;