Re: [Samba] SAMBA+ LDAP+ACL
Saravanesh d escribió: Hi all. please help me to step by step configuration of how to configure SAMBA DC with LDAP. We have 143 users ,and i want also to configure ACL Thanks in advance Saravanesh Step by Step: Step 1) Open your favorite internet browser Step 2) Open URL http://www.samba.org Step 3) Look http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/or http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ Step 4) Read it very slow, specially Chapter 5 Making Happy Users Step 5) Ready? Yes? Good. No? Repeat Step 4 Regards, -- Abigaíl Anzola -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba oplocks
Hello I've just installed a samba server on a OS X server. I enable oplocks and it's good for rtf, odt or doc. But with iWork files it's very strange, iWork saves files in folder and oplocks didn't work. If someone has already do it or has an idea :) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help
Well i did my smb.conf as simple as you showned. [EMAIL PROTECTED] ~]# testparm Load smb config files from /etc/samba/smb.conf Processing section [share] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions [global] workgroup = ACME server string = %h security = SHARE [share] path = /home/acn/share read only = No guest ok = Yes The top root folder has been created with the following rights (applied to subfodlers too): drwxrwxrwx 4 nobody root And i still get errors trying to connect: [2008/07/28 09:29:55, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2008/07/28 09:30:05, 0] lib/util_sock.c:write_data(562) write_data: write failure in writing to client 10.130.12.54. Error Connection reset by peer [2008/07/28 09:30:05, 0] lib/util_sock.c:send_smb(761) Error writing 4 bytes to client. -1. (Connection reset by peer) [2008/07/28 09:30:06, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2008/07/28 09:30:06, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users From Windows the error is: share is not accessible. You might not have permission to use this network resource. The network path was not found. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] xp/2003 explorer freezes browsing shares on Samba 3.2 ipv6 hosts
I'm not sure if this is the same problem I have. In my case I could track the problem down to my printer shares. If I disable the [printers] and [print$] shares in smb.conf everthing works just fine. With the printers enabled explorer freezes on some systems when I'm logged in as a domain user and try to browse the shares on my PDC. Strangely that problem does not occur if I'm logged into a local account on the client (like Administrator). David. -- View this message in context: http://www.nabble.com/xp-2003-explorer-freezes-browsing-shares-on-Samba-3.2-ipv6-hosts-tp18474574p18686436.html Sent from the Samba - General mailing list archive at Nabble.com. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbcontrol xxxx reload-config doesn't work and other details samba 3.2
Hi Samba team. I installed on a new server samba 3.2.0. And all work fine, except the reload-config command and other things. For resolve some missed-configuration, I modify the smb.conf and call smbcontrol smbd_pid reload-config, but it's not work. Ex : I added mdfs root = yes (same as samba 3.0.x), after I called smbcontrol reload-config [2008/07/28 00:17:34, 3] param/loadparm.c:lp_load_ex(8681) lp_load_ex: refreshing parameters Initialising global parameters [2008/07/28 00:17:34, 3] param/params.c:pm_process(569) params.c:pm_process() - Processing configuration file /srv/etc/samba/smb.conf [2008/07/28 00:17:34, 3] param/loadparm.c:do_section(7346) Processing section [global] doing parameter netbios name = ADMIN01 [2008/07/28 00:17:34, 4] param/loadparm.c:handle_netbios_name(6694) handle_netbios_name: set global_myname to: ADMIN01 doing parameter workgroup = CORMAN doing parameter server string = Serveur administratif (%v) doing parameter security = user doing parameter password level = 2 doing parameter unix password sync = no doing parameter admin users = @administrateurs doing parameter os level = 160 doing parameter announce as = NT Server doing parameter unix charset = ISO-8859-15 [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE [2008/07/28 00:17:34, 5] lib/charcnv.c:charset_name(81) Substituting charset 'UTF-8' for LOCALE doing parameter display charset = ISO-8859-15 doing parameter dos charset = ISO-8859-15 doing parameter veto files = /msblast.exe/ doing parameter time server = Yes doing parameter domain logons = Yes doing parameter domain master = Yes doing parameter local master = yes doing parameter preferred master = yes doing parameter logon home = \\ADMIN01\%U\.profiles doing parameter printing = cups doing parameter add user script = /usr/local/sbin/smbldap-useradd -a -m -g 221 -C admin01\\%u %u doing parameter add machine script = /usr/local/sbin/smbldap-useradd -w %u doing parameter add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g doing parameter delete user script = /usr/local/sbin/smbldap-userdel -r %u doing parameter delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g doing parameter lock directory = /var/lib/samba doing parameter pid directory = /var/run/samba doing parameter interfaces = 10.217.7.3/255.255.252.0 doing parameter socket address = 10.217.7.3 127.0.0.1 doing parameter socket options = SO_KEEPALIVE TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8760 doing parameter name resolve order = wins bcast hosts lmhosts doing parameter deadtime = 480 doing parameter wins server = wins-srv doing parameter name cache timeout = 660 doing parameter passdb backend = ldapsam:ldap://127.0.0.1 ldap://ldap-srv; doing parameter ldap admin dn = cn=samba,ou=dsa,dc=corman,dc=be doing parameter ldap user suffix = ou=users doing parameter ldap group suffix = ou=groupes doing parameter ldap machine suffix = ou=machines doing parameter ldap suffix = dc=corman,dc=be doing parameter ldap ssl = no doing parameter ldap passwd sync = yes doing parameter ldapsam:trusted = yes doing parameter max log size = 1000 doing parameter log level = 1 winbind:0 vfs:2 [2008/07/28 00:17:35, 0] lib/util_str.c:safe_strcpy_fn(709) ERROR: string overflow
Re: [Samba] help
From Windows the error is: share is not accessible. You might not have permission to use this network resource. The network path was not found. -- Have you tried from windows connecting by ipaddress instead of any other method. Type \\ipaddress in explorer and see if that connects. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] help
No improvement with the IP address. Error states in smb.log getpeername failed. Error was Transport endpoint is not connected. 2008/7/28 John Drescher [EMAIL PROTECTED] From Windows the error is: share is not accessible. You might not have permission to use this network resource. The network path was not found. -- Have you tried from windows connecting by ipaddress instead of any other method. Type \\ipaddress in explorer and see if that connects. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Performance and disconnect troubles on winbind after samba upgrade
Hello, Somebody have any trouble like this? I'm lost because I didn't found any report near to mine, and it's getting worse. Any help will be appreciated. Best regards, Fabiano Felix On Wed, 2008-07-23 at 11:55 -0300, Fabiano Felix wrote: Hello, We have a RHEL4 x64 running for 3 years, which is a samba member server integrated with a AD domain without any problems (we was using samba-3.0.10-1.4E.6). Last Saturday we performed an entire server update, applying all RHN available patches. Everything is running fine, except for winbind service which has a strange behavior: often we are receiving some errors at logs, and the users/groups resolution is taking a long time, which affects user experience. The installed version is samba-3.0.25b-1.el4_6.5, and below we have some of these errors: Jul 22 11:05:10 lxnserver winbindd[18539]: [2008/07/22 11:05:10, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:05:10 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:05:10 lxnserver winbindd[18539]: [2008/07/22 11:05:10, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:05:10 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x4000returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:11:03 lxnserver winbindd[18539]: [2008/07/22 11:11:03, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:11:03 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:11:03 lxnserver winbindd[18539]: [2008/07/22 11:11:03, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:11:03 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x400areturned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:12:46 lxnserver winbindd[18539]: [2008/07/22 11:12:46, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:12:46 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:12:46 lxnserver winbindd[18539]: [2008/07/22 11:12:46, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:12:46 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0xc001returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:15:12 lxnserver winbindd[18539]: [2008/07/22 11:15:12, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:15:12 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:15:12 lxnserver winbindd[18539]: [2008/07/22 11:15:12, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:15:12 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x4000returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:20:11 lxnserver winbindd[18539]: [2008/07/22 11:20:11, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:20:11 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:20:11 lxnserver winbindd[18539]: [2008/07/22 11:20:11, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:20:11 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x4006returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:25:11 lxnserver winbindd[18539]: [2008/07/22 11:25:11, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:25:11 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:25:11 lxnserver winbindd[18539]: [2008/07/22 11:25:11, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:25:11 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x4002returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Note that it is occurring in a short time, and the server is taking slow. My smb.conf global session: [global] username map = /etc/samba/smbusers map to guest = Bad User passdb backend = tdbsam printcap name = cups printcap cache time = 750 cups options = raw printing = cups workgroup = MYINTERNALDOMAIN security = ads realm = myinternaldomain.local.intra domain logons = no domain master = no wins support = no time server = yes wins server = Y.Y.Y.Y Z.Z.Z.Z log level = 0 log file = /var/log/samba/%m.log ldap admin dn = cn=samba-admin,ou=Admin,dc=idmap,dc=myinternal,dc=com,dc=br ldap idmap suffix = ou=Idmap ldap suffix = dc=idmap,dc=myinternal,dc=com,dc=br idmap backend = ldap:ldap://localhost idmap uid =
Re: [Samba] SAMBA+ LDAP+ACL
On Monday 28 July 2008 00:35:08 Abigail Anzola wrote: Saravanesh d escribió: Hi all. please help me to step by step configuration of how to configure SAMBA DC with LDAP. We have 143 users ,and i want also to configure ACL Thanks in advance Saravanesh Step by Step: Step 1) Open your favorite internet browser Step 2) Open URL http://www.samba.org Step 3) Look http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/or http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ Sorry, wrong URL. Try this one instead: http://www.samba.org/samba/docs/Samba3-ByExample.pdf Step 4) Read it very slow, specially Chapter 5 Making Happy Users Chapter 5 covers how to configure Samba with an LDAP backend. - John T. Step 5) Ready? Yes? Good. No? Repeat Step 4 Regards, -- Abigaíl Anzola -- John H Terpstra Author: The Official Samba-3 HOWTO Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Performance and disconnect troubles on winbind after samba upgrade
On Monday 28 July 2008 08:03:28 Fabiano Felix wrote: Hello, Somebody have any trouble like this? I'm lost because I didn't found any report near to mine, and it's getting worse. Any help will be appreciated. Suggest that you update to Samba version 3.0.31 (the most recent and possibly the last 3.0.x series release) or to 3.2.0 (the current stable release). There have been many fixes for known problems with winbind from earlier releases of the Samba 3.0.x series. Please read the man pages for idmap_ad, idmap_rid, idmap_tdb, since the requirements for configuration of winbind's idmap functionality has changed. cheers, John T. Best regards, Fabiano Felix On Wed, 2008-07-23 at 11:55 -0300, Fabiano Felix wrote: Hello, We have a RHEL4 x64 running for 3 years, which is a samba member server integrated with a AD domain without any problems (we was using samba-3.0.10-1.4E.6). Last Saturday we performed an entire server update, applying all RHN available patches. Everything is running fine, except for winbind service which has a strange behavior: often we are receiving some errors at logs, and the users/groups resolution is taking a long time, which affects user experience. The installed version is samba-3.0.25b-1.el4_6.5, and below we have some of these errors: Jul 22 11:05:10 lxnserver winbindd[18539]: [2008/07/22 11:05:10, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:05:10 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:05:10 lxnserver winbindd[18539]: [2008/07/22 11:05:10, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:05:10 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x4000returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:11:03 lxnserver winbindd[18539]: [2008/07/22 11:11:03, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:11:03 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:11:03 lxnserver winbindd[18539]: [2008/07/22 11:11:03, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:11:03 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x400areturned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:12:46 lxnserver winbindd[18539]: [2008/07/22 11:12:46, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:12:46 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:12:46 lxnserver winbindd[18539]: [2008/07/22 11:12:46, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:12:46 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0xc001returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:15:12 lxnserver winbindd[18539]: [2008/07/22 11:15:12, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:15:12 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:15:12 lxnserver winbindd[18539]: [2008/07/22 11:15:12, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:15:12 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x4000returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:20:11 lxnserver winbindd[18539]: [2008/07/22 11:20:11, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:20:11 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:20:11 lxnserver winbindd[18539]: [2008/07/22 11:20:11, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:20:11 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x4006returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Jul 22 11:25:11 lxnserver winbindd[18539]: [2008/07/22 11:25:11, 0] libsmb/clientgen.c:cli_receive_smb(111) Jul 22 11:25:11 lxnserver winbindd[18539]: Receiving SMB: Server stopped responding Jul 22 11:25:11 lxnserver winbindd[18539]: [2008/07/22 11:25:11, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) Jul 22 11:25:11 lxnserver winbindd[18539]: rpc_api_pipe: Remote machine server.mydomain.intra pipe \lsarpc fnum 0x4002returned critical error. Error was Call timed out: server did not respond after 1 milliseconds Note that it is occurring in a short time, and the server is taking slow. My smb.conf global session: [global] username map = /etc/samba/smbusers map to guest = Bad User passdb backend = tdbsam printcap name = cups printcap cache time = 750 cups options = raw printing = cups workgroup = MYINTERNALDOMAIN security = ads
[Samba] Vanishing work group on samba 2.2.8
Hello I have a small problem which I hope you can help with. We are running samba 2.2.8a on a V880 using Solaris 9. Up until today there were, as far as we know, no problems with the service. Today a change was done to add 6 additional shares to the system. This was done by editing the configuration file and issuing a kill -HUP to the samba service. All appeared to be OK until access was attempted to the new shares - as it turns out the list of authorised users was incorrect but that was not the cause of the problem. Further investigation using 'map network drive' in windows xp explorer showed that the work group was no longer listed. The first thought was a configuration file error so the original configuration file was restored and the samba service re-started. The workgroup was still not visible. Users already connected to the samba shares seem to be working without a problem but no new connections seem to be possible. Has anybody come across this particular situation before ? and if so what is the solution please? I have included the samba configuration file below for information. Any suggestions would be much appreciated. Regards Greg Hitchcock # Samba config file created from copy of smb.conf.saturn # Global parametersworkgroup = xnetbios name = xx server string = %hinterfaces = 192.168.1.84/255.255.255.0 log file = /var/samba/log/log.%mmax open files = 128socket options = TCP_NODELAYprintcap name = /etc/printcapcomment = SunV880security = share [homes]comment = home [%H]read only = Nocreate mask = 0750 [printers]comment = All Printerspath = /tmpcreate mask = 0700guest ok = Yesprint ok = Yesbrowseable = No [STIMPY$]comment = STIMPY SQL Backupspath = /home/STIMPY read only = noguest ok = yescreate mask = 0700 [INVENSYS]comment = Invensys Job Analysis Reportpath = /home/invensysread only = noguest ok = yes [Share]comment = Public Sharepath = /home/shareread only = noguest ok = yes [tmp$]comment = Hidden temp sharepath = /tmpread only = Nocreate mask = 0666guest ok = Yes [temp$]comment = Another hidden temp sharepath = /temp read only = Nocreate mask = 0666guest ok = Yes [FTP$]comment = EDI FTP root directorypath = /usr1/ftp read only = Nocreate mask = 0666guest ok = Yes [FTP_DEV$]comment = Development EDI FTP root directorypath = /usr1/ftp_devread only = Nocreate mask = 0666guest ok = Yes[FTP2$]comment = EDI FTP root directorypath = /usr2/ftp read only = Nocreate mask = 0666guest ok = Yes [UDT DOCS]comment = Unidata Documentationpath = /usr1/ud/udtdoc/udt41read only = Noguest ok = Yes [KARDEX.IN]comment = Kardex incoming filespath = /usr1/ud/AN/ORB.KARDEX.INread only = Noguest ok = Yes [KARDEX.OUT]comment = Kardex outgoing filespath = /usr1/ud/AN/ORB.KARDEX.OUTread only = Noguest ok = Yes [ASTROWEB$]path = /usr1/ud/AN/INCOMINGread only = No create mask = 0666guest ok = Yes [ASTROWEB.OUT]path = /usr1/ud/AN/OUTGOINGread only = No create mask = 0666guest ok = Yes [INCOMING]path = /usr1/ud/AN/INCOMINGread only = No guest ok = Yes [INCOMING_ARC$]path = /usr1/ud/AN/INCOMING.ARCread only = No guest ok = Yes [usr1$]comment = usr1 directorypath = /usr1read only = Nocreate mask = 0666guest ok = Yes [work$]comment = work directorypath = /workread only = Nocreate mask = 0666guest ok = Yes ## Thomas Cook input/output directories#[TC_INCOMING$]path = /usr1/ud/AN/TC_INCOMINGread only = Nocreate mask = 0666 guest ok = Yes [TC_OUTGOING$]path = /usr1/ud/AN/TC_OUTGOINGread only = No create mask = 0666guest ok = Yes [TX_OUTGOING$]path = /usr1/ud/AN/TX_OUTGOINGread only = No create mask = 0666guest ok = Yes ## #[LC_INCOMING$]path = /usr1/ud/AN/LCCI_INCOMINGread only = Nocreate mask = 0666guest ok = Yes ## Development INCOMING directory#[DEVINCOMING$]path = /usr1/ud/SOPDEV/INCOMINGread only = Nocreate mask = 0666 guest ok = Yes [DEVOUTGOING$]path = /usr1/ud/SOPDEV/OUTGOINGread only = No create mask = 0666guest ok = Yes [DEV_INPUT$]path = /usr1/ud/SOPDEV/ATP_INPUTread only = No create mask = 0666guest ok = Yes
[Samba] Re: Building Samba 3.2.0 on Solaris with Sun compiler
Still wondering: Is building with cc (as opposed to gcc) on Solaris 10 supported with Samba 3.2.0? Thanks again. -David On Mon, Jul 21, 2008 at 5:09 PM, David Eisner [EMAIL PROTECTED] wrote: I was able to build Samba 3.0.x under Solaris 10 using the Sun Studio compiler (cc) and the Solaris ld (/usr/ccs/bin/ld) that it uses. Trying to build Samba 3.2.0, however, I immediately run into a problem where the build process assumes the linker understands --version-script, which is specific to the GNU linker: Linking shared library bin/libtalloc.so /usr/ccs/bin/ld: illegal option -- version-script usage: ld [-6:abc:d:e:f:h:il:mo:p:rstu:z:B:CD:F:GI:L:M:N:P:Q:R:S:VY:?] file(s) [-64] enforce a 64-bit link-edit Is this a bug? Thanks. -David -- David Eisner http://cradle.brokenglass.com -- David Eisner http://cradle.brokenglass.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] weird Windows profile creation
It seems weird. On 75% of my machines, it creates accounts as: c:\documents and settings\username on 25% of the machines, it creates them as: c:\docments and settings\username.DOMAINNAME These are fresh machines, so it's unclear to me where this behavior stems from. We're not using roaming profiles. Does anyone have any idea as to why this happens? thanks Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Building Samba 3.2.0 on Solaris with Sun compiler
On Mon, Jul 28, 2008 at 09:56:23AM -0400, David Eisner wrote: Still wondering: Is building with cc (as opposed to gcc) on Solaris 10 supported with Samba 3.2.0? Should be, sure. The build farm runs some hosts this way. Volker pgpgoW5fBYFsz.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Building Samba 3.2.0 on Solaris with Sun compiler
On Mon, Jul 28, 2008 at 10:20 AM, Volker Lendecke [EMAIL PROTECTED] wrote: On Mon, Jul 28, 2008 at 09:56:23AM -0400, David Eisner wrote: Still wondering: Is building with cc (as opposed to gcc) on Solaris 10 supported with Samba 3.2.0? Should be, sure. The build farm runs some hosts this way. Volker When I try to build with cc, it dies almost immediately with this: Linking shared library bin/libtalloc.so /usr/ccs/bin/ld: illegal option -- version-script usage: ld [-6:abc:d:e:f:h:il:mo:p:rstu:z:B:CD:F:GI:L:M:N:P:Q:R:S:VY:?] file(s) [-64] enforce a 64-bit link-edit [-a]create an absolute file [-b]do not do special PIC relocations in a.out .. and so on. The problem is that the Solaris ld does not understand --version-script: that's specific to the GNU linker. Looking in the Makefile, I find the problem here: ## Dynamic shared libraries build settings DSO_EXPORTS_CMD=-Wl,--version-script,$(srcdir)/exports/`basename $@ | sed 's/so$$/syms/'` This is hard-coded into Makefile.in; it's not generated by the configure script. Unless I'm missing something (which is quite possible), I don't see how this could work with the Solaris linker. Thanks again for your help. -David -- David Eisner http://cradle.brokenglass.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Building Samba 3.2.0 on Solaris with Sun compiler
On Mon, Jul 28, 2008 at 10:43:12AM -0400, David Eisner wrote: On Mon, Jul 28, 2008 at 10:20 AM, Volker Lendecke [EMAIL PROTECTED] wrote: On Mon, Jul 28, 2008 at 09:56:23AM -0400, David Eisner wrote: Still wondering: Is building with cc (as opposed to gcc) on Solaris 10 supported with Samba 3.2.0? Should be, sure. The build farm runs some hosts this way. Volker When I try to build with cc, it dies almost immediately with this: Ok, possibly we have the Solaris compiler but a GNU linker in the build farm machines. Hmmm. Sorry, I don't have time right now to fix this really, hunting a SMB signing bug in 3.2 :-( Volker pgpWKw3ZNfLSf.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Owner and Group ignored over preference to ACLs
Hello all I've just recently upgraded one of our servers from Fedora Core to CentOS 5.2 and a side effect of this is that Samba is now version 3.0.28-1.el5_2.1. Following this upgrade, I have noticed an odd behaviour: samba ONLY uses ACLs to provide permissions to XP clients connecting to the server. Some research as has said that this may be due to the deprecation of acl group control, which is now replaced by the 'dos filemode' option. However, changing this doesn't the desired affect. To be clear: the desired effect, for me, is to have owner and group information (as well as ACLs) used to determine permissions for connected users. I've yet to find an answer to this via google. Has anyone else experience this and have some feedback? Thanks, justin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Building Samba 3.2.0 on Solaris with Sun compiler
On Mon, Jul 28, 2008 at 11:00 AM, David Eisner [EMAIL PROTECTED] wrote: On Mon, Jul 28, 2008 at 10:58 AM, Volker Lendecke [EMAIL PROTECTED] wrote: Ok, possibly we have the Solaris compiler but a GNU linker in the build farm machines. Hmmm. Sorry, I don't have time right now to fix this really, hunting a SMB signing bug in 3.2 :-( Good luck. I'll raise a bug, then, now that I have confirmation it's something that should, in theory, be working. I've created a bug report: https://bugzilla.samba.org/show_bug.cgi?id=5639 -David -- David Eisner http://cradle.brokenglass.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] weird Windows profile creation
On 7/28/2008, Christopher Perry ([EMAIL PROTECTED]) wrote: on 25% of the machines, it creates them as: c:\docments and settings\username.DOMAINNAME It only does this if there is already a LOCAL user account in use with that same username. This is well documented behavior. -- Best regards, Charles -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] weird Windows profile creation
On Mon, Jul 28, 2008 at 10:15 AM, Christopher Perry [EMAIL PROTECTED] wrote: It seems weird. On 75% of my machines, it creates accounts as: c:\documents and settings\username on 25% of the machines, it creates them as: c:\docments and settings\username.DOMAINNAME These are fresh machines, so it's unclear to me where this behavior stems from. We're not using roaming profiles. Does anyone have any idea as to why this happens? Do any of these users have local windows accounts on the new machines? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems authenticating Ubuntu 8.04 client (gdm) against Samba (Ubuntu 8.04) domain server
Hello, Does anyone have a working pam configuration that allows gdm logins? My current config works with ssh and bash logins. I'd like gdm to work with usernames like DOMAIN\\USERNAME. MORE DETAIL: --- I'm trying to get a Linux client (Ubuntu 8.04) to authenticate against a Samba domain controller (also Ubuntu8.04). WindowsXP clients work fine with the samba PDC. I have managed to get logins to work for ssh and at the bash prompt, thus: login: ora\\bob This works fine, but logging in at the console does NOT work. When I try to login using gdm, I get a popup that says that Authentication failed. This is not the normal error message when logging in as a local user with incorrect password. This indicates to me that the user ORA\\bob (and all syntactic variations thereof) is being recognized as a domain user, but the password server is rejecting the user. The (relevant portions of) smb.conf on the client system are: #* workgroup = ORA # this is my domain name security = Domain encrypt passwords = true password server = samba1 # this is my Ubuntu8.04 samba domain controller passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u pam password change = yes idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash template homedir = /home/%D/%U winbind cache time = 5 winbind enum users = yes winbind enum groups = yes ## My /etc/pam.d/gdm is shown below. Ubuntu separates out certain blocks into common files that are included in the application specific files. I have included the includes: authrequisite pam_nologin.so authrequiredpam_env.so readenv=1 authrequiredpam_env.so readenv=1 envfile=/etc/default/locale [EMAIL PROTECTED] common-auth authsufficient pam_winbind.so authsufficient pam_unix.so nullok_secure use_first_pass authoptionalpam_smbpass.so migrate missingok [EMAIL PROTECTED] common-auth authoptionalpam_gnome_keyring.so [EMAIL PROTECTED] common-account account sufficient pam_winbind.so account requiredpam_unix.so [EMAIL PROTECTED] common-account session requiredpam_limits.so [EMAIL PROTECTED] common-session session requiredpam_unix.so session required pam_mkhomedir.so umask=0022 skel=/etc/skel [EMAIL PROTECTED] common-session session optionalpam_gnome_keyring.so auto_start [EMAIL PROTECTED] common-password password requisite pam_unix.so nullok obscure md5 password optional pam_smbpass.so nullok use_authtok use_first_pass missingok [EMAIL PROTECTED] common-password -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] weird Windows profile creation
BTW, this happens in a Windows (2000 an up, at least, afaik...) server domain as well. Not related to Samba, basically. Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Perry Sent: Monday, July 28, 2008 7:15 AM To: samba@lists.samba.org Subject: [Samba] weird Windows profile creation It seems weird. On 75% of my machines, it creates accounts as: c:\documents and settings\username on 25% of the machines, it creates them as: c:\docments and settings\username.DOMAINNAME These are fresh machines, so it's unclear to me where this behavior stems from. We're not using roaming profiles. Does anyone have any idea as to why this happens? thanks Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] weird Windows profile creation
If the username already exists on the machine as a local account, and then you join the domain and logon with the same username, it creates this. That is how it distinguishes the two different (in it's opinion) usernames. Make sure you have no local accounts (using usernames you want to use) on the machine before you join the domain. HTH, Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Perry Sent: Monday, July 28, 2008 7:15 AM To: samba@lists.samba.org Subject: [Samba] weird Windows profile creation It seems weird. On 75% of my machines, it creates accounts as: c:\documents and settings\username on 25% of the machines, it creates them as: c:\docments and settings\username.DOMAINNAME These are fresh machines, so it's unclear to me where this behavior stems from. We're not using roaming profiles. Does anyone have any idea as to why this happens? thanks Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help making Samba a DFS host (not root!)
Any word on this? Should I open a bug? I've got my foot in my mouth after telling my group that samba supports DFS :-) Thanks, -Brian Brian H. Nelson wrote: Jeremy, Files attached. Let me know if they're not what you need. Just for fun I tried this with 3.0.28 as well. Same result. -Brian Jeremy Allison wrote: On Wed, Jul 16, 2008 at 02:33:57PM -0400, Brian H. Nelson wrote: I'm trying to create a DFS root in my 2003 AD domain, and point it to a share hosted on a Samba server. From the documentation, I had assumed that this was supported (msdfs host = yes ?). Am I missing something basic? This is with Samba 3.0.31 on RHEL 5. When I go to create the DFS root (via the msc plugin) and instruct it to use my samba machine as the host, I get this error: The computer you entered cannot host the DFS root. You must enter the name of a computer running an operating system in the Windows 2000 Server or Windows Server 2003 families. Just to be clear, I'm NOT trying to make Samba a DFS root, just a host (ie target) for a DFS root in my AD domain. Is Samba only capable of hosting a samba-based DFS root, and not an AD based one? Is there some trick to getting it configured? Can you post the network capture trace plus the debug level 10 of the smbd you're pointing the MSC plugin at please ? Jeremy. -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help making Samba a DFS host (not root!)
On Mon, Jul 28, 2008 at 11:57:04AM -0400, Brian H. Nelson wrote: Any word on this? Should I open a bug? I've got my foot in my mouth after telling my group that samba supports DFS :-) Sorry, I dropped the ball on this one. Yes, open up a bug please and attach the files there, that way more than myself can work on it. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rename to open file doesn't work, why?
On Mon, Jul 28, 2008 at 07:02:52AM +0200, Wilhelm Meier wrote: Am Montag, 28. Juli 2008 schrieb Michael Heydon: Wilhelm Meier wrote: snip On a local linux filesystem like ext2/3 one can rename a file to an existing, already open file. But this doesn't work on a cifs-mounted samba-share snip The reason this works with ext2 is that as long as you hold an open file descriptor a deleted file is still accessible (rename is essentially a delete and then a move). While it might be theoretically possible for this to work unix to unix, Windows doesn't deal with deleted files the same way (it prevents you from deleting files as long as they are open), and so it's quite possible that SMB/CIFS doesn't understand the concept of having a deleted file open. Yes, with a windows file server this is impossible. But I thought the samba unix extensions should make that possible. Otherwise samba/cifs is unusable as e.g. user-homes, since KDE tends to use this pattern. Is there any workaround at the moment? Can you log a bug with bugzilla.samba.org so I can track this. Include everything I need to reproduce (test code preferably) so I can ensure the UNIX extensions allow this. Thanks ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Share directory empty
Greetings, I am having an issue where I can connect to a share, but am unable to view contents. Server: RHEL5.2 Samba Version: 3.0.28 Clients: OS X 10.5.4, 10.4.11, XP SP2, SP3 and Win Server 2003. My smb.conf file is posted below. The share that is causing me grief is called office. Thanks in advance for any assistance. [global] workgroup = OFFICE realm = OFFICE.MATH.PSU.EDU server string = MathNet Samba Server %v security = ADS password server = dogwood.math.psu.edu passdb backend = tdbsam:/etc/samba/passdb.tdb username map = /etc/samba/users.map log level = 3 printcap name = cups ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind use default domain = Yes hosts allow = x.x.x.x [homes] read only = No browseable = No posix locking = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [print$] comment = Windows Print Drivers path = /etc/samba/drivers write list = root [julieandmary] comment = Share for Julie and Mary path = /home/fourier2/office/JulieandMary valid users = @officeexams read only = No create mask = 00 force create mode = 0660 force directory mode = 0770 posix locking = No [office] path = /home/fourier2/office posix locking = No Michael Dunne Systems Administrator Mathematics Department The Pennsylvania State University 4 McAllister Bldg. University Park, PA 16802 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mutli-Homed Subnetting - Advice please
Hi All, I have a problem with a growing network. I inherited the network at about 200 machines and it's now reached 300 at which point the cracks are starting to show. I have no budget to speak of but need to up the bandwitdh so I'm looking at sticking an extra Gigabit NIC into my PDC and splitting the network into two subnets. I have two kinds of data, static and dynamic. Static files are put there by higher rights users (teachers) to be accessed read only by pupils. Dynamic data includes profiles and users work. After reading the manuals and searching the web I have a couple of questions: 1) I assume that as the NICs are on the same server (PDC WINS) the WINS server part of Samba will store both NIC IPs in the wins.dat file and that it'll answer WINS queries from both subnet without a problem. Dynamic data will be stored on the PDC so I assume this will be easy. Am I on safe ground here? 2) I plan to have a server on each subnet that will hold the static data and act as BDCs relieving the load on the PDC. Effectively, the content will be identical but as staff update data on one, is there a way of binding the server shares together so one updates the other. I know you can bind two drives on a unix box together with mount --bind. Has anyone tried binding two samba shares together? Is it easier to script an rsync -u . 3) Finally, I need to run login scripts based on group membership but with static data shares mounted on a different server depending on the subnet you're on. Any tips on stacking login scripts? Can samba do this. Any hints and tips appreciated. I have limited time to do this and set up three web servers with limited time for testing but that's life. Cheers, Jools -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Share directory empty
Greetings, Thanks for the rapid reply. I have posix locking set to no due to an issue with MS Word and Excel documents on machines with XP SP3 installed. IIRC, it was this thread that helped me crack that issue: http://www.mail-archive.com/samba@lists.samba.org/msg93598.html. The users that need to access that share are in a unix group called office which has read/write/execute over /home/fourier/office. They all have unix accounts. Thanks again! Mike Michael Dunne Systems Administrator Mathematics Department The Pennsylvania State University 4 McAllister Bldg. University Park, PA 16802 On Jul 28, 2008, at 1:54 PM, kissg wrote: [office] path = /home/fourier2/office posix locking = No First of all, why do you need posix locking = No? According to the smb.conf man page, you should never need to disable file locking this way. Also, check if your users, who need access to that share, have the proper UNIX permissions to /home/fourier2/office. Are your user mappings set up correctly? Keep in mind, that you need to create UNIX accounts for all of your Windows users, to maintain permissions correctly. You can easily check, if you have a UNIX account for a user by typing id username on your Samba server. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help making Samba a DFS host (not root!)
Jeremy Allison wrote: Sorry, I dropped the ball on this one. Yes, open up a bug please and attach the files there, that way more than myself can work on it. Thanks, Jeremy. Ok. Bug 5641 created: Can't use Samba server as DFS host via dfsgui.msc. Thanks, -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help making Samba a DFS host (not root!)
On Mon, Jul 28, 2008 at 02:16:10PM -0400, Brian H. Nelson wrote: Jeremy Allison wrote: Sorry, I dropped the ball on this one. Yes, open up a bug please and attach the files there, that way more than myself can work on it. Thanks, Jeremy. Ok. Bug 5641 created: Can't use Samba server as DFS host via dfsgui.msc. Thanks, I'll try to get to it this week. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mutli-Homed Subnetting - Advice please
Hi Jools, I'm not an expert of this, but I have some ideas: 1, WINS was made exactly, what you would like to use it for. I should not cause any problems, if you split your network to multiple subnets (as long as you modify your firewall scripts according to the new topology). WINS is part of nmbd, so if you set wins support = Yes in your smb.conf file, you will have a working WINS server on every interface you have nmdb listening on. Just configure your DHCP server to give the WINS server address to the clients (DHCP option no. 44) and WINS name resolution should work from that on. Also, setting NetBIOS node type to P-mode is a good idea (DHCP option no. 46, set it to a value of 8). That way none of your clients will ever try to broadcast any name resolution requests, they will send them immediately to the WINS server, therefore causing less bandwidth usage. 2, I'm not an expert of this, but probably NFS would be the correct solution. Dedicating a Gigabit Ethernet connection to this purpose should be enough for ~300 users, I think. I don't know too much about NFS drives, but as far as I know, you can mount and use an NFS drive as if it were on the local computer. You can read more about the NFS protocol on this site: http://en.wikipedia.org/wiki/Network_File_System_(protocol) 3, Create logon scripts for each group and add a command to the scripts like this: net use Z: %LOGONSERVER%\share_name Append the following line to the [global] section of smb.conf: logon script = %G.bat That way, during a user logon, the appropriate logon script will be run on the client machine. (I have never tried it yet, but it should work). I hope, I could help you a bit. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mutli-Homed Subnetting - Advice please
how congested is your network? is the gigabit card on the server near 100% utilization, or also are your network switches near 100% bandwidth utilization, or both? are you using roaming profiles? i'd try to offload some of the network load by re-directing my documents to their home directory so that roaming profiles doesn't have to copy that data at login/logoff. if your switches are already congested, I don't think a 2nd nic will help much. if you had some money you could buy more switches. I like how the cisco switches handle VLANs well to break up networks. use unison for the mirroring of the folders, google for it. its like a 2-way rsync. i can send you some old emails from the list i saved with various helpful samba login scripting if you want me to forward you copies of them. [EMAIL PROTECTED] wrote: Hi All, I have a problem with a growing network. I inherited the network at about 200 machines and it's now reached 300 at which point the cracks are starting to show. I have no budget to speak of but need to up the bandwitdh so I'm looking at sticking an extra Gigabit NIC into my PDC and splitting the network into two subnets. I have two kinds of data, static and dynamic. Static files are put there by higher rights users (teachers) to be accessed read only by pupils. Dynamic data includes profiles and users work. After reading the manuals and searching the web I have a couple of questions: 1) I assume that as the NICs are on the same server (PDC WINS) the WINS server part of Samba will store both NIC IPs in the wins.dat file and that it'll answer WINS queries from both subnet without a problem. Dynamic data will be stored on the PDC so I assume this will be easy. Am I on safe ground here? 2) I plan to have a server on each subnet that will hold the static data and act as BDCs relieving the load on the PDC. Effectively, the content will be identical but as staff update data on one, is there a way of binding the server shares together so one updates the other. I know you can bind two drives on a unix box together with mount --bind. Has anyone tried binding two samba shares together? Is it easier to script an rsync -u . 3) Finally, I need to run login scripts based on group membership but with static data shares mounted on a different server depending on the subnet you're on. Any tips on stacking login scripts? Can samba do this. Any hints and tips appreciated. I have limited time to do this and set up three web servers with limited time for testing but that's life. Cheers, Jools -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to connect to shares - Error about 'Domain Controller'
Fellow samba dancers, Before I lose it, and teach our server to fly, I think it best if I ask the experts. THE SETUP: FreeBSD 7.0-Release, i386 platform (Proliant ML530 to be exact), Samba version 3.0.31,1. Windows domain based on Windows 2000 Advanced Server, with mixed NT-style and Active Directory style security. Domain name is FREEDOM_RIDGE, two active-directory domain controllers called haku and chihiro (bonus points if you get the movie reference). ;-) WHAT I'VE DONE: testparm says the config file is fine, and I -think- I've managed to join our existing domain (there was no error from the 'net join' NT4-style command -- quite the contrary. It confirmed that the domain was joined). Shares are established, dump of config file available on request. I've also used pdbedit -a -u (insert username here) to add myself into the tdbsam database, and that seemed to work OK. THE PROBLEM: I can't connect to any shares, and I keep seeing samba core-dump errors in /var/log/samba/log.smbd. When I try connecting to a share from one of our Windows 2000 pro systems, it sits for about 30 seconds, and then I get an error box which says (among other things) that it could not read configuration information from the domain controller. Even more worrisome is this stuff from log.smbd. I get it every time I try to access a share. -=-=-=-=-=- [2008/07/28 11:41:50, 0] lib/util_tdb.c:tdb_log(664) tdb(/var/db/samba/gencache.tdb): tdb_reopen: open failed (No such file or directory) [2008/07/28 11:41:50, 0] smbd/server.c:open_sockets_smbd(572) tdb_reopen_all failed. [2008/07/28 11:41:50, 0] lib/util.c:smb_panic(1633) PANIC (pid 28688): tdb_reopen_all failed. [2008/07/28 11:41:50, 0] lib/util.c:log_stack_trace(1787) unable to produce a stack trace on this platform [2008/07/28 11:41:50, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/smbd [2008/07/28 11:41:50, 0] lib/util_tdb.c:tdb_log(664) tdb(/var/db/samba/gencache.tdb): tdb_reopen: open failed (No such file or directory) [2008/07/28 11:41:50, 0] smbd/server.c:open_sockets_smbd(572) tdb_reopen_all failed. [2008/07/28 11:41:50, 0] lib/util.c:smb_panic(1633) PANIC (pid 28689): tdb_reopen_all failed. [2008/07/28 11:41:50, 0] lib/util.c:log_stack_trace(1787) unable to produce a stack trace on this platform [2008/07/28 11:41:50, 0] lib/fault.c:dump_core(181) dumping core in /var/log/samba/cores/smbd -=-=-=-=-=-=- Any thoughts? Granted that I would, at some point, like to implement full active-directory membership, the thought of diving into Windows-side Kerberos is not attractive at this time. Thanks. -=-=-=-=-=-=-=-=-=-=-=- Bruce Lane, Owner Head Hardware Heavy, Blue Feather Technologies -- http://www.bluefeathertech.com kyrrin (at) bluefeathertech do/t c=o=m Quid Malmborg in Plano... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba password hashes exposed to ldapsearch
After setting up Samba to work with an FDS LDAP server: http://directory.fedoraproject.org/wiki/Howto:Samba ... I see that the samba password hashes are shown with a simple ldapsearch command. If you scroll to the bottom of the page linked above and see the search results for: ldapsearch -x -Z '(uid=testuser)' You will see the hashes: sambaLMPassword: CFA95C51F11AB11DC2265B23734E0DAC sambaNTPassword: B2D88A4A9B0DAEE170E75F67D54918F6 This seems to be confidential information that you would not want showing in a anonymous LDAP search. ... For the same reason you would not want open permissions on your shadow password file. I see that the userPassword hash is not shown in the example above. In my tests, I only see this Unix password hash if I run ldapsearch as cn=Directory Manager. Is there are way to also hide the Samba password hashes without breaking Samba functionality? Say, by using some LDAP rights-management tool to limit access to these attributes to certain accounts. Or does Samba require these hashes to be generally readable? -- Amin Al-Regan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba password hashes exposed to ldapsearch
On Mon, Jul 28, 2008 at 01:32:49PM -0700, Amin Al-Regan wrote: Is there are way to also hide the Samba password hashes without breaking Samba functionality? Say, by using some LDAP rights-management tool to limit access to these attributes to certain accounts. Or does Samba require these hashes to be generally readable? Samba itself needs to be able to read and write its password attributes, but nss_ldap does not need to see them at all. You should fix that wiki page and add the appropriate fds acl settings there. Thanks, Volker pgpzelhw2mqdj.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA+ LDAP+ACL
Greeting Saravanesh, I have done documentation for DC under Gentoo but in french only (www.cybionet.com). I use Samba with OpenLDAP and the ACL(EA). It work very well in small and medium entreprise. I can take time to help you in english but only under Gentoo with Windows professional (2k/XP/Vista) clients. Robert Hi all. please help me to step by step configuration of how to configure SAMBA DC with LDAP. We have 143 users ,and i want also to configure ACL Thanks in advance Saravanesh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mutli-Homed Subnetting - Advice please
On Mon, Jul 28, 2008 at 1:41 PM, [EMAIL PROTECTED] wrote: 1) I assume that as the NICs are on the same server (PDC WINS) the WINS server part of Samba will store both NIC IPs in the wins.dat file and that it'll answer WINS queries from both subnet without a problem. Dynamic data will be stored on the PDC so I assume this will be easy. Am I on safe ground here? My WINS servers have 2 to 6 NICs each. No problems there. 2) I plan to have a server on each subnet that will hold the static data and act as BDCs relieving the load on the PDC. Effectively, the content will be identical but as staff update data on one, is there a way of binding the server shares together so one updates the other. I know you can bind two drives on a unix box together with mount --bind. Has anyone tried binding two samba shares together? Is it easier to script an rsync -u . I would make one machine a WINS, DNS, and PDC server with no shares other than the logon share and possibly user homes. Then I'd set up two more servers that did nothing but share files, with 2 NICs in each. Many of my file servers have 4 NICs in them and work fine. Complexity is the enemy of reliability - I would avoid synchronizing shares and instead architect so that a single set of shares can be reached by all. NICs are cheaper than the time it takes to build reliable synchronized file shares. 3) Finally, I need to run login scripts based on group membership but with static data shares mounted on a different server depending on the subnet you're on. Any tips on stacking login scripts? Can samba do this. You can dynamically generate your logon scripts. See here: http://freshmeat.net/projects/exampleadvancedsambaloginscript/ Any hints and tips appreciated. I have limited time to do this and set up three web servers with limited time for testing but that's life. I've found keeping my PDC/logon servers separate from my heavy lifter file servers saves me much pain; I can work on login and authentication issues separately from load and permissions problems. I also use DHCP to set my windows clients to hybrid mode. option netbios-dd-server 192.168.0.1; option netbios-node-type 8; # 1B-node: Broadcast - no WINS # 2P-node: Peer - WINS only. # 4M-node: Mixed - broadcast, then WINS # 8H-node: Hybrid - WINS, then broadcast # It should be obvious that this is a bit-mapped value, more info in RFCs 1001 and 1002 You can really clog up a network fast with broadcast name resolution, so you want to restrict that as much as possible. --Charlie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba password hashes exposed to ldapsearch
Is there are way to also hide the Samba password hashes without breaking Samba functionality? Say, by using some LDAP rights-management tool to limit access to these attributes to certain accounts. Or does Samba require these hashes to be generally readable? A properly configured LDAP server will not allow anything but the samba daemons to read windows hashes; they are plaintext password equivalent since they can be cracked quite trivially with freely downloadable tools. Do not send your password hashes over an unencrypted network connection, for the same reason. --Charlie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] msdfs root = yes is the default???
Why is that when you create a share, the default is 'msdfs root = yes'? Also, why is that a share that is set 'msdfs root = yes' -- or, rather, a share that does /not/ set 'msdfs root = no' -- advertises that it is a DFS root to the Linux CIFS client, /even /when 'host msdfs = no'? This sounds like A) a bug (ignoring 'host msdfs', and B) a misfeature (msdfs root should probably /not/ default to yes). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to connect to shares problem - solved!
Fellow samba folk, Please disregard my earlier message. I have solved the problem, and it appears to have been a combination of things. First, somehow (I have no idea how), the Samba package must have gotten corrupted during installation. I cleaned up the mess, reinstalled, and had much better results. Second issue: I followed the instructions at this link, Section 2.6, VERY carefully, to get the system to be just a simple member server. I'll worry about ADS later. http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/FastStart.html#fast-memberserver-shares That helped more than anything else. In particular, I was unaware (until I read the above) that Samba should not have been started until it was joined to the domain. I was under the impression it had to be started BEFORE it could join up. Everything's working fine. Thanks for reading, at least. -=-=-=-=-=-=-=-=-=-=-=- Bruce Lane, Owner Head Hardware Heavy, Blue Feather Technologies -- http://www.bluefeathertech.com kyrrin (at) bluefeathertech do/t c=o=m Quid Malmborg in Plano... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hi I am vinod, I want to set up simple Samba PDC using tdbsam password backend. samba is installed on fedora 8 GNU/Linux. my network is about 30 windowsXP Pro. SP-2 static IP addressed machine
Hi I am vinod, I want to set up simple Samba PDC using tdbsam password backend. samba is installed on fedora 8 GNU/Linux. my network is about 30 windowsXP Pro. SP-2 static IP addressed machines. total no users about : *40* my network is : *192.168.1.* samba server is *: 192.168.1.10* windowsXP Pro. SP-2 clients : *192.168.1.11* to *192.168.1.40 *I want the users to be able to access there files stored in the Samba server from any client. I have no DNS server. I have no DHCP server. can any one help me to setup SAMBA PDC . Thanks. Vinod Raghavan B.A.R.C. BOMBAY INDIA [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Troubles with PDC move
Versions: Old Server: Ubuntu 6.06 Samba 3.0.25a New Server Centos 5.2 Samba 3.0.25b I have moved all the *.tdb, samba configs, login scripts, files, unix user UIDs and groups have also been moved over, all appear to be working without any trouble. I can login to a computer that is part of the domain and my roaming desktop loads. The Issue: While the roaming desktop, and settings such as Firefox and Thunderbird load correctly, the Windows setting that control things such as Recent Programs list in the start menu, ordering of Icons on the desktop, and theme are not loaded. Or is this a bug I should file with samba team? Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can not connect to share for a particular user.
Hi 2008/7/21 David Kuntadi [EMAIL PROTECTED]: make_connection: connection to public denied due to security descriptor. when it successfully connects I see: aragorn (192.168.0.94) connect to service gregi initially as user gregi (uid=1084, gid=1084) (pid 88931) Well, I solved this problem in the most peculiar manner... I created a user on the samba server sharing the drive (not the PDC), tried to connect: it gave me an error and I had to re-join the domain. Since everything works well... No idea what happened -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: lorikeet r799 - in trunk/heimdal: . admin appl/su appl/telnet/libtelnet cf doc doc/standardisation kadmin kdc kpasswd kuser lib lib/gssapi lib/gssapi/gssapi lib/gssapi/krb5 lib/gssapi/mech
Author: abartlet Date: 2008-07-28 06:20:35 + (Mon, 28 Jul 2008) New Revision: 799 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=799 Log: Merged with upstream Heimdal -r 23473. Dropped gss_wrap_ex patch (will maintain this with metze in GIT, then commit it here when finished). Andrew Bartlett Added: trunk/heimdal/cf/symbol-version.py trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-gss-cb-hash-agility-04.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-kerberos-referrals-11.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-otp-preauth-05.txt trunk/heimdal/doc/standardisation/draft-ietf-krb-wg-preauth-framework-08.txt trunk/heimdal/lib/krb5/send_to_kdc_plugin.h trunk/heimdal/lib/roken/cloexec.c trunk/heimdal/lib/roken/xfree.c Removed: trunk/heimdal/lib/gssapi/mech/gss_unwrap_ex.c trunk/heimdal/lib/gssapi/mech/gss_wrap_ex.c trunk/heimdal/lib/krb5/keytab_krb4.c Modified: trunk/heimdal/ChangeLog trunk/heimdal/admin/change.c trunk/heimdal/admin/get.c trunk/heimdal/appl/su/ChangeLog trunk/heimdal/appl/su/Makefile.am trunk/heimdal/appl/su/su.c trunk/heimdal/appl/telnet/libtelnet/encrypt.c trunk/heimdal/appl/telnet/libtelnet/genget.c trunk/heimdal/cf/ChangeLog trunk/heimdal/cf/krb-ipv6.m4 trunk/heimdal/cf/krb-readline.m4 trunk/heimdal/cf/version-script.m4 trunk/heimdal/doc/ack.texi trunk/heimdal/kadmin/ank.c trunk/heimdal/kdc/default_config.c trunk/heimdal/kdc/digest.c trunk/heimdal/kdc/kerberos5.c trunk/heimdal/kdc/krb5tgs.c trunk/heimdal/kdc/kx509.c trunk/heimdal/kdc/misc.c trunk/heimdal/kdc/pkinit.c trunk/heimdal/kdc/process.c trunk/heimdal/kdc/set_dbinfo.c trunk/heimdal/kdc/windc.c trunk/heimdal/kpasswd/kpasswd-generator.c trunk/heimdal/kpasswd/kpasswdd.c trunk/heimdal/kuser/kinit.c trunk/heimdal/lib/Makefile.am trunk/heimdal/lib/gssapi/ChangeLog trunk/heimdal/lib/gssapi/Makefile.am trunk/heimdal/lib/gssapi/gssapi/gssapi.h trunk/heimdal/lib/gssapi/gssapi/gssapi_krb5.h trunk/heimdal/lib/gssapi/gssapi_mech.h trunk/heimdal/lib/gssapi/krb5/accept_sec_context.c trunk/heimdal/lib/gssapi/krb5/delete_sec_context.c trunk/heimdal/lib/gssapi/krb5/display_status.c trunk/heimdal/lib/gssapi/krb5/external.c trunk/heimdal/lib/gssapi/krb5/gsskrb5_locl.h trunk/heimdal/lib/gssapi/krb5/init_sec_context.c trunk/heimdal/lib/gssapi/krb5/set_cred_option.c trunk/heimdal/lib/gssapi/krb5/set_sec_context_option.c trunk/heimdal/lib/gssapi/krb5/wrap.c trunk/heimdal/lib/gssapi/mech/gss_krb5.c trunk/heimdal/lib/gssapi/mech/gss_mech_switch.c trunk/heimdal/lib/gssapi/ntlm/crypto.c trunk/heimdal/lib/gssapi/ntlm/external.c trunk/heimdal/lib/gssapi/ntlm/init_sec_context.c trunk/heimdal/lib/gssapi/test_context.c trunk/heimdal/lib/hcrypto/ChangeLog trunk/heimdal/lib/hcrypto/rand-egd.c trunk/heimdal/lib/hcrypto/rand-fortuna.c trunk/heimdal/lib/hcrypto/rand-unix.c trunk/heimdal/lib/hcrypto/rand.c trunk/heimdal/lib/hcrypto/test_rsa.c trunk/heimdal/lib/hcrypto/ui.c trunk/heimdal/lib/hdb/Makefile.am trunk/heimdal/lib/hdb/common.c trunk/heimdal/lib/hdb/db.c trunk/heimdal/lib/hdb/db3.c trunk/heimdal/lib/hdb/dbinfo.c trunk/heimdal/lib/hdb/ext.c trunk/heimdal/lib/hdb/hdb-ldap.c trunk/heimdal/lib/hdb/hdb.c trunk/heimdal/lib/hdb/keys.c trunk/heimdal/lib/hdb/keytab.c trunk/heimdal/lib/hdb/mkey.c trunk/heimdal/lib/hdb/ndbm.c trunk/heimdal/lib/hdb/print.c trunk/heimdal/lib/hdb/version-script.map trunk/heimdal/lib/hx509/ChangeLog trunk/heimdal/lib/hx509/Makefile.am trunk/heimdal/lib/hx509/cert.c trunk/heimdal/lib/hx509/cms.c trunk/heimdal/lib/hx509/file.c trunk/heimdal/lib/hx509/hxtool-commands.in trunk/heimdal/lib/hx509/hxtool.c trunk/heimdal/lib/hx509/ks_dir.c trunk/heimdal/lib/hx509/ks_file.c trunk/heimdal/lib/hx509/ks_p12.c trunk/heimdal/lib/hx509/req.c trunk/heimdal/lib/hx509/revoke.c trunk/heimdal/lib/hx509/softp11.c trunk/heimdal/lib/hx509/version-script.map trunk/heimdal/lib/kadm5/ad.c trunk/heimdal/lib/kadm5/chpass_s.c trunk/heimdal/lib/kadm5/init_c.c trunk/heimdal/lib/kadm5/ipropd_slave.c trunk/heimdal/lib/kadm5/log.c trunk/heimdal/lib/kadm5/password_quality.c trunk/heimdal/lib/kafs/ChangeLog trunk/heimdal/lib/kafs/common.c trunk/heimdal/lib/krb5/Makefile.am trunk/heimdal/lib/krb5/acache.c trunk/heimdal/lib/krb5/acl.c trunk/heimdal/lib/krb5/addr_families.c trunk/heimdal/lib/krb5/auth_context.c trunk/heimdal/lib/krb5/build_auth.c trunk/heimdal/lib/krb5/cache.c trunk/heimdal/lib/krb5/changepw.c trunk/heimdal/lib/krb5/config_file.c trunk/heimdal/lib/krb5/context.c trunk/heimdal/lib/krb5/convert_creds.c trunk/heimdal/lib/krb5/copy_host_realm.c trunk/heimdal/lib/krb5/creds.c trunk/heimdal/lib/krb5/crypto.c trunk/heimdal/lib/krb5/data.c
svn commit: lorikeet r800 - in trunk/heimdal: .
Author: abartlet Date: 2008-07-28 06:24:17 + (Mon, 28 Jul 2008) New Revision: 800 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=800 Log: Remove gss_wrap_ex patch from heimdal-lorikeet.diff Keep the NTLM parts in wrap_ex_ntlm.diff for the moment (re-integrate when we finish the work with metze on a working gss_wrap_ex()). Andrew Bartlett Added: trunk/heimdal/wrap_ex_ntlm.diff Modified: trunk/heimdal/heimdal-lorikeet.diff Changeset: Sorry, the patch is too large (1852 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=800
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-171-g88970c4
The branch, v4-0-test has been updated
via 88970c4d4192635544cf63e79e929e9bb05ecb5f (commit)
from 7e90cc197c4fb2884f368cd72f391d0d8016fb96 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 88970c4d4192635544cf63e79e929e9bb05ecb5f
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Mon Jul 28 09:29:42 2008 +0200
auth/credentials: explain why we need to the enctypes for the gssapi layer
metze
---
Summary of changes:
source/auth/credentials/credentials_krb5.c | 12 +++-
1 files changed, 11 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/credentials/credentials_krb5.c
b/source/auth/credentials/credentials_krb5.c
index c4c5839..1a2d5fa 100644
--- a/source/auth/credentials/credentials_krb5.c
+++ b/source/auth/credentials/credentials_krb5.c
@@ -392,7 +392,17 @@ _PUBLIC_ int cli_credentials_get_client_gss_creds(struct
cli_credentials *cred,
return ret;
}
- /* transfer the enctypes from the smb_krb5_context to the gssapi layer
*/
+ /*
+* transfer the enctypes from the smb_krb5_context to the gssapi layer
+*
+* We use 'our' smb_krb5_context to do the AS-REQ and it is possible
+* to configure the enctypes via the krb5.conf.
+*
+* And the gss_init_sec_context() creates it's own krb5_context and
+* the TGS-REQ had all enctypes in it and only the ones configured
+* and used for the AS-REQ, so it wasn't possible to disable the usage
+* of AES keys.
+*/
min_stat =
krb5_get_default_in_tkt_etypes(ccache-smb_krb5_context-krb5_context,
etypes);
if (min_stat == 0) {
--
Samba Shared Repository
svn commit: lorikeet r801 - in trunk/heimdal: . lib/krb5
Author: abartlet Date: 2008-07-28 09:31:00 + (Mon, 28 Jul 2008) New Revision: 801 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=lorikeetrev=801 Log: Revert back to using the extra argument on send_to_kdc, until Samba moves to the plugin version of this function. Andrew Bartlett Modified: trunk/heimdal/heimdal-lorikeet.diff trunk/heimdal/lib/krb5/krb5.h trunk/heimdal/lib/krb5/send_to_kdc.c Changeset: Modified: trunk/heimdal/heimdal-lorikeet.diff === --- trunk/heimdal/heimdal-lorikeet.diff 2008-07-28 06:24:17 UTC (rev 800) +++ trunk/heimdal/heimdal-lorikeet.diff 2008-07-28 09:31:00 UTC (rev 801) @@ -180,3 +180,28 @@ ret = _krb5_principalname2krb5_principal (context, tmp_principal, rep-kdc_rep.cname, +Index: lib/krb5/send_to_kdc.c +=== +--- lib/krb5/send_to_kdc.c (revision 800) lib/krb5/send_to_kdc.c (working copy) +@@ -385,7 +385,7 @@ +struct send_to_kdc *s = context-send_to_kdc; + +ret = (*s-func)(context, s-data, +-hi, send_data, receive); ++hi, context-kdc_timeout, send_data, receive); +if (ret == 0 receive-length != 0) +goto out; +continue; +Index: lib/krb5/krb5.h +=== +--- lib/krb5/krb5.h(revision 800) lib/krb5/krb5.h(working copy) +@@ -725,6 +725,7 @@ + typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, +void *, +krb5_krbhst_info *, ++ time_t timeout, +const krb5_data *, +krb5_data *); + Modified: trunk/heimdal/lib/krb5/krb5.h === --- trunk/heimdal/lib/krb5/krb5.h 2008-07-28 06:24:17 UTC (rev 800) +++ trunk/heimdal/lib/krb5/krb5.h 2008-07-28 09:31:00 UTC (rev 801) @@ -725,6 +725,7 @@ typedef krb5_error_code (*krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, +time_t timeout, const krb5_data *, krb5_data *); Modified: trunk/heimdal/lib/krb5/send_to_kdc.c === --- trunk/heimdal/lib/krb5/send_to_kdc.c2008-07-28 06:24:17 UTC (rev 800) +++ trunk/heimdal/lib/krb5/send_to_kdc.c2008-07-28 09:31:00 UTC (rev 801) @@ -385,7 +385,7 @@ struct send_to_kdc *s = context-send_to_kdc; ret = (*s-func)(context, s-data, - hi, send_data, receive); + hi, context-kdc_timeout, send_data, receive); if (ret == 0 receive-length != 0) goto out; continue;
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-178-g4b13708
The branch, v4-0-test has been updated
via 4b137085c8b89773d4639372bbffd516a41dfc8f (commit)
via bace931ad674b5071d53bf9c99c383f1d8957e1b (commit)
via b1d05e7d14c65133e8ab0ff9d41a26fa7e3d41d3 (commit)
via 486891bb5167034e54b7477ba09e8f5f914b93e4 (commit)
via 31a303c099e26423160010c48b305434d4cbea25 (commit)
via e2d16397606d38e90684d2d916b5b967cde4 (commit)
via b8770a4fd8408473593fa4c6600bce056183958d (commit)
from 88970c4d4192635544cf63e79e929e9bb05ecb5f (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 4b137085c8b89773d4639372bbffd516a41dfc8f
Author: Andrew Bartlett [EMAIL PROTECTED]
Date: Mon Jul 28 20:51:02 2008 +1000
We don't use EXTENSIBLEOBJECT any more.
commit bace931ad674b5071d53bf9c99c383f1d8957e1b
Author: Andrew Bartlett [EMAIL PROTECTED]
Date: Mon Jul 28 20:26:14 2008 +1000
Make it even clearer what to do next in the LDAP backend setup
commit b1d05e7d14c65133e8ab0ff9d41a26fa7e3d41d3
Author: Andrew Bartlett [EMAIL PROTECTED]
Date: Mon Jul 28 20:18:17 2008 +1000
Always print the slapd startup command
commit 486891bb5167034e54b7477ba09e8f5f914b93e4
Merge: 31a303c099e26423160010c48b305434d4cbea25
88970c4d4192635544cf63e79e929e9bb05ecb5f
Author: Andrew Bartlett [EMAIL PROTECTED]
Date: Mon Jul 28 18:39:37 2008 +1000
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into
4-0-abartlet
commit 31a303c099e26423160010c48b305434d4cbea25
Author: Andrew Bartlett [EMAIL PROTECTED]
Date: Mon Jul 28 08:04:43 2008 +1000
Remove unused variable
commit e2d16397606d38e90684d2d916b5b967cde4
Author: Andrew Bartlett [EMAIL PROTECTED]
Date: Mon Jul 28 08:04:15 2008 +1000
Remove unused function and make sensitive directories private.
commit b8770a4fd8408473593fa4c6600bce056183958d
Author: Andrew Bartlett [EMAIL PROTECTED]
Date: Mon Jul 28 08:02:18 2008 +1000
Fix warnings in new prefixMap code
---
Summary of changes:
source/dsdb/samdb/ldb_modules/schema_fsmo.c |1 -
source/dsdb/schema/schema_init.c|5 ++-
source/scripting/python/samba/provision.py | 36 ++
3 files changed, 12 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/dsdb/samdb/ldb_modules/schema_fsmo.c
b/source/dsdb/samdb/ldb_modules/schema_fsmo.c
index 2acc5c0..87ada85 100644
--- a/source/dsdb/samdb/ldb_modules/schema_fsmo.c
+++ b/source/dsdb/samdb/ldb_modules/schema_fsmo.c
@@ -150,7 +150,6 @@ static int schema_fsmo_add(struct ldb_module *module,
struct ldb_request *req)
static int schema_fsmo_extended(struct ldb_module *module, struct ldb_request
*req)
{
- WERROR status;
struct ldb_dn *schema_dn;
struct dsdb_schema *schema;
char *error_string = NULL;
diff --git a/source/dsdb/schema/schema_init.c b/source/dsdb/schema/schema_init.c
index 9b89594..85fdbe9 100644
--- a/source/dsdb/schema/schema_init.c
+++ b/source/dsdb/schema/schema_init.c
@@ -566,9 +566,10 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
return WERR_NOMEM;
}
for (i=0; i blob-ctr.dsdb.num_mappings; i++) {
+ char *oid;
(*prefixes)[i].id = blob-ctr.dsdb.mappings[i].id_prefix16;
- (*prefixes)[i].oid = talloc_strdup(mem_ctx,
blob-ctr.dsdb.mappings[i].oid.oid);
- (*prefixes)[i].oid = talloc_asprintf_append((*prefixes)[i].oid,
.);
+ oid = talloc_strdup(mem_ctx,
blob-ctr.dsdb.mappings[i].oid.oid);
+ (*prefixes)[i].oid = talloc_asprintf_append(oid, .);
(*prefixes)[i].oid_len =
strlen(blob-ctr.dsdb.mappings[i].oid.oid);
}
diff --git a/source/scripting/python/samba/provision.py
b/source/scripting/python/samba/provision.py
index 0119f40..441d662 100644
--- a/source/scripting/python/samba/provision.py
+++ b/source/scripting/python/samba/provision.py
@@ -133,26 +133,6 @@ findnss_uid = lambda names: findnss(pwd.getpwnam, names)[2]
findnss_gid = lambda names: findnss(grp.getgrnam, names)[2]
-def open_ldb(session_info, credentials, lp, dbname):
-Open a LDB, thrashing it if it is corrupt.
-
-:param session_info: auth session information
-:param credentials: credentials
-:param lp: Loadparm context
-:param dbname: Path of the database to open.
-:return: a Ldb object
-
-assert session_info is not None
-try:
-return Ldb(dbname, session_info=session_info, credentials=credentials,
- lp=lp)
-except LdbError, e:
-print e
-os.unlink(dbname)
-return Ldb(dbname, session_info=session_info, credentials=credentials,
- lp=lp)
-
-
def read_and_sub_file(file, subst_vars):
Read a file and sub in
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3432-g6dd1582
The branch, v3-3-test has been updated
via 6dd1582e3583ed3c0766db552a368ddb30af5f7d (commit)
via e8ae49fc2aadfeee696ad7fde1fee643e167537c (commit)
via e5d95c4f41c2fe25920b0b707f637a562cb23ed8 (commit)
via 67de7455b66b6c6c959e5e4ca1b8d97e2f4cf71d (commit)
via 18ea033909a5363c92530ed2a06a2b89be5e7c79 (commit)
from 1970eed1b79a5d9dc45eb96098d653ad62a20871 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit 6dd1582e3583ed3c0766db552a368ddb30af5f7d
Author: Michael Adam [EMAIL PROTECTED]
Date: Mon Jul 28 14:17:11 2008 +0200
run make idl after idl change to unify Primary:Kerberos* structs (e8ae49f)
Michael
commit e8ae49fc2aadfeee696ad7fde1fee643e167537c
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Thu Jul 24 08:20:06 2008 +0200
drsblobs.idl: unify the Primary:Kerberos and Primary:Kerberos-Newer-Keys
structs
metze
(cherry picked from commit 4b79a7678571ac2f7d5f827913fdcb419f5d2e20)
commit e5d95c4f41c2fe25920b0b707f637a562cb23ed8
Author: Michael Adam [EMAIL PROTECTED]
Date: Mon Jul 28 14:15:27 2008 +0200
run make idl after idl change give some unknowns a meaning (67de745)
Michael
commit 67de7455b66b6c6c959e5e4ca1b8d97e2f4cf71d
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Thu Jul 24 07:53:55 2008 +0200
drsblobs.idl: give some unknowns a meaning
metze
(cherry picked from commit 231e6f5ab2dc8a3e991a9872be252c6f14c6)
commit 18ea033909a5363c92530ed2a06a2b89be5e7c79
Author: Michael Adam [EMAIL PROTECTED]
Date: Mon Jul 28 14:08:34 2008 +0200
rpcclient: Set the pid filed of the outgoing DsBindInfo to 0.
This is for debugging and informational purposes only.
The assignment is implementation specific.
(WSPP docs, sec. 5.35).
Michael
---
Summary of changes:
source/librpc/gen_ndr/drsblobs.h | 61 ++---
source/librpc/gen_ndr/ndr_drsblobs.c | 445 +-
source/librpc/gen_ndr/ndr_drsblobs.h | 23 +--
source/librpc/idl/drsblobs.idl | 61 ++---
source/rpcclient/cmd_drsuapi.c |2 +-
5 files changed, 233 insertions(+), 359 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/librpc/gen_ndr/drsblobs.h b/source/librpc/gen_ndr/drsblobs.h
index c0db9e9..b0ab9ae 100644
--- a/source/librpc/gen_ndr/drsblobs.h
+++ b/source/librpc/gen_ndr/drsblobs.h
@@ -190,7 +190,7 @@ struct package_PrimaryKerberosString {
const char * string;/*
[relative,subcontext_size(size),subcontext(0),flag(LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_REMAINING)]
*/
};
-struct package_PrimaryKerberosKey {
+struct package_PrimaryKerberosKey3 {
uint16_t reserved1;/* [value(0)] */
uint16_t reserved2;/* [value(0)] */
uint32_t reserved3;/* [value(0)] */
@@ -203,8 +203,8 @@ struct package_PrimaryKerberosCtr3 {
uint16_t num_keys;
uint16_t num_old_keys;
struct package_PrimaryKerberosString salt;
- struct package_PrimaryKerberosKey *keys;
- struct package_PrimaryKerberosKey *old_keys;
+ struct package_PrimaryKerberosKey3 *keys;
+ struct package_PrimaryKerberosKey3 *old_keys;
uint32_t padding1;/* [value(0)] */
uint32_t padding2;/* [value(0)] */
uint32_t padding3;/* [value(0)] */
@@ -212,43 +212,38 @@ struct package_PrimaryKerberosCtr3 {
uint32_t padding5;/* [value(0)] */
};
-union package_PrimaryKerberosCtr {
- struct package_PrimaryKerberosCtr3 ctr3;/* [case(3)] */
-}/* [nodiscriminant] */;
-
-struct package_PrimaryKerberosBlob {
- uint32_t version;/* [value(3)] */
- union package_PrimaryKerberosCtr ctr;/* [switch_is(version)] */
-}/* [public] */;
-
-struct package_PrimaryKerberosNewerKey {
- uint32_t unknown1;/* [value(0)] */
- uint32_t unknown2;/* [value(0)] */
- uint32_t unknown3;/* [value(0x1000)] */
+struct package_PrimaryKerberosKey4 {
+ uint16_t reserved1;/* [value(0)] */
+ uint16_t reserved2;/* [value(0)] */
+ uint32_t reserved3;/* [value(0)] */
+ uint32_t iteration_count;
uint32_t keytype;
uint32_t value_len;/* [value((value?value-length:0))] */
DATA_BLOB *value;/*
[relative,subcontext_size(value_len),subcontext(0),flag(LIBNDR_FLAG_REMAINING)]
*/
};
-struct package_PrimaryKerberosNewerCtr4 {
+struct package_PrimaryKerberosCtr4 {
uint16_t num_keys;
- uint16_t unknown1;/* [value(0)] */
- uint16_t num_old_keys1;
- uint16_t num_old_keys2;
+ uint16_t num_service_keys;/* [value(0)] */
+ uint16_t num_old_keys;
+ uint16_t num_older_keys;
struct package_PrimaryKerberosString salt;
- uint32_t unknown2;/* [value(0x1000)] */
- struct package_PrimaryKerberosNewerKey *keys;
- struct
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2772-g0d4a3c2
The branch, v3-2-test has been updated via 0d4a3c2dfb07663dc9fded298e6b7b6c67029f71 (commit) from 3282f7289b7b33beeaa1ca649651cca6537a69af (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 0d4a3c2dfb07663dc9fded298e6b7b6c67029f71 Author: Karolin Seeger [EMAIL PROTECTED] Date: Mon Jul 28 15:26:19 2008 +0200 WHATSNEW: Update changes since 3.2.0. Karolin --- Summary of changes: WHATSNEW.txt |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 88bee81..c5f8b3c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -43,6 +43,7 @@ o Jeremy Allison [EMAIL PROTECTED] * Canonicalize servername in the printer functions to remove leading '\\' characters. * Fix option processing in smbcacls - add POPT_COMMON_CONNECTION. +* Fix bug creating files using DOS clients with mixed case files. o Jim Brown [EMAIL PROTECTED] -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-0-100-gda771f1
The branch, v3-2-stable has been updated
via da771f13af99388005df60e2bec5c5ee5a2f5d95 (commit)
via 9fcced79a072c5c44f42c8fd3755da03c052a45e (commit)
via 0c6c114d8f6ec0b06cf32471ec860271c18bbbc6 (commit)
from 807e2842db8ac88798f454e7b32c52cb53229fc5 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable
- Log -
commit da771f13af99388005df60e2bec5c5ee5a2f5d95
Author: Karolin Seeger [EMAIL PROTECTED]
Date: Mon Jul 28 15:26:19 2008 +0200
WHATSNEW: Update changes since 3.2.0.
Karolin
(cherry picked from commit 0d4a3c2dfb07663dc9fded298e6b7b6c67029f71)
commit 9fcced79a072c5c44f42c8fd3755da03c052a45e
Author: Volker Lendecke [EMAIL PROTECTED]
Date: Fri Jul 25 23:30:53 2008 +0200
Fix an incompatible pointer warning
(cherry picked from commit 3282f7289b7b33beeaa1ca649651cca6537a69af)
commit 0c6c114d8f6ec0b06cf32471ec860271c18bbbc6
Author: Jeremy Allison [EMAIL PROTECTED]
Date: Fri Jul 25 13:14:57 2008 -0700
Fix bug creating files using DOS clients with mixed
case files. Reported by Daniel Johnson [EMAIL PROTECTED].
The smb_set_file_time() call to set the filetimes is failing
because it's using the unmodified name passed in by the
client, not the modified name (matching case on the
disk) that comes out from create_file().
Jeremy.
(cherry picked from commit d54fe83b16c187847a975df373e73d56111d7f21)
---
Summary of changes:
WHATSNEW.txt|1 +
source/smbd/reply.c |2 +-
source/winbindd/winbindd_user.c |4 ++--
3 files changed, 4 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 88bee81..c5f8b3c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -43,6 +43,7 @@ o Jeremy Allison [EMAIL PROTECTED]
* Canonicalize servername in the printer functions to remove leading
'\\' characters.
* Fix option processing in smbcacls - add POPT_COMMON_CONNECTION.
+* Fix bug creating files using DOS clients with mixed case files.
o Jim Brown [EMAIL PROTECTED]
diff --git a/source/smbd/reply.c b/source/smbd/reply.c
index 2506ff9..ac9ccd6 100644
--- a/source/smbd/reply.c
+++ b/source/smbd/reply.c
@@ -2000,7 +2000,7 @@ void reply_mknew(struct smb_request *req)
}
ts[0] = get_atimespec(sbuf); /* atime. */
- status = smb_set_file_time(conn, fsp, fname, sbuf, ts, true);
+ status = smb_set_file_time(conn, fsp, fsp-fsp_name, sbuf, ts, true);
if (!NT_STATUS_IS_OK(status)) {
END_PROFILE(SMBcreate);
reply_openerror(req, status);
diff --git a/source/winbindd/winbindd_user.c b/source/winbindd/winbindd_user.c
index 4591838..19feec3 100644
--- a/source/winbindd/winbindd_user.c
+++ b/source/winbindd/winbindd_user.c
@@ -184,7 +184,7 @@ static void getpwsid_queryuser_recv(void *private_data,
bool success,
const char *full_name,
const char *homedir,
const char *shell,
- uint32 gid,
+ gid_t gid,
uint32 group_rid);
static void getpwsid_sid2uid_recv(void *private_data, bool success, uid_t uid);
static void getpwsid_sid2gid_recv(void *private_data, bool success, gid_t gid);
@@ -223,7 +223,7 @@ static void getpwsid_queryuser_recv(void *private_data,
bool success,
const char *full_name,
const char *homedir,
const char *shell,
- uint32 gid,
+ gid_t gid,
uint32 group_rid)
{
fstring username;
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-185-g73964f0
The branch, v4-0-test has been updated
via 73964f069056f46f2f27fc690e42e5c91ae1fe19 (commit)
via 0c6d988f2083067e1ac7b07a492f88cefd3ba906 (commit)
via 2844e361730a6bc640ea89d0e10059deca1ca867 (commit)
via 5b3ba3f3556e8031133128853cd2324ee3852aa1 (commit)
via 8bc12dc77a59e792830d96e84a4e8d1b2c651505 (commit)
via 93203e8e318dd10b9e7096e586187eb271d42134 (commit)
via 35ee165b146b9157b0cff49e1139a0cb37d98926 (commit)
from 4b137085c8b89773d4639372bbffd516a41dfc8f (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 73964f069056f46f2f27fc690e42e5c91ae1fe19
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Mon Jul 28 16:11:30 2008 +0200
gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys
work
SMB signing with aes doesn't work, but still works with
arcfour-hmac-md5, des-cbc-md5 and des-cbc-crc.
metze
commit 0c6d988f2083067e1ac7b07a492f88cefd3ba906
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Mon Jul 28 15:49:46 2008 +0200
libcli/smb2: the session key for SMB2 signing is truncated to 16 bytes
To make that work (as a client) with aes128 and aes256 krb5 keys
we need to use gsskrb5_get_subkey().
metze
commit 2844e361730a6bc640ea89d0e10059deca1ca867
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Mon Jun 9 21:57:05 2008 +0200
smb2srv: sign SMB2 Logoff replies
metze
commit 5b3ba3f3556e8031133128853cd2324ee3852aa1
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Mon Jun 9 21:45:19 2008 +0200
smb2srv: correctly hold the signing state per session
metze
commit 8bc12dc77a59e792830d96e84a4e8d1b2c651505
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Mon Jun 9 21:57:41 2008 +0200
libcli/smb2: fix per session signing state
metze
commit 93203e8e318dd10b9e7096e586187eb271d42134
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Mon Jun 9 21:41:55 2008 +0200
SMB2-CONNECT: remove reference to req-session before calling
smb2_logoff_recv() on the invalid session
metze
commit 35ee165b146b9157b0cff49e1139a0cb37d98926
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Mon Jun 9 21:41:06 2008 +0200
libcli/smb2: sign SMB2 Logoff requests
metze
---
Summary of changes:
source/auth/gensec/gensec_gssapi.c |6 +++---
source/libcli/smb2/connect.c |8
source/libcli/smb2/logoff.c|2 ++
source/libcli/smb2/session.c | 10 +-
source/libcli/smb2/signing.c |9 -
source/libcli/smb2/smb2.h |9 +++--
source/libcli/smb2/transport.c |6 ++
source/smb_server/smb2/negprot.c |2 +-
source/smb_server/smb2/receive.c | 21 +++--
source/smb_server/smb2/sesssetup.c | 34 ++
source/smb_server/smb_server.h |7 ++-
source/torture/smb2/connect.c | 11 ++-
12 files changed, 81 insertions(+), 44 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/gensec/gensec_gssapi.c
b/source/auth/gensec/gensec_gssapi.c
index 205d8a0..c20cf4f 100644
--- a/source/auth/gensec/gensec_gssapi.c
+++ b/source/auth/gensec/gensec_gssapi.c
@@ -1152,9 +1152,9 @@ static NTSTATUS gensec_gssapi_session_key(struct
gensec_security *gensec_securit
return NT_STATUS_OK;
}
- maj_stat = gsskrb5_get_initiator_subkey(min_stat,
-
gensec_gssapi_state-gssapi_context,
- subkey);
+ maj_stat = gsskrb5_get_subkey(min_stat,
+ gensec_gssapi_state-gssapi_context,
+ subkey);
if (maj_stat != 0) {
DEBUG(1, (NO session key for this mech\n));
return NT_STATUS_NO_USER_SESSION_KEY;
diff --git a/source/libcli/smb2/connect.c b/source/libcli/smb2/connect.c
index cdb5e3b..c89c109 100644
--- a/source/libcli/smb2/connect.c
+++ b/source/libcli/smb2/connect.c
@@ -112,19 +112,19 @@ static void continue_negprot(struct smb2_request *req)
composite_error(c, NT_STATUS_ACCESS_DENIED);
return;
}
- transport-signing.doing_signing = false;
+ transport-signing_required = false;
break;
case SMB_SIGNING_SUPPORTED:
case SMB_SIGNING_AUTO:
if (transport-negotiate.security_mode
SMB2_NEGOTIATE_SIGNING_REQUIRED) {
- transport-signing.doing_signing = true;
+ transport-signing_required = true;
} else {
- transport-signing.doing_signing = false;
+
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-186-gc2186d5
The branch, v4-0-test has been updated via c2186d5d60aa2b57ecafaa57f9fd41f2a6717046 (commit) from 73964f069056f46f2f27fc690e42e5c91ae1fe19 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit c2186d5d60aa2b57ecafaa57f9fd41f2a6717046 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Jul 28 16:40:21 2008 +0200 rpc_server: remove unused variable metze --- Summary of changes: source/rpc_server/dcerpc_server.c |1 - 1 files changed, 0 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/rpc_server/dcerpc_server.c b/source/rpc_server/dcerpc_server.c index cb07f6e..9558949 100644 --- a/source/rpc_server/dcerpc_server.c +++ b/source/rpc_server/dcerpc_server.c @@ -947,7 +947,6 @@ _PUBLIC_ NTSTATUS dcesrv_reply(struct dcesrv_call_state *call) uint32_t length; struct data_blob_list_item *rep; struct ncacn_packet pkt; - const uint32_t overhead = (DCERPC_MAX_SIGN_SIZE+DCERPC_RESPONSE_LENGTH); rep = talloc(call, struct data_blob_list_item); NT_STATUS_HAVE_NO_MEMORY(rep); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2773-g8ab79b1
The branch, v3-2-test has been updated
via 8ab79b1d009d53e414b90e4a0ab8fc7a4889b6df (commit)
from 0d4a3c2dfb07663dc9fded298e6b7b6c67029f71 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -
commit 8ab79b1d009d53e414b90e4a0ab8fc7a4889b6df
Author: Volker Lendecke [EMAIL PROTECTED]
Date: Mon Jul 28 17:52:35 2008 +0200
Attempt to fix bug 5616
We were calculating the session key but did not return it to the caller...
---
Summary of changes:
source/rpc_client/cli_netlogon.c | 15 ++-
1 files changed, 6 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index 851a4a8..38ff41c 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -424,8 +424,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct
rpc_pipe_client *cli,
union netr_Validation validation;
struct netr_ChallengeResponse lm;
struct netr_ChallengeResponse nt;
- struct netr_UserSessionKey user_session_key;
- struct netr_LMSessionKey lmsesskey;
*info3 = NULL;
@@ -500,15 +498,14 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct
rpc_pipe_client *cli,
return result;
}
- user_session_key = validation.sam3-base.key;
- lmsesskey = validation.sam3-base.LMSessKey;
-
- if (memcmp(zeros, user_session_key.key, 16) != 0) {
- SamOEMhash(user_session_key.key, cli-dc-sess_key, 16);
+ if (memcmp(zeros, validation.sam3-base.key.key, 16) != 0) {
+ SamOEMhash(validation.sam3-base.key.key,
+ cli-dc-sess_key, 16);
}
- if (memcmp(zeros, lmsesskey.key, 8) != 0) {
- SamOEMhash(lmsesskey.key, cli-dc-sess_key, 8);
+ if (memcmp(zeros, validation.sam3-base.LMSessKey.key, 8) != 0) {
+ SamOEMhash(validation.sam3-base.LMSessKey.key,
+ cli-dc-sess_key, 8);
}
if (memcmp(zeros, ret_creds.cred.data, sizeof(ret_creds.cred.data)) !=
0) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3433-gb63a6a1
The branch, v3-3-test has been updated
via b63a6a1fd6a96bbafd88cacb9493bfea9944d404 (commit)
from 6dd1582e3583ed3c0766db552a368ddb30af5f7d (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -
commit b63a6a1fd6a96bbafd88cacb9493bfea9944d404
Author: Volker Lendecke [EMAIL PROTECTED]
Date: Mon Jul 28 17:52:35 2008 +0200
Attempt to fix bug 5616
We were calculating the session key but did not return it to the caller...
(cherry picked from commit 8ab79b1d009d53e414b90e4a0ab8fc7a4889b6df)
---
Summary of changes:
source/rpc_client/cli_netlogon.c | 15 ++-
1 files changed, 6 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index fcce18d..e96d724 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -333,8 +333,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct
rpc_pipe_client *cli,
union netr_Validation validation;
struct netr_ChallengeResponse lm;
struct netr_ChallengeResponse nt;
- struct netr_UserSessionKey user_session_key;
- struct netr_LMSessionKey lmsesskey;
*info3 = NULL;
@@ -409,15 +407,14 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct
rpc_pipe_client *cli,
return result;
}
- user_session_key = validation.sam3-base.key;
- lmsesskey = validation.sam3-base.LMSessKey;
-
- if (memcmp(zeros, user_session_key.key, 16) != 0) {
- SamOEMhash(user_session_key.key, cli-dc-sess_key, 16);
+ if (memcmp(zeros, validation.sam3-base.key.key, 16) != 0) {
+ SamOEMhash(validation.sam3-base.key.key,
+ cli-dc-sess_key, 16);
}
- if (memcmp(zeros, lmsesskey.key, 8) != 0) {
- SamOEMhash(lmsesskey.key, cli-dc-sess_key, 8);
+ if (memcmp(zeros, validation.sam3-base.LMSessKey.key, 8) != 0) {
+ SamOEMhash(validation.sam3-base.LMSessKey.key,
+ cli-dc-sess_key, 8);
}
if (memcmp(zeros, ret_creds.cred.data, sizeof(ret_creds.cred.data)) !=
0) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-187-g9678085
The branch, v4-0-test has been updated
via 9678085f75b6cb0ed068e22f3d9f94247b200ce2 (commit)
from c2186d5d60aa2b57ecafaa57f9fd41f2a6717046 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -
commit 9678085f75b6cb0ed068e22f3d9f94247b200ce2
Author: Stefan Metzmacher [EMAIL PROTECTED]
Date: Mon Jul 28 17:59:17 2008 +0200
Revert gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with
aes keys work
This reverts commit 73964f069056f46f2f27fc690e42e5c91ae1fe19.
This breaks more than it gains:-( It seems to break the ncacn_np session key
metze
---
Summary of changes:
source/auth/gensec/gensec_gssapi.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/auth/gensec/gensec_gssapi.c
b/source/auth/gensec/gensec_gssapi.c
index c20cf4f..205d8a0 100644
--- a/source/auth/gensec/gensec_gssapi.c
+++ b/source/auth/gensec/gensec_gssapi.c
@@ -1152,9 +1152,9 @@ static NTSTATUS gensec_gssapi_session_key(struct
gensec_security *gensec_securit
return NT_STATUS_OK;
}
- maj_stat = gsskrb5_get_subkey(min_stat,
- gensec_gssapi_state-gssapi_context,
- subkey);
+ maj_stat = gsskrb5_get_initiator_subkey(min_stat,
+
gensec_gssapi_state-gssapi_context,
+ subkey);
if (maj_stat != 0) {
DEBUG(1, (NO session key for this mech\n));
return NT_STATUS_NO_USER_SESSION_KEY;
--
Samba Shared Repository
Build status as of Tue Jul 29 00:00:03 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-07-28 00:00:32.0 + +++ /home/build/master/cache/broken_results.txt 2008-07-29 00:00:30.0 + @@ -1,20 +1,20 @@ -Build status as of Mon Jul 28 00:00:02 2008 +Build status as of Tue Jul 29 00:00:03 2008 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 33 8 0 +ccache 32 8 0 ctdb 0 0 0 distcc 1 0 0 -ldb 32 32 0 +ldb 33 32 0 libreplace 32 12 0 lorikeet-heimdal 26 19 0 pidl 18 18 0 ppp 10 0 0 rsync33 11 0 samba-docs 0 0 0 -samba-gtk3 3 0 -samba_3_2_test 33 20 0 +samba-gtk4 4 0 +samba_3_2_test 32 21 0 samba_4_0_test 31 28 0 smb-build31 5 0 talloc 33 7 0
