date:20080730

Re: [Samba] Re: SAMBA / CUPS

2008-07-30 Thread devel

Hi

I think this is pretty well documented in Samba Official Howto §21 -
Setting Device Modes on New Printers

François

 Dear all,

 I am new to CUPS. I found an installation of CUPS with SAMBA that we
 will deploy soon but there are a couple of problems I need to solve
 beforehand and your help would be really appreciated.

 I have RedHat 5.1 installation with the following :

 CUPS 1.3.7 and SAMBA 3.0.25b

 My smb.conf relevant details looks like this :

 [global]

 ## GLOBAL SETTINGS
   netbios name = TASSIN
   server string = Samba Print Server
   workgroup = DOM NAME
   security = domain
   encrypt passwords = yes
   password server = P  Z

 ## WINBIND SETTINGS
   idmap uid = 1-2
   idmap gid = 1-2
   winbind separator = /

 ## LOG SETTINGS
   log level = 2
   log file = /var/log/samba/log.%m
   max log size = 1000

 ## NETWORK SETTINGS
   wins server = X , Y
   name resolve order = hosts wins
   interfaces = Z
   smb ports = 139
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   hosts allow = 10. 127. 172. 193. 192.
   include = /etc/samba/jessie.conf
   include = /etc/samba/janey.conf

 ## DOMAIN SETTINGS
   domain master = no
   local master = no
   preferred master = no
   os level = 0

 ## PRINTER SETTINGS
   load printers = yes
   printing = cups
   printcap name = cups
   cups options = raw

 [printers]
   comment = All printers
   path = /var/spool/samba
   browseable = no
   public = yes
   guest ok = yes
   writable = yes
   printable = yes
   use client driver = no
   printer admin = filled in properly

 [print$]
   comment = Printer drivers
   path = /var/lib/samba/printers
   browseable = yes
   guest ok = no
   read only = yes
   write list = filled in properly
   create mask = 0664
   directory mask = 0775


 We use windows clients and I am trying to set all printers in duplex
 mode. My problem is that I do it with a correct domain user but the
 setting sometimes is kept and sometimes is lost after sometime. Can
 someone tell me where these settings are stored ?

 Many thanks
 Konrad
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  https://lists.samba.org/mailman/listinfo/samba



-- 
François Legal
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Sharing Printer Stop Working: error writing spool : NT_STATUS_ACCESS_DENIED

2008-07-30 Thread David Kuntadi

Edit,

Iam not sure what cause the print server to stop working as samba has
NEVER been upgraded.

Looks like other upgrade has caused this problem but still not sure
what upgrade.

DK

On Wed, Jul 30, 2008 at 9:41 AM, David Kuntadi [EMAIL PROTECTED] wrote:
 Previously I have a working print server using samba with below setting:

 [global]
  printcap name = cups
  printing = cups
  security = share
 [printers]
  browseable = yes
  printable = yes
  public = yes
  create mode = 0700
  guest only = yes
  use client driver = yes
  guest account = smbprint
  path = /home/smbprint


 I could print both from linux and windows XP.

 But recently (Samba 3.0.22), it stopped working, both linux and
 windows XP. The message in the linux client computer is:

 Ready: /usr/lib/cups/filter/foomatic-rip failed

 When I set the log to debug level, I could see the actual error is:
 error writing spool : NT_STATUS_ACCESS_DENIED

 I have checked that the smbprint system user still exist:
 /usr/sbin/adduser --system --disabled-password smbprint

 May I know how to solve this issue other than to downgrade samba?

 Regards
 David

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem upgrading 3.0.23-3.0.26

2008-07-30 Thread Helmut Hullen

Hallo, Linda,

Du (samba) meintest am 29.07.08:

 I'm trying to upgrade and old server from the 3.0.23 to the 3.0.26

 version (suse93-suse103)
(for brevity, abbreviating 3.0.23-.23, and 3.0.26-.26)

The actual version is 3.0.31 - I had some trouble with versions below  
3.0.29 (and much trouble with 3.0.23 ...)

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Must re-join to domain after server reboot

2008-07-30 Thread Vladimir Shiray



Hi

We have Windows 2003 AD Domain Controller and a linux servers which join 
in NT4-style domain.

idmap is configured to use LDAP (openldap on a linux server).

After we run:
  smbpasswd -W
  net join rpc -S server -U administrator
  /usr/sbin/smbd -D
  /usr/sbin/nmbd -D
  /usr/sbin/winbindd -D

wbinfo -u  and wbinfo -g get a list users and groups from a domain.

if we restart all Samba processes on a server it stay working also.

But when we reboot a server it stop working and produce error in 
winbindd log:

   Could not receive trustdoms

So we must re-join the domain manually and restart Samba processes.

What can be a problem ?

We tried 3.0.30 and 3.2.0 on Slackware-12.0 with the same result.
With unknown reason 3.0.31 was not able to join our domain at all.

We used the same config file for all versions and made clean up
before checking every version:
   remove  /etc/smaba/private/secrets.tdb
   remove all files from /var/cache/samba
   remove the server name from AD on the domain controller


Vladimir Shiray

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Stéphane PURNELLE

Hi,

I try to install a new driver on my print$ share using APW and I have this 
message : 

  move_driver_to_download_area: Unable to rename [W32X86/HPDCMON.DLL] to 
[W32X86/3/HPDCMON.DLL]

I have exacltly the same configuration (smb.conf, acl et right) than my 
older server.

Could anyone answer to me and help me ?

Stéphane

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Volker Lendecke

On Wed, Jul 30, 2008 at 02:21:20PM +0200, Stéphane PURNELLE wrote:
 Hi,
 
 I try to install a new driver on my print$ share using APW and I have this 
 message : 
 
   move_driver_to_download_area: Unable to rename [W32X86/HPDCMON.DLL] to 
 [W32X86/3/HPDCMON.DLL]
 
 I have exacltly the same configuration (smb.conf, acl et right) than my 
 older server.
 
 Could anyone answer to me and help me ?

Please send your smb.conf and a full debug level 10 log of
smbd leading to this failure.

Volker


pgpslUI4oQD7L.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Sharing Printer Stop Working: error writing spool : NT_STATUS_ACCESS_DENIED

2008-07-30 Thread John Drescher

On Tue, Jul 29, 2008 at 10:41 PM, David Kuntadi [EMAIL PROTECTED] wrote:
 Previously I have a working print server using samba with below setting:

 [global]
  printcap name = cups
  printing = cups
  security = share
 [printers]
  browseable = yes
  printable = yes
  public = yes
  create mode = 0700
  guest only = yes
  use client driver = yes
  guest account = smbprint
  path = /home/smbprint


 I could print both from linux and windows XP.

 But recently (Samba 3.0.22), it stopped working, both linux and
 windows XP. The message in the linux client computer is:

 Ready: /usr/lib/cups/filter/foomatic-rip failed

This looks like a cups problem to me. Investigate this cups error.

John
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Volker Lendecke

On Wed, Jul 30, 2008 at 02:53:22PM +0200, Stéphane PURNELLE wrote:
 Here my sqm.conf and smbd logfile

I'm afraid but I can not find the message
move_driver_to_download_area: Unable to rename in the
logfile. Mayb it has been rotated away due to your max log
size = 1000 setting? You might also want to compress the
logfile before sendig it.

Thanks,

Volker


pgpxXc43G9FIf.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Volker Lendecke

On Wed, Jul 30, 2008 at 03:42:01PM +0200, Stéphane PURNELLE wrote:
 excuse-me 
 
 here a compresses file of the log
 I changed the extension of file to bypass the anti-virus and zip file 
 filter.

[2008/07/30 15:37:57, 10] smbd/open.c:fd_open(64)
  fd_open: name W32X86/HPDCMON.DLL, flags = 00 mode = 0760, fd = -1. Resource 
temporarily unavailable
[2008/07/30 15:37:57,  3] smbd/open.c:open_file(318)
  Error opening file W32X86/HPDCMON.DLL (NT_STATUS_NETWORK_BUSY) 
(local_flags=0) (flags=0)


That's really weird. Can you try kernel oplocks = no, just
as an attempt?

Volker


pgpoIVFbcWzsH.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] weird Windows profile creation

2008-07-30 Thread Robert M. Martel - CSU




On Mon, Jul 28, 2008 at 10:15 AM, Christopher Perry
[EMAIL PROTECTED] wrote:

It seems weird. On 75% of my machines, it creates accounts as:
c:\documents and settings\username

on 25% of the machines, it creates them as:
c:\docments and settings\username.DOMAINNAME

These are fresh machines, so it's unclear to me where this behavior stems
from. We're not using roaming profiles.

Does anyone have any idea as to why this happens?



When I had a Samba PDC in use with roaming profiles we had the clients 
set to delete the roaming profiles at logoff.  Naturally MS Windows 
didn't always delete the locally cached copy of the roaming profile in 
spite of being told to do so.  On subsequent logins the roaming profile 
would be copied to c:\documents and settings\username.DOMAINNAME - which 
would break some applications (Thunderbird, Firefox) that expected their 
settings to be under c:\documents and settings\username.


Wasn't a Samba issue in our case b/c it was the client machine's failure 
to delete the local coy of the roaming profile that was the source of 
the issue.


-Bob

--
***
Bob Martel,System Administrator  I met someone who looks a lot like you
Levin College of Urban Affairs   She does the things you do
Cleveland State University   But she is an IBM
(216) 687-2214
[EMAIL PROTECTED]-Jeff Lynne
***
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Building Samba 3.2.0 on Solaris with Sun compiler

2008-07-30 Thread David Eisner

On Wed, Jul 30, 2008 at 10:23 AM, Douglas E. Engert [EMAIL PROTECTED] wrote:

 Solaris 10 comes with gcc in /usr/sfw/bin

I know.  But I was only able to get certain needed packages (looking
through notes ... )  -- I could only get heimdal to build with cc, but
not gcc.

In any case, it's nice that samba = 3.0.x was not GNU toolchain
specific, and it appears that there's no reason 3.2.0 has to be,
either.

-David


-- 
David Eisner http://cradle.brokenglass.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Stéphane PURNELLE

All data share (inclusive print$ share) is on a nbd mount.

$# mount
/dev/md1 on /rsrv type xfs (rw)

I use a software (lifekeeper) which use network block device for replicate 
all data to a othe server.

Stéphane

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

Volker Lendecke [EMAIL PROTECTED] a écrit sur 30/07/2008 
16:36:41 :

 On Wed, Jul 30, 2008 at 04:24:40PM +0200, Stéphane PURNELLE wrote:
  The strace file
 
 Hmmm. I need to check if we broke kernel oplocks = no. In
 the logfile there are still attempts to acquire Linux kernel
 oplocks.
 
 BTW, is the print$ share on a local file system, or possibly
 on an NFS imported file system?
 
 Volker
 [rattachement atthn9j4.dat supprimé par Stéphane 
PURNELLE/COR/SOPARIND] 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Volker Lendecke

On Wed, Jul 30, 2008 at 04:40:23PM +0200, Stéphane PURNELLE wrote:
 All data share (inclusive print$ share) is on a nbd mount.
 
 $# mount
 /dev/md1 on /rsrv type xfs (rw)
 
 I use a software (lifekeeper) which use network block device for replicate 
 all data to a othe server.

Ok, I'm lost now. For me using kernel oplocks = no stops
smbd from requesting oplocks from the kernel. If this does
not help for you, then there is something severely broken
with your build. Are you sure you have plain Samba sources
without patches? And, what is your exact platform?

Sorry,

Volker


pgpBLzeGIkUgm.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Stéphane PURNELLE

OS : redhat enterprise linux 5.1
Samba compiled from source
Spécial software : Lifekeeper (steeleye)

Configure parameter : 

./configure --with-ldap --with-acl-support --prefix=/usr/local 
--exec-prefix=/usr/local --bindir=/usr/local/bin --sbindir=/usr/local/sbin 
--libexecdir=/usr/local/libexec --datadir=/usr/local/share 
--sharedstatedir=/usr/local/com --localstatedir=/usr/local/var 
--libdir=/usr/local/lib --includedir=/usr/local/include 
--infodir=/usr/share/info --with-configdir=/srv/etc/samba 
--sysconfdir=/srv/etc/samba --mandir=/usr/local/man 
--with-privatedir=/srv/private --enable-cups

I just applied manually some patch from mail-list : 

From Jeremy - resolving the case :  v3.2.0 and MS-DOS: Directories must be 
upper-case??



From Jeremy - resolving the case : Creating Zone Identifier files and not 
able to read/write/delete them.


I don't use vfs objects = streams_xattr, but normally it must don't make 
problem.

If could thelp
Thanks,

Stéphane

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

Volker Lendecke [EMAIL PROTECTED] a écrit sur 30/07/2008 
17:06:28 :

 On Wed, Jul 30, 2008 at 04:40:23PM +0200, Stéphane PURNELLE wrote:
  All data share (inclusive print$ share) is on a nbd mount.
  
  $# mount
  /dev/md1 on /rsrv type xfs (rw)
  
  I use a software (lifekeeper) which use network block device for 
replicate 
  all data to a othe server.
 
 Ok, I'm lost now. For me using kernel oplocks = no stops
 smbd from requesting oplocks from the kernel. If this does
 not help for you, then there is something severely broken
 with your build. Are you sure you have plain Samba sources
 without patches? And, what is your exact platform?
 
 Sorry,
 
 Volker
 [rattachement att7u729.dat supprimé par Stéphane 
PURNELLE/COR/SOPARIND] -- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Volker Lendecke

On Wed, Jul 30, 2008 at 05:19:26PM +0200, Stéphane PURNELLE wrote:
 OS : redhat enterprise linux 5.1
 Samba compiled from source
 Spécial software : Lifekeeper (steeleye)

As a quick workaround, you might try to comment out lines
133-140 from source/smbd/oplock_linux.c until we find out
why on RHEL 5.1 kernel oplocks = no does not work. You
might want to file a bug for that.

Volker


pgpACDwKD6x6i.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] panic action on samba 3.2

2008-07-30 Thread Stéphane PURNELLE

Hi,

during I make a some du command (du -sh), samba has been disturb and sent 
a panic action : 

Last line of smbd.log : 

[2008/07/30 15:36:09,  0] lib/util_str.c:safe_strcpy_fn(709)
  ERROR: string overflow by 1 (16 - 15) in safe_strcpy 
[10.217.7.3/255.255.252.0]
[2008/07/30 16:04:43,  0] lib/util_str.c:safe_strcpy_fn(709)
  ERROR: string overflow by 1 (16 - 15) in safe_strcpy 
[10.217.7.3/255.255.252.0]
[2008/07/30 16:13:56,  0] lib/util_sock.c:get_peer_addr_internal(1596)
  getpeername failed. Error was Transport endpoint is not connected
[2008/07/30 16:34:59,  0] lib/util_str.c:safe_strcpy_fn(709)
  ERROR: string overflow by 1 (16 - 15) in safe_strcpy 
[10.217.7.3/255.255.252.0]
[2008/07/30 16:34:59,  0] lib/util_sock.c:get_peer_addr_internal(1596)
  getpeername failed. Error was Transport endpoint is not connected

Last line of smbd.log of smbd which start the panic action : 
[2008/07/30 16:30:13, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
(10.217.4.93) connect to service fsi initially as user fsi (uid=1179, 
gid=221) (pid 27143) 
[2008/07/30 16:39:08, 0] lib/util_str.c:safe_strcpy_fn(709) ERROR: string 
overflow by 1 (16 - 15) in safe_strcpy [10.217.7.3/255.255.252.0] 
[2008/07/30 16:39:30, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
(10.217.4.93) connect to service groupes initially as user fsi (uid=1179, 
gid=221) (pid 27143) 
[2008/07/30 16:46:58, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
(10.217.4.93) connect to service groupes initially as user fsi (uid=1179, 
gid=221) (pid 27143) 
[2008/07/30 16:47:22, 1] smbd/service.c:close_cnum(1401) crdfsim 
(10.217.4.93) closed connection to service groupes [2008/07/30 16:47:25, 
1] smbd/service.c:make_connection_snum(1190) crdfsim (10.217.4.93) connect 
to service groupes initially as user fsi (uid=1179, gid=221) (pid 27143) 
[2008/07/30 16:47:36, 1] smbd/service.c:close_cnum(1401) !
 crdfsim (10.217.4.93) closed connection to service groupes 
[2008/07/30 16:51:54, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
(10.217.4.93) connect to service groupes initially as user fsi (uid=1179, 
gid=221) (pid 27143) [2008/07/30 16:52:05, 0] 
smbd/nttrans.c:call_nt_transact_ioctl(2009) 
call_nt_transact_ioctl(0x9009c): Currently not implemented. 
[2008/07/30 16:52:17, 1] smbd/service.c:close_cnum(1401) crdfsim 
(10.217.4.93) closed connection to service groupes 
[2008/07/30 16:57:28, 1] smbd/service.c:close_cnum(1401) crdfsim 
(10.217.4.93) closed connection to service groupes 
[2008/07/30 16:57:29, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
(10.217.4.93) connect to service profiles initially as user fsi (uid=1179, 
gid=221) (pid 27143) 
[2008/07/30 16:57:36, 1] smbd/service.c:close_cnum(1401) crdfsim 
(10.217.4.93) closed connection to service fsi 
[2008/07/30 16:57:36, 0] lib/util_sec.c:set_effective_uid(204) setresuid 
failed with EAGAIN. uid(1179) might be ove!
 r its NPROC limit [2008/07/30 16:57:36, 0] lib/util_sec.c:asse!
 rt_uid(1
00) Failed to set uid privileges to (-1,1179) now set to (0,0) 
[2008/07/30 16:57:36, 0] lib/util.c:smb_panic(1666) PANIC (pid 27143): 
failed to set uid [2008/07/30 16:57:36, 0] 
lib/util.c:log_stack_trace(1770) BACKTRACE: 13 stack frames: 
#0 /usr/local/sbin/smbd(log_stack_trace+0x1a) [0x557d6b90] 
#1 /usr/local/sbin/smbd(smb_panic+0x5b) [0x557d6ca0] 
#2 /usr/local/sbin/smbd [0x557dc4d4] 
#3 /usr/local/sbin/smbd(set_effective_uid+0x74) [0x557dc817] 
#4 /usr/local/sbin/smbd [0x55646fd8] 
#5 /usr/local/sbin/smbd(set_sec_ctx+0xd8) [0x55647245] 
#6 /usr/local/sbin/smbd(change_to_user+0x5f0) [0x5563a3d2] 
#7 /usr/local/sbin/smbd [0x55656b81] 
#8 /usr/local/sbin/smbd [0x5565861a] 
#9 /usr/local/sbin/smbd(smbd_process+0xca7) [0x55659381] 
#10 /usr/local/sbin/smbd(main+0x1eb2) [0x559cfc77] 
#11 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2df428a4] 
#12 /usr/local/sbin/smbd [0x555e57d9] 
[2008/07/30 16:57:36, 0] lib/util.c:smb_panic(1671) smb_pani!
 c(): calling panic action [/srv/bin/panic.sh fsi crdfsim]


It's maybe normal.

thanks

Stéphane


---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Stéphane PURNELLE

Is kernel oplock use locking for fcntl ?
Because is kernel change log from RH, I have : 
[fs] fix locking for fcntl (Ed Pollard ) [430596] 

My samba is on production, I'am not sure than I will recompile my samba 
now.

Stéphane

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

Volker Lendecke [EMAIL PROTECTED] a écrit sur 30/07/2008 
17:26:43 :

 On Wed, Jul 30, 2008 at 05:19:26PM +0200, Stéphane PURNELLE wrote:
  OS : redhat enterprise linux 5.1
  Samba compiled from source
  Spécial software : Lifekeeper (steeleye)
 
 As a quick workaround, you might try to comment out lines
 133-140 from source/smbd/oplock_linux.c until we find out
 why on RHEL 5.1 kernel oplocks = no does not work. You
 might want to file a bug for that.
 
 Volker
 [rattachement attd3gco.dat supprimé par Stéphane 
PURNELLE/COR/SOPARIND] 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Jeremy Allison

On Wed, Jul 30, 2008 at 05:45:46PM +0200, Stéphane PURNELLE wrote:
 Is kernel oplock use locking for fcntl ?
 Because is kernel change log from RH, I have : 
 [fs] fix locking for fcntl (Ed Pollard ) [430596] 
 
 My samba is on production, I'am not sure than I will recompile my samba 
 now.

No, it doesn't use fcntl locks. It's a different mechanism.
It uses fcntl though :

fcntl(fd, F_SETLEASE, leasetype);

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] panic action on samba 3.2

2008-07-30 Thread Jeremy Allison

On Wed, Jul 30, 2008 at 05:29:05PM +0200, Stéphane PURNELLE wrote:
 Hi,
 
 during I make a some du command (du -sh), samba has been disturb and sent 
 a panic action : 
 
 Last line of smbd.log : 
 
 [2008/07/30 15:36:09,  0] lib/util_str.c:safe_strcpy_fn(709)
   ERROR: string overflow by 1 (16 - 15) in safe_strcpy 
 [10.217.7.3/255.255.252.0]
 [2008/07/30 16:04:43,  0] lib/util_str.c:safe_strcpy_fn(709)
   ERROR: string overflow by 1 (16 - 15) in safe_strcpy 
 [10.217.7.3/255.255.252.0]
 [2008/07/30 16:13:56,  0] lib/util_sock.c:get_peer_addr_internal(1596)
   getpeername failed. Error was Transport endpoint is not connected
 [2008/07/30 16:34:59,  0] lib/util_str.c:safe_strcpy_fn(709)
   ERROR: string overflow by 1 (16 - 15) in safe_strcpy 
 [10.217.7.3/255.255.252.0]
 [2008/07/30 16:34:59,  0] lib/util_sock.c:get_peer_addr_internal(1596)
   getpeername failed. Error was Transport endpoint is not connected
 
 Last line of smbd.log of smbd which start the panic action : 
 [2008/07/30 16:30:13, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
 (10.217.4.93) connect to service fsi initially as user fsi (uid=1179, 
 gid=221) (pid 27143) 
 [2008/07/30 16:39:08, 0] lib/util_str.c:safe_strcpy_fn(709) ERROR: string 
 overflow by 1 (16 - 15) in safe_strcpy [10.217.7.3/255.255.252.0] 
 [2008/07/30 16:39:30, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
 (10.217.4.93) connect to service groupes initially as user fsi (uid=1179, 
 gid=221) (pid 27143) 
 [2008/07/30 16:46:58, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
 (10.217.4.93) connect to service groupes initially as user fsi (uid=1179, 
 gid=221) (pid 27143) 
 [2008/07/30 16:47:22, 1] smbd/service.c:close_cnum(1401) crdfsim 
 (10.217.4.93) closed connection to service groupes [2008/07/30 16:47:25, 
 1] smbd/service.c:make_connection_snum(1190) crdfsim (10.217.4.93) connect 
 to service groupes initially as user fsi (uid=1179, gid=221) (pid 27143) 
 [2008/07/30 16:47:36, 1] smbd/service.c:close_cnum(1401) !
  crdfsim (10.217.4.93) closed connection to service groupes 
 [2008/07/30 16:51:54, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
 (10.217.4.93) connect to service groupes initially as user fsi (uid=1179, 
 gid=221) (pid 27143) [2008/07/30 16:52:05, 0] 
 smbd/nttrans.c:call_nt_transact_ioctl(2009) 
 call_nt_transact_ioctl(0x9009c): Currently not implemented. 
 [2008/07/30 16:52:17, 1] smbd/service.c:close_cnum(1401) crdfsim 
 (10.217.4.93) closed connection to service groupes 
 [2008/07/30 16:57:28, 1] smbd/service.c:close_cnum(1401) crdfsim 
 (10.217.4.93) closed connection to service groupes 
 [2008/07/30 16:57:29, 1] smbd/service.c:make_connection_snum(1190) crdfsim 
 (10.217.4.93) connect to service profiles initially as user fsi (uid=1179, 
 gid=221) (pid 27143) 
 [2008/07/30 16:57:36, 1] smbd/service.c:close_cnum(1401) crdfsim 
 (10.217.4.93) closed connection to service fsi 
 [2008/07/30 16:57:36, 0] lib/util_sec.c:set_effective_uid(204) setresuid 
 failed with EAGAIN. uid(1179) might be ove!
  r its NPROC limit [2008/07/30 16:57:36, 0] lib/util_sec.c:asse!
  rt_uid(1
 00) Failed to set uid privileges to (-1,1179) now set to (0,0) 
 [2008/07/30 16:57:36, 0] lib/util.c:smb_panic(1666) PANIC (pid 27143): 
 failed to set uid [2008/07/30 16:57:36, 0] 
 lib/util.c:log_stack_trace(1770) BACKTRACE: 13 stack frames: 
 #0 /usr/local/sbin/smbd(log_stack_trace+0x1a) [0x557d6b90] 
 #1 /usr/local/sbin/smbd(smb_panic+0x5b) [0x557d6ca0] 
 #2 /usr/local/sbin/smbd [0x557dc4d4] 
 #3 /usr/local/sbin/smbd(set_effective_uid+0x74) [0x557dc817] 
 #4 /usr/local/sbin/smbd [0x55646fd8] 
 #5 /usr/local/sbin/smbd(set_sec_ctx+0xd8) [0x55647245] 
 #6 /usr/local/sbin/smbd(change_to_user+0x5f0) [0x5563a3d2] 
 #7 /usr/local/sbin/smbd [0x55656b81] 
 #8 /usr/local/sbin/smbd [0x5565861a] 
 #9 /usr/local/sbin/smbd(smbd_process+0xca7) [0x55659381] 
 #10 /usr/local/sbin/smbd(main+0x1eb2) [0x559cfc77] 
 #11 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2df428a4] 
 #12 /usr/local/sbin/smbd [0x555e57d9] 
 [2008/07/30 16:57:36, 0] lib/util.c:smb_panic(1671) smb_pani!
  c(): calling panic action [/srv/bin/panic.sh fsi crdfsim]
 
 
 It's maybe normal.

Panics are never normal. Can you add the line :

panic action = /bin/sleep 9

and then catch the parent of the sleep process
in gdb and get a backtrace please ?

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.2 breaks ppp winbind plugin

2008-07-30 Thread Pim Zandbergen


Andrew Bartlett wrote:

On Tue, 2008-07-29 at 18:13 +0200, Pim Zandbergen wrote:
  
We have a system running fedora 8 using pptpd from the poptop yum 
repository.

See http://www.poptop.org/

pptpd/pppd use the winbind plugin from the ppp package to authenticate 
to Active Directory.
This works just fine. 


Then I found the same setup would not work on a fedora 9 setup.



So, this is winbind from Samba 3 (Fedora 8) failing to work with a Samba
3.2 PDC from Fedora 9?

  
No, this is Samba 3.2 (Fedora 9) failing to work with a Windows 2003 
Server PDC,

where Samba 3.0 (Fedora 8) works fine.

What's happening when things don't work is that the XP client
comes with this error, after a successful authentication:

Error 778: It was not possible to verify the identity of the server
Wireshark shows that the XP client is terminating the connection
immediately after a successful CHAP handshake.



This almost certainly means the session key returned from the PDC to the
member server (where winbind and radius are) and calculated into the
MSCHAPv2 response is incorrect/missing/etc.

Look for it being missing first - check with strace/gdb/etc in pppd to
see what broke about the interaction with ntlm_auth.   
  


I ran ntlm_auth by hand on both systems in manual mode. Both work fine.
But pppd calls ntlm_auth using a special protocol, made for pppd.
I will probably have to capture this interaction and see the differences.

It would help if I would understand what else is in the MSCHAPv2 response
other than the authentication was successful, because it always is, and
why the Windows client still is not satisfied.

Pim



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba disregarding lock of files

2008-07-30 Thread André Moreira

Hello all,

I'm having a very strange problem with Samba.

I have a PC running the samba server and a PC running the client. On both
PC's I am running the same application where I want some file access to be
blocked if any of the applications is using it. Good idea right?

I'm using fcntl to set and get the lock status of the files as is well
documented in a gazzilion pages about locking files. The files are locked
for writing and reading.

The strange part is that when I run two instances of the application on the
same PC, the files get locked and the applications can get the lock status
of the files, but when I run the applications through samba, the locks
simply seem to be disregarded. The file is opened (as if it wasn't locked),
and I can edit it, but when I try to close the file... only then I get a
message telling me that the file is locked!

I'm running both applications on Linux. The samba server is running with
oplocks = no (so no file caching SHOULD be happening) and locking=yes.

I actually have no idea of what is going on!

Any insight?

cheers
André
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.2 breaks ppp winbind plugin

2008-07-30 Thread Jeremy Allison

On Wed, Jul 30, 2008 at 06:55:15PM +0200, Pim Zandbergen wrote:
 I ran ntlm_auth by hand on both systems in manual mode. Both work fine.
 But pppd calls ntlm_auth using a special protocol, made for pppd.
 I will probably have to capture this interaction and see the differences.

Can you do this and post the working and non-working responses,
so we can track down what isn't working please ?

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] move_driver_to_download_area: Unable to rename samba3.2

2008-07-30 Thread Stéphane PURNELLE

Just a information : 

The running  kernel is (output of uname )  : 

 2.6.18-53.el5.xfs #2 SMP Wed Jan 16 16:07:41 CET 2008 x86_64 x86_64 
x86_64 GNU/Linux

Surprise : is a 64bits system ;-)

Best regards ,

Stéphane


---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

Jeremy Allison [EMAIL PROTECTED] a écrit sur 30/07/2008 17:50:40 :

 On Wed, Jul 30, 2008 at 05:45:46PM +0200, Stéphane PURNELLE wrote:
  Is kernel oplock use locking for fcntl ?
  Because is kernel change log from RH, I have : 
  [fs] fix locking for fcntl (Ed Pollard ) [430596] 
  
  My samba is on production, I'am not sure than I will recompile my 
samba 
  now.
 
 No, it doesn't use fcntl locks. It's a different mechanism.
 It uses fcntl though :
 
 fcntl(fd, F_SETLEASE, leasetype);
 
 Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem upgrading 3.0.23-3.0.26

2008-07-30 Thread Linda W


John H Terpstra wrote:
If I understand correctly, you have done an update installation of 10.3 over 
the top of the 9.3 server. Correct?

---
Yup


Even so, there are significant changes in going from Samba 3.0.23 to 3.0.26 
and later.  It is always best to use the latest version of Samba.  If you 
would like Samba 3.2.0 RPMs for OpenSUSE 10.3 please let me know.


That'd be fine with me as long as they are fairly stable.
This is my most heavily used server.  It was running 9.3 and has been in
process of being upgraded to 10.3.  Only a few packages from 9.3 remain --
samba being one of them.

But upgrading to highest stable, would be fine -- will make it
easier when this server gets upgraded to 11.X (whenever that comes about)...
As most heavily used, its last to get upgraded and problems, hopefully, get
vetted on the other couple of machines (which are mostly test, devel, and
backup)...



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] oplocks OS X

2008-07-30 Thread Aquaserver


Hello
I enable oplocks on samba server and testparm send me no error.
But when 2 users open the same file there is nothing like File in  
Use (i have seen this on a forum).

All client use OS X, normally samba works fine on it.

If someone have an idea
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem upgrading 3.0.23-3.0.26

2008-07-30 Thread Linda W


John H Terpstra wrote:

What are the ownership and permissions settings on the /home directory?

drwxr-xr-x  root/root


OK, this means that noone (except root) can create or delete a directory in 
the /home directory.


Right...only 'root' is expected to be able to add new directories
under 'home' right now ...



Are you seriously allowing users to write to each other's home
directories?

 read only = No

---
Intent was for it to remain under user control -- that's why I use
the create mask of 0750 (next)


But this way group members can access each others home directories.  Hmmm.  
I'm sure I would not like that!


Can't users use file permissions to deny read access to any/all if
they want?  It's just that home dirs aren't administratively protected...
but users are free to lock them up further...  It isn't designed for
a hostile environment, but a 'sharing'  'cooperative' environment.  It's
not exposed to the outside world...:-)




Why these two parameters? What are you trying to achieve with them?


 create mask = 0750
 inherit acls = Yes


ACLs are POSIX things.  You can see them using the getfacl utility. They can 
be set using the setfacl utility.  And, they can be set through Windows 
client applications.


Okyikes -- I thought this was some type of Win-ACL emulation
feature -- where one could create an ACL list at a top level and have it
apply to created files/dirs underneath it.

Since this is only affecting the POSIX ACL's, it seems that's not
what I want...(so deleting the inherit acls)


Keep your configuration as simple as possible.  Follow the examples in 
Samba3-ByExample.  Chapters 3 or 4 should be as much as you need at your 
site.

--- 
Well, I do have that book -- but I sometimes experiment with
trying out the more complex features   Is the online version
kept up-to-date with evolving samba?  That's a fun feature of samba,
is that it evolves faster than paper can usually keep up! :-)


The homes share is really a service that makes a user's home directory 
available from the Windows environment.  Under OpenSUSE/SUSE Linux you could 
set the path like this:

[homes]
...
path = /home/%U/Documents
	... 
This way the use is kept away from the dit files (.*) and his Windows files 
are in a safe container - so to speak.

--
I don't mind the mixing...

I also use CYGWIN, on Windows. I set my home dir to
\home\user (I renamed Documents and Settings to Home).
Documents is still a subdir under the user's Home dir on
the Windows machine: \home\user\Documents\.



Why do you want POSIX ACLs in your Linux file system?  How are you going to 
back them up?  POSIX ACLs are not the same as UGO (user, group, other) 
permissions - they are a superset that sits over the top of UGO permissions.  
Avoid them if you can.


I don't use them yet -- no progs create them -- but it is my intent
to support/allow them.  My backup does dump them -- I use xfsdump/xfsrestore,
which saves extended file attributes.

If everyone used XFS as their backing store for samba volumes, they'd
get auto-save of ACL's for free.




permissions on /Share=
755, u=law, g=wheel;  below /Share any dir's I don't want guest to have
access to, are
mode 750, (or 700)...



[backups]
 comment = Host backup-dirs
 path = /backups/%m

Again, add the domain specifier  (@BLISS\admin). What is the purpose of
the %m parameter here? It makes no sense/


 write list = @admin, @%m


Oh poo...yeah...  meant to (never got around to it) creating
groups for each machine name that accessed the Share to include userid's
that were not admin's (like 'backup'); but never got around to creating a
user 'backup' to do backups with -- just use an admin signin


For the remaining shares, the same questions as above apply.  It is best
to keep your configuration simple, then add complexity only as it is
proven to be necessary.

---

Wellthat's how it started out -- it's just grown warts over 
time...:-)
the setup works under the old samba 3.0.23...just haven't kept up with the
times so well on this server...


Please show us the output of executing on both servers:
net groupmap list


Null (no output)


So with Samba-3.0.26 you have Windows groups.  This means that:
valid users = @BLISS\law


Actually law isn't a group...it's a uid that I added
on top of the group specifications because the group specifications were
not working when I switched to the newer samba.

But similar point...all the groups -- and they are groups
in the unix sense:   trusted, trusted_local_net_users, admin, users

They are all groups in /etc/group -- I also tried adding them to
/etc/samba/smbgroup... but that didn't seem to work.



will not allow anyone to access the share because there is no law group under 
Windows.


Was

Re: [Samba] oplocks OS X

2008-07-30 Thread James Peach

2008/7/30 Aquaserver [EMAIL PROTECTED]:
 Hello
 I enable oplocks on samba server and testparm send me no error.
 But when 2 users open the same file there is nothing like File in Use (i
 have seen this on a forum).
 All client use OS X, normally samba works fine on it.

oplocks aren't locks in the sense of you have one and I don't get
access. they are a permission to cache. If an application holds an
oplock on a file, that will not prevent another application opening
the same file.

-- 
James Peach | [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem upgrading 3.0.23-3.0.26

2008-07-30 Thread Linda W


BTW --

This may be a basic question -- but
While I wanted to have several netbios aliases for my main
server (wpad, clock, web-proxy), is there any easy way not to have the
file systems exported (duplicated) under the aliases?  Somewhat annoying,
visually, that is, and potentially needlessly confusing to someone wondering
what all the 'servers' are...
Wow, did you realize 'web-proxy' has the same files exported as 
'ishtar'?
Uh...yeah.. ;^}

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] panic action on samba 3.2

2008-07-30 Thread Volker Lendecke

On Wed, Jul 30, 2008 at 05:29:05PM +0200, Stéphane PURNELLE wrote:
 00) Failed to set uid privileges to (-1,1179) now set to (0,0) 
 [2008/07/30 16:57:36, 0] lib/util.c:smb_panic(1666) PANIC (pid 27143): 
 failed to set uid [2008/07/30 16:57:36, 0] 

Wild guess -- do you have SELinux enabled? If yes, can you
try to disable it for a test if your corporate security
policy allows it?

Volker


pgpj2rg5keGxk.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.2 breaks ppp winbind plugin

2008-07-30 Thread Volker Lendecke

On Wed, Jul 30, 2008 at 06:55:15PM +0200, Pim Zandbergen wrote:
 So, this is winbind from Samba 3 (Fedora 8) failing to work with a Samba
 3.2 PDC from Fedora 9?
 
   
 No, this is Samba 3.2 (Fedora 9) failing to work with a Windows 2003 
 Server PDC,
 where Samba 3.0 (Fedora 8) works fine.

Can't this be 5616?

Volker


pgpNzZqAYx0xf.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem upgrading 3.0.23-3.0.26

2008-07-30 Thread Linda W


Helmut Hullen wrote:

Hallo, Linda,
The actual version is 3.0.31 - I had some trouble with versions below  
3.0.29 (and much trouble with 3.0.23 ...)


Viele Gruesse!
Helmut

---
Hallo Helmut!

Thanks for the info...maybe my sup^h^h^hrepository is not as up-to-date
as it should be.  I've no problem upgrading to new ver...I could try installing
the samba from SuSE11, but  SuSE is bad about adding excess package 
dependencies.
They tend to make one package dependent on the world (hyperbole)so 
upgrading
to samba from suse11...well lets see what it says...

Yup (**I feel a rant coming on...warning...sanity in question**):

share/suse11/i586# rpm -Uhv --test samba-3.2.0-22.1.i586.rpm 
samba-client-3.2.0-22.1.i586.rpm

error: Failed dependencies:
liblber-2.4.so.2 is needed by samba-3.2.0-22.1.i586
libldap-2.4.so.2 is needed by samba-3.2.0-22.1.i586
libtalloc.so.1 is needed by samba-3.2.0-22.1.i586
libtalloc.so.1(TALLOC_1.2) is needed by samba-3.2.0-22.1.i586
libtdb.so.1 is needed by samba-3.2.0-22.1.i586
libtdb.so.1(TDB_1.1) is needed by samba-3.2.0-22.1.i586
libwbclient.so.0 is needed by samba-3.2.0-22.1.i586
libwbclient.so.0(WBCLIENT_0.1) is needed by samba-3.2.0-22.1.i586
liblber-2.4.so.2 is needed by samba-client-3.2.0-22.1.i586
libldap-2.4.so.2 is needed by samba-client-3.2.0-22.1.i586
libtalloc.so.1 is needed by samba-client-3.2.0-22.1.i586
libtalloc.so.1(TALLOC_1.2) is needed by samba-client-3.2.0-22.1.i586
libtdb.so.1 is needed by samba-client-3.2.0-22.1.i586
libtdb.so.1(TDB_1.1) is needed by samba-client-3.2.0-22.1.i586
libwbclient.so.0 is needed by samba-client-3.2.0-22.1.i586
libwbclient.so.0(WBCLIENT_0.1) is needed by samba-client-3.2.0-22.1.i586

They are pretty bad about handling dependencies to allow packages to be
portable between releases -- no belief in changing 1 thing at a time...(poor
engineering in my personal opinion)...

Example: I don't use ldap (yet), so why should I care about ldap updates --
they should be packaged separately so parts I don't use won't force other
packages to be updated.

Windows has linux beaten hands down in this area.  Unneeded functions are in
NON-loaded DLL's, and if you don't use that function, you don't need the DLL.
Lack of a non-used DLL won't cause a fatal load error -- but in linux, run-time
linking (vs. load-time) is rarely done.

Most of those I can upgrade to suse11...but when I get to liblber and 
libldap
(the ones I DONT USE!!!)...everything complains about an update attempt:
share/suse11# grp liblber *.txt
filelist-i586.txt:i586/openldap2-client-2.4.9-7.1.i586.rpm: 
/usr/lib/liblber-2.4.so.2
filelist-i586.txt:i586/openldap2-client-2.4.9-7.1.i586.rpm: 
/usr/lib/liblber-2.4.so.2.0.5

(files in openldap2-client, so try to upgrade that...and get:...)
hare/suse11# rpm -Uhv i586/openldap2-client-2.4.9-7.1.i586.rpm
error: Failed dependencies:
liblber-2.3.so.0 is needed by (installed) autofs-5.0.2-30.i586
liblber-2.3.so.0 is needed by (installed) lighttpd-1.4.17-11.i586
liblber-2.3.so.0 is needed by (installed) dhcp-server-3.0.6-24.i586
liblber-2.3.so.0 is needed by (installed) ldapcpplib-0.0.4-96.i586
liblber-2.3.so.0 is needed by (installed) libsmbclient-3.0.26a-3.i586
liblber-2.3.so.0 is needed by (installed) pwdutils-3.1.4-27.i586
liblber-2.3.so.0 is needed by (installed) pwlib-1.10.7-61.i586
liblber-2.3.so.0 is needed by (installed) sendmail-8.14.1-53.i586
liblber-2.3.so.0 is needed by (installed) squid-beta-3.0-351.i586
liblber-2.3.so.0 is needed by (installed) rmail-8.14.1-53.i586
liblber-2.3.so.0 is needed by (installed) dirmngr-1.0.0-19.i586
liblber-2.3.so.0 is needed by (installed) samba-client-3.0.26a-3.i586
liblber-2.3.so.0 is needed by (installed) samba-3.0.26a-3.i586
libldap-2.3.so.0 is needed by (installed) nfsidmap-0.20-21.i586
libldap-2.3.so.0 is needed by (installed) lighttpd-1.4.17-11.i586
libldap-2.3.so.0 is needed by (installed) dhcp-server-3.0.6-24.i586
libldap-2.3.so.0 is needed by (installed) ldapcpplib-0.0.4-96.i586
libldap-2.3.so.0 is needed by (installed) libsmbclient-3.0.26a-3.i586
libldap-2.3.so.0 is needed by (installed) pwdutils-3.1.4-27.i586
libldap-2.3.so.0 is needed by (installed) pwlib-1.10.7-61.i586
libldap-2.3.so.0 is needed by (installed) sendmail-8.14.1-53.i586
libldap-2.3.so.0 is needed by (installed) squid-beta-3.0-351.i586
libldap-2.3.so.0 is needed by (installed) sudo-1.6.9p2-23.i586
libldap-2.3.so.0 is needed by (installed) gpg2-2.0.4-49.i586
libldap-2.3.so.0 is needed by (installed) rmail-8.14.1-53.i586
libldap-2.3.so.0 is needed by (installed) dirmngr-1.0.0-19.i586
libldap-2.3.so.0 is needed by (installed) samba-client-3.0.26a-3.i586

[Samba] unable to map windows to unix groups

2008-07-30 Thread jcdole


Hello.

After fresh install.

Samba and ldap seems to run normally ( I can join win2k workstation to linux
samba pdc ).

Using yast I create a system group named domadmin

But I am unable to map Domain Admins to domadmin
I am unable to map Domain Admins to existing ntadmin group

I am unable to mofify mapping Domain Admins to domadmin group

Thank you for helping.

LINUX-SRV: # net groupmap add ntgroup=Domain Admins unixgroup=domadmin
rid=512 type=d
adding entry for group Domain Admins failed!
LINUX-SRV: #

LINUX-SRV: # net groupmap add ntgroup=Domain Admins unixgroup=ntadmin rid=512
type=d
adding entry for group Domain Admins failed!
LINUX-SRV: #

LINUX-SRV: # net groupmap modify ntgroup=Domain Admins unixgroup=domadmin
Can't map to an unknown group type.
LINUX-SRV: #

LINUX-SRV:~ # net groupmap modify ntgroup=Domain Admins unixgroup=domadmin 
type=d
Could not update group database
LINUX-SRV: #

LINUX-SRV:~ net groupmap list
request done: ld 0x55c881e0 msgid 1
request done: ld 0x55c881e0 msgid 2
Domain Admins (S-1-5-21-3134345319-2430187646-2919245149-512) - Domain Admins
request done: ld 0x55c881e0 msgid 3
Domain Users (S-1-5-21-3134345319-2430187646-2919245149-513) - Domain Users
request done: ld 0x55c881e0 msgid 4
Domain Guests (S-1-5-21-3134345319-2430187646-2919245149-514) - Domain Guests
request done: ld 0x55c881e0 msgid 5
Domain Computers (S-1-5-21-3134345319-2430187646-2919245149-515) - Domain
Computers
request done: ld 0x55c881e0 msgid 6
Administrators (S-1-5-32-544) - Administrators
request done: ld 0x55c881e0 msgid 7
Account Operators (S-1-5-32-548) - Account Operators
request done: ld 0x55c881e0 msgid 8
Print Operators (S-1-5-32-550) - Print Operators
request done: ld 0x55c881e0 msgid 9
Backup Operators (S-1-5-32-551) - Backup Operators
request done: ld 0x55c881e0 msgid 10
Replicators (S-1-5-32-552) - Replicators
request done: ld 0x55c881e0 msgid 11
Users (S-1-5-32-545) - 15000
LINUX-SRV: #

LINUX-SRV: # getent group
at:!:25:
..
..
domadmin:x:114:
root:x:0:
...
..
users:x:100:
+::0:
request done: ld 0x618d10 msgid 1
Domain Admins:*:512:root,user_admin
Domain Users:*:513:
Domain Guests:*:514:
Domain Computers:*:515:
Administrators:*:544:
Account Operators:*:548:
Print Operators:*:550:
Backup Operators:*:551:
Replicators:*:552:
request done: ld 0x618d10 msgid 2
LINUX-SRV: #

LINUX-SRV: # uname -r
2.6.22.18-0.2-default
LINUX-SRV: #

LINUX-SRV: # rpm -qa | grep samba
samba-3.2.0-24.1.123
samba-client-3.2.0-24.1.123
samba-doc-3.2.0-24.1.123
samba-krb-printing-3.2.0-24.1.123
yast2-samba-client-2.15.11-33
samba-winbind-32bit-3.0.26a-3.7
yast2-samba-server-2.15.7-57
samba-python-3.0.26a-3.7
samba-devel-3.2.0-24.1.123
kdebase3-samba-3.5.7-87.5
samba-winbind-3.2.0-24.1.123
samba-client-32bit-3.0.26a-3.7
LINUX-SRV: #

LINUX-SRV:~ # rpm -qa | grep ldap
openldap2-2.3.41-1.1
openldap2-client-2.3.41-2.1
perl-ldap-0.33-81
nss_ldap-257-17
pam_ldap-184-48
perl-ldap-ssl-0.33-81
nss_ldap-32bit-257-17.1
yast2-ldap-2.15.1-83
openldap2-devel-2.3.41-2.1
python-ldap-2.3.1-18
ldapcpplib-0.0.4-95
yast2-ldap-client-2.15.12-37
php5-ldap-5.2.6-0.1
openldap2-client-32bit-2.3.37-20
ldap-account-manager-2.3.0-0.pm.0
yast2-ldap-server-2.15.5-76
pam_ldap-32bit-184-49.1
ldapsmb-1.34b-110.8.123
LINUX-SRV: # net groupmap list
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem upgrading 3.0.23-3.0.26

2008-07-30 Thread Helmut Hullen

Hallo, Linda,

Du (samba) meintest am 30.07.08:

 The actual version is 3.0.31 - I had some trouble with versions
 below 3.0.29 (and much trouble with 3.0.23 ...)

   Thanks for the info...maybe my sup^h^h^hrepository is not as
 up-to-date as it should be.  I've no problem upgrading to new ver...I
 could try installing the samba from SuSE11, but  SuSE is bad about
 adding excess package dependencies. They tend to make one package
 dependent on the world (hyperbole)so upgrading to samba from
 suse11...well lets see what it says...

 Yup (**I feel a rant coming on...warning...sanity in question**):

 share/suse11/i586# rpm -Uhv --test samba-3.2.0-22.1.i586.rpm
 samba-client-3.2.0-22.1.i586.rpm


ftp://ftp.gwdg.de/pub/samba/Binary_Packages/SuSE/3.0/

with subdirectories also for SuSE 10.3

But I've seen there only Samba 3.2 - nothing like Samba 3.0.31.

Viele Gruesse!
Helmut
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.2 breaks ppp winbind plugin

2008-07-30 Thread Andrew Bartlett

On Wed, 2008-07-30 at 22:21 +0200, Volker Lendecke wrote:
 On Wed, Jul 30, 2008 at 06:55:15PM +0200, Pim Zandbergen wrote:
  So, this is winbind from Samba 3 (Fedora 8) failing to work with a Samba
  3.2 PDC from Fedora 9?
  

  No, this is Samba 3.2 (Fedora 9) failing to work with a Windows 2003 
  Server PDC,
  where Samba 3.0 (Fedora 8) works fine.
 
 Can't this be 5616?

That (failure to decrypt the session key for the client) matches the
symptoms here exactly. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Samba Developer, Red Hat Inc.


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba / ACL / File System Permissions Active Directory winbind

2008-07-30 Thread Keith Sudbury


Hi Guys,

I have a windows 2003 SBS handling domain logins, I also have an Ubuntu 
machine being used as a file server this is using winbind and is on the 
domain I can chown dirs etc with Active Directory users.


However I have the following problem, I need to allow certain users to 
access some dirs and not others... for example.


folder1 would need to be accessed by user1 user2 and user3

Now my understanding of this would be to add users 1,2  3 to a group 
say for example group1 then chown folder1 with that group?


chown -R :DOMAIN\Domain Users folder1

Thats fine but then when user 1,2 or 3 access folder1 and write to the 
folder and there primary group is Domain Users for example it will 
make it unreadable for other users?


I could force it to take permissions from the parent directory using 
sticky bit? but what if the users creates a dir and then another dir 
would it still take its permissions from its parent directory then?


It must be fairly common to want to set a bunch of users that are not in 
the same primary group access to one dir that no other users can access?



If any one has any ideas / feedback at all on how they have done this it 
would be great as im melting my brain thinking a way around this if im 
honest...




Many Thanks
Keith

--
Keith Sudbury
Netzen Solution Ltd
Suite 5, Piccadilly House, London Rd, Bath, BA1 6PL, UK
Mobile: +44 (0)7921464106
Tel: +44 (0)1225 588 588
Fax: +44 (0)1225 580 061

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA + ADS + Kerberos Problem...

2008-07-30 Thread Michael Fernández M

Hi, I am trying to join a samba to ADS with kerberos + Winbind

Everything is right, i mean, when i do the following:

kinit [EMAIL PROTECTED]

(Ask for the password) and OK.

Then:

debian:/etc/samba# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting ExpiresService principal
07/30/08 16:49:17  07/31/08 02:49:21  krbtgt/[EMAIL PROTECTED]
renew until 07/31/08 02:49:17


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

Then:

net ads join -Uadministrator%pass

Is correct, the machine  is joined to the AD

getent passwd  Show the ADS users...
getent group show the ADS groups...

wbinfo -t 
checking the trust secret via RPC calls succeeded

with: 

smbclient //adspc/c\$ -k

Connect to the adspc without password and show the directories

The Big BUT is:

When I connect with a M$ user with smbclient to a local share on the
samba server i got: 

smbclient //localhost/eee/ -Uadministrator

session setup failed: NT_STATUS_ACCESS_DENIED

The  logs show:

[2008/07/30 17:01:32, 5] rpc_parse/parse_prs.c:prs_ntstatus(767)
  001c status  : NT_STATUS_ACCESS_DENIED
[2008/07/30 17:01:32, 10] libsmb/credentials.c:creds_client_check(325)
  creds_client_check: credentials check OK.
[2008/07/30 17:01:32, 3]
nsswitch/winbindd_pam.c:winbindd_dual_pam_auth_crap(1546)
  winbindd_pam_auth: sam_logon returned ACCESS_DENIED.  Maybe the trust
account password was changed and we didn't know it. Killing connections
to domain DOMAIN

When i do:

wbinfo -u: Show the ADS user BUT not show the DOMAIN I mean:

Does not show: DOMAIN + ADS_USER only show ADS_USER
The same with wbinfo -g

Other think, every time i reset the machine i lost the ticket for
kerberos. This is not normal.

The krb5.conf:

[libdefaults]
default_realm = DOMAIN.CL

# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true

default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
DOMAIN = {
kdc = 191.9.200.1
admin_server = adspc
default_domain = DOMAIN.CL
}

[domain_realm]
.domain.cl = DOMAIN.CL
 domain.cl = DOMAIN.CL
[login]
krb4_convert = true
krb4_get_tickets = false

-


* smb.conf:

[global]
security = ADS
netbios name = debian
realm = DOMAIN.CL
#username map = /etc/samba/smbusers
encrypt passwords = yes
password server = 191.9.200.1
workgroup = DOMAIN
idmap uid = 1-2
idmap gid = 1-2
ldap ssl = no
log level = 20
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
#domain master = no


* nssswitch.conf

passwd: files winbind
group:  files winbind
shadow: files
hosts:  files dns
networks:   files

protocols:  db files
services:   db files
ethers: db files
rpc:db files

netgroup:   nis


The /pam.d/ Files..

* common-account

auth sufficient pam_winbind.so
account requiredpam_unix.so

* common-auth

auth sufficient pam_winbind.so
auth required   pam_unix.so nullok_secure use_first_pass

* common-password

password   required   pam_unix.so nullok obscure min=4 max=50 md5

* common-session

session requiredpam_unix.so
session requiredpam_mkhomedir.so skel=/etc/skel umask=0022


Well i hope somebody can help me with this! i tried to gave all the
information.

THANKS!! a LOT!!

Michael.-


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba / ACL / File System Permissions Active Directory winbind

2008-07-30 Thread Jeremy Allison

On Wed, Jul 30, 2008 at 11:17:10PM +0100, Keith Sudbury wrote:
 Hi Guys,
 
 I have a windows 2003 SBS handling domain logins, I also have an Ubuntu 
 machine being used as a file server this is using winbind and is on the 
 domain I can chown dirs etc with Active Directory users.
 
 However I have the following problem, I need to allow certain users to 
 access some dirs and not others... for example.
 
 folder1 would need to be accessed by user1 user2 and user3
 
 Now my understanding of this would be to add users 1,2  3 to a group 
 say for example group1 then chown folder1 with that group?
 
 chown -R :DOMAIN\Domain Users folder1
 
 Thats fine but then when user 1,2 or 3 access folder1 and write to the 
 folder and there primary group is Domain Users for example it will 
 make it unreadable for other users?
 
 I could force it to take permissions from the parent directory using 
 sticky bit? but what if the users creates a dir and then another dir 
 would it still take its permissions from its parent directory then?

Use the setgid bit on the directory. This causes the group ownership
of the created directory to be inherited from the owning directory,
not the creating process (and also inherit the setgid bit).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Building Samba 3.2.0 on Solaris with Sun compiler

2008-07-30 Thread Ryan Novosielski

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David Eisner wrote:
 On Wed, Jul 30, 2008 at 10:23 AM, Douglas E. Engert [EMAIL PROTECTED] wrote:
 
 Solaris 10 comes with gcc in /usr/sfw/bin
 
 I know.  But I was only able to get certain needed packages (looking
 through notes ... )  -- I could only get heimdal to build with cc, but
 not gcc.
 
 In any case, it's nice that samba = 3.0.x was not GNU toolchain
 specific, and it appears that there's no reason 3.2.0 has to be,
 either.

Another thing to consider is that Sun does a fair amount of trumpeting
about its compiler performance. I don't know what difference that tends
to make as far as Samba is concerned, but if it does make a difference,
it'd be nice to use the best compiler for the job (regardless of whether
GCC is available on that platform, which it tends to always be, and now
especially that the Sun compiler is free).

- --
  _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$| |__| |  | |__/ | \| _| |[EMAIL PROTECTED] - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIkPHTmb+gadEcsb4RAnbUAKCYNMzCKy4jN4rNY8ZIM8mY+jlpSwCgxY5R
S46chWL3nQEtF3a+h3bHR04=
=Weh7
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Sharing Printer Stop Working: error writing spool : NT_STATUS_ACCESS_DENIED

2008-07-30 Thread David Kuntadi

On Wed, Jul 30, 2008 at 7:34 PM, John Drescher [EMAIL PROTECTED] wrote:
 This looks like a cups problem to me. Investigate this cups error.

Thank you very much.
It is confirmed when I downgrade cupsys it work again. As I do not
know how to troubleshoot cupsys, I keep old version of cupsys.

Thanks,
David
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Scanning Trusted Hosts - Winbindd

2008-07-30 Thread Damian McGuckin


Even with the definition

'allow trusted domains = no'

Winbindd still regularly scans the trusted domains. Why it needs to, I 
have no idea. But the load on Winbindd is horrendous to the point where it 
nearly cripples it in a scenario where the domain in question is connected 
to many others around the word in a corporate intranet.

And then, when you do

wbinfo --domain MYDOMAIN -u

it will, if it is busy scanning those domains, simply time out on that 
request. The international links are quickish, but they can get busy. And 
I only want the ones in my local domain. If you remove the '--domain', it 
is even worse as it trys to find the users in the trusted domains which is 
a population of over 30,000, as well as the ones locally which are only 
about 1000+. I only want to ask about ones in our local, country-wide, 
intranet.

Because it takes nearly 4 minutes to go through all those domains, and 
failing to resolve their names, you only have a 1 minute window to do
complex things before it starts scanning again.

How do I tell Winbindd to only do things local to our OWN domain? I only 
want to do things local to ourselves. Or, is it against the underlying SMB 
concepts?

Thanks - Damian

Pacific Engineering Systems International, 277-279 Broadway, Broadway NSW 2007
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here !
Views and opinions here are mine and not those of any past or present employer

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Rename to open file doesn't work, why?

2008-07-30 Thread Wilhelm Meier

Am Montag, 28. Juli 2008 schrieb Jeremy Allison:
 On Mon, Jul 28, 2008 at 07:02:52AM +0200, Wilhelm Meier wrote:
  Am Montag, 28. Juli 2008 schrieb Michael Heydon:
   Wilhelm Meier wrote:
snip
On a local linux filesystem like ext2/3 one can rename a file
to an existing, already open file.
   
But this doesn't  work on a cifs-mounted samba-share
snip
  
   The reason this works with ext2 is that as long as you hold an
   open file descriptor a deleted file is still accessible (rename
   is essentially a delete and then a move).
  
   While it might be theoretically possible for this to work unix
   to unix, Windows doesn't deal with deleted files the same way
   (it prevents you from deleting files as long as they are open),
   and so it's quite possible that SMB/CIFS doesn't understand the
   concept of having a deleted file open.
 
  Yes, with a windows file server this is impossible.
 
  But I thought the samba unix extensions should make that
  possible.
 
  Otherwise samba/cifs is unusable as e.g. user-homes, since KDE
  tends to use this pattern.
 
  Is there any workaround at the moment?

 Can you log a bug with bugzilla.samba.org so I can
 track this. Include everything I need to reproduce
 (test code preferably) so I can ensure the UNIX
 extensions allow this.

I tried some other versions of samba (triggered to the fact, that 
debian lenny now has feature freeze ...). I found that the problem 
vanished from Samba 3.0.28 on for the testprogram I posted earlier.

I had not enough time to test the newer samba versions as user-homes 
with KDE, but I'll do that soon.


 Thanks !

 Jeremy.



-- 
Wilhelm
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 3.2 breaks ppp winbind plugin

2008-07-30 Thread Volker Lendecke

On Thu, Jul 31, 2008 at 08:14:05AM +1000, Andrew Bartlett wrote:
 On Wed, 2008-07-30 at 22:21 +0200, Volker Lendecke wrote:
  On Wed, Jul 30, 2008 at 06:55:15PM +0200, Pim Zandbergen wrote:
   So, this is winbind from Samba 3 (Fedora 8) failing to work with a Samba
   3.2 PDC from Fedora 9?
   
 
   No, this is Samba 3.2 (Fedora 9) failing to work with a Windows 2003 
   Server PDC,
   where Samba 3.0 (Fedora 8) works fine.
  
  Can't this be 5616?
 
 That (failure to decrypt the session key for the client) matches the
 symptoms here exactly. 

As you can see in 5616, there is a patch provided:
https://bugzilla.samba.org/attachment.cgi?id=3426action=view
:-)

Volker


pgp0eQQbpnp7P.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3436-gd01da44

2008-07-30 Thread Karolin Seeger

The branch, v3-3-test has been updated
   via  d01da44de77abbf724389bce924771f2975867f4 (commit)
  from  e04da654c0db6b0fb2e2ce9754e5eba80751c14c (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit d01da44de77abbf724389bce924771f2975867f4
Author: Michael Adam [EMAIL PROTECTED]
Date:   Wed Jul 30 16:24:20 2008 +0200

testparm: Display warning if invalid values are used.

This one came up while using csc policy = disabled instead of
disable... ;-)

---

Summary of changes:
 source/param/loadparm.c |4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 0935181..6902bb0 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -7047,9 +7047,11 @@ static void lp_set_enum_parm( struct parm_struct *parm, 
const char *pszParmValue
for (i = 0; parm-enum_list[i].name; i++) {
if ( strequal(pszParmValue, parm-enum_list[i].name)) {
*ptr = parm-enum_list[i].value;
-   break;
+   return;
}
}
+   DEBUG(0, (WARNING: Ignoring invalid value '%s' for parameter '%s'\n,
+ pszParmValue, parm-label));
 }
 
 /***


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3437-gd4594a7

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  d4594a7a03381fb251c9f8caf4c70e1ed97674b6 (commit)
  from  d01da44de77abbf724389bce924771f2975867f4 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit d4594a7a03381fb251c9f8caf4c70e1ed97674b6
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 20:10:37 2008 +0200

netapi: fix NetLocalGroupAdd.

Guenther

---

Summary of changes:
 source/lib/netapi/localgroup.c |   17 +
 1 files changed, 17 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/netapi/localgroup.c b/source/lib/netapi/localgroup.c
index fe36d86..5706762 100644
--- a/source/lib/netapi/localgroup.c
+++ b/source/lib/netapi/localgroup.c
@@ -209,6 +209,8 @@ WERROR NetLocalGroupAdd_r(struct libnetapi_ctx *ctx,
goto done;
}
 
+   init_lsa_String(lsa_account_name, alias_name);
+
status = rpccli_samr_CreateDomAlias(pipe_cli, ctx,
domain_handle,
lsa_account_name,
@@ -786,6 +788,13 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
return WERR_UNKNOWN_LEVEL;
}
 
+   if (r-out.total_entries) {
+   *r-out.total_entries = 0;
+   }
+   if (r-out.entries_read) {
+   *r-out.entries_read = 0;
+   }
+
ZERO_STRUCT(connect_handle);
ZERO_STRUCT(builtin_handle);
ZERO_STRUCT(domain_handle);
@@ -836,6 +845,10 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
goto done;
}
 
+   if (r-out.total_entries) {
+   *r-out.total_entries += builtin_info-info2.num_aliases;
+   }
+
status = rpccli_samr_QueryDomainInfo(pipe_cli, ctx,
 domain_handle,
 2,
@@ -845,6 +858,10 @@ WERROR NetLocalGroupEnum_r(struct libnetapi_ctx *ctx,
goto done;
}
 
+   if (r-out.total_entries) {
+   *r-out.total_entries += domain_info-info2.num_aliases;
+   }
+
status = rpccli_samr_EnumDomainAliases(pipe_cli, ctx,
   builtin_handle,
   r-in.resume_handle,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3438-g8b3149b

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  8b3149b4a663f59b504c1458cd7ecafe0c0e0322 (commit)
  from  d4594a7a03381fb251c9f8caf4c70e1ed97674b6 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 8b3149b4a663f59b504c1458cd7ecafe0c0e0322
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 19:12:42 2008 +0200

netapi: add netapi testsuite.

Guenther

---

Summary of changes:
 source/lib/netapi/tests/Makefile.in |   57 ++
 source/lib/netapi/tests/common.c|   86 +
 source/lib/netapi/tests/common.h|   55 ++
 source/lib/netapi/tests/netapitest.c|   92 ++
 source/lib/netapi/tests/netdisplay.c|  150 
 source/lib/netapi/tests/netgroup.c  |  286 +++
 source/lib/netapi/tests/netlocalgroup.c |  226 
 source/lib/netapi/tests/netuser.c   |  259 
 8 files changed, 1211 insertions(+), 0 deletions(-)
 create mode 100644 source/lib/netapi/tests/Makefile.in
 create mode 100644 source/lib/netapi/tests/common.c
 create mode 100644 source/lib/netapi/tests/common.h
 create mode 100644 source/lib/netapi/tests/netapitest.c
 create mode 100644 source/lib/netapi/tests/netdisplay.c
 create mode 100644 source/lib/netapi/tests/netgroup.c
 create mode 100644 source/lib/netapi/tests/netlocalgroup.c
 create mode 100644 source/lib/netapi/tests/netuser.c


Changeset truncated at 500 lines:

diff --git a/source/lib/netapi/tests/Makefile.in 
b/source/lib/netapi/tests/Makefile.in
new file mode 100644
index 000..f13281e
--- /dev/null
+++ b/source/lib/netapi/tests/Makefile.in
@@ -0,0 +1,57 @@
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@ -lnetapi -ltdb -ltalloc
[EMAIL PROTECTED]@
+FLAGS=-I../ -L../../../bin @CFLAGS@ $(GTK_FLAGS)
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@
[EMAIL PROTECTED]@ @LDFLAGS@
[EMAIL PROTECTED]@
+NETAPI_LIBS=$(LIBS) $(KRB5LIBS) $(LDAP_LIBS)
+CMDLINE_LIBS=$(NETAPI_LIBS) @POPTLIBS@
+
+# Compile a source file.
+COMPILE_CC = $(CC) -I. $(FLAGS) $(PICFLAG) -c $ -o $@
+COMPILE = $(COMPILE_CC)
+
+PROGS = bin/[EMAIL PROTECTED]@
+
+all: $(PROGS)
+
+MAKEDIR = || exec false; \
+ if test -d $$dir; then :; else \
+ echo mkdir $$dir; \
+ mkdir -p $$dir /dev/null 21 || \
+ test -d $$dir || \
+ mkdir $$dir || \
+ exec false; fi || exec false
+
+BINARY_PREREQS = bin/.dummy
+
+bin/.dummy:
+   @if (:  $@ || :  $@) /dev/null 21; then :; else \
+ dir=bin $(MAKEDIR); fi
+   @:  $@ || :  $@ # what a fancy emoticon!
+
+.c.o:
+   @if (:  $@ || :  $@) /dev/null 21; then rm -f $@; else \
+dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi
+   @echo Compiling $*.c
+   @$(COMPILE)  exit 0;\
+   echo The following command failed: 12;\
+   echo $(COMPILE_CC) 12;\
+   $(COMPILE_CC) /dev/null 21
+
+CMDLINE_OBJ = common.o
+NETAPIBUFFER_OBJ = netapibuffer.o
+NETAPITEST_OBJ = netapitest.o netlocalgroup.o netuser.o netgroup.o 
netdisplay.o $(CMDLINE_OBJ)
+
+bin/[EMAIL PROTECTED]@: $(BINARY_PREREQS) $(NETAPITEST_OBJ)
+   @echo Linking $@
+   @$(CC) $(FLAGS) -o $@ $(NETAPITEST_OBJ) $(LDFLAGS) $(DYNEXP) 
$(CMDLINE_LIBS)
+
+clean:
+   -rm -f $(PROGS)
+   -rm -f core */*~ *~ \
+   */*.o */*/*.o */*/*/*.o
+
diff --git a/source/lib/netapi/tests/common.c b/source/lib/netapi/tests/common.c
new file mode 100644
index 000..22175af
--- /dev/null
+++ b/source/lib/netapi/tests/common.c
@@ -0,0 +1,86 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  NetApi testsuite
+ *  Copyright (C) Guenther Deschner 2008
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see http://www.gnu.org/licenses/.
+ */
+
+#include stdlib.h
+#include string.h
+#include sys/types.h
+#include inttypes.h
+
+#include popt.h
+#include netapi.h
+
+#include common.h
+
+void popt_common_callback(poptContext con,
+enum poptCallbackReason reason,
+const struct poptOption *opt,
+const char *arg, const void *data)
+{
+   struct libnetapi_ctx *ctx = NULL;
+
+   libnetapi_getctx(ctx);
+
+   if (reason == POPT_CALLBACK_REASON_PRE) {
+   }
+

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3442-gff9bcd5

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  ff9bcd57738aa04c5e18e0e21dd0e788127317c4 (commit)
   via  c3e4c7cb5f2728a8219789aeb2344bff368713d5 (commit)
   via  244ad49e6a993a0e3c56c5a19d38918be9deca3b (commit)
   via  6c8ee639ecc789ea9052e999b6e998ac53ac521a (commit)
  from  8b3149b4a663f59b504c1458cd7ecafe0c0e0322 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit ff9bcd57738aa04c5e18e0e21dd0e788127317c4
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 20:12:45 2008 +0200

netapi: implement NetUserSetInfo_r() for at least level 1007.

Guenther

commit c3e4c7cb5f2728a8219789aeb2344bff368713d5
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 20:12:13 2008 +0200

netapi: add convert_USER_INFO_X_to_samr_user_info21 fn and use it 
NetUserAdd.

Guenther

commit 244ad49e6a993a0e3c56c5a19d38918be9deca3b
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 19:40:26 2008 +0200

re-run make idl.

Guenther

commit 6c8ee639ecc789ea9052e999b6e998ac53ac521a
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 19:40:13 2008 +0200

netapi: add USER_INFO_X to IDL.

Guenther

---

Summary of changes:
 source/lib/netapi/user.c  |  299 +++--
 source/librpc/gen_ndr/libnetapi.h |   27 +++
 source/librpc/gen_ndr/ndr_libnetapi.c |  120 +
 source/librpc/gen_ndr/ndr_libnetapi.h |3 +
 source/librpc/idl/libnetapi.idl   |   27 +++
 5 files changed, 426 insertions(+), 50 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/netapi/user.c b/source/lib/netapi/user.c
index f896dde..fe30b14 100644
--- a/source/lib/netapi/user.c
+++ b/source/lib/netapi/user.c
@@ -27,9 +27,8 @@
 /
 /
 
-static void convert_USER_INFO_1_to_samr_user_info25(struct USER_INFO_1 *info1,
-   DATA_BLOB *user_session_key,
-   struct samr_UserInfo25 
*info25)
+static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX,
+   struct samr_UserInfo21 
*info21)
 {
uint32_t fields_present = SAMR_FIELD_ACCT_FLAGS;
struct samr_LogonHours zero_logon_hours;
@@ -37,41 +36,41 @@ static void convert_USER_INFO_1_to_samr_user_info25(struct 
USER_INFO_1 *info1,
uint32_t acct_flags = 0;
NTTIME password_age;
 
-   ZERO_STRUCTP(info25);
+   ZERO_STRUCTP(info21);
ZERO_STRUCT(zero_logon_hours);
ZERO_STRUCT(zero_parameters);
 
-   if (info1-usri1_name) {
+   if (infoX-usriX_name) {
fields_present |= SAMR_FIELD_FULL_NAME;
}
-   if (info1-usri1_password) {
+   if (infoX-usriX_password) {
fields_present |= SAMR_FIELD_PASSWORD;
}
-   if (info1-usri1_flags) {
+   if (infoX-usriX_flags) {
fields_present |= SAMR_FIELD_ACCT_FLAGS;
}
-   if (info1-usri1_name) {
+   if (infoX-usriX_name) {
fields_present |= SAMR_FIELD_FULL_NAME;
}
-   if (info1-usri1_home_dir) {
+   if (infoX-usriX_home_dir) {
fields_present |= SAMR_FIELD_HOME_DIRECTORY;
}
-   if (info1-usri1_script_path) {
+   if (infoX-usriX_script_path) {
fields_present |= SAMR_FIELD_LOGON_SCRIPT;
}
-   if (info1-usri1_comment) {
+   if (infoX-usriX_comment) {
fields_present |= SAMR_FIELD_DESCRIPTION;
}
-   if (info1-usri1_password_age) {
+   if (infoX-usriX_password_age) {
fields_present |= SAMR_FIELD_FORCE_PWD_CHANGE;
}
 
-   acct_flags |= info1-usri1_flags | ACB_NORMAL;
+   acct_flags |= infoX-usriX_flags | ACB_NORMAL;
 
-   unix_to_nt_time_abs(password_age, info1-usri1_password_age);
+   unix_to_nt_time_abs(password_age, infoX-usriX_password_age);
 
-   /* TODO: info1-usri1_priv */
-   init_samr_user_info21(info25-info,
+   /* TODO: infoX-usriX_priv */
+   init_samr_user_info21(info21,
  0,
  0,
  0,
@@ -79,12 +78,12 @@ static void convert_USER_INFO_1_to_samr_user_info25(struct 
USER_INFO_1 *info1,
  0,
  password_age,
  NULL,
- info1-usri1_name,
- info1-usri1_home_dir,
+ infoX-usriX_name,
+ infoX-usriX_home_dir,
  NULL,
-

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3444-g9710619

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  97106199f1a2add886a14523aa7b402667d2cd89 (commit)
   via  87b6aac13598a2ac28054de5ab90d63bef65f1fe (commit)
  from  ff9bcd57738aa04c5e18e0e21dd0e788127317c4 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 97106199f1a2add886a14523aa7b402667d2cd89
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 20:43:14 2008 +0200

netapi: use init_samr_CryptPasswordEx and init_samr_CryptPassword.

Guenther

commit 87b6aac13598a2ac28054de5ab90d63bef65f1fe
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 20:42:55 2008 +0200

rpc_client: add init_samr_CryptPasswordEx and init_samr_CryptPassword.

Guenther

---

Summary of changes:
 source/include/proto.h|6 +
 source/lib/netapi/user.c  |   34 --
 source/rpc_client/init_samr.c |   46 +
 3 files changed, 61 insertions(+), 25 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/include/proto.h b/source/include/proto.h
index bf3adb5..7e70f3c 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -7574,6 +7574,12 @@ void init_samr_user_info23(struct samr_UserInfo23 *r,
 void init_samr_user_info24(struct samr_UserInfo24 *r,
   uint8_t data[516],
   uint8_t pw_len);
+void init_samr_CryptPasswordEx(const char *pwd,
+  DATA_BLOB *session_key,
+  struct samr_CryptPasswordEx *pwd_buf);
+void init_samr_CryptPassword(const char *pwd,
+DATA_BLOB *session_key,
+struct samr_CryptPassword *pwd_buf);
 
 /* The following definitions come from rpc_client/init_srvsvc.c  */
 
diff --git a/source/lib/netapi/user.c b/source/lib/netapi/user.c
index fe30b14..e36274b 100644
--- a/source/lib/netapi/user.c
+++ b/source/lib/netapi/user.c
@@ -292,29 +292,12 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
 
if (uX.usriX_password) {
 
-   uchar pwbuf[532];
-   struct MD5Context md5_ctx;
-   uint8_t confounder[16];
-   DATA_BLOB confounded_session_key = data_blob(NULL, 16);
-
-   encode_pw_buffer(pwbuf, uX.usriX_password, STR_UNICODE);
-
-   generate_random_buffer((uint8_t *)confounder, 16);
-
-   MD5Init(md5_ctx);
-   MD5Update(md5_ctx, confounder, 16);
-   MD5Update(md5_ctx, cli-user_session_key.data,
-   cli-user_session_key.length);
-   MD5Final(confounded_session_key.data, md5_ctx);
-
-   SamOEMhashBlob(pwbuf, 516, confounded_session_key);
-   memcpy(pwbuf[516], confounder, 16);
-
-   memcpy(user_info-info25.password.data, pwbuf, sizeof(pwbuf));
-   data_blob_free(confounded_session_key);
-
user_info-info25.info = info21;
 
+   init_samr_CryptPasswordEx(uX.usriX_password,
+ cli-user_session_key,
+ user_info-info25.password);
+
status = rpccli_samr_SetUserInfo2(pipe_cli, ctx,
  user_handle,
  25,
@@ -324,10 +307,9 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
 
user_info-info23.info = info21;
 
-   encode_pw_buffer(user_info-info23.password.data,
-uX.usriX_password, STR_UNICODE);
-   SamOEMhashBlob(user_info-info23.password.data, 516,
-  cli-user_session_key);
+   init_samr_CryptPassword(uX.usriX_password,
+   cli-user_session_key,
+   user_info-info23.password);
 
status = rpccli_samr_SetUserInfo2(pipe_cli, ctx,
  user_handle,
@@ -335,7 +317,9 @@ WERROR NetUserAdd_r(struct libnetapi_ctx *ctx,
  user_info);
}
} else {
+
user_info-info21 = info21;
+
status = rpccli_samr_SetUserInfo(pipe_cli, ctx,
 user_handle,
 21,
diff --git a/source/rpc_client/init_samr.c b/source/rpc_client/init_samr.c
index c5d7dcd..2e75753 100644
--- a/source/rpc_client/init_samr.c
+++ b/source/rpc_client/init_samr.c
@@ -460,3 +460,49 @@ void init_samr_user_info24(struct samr_UserInfo24 *r,
memcpy(r-password.data, data,

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3450-gec2a56b

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  ec2a56b5e726400f171d641587cbd0a4b99beec0 (commit)
   via  49ea8984e95618ff8dc8f1d5d757aec997899fd7 (commit)
   via  52218506d6ad51c4f340206d035f79272ba15e3b (commit)
   via  80957bc1bc1462a2478b3eea64f5cb7a84d08677 (commit)
   via  c4131c995d8b36c01b68160e0277b7c3610e9619 (commit)
   via  25522f0de081e819d661728f7f6767037e514094 (commit)
  from  97106199f1a2add886a14523aa7b402667d2cd89 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit ec2a56b5e726400f171d641587cbd0a4b99beec0
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:36:50 2008 +0200

re-run make idl.

Guenther

commit 49ea8984e95618ff8dc8f1d5d757aec997899fd7
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:36:26 2008 +0200

netapi: add some more USER_INFO structs to IDL.

Guenther

commit 52218506d6ad51c4f340206d035f79272ba15e3b
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:35:33 2008 +0200

netapi: fix libnetapi_samr_lookup_user_map_USER_INFO.

Guenther

commit 80957bc1bc1462a2478b3eea64f5cb7a84d08677
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:33:08 2008 +0200

netapi: use buffer in libnetapi.

Guenther

commit c4131c995d8b36c01b68160e0277b7c3610e9619
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:31:17 2008 +0200

re-run make idl.

Guenther

commit 25522f0de081e819d661728f7f6767037e514094
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:30:36 2008 +0200

netapi: cosmetics, use buffer everywhere.

Guenther

---

Summary of changes:
 source/lib/netapi/group.c |   24 +-
 source/lib/netapi/libnetapi.c |   28 +-
 source/lib/netapi/libnetapi.h |   14 +-
 source/lib/netapi/localgroup.c|   10 +-
 source/lib/netapi/serverinfo.c|6 +-
 source/lib/netapi/user.c  |   68 ++--
 source/librpc/gen_ndr/libnetapi.h |  123 +-
 source/librpc/gen_ndr/ndr_libnetapi.c |  786 -
 source/librpc/gen_ndr/ndr_libnetapi.h |   63 +++
 source/librpc/idl/libnetapi.idl   |  124 +-
 10 files changed, 1134 insertions(+), 112 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/netapi/group.c b/source/lib/netapi/group.c
index 04ffb7c..c1c55c8 100644
--- a/source/lib/netapi/group.c
+++ b/source/lib/netapi/group.c
@@ -49,22 +49,22 @@ WERROR NetGroupAdd_r(struct libnetapi_ctx *ctx,
ZERO_STRUCT(domain_handle);
ZERO_STRUCT(group_handle);
 
-   if (!r-in.buf) {
+   if (!r-in.buffer) {
return WERR_INVALID_PARAM;
}
 
switch (r-in.level) {
case 0:
-   info0 = (struct GROUP_INFO_0 *)r-in.buf;
+   info0 = (struct GROUP_INFO_0 *)r-in.buffer;
break;
case 1:
-   info1 = (struct GROUP_INFO_1 *)r-in.buf;
+   info1 = (struct GROUP_INFO_1 *)r-in.buffer;
break;
case 2:
-   info2 = (struct GROUP_INFO_2 *)r-in.buf;
+   info2 = (struct GROUP_INFO_2 *)r-in.buffer;
break;
case 3:
-   info3 = (struct GROUP_INFO_3 *)r-in.buf;
+   info3 = (struct GROUP_INFO_3 *)r-in.buffer;
break;
default:
werr = WERR_UNKNOWN_LEVEL;
@@ -478,7 +478,7 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
 
switch (r-in.level) {
case 0:
-   g0 = (struct GROUP_INFO_0 *)r-in.buf;
+   g0 = (struct GROUP_INFO_0 *)r-in.buffer;
init_lsa_String(info.name, g0-grpi0_name);
status = rpccli_samr_SetGroupInfo(pipe_cli, ctx,
  group_handle,
@@ -486,7 +486,7 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
  info);
break;
case 1:
-   g1 = (struct GROUP_INFO_1 *)r-in.buf;
+   g1 = (struct GROUP_INFO_1 *)r-in.buffer;
init_lsa_String(info.description, g1-grpi1_comment);
status = rpccli_samr_SetGroupInfo(pipe_cli, ctx,
  group_handle,
@@ -494,7 +494,7 @@ WERROR NetGroupSetInfo_r(struct libnetapi_ctx *ctx,
  info);
break;
case 2:
-   g2 = (struct GROUP_INFO_2 *)r-in.buf;
+

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3455-g0298f7f

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  0298f7fe9e273a94d14b5b6ce3dbd5e6deee9ecb (commit)
   via  d31f822b79ed5344ec3c6795d66ceefd024b7d30 (commit)
   via  0b4e2687ae8fb48faacceb4078d61f9fd2acea9d (commit)
   via  93ff6548977cb3e1c84fcb659475664de54e31b5 (commit)
   via  81be6207e51924a7632dfc0ec16ca3e570d417aa (commit)
  from  ec2a56b5e726400f171d641587cbd0a4b99beec0 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 0298f7fe9e273a94d14b5b6ce3dbd5e6deee9ecb
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Sat Jul 19 00:10:58 2008 +0200

netapi: add NetGroupGetUsers example code.

Guenther

commit d31f822b79ed5344ec3c6795d66ceefd024b7d30
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:43:33 2008 +0200

netapi: add NetGroupGetUsers to public header.

Guenther

commit 0b4e2687ae8fb48faacceb4078d61f9fd2acea9d
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:40:33 2008 +0200

netapi: add NetGroupGetUsers skeleton.

GUenther

commit 93ff6548977cb3e1c84fcb659475664de54e31b5
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:38:17 2008 +0200

re-run make idl.

Guenther

commit 81be6207e51924a7632dfc0ec16ca3e570d417aa
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Fri Jul 18 23:37:31 2008 +0200

netapi: add NetGroupGetUsers to IDL.

Guenther

---

Summary of changes:
 source/lib/netapi/examples/Makefile.in |6 +
 .../localgroup_enum.c = group/group_getusers.c}   |   48 +
 source/lib/netapi/group.c  |   18 +++
 source/lib/netapi/libnetapi.c  |   55 ++
 source/lib/netapi/libnetapi.h  |   12 ++
 source/lib/netapi/netapi.h |   38 +++
 source/librpc/gen_ndr/libnetapi.h  |   29 +
 source/librpc/gen_ndr/ndr_libnetapi.c  |  113 
 source/librpc/gen_ndr/ndr_libnetapi.h  |   25 +++--
 source/librpc/idl/libnetapi.idl|   24 
 10 files changed, 340 insertions(+), 28 deletions(-)
 copy source/lib/netapi/examples/{localgroup/localgroup_enum.c = 
group/group_getusers.c} (70%)


Changeset truncated at 500 lines:

diff --git a/source/lib/netapi/examples/Makefile.in 
b/source/lib/netapi/examples/Makefile.in
index ca387ee..e7b61a1 100644
--- a/source/lib/netapi/examples/Makefile.in
+++ b/source/lib/netapi/examples/Makefile.in
@@ -36,6 +36,7 @@ PROGS = bin/[EMAIL PROTECTED]@ \
bin/[EMAIL PROTECTED]@ \
bin/[EMAIL PROTECTED]@ \
bin/[EMAIL PROTECTED]@ \
+   bin/[EMAIL PROTECTED]@ \
bin/[EMAIL PROTECTED]@ \
bin/[EMAIL PROTECTED]@ \
bin/[EMAIL PROTECTED]@ \
@@ -89,6 +90,7 @@ GROUPSETINFO_OBJ = group/group_setinfo.o $(CMDLINE_OBJ)
 GROUPGETINFO_OBJ = group/group_getinfo.o $(CMDLINE_OBJ)
 GROUPADDUSER_OBJ = group/group_adduser.o $(CMDLINE_OBJ)
 GROUPDELUSER_OBJ = group/group_deluser.o $(CMDLINE_OBJ)
+GROUPGETUSERS_OBJ = group/group_getusers.o $(CMDLINE_OBJ)
 LOCALGROUPADD_OBJ = localgroup/localgroup_add.o $(CMDLINE_OBJ)
 LOCALGROUPDEL_OBJ = localgroup/localgroup_del.o $(CMDLINE_OBJ)
 LOCALGROUPGETINFO_OBJ = localgroup/localgroup_getinfo.o $(CMDLINE_OBJ)
@@ -172,6 +174,10 @@ bin/[EMAIL PROTECTED]@: $(BINARY_PREREQS) 
$(GROUPDELUSER_OBJ)
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(GROUPDELUSER_OBJ) $(LDFLAGS) $(DYNEXP) 
$(CMDLINE_LIBS)
 
+bin/[EMAIL PROTECTED]@: $(BINARY_PREREQS) $(GROUPGETUSERS_OBJ)
+   @echo Linking $@
+   @$(CC) $(FLAGS) -o $@ $(GROUPGETUSERS_OBJ) $(LDFLAGS) $(DYNEXP) 
$(CMDLINE_LIBS)
+
 bin/[EMAIL PROTECTED]@: $(BINARY_PREREQS) $(LOCALGROUPADD_OBJ)
@echo Linking $@
@$(CC) $(FLAGS) -o $@ $(LOCALGROUPADD_OBJ) $(LDFLAGS) $(DYNEXP) 
$(CMDLINE_LIBS)
diff --git a/source/lib/netapi/examples/localgroup/localgroup_enum.c 
b/source/lib/netapi/examples/group/group_getusers.c
similarity index 70%
copy from source/lib/netapi/examples/localgroup/localgroup_enum.c
copy to source/lib/netapi/examples/group/group_getusers.c
index 6fe0cf4..55d0717 100644
--- a/source/lib/netapi/examples/localgroup/localgroup_enum.c
+++ b/source/lib/netapi/examples/group/group_getusers.c
@@ -1,6 +1,6 @@
 /*
  *  Unix SMB/CIFS implementation.
- *  NetLocalGroupEnum query
+ *  NetGroupGetUsers query
  *  Copyright (C) Guenther Deschner 2008
  *
  *  This program is free software; you can redistribute it and/or modify
@@ -32,6 +32,7 @@ int main(int argc, const char **argv)
NET_API_STATUS status;
struct libnetapi_ctx *ctx = NULL;
const char *hostname = NULL;
+   const char *groupname = NULL;
uint32_t level = 0;
uint8_t *buffer = NULL;
uint32_t entries_read = 0;
@@ -39,8 +40,8 @@ int main(int argc, const

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3456-g09fed08

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  09fed085bea9dae5bb8aacd986deed3d458e3574 (commit)
  from  0298f7fe9e273a94d14b5b6ce3dbd5e6deee9ecb (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 09fed085bea9dae5bb8aacd986deed3d458e3574
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Wed Jul 30 16:59:11 2008 +0200

libwbclient: let wbcStringToSid handle the global NULL sid.

Guenther

---

Summary of changes:
 source/nsswitch/libwbclient/wbc_sid.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/nsswitch/libwbclient/wbc_sid.c 
b/source/nsswitch/libwbclient/wbc_sid.c
index 09bfc3e..324a19b 100644
--- a/source/nsswitch/libwbclient/wbc_sid.c
+++ b/source/nsswitch/libwbclient/wbc_sid.c
@@ -123,7 +123,7 @@ wbcErr wbcStringToSid(const char *str,
 
p = q+1;
x = (uint32_t)strtol(p, q, 10);
-   if (x==0 || !q || *q!='-') {
+   if (!q || *q!='-') {
wbc_status = WBC_ERR_INVALID_SID;
BAIL_ON_WBC_ERROR(wbc_status);
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2775-gfba8506

2008-07-30 Thread Günther Deschner

The branch, v3-2-test has been updated
   via  fba8506112938bf714c06da08e0e0725a7eecf3a (commit)
  from  3a3640a85daa1a85415c949f9c2b804b4f067dd7 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit fba8506112938bf714c06da08e0e0725a7eecf3a
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Wed Jul 30 16:59:11 2008 +0200

libwbclient: let wbcStringToSid handle the global NULL sid.

Guenther
(cherry picked from commit 09fed085bea9dae5bb8aacd986deed3d458e3574)

---

Summary of changes:
 source/nsswitch/libwbclient/wbc_sid.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/nsswitch/libwbclient/wbc_sid.c 
b/source/nsswitch/libwbclient/wbc_sid.c
index 4bfd62c..ca5eab4 100644
--- a/source/nsswitch/libwbclient/wbc_sid.c
+++ b/source/nsswitch/libwbclient/wbc_sid.c
@@ -124,7 +124,7 @@ wbcErr wbcStringToSid(const char *str,
 
p = q+1;
x = (uint32_t)strtol(p, q, 10);
-   if (x==0 || !q || *q!='-') {
+   if (!q || *q!='-') {
wbc_status = WBC_ERR_INVALID_SID;
BAIL_ON_WBC_ERROR(wbc_status);
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3457-g0c1efc6

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  0c1efc6c89b1a51a94d10971bf0fc515416709b3 (commit)
  from  09fed085bea9dae5bb8aacd986deed3d458e3574 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 0c1efc6c89b1a51a94d10971bf0fc515416709b3
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Tue Jul 29 12:08:47 2008 +0200

winbindd: handle trusted domains without sid.

Guenther

---

Summary of changes:
 source/winbindd/winbindd_ads.c   |   12 ++--
 source/winbindd/winbindd_cache.c |9 +++--
 2 files changed, 17 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/winbindd/winbindd_ads.c b/source/winbindd/winbindd_ads.c
index 5e3d5d2..097fa39 100644
--- a/source/winbindd/winbindd_ads.c
+++ b/source/winbindd/winbindd_ads.c
@@ -1241,13 +1241,21 @@ static NTSTATUS trusted_domains(struct winbindd_domain 
*domain,

(*names)[ret_count] = CONST_DISCARD(char *, 
trusts.array[i].netbios_name);
(*alt_names)[ret_count] = CONST_DISCARD(char *, 
trusts.array[i].dns_name);
-   sid_copy((*dom_sids)[ret_count], trusts.array[i].sid);
+   if (trusts.array[i].sid) {
+   sid_copy((*dom_sids)[ret_count], 
trusts.array[i].sid);
+   } else {
+   sid_copy((*dom_sids)[ret_count], 
global_sid_NULL);
+   }
 
/* add to the trusted domain cache */
 
fstrcpy( d.name,  trusts.array[i].netbios_name);
fstrcpy( d.alt_name, trusts.array[i].dns_name);
-   sid_copy( d.sid, trusts.array[i].sid);
+   if (trusts.array[i].sid) {
+   sid_copy( d.sid, trusts.array[i].sid);
+   } else {
+   sid_copy((*dom_sids)[ret_count], 
global_sid_NULL);
+   }
 
if ( domain-primary ) {
DEBUG(10,(trusted_domains(ads):  Searching 
diff --git a/source/winbindd/winbindd_cache.c b/source/winbindd/winbindd_cache.c
index 6040371..c9d857c 100644
--- a/source/winbindd/winbindd_cache.c
+++ b/source/winbindd/winbindd_cache.c
@@ -2072,7 +2072,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain 
*domain,
for (i=0; i(*num_domains); i++) {
(*names)[i] = centry_string(centry, mem_ctx);
(*alt_names)[i] = centry_string(centry, mem_ctx);
-   centry_sid(centry, mem_ctx, (*dom_sids)[i]);
+   if (!centry_sid(centry, mem_ctx, (*dom_sids)[i])) {
+   sid_copy((*dom_sids)[i], global_sid_NULL);
+   }
}
 
status = centry-status;
@@ -3543,8 +3545,11 @@ static bool add_wbdomain_to_tdc_array( struct 
winbindd_domain *new_dom,
list[idx].domain_name = talloc_strdup( list, new_dom-name );
list[idx].dns_name = talloc_strdup( list, new_dom-alt_name );
 
-   if ( !is_null_sid( new_dom-sid ) )
+   if ( !is_null_sid( new_dom-sid ) ) {
sid_copy( list[idx].sid, new_dom-sid );
+   } else {
+   sid_copy(list[idx].sid, global_sid_NULL);
+   }
 
if ( new_dom-domain_flags != 0x0 )
list[idx].trust_flags = new_dom-domain_flags;  


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2776-g4f5255d

2008-07-30 Thread Günther Deschner

The branch, v3-2-test has been updated
   via  4f5255d1e5025c4c9ebb0b1f22d800e26bcdfb7f (commit)
  from  fba8506112938bf714c06da08e0e0725a7eecf3a (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 4f5255d1e5025c4c9ebb0b1f22d800e26bcdfb7f
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Tue Jul 29 12:08:47 2008 +0200

winbindd: handle trusted domains without sid.

Guenther
(cherry picked from commit 0c1efc6c89b1a51a94d10971bf0fc515416709b3)

---

Summary of changes:
 source/winbindd/winbindd_ads.c   |   12 ++--
 source/winbindd/winbindd_cache.c |9 +++--
 2 files changed, 17 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/winbindd/winbindd_ads.c b/source/winbindd/winbindd_ads.c
index 35ffe70..64b5ce7 100644
--- a/source/winbindd/winbindd_ads.c
+++ b/source/winbindd/winbindd_ads.c
@@ -1241,13 +1241,21 @@ static NTSTATUS trusted_domains(struct winbindd_domain 
*domain,

(*names)[ret_count] = CONST_DISCARD(char *, 
trusts.array[i].netbios_name);
(*alt_names)[ret_count] = CONST_DISCARD(char *, 
trusts.array[i].dns_name);
-   sid_copy((*dom_sids)[ret_count], trusts.array[i].sid);
+   if (trusts.array[i].sid) {
+   sid_copy((*dom_sids)[ret_count], 
trusts.array[i].sid);
+   } else {
+   sid_copy((*dom_sids)[ret_count], 
global_sid_NULL);
+   }
 
/* add to the trusted domain cache */
 
fstrcpy( d.name,  trusts.array[i].netbios_name);
fstrcpy( d.alt_name, trusts.array[i].dns_name);
-   sid_copy( d.sid, trusts.array[i].sid);
+   if (trusts.array[i].sid) {
+   sid_copy( d.sid, trusts.array[i].sid);
+   } else {
+   sid_copy((*dom_sids)[ret_count], 
global_sid_NULL);
+   }
 
if ( domain-primary ) {
DEBUG(10,(trusted_domains(ads):  Searching 
diff --git a/source/winbindd/winbindd_cache.c b/source/winbindd/winbindd_cache.c
index dda8b03..3b2b9aa 100644
--- a/source/winbindd/winbindd_cache.c
+++ b/source/winbindd/winbindd_cache.c
@@ -2078,7 +2078,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain 
*domain,
for (i=0; i(*num_domains); i++) {
(*names)[i] = centry_string(centry, mem_ctx);
(*alt_names)[i] = centry_string(centry, mem_ctx);
-   centry_sid(centry, mem_ctx, (*dom_sids)[i]);
+   if (!centry_sid(centry, mem_ctx, (*dom_sids)[i])) {
+   sid_copy((*dom_sids)[i], global_sid_NULL);
+   }
}
 
status = centry-status;
@@ -3549,8 +3551,11 @@ static bool add_wbdomain_to_tdc_array( struct 
winbindd_domain *new_dom,
list[idx].domain_name = talloc_strdup( list, new_dom-name );
list[idx].dns_name = talloc_strdup( list, new_dom-alt_name );
 
-   if ( !is_null_sid( new_dom-sid ) )
+   if ( !is_null_sid( new_dom-sid ) ) {
sid_copy( list[idx].sid, new_dom-sid );
+   } else {
+   sid_copy(list[idx].sid, global_sid_NULL);
+   }
 
if ( new_dom-domain_flags != 0x0 )
list[idx].trust_flags = new_dom-domain_flags;  


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3458-g5106253

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  51062534fd58d7a914a6bbac2e52bb44e71363b7 (commit)
  from  0c1efc6c89b1a51a94d10971bf0fc515416709b3 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 51062534fd58d7a914a6bbac2e52bb44e71363b7
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Wed Jul 30 17:47:40 2008 +0200

build: fix some no previous prototype warnings.

Guenther

---

Summary of changes:
 source/libnet/libnet_samsync.c |2 +-
 source/nsswitch/winbind_krb5_locator.c |   20 ++--
 2 files changed, 11 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/libnet/libnet_samsync.c b/source/libnet/libnet_samsync.c
index 4f2a8f9..daf27ff 100644
--- a/source/libnet/libnet_samsync.c
+++ b/source/libnet/libnet_samsync.c
@@ -22,7 +22,7 @@
 
 
 #include includes.h
-#include libnet/libnet_samsync.h
+#include libnet/libnet.h
 
 /**
  * Decrypt and extract the user's passwords.
diff --git a/source/nsswitch/winbind_krb5_locator.c 
b/source/nsswitch/winbind_krb5_locator.c
index 33a68f0..990c2ca 100644
--- a/source/nsswitch/winbind_krb5_locator.c
+++ b/source/nsswitch/winbind_krb5_locator.c
@@ -222,8 +222,8 @@ static krb5_error_code smb_krb5_locator_call_cbfunc(const 
char *name,
  * @return krb5_error_code.
  */
 
-krb5_error_code smb_krb5_locator_init(krb5_context context,
- void **private_data)
+static krb5_error_code smb_krb5_locator_init(krb5_context context,
+void **private_data)
 {
return 0;
 }
@@ -236,7 +236,7 @@ krb5_error_code smb_krb5_locator_init(krb5_context context,
  * @return void.
  */
 
-void smb_krb5_locator_close(void *private_data)
+static void smb_krb5_locator_close(void *private_data)
 {
return;
 }
@@ -292,13 +292,13 @@ static bool ask_winbind(const char *realm, char **dcname)
  * @return krb5_error_code.
  */
 
-krb5_error_code smb_krb5_locator_lookup(void *private_data,
-   enum locate_service_type svc,
-   const char *realm,
-   int socktype,
-   int family,
-   int (*cbfunc)(void *, int, struct 
sockaddr *),
-   void *cbdata)
+static krb5_error_code smb_krb5_locator_lookup(void *private_data,
+  enum locate_service_type svc,
+  const char *realm,
+  int socktype,
+  int family,
+  int (*cbfunc)(void *, int, 
struct sockaddr *),
+   void *cbdata)
 {
krb5_error_code ret;
struct addrinfo aihints;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3459-gfef5809

2008-07-30 Thread Günther Deschner

The branch, v3-3-test has been updated
   via  fef58091408cce0d7870c86f28f78cf9400cf2b6 (commit)
  from  51062534fd58d7a914a6bbac2e52bb44e71363b7 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit fef58091408cce0d7870c86f28f78cf9400cf2b6
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Wed Jul 30 19:03:13 2008 +0200

rpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx 
wrapper.

Guenther

---

Summary of changes:
 source/rpc_client/cli_netlogon.c |   15 ++-
 1 files changed, 6 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index e96d724..df87ed1 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -453,8 +453,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct 
rpc_pipe_client *cli,
union netr_Validation validation;
struct netr_ChallengeResponse lm;
struct netr_ChallengeResponse nt;
-   struct netr_UserSessionKey user_session_key;
-   struct netr_LMSessionKey lmsesskey;
uint32_t flags = 0;
 
*info3 = NULL;
@@ -526,15 +524,14 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct 
rpc_pipe_client *cli,
return result;
}
 
-   user_session_key = validation.sam3-base.key;
-   lmsesskey = validation.sam3-base.LMSessKey;
-
-   if (memcmp(zeros, user_session_key.key, 16) != 0) {
-   SamOEMhash(user_session_key.key, cli-dc-sess_key, 16);
+   if (memcmp(zeros, validation.sam3-base.key.key, 16) != 0) {
+   SamOEMhash(validation.sam3-base.key.key,
+  cli-dc-sess_key, 16);
}
 
-   if (memcmp(zeros, lmsesskey.key, 8) != 0) {
-   SamOEMhash(lmsesskey.key, cli-dc-sess_key, 8);
+   if (memcmp(zeros, validation.sam3-base.LMSessKey.key, 8) != 0) {
+   SamOEMhash(validation.sam3-base.LMSessKey.key,
+  cli-dc-sess_key, 8);
}
 
*info3 = validation.sam3;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2777-g4f62fa5

2008-07-30 Thread Günther Deschner

The branch, v3-2-test has been updated
   via  4f62fa50c7d542db4a2b8976d85da590194203f0 (commit)
  from  4f5255d1e5025c4c9ebb0b1f22d800e26bcdfb7f (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 4f62fa50c7d542db4a2b8976d85da590194203f0
Author: GÃ¼nther Deschner [EMAIL PROTECTED]
Date:   Wed Jul 30 19:03:13 2008 +0200

rpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx 
wrapper.

Guenther
(cherry picked from commit fef58091408cce0d7870c86f28f78cf9400cf2b6)

---

Summary of changes:
 source/rpc_client/cli_netlogon.c |   15 ++-
 1 files changed, 6 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_client/cli_netlogon.c b/source/rpc_client/cli_netlogon.c
index 38ff41c..de45e71 100644
--- a/source/rpc_client/cli_netlogon.c
+++ b/source/rpc_client/cli_netlogon.c
@@ -544,8 +544,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct 
rpc_pipe_client *cli,
union netr_Validation validation;
struct netr_ChallengeResponse lm;
struct netr_ChallengeResponse nt;
-   struct netr_UserSessionKey user_session_key;
-   struct netr_LMSessionKey lmsesskey;
uint32_t flags = 0;
 
*info3 = NULL;
@@ -617,15 +615,14 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct 
rpc_pipe_client *cli,
return result;
}
 
-   user_session_key = validation.sam3-base.key;
-   lmsesskey = validation.sam3-base.LMSessKey;
-
-   if (memcmp(zeros, user_session_key.key, 16) != 0) {
-   SamOEMhash(user_session_key.key, cli-dc-sess_key, 16);
+   if (memcmp(zeros, validation.sam3-base.key.key, 16) != 0) {
+   SamOEMhash(validation.sam3-base.key.key,
+  cli-dc-sess_key, 16);
}
 
-   if (memcmp(zeros, lmsesskey.key, 8) != 0) {
-   SamOEMhash(lmsesskey.key, cli-dc-sess_key, 8);
+   if (memcmp(zeros, validation.sam3-base.LMSessKey.key, 8) != 0) {
+   SamOEMhash(validation.sam3-base.LMSessKey.key,
+  cli-dc-sess_key, 8);
}
 
*info3 = validation.sam3;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3463-ge92faf5

2008-07-30 Thread Jeremy Allison

The branch, v3-3-test has been updated
   via  e92faf5996cadac480deb60a4f6232eea90b00f6 (commit)
   via  f6411ccb4a1530034e481e1c63b6114a93317b29 (commit)
   via  8d75d40b9f6d22bae7430211f8a1fe99051b756c (commit)
   via  668ef314559df40f1b8aa0991539adcd8d35ffe3 (commit)
  from  fef58091408cce0d7870c86f28f78cf9400cf2b6 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit e92faf5996cadac480deb60a4f6232eea90b00f6
Author: Tim Prouty [EMAIL PROTECTED]
Date:   Wed Jul 23 20:50:21 2008 -0700

Enabled domain groups to be added to builtin groups at domain join time

Previously this was done at token creation time if the Administrators and 
Users
builtins hadn't been created yet.  A major drawback to this approach is 
that if
a customer is joined to a domain and decides they want to join a different
domain, the domain groups from this new domain will not be added to the
builtins.

It would be ideal if these groups could be added exclusively at domain join
time, but we can't rely solely on that because there are cases where 
winbindd
must be running to allocate new gids for the builtins.  In the future if 
there
is a way to allocate gids for builtins without running winbindd, this code
can be removed from create_local_nt_token.

- Made create_builtin_users and create_builtin_administrators non-static so
they can be called from libnet
- Added a new function to libnet_join that will make a best effort to add
domain administrators and domain users to BUILTIN\Administrators and
BUILTIN\Users, respectively.  If the builtins don't exist yet, winbindd 
must be
running to allocate new gids, but if the builtins already exist, the domain
groups will be added even if winbindd is not running.  In the case of a
failure the error will be logged, but the join will not be failed.
- Plumbed libnet_join_add_dom_rids_to_builtins into the join post 
processing.

commit f6411ccb4a1530034e481e1c63b6114a93317b29
Author: Tim Prouty [EMAIL PROTECTED]
Date:   Wed Jul 23 20:42:32 2008 -0700

Refactored the code that adds Domain Admins to BUILTIN\Administrators to 
use the new helper functions.

- Modified create_builtin_administrators and add_builtin_administrators to 
take
in the domain sid to reduce the number of times it needs to be looked up.
- Changed create_builtin_administrators to call the new helper functions.
- Changed create_local_nt_token to call the new version of
create_builtin_administrators and handle the new error that can be returned.
- Made it more explicit that add_builtin_administrators is only called when
winbindd can't be pinged.

commit 8d75d40b9f6d22bae7430211f8a1fe99051b756c
Author: Tim Prouty [EMAIL PROTECTED]
Date:   Wed Jul 23 20:33:15 2008 -0700

Refactored the code that adds Domain Users to BUILTIN\Users to use the new 
helper functions.

- Modified create_builtin_users to take in the domain sid to reduce the 
number
of times it needs to be looked up.
- Changed create_builtin_users to call the new helper functions.
- Changed create_local_nt_token to call the new version of 
create_builtin_users
and handle the new error that can be returned.

commit 668ef314559df40f1b8aa0991539adcd8d35ffe3
Author: Tim Prouty [EMAIL PROTECTED]
Date:   Wed Jul 23 20:24:39 2008 -0700

Helper functions to enable domain groups to be added to builtin groups at 
domain join time

Added two new helper functions which wrap the raw pdb alias functions so 
they
can be more conveniently called while adding domain groups to builtin 
groups.

---

Summary of changes:
 source/auth/token_util.c|  154 +++
 source/include/proto.h  |2 +
 source/libnet/libnet_join.c |   33 +
 3 files changed, 146 insertions(+), 43 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/auth/token_util.c b/source/auth/token_util.c
index cd67c2a..e5b9e1b 100644
--- a/source/auth/token_util.c
+++ b/source/auth/token_util.c
@@ -165,7 +165,8 @@ done:
 /***
 ***/
 
-static NTSTATUS add_builtin_administrators( struct nt_user_token *token )
+static NTSTATUS add_builtin_administrators(struct nt_user_token *token,
+  const DOM_SID *dom_sid)
 {
DOM_SID domadm;
NTSTATUS status;
@@ -181,8 +182,7 @@ static NTSTATUS add_builtin_administrators( struct 
nt_user_token *token )
if ( IS_DC ) {
sid_copy( domadm, get_global_sam_sid() );
} else {
-   if ( !secrets_fetch_domain_sid( lp_workgroup(), domadm ) )
-   return

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3464-gca15313

2008-07-30 Thread Jeremy Allison

The branch, v3-3-test has been updated
   via  ca153139b1dced07c196aac93dbc9d9428d98124 (commit)
  from  e92faf5996cadac480deb60a4f6232eea90b00f6 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit ca153139b1dced07c196aac93dbc9d9428d98124
Author: Tim Prouty [EMAIL PROTECTED]
Date:   Wed Jul 30 09:35:13 2008 -0700

Removed redundant logging from create_builtin_users and 
create_builtin_administrators

The Debug messages in create_builtin_users and create_builtin_users have now
been encapsulated in add_sid_to_builtin.

---

Summary of changes:
 source/auth/token_util.c |   20 
 1 files changed, 4 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/auth/token_util.c b/source/auth/token_util.c
index e5b9e1b..d6cd2ea 100644
--- a/source/auth/token_util.c
+++ b/source/auth/token_util.c
@@ -252,7 +252,7 @@ static NTSTATUS add_sid_to_builtin(const DOM_SID 
*builtin_sid,
}
 
if (!NT_STATUS_IS_OK(status)) {
-   DEBUG(3, (add_sid_to_builtin %s could not be added to %s: 
+   DEBUG(4, (add_sid_to_builtin %s could not be added to %s: 
  %s\n, sid_string_dbg(dom_sid),
  sid_string_dbg(builtin_sid), nt_errstr(status)));
}
@@ -279,14 +279,9 @@ NTSTATUS create_builtin_users(const DOM_SID *dom_sid)
{
status = add_sid_to_builtin(global_sid_Builtin_Users,
dom_users);
-   if ( !NT_STATUS_IS_OK(status) ) {
-   DEBUG(4,(create_builtin_administrators: Failed to add 
Domain Users to
-Users\n));
-   return status;
-   }
}
 
-   return NT_STATUS_OK;
+   return status;
 }
 
 /***
@@ -313,9 +308,7 @@ NTSTATUS create_builtin_administrators(const DOM_SID 
*dom_sid)
{
status = add_sid_to_builtin(global_sid_Builtin_Administrators,
dom_admins);
-   if ( !NT_STATUS_IS_OK(status) ) {
-   DEBUG(4,(create_builtin_administrators: Failed to add 
Domain Admins
-Administrators\n));
+   if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
@@ -332,14 +325,9 @@ NTSTATUS create_builtin_administrators(const DOM_SID 
*dom_sid)
if ( ret ) {
status = add_sid_to_builtin(global_sid_Builtin_Administrators,
root_sid);
-   if ( !NT_STATUS_IS_OK(status) ) {
-   DEBUG(4,(create_builtin_administrators: Failed to add 
root
-Administrators\n));
-   return status;
-   }
}
 
-   return NT_STATUS_OK;
+   return status;
 }
 
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3465-g6da3379

2008-07-30 Thread Jeremy Allison

The branch, v3-3-test has been updated
   via  6da33797b0549a2da7dc0fa7ee21dc5e8a6b1459 (commit)
  from  ca153139b1dced07c196aac93dbc9d9428d98124 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 6da33797b0549a2da7dc0fa7ee21dc5e8a6b1459
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Wed Jul 30 15:01:33 2008 -0700

Fix duplicate gloabl warning.
Jeremy.

---

Summary of changes:
 source/rpc_server/srv_pipe_hnd.c |2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c
index bc6d180..3968d41 100644
--- a/source/rpc_server/srv_pipe_hnd.c
+++ b/source/rpc_server/srv_pipe_hnd.c
@@ -61,7 +61,7 @@ static struct bitmap *bmap;
  * system _anyway_.  so that's the next step...
  */
 
-static int close_internal_rpc_pipe_hnd(struct pipes_struct *pipe);
+static int close_internal_rpc_pipe_hnd(struct pipes_struct *p);
 
 /
  Internal Pipe iterator functions.


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3466-g1db7e00

2008-07-30 Thread Jeremy Allison

The branch, v3-3-test has been updated
   via  1db7e00a5400863fd5dbb81c1a4c6ea6092d0495 (commit)
  from  6da33797b0549a2da7dc0fa7ee21dc5e8a6b1459 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -
commit 1db7e00a5400863fd5dbb81c1a4c6ea6092d0495
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Wed Jul 30 16:06:30 2008 -0700

Fix uninitialized variables.
Jeremy.

---

Summary of changes:
 source/lib/netapi/cm.c  |2 +-
 source/libads/kerberos_keytab.c |1 +
 2 files changed, 2 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/netapi/cm.c b/source/lib/netapi/cm.c
index 8eaabb3..8ea31e5 100644
--- a/source/lib/netapi/cm.c
+++ b/source/lib/netapi/cm.c
@@ -165,7 +165,7 @@ WERROR libnetapi_open_pipe(struct libnetapi_ctx *ctx,
   const struct ndr_syntax_id *interface,
   struct rpc_pipe_client **presult)
 {
-   struct rpc_pipe_client *result;
+   struct rpc_pipe_client *result = NULL;
NTSTATUS status;
 
if (!cli || !presult) {
diff --git a/source/libads/kerberos_keytab.c b/source/libads/kerberos_keytab.c
index 87b8555..77a50e4 100644
--- a/source/libads/kerberos_keytab.c
+++ b/source/libads/kerberos_keytab.c
@@ -276,6 +276,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char 
*srvPrinc)
ret = -1;
goto out;
}
+   ZERO_STRUCT(password);
password.data = password_s;
password.length = strlen(password_s);
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2778-g5fb17b8

2008-07-30 Thread Jeremy Allison

The branch, v3-2-test has been updated
   via  5fb17b866642a9f971cce6d9f228b4d52618e42b (commit)
  from  4f62fa50c7d542db4a2b8976d85da590194203f0 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test


- Log -
commit 5fb17b866642a9f971cce6d9f228b4d52618e42b
Author: Jeremy Allison [EMAIL PROTECTED]
Date:   Wed Jul 30 16:22:16 2008 -0700

Fix uninitialized variable.
Jeremy.

---

Summary of changes:
 source/libads/kerberos_keytab.c |1 +
 1 files changed, 1 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/libads/kerberos_keytab.c b/source/libads/kerberos_keytab.c
index d0161ad..ab6d1d3 100644
--- a/source/libads/kerberos_keytab.c
+++ b/source/libads/kerberos_keytab.c
@@ -256,6 +256,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char 
*srvPrinc)
ret = -1;
goto out;
}
+   ZERO_STRUCT(password);
password.data = password_s;
password.length = strlen(password_s);
 


-- 
Samba Shared Repository

Build status as of Thu Jul 31 00:00:02 2008

2008-07-30 Thread build

URL: http://build.samba.org/

--- /home/build/master/cache/broken_results.txt.old 2008-07-30 
00:00:16.0 +
+++ /home/build/master/cache/broken_results.txt 2008-07-31 00:00:41.0 
+
@@ -1,4 +1,4 @@
-Build status as of Wed Jul 30 00:00:02 2008
+Build status as of Thu Jul 31 00:00:02 2008
 
 Build counts:
 Tree Total  Broken Panic 
@@ -8,13 +8,13 @@
 distcc   1  0  0 
 ldb  35 34 0 
 libreplace   33 12 0 
-lorikeet-heimdal 27 20 0 
-pidl 19 19 0 
-ppp  12 0  0 
-rsync35 11 0 
+lorikeet-heimdal 27 21 0 
+pidl 18 18 0 
+ppp  11 0  0 
+rsync35 12 0 
 samba-docs   0  0  0 
 samba-gtk6  6  0 
-samba_3_2_test 35 21 0 
+samba_3_2_test 34 20 0 
 samba_4_0_test 33 29 0 
 smb-build32 5  0 
 talloc   35 7  0

62 matches

Mail list logo