Re: [Samba] roaming profiles and folder redirection: programs 'not responding'
Heiko, I suggest you concentrate on the re-directed folders - not the roaming profile - because the roaming profile is copied to the local hard disc when you log on - so throughout your session it is locally stored. You might try un-directing your re-directed folders one at a time (over a period of a week) to see which one appears to be affecting performance. Regards, David Collins On Sun, 2008-08-10 at 13:34 +0200, Heiko Harders wrote: Hello, I've setup a PDC with Samba 3.0.31 and I am testing on a Windows Vista box (64 bits version). Often I get the message of programs that they are not responding and it takes about half a minute before I can use them again. Especially Mozilla Firefox has this problem often (allthough I'm using this program the most, so it is also the most obvious). I am using roaming profiles with folder redirection. I excluded all folders from the profile through a registry setting and redirected all folders in the user shell folders to network drivers, except the folders that appear in 'AppData/Local' (so the local, machine dependent settings are excluded from the profile and they are located on the local disk of the computer). Does anyone recognize these problems? Does anyone know a solution, or the best way to troubleshoot this? My roaming profiles are working fine otherwise, all settings are nicely stored in the profile, I don't get any error messages and the user has the proper rights to write to any network drive that is needed for this user. Also I have no problems with the network connection. I detected no packet loss and the response time is fast (tried pinging to the server while the problem occured, average time was 0 ms and 0% packet loss). The problem is by far not occuring as much when I'm logged in using a local profile on the machine, so I think it must be some problem with the PDC connecting with Vista. Greetings, Heiko -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 'getent passwd' shows duplicate user accounts
Hello, I am setting up an LDAP Samba server, and have migrated all the local posix account info into it as well as creating the smb account info. I have now set up this server to use LDAP for authentication (rather than /etc/passwd, etc.) like so ... sudo apt-get --yes install ldap-auth-client sudo auth-client-config -a -p lac_ldap When testing the result with 'getent passwd', I see all the LDAP user accounts, but it seems the info in /etc/passwd file is also reported. Is this normal? The following shows the output from getent (note that 'bin' and 'daemon' for example are repeated) and further down is the list of user accounts in LDAP. $ getent passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh dhcp:x:101:102::/nonexistent:/bin/false syslog:x:102:103::/home/syslog:/bin/false klog:x:103:104::/home/klog:/bin/false hplip:x:104:7:HPLIP system user,,,:/var/run/hplip:/bin/false avahi-autoipd:x:105:113:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false gdm:x:106:114:Gnome Display Manager:/var/lib/gdm:/bin/false messagebus:x:107:116::/var/run/dbus:/bin/false avahi:x:108:117:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false polkituser:x:109:119:PolicyKit,,,:/var/run/PolicyKit:/bin/false haldaemon:x:110:120:Hardware abstraction layer,,,:/var/run/hald:/bin/false linux:x:1000:1000:linux,,,:/home/linux:/bin/bash openldap:x:111:122:OpenLDAP Server Account,,,:/var/lib/ldap:/bin/false root:x:0:0:Netbios Domain Administrator:/home/root:/bin/false nobody:x:65534:65534:nobody:/nonexistent:/bin/sh david:x:1003:513:David:/home/david:/bin/bash frank:x:1004:513:System User:/home/frank:/bin/bash fred:x:1005:513:System User:/home/fred:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh libuuid:x:100:101:libuuid:/var/lib/libuuid:/bin/sh dhcp:x:101:102:dhcp:/nonexistent:/bin/false syslog:x:102:103:syslog:/home/syslog:/bin/false klog:x:103:104:klog:/home/klog:/bin/false hplip:x:104:7:HPLIP system user,,,:/var/run/hplip:/bin/false avahi-autoipd:x:105:113:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false gdm:x:106:114:Gnome Display Manager:/var/lib/gdm:/bin/false messagebus:x:107:116:messagebus:/var/run/dbus:/bin/false avahi:x:108:117:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false polkituser:x:109:119:PolicyKit,,,:/var/run/PolicyKit:/bin/false haldaemon:x:110:120:Hardware abstraction layer,,,:/var/run/hald:/bin/false openldap:x:111:122:OpenLDAP Server Account,,,:/var/lib/ldap:/bin/false $ ldapsearch -xLLL -b ou=Users,dc=collins | grep dn: dn: ou=Users,dc=collins dn: uid=root,ou=Users,dc=collins dn: uid=nobody,ou=Users,dc=collins dn: uid=linux,ou=Users,dc=collins dn: uid=david,ou=Users,dc=collins dn: uid=frank,ou=Users,dc=collins dn: uid=fred,ou=Users,dc=collins dn: uid=daemon,ou=Users,dc=collins dn: uid=bin,ou=Users,dc=collins dn: uid=sys,ou=Users,dc=collins dn: uid=sync,ou=Users,dc=collins dn: uid=games,ou=Users,dc=collins dn: uid=man,ou=Users,dc=collins dn: uid=lp,ou=Users,dc=collins dn: uid=mail,ou=Users,dc=collins dn: uid=news,ou=Users,dc=collins dn: uid=uucp,ou=Users,dc=collins dn: uid=proxy,ou=Users,dc=collins dn: uid=www-data,ou=Users,dc=collins dn: uid=backup,ou=Users,dc=collins dn: uid=list,ou=Users,dc=collins dn: uid=irc,ou=Users,dc=collins dn: uid=gnats,ou=Users,dc=collins dn: uid=libuuid,ou=Users,dc=collins dn: uid=dhcp,ou=Users,dc=collins dn: uid=syslog,ou=Users,dc=collins dn: uid=klog,ou=Users,dc=collins dn: uid=hplip,ou=Users,dc=collins dn: uid=avahi-autoipd,ou=Users,dc=collins dn: uid=gdm,ou=Users,dc=collins dn: uid=messagebus,ou=Users,dc=collins dn: uid=avahi,ou=Users,dc=collins dn: uid=polkituser,ou=Users,dc=collins dn: uid=haldaemon,ou=Users,dc=collins dn: uid=openldap,ou=Users,dc=collins Regards,
Re: [Samba] 'getent passwd' shows duplicate user accounts
Hi, David Collins schrieb: Hello, I am setting up an LDAP Samba server, and have migrated all the local posix account info into it as well as creating the smb account info. I have now set up this server to use LDAP for authentication (rather than /etc/passwd, etc.) like so ... sudo apt-get --yes install ldap-auth-client sudo auth-client-config -a -p lac_ldap When testing the result with 'getent passwd', I see all the LDAP user accounts, but it seems the info in /etc/passwd file is also reported. Is this normal? Have a look at your /etc/nsswitch.conf. If it contains something like this: passwd: files ldap group: files ldap shadow: files ldap (while 'files' could also read 'compat') it is indeed normal and normally it should be left this way so you have authentication during system startup before ldap becomes available. Cheers, André -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to map windows to unix groups
Thank you very much indeed. This thread should be closed JC DOLE Selon Douglas VanLeuven [EMAIL PROTECTED]: When you do getent group you're getting what's in the local /etc/group and what's defined in the ldap group membership. See gidNumber above. Using /etc/nsswitch.conf to define ldap lookups extends the /etc/passwd and /etc/group membership so passwd and group uid/gid's can be defined system wide and used by any unix machine. So yes. Users belonging to group 512 are Domain Admins. You need to add users to this group when you want them to have related security privileges. You should be able to chgrp 512 filename and have it show as Domain Admins when you ls the directory. I haven't used the smbldap tools package, but it looks like the most common windows groups have already been defined for you. All you need to do is avoid using the ldap passwd group uid/gids in the local files. Yast tools will probably not allow you to generate duplicates. And yes, you only need to map groups when the unix name doesn't match the windows name and you don't want samba to create the account on the fly using whatever idmap backend you pick. Your idmap backend should probably be idmap_ldap and accounts generated then become available system wide using the same uid/gid's and network file sharing offers the same membership security regardless of client machine access. This is probably in a FAQ somewhere where the answer would be more structured. I use the following to resolve my issues: http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/ http://us6.samba.org/samba/docs/man/Samba-Guide/ Since samba is evolving almost daily, sometime the Howto syntax has been modified in the current manifestation of the command. Always refer to the current command documentation to resolve any discrepancies. Doug [EMAIL PROTECTED] wrote: As I said, I did a fresh install of opensuse 10.3, samba, ldap. During the process, I filled the ldap database directly with an ldif file built using smbldap tools. (one item in that file -- dn: cn=Domain Admins,ou=Groups,dc=ldap_hathor,dc=nwk objectClass: top objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: 512 cn: Domain Admins memberUid: root sambaSID: S-1-5-21-3134345319-2430187646-2919245149-512 sambaGroupType: 2 displayName: Domain Admins description: Netbios Domain Administrators #sambaPrimaryGroupSID: SID of the user group (512 = Admins group) #description: Netbios Domain Administrators ) So you mean by doing this it is not necessary to map the native existing unix group ntadmin (gid 71) with Domain Admins ? (ntadmin appear in /etc/group and Domain Admins not) Reading the samba documentation was not very clear for me. jcdole Selon Douglas VanLeuven [EMAIL PROTECTED]: It looks like you already have an existing unix group called Domain Admins being pulled in from ldap. When that is true, there is no need for groupmap and indeed it would appear it is illegal to map a windows group that matches an existing unix group to another unix group. Doug [EMAIL PROTECTED] wrote: Hello. After fresh install. Samba and ldap seems to run normally ( I can join win2k workstation to linux samba pdc ). Using yast I create a system group named domadmin But I am unable to map Domain Admins to domadmin I am unable to map Domain Admins to existing ntadmin group I am unable to mofify mapping Domain Admins to domadmin group Thank you for helping. LINUX-SRV: # net groupmap add ntgroup=Domain Admins unixgroup=domadmin rid=512 type=d adding entry for group Domain Admins failed! LINUX-SRV: # LINUX-SRV: # net groupmap add ntgroup=Domain Admins unixgroup=ntadmin rid=512 type=d adding entry for group Domain Admins failed! LINUX-SRV: # LINUX-SRV: # net groupmap modify ntgroup=Domain Admins unixgroup=domadmin Can't map to an unknown group type. LINUX-SRV: # LINUX-SRV:~ # net groupmap modify ntgroup=Domain Admins unixgroup=domadmin type=d Could not update group database LINUX-SRV: # LINUX-SRV:~ net groupmap list request done: ld 0x55c881e0 msgid 1 request done: ld 0x55c881e0 msgid 2 Domain Admins (S-1-5-21-3134345319-2430187646-2919245149-512) - Domain Admins request done: ld 0x55c881e0 msgid 3 Domain Users (S-1-5-21-3134345319-2430187646-2919245149-513) - Domain Users request done: ld 0x55c881e0 msgid 4 Domain Guests (S-1-5-21-3134345319-2430187646-2919245149-514) - Domain Guests request done: ld 0x55c881e0 msgid 5 Domain Computers (S-1-5-21-3134345319-2430187646-2919245149-515) - Domain Computers request done: ld 0x55c881e0 msgid 6 Administrators (S-1-5-32-544) - Administrators request done: ld 0x55c881e0 msgid 7 Account Operators (S-1-5-32-548) - Account Operators request done: ld 0x55c881e0 msgid 8 Print Operators (S-1-5-32-550) -
Re: [Samba] SMB over SSH tunnel
hi. thank you for reply. i enabled connection from firewall to windows server on 137/udp, 138/udp, 139/udp and 139/tcp. i tunnelled 137, 138 and 139 to windows server over SSH in putty. i switched off 'file and printer sharing in MS network' and it does not work? it behaves same way as i described it in my last email (i copy it below your email). any help please? regards, Wojtek kissg wrote: I think, you have to enable the following UDP ports on your firewall to use Samba: - 137/udp - 138/udp Also, you have to use WINS or DNS to resolve computer names, if you need to. You don't have to enable any other ports to use WINS. DNS runs on ports 53/tcp and 53/udp. Enable these ports on your firewall, and try to connect to your share from the remote machine. This worked for me through a VPN connection, I hope it will work for you, too. hi, i am trying to tunnel SMB over the SSH tunnel. but it does not work for me :-( could you advice me please? my setup is: - laptop with windows xp connected somewhere to internet; - gateway-firewall (ubuntu with shorewall) with public and local network address; - windows server (with local network address); i enabled tcp connections in shorewall (firewall) from gateway to windows server on port 139. i did try to do all the steps that are described in documents like http://www.security-hacks.com/2007/05/18/tunneling-smb-over-ssh-secure-file-sharing i also did other option by trying to uninstall 'file and printer sharing for ms networks' and i try to connect to map \\localhost\folder_name directly and tunnel local port 139 to the windows server port 139. it all does not work. i get either 'no path' message or i am asked about the user and password while 'maping the network drive' but whatever user password i provide the user/password window come back on and on. what can i try to make it work? please advice... best regards, Wojtek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'getent passwd' shows duplicate user accounts
Thanks for the advice, Andre. Yes, the lines do say 'files ldap'. I will leave it as is. On Mon, 2008-08-11 at 08:52 +0200, André Welter wrote: Hi, David Collins schrieb: Hello, I am setting up an LDAP Samba server, and have migrated all the local posix account info into it as well as creating the smb account info. I have now set up this server to use LDAP for authentication (rather than /etc/passwd, etc.) like so ... sudo apt-get --yes install ldap-auth-client sudo auth-client-config -a -p lac_ldap When testing the result with 'getent passwd', I see all the LDAP user accounts, but it seems the info in /etc/passwd file is also reported. Is this normal? Have a look at your /etc/nsswitch.conf. If it contains something like this: passwd: files ldap group: files ldap shadow: files ldap (while 'files' could also read 'compat') it is indeed normal and normally it should be left this way so you have authentication during system startup before ldap becomes available. Cheers, Andr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mutli-Homed Subnetting - Advice please
Hiya, Just a few questions left;) The setup I originally had in mind was three subnets, 172.20.0.0, 1.0 and 2.0 with the each NIC set up to serve one of the ranges. This obviously requires routing between the subnets. Alternatively, I guess I can bridge the NICs onto a single IP and use a central DHCP/DNS etc server as this will handle broadcasts and other stuff transparently. I'm sure as hell that the latter is easiest to set up but how have you set yours up? Cheers, Jools On Mon, 2008-07-28 at 19:11 -0400, Charlie wrote: On Mon, Jul 28, 2008 at 1:41 PM, [EMAIL PROTECTED] wrote: 1) I assume that as the NICs are on the same server (PDC WINS) the WINS server part of Samba will store both NIC IPs in the wins.dat file and that it'll answer WINS queries from both subnet without a problem. Dynamic data will be stored on the PDC so I assume this will be easy. Am I on safe ground here? My WINS servers have 2 to 6 NICs each. No problems there. 2) I plan to have a server on each subnet that will hold the static data and act as BDCs relieving the load on the PDC. Effectively, the content will be identical but as staff update data on one, is there a way of binding the server shares together so one updates the other. I know you can bind two drives on a unix box together with mount --bind. Has anyone tried binding two samba shares together? Is it easier to script an rsync -u . I would make one machine a WINS, DNS, and PDC server with no shares other than the logon share and possibly user homes. Then I'd set up two more servers that did nothing but share files, with 2 NICs in each. Many of my file servers have 4 NICs in them and work fine. Complexity is the enemy of reliability - I would avoid synchronizing shares and instead architect so that a single set of shares can be reached by all. NICs are cheaper than the time it takes to build reliable synchronized file shares. 3) Finally, I need to run login scripts based on group membership but with static data shares mounted on a different server depending on the subnet you're on. Any tips on stacking login scripts? Can samba do this. You can dynamically generate your logon scripts. See here: http://freshmeat.net/projects/exampleadvancedsambaloginscript/ Any hints and tips appreciated. I have limited time to do this and set up three web servers with limited time for testing but that's life. I've found keeping my PDC/logon servers separate from my heavy lifter file servers saves me much pain; I can work on login and authentication issues separately from load and permissions problems. I also use DHCP to set my windows clients to hybrid mode. option netbios-dd-server 192.168.0.1; option netbios-node-type 8; # 1B-node: Broadcast - no WINS # 2P-node: Peer - WINS only. # 4M-node: Mixed - broadcast, then WINS # 8H-node: Hybrid - WINS, then broadcast # It should be obvious that this is a bit-mapped value, more info in RFCs 1001 and 1002 You can really clog up a network fast with broadcast name resolution, so you want to restrict that as much as possible. --Charlie -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Fwd: [Samba] Supporting large file transfers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John Drescher wrote: On Wed, Aug 6, 2008 at 5:48 PM, Jeff L [EMAIL PROTECTED] wrote: Hi John, I removed the lines and it fixed the problem. Its weird because in the Oreily samba book they recommend using it? http://oreilly.com/catalog/samba/chapter/book/appb_02.html Probably because the book was written for a 2.2 or 2.4 kernel. The above link is a reference to the 1st edition. The third ed. was released about a year ago. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoErSIR7qMdg1EfYRAv8JAKDZDSYVzkp7RN8kDuXP9EUUBP+PGACdF096 FJyF4QohfgeNtZKWVz/Cmyo= =nxKK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer driver interface different
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Novosielski wrote: Had the same problem with the Aficio 350. You can just install the driver locally and not use the Samba spool at all (direct IP printing). That seems to be the best angle with my device. It's a shame, because it really ought to work. Does this driver contain a file names UNIDRV.DLL ? It's probably a difference in behavior between EMF and RAW printing. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoE4IIR7qMdg1EfYRAsuQAKDSLSGRTbxBMaUnM26ja2pCtdH0vwCeNBux GUUek3X1spX3HftY0v35yqU= =MFZ2 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB over SSH tunnel
2008/8/11 Wojtek Bogusz [EMAIL PROTECTED] hi. thank you for reply. i enabled connection from firewall to windows server on 137/udp, 138/udp, 139/udp and 139/tcp. i tunnelled 137, 138 and 139 to windows server over SSH in putty. i switched off 'file and printer sharing in MS network' and it does not work? it behaves same way as i described it in my last email (i copy it below your email). any help please? regards, Wojtek Try to enable file and printer sharing, it's needed to use Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbindd behaving oddly
Ok wow, Looks like the likewise solution is exactly what I've been looking for, as I've been developing an internal solution that was basically a stripped down samba that wouldn't conflict with any other existing samba installs. FYI, I threw my group membership settings in /etc/security/pam_winbind.conf with the following format: [global] require_membership_of=GROUP1 require_membership_of=GROUP2 and this worked just fine .. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2008 6:53 AM To: Glenn Bailey Cc: samba@lists.samba.org Subject: Re: [Samba] winbindd behaving oddly -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Glenn Bailey wrote: Hello folks, Been beating my head with an winbind and pam just behaving oddly. I have following various HOW-TO's, wiki's, and docs, and just can't seem to get past a wall. Here a some of the issues: If you just want desktop or server logins and not File/Print, you might want to try likewise-open (http://www.likewisesoftware.com/community/). - the 1st attempt at ssh'ing to a server gives me a 'Wrong Password' in the logs. Here's an exact snippet: Aug 6 18:45:40 mia21654bcu001 sshd[5371]: pam_winbind(sshd): request failed: Wrong Password, PAM error was Authentication failure (7), NT error was NT_STATUS_WRONG_PASSWORD I get this w/o even entering a password. If I break out and just hit it 2 more times it will lock the account out as expected. - require_membership_of seems to be flat out ignored. Works for me. but I define it in /etc/security/pam_winbind.conf authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass use_first_pass authrequired /lib/security/$ISA/pam_deny.so I stack pam_winbind before pam_unix account required /lib/security/$ISA/pam_unix.so account sufficient/lib/security/$ISA/pam_succeed_if.so uid 100 quiet account sufficient/lib/security/$ISA/pam_winbind.so use_first_pass account required /lib/security/$ISA/pam_permit.so Don't need use_first_pass passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/$ISA/pam_winbind.so use_first_pass passwordrequired /lib/security/$ISA/pam_deny.so need useauthtok and not use_first_pass here. session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session required /lib/security/$ISA/pam_winbind.so use_first_pass require_membership_of=some_group The require- option is enforced in auth and not session. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFInDO3IR7qMdg1EfYRAm7eAKC75KUD+LH4BJ5JmhoX2N87sPf/wQCg0qmt U3OgUlotANWOvyAWkLt+0mo= =M+6M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD on 2003R2 NT_STATUS_NO_SUCH_USER
Dear Help, We are in the process of setting up a new domain using Active Directory on Windows Server 2003R2. One of our goals was to use Active Directory for authentication on our AIX box (running version 6.1). I was able to successfully set up Kerberos, and the LDAP client to connect to our AD server so that you can now log in to the AIX box with users found in Active Directory. However, no matter what I try, I am unable to get Samba (also running on the same AIX box) to authenticate against the same AD server. Oh, and I'm running Samba 3.0.28 (from the AIX binaries available on the Samba website). When I try and connect from a test machine (running Windows XP SP2) I get the following in the logs (machine: Novel-Idea, username: test01, domain: TEST): check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2008/08/08 09:55:29, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2008/08/08 09:55:29, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/08 09:55:29, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/08 09:55:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/08 09:55:29, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/08 09:55:29, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [test01] - [test01] FAILED with error NT_STATUS_NO_SUCH_USER [2008/08/08 09:55:29, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE However, I can get successful results using wbinfo: From wbinfo -u: administrator guest support_388945a0 krbtgt test02 host_aixplay1 test01 testcopy From wbinfo -g: BUILTIN+administrators BUILTIN+users domain computers domain controllers schema admins enterprise admins domain admins domain users domain guests group policy creator owners dnsupdateproxy testgrp1 testgrp2 testgrp3 staff From wbinfo -a test01%password: plaintext password authentication succeeded challenge/response password authentication succeeded From wbinfo -K test01%password plaintext kerberos password authentication for [test01%password] succeeded (requ esting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 So, it makes me think that I'm missing something obvious in my smb.conf, but after searching around, I haven't found much. Any help would be greatly appreciated. See my configs below: SMB.CONF # Global parameters [global] workgroup = TEST realm = TEST.LOCAL security = ADS encrypt passwords = yes password server = IP.OF.AD.SERVER log level = 3 log file = /opt/pware/samba/3.0.28/var/log.%m max log size = 50 # idmap backend = ad # idmap uid = 10-4000 # idmap gid = 10-4000 idmap domains = TEST idmap config TEST:backend = ad idmap config TEST:default = yes idmap config TEST:schema_mode = rfc2307 idmap config DOMAIN:range = 10-4000 # auth methods = winbind # use kerberos keytab = yes # ldap ssl = no winbind separator = + winbind use default domain = Yes winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes # winbind nss info = rfc2307 [anyone] path = /home/anyone guest ok = yes browseable = yes [testing] path = /home/testing guest ok = no valid users = test01 admin users = test01 write list = test01 KRB5.CONF [libdefaults] default_realm = TEST.LOCAL default_keytab_name = FILE:/etc/krb5/krb5.keytab default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc [realms] TEST.LOCAL = { kdc = adtest.test.local:88 admin_server = adtest.test.local:749 default_domain = test.local } [domain_realm] .test.local = TEST.LOCAL adtest.test.local = TEST.LOCAL [logging] kdc = FILE:/var/krb5/log/krb5kdc.log admin_server = FILE:/var/krb5/log/kadmin.log default = FILE:/var/krb5/log/krb5lib.log -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd behaving oddly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Glenn Bailey wrote: Ok wow, Looks like the likewise solution is exactly what I've been looking for, as I've been developing an internal solution that was basically a stripped down samba that wouldn't conflict with any other existing samba installs. Cool. Glad it helped. jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoFhIIR7qMdg1EfYRAle6AKDjVqNE4S+oiKM1RU5UqWpjqVFOzACg1yTN snCBv8eMRTSkfMc8n9Ci0H4= =HJWG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD on 2003R2 NT_STATUS_NO_SUCH_USER
Matt Anderson wrote: Dear Help, We are in the process of setting up a new domain using Active Directory on Windows Server 2003R2. One of our goals was to use Active Directory for authentication on our AIX box (running version 6.1). I was able to successfully set up Kerberos, and the LDAP client to connect to our AD server so that you can now log in to the AIX box with users found in Active Directory. However, no matter what I try, I am unable to get Samba (also running on the same AIX box) to authenticate against the same AD server. Oh, and I'm running Samba 3.0.28 (from the AIX binaries available on the Samba website). When I try and connect from a test machine (running Windows XP SP2) I get the following in the logs (machine: Novel-Idea, username: test01, domain: TEST): check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2008/08/08 09:55:29, 3] auth/auth.c:check_ntlm_password(224) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2008/08/08 09:55:29, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2008/08/08 09:55:29, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2008/08/08 09:55:29, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2008/08/08 09:55:29, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/08 09:55:29, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [test01] - [test01] FAILED with error NT_STATUS_NO_SUCH_USER [2008/08/08 09:55:29, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(105) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE However, I can get successful results using wbinfo: From wbinfo -u: administrator guest support_388945a0 krbtgt test02 host_aixplay1 test01 testcopy From wbinfo -g: BUILTIN+administrators BUILTIN+users domain computers domain controllers schema admins enterprise admins domain admins domain users domain guests group policy creator owners dnsupdateproxy testgrp1 testgrp2 testgrp3 staff From wbinfo -a test01%password: plaintext password authentication succeeded challenge/response password authentication succeeded From wbinfo -K test01%password plaintext kerberos password authentication for [test01%password] succeeded (requ esting cctype: FILE) credentials were put in: FILE:/tmp/krb5cc_0 Have you tried to look at the user account information using ldapsearch? Just to ensure the POSIX account data is present in AD. If you are attempting to authenticate as a domain user try the username as DOMAIN\Username. So, it makes me think that I'm missing something obvious in my smb.conf, but after searching around, I haven't found much. Any help would be greatly appreciated. See my configs below: SMB.CONF # Global parameters [global] workgroup = TEST realm = TEST.LOCAL security = ADS encrypt passwords = yes password server = IP.OF.AD.SERVER log level = 3 log file = /opt/pware/samba/3.0.28/var/log.%m max log size = 50 # idmap backend = ad # idmap uid = 10-4000 # idmap gid = 10-4000 idmap domains = TEST idmap config TEST:backend = ad idmap config TEST:default = yes idmap config TEST:schema_mode = rfc2307 idmap config DOMAIN:range = 10-4000 # auth methods = winbind # use kerberos keytab = yes # ldap ssl = no winbind separator = + winbind use default domain = Yes winbind nested groups = Yes winbind enum users = yes winbind enum groups = yes # winbind nss info = rfc2307 [anyone] path = /home/anyone guest ok = yes browseable = yes [testing] path = /home/testing guest ok = no valid users = test01 admin users = test01 write list = test01 KRB5.CONF [libdefaults] default_realm = TEST.LOCAL default_keytab_name = FILE:/etc/krb5/krb5.keytab default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc [realms] TEST.LOCAL = { kdc = adtest.test.local:88 admin_server = adtest.test.local:749 default_domain = test.local } [domain_realm] .test.local = TEST.LOCAL adtest.test.local = TEST.LOCAL [logging] kdc = FILE:/var/krb5/log/krb5kdc.log admin_server = FILE:/var/krb5/log/kadmin.log default = FILE:/var/krb5/log/krb5lib.log -- Jason Gerfen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Machine-level shares on Windows server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Evans wrote: I realise that. I *did* give a 2nd example in my original post: $sudo smbclient -P -L //sbs ERROR: Unable to fetch machine password net ads testjoin returns an OK result at my end the PDC shows the machine as joined to the domain at the other. What I don't seem to be able to find out is just how the Windows PDC Samba interact to ensure that the Samba machine is a [trusted?] member of the domain therefore how to use that fact to allow machine-level shares without having to perform a user-level login. In that case, did you join the domain? Unless, this is just a bug, that seems the obvious explanation. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoFsQIR7qMdg1EfYRAlTCAKCqYd29MWtR2u+HQ5d2iJ4brcoxQwCg5Cwj riGXI8QLCxKz1D86icciU3M= =jpEz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AD on 2003R2 NT_STATUS_NO_SUCH_USER
Jason Gerfen jason.gerfen at scl.utah.edu writes: Have you tried to look at the user account information using ldapsearch? Just to ensure the POSIX account data is present in AD. If you are attempting to authenticate as a domain user try the username as DOMAIN\Username. Hi Jason, Thanks for the quick reply. I haven't tried using ldapsearch, but I have used the lsldap command to list the attributes for test01 (which includes the R2 rfc2307 schema): aixplay1-root /opt/pware/bin lsldap -a passwd test01 dn: CN=test01,OU=MIS,OU=Temecula-CA,OU=People,DC=test,DC=local objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: test01 givenName: test01 distinguishedName: CN=test01,OU=MIS,OU=Temecula-CA,OU=People,DC=test,DC=local instanceType: 4 whenCreated: 20080807000211.0Z whenChanged: 20080808170937.0Z displayName: test01 uSNCreated: 20660 uSNChanged: 32974 name: test01 objectGUID: |*[_B Ud'' VQ userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 128626909010102324 lastLogoff: 0 lastLogon: 128629403833937446 pwdLastSet: 128626889779722918 primaryGroupID: 513 objectSid: accountExpires: 9223372036854775807 logonCount: 28 sAMAccountName: test01 sAMAccountType: 805306368 userPrincipalName: [EMAIL PROTECTED] objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=local dSCorePropagationData: 20080807001936.0Z dSCorePropagationData: 20080807001936.0Z dSCorePropagationData: 20080807001936.0Z dSCorePropagationData: 20080807001150.0Z dSCorePropagationData: 16010108151056.0Z uid: test01 msSFU30Name: test01 msSFU30NisDomain: test uidNumber: 50002 gidNumber: 1 unixHomeDirectory: /home/test01 loginShell: /usr/bin/ksh And then regarding using the domain in the username (such as DOMAIN\user) -- I have tried that on the Windows side, and that's what's failing. However, if you're referring the wbinfo tests, it's failing with the same NT_STATUS_NO_SUCH_USER error: aixplay1-root /opt/pware/bin wbinfo -a TEST\test01%password plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user TESTtest01%password with plaintext password challenge/response password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user TESTtest01 with challenge/response I'm not sure why it's removing the '\' in the error message between the domain and the username, but I also tried it with two backslashes, and a forward slash, and they all failed. What am I missing here? Thanks again for your help, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Uncontrolled sessions in Samba
We are running Samba 3.0.28a and have been running into a problem with sessions not closing out. A user will start using samba and be fine for a period of time. There is no specific time, but the session keep adding up. They look like this: bender1886 4255 0 12:36 ?00:00:00 /usr/local/samba/sbin/smbd -D bender1887 4255 0 12:37 ?00:00:00 /usr/local/samba/sbin/smbd -D bender1891 4255 0 12:37 ?00:00:00 /usr/local/samba/sbin/smbd -D bender1893 4255 0 12:38 ?00:00:00 /usr/local/samba/sbin/smbd -D bender1906 4255 0 12:39 ?00:00:00 /usr/local/samba/sbin/smbd -D bender1909 4255 0 12:40 ?00:00:00 /usr/local/samba/sbin/smbd -D bender1943 4255 0 12:41 ?00:00:00 /usr/local/samba/sbin/smbd -D bender1979 4255 0 12:42 ?00:00:00 /usr/local/samba/sbin/smbd -D bender1984 4255 0 12:43 ?00:00:00 /usr/local/samba/sbin/smbd -D A new session every minute. I have tried killing the sessions, but they eventually cause the user to not have access to the share they are trying to get to. My smb.conf looks like this: [global] debuglevel = 0 workgroup = CCDOM server string = gobo.wi.mit.edu hosts allow = x.x. 10.9. 10.5. x.x.x. load printers = no log file = /var/log/samba/smbd.log log level = 1 max log size = 5 security = server #winbind separator = + winbind use default domain = yes idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/%u template shell = /bin/false winbind trusted domains only = no #idmap backend = ldap:ldap://localhost #ldap idmap suffix = ou=Idmap #ldap suffix = dc=samba,dc=wi,dc=mit,dc=edu #ldap admin dn = cn=admin,dc=samba,dc=wi,dc=mit,dc=edu nt acl support = no use spnego = yes password server = svr08 dc01 dc02 encrypt passwords = yes unix password sync = no pam password change = no username map = /config/smbusers obey pam restrictions = no deadtime = 60 remote browse sync = x.x.0.0 x.x.255.255 remote announce = x.x.0.0 x.x.255.255 local master = no os level = 33 domain master = no preferred master = no domain logons = no wins support = no wins server = x.x.x.x x.x.x.x dns proxy = yes nis homedir = yes enhanced browsing = yes kernel oplocks = yes read raw = yes write raw = yes oplocks = yes max xmit = 65535 deadtime = 15 blocking locks = no getwd cache = yes reset on zero vc = yes mangled names = no veto oplock files = /*.xls/*.doc/*.mdb/*.ppt/ veto files = /.AppleDouble/Network Trash Folder/TheVolumeSettingsFolder/ delete veto files = yes The usual fix is a reboot, however, this is a problem in a production environment. I have been getting errors in the samba log files: [2008/08/11 08:40:35, 0] lib/util_sock.c:get_peer_addr(1232) getpeername failed. Error was Transport endpoint is not connected Denied connection from (0.0.0.0) The users that have had this problem are both Macintosh OS X and Windows XP. There is no pattern yet. Has anyone seen this problem? thanks, Craig Andrew -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Mysterious new problem: nss_ldap: could not soft reconnect to LDAP server
Suddenly as of this morning, none of my users can authenticate to samba because nss_ldap is producing cryptic errors. Nothing has changed on either the LDAP server or the Samba server. Looks like this in /var/log/messages: Aug 11 11:19:29 edgar smbd[8394]: nss_ldap: could not soft reconnect to LDAP server - Server is unavailable Yet, the LDAP server IS available, and happily chirping away serving as an LDAP server for several other services. Only Samba seems to be having the trouble. Anyone else encounter this? I believe the library staff is headed to my office at just this moment with pitchforks and torches. Please help. Wes -- Wes Modes Server Administrator Programmer Analyst McHenry Library Computing Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Fwd: [Samba] Mysterious new problem: nss_ldap: could not soft reconnect to LDAP server
-- Forwarded message -- From: John Drescher [EMAIL PROTECTED] Date: Mon, Aug 11, 2008 at 3:28 PM Subject: Re: [Samba] Mysterious new problem: nss_ldap: could not soft reconnect to LDAP server To: Wes Modes [EMAIL PROTECTED] On Mon, Aug 11, 2008 at 2:20 PM, Wes Modes [EMAIL PROTECTED] wrote: Suddenly as of this morning, none of my users can authenticate to samba because nss_ldap is producing cryptic errors. Nothing has changed on either the LDAP server or the Samba server. Looks like this in /var/log/messages: Aug 11 11:19:29 edgar smbd[8394]: nss_ldap: could not soft reconnect to LDAP server - Server is unavailable Have you made sure your ldap servers are working? # slapcat # getent group # getent passwd John -- John M. Drescher -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mysterious new problem: nss_ldap: could not soft reconnect to LDAP server
I didn't try that. but if it happens again I shall. I knew the LDAP servers were working, but that the Samba server (via nss) wasn't talking to it. What I ended up doing, was turned off nss' use of TLS. That fixed it. In RHEL, the command is authconfig. Why it suddenly stopped talking to each other, I still don't know. Obviously I need to come in during non-office hours and config and test and retest to get TLS working at both ends again. Wes John Drescher wrote: On Mon, Aug 11, 2008 at 2:20 PM, Wes Modes [EMAIL PROTECTED] wrote: Suddenly as of this morning, none of my users can authenticate to samba because nss_ldap is producing cryptic errors. Nothing has changed on either the LDAP server or the Samba server. Looks like this in /var/log/messages: Aug 11 11:19:29 edgar smbd[8394]: nss_ldap: could not soft reconnect to LDAP server - Server is unavailable Have you made sure your ldap servers are working? # slapcat # getent group # getent passwd John -- Wes Modes Server Administrator Programmer Analyst McHenry Library Computing Network Services Information and Technology Services 459-5208 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] High Cpu usage
Hello all. I have a samba 3.0.31, compiled and running on a freebsd 6.3-p3 and he work´s fine. But in some situations ( situations not discovered yet ) the use o cpu is very high, as you can see in the top command above. In my /var/log/messages i see this message, but i dont know what is, and what i neet to do. Enable log file on smb.conf i don't see anybody strange, i guess... So, anybody can help me ? Thanks Alex. -/var/log/messages 34:16 propague smbd[55372]: [2008/08/11 16:34:16, 0] lib/fault.c:fault_report(41) Aug 11 16:34:16 propague smbd[55372]: === Aug 11 16:34:16 propague smbd[55372]: [2008/08/11 16:34:16, 0] lib/fault.c:fault_report(42) Aug 11 16:34:16 propague smbd[55372]: INTERNAL ERROR: Signal 11 in pid 55372 (3.0.31) Aug 11 16:34:16 propague smbd[55372]: Please read the Trouble-Shooting section of the Samba3-HOWTO Aug 11 16:34:16 propague smbd[55372]: [2008/08/11 16:34:16, 0] lib/fault.c:fault_report(44) Aug 11 16:34:16 propague smbd[55372]: Aug 11 16:34:16 propague smbd[55372]: From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf Aug 11 16:34:16 propague smbd[55372]: [2008/08/11 16:34:16, 0] lib/fault.c:fault_report(45) Aug 11 16:34:16 propague smbd[55372]: === Aug 11 16:34:16 propague smbd[55372]: [2008/08/11 16:34:16, 0] lib/util.c:smb_panic(1627) Aug 11 16:34:16 propague smbd[55372]: smb_panic: clobber_region() last called from [check_cache(414)] Aug 11 16:34:16 propague smbd[55372]: [2008/08/11 16:34:16, 0] lib/util.c:smb_panic(1633) Aug 11 16:34:16 propague smbd[55372]: PANIC (pid 55372): internal error --- CPU states: 18.3% user, 0.0% nice, 81.7% system, 0.0% interrupt, 0.0% idle Mem: 336M Active, 3109M Inact, 210M Wired, 163M Cache, 214M Buf, 16M Free Swap: 10G Total, 8K Used, 10G Free PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 26348 criacao 1 1390 40248K 8088K RUN1 22:08 21.04% smbd 51011 junior 1 1390 40588K 8112K RUN1 1:57 18.75% smbd 50753 andrea 1 1390 40244K 8060K CPU1 1 20:32 16.50% smbd 52143 criacao 1 1390 40532K 8136K RUN1 1:40 13.53% smbd 26798 adriano 1 1390 40200K 8020K RUN0 28:05 11.23% smbd 51120 root 1 1390 40404K 8004K RUN1 10:54 11.23% smbd 50727 criacao 1 1390 40516K 8108K RUN0 2:00 10.50% smbd 26337 criacao 1 1390 40116K 7976K RUN0 32:16 9.77% smbd 27184 studio 1 1390 40364K 8080K RUN0 14:11 9.77% smbd 12947 root 1 1390 47560K 15196K RUN0 11:44 8.98% smbd 52155 bianca 1 1390 40548K 8140K RUN0 1:11 8.98% smbd 50893 root 1 1390 40356K 8060K RUN1 15:32 6.01% smbd 50939 bianca 1 1390 41404K 9016K RUN1 1:27 5.22% smbd 52181 root 1 760 184M 145M select 0 0:18 0.00% smbd 16068 root 1 760 57376K 17136K select 0 0:07 0.00% smbd 51139 root 1 760 55916K 23448K select 0 0:05 0.00% smbd -- *Alex Montoanelli* Administração e Gerência de Redes Unetvale Conectividade http://www.unetvale.net +55 48 3263 8700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] High Cpu usage
Alex Montoanelli wrote: In my /var/log/messages i see this message, but i dont know what is, and what i neet to do. This is not a high CPU use issue; it's a crash. It's a segmentation fault, which means something crashed in samba. You need to isolate the problem by tuning up your logs, isolating the problem, and removing it from the daemon's behavior. Do you have a script of the install? Or, do you have more logs? 1) How did you compile or install the program? 2) Provide your smb.conf. Are you running Kerberos? I don't know what cache is causing the problem, or why it's crashing from these logs, but I can tell you that you need to provide more information for the list to help you out. Someone may be able to explain it based on personal experience, but you can dig up more dirt. -- Jason N -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer driver interface different
On 11-Aug-08, at 10:34 AM, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Novosielski wrote: Had the same problem with the Aficio 350. You can just install the driver locally and not use the Samba spool at all (direct IP printing). That seems to be the best angle with my device. It's a shame, because it really ought to work. If I can't get the driver to 'look' right, the clients are still going thru a samba spool so I can do page accounting and restrict who prints color. With the use client driver = yes option, I can install the driver locally. The problem is I have to install the driver locally... I'd rather not do the walk! :) Does this driver contain a file names UNIDRV.DLL ? It's probably a difference in behavior between EMF and RAW printing. It doesn't contain UNIDRV.DLL It looks like it uses the generic windows PS driver PSCRIPT5.DLL with a bunch of extras - for the UI? The only difference between rpcclient -c 'enumdrivers 3' on samba vs win2k is that the win2k driver has a Monitorname: [RICOH Language Monitor2] entry. Printer Driver Info 3: Version: [3] Driver Name: [RICOH Aficio Color5560 PS] Architecture: [Windows NT x86] Driver Path: [LOCALHOST\print$\W32X86\3\PSCRIPT5.DLL] Datafile: [LOCALHOST\print$\W32X86\3\RIC55603.PPD] Configfile: [LOCALHOST\print$\W32X86\3\PS5UI.DLL] Helpfile: [LOCALHOST\print$\W32X86\3\PSCRIPT.HLP] Dependentfiles: [LOCALHOST\print$\W32X86\3\JCUI.exe] Dependentfiles: [LOCALHOST\print$\W32X86\3\RICJC32.DLL] Dependentfiles: [LOCALHOST\print$\W32X86\3\Rc4manNT.dll] Dependentfiles: [LOCALHOST\print$\W32X86\3\Ne60Cdat.dll] Dependentfiles: [LOCALHOST\print$\W32X86\3\MFRICRES.dll] Dependentfiles: [LOCALHOST\print$\W32X86\3\PS_SCHM.GDL] Dependentfiles: [LOCALHOST\print$\W32X86\3\PSCRPTFE.NTF] Dependentfiles: [LOCALHOST\print$\W32X86\3\PSCRIPT.NTF] Dependentfiles: [LOCALHOST\print$\W32X86\3\E314PSHL.CHM] Dependentfiles: [LOCALHOST\print$\W32X86\3\RI3141E3.XML] Dependentfiles: [LOCALHOST\print$\W32X86\3\RI260CUI.DLL] Dependentfiles: [LOCALHOST\print$\W32X86\3\RI260CRE.DLL] Dependentfiles: [LOCALHOST\print$\W32X86\3\RIC55603.INI] Monitorname: [] Defaultdatatype: [] Thanks, Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba print server client job queues.
Hello, I'm working on setting up a corporate print server with samba 3.2.0-2.17 on a Fedora 9 install. I've been able to get the services up and running and added several printers via the cups interface, also been able to upload the windows drivers. This all works well, printing also works well. The problem that I am running into is that the old print jobs seem to be getting stored somewhere in samba and i've been unable to figure out how to turn this option off. I've set the PreserveJobHistory No PreserveJobFiles No options in my cupsd.conf file though this does not effect the queues viewed by the clients, only the jobs viewable via the cups interface. Even once the jobs have been manually deleted from the queue and no longer show up when it is opened up, windows still shows job counts in the printers and fax folder. These job counts seem to be getting stored in the /var/lib/samba/printing*.tdb files. If i delete these the print count goes back to 0 but will start counting back up as jobs move through the printer. My smb.conf is very basic [Global] netbios name = twcps01 workgroup = DOMAIN server string = Print Server wins server = x.x.x.x security = user encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = lo eth0 bind interfaces only = yes username map=/etc/samba/smbusers passdb backend=tdbsam null passwords = no hide unreadable = yes hide dot files = yes printcap name = cups printing = cups cups options = raw use client driver = no load printers = yes [printers] comment = All Printers path = /var/spool/samba browseable = no public = yes guest ok = yes writable = no printable = yes [print$] comment = Windows Client Printer Drivers path = /var/lib/samba/windows_printer_drivers browseable = yes guest ok = yes read only = no -- Chris Jeter Senior IT Technician The World Company 785.312.6911 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer driver interface different
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew Forrest wrote: Does this driver contain a file names UNIDRV.DLL ? It's probably a difference in behavior between EMF and RAW printing. It doesn't contain UNIDRV.DLL It looks like it uses the generic windows PS driver PSCRIPT5.DLL with a bunch of extras - for the UI? The only difference between rpcclient -c 'enumdrivers 3' on samba vs win2k is that the win2k driver has a Monitorname: [RICOH Language Monitor2] entry. Printer Driver Info 3: Version: [3] Driver Name: [RICOH Aficio Color5560 PS] Architecture: [Windows NT x86] Driver Path: [LOCALHOST\print$\W32X86\3\PSCRIPT5.DLL] Datafile: [LOCALHOST\print$\W32X86\3\RIC55603.PPD] Configfile: [LOCALHOST\print$\W32X86\3\PS5UI.DLL] Helpfile: [LOCALHOST\print$\W32X86\3\PSCRIPT.HLP] Matthew, Set the print processor to RAW on the Windows print server and see if the appearance looks the same. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoKDGIR7qMdg1EfYRAqOpAJ9S5k1+aigYwbG7K/Jqkfotba4mngCdEMG6 1dqFPOIhkLERlxenvgcNlu8= =hby6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba print server client job queues.
On Mon, Aug 11, 2008 at 03:05:10PM -0500, Chris Jeter wrote: Hello, I'm working on setting up a corporate print server with samba 3.2.0-2.17 on a Fedora 9 install. I've been able to get the services up and running and added several printers via the cups interface, also been able to upload the windows drivers. This all works well, printing also works well. The problem that I am running into is that the old print jobs seem to be getting stored somewhere in samba and i've been unable to figure out how to turn this option off. I've set the This is a known bug that was fixed for 3.2.1. Sorry for the problem. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba print server client job queues.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Jeter wrote: Hello, I'm working on setting up a corporate print server with samba 3.2.0-2.17 on a Fedora 9 install. I've been able to get the services up and running and added several printers via the cups interface, also been able to upload the windows drivers. This all works well, printing also works well. The problem that I am running into is that the old print jobs seem to be getting stored somewhere in samba and i've been unable to figure out how to turn this option off. This bug was fixed in Samba 3.2.1. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoKKOIR7qMdg1EfYRAqktAJ4vLuliGLmkjaVg6g7eOxOW2MXkZQCeM10P JFWdZBeMGuBhQTbr1MJMH8k= =ob1/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba print server client job queues.
On Mon, Aug 11, 2008 at 03:05:10PM -0500, Chris Jeter wrote: I'm working on setting up a corporate print server with samba 3.2.0-2.17 on a Fedora 9 install. I've been able to get the services up and running and added several printers via the cups interface, also been able to upload the windows drivers. This all works well, printing also works well. The problem that I am running into is that the old print jobs seem to be getting stored somewhere in samba and i've been unable to figure out how to turn this option off. I've set the PreserveJobHistory No PreserveJobFiles No This is fixed in 3.2.1. See https://bugzilla.samba.org/show_bug.cgi?id=5635 Volker pgp22kdvYBrFo.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AD on 2003R2 NT_STATUS_NO_SUCH_USER
Matt Anderson sokkerstud_11 at hotmail.com writes: I think I may have solved why users were not being found. When I tried doing wbinfo -i test01, I got an error stating that information for user could not be found. After digging a little bit through the log files, I discovered that the SID for the Windows Primary Group was being returned, instead of gidNumber for the user's primary group. So, I updated the Windows Primary Group in Active Directory to match the one specified by gidNumber -- and at that point, I was able to run wbinfo -i test01 and get the following result: test01:*:50002:1:test01:/home/TEST/test01:/bin/false The username, uid, and gecos are correct, however the home directory and shell are incorrect. If you look back at the previous post, the attributes in Active Directory are as follows: uid: test01 msSFU30Name: test01 msSFU30NisDomain: test uidNumber: 50002 gidNumber: 1 unixHomeDirectory: /home/test01 loginShell: /usr/bin/ksh So, my question is, what do I have to do to get Samba to retrieve the correct attributes? Or, is it even necessary? (Again, I'm using Windows Server 2003 R2) Which leads me to my next question -- after making the change to the primary group, I was able to authenticate successfully against the testing share as user TEST+test01 from my Windows XP box... however, with an examination of the file system, I determined that any files I created in this samba session end up having root permissions assigned to them (instead of test01). For example: -rwxr--r--1 root staff 0 Aug 11 13:28 deleteme.txt -rwxr--r--1 root staff 0 Aug 11 13:28 test1234.txt The group staff is correct, since that is gidNumber 1, however, the owner should be test01 instead of root. What am I doing wrong? Thanks again for your help! -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Machine-level shares on Windows server
That's just it - as I mentioned, I *have* joined the domain OK. At what point am I supposed to receive a machine password? A full transcript to illustrate the problem better: [EMAIL PROTECTED]:~# net ads join -U administrator administrator's password: Using short domain name -- MYCOMPANY Joined 'BUGZILLA' to realm 'MYCOMPANY.LOCAL' [EMAIL PROTECTED]:~# net ads testjoin Join is OK [EMAIL PROTECTED]:~# smbclient -P -L //sbs ERROR: Unable to fetch machine password My smb.conf has the following setup: security = ADS realm = MYCOMPANY.LOCAL workgroup = mycompany password server = sbs.mycompany.local wins support = no wins server = sbs invalid users = root # Winbind settings idmap uid = 1-2 idmap gid = 1-2 # For testing debuglevel = 2 I'm sure there's something small stupid I've overlooked, but what??? Jeremy -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Tuesday, 12 August 2008 03:30 To: Jeremy Evans Cc: samba@lists.samba.org Subject: Re: [Samba] Machine-level shares on Windows server -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Evans wrote: I realise that. I *did* give a 2nd example in my original post: $sudo smbclient -P -L //sbs ERROR: Unable to fetch machine password net ads testjoin returns an OK result at my end the PDC shows the machine as joined to the domain at the other. What I don't seem to be able to find out is just how the Windows PDC Samba interact to ensure that the Samba machine is a [trusted?] member of the domain therefore how to use that fact to allow machine-level shares without having to perform a user-level login. In that case, did you join the domain? Unless, this is just a bug, that seems the obvious explanation. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoFsQIR7qMdg1EfYRAlTCAKCqYd29MWtR2u+HQ5d2iJ4brcoxQwCg5Cwj riGXI8QLCxKz1D86icciU3M= =jpEz -END PGP SIGNATURE- Scanned by Bizo Email Filter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AD on 2003R2 NT_STATUS_NO_SUCH_USER
Which leads me to my next question -- after making the change to the primary group, I was able to authenticate successfully against the testing share as user TEST+test01 from my Windows XP box... however, with an examination of the file system, I determined that any files I created in this samba session end up having root permissions assigned to them (instead of test01). For example: -rwxr--r--1 root staff 0 Aug 11 13:28 deleteme.txt -rwxr--r--1 root staff 0 Aug 11 13:28 test1234.txt The group staff is correct, since that is gidNumber 1, however, the owner should be test01 instead of root. What am I doing wrong? I solved the issue regarding writing as root -- I didn't realize that I had the admin users property set on that share (or what it did exactly). However, I'm still curious about the LDAP attributes, so if anyone has any insight, I'd really appreciate it. Thanks! -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] HPUX and Samba 3.023 question
I am sorry if this sounds dumb, but I am sort of a newbie with samba. We have upgraded our active directory domain servers to 2008 and samba 3.07 will not bind to the directory anymore. I have been told that I need to upgrade past 3.022 in order to make it work? First of all is this true? Second, when I went to install it and run it there is an error that it can not find libldap-2.2.so. I am assuming this is for the HPUX IXOPENLDAP, but I am not sure. In either case I can not find this version to install. I don't want to mess my box up, but I would like to get my samba running correctly again. Can anyone give me any advice or information? Casey Dearcorn Database Manager Northwest College 231 West 6th Street Powell, Wy 82435 Office: 307.754.6084 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Architecture on subnetted network
Hello, I have a question regarding the samba architecture in a big subnetted network. For the example let's say I have 2 subnets dedicated for the servers (10.1.1.0/24 and 10.1.2.0/24) and every computer in the domain are in different subnets (10.2.x.0/24). For load balancing reasons, I want to have a PDC and a BDC in site A (10.1.1.1 and 10.1.1.2) and two BDCs on site B (10.1.2.1 and 10.1.2.2). Half the computer should logon on site A and the other half on site B. In such a network it's impossible to depend on broadcast, so I have setup a WINS server on the PDC. Now the problems : - how does the BDCs in site B discovers the PDC (remote announces ?) ? - how will the workstations know they can logon on the BDCs if they only know the PDC in the WINS ? - to answer the previous question, I can setup a WINS server on the BDCs and configure the workstations with the WINS of the PDC and the WINS of the BDC, but sometimes when I join a machine to the domain, it tries to do it on the BDC and it fails. - an other option is to configure the WINS proxy in the BDCs, but if the PDC fails, the entire domain will fails I hope it's clear enough :-) Any suggestion will be greatly appreciated ! Thanks, Julien -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] dos dir list issues
i have a samba running on the linux file systems. from a windows box i mapped(z:) to the linux file systems. from the command prompt when cd to z: and make a dir the output is not sorted by the name where as on linux it is coming fine. dos ex: Z:\5_8_0_5\Base\TravelersCLdir *.sql Volume in drive Z is oracle Volume Serial Number is 7B2F-0877 Directory of Z:\5_8_0_5\Base\TravelersCL 08/11/2008 05:14 PM 2,401 6000_COMPILE_STATUS.SQL08/11/2008 05:14 PM 115 1000_DB_ENV.SQL from linux [EMAIL PROTECTED] TravelersCL]$ ls -l *.SQL-r-xr--r-- 1 oracle oracle 115 Aug 11 17:14 1000_DB_ENV.SQL-r-xr--r-- 1 oracle oracle 2401 Aug 11 17:14 6000_COMPILE_STATUS.SQL why is the sort order different for the client thanks Srinivas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Parameter idmap backend is deprecated ???
Hi, why is this parameter deprecated ? I have to set this parameter if i want to get my user/group information from Active Directory with SFU AD schemata extension. Is there a new parameter instead of idmap backend ??? Buy Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join - DNS Update failed !
Hi, it seems that all is working perfectly, but if start an net ads join i get the message DNS Update failed ! . What is the consequence if i dont care about this message ? Is the Samba Server (ADS member) only not registered in the ADS DNS tree ? Buy, Andy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] dos dir list issues
On Mon, Aug 11, 2008 at 10:08:45PM +, srinivas aradhyula wrote: i have a samba running on the linux file systems. from a windows box i mapped(z:) to the linux file systems. from the command prompt when cd to z: and make a dir the output is not sorted by the name where as on linux it is coming fine. dos ex: Z:\5_8_0_5\Base\TravelersCLdir *.sql Volume in drive Z is oracle Volume Serial Number is 7B2F-0877 Directory of Z:\5_8_0_5\Base\TravelersCL 08/11/2008 05:14 PM 2,401 6000_COMPILE_STATUS.SQL08/11/2008 05:14 PM 115 1000_DB_ENV.SQL from linux [EMAIL PROTECTED] TravelersCL]$ ls -l *.SQL-r-xr--r-- 1 oracle oracle 115 Aug 11 17:14 1000_DB_ENV.SQL-r-xr--r-- 1 oracle oracle 2401 Aug 11 17:14 6000_COMPILE_STATUS.SQL why is the sort order different for the client There is no guarenteed sort order in directory listing from CIFS. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Machine-level shares on Windows server
Thanks, but that didn't seem to clarify anything. I want to use the fact that I'm already part of the domain ( hence have some degree of authentication with the PDC) to avoid having a user-level share for a shared domain folder. You need to use -P or -U to get Samba to do anything. I have also used -k in testing, but that involved a user logon in order to get the Kerberos ticket or TGT Regards, Jeremy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, 12 August 2008 09:26 To: Jeremy Evans Subject: RE: [Samba] Machine-level shares on Windows server http://www.linuxquestions.org/questions/linux-software-2/sambaunable-to-fetch-machine-password-315230/ http://www.mail-archive.com/samba@lists.samba.org/msg74713.html Check out these articles. Might have something to do with using the -P parameter: [EMAIL PROTECTED]:~# smbclient -P -L //sbs ERROR: Unable to fetch machine password -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Evans Sent: Monday, August 11, 2008 3:11 PM To: Gerald (Jerry) Carter Cc: samba@lists.samba.org Subject: RE: [Samba] Machine-level shares on Windows server That's just it - as I mentioned, I *have* joined the domain OK. At what point am I supposed to receive a machine password? A full transcript to illustrate the problem better: [EMAIL PROTECTED]:~# net ads join -U administrator administrator's password: Using short domain name -- MYCOMPANY Joined 'BUGZILLA' to realm 'MYCOMPANY.LOCAL' [EMAIL PROTECTED]:~# net ads testjoin Join is OK [EMAIL PROTECTED]:~# smbclient -P -L //sbs ERROR: Unable to fetch machine password My smb.conf has the following setup: security = ADS realm = MYCOMPANY.LOCAL workgroup = mycompany password server = sbs.mycompany.local wins support = no wins server = sbs invalid users = root # Winbind settings idmap uid = 1-2 idmap gid = 1-2 # For testing debuglevel = 2 I'm sure there's something small stupid I've overlooked, but what??? Jeremy -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Tuesday, 12 August 2008 03:30 To: Jeremy Evans Cc: samba@lists.samba.org Subject: Re: [Samba] Machine-level shares on Windows server -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Evans wrote: I realise that. I *did* give a 2nd example in my original post: $sudo smbclient -P -L //sbs ERROR: Unable to fetch machine password net ads testjoin returns an OK result at my end the PDC shows the machine as joined to the domain at the other. What I don't seem to be able to find out is just how the Windows PDC Samba interact to ensure that the Samba machine is a [trusted?] member of the domain therefore how to use that fact to allow machine-level shares without having to perform a user-level login. In that case, did you join the domain? Unless, this is just a bug, that seems the obvious explanation. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoFsQIR7qMdg1EfYRAlTCAKCqYd29MWtR2u+HQ5d2iJ4brcoxQwCg5Cwj riGXI8QLCxKz1D86icciU3M= =jpEz -END PGP SIGNATURE- Scanned by Bizo Email Filter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba just died? smbd/sec_ctx.c:set_sec_ctx(241)
Listmates, Running 3.2.1-0.1.126-1867-SUSE-SL10.3 (in standalone) I was quite surprised samba DOA. Further research show that it died shortly after midnight with the last relevant log entries being: [2008/08/10 00:24:15, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/10 00:24:15, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2008/08/10 00:24:15, 3] smbd/server.c:exit_server_common(768) After running samba since 2.0.7, this is the first time I have had it just die on me without me doing something to cause it to die. Any thoughts on the matter? Can I provide additional information? -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba just died? smbd/sec_ctx.c:set_sec_ctx(241)
On Mon, Aug 11, 2008 at 06:07:10PM -0500, David C. Rankin wrote: Listmates, Running 3.2.1-0.1.126-1867-SUSE-SL10.3 (in standalone) I was quite surprised samba DOA. Further research show that it died shortly after midnight with the last relevant log entries being: [2008/08/10 00:24:15, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/10 00:24:15, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2008/08/10 00:24:15, 3] smbd/server.c:exit_server_common(768) After running samba since 2.0.7, this is the first time I have had it just die on me without me doing something to cause it to die. Any thoughts on the matter? Can I provide additional information? This doesn't look like death, but orderly termination. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join - DNS Update failed !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Hi, it seems that all is working perfectly, but if start an net ads join i get the message DNS Update failed ! . What is the consequence if i dont care about this message ? Is the Samba Server (ADS member) only not registered in the ADS DNS tree ? Correct. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIoNQpIR7qMdg1EfYRAlCNAJ0RrzxyVVSH8lJkdUhkjcVTTuEnJACfV4eG Tqttb7GzM5j0SaGMUDJL/Bk= =//Db -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant Set Password on Windows Side.
Try setting the log level to something like 10. Jeff L wrote: Hi Gary, Yes to all of the above. Yes userpasswd is what we use on all of our servers. This one in particular is causing trouble. Is there a log file that gives more detail on the error? - Original Message - From: Gary Dale [EMAIL PROTECTED] To: Subject: Re: [Samba] Cant Set Password on Windows Side. Date: Sun, 10 Aug 2008 20:41:39 -0400 There are several things that could be causing it. 1) is your passwd program really called userpasswd? 2) does the passwd chat really match what your passwd program expects? 3) have the windows machines joined the domain? 4) can the windows machines see the domain controller? Jeff L wrote: Hello All. Samba ver 3.0.25b-1.1.cc SMB.Conf admin users = administrator unix password sync = yes os level = 65 domain master = yes domain logons = yes passwd program = /usr/sbin/userpasswd %u passwd chat = *password:* %n\n *password:* %n\n *successfully.* add machine script = /usr/sbin/useradd -d /dev/null -g samba-clients -s /bin/fa$ security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd syslog = false netbios name = server workgroup = WKGROUP realm = WKGROUP.LOCAL Is there anything in my config thag will lead to this error message? Domain users cant change their password by pressing control alt delete. They get an error message stating the domain doesnt exist. = The Secrets to Mastering Hypnosis Bennett/Stellar University is celebrating its 10th anniversary as a licensed and approved school providing comprehensive instruction and certifications in the field of hypnosis. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=d96ce8b93944a0986f30bde2b5f74bf2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba = MRV-Firewall KVM Switch 48 server ports; 8 analog/3 IP users; 1U; UXGA 1600x1400 pixels. http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=1925e125ed67ef034257c911b21d4c34 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Removing account/passwd synchronization requirement
I have a basic samba server up and running. My XP clients I can only connect to the samba share if have identical account names / passwds on both the XP client and the linux server. How can I eliminate this requirement so that an XP user can log into any valid account on the linux server and connect to the samba share ? Thanks Henry -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] CTDB repository - branch master updated - fb7f69b1d6dd8b0715258dde736dc03e1c5e43aa
The branch, master has been updated via fb7f69b1d6dd8b0715258dde736dc03e1c5e43aa (commit) via 96df98d9f86ecc6bb1a458eb2101e5c1bc0f96e6 (commit) via c94b295b078dc009c18aa416d0de232a12241014 (commit) via 29aaa339ef745208fb0b746db5cbc3a32d0d81b2 (commit) from db6bc3745a56cc12e60e727190a098a6527690d6 (commit) http://gitweb.samba.org/?p=tridge/ctdb.git;a=shortlog;h=master - Log - commit fb7f69b1d6dd8b0715258dde736dc03e1c5e43aa Merge: 96df98d9f86ecc6bb1a458eb2101e5c1bc0f96e6 c94b295b078dc009c18aa416d0de232a12241014 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Mon Aug 11 23:33:46 2008 +1000 Merge commit 'ronnie/master' commit 96df98d9f86ecc6bb1a458eb2101e5c1bc0f96e6 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Mon Aug 11 23:33:05 2008 +1000 fixed a memory leak in the recovery daemon thanks to vl for spotting this commit c94b295b078dc009c18aa416d0de232a12241014 Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Mon Aug 11 10:36:38 2008 +1000 fix the date soe rpmbuild works commit 29aaa339ef745208fb0b746db5cbc3a32d0d81b2 Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Mon Aug 11 10:33:22 2008 +1000 new version 1.0.55 --- Summary of changes: packaging/RPM/ctdb.spec |4 +++- server/ctdb_recoverd.c |4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec index ea9ffbd..cb5cd6a 100644 --- a/packaging/RPM/ctdb.spec +++ b/packaging/RPM/ctdb.spec @@ -5,7 +5,7 @@ Vendor: Samba Team Packager: Samba Team [EMAIL PROTECTED] Name: ctdb Version: 1.0 -Release: 54 +Release: 55 Epoch: 0 License: GNU GPL version 3 Group: System Environment/Daemons @@ -118,6 +118,8 @@ fi %{_includedir}/ctdb_private.h %changelog +* Mon Aug 11 2008 : Version 1.0.55 + - Fix the releaseip message we seond to samba. * Fri Aug 8 2008 : Version 1.0.54 - fix a looping error in the transaction code - provide a more detailed error code for persistent store errors diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c index 3295229..c503aa5 100644 --- a/server/ctdb_recoverd.c +++ b/server/ctdb_recoverd.c @@ -2153,7 +2153,7 @@ static int verify_ip_allocation(struct ctdb_context *ctdb, uint32_t pnn) struct ctdb_uptime *uptime2 = NULL; int ret, j; - ret = ctdb_ctrl_uptime(ctdb, ctdb, CONTROL_TIMEOUT(), + ret = ctdb_ctrl_uptime(ctdb, mem_ctx, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, uptime1); if (ret != 0) { DEBUG(DEBUG_ERR, (Unable to get uptime from local node %u\n, pnn)); @@ -2169,7 +2169,7 @@ static int verify_ip_allocation(struct ctdb_context *ctdb, uint32_t pnn) return -1; } - ret = ctdb_ctrl_uptime(ctdb, ctdb, CONTROL_TIMEOUT(), + ret = ctdb_ctrl_uptime(ctdb, mem_ctx, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, uptime2); if (ret != 0) { DEBUG(DEBUG_ERR, (Unable to get uptime from local node %u\n, pnn)); -- CTDB repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3569-g85021d6
The branch, v3-3-test has been updated via 85021d6a459c957cc276a93c3515029244f52677 (commit) from 3d4e7b29c235e329aaea4fa2c2078df0ce3e59eb (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 85021d6a459c957cc276a93c3515029244f52677 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Aug 11 11:20:38 2008 +0200 fix build warning. Guenther --- Summary of changes: source/libsmb/clikrb5.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c index 2052d5a..5bb33b1 100644 --- a/source/libsmb/clikrb5.c +++ b/source/libsmb/clikrb5.c @@ -1877,7 +1877,7 @@ static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context, (APPLICATION 22) so that we can pack it on the end of the structure. */ - pChksum = SMB_MALLOC(GSSAPI_CHECKSUM_SIZE + fwdData.length ); + pChksum = (char *)SMB_MALLOC(GSSAPI_CHECKSUM_SIZE + fwdData.length ); if (!pChksum) { retval = ENOMEM; goto out; -- Samba Shared Repository
[SCM] CTDB repository - branch master updated - 7769edbd5507f791e77cc5e5642d854bebec2df0
The branch, master has been updated via 7769edbd5507f791e77cc5e5642d854bebec2df0 (commit) from fb7f69b1d6dd8b0715258dde736dc03e1c5e43aa (commit) http://gitweb.samba.org/?p=tridge/ctdb.git;a=shortlog;h=master - Log - commit 7769edbd5507f791e77cc5e5642d854bebec2df0 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Mon Aug 11 23:52:46 2008 +1000 up release version --- Summary of changes: packaging/RPM/ctdb.spec |4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec index cb5cd6a..67b57c4 100644 --- a/packaging/RPM/ctdb.spec +++ b/packaging/RPM/ctdb.spec @@ -5,7 +5,7 @@ Vendor: Samba Team Packager: Samba Team [EMAIL PROTECTED] Name: ctdb Version: 1.0 -Release: 55 +Release: 56 Epoch: 0 License: GNU GPL version 3 Group: System Environment/Daemons @@ -118,6 +118,8 @@ fi %{_includedir}/ctdb_private.h %changelog +* Mon Aug 11 2008 : Version 1.0.56 + - Fixed a memory leak in the recovery daemon * Mon Aug 11 2008 : Version 1.0.55 - Fix the releaseip message we seond to samba. * Fri Aug 8 2008 : Version 1.0.54 -- CTDB repository
[SCM] CTDB repository - branch master updated - 196973fef38a9b258e0976d5454161d11d573ddc
The branch, master has been updated via 196973fef38a9b258e0976d5454161d11d573ddc (commit) via fb7f69b1d6dd8b0715258dde736dc03e1c5e43aa (commit) via 96df98d9f86ecc6bb1a458eb2101e5c1bc0f96e6 (commit) from c94b295b078dc009c18aa416d0de232a12241014 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 196973fef38a9b258e0976d5454161d11d573ddc Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Mon Aug 11 23:50:42 2008 +1000 new version 1.0.56 commit fb7f69b1d6dd8b0715258dde736dc03e1c5e43aa Merge: 96df98d9f86ecc6bb1a458eb2101e5c1bc0f96e6 c94b295b078dc009c18aa416d0de232a12241014 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Mon Aug 11 23:33:46 2008 +1000 Merge commit 'ronnie/master' commit 96df98d9f86ecc6bb1a458eb2101e5c1bc0f96e6 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Mon Aug 11 23:33:05 2008 +1000 fixed a memory leak in the recovery daemon thanks to vl for spotting this --- Summary of changes: packaging/RPM/ctdb.spec |4 +++- server/ctdb_recoverd.c |4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec index cb5cd6a..93b9d3f 100644 --- a/packaging/RPM/ctdb.spec +++ b/packaging/RPM/ctdb.spec @@ -5,7 +5,7 @@ Vendor: Samba Team Packager: Samba Team [EMAIL PROTECTED] Name: ctdb Version: 1.0 -Release: 55 +Release: 56 Epoch: 0 License: GNU GPL version 3 Group: System Environment/Daemons @@ -118,6 +118,8 @@ fi %{_includedir}/ctdb_private.h %changelog +* Mon Aug 11 2008 : Version 1.0.56 + - fix a memory leak in the recovery daemon. * Mon Aug 11 2008 : Version 1.0.55 - Fix the releaseip message we seond to samba. * Fri Aug 8 2008 : Version 1.0.54 diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c index 3295229..c503aa5 100644 --- a/server/ctdb_recoverd.c +++ b/server/ctdb_recoverd.c @@ -2153,7 +2153,7 @@ static int verify_ip_allocation(struct ctdb_context *ctdb, uint32_t pnn) struct ctdb_uptime *uptime2 = NULL; int ret, j; - ret = ctdb_ctrl_uptime(ctdb, ctdb, CONTROL_TIMEOUT(), + ret = ctdb_ctrl_uptime(ctdb, mem_ctx, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, uptime1); if (ret != 0) { DEBUG(DEBUG_ERR, (Unable to get uptime from local node %u\n, pnn)); @@ -2169,7 +2169,7 @@ static int verify_ip_allocation(struct ctdb_context *ctdb, uint32_t pnn) return -1; } - ret = ctdb_ctrl_uptime(ctdb, ctdb, CONTROL_TIMEOUT(), + ret = ctdb_ctrl_uptime(ctdb, mem_ctx, CONTROL_TIMEOUT(), CTDB_CURRENT_NODE, uptime2); if (ret != 0) { DEBUG(DEBUG_ERR, (Unable to get uptime from local node %u\n, pnn)); -- CTDB repository
[SCM] CTDB repository - tag ctdb-1.0.56 created - 196973fef38a9b258e0976d5454161d11d573ddc
The tag, ctdb-1.0.56 has been created at 196973fef38a9b258e0976d5454161d11d573ddc (commit) - Log - commit 196973fef38a9b258e0976d5454161d11d573ddc Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Mon Aug 11 23:50:42 2008 +1000 new version 1.0.56 --- -- CTDB repository
[SCM] CTDB repository - branch master updated - c4ad24e7c2b27b168d43ebfa95c459da27697d1e
The branch, master has been updated via c4ad24e7c2b27b168d43ebfa95c459da27697d1e (commit) via 196973fef38a9b258e0976d5454161d11d573ddc (commit) from 7769edbd5507f791e77cc5e5642d854bebec2df0 (commit) http://gitweb.samba.org/?p=tridge/ctdb.git;a=shortlog;h=master - Log - commit c4ad24e7c2b27b168d43ebfa95c459da27697d1e Merge: 7769edbd5507f791e77cc5e5642d854bebec2df0 196973fef38a9b258e0976d5454161d11d573ddc Author: Andrew Tridgell [EMAIL PROTECTED] Date: Tue Aug 12 00:10:48 2008 +1000 fixed merge commit 196973fef38a9b258e0976d5454161d11d573ddc Author: Ronnie Sahlberg [EMAIL PROTECTED] Date: Mon Aug 11 23:50:42 2008 +1000 new version 1.0.56 --- Summary of changes: packaging/RPM/ctdb.spec |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec index 67b57c4..93b9d3f 100644 --- a/packaging/RPM/ctdb.spec +++ b/packaging/RPM/ctdb.spec @@ -119,7 +119,7 @@ fi %changelog * Mon Aug 11 2008 : Version 1.0.56 - - Fixed a memory leak in the recovery daemon + - fix a memory leak in the recovery daemon. * Mon Aug 11 2008 : Version 1.0.55 - Fix the releaseip message we seond to samba. * Fri Aug 8 2008 : Version 1.0.54 -- CTDB repository
[SCM] CTDB repository - branch master updated - c4ad24e7c2b27b168d43ebfa95c459da27697d1e
The branch, master has been updated via c4ad24e7c2b27b168d43ebfa95c459da27697d1e (commit) via 7769edbd5507f791e77cc5e5642d854bebec2df0 (commit) from 196973fef38a9b258e0976d5454161d11d573ddc (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit c4ad24e7c2b27b168d43ebfa95c459da27697d1e Merge: 7769edbd5507f791e77cc5e5642d854bebec2df0 196973fef38a9b258e0976d5454161d11d573ddc Author: Andrew Tridgell [EMAIL PROTECTED] Date: Tue Aug 12 00:10:48 2008 +1000 fixed merge commit 7769edbd5507f791e77cc5e5642d854bebec2df0 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Mon Aug 11 23:52:46 2008 +1000 up release version --- Summary of changes: Changeset truncated at 500 lines: -- CTDB repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2802-g0099cb0
The branch, v3-2-test has been updated via 0099cb0741c159db7f389bcca52a3cc6a3762771 (commit) from 34b56cb54e06f9b38d2bb0a626ec7b04030fc4fa (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 0099cb0741c159db7f389bcca52a3cc6a3762771 Author: Karolin Seeger [EMAIL PROTECTED] Date: Mon Aug 11 16:46:15 2008 +0200 WHATSNEW: Update changes since 3.2.1. Karolin --- Summary of changes: WHATSNEW.txt | 30 ++ 1 files changed, 30 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 984b097..163f7e2 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -18,6 +18,36 @@ Changes since 3.2.1 --- +o Michael Adam [EMAIL PROTECTED] +* Fix replacement of random seed generator. +* Fix a race condition in idmap_tdb2_allocate_id(). + + +o Jeremy Allison [EMAIL PROTECTED] +* BUG 5675: Fix smbspool program assuming Kerberos authentication by + mistake. +* Several build fixes. + + +o Andrew Bartlett [EMAIL PROTECTED] +* Include stdlib.h to get a prototype for free(). + + +o Yannick Bergeron [EMAIL PROTECTED] +* Solve an IBM XL C/C++ compiler error encountered in get_exit_code() + auth_errors array initialization in client/smbspool.c. +* Use NGROUPS_MAX instead of 32 for the max group value in + rep_initgroups(). + + +o Volker Lendecke [EMAIL PROTECTED] +* Fix smb_len calculation for chained requests. + + +o Andrew Tridgell [EMAIL PROTECTED] +* Fix a fd leak when trying to regain contact to a domain controller + in Winbind. +* Fix permissions on ctdb databases. ## -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-1-20-g2525fd9
The branch, v3-2-stable has been updated via 2525fd971e650de009cc10b4cedd4c49c1a43ed0 (commit) via a606ff9a23f96a1da98794b0b481f0c5fa2584cf (commit) via c59725892da965d09aa25e867c75c6aa3bfedf1d (commit) via f2e3f755b19c7ebec54204b2d46048d4af1a8d51 (commit) via fd7df1959afe7009c4c9b0e890f93cfd9f12281a (commit) via 62c92221761ce6cc6d0e9916e77475b351611147 (commit) via 1a23e2b51ff907efedebab38bdc5bab2cff04c2f (commit) via b08c910471a69a58837a4f080f5aa9b224f7 (commit) via 476693767c89a97834c3afdb2d2e194d91f9854c (commit) via 53151468ccc775498e6944242f1822d5a482bc00 (commit) via ceceb7bded185479aadad2700450591854a383f4 (commit) via 648fb541542bcd9f0e76d6f5f8b5589f9f02feb7 (commit) via 4b25a10a4d02c91ca3c5a2365e4e04d3f2c93f83 (commit) via 75a27ea6047d69d419ff8485a4df36f5f2b2a07e (commit) via f0bcef0aaa87ad14cf071acfa7984ddfa6302959 (commit) via b63ddc53f2ee74ca2295554838ca7a40272dcf2f (commit) from b89ce09ad4b2b15a3882f653f3e8d19696452330 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 2525fd971e650de009cc10b4cedd4c49c1a43ed0 Author: Karolin Seeger [EMAIL PROTECTED] Date: Mon Aug 11 16:46:15 2008 +0200 WHATSNEW: Update changes since 3.2.1. Karolin (cherry picked from commit 0099cb0741c159db7f389bcca52a3cc6a3762771) commit a606ff9a23f96a1da98794b0b481f0c5fa2584cf Author: Volker Lendecke [EMAIL PROTECTED] Date: Sun Aug 10 17:53:35 2008 +0200 fix smb_len calculation for chained requests I think chain_reply() is one of the most tricky parts of Samba. This recursion needs to go away, we need to sequentially walk the chain list. (cherry picked from commit 34b56cb54e06f9b38d2bb0a626ec7b04030fc4fa) commit c59725892da965d09aa25e867c75c6aa3bfedf1d Author: Volker Lendecke [EMAIL PROTECTED] Date: Sun Aug 10 17:37:08 2008 +0200 Fix andx offset calculation for more than 2 chained requests Untested code is broken code Test follows later, it's quite an intrusive change to libsmb/ (cherry picked from commit 2abeea64e15f0e8e8c413744de9194bdcedd6f16) commit f2e3f755b19c7ebec54204b2d46048d4af1a8d51 Author: Jeremy Allison [EMAIL PROTECTED] Date: Fri Aug 8 16:08:36 2008 -0700 One more build fix. Ensure we have KRB5_AUTH_CONTEXT_USE_SUBKEY defined before we compile the new code. Jeremy. (cherry picked from commit fc309e41a45079d58c03dc6fb0c35ceb4517f0ae) commit fd7df1959afe7009c4c9b0e890f93cfd9f12281a Author: Jeremy Allison [EMAIL PROTECTED] Date: Fri Aug 8 15:16:04 2008 -0700 Try and fix the build for systems that don't have krb5_auth_con_set_req_cksumtype(). Jeremy. (cherry picked from commit 02862653724355b32e0c6e38e0ebcbb1a9954759) commit 62c92221761ce6cc6d0e9916e77475b351611147 Author: Jeremy Allison [EMAIL PROTECTED] Date: Fri Aug 8 14:33:00 2008 -0700 Add Derrick Schommer's [EMAIL PROTECTED] kerberos delegation patch. Some work by me and advice by Love. Jeremy. (cherry picked from commit 5f419135ba1acae6bc37692fa77ae1162b62e0e3) commit 1a23e2b51ff907efedebab38bdc5bab2cff04c2f Author: Yannick Bergeron [EMAIL PROTECTED] Date: Fri Aug 8 13:32:15 2008 -0400 using NGROUPS_MAX instead of 32 for the max group value in rep_initgroups() subroutine in lib/replace/replace.c (cherry picked from commit 6d6b205e444154e1bd2993d964eff4cf532bacd8) commit b08c910471a69a58837a4f080f5aa9b224f7 Author: Jeremy Allison [EMAIL PROTECTED] Date: Thu Aug 7 17:56:50 2008 -0700 Fix bug #5675 with a varient of Tim Waugh's patch, as proposed by James Peach. Jeremy. (cherry picked from commit 1ee1e8306f3578c19fe015145eb8da1013f7b820) commit 476693767c89a97834c3afdb2d2e194d91f9854c Author: Yannick Bergeron [EMAIL PROTECTED] Date: Wed Aug 6 13:23:00 2008 -0400 Solve an IBM XL C/C++ compiler error encountered in get_exit_code() auth_errors array initialization in client/smbspool.c (cherry picked from commit f6ffc95a363d3ed8aa480ac25e440d2472551891) commit 53151468ccc775498e6944242f1822d5a482bc00 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Aug 6 16:35:43 2008 +1000 fixed permissions on ctdb databases (cherry picked from commit 123fc3980a83d956bffaa689f3af81bbf81ce1c1) (cherry picked from commit 61274204b63cf077a826671a9e0d807bd17dfec3) commit ceceb7bded185479aadad2700450591854a383f4 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Aug 6 14:02:45 2008 +1000 fixed a fd leak when trying to regain contact to a domain controller in winbind When a w2k3 DC is rebooted the 139/445 ports come up before the udp/389 cldap port. During this brief period, winbind manages to connect to 139/445 but not to udp 389. It then enters a tight loop where it leaks one fd each time. In a couple of seconds it
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-247-g54b873e
The branch, v4-0-test has been updated via 54b873e49ff363609632fa2862208bf6b4c1b6ed (commit) via 20fc0d7bfdaa60d6a8ac939dc64733a91652587e (commit) via 50eb0e726405580dc5ca3a8a3b15f3bd674f722a (commit) via ce36448d74b0c6cdf8928e10c088bf0248a95cf7 (commit) from fcabe24f96c9677146ca754a502f336c23050339 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 54b873e49ff363609632fa2862208bf6b4c1b6ed Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Aug 11 18:14:51 2008 +0200 dcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE metze commit 20fc0d7bfdaa60d6a8ac939dc64733a91652587e Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Aug 11 18:12:54 2008 +0200 rpc_server: correct the chunk_size depending on the signature size metze commit 50eb0e726405580dc5ca3a8a3b15f3bd674f722a Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Aug 11 18:00:11 2008 +0200 librpc/rpc: correct the chunk_size depending on the signature size metze commit ce36448d74b0c6cdf8928e10c088bf0248a95cf7 Author: Stefan Metzmacher [EMAIL PROTECTED] Date: Mon Aug 11 17:59:38 2008 +0200 dcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH metze --- Summary of changes: source/librpc/idl/dcerpc.idl |3 ++- source/librpc/rpc/dcerpc.c| 17 + source/rpc_server/dcerpc_server.c | 13 +++-- source/rpc_server/dcesrv_auth.c |7 +++ 4 files changed, 29 insertions(+), 11 deletions(-) Changeset truncated at 500 lines: diff --git a/source/librpc/idl/dcerpc.idl b/source/librpc/idl/dcerpc.idl index e54bc2c..1c6574b 100644 --- a/source/librpc/idl/dcerpc.idl +++ b/source/librpc/idl/dcerpc.idl @@ -30,7 +30,6 @@ interface dcerpc } dcerpc_bind; const uint8 DCERPC_REQUEST_LENGTH = 24; - const uint8 DCERPC_MAX_SIGN_SIZE = 64; typedef struct { } dcerpc_empty; @@ -154,6 +153,8 @@ interface dcerpc [flag(NDR_REMAINING)] DATA_BLOB credentials; } dcerpc_auth; + const uint8 DCERPC_AUTH_TRAILER_LENGTH = 8; + typedef [public] struct { uint32 _pad; [flag(NDR_REMAINING)] DATA_BLOB auth_info; diff --git a/source/librpc/rpc/dcerpc.c b/source/librpc/rpc/dcerpc.c index a6c7e00..28b5cd6 100644 --- a/source/librpc/rpc/dcerpc.c +++ b/source/librpc/rpc/dcerpc.c @@ -334,6 +334,7 @@ static NTSTATUS ncacn_pull_request_auth(struct dcerpc_connection *c, TALLOC_CTX */ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, DATA_BLOB *blob, TALLOC_CTX *mem_ctx, +size_t sig_size, struct ncacn_packet *pkt) { NTSTATUS status; @@ -384,8 +385,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, * GENSEC mech does AEAD signing of the packet * headers */ c-security_state.auth_info-credentials - = data_blob_talloc(mem_ctx, NULL, gensec_sig_size(c-security_state.generic_state, - payload_length)); + = data_blob_talloc(mem_ctx, NULL, sig_size); data_blob_clear(c-security_state.auth_info-credentials); break; @@ -1042,6 +1042,7 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c) DATA_BLOB blob; uint32_t remaining, chunk_size; bool first_packet = true; + size_t sig_size = 0; req = c-request_queue; if (req == NULL) { @@ -1065,7 +1066,15 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c) /* we can write a full max_recv_frag size, minus the dcerpc request header size */ - chunk_size = p-conn-srv_max_recv_frag - (DCERPC_MAX_SIGN_SIZE+DCERPC_REQUEST_LENGTH); + chunk_size = p-conn-srv_max_recv_frag; + chunk_size -= DCERPC_REQUEST_LENGTH; + if (c-security_state.generic_state) { + chunk_size -= DCERPC_AUTH_TRAILER_LENGTH; + sig_size = gensec_sig_size(c-security_state.generic_state, + p-conn-srv_max_recv_frag); + chunk_size -= sig_size; + chunk_size -= (chunk_size % 16); + } pkt.ptype = DCERPC_PKT_REQUEST; pkt.call_id = req-call_id; @@ -1101,7 +1110,7 @@ static void dcerpc_ship_next_request(struct dcerpc_connection *c) (stub_data-length - remaining); pkt.u.request.stub_and_verifier.length = chunk; - req-status = ncacn_push_request_sign(p-conn, blob, req, pkt); + req-status =
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3570-ga2247a5
The branch, v3-3-test has been updated via a2247a5b19237291cec8c6a873652d78d55aaeb7 (commit) from 85021d6a459c957cc276a93c3515029244f52677 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit a2247a5b19237291cec8c6a873652d78d55aaeb7 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 21:04:51 2008 +0200 netapi: generate the netapi testsuite makefile. Guenther --- Summary of changes: source/configure.in |1 + 1 files changed, 1 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/configure.in b/source/configure.in index 32dbaa4..c769859 100644 --- a/source/configure.in +++ b/source/configure.in @@ -6144,6 +6144,7 @@ AC_SUBST(SMBD_LIBS) AC_OUTPUT(Makefile script/findsmb smbadduser script/gen-8bit-gap.sh script/installbin.sh script/uninstallbin.sh lib/netapi/examples/Makefile + lib/netapi/tests/Makefile pkgconfig/smbclient.pc pkgconfig/wbclient.pc pkgconfig/netapi.pc -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3573-gb62de0d
The branch, v3-3-test has been updated via b62de0d1944de3dba55e182e0d8eb7c6ca5ec045 (commit) via 99cc8f023b4ad9210b677e11371f404048752031 (commit) via 36f1e45e4ec295115f1ba39ec7ad3690a96dac3e (commit) from a2247a5b19237291cec8c6a873652d78d55aaeb7 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit b62de0d1944de3dba55e182e0d8eb7c6ca5ec045 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Aug 1 17:22:00 2008 +0200 doserr: add WERR_MEMBER_IN_ALIAS. Guenther commit 99cc8f023b4ad9210b677e11371f404048752031 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Aug 1 16:44:05 2008 +0200 netapi: add NetApiBufferAllocate. Guenther commit 36f1e45e4ec295115f1ba39ec7ad3690a96dac3e Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Aug 1 15:15:05 2008 +0200 netapi: add ConvertStringSidToSid(). Guenther --- Summary of changes: source/include/doserr.h|1 + source/lib/netapi/netapi.c | 27 +++ source/lib/netapi/netapi.h | 21 + source/lib/netapi/sid.c| 26 ++ source/libsmb/doserr.c |1 + 5 files changed, 76 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/doserr.h b/source/include/doserr.h index c455f7a..9dd20e8 100644 --- a/source/include/doserr.h +++ b/source/include/doserr.h @@ -222,6 +222,7 @@ #define WERR_INVALID_DOMAIN_STATE W_ERROR(1353) #define WERR_INVALID_DOMAIN_ROLE W_ERROR(1354) #define WERR_SPECIAL_ACCOUNT W_ERROR(1371) +#define WERR_MEMBER_IN_ALIAS W_ERROR(1378) #define WERR_ALIAS_EXISTS W_ERROR(1379) #define WERR_TIME_SKEW W_ERROR(1398) #define WERR_EVENTLOG_FILE_CORRUPT W_ERROR(1500) diff --git a/source/lib/netapi/netapi.c b/source/lib/netapi/netapi.c index 7d78aa8..8893881 100644 --- a/source/lib/netapi/netapi.c +++ b/source/lib/netapi/netapi.c @@ -309,6 +309,33 @@ const char *libnetapi_get_error_string(struct libnetapi_ctx *ctx, / / +NET_API_STATUS NetApiBufferAllocate(uint32_t byte_count, + void **buffer) +{ + void *buf = NULL; + + if (!buffer) { + return W_ERROR_V(WERR_INSUFFICIENT_BUFFER); + } + + if (byte_count == 0) { + goto done; + } + + buf = talloc_size(NULL, byte_count); + if (!buf) { + return W_ERROR_V(WERR_NOMEM); + } + + done: + *buffer = buf; + + return NET_API_STATUS_SUCCESS; +} + +/ +/ + NET_API_STATUS NetApiBufferFree(void *buffer) { if (!buffer) { diff --git a/source/lib/netapi/netapi.h b/source/lib/netapi/netapi.h index a1041c0..9cc8e9e 100644 --- a/source/lib/netapi/netapi.h +++ b/source/lib/netapi/netapi.h @@ -400,6 +400,12 @@ const char *libnetapi_errstr(NET_API_STATUS status); const char *libnetapi_get_error_string(struct libnetapi_ctx *ctx, NET_API_STATUS status); +/ + NetApiBufferAllocate +/ + +NET_API_STATUS NetApiBufferAllocate(uint32_t byte_count, + void **buffer); / NetApiBufferFree @@ -424,6 +430,21 @@ int ConvertSidToStringSid(const struct domsid *sid, ///** * + * ConvertStringSidToSid + * + * @brief Convert a string into a domain sid + * + * @param[in] sid_string A pointer to a sid string. + * @param[in] sid A pointer that holds a pointer to a sid structure. + * Caller needs to free with free(3) + * @return bool + ***/ + +int ConvertStringSidToSid(const char *sid_string, + struct domsid **sid); + +///** + * * NetJoinDomain * * @brief Join a computer to a domain or workgroup diff --git a/source/lib/netapi/sid.c b/source/lib/netapi/sid.c index 4db98bf..a9bca26 100644 --- a/source/lib/netapi/sid.c +++ b/source/lib/netapi/sid.c @@ -48,3 +48,29 @@ int ConvertSidToStringSid(const struct domsid *sid, return true; } + +/ +/ + +int ConvertStringSidToSid(const char *sid_string, + struct domsid **sid) +{ + struct dom_sid _sid; + + if
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3581-ga9c444a
The branch, v3-3-test has been updated via a9c444a342968b539918c082b78af8640f8c87cd (commit) via bb345187b7c62e9ad214037120545addd87a666d (commit) via 7f7e6ca9091101aa7a3dc275c1d0258d97743f4b (commit) via 316575b412e19008ecb6729f97e93b6103d8ba56 (commit) via b4c912bfbc62768ff4d7ecb39c02dc4a2a9825d2 (commit) via 5648145bec3bd24ecedea24a8834ac6768bfc640 (commit) via 36c5de4702c03bd71d689aaecea87168133021c2 (commit) via 2af33ceeb8bece347d67e27a662a7cd0a58f75f8 (commit) from b62de0d1944de3dba55e182e0d8eb7c6ca5ec045 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit a9c444a342968b539918c082b78af8640f8c87cd Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 21:09:00 2008 +0200 netapi: add NetUserModalsGet and NetUserModalsSet tests. Guenther commit bb345187b7c62e9ad214037120545addd87a666d Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 21:08:31 2008 +0200 netapi: implement NetUserModalsSet_r. Guenther commit 7f7e6ca9091101aa7a3dc275c1d0258d97743f4b Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 19:26:29 2008 +0200 netapi: implement NetUserModalsGet_r. Guenther commit 316575b412e19008ecb6729f97e93b6103d8ba56 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 17:39:07 2008 +0200 netapi: add example code for NetUserModalsGet and NetUserModalsSet. Guenther commit b4c912bfbc62768ff4d7ecb39c02dc4a2a9825d2 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 16:47:15 2008 +0200 netapi: add NetUserModalsGet and NetUserModalsSet to public headers. Guenther commit 5648145bec3bd24ecedea24a8834ac6768bfc640 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 16:43:27 2008 +0200 netapi: add skeleton for NetUserModalsGet and NetUserModalsSet. Guenther commit 36c5de4702c03bd71d689aaecea87168133021c2 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Aug 11 19:07:51 2008 +0200 re-run make idl. Guenther commit 2af33ceeb8bece347d67e27a662a7cd0a58f75f8 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 16:42:42 2008 +0200 netapi: add NetUserModalsSet and NetUserModalsGet to IDL. Guenther --- Summary of changes: source/lib/netapi/examples/Makefile.in | 12 + .../group_getinfo.c = user/user_modalsget.c} | 80 +- .../group_setinfo.c = user/user_modalsset.c} | 105 ++-- source/lib/netapi/libnetapi.c | 90 ++ source/lib/netapi/libnetapi.h | 15 + source/lib/netapi/netapi.h | 62 ++ source/lib/netapi/tests/netuser.c | 55 ++ source/lib/netapi/user.c | 869 source/librpc/gen_ndr/libnetapi.h | 82 ++ source/librpc/gen_ndr/ndr_libnetapi.c | 63 ++ source/librpc/gen_ndr/ndr_libnetapi.h | 42 +- source/librpc/idl/libnetapi.idl| 75 ++ 12 files changed, 1443 insertions(+), 107 deletions(-) copy source/lib/netapi/examples/{group/group_getinfo.c = user/user_modalsget.c} (54%) copy source/lib/netapi/examples/{group/group_setinfo.c = user/user_modalsset.c} (53%) Changeset truncated at 500 lines: diff --git a/source/lib/netapi/examples/Makefile.in b/source/lib/netapi/examples/Makefile.in index e7b61a1..5e577ed 100644 --- a/source/lib/netapi/examples/Makefile.in +++ b/source/lib/netapi/examples/Makefile.in @@ -29,6 +29,8 @@ PROGS = bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ \ + bin/[EMAIL PROTECTED]@ \ + bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ \ @@ -83,6 +85,8 @@ USERDISPINFO_OBJ = user/user_dispinfo.o $(CMDLINE_OBJ) USERCHGPWD_OBJ = user/user_chgpwd.o $(CMDLINE_OBJ) USERGETINFO_OBJ = user/user_getinfo.o $(CMDLINE_OBJ) USERSETINFO_OBJ = user/user_setinfo.o $(CMDLINE_OBJ) +USERMODALSGET_OBJ = user/user_modalsget.o $(CMDLINE_OBJ) +USERMODALSSET_OBJ = user/user_modalsset.o $(CMDLINE_OBJ) GROUPADD_OBJ = group/group_add.o $(CMDLINE_OBJ) GROUPDEL_OBJ = group/group_del.o $(CMDLINE_OBJ) GROUPENUM_OBJ = group/group_enum.o $(CMDLINE_OBJ) @@ -146,6 +150,14 @@ bin/[EMAIL PROTECTED]@: $(BINARY_PREREQS) $(USERSETINFO_OBJ) @echo Linking $@ @$(CC) $(FLAGS) -o $@ $(USERSETINFO_OBJ) $(LDFLAGS) $(DYNEXP) $(CMDLINE_LIBS) +bin/[EMAIL PROTECTED]@: $(BINARY_PREREQS) $(USERMODALSGET_OBJ) + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(USERMODALSGET_OBJ) $(LDFLAGS) $(DYNEXP) $(CMDLINE_LIBS) + +bin/[EMAIL PROTECTED]@: $(BINARY_PREREQS) $(USERMODALSSET_OBJ) + @echo Linking $@ +
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3591-g4fea49a
The branch, v3-3-test has been updated via 4fea49ae83510225c51c580a2bea2c664851bb39 (commit) via b2a413148e470e059c877f4e54955ab61559edee (commit) via 01c4640b1ca66c3285fd23d447d08db12cf83b42 (commit) via bb52ba58e47364d7c7ed38862a007e8e3d9dc104 (commit) via bd31d8f9ec9a24ca68e1d5441c0cafd98132060f (commit) via 53dc9a11810b93a1771304fbfbf4ae84f551612b (commit) via d4a51bb01d33ad17db4e623085a89d258e91b57e (commit) via 563fb06107d2d3279e08c5c801a940f03229131b (commit) via b6b24094daf170f457bc414d8e17e43effab6e1b (commit) via c06dfb823548de3652778c67918335578f194678 (commit) from a9c444a342968b539918c082b78af8640f8c87cd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 4fea49ae83510225c51c580a2bea2c664851bb39 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Aug 1 19:15:52 2008 +0200 netapi: add NetLocalGroupSetMembers example code. Guenther commit b2a413148e470e059c877f4e54955ab61559edee Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Aug 1 17:13:43 2008 +0200 netapi: add NetLocalGroupDelMembers example code. Guenther commit 01c4640b1ca66c3285fd23d447d08db12cf83b42 Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Aug 1 16:03:00 2008 +0200 netapi: add NetLocalGroupAddMembers example code. Guenther commit bb52ba58e47364d7c7ed38862a007e8e3d9dc104 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Aug 11 19:43:24 2008 +0200 netapi: implement NetLocalGroupSetMembers_r(). Guenther commit bd31d8f9ec9a24ca68e1d5441c0cafd98132060f Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Aug 11 19:42:42 2008 +0200 netapi: implement NetLocalGroupDelMembers_r(). Guenther commit 53dc9a11810b93a1771304fbfbf4ae84f551612b Author: Günther Deschner [EMAIL PROTECTED] Date: Fri Aug 1 16:02:21 2008 +0200 netapi: implement NetLocalGroupAddMembers_r(). Guenther commit d4a51bb01d33ad17db4e623085a89d258e91b57e Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 16:24:58 2008 +0200 netapi: add NetLocalGroup*Member calls to public headers. Guenther commit 563fb06107d2d3279e08c5c801a940f03229131b Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 16:05:11 2008 +0200 netapi: add skeleton for NetLocalGroup*Member calls. Guenther commit b6b24094daf170f457bc414d8e17e43effab6e1b Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Aug 11 19:08:46 2008 +0200 re-run make idl. Guenther commit c06dfb823548de3652778c67918335578f194678 Author: Günther Deschner [EMAIL PROTECTED] Date: Thu Jul 31 16:03:57 2008 +0200 netapi: add remaining NetLocalGroup*Member calls to IDL. Guenther --- Summary of changes: source/lib/netapi/examples/Makefile.in | 18 + .../localgroup_addmembers.c} | 101 +++--- .../localgroup_delmembers.c} | 101 +++--- .../localgroup_setmembers.c} | 101 +++--- source/lib/netapi/libnetapi.c | 199 + source/lib/netapi/libnetapi.h | 39 ++ source/lib/netapi/localgroup.c | 424 source/lib/netapi/netapi.h | 57 +++ source/librpc/gen_ndr/libnetapi.h | 117 ++ source/librpc/gen_ndr/ndr_libnetapi.c | 137 +++ source/librpc/gen_ndr/ndr_libnetapi.h | 24 +- source/librpc/idl/libnetapi.idl| 84 12 files changed, 1247 insertions(+), 155 deletions(-) copy source/lib/netapi/examples/{group/group_setinfo.c = localgroup/localgroup_addmembers.c} (55%) copy source/lib/netapi/examples/{group/group_setinfo.c = localgroup/localgroup_delmembers.c} (55%) copy source/lib/netapi/examples/{group/group_setinfo.c = localgroup/localgroup_setmembers.c} (55%) Changeset truncated at 500 lines: diff --git a/source/lib/netapi/examples/Makefile.in b/source/lib/netapi/examples/Makefile.in index 5e577ed..158df4f 100644 --- a/source/lib/netapi/examples/Makefile.in +++ b/source/lib/netapi/examples/Makefile.in @@ -44,6 +44,9 @@ PROGS = bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ \ + bin/[EMAIL PROTECTED]@ \ + bin/[EMAIL PROTECTED]@ \ + bin/[EMAIL PROTECTED]@ \ bin/[EMAIL PROTECTED]@ all: $(PROGS) @@ -100,6 +103,9 @@ LOCALGROUPDEL_OBJ = localgroup/localgroup_del.o $(CMDLINE_OBJ) LOCALGROUPGETINFO_OBJ = localgroup/localgroup_getinfo.o $(CMDLINE_OBJ) LOCALGROUPSETINFO_OBJ = localgroup/localgroup_setinfo.o $(CMDLINE_OBJ) LOCALGROUPENUM_OBJ = localgroup/localgroup_enum.o $(CMDLINE_OBJ) +LOCALGROUPADDMEMBERS_OBJ =
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3592-gda6e0f4
The branch, v3-3-test has been updated via da6e0f4f375aa533c4c765891c960070478972eb (commit) from 4fea49ae83510225c51c580a2bea2c664851bb39 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit da6e0f4f375aa533c4c765891c960070478972eb Author: Günther Deschner [EMAIL PROTECTED] Date: Wed Jul 30 21:38:21 2008 +0200 libnetjoin: support kerberized joining/unjoing (fix #5416). Guenther --- Summary of changes: source/libnet/libnet_join.c | 60 +- source/utils/net_ads.c | 10 +- 2 files changed, 49 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libnet/libnet_join.c b/source/libnet/libnet_join.c index 2f2c71d..b7a15c5 100644 --- a/source/libnet/libnet_join.c +++ b/source/libnet/libnet_join.c @@ -642,6 +642,37 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, } / + Connect dc's IPC$ share +/ + +static NTSTATUS libnet_join_connect_dc_ipc(const char *dc, + const char *user, + const char *pass, + bool use_kerberos, + struct cli_state **cli) +{ + int flags = 0; + + if (use_kerberos) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS; + } + + if (use_kerberos pass) { + flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; + } + + return cli_full_connection(cli, NULL, + dc, + NULL, 0, + IPC$, IPC, + user, + NULL, + pass, + flags, + Undefined, NULL); +} + +/ Lookup domain dc's info / @@ -654,16 +685,11 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; union lsa_PolicyInformation *info = NULL; - status = cli_full_connection(cli, NULL, -r-in.dc_name, -NULL, 0, -IPC$, IPC, -r-in.admin_account, -NULL, -r-in.admin_password, -0, -Undefined, NULL); - + status = libnet_join_connect_dc_ipc(r-in.dc_name, + r-in.admin_account, + r-in.admin_password, + r-in.use_kerberos, + cli); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -1109,15 +1135,11 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, ZERO_STRUCT(domain_pol); ZERO_STRUCT(user_pol); - status = cli_full_connection(cli, NULL, -r-in.dc_name, -NULL, 0, -IPC$, IPC, -r-in.admin_account, -NULL, -r-in.admin_password, -0, Undefined, NULL); - + status = libnet_join_connect_dc_ipc(r-in.dc_name, + r-in.admin_account, + r-in.admin_password, + r-in.use_kerberos, + cli); if (!NT_STATUS_IS_OK(status)) { goto done; } diff --git a/source/utils/net_ads.c b/source/utils/net_ads.c index 934ac1d..7dbe518 100644 --- a/source/utils/net_ads.c +++ b/source/utils/net_ads.c @@ -879,7 +879,9 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) return -1; } - use_in_memory_ccache(); + if (!c-opt_kerberos) { + use_in_memory_ccache(); + } werr = libnet_init_UnjoinCtx(ctx, r); if (!W_ERROR_IS_OK(werr)) { @@ -888,6 +890,7 @@ static int net_ads_leave(struct net_context *c, int argc, const char **argv) } r-in.debug = true; + r-in.use_kerberos = c-opt_kerberos;
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2803-geb7c3dc
The branch, v3-2-test has been updated via eb7c3dc2ca92ef7885eef8f89e4397b5df486b65 (commit) from 0099cb0741c159db7f389bcca52a3cc6a3762771 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit eb7c3dc2ca92ef7885eef8f89e4397b5df486b65 Author: Günther Deschner [EMAIL PROTECTED] Date: Mon Aug 11 11:20:38 2008 +0200 fix build warning. Guenther --- Summary of changes: source/libsmb/clikrb5.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c index f207236..d30cc54 100644 --- a/source/libsmb/clikrb5.c +++ b/source/libsmb/clikrb5.c @@ -1837,7 +1837,7 @@ static krb5_error_code ads_krb5_get_fwd_ticket( krb5_context context, (APPLICATION 22) so that we can pack it on the end of the structure. */ - pChksum = SMB_MALLOC(GSSAPI_CHECKSUM_SIZE + fwdData.length ); + pChksum = (char *)SMB_MALLOC(GSSAPI_CHECKSUM_SIZE + fwdData.length ); if (!pChksum) { retval = ENOMEM; goto out; -- Samba Shared Repository
Build status as of Tue Aug 12 00:00:03 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-08-11 00:00:14.0 + +++ /home/build/master/cache/broken_results.txt 2008-08-12 00:00:39.0 + @@ -1,23 +1,23 @@ -Build status as of Mon Aug 11 00:00:02 2008 +Build status as of Tue Aug 12 00:00:03 2008 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 32 9 0 +ccache 33 9 0 ctdb 0 0 0 distcc 1 0 0 -ldb 33 32 0 -libreplace 32 11 0 -lorikeet-heimdal 27 21 0 -pidl 19 18 0 -ppp 11 0 0 -rsync32 11 0 +ldb 34 33 0 +libreplace 33 11 0 +lorikeet-heimdal 28 21 0 +pidl 19 19 0 +ppp 12 0 0 +rsync34 12 0 samba-docs 0 0 0 -samba-gtk6 6 0 -samba_3_X_devel 28 12 0 -samba_3_X_test 29 16 0 -samba_4_0_test 31 27 0 -smb-build31 5 0 -talloc 32 6 0 -tdb 33 13 0 +samba-gtk7 7 0 +samba_3_X_devel 29 13 0 +samba_3_X_test 29 18 0 +samba_4_0_test 32 28 0 +smb-build32 5 0 +talloc 34 6 0 +tdb 34 13 0