Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download
Quoting Dennis Clarke ([EMAIL PROTECTED]): out of more than just idle curiosity .. how are you going to deliver Samba? As one package or as eight or nine little broken up packages such that other packages which have dependencies will need to only install something small? I hope you can see why I am asking. samba in Debian has always (at least for so many years that I can't really remember unless digging in changelogs) been split into several packages: [EMAIL PROTECTED]:~/src/debian/samba/samba-3.2.2/debian$ grep ^Package: control Package: samba Package: samba-common Package: samba-tools Package: smbclient Package: swat Package: samba-doc Package: samba-doc-pdf Package: smbfs Package: libpam-smbpass Package: libsmbclient Package: libsmbclient-dev Package: winbind Package: samba-dbg Package: libwbclient0 I think that anyone can easily spot what is in what package..:-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Public share with samba/ Winbind
Hi Alexandre, i have not seen your smb.conf, but guest ok = yes browseable = yes (to get the share listet in the explorer) should work. We use security = ads and it works. Is the guest = ok parameter accepted by samba ? Does samba run ? You could test your smb.conf with the testparm program. Type testparm on the command line. Bye, Andy Alexandre Mackow schrieb: Hi all, i have a samba dataserver who works fine with AD authentification ... I need a share who was accessible for everybody ( outside the main domain) .. Is it possible when security = ads ? I try public = yes , guest = ok .. But i need to authentificate myself. Thanks a lot. ++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems with DFS
Hi, We have been a samba shop since way back and have used DFS quit a lot the last years. When we went with security ads instead of domain our dfs died. We have tried 3.028(sun) in solaris wich we are leaving and 3.2.1 in linux, our migration target. For our 3.2.1 installation the config looks liket this and the problem manifests itself as a empty share. [Global] kernel oplocks = False oplocks = False level2 oplocks = False realm = SGU.SE workgroup = SGU netbios name = fs4 server string = fs4 security = ADS use kerberos keytab = true password server = ad1 ad2 wins server = 10.1.9.10 10.1.9.9 name resolve order = ads hosts wins bcast map to guest = Bad User disable netbios = No log level = 5 client use spnego = Yes server signing = auto host msdfs = Yes #msdfs root = Yes ntlm auth = No lanman auth = no dos charset = ISO8859-1 unix charset = ISO8859-1 winbind trusted domains only = yes [drift-a] msdfs root = Yes path = /export/dfsroot read only = no guest ok = yes ls -l in /export/dfsroot drift-a - msdfs:filer2\drift-a Domain servers are 2008 for, domainlevel is still 2003. We have all our users both in Unix LDAP and AD so we map username to username, no idmap ranges. HELP! /Henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind and Global Catalog
Gerald (Jerry) Carter schrieb: Sven, Does winbind work with a Global Catalog? Winbind does not rely upon global catalog. I added some search APi recently for GC support but there are not currently being used. What does this mean? Does winbind do not use the global catalog at all? This should work in spite of GC or not. But enumerating users is really expensive and I wonder if you really have to do that. But that is another topic. What other possibilities do I have? Some faster? What doesn wbinfo -m? Sounds more like and problem with the in forest trusts. What Samba version are you running? I'm running Samba-3.0.28a. The wbinfo -m command lists all domains (GROUP and GROUP1..GROUP10). Isn't joining to the CG-domain (GROUP) enough? Do I have join to each domain separatly? Do you need more info? What else can I check? Regards Sven -- Sven Anders [EMAIL PROTECTED] () Ascii Ribbon Campaign /\ Support plain text e-mail ANDURAS service solutions AG Innstraße 71 - 94036 Passau - Germany Web: www.anduras.de - Tel: +49 (0)851-4 90 50-0 - Fax: +49 (0)851-4 90 50-55 Rechtsform: Aktiengesellschaft - Sitz: Passau - Amtsgericht Passau HRB 6032 Mitglieder des Vorstands: Sven Anders, Marcus Junker Vorsitzender des Aufsichtsrats: Mark Peters signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] shadow_copy for homes share
On Tue, Aug 26, 2008 at 10:29 PM, Cory Coager [EMAIL PROTECTED]wrote: I have successfully setup shadow_copy for normal shares on our samba test server. However, I cannot get it working for the homes share because of its uniqueness. Here is the homes share: [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = no fstype = XFS 1.2 vfs object = shadow_copy shadow_copy: path = /samba/homes/ shadow_copy: subpath = %D+%U The users authenticate against Active Directory. The path to the snapshots is located at /samba/homes/@GMT-.MM.DD-HH.MM.SS Using the subpath each individual files should be located at /samba/homes/@GMT-.MM.DD-HH.MM.SS/DOMAIN+user but the previous versions tab is missing on this share. What am I doing wrong? Take a look on this page.. http://www.edplese.com/samba-with-zfs.html The 3-paths.patch contains a description of exactly what you are trying to do.. From patch : +Below is example usage for a single large filesystem mounted +at /home that contains all of the home directories. The +snapshots reside in /snapshots/home. + +[homes] + path = /home/%U + public = no + writable = yes + printable = no + vfs object = shadow_copy + shadow_copy: path = /snapshots/home + shadow_copy: subpath = %U + shadow_copy: format = $Y.$m.$d-$H.$M.$S + shadow_copy: sort = desc + shadow_copy: localtime = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Tuesday 26 August 2008 21:30:39 Dennis Clarke wrote: Well you have my attention .. too bad you don't have a purchase order. :-) What are your problems with the new CSWsamba .. please be specific. Problem with your version 3.2.2 is the following: # /opt/csw/bin/net -V Version 3.2.2 # /opt/csw/bin/net ads testjoin [2008/08/27 14:37:58, 0] ../samba-3.2.2/source/param/params.c:(531) params.c:OpenConfFile() - Unable to open configuration file /etc/opt/csw/samba/smb.conf: No such file or directory ADS support not compiled in -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc vampire in release 3.2.x
did someone already try vampire with the 3.2.x-release? since i upgraded from 3.0.x i get problems with the creation of machine accounts. when i start sucking a pdc in my ldapserver the following errors come up with every machineaccount on the pdc: 1.) Creating account: SP1$ /usr/sbin/smbldap-usermod: user SP1_ doesn't exist [2008/08/27 14:09:45, 0] groupdb/mapping.c:smb_set_primary_group(312) smb_set_primary_group: Running the command `/usr/sbin/smbldap-usermod -g 'Domain Users' 'SP1_'' gave 1 2.) User SP1_ does not exist: create it first ! what instantly strikes is that there is an _ instead of the $ in the pcname which cannot work. I guess the second error comes up when the script tries to set the correct password!? Afterwards nevertheless there are machineaccount-passwords in the ldap-database but they seem wrong because machineconnects fail. everything else is flawlessly imported (users, groups, groupmemberships). i didn't change anything in the configuration which worked perfectly with vampire in 3.0.x ExampleLDAPentry of the above mentioned machine after import: - dn: uid=SP1$,ou=Computers,dc=test,dc=com objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: SP1$ uid: SP1$ uidNumber: 1071 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: account entryUUID: be6e3366-087c-102d-9d48-4b401f1e60f4 creatorsName: cn=manager,dc=test,dc=com createTimestamp: 20080827120929Z sambaSID: S-1-5-21-378104194-1064922793-1509252994-1090 sambaPrimaryGroupSID: S-1-5-21-378104194-1064922793-1509252994-513 sambaNTPassword: 5C49A9927C59942A46F193C41446FFD5 sambaPwdLastSet: 1162907539 sambaAcctFlags: [W ] entryCSN: 20080827120929.102086Z#00#000#00 modifiersName: cn=manager,dc=test,dc=com modifyTimestamp: 20080827120929Z smb.conf (suck-configuration) - [global] workgroup = PRESSFK netbios name = DEBIANPDC wins server = 192.168.200.3 ## Domäne # domain master = No domain logons = Yes passdb backend = ldapsam:ldap://127.0.0.1 ## Benutzerverwaltung ldapsam # add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' ## LDAP ### ldap suffix = dc=test,dc=com ldap admin dn = cn=manager,dc=test,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap passwd sync = Yes ldap delete dn = Yes ldap ssl = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download
Hi folks! Nicholas Brealey wrote: On Solaris I think the best option for packages which have a directory structure like: package/bin package/lib is to link the executables with: -R$ORIGIN/../lib (In a Makefile use: LDFLAGS = -R\$$ORIGIN/../lib) This means the package can installed anywhere and still pick up the correct libraries. Using LD_LIBRARY_PATH or crle is bad practice. Well, we had the discussion of whether to use rpath or LD_LIBRARY_PATH (or ld.so.conf) already on this and/or the samba-technical mailing list. (I should look up that thread...) James Kosin wrote: -Original Message- From: Daniel Eischen [mailto:[EMAIL PROTECTED] Using -rpath/-R is the norm for Solaris packages. Samba already is built with knowledge of where it is installed and where its lib, data, var, etc directories reside. What is _not_ the norm, is having to set LD_LIBRARY_PATH in order for your applications to work. Take a look at all the packages at sunfreeware.com - they are all built for /usr/local and, at least from hundred or so packages I've installed from there, none require LD_LIBRARY_PATH to work when their libraries are in /usr/local/lib. Well on the other hand, in Linux distributions, it is considered bad practise to link using an RPATH. You either put your libs into /usr/lib or /usr/local/lib or else use a ld.so.conf file. So there are advocates for and more significantly against each of rpath and LD_LIBRARY_PATH. I decided not to compile with an RPATH because at that time most people argued that this is a bad thing. 1. easiest solution: put libs into folder searched by dynamic linker (e.g. /usr/lib) 2. next solution: use LD_LIBRARY_PATH when installing to /some/package/dir (or use an ld.so.conf file when available) 3. modify LDFLAGS to use an rpath. I had the plan to provide the option of linking with an rpath as a configure option. But it is not so easy to get it right for all supported platforms (Nicholas only mentioned solaris and Linux...). And I did not have the time yet to complete this in an upstream compliant manner. Patches welcome!! James Kosin wrote: Actually, I'll have to check to see if Michael back-ported the configure option to specify the destination directory for the libraries. The default seems to be in the %prefix/lib/samba directory with many packages moving them to the %prefix/lib directory and keeping the rest in the %prefix/lib/samba structure. * creation and installation of shared libs as filename = SONAME and symlink .so -- .so.VERSION is fixed in samba 3.2.2. (Bug #5592) * splitting of libdir into libdir (for the libs) and modulesdir (for shared modules and such) is done in v3-devel / v3-3-test. This probably won't go into 3.2.X since it is a new feature and not really a bug. This will be 3.3.0 (planned for Dec 15, 2008). Thanks for your thougths and comments. This is much appreciated. Cheers - Michael -- Michael Adam [EMAIL PROTECTED] [EMAIL PROTECTED] SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE pgpVo0Cv87h4V.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] shadow_copy for homes share
I'm guessing this patch isn't part of binaries distributed through SLES which is why it isn't working for me. Thanks for the info. Aaron Browne wrote: Take a look on this page.. http://www.edplese.com/samba-with-zfs.html The 3-paths.patch contains a description of exactly what you are trying to do.. From patch : +Below is example usage for a single large filesystem mounted +at /home that contains all of the home directories. The +snapshots reside in /snapshots/home. + +[homes] + path = /home/%U + public = no + writable = yes + printable = no + vfs object = shadow_copy + shadow_copy: path = /snapshots/home + shadow_copy: subpath = %U + shadow_copy: format = $Y.$m.$d-$H.$M.$S + shadow_copy: sort = desc + shadow_copy: localtime = yes The information contained in this communication is intended only for the use of the recipient(s) named above. It may contain information that is privileged or confidential, and may be protected by State and/or Federal Regulations. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication, or any of its contents, is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Wed, Aug 27, 2008 at 8:42 AM, Jakov Sosic [EMAIL PROTECTED] wrote: On Tuesday 26 August 2008 21:30:39 Dennis Clarke wrote: Well you have my attention .. too bad you don't have a purchase order. :-) What are your problems with the new CSWsamba .. please be specific. Problem with your version 3.2.2 is the following: # /opt/csw/bin/net -V Version 3.2.2 # /opt/csw/bin/net ads testjoin [2008/08/27 14:37:58, 0] ../samba-3.2.2/source/param/params.c:(531) params.c:OpenConfFile() - Unable to open configuration file /etc/opt/csw/samba/smb.conf: No such file or directory ADS support not compiled in So do you have your smb.conf at /etc/opt/csw/samba/smb.conf John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc vampire in release 3.2.x
On Wednesday 27 August 2008 07:57:25 Marc Aurel wrote: did someone already try vampire with the 3.2.x-release? since i upgraded from 3.0.x i get problems with the creation of machine accounts. when i start sucking a pdc in my ldapserver the following errors come up with every machineaccount on the pdc: 1.) Creating account: SP1$ /usr/sbin/smbldap-usermod: user SP1_ doesn't exist [2008/08/27 14:09:45, 0] groupdb/mapping.c:smb_set_primary_group(312) smb_set_primary_group: Running the command `/usr/sbin/smbldap-usermod -g 'Domain Users' 'SP1_'' gave 1 2.) User SP1_ does not exist: create it first ! what instantly strikes is that there is an _ instead of the $ in the pcname which cannot work. I guess the second error comes up when the script tries to set the correct password!? Afterwards nevertheless there are machineaccount-passwords in the ldap-database but they seem wrong because machineconnects fail. everything else is flawlessly imported (users, groups, groupmemberships). i didn't change anything in the configuration which worked perfectly with vampire in 3.0.x ExampleLDAPentry of the above mentioned machine after import: - dn: uid=SP1$,ou=Computers,dc=test,dc=com objectClass: top objectClass: account objectClass: posixAccount objectClass: sambaSamAccount cn: SP1$ uid: SP1$ uidNumber: 1071 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer structuralObjectClass: account entryUUID: be6e3366-087c-102d-9d48-4b401f1e60f4 creatorsName: cn=manager,dc=test,dc=com createTimestamp: 20080827120929Z sambaSID: S-1-5-21-378104194-1064922793-1509252994-1090 sambaPrimaryGroupSID: S-1-5-21-378104194-1064922793-1509252994-513 sambaNTPassword: 5C49A9927C59942A46F193C41446FFD5 sambaPwdLastSet: 1162907539 sambaAcctFlags: [W ] entryCSN: 20080827120929.102086Z#00#000#00 modifiersName: cn=manager,dc=test,dc=com modifyTimestamp: 20080827120929Z smb.conf (suck-configuration) - [global] workgroup = PRESSFK netbios name = DEBIANPDC wins server = 192.168.200.3 ## Domäne # domain master = No domain logons = Yes passdb backend = ldapsam:ldap://127.0.0.1 ## Benutzerverwaltung ldapsam # add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-groupdel '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' ## LDAP ### ldap suffix = dc=test,dc=com ldap admin dn = cn=manager,dc=test,dc=com ldap machine suffix = ou=Computers ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap passwd sync = Yes ldap delete dn = Yes ldap ssl = No Please file a bug report on https://bugzilla.samba.org Thanks. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download
Michael Adam wrote: Hi folks! Nicholas Brealey wrote: James Kosin wrote: -Original Message- From: Daniel Eischen [mailto:[EMAIL PROTECTED] Using -rpath/-R is the norm for Solaris packages. Samba already is built with knowledge of where it is installed and where its lib, data, var, etc directories reside. What is _not_ the norm, is having to set LD_LIBRARY_PATH in order for your applications to work. Take a look at all the packages at sunfreeware.com - they are all built for /usr/local and, at least from hundred or so packages I've installed from there, none require LD_LIBRARY_PATH to work when their libraries are in /usr/local/lib. I had the plan to provide the option of linking with an rpath as a configure option. But it is not so easy to get it right for all supported platforms (Nicholas only mentioned solaris and Linux...). And I did not have the time yet to complete this in an upstream compliant manner. Patches welcome!! To be more concrete: I suggest adding a configure option --enable-rpath that adds the appropriate LDFLAGS when appropriate for the build system (e.g. solaris and linux for a start) and gives notice when the system is unsupported (for rpath). See http://gitweb.samba.org/?p=samba.git;a=commit;h=3a0f781352f364ce625a35ffd78257b27d984c47 and http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=6850dc242b010bdcef5e427e51be04201f55b7f3 for what has already been in the sources and has been removed. By the way: It is not strictly necessary to modify the sources to create binaries linked with an rpath: By setting an appropriate LDFLAGS environment variable containing an RPATH option before calling configure, you can use an RPATH option for your install without modifying the sources, since the configure script picks up any externally set LDFLAGS and CFLAGS settings! ... :-) Cheers - Michael -- Michael Adam [EMAIL PROTECTED] [EMAIL PROTECTED] SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-37-0, fax: +49-551-37-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.SerNet.DE, mailto: Info @ SerNet.DE pgpEZP5KAXBCl.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Wednesday 27 August 2008 15:17:34 John Drescher wrote: # /opt/csw/bin/net ads testjoin [2008/08/27 14:37:58, 0] ../samba-3.2.2/source/param/params.c:(531) params.c:OpenConfFile() - Unable to open configuration file /etc/opt/csw/samba/smb.conf: No such file or directory ADS support not compiled in So do you have your smb.conf at /etc/opt/csw/samba/smb.conf Wow, I didn't even notice that the configuration changed path. But anyway, it doesn't help - what's with this part: # /opt/csw/bin/net ads testjoin [2008/08/27 15:42:53, 0] ../samba-3.2.2/source/param/loadparm.c:(7172) Ignoring unknown parameter realm ADS support not compiled in -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download
Michael Adam wrote: To be more concrete: I suggest adding a configure option --enable-rpath that adds the appropriate LDFLAGS when appropriate for the build system (e.g. solaris and linux for a start) and gives notice when the system is unsupported (for rpath). See http://gitweb.samba.org/?p=samba.git;a=commit;h=3a0f781352f364ce625a35ffd78257b27d984c47 and http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=6850dc242b010bdcef5e427e51be04201f55b7f3 for what has already been in the sources and has been removed. From link #2: What is more, rpath also has some bad effects (when updating libraries, e.g.), so it should not be set unconditionally. Could you elaborate on why/when setting rpath would cause problems? I'm having trouble coming up with an example. Thanks, -Brian -- --- Brian H. Nelson Youngstown State University System Administrator Media and Academic Computing bnelson[at]cis.ysu.edu --- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind and Global Catalog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sven Anders wrote: Gerald (Jerry) Carter schrieb: Sven, Does winbind work with a Global Catalog? Winbind does not rely upon global catalog. I added some search APi recently for GC support but there are not currently being used. What does this mean? Does winbind do not use the global catalog at all? Not currently. This should work in spite of GC or not. But enumerating users is really expensive and I wonder if you really have to do that. But that is another topic. What other possibilities do I have? Some faster? What doesn wbinfo -m? Sounds more like and problem with the in forest trusts. What Samba version are you running? I'm running Samba-3.0.28a. In the release notes for 3.2.0, you will see that the support for domain and forest trusts was greatly improved. Winbind and Active Directory Integration: o Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts. I'd suggest you give that version a try. The wbinfo -m command lists all domains (GROUP and GROUP1..GROUP10). Isn't joining to the CG-domain (GROUP) enough? Do I have join to each domain separatly? It should be but we learned a lot during the work on 3.2.0. Basically we use a 3step process to discover all possible trust paths now in Winbind.I feel much more confident in the trusted domain support in 3.2.x that previous releases. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItWRGIR7qMdg1EfYRAvUJAJ4gwC8far7qWtFDlQAcaqAiLD+3lQCePf5J fH3c5CQMAS8DlNQ6p359fDY= =Dr5K -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Howto control ssh logins with winbind ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Hi, with NIS the compat Mode in /etc/nsswitch.conf was available. So you could exclude user/group from login to the host. I read this mechanism is not possible with winbind. If you are using pam_winbind, look at the require-membership-of PAM config option. cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItWW7IR7qMdg1EfYRArzvAKCcLvmmhbvJdJInM4KekRb0QrYz/wCeMRpj 5TODQaVEu2bIYUOqsQyTpHc= =2eAv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Public share with samba/ Winbind
Andreas Ladanyi a écrit : Hi Alexandre, i have not seen your smb.conf, but guest ok = yes browseable = yes (to get the share listet in the explorer) should work. We use security = ads and it works. Is the guest = ok parameter accepted by samba ? Does samba run ? You could test your smb.conf with the testparm program. Type testparm on the command line. Bye, Andy Hi, my samba server work fine for all user in my domain (security = ads) but i have to create a public share wich is RWX for all user ( wich are not logged into the domain)... Guest ok = yes and browseable = yes too but if the user is not record on the DC, i am ejected ... Thanks for your help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Wednesday 27 August 2008 15:43:49 Jakov Sosic wrote: # /opt/csw/bin/net ads testjoin [2008/08/27 15:42:53, 0] ../samba-3.2.2/source/param/loadparm.c:(7172) Ignoring unknown parameter realm ADS support not compiled in OK, it seems that 3.0.32 from blastwave (thanx Dennis) works OK. I just have to figure it out how to get my 'getent passwd'/'getent group' to work with this winbindd It worked nicely with Sun's, but now I just can't get it to. # /opt/csw/bin/wbinfo -u [list of Domain users] # /opt/csw/bin/wbinfo -g [list of domain groups] # getent passwd [only /etc/passwd users, no one from domain] So, now I will need some explanations to solve this one. I already have these enteries in /etc/nsswitch.conf group: files compat winbind passwd: files compat winbind And, what about modfying pam.conf and adding winbind.so is supposed to help with what? Or is it only to allow Domain users to ssh to server with their AD credentials? Because I don't need the ssh... When I try to access the share from the Windows workstation, login screen displays, and after entering credentials, log says the following (I beleive this is the relevant part): [2008/08/27 16:24:39, 3] reply_spnego_negotiate: Got secblob of size 1271 [2008/08/27 16:24:39, 10] secrets_named_mutex: got mutex for replay cache mutex [2008/08/27 16:24:39, 10] ads_secrets_verify_ticket: enc type [1] failed to decry pt with error Bad encryption type [2008/08/27 16:24:39, 10] ads_secrets_verify_ticket: enc type [3] failed to decry pt with error Bad encryption type [2008/08/27 16:24:39, 3] ads_secrets_verify_ticket: enc type [23] failed to decry pt with error Decrypt integrity check failed [2008/08/27 16:24:39, 10] secrets_named_mutex: released mutex for replay cache mu tex [2008/08/27 16:24:39, 3] ads_verify_ticket: krb5_rd_req with auth failed (Decrypt integrity check failed) [2008/08/27 16:24:39, 10] ads_verify_ticket: returning error NT_STATUS_LOGON_FAIL URE [2008/08/27 16:24:39, 1] Failed to verify incoming ticket with error NT_STATUS_LO GON_FAILURE! [2008/08/27 16:24:39, 3] error packet at ../samba-3.0.32/source/smbd/sesssetup.c( 318) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE -- |Jakov Sosic|ICQ: 28410271| PGP: 0x965CAE2D | = | start fighting cancer - http://www.worldcommunitygrid.org/ | signature.asc Description: This is a digitally signed message part. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: problems with DFS
Seem to be netbios related, after some modifications it now works if server is accessed through ip address instead of name. I´m a bit lost now to why normal shares work with \\name\share but not dfs shares, \\FQDN\share also fails. \\name\share 0.00 10.1.20.201 - 10.1.9.34SMB Session Setup AndX Request 0.2410.1.9.34 - 10.1.20.201 TCP microsoft-ds sunlps-http [ACK] Seq=1 Ack=1351 Win=11680 Len=0 0.02013410.1.9.34 - 10.1.20.201 SMB Session Setup AndX Response, Error: STATUS_LOGON_FAILURE 0.023257 10.1.20.201 - 10.1.9.34SMB Session Setup AndX Request 0.03206010.1.9.34 - 10.1.20.201 SMB Session Setup AndX Response, Error: STATUS_LOGON_FAILURE 0.216549 10.1.20.201 - 10.1.9.34SMB Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \it-service 0.21789010.1.9.34 - 10.1.20.201 SMB Trans2 Response, QUERY_PATH_INFO 0.218327 10.1.20.201 - 10.1.9.34SMB Trans2 Request, FIND_FIRST2, Pattern: \it-service\* 0.21902310.1.9.34 - 10.1.20.201 SMB Trans2 Response, FIND_FIRST2, Error: STATUS_OBJECT_NAME_NOT_FOUND 0.240259 10.1.20.201 - 10.1.9.34SMB Session Setup AndX Request 0.25649310.1.9.34 - 10.1.20.201 SMB Session Setup AndX Response, Error: STATUS_LOGON_FAILURE 0.261364 10.1.20.201 - 10.1.9.34SMB Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \it-service 0.26260510.1.9.34 - 10.1.20.201 SMB Trans2 Response, QUERY_PATH_INFO 0.262962 10.1.20.201 - 10.1.9.34SMB NT Create AndX Request, Path: \it-service 0.26367010.1.9.34 - 10.1.20.201 SMB NT Create AndX Response, FID: 0x, Error: STATUS_OBJECT_NAME_NOT_FOUND 0.264969 10.1.20.201 - 10.1.9.34SMB Session Setup AndX Request 0.268266 10.1.20.201 - 10.1.9.34SMB NT Cancel Request 0.26829310.1.9.34 - 10.1.20.201 TCP microsoft-ds sunlps-http [ACK] Seq=404 Ack=5869 Win=20250 Len=0 0.27679410.1.9.34 - 10.1.20.201 SMB Session Setup AndX Response, Error: STATUS_LOGON_FAILURE 0.27741910.1.9.34 - 10.1.20.201 SMB NT Trans Response, unknown, Error: STATUS_CANCELLED 0.277587 10.1.20.201 - 10.1.9.34TCP sunlps-http microsoft-ds [ACK] Seq=5869 Ack=518 Win=63473 Len=0 0.278332 10.1.20.201 - 10.1.9.34SMB Close Request, FID: 0x1bb7 0.27907210.1.9.34 - 10.1.20.201 SMB Close Response 0.462238 10.1.20.201 - 10.1.9.34TCP sunlps-http microsoft-ds [ACK] Seq=5914 Ack=557 Win=63434 Len=0 If accessed by ip address\share 0.00 10.1.20.201 - 10.1.9.34SMB Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \10.1.9.34\drift 0.00120010.1.9.34 - 10.1.20.201 SMB Trans2 Response, QUERY_PATH_INFO 0.001843 10.1.20.201 - 10.1.9.34SMB Trans2 Request, QUERY_FS_INFO, Query FS Size Info 0.00297110.1.9.34 - 10.1.20.201 SMB Trans2 Response, QUERY_FS_INFO 0.003553 10.1.20.201 - 10.1.9.34SMB Trans2 Request, QUERY_PATH_INFO, Query File Basic Info, Path: \10.1.9.34\drift\it-service 0.00430010.1.9.34 - 10.1.20.201 SMB Trans2 Response, QUERY_PATH_INFO, Error: STATUS_PATH_NOT_COVERED 0.005632 10.1.20.201 - 10.1.9.34SMB Trans2 Request, GET_DFS_REFERRAL, File: \10.1.9.34\drift\it-service\ 0.01046810.1.9.34 - 10.1.20.201 SMB Trans2 Response, GET_DFS_REFERRAL 0.183732 10.1.20.201 - 10.1.9.34TCP scp microsoft-ds [ACK] Seq=453 Ack=484 Win=63597 Len=0 3.136382 10.1.20.201 - 10.1.9.34SMB NT Cancel Request 3.13709410.1.9.34 - 10.1.20.201 SMB NT Trans Response, unknown, Error: STATUS_CANCELLED 3.137466 10.1.20.201 - 10.1.9.34SMB Close Request, FID: 0x1bf3 3.13829810.1.9.34 - 10.1.20.201 SMB Close Response 3.356468 10.1.20.201 - 10.1.9.34TCP scp microsoft-ds [ACK] Seq=538 Ack=598 Win=63483 Len=0 On Wed, Aug 27, 2008 at 9:27 AM, Henrik Beckman [EMAIL PROTECTED]wrote: Hi, We have been a samba shop since way back and have used DFS quit a lot the last years. When we went with security ads instead of domain our dfs died. We have tried 3.028(sun) in solaris wich we are leaving and 3.2.1 in linux, our migration target. For our 3.2.1 installation the config looks liket this and the problem manifests itself as a empty share. [Global] kernel oplocks = False oplocks = False level2 oplocks = False realm = SGU.SE workgroup = SGU netbios name = fs4 server string = fs4 security = ADS use kerberos keytab = true password server = ad1 ad2 wins server = 10.1.9.10 10.1.9.9 name resolve order = ads hosts wins bcast map to guest = Bad User disable netbios = No log level = 5 client use spnego = Yes server signing = auto host msdfs = Yes #msdfs root = Yes ntlm auth = No lanman auth = no dos charset = ISO8859-1 unix charset = ISO8859-1 winbind trusted domains only = yes [drift-a] msdfs root = Yes path = /export/dfsroot read only = no guest ok = yes ls -l in /export/dfsroot drift-a - msdfs:filer2\drift-a Domain servers are 2008 for, domainlevel is still 2003. We have
[Samba] Solaris nss_ldap vs PADL nss_ldap
Hi All, Any thoughts on why, while everything seems ok at the OS level (getent , id -a ) Samba doesn't pickup any supplementary groups when Solaris is configured with 'group: files ldap' in nsswitch.conf and using it's own native nss_ldap.so.1 but does when using PADL's nss_ldap? Everything else is equal. Do they use/accept different calls or could it be an openldap vs native ldap incompatibility, Samba being compiled against the openldap libraries. Samba seems not to compile against the native libraries due to a lack of ldap_start_tls_s Solaris 10 and Samba 3.2.2 Cheers, Duncan -- The University of St Andrews is a charity registered in Scotland : No SC013532 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC with groups in LDAP
To answer my own question, I had to use Padls' nss_ldap to make this work. I'd thought with Solaris 9 and later I could get away with using the Sun libraries but obviously not. Hope to help someone else Cheers Duncan Duncan Brannen wrote: Hi All, I'm wondering if anyone can shed some light on a problem I'm having. I have a samba PDC with an LDAP backend, keeping the smb.conf file constant, When I have /etc/nsswitch.conf configured with groups: files ldap Then /usr/local/samba/bin/net rpc user info dbb only returns my primary group. If I have /etc/nsswitch.conf configured with groups: files nis Then all my groups are shown when running the same net rpc command. In both cases, groups dbb and id -a dbb show all the groups I am a member of, getent group groupName shows the members of the group and /usr/local/samba/bin/net groupmap list provides a list of groups (from LDAP) eg Domain Users (S-1-5-21-440367617-1876916578-3462541782-513) - Domain Users Domain Guests (S-1-5-21-440367617-1876916578-3462541782-514) - Domain Guests Domain Computers (S-1-5-21-440367617-1876916578-3462541782-553) - Domain Computers Domain Vagrants (S-1-5-21-440367617-1876916578-3462541782-554) - Domain Vagrants Domain Sidekicks (S-1-5-21-440367617-1876916578-3462541782-590) - Domain Sidekicks Domain Admins (S-1-5-21-440367617-1876916578-3462541782-512) - domadm The group objects in LDAP look like dn: cn=groupName,ou=Groups,dc=st-andrews,dc=ac,dc=uk objectClass: posixGroup objectClass: sambaGroupMapping gidNumber: Number cn: groupName memberUid: user1 memberUid: user2 memberUid: ... description: Some Descriptive Term Here sambaSID: S-1-5-21-xxx-yyy-zzz-gidNumber sambaGroupType: 2 displayName: Whatever where S-1-5-21-xxx-yyy-zzz is our domain SID Watching the ldap logs, when I run net/rpc usr info dbb, samba looks up all the groups root is in (objectClass=sambaGroupMapping)(gidNumber=...)), for sambaSID=s-1-5-32-544 and 545, then for a whole bunch of sambaSIDLists (I have none setup) or sambaGroupMapping,sambaGroupType=4 It then looks up my account, searches for my primary group both by its gidNumber, then by its sambaSID, and then it stops. Is there extra configuration need for looking up groups in ldap? It feels like an OS issue but the OS commands seem to return the correct output. OS is Solaris 10 sparc. Samba versions are 3.0.23c and 3.2.1 Thanks, Duncan -- The University of St Andrews is a charity registered in Scotland : No SC013532 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Groups questions
Short answer, yes. You should/do get all the groups listed with ifmember /list but get different results with the Solaris nsswitch.conf than padl's nsswitch.conf. I have it working, through changing only this one library. There may of course have been problems with my ldap_client_file that didn't show up at the OS level but scuppered what samba was asking for. Didn't see any error messages though. Cheers. Duncan Brannen wrote: Hi, When Samba is running as a PDC and a workstation is joined to the Domain, should the user logged into the workstation be able to see all the groups they are a member of using `ifmember /list`? Is the below output as expected? I'm I correct thinking that as all my groups originate in the Unix world, I don't need winbind to allow the Workstations to see them? For what it's worth, Solaris 10 (Sparc) Samba 3.2.1 and OpenLDAP, everything bar the Samba version should be irrelevant as it's hidden behind nsswitch and passdb backend? It's a clean OS / Ldap install with the smbldap tools used to populate the directory and create the user, then 'net rpc' used to create groups and add members. Thanks, Duncan - On the PDC /usr/local/samba/bin/net rpc group members room11 -Uroot%password CROOMTEST\dunk /usr/local/samba/bin/net groupmap list Domain Admins (S-1-5-21-440367617-1876916578-3462541782-512) - Domain Admins Domain Users (S-1-5-21-440367617-1876916578-3462541782-513) - Domain Users Domain Guests (S-1-5-21-440367617-1876916578-3462541782-514) - Domain Guests Domain Computers (S-1-5-21-440367617-1876916578-3462541782-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators Account Operators (S-1-5-32-548) - Account Operators Print Operators (S-1-5-32-550) - Print Operators Backup Operators (S-1-5-32-551) - Backup Operators Replicators (S-1-5-32-552) - Replicators room11 (S-1-5-21-440367617-1876916578-3462541782-3003) - room11 room9 (S-1-5-21-440367617-1876916578-3462541782-3005) - room9 getent group ... room11::1001:dunk getent passwd ... dunk:x:1000:512:System User:/home/dunk:/bin/bash - On the workstation net group /domain room11 returns dunk as a member net group /domain returns a list of all the groups mapped on the pdc that start S-1-5-21- ifmember /list returns the primary group CROOMTEST\Domain Admins \Everyone BUILTIN\Administrators BUILTIN\Users \Local NT Authority\INTERACTIVE NT Authority\Authneticated Users -- The University of St Andrews is a charity registered in Scotland : No SC013532 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc group addmem returns NT_STATUS_ACCESS_DENIED
John H Terpstra wrote: On Monday 25 August 2008 08:56:23 Duncan Brannen wrote: Hi All, I'm trying to add a user to a group using /usr/local/samba/bin/net rpc group addmem room11 dunk -Uroot%password The user is added to the group as far as I can tell but the command returns NT_STATUS_ACCESS_DENIED This is on Solaris 10 (Sparc) and Samba 3.2.1, OS and Samba are both configured to lookup users and groups in LDAP. /usr/local/samba/bin/net rpc group members room11 -Uroot%password CROOMTEST\dunk Trying to remove the user from the group returns NT_STATUS_MEMBER_NOT_IN_GROUP and the user is not removed from the group in LDAP (running smbldap-groupmod manually removes the user from LDAP) In smb.conf, I have add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g With log level set to 10 I see the following for the add that may or may not be relevant. Should the access check granted and required values be equal? [2008/08/25 12:59:48, 4] rpc_server/srv_pipe.c:api_rpcTNP(2297) api_rpcTNP: samr op 0x16 - api_rpcTNP: rpc command: SAMR_ADDGROUPMEMBER [2008/08/25 12:59:48, 6] rpc_server/srv_pipe.c:api_rpcTNP(2323) api_rpc_cmds[22].fn == 200be4 samr_AddGroupMember: struct samr_AddGroupMember in: struct samr_AddGroupMember group_handle : * group_handle: struct policy_handle handle_type : 0x (0) uuid : 0500---b248-b49e9051 rid : 0x0bb8 (3000) flags: 0x0005 (5) [2008/08/25 12:59:48, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(168) Found policy hnd[0] [000] 00 00 00 00 05 00 00 00 00 00 00 00 B2 48 B4 9E .H.. [010] 90 51 00 00 .Q.. [2008/08/25 12:59:48, 5] rpc_server/srv_samr_nt.c:access_check_samr_function(227) _samr_AddGroupMember: access check ((granted: 0f001f; required: 04) [2008/08/25 12:59:48, 10] rpc_server/srv_samr_nt.c:_samr_AddGroupMember(4651) sid is S-1-5-21-440367617-1876916578-3462541782-3003 [2008/08/25 12:59:48, 10] groupdb/mapping.c:get_domain_group_from_sid(132) get_domain_group_from_sid ... [2008/08/25 12:59:50, 3] groupdb/mapping.c:smb_add_user_group(352) smb_add_user_group: Running the command `/usr/local/sbin/smbldap-groupmod -m dunk room11' gave 0 [2008/08/25 12:59:50, 10] lib/system_smbd.c:sys_getgrouplist(122) sys_getgrouplist: user [dunk] [2008/08/25 12:59:50, 3] smbd/sec_ctx.c:push_sec_ctx(224) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 ... [2008/08/25 12:59:50, 10] passdb/lookup_sid.c:legacy_gid_to_sid(1170) LEGACY: gid 512 - sid S-1-5-21-440367617-1876916578-3462541782-512 samr_AddGroupMember: struct samr_AddGroupMember out: struct samr_AddGroupMember result : NT_STATUS_ACCESS_DENIED For delmem I again get the same access check granted value _samr_DeleteGroupMember: access check ((granted: 0f001f; required: 08) then Get_Pwnam_internals did find user [dunk]! [2008/08/25 14:41:10, 3] smbd/sec_ctx.c:pop_sec_ctx(432) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2008/08/25 14:41:10, 10] passdb/lookup_sid.c:legacy_sid_to_uid(1213) LEGACY: sid S-1-5-21-440367617-1876916578-3462541782-3000 - uid 1000 samr_DeleteGroupMember: struct samr_DeleteGroupMember out: struct samr_DeleteGroupMember result : NT_STATUS_MEMBER_NOT_IN_GROUP Any thoughts or pointers as to where I should be looking? Have you tried to execute this script manually? Example: smbldap-useradd -G new_group user_name If that works, check that you gave Samba permission to update the LDAP directory. Did you execute the following?: smbpasswd -w LDAP_Secret_Password also, check that the user you are using to do this, and/or the group that user belongs to, has the rights and privileges needed to do this: net rpc rights list accounts -Uroot%password - John T. Hi John, For what it's worth, the error message has gone now I'm using 3.2.2 and padl's nss_ldap library and I'm assuming it's the padl nss_ldap library that's solved it. A cursory glance at the ldap logs and what happens there looks similar, user still successfully added to the group. If I'd kept digging at this it may have shown why the groups were not showing up in windows. Cheers, Duncan -- The University of St Andrews is a charity registered in Scotland : No SC013532 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download
On Wed, 27 Aug 2008, Michael Adam wrote: Michael Adam wrote: Hi folks! Nicholas Brealey wrote: James Kosin wrote: -Original Message- From: Daniel Eischen [mailto:[EMAIL PROTECTED] Using -rpath/-R is the norm for Solaris packages. Samba already is built with knowledge of where it is installed and where its lib, data, var, etc directories reside. What is _not_ the norm, is having to set LD_LIBRARY_PATH in order for your applications to work. Take a look at all the packages at sunfreeware.com - they are all built for /usr/local and, at least from hundred or so packages I've installed from there, none require LD_LIBRARY_PATH to work when their libraries are in /usr/local/lib. I had the plan to provide the option of linking with an rpath as a configure option. But it is not so easy to get it right for all supported platforms (Nicholas only mentioned solaris and Linux...). And I did not have the time yet to complete this in an upstream compliant manner. Patches welcome!! To be more concrete: I suggest adding a configure option --enable-rpath that adds the appropriate LDFLAGS when appropriate for the build system (e.g. solaris and linux for a start) and gives notice when the system is unsupported (for rpath). Yes, it if is not on be default, then having a knob to enable it is the next best thing. See http://gitweb.samba.org/?p=samba.git;a=commit;h=3a0f781352f364ce625a35ffd78257b27d984c47 and http://gitweb.samba.org/?p=samba.git;a=commitdiff;h=6850dc242b010bdcef5e427e51be04201f55b7f3 for what has already been in the sources and has been removed. By the way: It is not strictly necessary to modify the sources to create binaries linked with an rpath: By setting an appropriate LDFLAGS environment variable containing an RPATH option before calling configure, you can use an RPATH option for your install without modifying the sources, since the configure script picks up any externally set LDFLAGS and CFLAGS settings! ... :-) That is nice to know too. -- DE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Public share with samba/ Winbind
Hi, my samba server work fine for all user in my domain (security = ads) but i have to create a public share wich is RWX for all user ( wich are not logged into the domain)... Guest ok = yes and browseable = yes too but if the user is not record on the DC, i am ejected ... Thanks for your help I just set that up yesterday. In the global section, try adding map to guest = Bad Password take care, -- Matt Richardson IT Consultant College of Arts and Letters CSU San Bernardino work: (909)537-7598 fax: (909)537-5926 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Solaris nss_ldap vs PADL nss_ldap
Duncan Brannen wrote: Hi All, Any thoughts on why, while everything seems ok at the OS level (getent , id -a ) Samba doesn't pickup any supplementary groups when Solaris is configured with 'group: files ldap' in nsswitch.conf and using it's own native nss_ldap.so.1 but does when using PADL's nss_ldap? Everything else is equal. Have you tried using Solaris version withthis in the nsswitch.conf: group: compat group_compat ldap and adding the + in the /etc/group file. This appears to work as expected, getting groups info from both local and ldap. Or (I have not tried this): group: files [SUCCESS=continue] ldap Do they use/accept different calls or could it be an openldap vs native ldap incompatibility, Samba being compiled against the openldap libraries. Samba seems not to compile against the native libraries due to a lack of ldap_start_tls_s Solaris 10 and Samba 3.2.2 Cheers, Duncan -- Douglas E. Engert [EMAIL PROTECTED] Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow and unpredictable Samba performance?
On Wednesday 27 August 2008 15:17:34 John Drescher wrote: # /opt/csw/bin/net ads testjoin [2008/08/27 14:37:58, 0] ../samba-3.2.2/source/param/params.c:(531) params.c:OpenConfFile() - Unable to open configuration file /etc/opt/csw/samba/smb.conf: No such file or directory ADS support not compiled in So do you have your smb.conf at /etc/opt/csw/samba/smb.conf Wow, I didn't even notice that the configuration changed path. But anyway, it doesn't help - what's with this part: # /opt/csw/bin/net ads testjoin [2008/08/27 15:42:53, 0] ../samba-3.2.2/source/param/loadparm.c:(7172) Ignoring unknown parameter realm ADS support not compiled in I will give you a Samba 3.2.3 package shortly .. Dennis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Excessive disk activity from browse.dat regeneration
Greetings, I'm trying to track down and eliminate the sources of excessive disk activity in an idle system that is resulting in premature hard disk failure. Access time updates to inodes turned out to be the worst culprit, triggering writes every 35 seconds or so. Mounting filesystems with the noatime option fixed that problem. But not too far behind inode updates is the frequent regeneration of the browse.dat file by nmbd. My first thought was to move browse.dat to a tmpfs so nmbd could create the file as often as it likes without chewing up our hard disks. But the lock directory that contains browse.dat also contains a bunch of other files and some of them seem to want to be persistent. I started down the path of spinning a web of symlinks to put everything in a place where it will be happy. But there seem to be several different lifecycles represented in this collection of files and making them all happy is looking trickier than I had hoped. This seems like the sort of thing that other people would have figured out by now. I've searched the samba archives and haven't found any discussions on exactly this point. Before I dig deeper into the code, could some of you more experienced Samba hands point me to a work-around for this problem? Thanks. I'm using Samba 3.0.0 on Redhat 7.3. (Yes, I know that's very old.) Bret Orsburn -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Installing Drivers into [print$]
Hi, I was looking though the easy Add Printer Wizard Driver Installation instructions here http://us6.samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html#id2620623 but found that it did not work. After saying no to Do you want to install the driver now when properties comes up nothing is editable so one can't connect to advanced or new driver to install drivers and one never finds a place where the copy to server option comes up. I assume this must be due to changes in Windows. (The smb.conf file is right and the right directories exist and can be written to.) Does anybody know of a work around or new way to accomplish this? -- John Baker Network Systems Administrator Marlboro College Phone: 451-7551 off campus; 551 on campus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Vista SP1 and roaming profiles
I'm setting up new computers w/ Vista SP1 that are replacing computers that were XP SP3. Vista is not using the roaming profiles that the XP users were using. instead of using for example \\server\profiles\jdoe, it is making a \\server\profiles\jdoe.V2 that Vista uses, and so I have to re-set up Seamonkey/Firefox/Thunderbird, redirect my documents, etc. Is there any way to have VIsta SP1 use the same profile without .V2 that XP was using? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Howto control ssh logins with winbind ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Ladanyi wrote: Hi, with NIS the compat Mode in /etc/nsswitch.conf was available. So you could exclude user/group from login to the host. I read this mechanism is not possible with winbind. If you are using pam_winbind, look at the require-membership-of PAM config option. Hi jerry, thats perfect ! Thanks a lot, Andy cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItWW7IR7qMdg1EfYRArzvAKCcLvmmhbvJdJInM4KekRb0QrYz/wCeMRpj 5TODQaVEu2bIYUOqsQyTpHc= =2eAv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't export [homes] share.
Hi to everybody. I have an Ubuntu server running Samba 3, and its 25 Kubuntu clients. This server does authenticate the users added (to Samba and to Ubuntu linux itself), but those users can't see their /home directory. What's going wrong??? Below is the server's smb.conf: --- [global] workgroup = CCLAB netbios name = SLAB server string = Servidor LABCOMP domain master = yes domain logons = yes logon script = netlogon.bat logon home = \\%L\%U\.profiles logon path = \\%L\profiles\%U security = user encrypt passwords = yes enable privileges = yes passdb backend = tdbsam preferred master = yes local master = yes os level = 100 wins support = yes [netlogon] comment = Serviço de Logon path = /var/samba/netlogon read only = yes browseable = no [homes] valid users = %S create mask = 0700 directory mask = 0700 browseable = no [profiles] path = /var/profiles writeable = yes browseable = no create mask = 0600 directory mask = 0700 And below is the client's smb.conf: - [global] netbios name = CPU-3 workgroup = CCLAB winbind use default domain = yes obey pam restrictions = yes security = domain encrypt passwords = true wins server = 172.17.60.1 winbind uid = 1-2 winbind gid = 1-2 template shell = /bin/bash template homedir = /home/%U winbind separator = + invalid users = root - Thanks in advance to all. - HELCIO WAGNER DA SILVA Novos endereços, o Yahoo! que você conhece. Crie um email novo com a sua cara @ymail.com ou @rocketmail.com. http://br.new.mail.yahoo.com/addresses -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] nested group support still broken in 3.2.2?
Hi there I've just upgraded to 3.2.2 and it still looks like nested group support isn't finished? e.g. if I have domain1/user1 in group domain2/group1 and that in turn is in domain3/group2 (i.e. domain1/user1 is in domain3/group2), then getent group domain3/group2 should return domain1/user1 - and yet it doesn't. winbind enum groups is enabled if that matters (it didn't seem to make a difference) However, id domain1/user1 does show that domain3/group2 is listed as one of that users groups - so it's working well in that direction...? Am I right, or have we got a problem that could actually be fixed? :-) This is under FC8. Thanks! -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nested group support still broken in 3.2.2?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Haar wrote: Hi there I've just upgraded to 3.2.2 and it still looks like nested group support isn't finished? e.g. if I have domain1/user1 in group domain2/group1 and that in turn is in domain3/group2 (i.e. domain1/user1 is in domain3/group2), then getent group domain3/group2 should return domain1/user1 - and yet it doesn't. winbind enum groups is enabled if that matters (it didn't seem to make a difference) However, id domain1/user1 does show that domain3/group2 is listed as one of that users groups - so it's working well in that direction...? Am I right, or have we got a problem that could actually be fixed? :-) This is under FC8. What is winbind expand groups set to ? cheers, jerry - -- = Samba--- http://www.samba.org Likewise Software - http://www.likewisesoftware.com What man is a man who does not make the world better? --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFItb3iIR7qMdg1EfYRAuz6AJ9gOmDHWYGrJgQTvGZkzyhXzuW5vgCfXLje 0eUmatOrEzoRc8CrTCN5p4s= =efXx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] pam mounted shares unmount themselves after a while, sorta
Hello all, I have a samba PDC and about 20 linux clients. The linux clients authenticate to the PDC via pam_winbind and mount a share automatically at login via pam_mount. The problem is that client-side the shares seem to get into a bad state after a while (like a day). The share does not show up when I run df, but it still seems to be partially mounted. I say partially mounted because I can run smbumount on the share and I don't get an error. After I run smbumount, I can logout/login and the automatic mounting via pam_mount will work. This problem may be partially due to our less than perfect network. Does anyone have this problem, and is there a workaround? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [ANNOUNCE] Samba 3.2.2 Available for Download
Brian H. Nelson wrote: Michael Adam wrote: ... What is more, rpath also has some bad effects (when updating libraries, e.g.), so it should not be set unconditionally. Could you elaborate on why/when setting rpath would cause problems? I'm having trouble coming up with an example. I think there was an issue with RPATH in the executable taking higher priority than the LD_LIBRARY_PATH environment variable and Linux distributions updating libraries in a funny way (moving the old libraries to a different directory). On Solaris LD_LIBRARY_PATH always had a higher priority than RPATH although I think this broke some standard. To comply with standards, RUNPATH was introduced which has a lower priority than LD_LIBRARY_PATH matching the behaviour of the Solaris RPATH. The -R option on Solaris now sets both RPATH and RUNPATH but RPATH is ignored when RUNPATH is present. A cannot think of any objection to using -R with $ORIGIN on Solaris. See: http://docs.sun.com/app/docs/doc/817-1984/6mhm7pld8?a=view#indexterm-814 I don't see why there should be a problem on Linux provided the RPATH only includes directories which are part of the Samba build and are exclusive to Samba. /opt/samba/bin, /opt/samba/lib and RPATH=$ORIGIN/../lib would be OK. /usr/local/bin, /usr/local/lib and RPATH=$ORIGIN/../lib would bad. /usr/bin, /usr/lib and RPATH=$ORIGIN/../lib would be very bad. Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Security leak in map_nt_perms?
Jeremy Allison ha scritto: On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote: This is exactly what I'd expect... Hmmm, not what I'd expect :-). I'll have to check into the POSIX mapping further, been a while since I wrote it. Are you checking on a system with POSIX ACLs enabled or just straight POSIX permissions ? Any news? Are you willing to accept a patch that make samba to ignore request to allow FILE_{READ|WRITE}_{ATTRIBUTES|EA) when computing resulting Unix permission/ACL? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Security leak in map_nt_perms?
On Wed, Aug 27, 2008 at 11:15:20PM +0200, Abramo Bagnara wrote: Jeremy Allison ha scritto: On Sat, Aug 16, 2008 at 09:42:51AM +0200, Abramo Bagnara wrote: This is exactly what I'd expect... Hmmm, not what I'd expect :-). I'll have to check into the POSIX mapping further, been a while since I wrote it. Are you checking on a system with POSIX ACLs enabled or just straight POSIX permissions ? Any news? No, haven't got to this yet. One more question, were you setting the user or group ACE to '---' or an alternate user or group ACE to '---' ? Are you willing to accept a patch that make samba to ignore request to allow FILE_{READ|WRITE}_{ATTRIBUTES|EA) when computing resulting Unix permission/ACL? Not without examining this code thoroughly first, sorry. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nested group support still broken in 3.2.2?
Gerald (Jerry) Carter wrote: What is winbind expand groups set to ? Oh sorry - 3. I've just tried something. I upped log level = 10, deleted /var/lib/samba/winbind* (to trash cached values), cleaned out /var/log/samba/* and restarted winbind. Then I tried id localDomain\user and getent group localDomain\group and they worked successfully. Then I tried the getent group domain3\group2 mentioned in my example: remote domain containing groups containing users from many (trusted) other domains. It *immediately* returned with no content (which is odd - yesterday it returned 5 domain3 users). Strangely, I didn't see a log.wb-domain3 created. Then I ran wbinfo -u, and immediately all the log.wb- files appeared - one per trusted domain. It hung for many minutes while it went all over the world (I had tcpdump running) via LDAP downloading stuff. Eventually I got Error looking up domain users - probably hit a timeout. I'm not surprised :-) However, winbindd was still downloading stuff - in fact there are now 167 copies of winbind running on my FC8 box and it's still working at the problem ;-) wbinfo -m|wc reports 14 BTW - so I don't know how 167 showed up. Then I ran getent group domain3\group2 again, this time it hung for 5 secs - before returning nothing again :-( Grep'ping /var/log/sambe/* for the groupname shows only 'getgrnam domain3\group2' - no real error as such PS: there are now 155 winbindd processes running - so it did come down a bit. But I don't think that's normal? Under 3.0.30 it never seemed to go above 10-ish? -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Solaris nss_ldap vs PADL nss_ldap
Quoting Douglas E. Engert [EMAIL PROTECTED]: Duncan Brannen wrote: Hi All, Any thoughts on why, while everything seems ok at the OS level (getent , id -a ) Samba doesn't pickup any supplementary groups when Solaris is configured with 'group: files ldap' in nsswitch.conf and using it's own native nss_ldap.so.1 but does when using PADL's nss_ldap? Everything else is equal. Have you tried using Solaris version withthis in the nsswitch.conf: group: compat group_compat ldap and adding the + in the /etc/group file. This appears to work as expected, getting groups info from both local and ldap. Or (I have not tried this): group: files [SUCCESS=continue] ldap I haven't no, I'm not going to be in a position to test this till next week now probably, but I'll give it a go and post back what I find. All the users and groups are in LDAP only so it never occurred I might need to (esp with OS level stuff seemingly working) Thanks for the info. Cheers, Duncan Do they use/accept different calls or could it be an openldap vs native ldap incompatibility, Samba being compiled against the openldap libraries. Samba seems not to compile against the native libraries due to a lack of ldap_start_tls_s Solaris 10 and Samba 3.2.2 Cheers, Duncan -- Douglas E. Engert [EMAIL PROTECTED] Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 -- University of St Andrews Webmail: https://webmail.st-andrews.ac.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] shadow_copy for homes share
On Wed, Aug 27, 2008 at 11:09 PM, Cory Coager [EMAIL PROTECTED]wrote: I'm guessing this patch isn't part of binaries distributed through SLES which is why it isn't working for me. Thanks for the info. Maybe you can go about it a different way and offer a recovery drive to the users. Rather than using homes for the shadow_copy, which is posing problems for you, setup another share called recover that points to the snapshot area. Users can then to browse into their home directory via the recover share and recover/view their old files. Cheers, Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] nested group support still broken in 3.2.2?
I just thought of something else. Are there any Samba limits on Universal groups vs Global vs Domain Local (this is a Win2K3 env). Obviously the problem I'm having involves a Universal Group - but it contains a mixture of Universal and Global groups. The top one (ie domain3\group2) is a Distribution List too BTW (not just a Security Group). -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.2.3 in Debian unstable
We're doing our best, folks. 3.2.2 packages are ready (working the package wasn't that straightforward after some binary renaming that happened for cifs utilities..as well as some (good) changes to libraries installation). 3.2.1 entered testing two days ago and we now need to talk with our release team to get a pre-agreement by them that they will accept 3.2.2 for lenny. Steve Langasek is the one who know how to write such mails (he combines two qualities I don't have: being an English native speaker and understandign Samba's code...:-) ). Steve Langasek uploaded 3.2.3 packages in Debian unstable yesterday, about two hours after Karolin announced it..:-) These packages are targeted to enter Debian testing, ie the soon-to-be-released-when-it's-ready next Debian version. I don't know whether it will make it to Ubuntu whatever-funky-name-they'll-give-to-their-next-version but I bet it will as I suppose that Steve will take care of this..:-) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-2-36-g4daf89d
The branch, v3-2-stable has been updated via 4daf89d1fd5388a1bdd2c41cd69c6f04675eaa0d (commit) via 42f7808a92c3b73ffc7f967e9157a970c2316e9b (commit) via 0682464774e2bdc838e08bdf77b22e6df16980bc (commit) via 6ee615d191c6ffa97bb27c52ae3cdb2e87a15a9a (commit) via 51828872b5b90cdbb800db0462a0d75b68e104a4 (commit) via 41b0106bf0633d1b68aee3e22056aef0aa855c4a (commit) via 7ba0050ab29a67db5823e792a2811394f38d5487 (commit) via d211b19e12f0a6b124f4921fe12ca707c7a5e709 (commit) via b2c551c1e6465a18cba9ab5ffc2ed4facb9b2458 (commit) via ad6b5ae2b315238647a0e968cddbd1fa83c2eef4 (commit) via 1a6d3ceab272f556398fd1759d45d7efbac005c4 (commit) via 2382ef310073e9c9a3a15bff987d7baf8f158ff4 (commit) via ad7687ff02465e5ca5e0f8c1f49d572eaea1b31a (commit) via 5d0b8788dcecbe1565b3ef0200386308c63588db (commit) via a76f0528ebae537166177409279c0f438c059b40 (commit) via 17695ffca57c93b828719310c26b0a41b609b101 (commit) via 52428c8ba8f4f73e648696cae3136884e94575d7 (commit) from a90648e905aebc98c78897adf76729bea269cedf (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 4daf89d1fd5388a1bdd2c41cd69c6f04675eaa0d Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:38:42 2008 +0200 Revert build: fix linking cifs.upcall when nscd_flush_cache() is found. This reverts commit a7058ed1ef2622abdb75fe997ce4a5c570898929. commit 42f7808a92c3b73ffc7f967e9157a970c2316e9b Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:38:35 2008 +0200 Revert Fix bug 5697 nmbd spins in reload_interfaces when only loopback has an IPv4 address This reverts commit 435c10268bb6987ab7e8206cd6c45bd9961c5632. commit 0682464774e2bdc838e08bdf77b22e6df16980bc Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:38:25 2008 +0200 Revert cifs.upcall: handle MSKRB5 OID properly This reverts commit 64ebfe4b2e5b7e3e07a0af424b35000693148e48. commit 6ee615d191c6ffa97bb27c52ae3cdb2e87a15a9a Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:38:18 2008 +0200 Revert smbd: fix the handling of create_options to pass RAW-OPEN This reverts commit ebd1f8f9297b31353d094ddccc320a83f02877ce. commit 51828872b5b90cdbb800db0462a0d75b68e104a4 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:38:08 2008 +0200 Revert nss_winbind: When returning NSS_UNAVAIL, squash errno to ENOENT This reverts commit 15e8e23466ae959bd0efc540c287338dbcd0b7a6. commit 41b0106bf0633d1b68aee3e22056aef0aa855c4a Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:38:00 2008 +0200 Revert fix another build warning. This reverts commit e3ff1cb7709d93fb91602d3d25deca3f4ecce2ce. commit 7ba0050ab29a67db5823e792a2811394f38d5487 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:37:49 2008 +0200 Revert fix build warning. This reverts commit c48f247d76569bfdc844499cc64f504bce7085cd. commit d211b19e12f0a6b124f4921fe12ca707c7a5e709 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:37:41 2008 +0200 Revert build: rename LIBNETAPI_OBJ1 to LIBNETAPI_OBJ0 for consistency. This reverts commit eb892f90c9be0ebc2217fc459d4249190986c003. commit b2c551c1e6465a18cba9ab5ffc2ed4facb9b2458 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:37:30 2008 +0200 Revert build: fall down to the same place when using an internal lib statically. This reverts commit 8145b0a7d7bacb818b8dadadae65ecd0877b5ce2. commit ad6b5ae2b315238647a0e968cddbd1fa83c2eef4 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:37:22 2008 +0200 Revert build: fix bug #5590 by not linking in the static libs but the objects. This reverts commit ef801d12a309c4c9f6429739b835fb32f5c309b8. commit 1a6d3ceab272f556398fd1759d45d7efbac005c4 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:36:58 2008 +0200 Revert Fix bug 5698 - mixup of TALLOC/malloc. Spotted by Douglas Wegscheid [EMAIL PROTECTED]. This reverts commit 3c205320cd1eb19ed275572f975487e92c611f13. commit 2382ef310073e9c9a3a15bff987d7baf8f158ff4 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:36:51 2008 +0200 Revert IDL: fix IDL for netr_ServerPasswordSet2(). This reverts commit 7a53e1e83a070394f77da4a0f7b2ed480165c376. commit ad7687ff02465e5ca5e0f8c1f49d572eaea1b31a Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:36:31 2008 +0200 Revert re-run make idl. This reverts commit 94dd61a4e8e070e175339defce4da08eaf87429d. commit 5d0b8788dcecbe1565b3ef0200386308c63588db Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 10:36:20 2008 +0200 Revert Fix Bug #5710 and make machine account password changing work again. This
svn commit: samba-web r1225 - in trunk/history: .
Author: kseeger Date: 2008-08-27 09:02:05 + (Wed, 27 Aug 2008) New Revision: 1225 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1225 Log: Fix typo Karolin Modified: trunk/history/header_history.html Changeset: Modified: trunk/history/header_history.html === --- trunk/history/header_history.html 2008-08-26 09:10:03 UTC (rev 1224) +++ trunk/history/header_history.html 2008-08-27 09:02:05 UTC (rev 1225) @@ -80,7 +80,7 @@ lia href=samba-3.2.2.htmlsamba-3.2.2/a/li lia href=samba-3.2.1.htmlsamba-3.2.1/a/li lia href=samba-3.2.0.htmlsamba-3.2.0/a/li -lia href=samba-3.0.32.htmlsamba-3.0.32/a/li +lia href=samba-3.0.32.htmlsamba-3.0.32/a/li lia href=samba-3.0.31.htmlsamba-3.0.31/a/li lia href=samba-3.0.30.htmlsamba-3.0.30/a/li lia href=samba-3.0.29.htmlsamba-3.0.29/a/li
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-2-38-g86634dc
The branch, v3-2-stable has been updated via 86634dc0c89b8c0ddf61273d31cc7d8cdb443643 (commit) via a94f44c49f668fcf12f4566777a668043326bf97 (commit) from 4daf89d1fd5388a1bdd2c41cd69c6f04675eaa0d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit 86634dc0c89b8c0ddf61273d31cc7d8cdb443643 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 11:09:54 2008 +0200 WHATSNEW: Add updates for 3.2.3. Karolin commit a94f44c49f668fcf12f4566777a668043326bf97 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Aug 27 10:45:43 2008 +0200 ldb: Fix permissions of group_mapping.ldb. This one fixes bug #5715 and CVE-2008-3789. --- Summary of changes: WHATSNEW.txt | 16 source/groupdb/mapping_ldb.c |8 +++- 2 files changed, 19 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 310e0dd..7035285 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,12 +1,19 @@ == Release Notes for Samba 3.2.3 - + August, 27 2008 == -This is a bug fix release of the Samba 3.2 series. +This is a security release in order to address CVE-2008-3789 (Wrong +permissions of group_mapping.ldb). -Major bug fixes included in Samba 3.2.3 are: + o CVE-2008-3789 + The file group_mapping.ldb is created with + the permissions 0666. That means everyone + is able to edit this file and might map any + SID to root. +The original security announcement for this and past advisories can +be found http://www.samba.org/samba/security/ ## @@ -16,7 +23,8 @@ Changes Changes since 3.2.2 --- - +o Andrew Tridgell [EMAIL PROTECTED] +* Fix for CVE-2008-3789. ## diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c index 6775f61..ce65d7c 100644 --- a/source/groupdb/mapping_ldb.c +++ b/source/groupdb/mapping_ldb.c @@ -74,7 +74,13 @@ static bool init_group_mapping(void) if (ret != LDB_SUCCESS) { goto failed; } - + + /* force the permissions on the ldb to 0600 - this will fix + existing databases as well as new ones */ + if (chmod(db_path, 0600) != 0) { + goto failed; + } + if (!existed) { /* initialise the ldb with an index */ struct ldb_ldif *ldif; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2961-gd54f8ba
The branch, v3-2-test has been updated via d54f8baab77b903f980abe96db548198dcdf717a (commit) via 140ba1588ee2b15a9515e055c09f3ba96d355e9a (commit) from 539f7f1a960686642dc8a3df5cb4aaabcd4d70f8 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit d54f8baab77b903f980abe96db548198dcdf717a Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 11:09:54 2008 +0200 WHATSNEW: Add updates for 3.2.3. Karolin (cherry picked from commit 86634dc0c89b8c0ddf61273d31cc7d8cdb443643) commit 140ba1588ee2b15a9515e055c09f3ba96d355e9a Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Aug 27 10:45:43 2008 +0200 ldb: Fix permissions of group_mapping.ldb. This one fixes bug #5715 and CVE-2008-3789. (cherry picked from commit a94f44c49f668fcf12f4566777a668043326bf97) --- Summary of changes: WHATSNEW.txt | 16 source/groupdb/mapping_ldb.c |8 +++- 2 files changed, 19 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 310e0dd..7035285 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,12 +1,19 @@ == Release Notes for Samba 3.2.3 - + August, 27 2008 == -This is a bug fix release of the Samba 3.2 series. +This is a security release in order to address CVE-2008-3789 (Wrong +permissions of group_mapping.ldb). -Major bug fixes included in Samba 3.2.3 are: + o CVE-2008-3789 + The file group_mapping.ldb is created with + the permissions 0666. That means everyone + is able to edit this file and might map any + SID to root. +The original security announcement for this and past advisories can +be found http://www.samba.org/samba/security/ ## @@ -16,7 +23,8 @@ Changes Changes since 3.2.2 --- - +o Andrew Tridgell [EMAIL PROTECTED] +* Fix for CVE-2008-3789. ## diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c index 6775f61..ce65d7c 100644 --- a/source/groupdb/mapping_ldb.c +++ b/source/groupdb/mapping_ldb.c @@ -74,7 +74,13 @@ static bool init_group_mapping(void) if (ret != LDB_SUCCESS) { goto failed; } - + + /* force the permissions on the ldb to 0600 - this will fix + existing databases as well as new ones */ + if (chmod(db_path, 0600) != 0) { + goto failed; + } + if (!existed) { /* initialise the ldb with an index */ struct ldb_ldif *ldif; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-stable updated - release-3-3-0pre1-8-g5747195
The branch, v3-3-stable has been updated via 574719548feeef5180e4c8280ae024459df384dd (commit) from 1efacf0269bc92ded0ba1d33724d217cbe03ebaf (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable - Log - commit 574719548feeef5180e4c8280ae024459df384dd Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Aug 27 10:45:43 2008 +0200 ldb: Fix permissions of group_mapping.ldb. This one fixes bug #5715 and CVE-2008-3789. (cherry picked from commit a94f44c49f668fcf12f4566777a668043326bf97) --- Summary of changes: source/groupdb/mapping_ldb.c |8 +++- 1 files changed, 7 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c index 6775f61..ce65d7c 100644 --- a/source/groupdb/mapping_ldb.c +++ b/source/groupdb/mapping_ldb.c @@ -74,7 +74,13 @@ static bool init_group_mapping(void) if (ret != LDB_SUCCESS) { goto failed; } - + + /* force the permissions on the ldb to 0600 - this will fix + existing databases as well as new ones */ + if (chmod(db_path, 0600) != 0) { + goto failed; + } + if (!existed) { /* initialise the ldb with an index */ struct ldb_ldif *ldif; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3841-g65b0ea5
The branch, v3-3-test has been updated via 65b0ea5e398b382b6a40c069ca81d399b059b045 (commit) from d25c0bcfa85e2c5bf20334fd715cc52526f9c8bf (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 65b0ea5e398b382b6a40c069ca81d399b059b045 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Aug 27 10:45:43 2008 +0200 ldb: Fix permissions of group_mapping.ldb. This one fixes bug #5715 and CVE-2008-3789. (cherry picked from commit a94f44c49f668fcf12f4566777a668043326bf97) --- Summary of changes: source/groupdb/mapping_ldb.c |8 +++- 1 files changed, 7 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c index 6775f61..ce65d7c 100644 --- a/source/groupdb/mapping_ldb.c +++ b/source/groupdb/mapping_ldb.c @@ -74,7 +74,13 @@ static bool init_group_mapping(void) if (ret != LDB_SUCCESS) { goto failed; } - + + /* force the permissions on the ldb to 0600 - this will fix + existing databases as well as new ones */ + if (chmod(db_path, 0600) != 0) { + goto failed; + } + if (!existed) { /* initialise the ldb with an index */ struct ldb_ldif *ldif; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-devel updated - release-3-2-0pre2-3836-g2eaf4ed
The branch, v3-devel has been updated via 2eaf4ed62220246bcc1a9702166b0b4f381fdae3 (commit) from a7bbd33139c5835cf32efdbe0ef187117699e3e4 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel - Log - commit 2eaf4ed62220246bcc1a9702166b0b4f381fdae3 Author: Andrew Tridgell [EMAIL PROTECTED] Date: Wed Aug 27 10:45:43 2008 +0200 ldb: Fix permissions of group_mapping.ldb. This one fixes bug #5715 and CVE-2008-3789. (cherry picked from commit a94f44c49f668fcf12f4566777a668043326bf97) --- Summary of changes: source/groupdb/mapping_ldb.c |8 +++- 1 files changed, 7 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c index 6775f61..ce65d7c 100644 --- a/source/groupdb/mapping_ldb.c +++ b/source/groupdb/mapping_ldb.c @@ -74,7 +74,13 @@ static bool init_group_mapping(void) if (ret != LDB_SUCCESS) { goto failed; } - + + /* force the permissions on the ldb to 0600 - this will fix + existing databases as well as new ones */ + if (chmod(db_path, 0600) != 0) { + goto failed; + } + if (!existed) { /* initialise the ldb with an index */ struct ldb_ldif *ldif; -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-stable updated - release-3-2-2-39-gb666d0a
The branch, v3-2-stable has been updated via b666d0a4b597218f5f5020bf36d80d84dcbf7259 (commit) from 86634dc0c89b8c0ddf61273d31cc7d8cdb443643 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-stable - Log - commit b666d0a4b597218f5f5020bf36d80d84dcbf7259 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 13:23:20 2008 +0200 ldb: Fix permissions of new ldg files. This one fixes together with 2eaf4ed62 bug #5715 and CVE-2008-3789. Thanks to Steve Langasek [EMAIL PROTECTED] for reporting! Karolin --- Summary of changes: source/lib/ldb/common/ldb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/ldb/common/ldb.c b/source/lib/ldb/common/ldb.c index e469c49..743711b 100644 --- a/source/lib/ldb/common/ldb.c +++ b/source/lib/ldb/common/ldb.c @@ -51,7 +51,7 @@ struct ldb_context *ldb_init(void *mem_ctx) } ldb_set_utf8_default(ldb); - ldb_set_create_perms(ldb, 0666); + ldb_set_create_perms(ldb, 0600); return ldb; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2962-g7459ec6
The branch, v3-2-test has been updated via 7459ec6434372d19599921dd66d2d3f07a06675e (commit) from d54f8baab77b903f980abe96db548198dcdf717a (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 7459ec6434372d19599921dd66d2d3f07a06675e Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 13:23:20 2008 +0200 ldb: Fix permissions of new ldg files. This one fixes together with 2eaf4ed62 bug #5715 and CVE-2008-3789. Thanks to Steve Langasek [EMAIL PROTECTED] for reporting! Karolin (cherry picked from commit b666d0a4b597218f5f5020bf36d80d84dcbf7259) --- Summary of changes: source/lib/ldb/common/ldb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/ldb/common/ldb.c b/source/lib/ldb/common/ldb.c index e469c49..743711b 100644 --- a/source/lib/ldb/common/ldb.c +++ b/source/lib/ldb/common/ldb.c @@ -51,7 +51,7 @@ struct ldb_context *ldb_init(void *mem_ctx) } ldb_set_utf8_default(ldb); - ldb_set_create_perms(ldb, 0666); + ldb_set_create_perms(ldb, 0600); return ldb; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-stable updated - release-3-3-0pre1-9-gfe72dff
The branch, v3-3-stable has been updated via fe72dff67e2ea71caa15564cb1f4e29c26edb90c (commit) from 574719548feeef5180e4c8280ae024459df384dd (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable - Log - commit fe72dff67e2ea71caa15564cb1f4e29c26edb90c Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 13:23:20 2008 +0200 ldb: Fix permissions of new ldg files. This one fixes together with 2eaf4ed62 bug #5715 and CVE-2008-3789. Thanks to Steve Langasek [EMAIL PROTECTED] for reporting! Karolin (cherry picked from commit b666d0a4b597218f5f5020bf36d80d84dcbf7259) --- Summary of changes: source/lib/ldb/common/ldb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/ldb/common/ldb.c b/source/lib/ldb/common/ldb.c index e469c49..743711b 100644 --- a/source/lib/ldb/common/ldb.c +++ b/source/lib/ldb/common/ldb.c @@ -51,7 +51,7 @@ struct ldb_context *ldb_init(void *mem_ctx) } ldb_set_utf8_default(ldb); - ldb_set_create_perms(ldb, 0666); + ldb_set_create_perms(ldb, 0600); return ldb; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3842-gf5a597d
The branch, v3-3-test has been updated via f5a597d3ca2257fa5614b0a9ca6cfb667b02d084 (commit) from 65b0ea5e398b382b6a40c069ca81d399b059b045 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit f5a597d3ca2257fa5614b0a9ca6cfb667b02d084 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 13:23:20 2008 +0200 ldb: Fix permissions of new ldg files. This one fixes together with 2eaf4ed62 bug #5715 and CVE-2008-3789. Thanks to Steve Langasek [EMAIL PROTECTED] for reporting! Karolin (cherry picked from commit b666d0a4b597218f5f5020bf36d80d84dcbf7259) --- Summary of changes: source/lib/ldb/common/ldb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/ldb/common/ldb.c b/source/lib/ldb/common/ldb.c index e469c49..743711b 100644 --- a/source/lib/ldb/common/ldb.c +++ b/source/lib/ldb/common/ldb.c @@ -51,7 +51,7 @@ struct ldb_context *ldb_init(void *mem_ctx) } ldb_set_utf8_default(ldb); - ldb_set_create_perms(ldb, 0666); + ldb_set_create_perms(ldb, 0600); return ldb; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-devel updated - release-3-2-0pre2-3837-g73f54df
The branch, v3-devel has been updated via 73f54df7fedc8f0db022f902100fd5eb1b629fb2 (commit) from 2eaf4ed62220246bcc1a9702166b0b4f381fdae3 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel - Log - commit 73f54df7fedc8f0db022f902100fd5eb1b629fb2 Author: Karolin Seeger [EMAIL PROTECTED] Date: Wed Aug 27 13:23:20 2008 +0200 ldb: Fix permissions of new ldg files. This one fixes together with 2eaf4ed62 bug #5715 and CVE-2008-3789. Thanks to Steve Langasek [EMAIL PROTECTED] for reporting! Karolin (cherry picked from commit b666d0a4b597218f5f5020bf36d80d84dcbf7259) --- Summary of changes: source/lib/ldb/common/ldb.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/ldb/common/ldb.c b/source/lib/ldb/common/ldb.c index e469c49..743711b 100644 --- a/source/lib/ldb/common/ldb.c +++ b/source/lib/ldb/common/ldb.c @@ -51,7 +51,7 @@ struct ldb_context *ldb_init(void *mem_ctx) } ldb_set_utf8_default(ldb); - ldb_set_create_perms(ldb, 0666); + ldb_set_create_perms(ldb, 0600); return ldb; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-423-gd878643
The branch, v4-0-test has been updated via d878643071a1477435a267e2944461d367cdfa79 (commit) via 9701149ef75f9771f42000e2b6f44963abfee938 (commit) via f0bde093d76fe9d17a0709cf01fa7b70f1985c6b (commit) via 32143287c7eb452c6ed9ccd15e8cd4e5a907b437 (commit) via f6e227b72bb56d12cb270d76f7f458136c4ca160 (commit) via 2a1adaa759d9201670519b3938109e13c0476a83 (commit) via b706708210a05d6f10474a3cd2bbc550704d4356 (commit) via ea58b650a81b48b0477edbcda1e4e26a3b2a9b9e (commit) via aba5fbe39c4b93ec75c66f93c46b1967091afa61 (commit) via a106a4ccc435d149072fb884caf95e5517cd4204 (commit) via 719941e929ddb6fea011fcc0c8c6b91c26e586af (commit) from 0c4227e45d6b8e31a0219358042318e9d2a0b36d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit d878643071a1477435a267e2944461d367cdfa79 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Aug 27 21:36:27 2008 +1000 Add a test to explore Netlogon PAC validation However, I have still not figured out this protocol yet, and the docs are rather unclear... :-( Andrew Bartlett commit 9701149ef75f9771f42000e2b6f44963abfee938 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Aug 27 16:24:05 2008 +1000 Put the internal gensec_gssapi state into a header. This will allow a torture suite to inspect some otherwise internal details. Andrew Bartlett commit f0bde093d76fe9d17a0709cf01fa7b70f1985c6b Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Aug 27 16:22:45 2008 +1000 Fix the build on Win32, and use NEGOTIATE security (to allow kerberos) commit 32143287c7eb452c6ed9ccd15e8cd4e5a907b437 Merge: f6e227b72bb56d12cb270d76f7f458136c4ca160 0c4227e45d6b8e31a0219358042318e9d2a0b36d Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Aug 27 11:01:55 2008 +1000 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify commit f6e227b72bb56d12cb270d76f7f458136c4ca160 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Aug 27 10:29:54 2008 +1000 Add definition for NT_STATUS_DOWNGRADE_DETECTED commit 2a1adaa759d9201670519b3938109e13c0476a83 Merge: b706708210a05d6f10474a3cd2bbc550704d4356 d7db5fe161429163a19d18c7e3045939897b9b2a Author: Andrew Bartlett [EMAIL PROTECTED] Date: Tue Aug 26 16:28:59 2008 +1000 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify commit b706708210a05d6f10474a3cd2bbc550704d4356 Merge: ea58b650a81b48b0477edbcda1e4e26a3b2a9b9e d94c7bbcd6eee6d975eac32a1d172f4164c97137 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Tue Aug 26 16:26:08 2008 +1000 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verify commit ea58b650a81b48b0477edbcda1e4e26a3b2a9b9e Author: Andrew Bartlett [EMAIL PROTECTED] Date: Tue Aug 12 17:46:01 2008 +1000 Add GenericInfo level for SamLogon calls from the WSPP IDL. Andrew Bartlett commit aba5fbe39c4b93ec75c66f93c46b1967091afa61 Merge: a106a4ccc435d149072fb884caf95e5517cd4204 b345c9cf535af35c83da040ac965d9690dc802fe Author: Andrew Bartlett [EMAIL PROTECTED] Date: Fri Aug 8 14:11:16 2008 +1000 Merge branch '4-0-abartlet' into pac-verify commit a106a4ccc435d149072fb884caf95e5517cd4204 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Fri Aug 8 14:05:16 2008 +1000 Always set a session key, even for the 'no password' case. This is for bug 5664 reported by Tom [EMAIL PROTECTED]. Andrew Bartlett commit 719941e929ddb6fea011fcc0c8c6b91c26e586af Author: Andrew Bartlett [EMAIL PROTECTED] Date: Fri Aug 8 14:04:08 2008 +1000 Clarify comment --- Summary of changes: source/auth/gensec/gensec_gssapi.c | 44 +- source/auth/gensec/gensec_gssapi.h | 68 source/libcli/util/nterr.c |1 + source/libcli/util/ntstatus.h|1 + source/librpc/idl/krb5pac.idl| 14 ++ source/librpc/idl/netlogon.idl | 63 ++-- source/rpc_server/netlogon/dcerpc_netlogon.c | 18 ++- source/samba4-skip |1 + source/torture/config.mk |2 +- source/torture/rpc/netlogon.c| 15 ++- source/torture/rpc/remote_pac.c | 220 ++ source/torture/rpc/rpc.c |1 + source/torture/rpc/testjoin.c|1 + testprogs/win32/rpcecho/rpcecho.idl |2 +- testprogs/win32/rpcecho/server.c |2 +- 15 files changed, 381 insertions(+), 72 deletions(-) create mode 100644 source/auth/gensec/gensec_gssapi.h create mode 100644 source/torture/rpc/remote_pac.c Changeset truncated at 500 lines: diff --git a/source/auth/gensec/gensec_gssapi.c
[SCM] Samba Shared Repository - branch v4-0-test updated - release-4-0-0alpha5-424-g0343987
The branch, v4-0-test has been updated via 0343987cf18c1287d98ae542d397ab1fab0a04b7 (commit) from d878643071a1477435a267e2944461d367cdfa79 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log - commit 0343987cf18c1287d98ae542d397ab1fab0a04b7 Author: Andrew Bartlett [EMAIL PROTECTED] Date: Wed Aug 27 22:26:25 2008 +1000 Add missing file - netlogon.h This file allows the remote_pac.c code to call into netlogon.c's setup credentials code. Andrew Bartlett --- Summary of changes: source/torture/rpc/netlogon.h |6 ++ 1 files changed, 6 insertions(+), 0 deletions(-) create mode 100644 source/torture/rpc/netlogon.h Changeset truncated at 500 lines: diff --git a/source/torture/rpc/netlogon.h b/source/torture/rpc/netlogon.h new file mode 100644 index 000..92d366b --- /dev/null +++ b/source/torture/rpc/netlogon.h @@ -0,0 +1,6 @@ + +bool test_SetupCredentials2(struct dcerpc_pipe *p, struct torture_context *tctx, + uint32_t negotiate_flags, + struct cli_credentials *machine_credentials, + int sec_chan_type, + struct creds_CredentialState **creds_out); -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag release-3-2-3 created - release-3-2-3
The annotated tag, release-3-2-3 has been created at 33e4007cca51f8a8fd8a5c9f06710b6ba69acce2 (tag) tagging b666d0a4b597218f5f5020bf36d80d84dcbf7259 (commit) replaces release-3-2-2 tagged by Karolin Seeger on Wed Aug 27 15:21:42 2008 +0200 - Log - tag release-3-2-3 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQBItVTubzORW2Vot+oRAhs3AKCf+sDlj91ddb/S0pr+g2xI1C3RGQCfSz9p +jsz2vctgakZsQ+XUsbFask= =5dSh -END PGP SIGNATURE- Andrew Tridgell (1): ldb: Fix permissions of group_mapping.ldb. Gerald (Jerry) Carter (2): nss_winbind: When returning NSS_UNAVAIL, squash errno to ENOENT winbindd: Fix crash in cm_connect_sam() Günther Deschner (5): fix another build warning. fix build warning. IDL: fix IDL for netr_ServerPasswordSet2(). re-run make idl. Fix Bug #5710 and make machine account password changing work again. Jeff Layton (2): cifs.upcall: handle MSKRB5 OID properly cifs.upcall: fix build warning Jeremy Allison (3): Fix bug 5697 nmbd spins in reload_interfaces when only loopback has an IPv4 address Fix bug 5698 - mixup of TALLOC/malloc. Spotted by Douglas Wegscheid [EMAIL PROTECTED]. Don't re-initialize a token when we already have one. This fixes the build farm failures when winbindd connects as guest. Karolin Seeger (21): VERSION: Raise version number up to 3.2.3. WHATSNEW: Start WHATSNEW for 3.2.3. Revert Don't re-initialize a token when we already have one. This fixes the build farm failures when winbindd connects as guest. Revert winbindd: Fix crash in cm_connect_sam() Revert cifs.upcall: fix build warning Revert Fix Bug #5710 and make machine account password changing work again. Revert re-run make idl. Revert IDL: fix IDL for netr_ServerPasswordSet2(). Revert Fix bug 5698 - mixup of TALLOC/malloc. Spotted by Douglas Wegscheid [EMAIL PROTECTED]. Revert build: fix bug #5590 by not linking in the static libs but the objects. Revert build: fall down to the same place when using an internal lib statically. Revert build: rename LIBNETAPI_OBJ1 to LIBNETAPI_OBJ0 for consistency. Revert fix build warning. Revert fix another build warning. Revert nss_winbind: When returning NSS_UNAVAIL, squash errno to ENOENT Revert smbd: fix the handling of create_options to pass RAW-OPEN Revert cifs.upcall: handle MSKRB5 OID properly Revert Fix bug 5697 nmbd spins in reload_interfaces when only loopback has an IPv4 address Revert build: fix linking cifs.upcall when nscd_flush_cache() is found. WHATSNEW: Add updates for 3.2.3. ldb: Fix permissions of new ldg files. Michael Adam (4): build: fix linking cifs.upcall when nscd_flush_cache() is found. build: rename LIBNETAPI_OBJ1 to LIBNETAPI_OBJ0 for consistency. build: fall down to the same place when using an internal lib statically. build: fix bug #5590 by not linking in the static libs but the objects. Stefan Metzmacher (1): smbd: fix the handling of create_options to pass RAW-OPEN --- -- Samba Shared Repository
svn commit: samba-web r1226 - in trunk: . history security
Author: kseeger Date: 2008-08-27 15:05:52 + (Wed, 27 Aug 2008) New Revision: 1226 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1226 Log: -Announce Samba 3.2.3 -Fix link to 3.0.32 Karolin Added: trunk/history/samba-3.2.3.html trunk/security/CVE-2008-3789.html Modified: trunk/header_columns.html trunk/history/security.html trunk/index.html Changeset: Modified: trunk/header_columns.html === --- trunk/header_columns.html 2008-08-27 09:02:05 UTC (rev 1225) +++ trunk/header_columns.html 2008-08-27 15:05:52 UTC (rev 1226) @@ -130,14 +130,14 @@ div class=releases h4Current Stable Release/h4 ul -lia href=/samba/ftp/stable/samba-3.2.2.tar.gzSamba 3.2.2 (gzipped)/a/li -lia href=/samba/history/samba-3.2.2.htmlRelease Notes/a/li -lia href=/samba/ftp/stable/samba-3.2.2.tar.ascSignature/a/li +lia href=/samba/ftp/stable/samba-3.2.3.tar.gzSamba 3.2.3 (gzipped)/a/li +lia href=/samba/history/samba-3.2.3.htmlRelease Notes/a/li +lia href=/samba/ftp/stable/samba-3.2.3.tar.ascSignature/a/li /ul h4Historical/h4 ul -lia href=/samba/ftp/stable/samba-3.0.31.tar.gzSamba 3.0.32 (gzipped)/a/li +lia href=/samba/ftp/stable/samba-3.0.32.tar.gzSamba 3.0.32 (gzipped)/a/li lia href=/samba/history/samba-3.0.32.htmlRelease Notes/a/li lia href=/samba/ftp/stable/samba-3.0.32.tar.ascSignature/a/li /ul Added: trunk/history/samba-3.2.3.html === --- trunk/history/samba-3.2.3.html 2008-08-27 09:02:05 UTC (rev 1225) +++ trunk/history/samba-3.2.3.html 2008-08-27 15:05:52 UTC (rev 1226) @@ -0,0 +1,48 @@ +!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; +html xmlns=http://www.w3.org/1999/xhtml; + +head +titleSamba - Release Notes Archive/title +/head + +body + + H2Samba 3.2.3 Available for Download/H2 + +p +pre + == + Release Notes for Samba 3.2.3 + August, 27 2008 + == + +This is a security release in order to address CVE-2008-3789 (Wrong +permissions of group_mapping.ldb). + + o CVE-2008-3789 + The file group_mapping.ldb is created with + the permissions 0666. That means everyone + is able to edit this file and might map any + SID to root. + +The original security announcement for this and past advisories can +be found http://www.samba.org/samba/security/ + + +## +Changes +### + +Changes since 3.2.2 +--- + +o Andrew Tridgell [EMAIL PROTECTED] +* Fix for CVE-2008-3789. + +/pre +pPlease refer to the original a href=/samba/history/samba-3.2.2.htmlSamba +3.2.2 Release Notes/a for more details regarding changes in +previous releases./p +/body +/html Property changes on: trunk/history/samba-3.2.3.html ___ Name: svn:executable + * Modified: trunk/history/security.html === --- trunk/history/security.html 2008-08-27 09:02:05 UTC (rev 1225) +++ trunk/history/security.html 2008-08-27 15:05:52 UTC (rev 1226) @@ -21,6 +21,14 @@ tdemDetails/em/td /tr +tr +td27 August 2008/td +tda href=/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patchpatch 1 for Samba 3.2.2/aa href=/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patchpatch 2 for Samba 3.2.2/a/td +tdWrong permissions of group_mapping.ldb/td +tdSamba 3.2.0 - 3.2.2/td +tda href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789;CVE-2008-3789/a/td +tda href=/samba/security/CVE-2008-3789.htmlAnnouncement/a/td +/tr tr td29 May 2008/td Modified: trunk/index.html === --- trunk/index.html2008-08-27 09:02:05 UTC (rev 1225) +++ trunk/index.html2008-08-27 15:05:52 UTC (rev 1226) @@ -19,6 +19,24 @@ h2Current Release/h2 + +h4a name=latest27 August 2008/a/h4 +p class=headlineSamba 3.2.3 Available for Download/p + +pThis is a security release to address CVE-2008-3789. The +a href=/samba/security/CVE-2008-3789.htmloriginal advisory/a +is available online. Patches a href=/samba/ftp/patches/security/samba-3.2.2- +CVE-2008-3789-1.patchpatch 1 for Samba 3.2.2/a and +a href=/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patch +patch 2 for Samba 3.2.2/a are available. This security +advisory is applicable to all Samba 3.2.x releases to date. Past security +advisories are available on our a href=/samba/security/security page/a./p + +pThe uncompressed
svn commit: samba-web r1227 - in trunk/history: .
Author: kseeger Date: 2008-08-27 15:12:10 + (Wed, 27 Aug 2008) New Revision: 1227 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1227 Log: Add 3.2.3 to history also Karolin Modified: trunk/history/header_history.html Changeset: Modified: trunk/history/header_history.html === --- trunk/history/header_history.html 2008-08-27 15:05:52 UTC (rev 1226) +++ trunk/history/header_history.html 2008-08-27 15:12:10 UTC (rev 1227) @@ -77,6 +77,7 @@ div class=notes h6Release Notes/h6 ul +lia href=samba-3.2.3.htmlsamba-3.2.3/a/li lia href=samba-3.2.2.htmlsamba-3.2.2/a/li lia href=samba-3.2.1.htmlsamba-3.2.1/a/li lia href=samba-3.2.0.htmlsamba-3.2.0/a/li
svn commit: samba-web r1228 - in trunk/history: .
Author: kseeger Date: 2008-08-27 15:31:13 + (Wed, 27 Aug 2008) New Revision: 1228 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1228 Log: Add missing whitespace Karolin Modified: trunk/history/security.html Changeset: Modified: trunk/history/security.html === --- trunk/history/security.html 2008-08-27 15:12:10 UTC (rev 1227) +++ trunk/history/security.html 2008-08-27 15:31:13 UTC (rev 1228) @@ -23,7 +23,10 @@ tr td27 August 2008/td -tda href=/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patchpatch 1 for Samba 3.2.2/aa href=/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patchpatch 2 for Samba 3.2.2/a/td +tda href=/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patch + patch 1 for Samba 3.2.2/a + a href=/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patch + patch 2 for Samba 3.2.2/a/td tdWrong permissions of group_mapping.ldb/td tdSamba 3.2.0 - 3.2.2/td tda href=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3789;CVE-2008-3789/a/td
svn commit: samba-web r1229 - in trunk: .
Author: kseeger Date: 2008-08-27 18:12:41 + (Wed, 27 Aug 2008) New Revision: 1229 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1229 Log: Fix link. Karolin Modified: trunk/index.html Changeset: Modified: trunk/index.html === --- trunk/index.html2008-08-27 15:31:13 UTC (rev 1228) +++ trunk/index.html2008-08-27 18:12:41 UTC (rev 1229) @@ -25,8 +25,9 @@ pThis is a security release to address CVE-2008-3789. The a href=/samba/security/CVE-2008-3789.htmloriginal advisory/a -is available online. Patches a href=/samba/ftp/patches/security/samba-3.2.2- -CVE-2008-3789-1.patchpatch 1 for Samba 3.2.2/a and +is available online. Patches +a href=/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-1.patch +patch 1 for Samba 3.2.2/a and a href=/samba/ftp/patches/security/samba-3.2.2-CVE-2008-3789-2.patch patch 2 for Samba 3.2.2/a are available. This security advisory is applicable to all Samba 3.2.x releases to date. Past security
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2963-g9f1bb27
The branch, v3-2-test has been updated via 9f1bb27bf566069dab48eea125c22a5e20849774 (commit) from 7459ec6434372d19599921dd66d2d3f07a06675e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 9f1bb27bf566069dab48eea125c22a5e20849774 Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Aug 27 11:30:02 2008 -0700 Be explicit about setting perms for the ldb. Helps others who may use this api. Jeremy. --- Summary of changes: source/groupdb/mapping_ldb.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c index ce65d7c..7ce879f 100644 --- a/source/groupdb/mapping_ldb.c +++ b/source/groupdb/mapping_ldb.c @@ -60,6 +60,9 @@ static bool init_group_mapping(void) ldb = ldb_init(NULL); if (ldb == NULL) goto failed; + /* Ensure this db is created read/write for root only. */ + ldb_set_create_perms(ldb, 0600); + existed = file_exist(db_path, NULL); if (lp_parm_bool(-1, groupmap, nosync, False)) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-devel updated - release-3-2-0pre2-3838-gf0ea0f3
The branch, v3-devel has been updated via f0ea0f3502037db878238942ee0729f6940e0b01 (commit) from 73f54df7fedc8f0db022f902100fd5eb1b629fb2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel - Log - commit f0ea0f3502037db878238942ee0729f6940e0b01 Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Aug 27 11:28:18 2008 -0700 Be explicit about setting perms for the ldb. Helps others who may use this api. Jeremy. --- Summary of changes: source/groupdb/mapping_ldb.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c index ce65d7c..7ce879f 100644 --- a/source/groupdb/mapping_ldb.c +++ b/source/groupdb/mapping_ldb.c @@ -60,6 +60,9 @@ static bool init_group_mapping(void) ldb = ldb_init(NULL); if (ldb == NULL) goto failed; + /* Ensure this db is created read/write for root only. */ + ldb_set_create_perms(ldb, 0600); + existed = file_exist(db_path, NULL); if (lp_parm_bool(-1, groupmap, nosync, False)) { -- Samba Shared Repository
svn commit: samba-web r1230 - in trunk: . history
Author: kseeger Date: 2008-08-27 18:37:16 + (Wed, 27 Aug 2008) New Revision: 1230 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1230 Log: Move 2 releases to history Karolin Modified: trunk/history/index.html trunk/index.html Changeset: Modified: trunk/history/index.html === --- trunk/history/index.html2008-08-27 18:12:41 UTC (rev 1229) +++ trunk/history/index.html2008-08-27 18:37:16 UTC (rev 1230) @@ -22,15 +22,35 @@ pThis is the latest bug fix release for Samba 3.2 and is the version recommended for all production Samba servers running -this release series. The uncompressed tarballs and patch files have been -signed using GnuPG (ID 6568B7EA). The source code can be -a href=/samba/ftp/stable/samba-3.2.1.tar.gzdownloaded now/a. -A a href=/samba/ftp/patches/patch-3.2.0-3.2.1.diffs.gzpatch -against Samba 3.2.0/a is also available. -See a href=/samba/history/samba-3.2.1.htmlthe release -notes for more info/a./p +this release series. The uncompressed tarballs and patch files have been signed +using GnuPG (ID 6568B7EA). The source code can be +a href=/samba/ftp/stable/samba-3.2.1.tar.gzdownloaded +now/a. A a href=/samba/ftp/patches/patch-3.2.0-3.2.1.diffs.gzpatch against Samba 3.2.0/a +is also available. See a href=/samba/history/samba-3.2.1.htmlthe +release notes for more info/a./p +h45 June 2008/h4 +p class=headlineSamba 4.0.0alpha4 Available for Download/p +pSamba 4 is the ambitious next version of the Samba suite that is being +developed in parallel to the stable 3.0 series. The main emphasis in +this branch is support for the Active Directory logon protocols used +by Windows 2000 and above./p + +pSamba 4 is currently bnot/b yet in a state where it is usable in +production environments. Note the WARNINGS below, and the STATUS file, +which aims to document what should and should not work./p + +pSamba4 alpha4 follows on from our second alpha release (made in +December), the first alpha release (made in September), and the +Technology Preview series we have offered for some time now./p + +pThe uncompressed tarball and patch files have been signed +using Andrew Bartlett's GnuPG key (ID 28B436BB). The source code can be +a href=/samba/ftp/samba4/samba-4.0.0alpha4.tar.gzdownloaded +now/a. See the release notes in the source for more information./p + + h41 July 2008/h4 p class=headlineSamba 3.2.0 Available for Download/p Modified: trunk/index.html === --- trunk/index.html2008-08-27 18:12:41 UTC (rev 1229) +++ trunk/index.html2008-08-27 18:37:16 UTC (rev 1230) @@ -93,39 +93,6 @@ release notes for more info/a./p -h405 August 2008/h4 -p class=headlineSamba 3.2.1 Available for Download/p - -pThis is the latest bug fix release for Samba 3.2 and is the -version recommended for all production Samba servers running -this release series. The uncompressed tarballs and patch files have been signed -using GnuPG (ID 6568B7EA). The source code can be -a href=/samba/ftp/stable/samba-3.2.1.tar.gzdownloaded -now/a. A a href=/samba/ftp/patches/patch-3.2.0-3.2.1.diffs.gzpatch against Samba 3.2.0/a -is also available. See a href=/samba/history/samba-3.2.1.htmlthe -release notes for more info/a./p - -h45 June 2008/h4 -p class=headlineSamba 4.0.0alpha4 Available for Download/p - -pSamba 4 is the ambitious next version of the Samba suite that is being -developed in parallel to the stable 3.0 series. The main emphasis in -this branch is support for the Active Directory logon protocols used -by Windows 2000 and above./p - -pSamba 4 is currently bnot/b yet in a state where it is usable in -production environments. Note the WARNINGS below, and the STATUS file, -which aims to document what should and should not work./p - -pSamba4 alpha4 follows on from our second alpha release (made in -December), the first alpha release (made in September), and the -Technology Preview series we have offered for some time now./p - -pThe uncompressed tarball and patch files have been signed -using Andrew Bartlett's GnuPG key (ID 28B436BB). The source code can be -a href=/samba/ftp/samba4/samba-4.0.0alpha4.tar.gzdownloaded -now/a. See the release notes in the source for more information./p - div class=request phttp://samba.org/ is automatically redirected to one of our US mirrors. To change to a mirror closer to your location, choose a
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3844-g5cbad46
The branch, v3-3-test has been updated via 5cbad4679451648312dc313e588e33cd1d4ef9b2 (commit) via 97e9a11075f27d0b38e4963c2ad8f917e17f7f86 (commit) from f5a597d3ca2257fa5614b0a9ca6cfb667b02d084 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 5cbad4679451648312dc313e588e33cd1d4ef9b2 Merge: 97e9a11075f27d0b38e4963c2ad8f917e17f7f86 f5a597d3ca2257fa5614b0a9ca6cfb667b02d084 Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Aug 27 11:38:09 2008 -0700 Merge branch 'v3-3-test' of ssh://[EMAIL PROTECTED]/data/git/samba into v3-3-test commit 97e9a11075f27d0b38e4963c2ad8f917e17f7f86 Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Aug 27 11:29:44 2008 -0700 Be explicit about setting perms for the ldb. Helps others who may use this api. Jeremy. --- Summary of changes: source/groupdb/mapping_ldb.c |3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Changeset truncated at 500 lines: diff --git a/source/groupdb/mapping_ldb.c b/source/groupdb/mapping_ldb.c index ce65d7c..7ce879f 100644 --- a/source/groupdb/mapping_ldb.c +++ b/source/groupdb/mapping_ldb.c @@ -60,6 +60,9 @@ static bool init_group_mapping(void) ldb = ldb_init(NULL); if (ldb == NULL) goto failed; + /* Ensure this db is created read/write for root only. */ + ldb_set_create_perms(ldb, 0600); + existed = file_exist(db_path, NULL); if (lp_parm_bool(-1, groupmap, nosync, False)) { -- Samba Shared Repository
svn commit: samba-web r1231 - in trunk/history: .
Author: kseeger Date: 2008-08-27 18:59:58 + (Wed, 27 Aug 2008) New Revision: 1231 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-webrev=1231 Log: Fix latest release Karolin Modified: trunk/history/index.html Changeset: Modified: trunk/history/index.html === --- trunk/history/index.html2008-08-27 18:37:16 UTC (rev 1230) +++ trunk/history/index.html2008-08-27 18:59:58 UTC (rev 1231) @@ -6,8 +6,8 @@ div class=latest ul - liLatest Release mdash; a href=/samba/#latestSamba 3.2.2/a/li - liCurrent Stable Release mdash; a href=/samba/#latestSamba 3.2.2/a/li + liLatest Release mdash; a href=/samba/#latestSamba 3.2.3/a/li + liCurrent Stable Release mdash; a href=/samba/#latestSamba 3.2.3/a/li !-- Second link will point to #stable on this page when current release is a development release -- /ul /div
[SCM] Samba Shared Repository - branch v3-devel updated - release-3-2-0pre2-3839-g3b5ad91
The branch, v3-devel has been updated via 3b5ad9190d2ad6d2ca0a569194bdff9003bda13b (commit) from f0ea0f3502037db878238942ee0729f6940e0b01 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel - Log - commit 3b5ad9190d2ad6d2ca0a569194bdff9003bda13b Author: Steve French [EMAIL PROTECTED](none) Date: Wed Aug 27 17:00:00 2008 -0500 mount.cifs: unclear error message with credentials Thanks to Christophe Curis for the suggestion --- Summary of changes: source/client/mount.cifs.c |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c index dd878aa..9d2b449 100644 --- a/source/client/mount.cifs.c +++ b/source/client/mount.cifs.c @@ -196,7 +196,7 @@ static int open_cred_file(char * file_name) line_buf = (char *)malloc(4096); if(line_buf == NULL) { fclose(fs); - return -ENOMEM; + return ENOMEM; } while(fgets(line_buf,4096,fs)) { @@ -537,7 +537,8 @@ static int parse_options(char ** optionsp, int * filesys_flags) if (value *value) { rc = open_cred_file(value); if(rc) { - printf(error %d opening credential file %s\n,rc, value); + printf(error %d (%s) opening credential file %s\n, + rc, strerror(rc), value); return 1; } } else { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-devel updated - release-3-2-0pre2-3840-g4c3a955
The branch, v3-devel has been updated via 4c3a9558906f213948c3bdc081be73f8fed148cb (commit) from 3b5ad9190d2ad6d2ca0a569194bdff9003bda13b (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel - Log - commit 4c3a9558906f213948c3bdc081be73f8fed148cb Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Aug 27 15:06:14 2008 -0700 Add st_birthtime and friends for accurate create times on systems that support it (*BSD and MacOSX). Should have done this ages ago, sorry. Jeremy. --- Summary of changes: source/configure.in| 90 source/include/proto.h |1 - source/lib/time.c | 40 - source/smbd/reply.c|7 ++-- 4 files changed, 124 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source/configure.in b/source/configure.in index 9436fed..bc5a827 100644 --- a/source/configure.in +++ b/source/configure.in @@ -1354,6 +1354,96 @@ if test x$samba_cv_stat_hires_notimespec = xyes ; then [whether struct stat has sub-second timestamps without struct timespec]) fi +AC_CACHE_CHECK([whether struct stat has st_birthtimespec], samba_cv_stat_st_birthtimespec, +[ + AC_TRY_COMPILE( + [ +#if TIME_WITH_SYS_TIME +# include sys/time.h +# include time.h +#else +# if HAVE_SYS_TIME_H +# include sys/time.h +# else +# include time.h +# endif +#endif +#ifdef HAVE_SYS_STAT_H +#include sys/stat.h +#endif + ], + [ + struct timespec t; + struct stat s = {0}; + t = s.st_birthtimespec; + ], + samba_cv_stat_st_birthtimespec=yes, samba_cv_stat_birthtimespec=no) +]) + +if test x$samba_cv_stat_st_birthtimespec = xyes ; then +AC_DEFINE(HAVE_STAT_ST_BIRTHTIMESPEC, 1, [whether struct stat contains st_birthtimespec]) +fi + +AC_CACHE_CHECK([whether struct stat has st_birthtimensec], samba_cv_stat_st_birthtimensec, +[ + AC_TRY_COMPILE( + [ +#if TIME_WITH_SYS_TIME +# include sys/time.h +# include time.h +#else +# if HAVE_SYS_TIME_H +# include sys/time.h +# else +# include time.h +# endif +#endif +#ifdef HAVE_SYS_STAT_H +#include sys/stat.h +#endif + ], + [ + struct timespec t; + struct stat s = {0}; + t.tv_nsec = s.st_birthtimensec; + ], + samba_cv_stat_st_birthtimensec=yes, samba_cv_stat_birthtimensec=no) +]) + +if test x$samba_cv_stat_st_birthtimensec = xyes ; then +AC_DEFINE(HAVE_STAT_ST_BIRTHTIMENSEC, 1, [whether struct stat contains st_birthtimensec]) +fi + +AC_CACHE_CHECK([whether struct stat has st_birthtime], samba_cv_stat_st_birthtime, +[ + AC_TRY_COMPILE( + [ +#if TIME_WITH_SYS_TIME +# include sys/time.h +# include time.h +#else +# if HAVE_SYS_TIME_H +# include sys/time.h +# else +# include time.h +# endif +#endif +#ifdef HAVE_SYS_STAT_H +#include sys/stat.h +#endif + ], + [ + struct time_t t; + struct stat s = {0}; + t = s.st_birthtime; + ], + samba_cv_stat_st_birthtime=yes, samba_cv_stat_birthtime=no) +]) + +if test x$samba_cv_stat_st_birthtime = xyes ; then +AC_DEFINE(HAVE_STAT_ST_BIRTHTIME, 1, [whether struct stat contains st_birthtime]) +fi + # # needed for SRV lookups AC_CHECK_LIB(resolv, dn_expand) diff --git a/source/include/proto.h b/source/include/proto.h index d3a8dbb..2145a89 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -1185,7 +1185,6 @@ void srv_put_dos_date2(char *buf,int offset, time_t unixdate); void srv_put_dos_date3(char *buf,int offset,time_t unixdate); void put_long_date_timespec(char *p, struct timespec ts); void put_long_date(char *p, time_t t); -time_t get_create_time(const SMB_STRUCT_STAT *st,bool fake_dirs); struct timespec get_create_timespec(const SMB_STRUCT_STAT *st,bool fake_dirs); struct timespec get_atimespec(const SMB_STRUCT_STAT *pst); void set_atimespec(SMB_STRUCT_STAT *pst, struct timespec ts); diff --git a/source/lib/time.c b/source/lib/time.c index 9db88b3..3cf0cb4 100644 --- a/source/lib/time.c +++ b/source/lib/time.c @@ -826,14 +826,10 @@ void put_long_date(char *p, time_t t) structure. / -time_t get_create_time(const SMB_STRUCT_STAT *st,bool fake_dirs) +static time_t calc_create_time(const SMB_STRUCT_STAT *st) { time_t ret, ret1; - if(S_ISDIR(st-st_mode) fake_dirs) { - return (time_t)315493200L; /* 1/1/1980 */ - } - ret = MIN(st-st_ctime, st-st_mtime); ret1 = MIN(ret, st-st_atime); @@ -848,12 +844,36 @@ time_t get_create_time(const
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3845-gea11816
The branch, v3-3-test has been updated via ea11816faa38cd2ecdd7384b2fb0f651b3081cd5 (commit) from 5cbad4679451648312dc313e588e33cd1d4ef9b2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit ea11816faa38cd2ecdd7384b2fb0f651b3081cd5 Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Aug 27 15:05:31 2008 -0700 Add st_birthtime and friends for accurate create times on systems that support it (*BSD and MacOSX). Should have done this ages ago, sorry. Jeremy. --- Summary of changes: source/configure.in| 90 source/include/proto.h |1 - source/lib/time.c | 40 - source/smbd/reply.c|7 ++-- 4 files changed, 124 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source/configure.in b/source/configure.in index 9436fed..bc5a827 100644 --- a/source/configure.in +++ b/source/configure.in @@ -1354,6 +1354,96 @@ if test x$samba_cv_stat_hires_notimespec = xyes ; then [whether struct stat has sub-second timestamps without struct timespec]) fi +AC_CACHE_CHECK([whether struct stat has st_birthtimespec], samba_cv_stat_st_birthtimespec, +[ + AC_TRY_COMPILE( + [ +#if TIME_WITH_SYS_TIME +# include sys/time.h +# include time.h +#else +# if HAVE_SYS_TIME_H +# include sys/time.h +# else +# include time.h +# endif +#endif +#ifdef HAVE_SYS_STAT_H +#include sys/stat.h +#endif + ], + [ + struct timespec t; + struct stat s = {0}; + t = s.st_birthtimespec; + ], + samba_cv_stat_st_birthtimespec=yes, samba_cv_stat_birthtimespec=no) +]) + +if test x$samba_cv_stat_st_birthtimespec = xyes ; then +AC_DEFINE(HAVE_STAT_ST_BIRTHTIMESPEC, 1, [whether struct stat contains st_birthtimespec]) +fi + +AC_CACHE_CHECK([whether struct stat has st_birthtimensec], samba_cv_stat_st_birthtimensec, +[ + AC_TRY_COMPILE( + [ +#if TIME_WITH_SYS_TIME +# include sys/time.h +# include time.h +#else +# if HAVE_SYS_TIME_H +# include sys/time.h +# else +# include time.h +# endif +#endif +#ifdef HAVE_SYS_STAT_H +#include sys/stat.h +#endif + ], + [ + struct timespec t; + struct stat s = {0}; + t.tv_nsec = s.st_birthtimensec; + ], + samba_cv_stat_st_birthtimensec=yes, samba_cv_stat_birthtimensec=no) +]) + +if test x$samba_cv_stat_st_birthtimensec = xyes ; then +AC_DEFINE(HAVE_STAT_ST_BIRTHTIMENSEC, 1, [whether struct stat contains st_birthtimensec]) +fi + +AC_CACHE_CHECK([whether struct stat has st_birthtime], samba_cv_stat_st_birthtime, +[ + AC_TRY_COMPILE( + [ +#if TIME_WITH_SYS_TIME +# include sys/time.h +# include time.h +#else +# if HAVE_SYS_TIME_H +# include sys/time.h +# else +# include time.h +# endif +#endif +#ifdef HAVE_SYS_STAT_H +#include sys/stat.h +#endif + ], + [ + struct time_t t; + struct stat s = {0}; + t = s.st_birthtime; + ], + samba_cv_stat_st_birthtime=yes, samba_cv_stat_birthtime=no) +]) + +if test x$samba_cv_stat_st_birthtime = xyes ; then +AC_DEFINE(HAVE_STAT_ST_BIRTHTIME, 1, [whether struct stat contains st_birthtime]) +fi + # # needed for SRV lookups AC_CHECK_LIB(resolv, dn_expand) diff --git a/source/include/proto.h b/source/include/proto.h index d3a8dbb..2145a89 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -1185,7 +1185,6 @@ void srv_put_dos_date2(char *buf,int offset, time_t unixdate); void srv_put_dos_date3(char *buf,int offset,time_t unixdate); void put_long_date_timespec(char *p, struct timespec ts); void put_long_date(char *p, time_t t); -time_t get_create_time(const SMB_STRUCT_STAT *st,bool fake_dirs); struct timespec get_create_timespec(const SMB_STRUCT_STAT *st,bool fake_dirs); struct timespec get_atimespec(const SMB_STRUCT_STAT *pst); void set_atimespec(SMB_STRUCT_STAT *pst, struct timespec ts); diff --git a/source/lib/time.c b/source/lib/time.c index 9db88b3..3cf0cb4 100644 --- a/source/lib/time.c +++ b/source/lib/time.c @@ -826,14 +826,10 @@ void put_long_date(char *p, time_t t) structure. / -time_t get_create_time(const SMB_STRUCT_STAT *st,bool fake_dirs) +static time_t calc_create_time(const SMB_STRUCT_STAT *st) { time_t ret, ret1; - if(S_ISDIR(st-st_mode) fake_dirs) { - return (time_t)315493200L; /* 1/1/1980 */ - } - ret = MIN(st-st_ctime, st-st_mtime); ret1 = MIN(ret, st-st_atime); @@ -848,12 +844,36 @@ time_t get_create_time(const
Build status as of Thu Aug 28 00:00:05 2008
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2008-08-27 00:00:54.0 + +++ /home/build/master/cache/broken_results.txt 2008-08-28 00:01:06.0 + @@ -1,4 +1,4 @@ -Build status as of Wed Aug 27 00:00:03 2008 +Build status as of Thu Aug 28 00:00:05 2008 Build counts: Tree Total Broken Panic @@ -14,9 +14,9 @@ rsync30 9 0 samba-docs 0 0 0 samba-gtk6 6 0 -samba_3_X_devel 25 16 0 -samba_3_X_test 26 14 0 -samba_4_0_test 28 23 1 +samba_3_X_devel 25 13 0 +samba_3_X_test 26 13 0 +samba_4_0_test 28 22 1 smb-build28 4 0 talloc 30 4 0 tdb 30 11 0
[SCM] Samba Shared Repository - branch v3-2-test updated - release-3-2-0pre2-2965-g0a0795f
The branch, v3-2-test has been updated via 0a0795fd0310cc44dac0df312325df6d08e38cdb (commit) via 85dd9c64ca2ffa31d02ee10a3745fd596e80786e (commit) from 9f1bb27bf566069dab48eea125c22a5e20849774 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log - commit 0a0795fd0310cc44dac0df312325df6d08e38cdb Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Aug 27 17:26:59 2008 -0700 Fix the wcache_invalidate_samlogon calls. Jeremy. commit 85dd9c64ca2ffa31d02ee10a3745fd596e80786e Author: Ephi Dror [EMAIL PROTECTED] Date: Wed Aug 27 17:26:36 2008 -0700 Correct the netsamlogon_clear_cached_user function. --- Summary of changes: source/libsmb/samlogon_cache.c | 54 - source/winbindd/winbindd_cache.c | 23 +++- source/winbindd/winbindd_pam.c |4 +- 3 files changed, 42 insertions(+), 39 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/samlogon_cache.c b/source/libsmb/samlogon_cache.c index 2d2588f..4abe5bb 100644 --- a/source/libsmb/samlogon_cache.c +++ b/source/libsmb/samlogon_cache.c @@ -59,48 +59,30 @@ bool netsamlogon_cache_shutdown(void) Clear cache getpwnam and getgroups entries from the winbindd cache ***/ -void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3) +void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3) { - bool got_tdb = false; - DOM_SID sid; - fstring key_str, sid_string; - - /* We may need to call this function from smbd which will not have - winbindd_cache.tdb open. Open the tdb if a NULL is passed. */ - - if (!tdb) { - tdb = tdb_open_log(lock_path(winbindd_cache.tdb), - WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_DEFAULT, O_RDWR, 0600); - if (!tdb) { - DEBUG(5, (netsamlogon_clear_cached_user: failed to open cache\n)); - return; - } - got_tdb = true; - } - - sid_copy(sid, info3-base.domain_sid); - sid_append_rid(sid, info3-base.rid); - - /* Clear U/SID cache entry */ - - fstr_sprintf(key_str, U/%s, sid_to_fstring(sid_string, sid)); - - DEBUG(10, (netsamlogon_clear_cached_user: clearing %s\n, key_str)); - - tdb_delete(tdb, string_tdb_data(key_str)); + DOM_SID user_sid; + fstring keystr, tmp; - /* Clear UG/SID cache entry */ + if (!info3) { + return; + } - fstr_sprintf(key_str, UG/%s, sid_to_fstring(sid_string, sid)); + if (!netsamlogon_cache_init()) { + DEBUG(0,(netsamlogon_clear_cached_user: cannot open + %s for write!\n, + NETSAMLOGON_TDB)); + return; + } + sid_copy(user_sid, info3-base.domain_sid); + sid_append_rid(user_sid, info3-base.rid); - DEBUG(10, (netsamlogon_clear_cached_user: clearing %s\n, key_str)); + /* Prepare key as DOMAIN-SID/USER-RID string */ + slprintf(keystr, sizeof(keystr), %s, sid_to_fstring(tmp, user_sid)); - tdb_delete(tdb, string_tdb_data(key_str)); + DEBUG(10,(netsamlogon_clear_cached_user: SID [%s]\n, keystr)); - if (got_tdb) { - tdb_close(tdb); - } + tdb_delete_bystring(netsamlogon_tdb, keystr); } /*** diff --git a/source/winbindd/winbindd_cache.c b/source/winbindd/winbindd_cache.c index 3b2b9aa..d3e47d0 100644 --- a/source/winbindd/winbindd_cache.c +++ b/source/winbindd/winbindd_cache.c @@ -2265,6 +2265,8 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void wcache_invalidate_samlogon(struct winbindd_domain *domain, struct netr_SamInfo3 *info3) { +DOM_SID sid; +fstring key_str, sid_string; struct winbind_cache *cache; /* dont clear cached U/SID and UG/SID entries when we want to logon @@ -2278,7 +2280,26 @@ void wcache_invalidate_samlogon(struct winbindd_domain *domain, return; cache = get_cache(domain); - netsamlogon_clear_cached_user(cache-tdb, info3); + +if (!cache-tdb) { +return; +} + + sid_copy(sid, info3-base.domain_sid); + sid_append_rid(sid, info3-base.rid); + + /* Clear U/SID cache entry */ + fstr_sprintf(key_str, U/%s, sid_to_fstring(sid_string, sid)); + DEBUG(10, (wcache_invalidate_samlogon: clearing %s\n, key_str)); + tdb_delete(cache-tdb, string_tdb_data(key_str)); + + /* Clear UG/SID cache entry */ + fstr_sprintf(key_str,
[SCM] Samba Shared Repository - branch v3-devel updated - release-3-2-0pre2-3842-g7c82089
The branch, v3-devel has been updated via 7c820899ed1364fdaeb7b49e8ddd839e67397ec0 (commit) via bb13312d9d53b1e048b3a0bfeeca088f9db84cd3 (commit) from 4c3a9558906f213948c3bdc081be73f8fed148cb (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-devel - Log - commit 7c820899ed1364fdaeb7b49e8ddd839e67397ec0 Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Aug 27 17:29:10 2008 -0700 Fix the wcache_invalidate_samlogon calls. Jeremy. commit bb13312d9d53b1e048b3a0bfeeca088f9db84cd3 Author: Ephi Dror [EMAIL PROTECTED] Date: Wed Aug 27 17:28:34 2008 -0700 Correct the netsamlogon_clear_cached_user function. --- Summary of changes: source/include/proto.h |2 +- source/libsmb/samlogon_cache.c | 54 - source/winbindd/winbindd_cache.c | 23 +++- source/winbindd/winbindd_pam.c |4 +- 4 files changed, 43 insertions(+), 40 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/proto.h b/source/include/proto.h index 2145a89..d5e942a 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -5002,7 +5002,7 @@ void pwd_get_cleartext(struct pwd_info *pwd, fstring clr); bool netsamlogon_cache_init(void); bool netsamlogon_cache_shutdown(void); -void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3); +void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3); bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3); struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid); bool netsamlogon_cache_have(const DOM_SID *user_sid); diff --git a/source/libsmb/samlogon_cache.c b/source/libsmb/samlogon_cache.c index 2d2588f..4abe5bb 100644 --- a/source/libsmb/samlogon_cache.c +++ b/source/libsmb/samlogon_cache.c @@ -59,48 +59,30 @@ bool netsamlogon_cache_shutdown(void) Clear cache getpwnam and getgroups entries from the winbindd cache ***/ -void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3) +void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3) { - bool got_tdb = false; - DOM_SID sid; - fstring key_str, sid_string; - - /* We may need to call this function from smbd which will not have - winbindd_cache.tdb open. Open the tdb if a NULL is passed. */ - - if (!tdb) { - tdb = tdb_open_log(lock_path(winbindd_cache.tdb), - WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_DEFAULT, O_RDWR, 0600); - if (!tdb) { - DEBUG(5, (netsamlogon_clear_cached_user: failed to open cache\n)); - return; - } - got_tdb = true; - } - - sid_copy(sid, info3-base.domain_sid); - sid_append_rid(sid, info3-base.rid); - - /* Clear U/SID cache entry */ - - fstr_sprintf(key_str, U/%s, sid_to_fstring(sid_string, sid)); - - DEBUG(10, (netsamlogon_clear_cached_user: clearing %s\n, key_str)); - - tdb_delete(tdb, string_tdb_data(key_str)); + DOM_SID user_sid; + fstring keystr, tmp; - /* Clear UG/SID cache entry */ + if (!info3) { + return; + } - fstr_sprintf(key_str, UG/%s, sid_to_fstring(sid_string, sid)); + if (!netsamlogon_cache_init()) { + DEBUG(0,(netsamlogon_clear_cached_user: cannot open + %s for write!\n, + NETSAMLOGON_TDB)); + return; + } + sid_copy(user_sid, info3-base.domain_sid); + sid_append_rid(user_sid, info3-base.rid); - DEBUG(10, (netsamlogon_clear_cached_user: clearing %s\n, key_str)); + /* Prepare key as DOMAIN-SID/USER-RID string */ + slprintf(keystr, sizeof(keystr), %s, sid_to_fstring(tmp, user_sid)); - tdb_delete(tdb, string_tdb_data(key_str)); + DEBUG(10,(netsamlogon_clear_cached_user: SID [%s]\n, keystr)); - if (got_tdb) { - tdb_close(tdb); - } + tdb_delete_bystring(netsamlogon_tdb, keystr); } /*** diff --git a/source/winbindd/winbindd_cache.c b/source/winbindd/winbindd_cache.c index c9d857c..2fbb01b 100644 --- a/source/winbindd/winbindd_cache.c +++ b/source/winbindd/winbindd_cache.c @@ -2259,6 +2259,8 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void wcache_invalidate_samlogon(struct winbindd_domain *domain, struct netr_SamInfo3 *info3) { +DOM_SID sid; +fstring key_str, sid_string; struct winbind_cache *cache; /* dont clear
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-3847-g01a90a0
The branch, v3-3-test has been updated via 01a90a037279c51d95a08adce5ea1bf9c07e7cb9 (commit) via 8d65c5d132297bba4b92e96583ac06946b8b1396 (commit) from ea11816faa38cd2ecdd7384b2fb0f651b3081cd5 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 01a90a037279c51d95a08adce5ea1bf9c07e7cb9 Author: Jeremy Allison [EMAIL PROTECTED] Date: Wed Aug 27 17:30:01 2008 -0700 Fix the wcache_invalidate_samlogon calls. Jeremy. commit 8d65c5d132297bba4b92e96583ac06946b8b1396 Author: Ephi Dror [EMAIL PROTECTED] Date: Wed Aug 27 17:29:45 2008 -0700 Correct the netsamlogon_clear_cached_user function. --- Summary of changes: source/include/proto.h |2 +- source/libsmb/samlogon_cache.c | 54 - source/winbindd/winbindd_cache.c | 23 +++- source/winbindd/winbindd_pam.c |4 +- 4 files changed, 43 insertions(+), 40 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/proto.h b/source/include/proto.h index 2145a89..d5e942a 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -5002,7 +5002,7 @@ void pwd_get_cleartext(struct pwd_info *pwd, fstring clr); bool netsamlogon_cache_init(void); bool netsamlogon_cache_shutdown(void); -void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3); +void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3); bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3); struct netr_SamInfo3 *netsamlogon_cache_get(TALLOC_CTX *mem_ctx, const DOM_SID *user_sid); bool netsamlogon_cache_have(const DOM_SID *user_sid); diff --git a/source/libsmb/samlogon_cache.c b/source/libsmb/samlogon_cache.c index 2d2588f..4abe5bb 100644 --- a/source/libsmb/samlogon_cache.c +++ b/source/libsmb/samlogon_cache.c @@ -59,48 +59,30 @@ bool netsamlogon_cache_shutdown(void) Clear cache getpwnam and getgroups entries from the winbindd cache ***/ -void netsamlogon_clear_cached_user(TDB_CONTEXT *tdb, struct netr_SamInfo3 *info3) +void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3) { - bool got_tdb = false; - DOM_SID sid; - fstring key_str, sid_string; - - /* We may need to call this function from smbd which will not have - winbindd_cache.tdb open. Open the tdb if a NULL is passed. */ - - if (!tdb) { - tdb = tdb_open_log(lock_path(winbindd_cache.tdb), - WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_DEFAULT, O_RDWR, 0600); - if (!tdb) { - DEBUG(5, (netsamlogon_clear_cached_user: failed to open cache\n)); - return; - } - got_tdb = true; - } - - sid_copy(sid, info3-base.domain_sid); - sid_append_rid(sid, info3-base.rid); - - /* Clear U/SID cache entry */ - - fstr_sprintf(key_str, U/%s, sid_to_fstring(sid_string, sid)); - - DEBUG(10, (netsamlogon_clear_cached_user: clearing %s\n, key_str)); - - tdb_delete(tdb, string_tdb_data(key_str)); + DOM_SID user_sid; + fstring keystr, tmp; - /* Clear UG/SID cache entry */ + if (!info3) { + return; + } - fstr_sprintf(key_str, UG/%s, sid_to_fstring(sid_string, sid)); + if (!netsamlogon_cache_init()) { + DEBUG(0,(netsamlogon_clear_cached_user: cannot open + %s for write!\n, + NETSAMLOGON_TDB)); + return; + } + sid_copy(user_sid, info3-base.domain_sid); + sid_append_rid(user_sid, info3-base.rid); - DEBUG(10, (netsamlogon_clear_cached_user: clearing %s\n, key_str)); + /* Prepare key as DOMAIN-SID/USER-RID string */ + slprintf(keystr, sizeof(keystr), %s, sid_to_fstring(tmp, user_sid)); - tdb_delete(tdb, string_tdb_data(key_str)); + DEBUG(10,(netsamlogon_clear_cached_user: SID [%s]\n, keystr)); - if (got_tdb) { - tdb_close(tdb); - } + tdb_delete_bystring(netsamlogon_tdb, keystr); } /*** diff --git a/source/winbindd/winbindd_cache.c b/source/winbindd/winbindd_cache.c index c9d857c..2fbb01b 100644 --- a/source/winbindd/winbindd_cache.c +++ b/source/winbindd/winbindd_cache.c @@ -2259,6 +2259,8 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void wcache_invalidate_samlogon(struct winbindd_domain *domain, struct netr_SamInfo3 *info3) { +DOM_SID sid; +fstring key_str, sid_string; struct winbind_cache *cache; /* dont