[Samba] How to allow only particular users to logon to a particular computer?
Guys, I have a pc (already joinned the samba domain 'DOMAIN') that I want to keep off other domain users but user DOMAIN\mark and DOMAIN\thomas whilst letting both of them to logon freely to other computers. I tried sambaUsersWorkstations but it only works with uid (Users not Computers) and it dictated which computer such a user may logon to. What I want is the opposite: which users may logon to the computer. Is this possible with our samba+openldap or should I create a logon script? Thank you. :) Regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] vlan problem
it seems that you are true, now what is the solution? 2009/3/2 Scott Grizzard sgrizz...@tampabay.rr.com Can you do an ldapsearch -x from the domain controller to the LDAP server using TLS? Many times it is the TLS certificates that cause connection problems from samba. On Mar 2, 2009, at 12:26 AM, Mohammad Reza Hosseini wrote: here is my smb.conf global section: # [global] server string = SOFTWARE workgroup = SOFTWARE ;security = user netbios name = S-SOFT passdb backend = ldapsam:ldap://ldapserver ldap admin dn = cn=Directory Manager ldap suffix = dc=iut,dc=ac,dc=ir ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap ssl = start_tls ;enable privileges = yes add machine script = /usr/sbin/smbldap-useradd -w %u add user script = /usr/sbin/smbldap-useradd -m %u ldap delete dn = Yes #delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p %g #delete group script = /usr/sbin/smbldap-groupdel %g add user to group script = /usr/sbin/smbldap-groupmod -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod -x %u %g set primary group script = /usr/sbin/smbldap-usermod -g %g %u ldap passwd sync = Yes log level = 1 syslog = 0 log file = /var/log/samba/%m ;encrypt passwords = yes os level = 69 max log size = 50 name resolve order = wins bcast hosts time server = Yes wins support = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 logon script = logon.bat logon path = logon drive = domain logons = Yes preferred master = Yes domain master = Yes ;local master = yes username map = /etc/samba/smbusers interfaces = 127.0.0.1 eth* bind interfaces only = yes hosts allow = 172.16. 192.168. # 2009/3/1 Adam Williams awill...@mdah.state.ms.us whats the smb.conf of the samba server? did you do smbpasswd -w? Mohammad Reza Hosseini wrote: hello, I want to use a samba server and an ldap server in two different lans. but win xp pc can not join to pdc domain. i ping the ldap server and smbldap-usershow shows the users but the net rpc getsid can not fetch sid and coputers can't be added to ldap. any idea? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- .::MRH::. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to allow only particular users to logon to a particular computer?
Thank-you Wolfgang, I'll give it a shot. * You' re right. I saw some where in the web, someone mistakenly lock his local user (administrator). :( Regards, On Tue, Mar 3, 2009 at 5:37 PM, Wolfgang Ratzka rat...@hrz.uni-marburg.dewrote: I have a pc (already joinned the samba domain 'DOMAIN') that I want to keep off other domain users but user DOMAIN\mark and DOMAIN\thomas whilst letting both of them to logon freely to other computers. You might want to manipulate the SeInteractiveLogonRight and possibly SeNetworkLogonRight on the PC itself. Have a look at http://support.microsoft.com/kb/279664 Two hints: - You might want to define a group and assign rights to the group instead of single users. - Avoid locking out yourself and the admins. Kind regards, -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to allow only particular users to logon to a particular computer?
I have a pc (already joinned the samba domain 'DOMAIN') that I want to keep off other domain users but user DOMAIN\mark and DOMAIN\thomas whilst letting both of them to logon freely to other computers. You might want to manipulate the SeInteractiveLogonRight and possibly SeNetworkLogonRight on the PC itself. Have a look at http://support.microsoft.com/kb/279664 Two hints: - You might want to define a group and assign rights to the group instead of single users. - Avoid locking out yourself and the admins. Kind regards, -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to allow only particular users to logon to a particular computer?
Hi, I've follow your link but it only applies to windows 2000 server. Beside, I'd already try Logon Locally (I won't use Deny logon locally because it will reverse Logon Locally and prevent local administrator to logon) before I sent email to this mlist. I also add domain user via control panel but they all got no use. :( I still hope that samba may saves me. :D Kind regards, On Tue, Mar 3, 2009 at 5:37 PM, Wolfgang Ratzka rat...@hrz.uni-marburg.dewrote: I have a pc (already joinned the samba domain 'DOMAIN') that I want to keep off other domain users but user DOMAIN\mark and DOMAIN\thomas whilst letting both of them to logon freely to other computers. You might want to manipulate the SeInteractiveLogonRight and possibly SeNetworkLogonRight on the PC itself. Have a look at http://support.microsoft.com/kb/279664 Two hints: - You might want to define a group and assign rights to the group instead of single users. - Avoid locking out yourself and the admins. Kind regards, -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] unable to use myse home share on a member server
Hi all, I have a strange problem : smb.conf : [global] netbios name = CORLI01 workgroup = CORMAN server string = Ancien Serveur administratif (%v) # Definition de la securite #security = user security = domain password server = ADMIN01 # passwd chat debug = yes # passwd chat = *new*password* %n\n *new*password* %n\n successfully* # passwd program = /usr/local/sbin/smbldap-password -o %u password level = 2 unix password sync = no admin users = @administrateurs # os level = 160 announce as = NT Server enable privileges = yes reset on zero vc = yes msdfs root = No [homes] comment = Repertoire Home path = /rsrv/vol1/home/%U force user = %U read only = No directory mask = 0700 browseable = No hide dot files = yes veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/.gtkrc/.kde/.mc/.xarkeia/ inherit permissions = Yes inherit acls = Yes [archives] comment = Repertoire archives path = /rsrv/vol2/archives/%U force user = %U read only = No directory mask = 0700 # browseable = No hide dot files = yes veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/.gtkrc/.kde/.mc/.xarkeia/ inherit permissions = Yes inherit acls = Yes I'am unable to enter to my home : the network cannot be found And the share archives is not visible (I can made \\corli01\archives and I can made all operations) In the log file : [2009/03/03 12:09:54, 3] smbd/process.c:switch_message(1378) switch message SMBtrans2 (pid 3004) conn 0x8700ae8 [2009/03/03 12:09:54, 4] smbd/uid.c:change_to_user(213) change_to_user: Skipping user change - already user [2009/03/03 12:09:54, 3] smbd/msdfs.c:get_referred_path(813) get_referred_path: |spu| in dfs path \corli01\spu is not a dfs root. [2009/03/03 12:09:54, 3] smbd/error.c:error_packet_set(61) error packet at smbd/trans2.c(7286) cmd=50 (SMBtrans2) NT_STATUS_NOT_FOUND [2009/03/03 12:09:54, 5] lib/util.c:show_msg(645) [2009/03/03 12:09:54, 5] lib/util.c:show_msg(655) redhat 4.7 samba 3.3.1 anyone have a idea ? thanks Stéphane --- Stéphane PURNELLE stephane.purne...@corman.be Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Error with KRB5
I configure my Samba server to join into a Windows Domain Controller, when join to the domain I have this error net ads join -U Administrator Administrador's password: net: relocation error: net: symbol krb5_get_init_creds_opt_alloc, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference Thanks! Javier Arancibia -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error with KRB5
On Tue, Mar 3, 2009 at 7:07 AM, Javier Arancibia jaranci...@nacion-seguros.com.ar wrote: I configure my Samba server to join into a Windows Domain Controller, when join to the domain I have this error net ads join -U Administrator Administrador's password: net: relocation error: net: symbol krb5_get_init_creds_opt_alloc, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference Did you try updating / reinstalling mit-krb5? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CreateHardLink problem
Hi Volker, 2009/3/3 Volker Lendecke volker.lende...@sernet.de: On Tue, Mar 03, 2009 at 06:13:42PM +1100, David Overton wrote: I'm developing a Windows backup application that needs to be able to create possibly hundreds of thousands of hard links on an SMB share. I'm running into a strange problem when that share happens to be on a Samba server. When the application tries to create the 1th hard link, the win32 CreateHardLink() function returns error code 5 Access is denied. The Samba log shows: [2009/03/03 01:29:08, 0] smbd/files.c:file_new(79) ERROR! Out of file structures Can you send a sniff of what your application is doing? We *might* have a fd leak somewhere. But apart from that -- you do close your files after you've used them? The sniff is rather large so I'll send it separately to you. The code in question does not explicitly open any files, it merely calls CreateHardLink() on pre-existing files. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AD auth - Backup?
Thanks for the reply's. Is there anyway to have Samba just read whatever is in the database for the UID/GID map if the DC is not available? From my testing as soon as the DC is unavailable for any reason the ability to login ceases. Am I right in thining that by adding 2 x kdc selections to /etc/krb5.cfg I'm setting the 2 DC's to be used for lookups? Regards, Mark On Sun, Mar 01, 2009 at 03:15:33PM -0500, Ryan Bair wrote: Everything should be looked up by DNS. There's no notion of a PDC/BDC in AD (although 2008 has readonly slaves I believe). On Fri, Feb 27, 2009 at 7:26 AM, Mark Adams m...@campbell-lange.net wrote: Hi All, I haven't been able to track down any info on this so would be appreciative of any input. Links to any info on this would also be appreciated. Samba 3.2.5, Debian 5.0 Question 1; Is there any way of setting up a backup windows domain controller in the samba config? so if they main dc is not available, it automatically queries the backup? Question 2; What is the best way to back up the UID/GID map? and can it be easily imported back to a new install if the server fails for any reason. Thanks Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error with KRB5
I think that the problem is in kerberos... When update krb5-libs.. # yum update krb5-libs-1.6.1-31.el5.x86_64.rpm or # yum update krb5-libs-1.6.1-31.el5.x86_64 Transaction Check Error: file /etc/krb5.conf from install of krb5-libs-1.6.1-31.el5 conflicts with file from package krb5-libs-1.5-17 Javier Arancibia John Drescher dresche...@gmail.com 03/03/2009 10:13 Para Javier Arancibia jaranci...@nacion-seguros.com.ar cc samba@lists.samba.org Asunto Re: [Samba] Error with KRB5 On Tue, Mar 3, 2009 at 7:07 AM, Javier Arancibia jaranci...@nacion-seguros.com.ar wrote: I configure my Samba server to join into a Windows Domain Controller, when join to the domain I have this error net ads join -U Administrator Administrador's password: net: relocation error: net: symbol krb5_get_init_creds_opt_alloc, version krb5_3_MIT not defined in file libkrb5.so.3 with link time reference Did you try updating / reinstalling mit-krb5? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] First attempt file access denied subsequent file accesses granted
Hi List, We’re running 3.0.28.el4.9 on CentOS 4.7 in a production environment with one minor annoyance. This is a very inconsistent behavior ,frequent enough top be annoying ,yet unpredictable enough to warrant this email. Our Samba server is serving up a wide variety of files but in this instance in particular are Visual Fox Pro tables (*.dbf). When a user wishes to open a Fox Pro table with the browse or use command from the Fox Pro command line ,the users is granted file access. When a user makes an attempt to use the table through the GUI (windows file open,or explorer) the first attempt results with an access denied message, however subsequent attempts result in normal file access. I’ve been unable to find a parameter within Samba that changes this behavior and as I related this is a very inconsistent behavior. I’m not entirely sure this is a samba issue or if there maybe some windows registry setting that I can change on the client machines, it is noteworthy it didn’t start happening until we converted the file share to Samba. Any assistance would greatly be appreciated, Thank you, L. Kipp _ Windows Live™: Life without walls. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] First attempt file access denied subsequent file accesses granted
We’re running 3.0.28.el4.9 on CentOS 4.7 in a production environment with one minor annoyance. This is a very inconsistent behavior ,frequent enough top be annoying ,yet unpredictable enough to warrant this email. Our Samba server is serving up a wide variety of files but in this instance in particular are Visual Fox Pro tables (*.dbf). When a user wishes to open a Fox Pro table with the browse or use command from the Fox Pro command line ,the users is granted file access. When a user makes an attempt to use the table through the GUI (windows file open,or explorer) the first attempt results with an access denied message, however subsequent attempts result in normal file access. I’ve been unable to find a parameter within Samba that changes this behavior and as I related this is a very inconsistent behavior. I’m not entirely sure this is a samba issue or if there maybe some windows registry setting that I can change on the client machines, it is noteworthy it didn’t start happening until we converted the file share to Samba. Any assistance would greatly be appreciated, How have you configured oplocks? Also can you update samba. 3.0.28 is ancient. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error with KRB5
I delete the file /etc/krb5.conf and put the original file too. I have the same error. I can't uninstall the older version because this have many dependencies. Thanks. Javier Arancibia John Drescher dresche...@gmail.com 03/03/2009 12:50 Para Javier Arancibia jaranci...@nacion-seguros.com.ar, Samba mailing list samba@lists.samba.org cc Asunto Re: [Samba] Error with KRB5 On Tue, Mar 3, 2009 at 9:47 AM, Javier Arancibia jaranci...@nacion-seguros.com.ar wrote: I think that the problem is in kerberos... When update krb5-libs.. # yum update krb5-libs-1.6.1-31.el5.x86_64.rpm or # yum update krb5-libs-1.6.1-31.el5.x86_64 Transaction Check Error: file /etc/krb5.conf from install of krb5-libs-1.6.1-31.el5 conflicts with file from package krb5-libs-1.5-17 Not knowing anything about yum, my suggestion is to move /etc/krb5.conf somewhere and install the new. Then reconfigure /etc/krb5.conf with the settings in the old file. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] samba user stays at the syatem !!!
J. Bakshi wrote: Dear list, Here is a very strange problem !!! I am using samba-3.0.25b-1.1.cc in clarkconnect server. No problem to use the samba shares at all. Authentication works with no hitch. But samba users stay at the system. I have just checked with who and found there are 250 samba users from 1st of Jan ! I tried to fond out the pid by who -a and kill those but then it says no such pid even I tried *smbstatus* but kill says no such pid. I have really no clue what to do with this problem. Day by day this system is flooded with more and more samba users. Kindly suggest what to do. How can I kill those past samba users ? How can I instruct samba no to have the continue with unlogged users ? Please show me the way. thanks Clarkconnect have been briefed on this issue and are in the process of releasing samba-3.0.28 updates. Please update when this becomes available. If this problem reoccurs please restart the samba service. That should clear the stale records. - John T. -- John H Terpstra If at first you don't succeed, don't go sky-diving! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error with KRB5
On Tue, Mar 3, 2009 at 9:47 AM, Javier Arancibia jaranci...@nacion-seguros.com.ar wrote: I think that the problem is in kerberos... When update krb5-libs.. # yum update krb5-libs-1.6.1-31.el5.x86_64.rpm or # yum update krb5-libs-1.6.1-31.el5.x86_64 Transaction Check Error: file /etc/krb5.conf from install of krb5-libs-1.6.1-31.el5 conflicts with file from package krb5-libs-1.5-17 Not knowing anything about yum, my suggestion is to move /etc/krb5.conf somewhere and install the new. Then reconfigure /etc/krb5.conf with the settings in the old file. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] First attempt file access denied subsequent file accesses granted
On Tue, Mar 3, 2009 at 11:02 AM, Wikked one wikk...@hotmail.com wrote: Hi John I have configured oplocks and been unable to see any difference in behavior. How about error logs. Is there an error message in the samba logs when this happens? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Fwd: [Samba] First attempt file access denied subsequent file accesses granted
No errors that I can correlate back to the file access denied. My primary user reports that so far this morning she has not had the behavior. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] PDC machine name appears as Domain Name on PC profiles
I have the distribution Samba package 3.2.3 running under Ubuntu 8.10 Workstation, downloaded using Synaptics Package Manager. It is running as a PDC. On some of my Windows XP workstations, the Windows profiles appearing under System Properties Advanced User Profiles appear correct, in the form DOMAIN_NAME\USER_NAME. On others, however, they appear in the form DOMAIN_SERVER_NAME\USER_NAME. Does anyone know why this occurs, and if so, is it normal? Do I need to change something. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Error with KRB5
I can update krb5-libs-1.5-17 to krb5-libs 1.6.1-31.el5 The solution.. yum shell update krb5-devel run with this yum install krb5-devel and all dependencies. Now i can join to the DOMAIN CONTROLLER Javier Arancibia Javier Arancibia jaranci...@nacion-seguros.com.ar Enviado por: samba-bounces+jarancibia=nacion-seguros.com...@lists.samba.org 03/03/2009 13:10 Para John Drescher dresche...@gmail.com, samba@lists.samba.org cc Asunto Re: [Samba] Error with KRB5 I delete the file /etc/krb5.conf and put the original file too. I have the same error. I can't uninstall the older version because this have many dependencies. Thanks. Javier Arancibia John Drescher dresche...@gmail.com 03/03/2009 12:50 Para Javier Arancibia jaranci...@nacion-seguros.com.ar, Samba mailing list samba@lists.samba.org cc Asunto Re: [Samba] Error with KRB5 On Tue, Mar 3, 2009 at 9:47 AM, Javier Arancibia jaranci...@nacion-seguros.com.ar wrote: I think that the problem is in kerberos... When update krb5-libs.. # yum update krb5-libs-1.6.1-31.el5.x86_64.rpm or # yum update krb5-libs-1.6.1-31.el5.x86_64 Transaction Check Error: file /etc/krb5.conf from install of krb5-libs-1.6.1-31.el5 conflicts with file from package krb5-libs-1.5-17 Not knowing anything about yum, my suggestion is to move /etc/krb5.conf somewhere and install the new. Then reconfigure /etc/krb5.conf with the settings in the old file. John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] PDC machine name appears as Domain Name on PC profiles
On Tue, 2009-03-03 at 10:36 -0600, Jeff McInish wrote: I have the distribution Samba package 3.2.3 running under Ubuntu 8.10 Workstation, downloaded using Synaptics Package Manager. It is running as a PDC. On some of my Windows XP workstations, the Windows profiles appearing under System Properties Advanced User Profiles appear correct, in the form DOMAIN_NAME\USER_NAME. On others, however, they appear in the form DOMAIN_SERVER_NAME\USER_NAME. Does anyone know why this occurs, and if so, is it normal? Do I need to change something. Thanks in advance. Possibly because the SID of the PDC is the SID of the domain? Maybe something resolves the name one way while another works the other. [r...@littleboy ~]# net getlocalsid SID for domain BARBEL is: S-1-5-21-2037442776-3290224752-88127236 [r...@littleboy ~]# net getdomainsid SID for local machine BARBEL is: S-1-5-21-2037442776-3290224752-88127236 SID for domain BACKBONE is: S-1-5-21-2037442776-3290224752-88127236 -- OpenGroupware developer: awill...@whitemice.org http://whitemiceconsulting.blogspot.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CreateHardLink problem
On Tue, Mar 03, 2009 at 06:13:42PM +1100, David Overton wrote: Hi, I'm developing a Windows backup application that needs to be able to create possibly hundreds of thousands of hard links on an SMB share. I'm running into a strange problem when that share happens to be on a Samba server. When the application tries to create the 1th hard link, the win32 CreateHardLink() function returns error code 5 Access is denied. The Samba log shows: [2009/03/03 01:29:08, 0] smbd/files.c:file_new(79) ERROR! Out of file structures Some googling suggested that the out of file structures error occurs when Samba exceeds its max open files limit. Sure enough, if I change max open files in smb.conf, the number of successful calls to CreateHardLink() before the error occurs changes accordingly. Configurations I've tried this on: QNAP NAS device running Linux 2.6.12 (ARM) and Samba 3.0.23d Ubuntu Server 8.10 running Linux 2.6.27 (i686) and Samba 3.2.3. Both of these with Windows Vista as client. Several of our customers have reported this bug with different versions of Linux/Samba on the server and different versions of Windows on the client, so it seems to be a widespread problem. Has anyone encountered this problem before? I'm not sure whether it is a bug in Samba or Windows? I'm new to this list. Is this the right place to report this or would it be better to submit a Bugzilla report? Any idea what I can do to work around it, other than setting max open files to a ridiculously high value? Can you open a bug and attach a debug level 10 log and also a wireshark capture trace of this against the Samba share ? Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AutoCad 2007
On Mon, Mar 02, 2009 at 08:54:47PM -0500, Patrik Dufresne wrote: Hi Jeremy, Thanks for your help. Sorry, I forget to provide this information. Here the version : samba 3.0.22-1ubuntu3.8 I'm running this service using a Ubuntu 8.04.2. I hope it's help you. I would definately upgrade and retest first. It's very possible that this is a bug already fixed. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CreateHardLink problem
On Tue, Mar 03, 2009 at 10:54:46AM -0800, Jeremy Allison wrote: Can you open a bug and attach a debug level 10 log and also a wireshark capture trace of this against the Samba share ? I've got the 20MB sniff here. I'll send it to you later when I have a real network again. Volker pgpC3vsqm0LqV.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba AutoCad 2007
Jeremy Allison wrote: I would definately upgrade and retest first. It's very possible that this is a bug already fixed. Jeremy. Hi Jeremy, Thanks for your help, For maintenance reason, I don't want to manually compile samba. So I look into the new release of Ubuntu (9.04) and samba 3.3.0 is available. Do you consider the gaps between 3.3.0 and 3.3.1 really big ? Considering your recommendation, I will create a new server with Samba 3.3.0. Thanks for you help. I will comeback soon with some result. Patrik Dufresne -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] CreateHardLink problem
Hi Volker, 2009/3/4 Volker Lendecke volker.lende...@sernet.de: On Tue, Mar 03, 2009 at 11:21:46PM +1100, David Overton wrote: 2009/3/3 Volker Lendecke volker.lende...@sernet.de: On Tue, Mar 03, 2009 at 06:13:42PM +1100, David Overton wrote: I'm developing a Windows backup application that needs to be able to create possibly hundreds of thousands of hard links on an SMB share. I'm running into a strange problem when that share happens to be on a Samba server. When the application tries to create the 1th hard link, the win32 CreateHardLink() function returns error code 5 Access is denied. The Samba log shows: [2009/03/03 01:29:08, 0] smbd/files.c:file_new(79) ERROR! Out of file structures Can you send a sniff of what your application is doing? We *might* have a fd leak somewhere. But apart from that -- you do close your files after you've used them? Attached is gzipped output of running tshark as suggested at http://wiki.samba.org/index.php/Capture_Packets. If you need more information let me know. Thanks, that is what I need. It might take a few days, but those 20MB in my inbox will definitely remind me of a TODO for me :-) I've had a look at the sniff myself and it pointed me to a bug in my code. It was using FindFirstFile to obtain some metadata about each file before calling CreateHardLink, but it wasn't calling FindClose. I'm guessing that this was causing Samba to leave file descriptors open. Sorry for wasting your time on this. Thanks for your help. David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Can't modify ms word files with samba 3.3
Hello, I have the same problem with samba 3.3.0 and 3.3.1. I use to be able to edit some MS Word file on a shared network. What should I do to fix this problem? Is there a way to change some config file? Thanks in advance, Olivier DOREMIEUX -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-93-g09ac816
Jelmer Vernooij schrieb: On Mon, 2009-03-02 at 08:44 +0100, Stefan (metze) Metzmacher wrote: Jelmer Vernooij schrieb: The branch, master has been updated via 09ac816b36e45fd537af2f7fe7c57a11f5c744f5 (commit) via 235244f4cc707130dd130afce88bde49606bd501 (commit) from 54bc27e9374742d37b1ed9012d1cfe8f5ace6d40 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 09ac816b36e45fd537af2f7fe7c57a11f5c744f5 Merge: 235244f4cc707130dd130afce88bde49606bd501 54bc27e9374742d37b1ed9012d1cfe8f5ace6d40 Author: Jelmer Vernooij jel...@samba.org Date: Sun Mar 1 16:39:35 2009 +0100 Merge branch 'master' of git://git.samba.org/samba into teventfix Conflicts: lib/tevent/pytevent.c commit 235244f4cc707130dd130afce88bde49606bd501 Author: Jelmer Vernooij jel...@samba.org Date: Sun Mar 1 16:38:07 2009 +0100 Avoid using tevent_util.h, which won't be available if we use the system tevent. --- Summary of changes: lib/tevent/pytevent.c |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/tevent/pytevent.c b/lib/tevent/pytevent.c index 3b45ba1..fe7e7e3 100644 --- a/lib/tevent/pytevent.c +++ b/lib/tevent/pytevent.c @@ -29,7 +29,6 @@ #include tevent.h #include stdbool.h -#include tevent_util.h typedef struct { PyObject_HEAD @@ -54,7 +53,8 @@ static PyObject *py_backend_list(PyObject *self) PyObject *ret; int i, len; -len = ev_str_list_length(backends); +for (len = 0; backends[len]; len++); + ret = PyList_New(len); for (i = 0; i len; i++) PyList_SetItem(ret, i, PyString_FromString(backends[i])); I think we should include pytevent in the standalone build and don't build it when we use the system tevent library. (We should do that for all statndalone libraries) We already build pytevent in the standalone build, but only in case that Python is available. Should we make Python mandatory for building standalone TDB and tevent? No, but we should require it when building samba with a system tevent library. metze signature.asc Description: OpenPGP digital signature
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-134-g4b2955a
The branch, master has been updated via 4b2955aa7dbcf06629d24d3ea35c6dfa8c4156b9 (commit) from be1dfff02d562e42a7847bd02fed8538630d3f41 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4b2955aa7dbcf06629d24d3ea35c6dfa8c4156b9 Author: Jeremy Allison j...@samba.org Date: Tue Mar 3 08:50:35 2009 -0800 Fix ignore return warning. Jeremy. --- Summary of changes: source3/lib/events.c |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/events.c b/source3/lib/events.c index 9e81a47..f875e0d 100644 --- a/source3/lib/events.c +++ b/source3/lib/events.c @@ -286,8 +286,9 @@ static void s3_event_debug(void *context, enum tevent_debug_level level, break; }; - vasprintf(s, fmt, ap); - if (!s) return; + if (vasprintf(s, fmt, ap) == -1) { + return; + } DEBUG(samba_level, (s3_event: %s, s)); free(s); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-136-gb00204a
The branch, master has been updated via b00204a46153a406a6c63792b1939bd3ad74ba71 (commit) via b6f479d4413511fbd742e7c8464cec67501f539c (commit) from 4b2955aa7dbcf06629d24d3ea35c6dfa8c4156b9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b00204a46153a406a6c63792b1939bd3ad74ba71 Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 3 18:03:57 2009 +0100 lib/util: remove samba specific talloc_get_type_abort() metze commit b6f479d4413511fbd742e7c8464cec67501f539c Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 3 18:01:01 2009 +0100 talloc: add talloc_get_type_abort() metze --- Summary of changes: lib/talloc/talloc.c| 24 lib/talloc/talloc.h|2 ++ lib/util/util.c| 15 --- lib/util/util.h|7 --- source3/include/includes.h |4 source3/include/proto.h|1 - 6 files changed, 26 insertions(+), 27 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c index 1f7e524..c472e9f 100644 --- a/lib/talloc/talloc.c +++ b/lib/talloc/talloc.c @@ -806,6 +806,30 @@ void *talloc_check_name(const void *ptr, const char *name) return NULL; } +static void talloc_abort_type_missmatch(const char *location, + const char *name, + const char *expected) +{ + TALLOC_ABORT(Type missmatch); +} + +void *_talloc_get_type_abort(const void *ptr, const char *name, const char *location) +{ + const char *pname; + + if (unlikely(ptr == NULL)) { + talloc_abort_type_missmatch(location, NULL, name); + return NULL; + } + + pname = talloc_get_name(ptr); + if (likely(pname == name || strcmp(pname, name) == 0)) { + return discard_const_p(void, ptr); + } + + talloc_abort_type_missmatch(location, pname, name); + return NULL; +} /* this is for compatibility with older versions of talloc diff --git a/lib/talloc/talloc.h b/lib/talloc/talloc.h index 5431971..002e06e 100644 --- a/lib/talloc/talloc.h +++ b/lib/talloc/talloc.h @@ -102,6 +102,7 @@ typedef void TALLOC_CTX; #define talloc_set_type(ptr, type) talloc_set_name_const(ptr, #type) #define talloc_get_type(ptr, type) (type *)talloc_check_name(ptr, #type) +#define talloc_get_type_abort(ptr, type) (type *)_talloc_get_type_abort(ptr, #type, __location__) #define talloc_find_parent_bytype(ptr, type) (type *)talloc_find_parent_byname(ptr, #type) @@ -129,6 +130,7 @@ void *talloc_named(const void *context, size_t size, void *talloc_named_const(const void *context, size_t size, const char *name); const char *talloc_get_name(const void *ptr); void *talloc_check_name(const void *ptr, const char *name); +void *_talloc_get_type_abort(const void *ptr, const char *name, const char *location); void *talloc_parent(const void *ptr); const char *talloc_parent_name(const void *ptr); void *talloc_init(const char *fmt, ...) PRINTF_ATTRIBUTE(1,2); diff --git a/lib/util/util.c b/lib/util/util.c index 1f31f55..0148bdb 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -541,21 +541,6 @@ void *malloc_array(size_t el_size, unsigned int count) return realloc_array(NULL, el_size, count, false); } -_PUBLIC_ void *talloc_check_name_abort(const void *ptr, const char *name) -{ -void *result; - -result = talloc_check_name(ptr, name); -if (result != NULL) -return result; - -DEBUG(0, (Talloc type mismatch, expected %s, got %s\n, - name, talloc_get_name(ptr))); -smb_panic(talloc type mismatch); -/* Keep the compiler happy */ -return NULL; -} - /** Trim the specified elements off the front and back of a string. **/ diff --git a/lib/util/util.h b/lib/util/util.h index 1f6e3b1..defef12 100644 --- a/lib/util/util.h +++ b/lib/util/util.h @@ -767,13 +767,6 @@ bool pm_process( const char *fileName, bool (*pfunc)(const char *, const char *, void *), void *userdata); -/** - * Add-on to talloc_get_type - */ -_PUBLIC_ void *talloc_check_name_abort(const void *ptr, const char *name); -#define talloc_get_type_abort(ptr, type) \ - (type *)talloc_check_name_abort(ptr, #type) - bool unmap_file(void *start, size_t size); void print_asc(int level, const uint8_t *buf,int len); diff --git a/source3/include/includes.h b/source3/include/includes.h index ca918b3..b48a755 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -584,10 +584,6 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx); #include ../lib/util/time.h #include ../lib/util/asn1.h -/* And a little
[SCM] CTDB repository - branch master updated - ctdb-1.0.72-13-gecf26af
The branch, master has been updated via ecf26af22245d0f55aded50e8768b0c21495f98c (commit) via 432604a1435cd2b5a7178fb5aedf1d4b61bffeb9 (commit) from ef9dc810c4309e8eba18d015c73c1b5d0760a4e8 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit ecf26af22245d0f55aded50e8768b0c21495f98c Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Mar 4 07:25:26 2009 +1100 new version 1.0.73 commit 432604a1435cd2b5a7178fb5aedf1d4b61bffeb9 Author: root r...@rcn1.vsofs1.com Date: Wed Mar 4 07:21:55 2009 +1100 Add a variable CTDB_NFS_SKIP_SHARE_CHECK to sysconfig that can disable the check that all shares are accessable. This can take very long if there are very many shares and is in that case better to implement in a separate cronjob than in ctdb eventscript --- Summary of changes: config/ctdb.sysconfig |1 + config/events.d/60.nfs |6 -- packaging/RPM/ctdb.spec |5 - 3 files changed, 9 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/config/ctdb.sysconfig b/config/ctdb.sysconfig index 25c2958..db5d16c 100644 --- a/config/ctdb.sysconfig +++ b/config/ctdb.sysconfig @@ -46,6 +46,7 @@ # of them are available during each monitoring interval. # In that case this check can be disabled # CTDB_SAMBA_SKIP_SHARE_CHECK=yes +# CTDB_NFS_SKIP_SHARE_CHECK=yes # specify which ports we should check that there is a daemon listening to # by default we use testparm and look in smb.conf to figure out. diff --git a/config/events.d/60.nfs b/config/events.d/60.nfs index b3b0e69..b5cd819 100755 --- a/config/events.d/60.nfs +++ b/config/events.d/60.nfs @@ -98,8 +98,10 @@ case $cmd in ctdb_check_rpc NFS 13 3 # and that its directories are available - nfs_dirs=$(exportfs | grep -v '^#' | grep '^/' | awk {'print $1;'}) - ctdb_check_directories nfs $nfs_dirs + [ $CTDB_NFS_SKIP_SHARE_CHECK = yes ] || { + nfs_dirs=$(exportfs | grep -v '^#' | grep '^/' | awk {'print $1;'}) + ctdb_check_directories nfs $nfs_dirs + } # check that lockd responds to rpc requests ctdb_check_rpc lockd 100021 1 diff --git a/packaging/RPM/ctdb.spec b/packaging/RPM/ctdb.spec index 08c5c90..66ca330 100644 --- a/packaging/RPM/ctdb.spec +++ b/packaging/RPM/ctdb.spec @@ -4,7 +4,7 @@ Summary: Clustered TDB Vendor: Samba Team Packager: Samba Team sa...@samba.org Name: ctdb -Version: 1.0.72 +Version: 1.0.73 Release: 1 Epoch: 0 License: GNU GPL version 3 @@ -128,6 +128,9 @@ fi %{_includedir}/ctdb_private.h %changelog +* Wed Mar 4 2009 : Version 1.0.73 + - Add possibility to disable the check of shares for NFS and Samba + - From Sumit Bose, fix dependencies so make -j works * Wed Feb 18 2009 : Version 1.0.72 - Updates to test scripts by martin s - Adding a COPYING file -- CTDB repository
[SCM] CTDB repository - tag ctdb-1.0.73 created - ctdb-1.0.72-13-gecf26af
The tag, ctdb-1.0.73 has been created at ecf26af22245d0f55aded50e8768b0c21495f98c (commit) - Log - commit ecf26af22245d0f55aded50e8768b0c21495f98c Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Wed Mar 4 07:25:26 2009 +1100 new version 1.0.73 --- -- CTDB repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-137-g243d4e8
The branch, master has been updated via 243d4e8a0846f9b873573ec504fb2f811be7d25c (commit) from b00204a46153a406a6c63792b1939bd3ad74ba71 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 243d4e8a0846f9b873573ec504fb2f811be7d25c Author: Tim Prouty tpro...@samba.org Date: Fri Feb 27 16:25:31 2009 -0800 s3 OneFS: Add parameter to ignore streams --- Summary of changes: source3/modules/onefs_config.h |2 ++ source3/modules/onefs_open.c|2 +- source3/modules/onefs_streams.c |7 ++- source3/modules/vfs_onefs.c |9 - 4 files changed, 17 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/onefs_config.h b/source3/modules/onefs_config.h index 27cbb0a..f0f48e6 100644 --- a/source3/modules/onefs_config.h +++ b/source3/modules/onefs_config.h @@ -64,6 +64,8 @@ enum onefs_acl_wire_format #define PARM_DOT_SNAP_TILDE_DEFAULT true #define PARM_IGNORE_SACLS ignore sacls #define PARM_IGNORE_SACLS_DEFAULT false +#define PARM_IGNORE_STREAMS ignore streams +#define PARM_IGNORE_STREAMS_DEFAULT false #define PARM_MTIME_NOW mtime now files #define PARM_MTIME_NOW_DEFAULT NULL #define PARM_MTIME_STATIC mtime static files diff --git a/source3/modules/onefs_open.c b/source3/modules/onefs_open.c index 9043be8..d3ba0ac 100644 --- a/source3/modules/onefs_open.c +++ b/source3/modules/onefs_open.c @@ -196,7 +196,7 @@ static NTSTATUS onefs_open_file(files_struct *fsp, base, stream); } /* It's a stream, so pass in the base_fd */ - if (stream != NULL) { + if ((conn-fs_capabilities FILE_NAMED_STREAMS) stream != NULL) { SMB_ASSERT(fsp-base_fsp); /* diff --git a/source3/modules/onefs_streams.c b/source3/modules/onefs_streams.c index 9f5d5e2..05b36d7 100644 --- a/source3/modules/onefs_streams.c +++ b/source3/modules/onefs_streams.c @@ -671,6 +671,11 @@ NTSTATUS onefs_streaminfo(vfs_handle_struct *handle, state.streams = NULL; state.num_streams = 0; + if (lp_parm_bool(SNUM(handle-conn), PARM_ONEFS_TYPE, + PARM_IGNORE_STREAMS, PARM_IGNORE_STREAMS_DEFAULT)) { + goto out; + } + /* Add the default stream. */ if (S_ISREG(sbuf.st_mode)) { if (!add_one_stream(mem_ctx, @@ -702,7 +707,7 @@ NTSTATUS onefs_streaminfo(vfs_handle_struct *handle, return state.status; } } - + out: *num_streams = state.num_streams; *streams = state.streams; return NT_STATUS_OK; diff --git a/source3/modules/vfs_onefs.c b/source3/modules/vfs_onefs.c index f277245..2ec6e06 100644 --- a/source3/modules/vfs_onefs.c +++ b/source3/modules/vfs_onefs.c @@ -222,7 +222,14 @@ static int onefs_ntimes(vfs_handle_struct *handle, const char *fname, static uint32_t onefs_fs_capabilities(struct vfs_handle_struct *handle) { - return SMB_VFS_NEXT_FS_CAPABILITIES(handle) | FILE_NAMED_STREAMS; + uint32_t result = 0; + + if (!lp_parm_bool(SNUM(handle-conn), PARM_ONEFS_TYPE, + PARM_IGNORE_STREAMS, PARM_IGNORE_STREAMS_DEFAULT)) { + result |= FILE_NAMED_STREAMS; + } + + return result | SMB_VFS_NEXT_FS_CAPABILITIES(handle); } static vfs_op_tuple onefs_ops[] = { -- Samba Shared Repository
Build status as of Wed Mar 4 00:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-03-03 00:00:19.0 + +++ /home/build/master/cache/broken_results.txt 2009-03-04 00:00:21.0 + @@ -1,9 +1,9 @@ -Build status as of Tue Mar 3 00:00:02 2009 +Build status as of Wed Mar 4 00:00:02 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 28 6 0 +ccache 29 6 0 ctdb 0 0 0 distcc 0 0 0 ldb 29 29 0 @@ -11,13 +11,13 @@ lorikeet-heimdal 26 14 0 pidl 20 3 0 ppp 12 0 0 -rsync29 9 0 +rsync28 10 0 samba-docs 0 0 0 samba-gtk5 5 0 samba_3_X_devel 28 25 0 samba_3_X_test 27 27 0 -samba_4_0_test 29 28 1 +samba_4_0_test 29 28 3 smb-build28 6 0 -talloc 29 29 0 +talloc 28 29 0 tdb 27 8 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-138-g35f4ea2
The branch, master has been updated via 35f4ea221e75ebb4101cbacc6bc24bd1a3604f0f (commit) from 243d4e8a0846f9b873573ec504fb2f811be7d25c (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 35f4ea221e75ebb4101cbacc6bc24bd1a3604f0f Author: Jeremy Allison j...@samba.org Date: Tue Mar 3 16:08:56 2009 -0800 Fix bug #6155 - force group is no longer working as expected. We need to store the force group uid separately from the conn-server_info token as we need to apply it separately also. Volker PLEASE CHECK ! Jeremy. --- Summary of changes: source3/include/smb.h |6 ++ source3/smbd/conn.c|1 + source3/smbd/service.c |8 source3/smbd/uid.c | 11 --- 4 files changed, 23 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/smb.h b/source3/include/smb.h index 59c3c32..a0140fe 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -573,6 +573,12 @@ typedef struct connection_struct { */ struct auth_serversupplied_info *server_info; + /* +* If the force group parameter is set, this is the primary gid that +* may be used in the users token, depending on the vuid using this tid. +*/ + gid_t force_group_gid; + char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */ uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */ diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index 4b467b0..a52f2d2 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -140,6 +140,7 @@ find_again: return NULL; } conn-cnum = i; + conn-force_group_gid = (gid_t)-1; bitmap_set(bmap, i); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index dcdd69f..eb16a26 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -833,6 +833,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *pstatus = status; return NULL; } + + /* +* We need to cache this gid, to use within +* change_to_user() separately from the conn-server_info +* struct. We only use conn-server_info directly if +* force_user was set. +*/ + conn-force_group_gid = conn-server_info-utok.gid; } conn-vuid = (vuser != NULL) ? vuser-vuid : UID_FIELD_INVALID; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 4f059bd..f8c55b1 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -254,6 +254,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid) if((group_c = *lp_force_group(snum))) { + SMB_ASSERT(conn-force_group_gid != (gid_t)-1); + if(group_c == '+') { /* @@ -266,15 +268,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid) int i; for (i = 0; i num_groups; i++) { if (group_list[i] - == conn-server_info-utok.gid) { - gid = conn-server_info-utok.gid; + == conn-force_group_gid) { + conn-server_info-utok.gid = + conn-force_group_gid; + gid = conn-force_group_gid; gid_to_sid(conn-server_info-ptok -user_sids[1], gid); break; } } } else { - gid = conn-server_info-utok.gid; + conn-server_info-utok.gid = conn-force_group_gid; + gid = conn-force_group_gid; gid_to_sid(conn-server_info-ptok-user_sids[1], gid); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5034-gda340c6
The branch, v3-3-test has been updated via da340c674d52d79cd4c45ab961a8fd7a204f7a67 (commit) from c4d05e8e1fc776dd9c528513346256cf35c9f226 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit da340c674d52d79cd4c45ab961a8fd7a204f7a67 Author: Jeremy Allison j...@samba.org Date: Tue Mar 3 16:05:47 2009 -0800 Fix bug #6155 - force group is no longer working as expected. We need to store the force group uid separately from the conn-server_info token as we need to apply it separately also. Volker PLEASE CHECK ! Jeremy. --- Summary of changes: source/include/smb.h |6 ++ source/smbd/conn.c|1 + source/smbd/service.c |8 source/smbd/uid.c | 11 --- 4 files changed, 23 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source/include/smb.h b/source/include/smb.h index a98d151..56d9461 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -597,6 +597,12 @@ typedef struct connection_struct { */ struct auth_serversupplied_info *server_info; + /* +* If the force group parameter is set, this is the primary gid that +* may be used in the users token, depending on the vuid using this tid. +*/ + gid_t force_group_gid; + char client_address[INET6_ADDRSTRLEN]; /* String version of client IP address. */ uint16 vuid; /* vuid of user who *opened* this connection, or UID_FIELD_INVALID */ diff --git a/source/smbd/conn.c b/source/smbd/conn.c index 7f34d2b..a6eafcf 100644 --- a/source/smbd/conn.c +++ b/source/smbd/conn.c @@ -145,6 +145,7 @@ find_again: return NULL; } conn-cnum = i; + conn-force_group_gid = (gid_t)-1; bitmap_set(bmap, i); diff --git a/source/smbd/service.c b/source/smbd/service.c index c39584a..5e75fce 100644 --- a/source/smbd/service.c +++ b/source/smbd/service.c @@ -834,6 +834,14 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, *pstatus = status; return NULL; } + + /* +* We need to cache this gid, to use within +* change_to_user() separately from the conn-server_info +* struct. We only use conn-server_info directly if +* force_user was set. +*/ + conn-force_group_gid = conn-server_info-utok.gid; } conn-vuid = (vuser != NULL) ? vuser-vuid : UID_FIELD_INVALID; diff --git a/source/smbd/uid.c b/source/smbd/uid.c index 119a155..02f8cc9 100644 --- a/source/smbd/uid.c +++ b/source/smbd/uid.c @@ -256,6 +256,8 @@ bool change_to_user(connection_struct *conn, uint16 vuid) if((group_c = *lp_force_group(snum))) { + SMB_ASSERT(conn-force_group_gid != (gid_t)-1); + if(group_c == '+') { /* @@ -268,15 +270,18 @@ bool change_to_user(connection_struct *conn, uint16 vuid) int i; for (i = 0; i num_groups; i++) { if (group_list[i] - == conn-server_info-utok.gid) { - gid = conn-server_info-utok.gid; + == conn-force_group_gid) { + conn-server_info-utok.gid = + conn-force_group_gid; + gid = conn-force_group_gid; gid_to_sid(conn-server_info-ptok -user_sids[1], gid); break; } } } else { - gid = conn-server_info-utok.gid; + conn-server_info-utok.gid = conn-force_group_gid; + gid = conn-force_group_gid; gid_to_sid(conn-server_info-ptok-user_sids[1], gid); } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-139-gef89c4b
The branch, master has been updated via ef89c4bc0db2e9ba48f4dac1fd381e4cc6c8ca7d (commit) from 35f4ea221e75ebb4101cbacc6bc24bd1a3604f0f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit ef89c4bc0db2e9ba48f4dac1fd381e4cc6c8ca7d Author: Tim Prouty tpro...@samba.org Date: Tue Mar 3 16:47:48 2009 -0800 s3 passdb: Add back some useful debug statements Originally removed in be1dfff02d562e42a7847bd02fed8538630d3f41 --- Summary of changes: source3/passdb/lookup_sid.c | 42 -- 1 files changed, 24 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c index 10ff36d..9c20042 100644 --- a/source3/passdb/lookup_sid.c +++ b/source3/passdb/lookup_sid.c @@ -1309,15 +1309,18 @@ void uid_to_sid(DOM_SID *psid, uid_t uid) /* Not in cache. Ask winbindd. */ if (!winbind_uid_to_sid(psid, uid)) { /* -* We shouldn't return the NULL SID -* here if winbind was running and -* couldn't map, as winbind will have -* added a negative entry that will -* cause us to go though the -* legacy_uid_to_sid() -* function anyway in the case above -* the next time we ask. -*/ +* We shouldn't return the NULL SID +* here if winbind was running and +* couldn't map, as winbind will have +* added a negative entry that will +* cause us to go though the +* legacy_uid_to_sid() +* function anyway in the case above +* the next time we ask. +*/ + DEBUG(5, (uid_to_sid: winbind failed to find a sid + for uid %u\n, uid)); + legacy_uid_to_sid(psid, uid); return; } @@ -1359,15 +1362,18 @@ void gid_to_sid(DOM_SID *psid, gid_t gid) /* Not in cache. Ask winbindd. */ if (!winbind_gid_to_sid(psid, gid)) { /* -* We shouldn't return the NULL SID -* here if winbind was running and -* couldn't map, as winbind will have -* added a negative entry that will -* cause us to go though the -* legacy_gid_to_sid() -* function anyway in the case above -* the next time we ask. -*/ +* We shouldn't return the NULL SID +* here if winbind was running and +* couldn't map, as winbind will have +* added a negative entry that will +* cause us to go though the +* legacy_gid_to_sid() +* function anyway in the case above +* the next time we ask. +*/ + DEBUG(5, (gid_to_sid: winbind failed to find a sid + for gid %u\n, gid)); + legacy_gid_to_sid(psid, gid); return; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5035-g784a9ae
The branch, v3-3-test has been updated via 784a9ae6fed4169b2e21608a1963a2b9af8c47fc (commit) from da340c674d52d79cd4c45ab961a8fd7a204f7a67 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit 784a9ae6fed4169b2e21608a1963a2b9af8c47fc Author: Tim Prouty tpro...@samba.org Date: Tue Mar 3 16:47:48 2009 -0800 s3 passdb: Add back some useful debug statements Originally removed in be1dfff02d562e42a7847bd02fed8538630d3f41 --- Summary of changes: source/passdb/lookup_sid.c | 42 -- 1 files changed, 24 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index ec42587..2a5eacd 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -1309,15 +1309,18 @@ void uid_to_sid(DOM_SID *psid, uid_t uid) /* Not in cache. Ask winbindd. */ if (!winbind_uid_to_sid(psid, uid)) { /* -* We shouldn't return the NULL SID -* here if winbind was running and -* couldn't map, as winbind will have -* added a negative entry that will -* cause us to go though the -* legacy_uid_to_sid() -* function anyway in the case above -* the next time we ask. -*/ +* We shouldn't return the NULL SID +* here if winbind was running and +* couldn't map, as winbind will have +* added a negative entry that will +* cause us to go though the +* legacy_uid_to_sid() +* function anyway in the case above +* the next time we ask. +*/ + DEBUG(5, (uid_to_sid: winbind failed to find a sid + for uid %u\n, uid)); + legacy_uid_to_sid(psid, uid); return; } @@ -1359,15 +1362,18 @@ void gid_to_sid(DOM_SID *psid, gid_t gid) /* Not in cache. Ask winbindd. */ if (!winbind_gid_to_sid(psid, gid)) { /* -* We shouldn't return the NULL SID -* here if winbind was running and -* couldn't map, as winbind will have -* added a negative entry that will -* cause us to go though the -* legacy_gid_to_sid() -* function anyway in the case above -* the next time we ask. -*/ +* We shouldn't return the NULL SID +* here if winbind was running and +* couldn't map, as winbind will have +* added a negative entry that will +* cause us to go though the +* legacy_gid_to_sid() +* function anyway in the case above +* the next time we ask. +*/ + DEBUG(5, (gid_to_sid: winbind failed to find a sid + for gid %u\n, gid)); + legacy_gid_to_sid(psid, gid); return; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-143-g8ee0cc2
The branch, master has been updated via 8ee0cc24b8302097bccae7891cb6f9c0547a1815 (commit) via 52542e1affbaad3a29d913ced06f6c5ae0d7b4ad (commit) via 952bdffaadebe8fc147c69da160ddd83e1d03245 (commit) via 44c94b6c66b00807d58233550cf8915566cb97d0 (commit) from ef89c4bc0db2e9ba48f4dac1fd381e4cc6c8ca7d (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8ee0cc24b8302097bccae7891cb6f9c0547a1815 Merge: 52542e1affbaad3a29d913ced06f6c5ae0d7b4ad ef89c4bc0db2e9ba48f4dac1fd381e4cc6c8ca7d Author: Andrew Bartlett abart...@samba.org Date: Wed Mar 4 14:10:41 2009 +1100 Merge branch 'master' of ssh://git.samba.org/data/git/samba into abartlet-devel commit 52542e1affbaad3a29d913ced06f6c5ae0d7b4ad Author: Andrew Bartlett abart...@samba.org Date: Wed Mar 4 14:06:11 2009 +1100 Pull in all the schema information during DRS schema fetch This includes things such as allowed attributes, which were not populated into the schema structure before. Andrew Bartlett commit 952bdffaadebe8fc147c69da160ddd83e1d03245 Author: Andrew Bartlett abart...@samba.org Date: Wed Mar 4 14:02:35 2009 +1100 Don't print the admin password if we don't set one. For example, if we don't create the admin user (perhaps expecting users to be in LDAP already, or we are due an incoming replication) we should not confuse the administrator by printing a unused password. Andrew Bartlett commit 44c94b6c66b00807d58233550cf8915566cb97d0 Author: Andrew Bartlett abart...@samba.org Date: Wed Mar 4 13:58:07 2009 +1100 Allow 'net vampire' to work without an existing smb.conf Now the provision can generate one based on the detected settings from the target domain. Andrew Bartlett --- Summary of changes: source4/dsdb/schema/schema_init.c | 47 +- source4/param/provision.c |8 +++- source4/param/util.c|2 +- source4/scripting/python/samba/provision.py |3 +- 4 files changed, 47 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index fbd8946..a67aecd 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -1202,6 +1202,34 @@ static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb } \ } while (0) +#define GET_STRING_LIST_DS(s, r, attr, mem_ctx, p, elem, strict) do { \ + int get_string_list_counter;\ + struct drsuapi_DsReplicaAttribute *_a; \ + _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ + if (strict !_a) { \ + d_printf(%s: %s == NULL\n, __location__, attr); \ + return WERR_INVALID_PARAM; \ + } \ + (p)-elem = _a ? talloc_array(mem_ctx, const char *, _a-value_ctr.num_values + 1) : NULL; \ +for (get_string_list_counter=0; \ +_a get_string_list_counter _a-value_ctr.num_values; \ +get_string_list_counter++) { \ + size_t _ret;\ + if (!convert_string_talloc_convenience(mem_ctx, s-iconv_convenience, CH_UTF16, CH_UNIX, \ + _a-value_ctr.values[get_string_list_counter].blob-data, \ + _a-value_ctr.values[get_string_list_counter].blob-length, \ + (void **)discard_const((p)-elem[get_string_list_counter]), _ret, false)) { \ + DEBUG(0,(%s: invalid data!\n, attr)); \ + dump_data(0, \ + _a-value_ctr.values[get_string_list_counter].blob-data, \ + _a-value_ctr.values[get_string_list_counter].blob-length); \ + return WERR_FOOBAR; \ + } \ + (p)-elem[get_string_list_counter+1] = NULL;\ + } \ + talloc_steal(mem_ctx, (p)-elem); \ +} while (0) + #define GET_DN_DS(s, r, attr, mem_ctx, p, elem, strict) do { \ struct drsuapi_DsReplicaAttribute *_a; \ _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ @@ -1412,17 +1440,18 @@ WERROR dsdb_class_from_drsuapi(struct dsdb_schema *schema, GET_STRING_DS(schema, r, subClassOf, mem_ctx, obj, subClassOf, true); - obj-systemAuxiliaryClass = NULL; - obj-systemPossSuperiors= NULL; - obj-systemMustContain = NULL; -
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-149-g27cf239
The branch, master has been updated via 27cf23958b02b05becce6e7c68347f6fea5b7845 (commit) via b99bb962aa70f8584212f18ba6368513e7485f5e (commit) via 8ae34cc9946e54297e800190980af32ef56c4ca1 (commit) via 40da086fe0e2f12d7e23ca75711ceceecbd61105 (commit) via d52e81311733c7f119b5765eddb37eb2554ce281 (commit) via c51e5a23fbeda9ece5697c3c5b60a813ec33010e (commit) from 8ee0cc24b8302097bccae7891cb6f9c0547a1815 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 27cf23958b02b05becce6e7c68347f6fea5b7845 Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 3 16:45:41 2009 +0100 socket_wrapper: add multiple interface support for ipv6 We use FD00::5357:5FXX in the same way we use 127.0.0.XX metze commit b99bb962aa70f8584212f18ba6368513e7485f5e Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 3 15:43:22 2009 +0100 socket_wrapper: add ipv6 pcap support metze commit 8ae34cc9946e54297e800190980af32ef56c4ca1 Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 3 15:17:26 2009 +0100 socket_wrapper: pass down sockaddr instead of sockaddr_in to prepare pcap support for ipv6 metze commit 40da086fe0e2f12d7e23ca75711ceceecbd61105 Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 3 14:58:53 2009 +0100 socket_wrapper: prepare pcap support for ipv6 traffic metze commit d52e81311733c7f119b5765eddb37eb2554ce281 Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 3 19:23:25 2009 +0100 s4:blackbox/test_ldb: make use of the $VALGRIND envvar metze commit c51e5a23fbeda9ece5697c3c5b60a813ec33010e Author: Stefan Metzmacher me...@samba.org Date: Tue Mar 3 19:20:43 2009 +0100 socket_wrapper: don't crash if we get EAGAIN from real_recv() This fixes a crash in the ldaps tests with socket wrapper pcap support. metze --- Summary of changes: lib/socket_wrapper/socket_wrapper.c | 569 ++- testprogs/blackbox/test_ldb.sh |2 +- 2 files changed, 364 insertions(+), 207 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/socket_wrapper/socket_wrapper.c b/lib/socket_wrapper/socket_wrapper.c index 1e39277..f9ef48e 100644 --- a/lib/socket_wrapper/socket_wrapper.c +++ b/lib/socket_wrapper/socket_wrapper.c @@ -145,7 +145,16 @@ #define MAX_WRAPPED_INTERFACES 16 -#define SW_IPV6_ADDRESS 1 +#ifdef HAVE_IPV6 +/* + * FD00::5357:5FXX + */ +static const struct in6_addr swrap_ipv6 = +{ { { +0xFD,0x00,0x00,0x00,0x00,0x00,0x00,0x00, +0x00,0x00,0x00,0x00,0x53,0x57,0x5F,0x00 +} } }; +#endif static struct sockaddr *sockaddr_dup(const void *data, socklen_t len) { @@ -295,7 +304,8 @@ static int convert_un_in(const struct sockaddr_un *un, struct sockaddr *in, sock memset(in2, 0, sizeof(*in2)); in2-sin6_family = AF_INET6; - in2-sin6_addr.s6_addr[0] = SW_IPV6_ADDRESS; + in2-sin6_addr = swrap_ipv6; + in2-sin6_addr.s6_addr[15] = iface; in2-sin6_port = htons(prt); *len = sizeof(*in2); @@ -367,6 +377,7 @@ static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *i case AF_INET6: { const struct sockaddr_in6 *in = (const struct sockaddr_in6 *)inaddr; + struct in6_addr cmp; switch (si-type) { case SOCK_STREAM: @@ -380,8 +391,16 @@ static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *i /* XXX no multicast/broadcast */ prt = ntohs(in-sin6_port); - iface = SW_IPV6_ADDRESS; - + + cmp = in-sin6_addr; + cmp.s6_addr[15] = 0; + if (IN6_ARE_ADDR_EQUAL(swrap_ipv6, cmp)) { + iface = in-sin6_addr.s6_addr[15]; + } else { + errno = ENETUNREACH; + return -1; + } + break; } #endif @@ -474,6 +493,7 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in case AF_INET6: { const struct sockaddr_in6 *in = (const struct sockaddr_in6 *)inaddr; + struct in6_addr cmp; switch (si-type) { case SOCK_STREAM: @@ -487,13 +507,21 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in /* XXX no multicast/broadcast */ prt = ntohs(in-sin6_port); - iface = SW_IPV6_ADDRESS; - + + cmp = in-sin6_addr; + cmp.s6_addr[15] = 0; + if (IN6_ARE_ADDR_EQUAL(swrap_ipv6, cmp)) { +