[Samba] solution: wbinfo -K not working
Hi! The problem lies in the winbind separator settings. If I use winbind separator = \\ everything goes well. I believe this is due to a bug. As I don't want to register to yet another bugzilla, please someone issue the report there. Explanation: winbindd_raw_kerberos_login uses parse_domain_user to generate the kerberos principal from state-request.data.auth.user at this point state-request.data.auth.user is in form 'DOMAIN\username', regardless the winbind separator setting. parse_domain_user uses winbind separator setting to parse this, so it will fail if the separator is anything but '\\' documentation actually suggests to change winbind separator to something other than '\\' 2009/5/28 Árpád Magosányi mag...@rabic.org Dear List! I have the problem described at http://lists.samba.org/archive/samba/2008-February/138451.html It is materialized after an upgrade of samba/winbind. Everything was working before. I could not find the solution neither on the net, nor from people originally having the problem, so here I am. This problem is a showstopper for me. (I can login by changing pam_winbind to pam_krb5, but this does not cache credentials, so I cannot work at home.) Additional informations I figured out: - According to wireshark, winbind (wbinfo -K) tries to authenticate the principal 'RESmagosanyi1a313' instead of 'magosanyi1a313' - There are logs saying Cannot resolve network address for KDC in requested realm and Could not receive trustdoms, which may or may not related to the problem. (see detailed logs below) original problem: Works: kinit wbinfo -u wbinfo -g wbinfo -t Fails: r...@mxln133738# wbinfo -K magosanyi1a313 Enter magosanyi1a313's password: plaintext kerberos password authentication for [magosanyi1a313] failed (requesting cctype: FILE) error code was NT_STATUS_NO_SUCH_USER (0xc064) error messsage was: No such user Could not authenticate user [magosanyi1a313] with Kerberos (ccache: FILE) smb.conf: [global] client signing = yes client schannel = no client use spnego = yes client lanman auth = no client NTLMv2 auth = yes client plaintext auth = no # idmap domains = RES # idmap config RES:backend = ad # idmap config RES:default = yes # idmap config RES:schema_mode = rfc2307 # idmap config RES:range = 1000 - 3 # dns_lookup_kdc = false workgroup = RES realm = RES.HU.CORP preferred master = no security = ADS encrypt passwords = true syslog only = yes syslog = 3 log level = 3 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind nested groups = Yes winbind separator = + winbind refresh tickets = true winbind offline logon = yes winbind cache time = 300 winbind normalize names = yes winbind offline logon = yes use kerberos keytab = Yes idmap uid = 3000-2 idmap gid = 3000-2 #idmap backend = idmap_rid:RES=3000-2 ;template primary group = Domain Users template shell = /bin/bash winbind version: magosanyi1a...@mxln133738$ dpkg -l winbind Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name VersionDescription +++-==-==- ii winbind2:3.3.2-1ubuntu3 Samba nameservice integration server May 28 19:11:53 mxln133738 winbindd[17221]: [2009/05/28 19:11:53, 2] lib/tallocmsg.c:register_msg_pool_usage(106) May 28 19:11:53 mxln133738 winbindd[17221]: Registered MSG_REQ_POOL_USAGE May 28 19:11:53 mxln133738 winbindd[17221]: [2009/05/28 19:11:53, 2] lib/dmallocmsg.c:register_dmalloc_msgs(77) May 28 19:11:53 mxln133738 winbindd[17221]: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED May 28 19:11:53 mxln133738 winbindd[17221]: [2009/05/28 19:11:53, 2] lib/interface.c:add_interface(340) May 28 19:11:53 mxln133738 winbindd[17221]: added interface eth0 ip=10.3.125.42 bcast=10.3.127.255 netmask=255.255.248.0 May 28 19:11:53 mxln133738 winbindd[17221]: [2009/05/28 19:11:53, 2] lib/interface.c:add_interface(340) May 28 19:11:53 mxln133738 winbindd[17221]: added interface eth0 ip=10.3.125.42 bcast=10.3.127.255 netmask=255.255.248.0 May 28 19:11:54 mxln133738 winbindd[17222]: [2009/05/28 19:11:54, 1] lib/util_tdb.c:tdb_validate_and_backup(1426) May 28 19:11:54 mxln133738 winbindd[17222]: tdb '/var/cache/samba/winbindd_cache.tdb' is valid May 28 19:12:07 mxln133738 winbindd[17222]: [2009/05/28 19:12:07, 1] lib/util_tdb.c:tdb_validate_and_backup(1436) May 28 19:12:07 mxln133738 winbindd[17222]: Created backup '/var/cache/samba/winbindd_cache.tdb.bak' of
[Samba] feature request: winbind use cached credentials more agressively
Hi! Winbind is rather suboptimally reacts to networking changes. I use my notebook in at least 3 different network settings, in one of them I have very probabilistic access to DCs (cisco vpn client is a crap). An nss lookup sometimes takes very looong, sometimes even returns failure. Sometimes I have to login as root and restart winbind to get to my X session past the screensaver. This is far from production quality. I guess the end-user feeling could be heightened by using cached credentials more agressively. As wast majority of nss lookups are for data already obtained, it might be wise to serve it from cache, and refresh it asynchronously. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba Mapped Shares Question
Hi All, I have two HP-UX servers - one called Prod11 running HP11.11 with Samba 3.0.7 and the other called Zarwin running HP11.00 with Samba 2.0.6. My username is a16609. On Prod11 when connecting it comes back as Prod11\a16609 and I can successfully get onto the share. However when connecting on Zarwin it comes back as UK\a16609 and the connection fails unless I physically delete the UK bit and replace with Zarwin. How can I get the Zarwin bit to appear automatically just like the Prod11 one does. The smb.conf files on both Prod11 and Zarwin are the same (as much as they can be between the two releases). Kind Regards - Mark Parsons. Ernst Young is proud to bring you Entrepreneur Of The Year - the prestigious global business awards for entrepreneurs. www.eoy.co.uk This e-mail and any attachment are confidential and contain proprietary information, some or all of which may be legally privileged. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, please notify the author immediately by telephone or by replying to this e-mail, and then delete all copies of the e-mail on your system. If you are not the intended recipient, you must not use, disclose, distribute, copy, print or rely on this e-mail. Whilst we have taken reasonable precautions to ensure that this e-mail and any attachment has been checked for viruses, we cannot guarantee that they are virus free and we cannot accept liability for any damage sustained as a result of software viruses. We would advise that you carry out your own virus checks, especially before opening an attachment. Ernst Young refers to the global organization of member firms of Ernst Young Global Limited, each of which is a separate legal entity. Ernst Young Global Limited, a UK company limited by guarantee, does not provide services to clients. The UK firm Ernst Young LLP is a limited liability partnership registered in England and Wales with registered number OC31 and is a member practice of Ernst Young Global. A list of members' names is available for inspection at 1 More London Place, London, SE1 2AF, the firm's principal place of business and its registered office. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problems starting Server 2008 x64 after added to samba domain
Hi I have a problem with Windows Server Ent (and Std) 2008 x64 running on IBM Blade Center. I can add it to the Samba domain but when I restart it, it comes to Applying computer settings... and if I connect with rdesktop I can see a screen saying Please wait for the group policy client and after some minutes it restarts. I can boot it in Safe mode, remove from domain and it will start with no problem. I have no issues with Server 2008 Ent 32 bit running on PC. Any ideas where can I look for help? I installed all updates and SP2 ... Regards Robert Ludvik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failed search for base: sambaDomainName=MUC, sambaDomainName=MUC, dc=...
Hi, during debuging with level 10 logfile on my PDC, I saw during the joining process off a member server: [2009/05/29 21:27:20, 5] lib/smbldap.c:smbldap_search_ext(1205) smbldap_search_ext: base = [sambaDomainName=MUC,sambaDomainName=MUC,dc=mr,dc=lfmg,dc=de], filter = [((objectClass=sambaTrustedDomainPassword)(sambaDomainName=MUC))], scope = [2] . [2009/05/29 21:27:20, 10] lib/smbldap.c:smbldap_search_ext(1269) Failed search for base: sambaDomainName=MUC,sambaDomainName=MUC,dc=mr,dc=lfmg,dc=de, error: 32 (No such object) () Why does it tries to search in sambaDomainName=MUC,sambaDomainName=MUC,...? Anything to worry about or a change to fix? The full level 10 debug log I put here: http://www.onlyfree.de/php/pasteservice/show.php?id=18659 Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] netlogon_creds_server_check failed. Rejecting auth request from client
Hi, I upgraded my PDC from 3.0.34 to 3.3.4. Now my member server (also 3.3.4) leave the following messages in their log on the PDC: [2009/05/29 21:50:17, 0] rpc_server/srv_netlog_nt.c:_netr_ServerAuthenticate2(546) _netr_ServerAuthenticate2: netlogon_creds_server_check failed. Rejecting auth request from client NUCLEUS machine account NUCLEUS$ I deleted the machine account and rejoined the domain. In this case, this messages also comes up, so I created a debug level 10 logfile of the joining: http://www.onlyfree.de/php/pasteservice/show.php?id=18659 Any idea what cause this message? Clients and connections from the member server are fine. Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Problem with reboot of machine with openLDAP
I'm having a problem with the reboot of a machine. I can get a list of the shares by running smbclient -L BGCFC but if I reboot, I get smbclient -L BGCFC Error connecting to 192.168.10.100 (Connection refused) Connection to BGCFC failed (Error NT_STATUS_CONNECTION_REFUSED) but if I restart slapd it works correctly again. What could be wrong? Thanks -- Matt Burkhardt, M.Sci. Technology Management m...@imparisystems.com (301) 682-7901 502 Fairview Avenue Frederick, MD 21701 http://www.imparisystems.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Kerberos with delegated domain
Ok, here is the set-up. We have a domain that is the main domain, it handles DHCP and DNS for domain.edu. The DNS for domain.edu has NS records to delegate domain.local to our Active Directory. I am able to bind a machine just fine to the Active Directory without having to change any of the client DNS settings (which poing to domain.edu). File services work fine. I'm trying to work out single sign-on with OpenSSH server. I can get it working to itself just fine using either hostname, hostname.domain.local and hostname.edu where hostname is the name of the machine that is sshing to itself. When I have two machines set-up exactly the same, it doesn't work. I've sniffed the traffic and I can see that Kerberos goes through both domains looking for a principle that matches. The problem is that the reverse DNS always sends back hostname.domain.edu, but the service principles are hostname.domain.local. I'm guessing Kerberos uses the rDNS to generate the service principle. Is there some way to have winbind register both FQDNs as service principals automatically on join? If not, how would I add a service principal to the keytab that winbind generates? Or, how can I get Kerberos to use the short version of principal that does not include domain.[edu|local]. I'mreally new to Kerberos at this level and I've spent about a week getting this far. Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host
Hello, I saw on my member servers in winbindd.log sometimes the following message appearing: [2009/05/29 21:51:53, 1] rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(755) cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_OP_RNG_ERROR received from host GENOME, pipe \lsarpc, fnum 0x7101! What does this error mean and how can I fix it? PDC and meber server are running 3.3.4. Regards, Marc Muehlfeld -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with reboot of machine with openLDAP
On Fri, 2009-05-29 at 16:02 -0400, Matt Burkhardt wrote: I'm having a problem with the reboot of a machine. I can get a list of the shares by running smbclient -L BGCFC but if I reboot, I get smbclient -L BGCFC Error connecting to 192.168.10.100 (Connection refused) Connection to BGCFC failed (Error NT_STATUS_CONNECTION_REFUSED) but if I restart slapd it works correctly again. What could be wrong? Can you perform an ldapsearch after rebooting? If not then your problem is with OpenLDAP or DNS and doesn't have anything to do with Samba. Samba is probably failing merely as a consumer of the failed LDAP service. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Problem with reboot of machine with openLDAP
On Fri, 2009-05-29 at 17:09 -0400, Adam Tauno Williams wrote: On Fri, 2009-05-29 at 16:02 -0400, Matt Burkhardt wrote: I'm having a problem with the reboot of a machine. I can get a list of the shares by running smbclient -L BGCFC but if I reboot, I get smbclient -L BGCFC Error connecting to 192.168.10.100 (Connection refused) Connection to BGCFC failed (Error NT_STATUS_CONNECTION_REFUSED) but if I restart slapd it works correctly again. What could be wrong? Can you perform an ldapsearch after rebooting? If not then your problem is with OpenLDAP or DNS and doesn't have anything to do with Samba. Samba is probably failing merely as a consumer of the failed LDAP service. Yes, I can do an ldapsearch - it works fine. -- Matt Burkhardt, M.Sci. Technology Management m...@imparisystems.com (301) 682-7901 502 Fairview Avenue Frederick, MD 21701 http://www.imparisystems.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Kerberos with delegated domain
On Fri, May 29, 2009 at 2:33 PM, Robert LeBlanc rob...@leblancnet.uswrote: Ok, here is the set-up. We have a domain that is the main domain, it handles DHCP and DNS for domain.edu. The DNS for domain.edu has NS records to delegate domain.local to our Active Directory. I am able to bind a machine just fine to the Active Directory without having to change any of the client DNS settings (which poing to domain.edu). File services work fine. I'm trying to work out single sign-on with OpenSSH server. I can get it working to itself just fine using either hostname, hostname.domain.local and hostname.edu where hostname is the name of the machine that is sshing to itself. When I have two machines set-up exactly the same, it doesn't work. I've sniffed the traffic and I can see that Kerberos goes through both domains looking for a principle that matches. The problem is that the reverse DNS always sends back hostname.domain.edu, but the service principles are hostname.domain.local. I'm guessing Kerberos uses the rDNS to generate the service principle. Is there some way to have winbind register both FQDNs as service principals automatically on join? If not, how would I add a service principal to the keytab that winbind generates? Or, how can I get Kerberos to use the short version of principal that does not include domain.[edu|local]. I'mreally new to Kerberos at this level and I've spent about a week getting this far. Thanks, Robert I've tried setting up a mapping in the domain_realm section of /etc/krb5.conf like: .domain.com = DOMAIN.LOCAL but that didn't help. Then I found for the libdefaults section: rdns = no and that seems to work. It seems to use just the short name which winbind does populate in the keytab. I don't think anyone outside of our area could spoof the short name because they won't have access to the computer object in the AD. A computer with the same name would have a different key so it wouldn't match. Is there anything I'm missing that I should be conserned about? Thanks, Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] App fails writing file but zero length file on Samba server
On Thu, May 28, 2009 at 08:57:26AM +0800, Colin Coe wrote:
Hi all
I've googled but not found any thing on the problem I'm having.
I'm contracting with a utilities company that uses General Electric's
ENMAC software. This runs on RHEL4 and makes use of Samba but it only
works with Samba 1.9.18p10 compiled with this patch:
---
diff -Naur samba-1.9.18p10/source/includes.h
samba-1.9.18p10_good/source/includes.h
--- samba-1.9.18p10/source/includes.h 1998-08-20 07:41:46.0 +0800
+++ samba-1.9.18p10_good/source/includes.h 2008-01-11
10:39:49.0 +0900
@@ -1176,7 +1177,7 @@
#include sys/ipc.h
#include sys/sem.h
#include sys/shm.h
-#ifdef NO_SEMUN
+#ifdef _SEM_SEMUN_UNDEFINED
union semun {
int val;
struct semid_ds *buf;
---
As I'm trying to streamline the building of these servers, I thought
I'd try upgrading Samba to a reasonably current version. I'm trying
with latest version of Samba shipped by RedHat (3.0.33-0.17.el4).
When an edit is made and then saved in the application, the
application responds with 'Failed to open file for writing' and on the
Samba server a zero length file of the correct name appears. This
works just fine with the patched Samba 1.9.18p10.
The smb.conf files are attached.
Does anyone have any ideas on how to make this work without patching Samba?
Wow, it's a long time since I've seen anyone using such a vintage
version of Samba. 1.9.18p10 was definately a popular build :-).
Can you try using the latest version of Samba, 3.3.4, and see if
the problem is reproducible ? If so, we'll ask you to open a bug
report and get more data.
Thanks,
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Client driver installation
Gary L. Greene, Jr. wrote: I've an OpenSuSE based server installed at work that uses Samba to share out the prrinters for our users on the AD that will be replacing our aging Windows 2000 print server. I'm in the process of getting the printer drivers installed for Windows clients. At present, I'm installing the drivers for the RICOH Aficio we have. When I run the following command: printmaster:/var/lib/samba/drivers/W32X86 # rpcclient -U ggreene -c adddriver 'Windows NT x86' 'RICOH:RIC641K.DLL:RIC641K.DLL:RIC641U.DLL:RIC641.HLP:NULL:RAW:RIC641K.DLL,RIC641U.DLL,RIC641.HLP,RIC641P.DLL,RIC641C.DLL,RIC641L.DLL,RIC641X.DLL,RIC641S.DLL,RIC641J.DLL,RIC641Q.EXE,RIC641ZU.DLL,RIC641ZK.DLL,RIC641WU.DLL,RIC641WK.DLL,RIC641PI.DLL,RIC641SR.EXE,RIC641CF.DLL,RIC641X.EXE,TrackID.DLL,TIBase64.dll,TIFmtA.dll,RICJC32.dll,JCUI.exe' 3 printmaster I get the following output: result was WERR_UNKNOWN_PRINTER_DRIVER Posting mostly to put some more info in the mailing list archive on this issue. Some magic happened, so I'm afraid this may not be of much help. I had a similar issue setting up a couple of HP LaserJet printers last week using cupsaddsmb. The CUPS queue used HPLIP drivers and the CUPS postscript drivers listed in the cupsaddsmb man page were installed in /usr/share/cups/drivers. The system is Debian Lenny with samba 3.2.5-4lenny2 and cups 1.3.8-1lenny5. It is an AD member server with all the winbind goodness working. OK, hope that wasn't too verbose. The output showed adddriver succeeding and setdriver failed WERR_INVALID_PARAM. Trying to do it manually with rpcclient adddriver succeeded, but setdriver failed with the error WERR_UNKNOWN_PRINTER_DRIVER. From the CUPS web interface, exporting printers to samba returned a success message, but in reality only the adddriver had succeeded, still no setdriver success. Just because nothing else seemed to be working, I changed permissions to 777 for the /var/lib/samba directories where all the printer stuff was supposed to land. Still no joy. After leaving it for a few days, I got back to it yesterday, dumped the print queues from CUPS and readded one. enumprinters showed samba recognized the queues. From the CUPS web interface, export printers to samba reported success. Verifying that with enumprinters and enumdrivers showed that it had indeed succeeded. Adding the second queue to CUPS, enumprinters would not show the second queue. Go through the usual stop and start of services, enumprinters then sees the second queue. Exporting to samba from CUPS web interface succeeds and enumdrivers verifies this to be true. From the client, connecting to \\myawesomesmbserver\myawesomeprinter succeeds, no dialogs about the server not having the driver, and I can print a test page. Now there is joy. So the magic happened somewhere between Friday afternoon when I quit working on it and yesterday when I got back to it and did the same thing I had tried previously. While I do want to know what occurred, I am happy for the moment with knowing that I can now add print queues to samba with drivers. I need to set up quotas, so raw printing isn't going to cut it. Matt -- Matt Richardson IT Consultant College of Arts and Letters CSU San Bernardino work: (909)537-7598 fax: (909)537-5926 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Users can't login on Samba+Ldap
Hi again, I've tested the configuration suggested and found some other problems. After applying the changes to ldap.conf I obtained again that users could logon only to workstation that already had their profile on it (i.e. pc where they already logon in the past). Also I discovered the following things: If I use the command wbinfo -u i got the following answer: Error looking up domain users With smbldap-userlist i got only the user that I previuosly created with smbldap-useradd and none of those imported with pdbedit. The LDAP attributes of users of those two categories are quite different and I think that this is the reason. Users still must be present in /etc/passwd files to logon on network PC Whit smbldap-useradd command I cannot add an user already imported with pdbedit (obviously beacuse the username is already present in the ldap structure): failed to add entry: Already exists at /usr/sbin/smbldap-useradd line 354. And also I cannot change password, delete or modify the same user. If i change the password for a user (imported with pdbedit) with passwd command it can't log on his PC with new or old password until I reset the password to old value. There's a linux file server defined as ROLE_STANDALONE and joined to the domain where new users (create with smbldap-useradd) can't connect while older ones (imported with pdbedit) can. I've found on this server that a little difference in the smb.conf is that the workgroup value is all UPPERCASE. I think that this cover most of the problem that I cannot understand. Maybe they are all generated by the same thing, but I don't know where to begin to troubleshoot this problem. Here you will find some configuration files from my linux PDC: /etc/pam.conf is empty # /etc/pam.d/samba @include common-auth @include common-account @include common-session # etc/pam.d/login auth requisite pam_securetty.so auth requisite pam_nologin.so session required pam_selinux.so close session required pam_env.so readenv=1 session required pam_env.so readenv=1 envfile=/etc/default/locale @include common-auth auth optional pam_group.so session required pam_limits.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard @include common-account @include common-session @include common-password session required pam_selinux.so open # /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ldap.conf contains the following directives: nss_base_passwdou=Users,dc=domain,dc=it?one nss_base_passwdou=Computers,dc=domain,dc=it?one nss_base_shadowou=Users,dc=domain,dc=it?one nss_base_group ou=Groups,dc=domain,dc=it?one If you want I can post also an extract from the slapcat output to show the differences in ldap definitions between user created with smbldap-useradd and those imported with pdbedit. Thanks, Riccardo dogb...@infinito.it wrote: Miguel Medalha wrote: Based on your smb.conf, you must have the following entries in /etc/ldap.conf nss_base_passwdou=Users,dc=DOMAIN,dc=IT?one nss_base_passwdou=Computers,dc=DOMAIN,dc=IT?one nss_base_shadowou=Users,dc=DOMAIN,dc=IT?one nss_base_group ou=Groups,dc=DOMAIN,dc=IT?one Hi, I've tried this configuration and I still have some problems. Trying to connect with a user created only in LDAP (smbldap-useradd) I get the following error in samba log: [2009/05/19 10:59:30, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for utentest [2009/05/19 10:59:30, 0] auth/auth_sam.c:check_sam_security(355) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2009/05/19 10:59:30, 0] passdb/pdb_get_set.c:pdb_get_group_sid(210) pdb_get_group_sid: Failed to find Unix account for utentest If I try to connect with a user that exist in both the LDAP and etc/passwd files I cannot get it to authenticate (error user is invalid or bad password) but I don't get any log in the samba files I can't understand what's wrong with this installation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1879-gf6535d3
The branch, master has been updated
via f6535d3f3f60bf60806795e55ba09ba6d5bcd9a3 (commit)
from 227553f904186112e9218c4a7c8b1b46fef5b897 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f6535d3f3f60bf60806795e55ba09ba6d5bcd9a3
Author: Volker Lendecke v...@samba.org
Date: Fri May 29 09:42:31 2009 +0200
Fix some nonempty blank lines
---
Summary of changes:
source4/ldap_server/ldap_server.c | 22 +++---
1 files changed, 11 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/ldap_server/ldap_server.c
b/source4/ldap_server/ldap_server.c
index a924024..38858ef 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -6,17 +6,17 @@
Copyright (C) Andrew Tridgell 2005
Copyright (C) Volker Lendecke 2004
Copyright (C) Stefan Metzmacher 2004
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see http://www.gnu.org/licenses/.
*/
@@ -77,20 +77,20 @@ static void ldapsrv_process_message(struct
ldapsrv_connection *conn,
ldapsrv_terminate_connection(conn, no memory);
return;
}
-
+
call-request = talloc_steal(call, msg);
call-conn = conn;
call-replies = NULL;
call-send_callback = NULL;
call-send_private = NULL;
-
+
/* make the call */
status = ldapsrv_do_call(call);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(call);
return;
}
-
+
blob = data_blob(NULL, 0);
if (call-replies == NULL) {
@@ -210,7 +210,7 @@ static void ldapsrv_send(struct stream_connection *c,
uint16_t flags)
{
struct ldapsrv_connection *conn =
talloc_get_type(c-private_data, struct ldapsrv_connection);
-
+
packet_queue_run(conn-packet);
}
@@ -294,7 +294,7 @@ static int ldapsrv_load_limits(struct ldapsrv_connection
*conn)
s = sscanf((const char *)el-values[i].data, %255[^=]=%d,
policy_name, policy_value);
if (ret != 2 || policy_value == 0)
continue;
-
+
if (strcasecmp(InitRecvTimeout, policy_name) == 0) {
conn-limits.initial_timeout = policy_value;
continue;
@@ -390,7 +390,7 @@ static void ldapsrv_accept(struct stream_connection *c)
if (conn-sockets.tls) {
packet_set_unreliable_select(conn-packet);
}
-
+
/* Ensure we don't get packets until the database is ready below */
packet_recv_disable(conn-packet);
@@ -399,7 +399,7 @@ static void ldapsrv_accept(struct stream_connection *c)
stream_terminate_connection(c, Failed to init server
credentials\n);
return;
}
-
+
cli_credentials_set_conf(server_credentials, conn-lp_ctx);
status = cli_credentials_set_machine_account(server_credentials,
conn-lp_ctx);
if (!NT_STATUS_IS_OK(status)) {
@@ -483,7 +483,7 @@ static NTSTATUS add_socket(struct tevent_context
*event_context,
if (!ldb) {
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
-
+
if (samdb_is_gc(ldb)) {
port = 3268;
status = stream_setup_socket(event_context, lp_ctx,
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-5279-gde156e6
The branch, v3-3-test has been updated via de156e6ee292ad7fc683d681d7c4b44edba67626 (commit) from 307c73ce8bc29803230c22e3f8abd579c5d90ba2 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log - commit de156e6ee292ad7fc683d681d7c4b44edba67626 Author: Karolin Seeger ksee...@samba.org Date: Fri May 29 09:49:49 2009 +0200 s3/docs: Fix typo. This fixes bug #4341. Thanks to Michael Cartmell michael.cartmell [at] thomson.com for reporting! Karolin (cherry picked from commit 2228cc6a0f942b774bef7fb0b99009897fa4dff4) (cherry picked from commit e1b1f14e0260395a8d452ea0a129bcc9bb3f98cc) --- Summary of changes: docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml index b8bd327..91e9712 100644 --- a/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml +++ b/docs-xml/Samba3-HOWTO/TOSHARG-VFS.xml @@ -276,7 +276,7 @@ quotasettings: gid nolimit = no para indextermprimarylogging/primary/indexterm - This auditing tool is more felxible than most people readily will recognize. There are a number of ways + This auditing tool is more flexible than most people will readily recognize. There are a number of ways by which useful logging information can be recorded. /para -- Samba Shared Repository
