Re: [Samba] Samba 3.3.4 Umlaut in Share comment
Quoting Howard Allison (howard.alli...@pva.sozvers.at): Hi, I just upgraded from 3.0.32 to 3.3.4 on Aix 6.1, and noticed that a 'net view' command from a windows xp workstation fails with a system error 1745. The share works perfectly fine, just the net view command doesn't. This occurs when there is an umlaut in the comment line of the share. Is this WAD? How is the smb.conf file encoded? Is it UTF-8 or ISO-8859-1? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Antwort: Re: [Samba] Samba 3.3.4 Umlaut in Share comment
Re: [Samba] Samba 3.3.4 Umlaut in Share comment Quoting Howard Allison (howard.alli...@pva.sozvers.at): Hi, I just upgraded from 3.0.32 to 3.3.4 on Aix 6.1, and noticed that a 'net view' command from a windows xp workstation fails with a system error 1745. The share works perfectly fine, just the net view command doesn't. This occurs when there is an umlaut in the comment line of the share. Is this WAD? How is the smb.conf file encoded? Is it UTF-8 or ISO-8859-1? -- I assume ISO8859-1(In the smitty 'convert flat file' menu UTF-8 isn't an option for the target - there are a few issues with the utf-8 packages for AIX 6... they don't seem to exist... In any case it's the same smb.conf that worked in 3.0.32...with umlauts... -- VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen bestimmt, an den sie adressiert ist und kann vertrauliche Informationen enthalten. Falls Sie nicht der Empfänger dieser Nachricht sind, weisen wir Sie darauf hin, dass die unberechtigte Weitergabe oder Verwendung sowie das unberechtigte Verteilen oder Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht irrtümlich erhalten haben, vernichten Sie sie bitte sofort. CONFIDENTIALITY: This message is intended only for the use of the individuality or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure. If you are not the intended recipient you are notified that any dissemination, distribution, use or copying of this communication is strictly prohibited. If you received this message in error, please immediately destroy this message. To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Cannot delete files in Samba
Hi, I recently upgraded from Samba 3.0.31 to 3.3.2 on a FreeBSD 6.4 server, and since then, the Windows machines have no right to delete files unless the directory is chmod o+w I tried to play with map read only and 'store dos attribues but not to avail. My FreeBSD server is quite standard, the Samba cnfiguration too. I Googled with no succees. Any clue is much welcome. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Samba+Ldap problems
I'm trying to trobuleshoot my previuos problem from the basics. I've a box setup with Ubuntu, samba and ldap. I have a lot of problems with user authentications. I'm checking if LDAP and PAM ar working together. I've added an user to ldap with smbldap-useradd command (as posix account) and I'm trying to use it to login via ssh. This user cannot authenticate. Here is the result from auth.log and some configurations files: Jun 3 11:02:37 localserver sshd[27372]: Invalid user testmio from 192.168.10.1 Jun 3 11:02:37 localserver sshd[27372]: Failed none for invalid user testmio from 192.168.10.1 port 44352 ssh2 Jun 3 11:02:39 localserver sshd[27372]: pam_unix(sshd:auth): check pass; user unknown Jun 3 11:02:39 localserver sshd[27372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=remoteclient.domain.it Jun 3 11:02:39 localserver sshd[27372]: pam_ldap: error trying to bind as user uid=testmio,ou=Users,dc=domain,dc=it (Invalid credentials) Jun 3 11:02:41 localserver sshd[27372]: Failed password for invalid user testmio from 192.168.10.1 port 44352 ssh2 If I use the command getent passwd I obtain only the account present in /etc/passwd file and none of those included in ldap. /etc/pam.conf is empty # /etc/pam.d/samba @include common-auth @include common-account @include common-session # etc/pam.d/login auth requisite pam_securetty.so auth requisite pam_nologin.so session required pam_selinux.so close session required pam_env.so readenv=1 session required pam_env.so readenv=1 envfile=/etc/default/locale @include common-auth auth optional pam_group.so session required pam_limits.so session optional pam_lastlog.so session optional pam_motd.so session optional pam_mail.so standard @include common-account @include common-session @include common-password session required pam_selinux.so open # /etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ldap.conf contains the following directives: nss_base_passwdou=Users,dc=domain,dc=it?one nss_base_passwdou=Computers,dc=domain,dc=it?one nss_base_shadowou=Users,dc=domain,dc=it?one nss_base_group ou=Groups,dc=domain,dc=it?one -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+Ldap problems
Hi, I'm trying to use it to login via ssh. This user cannot authenticate. Here is the result from auth.log and some configurations files This is not a samba problem but a SSH/Ubuntu/Ldap problem :) You need both packages pam_ldap AND nss_ldap. You need to configure both (configuration is very similar, but there may be some differences). To give a brief explanation: pam_ldap is used by ssh (you need to configure /etc/pam.d/ssh !) to accept the username and password nss_ldap is used by thing slike getent, or to show your correct username and group when you do a ls -l Now it much depends how your LDAP tree is organized, so I cannot give much more advise; what is the objectClass you use for your users? I am surprised to see that user and password belongs to different place in the LDAP tree. I am also surprised that the /etc/pam.d example you give do not contain a single reference to ldap... There are good how-to floating on Google, that work you step by step. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+Ldap problems
Thanks Oliver, I will check all the files in /etc/pam.d My problems are with samba, but after a little troubleshooting I think that some of them are originated at PAM/Ldap level, so I'm checking this first. I've followed the guide taken from Ubuntu site: https://help.ubuntu.com/8.10/serverguide/C/network-authentication.html I think that if I can succeed in authenticating via shell or ssh I can then rule-out pam issues and work on samba configuration. Thanks, Riccardo - Original Message Da: Olivier Nicole o...@cs.ait.ac.th To: Cc: samba@lists.samba.org Oggetto: Re: [Samba] Samba+Ldap problems Data: 03/06/09 12:42 Hi, gt; I'm trying to use it to gt; login via ssh. This user cannot authenticate. gt; Here is the result from auth.log and some configurations files This is not a samba problem but a SSH/Ubuntu/Ldap problem :) You need both packages pam_ldap AND nss_ldap. You need to configure both (configuration is very similar, but there may be some differences). To give a brief explanation: pam_ldap is used by ssh (you need to configure /etc/pam.d/ssh !) to accept the username and password nss_ldap is used by thing slike getent, or to show your correct username and group when you do a quot;ls -lquot; Now it much depends how your LDAP tree is organized, so I cannot give much more advise; what is the objectClass you use for your users? I am surprised to see that user and password belongs to different place in the LDAP tree. I am also surprised that the /etc/pam.d example you give do not contain a single reference to ldap... There are good how-to floating on Google, that work you step by step. Best regards, Olivier -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] all connections closed if user gives wrong pwd (#long posting inside)
Hi list, i have a problem mounting shares on a single client with diffrent usernames. if any user on the client gives a wrong password all existing cifs mounts are closed by the server. Since this problem occured in a productive environment i set up a testing env and tried to keep it as easy as can be: Servername: serverA Servicename1: home1 Servicename2: home2 Clientname: clientA Username1: tom Username2: max Linux Distribution (Server+Client): Red Hat Enterprise Linux Server release 5.3 (Tikanga) Kernel (Server+Client): 2.6.18-128.1.10.el5 (also tested on: 2.6.26-2 and 2.6.18-92.1.18.el5) Samba version: 3.0.33-3.7.el5 (also tested on: 3.2.5) cifs module version: 1.54RH (also tested on: 1.53 and 1.50cRH) I can reproduce this issue on Debian, SuSE and Redhat Linux. (these are the ones i've tested) Here is what the users do: .) ssh r...@clienta .) mount -t cifs -o user=tom //serverA/home1 /mnt/1/ #users gives correct password and home1 gets mounted just fine .) mount -t cifs -o user=max //tofo1/home2 /mnt/2 #user gives correct password and home2 gets mounted just fine #but if user max gives a wrong password all existing connections are closed by the server screendump of the above sequence: ### [r...@clienta ~]# df -ha FilesystemSize Used Avail Use% Mounted on /dev/sda1 7.6G 2.4G 4.8G 34% / proc 0 0 0 - /proc sysfs0 0 0 - /sys devpts 0 0 0 - /dev/pts tmpfs 125M 0 125M 0% /dev/shm none 0 0 0 - /proc/sys/fs/binfmt_misc sunrpc 0 0 0 - /var/lib/nfs/rpc_pipefs [r...@clienta ~]# mount -t cifs -o user=tom //serverA/home1 /mnt/1/ Password: #correct password given [r...@clienta ~]# df -ha FilesystemSize Used Avail Use% Mounted on /dev/sda1 7.6G 2.4G 4.8G 34% / proc 0 0 0 - /proc sysfs0 0 0 - /sys devpts 0 0 0 - /dev/pts tmpfs 125M 0 125M 0% /dev/shm none 0 0 0 - /proc/sys/fs/binfmt_misc sunrpc 0 0 0 - /var/lib/nfs/rpc_pipefs //serverA/home1 7.6G 2.5G 4.8G 35% /mnt/1 r...@clienta ~]# mount -t cifs -o user=max //serverA/home2 /mnt/2 Password: #wrong password given mount error 13 = Permission denied Refer to the mount.cifs(8) manual page (e.g.man mount.cifs) [r...@clienta ~]# df -ha FilesystemSize Used Avail Use% Mounted on /dev/sda1 7.6G 2.4G 4.8G 34% / proc 0 0 0 - /proc sysfs0 0 0 - /sys devpts 0 0 0 - /dev/pts tmpfs 125M 0 125M 0% /dev/shm none 0 0 0 - /proc/sys/fs/binfmt_misc sunrpc 0 0 0 - /var/lib/nfs/rpc_pipefs //serverA/home1 0.0K 0.0K 0.0K - /mnt/1 [r...@clienta ~]# stat /mnt/1 stat: cannot stat `/mnt/1': Input/output error [r...@clienta ~]# # #/etc/samba/smb.conf [global] workgroup = MYGROUP server string = Samba Server Version %v log file = /var/log/samba/tst.log log level = 3 security = user passdb backend = tdbsam [home1] comment = Public Stuff path = /home/1 write list = tom max hugo browsable = yes [home2] comment = Public Stuff path = /home/2 write list = tom max hugo browsable = yes #/var/log/samba/tst.log [2009/06/03 14:37:02, 2] auth/auth.c:check_ntlm_password(319) check_ntlm_password: Authentication for user [max] - [max] FAILED with error NT_STATUS_WRONG_PASSWORD [2009/06/03 14:37:02, 3] smbd/error.c:error_packet_set(106) error packet at smbd/sesssetup.c(1501) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2009/06/03 14:37:02, 3] smbd/process.c:timeout_processing(1329) timeout_processing: End of file from client (client has disconnected). [2009/06/03 14:37:02, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/06/03 14:37:02, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/06/03 14:37:02, 1] smbd/service.c:close_cnum(1230) 192.168.0.21 (192.168.0.21) closed connection to service home1 [2009/06/03 14:37:02, 3] smbd/connection.c:yield_connection(69) Yielding connection to home1 [2009/06/03 14:37:02, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2009/06/03 14:37:02, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2009/06/03 14:37:02, 3] smbd/server.c:exit_server_common(768) For me this looks like as smb closes the connection to home1 gracefully. As
Re: [Samba] Samba+Ldap problems
dogb...@infinito.it wrote: Thanks Oliver, I will check all the files in /etc/pam.d Check /etc/nsswitch.conf first. I think it may be your first problem. I think that if I can succeed in authenticating via shell or ssh I can then rule-out pam issues and work on samba configuration. You need that working before you can start the Samba stages. Samba needs those accounts working before it can work properly. TB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Forcing samba to use a particular domain controller
Hello Is there any way to force samba to use a particular domain controller? In our setup, two of the three domain controllers are 2008 and the version of samba we're using isn't working with 2008. So until we upgrade to a version that does work with 2008 I'd like to force it to use one of the domain controllers that is still 2003. Thanks -- Vic Simkus Department of Neurology, UIC 912 South Wood St. Room 855N Chicago IL 60612 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Cannot delete files in Samba
On Wed, Jun 03, 2009 at 02:56:11PM +0700, Olivier Nicole wrote: Hi, I recently upgraded from Samba 3.0.31 to 3.3.2 on a FreeBSD 6.4 server, and since then, the Windows machines have no right to delete files unless the directory is chmod o+w I tried to play with map read only and 'store dos attribues but not to avail. My FreeBSD server is quite standard, the Samba cnfiguration too. I think this is a bug we fixed with 3.3.4 (at least). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Forcing samba to use a particular domain controller
change the ip of the wins server = in the [global] section Vic Simkus wrote: Hello Is there any way to force samba to use a particular domain controller? In our setup, two of the three domain controllers are 2008 and the version of samba we're using isn't working with 2008. So until we upgrade to a version that does work with 2008 I'd like to force it to use one of the domain controllers that is still 2003. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Kerberos with delegated domain
On Fri, May 29, 2009 at 5:38 PM, Robert LeBlanc rob...@leblancnet.uswrote: On Fri, May 29, 2009 at 2:33 PM, Robert LeBlanc rob...@leblancnet.uswrote: Ok, here is the set-up. We have a domain that is the main domain, it handles DHCP and DNS for domain.edu. The DNS for domain.edu has NS records to delegate domain.local to our Active Directory. I am able to bind a machine just fine to the Active Directory without having to change any of the client DNS settings (which poing to domain.edu). File services work fine. I'm trying to work out single sign-on with OpenSSH server. I can get it working to itself just fine using either hostname, hostname.domain.local and hostname.edu where hostname is the name of the machine that is sshing to itself. When I have two machines set-up exactly the same, it doesn't work. I've sniffed the traffic and I can see that Kerberos goes through both domains looking for a principle that matches. The problem is that the reverse DNS always sends back hostname.domain.edu, but the service principles are hostname.domain.local. I'm guessing Kerberos uses the rDNS to generate the service principle. Is there some way to have winbind register both FQDNs as service principals automatically on join? If not, how would I add a service principal to the keytab that winbind generates? Or, how can I get Kerberos to use the short version of principal that does not include domain.[edu|local]. I'mreally new to Kerberos at this level and I've spent about a week getting this far. Thanks, Robert I've tried setting up a mapping in the domain_realm section of /etc/krb5.conf like: .domain.com = DOMAIN.LOCAL but that didn't help. Then I found for the libdefaults section: rdns = no and that seems to work. It seems to use just the short name which winbind does populate in the keytab. I don't think anyone outside of our area could spoof the short name because they won't have access to the computer object in the AD. A computer with the same name would have a different key so it wouldn't match. Is there anything I'm missing that I should be conserned about? Thanks, Robert The saga continues I've found that I can add service principals to the keytab using net ads keytab add host/hostname.domain.edu and according to everything that I've read this should edit the servicePrincipalName field of the computer account. This is not the case for us however. When a computer is joined to the domain using net ads join -U administrator, it seems to create the SPNs, issuing the add command results in no new SPNs being added to the computer account. I performed a net ads keytab flush -U administrator and it removed all the SPNs from the computer account, now I can't get them back. A net ads keytab create -U administrator regenerated a local keytab, but no SPNs were added to the computer account. The administrator account is not a domain admin account, but has full control over the computer object. I've added the SPN manually into the computer account and everything was working fine, but I'd like to do this client side. The domain is a MS 2008 AD running in 2003 mode. Anyone have suggestions of what I may try to figure this problem out? Thanks, Robert LeBlanc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: Antwort: Re: [Samba] Samba 3.3.4 Umlaut in Share comment
Quoting Howard Allison (howard.alli...@pva.sozvers.at): How is the smb.conf file encoded? Is it UTF-8 or ISO-8859-1? -- I assume ISO8859-1(In the smitty 'convert flat file' menu UTF-8 isn't an option for the target - there are a few issues with the utf-8 packages for AIX 6... they don't seem to exist... In any case it's the same smb.conf that worked in 3.0.32...with umlauts... IIRC, full Unicode-only internal handling on strings has only been completed in 3.2 (samba developers would probably better confirm this than me) so it wouldn't be surprising that it doesn't work anymore. You really should convert that file to UTF-8: iconv -f iso-8859-1 -t utf-8 smb.conf smb.conf.new Hopefully, AIX 6 has iconv..:-)...otherwise you need to edit the file on an UTF-8 enabled system (any recent Linux distro is probably well suited). at worst, just try replacing the umlauts with ASCII characters, just to see (of course that will lead to Ugly German...). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OSX causing multiple CLOSE_WAIT's
Hi Ed, First, I feel your pain. While I don't have an answer, I did switch from OSX based Samba server to Linux and my problems went away. My experience in general with OSX server 10.5 is that its a horrible XSAN, NFS, AFP, SMB server. What I've used to help trouble shoot OSX in general in addition to the built in process viewer is XRG ( X Resource Grapher). You can also try to dtrace stuff. Just type it in a term to see some help. There were some NFS bugs I uncovered and shared with the OSX Server dev guys which should be fixed in 10.6 server but who knows if that will also fix the plethora of other issues. - Brian On Jun 2, 2009, at 10:02 PM, Ed Kasky wrote: Lately it never fails when I attach a Mac running OSX 10.5 that I get runaway pid's. I tracked them down so far to multiple close_wait's: # /usr/sbin/lsof | grep pbg5mac smbd 24876 root6u IPv4 80015755 TCP yoda.wrenkasky.com:netbios-ssn-pbg5mac.wrenkasky.com:49381 (CLOSE_WAIT) They can grow to over 100 if I don't catch it or nobody can log on anymore ;-) Anybody had any problems with Macs using samba? Ed ... Randomly Generated Quote (50 of 1543): Defeat never comes to any man until he admits it. - Josephus Daniels -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Kerberos with delegated domain
On Wed, Jun 3, 2009 at 10:35 AM, Robert LeBlanc rob...@leblancnet.uswrote: On Fri, May 29, 2009 at 5:38 PM, Robert LeBlanc rob...@leblancnet.uswrote: On Fri, May 29, 2009 at 2:33 PM, Robert LeBlanc rob...@leblancnet.uswrote: Ok, here is the set-up. We have a domain that is the main domain, it handles DHCP and DNS for domain.edu. The DNS for domain.edu has NS records to delegate domain.local to our Active Directory. I am able to bind a machine just fine to the Active Directory without having to change any of the client DNS settings (which poing to domain.edu). File services work fine. I'm trying to work out single sign-on with OpenSSH server. I can get it working to itself just fine using either hostname, hostname.domain.local and hostname.edu where hostname is the name of the machine that is sshing to itself. When I have two machines set-up exactly the same, it doesn't work. I've sniffed the traffic and I can see that Kerberos goes through both domains looking for a principle that matches. The problem is that the reverse DNS always sends back hostname.domain.edu, but the service principles are hostname.domain.local. I'm guessing Kerberos uses the rDNS to generate the service principle. Is there some way to have winbind register both FQDNs as service principals automatically on join? If not, how would I add a service principal to the keytab that winbind generates? Or, how can I get Kerberos to use the short version of principal that does not include domain.[edu|local]. I'mreally new to Kerberos at this level and I've spent about a week getting this far. Thanks, Robert I've tried setting up a mapping in the domain_realm section of /etc/krb5.conf like: .domain.com = DOMAIN.LOCAL but that didn't help. Then I found for the libdefaults section: rdns = no and that seems to work. It seems to use just the short name which winbind does populate in the keytab. I don't think anyone outside of our area could spoof the short name because they won't have access to the computer object in the AD. A computer with the same name would have a different key so it wouldn't match. Is there anything I'm missing that I should be conserned about? Thanks, Robert The saga continues I've found that I can add service principals to the keytab using net ads keytab add host/hostname.domain.edu and according to everything that I've read this should edit the servicePrincipalName field of the computer account. This is not the case for us however. When a computer is joined to the domain using net ads join -U administrator, it seems to create the SPNs, issuing the add command results in no new SPNs being added to the computer account. I performed a net ads keytab flush -U administrator and it removed all the SPNs from the computer account, now I can't get them back. A net ads keytab create -U administrator regenerated a local keytab, but no SPNs were added to the computer account. The administrator account is not a domain admin account, but has full control over the computer object. I've added the SPN manually into the computer account and everything was working fine, but I'd like to do this client side. The domain is a MS 2008 AD running in 2003 mode. Anyone have suggestions of what I may try to figure this problem out? Thanks, Robert LeBlanc This seems to be quite the one sided conversation, but I hope that it will help someone, or that someone can help me. I've set-up an new Debian Lenny machine and joined it to a MS 2003 Domain that I am Domain Admin on, still no luck. I'm guess that it is something that I'm doing wrong rather than a problem with Samba. Now to figure what it is that I'm doing wrong. Tried Samba 3.2.5 against MS 2003 domain as Domain Admin Tried Samba 3.3.4 against MS 2008 domain (not domain Admin) and MS 2003 domain as Domain Admin The next reply will probably be from me, see me soon! Robert -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Make CIFS look like NFS
Is it possible to make CIFS look like NFS via some configuration/mount options? What I mean is, from a client point of view, will the mounted share behave EXACTLY like NFS will? -- Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Having problems with Samba and openLDAP Groups
On Thu, May 28, 2009 at 11:59 PM, Matt Burkhardt m...@imparisystems.com wrote: On Thu, 2009-05-28 at 23:29 +0300, Liutauras Adomaitis wrote: On Thu, May 28, 2009 at 3:53 PM, Matt Burkhardt m...@imparisystems.com wrote: Thanks for the help! I appreciate you taking the time! On Thu, 2009-05-28 at 00:02 +0300, Liutauras Adomaitis wrote: [2009/05/27 13:34:52, 2] smbd/service.c:make_connection_snum(616) user 'mlb' (from session setup) not permitted to access this share (Staff) [2009/05/27 13:34:52, 3] smbd/error.c:error_packet_set(106) error packet at smbd/reply.c(514) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED i guess your user mib is not in group @Staff. What do you get with commands: smbldap-tools works only with ldap, it doesn't mean system sees those users. id mib getent passwd | grep mib getent group | grep -i staff id mlb uid=1000(mlb) gid=1000(mlb) groups=1000(mlb),4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),33(www-data),44(video),46(plugdev),107(fuse),113(lpadmin),115(admin),116(sambashare),1001(musicshare),1002(printer-admin),1008(subversion),1012(Staff),513(Domain Users),1014(Staff) getent passwd | grep mlb mlb:x:1000:1000:Matt Burkhardt,,,:/home/mlb:/bin/bash mlb:x:1009:544:mlb:/home/mlb:/bin/bash mlb-laptop$:*:1014:515:Computer:/dev/null:/bin/false getent group | grep -i Staff staff:x:50: Staff:x:1012:alex,mlb Staff:*:1014:mlb,alex You have 3 groups Staff and 2 users mib. This confuses me a bit. It may be your problem. I think you should have only one user mib. You should also make sure you have 1 group Staff. Check your net groupmap list to see how does Staff group maps to windows group. Liutauras Those are deleted entries - they don't show up in either the webmin module or phpldapadmin. Here's the results from the net groupmap list Domain Admins (S-1-5-21-3529111891-2609867799-3129462049-512) - Domain Admins Domain Users (S-1-5-21-3529111891-2609867799-3129462049-513) - Domain Users Domain Guests (S-1-5-21-3529111891-2609867799-3129462049-514) - Domain Guests Domain Computers (S-1-5-21-3529111891-2609867799-3129462049-515) - Domain Computers Administrators (S-1-5-32-544) - Administrators Account Operators (S-1-5-32-548) - Account Operators Print Operators (S-1-5-32-550) - Print Operators Backup Operators (S-1-5-32-551) - Backup Operators Replicators (S-1-5-32-552) - Replicators Staff (S-1-5-21-3529111891-2609867799-3129462049-3029) - Staff Hi, have you solved your problem? I've been busy a bit. You groupmap list looks nice, but I still think there is something to dig arround group membership. Some more things to check, if you didn't do that already: - smbldap-groupshow Staff - this should give an idea of gidNumber and SID of Staff group in ldap - do you run nscd? I had a lot of problems with it and ldap authentication. Samba Docs even say, that this is not supported if I remmeber correctly. nscd could be responsible of showing groups that are already deleted. - have tried using other group, like Domain Users. If it works with other group then it is problem with your group Staff. Liutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Make CIFS look like NFS
Hi Daniel, Can you specify what NFS features are important to you in such case? (in other words please define look like NFS) Regards, Michal 2009/6/3 Daniel L. Miller dmil...@amfes.com: Is it possible to make CIFS look like NFS via some configuration/mount options? What I mean is, from a client point of view, will the mounted share behave EXACTLY like NFS will? -- Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] logon script
On Mon, Jun 1, 2009 at 1:09 PM, Christian Rost c...@rocon-it.de wrote: Hi, you don't have access to Samba variables from within your logon script. The most convenient way to solve this is by using the ifmember.exe executable from the Windows Server 2003 toolkit and to place it into your netlogon share - you need to google for ifmember. With ifmember.exe you can test, if the user who is running the logon script, belongs to the specified group. Use the following lines as an example and add it to your logon script: snip \\%SERVER01%\netlogon\ifmember.exe /verbose tech if errorlevel 1 goto TECH :STOPTECH \\%SERVER01%\netlogon\ifmember.exe /verbose mktg if errorlevel 1 goto MKTG :STOPMKTG goto END ## ## TECH group ## :TECH if exist k:\nul net use /delete k: /yes if not exist k:\nul net use k: \\%SERVER01%\tech /persistent:no goto STOPTECH ## ## MKTG group ## :MKTG if exist l:\nul net use /delete l: /yes if not exist l:\nul net use l: \\%SERVER01%\tech /persistent:no goto STOPMKTG :END rem This is the End of your script ...snip... Cheers, Christian I would suggest use ntlogon python script. Together with root preexec and root postexec configuration options you can set up your logon scripts to generated upon connecting to netlogon share. I found this utility very useful and works very well. It supports samba variables. Mandriva ships this utility, so must other distributions. There is problems with groups with spaces and capital letters, but it is very easy to fix. Liutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [SOLVED] [Samba] Winbind lost domain
On Fri, May 29, 2009 at 10:28 AM, Mailing pigna luca...@gmail.com wrote: I solved the problem. In the file smb.conf I put the parameter smb port = 139 changing the parameter smb ports = 445 139 Everything is back to work. But do not understand 3 things: 1) before winbind is working quietly on the pdc that the proxy, but now if you do not rehabilitate the 445 I will have the problems I described. 2) In a remote site I have installed a BDC and a proxy, and it works without any problems leaving smb port = 139 3) I do not remember why I put smb port = 139:) I put port 139 only then I want to have multi named samba server and to have one shares on one virtual samba and other shares on the other virtual samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] logon script
What about something like this in the logon script: Function IsMember(strGroup) Dim objUser, objGroup, objGroupDict Set objGroup = GetObject(WinNT:// strDomain / strGroup ,group) Set objGroupDict = CreateObject(Scripting.Dictionary) objGroupDict.RemoveAll For Each objUser In objGroup.Members objGroupDict.Add objUser.Name, - Next IsMember = objGroupDict.Exists(strUserName) Set objUser = Nothing Set objGroup = Nothing Set objGroupDict = Nothing End Function -John From: Liutauras Adomaitis liutauras.adomai...@gmail.com To: c...@rocon-it.de Cc: samba@lists.samba.org, Santhosh Kumar Gulla santy4li...@gmail.com Date: 06/03/2009 02:58 PM Subject: Re: [Samba] logon script On Mon, Jun 1, 2009 at 1:09 PM, Christian Rost c...@rocon-it.de wrote: Hi, you don't have access to Samba variables from within your logon script. The most convenient way to solve this is by using the ifmember.exe executable from the Windows Server 2003 toolkit and to place it into your netlogon share - you need to google for ifmember. With ifmember.exe you can test, if the user who is running the logon script, belongs to the specified group. Use the following lines as an example and add it to your logon script: snip \\%SERVER01%\netlogon\ifmember.exe /verbose tech if errorlevel 1 goto TECH :STOPTECH \\%SERVER01%\netlogon\ifmember.exe /verbose mktg if errorlevel 1 goto MKTG :STOPMKTG goto END ## ## TECH group ## :TECH if exist k:\nul net use /delete k: /yes if not exist k:\nul net use k: \\%SERVER01%\tech /persistent:no goto STOPTECH ## ## MKTG group ## :MKTG if exist l:\nul net use /delete l: /yes if not exist l:\nul net use l: \\%SERVER01%\tech /persistent:no goto STOPMKTG :END rem This is the End of your script ...snip... Cheers, Christian I would suggest use ntlogon python script. Together with root preexec and root postexec configuration options you can set up your logon scripts to generated upon connecting to netlogon share. I found this utility very useful and works very well. It supports samba variables. Mandriva ships this utility, so must other distributions. There is problems with groups with spaces and capital letters, but it is very easy to fix. Liutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Please consider the environment before printing this e-mail. This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is privileged, confidential and/or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee, or agent responsible for delivering the message to the intended recipient, is strictly prohibited. All contents are the copyright property of the sender. If you are not the intended recipient, you are nevertheless bound to respect the sender's worldwide legal rights. We require that unintended recipients delete the e-mail and destroy all electronic copies in their system, retaining no copies in any media. If you have received this e-mail in error, please immediately notify us by calling our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com. We appreciate your cooperation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] logon script
Sorry - didn't notice before that last message that you weren't using a VB login script. -John From: Liutauras Adomaitis liutauras.adomai...@gmail.com To: c...@rocon-it.de Cc: samba@lists.samba.org, Santhosh Kumar Gulla santy4li...@gmail.com Date: 06/03/2009 02:58 PM Subject: Re: [Samba] logon script On Mon, Jun 1, 2009 at 1:09 PM, Christian Rost c...@rocon-it.de wrote: Hi, you don't have access to Samba variables from within your logon script. The most convenient way to solve this is by using the ifmember.exe executable from the Windows Server 2003 toolkit and to place it into your netlogon share - you need to google for ifmember. With ifmember.exe you can test, if the user who is running the logon script, belongs to the specified group. Use the following lines as an example and add it to your logon script: snip \\%SERVER01%\netlogon\ifmember.exe /verbose tech if errorlevel 1 goto TECH :STOPTECH \\%SERVER01%\netlogon\ifmember.exe /verbose mktg if errorlevel 1 goto MKTG :STOPMKTG goto END ## ## TECH group ## :TECH if exist k:\nul net use /delete k: /yes if not exist k:\nul net use k: \\%SERVER01%\tech /persistent:no goto STOPTECH ## ## MKTG group ## :MKTG if exist l:\nul net use /delete l: /yes if not exist l:\nul net use l: \\%SERVER01%\tech /persistent:no goto STOPMKTG :END rem This is the End of your script ...snip... Cheers, Christian I would suggest use ntlogon python script. Together with root preexec and root postexec configuration options you can set up your logon scripts to generated upon connecting to netlogon share. I found this utility very useful and works very well. It supports samba variables. Mandriva ships this utility, so must other distributions. There is problems with groups with spaces and capital letters, but it is very easy to fix. Liutauras -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Please consider the environment before printing this e-mail. This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is privileged, confidential and/or otherwise protected from disclosure. Dissemination, distribution or copying of this e-mail or the information herein by anyone other than the intended recipient, or an employee, or agent responsible for delivering the message to the intended recipient, is strictly prohibited. All contents are the copyright property of the sender. If you are not the intended recipient, you are nevertheless bound to respect the sender's worldwide legal rights. We require that unintended recipients delete the e-mail and destroy all electronic copies in their system, retaining no copies in any media. If you have received this e-mail in error, please immediately notify us by calling our Help Desk at (603) 433-1143, or e-mail to i...@primebuchholz.com. We appreciate your cooperation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Make CIFS look like NFS
You can have an NFS mount on your Nix box like /JOBS/stuff and a CIFS mount on XP like \\JOBS\stuff. In this case, JOBS is the Samba server name. This is how I maintain the same paths in scripts on diff platforms. Al you have to ensure is that your app will obey UNC paths so that a drive letter is never saved out in the file. - Brian On Jun 3, 2009, at 11:38 AM, Daniel L. Miller wrote: Is it possible to make CIFS look like NFS via some configuration/ mount options? What I mean is, from a client point of view, will the mounted share behave EXACTLY like NFS will? -- Daniel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] username map configuration doesn't seem to work
Hi, I have set username map = /usr/local/samba/lib/username.map in my smb.conf but it doesn't seem to work. This worked on my old Solaris server but not on new Red Hat linux server. Any idea??? Thanks. Jayesh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+Ldap problems
Ok, a little update on this issue. I've changed the various common-* within /etc/pam.d and I've obtained the following. Now I can connect with ssh or su with a user defined in ldap as long as this user is present also in /etc/passwd. It seems that the system check for the user account in /etc/passwd and then it check for password under ldap. Now if a user try to change his password (with the passwd command) it works through ldap. While using getent passwd I still obtain only the users contained in /etc/passwd. These are my /etc/pam.d files: COMMON-AUTH: authsufficient pam_ldap.so authrequiredpam_unix.so nullok_secure use_first_pass authrequisite pam_deny.so authrequiredpam_permit.so authoptionalpam_smbpass.so migrate COMMON-ACCOUNT: account sufficient pam_ldap.so account requiredpam_unix.so account requisite pam_deny.so account requiredpam_permit.so COMMON-PASSWORD: passwordsufficient pam_ldap.so passwordrequiredpam_unix.so nullok obscure min=4 max=8 md5 passwordrequisite pam_deny.so passwordrequiredpam_permit.so passwordoptionalpam_smbpass.so nullok use_authtok use_first_pass COMMON-SESSION: session [default=1] pam_permit.so session requisite pam_deny.so session requiredpam_permit.so session requiredpam_unix.so session optionalpam_ldap.so session optionalpam_ck_connector.so nox11 SSHD: auth required pam_env.so # [1] auth required pam_env.so envfile=/etc/default/locale @include common-auth accountrequired pam_nologin.so @include common-account @include common-session sessionoptional pam_motd.so # [1] sessionoptional pam_mail.so standard noenv # [1] sessionrequired pam_limits.so @include common-password LOGIN: auth requisite pam_securetty.so auth requisite pam_nologin.so sessionrequired pam_selinux.so close session required pam_env.so readenv=1 session required pam_env.so readenv=1 envfile=/etc/default/locale @include common-auth auth optional pam_group.so sessionrequired pam_limits.so sessionoptional pam_lastlog.so sessionoptional pam_motd.so sessionoptional pam_mail.so standard @include common-account @include common-session @include common-password session required pam_selinux.so open SU: auth sufficient pam_rootok.so session required pam_env.so readenv=1 session required pam_env.so readenv=1 envfile=/etc/default/locale sessionoptional pam_mail.so nopen @include common-auth @include common-account @include common-session SAMBA: @include common-auth @include common-account @include common-session Tim Bates wrote: dogb...@infinito.it wrote: Thanks Oliver, I will check all the files in /etc/pam.d Check /etc/nsswitch.conf first. I think it may be your first problem. I think that if I can succeed in authenticating via shell or ssh I can then rule-out pam issues and work on samba configuration. You need that working before you can start the Samba stages. Samba needs those accounts working before it can work properly. TB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: Antwort: Re: [Samba] Samba 3.3.4 Umlaut in Share comment
Christian Perrier wrote: Quoting Howard Allison (howard.alli...@pva.sozvers.at): How is the smb.conf file encoded? Is it UTF-8 or ISO-8859-1? -- I assume ISO8859-1(In the smitty 'convert flat file' menu UTF-8 isn't an option for the target - there are a few issues with the utf-8 packages for AIX 6... they don't seem to exist... In any case it's the same smb.conf that worked in 3.0.32...with umlauts... IIRC, full Unicode-only internal handling on strings has only been completed in 3.2 (samba developers would probably better confirm this than me) so it wouldn't be surprising that it doesn't work anymore. You really should convert that file to UTF-8: iconv -f iso-8859-1 -t utf-8 smb.conf smb.conf.new Hopefully, AIX 6 has iconv..:-)...otherwise you need to edit the file on an UTF-8 enabled system (any recent Linux distro is probably well suited). It does, but the AIX iconv is deficient (and has been for some time). You will likely need GNU libiconv (1.11 or higher - 1.13 is now available). You can also download the AIX binaries from my site. :-) Just follow the Binaries link from the Samba site. Cheers, Bill at worst, just try replacing the umlauts with ASCII characters, just to see (of course that will lead to Ugly German...). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] OSX causing multiple CLOSE_WAIT's
Gee, I had that same problem when Tiger was first released, only the server was a Windows NT 4 server. Didn't bother the Windows 2000 servers on the network, nor the two linux Samba servers I had, only the one and only NT 4 server I had left. When the number of waiting connections reached 250, the server would stop answering requests for new connections. With just one Tiger machine on the network, this would happen about once a day. With more, it'd happen faster. The problem seemed to have something to do with browsing, if I kept the Tiger machines and the NT 4 machine on separate subnets, the server would be fine. On Tue, 2009-06-02 at 22:02 -0700, Ed Kasky wrote: Lately it never fails when I attach a Mac running OSX 10.5 that I get runaway pid's. I tracked them down so far to multiple close_wait's: # /usr/sbin/lsof | grep pbg5mac smbd 24876 root6u IPv4 80015755 TCP yoda.wrenkasky.com:netbios-ssn-pbg5mac.wrenkasky.com:49381 (CLOSE_WAIT) They can grow to over 100 if I don't catch it or nobody can log on anymore ;-) Anybody had any problems with Macs using samba? Ed ... Randomly Generated Quote (50 of 1543): Defeat never comes to any man until he admits it. - Josephus Daniels -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba+Ldap problems
dogbert wrote: Ok, a little update on this issue. I've changed the various common-* within /etc/pam.d and I've obtained the following. Now I can connect with ssh or su with a user defined in ldap as long as this user is present also in /etc/passwd. It seems that the system check for the user account in /etc/passwd and then it check for password under ldap. Now if a user try to change his password (with the passwd command) it works through ldap. While using getent passwd I still obtain only the users contained in /etc/passwd. I'd suggest having a good read of this page: https://help.ubuntu.com/community/LDAPClientAuthentication If you're still having no LDAP results show up with getent, then there's issues with nsswitch still. The nsswitch.conf you sent me looks right, so I'd put my money on a problem in your ldap client settings. Check /etc/ldap.conf and /etc/ldap/ldap.conf and make sure anything set there is correct. Also check that a basedn is set in one of them and the host is set correctly. You may also want to check you can access the LDAP data from an LDAP viewer... I use phpldapadmin to check actual content, and LAM to manage accounts. But any LDAP client that shows the tree will help. TB ** This message is intended for the addressee named and may contain privileged information or confidential information or both. If you are not the intended recipient please delete it and notify the sender. ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Antwort: Re: Antwort: Re: [Samba] Samba 3.3.4 Umlaut in Share comment
Christian Perrier bubu...@debian.org Gesendet von: samba-bounces+howard.allison=pva.sozvers...@lists.samba.org 03.06.2009 19:22 An samba@lists.samba.org Kopie Thema Re: Antwort: Re: [Samba] Samba 3.3.4 Umlaut in Share comment Quoting Howard Allison (howard.alli...@pva.sozvers.at): How is the smb.conf file encoded? Is it UTF-8 or ISO-8859-1? -- I assume ISO8859-1(In the smitty 'convert flat file' menu UTF-8 isn't an option for the target - there are a few issues with the utf-8 packages for AIX 6... they don't seem to exist... In any case it's the same smb.conf that worked in 3.0.32...with umlauts... IIRC, full Unicode-only internal handling on strings has only been completed in 3.2 (samba developers would probably better confirm this than me) so it wouldn't be surprising that it doesn't work anymore. You really should convert that file to UTF-8: iconv -f iso-8859-1 -t utf-8 smb.conf smb.conf.new Hopefully, AIX 6 has iconv..:-)...otherwise you need to edit the file on an UTF-8 enabled system (any recent Linux distro is probably well suited). at worst, just try replacing the umlauts with ASCII characters, just to see (of course that will lead to Ugly German...). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Thanks Christian, as William Jojo suggested - the AIX iconv isn't up to the task - I've built a gnu iconv on AIX 6.1 here - and it does fix the problem, but the umlaut isn't legible anymore with vi - looks like we'll be sticking with the 'ugly German' solution :-) thanks both for your help! -- VERTRAULICHKEIT: Diese Nachricht ist ausschließlich für denjenigen bestimmt, an den sie adressiert ist und kann vertrauliche Informationen enthalten. Falls Sie nicht der Empfänger dieser Nachricht sind, weisen wir Sie darauf hin, dass die unberechtigte Weitergabe oder Verwendung sowie das unberechtigte Verteilen oder Kopieren dieser Nachricht strikt untersagt sind. Falls Sie diese Nachricht irrtümlich erhalten haben, vernichten Sie sie bitte sofort. CONFIDENTIALITY: This message is intended only for the use of the individuality or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure. If you are not the intended recipient you are notified that any dissemination, distribution, use or copying of this communication is strictly prohibited. If you received this message in error, please immediately destroy this message. To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-1986-gb0654b3
The branch, master has been updated via b0654b332360437e046bbc921f91df8c5b5c57e2 (commit) via 2e7022eda0adcc5bc7e4681497a52d05cb096e3f (commit) from 7fddc71caa89ce5303b5f9fc84d2c50ed84f32de (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit b0654b332360437e046bbc921f91df8c5b5c57e2 Author: Jelmer Vernooij jel...@samba.org Date: Wed Jun 3 17:16:56 2009 +0200 selftest: Add script that can take a subunit stream and format it. commit 2e7022eda0adcc5bc7e4681497a52d05cb096e3f Author: Jelmer Vernooij jel...@samba.org Date: Wed Jun 3 17:16:25 2009 +0200 selftest/plain: Allow caller to not specify the number of expected testsuites to run. --- Summary of changes: selftest/format-subunit.pl | 68 selftest/output/plain.pm |6 +++- 2 files changed, 73 insertions(+), 1 deletions(-) create mode 100755 selftest/format-subunit.pl Changeset truncated at 500 lines: diff --git a/selftest/format-subunit.pl b/selftest/format-subunit.pl new file mode 100755 index 000..000346a --- /dev/null +++ b/selftest/format-subunit.pl @@ -0,0 +1,68 @@ +#!/usr/bin/perl +# Pretty-format subunit output +# Copyright (C) Jelmer Vernooij jel...@samba.org +# Published under the GNU GPL, v3 or later + +use Getopt::Long; +use strict; +use FindBin qw($RealBin $Script); +use lib $RealBin; +use Subunit qw(parse_results); + +my $opt_format = plain; +my $opt_help = undef; +my $opt_verbose = 0; +my $opt_immediate = 0; +my $opt_prefix = .; + +my $result = GetOptions ( + 'help|h|?' = \$opt_help, + 'format=s' = \$opt_format, + 'verbose' = \$opt_verbose, + 'immediate' = \$opt_immediate, + 'prefix:s' = \$opt_prefix, + ); + +exit(1) if (not $result); + +if (defined($ENV{RUN_FROM_BUILD_FARM}) and + ($ENV{RUN_FROM_BUILD_FARM} eq yes)) { + $opt_format = buildfarm; +} + +my $msg_ops; + +my $statistics = { + SUITES_FAIL = 0, + + TESTS_UNEXPECTED_OK = 0, + TESTS_EXPECTED_OK = 0, + TESTS_UNEXPECTED_FAIL = 0, + TESTS_EXPECTED_FAIL = 0, + TESTS_ERROR = 0, + TESTS_SKIP = 0, +}; + +if ($opt_format eq buildfarm) { + require output::buildfarm; + $msg_ops = new output::buildfarm($statistics); +} elsif ($opt_format eq plain) { + require output::plain; + $msg_ops = new output::plain($opt_prefix/summary, $opt_verbose, $opt_immediate, $statistics, undef); +} elsif ($opt_format eq html) { + require output::html; + mkdir(test-results, 0777); + $msg_ops = new output::html(test-results, $statistics); +} elsif ($opt_format eq subunit) { + require output::subunit; + $msg_ops = new output::subunit(); +} else { + die(Invalid output format '$opt_format'); +} + +my $expected_ret = parse_results( + $msg_ops, $statistics, *STDIN, sub { return 0; }, []); + +$msg_ops-summary(); + +exit($expected_ret); diff --git a/selftest/output/plain.pm b/selftest/output/plain.pm index 2605603..509e066 100644 --- a/selftest/output/plain.pm +++ b/selftest/output/plain.pm @@ -65,7 +65,11 @@ sub start_testsuite($$) $self-{test_output}-{$name} = unless($self-{verbose}); my $out = ; - $out .= [$self-{index}/$self-{totalsuites} in .$duration.s; + $out .= [$self-{index}; + if ($self-{totalsuites}) { + $out .= /$self-{totalsuites}; + } + $out.= in .$duration.s; $out .= sprintf(, %d errors, ($#{$self-{suitesfailed}}+1)) if ($#{$self-{suitesfailed}} -1); $out .= ] $name; if ($self-{immediate}) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha7-2016-gdfd56dd
The branch, master has been updated via dfd56dd29415b06b5ea137f8c333da42e8ff1aa6 (commit) via 0849c1ef77a0538d5d232016a51c002e2197e776 (commit) via 8ca8dabe4615416153be9be7be16558e43d17381 (commit) via da3ee2790089e771689afbebef021a8c8c776306 (commit) from 3ce37ae7505ec37d0d9bfb1fafe752a232741cca (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dfd56dd29415b06b5ea137f8c333da42e8ff1aa6 Author: Andrew Tridgell tri...@samba.org Date: Thu Jun 4 14:07:35 2009 +1000 changed the auth path to use extended DN ops to avoid non-indexed searches Logs showed that every SAM authentication was causing a non-indexed ldb search for member=XXX. This was previously indexed in Samba4, but since we switched to using the indexes from the full AD schema it now isn't. The fix is to use the extended DN operations to allow us to ask the server for the memberOf attribute instead, with with the SIDs attached to the result. This also means one less search on every authentication. The patch is made more complex by the fact that some common routines use the result of these user searches, so we had to update all searches that uses user_attrs and those common routines to make sure they all returned a ldb_message with a memberOf filled in and the SIDs attached. commit 0849c1ef77a0538d5d232016a51c002e2197e776 Author: Andrew Tridgell tri...@samba.org Date: Thu Jun 4 13:52:40 2009 +1000 fixed ldb rename now that we have unique indexes With unique indexes, any rename of a record that has an attribute that is uniquely indexed needs to be done as a delete followed by an add, otherwse you'll get an error that the attribute value already exists. commit 8ca8dabe4615416153be9be7be16558e43d17381 Author: Andrew Tridgell tri...@samba.org Date: Tue Jun 2 17:27:37 2009 +1000 add gendb_search_single_extended_dn() This function searches for a single record using a given filter, adding the extended-dn control so that any returned DNs will have the GUID and SID fields returned. This will be used in the sam auth code to prevent us doing a member= search for the groups, which invokes an unindexed search. commit da3ee2790089e771689afbebef021a8c8c776306 Author: Andrew Tridgell tri...@samba.org Date: Tue Jun 2 17:25:47 2009 +1000 add NT_STATUS_HAVE_NO_MEMORY_AND_FREE() In many places we use NT_STATUS_HAVE_NO_MEMORY() to auto-return when a memory allocation fails. In quite a few places where we use this, we end up leaving a tmp_ctx behind, which creates a memory leak. This macro takes a memory context to free when returning the error --- Summary of changes: lib/util/util_ldb.c | 95 + lib/util/util_ldb.h |8 +++ libcli/util/ntstatus.h|9 source4/auth/ntlm/auth_sam.c | 47 +++--- source4/auth/sam.c| 84 ++-- source4/kdc/hdb-samba4.c | 52 ++-- source4/lib/ldb/ldb_tdb/ldb_tdb.c | 41 7 files changed, 214 insertions(+), 122 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/util/util_ldb.c b/lib/util/util_ldb.c index c11b687..6aea776 100644 --- a/lib/util/util_ldb.c +++ b/lib/util/util_ldb.c @@ -130,3 +130,98 @@ char *wrap_casefold(void *context, void *mem_ctx, const char *s, size_t n) } + +/* + search the LDB for a single record, with the extended_dn control + return LDB_SUCCESS on success, or an ldb error code on error + + if the search returns 0 entries, return LDB_ERR_NO_SUCH_OBJECT + if the search returns more than 1 entry, return LDB_ERR_CONSTRAINT_VIOLATION +*/ +int gendb_search_single_extended_dn(struct ldb_context *ldb, + TALLOC_CTX *mem_ctx, + struct ldb_dn *basedn, + enum ldb_scope scope, + struct ldb_message **msg, + const char * const *attrs, + const char *format, ...) +{ + va_list ap; + int ret; + struct ldb_request *req; + char *filter; + TALLOC_CTX *tmp_ctx; + struct ldb_result *res; + struct ldb_extended_dn_control *ctrl; + + tmp_ctx = talloc_new(mem_ctx); + + res = talloc_zero(tmp_ctx, struct ldb_result); + if (!res) { + return LDB_ERR_OPERATIONS_ERROR; + } + + va_start(ap, format); + filter = talloc_vasprintf(tmp_ctx, format, ap); + va_end(ap); + + if (filter == NULL) { + talloc_free(tmp_ctx); + return