Re: [Samba] VFS recycle force user
I tried both - recycle:repository = .recycle/%U and also recycle:repository = .recycle/%u But with same result - samba maked directory .recycle/force_user :( L. On Tue, 7 Jul 2009, Dale Schroeder wrote: Try recycle:repository = .recycle/%U That changes service user to session user. Dale dese...@linuxbox.cz wrote: Hi, i have problem with share with parametr force user Here i my settings of VFS modul recycle vfs object = recycle recycle:repository = .recycle/%u recycle:maxsize = 5000 recycle:exclude = *.tmp *.temp *.o *.obj ~$* recycle:exclude_dir = sdileni/*/profile* tmp temp cache recycle:versions = yes recycle:touch = yes recycle:keeptree = yes and this is my share [my_share] path = /home/sdileni/instalace comment = software, instalace force group = smbgroup force user = smbuser public = yes If i delete some file from this share, then samba make directory .recycle/smbuser. But in older version (for example Samba 3.3.0) samba maked directory .recycle/real_user - and this i need! It's possible? I must have something new in configuration or is this new behavior of samba? thanks, Lukas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] bash change from r...@myserver to administra...@myserver
Hi Guys, I have posted this subject long time ago but this problem still persistently happens on my linux+pdc server. Here is my server detail , CentOs5.1 + Samba-3.0.25b + Fedora Directory Server So far every is running fine. It is just one thing I don't understand what I have done wrong. Normally if you open teminal window it should be like [r...@myserver /] but sometime when I sat in front the server and open a terminal then it showed [administra...@myserver /]# . And after I rebooted the server ,it changed back to [r...@myserver /] I could not reconstruct the problem whether when it will happen again. Please find below my nsswitch.conf and system-auth file # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # nisplus or nis+ Use NIS+ (NIS version 3) # nis or yp Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the local database (.db) files # compat Use NIS on compat mode # hesiod Use Hesiod for user lookups # [NOTFOUND=return] Stop searching if not found so far # # To use db, put the db in front of files for entries you want to be # looked up first in the databases # # Example: #passwd:db files nisplus nis #shadow:db files nisplus nis #group: db files nisplus nis passwd: files ldap shadow: files ldap group: files ldap #hosts: db files nisplus nis dns hosts: files dns # Example - obey only what nisplus tells us... #services: nisplus [NOTFOUND=return] files #networks: nisplus [NOTFOUND=return] files #protocols: nisplus [NOTFOUND=return] files #rpc:nisplus [NOTFOUND=return] files #ethers: nisplus [NOTFOUND=return] files #netmasks: nisplus [NOTFOUND=return] files bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files ldap rpc:files services: files ldap netgroup: files ldap publickey: nisplus automount: files ldap aliases:files nisplus == /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_ldap.so use_first_pass authrequired pam_deny.so account required pam_unix.so broken_shadow account sufficientpam_succeed_if.so uid 500 quiet account [default=bad success=ok user_unknown=ignore] pam_ldap.so account required pam_permit.so passwordrequisite pam_cracklib.so retry=3 passwordsufficientpam_unix.so md5 shadow nullok try_first_pass use_authtok passwordsufficientpam_ldap.so use_authtok passwordrequired pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_ldap.so Thank you , Tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] recognizing netbios name
July 8, 2009 Nick Pappin npap...@latahfcu.org François Legal de...@thom.fr.eu.org samba@lists.samba.org Subject: [Samba] recognizing netbios name F Legal suggested: If there is a router between your samba machine and your windows machines (which all 3 are on the same subnet if I understood correctly), then you probably need some sort of name resolution service (either WINS as provided by samba or DNS), as the broadcast packets used by the machines to announce themselves to the network probably won't traverse your router. Another option is building an lmhosts file and distributing it all over the machines. However, I think wins should work fine in your case, so just add wins support = yes in smb.conf then setup your windows machines to use the wins at the address of your samba machine. W Nick Pappin asked: Is the linux system and the windows boxes on the same subnet and network. Gentlemen: The hardware configuration is a router connected to a modem and the outside internet, and also connected to each of four computers by ethernet cables, so all computers are on the same subnet. Enabling WINS in smb.conf made no difference. Establishing an lmhosts file on a windows computer associating 192.168.0.4 with dell allowed ping dell to produce the same result as ping 192.168.0.4, but otherwise there was no improvement. One more drastic test. After becoming skeptical of smb.conf because no log files showed up where specified, I made a backup and deleted it entirely -- rm /etc/samba/smb.conf . On rebooting, there was no change, the Linux system could still read all windows computers, though they could not see the Linux system. So it seems Samba is paying no attention to smb.conf. Is there a way to communicate directly with Samba to find out what it is relying on? Robert T McQuaid original request below: July 6, 2009 Samba samba@lists.samba.org Subject: recognizing netbios name I have a Fedora 10 Linux system connected through a router to three windows computers (XP+XP+Vista). The Linux computer seems unable to present a netbios name to the rest of the network. The Linux computer can read files from all of the Windows computers, but the windows computers cannot see anything on the Linux system. The following diagnoses have already been made: I shut off the modem connecting to the internet, then disabled all firewalls. No improvement. I looked in the router for its table of attached devices. It lists a device name for the windows computers, a blank for the Linux computer. The device name is what windows puts after \\ on a remote file name, and what Samba calls netbios name. The only communication from a windows computer that responds is ping 192.168.0.4 . A ping with a netbios name fails with the diagnostic: A ping request could not find host Dell. Please check the name and try again. File /etc/samba/smb.conf (with most comments omitted) looks like: [global] #--authconfig--start-line-- # Generated by authconfig on 2009/07/04 13:50:55 # DO NOT EDIT THIS SECTION (delimited by --start-line--/--end-line--) # Any modification may be deleted or altered by authconfig in future workgroup = GLORP security = user idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = false winbind offline logon = false #--authconfig--end-line-- server string = Samba Server Version %v netbios name = Dell hosts allow = 127. 192.168.0.1 192.168.0.2 192.168.0.3 192.168.0.4 192.168.0.5 log file = /var/log/samba/log.%m max log size = 50 log level = 3 passdb backend = tdbsam load printers = yes cups options = raw [homes] comment = Home Directories browseable = no writable = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes end of smb.conf What does it take to get windows to recognize the Linux system? Robert T McQuaid Mattawa Ontario Canada -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] error packet at smbd/blocking.c(318) cmd=36 (SMBlockingX) NT_STATUS_FILE_LOCK_CONFLICT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello I'm still in trouble with Word and Excel file on Samba shares that are read-only opened only I've increased the log level to 5 and then I get those error message error packet at smbd/blocking.c(318) cmd=36 (SMBlockingX) NT_STATUS_FILE_LOCK_CONFLICT Does this sounds familiar to anybody here ? Thanks a lot. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpUivEACgkQ6f7UMO5oSsWjeQCdHYhafyXgjVFZDOOYqpqfotGj 4LQAn1ZHE+RzuP7vtMcFiml0BXLxaKA/ =ab8j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] No Error When Trying To Delete Protected Files With Windows Explorer
I have a file on a VMS system that I'm accessing using a SAMBA share. When I delete the file, the icon disappears from the browser window as if it's been deleted. On the VMS host, the file is still there, and cannot be deleted because it's protected (no delete privilege). If I then press F5 to refresh the Browser window, the fie re-appears. A trace of the IP packets show that SAMBA is returning an 'Access Denied' message, but Windows doesn't seem to see it. Has anyone else come across this? Is it a known bug with Windows? Rob. *** Any opinions expressed in email are those of the individual and not necessarily those of the company. This email and any files transmitted with it are confidential and solely for the use of the intended recipient or entity to whom they are addressed. It may contain material protected by attorney-client privilege. If you are not the intended recipient, or a person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. Random House Group + 44 (0) 20 7840 8400 http://www.randomhouse.co.uk http://www.booksattransworld.co.uk http://www.kidsatrandomhouse.co.uk Generic email address - enquir...@randomhouse.co.uk Name Registered Office: THE RANDOM HOUSE GROUP LIMITED 20 VAUXHALL BRIDGE ROAD LONDON SW1V 2SA Random House Group Ltd is registered in the United Kingdom with company No. 00954009, VAT number 102838980 *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] No Error When Trying To Delete Protected Files With Windows Explorer
On Wed, Jul 08, 2009 at 01:10:32PM +0100, Atkinson, Robert wrote: I have a file on a VMS system that I'm accessing using a SAMBA share. When I delete the file, the icon disappears from the browser window as if it's been deleted. On the VMS host, the file is still there, and cannot be deleted because it's protected (no delete privilege). If I then press F5 to refresh the Browser window, the fie re-appears. A trace of the IP packets show that SAMBA is returning an 'Access Denied' message, but Windows doesn't seem to see it. Has anyone else come across this? Is it a known bug with Windows? You probably need a recent Samba version, with XP SP2 Windows changed the way to delete a file. Probably you're seeing the Access Denied on the close request, Windows ignores it there. Recent Samba gives the error message on the open call preceding that. Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
RE: [Samba] No Error When Trying To Delete Protected Files WithWindows Explorer
Thanks Volker. I've gone back to the 'coders' and they've now seen the same problem and will port over the necessary code to deal with Mr Gates. Cheers, Rob. -Original Message- From: Volker Lendecke [mailto:volker.lende...@sernet.de] Sent: 08 July 2009 13:31 To: Atkinson, Robert Cc: samba@lists.samba.org Subject: Re: [Samba] No Error When Trying To Delete Protected Files WithWindows Explorer On Wed, Jul 08, 2009 at 01:10:32PM +0100, Atkinson, Robert wrote: I have a file on a VMS system that I'm accessing using a SAMBA share. When I delete the file, the icon disappears from the browser window as if it's been deleted. On the VMS host, the file is still there, and cannot be deleted because it's protected (no delete privilege). If I then press F5 to refresh the Browser window, the fie re-appears. A trace of the IP packets show that SAMBA is returning an 'Access Denied' message, but Windows doesn't seem to see it. Has anyone else come across this? Is it a known bug with Windows? You probably need a recent Samba version, with XP SP2 Windows changed the way to delete a file. Probably you're seeing the Access Denied on the close request, Windows ignores it there. Recent Samba gives the error message on the open call preceding that. Volker *** Any opinions expressed in email are those of the individual and not necessarily those of the company. This email and any files transmitted with it are confidential and solely for the use of the intended recipient or entity to whom they are addressed. It may contain material protected by attorney-client privilege. If you are not the intended recipient, or a person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use is strictly prohibited. Random House Group + 44 (0) 20 7840 8400 http://www.randomhouse.co.uk http://www.booksattransworld.co.uk http://www.kidsatrandomhouse.co.uk Generic email address - enquir...@randomhouse.co.uk Name Registered Office: THE RANDOM HOUSE GROUP LIMITED 20 VAUXHALL BRIDGE ROAD LONDON SW1V 2SA Random House Group Ltd is registered in the United Kingdom with company No. 00954009, VAT number 102838980 *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re:can't get Samba users from Windows
Hello! I have solved problem with access rights, but I can't solve problem with users. When I try get Samba users from Windows I get error: Next error don't allow look any elements: Many connects to server or share dont't allow. Please disconnect preview and try again. Can you help me? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[samba] Problem accessing a share on a W2008 server via smbclient
Hi We just installed a W server 2008 server as antivirus server. As this server is heavily underused we created a share to backup files from other servers. This share is easily accessed from XP pro Pc's via \\ipadr\share and giving a user/password name on the W 2008 server. We then try to use it from an open suse 9.3 linux server via smbclient. smbclient //ipadr/share -U user%password smblient exits with message session setup failed: SUCCESS - 0 with debug=10 , ends with SPNEGO login failed error smbclient -L //ipadr gives: Error returning browse list: NT_STATUS_ACCESS_DENIED session request to 192.168.1.101 failed (Called name not present) session request to 192 failed (Called name not present) session request to *SMBSERVER failed (Called name not present) NetBIOS over TCP disabled -- no workgroup available smbclient -V - 3.0.12.5-suse Thanks for any help. -- JB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [samba] Problem accessing a share on a W2008 server via smbclient
On Wed, Jul 08, 2009 at 03:14:00PM +0200, Jacques Bratières wrote: Hi We just installed a W server 2008 server as antivirus server. As this server is heavily underused we created a share to backup files from other servers. This share is easily accessed from XP pro Pc's via \\ipadr\share and giving a user/password name on the W 2008 server. We then try to use it from an open suse 9.3 linux server via smbclient. smbclient //ipadr/share -U user%password Can you try with a recent Samba? 3.4 was released a couple of days ago. Thanks, Volker signature.asc Description: Digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [samba] Problem accessing a share on a W2008 server via smbclient
Le Wed, 08 Jul 2009 16:10:09 +0200, Volker Lendecke volker.lende...@sernet.de a écrit: On Wed, Jul 08, 2009 at 03:14:00PM +0200, Jacques Bratières wrote: Hi We just installed a W server 2008 server as antivirus server. As this server is heavily underused we created a share to backup files from other servers. This share is easily accessed from XP pro Pc's via \\ipadr\share and giving a user/password name on the W 2008 server. We then try to use it from an open suse 9.3 linux server via smbclient. smbclient //ipadr/share -U user%password Can you try with a recent Samba? 3.4 was released a couple of days ago. Thanks, Volker This is not easy , since both servers are production ones. We shall do it if no other ideas arise. Thanks for your answer -- JB -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: On Tue, Jul 7, 2009 at 8:52 PM, David Christensendavid.christen...@viveli.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Norberto Bensa wrote: On Tue, Jul 7, 2009 at 8:27 PM, Norberto Bensanbe...@gmail.com wrote: On Tue, Jul 7, 2009 at 8:18 PM, David Christensendavid.christen...@viveli.com wrote: passdb backend = ldapsam:ldap://127.0.0.1 That should be plain. I.e. no tls/ssl. I'm sorry. That could be TLS if the server supports it. I took a look at the /var/log/message log and see: with ldap ssl = off ??? Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl = off, smb keeps trying to do a StartTLS. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpUsA8ACgkQ5B+8XEnAvqsCBACgjZBrPSL6isf4Z8oDzFj++u+r OqwAn3toI2Wsd9t8DMbK4zWLkZtEyY/X =jj/h -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Winbind Password Problem
Hello there, I am having weird issue. The problem is when a wrong password entered when I login or use sudo as AD user, the system uses the same wrong password next three times and exits , and does not prompt for password again. This is not the case when winbind is not used. I suspect this is something to do with PAM for winbind. Please somene look at my PAM config and let me know if there is anything worng. Any hint is appreciated. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_winbind.so cached_login use_first_pass authrequired pam_deny.so account required pam_access.so account required pam_unix.so broken_shadow account sufficientpam_localuser.so account sufficientpam_succeed_if.so uid 500 quiet account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass use_authtok passwordsufficientpam_winbind.so cached_login use_authtok passwordrequired pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ session required pam_limits.so session required pam_unix.so -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Wed, Jul 8, 2009 at 11:41 AM, David Christensendavid.christen...@viveli.com wrote: I took a look at the /var/log/message log and see: with ldap ssl = off ??? Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl = off, smb keeps trying to do a StartTLS. I'm out of ideas and I don't use Fedora. Maybe you want to post your config files. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Authentication requests being handled by PDC not local BDC
I have a PDC+LDAP as well as a BDC+LDAP in another subnet setup with a domain member in the same subnet as the BDC. From my understanding the domain member should be hitting the BDC for all authentication but watching the logs I see the PDC is the one handling it all. The BDC just sits there. Am I missing something? Here are the smb.conf for each servers: PDC: [global] workgroup = X.X.X netbios name = Ross server string = PDC %v map to guest = Bad User encrypt passwords = yes passdb backend = ldapsam:ldap://ldap1.x.x.x enable privileges = yes log level = 2 syslog = 0 time server = Yes socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=32768 SO_SNDBUF=32768 add user script = /usr/sbin/smbldap-useradd -m '%u' delete user script = /usr/sbin/smbldap-userdel %u add group script = /usr/sbin/smbldap-groupadd -p '%g' delete group script = /usr/sbin/smbldap-group-del '%g' add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g' delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/sbin/smbldap-useradd -w '%u' logon path = \\%L\profiles\%U logon script = netlogin.bat #logon drive = M: #logon home = \\cajal.x.x.x\%U domain logons = Yes os level = 225 domain master = Yes local master = Yes wins support = Yes # remote announce = x.x.x.255/X.X.X #bishop subnet ldap admin dn = cn=samba,ou=DSA,dc=x,dc=x,dc=x ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=machines ldap passwd sync = Yes ldap suffix = dc=x,dc=x,dc=x ldap ssl = start tls ldap user suffix = ou=people create mask = 0640 directory mask = 0750 case sensitive = No dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd interfaces = eth0 lo bind interfaces only = yes hosts deny = ALL hosts allow = xxx.xxx.0.0/255.255.0.0 BDC: [Global] workgroup = X.X.X netbios name = BISHOP server string = BDC %v interfaces = eth0 lo bind interfaces only = yes hosts deny = ALL hosts allow = xxx.xxx.0.0/255.255.0.0 passdb backend = ldapsam:ldap://ldap2.x.x.x domain master = no domain logons = yes ldap suffix = dc=x,dc=x,dc=x ldap user suffix = ou=people ldap group suffix = ou=group ldap machine suffix = ou=machines ldap admin dn = cn=manager,dc=x,dc=x,dc=x encrypt passwords = yes enable privileges = yes log level = 3 syslog = 0 domain master = no wins server = ross.x.x.x wins proxy = yes remote announce = xxx.xxx.xxx.255/X.X.X #Ross subnet remote browse sync = xxx.xxx.xxx.xxx #ross ip ntlm auth = yes lanman auth = yes ldap ssl = start tls local master = yes os level = 65 preferred master = yes Domain Member: [Global] workgroup = X.X.X server string = CAJAL %v security = domain password server = * lanman auth = Yes encrypt passwords = yes enable privileges = yes loglevel = 2 syslog = 0 deadtime = 5 os level = 8 local master = No domain master = No remote announce = xxx.xxx.xxx.255/X.X.XXX interfaces = ce0 lo0 bind interfaces only = yes hosts allow = xxx.xxx.0.0/255.255.0.0 hosts deny = ALL -- Personally, I liked the university. They gave us money and facilities, we didn't have to produce anything! You've never been out of college! You don't know what it's like out there! I've worked in the private sector. They expect results. -Ray Ghostbusters -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
On Wed, Jul 8, 2009 at 11:41 AM, David Christensendavid.christen...@viveli.com wrote: I took a look at the /var/log/message log and see: with ldap ssl = off ??? Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl = off, smb keeps trying to do a StartTLS. Did you put ssl off in ldap.conf? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Winbind Password Problem
On Wed, Jul 8, 2009 at 11:05 AM, Linux Addict linuxaddi...@gmail.comwrote: Hello there, I am having weird issue. The problem is when a wrong password entered when I login or use sudo as AD user, the system uses the same wrong password next three times and exits , and does not prompt for password again. This is not the case when winbind is not used. I suspect this is something to do with PAM for winbind. Please somene look at my PAM config and let me know if there is anything worng. Any hint is appreciated. authrequired pam_env.so authsufficientpam_unix.so nullok try_first_pass authrequisite pam_succeed_if.so uid = 500 quiet authsufficientpam_winbind.so cached_login use_first_pass authrequired pam_deny.so account required pam_access.so account required pam_unix.so broken_shadow account sufficientpam_localuser.so account sufficientpam_succeed_if.so uid 500 quiet account [default=bad success=ok user_unknown=ignore] pam_winbind.so cached_login account required pam_permit.so passwordrequisite pam_cracklib.so try_first_pass retry=3 passwordsufficientpam_unix.so sha512 shadow nullok try_first_pass use_authtok passwordsufficientpam_winbind.so cached_login use_authtok passwordrequired pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ session required pam_limits.so session required pam_unix.so When I enable winbind to debug, I see the following messages on syslog. pam_winbind(sshd): PAM_REINITIALIZE_CRED not implemented -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba 3.4.0 in Debian unstable
On Tue, Jul 7, 2009 at 10:46 PM, Christian Perrier bubu...@debian.orgwrote: Quoting Karolin: Release Announcements = This is the first stable release of Samba 3.4. As of yesterday, Samba 3.4.0 is now available in Debian unstable. It means that the next release of Debian (codename squeeze, due out...when it's ready, probably around the end of 2010) will have at least this version. Besides everything that's new in Samba 3.4 and which Samba Team members are more qualified than me to talk about, I'd like to point out that, again, the gap between Samba packages in Debian/Ubuntu and upstream code has shrinked again. There is nearly no more code patch in our package that hasn't been integrated upstream. The efforts of the samba package maintainers in Debian are now focused on getting this package to enter Debian testing, which is what will become the final Debian release. That requires other packages samba is depending upon to enter testing themselves...which might take time..but will happen within the next weeks, I hope. For Ubuntu users, it means that the next Ubuntu release will have Samba 3.4.something. We would like to express public thanks to the Samba Team for publishing such good quality code and very specific thanks to Karolin Seeger for managing to assemble the pieces and succeed in publishing releases on a timely manner, and to Michael Adam for his work work integrating the Debian patches, particularly in the build system. The good work we're (hopefully) doing in publishing packages is because you are doing such good work. I would also like to add my appreciation to the Debian Samba team for providing excellent packages and having it released and patched soon after a release. Thank you, Robert LeBlanc Life Sciences Undergraduate Education Computer Support Brigham Young University -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -)
I did the suggested updates to app armor and this did not solve the problem. -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: Harry Jede walk2...@arcor.de Cc: samba@lists.samba.org Sent: Monday, July 6, 2009 10:05:14 AM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) Well, I did read the fine documentation and the documentation for this current situation it was no help. The reason I am using the registry for the smb.conf is memory savings, instance changes of smb.conf going into effect, and maybe future clustering. Also, I will state if using the samba registry method is not the proper way of doing things then why would the Samba developers add this feature into Samba? ;-) The reason I set the share with the current rights, is to troubleshoot the problem and prove that my file rights were correct. When I setup the print$ share the proper way it is still read-only even though I had writelist in effect. I currently have 1200 pc connect to a samba-ldap servers with the proper setup with no problems. I will investigate the app armor settings Thanks -Glenn - Original Message - From: Harry Jede walk2...@arcor.de To: samba@lists.samba.org Sent: Friday, July 3, 2009 3:22:19 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do; -) On Thursday, 2. Juli 2009 wrote Glenn T. Arnold: I just made my print$ share settings to match my print drivers share which should work same This is what you believe. and I still cannot create folders or files on the print$ share, but I can all day on the print drivers share. Would someone explain why this is happening? Here is my share settings. [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\print$] path=/var/lib/samba/printers comment=Printer Drivers read only=no [HKEY_LOCAL_MACHINE\SOFTWARE\Samba\smbconf\printer drivers] path=/var/lib/samba/printers read only=no Why are you doing this? I think you should reread the excellent Samba docu again. Thanks -Glenn - Original Message - From: Glenn T. Arnold garn...@unrealsolutions.com To: samba samba@lists.samba.org Sent: Thursday, July 2, 2009 3:29:29 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Ubuntu Jaunty samba 3.3.2 print$ no write rights even though I do;-) Harry, You did give me an idea though. For grins I just set rights to 0777 even on the extended acls and I still get access denied when trying to upload print drivers. Here is the updated rights on /var/lib/samba/printers. You make your own changes. That's really fine. -- Gruss Harry Jede -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Slow connection and browsing
Il giorno lun 06 lug 2009 15:51:33 CEST, Charles Marcus ha scritto: On 7/6/2009 9:43 AM, Matthew Daubenspeck wrote: Now, if I remove the Novell client completely, things work _perfectly_. I can browse and connect, disconnect, reconnect, the works, all at normal speed. A shot in the dark, but there was a bug reported on the NOD32 forums dealing specificalyy with Novell Clients... So, maybe this is an AV issue? I have no AntiVirus software on the client PCs Like I said, it was a shot in the dark... sorry, no other ideas... i have the same problem but i have trendmicro offiscan antivirus (on windows client, but no av on samba server) i have tried to install the last novell client (4.91 sp5) but without result -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [maybe semi OT] samba deny execution of files on novell shares to novell clients
that's the situation: - a novell server that shares some disks - a samba pdc, with ldap backend, that mounts novell shares via ncpfs and ipx and then exports them - some client computers authenticate to novell - some client computers (without novell client) authenticate to samba - samba clients view novell shares through the samba server (via ip) that's the problem: - when a samba client opens first an exe file that resides on novell shares it deny to execute the same file to all novell's clients (but it doesn't deny the execution to other samba clients) it seems that the lock is on dll which the executable depends on and not on the exe file, beacause i have an executable that doesn't depend on dll and it is not locked the error that i recieve is application failed to initialize properly i tried to set no locks on samba share without result what can the problem be? samba server: debian etch samba version: 3.0.24 thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba configuration error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathon Doran wrote: On Wed, Jul 8, 2009 at 11:41 AM, David Christensendavid.christen...@viveli.com wrote: I took a look at the /var/log/message log and see: with ldap ssl = off ??? Yes, as soon as I enable ldapsam as the password DB, even with ldap ssl = off, smb keeps trying to do a StartTLS. Did you put ssl off in ldap.conf? I finally got StartTLS turned off, not sure if I had an extra character in the smb.conf file near ldap ssl, but rewriting the conf file fixed it. Question, is there a minimum length requirement for the local SID, when I run net getlocalsid it seems rather short. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpU2YMACgkQ5B+8XEnAvqvyfACeMXV8T1bddPgsh9TcVBTgTnP5 NVMAn0qDCpeTe4YfI5AcDTrUTdWeDPnt =oWsQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] windows 98 compatibility
what is the last samba version that can works as pdc with windows 98 as client? some time ago i read that from a certain samba version onwards samba breaks the compatibility with windows 9x (i seem to remember that clear passwords are not yet supported) but i cannot find that info again thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] windows 98 compatibility
On Wed, Jul 08, 2009 at 07:44:15PM +0200, Andrea Zagli wrote: what is the last samba version that can works as pdc with windows 98 as client? Current Samba (3.4.0) should work. some time ago i read that from a certain samba version onwards samba breaks the compatibility with windows 9x (i seem to remember that clear passwords are not yet supported) but i cannot find that info again No, cleartext passwords are supported, but you'll have to set some smb.conf options to make that happen. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] error packet at smbd/blocking.c(318) cmd=36 (SMBlockingX) NT_STATUS_FILE_LOCK_CONFLICT
Frank, What about veto oplock files = /*.doc/*.xls/*.mdb/*.ldb/ (or one of the other lock parameters)? Dale Frank Bonnet wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello I'm still in trouble with Word and Excel file on Samba shares that are read-only opened only I've increased the log level to 5 and then I get those error message error packet at smbd/blocking.c(318) cmd=36 (SMBlockingX) NT_STATUS_FILE_LOCK_CONFLICT Does this sounds familiar to anybody here ? Thanks a lot. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.11 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkpUivEACgkQ6f7UMO5oSsWjeQCdHYhafyXgjVFZDOOYqpqfotGj 4LQAn1ZHE+RzuP7vtMcFiml0BXLxaKA/ =ab8j -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Re: Trying to join RHEL to Win2k3 Active Directory domain.
On Wed, 27 May 2009 15:33:08 -0400, Tim Lewis tim.le...@mirazon.com wrote: On Wed, 27 May 2009 12:27:34 -0400, Dimitri Yioulos dyiou...@firstbhph.com wrote: On Wednesday 27 May 2009 11:22:19 am Tim Lewis wrote: Trying to join a RHEL server to Win2K3 domain. I followed the directions specified here: http://kbase.redhat.com/faq/docs/DOC-4735 and here: http://kbase.redhat.com/faq/docs/DOC-3051 Confirmed that I have the edited the smb.conf and krb5.conf files correctly. Ran: /etc/rc.d/init.d/smb stop and /etc/rc.d/init.d/winbind stop Ran: net ads join -U administrator and got: [2009/05/20 13:23:59, 0] utils/net_ads.c:ads_startup(186) ads_connect: No such file or directory Any help? -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba Did you run kinit administrator prior to running net ads join -U administrator? Dimitri I am able to run kinit with no errors. The fix for this to use -S with the net ads join. -- Santa Claus ain't legal and he's around! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] editposix: winbind -u: Error looking up domain users
Hello list, I'm trying this configuration: http://wiki.samba.org/index.php/Ldapsam_Editposix Everything works. I can add users, list users, delete users (and groups) with net rpc user... I can join clients, etc. *But* wbinfo -u and -g gives: zool...@kvm-test-samba1:~$ wbinfo -u Error looking up domain users zool...@kvm-test-samba1:~$ wbinfo -g BUILTIN\administrators BUILTIN\users Is this normal behavior? Many thanks in advance, Norberto PS: smb.conf just in case: [global] workgroup = PRUEBA passdb backend = ldapsam domain logons = Yes os level = 65 domain master = Yes wins support = Yes ldap admin dn = cn=admin,dc=prueba,dc=dominio ldap delete dn = Yes ldap group suffix = ou=groups ldap machine suffix = ou=computers ldap suffix = dc=prueba,dc=dominio ldap user suffix = ou=users idmap domains = DEFAULT idmap alloc backend = ldap idmap alloc config:range = 5-50 idmap alloc config:ldap_url = ldap://localhost idmap alloc config:ldap_user_dn = cn=admin,dc=prueba,dc=dominio idmap alloc config:ldap_base_dn = ou=idmap,dc=prueba,dc=dominio idmap config DEFAULT:range = 5-50 idmap config DEFAULT:ldap_url = ldap://localhost idmap config DEFAULT:ldap_user_dn = cn=admin,dc=prueba,dc=dominio idmap config DEFAULT:ldap_base_dn = ou=idmap,dc=prueba,dc=dominio idmap config DEFAULT:default = yes idmap config DEFAULT:readonly = no idmap config DEFAULT:backend = ldap ldapsam:editposix = yes ldapsam:trusted = yes winbind use default domain = yes ea support = Yes map acl inherit = Yes hide unreadable = Yes map archive = No map readonly = no store dos attributes = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Inherit groups
Hey guys, samba seems to have a share level inherit owner option to propagate the ownership of the current folder to any new files/folders created directly under it. Is there an equivalent command to do this at the group level? I know you can do it using the SUID/SGID bits but I'm worried about the security risk that comes with doing it this way. Thanks for the help, Nick -- W. Nick Pappin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] net user add . is there any way to specify destination ou ?
net user add . is there any way to specify destination OU when security=ads ? -- Michael Joyner ᏩᏯ System Administrator/Edward Waters College 1658 Kings Road, Jacksonville, FL 32209 904-470-8170 (V) / 904-470-8170 (F) ᏩᏙ HOW TO SUBMIT A WORK REQUEST TO INFORMATION TECHNOLOGY Via the web: http://otrs.ewc.edu/otrs/customer.pl Via email: supp...@ewc.edu * It is imperative that you submit each problem as a new item. * Please do NOT combine multiple problem reports in a single workorder. * PLEASE DO NOT EMAIL SUPPORT STAFF REQUESTS DIRECTLY. * PLEASE USE THE JOB TRACKING SYSTEM. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 4:29 PM, Dale Schroederd...@briannassaladdressing.com wrote: Are you in a domain trust? Otherwise, for a single domain, pdc's don't need winbind. Nope. This is a PDC. But from the link I posted: A running winbind daemon is required to use ldapsam:editposix EVEN ON A SAMBA PDC. Also. On this list someone told me that I need windbind for ACL to work correctly Oh BTW, winbind enum users = yes didn't do anything. zool...@kvm-test-samba1:/var/log/samba$ wbinfo -p Ping to winbindd succeeded on fd 3 zool...@kvm-test-samba1:/var/log/samba$ wbinfo -t checking the trust secret via RPC calls succeeded zool...@kvm-test-samba1:/var/log/samba$ wbinfo -g BUILTIN\administrators BUILTIN\users zool...@kvm-test-samba1:/var/log/samba$ wbinfo -u Error looking up domain users zool...@kvm-test-samba1:/var/log/samba$ testparm -s | grep winbind winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] nmbd issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sometime after I installed samba and got everything working, one of my colleagues changed the IP address on the box I did the install on. So after I got passed all the other issues that plaqued me after moving over to fedora 11, I discovered that I could not added Win clients to the domain. I dug into the log files: Jul 8 15:24:03 ldap2 nmbd[13552]: [2009/07/08 15:24:03, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(337) Jul 8 15:24:03 ldap2 nmbd[13552]: become_domain_master_browser_wins: Jul 8 15:24:03 ldap2 nmbd[13552]: Attempting to become domain master browser on workgroup LDAP2, subnet UNICAST_SUBNET. Jul 8 15:24:03 ldap2 nmbd[13552]: [2009/07/08 15:24:03, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(351) Jul 8 15:24:03 ldap2 nmbd[13552]: become_domain_master_browser_wins: querying WINS server from IP 192.168.155.22 for domain master browser name LDAP21b on workgroup LDAP2 Jul 8 15:24:04 ldap2 nmbd[13552]: [2009/07/08 15:24:04, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(235) Jul 8 15:24:04 ldap2 nmbd[13552]: become_domain_master_query_success: Jul 8 15:24:04 ldap2 nmbd[13552]: There is already a domain master browser at IP 192.168.155.21 for workgroup LDAP2 registered on subnet UNICAST_SUBNET. Jul 8 15:24:27 ldap2 nmbd[13552]: [2009/07/08 15:24:27, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) Jul 8 15:24:27 ldap2 nmbd[13552]: domain_master_node_status_fail: Jul 8 15:24:27 ldap2 nmbd[13552]: Doing a node status request to the domain master browser Jul 8 15:24:27 ldap2 nmbd[13552]: for workgroup LDAP2 at IP 192.168.155.21 failed. Jul 8 15:24:27 ldap2 nmbd[13552]: Cannot sync browser lists. the .21 address was the original address for the box, it was changed to .22. It looks like the old .21 address is still registered by nmbd as the server for the LDAP2 domain. Not knowing much about netbios it would appear this is the reason I can't add a win client to the domain. How do I remove the reference to the old address, as I assume other samba servers on the network running WINS are caching this old address. Correct me if I am on the wrong track. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkpVA44ACgkQ5B+8XEnAvqtWBgCfSUAUcaoPgpVv+n9Q/AR6b4zy ZjsAoIeac/UUv/+/IANMB3TVn7Hi2fcN =yXhh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 5:11 PM, Dale Schroederd...@briannassaladdressing.com wrote: A question for you - the link does not mention nsswitch.conf. Is it required to list both ldap and winbind for passwd and group? For example, passwd: compat ldap winbind group: compat ldap winbind I don't know. That's why I'm asking. As I said, everything works except wbinfo -u and wbinfo -g. Maybe it's normal with editposix, but I want to be sure. I would be curious to know the answer. Me too :-) If you're using PAM, I assume that is configured for ldap and winbind also. Nope. I'm not using PAM as I don't authenticate users via PAM in this machine. However, I use LDAP in nss. Thanks for your help. Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 6:38 PM, Dale Schroederd...@briannassaladdressing.com wrote: According to the creator, you do configure nss for both ldap and winbind. http://lists.samba.org/archive/samba-technical/2006-March/045787.html Many thanks for the link but I tried that and nope: wbinfo -u still can't list users. Oh well. Maybe it works like this. Don't worry, this is only a test, not a production box. Best regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] scary fill_share_mode_lock failed message
I'm still working on figuring out why some accesses to profile data are failing. We are running 3.3.2-0.33.fc11 (the latest release for FC11). I saw this in the log file stat_cache_lookup: lookup succeeded for name [USER/STARTMENU] - [user/StartMenu] [2009/07/08 17:39:59, 3] locking/locking.c:fetch_share_mode_unlocked(857) fill_share_mode_lock failed I saw Volker had a fix which went into 3.2.8 (I'm looking at the 3.2.9 maintenance release notes). It would be a big help if I could get a little clarification on this. The files being accessed are on an NFS share from a large file server, since I have people who want to put 10G on their desktop. Locking and NFS seem a likely culprit. I would like to know if this is a scary message to ignore, if a newer version of Samba is required, or if this likely unrelated to any of my problems. I see 3.4.0 is available, and if it isn't critical to install I'd rather wait for an official package. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Failed to send packet on .255
Hi All, On my first internal NIC, Samba is working perfectly. On my new, second internal NIC, I am getting the following in my messages log: libsmb/nmblib.c:send_udp(793) Packet send failed to 192.168.254.255(138) ERRNO=Operation not permitted nmbd/nmbd_packets.c:send_netbios_packet(163) send_netbios_packet: send_packet() to IP 192.168.254.255 port 137 failed I though .255 was a reserved address. What is the error all about? There is only one computer on my new second nic: 192.168.254.12 and it is in test phase. Many thanks, -T -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] editposix: winbind -u: Error looking up domain users
On Wed, Jul 8, 2009 at 11:29 PM, Aaron Jambuaa...@epits.com.au wrote: Just wondering why you are using winbind. When I use ldap to pull info from Active Directory I dont need to use winbind. please, read my first post -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] bash change from r...@myserver to administra...@myserver
On Thu, Jul 9, 2009 at 1:28 AM, supha...@gmx.comsupha...@gmx.com wrote: Hello Norberto, Why it change back and forth automatically between root and Administrator ? sometimes nss reads from /etc/password and sometimes from ldap. I don't know why. Will it lead to any problem in the future? Maybe. If you do: id root id Administrator you'll get back uid=0 So who is uid=0, root or administrator? You know they are the same entity, but machines are too stupid. Regards, Norberto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-272-g57afa1e
The branch, master has been updated via 57afa1edebe38ea48be5fc074a8284c762e35e17 (commit) from e3631da15893207b196201f89648a28f889ecb5e (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 57afa1edebe38ea48be5fc074a8284c762e35e17 Author: Stefan Metzmacher me...@samba.org Date: Wed Jul 8 09:22:39 2009 +0200 s4:auth/ntlmssp: let _unwrap fallback to seal if sign only doesn't work s4:auth/ntlmssp: let _unwrap fallback to seal if sign only doesn't work Windows always uses SEAL with NTLMSSP on LDAP connection even if not negotiated. metze --- Summary of changes: source4/auth/ntlmssp/ntlmssp_sign.c | 63 +++--- 1 files changed, 57 insertions(+), 6 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/auth/ntlmssp/ntlmssp_sign.c b/source4/auth/ntlmssp/ntlmssp_sign.c index cf9eab6..957d0a8 100644 --- a/source4/auth/ntlmssp/ntlmssp_sign.c +++ b/source4/auth/ntlmssp/ntlmssp_sign.c @@ -523,18 +523,69 @@ NTSTATUS gensec_ntlmssp_unwrap(struct gensec_security *gensec_security, sig); } else if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SIGN)) { + struct gensec_ntlmssp_state *gensec_ntlmssp_state = + (struct gensec_ntlmssp_state *)gensec_security-private_data; + NTSTATUS status; + uint32_t ntlm_seqnum; + struct arcfour_state ntlm_state; + uint32_t ntlm2_seqnum_r; + uint8_t ntlm2_key_r[16]; + struct arcfour_state ntlm2_state_r; + if (in-length NTLMSSP_SIG_SIZE) { return NT_STATUS_INVALID_PARAMETER; } sig.data = in-data; sig.length = NTLMSSP_SIG_SIZE; - *out = data_blob_talloc(sig_mem_ctx, in-data + NTLMSSP_SIG_SIZE, in-length - NTLMSSP_SIG_SIZE); - - return gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, - out-data, out-length, - out-data, out-length, - sig); + + if (gensec_ntlmssp_state-neg_flags NTLMSSP_NEGOTIATE_NTLM2) { + ntlm2_seqnum_r = gensec_ntlmssp_state-crypt.ntlm2.recv_seq_num; + ntlm2_state_r = *gensec_ntlmssp_state-crypt.ntlm2.recv_seal_arcfour_state; + memcpy(ntlm2_key_r, + gensec_ntlmssp_state-crypt.ntlm2.recv_sign_key.data, + 16); + } else { + ntlm_seqnum = gensec_ntlmssp_state-crypt.ntlm.seq_num; + ntlm_state = *gensec_ntlmssp_state-crypt.ntlm.arcfour_state; + } + + status = gensec_ntlmssp_check_packet(gensec_security, sig_mem_ctx, +out-data, out-length, +out-data, out-length, +sig); + if (!NT_STATUS_IS_OK(status)) { + NTSTATUS check_status = status; + /* +* The Windows LDAP libraries seems to have a bug +* and always use sealing even if only signing was +* negotiated. So we need to fallback. +*/ + + if (gensec_ntlmssp_state-neg_flags NTLMSSP_NEGOTIATE_NTLM2) { + gensec_ntlmssp_state-crypt.ntlm2.recv_seq_num = ntlm2_seqnum_r; + *gensec_ntlmssp_state-crypt.ntlm2.recv_seal_arcfour_state = ntlm2_state_r; + memcpy(gensec_ntlmssp_state-crypt.ntlm2.recv_sign_key.data, + ntlm2_key_r, 16); + } else { + gensec_ntlmssp_state-crypt.ntlm.seq_num = ntlm_seqnum; + *gensec_ntlmssp_state-crypt.ntlm.arcfour_state = ntlm_state; + } + + status = gensec_ntlmssp_unseal_packet(gensec_security, + sig_mem_ctx, + out-data, + out-length, + out-data, + out-length, + sig); +
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-273-g31bd627
The branch, master has been updated via 31bd62727dcba38c101ea0035f4b2898571ab149 (commit) from 57afa1edebe38ea48be5fc074a8284c762e35e17 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 31bd62727dcba38c101ea0035f4b2898571ab149 Author: Shirish Pargaonkar shirishpargaon...@gmail.com Date: Wed Jul 8 07:43:43 2009 -0400 docs: flesh out options section of umount.cifs manpage Signed-off-by: Shirish Pargaonkar shirishpargaon...@gmail.com Signed-off-by: Jeff Layton jlay...@redhat.com --- Summary of changes: docs-xml/manpages-3/umount.cifs.8.xml | 56 1 files changed, 49 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages-3/umount.cifs.8.xml b/docs-xml/manpages-3/umount.cifs.8.xml index d845d38..319c437 100644 --- a/docs-xml/manpages-3/umount.cifs.8.xml +++ b/docs-xml/manpages-3/umount.cifs.8.xml @@ -54,14 +54,56 @@ can rely on specifying explicit entries in /etc/fstab See/para refsect1 titleOPTIONS/title variablelist -varlistentry -term--verbose/term -listitemparaprint additional debugging information/para/listitem -/varlistentry -varlistentry -term--no-mtab/term + varlistentry +term-V/term +listitemparaPrint version and exit./para/listitem + /varlistentry + varlistentry +term-h/term +listitemparaPrint help message and exit./para/listitem + /varlistentry + varlistentry +term-r/term +listitemparaIn case unmounting fails, try to remount + read-only./para/listitem + /varlistentry + varlistentry +term-d/term +listitemparaIn case the unmounted device was a loop device, +also free this loop device./para/listitem + /varlistentry + varlistentry +term-f/term +listitemparaForce unmount (in case of an unreachable + server)./para/listitem + /varlistentry + varlistentry +term-l/term +listitemparaLazy unmount. Detach the filesystem from + the filesysetm hierarchy now, and + cleanup all references to the filesystem + as soon as it is not busy anymore./para/listitem + /varlistentry + varlistentry +term-e/term +listitemparaMark the mount point as expired. If a mount + point is not currently in use, then an initial + call to unmount with this flag fails with the + error EAGAIN, but marks the mount point as + expired. The mount point remains expired as + long as it isn't accessed by any process. + A second unmount call specifying -e unmounts + an expired mount point. This flag cannot be + specified with either -f or -l/para/listitem + /varlistentry + varlistentry +term-v|--verbose/term +listitemparaVerbose Mode. Print additional debugging information/para/listitem + /varlistentry + varlistentry +term-n|--no-mtab/term listitemparaDo not update the mtab even if unmount completes successfully (/proc/mounts will still display the correct information)/para/listitem -/varlistentry + /varlistentry /variablelist /refsect1 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-274-g6f64937
The branch, master has been updated via 6f64937ab835adbe0fea2ff38a8bd03941fc9543 (commit) from 31bd62727dcba38c101ea0035f4b2898571ab149 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6f64937ab835adbe0fea2ff38a8bd03941fc9543 Author: Jim McDonough j...@samba.org Date: Wed Jul 8 08:02:04 2009 -0400 Fix cifs.upcall builds on some platforms (zlib) --- Summary of changes: source3/Makefile.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index dd133df..b70d4ff 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1519,7 +1519,7 @@ bin/cifs.upc...@exeext@: $(BINARY_PREREQS) $(CIFS_UPCALL_OBJ) $(LIBSMBCLIENT_OBJ @$(CC) -o $@ $(CIFS_UPCALL_OBJ) $(DYNEXP) $(LDFLAGS) \ -lkeyutils $(LIBS) $(LIBSMBCLIENT_OBJ1) $(KRB5LIBS) \ $(LDAP_LIBS) $(LIBTALLOC_LIBS) $(LIBWBCLIENT_LIBS) \ - $(LIBTDB_LIBS) $(NSCD_LIBS) + $(LIBTDB_LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) bin/testp...@exeext@: $(BINARY_PREREQS) $(TESTPARM_OBJ) @BUILD_POPT@ @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @echo Linking $@ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-275-g7fd42d5
The branch, master has been updated via 7fd42d51c8b13d273b55823ee146967afacd7c88 (commit) from 6f64937ab835adbe0fea2ff38a8bd03941fc9543 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7fd42d51c8b13d273b55823ee146967afacd7c88 Author: Jim McDonough j...@samba.org Date: Wed Jul 8 13:12:26 2009 -0400 Fix make test_shlibs for libnss_wins and libnetapi (zlib) --- Summary of changes: source3/Makefile.in |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index b70d4ff..4c927e7 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2107,7 +2107,7 @@ $(LIBNETAPI_SHARED_TARGET_SONAME): $(BINARY_PREREQS) $(LIBNETAPI_OBJ) $(LIBNETAP @echo Linking shared library $@ @$(SHLD_DSO) $(LIBNETAPI_OBJ) \ $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(LIBWBCLIENT_LIBS) $(LIBS) \ - $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) \ + $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) $(ZLIB_LIBS) \ @sonamef...@`basename $...@` $(LIBNETAPI_SHARED_TARGET): $(LIBNETAPI_SHARED_TARGET_SONAME) @@ -2521,7 +2521,7 @@ bin/v...@exeext@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTDB_TARGET@ @WINBIND_WINS_NSS@: $(BINARY_PREREQS) $(WINBIND_WINS_NSS_OBJ) @LIBTALLOC_TARGET@ @LIBTDB_TARGET@ @echo Linking $@ @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_WINS_NSS_OBJ) \ - $(LDAP_LIBS) $(KRB5LIBS) $(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \ + $(LDAP_LIBS) $(KRB5LIBS) $(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) $(ZLIB_LIBS) \ @sonamef...@`basename $...@`@NSSSONAMEVERSIONSUFFIX@ bin/winbind_krb5_locat...@shlibext@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) @LIBWBCLIENT_TARGET@ -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-276-g58daaa3
The branch, master has been updated via 58daaa3d1e7075b23c8709889be9b461c6c6c174 (commit) from 7fd42d51c8b13d273b55823ee146967afacd7c88 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 58daaa3d1e7075b23c8709889be9b461c6c6c174 Author: Jeremy Allison j...@samba.org Date: Wed Jul 8 12:28:01 2009 -0700 When faking a create time, use the full timespec values, not time_t. Jeremy. --- Summary of changes: source3/lib/system.c | 124 + 1 files changed, 63 insertions(+), 61 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/system.c b/source3/lib/system.c index 9bd231a..47bb525 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -291,67 +291,6 @@ int sys_fcntl_long(int fd, int cmd, long arg) } / - Return the best approximation to a 'create time' under UNIX from a stat - structure. -/ - -static time_t calc_create_time(const struct stat *st) -{ - time_t ret, ret1; - - ret = MIN(st-st_ctime, st-st_mtime); - ret1 = MIN(ret, st-st_atime); - - if(ret1 != (time_t)0) { - return ret1; - } - - /* -* One of ctime, mtime or atime was zero (probably atime). -* Just return MIN(ctime, mtime). -*/ - return ret; -} - -/ - Return the 'create time' from a stat struct if it exists (birthtime) or else - use the best approximation. -/ - -static struct timespec get_create_timespec(const struct stat *pst) -{ - struct timespec ret; - - if (S_ISDIR(pst-st_mode) lp_fake_dir_create_times()) { - ret.tv_sec = 315493200L; /* 1/1/1980 */ - ret.tv_nsec = 0; - return ret; - } - -#if defined(HAVE_STRUCT_STAT_ST_BIRTHTIMESPEC_TV_NSEC) - ret = pst-st_birthtimespec; -#elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIMENSEC) - ret.tv_sec = pst-st_birthtime; - ret.tv_nsec = pst-st_birthtimenspec; -#elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIME) - ret.tv_sec = pst-st_birthtime; - ret.tv_nsec = 0; -#else - ret.tv_sec = calc_create_time(pst); - ret.tv_nsec = 0; -#endif - - /* Deal with systems that don't initialize birthtime correctly. -* Pointed out by SATOH Fumiyasu fumi...@osstech.jp. -*/ - if (null_timespec(ret)) { - ret.tv_sec = calc_create_time(pst); - ret.tv_nsec = 0; - } - return ret; -} - -/ Get/Set all the possible time fields from a stat struct as a timespec. / @@ -460,6 +399,69 @@ static struct timespec get_ctimespec(const struct stat *pst) #endif } +/ + Return the best approximation to a 'create time' under UNIX from a stat + structure. +/ + +static struct timespec calc_create_time(const struct stat *st) +{ + struct timespec ret, ret1; + struct timespec c_time = get_ctimespec(st); + struct timespec m_time = get_mtimespec(st); + struct timespec a_time = get_atimespec(st); + + ret = timespec_compare(c_time, m_time) 0 ? c_time : m_time; + ret1 = timespec_compare(ret, a_time) 0 ? ret : a_time; + + if(!null_timespec(ret1)) { + return ret1; + } + + /* +* One of ctime, mtime or atime was zero (probably atime). +* Just return MIN(ctime, mtime). +*/ + return ret; +} + +/ + Return the 'create time' from a stat struct if it exists (birthtime) or else + use the best approximation. +/ + +static struct timespec get_create_timespec(const struct stat *pst) +{ + struct timespec ret; + + if (S_ISDIR(pst-st_mode) lp_fake_dir_create_times()) { + ret.tv_sec = 315493200L; /* 1/1/1980 */ + ret.tv_nsec = 0; + return ret; + } + +#if defined(HAVE_STRUCT_STAT_ST_BIRTHTIMESPEC_TV_NSEC) + ret = pst-st_birthtimespec; +#elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIMENSEC) + ret.tv_sec = pst-st_birthtime; + ret.tv_nsec = pst-st_birthtimenspec; +#elif defined(HAVE_STRUCT_STAT_ST_BIRTHTIME) + ret.tv_sec =
Build status as of Thu Jul 9 00:00:02 2009
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2009-07-08 00:00:28.0 + +++ /home/build/master/cache/broken_results.txt 2009-07-09 00:00:31.0 + @@ -1,12 +1,12 @@ -Build status as of Wed Jul 8 00:00:02 2009 +Build status as of Thu Jul 9 00:00:02 2009 Build counts: Tree Total Broken Panic build_farm 0 0 0 -ccache 24 3 0 +ccache 25 3 0 distcc 0 0 0 ldb 25 25 0 -libreplace 24 11 0 +libreplace 23 11 0 lorikeet 0 0 0 pidl 20 2 0 ppp 10 0 0 @@ -14,9 +14,9 @@ samba-docs 0 0 0 samba-web0 0 0 samba_3_current 23 13 0 -samba_3_master 24 19 3 +samba_3_master 24 19 2 samba_3_next 24 22 1 -samba_4_0_test 23 22 10 +samba_4_0_test 23 22 11 talloc 25 25 0 tdb 23 23 0
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-277-gc9c3d43
The branch, master has been updated via c9c3d4312d7281904fc4a1cc9abd4831cdf4bfb9 (commit) from 58daaa3d1e7075b23c8709889be9b461c6c6c174 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c9c3d4312d7281904fc4a1cc9abd4831cdf4bfb9 Author: Jeremy Allison j...@samba.org Date: Wed Jul 8 17:51:35 2009 -0700 The migration to struct stat_ex broke the calculation of create time from the existing timestamps (for systems that need to do this). Once the write time is changed via a sticky write, the create time might need to be recalculated. To do this I needed to add a bool into struct stat_ex to remember if the st_ex_btime field was calculated, or read from the OS. Also fixed the returning of modified write timestamps in the return from NTCreateX, SMBattr and SMBattrE (which weren't taking into account the modified timestamp stored in the open file table). Attempting to fix an issue with Excel 2003 and offline files. Volker and Metze, please review. Jeremy --- Summary of changes: source3/include/includes.h |2 + source3/include/proto.h|1 + source3/lib/system.c | 72 +++ source3/smbd/nttrans.c | 18 +++ source3/smbd/reply.c | 28 + source3/smbd/trans2.c | 21 +++-- 6 files changed, 118 insertions(+), 24 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/includes.h b/source3/include/includes.h index 2b36d18..8fb240f 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -460,6 +460,8 @@ struct stat_ex { struct timespec st_ex_mtime; struct timespec st_ex_ctime; struct timespec st_ex_btime; /* birthtime */ + /* Is birthtime real, or was it calculated ? */ + boolst_ex_calculated_birthtime; blksize_t st_ex_blksize; blkcnt_tst_ex_blocks; diff --git a/source3/include/proto.h b/source3/include/proto.h index 0315f30..25a104d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -911,6 +911,7 @@ ssize_t sys_recv(int fd, void *buf, size_t count, int flags); ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen); int sys_fcntl_ptr(int fd, int cmd, void *arg); int sys_fcntl_long(int fd, int cmd, long arg); +void update_stat_ex_writetime(struct stat_ex *dst, struct timespec write_ts); int sys_stat(const char *fname,SMB_STRUCT_STAT *sbuf); int sys_fstat(int fd,SMB_STRUCT_STAT *sbuf); int sys_lstat(const char *fname,SMB_STRUCT_STAT *sbuf); diff --git a/source3/lib/system.c b/source3/lib/system.c index 47bb525..b808a36 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -404,7 +404,7 @@ static struct timespec get_ctimespec(const struct stat *pst) structure. / -static struct timespec calc_create_time(const struct stat *st) +static struct timespec calc_create_time_stat(const struct stat *st) { struct timespec ret, ret1; struct timespec c_time = get_ctimespec(st); @@ -426,41 +426,85 @@ static struct timespec calc_create_time(const struct stat *st) } / + Return the best approximation to a 'create time' under UNIX from a stat_ex + structure. +/ + +static struct timespec calc_create_time_stat_ex(const struct stat_ex *st) +{ + struct timespec ret, ret1; + struct timespec c_time = st-st_ex_ctime; + struct timespec m_time = st-st_ex_mtime; + struct timespec a_time = st-st_ex_atime; + + ret = timespec_compare(c_time, m_time) 0 ? c_time : m_time; + ret1 = timespec_compare(ret, a_time) 0 ? ret : a_time; + + if(!null_timespec(ret1)) { + return ret1; + } + + /* +* One of ctime, mtime or atime was zero (probably atime). +* Just return MIN(ctime, mtime). +*/ + return ret; +} + +/ Return the 'create time' from a stat struct if it exists (birthtime) or else use the best approximation. / -static struct timespec get_create_timespec(const struct stat *pst) +static void get_create_timespec(const struct stat *pst, struct stat_ex *dst) { struct timespec ret; if (S_ISDIR(pst-st_mode) lp_fake_dir_create_times()) { - ret.tv_sec = 315493200L; /* 1/1/1980 */ - ret.tv_nsec = 0; - return ret; + dst-st_ex_btime.tv_sec
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-278-g400c18a
The branch, master has been updated via 400c18a8c4098b4ba86d32a236e5d89014774f3f (commit) from c9c3d4312d7281904fc4a1cc9abd4831cdf4bfb9 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 400c18a8c4098b4ba86d32a236e5d89014774f3f Author: Jeremy Allison j...@samba.org Date: Wed Jul 8 18:05:30 2009 -0700 Rename update_stat_ex_writetime() - update_stat_ex_mtime() to better describe what we're doing here. Jeremy --- Summary of changes: source3/include/proto.h |2 +- source3/lib/system.c|4 ++-- source3/smbd/nttrans.c |4 ++-- source3/smbd/reply.c|4 ++-- source3/smbd/trans2.c |4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index 25a104d..f835da2 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -911,7 +911,7 @@ ssize_t sys_recv(int fd, void *buf, size_t count, int flags); ssize_t sys_recvfrom(int s, void *buf, size_t len, int flags, struct sockaddr *from, socklen_t *fromlen); int sys_fcntl_ptr(int fd, int cmd, void *arg); int sys_fcntl_long(int fd, int cmd, long arg); -void update_stat_ex_writetime(struct stat_ex *dst, struct timespec write_ts); +void update_stat_ex_mtime(struct stat_ex *dst, struct timespec write_ts); int sys_stat(const char *fname,SMB_STRUCT_STAT *sbuf); int sys_fstat(int fd,SMB_STRUCT_STAT *sbuf); int sys_lstat(const char *fname,SMB_STRUCT_STAT *sbuf); diff --git a/source3/lib/system.c b/source3/lib/system.c index b808a36..ffc236e 100644 --- a/source3/lib/system.c +++ b/source3/lib/system.c @@ -492,10 +492,10 @@ static void get_create_timespec(const struct stat *pst, struct stat_ex *dst) / If we update a timestamp in a stat_ex struct we may have to recalculate the birthtime. For now only implement this for write time, but we may - also need to do it for mtime and ctime. JRA. + also need to do it for atime and ctime. JRA. / -void update_stat_ex_writetime(struct stat_ex *dst, +void update_stat_ex_mtime(struct stat_ex *dst, struct timespec write_ts) { dst-st_ex_mtime = write_ts; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 4f75b9f..5d67647 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -657,7 +657,7 @@ void reply_ntcreate_and_X(struct smb_request *req) ZERO_STRUCT(write_time_ts); get_file_infos(fsp-file_id, NULL, write_time_ts); if (!null_timespec(write_time_ts)) { - update_stat_ex_writetime(smb_fname-st, write_time_ts); + update_stat_ex_mtime(smb_fname-st, write_time_ts); } /* Create time. */ @@ -1148,7 +1148,7 @@ static void call_nt_transact_create(connection_struct *conn, ZERO_STRUCT(write_time_ts); get_file_infos(fsp-file_id, NULL, write_time_ts); if (!null_timespec(write_time_ts)) { - update_stat_ex_writetime(smb_fname-st, write_time_ts); + update_stat_ex_mtime(smb_fname-st, write_time_ts); } /* Create time. */ diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index e02482e..0afaf56 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -1121,7 +1121,7 @@ void reply_getatr(struct smb_request *req) fileid = vfs_file_id_from_sbuf(conn, smb_fname-st); get_file_infos(fileid, NULL, write_time_ts); if (!null_timespec(write_time_ts)) { - update_stat_ex_writetime(smb_fname-st, write_time_ts); + update_stat_ex_mtime(smb_fname-st, write_time_ts); } } @@ -1803,7 +1803,7 @@ void reply_open(struct smb_request *req) ZERO_STRUCT(write_time_ts); get_file_infos(fsp-file_id, NULL, write_time_ts); if (!null_timespec(write_time_ts)) { - update_stat_ex_writetime(smb_fname-st, write_time_ts); + update_stat_ex_mtime(smb_fname-st, write_time_ts); } } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index cb4f10f..0dd2ca2 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1463,7 +1463,7 @@ static bool get_lanman2_dir_entry(TALLOC_CTX *ctx, fileid = vfs_file_id_from_sbuf(conn, sbuf); get_file_infos(fileid, NULL, write_time_ts); if (!null_timespec(write_time_ts)) { - update_stat_ex_writetime(sbuf, write_time_ts); +
[SCM] CTDB repository - branch master updated - ctdb-1.0.86-59-g99f239f
The branch, master has been updated via 99f239f8b96c8c0a06ac8ca8b8083be96265865a (commit) via d6ddea4167ccdad05e88378ee3f22b6125969562 (commit) via 501a2747d839ca291b70c761098549cf6d47a158 (commit) via 54b4a02053a0f98f8c424e7f658890254023d39a (commit) via 866aa995dc029db6e510060e9e95a8ca149094ac (commit) via 049271c83a09afb8d6c3e5212cf9ca782956b0c6 (commit) via d47dab1026deba0554f21282a59bd172209ea066 (commit) from 2ff6ee042080ba1c2bea76bbef3742997d84c9a8 (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit 99f239f8b96c8c0a06ac8ca8b8083be96265865a Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Jul 9 14:19:32 2009 +1000 recovery daemon needs to monitor when the local ctdb daemon is stopped and ensure that the databases gets frozen and the node enters recovery mode commit d6ddea4167ccdad05e88378ee3f22b6125969562 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Jul 9 13:07:15 2009 +1000 document the new commands ctdb stop/continue commit 501a2747d839ca291b70c761098549cf6d47a158 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Jul 9 13:20:14 2009 +1000 dont let other nodes modify the STOPPED flag for the local process when pushing out flags changes commit 54b4a02053a0f98f8c424e7f658890254023d39a Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Jul 9 12:22:46 2009 +1000 add two new controls, CTOP_NODE and CONTINUE_NODE that are used to stop/continue a node instead of using modflags messages commit 866aa995dc029db6e510060e9e95a8ca149094ac Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Jul 9 11:57:20 2009 +1000 make it possible to start the daemon in STOPPED mode commit 049271c83a09afb8d6c3e5212cf9ca782956b0c6 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Jul 9 11:43:37 2009 +1000 remove the header printed for the machinereadable output for natgwlist commit d47dab1026deba0554f21282a59bd172209ea066 Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Jul 9 11:38:18 2009 +1000 Add a new node flag : STOPPED This node flag means the node is DISABLED and that all its public ip addresses are failed over, but also that it has been removed from the VNNmap. A STOPPED node should be in recovery mode active untill restarted using the continue command. Adding two new commands ctdb stop ctdb continue --- Summary of changes: client/ctdb_client.c | 34 +++ config/ctdb.init |1 + doc/ctdb.1 | 38 +++- doc/ctdb.1.html| 150 ++- doc/ctdb.1.xml | 67 +++--- doc/ctdbd.1| 23 ++-- doc/ctdbd.1.html | 89 + doc/ctdbd.1.xml| 31 +- include/ctdb.h |2 + include/ctdb_private.h | 11 +++- server/ctdb_control.c |8 +++ server/ctdb_monitor.c | 10 +++ server/ctdb_recover.c | 16 + server/ctdb_recoverd.c | 28 + server/ctdb_server.c |5 ++ server/ctdbd.c |3 + tcp/tcp_connect.c |5 ++ tools/ctdb.c | 83 -- 18 files changed, 449 insertions(+), 155 deletions(-) Changeset truncated at 500 lines: diff --git a/client/ctdb_client.c b/client/ctdb_client.c index 2c86b3e..4ea8d04 100644 --- a/client/ctdb_client.c +++ b/client/ctdb_client.c @@ -3707,3 +3707,37 @@ int ctdb_ctrl_setreclock(struct ctdb_context *ctdb, struct timeval timeout, uint return 0; } + +/* + stop a node + */ +int ctdb_ctrl_stop_node(struct ctdb_context *ctdb, struct timeval timeout, uint32_t destnode) +{ + int ret; + + ret = ctdb_control(ctdb, destnode, 0, CTDB_CONTROL_STOP_NODE, 0, tdb_null, + ctdb, NULL, NULL, timeout, NULL); + if (ret != 0) { + DEBUG(DEBUG_ERR,(Failed to stop node\n)); + return -1; + } + + return 0; +} + +/* + continue a node + */ +int ctdb_ctrl_continue_node(struct ctdb_context *ctdb, struct timeval timeout, uint32_t destnode) +{ + int ret; + + ret = ctdb_control(ctdb, destnode, 0, CTDB_CONTROL_CONTINUE_NODE, 0, tdb_null, + ctdb, NULL, NULL, timeout, NULL); + if (ret != 0) { + DEBUG(DEBUG_ERR,(Failed to continue node\n)); + return -1; + } + + return 0; +} diff --git a/config/ctdb.init b/config/ctdb.init index 95e8ccc..d69b01c 100755 --- a/config/ctdb.init +++ b/config/ctdb.init @@ -102,6 +102,7 @@ build_ctdb_options () { maybe_set -d $CTDB_DEBUGLEVEL maybe_set --notification-script$CTDB_NOTIFY_SCRIPT maybe_set --start-as-disabled
[SCM] CTDB repository - branch master updated - ctdb-1.0.86-61-gb75ac11
The branch, master has been updated via b75ac1185481060ab71bd743e1e48d333d716eba (commit) via 1e007c833098b03dd81797c081da1ae1b10c971c (commit) from 99f239f8b96c8c0a06ac8ca8b8083be96265865a (commit) http://gitweb.samba.org/?p=sahlberg/ctdb.git;a=shortlog;h=master - Log - commit b75ac1185481060ab71bd743e1e48d333d716eba Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Jul 9 14:44:03 2009 +1000 stopped nodes can not win a recmaster election stopped nodes must yield the recmaster role commit 1e007c833098b03dd81797c081da1ae1b10c971c Author: Ronnie Sahlberg ronniesahlb...@gmail.com Date: Thu Jul 9 14:34:12 2009 +1000 change the infolevel when logging stop/continue commands --- Summary of changes: server/ctdb_recover.c |4 ++-- server/ctdb_recoverd.c | 19 ++- 2 files changed, 20 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/server/ctdb_recover.c b/server/ctdb_recover.c index 97602b9..b9a507b 100644 --- a/server/ctdb_recover.c +++ b/server/ctdb_recover.c @@ -1158,7 +1158,7 @@ int32_t ctdb_control_set_recmaster(struct ctdb_context *ctdb, uint32_t opcode, T int32_t ctdb_control_stop_node(struct ctdb_context *ctdb) { - DEBUG(DEBUG_ERR,(__location__ Stopping node\n)); + DEBUG(DEBUG_INFO,(__location__ Stopping node\n)); ctdb-nodes[ctdb-pnn]-flags |= NODE_FLAGS_STOPPED; return 0; @@ -1166,7 +1166,7 @@ int32_t ctdb_control_stop_node(struct ctdb_context *ctdb) int32_t ctdb_control_continue_node(struct ctdb_context *ctdb) { - DEBUG(DEBUG_ERR,(__location__ Continue node\n)); + DEBUG(DEBUG_INFO,(__location__ Continue node\n)); ctdb-nodes[ctdb-pnn]-flags = ~NODE_FLAGS_STOPPED; return 0; diff --git a/server/ctdb_recoverd.c b/server/ctdb_recoverd.c index 8f6106f..d601ca6 100644 --- a/server/ctdb_recoverd.c +++ b/server/ctdb_recoverd.c @@ -1660,11 +1660,21 @@ static bool ctdb_election_win(struct ctdb_recoverd *rec, struct election_message return false; } + /* we cant win if we are stopped */ + if (rec-node_flags NODE_FLAGS_STOPPED) { + return false; + } + /* we will automatically win if the other node is banned */ if (em-node_flags NODE_FLAGS_BANNED) { return true; } + /* we will automatically win if the other node is banned */ + if (em-node_flags NODE_FLAGS_STOPPED) { + return true; + } + /* try to use the most connected node */ if (cmp == 0) { cmp = (int)myem.num_connected - (int)em-num_connected; @@ -2831,7 +2841,14 @@ again: goto again; } } - + /* If the local node is stopped, verify we are not the recmaster + and yield this role if so + */ + if ((nodemap-nodes[pnn].flags NODE_FLAGS_STOPPED) (rec-recmaster == pnn)) { + DEBUG(DEBUG_ERR,(Local node is STOPPED. Yielding recmaster role\n)); + force_election(rec, pnn, nodemap); + goto again; + } /* check that we (recovery daemon) and the local ctdb daemon agrees on whether we are banned or not -- CTDB repository
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-286-gfbaa849
The branch, master has been updated via fbaa8497a5c8c209de9ca86bebf8387e6d33a608 (commit) via 02aad05e0ed3e1d4790b323a94e43184f9c4e643 (commit) via dcc97c5ad7d274e88ee2be2bbd37234030737bc2 (commit) via 3a7d372e2eb5ab00986aafe69ac715a68faa077f (commit) via 83e5ac569577566fa171b8f4288e26e5129015ab (commit) via 161e182b65ceda833e0bebc48ef404cdd399f8d7 (commit) via 1a1d10d22f7a2eebd22e76614c3c74b4d49e5c33 (commit) via 69c8795b672054cb6b5a85cc5f8961099425bd7a (commit) from 400c18a8c4098b4ba86d32a236e5d89014774f3f (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fbaa8497a5c8c209de9ca86bebf8387e6d33a608 Author: Tim Prouty tpro...@samba.org Date: Wed Jul 8 20:15:02 2009 -0700 s3: Repace a char * with an smb_filename struct in reply_rmdir commit 02aad05e0ed3e1d4790b323a94e43184f9c4e643 Author: Tim Prouty tpro...@samba.org Date: Wed Jul 8 16:53:01 2009 -0700 s3: Prepare open.c to switch fsp_name to an smb_filename struct commit dcc97c5ad7d274e88ee2be2bbd37234030737bc2 Author: Tim Prouty tpro...@samba.org Date: Wed Jul 8 17:53:05 2009 -0700 s3 plumb smb_filename through smb_set_file_allocation_info() commit 3a7d372e2eb5ab00986aafe69ac715a68faa077f Author: Tim Prouty tpro...@samba.org Date: Wed Jul 8 16:22:44 2009 -0700 s3: Change the share_mode_lock struct to store a base_name and stream_name commit 83e5ac569577566fa171b8f4288e26e5129015ab Author: Tim Prouty tpro...@samba.org Date: Wed Jul 8 14:27:06 2009 -0700 s3: Make some arguments to (parse|unparse)_share_modes() const commit 161e182b65ceda833e0bebc48ef404cdd399f8d7 Author: Tim Prouty tpro...@samba.org Date: Wed Jul 8 14:08:04 2009 -0700 s3: Remove is_ntfs_stream_name() and split_ntfs_stream_name() Actually I moved split_ntfs_stream_name into torture.c which is the one consumer of it. This could probably be changed at some point. commit 1a1d10d22f7a2eebd22e76614c3c74b4d49e5c33 Author: Tim Prouty tpro...@samba.org Date: Wed Jul 8 12:24:03 2009 -0700 s3: Plumb smb_filename through dos_mode() and related funtions commit 69c8795b672054cb6b5a85cc5f8961099425bd7a Author: Tim Prouty tpro...@samba.org Date: Tue Jul 7 19:20:22 2009 -0700 s3: convert unix_mode to take an smb_filename --- Summary of changes: source3/include/proto.h | 28 ++-- source3/include/smb.h |3 +- source3/lib/util.c | 90 --- source3/locking/locking.c | 97 source3/modules/nfs4_acls.c | 12 ++- source3/modules/onefs_acl.c | 15 ++- source3/modules/onefs_open.c| 58 source3/modules/onefs_streams.c | 48 -- source3/modules/vfs_streams_xattr.c | 21 ++- source3/smbd/dir.c | 48 +++--- source3/smbd/dosmode.c | 217 +++ source3/smbd/fileio.c | 34 ++--- source3/smbd/nttrans.c | 67 + source3/smbd/open.c | 124 +--- source3/smbd/posix_acls.c | 281 ++- source3/smbd/reply.c| 93 +++- source3/smbd/smb2_create.c | 13 ++- source3/smbd/trans2.c | 158 ++-- source3/torture/torture.c | 90 +++ source3/utils/status.c | 18 ++- 20 files changed, 807 insertions(+), 708 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/include/proto.h b/source3/include/proto.h index f835da2..f887b4e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1202,8 +1202,6 @@ void *_talloc_memdup_zeronull(const void *t, const void *p, size_t size, const c void *_talloc_array_zeronull(const void *ctx, size_t el_size, unsigned count, const char *name); void *_talloc_zero_array_zeronull(const void *ctx, size_t el_size, unsigned count, const char *name); void *talloc_zeronull(const void *context, size_t size, const char *name); -NTSTATUS split_ntfs_stream_name(TALLOC_CTX *mem_ctx, const char *fname, - char **pbase, char **pstream); bool is_valid_policy_hnd(const struct policy_handle *hnd); bool policy_hnd_equal(const struct policy_handle *hnd1, const struct policy_handle *hnd2); @@ -3445,16 +3443,14 @@ char *share_mode_str(TALLOC_CTX *ctx, int num, const struct share_mode_entry *e) struct share_mode_lock *get_share_mode_lock(TALLOC_CTX *mem_ctx, const struct file_id id, const char *servicepath, - const char *fname, + const struct smb_filename *smb_fname,
[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-288-g2481ce8
The branch, master has been updated via 2481ce89427ef38b47fb29d16c15b77e9d2c20b9 (commit) via 2c873c43534d61cd411b5c8d56425fd9c2ddd128 (commit) from fbaa8497a5c8c209de9ca86bebf8387e6d33a608 (commit) http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2481ce89427ef38b47fb29d16c15b77e9d2c20b9 Author: Andrew Bartlett abart...@samba.org Date: Thu Jul 9 14:53:26 2009 +1000 s4:dsdb Allow unicodePwd to be set when adding a user Windows 7 sets it's join password using the unicodePwd attribute (as a quoted, utf16 string), and does so during the LDAPAdd of the object. Previously, this code only handled unicodePwd for modifies. Andrew Bartlett commit 2c873c43534d61cd411b5c8d56425fd9c2ddd128 Author: Andrew Bartlett abart...@samba.org Date: Thu Jul 9 10:08:02 2009 +1000 Add const --- Summary of changes: source4/dsdb/common/util.c |4 +- source4/dsdb/samdb/ldb_modules/password_hash.c | 169 2 files changed, 86 insertions(+), 87 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 313005b..cbae2ec 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -529,7 +529,7 @@ NTTIME samdb_result_force_password_change(struct ldb_context *sam_ldb, /* pull a samr_Password structutre from a result set. */ -struct samr_Password *samdb_result_hash(TALLOC_CTX *mem_ctx, struct ldb_message *msg, const char *attr) +struct samr_Password *samdb_result_hash(TALLOC_CTX *mem_ctx, const struct ldb_message *msg, const char *attr) { struct samr_Password *hash = NULL; const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr); @@ -543,7 +543,7 @@ struct samr_Password *samdb_result_hash(TALLOC_CTX *mem_ctx, struct ldb_message /* pull an array of samr_Password structutres from a result set. */ -uint_t samdb_result_hashes(TALLOC_CTX *mem_ctx, struct ldb_message *msg, +uint_t samdb_result_hashes(TALLOC_CTX *mem_ctx, const struct ldb_message *msg, const char *attr, struct samr_Password **hashes) { uint_t count = 0; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 5a9926b..44b7ef9 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1432,6 +1432,67 @@ static int setup_password_fields(struct setup_password_fields_io *io) return LDB_SUCCESS; } +static int setup_io(struct ph_context *ac, + const struct ldb_message *new_msg, + const struct ldb_message *searched_msg, + struct setup_password_fields_io *io) +{ + const struct ldb_val *quoted_utf16; + struct ldb_context *ldb = ldb_module_get_ctx(ac-module); + + ZERO_STRUCTP(io); + + /* Some operations below require kerberos contexts */ + if (smb_krb5_init_context(ac, + ldb_get_event_context(ldb), + (struct loadparm_context *)ldb_get_opaque(ldb, loadparm), + io-smb_krb5_context) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + + io-ac = ac; + io-domain = ac-domain; + + io-u.user_account_control = samdb_result_uint(searched_msg, userAccountControl, 0); + io-u.sAMAccountName= samdb_result_string(searched_msg, samAccountName, NULL); + io-u.user_principal_name = samdb_result_string(searched_msg, userPrincipalName, NULL); + io-u.is_computer = ldb_msg_check_string_attribute(searched_msg, objectClass, computer); + + io-n.cleartext_utf8= ldb_msg_find_ldb_val(new_msg, userPassword); + io-n.cleartext_utf16 = ldb_msg_find_ldb_val(new_msg, clearTextPassword); + + /* this rather strange looking piece of code is there to + handle a ldap client setting a password remotely using the + unicodePwd ldap field. The syntax is that the password is + in UTF-16LE, with a at either end. Unfortunately the + unicodePwd field is also used to store the nt hashes + internally in Samba, and is used in the nt hash format on + the wire in DRS replication, so we have a single name for + two distinct values. The code below leaves us with a small + chance (less than 1 in 2^32) of a mixup, if someone manages + to create a MD4 hash which starts and ends in 0x22 0x00, as + that would then be treated as a UTF16 password rather than + a nthash */ + quoted_utf16= ldb_msg_find_ldb_val(new_msg,